protection strategies for direct access to virtualized i/o devices appeared in usenix 2008. 该文比较了五种策略的保护程度和性能开销，遗憾的地方就是该文没有指出五种策略的使用场合，大部分不适用于全虚拟化，而适用于协同虚拟化。 the comparison o
protection strategies for direct access to virtualized i/o devices
appeared in usenix 2008.
该文比较了五种策略的保护程度和性能开销，遗憾的地方就是该文没有指出五种策略的使用场合，大部分不适用于全虚拟化，而适用于协同虚拟化。
the comparison of these five strategiesyields several insights. first, all five strategies provide equivalent inter-guest（客户机之间） protection among osinstances. however, the strategies support differing levels of protection withina particular guest (intra-guest客户机内部protection). for example, the direct-map strategy incursalmost no performance overhead but supports no intra-guest protection. conversely,the single-use strategy provides the maximum possible intra-guest protection,but it imposes the largest performance penalty（the traditional single-use strategy provides inter-guest protectionat the greatest cost, consuming from 6–26% of the cpu）. second, there is significant opportunityto reuse iommu mappings, which can reduce protection overheads. multipleconcurrent i/o operations are able to share the same mappings often enough thatthere is a noticeable decrease in the overhead of providing protection. sharingmappings only among concurrent i/o operations provides the same level ofintra-guest protection as the single-use strategy but with less overhead.relaxing this intra-guest protection guarantee by allowing mappings to persistso that they can be reused in future i/o operations can significantly decreasethis overhead, allowing the guest to achieve performance levels very close tothat of the direct-map strategy while still maintaining some amount ofintraguest protection. finally, the software-based protection strategy performscompetitively with several of the better-performing iommu-based strategieswhile maintaining strong inter-guest protection guarantees and enabling
intra-guest protection capabilities.
五种策略
single-use mappings：每一次使用之前才映射，使用完毕解除映射
shared mappings：the shared-mapping strategy detectswhen a valid iommu mapping to a memory page already exists and reuses thatmapping rather than generating a new one. in practical terms, this sharing canhappen when an application repeats the same i/o message or when an application sendsor receives small i/o messages that reside in the same memory page.
persistent mappings：iommu mappings can further bereused by allowing them to persist even after all i/o transactions using the mappinghave completed. 即一次使用后就一直保留，不解除映射。
direct mappings：to allow maximum reuse of iommumappings and to further reduce runtime overhead, it is possible to permanently mapthe entire physical address space of the guest operating system.
软件方案（很明显不支持完全虚拟化，而且要求vmm知道硬件细节）：见willmann,p., shafer,  concurrent direct network accessfor virtual machine monitors. in proceedings of the 13th internationalsymposium on high performance computer architecture (feb. 2007).
三种i/o访问错误
three potential memory access violationscan occur on every i/o transfer initiated using this dma architecture:
1. the device driver could create a dmadescriptor with an incorrect address (a “bad-address” fault).
2. the operating system could repurpose thememory referenced by a dma descriptor, or the device driver could later reuse avalid dma descriptor without permission (an “invalid-use” fault).
3. the device itself could initiate a dmatransfer to a memory address not referenced by the dma descriptor (a“bad-device” fault). the last type of violation is only likely to occur as aresult of a device failure.
关于intra－guest的解释：其他四种方式都要在使用之前先映射（os会检查），所以能避免badaddress。但是建立映射之后，oncethe first request to create the iommu mapping has happened, however, none ofthe iommu-based strategies can prevent a driver from invalidly reusing thatsame mapping for a subsequent i/o transaction. in these strategies, the driveris responsible for informing the os when it is done with an iommu mapping. evenif the os was modified to automatically revoke an iommu mapping when itdetected the completion of a corresponding i/o event, the driver could stillinvalidly reuse a mapping after the original i/o event finished, but before theos could intervene to terminate the iommu mapping.
iommu的性能开销
platform                i/o pt update  iotlb update  update & flush
ibm calgary iommu          673         10207          10887
intel vt-d iommu            991          1217           2213
amd gart                  27          486             579
table 2: microbenchmarks examining costs associated with moderntranslation hardware, in processor cycles.