# input–output memory management unit

> memory management unit that connects a direct-memory-access–capable I/O bus to the main memory

**Wikidata**: [Q469599](https://www.wikidata.org/wiki/Q469599)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/Input–output_memory_management_unit)  
**Source**: https://4ort.xyz/entity/inputoutput-memory-management-unit

## Summary
An input–output memory management unit (IOMMU) is a memory management unit that connects a direct-memory-access–capable I/O bus to the main memory. It primarily performs the translation of virtual memory addresses to physical addresses for I/O devices. The IOMMU provides memory protection and prevents DMA attacks.

## Key Facts
- IOMMU stands for Input/Output Memory Management Unit
- Also known as IO MMU
- Subclass of memory management unit
- Used for memory protection, system virtual machines, and DMA attack prevention
- Has a schematic diagram available at https://commons.wikimedia.org/wiki/Special:FilePath/MMU_and_IOMMU.svg
- Freebase ID: /m/0dd_t4
- Wikipedia title: Input–output memory management unit
- Stack Exchange tag: https://stackoverflow.com/tags/iommu
- Available in 9 Wikipedia languages: ca, cs, de, en, es, fi, it, ja, ko, nl
- Has 14 sitelinks on Wikidata

## FAQs
### Q: What is the main function of an IOMMU?
A: An IOMMU connects a direct-memory-access–capable I/O bus to main memory and translates virtual memory addresses to physical addresses for I/O devices.

### Q: How does an IOMMU improve system security?
A: An IOMMU provides memory protection and prevents DMA attacks by controlling and validating memory access requests from I/O devices.

### Q: What is the relationship between IOMMU and DMA?
A: An IOMMU is specifically designed to work with direct memory access (DMA) by managing memory access for DMA-capable I/O devices.

## Why It Matters
The IOMMU plays a crucial role in modern computing systems by providing a secure bridge between I/O devices and system memory. Without an IOMMU, I/O devices could potentially access any part of system memory, creating significant security vulnerabilities. The IOMMU enables virtualization by allowing multiple virtual machines to share physical hardware while maintaining memory isolation. It also facilitates advanced features like device pass-through in virtualized environments, where physical devices can be assigned directly to virtual machines while maintaining proper memory protection. The IOMMU's ability to prevent DMA attacks makes it an essential component in securing systems against sophisticated hardware-level threats.

## Notable For
- Provides memory protection for I/O devices
- Enables secure device pass-through in virtualized environments
- Prevents DMA attacks through address translation and validation
- Supports system virtual machines by maintaining memory isolation
- Has a dedicated schematic representation showing its relationship with MMUs

## Body
### Technical Architecture
The IOMMU operates as an intermediary between I/O buses and system memory, implementing address translation similar to how a CPU's memory management unit works for processor memory accesses. It maintains mapping tables that translate I/O device virtual addresses to physical memory addresses.

### Security Features
The IOMMU enforces memory protection by validating all memory access requests from I/O devices. It checks whether a device has permission to access specific memory regions and can block unauthorized access attempts, preventing potential DMA attacks where malicious hardware could read or write system memory.

### Virtualization Support
In virtualized environments, the IOMMU enables hardware-assisted virtualization by allowing virtual machines to directly access physical I/O devices while maintaining proper memory isolation between VMs. This is achieved through technologies like Intel's VT-d and AMD's AMD-Vi.

### Graphics Applications
A specialized form of IOMMU called the Graphics Address Remapping Table (GART) is used specifically for graphics processing, allowing GPUs to access system memory using virtual addresses.

### Hardware Support
Various hardware platforms support IOMMU functionality, with implementations available from major processor manufacturers. The technology is particularly important in server environments where virtualization and hardware security are critical requirements.

## References

1. Freebase Data Dumps. 2013