Currently, a kernel-mode driver on guests is used to expose the ivshmem device to userspace via the UIO framework.
Using Linux's userspace facilities for directly interfacing with PCI devices (VFIO?), it should be possible to accomplish this without the use of a kernel driver. This would not only reduce attack surface, but decrease the maintenance costs of keeping up with internal kernel APIs.
Critically, a userspace driver must be able to directly map the PCI device's memory without incurring extra overhead on each copy.
Currently, a kernel-mode driver on guests is used to expose the ivshmem device to userspace via the UIO framework.
Using Linux's userspace facilities for directly interfacing with PCI devices (VFIO?), it should be possible to accomplish this without the use of a kernel driver. This would not only reduce attack surface, but decrease the maintenance costs of keeping up with internal kernel APIs.
Critically, a userspace driver must be able to directly map the PCI device's memory without incurring extra overhead on each copy.