Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1-15 & 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 15, & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kegel et al. [hereinafter Kegel] PG Pub US 2011/0022818 A1 in view of Aggarwal et al. [hereinafter Aggarwal] PG Pub US 2019/0108106 A1.

Regarding claims 1 & 20, Kegel discloses:
a plurality of physical input/output (I/O) devices (I/O devices 22A-22D Figure 1); 
a processor to create one or more virtual machines (VMs) to which to assign one or more virtual I/O devices to be abstracted from the plurality of physical I/O devices (a virtual machine monitor (VMM) that manages the virtual machines (scheduling their execution on the underlying hardware), controls access to various system resources, etc. It is noted that VMMs are also sometimes referred to as hypervisors. In the illustrated embodiment, processor(s) 12 is executing software in a virtualized environment. Accordingly, three virtual machines 100A, 100B, and 100C (e.g., VM guest 1-3) and a VMM 106 are shown [0019]); 
an I/O memory management unit (IOMMU) to perform address translation to support virtualization of the plurality of I/O devices according to a plurality of translation techniques (when the I/O device 22 requests a memory access, the guest addresses may be translated by the IOMMU 26 to corresponding system physical addresses (SPA) to access the memory [0022]), the IOMMU including: first circuitry to use at least an identifier of a device to locate a context entry (the device table may include a plurality of entries indexed by the device ID [0026]), the context entry to include at least one of a page-table pointer to a page-table translation structure (each entry may include a pointer to a set of page tables used by the device having the corresponding device ID [0026)] and a process address space identifier (PASID) (a process address space identifier (PASID) may be sent to the IOMMU 26 using a transaction layer protocol (TLP) prefix [0021]); and 
second circuitry to use at least the PASID to locate a PASID-entry, the PASID-entry to include at least one of a first-level page-table pointer to a first-level translation structure and a second-level page-table pointer to a second-level translation structure (the IOMMU 26 may perform one-level nested translations or two-level guest translations. That is to say, the IOMMU 26 may provide both GPA to SPA translations (one-level), and GVA to SPA translations (two-level) [0023]); 
wherein the PASID is to be supplied by the device (by definition an I/O device that issues a GVA indicates that by including a PASID prefix [0047]); and 
It is noted that Kegel failed to explicitly disclose:
wherein at least one of the apparatus, the context entry, and the PASID entry is to include one or more control fields to indicate whether the first-level page-table pointer or the second- level page-table pointer is to be used.
However, Aggarwal discloses:
wherein at least one of the apparatus, the context entry, and the PASID entry is to include one or more control fields to indicate which of the first-level page-table pointer and the second- level page-table pointer is to be used (A selected entry in scalable mode PSID table 728 points to first level page table structures 734 and to second level page table structures 736 [0116]).
The systems of Kegel and Aggarwal are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of “PASID.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the systems of Kegel and Aggarwal since this would allow the PASID table to point to which of the first-level page-table pointer and the second- level page-table pointer is to be used. This system would improve overhead performance [0003]. 

Regarding claim 2 the limitations of this claim have been noted in the rejection of claim 1. Kegel also discloses:
wherein the second-level translation structure of a PASID-entry is to be used to translate a guest physical address or an I/O virtual address to a host physical address for an address translation in which a PASID is provided (when the I/O device 22 requests a memory access, the guest addresses may be translated by the IOMMU 26 to corresponding system physical addresses (SPA) to access the memory [0022]).

Regarding claim 3 the limitations of this claim have been noted in the rejection of claim 1. Kegel also discloses:
wherein the control fields in the PASID-entry indicate whether a nested translation is to be performed using the first-level page-table pointer and one of the page-table pointer in the context entry and the second-level page-table pointer in the PASID entry (The guest translation valid (GV) bit determines whether two-level (i.e., nested and guest level) translation or one-level (e.g., host) translation will be performed [0055]).

Regarding claim 4 the limitations of this claim have been noted in the rejection of claim 2. Kegel also discloses:
wherein the PASID-entry is also to include an additional second-level pointer to a second-level translation table to be used to translate a guest I/O virtual address to a guest physical address for an address translation in which a PASID is provided (when a memory access request or a translation request including a GVA is received from an I/O device, the device table entry corresponding to the device ID of the request is accessed. More particularly, by definition an I/O device that issues a GVA indicates that by including a PASID prefix, and an I/O device that issues a GPA indicates that by omitting the PASID prefix. As described in greater detail below in conjunction with the description of FIG. 5, an SPA pointer (e.g., 301) to the base address of a GCR3 table 307 is used, and the PASID may be used to index into the GCR3 table 307 to distinguish between one or more processes running on a given device [0047]).

