[jand]

Devmem TCP sounds a lot like direct memory access. Am i mistaken if i think of it as a security nightmare? Do you have by chance any links to security considerations?

[rcxdude]

DMA is only a problem if transfers can be initiated by an untrusted party. This patch looks to basically just be making it so that transfers which would normally go device->RAM->device with no actual processing of the data transferred instead just go device->device instead (but still initiated by the OS, not the device or the network!). This doesn't affect access control at all, as the trip to RAM doesn't impact that (though it does mean it only works if the machine is not looking at or touching the data at all, which probably means it's only useful in situations where there's no encryption).

[abwizz]

i think it's intended for use in private networks (not the internet) like san's

[egberts1]

I created a user-mapped array TCP-devmem variant for 2.14 in which packets can be written from userland in zerobuf-style.

Security is/was pretty good once an LSM permits the connection creation.