@david_chisnall Ack everything re: the network slowing down.
>A malicious device can choose to use a different mapping.
Yes, but when the malicious devices tries to write/read into kernel mem using its own chosen device physical addresses, the IOMMU will recognize that the kernel said "no, I don't allow writes/reads through this address" and quash the write/read.
And how would the device be able to choose which host physical address it wants to (maliciously) read and write?