Brussels / 2 & 3 February 2019


Virtual IOMMU Implementation using HW Nested Paging

Direct device assignment allows a virtual machine to directly interact with a host device. The device DMA registers are programmed by the guest with guest physical addresses (GPAs) and the virtualizer uses a physical IOMMU to map the GPAs to the actual host physical addresses (HPAs) backing the virtual machine RAM space. The physical IOMMU guarantees the DMA transfers initiated by the guest are properly translated and isolated.

When a virtual IOMMU is exposed to a guest, the physical IOMMU needs to be programmed with the combination of two mappings: the IOVA/GPA mapping programmed by the guest OS and the former GPA/HPA mapping programmed by the hypervisor.

Some IOMMU architectures implement nested paging, including the ARM SMMUv3. This talk aims to describe the work recently done to set up the two translation stages at the Linux and QEMU levels. This integration allows a guest exposed with a virtual SMMUv3 to get the full benefit of the underlying physical SMMUv3, avoiding the need to implement shadow page tables.

The principles of the integration will be explained and the APIs will be covered. IOMMU nested paging will be compared with the existing virtual Intel IOMMU integration relying on shadow page tables. Remaining challenges will be presented.


Photo of Eric Auger Eric Auger