IOMMU driver framework + architecture specific drivers (Intel/AMD)

Student: Not assigned yet
Owner: Erik van der Kouwe <vdkouwe@cs.vu.nl>
SVN branch name: N/A

Abstract

Protecting the operating system against direct memory access is important for reliability. This project involves adding such protection to the MINIX operating system using the IOMMU hardware recently added to x86 chipsets. It is suitable for students who are interested in and familiar with low-level system programming. This project provides valuable computer systems experience as well as ECTS points. It is most suitable as an IPA project but other arrangements can be discussed.

Project Description

Driver code makes up a large share of modern operating systems' code base. It is known that drivers are more likely to contain bugs than other operating system components, which means that isolating drivers from the remainder of the system is essential for reliability. In MINIX, drivers run as separate processes which cannot interact with hardware directly. Instead they issue kernel calls that perform sanity checks before performing any I/O. This allows MINIX to be more reliable than monolithic systems such as Linux, Windows and the *BSDs.

However, there is still a gaping hole in device driver isolation. For performance reasons some devices will write data to memory areas pointed to by the driver, a technique called Direct Memory Access (DMA). If a driver provides the device with an incorrect address, either erroneously or maliciously, it may cause important memory areas to be overwritten. This possibility is a substantial threat to reliability.

This project involves protecting the system against faulty DMA by using hardware that has recently been added to Intel and AMD chipsets. This new device is an IOMMU, called VT-d by Intel and AMD-Vi by AMD. Like the regular MMU internal to the CPU, it translates addresses used to access memory. It can remap a bus request from one address to another depending on the device it is coming from and can even block requests. This technique is currently used mostly for virtualization, allowing a virtual machine to access host hardware directly without posing a risk for other host software and virtual machines.

To complete this project, you will write MINIX drivers for programming the IOMMU and you will set up system infrastructure to allow drivers to request DMA mappings. You also modify drivers to use this infrastructure and provide additional security mechisms to restrict the DMA operations that drivers may request. It should go without saying that you will also provide documentation for this infrastructure, allowing future driver writers to incorporate your changes with ease.

The student doing this project should be interested in low-level systems programming. Good working knowledge of C is required and prior experience with assembly programming and device drivers is highly desirable.

You will get the opportunity to work with state-of-the-art hardware and build experience with low-level systems hacking. Such experience is valuable if you want to do research in computer systems or if you want to find a job in this area. Everything virtualization-related is currently very hot, both in academia and in business. Working with technical specifications and debugging low-level bugs are widely relevant skills. In addition, you may receive ECTS credit points depending on what kind of project this will be for you and whether this fits in your course program. We think this project would be most suitable as an IPA. However, if you want to do a BSc or MSc thesis with the MINIX team we are always open to discuss possibilities (in case of an MSc thesis this project would only be part of the total workload of course).

Resources

MinixWiki: StudentProjects/DependabilityInfrastructure/IOMMU (last edited 2010-08-31 12:10:05 by ErikVanDerKouwe)