# SPDX-License-Identifier: GPL-2.0-only
menuconfig VFIO
	tristate "VFIO Non-Privileged userspace driver framework"
	select IOMMU_API
	depends on IOMMUFD || !IOMMUFD
	select INTERVAL_TREE
	select VFIO_CONTAINER if IOMMUFD=n
	help
	  VFIO provides a framework for secure userspace device drivers.
	  See Documentation/driver-api/vfio.rst for more details.

	  If you don't know what to do here, say N.

if VFIO
config VFIO_CONTAINER
	bool "Support for the VFIO container /dev/vfio/vfio"
	select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64)
	default y
	help
	  The VFIO container is the classic interface to VFIO for establishing
	  IOMMU mappings. If N is selected here then IOMMUFD must be used to
	  manage the mappings.

	  Unless testing IOMMUFD say Y here.

if VFIO_CONTAINER
config VFIO_IOMMU_TYPE1
	tristate
	default n

config VFIO_IOMMU_SPAPR_TCE
	tristate
	depends on SPAPR_TCE_IOMMU
	default VFIO

config VFIO_NOIOMMU
	bool "VFIO No-IOMMU support"
	help
	  VFIO is built on the ability to isolate devices using the IOMMU.
	  Only with an IOMMU can userspace access to DMA capable devices be
	  considered secure.  VFIO No-IOMMU mode enables IOMMU groups for
	  devices without IOMMU backing for the purpose of re-using the VFIO
	  infrastructure in a non-secure mode.  Use of this mode will result
	  in an unsupportable kernel and will therefore taint the kernel.
	  Device assignment to virtual machines is also not possible with
	  this mode since there is no IOMMU to provide DMA translation.

	  If you don't know what to do here, say N.
endif

config VFIO_VIRQFD
	bool
	select EVENTFD
	default n

source "drivers/vfio/pci/Kconfig"
source "drivers/vfio/platform/Kconfig"
source "drivers/vfio/mdev/Kconfig"
source "drivers/vfio/fsl-mc/Kconfig"
endif

source "virt/lib/Kconfig"