IOMMU—From Wikipedia, the free encyclopedia

源自对“software attacks against Intel VT-d technology”一文的术语解释，之前看到，但是健忘，故摘录之。
Jump to: navigation, search

Comparison of the I/O memory management unit (IOMMU) to the memory management unit (MMU).

In computing, an input/output memory management unit (IOMMU) is a memory management unit (MMU) that connects a DMA-capable I/O bus to the main memory. Like a traditional MMU, which translates CPU-visible virtual addresses to physical addresses, the IOMMU takes care of mapping device-visible virtual addresses (also called device addresses or I/O addresses in this context) to physical addresses. Some units also provide memory protection from misbehaving devices.

An example IOMMU is the Graphics Address Remapping Table (GART) used by AGP and PCI Express graphics cards.

AMD has published a specification for IOMMU technology in the HyperTransport architecture.[1] Intel has published a specification for IOMMU technology as Virtualization Technology for Directed I/O, abbreviated VT-d.[2] Information about the Sun IOMMU has been published in the Device Virtual Memory Access (DVMA) section of the Solaris Developer Connection.[3] The IBM Translation Control Entry (TCE) has been described in a document entitled Logical Partition Security in the IBM eServer pSeries 690.[4] The PCI-SIG has relevant work under the terms I/O Virtualization (IOV)[5] and Address Translation Services (ATS).

I/O virtualization is not performed by the CPU, but instead by the chipset.[6]

Advantages

The advantages of having an IOMMU, compared to direct physical addressing of the memory, include:

Large regions of memory can be allocated without the need to be contiguous in physical memory — the IOMMU will take care of mapping contiguous virtual addresses to the underlying fragmented physical addresses. Thus, the use of vectored I/O (scatter-gather lists) can sometimes be avoided.

For devices that do not support memory addresses long enough to address the entire physical memory, the device can still address the entire memory through the IOMMU. This avoids overhead associated with copying buffers to and from the memory space the peripheral can address.

For example, as of 2010[update] x86 computers can use more than 4 GiB of memory, enabled by the PAE feature in an x86 processor. Still, an ordinary 32-bit PCI device simply cannot address the memory above the 4 GiB boundary, and thus it cannot perform DMA to it. Without an IOMMU, the operating system would have to implement time-consuming bounce buffers (FreeBSD/Linux) also known as double buffers[7] (Windows nomenclature).

Memory protectionfrom malicious or misbehaving devices: a device cannot read or write to memory that hasn't been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU (see figure) exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables.

With virtualization, guest operating systems can use hardware that is not specifically made for virtualization. Higher performance hardware such as graphics cards use DMA to access memory directly; in a virtual environment all the memory addresses are remapped by the virtual machine software, which causes DMA devices to fail. The IOMMU handles this remapping, allowing for the native device drivers to be used in a guest operating system.

In some architectures IOMMU also performs hardware interrupt remapping, in a manner similar to standard memory address remapping.

Peripheral memory paging can be supported by an IOMMU. A peripheral using the PCI-SIG PCIe Address Translation Services (ATS) Page Request Interface (PRI) extension can detect and signal the need for memory manager services.

For system architectures in which port I/O is a distinct address space from the memory address space, an IOMMU is not used when the CPU communicates with devices via I/O ports. In system architectures in which port I/O and memory are mapped into a suitable address space, an IOMMU can translate port I/O accesses.

Disadvantages

The disadvantages of having an IOMMU, compared to direct physical addressing of the memory, include:[8]

Some degradation of performance from translation and management overhead (e.g., page table walks).

Consumption of physical memory for the added I/O page (translation) tables. This can be mitigated if the tables can be shared with the processor.

IOMMU in relation to virtualization

When an operating system is running inside a virtual machine, including systems that use paravirtualization, such as Xen, it does not usually know the host-physical addresses of memory that it accesses. This makes providing direct access to the computer hardware difficult, because if the guest OS tried to instruct the hardware to perform a direct memory access (DMA) using guest-physical addresses, it would likely corrupt the memory, as the hardware does not know about the mapping between the guest-physical and host-physical addresses for the given virtual machine. The corruption is avoided because the hypervisor or host OS intervenes in the I/O operation to apply the translations; unfortunately, this delays the I/O operation.

An IOMMU can solve this problem by re-mapping the addresses accessed by the hardware according to the same (or a compatible) translation table that is used to map guest-physical address to host-physical addresses.[9]

See also

Virtual memory

Memory-mapped I/O

Direct memory access

References

^ "AMD I/O Virtualization Technology (IOMMU) Specification Revision 1.26". http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/34434.pdf. Retrieved 2009-10-08.

^ "Mainstreaming Server Virtualization: The Intel Approach". http://www.intel.com/business/technologies/idc_virtualization_wp.pdf. Retrieved 2006-03-01.

^ "DVMA Resources and IOMMU Translations". http://developers.sun.com/solaris/developer/support/driver/wps/pci/html/DMA.doc.html#289. Retrieved 2007-04-30.

^ "Logical Partition Security in the IBM eServer pSeries 690". http://www-03.ibm.com/servers/eserver/pseries/hardware/whitepapers/lpar_security.html. Retrieved 2007-04-30.

^ "I/O Virtualization specifications". http://www.pcisig.com/specifications/iov/. Retrieved 2007-05-01.

^ Intel platform hardware support for I/O virtualization

^ "Physical Address Extension - PAE Memory and Windows". Microsoft Windows Hardware Development Central. 2005. http://www.microsoft.com/whdc/system/platform/server/PAE/PAEdrv.mspx#E2D. Retrieved 2008-04-07.

^ Muli Ben-Yehuda, Jimi Xenidis, Michal Ostrowski (2007-06-27). "Price of Safety: Evaluating IOMMU Performance" (PDF). Proceedings of the Linux Symposium 2007. Ottawa, Ontario, Canada: IBM Research. https://ols2006.108.redhat.com/2007/Reprints/ben-yehuda-Reprint.pdf. Retrieved 2007-07-02.

^ "Xen FAQ: In DomU, how can I use 3D graphics". http://wiki.xensource.com/xenwiki/XenFaq#head-d5a7a247a5168517291228a6f02fd74b419badeb. Retrieved 2006-12-12.

Notes

Bottomley, James (2004-05-01). "Using DMA". Linux Journal (Specialized Systems Consultants). http://www.linuxjournal.com/node/7104/print.

Retrieved from "http://en.wikipedia.org/w/index.php?title=IOMMU&oldid=441412358"