Good luck ensuring every PCIe device with DMA access is "trusted."
IOMMU defeats DMA attacks.
There is no reason for a GPU or network driver, or anything to have arbitrary physical memory access.
If a GPU needs space for a draw-calls, allocate it in the kernel and explicitly give permission to the GPU to access it.
alt Hacker News
IOMMU defeats DMA attacks.
There is no reason for a GPU or network driver, or anything to have arbitrary physical memory access.
If a GPU needs space for a draw-calls, allocate it in the kernel and explicitly give permission to the GPU to access it.