Would anybody have a pointer to some documentation about how VTd memory mappings are used in current VMMs? It seems most examples imply that a VTd domain is started as each guest is started and remains basically static for the life of the guest. Thus, I/O devices won't have to deal with frequent VTd invalidations since the domains themselves remain fairly persistent.
However, one can imagine a system that seeks to really limit devices to the absolute minimum access rights. Such a system would frequently be updating permissions and revoking them in response to application behavior. This would lead to frequent VTd invalidations.Of course, any VTd caching I/O devices were trying to do would be fairly useless as they would have to flush all the time.While such a system seems like it would be fairly inefficient, it's not beyond the realm of possibility.
Does anybody know of a VMM that does this or of some published documentation that says VMMs really don't (or shouldn't) do this?