Preventing unauthorized memory access using a physical address access permissions table

What is claimed is: 1 . A method comprising: receiving, from a first entity, a translation request to translate a virtual address to a physical address, the virtual address being of a virtual memory space owned by a second entity; determining the first entity is authorized to receive the physical address responsive to the translation request; based at least on the determining and responsive to the translation request: recording, in an entry corresponding to the physical address in one or more tables at a host, a permission that enables the first entity to provide the physical address over a host controller interface of the host access to the virtual memory space of the second entity using a direct memory access, wherein a mapping table entry associated with the translation request is accessed to enable verification of the permission using one or more references to the one or more tables stored in the mapping table entry; and transmitting, to the first entity, the physical address translated from the virtual address using at least one translation table accessed from the mapping table entry; receiving, over the host controller interface, the physical address in a request from the first entity for access to the virtual memory space of the second entity using the direct memory access, the request being made using the physical address received by the first entity in response to the translation request; performing the verification that the first entity is authorized to provide the physical address over the host controller interface to access the virtual memory space of the second entity using the direct memory access, the verification including the host accessing the one or more tables using the one or more references stored in the mapping table entry for the permission based at least on associating the mapping table entry with the request; and providing, over the host controller interface and to the first entity, a response to the request based at least on a result of the verifying verification. 2 . The method of claim 1 , wherein the accessing uses a stream identifier included in the request to locate the mapping table entry that corresponds to the stream identifier and the one or more references include one or more pointers to the one or more tables, the one or more pointers stored in the mapping table entry. 3 . The method of claim 2 , wherein the host is configured to point each stream ID corresponding to the first entity to the one or more tables. 4 . The method of claim 1 , wherein the mapping table entry further stores a stage configuration that disables address translation, and the host performs the verification based at least on determining the stage configuration indicates that the address translation is disabled. 5 . The method of claim 1 , wherein the accessing includes: identifying a table from the one or more tables using an entity identifier extracted from the request; and identifying the permission using the physical address extracted from the request. 6 . The method of claim 1 , wherein the entry corresponds to a permissions bitmap for a plurality of physical addresses, and the recording includes compressing the permissions bitmap for the plurality of physical addresses in memory. 7 . The method of claim 1 , wherein responsive to the translation request, the one or more references are stored in the mapping table entry. 8 . The method of claim 1 , wherein the first entity is authorized to receive the physical address responsive to the translation request based at least on the first entity being moved into a trusted execution environment (TEE) of the second entity. 9 . The method of claim 1 , wherein the mapping table entry further stores configuration information that selectively enables and disables the verification. 10 . A system comprising: one or more processing units to execute operations comprising: receiving, from a first entity, a translation request to translate a virtual address to a physical address, the virtual address being of a virtual memory space owned by a second entity; determining the first entity is authorized to receive the physical address responsive to the translation request; based at least on the determining and responsive to the translation request: recording, in an entry corresponding to the physical address in one or more tables at a host, a permission that enables the first entity to provide the physical address over a host controller interface of the host access to the virtual memory space of the second entity using a direct memory access, wherein a mapping table entry associated with the translation request is accessed to enable verification of the permission using one or more references to the one or more tables stored in the mapping table entry; and transmitting, to the first entity, the physical address translated from the virtual address using at least one translation table accessed from the mapping table entry; receiving, over the host controller interface, the physical address in a request from the first entity for access to the virtual memory space of the second entity using the direct memory access; performing the verification that the first entity is authorized to provide the physical address over the host controller interface to access the virtual memory space of the second entity using the direct memory access, the verification including the host accessing the one or more tables using the one or more references stored in the mapping table entry for the permission based at least on associating the mapping table entry with the request; and enabling the direct memory access to the physical address over the host controller interface based at least on the verification. 11 . The system of claim 10 , wherein the permission is stored in a table using one or more permissions bits indexed by one or more physical addresses. 12 . The system of claim 10 , wherein the permission is stored in a transaction mapping table that was used to translate the physical address from a logical address. 13 . The system of claim 10 , further comprising providing the physical address to the first entity based at least on the determining and responsive to the translation request. 14 . The system of claim 10 , wherein the identifying of the permission uses an entity identifier extracted from the request, and the physical address extracted from the request. 15 . The system of claim 10 , wherein the request for access to the virtual memory space of the second entity comprises a direct memory access transfer request. 16 . The system of claim 10 , wherein the system is comprised in at least one of: a control system for an autonomous or semi-autonomous machine; a perception system for an autonomous or semi-autonomous machine; a system for performing simulation operations; a system for performing deep learning operations; a system implemented using an edge device; a system implemented using a robot; a system incorporating one or more virtual machines (VMs); a system implemented at least partially in a data center; a system including a collaborative creation platform for three-dimensional (3D) content; or a system implemented at least partially using cloud computing resources. 17 . A processor comprising: one or more circuits to control access to a virtual memory space of a first entity based at least on a result of a verification performed by a host accessing one or more tables from a mapping table entry for a permission based at least on associating the mapping table entry with a request over a