1. Technical Field
The subject matter herein relates to computer systems and, more specifically, to reliable storage of input/output (I/O) data in a computer system.
2. Background Information
An input/output memory management unit (IOMMU) is a component of a computer system (i.e., host) that provides memory protection by controlling access to a memory of the system (i.e., host memory) by input/output (I/O) devices coupled to an I/O controller of the devices. Memory protection typically occurs during direct memory access (DMA) operations wherein I/O data is transferred between an I/O device and the system (host) memory by the I/O controller. Support of DMA operations by the I/O controller allows the controller to access the memory independently of a processor of the computer system, thereby accelerating I/O operations.
Typically, an I/O driver executing on the computer system may register buffers of the memory with the IOMMU prior to initiating an I/O operation for incoming I/O data from an I/O device. The incoming I/O data may be received at the I/O controller, which may then initiate the I/O operation to write the I/O data to the memory, e.g., via a DMA transaction, over an I/O bus (i.e., an interconnect fabric, such as PCIe) for storage in the registered buffers. The IOMMU may intercept the DMA transaction and perform a memory protection check on the I/O data to ensure that destination addresses of the buffers are valid and mapped to the registered memory for the I/O device. After the I/O operation (i.e., DMA transaction) completes, the I/O driver may unregister the memory.
However, there may be unexpected incoming I/O data received from the I/O device or in transit over the interconnect fabric within the DMA transaction that may not have been checked by the IOMMU. If the driver unregisters the memory buffers prior to the protection check for the unexpected I/O data, the IOMMU may determine that there is no valid destination addresses mapped to registered memory for the data. Accordingly, the IOMMU may issue a DMA remapping (DMAR) error. Alternatively, the memory buffers may have been reallocated, e.g., to another I/O device, and registered with the IOMMU, which may incorrectly copy the unexpected I/O data to those buffers, thereby causing data corruption. DMAR errors and data corruption are often manifested as race conditions, which have been previously addressed through handshaking message exchanges between, e.g., the I/O controller and the IOMMU to ensure that there is no storage of unexpected I/O data before unregistering the mapped memory. Yet, such message exchanges are generally inefficient and non-deterministic.