computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...

, an input–output memory management unit (IOMMU) is a

memory management unit A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware unit having all memory references passed through itself, primarily performing the translation of virtual memory addresses to physical a ...

(MMU) connecting a direct-memory-access–capable (DMA-capable) I/O

bus A bus (contracted from omnibus, with variants multibus, motorbus, autobus, etc.) is a road vehicle that carries significantly more passengers than an average car or van. It is most commonly used in public transport, but is also in use for cha ...

to the main memory. Like a traditional MMU, which translates CPU-visible

virtual address In computing, a virtual address space (VAS) or address space is the set of ranges of virtual addresses that an operating system makes available to a process. The range of virtual addresses usually starts at a low address and can extend to the hig ...

es to

physical address In computing, a physical address (also real address, or binary address), is a memory address that is represented in the form of a binary number on the address bus circuitry in order to enable the data bus to access a ''particular'' storage cell ...

es, the IOMMU maps device-visible virtual addresses (also called ''device addresses'' or ''I/O addresses'' in this context) to physical addresses. Some units also provide

memory protection Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that h ...

from faulty or malicious devices. An example IOMMU is the

graphics address remapping table The graphics address remapping table (GART), also known as the graphics aperture remapping table, or graphics translation table (GTT), is an I/O memory management unit (IOMMU) used by Accelerated Graphics Port (AGP) and PCI Express (PCIe) graphics ...

(GART) used by AGP and PCI Express graphics cards on Intel Architecture and AMD computers. On the x86 architecture, prior to splitting the functionality of northbridge and southbridge between the CPU and

Platform Controller Hub The Platform Controller Hub (PCH) is a family of Intel's single-chip chipsets, first introduced in 2009. It is the successor to the Intel Hub Architecture, which used two chips - a northbridge and southbridge, and first appeared in the Intel 5 ...

(PCH), I/O virtualization was not performed by the CPU but instead by the

chipset In a computer system, a chipset is a set of electronic components in one or more integrated circuits known as a "Data Flow Management System" that manages the data flow between the processor, memory and peripherals. It is usually found on the mo ...

Advantages

The advantages of having an IOMMU, compared to direct physical addressing of the memory (DMA), include: * Large regions of memory can be allocated without the need to be contiguous in physical memory the IOMMU maps contiguous virtual addresses to the underlying fragmented physical addresses. Thus, the use of vectored I/O (

scatter-gather In computing, vectored I/O, also known as scatter/gather I/O, is a method of input and output by which a single procedure call sequentially reads data from multiple buffers and writes it to a single data stream, or reads data from a data stream a ...

lists) can sometimes be avoided. * Devices that do not support memory addresses long enough to address the entire physical memory can still address the entire memory through the IOMMU, avoiding overheads associated with copying buffers to and from the peripheral's addressable memory space. ** For example, x86 computers can address more than 4 gigabytes of memory with the

Physical Address Extension In computing, Physical Address Extension (PAE), sometimes referred to as Page Address Extension, is a memory management feature for the x86 architecture. PAE was first introduced by Intel in the Pentium Pro, and later by AMD in the Athlon proces ...

(PAE) feature in an x86 processor. Still, an ordinary 32-bit PCI device simply cannot address the memory above the 4 GiB boundary, and thus it cannot directly access it. Without an IOMMU, the operating system would have to implement time-consuming bounce buffers (also known as double buffers). * Memory is protected from malicious devices that are attempting

DMA attack A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access (DMA). DMA is included in ...

s and faulty devices that are attempting errant memory transfers because a device cannot read or write to memory that has not been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU (see figure) exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables. ** In

virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...

, ''guest'' operating systems can use hardware that is not specifically made for virtualization. Higher performance hardware such as graphics cards use DMA to access memory directly; in a virtual environment all memory addresses are re-mapped by the virtual machine software, which causes DMA devices to fail. The IOMMU handles this re-mapping, allowing the native device drivers to be used in a guest operating system. * In some architectures IOMMU also performs

hardware interrupt In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted, ...

re-mapping, in a manner similar to standard memory address re-mapping. * Peripheral memory paging can be supported by an IOMMU. A peripheral using the PCI-SIG PCIe Address Translation Services (ATS) Page Request Interface (PRI) extension can detect and signal the need for memory manager services. For system architectures in which port I/O is a distinct address space from the memory address space, an IOMMU is not used when the CPU communicates with devices via

I/O port Memory-mapped I/O (MMIO) and port-mapped I/O (PMIO) are two complementary methods of performing input/output (I/O) between the central processing unit (CPU) and peripheral devices in a computer. An alternative approach is using dedicated I/O pro ...

s. In system architectures in which port I/O and memory are mapped into a suitable address space, an IOMMU can translate port I/O accesses.

