An IOMMU for Hardware-assisted Full Virtualization of Heterogeneous Multi-core SoCs

摘要

Hardware virtualization is a major challenge in embedded virtualization. The key to improving resource utilization in a virtualized system is to allow maximum possible resource access operations to perform natively with minimal intervention by the virtual machine monitor, while at the same time ensuring protected operation among different virtual machines' address space. An innovative I/O Memory Management Unit component (IOMMU) is architected to enable mapping of virtual addresses from multiple devices to the correct VM's physical memory locations, offering enhanced protection, scatter-gather functions on distributed memory organizations, high performance supported by a configurable TLB and an integrated lightweight hardware monitoring unit to facilitate dynamic system optimizations. This new IOMMU is designed in a modular way supporting address translation along with protection and security extensions. The principal objective is to ensure device isolation by safely mapping a device to a particular guest without risking the integrity of other guests. Additionally, the IOMMU is designed to provide an increased level of security in scenarios without virtualization; with the aid of the IOMMU, the operating system is able to protect itself from malicious device drivers by limiting a device's memory accesses and managing the permissions of peripheral devices.