Affiliation:
1. Technion---Israel Institute of Technology, Haifa, Israel
Abstract
Malicious I/O devices might compromise the OS using DMAs. The OS therefore utilizes the IOMMU to map and unmap every target buffer right before and after its DMA is processed, thereby restricting DMAs to their designated locations. This usage model, however, is not truly secure for two reasons: (1) it provides protection at page granularity only, whereas DMA buffers can reside on the same page as other data; and (2) it delays DMA buffer unmaps due to performance considerations, creating a vulnerability window in which devices can access in-use memory. We propose that OSes utilize the IOMMU differently, in a manner that eliminates these two flaws. Our new usage model restricts device access to a set of shadow DMA buffers that are never unmapped, and it copies DMAed data to/from these buffers, thus providing sub-page protection while eliminating the aforementioned vulnerability window. Our key insight is that the cost of interacting with, and synchronizing access to the slow IOMMU hardware---required for zero-copy protection against devices---make
copying preferable to zero-copying
.
We implement our model in Linux and evaluate it with standard networking benchmarks utilizing a 40,Gb/s NIC. We demonstrate that despite being more secure than the safest preexisting usage model, our approach provides up to 5x higher throughput. Additionally, whereas it is inherently less scalable than an IOMMU-less (unprotected) system, our approach incurs only 0%--25% performance degradation in comparison.
Funder
Israeli Ministry of Science and Technology
Israel Science Foundation
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference53 articles.
1. Intel TXT Overview. https://www.kernel.org/doc/Documentation/intel_txt.txt. Linux kernel documentation. Intel TXT Overview. https://www.kernel.org/doc/Documentation/intel_txt.txt. Linux kernel documentation.
2. Dma issues part 2. https://lwn.net/Articles/91870/. (Accessed: January 2016). Dma issues part 2. https://lwn.net/Articles/91870/. (Accessed: January 2016).
3. B. Aker. Memslap - load testing and benchmarking a server. http://docs.libmemcached.org/bin/memslap.html. libmemcached 1.1.0 documentation. B. Aker. Memslap - load testing and benchmarking a server. http://docs.libmemcached.org/bin/memslap.html. libmemcached 1.1.0 documentation.
4. AMD Inc. AMD IOMMU architectural specification rev 2.00. http://developer.amd.com/wordpress/media/2012/10/488821.pdf Mar 2011. AMD Inc. AMD IOMMU architectural specification rev 2.00. http://developer.amd.com/wordpress/media/2012/10/488821.pdf Mar 2011.
Cited by
26 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. HD-IOV: SW-HW Co-designed I/O Virtualization with Scalability and Flexibility for Hyper-Density Cloud;Proceedings of the Nineteenth European Conference on Computer Systems;2024-04-22
2. IOMMU Deferred Invalidation Vulnerability: Exploit and Defense;2024 Design, Automation & Test in Europe Conference & Exhibition (DATE);2024-03-25
3. SmartDIMM: In-Memory Acceleration of Upper Layer Protocols;2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA);2024-03-02
4. Why write address translation OS code yourself when you can synthesize it?;Proceedings of the 19th Workshop on Hot Topics in Operating Systems;2023-06-22
5. Overcoming the IOTLB wall for multi-100-Gbps Linux-based networking;PeerJ Computer Science;2023-05-16