Received: by 10.213.65.68 with SMTP id h4csp673748imn; Fri, 6 Apr 2018 07:07:20 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+Ju2PzJRtmHIRi38mmG5h+Mwl9AyQ3/YJUulpYd5v3VrMw1O8IReSDwpYYCQDg22JB6EUq X-Received: by 10.101.75.202 with SMTP id p10mr17991167pgr.339.1523023640477; Fri, 06 Apr 2018 07:07:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523023640; cv=none; d=google.com; s=arc-20160816; b=S0hw83dkHyoBurk2FFk4jc6qRyanPnwZ6C7ykf5jHJC2BIavojWcCklg3G2BG+GG07 qr4bEGiL23IdbXWn75+/3gT+0OD/ClSsAnzLZpLetCTooVOmfNNRjq1Amo7UJc3Awq0R h4zGcYGwZKHBbRJwuVP619gl1JJPmWysCxBxrYVm3/R5bwIV7yv/g/qDLGj+HDUP9slW tJTKYotYYkE0ctESUXIv4wAhTALgEGVY+tZoyxtpLVJ+Os3JQqA098O0MtJOD+EfNUXh 7AY1qE3jXyfLHEwqevT/nIJvkFpA4z00IKhyzrbDpuCj5srwGAL/Fd4dUV3SLbhPVSK+ IaNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=Y20ux5n76ENkW1pQxKegCFgCfFawC7Q7uPcMtyO2LkE=; b=jK2lPWZm/XmUVW6iE6z7ESRHV2VO5VY/7GHVJF5hMMce7K+BsqC1sU0AfonVO6jdrc +hiu1CF5LmYem6fk2XyxqbzZ4V6l9sussNxiq0zFakvqCrVPVft/XHlGHQqDwY1SS/UA 7tgKwoSpf+Mocn/XjsRw/1KBEWfMVqd78sliD25LeJCO3pUABL6ulQ/f0+2XhKHylbBc qTvC/7zNUxiYBKBPpDP/lH1rYpr/o3BGph8e3ASFtMkcrz0vd3EMvZFVBjjC4CnIhK4T kZc0cQqtizxjRaQLfNKU6vsiem/YeT+/XXVX2t2O9Yzg28cBFm+8VrDtmqVz6IXp3UlM 8dyQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1-v6si11048686pld.168.2018.04.06.07.07.06; Fri, 06 Apr 2018 07:07:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756478AbeDFOGD (ORCPT + 99 others); Fri, 6 Apr 2018 10:06:03 -0400 Received: from www.llwyncelyn.cymru ([82.70.14.225]:56084 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753084AbeDFOGC (ORCPT ); Fri, 6 Apr 2018 10:06:02 -0400 Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226]) by fuzix.org (8.15.2/8.15.2) with ESMTP id w36E5rFH009182; Fri, 6 Apr 2018 15:05:53 +0100 Date: Fri, 6 Apr 2018 13:01:46 +0100 From: Alan Cox To: Simon Que Cc: linux-kernel@vger.kernel.org, frankhu@chromium.org, John Joseph , Rob Springer Subject: Re: Looking for way to program external MMU from userspace (or viable alternative) Message-ID: <20180406130146.5a9c7ff3@alans-desktop> In-Reply-To: References: Organization: Intel Corporation X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > The current kernel driver code looks up the physical address of a page of > user-allocated memory by traversing the page table, and then writing the > physical address to the external MMU. If we were to move the driver to > userspace, this procedure would require exposing the physical address to > user space, which insecure and thus a no-go. > > What possibilities are there for programming the MMU from a userspace > driver? If you want to be secure none. That's not to say you can't keep most of the code in user space but you'll need the DMA and MMU manager to be kernel side because you have to trust it. Even if you use something like VT-D, you've then got to program the IOMMU and that has to be done in kernel for the same obvious reasons. Look at VFIO.. maybe that helps. Alan