IOMMU
Encyclopedia
In computing
, an input/output memory management unit (IOMMU) is a memory management unit
(MMU) that connects a DMA
-capable I/O bus
to the main memory. Like a traditional MMU, which translates CPU
-visible virtual address
es to physical address
es, the IOMMU takes care of mapping device-visible virtual addresses (also called device addresses or I/O addresses in this context) to physical addresses. Some units also provide memory protection
from misbehaving devices.
An example IOMMU is the graphics address remapping table
(GART) used by AGP
and PCI Express
graphics cards.
AMD has published a specification for IOMMU technology in the HyperTransport architecture. Intel has published a specification for IOMMU technology as Virtualization Technology for Directed I/O, abbreviated VT-d. Information about the Sun IOMMU has been published in the Device Virtual Memory Access (DVMA) section of the Solaris Developer Connection. The IBM
Translation Control Entry
(TCE) has been described in a document entitled Logical Partition Security in the IBM eServer
pSeries 690. The PCI-SIG
has relevant work under the terms I/O Virtualization (IOV) and Address Translation Services (ATS).
I/O virtualization is not performed by the CPU, but instead by the chipset
.
For system architectures in which port I/O is a distinct address space from the memory address space, an IOMMU is not used when the CPU communicates with devices via I/O ports. In system architectures in which port I/O and memory are mapped into a suitable address space, an IOMMU can translate port I/O accesses.
, including systems that use paravirtualization
, such as Xen, it does not usually know the host-physical addresses of memory that it accesses. This makes providing direct access to the computer hardware difficult, because if the guest OS tried to instruct the hardware to perform a direct memory access
(DMA) using guest-physical addresses, it would likely corrupt the memory, as the hardware does not know about the mapping between the guest-physical and host-physical addresses for the given virtual machine. The corruption is avoided because the hypervisor or host OS intervenes in the I/O operation to apply the translations; unfortunately, this delays the I/O operation.
An IOMMU can solve this problem by re-mapping the addresses accessed by the hardware according to the same (or a compatible) translation table that is used to map guest-physical address to host-physical addresses.
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
, an input/output memory management unit (IOMMU) is a memory management unit
Memory management unit
A memory management unit , sometimes called paged memory management unit , is a computer hardware component responsible for handling accesses to memory requested by the CPU...
(MMU) that connects a DMA
Direct memory access
Direct memory access is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit ....
-capable I/O bus
Computer bus
In computer architecture, a bus is a subsystem that transfers data between components inside a computer, or between computers.Early computer buses were literally parallel electrical wires with multiple connections, but the term is now used for any physical arrangement that provides the same...
to the main memory. Like a traditional MMU, which translates CPU
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...
-visible virtual address
Virtual address
In computer technology, a virtual address is an address identifying a virtual, i.e. non-physical, entity.-Description:The term virtual address is most commonly used for an address pointing to virtual memory or, in networking, when referring to a virtual network address...
es to physical address
Physical address
In computing, a physical address, also real address, or binary address, is the memory address that is represented in the form of a binary number on the address bus circuitry in order to enable the data bus to access a particular storage cell of main memory.In a computer with virtual memory, the...
es, the IOMMU takes care of mapping device-visible virtual addresses (also called device addresses or I/O addresses in this context) to physical addresses. Some units also provide memory protection
Memory protection
Memory protection is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug within a process from affecting...
from misbehaving devices.
An example IOMMU is the graphics address remapping table
Graphics address remapping table
The graphics address remapping table , sometimes known as the graphics translation table , is an I/O memory management unit used by AGP and PCI Express graphics cards. The GART allows the graphics card direct memory access to the host system memory, through which buffers of textures, polygon...
(GART) used by AGP
Accelerated Graphics Port
The Accelerated Graphics Port is a high-speed point-to-point channel for attaching a video card to a computer's motherboard, primarily to assist in the acceleration of 3D computer graphics. Since 2004 AGP has been progressively phased out in favor of PCI Express...
and PCI Express
PCI Express
PCI Express , officially abbreviated as PCIe, is a computer expansion card standard designed to replace the older PCI, PCI-X, and AGP bus standards...
graphics cards.
AMD has published a specification for IOMMU technology in the HyperTransport architecture. Intel has published a specification for IOMMU technology as Virtualization Technology for Directed I/O, abbreviated VT-d. Information about the Sun IOMMU has been published in the Device Virtual Memory Access (DVMA) section of the Solaris Developer Connection. The IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
Translation Control Entry
Translation Control Entry
A Translation Control Entry on IBM eServer pSeries computers is used by the I/O bridge to translate addresses generated by I/O devices into physical addresses. The technology is also called an I/O memory management unit, or IOMMU.-External links:...
