On Wed, 2015-07-01 at 10:06 +0100, Daniel P. Berrange wrote: > I don't really think it is sensible to be defining & implementing new > network services which can't support strong encryption and authentication. > Rather than passing the file descriptor to the kernel and having it do > the I/O directly, I think it would be better to dissassociate the kernel > from the network transport, and thus leave all sockets layer data I/O > to userspace daemons so they can layer in TLS or SASL or whatever else > is appropriate for the security need. Hi, this hits a fundamental limit. Block IO must be done entirely in kernel space or the system will deadlock. The USB stack is part of the block layer and the SCSI error handling. Thus if you involve user space you cannot honor memory allocation with GFP_NOFS and you break all APIs where we pass GFP_NOIO in the USB stack. Supposed you need to reset a storage device for error handling. Your user space programm does a syscall, which allocates memory and needs to launder pages. It proceeds to write to the storage device you wish to reset. It is the same problem FUSE has with writable mmap. You cannot do block devices in user space sanely. Sorry Oliver _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel