IOMMU: A Detailed view



Similar documents
Using IOMMUs for Virtualization in Linux

Virtual Machines. COMP 3361: Operating Systems I Winter

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Hardware accelerated Virtualization in the ARM Cortex Processors

Hardware Based Virtualization Technologies. Elsie Wahlig Platform Software Architect

Using process address space on the GPU

Virtualization Technology. Zhiming Shen

Chapter 5 Cloud Resource Virtualization

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Full and Para Virtualization

The Xen of Virtualization

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Utilizing IOMMUs for Virtualization in Linux and Xen

Operating Systems. Lecture 03. February 11, 2013

COS 318: Operating Systems. Virtual Machine Monitors

1. Computer System Structure and Components

Hybrid Virtualization The Next Generation of XenLinux

Leveraging Thin Hypervisors for Security on Embedded Systems

How To Make A Minecraft Iommus Work On A Linux Kernel (Virtual) With A Virtual Machine (Virtual Machine) And A Powerpoint (Virtual Powerpoint) (Virtual Memory) (Iommu) (Vm) (

Virtual vs Physical Addresses

EE282 Lecture 11 Virtualization & Datacenter Introduction

Virtualization for Cloud Computing

Intel Virtualization Technology Overview Yu Ke

x86 Virtualization Hardware Support Pla$orm Virtualiza.on

COS 318: Operating Systems. Virtual Memory and Address Translation

Virtualization. Jia Rao Assistant Professor in CS

Nested Virtualization

The Microsoft Windows Hypervisor High Level Architecture

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

The Price of Safety: Evaluating IOMMU Performance Preliminary Results

Nested Virtualization

Virtual machines and operating systems

ARM VIRTUALIZATION FOR THE MASSES. Christoffer Dall

CSE597a - Cell Phone OS Security. Cellphone Hardware. William Enck Prof. Patrick McDaniel

Introduction to Virtual Machines

Virtualization. Pradipta De

x86 ISA Modifications to support Virtual Machines

Virtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16

Enabling Intel Virtualization Technology Features and Benefits

Networking Virtualization Using FPGAs

Secure data processing: Blind Hypervision

OSes. Arvind Seshadri Mark Luk Ning Qu Adrian Perrig SOSP2007. CyLab of CMU. SecVisor: A Tiny Hypervisor to Provide

COS 318: Operating Systems. Virtual Machine Monitors

DPDK Summit 2014 DPDK in a Virtual World

Architecture (SOSP 2011) 11/11/2011 Minsung Jang

Operating System Structures

CS 61C: Great Ideas in Computer Architecture Virtual Memory Cont.

Multi-core Programming System Overview

Virtual Machine Security

Bare-Metal Performance for x86 Virtualization

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Optimizing Network Virtualization in Xen

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

<Insert Picture Here> Oracle Database Support for Server Virtualization Updated December 7, 2009

Page 1 of 5. IS 335: Information Technology in Business Lecture Outline Operating Systems

Operating System Structure

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG , Moscow

Bridging the Gap between Software and Hardware Techniques for I/O Virtualization

Advanced Computer Networks. Network I/O Virtualization

Knut Omang Ifi/Oracle 19 Oct, 2015

CS5460: Operating Systems

Windows Server Virtualization & The Windows Hypervisor

Virtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !

Performance tuning Xen

POSIX. RTOSes Part I. POSIX Versions. POSIX Versions (2)

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Best Practices on monitoring Solaris Global/Local Zones using IBM Tivoli Monitoring

The Freescale Embedded Hypervisor

How To Run A Power5 On A Powerbook On A Mini Computer (Power5) On A Microsoft Powerbook (Power4) On An Ipa (Power3) On Your Computer Or Ipa On A Minium (Power2

Hitachi Virtage Embedded Virtualization Hitachi BladeSymphony 10U

Intel Virtualization Technology for Directed I/O

IOS110. Virtualization 5/27/2014 1

Android Virtualization from Sierraware. Simply Secure

Memory Resource Management in VMware ESX Server

Memory Management Outline. Background Swapping Contiguous Memory Allocation Paging Segmentation Segmented Paging

Understanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...

Virtualization. Types of Interfaces

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

VtRES Towards Hardware Embedded Virtualization Technology: Architectural Enhancements to an ARM SoC. ESRG Embedded Systems Research Group

PCI-SIG SR-IOV Primer. An Introduction to SR-IOV Technology Intel LAN Access Division

Hypervisors and Virtual Machines

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D

BHyVe. BSD Hypervisor. Neel Natu Peter Grehan

Memory Management under Linux: Issues in Linux VM development

COS 318: Operating Systems

I/O Device and Drivers

Next Generation Operating Systems

XID ERRORS. vr352 May XID Errors

Optimizing Network Virtualization in Xen

Virtualization. Dr. Yingwu Zhu

I/O. Input/Output. Types of devices. Interface. Computer hardware

Xen and the Art of. Virtualization. Ian Pratt

A Survey on Virtual Machine Security

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Transcription:

12/1/14 Security Level: Security Level: IOMMU: A Detailed view Anurup M. Sanil Kumar D. Nov, 2014 HUAWEI TECHNOLOGIES CO., LTD.

