MPIOV: Scaling hardware-based I/O virtualization for mixed-criticality embedded real-time systems using non transparent bridges to (Multi-Core) multi-processor systems

Safety-critical systems consolidating multiple functionalities of different criticality (so-called mixed-criticality systems) require separation between these functionalities to assure safety and security properties. Performance-hungry and safety-critical applications (like a radar processing system steering an autonomous flying aircraft) may demand an embedded high-performance computing cluster of more than one (multi-core) processor. This paper presents the Multi-Processor I/O Virtualization (MPIOV) concept to enable hardware-based Input/Output (I/O) virtualization or sharing with separation among multiple (multi-core) processors in (mixed-criticality) embedded real-time systems, which usually do not have means for separation like an Input/Output Memory Management Unit (IOMMU). The concept uses a Non-Transparent Bridge (NTB) to connect each processing host to the management host, while checking the target address and source / origin ID to decide whether or not to block a transaction. It is a standardized, portable and non-proprietary platform-independent spatial separation solution that does not require an IOMMU in the processor. Furthermore, the concept sketches an approach for PCI Express (PCIe)-based systems to enable sharing of up to 2048 (virtual) functions per endpoint, while still being compatible to the plain PCIe standard. A practical evaluation demonstrates that the impact to performance degradation (transfer time, transfer rate) is negligible (about 0.01%) compared to a system without separation.