(TCE) has been described in a document entitled Logical Partition Security in the IBM eServer
EServer
IBM eServer was a family of computer servers from IBM Corporation.Announced in the year 2000, it combined the various IBM server brands under one brand.The various sub-brands were at the same time rebranded from:...
pSeries 690. The PCI-SIG
PCI-SIG
The PCI-SIG or Peripheral Component Interconnect Special Interest Group is an electronics industry consortium responsible for specifying the Peripheral Component Interconnect , PCI-X, and PCI Express computer buses....
has relevant work under the terms I/O Virtualization (IOV) and Address Translation Services (ATS).
I/O virtualization is not performed by the CPU, but instead by the chipset
Chipset
A chipset, PC chipset, or chip set refers to a group of integrated circuits, or chips, that are designed to work together. They are usually marketed as a single product.- Computers :...
.
Advantages
The advantages of having an IOMMU, compared to direct physical addressing of the memory, include:- Large regions of memory can be allocated without the need to be contiguous in physical memory — the IOMMU will take care of mapping contiguous virtual addresses to the underlying fragmented physical addresses. Thus, the use of vectored I/OVectored I/OIn computing, vectored I/O, also known as scatter/gather I/O, is a method of input and output by which a single procedure-call sequentially writes data from multiple buffers to a single data stream or reads data from a data stream to multiple buffers. The buffers are given in a vector of buffers...
(scatter-gather lists) can sometimes be avoided. - For devices that do not support memory addresses long enough to address the entire physical memory, the device can still address the entire memory through the IOMMU. This avoids overhead associated with copying buffers to and from the memory space the peripheral can address.
- For example, x86 computers can use more than 4 GiB of memory, enabled by the PAEPhysical Address ExtensionIn computing, Physical Address Extension is a feature to allow x86 processors to access a physical address space larger than 4 gigabytes....
feature in an x86 processor. Still, an ordinary 32-bit PCI device simply cannot address the memory above the 4 GiB boundary, and thus it cannot perform DMA to it. Without an IOMMU, the operating system would have to implement time-consuming (FreeBSD/Linux) also known as double buffers (Windows nomenclature).
- For example, x86 computers can use more than 4 GiB of memory, enabled by the PAE
- Memory protectionMemory protectionMemory protection is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug within a process from affecting...
from malicious or misbehaving devices: a device cannot read or write to memory that hasn't been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU (see figure) exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables.- With virtualization, guest operating systems can use hardware that is not specifically made for virtualization. Higher performance hardware such as graphics cards use DMADMADMA can refer to:* DMA , a defunct dance music magazine* Dallas Museum of Art, an art museum in Texas, USA* Danish Music Awards, an award show held in Denmark since 1989...
to access memory directly; in a virtual environment all the memory addresses are remapped by the virtual machine software, which causes DMA devices to fail. The IOMMU handles this remapping, allowing for the native device drivers to be used in a guest operating system.
- With virtualization, guest operating systems can use hardware that is not specifically made for virtualization. Higher performance hardware such as graphics cards use DMA
- In some architectures IOMMU also performs hardware interrupt remapping, in a manner similar to standard memory address remapping.
- Peripheral memory paging can be supported by an IOMMU. A peripheral using the PCI-SIG PCIe Address Translation Services (ATS) Page Request Interface (PRI) extension can detect and signal the need for memory manager services.
For system architectures in which port I/O is a distinct address space from the memory address space, an IOMMU is not used when the CPU communicates with devices via I/O ports. In system architectures in which port I/O and memory are mapped into a suitable address space, an IOMMU can translate port I/O accesses.
Disadvantages
The disadvantages of having an IOMMU, compared to direct physical addressing of the memory, include:- Some degradation of performance from translation and management overhead (e.g., page table walks).
- Consumption of physical memory for the added I/O page (translation) tablePage tableA page table is the data structure used by a virtual memory system in a computer operating system to store the mapping between virtual addresses and physical addresses. Virtual addresses are those unique to the accessing process...
s. This can be mitigated if the tables can be shared with the processor.
IOMMU in relation to virtualization
When an operating system is running inside a virtual machineVirtual machine
A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software emulation or hardware virtualization or both together.-VM Definitions:A virtual machine is a software...
, including systems that use paravirtualization
Paravirtualization
In computing, paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware....
, such as Xen, it does not usually know the host-physical addresses of memory that it accesses. This makes providing direct access to the computer hardware difficult, because if the guest OS tried to instruct the hardware to perform a direct memory access
Direct memory access
Direct memory access is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit ....
(DMA) using guest-physical addresses, it would likely corrupt the memory, as the hardware does not know about the mapping between the guest-physical and host-physical addresses for the given virtual machine. The corruption is avoided because the hypervisor or host OS intervenes in the I/O operation to apply the translations; unfortunately, this delays the I/O operation.
An IOMMU can solve this problem by re-mapping the addresses accessed by the hardware according to the same (or a compatible) translation table that is used to map guest-physical address to host-physical addresses.