Description of problem: Libvirt and qemu have supported vIOMMU emulation for some time now. nova curretly does not expose the vIOMMU as a configurable paramter. using the q35 machine type and vIOMMU feature can enable better securty in the guest when using dpdk or pci device passsthough by allowing the viommu to work with the host iommu to restrict the the meory the passthough or dpdk device can acess in the guest. in some case this can also improve performance by reducing the cost of phyical page traslation. by enableing support for vIOMMU emultaiton in the guest this will also enable futrue work to allow nested sriov passhtough or other more advanced configurations that require a IOMMU to funciton correcly such as using vfio-pci in the guest. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
https://review.opendev.org/c/openstack/nova/+/844507/20
Tracked in https://issues.redhat.com/browse/OSPRH-69