OSDev.org

The Place to Start for Operating System Developers
http://f.osdev.org/

IOMMU protection

http://f.osdev.org/viewtopic.php?t=25839

Page 1 of 1

IOMMU protection

Posted: Wed Sep 26, 2012 12:45 pm
by u9012063
Hi Folks,

I've been thinking about the coverage of physical address space in IOMMU. So IOMMU's DMAR (DMA remapping) table and INTR(Interrupt Remapping) provide each device their own address domain. But do these two cover all of the address in physical address space that a device can access?

For example, a malicious device could hit DMAR if it tries to write to RAM, and it hits the INTR if it tries to do interrupt. What if the device writes to addresses other than these two ranges? say it writes to physical address between 640K and 1M. Is IOMMU capable of detecting it or the memory controller will take care of this?

Thanks!
William Tu

Re: IOMMU protection

Posted: Wed Sep 26, 2012 2:05 pm
by Brendan
Hi,
u9012063 wrote:I've been thinking about the coverage of physical address space in IOMMU. So IOMMU's DMAR (DMA remapping) table and INTR(Interrupt Remapping) provide each device their own address domain. But do these two cover all of the address in physical address space that a device can access?
There's multiple ways of interpreting this question.. :)

a) A device can't access anything that isn't covered by the IOMMU, therefore the IOMMU covers everything a device can access.

b) The IOMMU's paging tables have a chipset defined physical address width that is as large as whatever the chipset supports (up to 52-bit physical addresses). Of course the device doesn't access physical addresses directly (the IOMMU translates the device's virtual addresses into physical addresses) so whether or not a device can access all physical addresses depends on how the IOMMU is configured.

c) The IOMMU's paging tables have a chipset defined "number of levels". This determines the virtual address width that the IOMMU can support. If a device tries to access something at a virtual address that is higher than the IOMMU supports, then the IOMMU generates an error. Basically, the IOMMU doesn't cover all virtual addresses that the device could generate.
u9012063 wrote:For example, a malicious device could hit DMAR if it tries to write to RAM, and it hits the INTR if it tries to do interrupt. What if the device writes to addresses other than these two ranges? say it writes to physical address between 640K and 1M. Is IOMMU capable of detecting it or the memory controller will take care of this?
As far as I can tell, if the IOMMU is enabled then everything is denied by default (e.g. unless the IOMMU is configured to allow an access the access is denied).

Note: I should point out that I haven't actually done anything with IOMMUs yet (I've only read Intel's spec briefly). I may be wrong, and to be honest I'm not even sure if you're talking about Intel's IOMMU or AMD's.


Cheers,

Brendan

Re: IOMMU protection

Posted: Sat Sep 29, 2012 1:16 pm
by u9012063
Thank you Brendan ~
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited