On 28.11.2012 01:00, Dave Airlie wrote: > We generally aim for the first, to stop the gpu from reading/writing > any memory it hasn't been granted access to, > the second is nice to have though, but really requires a GPU with VM > to implement properly. I wonder if we should aim at root only access on Tegra20, and force IOMMU on Tegra30 and fix the remaining issues we have with IOMMU. The firewall turns out to be more complicated than I wished. Biggest problem is that we aim at zero-copy for everything possible, including command streams. Kernel gets a handle to a command stream, but the command stream is allocated by the user space process. So the user space can tamper with the stream once it's been written to the host1x 2D channel. Copying with firewall is one option, but that would again kill the performance. One option would be user space unmapping the command buffer when it's sent to kernel, and kernel checking that it's unmapped before it agrees to send the stream to hardware. On Tegra30 with IOMMU turned on things are ok without any checks, because all access would go via MMU, which makes kernel memory inaccessible. Of course, better ideas are welcome. Terje -- To unsubscribe from this list: send the line "unsubscribe linux-tegra" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html