research-article

rIOMMU: Efficient IOMMU for I/O Devices that Employ Ring Buffers

Authors:

Muli Ben-Yehuda,

Dan TsafrirAuthors Info & Claims

ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 355 - 368

https://doi.org/10.1145/2694344.2694355

Published: 14 March 2015 Publication History

Abstract

The IOMMU allows the OS to encapsulate I/O devices in their own virtual memory spaces, thus restricting their DMAs to specific memory pages. The OS uses the IOMMU to protect itself against buggy drivers and malicious/errant devices. But the added protection comes at a cost, degrading the throughput of I/O-intensive workloads by up to an order of magnitude. This cost has motivated system designers to trade off some safety for performance, e.g., by leaving stale information in the IOTLB for a while so as to amortize costly invalidations. We observe that high-bandwidth devices---like network and PCIe SSD controllers---interact with the OS via circular ring buffers that induce a sequential, predictable workload. We design a ring IOMMU (rIOMMU) that leverages this characteristic by replacing the virtual memory page table hierarchy with a circular, flat table. A flat table is adequately supported by exactly one IOTLB entry, making every new translation an implicit invalidation of the former and thus requiring explicit invalidations only at the end of I/O bursts. Using standard networking benchmarks, we show that rIOMMU provides up to 7.56x higher throughput relative to the baseline IOMMU, and that it is within 0.77--1.00x the throughput of a system without IOMMU protection.

References

[1]

Dennis Abts and Bob Felderman. A guided tour through data-center networking. ACM Queue, 10(5):10:10--10:23, May 2012.

Digital Library

[2]

Brian Aker. Memslap - load testing and benchmarking a server. http://docs.libmemcached.org/bin/memslap.html. libmemcached 1.1.0 documentation. Accessed: Jan 2015.

[3]

AMD Inc. AMD IOMMU architectural specification, rev 2.00. http://support.amd.com/TechDocs/48882.pdf, Mar 2011. Accessed: Jan 2015.

[4]

Nadav Amit, Muli Ben-Yehuda, Dan Tsafrir, and Assaf Schuster. vIOMMU: efficient IOMMU emulation. In USENIX Annual Technical Conference (ATC), pages 73--86, 2011.

Digital Library

[5]

Apachebench. http://en.wikipedia.org/wiki/ApacheBench. Accessed: Jan 2015.

[6]

Apple Inc. Thunderbolt device driver programming guide: Debugging VT-d I/O MMU virtualization. https://developer.apple.com/library/mac/documentation/HardwareDrivers/Conceptual/ThunderboltDevGuide/DebuggingThunderboltDrivers/DebuggingThunderboltDrivers.html, 2013. Accessed: May 2014.

[7]

ARM Holdings. ARM system memory management unit architecture specification -- SMMU architecture version 2.0. http://infocenter.arm.com/help/topic/com.arm.doc.ihi0062c/IHI0062C_system_mmu_architecture\_specification.pdf, 2013. Accessed: Jan 2015.

[8]

Thomas Ball, Ella Bounimova, Byron Cook, Vladimir Levin, Jakob Lichtenberg, Con McGarvey, Bohus Ondrusek, Sriram K. Rajamani, and Abdullah Ustuner. Thorough static analysis of device drivers. In ACM Eurosys, pages 73--85, 2006.

Digital Library

[9]

Michael Becher, Maximillian Dornseif, and Christian N. Klein. FireWire: all your memory are belong to us. In CanSecWest applied security conference, 2005.

[10]

Muli Ben-Yehuda, Jimi Xenidis, Michal Ostrowski, Karl Rister, Alexis Bruemmer, and Leendert van Doorn. The price of safety: Evaluating IOMMU performance. In Ottawa Linux Symposium (OLS), pages 9--20, 2007.

[11]

James E.J. Bottomley. Dynamic DMA mapping using the generic device. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/DMA-API.txt?id=refs/tags/v3.18.3. Linux kernel documentation. Accessed: Jan 2015.

[12]

Brian D. Carrier and Joe Grand. A hardware-based memory acquisition procedure for digital investigations. Digital Investigation, 1(1):50--60, Feb 2014.

Digital Library

[13]

Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallem, and Dawson Engler. An empirical study of operating systems errors. In ACM Symposium on Operating Systems Principles (SOSP), pages 73--88, 2001.

Digital Library

[14]

Cisco. Understanding switch latency. http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11--661939.html, Jun 2012. White paper. Accessed: Aug 2014.

[15]

Russell Coker. The Bonnie benchmark. http://www.coker.com.au/bonnie/. Accessed: Jan 2015.

[16]

Jonathan Corbet. Linux Device Drivers, chapter 15: Memory Mapping and DMA. O'Reilly, 3rd edition, 2005.