Contents n IOMMU Introduction n IOMMU for ARM n Use cases n Software Architecture n Summary

Input/Outpu t Memory Management Unit IOMMU Memory Physical Address Space IOMMU MMU Virtual Addresses /Device Addresses Physical Addresses Device Virtual Address Space CPU HUAWEI TECHNOLOGIES CO., LTD. Page 3

Why IOMMU? Address Translation Isolation Without IOMMU many devices are unable to address the complete address range supported by the host processor IODevices can corrupt the memory without memory isolation Device VA 1 TLB MIS S IOMMU IOTLB Translation Logic 2 3 TLB UPDA TE TLB HIT 2 or 4 Physical Memory Physical Memory Access Denied Device Physical Memory IO Device IO Page Table 3 Page Fault / Invalid Memory System Bus IOMMU System Bus IOMMU provides the unique address translation for the device address to address more than its actual capability. (This translation is independent of MMU) HUAWEI TECHNOLOGIES CO., LTD. Page 4 IOMMU provides memory protection and enables secure memory access

IOMMU: Pros and Cons Pros Large Memory Allocation; No need to be physically contiguous Devices can access physical memory addresses higher than 4GB (non-dac devices as well) Can be programmed to make the memory region appear to be contiguous to the device on the bus. Device Isolation (avoid DMA attacks) Cons Degradation of performance from translation and management overhead (can be mitigated by a TLB) Consumption of physical memory for the added I/O page (translation) tables. This can be mitigated if the tables can be shared with the processor. Peripheral memory paging can be supported by an IOMMU. (PCIe Address Translation Services (ATS) Page Request Interface (PRI) extension can detect and signal the need for memory manager services.) Interrupt remapping. HUAWEI TECHNOLOGIES CO., LTD. Page 5

Contents n IOMMU Introduction n IOMMU for ARM n Use cases n Software Architecture n Summary HUAWEI TECHNOLOGIES CO., LTD. Page 6

IOMMU in ARM IOMMU in ARM is named as System Memory Management Unit (SMMU) Supports Address translation and isolation Two stage transaltion to support Virtualization Stage 1, from VA (Virtual address) to IPA (Intermediate Physical Address) Stage 2, from IPA to PA (Physical Address) hypervisor will define translation tables to perform this. ARM releases SMMU specifications to support the implementations http://infocenter.arm.com Currently SMMUv2 is the latest official release The mainline Linux kernel has the SMMUv2 driver implemented This driver currently supports (drivers/iommu/arm_smmu.c) SMMUv1 and v2 implementations Stream-matching and stream-indexing v7/v8 long-descriptor format Non-secure access to the SMMU 4k and 64k pages, with contiguous pte hints Up to 42-bit addressing (dependent on VA_BITS) Context fault reporting Memory Physical Address Space SMMU Device Virtual Address Space MMU CPU HUAWEI TECHNOLOGIES CO., LTD. Page 7

Contents n IOMMU Introduction n IOMMU for ARM n Use cases n Software Architecture n Summary HUAWEI TECHNOLOGIES CO., LTD. Page 8

Use cases CPU address space I/O address space Physical Memory System Bus DMA CPU copies from bounce buffer to destination DMA CPU address space Access Denied SMMU SMMU Device DMA 4GB Guest OSn 0 4GB Guest OS1 X1 Xn An 0 A1 Virtual Address space Virtualization n Enables devices to address more than its addressing capability without DAC or bounce buffers n Two stage address translation helps to manage virtual devices along with isolation Stage 1 Stage 1 4GB Physical Address space n Memory protection helps in DMA and Virtualization use cases n Scatter gather DMA capabilities n High performance user space drivers Xn X1 0 Under Guest OS control 4GB An A1 0 Intermediate Physical Address space Stage 2 4GB 0 X1 An Xn A1 HUAWEI TECHNOLOGIES CO., LTD. Page 9

Contents n IOMMU Introduction n IOMMU for ARM n Use cases n Software Architecture n Summary HUAWEI TECHNOLOGIES CO., LTD. Page 10

Software Architecture Device/User 1 Device/User n Clients that uses the iommu DMA Mapping /arch/arm/mm Attaches clients to use iommu awared dma ops (dma-mappings.c) IOMMU Main Driver (/drivers/iommu/*) Almost all the features of IOMMU are abstracted at this layer (iommu.c, arm-smmu.c ) ARM SMMU(IOMMU) HW Support Support IOMMU support on Hardware HUAWEI TECHNOLOGIES CO., LTD. Page 11

Code Flow: DMA API to IOMMU dma-mapping.c iommu.c arm_smmu.c Device driver dma-mapping.c (arch\arm\mm) DMA Mapping /arch/<arch>/mm IOMMU Main Driver (/drivers/iommu/*) IOMMU HW Support iommu.c HUAWEI TECHNOLOGIES CO., LTD. Page 12

Code Flow: IOMMU to Specific IOMMU Drive r iommu.c Device driver DMA Mapping /arch/<arch>/mm arm_smmu.c IOMMU Main Driver (/drivers/iommu/*) IOMMU HW Support HUAWEI TECHNOLOGIES CO., LTD. Page 13

Contents n IOMMU Introduction n IOMMU for ARM n Use cases n Software Architecture n Summary HUAWEI TECHNOLOGIES CO., LTD. Page 14

Summary ARM SMMU is getting refined and new versions with more features expected In Linux Kernel, iommu developments are active, especially for ARM SMMU New drivers and features (PCIe/ATS, VFIO ) Focus on Virtualization Support and extensions Performance optimizations anurup.m@huawei.com sanil.kumar@huawei.com HUAWEI TECHNOLOGIES CO., LTD. Page 15

IOMMU Mailing List HUAWEI TECHNOLOGIES CO., LTD. Page 16

Thank you www.huawei.com anurup.m@huawei.com sanil.kumar@huawei.com

Reference http://en.wikipedia.org/wiki/iommu - IOMMU information http://infocenter.arm.com/help/topic/com.arm.doc.ihi0062c/ihi0062c_system_mmu_architecture_specification.pdf - ARM SMMU v2 specification Linux kernel mainline source code 3.17 HUAWEI TECHNOLOGIES CO., LTD. Page 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information