It looks like Linux already has this functionality: http://lxr.free-electrons.com/source/Documentation/Intel-IOMMU.txt
I recompiled my kernel with support and I now see some rather reassuring messages in dmesg about an IOMMU being used for various devices. It is not clear to me that Linux distributions ship with this enabled, although that is a concern for ZFSOnLinux and various Linux distributions. I will patch Gentoo's genkernel software to add support for this functionality by default. This is still of interest to other Open ZFS platforms. I know for a fact that Mac OS X is not capable of using an IOMMU, but I am not certain about Illumos and FreeBSD. On 11/12/2013 10:39 AM, Richard Yao wrote: > It dawned on me yesterday that the microcontrollers used by DMA-capable > devices lack ECC protection, such that the addresses on which they > perform DMA are operations vulnerable to bit flips. > > One prominent example of DMA-capable hardware that lacks ECC is the > Intel 82574L, which is used in super motherboards from Supermicro, > Apple's Mac Pro workstations and other high-end systems. > > http://www.servethehome.com/intel-ethernet-controller-buffer-ecc-comparison/ > > I am not currently able to detect this phenomena, but there is some > evidence to suggest that it happens. In particular, a recent talk by > Robert Stucke at DefCon demonstrated evidence of bit flips on Google's > servers, which presumably have ECC memory protection. > > http://www.youtube.com/watch?v=ZPbyDSvGasw&t=10m20s > > Checksum offload to NICs that lacked ECC protection can permit bit flips > to alter DNS queries in the manner that Robert described. Knowing that > commonly used NICs have no form of ECC protection, I see no reason why > these bit flips cannot affect the addresses used in DMA operations. I > also see no reason why this is restricted to NICs. The consequence is > that ZFS ARC buffers and other data structures are vulnerable to memory > corruption caused by bit flips on various DMA-capable devices in the > addresses that they use for DMA operations. > > Operating system kernels should be able to protect against DMA > operations to incorrect addresses using the IO-MMU (called VT-d > extensions by Intel) on recent hardware. However, I have yet to hear of > any that take advantage of it. > > Has anyone else given any thought to this or know of any thing done > about it? > > > > _______________________________________________ > developer mailing list > [email protected] > http://lists.open-zfs.org/mailman/listinfo/developer >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ developer mailing list [email protected] http://lists.open-zfs.org/mailman/listinfo/developer