Disadvantages

The disadvantages of having an IOMMU, compared to direct physical addressing of the memory, include: * Some degradation of performance from translation and management overhead (e.g., page table walks). * Consumption of physical memory for the added I/O page (translation) tables. This can be mitigated if the tables can be shared with the processor. * In order to decrease the page table size the granularity of many IOMMUs is equal to the memory paging (often 4096 bytes), and hence each small buffer that needs protection against DMA attack has to be page aligned and zeroed before making visible to the device. Due to OS memory allocation complexity this means that the device driver needs to use bounce buffers for the sensitive data structures and hence decreasing overall performance.

Virtualization

When an operating system is running inside a

virtual machine In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized h ...

, including systems that use

paravirtualization In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface. The intent o ...

, such as Xen and KVM, it does not usually know the host-physical addresses of memory that it accesses. This makes providing direct access to the computer hardware difficult, because if the guest OS tried to instruct the hardware to perform a

direct memory access Direct memory access (DMA) is a feature of computer systems and allows certain hardware subsystems to access main system memory independently of the central processing unit (CPU). Without DMA, when the CPU is using programmed input/output, it is ...

(DMA) using guest-physical addresses, it would likely corrupt the memory, as the hardware does not know about the mapping between the guest-physical and host-physical addresses for the given virtual machine. The corruption can be avoided if the hypervisor or host OS intervenes in the I/O operation to apply the translations. However, this approach incurs a delay in the I/O operation. An IOMMU solves this problem by re-mapping the addresses accessed by the hardware according to the same (or a compatible) translation table that is used to map guest-physical address to host-physical addresses.

Published specifications

AMD Advanced Micro Devices, Inc. (AMD) is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. While it initially manufactur ...

has published a specification for IOMMU technology, called

AMD-Vi x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-as ...

. * IBM offered Extended Control Program Support: Virtual Storage Extended (ECPS:VSE) mode on its

43xx The IBM 4300 series are mid-range systems compatible with IBM System/370, System/370 that were sold from 1979 through 1992. They featured modest electrical and cooling requirements, and thus did not require a data center environment. They had a d ...

line; channel programs used virtual addresses. *

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

has published a specification for IOMMU technology as Virtualization Technology for Directed I/O, abbreviated

VT-d x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-as ...

. * Information about the

Sun The Sun is the star at the center of the Solar System. It is a nearly perfect ball of hot plasma, heated to incandescence by nuclear fusion reactions in its core. The Sun radiates this energy mainly as light, ultraviolet, and infrared radi ...

IOMMU has been published in the Device Virtual Memory Access (DVMA) section of the Solaris Developer Connection. * The IBM Translation Control Entry (TCE) has been described in a document entitled Logical Partition Security in the IBM

eServer IBM eServer was a family of computer servers from IBM. Announced in 2000, it combined the various IBM server brands (AS/400, Netfinity, RS/6000, S/390) under one brand. The various sub-brands were at the same time rebranded from: *IBM RS/6000 to ...

pSeries The IBM System p is a high-end line of RISC (Power)/UNIX-based servers. It was the successor of the RS/6000 line, and predecessor of the IBM Power Systems server series. History The previous RS/6000 line was originally a line of workstations an ...

690. * The

PCI-SIG PCI-SIG, or Peripheral Component Interconnect Special Interest Group, is an electronics industry consortium responsible for specifying the Peripheral Component Interconnect (PCI), PCI-X, and PCI Express (PCIe) computer buses. It is based in ...

has relevant work under the terms I/O Virtualization (IOV) and Address Translation Services (ATS). *

ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...

defines its version of IOMMU as System Memory Management Unit (SMMU) to complement its Virtualization architecture.

References

External links

*
Mastering the DMA and IOMMU APIs
Embedded Linux Conference 2014, San Jose, by Laurent Pinchart {{DEFAULTSORT:Iommu Memory management Computer peripherals