Hi All. I have been learning about a lot of inter-related things, kindly correct me if I am wrong anywhere. Till now, following have been broad observations : a) If we have IOMMU disabled on the host, things work fine in general on a guest. But we cannot a attach a pci-device (physically attached to host) to a guest. b) If we have IOMMU enabled on the host, we can attach a pci-device (physically attached to a host) to a guest. Going through the literature on the internet, it looks that we have two modes supported by KVM / QEMU : 1. Conventional shadow-mapping, which works in the most general case, for GVA => GPA => HVA => HPA translations. 2. EPT/NPT shadow-mapping, which works only if hardware-virtualization is supported. As usual, the main purpose is to setup GVA => GPA => HVA => HPA translations. In all the literature that mentioned the above modes, there were roles of software-assisted MMU page-tables (at host-OS / guest-OS / kvm / qemu). The only mention of the IOMMU was with regard to pci-devices, to maintain security and not letting guest-OSes create havoc on a pci-device. So, is the role of IOMMU to provide security/containership only? In other words, if security was not a concern, would it still have been possible to attach pci-devices on the guest-devices without needing to enable the iommu? Will be grateful to get pointers. Thanks and Regards, Ajay