Digital Library

[17]

John Criswell, Nicolas Geoffray, and Vikram Adve. Memory safety for low-level software/hardware interactions. In USENIX Security Symposium, pages 83--100, 2009.

Digital Library

[18]

The Apache HTTP server project. http://httpd.apache.org. Accessed: Jan 2015.

[19]

Roy T. Fielding and Gail Kaiser. The Apache HTTP server project. IEEE Internet Computing, 1(4):88--90, Jul 1997.

Digital Library

[20]

Brad Fitzpatrick. Distributed caching with memcached. Linux Journal, 2004(124), Aug 2004.

Digital Library

[21]

Brice Goglin. Design and implementation of Open-MX: High-performance message passing over generic Ethernet hardware. In IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2008.

[22]

Abel Gordon, Nadav Amit, Nadav Har'El, Muli Ben-Yehuda, Alex Landau, Assaf Schuster, and Dan Tsafrir. ELI: Bare-metal performance for I/O virtualization. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 411--422, 2012.

Digital Library

[23]

Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum. Failure resilience for device drivers. In IEEE/IFIP Annual International Conference on Dependable Systems and Networks (DSN), pages 41--50, 2007.

Digital Library

[24]

Brian Hill. Integrating an EDK custom peripheral with a LocalLink interface into Linux. Technical Report XAPP1129 (v1.0), XILINX, May 2009. http://www.xilinx.com/support/documentation/application_notes/xapp1129.pdf. Accessed: Jan 2015.

[25]

IBM Corporation. PowerLinux servers -- 64-bit DMA concepts. http://pic.dhe.ibm.com/infocenter/lnxinfo/v3r0m0/topic/liabm/liabmconcepts.htm. Accessed: May 2014.

[26]

IBM Corporation. AIX kernel extensions and device support programming concepts. https://publib.boulder.ibm.com/infocenter/aix/v7r1/topic/com.ibm.aix.kernelext/doc/kernextc/kernextc\_pdf.pdf, 2013. Accssed: May 2014.

[27]

ibverbs evaluation. http://www.scalalife.eu/book/export/html/434. Accessed: Aug 2014.

[28]

Intel Corporation. Intel virtualization technology for directed I/O - architecture specification - specification - Rev. 2.2. http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/vt-directed-io-spec.pdf, Sep 2013. Accessed: Jan 2015.

[29]

Intel Corporation. Serial ATA advanced host controller interface (AHCI) 1.3.1. http://www.intel.com/content/www/us/en/io/serial-ata/serial-ata-ahci-spec-rev1--3--1.html, Mar 2014. Accessed: Jan 2015.

[30]

Rick A. Jones. A network performance benchmark (Revision 2.0). Technical report, Hewlett Packard, 1995. http://www.netperf.org/netperf/training/Netperf.html. Accessed: Jan 2015.

[31]

Doug Joseph and Dirk Grunwald. Prefetching using Markov predictors. In ACM International Symposium on Computer Architecture (ISCA), pages 252--263, 1997.

Digital Library

[32]

Asim Kadav, Matthew J. Renzelmann, and Michael M. Swift. Tolerating hardware device failures in software. In ACM Symposium on Operating Systems Principles (SOSP), pages 59--72, 2009.

Digital Library

[33]

Gokul B. Kandiraju and Anand Sivasubramaniam. Characterizing the d-TLB behavior of SPEC CPU2000 benchmarks. In ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pages 129--139, Jun 2002.

Digital Library

[34]

Gokul B. Kandiraju and Anand Sivasubramaniam. Going the distance for TLB prefetching: An application-driven study. In ACM International Symposium on Computer Architecture (ISCA), pages 195--206, 2002.

Digital Library

[35]

Gregory Kerr. Dissecting a small InfiniBand application using the Verbs API. Computing Research Repository (arxiv), abs/1105.1827, 2011. http://arxiv.org/abs/1105.1827.

[36]

Joshua LeVasseur, Volkmar Uhlig, Jan Stoess, and Stefan Götz. Unmodified device driver reuse and improved system dependability via virtual machines. In USENIX Symposium on Operating System Design and Implementation (OSDI), pages 17--30, 2004.

Digital Library

[37]

Moshe Malka, Nadav Amit, and Dan Tsafrir. Efficient intra-operating system protection against harmful DMAs. In USENIX Conference on File and Storage Technologies (FAST), Feb 2015.

[38]

Vinod Mamtani. DMA directions and Windows. http://download.microsoft.com/download/a/f/d/afdfd50d-6eb9--425e-84e1-b4085a80e34e/sys-t304_wh07.pptx, 2007. Accessed: May 2014.

