Resolving Performance Interference in SR-IOV Setups with PCIe Quality-of-Service Extensions

Abstract

PCI Express (PCIe) Single Root I/O Virtualization (SR-IOV) enables low latency and high performance virtualization of I/O devices. It has been embraced in cloud computing and is considered a promising foundation for sharing I/O in future multi-core embedded and mixed-criticality systems. Unfortunately, SR-IOV is vulnerable to Denial-of-Service (DoS) attacks, which cause performance interference. For cloud computing, an approach that mitigates ongoing attacks via software scheduling has been proposed. However, for embedded and mixed-criticality systems, solutions that go beyond mitigation are preferred. In this paper, we propose two integrated hardware architectures that completely prevent DoS attacks. As a foundation, we utilize optional Quality-of-Service (QoS) extensions from the PCIe specification. We determine which QoS extensions are needed, and show how virtualized multi-core CPUs need to implement and interface them (an aspect explicitly not covered in the PCIe specification) to enable DoS protection. The two proposed architectures are optimized for different goals, scheduling freedom or minimal hardware costs. As PCIe QoS is absent from current hardware, we evaluate our architectures with a QoS-enabled SystemC model of a real-world lab-setup. Results show that both architectures successfully prevent DoS attacks. To the best of our knowledge, we are the first to explore and evaluate feasibility of PCIe QoS for SR-IOV DoS prevention.