Protection strategies for direct access to virtualized I/O devices
作者: Paul Willmann , Scott Rixner , Alan L. Cox
DOI:
关键词:
摘要: Commodity virtual machine monitors forbid direct access to I/O devices by untrusted guest operating systems in order provide protection and sharing. However, both memory management units (IOMMUs) recently proposed software-based methods can be used reduce the overhead of virtualization providing with safe, devices. This paper explores performance safety tradeoffs strategies for using these mechanisms. The presented this equivalent inter-guest among system instances. they varying levels intra-guest from driver software incur overhead. A simple direct-map strategy incurs least overhead, native-level but offering no enhanced misbehaving device drivers within system. Additional against achieved limiting IOMMU page-table mappings buffers that are actually transfers. Furthermore, cost incurred limitation minimized aggressively reusing mappings. Surprisingly, a software-only does not use an at all performs competitively, sometimes better than, hardware-based while maintaining strict isolation.
rice.edu 
columbia.edu 
acm.org 参考文章(17)
Andrew Warfield, Steven Hand, Ian Pratt, Mark Williamson, Rolf Neugebauer, Keir Fraser, Safe Hardware Access with the Xen Virtual Machine Monitor ,(2007)
Alan L. Cox, Aravind Menon, Willy Zwaenepoel, Optimizing network virtualization in Xen usenix annual technical conference. pp. 2- 2 ,(2006)
Jeremy Sugerman, Beng-Hong Lim, Ganesh Venkitachalam, Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor usenix annual technical conference. pp. 1- 14 ,(2001)
Mendel Rosenblum, Scott W. Devine, Edouard Bugnion, Virtualization system including a virtual machine monitor for a computer with a segmented architecture ,(1998)
William J Armstrong, Richard L Arndt, David C Boutcher, Robert G Kovacs, David Larson, Kyle A Lucke, Naresh Nayar, RW Swanberg, None, Advanced virtualization capabilities of POWER5 systems Ibm Journal of Research and Development. ,vol. 49, pp. 523- 532 ,(2005) , 10.1147/RD.494.0523
Andrew Whitaker, Marianne Shaw, Steven D. Gribble, Scale and performance in the Denali isolation kernel ACM SIGOPS Operating Systems Review. ,vol. 36, pp. 195- 209 ,(2002) , 10.1145/844128.844147
Himanshu Raj, Karsten Schwan, High performance and scalable I/O virtualization via self-virtualized devices high performance distributed computing. pp. 179- 188 ,(2007) , 10.1145/1272366.1272390
J. Jann, L. M. Browning, R. S. Burugula, Dynamic reconfiguration: Basic building blocks for autonomic computing on IBM pSeries servers Ibm Systems Journal. ,vol. 42, pp. 29- 37 ,(2003) , 10.1147/SJ.421.0029
Hyong-youb Kim, Vijay S. Pai, Scott Rixner, Increasing web server throughput with network interface data caching Tenth international conference on architectural support for programming languages and operating systems on Proceedings of the 10th international conference on architectural support for programming languages and operating systems (ASPLOS-X) - ASPLOS '02. ,vol. 37, pp. 239- 250 ,(2002) , 10.1145/605397.605423
Keith Adams, Ole Agesen, A comparison of software and hardware techniques for x86 virtualization Proceedings of the 12th international conference on Architectural support for programming languages and operating systems - ASPLOS-XII. ,vol. 34, pp. 2- 13 ,(2006) , 10.1145/1168857.1168860