[39]

Ben Martin. Using Bonnie

[40]

for filesystem performance benchmarking. Linux.com article. http://archive09.linux.com/feature/139742, 2008. Accessed: Jan 2015.

[41]

David S. Miller, Richard Henderson, and Jakub Jelinek. Dynamic DMA mapping guide. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/DMA-API-HOWTO.txt?id=refs/tags/v3.18.3. Linux kernel documentation. Accessed: Jan 2015.

[42]

NVM Express Workgroup. NVM Express (NVMe) specification -- Revision 1.2. http://www.nvmexpress.org/wp-content/uploads/NVM-Express-1_2-Gold-20141209.pdf, Nov 2014. Accessed: Jan 2015.

[43]

PCI-SIG. Address translation services Revision 1.1. https://www.pcisig.com/specifications/iov/ats, Jan 2009. Accessed: Jan 2015.

[44]

Simon Peter, Jialin Li, Irene Zhang, Dan R. K. Ports, Doug Woos, Arvind Krishnamurthy, Thomas Anderson, and Timothy Roscoe. Arrakis: The operating system is the control plane. In USENIX Symposium on Operating System Design and Implementation (OSDI), pages 1--16, 2014.

Digital Library

[45]

Ashley Saulsbury, Fredrik Dahlgren, and Per Stenström. Recency-based TLB preloading. In ACM International Symposium on Computer Architecture (ISCA), pages 117--127, 2000.

Digital Library

[46]

Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In ACM Symposium on Operating Systems Principles (SOSP), pages 335--350, 2007.

Digital Library

[47]

Livio Soares and Michael Stumm. FlexSC: Flexible system call scheduling with exception-less system calls. In USENIX Symposium on Operating System Design and Implementation (OSDI), pages 33--46, 2010.

Digital Library

[48]

Michael Swift, Brian Bershad, and Henry Levy. Improving the reliability of commodity operating systems. ACM Transactions on Computer Systems (TOCS), 23(1):77--110, Feb 2005.

Digital Library

[49]

Transpacket Fusion Networks. Ultra low latency of 1.2 microseconds for 1G to 10G Ethernet aggregation. http://tinyurl.com/transpacket-low-latency, Dec 2012. Accessed: Jan 2015.

[50]

Carl Waldspurger and Mendel Rosenblum. I/O virtualization. Communications of the ACM (CACM), 55(1):66--73, Jan 2012.

Digital Library

[51]

Dan Williams, Patrick Reynolds, Kevin Walsh, Emin Gün Sirer, and Fred B. Schneider. Device driver safety through a reference validation mechanism. In USENIX Symposium on Operating System Design and Implementation (OSDI), pages 241--254, 2008.

Digital Library

[52]

Paul Willmann, Scott Rixner, and Alan L. Cox. Protection strategies for direct access to virtualized I/O devices. In USENIX Annual Technical Conference (ATC), pages 15--28, 2008.

Digital Library

[53]

Rafal Wojtczuk. Subverting the Xen hypervisor. In Black Hat, 2008. http://www.blackhat.com/presentations/bh-usa-08/Wojtczuk/BHUS_08_Wojtczuk_Subverting_the_Xen_Hypervisor.pdf. Accessed: May 2014.

[54]

Ben-Ami Yassour, Muli Ben-Yehuda, and Orit Wasserman. On the DMA mapping problem in direct device assignment. In ACM International Systems and Storage Conference (SYSTOR), pages 18:1--18:12, 2010.

Digital Library

Cited By

Yuan YWang RRanganathan NRao NKumar SLantz PSanjeepan VCabrera JKwatra ASankaran RJeong IKim N(2024)Intel Accelerators Ecosystem: An SoC-Oriented Perspective : Industry Product2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00066(848-862)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00066
Alam FLee HBhattacharjee AAwad A(2023)CryptoMMU: Enabling Scalable and Secure Access Control of Third-Party AcceleratorsProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614311(32-48)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614311
Zhao KXue KWang ZSchatzberg DYang LManousis AWeiner JVan Riel RSharma BTang CSkarlatos DSolihin YHeinrich M(2023)Contiguitas: The Pursuit of Physical Memory Contiguity in DatacentersProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589079(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589079
Show More Cited By

Index Terms

rIOMMU: Efficient IOMMU for I/O Devices that Employ Ring Buffers
1. Hardware
  1. Communication hardware, interfaces and storage
    1. Buses and high-speed links
  2. Integrated circuits
    1. Semiconductor memory
      1. Dynamic memory
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        Memory management
        Allocation / deallocation strategies
        Virtual memory

