Hi folks:

In a two-stage translation scheme, the first stage should be hidden inside the VM driver. For example, the emulated hardware of the VM needs to use Stage 1 to map GVA (or GIOVA) to GPA, while Stage 2 should be handled by the hypervisor. I understand this principle.

However, in the current Intel IOMMU implementation of two-stage translation, it seems that both Stage 2 and Stage 1 require directly invoking driver interfaces in the host hypervisor. This approach exposes the VM’s internal Stage 1 mapping requirements to the hypervisor, which creates a contradiction.

How should QEMU and Linux implement this properly?

Best wishes to you!

zlcao.