One of our regular reader asks:
How do I turn on IOMMU (Linux kernel Calgary patch) DMA support under Linux?
Most modern Linux has support for IOMMU. An IOMMU is a device that will support mapping memory addresses. There is currently high-end branded server hardware that support this, but no desktop machines support IOMMU, AFAIK. An example IOMMU is the AGP and PCI Express graphics cards.
More about IOMMU
According to wikipedia:
The IOMMU or input/output memory management unit is a computer memory management unit (MMU) that connects a DMA-capable I/O bus to the primary storage memory. Like the CPU memory management unit, an IOMMU takes care of mapping virtual addresses (also called device addresses or I/O addresses) to physical addresses and some units guarantee memory protection from misbehaving devices.
The advantages of having an IOMMU, compared to direct physical addressing of the memory, include:
- Large regions of memory can be allocated without the need to be contiguous in physical memory – the IOMMU will take care of mapping contiguous virtual addresses to fragmented physical addresses. Thus, the use of vectored I/O (scatter-gather lists) can sometimes be avoided.
- Memory protection from malicious or misbehaving devices \u2013 a device cannot read or write to memory that hasn’t been explicitly allocated (mapped) for it.
- Virtualized guest operating systems can safely be granted direct access to hardware.
- In general, the IOMMU provides isolation (memory protection) and address translatio
Turn on IOMMU
In order to turn on IOMMU, you need to pass following parameter to boot kernel (assuming that support is compiled into running kernel – most modern Linux kernel / distro has support, for e.g. Fedora / CentOS / RHEL / Suse etc):
Open /etc/grub.conf or /boot/grub/menu.lst file
Append above string to kernel line:
kernel /boot/vmlinuz-2.6.17-10-generic root=UUID=317464f6-8be2-4f54-88e3-694dcc8cd3c4 ro quiet splash iommu=calgary
Save and close the file. Reboot the server.
A note about IOMMU support
Please note that you need hardware and software to support IOMMU. Above instructions will just turn on Linux kernel software support. Since current hardware support is limited to high-end expensive server most Linux distro does not enable calgary DMA address mapping with memory protection by default.
|Category||List of Unix and Linux commands|
|Firewall||Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|