# SPDX-License-Identifier: GPL-2.0-only
menuconfig VFIO
	tristate "VFIO Non-Privileged userspace driver framework"
	select IOMMU_API
	depends on IOMMUFD || !IOMMUFD
	select INTERVAL_TREE
	select VFIO_GROUP if SPAPR_TCE_IOMMU || IOMMUFD=n
	select VFIO_DEVICE_CDEV if !VFIO_GROUP
	select VFIO_CONTAINER if IOMMUFD=n
	help
	  VFIO provides a framework for secure userspace device drivers.
	  See Documentation/driver-api/vfio.rst for more details.

	  If you don't know what to do here, say N.

if VFIO
config VFIO_DEVICE_CDEV
	bool "Support for the VFIO cdev /dev/vfio/devices/vfioX"
	depends on IOMMUFD && !SPAPR_TCE_IOMMU
	default !VFIO_GROUP
	help
	  The VFIO device cdev is another way for userspace to get device
	  access. Userspace gets device fd by opening device cdev under
	  /dev/vfio/devices/vfioX, and then bind the device fd with an iommufd
	  to set up secure DMA context for device access.  This interface does
	  not support noiommu.

	  If you don't know what to do here, say N.

config VFIO_GROUP
	bool "Support for the VFIO group /dev/vfio/$group_id"
	default y
	help
	   VFIO group support provides the traditional model for accessing
	   devices through VFIO and is used by the majority of userspace
	   applications and drivers making use of VFIO.

	   If you don't know what to do here, say Y.

config VFIO_CONTAINER
	bool "Support for the VFIO container /dev/vfio/vfio"
	select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64)
	depends on VFIO_GROUP
	default y
	help
	  The VFIO container is the classic interface to VFIO for establishing
	  IOMMU mappings. If N is selected here then IOMMUFD must be used to
	  manage the mappings.

	  Unless testing IOMMUFD say Y here.

if VFIO_CONTAINER
config VFIO_IOMMU_TYPE1
	tristate
	default n

config VFIO_IOMMU_SPAPR_TCE
	tristate
	depends on SPAPR_TCE_IOMMU
	default VFIO
endif

config VFIO_NOIOMMU
	bool "VFIO No-IOMMU support"
	depends on VFIO_GROUP
	help
	  VFIO is built on the ability to isolate devices using the IOMMU.
	  Only with an IOMMU can userspace access to DMA capable devices be
	  considered secure.  VFIO No-IOMMU mode enables IOMMU groups for
	  devices without IOMMU backing for the purpose of re-using the VFIO
	  infrastructure in a non-secure mode.  Use of this mode will result
	  in an unsupportable kernel and will therefore taint the kernel.
	  Device assignment to virtual machines is also not possible with
	  this mode since there is no IOMMU to provide DMA translation.

	  If you don't know what to do here, say N.

config VFIO_VIRQFD
	bool
	select EVENTFD
	default n

config VFIO_DEBUGFS
	bool "Export VFIO internals in DebugFS"
	depends on DEBUG_FS
	help
	  Allows exposure of VFIO device internals. This option enables
	  the use of debugfs by VFIO drivers as required. The device can
	  cause the VFIO code create a top-level debug/vfio directory
	  during initialization, and then populate a subdirectory with
	  entries as required.

source "drivers/vfio/pci/Kconfig"
source "drivers/vfio/platform/Kconfig"
source "drivers/vfio/mdev/Kconfig"
source "drivers/vfio/fsl-mc/Kconfig"
source "drivers/vfio/cdx/Kconfig"
endif

source "virt/lib/Kconfig"