c9a397cee9
Add a small amount of emulation to vfio_compat to accept the SET_IOMMU to VFIO_NOIOMMU_IOMMU and have vfio just ignore iommufd if it is working on a no-iommu enabled device. Move the enable_unsafe_noiommu_mode module out of container.c into vfio_main.c so that it is always available even if VFIO_CONTAINER=n. This passes Alex's mini-test: https://github.com/awilliam/tests/blob/master/vfio-noiommu-pci-device-open.c Link: https://lore.kernel.org/r/0-v3-480cd64a16f7+1ad0-iommufd_noiommu_jgg@nvidia.com Reviewed-by: Kevin Tian <kevin.tian@intel.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
63 lines
1.8 KiB
Plaintext
63 lines
1.8 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
menuconfig VFIO
|
|
tristate "VFIO Non-Privileged userspace driver framework"
|
|
select IOMMU_API
|
|
depends on IOMMUFD || !IOMMUFD
|
|
select INTERVAL_TREE
|
|
select VFIO_CONTAINER if IOMMUFD=n
|
|
help
|
|
VFIO provides a framework for secure userspace device drivers.
|
|
See Documentation/driver-api/vfio.rst for more details.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
if VFIO
|
|
config VFIO_CONTAINER
|
|
bool "Support for the VFIO container /dev/vfio/vfio"
|
|
select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64)
|
|
default y
|
|
help
|
|
The VFIO container is the classic interface to VFIO for establishing
|
|
IOMMU mappings. If N is selected here then IOMMUFD must be used to
|
|
manage the mappings.
|
|
|
|
Unless testing IOMMUFD say Y here.
|
|
|
|
if VFIO_CONTAINER
|
|
config VFIO_IOMMU_TYPE1
|
|
tristate
|
|
default n
|
|
|
|
config VFIO_IOMMU_SPAPR_TCE
|
|
tristate
|
|
depends on SPAPR_TCE_IOMMU
|
|
default VFIO
|
|
endif
|
|
|
|
config VFIO_NOIOMMU
|
|
bool "VFIO No-IOMMU support"
|
|
help
|
|
VFIO is built on the ability to isolate devices using the IOMMU.
|
|
Only with an IOMMU can userspace access to DMA capable devices be
|
|
considered secure. VFIO No-IOMMU mode enables IOMMU groups for
|
|
devices without IOMMU backing for the purpose of re-using the VFIO
|
|
infrastructure in a non-secure mode. Use of this mode will result
|
|
in an unsupportable kernel and will therefore taint the kernel.
|
|
Device assignment to virtual machines is also not possible with
|
|
this mode since there is no IOMMU to provide DMA translation.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config VFIO_VIRQFD
|
|
bool
|
|
select EVENTFD
|
|
default n
|
|
|
|
source "drivers/vfio/pci/Kconfig"
|
|
source "drivers/vfio/platform/Kconfig"
|
|
source "drivers/vfio/mdev/Kconfig"
|
|
source "drivers/vfio/fsl-mc/Kconfig"
|
|
endif
|
|
|
|
source "virt/lib/Kconfig"
|