On Thu, 2006-05-25 at 15:53 +0200, Michal Suchanek wrote: > I was somewhat concerned by the driver case. But if the dma buffers > aren't too large they can be paid by the driver, and it would just map > the user data in the buffer and return an empty page.
This is a lot more complicated to do securely than it looks, because the exchanged page must first be zeroed (at which point a copy is just as fast). We looked at this kind of issue in our work on defensible networks stacks. Dealing with DMA across a non-symmetric trust relationship is very subtle, and very hard to get right. And of course, this is the normal case in any high-efficiency driver. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
