IOMMU概念，优点，缺点

The IOMMU or input/output memory management unit is a computer memory management unit (MMU) that connects a DMA-capable I/O bus to the primary storage memory. Like the CPU memory management unit, an IOMMU takes care of mapping virtual addresses (also called device addresses or I/O addresses) to physical addresses and some units guarantee memory protection from misbehaving devices.

An example IOMMU is the Graphics Address Remapping Table (GART) used by AGP and PCI Express graphics cards. AMD has published a specification for IOMMU technology in the HyperTransport architecture[1]. Intel has published a specification for IOMMU technology as Virtualization Technology for Directed I/O, abbreviated VT-d.[2] Information about the Sun IOMMU has been published in the Device Virtual Memory Access (DVMA) section of the Solaris Developer Connection.[3] The IBM Translation Control Entry (TCE) has been described in a document entitled Logical Partition Security in the IBM eServer pSeries 690.[4] The PCI-SIG has relevant work under the terms I/O Virtualization (IOV)[5] and Address Translation Services (ATS).

Advantages

The advantages of having an IOMMU, compared to direct physical addressing of the memory, include:

l        Large regions of memory can be allocated without the need to be contiguous in physical memory — the IOMMU will take care of mapping contiguous virtual addresses to fragmented physical addresses. Thus, the use of vectored I/O (scatter-gather lists) can sometimes be avoided.

l        For devices that do not support memory addresses long enough to address the entire physical memory, the device can still address the entire memory through the IOMMU. This avoids overhead associated with buffer copies to and from the memory space the peripheral can address.

l        Memory protection from malicious or misbehaving devices – a device cannot read or write to memory that hasn't been explicitly allocated (mapped) for it.

l        Virtualized guest operating systems can safely be granted direct access to hardware.

All these advantages are also available when communicating with devices through I/O ports, although with a significant CPU overhead when moving large volumes of data (see direct memory access).

In general, the IOMMU provides isolation (memory protection) and address translation. Some architectures allow for interrupt remapping in a manner generally similar to address translation.

The memory protection and direct-access attributes are based on the fact that the system software running on the CPU (see figure) controls both the MMU and the IOMMU. As a result, the devices and the guest operating systems are unable to circumvent or corrupt properly configured memory management tables.

Disadvantages

The disadvantages of having an IOMMU, compared to direct physical addressing of the memory, include:

l        Some degradation of performance from translation and management overhead (e.g., page table walks).

l        Consumption of physical memory for the added I/O page (translation) tables. This can be mitigated if the tables can be shared with the processor.

IOMMU in relation to virtualization

When an operating system is running in a virtual machine, including systems that use paravirtualization, such as Xen, it does not usually know the physical addresses of memory that it accesses. This makes providing direct access to the computer hardware difficult, because if the OS tried to instruct the hardware to perform a direct memory access, it would likely corrupt the memory, as the hardware does not know about the mapping between the virtual real addresses used by the virtualized guest system. The corruption is avoided because the hypervisor or OS intervenes in the I/O operation to apply the translations; unfortunately, this injects delays and overhead in the I/O operation.

An IOMMU can solve this problem by re-mapping the addresses accessed by the hardware according to the same (or a compatible) translation table used by the virtual machine guest.