SgInt: Safeguarding Interrupts for Hardware-Based I/O Virtualization for Mixed-Criticality Embedded Real-Time Systems Using Non Transparent Bridges
Safety critical systems and in particular higher functional integrated systems like mixed-criticality systems in avionics require a safeguarding that functionalities cannot interfere with each other. A notably underestimated issue are I/O devices and their (message-signaled) interrupts. Message-signaled interrupts are the omnipresent type of interrupts in modern serial high-speed I/O subsystems. These interrupts can be considered as small DMA write packets. If there is no safeguarding for interrupts, an I/O device associated with a distinct functionality can trigger any interrupt or manipulate any control register like triggering reset of all processing cores to provoke a complete system failure. This is a particular issue for available embedded processor architectures, since they do not provide adequate means for interrupt separation like an IOMMU with a granularity sufficient for interrupts.
This paper presents the SgInt concept to enable the safeguarding of interrupts for hardware-based I/O virtualization for safety-critical and mixed-criticality embedded real-time systems using non-transparent bridges in single (multi-core) processor systems and multi (multi-core) processor systems. The advantage of this SgInt concept is that it is an general and reusable interrupt separation solution which is scalable from a single (multi-core) processor to a multi (multi-core) processor system and builds on available COTS chip solutions. It allows to upgrade spatial separation for interrupts to available processors having no means for interrupt separation. A practical evaluation shows that the SgInt concept provides the required spatial separation and even slightly outperforms state-of-the-art doorbell interrupt handling in transfer time and transfer rate (by about 0.04 %).
KeywordsVirtual Machine Transfer Time Spatial Separation Address Space Direct Memory Access
Unable to display preview. Download preview PDF.
- 1.Muench, D., Paulitsch, M., Herkersdorf, A.: Temporal separation for hardware-based I/O virtualization for mixed-criticality embedded real-time systems using PCIe SR-IOV. In: International Conference on Architecture of Computing Systems (ARCS) (2014)Google Scholar
- 2.Muench, D., Isfort, O., Mueller, K., Paulitsch, M., Herkersdorf, A.: Hardware-based I/O virtualization for mixed criticality real-time systems using PCIe SR-IOV. In: International Conference on Embedded Software and Systems (ICESS) (2013)Google Scholar
- 3.Pek, G., Lanzi, A., Srivastava, A., Balzarotti, D., Francillon, A., Neumann, C.: On the feasibility of software attacks on commodity virtual machine monitors via direct device assignment. In: ACM Symposium on Information, Computer and Communications Security (ASIA CCS) (2014)Google Scholar
- 4.Intel: Intel Virtualization Technology for Directed I/O (VT-d spec) (2011)Google Scholar
- 5.AMD: AMD I/O Virtualization Technology (IOMMU) Specification Rev2.0 (2011)Google Scholar
- 6.Muench, D.: IOMPU: Spatial Separation for Hardware-Based I/O Virtualization for Mixed-Criticality Embedded Real-Time Systems Using Non Transparent Bridges (TR-TX4-399). Technical report, Airbus Group (2014)Google Scholar
- 7.PCI-SIG: Single Root I/O Virtualization and Sharing Specification 1.1 (2010)Google Scholar
- 8.Regula, J.: Using Non-transparent Bridging in PCI Express Systems. Technical report, PLX (2004)Google Scholar
- 9.Tu, C.C., Lee, C.T., Chiueh, T.C.: Secure I/O device sharing among virtual machines on multiple hosts. In: International Symposium on Computer Architecture (ISCA) (2013)Google Scholar
- 10.Nguyen, T.L., Carbonari, S.R.: Message Signaled Interrupt Redirection Table (2004)Google Scholar
- 11.Hummel, M.D., Strongin, G.S., Alsup, M., Haertel, M., Lueck, A.W.: Address Translation for Input/Output (I/O) Devices and Interrupt Remapping for I/O devices in an I/O Memory Management Unit (IOMMU) (2006)Google Scholar
- 12.Serebrin, B.C., Wiederhirn, J.F., Cooper, E.M., Hummel, M.D.: Guest Interrupt Manager that Records Interrupts for Guests and Delivers Interrupts to Executing Guests (2009)Google Scholar
- 13.Muench, D., Paulitsch, M., Hanka, O., Herkersdorf, A.: MPIOV: scaling hardware-based I/O virtualization for mixed-criticality embedded real-time systems using non transparent bridges to (multi-core) multi-processor systems. In: Conference on Design, Automation and Test in Europe (DATE) (2015)Google Scholar
- 14.Muench, D., Paulitsch, M., Honold, M., Schlecker, W., Herkersdorf, A.: Iterative FPGA implementation easing safety certification for mixed-criticality embedded real-time systems. In: Euromicro Conference on Digital System Design (DSD) (2014)Google Scholar
- 15.Jean, X., Gatti, M., Berthon, G., Fumey, M.: MULCORS - Use of Multicore Processors in airborne systems. Technical report, EASA (2012)Google Scholar
- 16.Freescale: P4080 QorIQ Integrated Multicore Communication Processor Family Reference Manual (2011)Google Scholar
- 17.FAA: Position Paper Certification Authorities Software Team (CAST) CAST-32 Multi-core Processors (2014)Google Scholar