Recommendations

rIOMMU: Efficient IOMMU for I/O Devices that Employ Ring Buffers
ASPLOS '15

The IOMMU allows the OS to encapsulate I/O devices in their own virtual memory spaces, thus restricting their DMAs to specific memory pages. The OS uses the IOMMU to protect itself against buggy drivers and malicious/errant devices. But the added ...
rIOMMU: Efficient IOMMU for I/O Devices that Employ Ring Buffers
ASPLOS'15

The IOMMU allows the OS to encapsulate I/O devices in their own virtual memory spaces, thus restricting their DMAs to specific memory pages. The OS uses the IOMMU to protect itself against buggy drivers and malicious/errant devices. But the added ...
SRVM: Hypervisor Support for Live Migration with Passthrough SR-IOV Network Devices
VEE '16

Single-Root I/O Virtualization (SR-IOV) is a specification that allows a single PCI Express (PCIe) device (ysical function or PF) to be used as multiple PCIe devices (virtual functions or VF). In a virtualization system, each VF can be directly assigned ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

March 2015

720 pages

ISBN:9781450328357

DOI:10.1145/2694344

General Chairs:
Ozcan Ozturk
Bilkent University, Turkey
,
Kemal Ebcioglu
Global Supercomputing, USA
,
Program Chair:
Sandhya Dwarkadas
University of Rochester, USA

ACM SIGPLAN Notices Volume 50, Issue 4
ASPLOS '15
April 2015
676 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2775054
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents
ACM SIGARCH Computer Architecture News Volume 43, Issue 1
ASPLOS'15
March 2015
676 pages
ISSN:0163-5964
DOI:10.1145/2786763
Editor:
Doug DeGroot
acm dot org
Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

I/O memory management unit

Qualifiers

Research-article

Conference

ASPLOS '15

Sponsor:

ASPLOS '15: Architectural Support for Programming Languages and Operating Systems

March 14 - 18, 2015

Istanbul, Turkey

Acceptance Rates

ASPLOS '15 Paper Acceptance Rate 48 of 287 submissions, 17%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

34
Total Citations
View Citations
1,083
Total Downloads

Downloads (Last 12 months)112
Downloads (Last 6 weeks)9

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yuan YWang RRanganathan NRao NKumar SLantz PSanjeepan VCabrera JKwatra ASankaran RJeong IKim N(2024)Intel Accelerators Ecosystem: An SoC-Oriented Perspective : Industry Product2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00066(848-862)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00066
Alam FLee HBhattacharjee AAwad A(2023)CryptoMMU: Enabling Scalable and Secure Access Control of Third-Party AcceleratorsProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614311(32-48)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614311
Zhao KXue KWang ZSchatzberg DYang LManousis AWeiner JVan Riel RSharma BTang CSkarlatos DSolihin YHeinrich M(2023)Contiguitas: The Pursuit of Physical Memory Contiguity in DatacentersProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589079(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589079
Lv CZhang FGao XZhu C(2022)LA-vIOMMU: An Efficient Hardware-Software Co-design of IOMMU Virtualization2022 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00038(246-253)Online publication date: Dec-2022
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00038
Bittman DAlvaro PLong DMiller EYadgar GNoh S(2019)A tale of two abstractionsProceedings of the 11th USENIX Conference on Hot Topics in Storage and File Systems10.5555/3357062.3357077(11-11)Online publication date: 8-Jul-2019
https://dl.acm.org/doi/10.5555/3357062.3357077
Zhou LXiao JLeach KWeimer WZhang FWang G(2019)Nighthawk: Transparent System Introspection from Ring -3Computer Security – ESORICS 201910.1007/978-3-030-29962-0_11(217-238)Online publication date: 15-Sep-2019
https://doi.org/10.1007/978-3-030-29962-0_11
Markuze ASmolyar IMorrison ATsafrir D(2018)DAMNACM SIGPLAN Notices10.1145/3296957.317317553:2(301-315)Online publication date: 19-Mar-2018
https://dl.acm.org/doi/10.1145/3296957.3173175
Zhou HBateni SLiu C(2018)GRUProceedings of the 2018 International Conference on Supercomputing10.1145/3205289.3205318(43-52)Online publication date: 12-Jun-2018
https://dl.acm.org/doi/10.1145/3205289.3205318
Markuze ASmolyar IMorrison ATsafrir DShen XTuck JBianchini RSarkar V(2018)DAMNProceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3173162.3173175(301-315)Online publication date: 19-Mar-2018
https://dl.acm.org/doi/10.1145/3173162.3173175
Zhang WHu XLi JGuan H(2018)CoINT: Proactive Coordinator for Avoiding Interruptability Holder Preemption Problem in VSMP EnvironmentIEEE INFOCOM 2018 - IEEE Conference on Computer Communications10.1109/INFOCOM.2018.8485997(477-485)Online publication date: Apr-2018
https://doi.org/10.1109/INFOCOM.2018.8485997
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten