1. IOMMU
Referrence
AMD's IOMMU and Intel's VT-d technology are required to pass through PCI devices (e.g., GPUs, NICs, etc.) on the host from virtual machines (VMs). IOMMU is Input/Output Memory Management Unit, and VT-d is Virtualization Technology for Directed I/O. Both are called different names depending on the company that created the product with hardware units that perform the same function.
1.1 MMU
When data is required from the CPU it requests data from the memory device. The problem is that the address of the data that the CPU has is the address on the virtual address. It is necessary to convert this to a physical address on an actual memory device, which is processed by the MMU.
MMU performs virtual-to-physical address translation through a data structure called Pagetable managed by the OS, but Pagetable is somewhat slow to convert because it is stored in a memory device. To address this, MMU has a fast auxiliary memory called Translation Lookasibe Buffer (TLB), which is used as cache to support fast address translation only for repeatedly referenced addresses. As shown in the figure, MMU is located in the CPU chip on the modern CPU structure.
For example, the reason why MMU is needed is as follows. To execute the multiple process, the CPU executes the command on the virtual address. For example, if program A and program B run simultaneously, both A and B may write data to address 0x100000 in memory at the same time. Fortunately, through MMU and virtual memory technology, the 0x100000 address that A and B point to at the same time is remapped to another address on the actual memory. Therefore, even if both program A and program B use the same memory address, there is no mishap of accessing the same address of the actual memory device.
1.2 IOMMU
The IOMMU is a memory management device (MMU) that connects a DMA-capable input/output bus and a main memory device. Just as MMU translates a virtual address visible to the CPU into a physical address, IOMMU translates a virtual address visible to the peripheral (device address, input/output address) into a physical address. The difference is the input of the device, and in the case of MMU, if the virtual address sent by the CPU was input, the IOMMU is the virtual address sent by PCI devices (to be precise, all devices capable of direct memory access input/output).
The PCI device may directly write or read data to or from the system memory device through direct memory access (DMA). To run DMA without IOMMU, the PCI device must know the information in the physical address space of the system memory device. In addition, as much continuous space must be empty to move as much data as desired. A malfunction of a peripheral device may invade a memory area used by another program.
IOMMU works like MMU and solves this problem. PCI devices operate using memory address space on virtual addresses, and when accessing actual system memory devices, they can be converted to physical address via IOMMU to access data. However, there is a disadvantage that the OS must maintain the page table for IO for address conversion, but this allows IO devices to access system memory safely and flexibly.
Furthermore, it allowed the virtual machine to access the IO device directly. In the case of a virtual machine operating on a virtualization solution, the operating system of the virtual machine does not know the actual physical address it is accessing. Therefore, it is not possible to direct the PCI device to DMA to a specific physical address directly without IOMMU. However, through IOMMU technology, even if the virtual machine's OS requests DMA to the virtual address from the PCI device, it is converted to the actual physical address through IOMMU and works normally.
Using this IOMMU technology, virtual machines can access PCI devices directly without the help of a hypervisor. This is called PCI Pass-through.
IOMMU Group
Hardware Considerations for Implementing SR-IOV
IOMMU groups are sets of devices that can be isolated from all other devices in the system. IOMMU groups represent the smallest sets of devices with both IOMMU granularity and isolation from all other IOMMU groups within the system. This allows the IOMMU to distinguish transactions to and from the IOMMU group while restricting direct memory access (DMA) between devices outside of the IOMMU group and the control of the IOMMU.