Regarding claim 5 the limitations of this claim have been noted in the rejection of claim 2. Kegel also discloses:
wherein the context entry is also to include an additional second-level pointer to a second-level translation table to be used to translate a guest I/O virtual address to a guest physical address for an address translation in which a PASID is not provided (when a memory access request or a translation request including a GVA is received from an I/O device, the device table entry corresponding to the device ID of the request is accessed. More particularly, by definition an I/O device that issues a GVA indicates that by including a PASID prefix, and an I/O device that issues a GPA indicates that by omitting the PASID prefix. As described in greater detail below in conjunction with the description of FIG. 5, an SPA pointer (e.g., 301) to the base address of a GCR3 table 307 is used, and the PASID may be used to index into the GCR3 table 307 to distinguish between one or more processes running on a given device [0047]).

Regarding claim 6 the limitations of this claim have been noted in the rejection of claim 1. Kegel also discloses:
wherein the PASID table (CR3 table) is one of a plurality of PASID tables (CR3 table is located on I/O Translation tables 36A & 36B), each of the plurality of PASID tables to be created by a virtual machine monitor (VMM) to support shared virtual memory (SVM) operations for a virtual function (VF) or a physical function (PF) ((when a memory access request or a translation request including a GVA is received from an I/O device, the device table entry corresponding to the device ID of the request is accessed. More particularly, by definition an I/O device that issues a GVA indicates that by including a PASID prefix, and an I/O device that issues a GPA indicates that by omitting the PASID prefix. As described in greater detail below in conjunction with the description of FIG. 5, an SPA pointer (e.g., 301) to the base address of a GCR3 table 307 is used, and the PASID may be used to index into the GCR3 table 307 to distinguish between one or more processes running on a given device [0047]) [0020]).

Regarding claim 7 the limitations of this claim have been noted in the rejection of claim 6. Kegel also discloses:
wherein the VMM is to maintain a single system-wide host PASID space (a virtual machine monitor (VMM) that manages the virtual machines (scheduling their execution on the underlying hardware), controls access to various system resources, [0019]).

Regarding claim 8 the limitations of this claim have been noted in the rejection of claim 7. Kegel also discloses:
wherein the context entry is associated with a VF or PF assigned to a virtual machine (VM) and the PASID table is associated with the VM (the I/O translation tables 36 may include a device table (shown in FIG. 3) that maps I/O devices to sets of page tables (e.g., by device identifiers). The device identifier (ID) may be defined in a variety of ways, and may be dependent on the peripheral interconnect to which the device is attached. For example, Peripheral Component Interconnect (PCI) devices may form a device ID from the bus number, device number and function number (BDF) [0026]).

Regarding claim 9 the limitations of this claim have been noted in the rejection of claim 7. Kegel also discloses:
wherein the context entry is associated with a plurality of assignable interfaces and VF or PF assigned to the VMM (the IOMMU 26 may include various features to simplify virtualization in the system 10. The description below will refer to a virtual machine monitor (VMM) that manages the virtual machines (scheduling their execution on the underlying hardware), controls access to various system resources, etc… In the illustrated embodiment, processor(s) 12 is executing software in a virtualized environment. Accordingly, three virtual machines 100A, 100B, and 100C (e.g., VM guest 1-3) and a VMM 106 are shown. [0019]) and the PASID table is the single system-wide host PASID table.

Regarding claim 15 the limitations of this claim have been noted in the rejection of claim 1. Kegel also discloses:
wherein the PASID, if not supplied by the device, is to be configured in the context entry for the IOMMU to use for address translation instead of the context entry's translation structures (when a memory access request or a translation request including a GVA is received from an I/O device, the device table entry corresponding to the device ID of the request is accessed. More particularly, by definition an I/O device that issues a GVA indicates that by including a PASID prefix, and an I/O device that issues a GPA indicates that by omitting the PASID prefix. As described in greater detail below in conjunction with the description of FIG. 5, an SPA pointer (e.g., 301) to the base address of a GCR3 table 307 is used, and the PASID may be used to index into the GCR3 table 307 to distinguish between one or more processes running on a given device [0047])

Claims 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Kegel in in view of Aggarwal, further in view of Hummel et al. [hereinafter Hummel] PG Pub US 2010/0011147 A1.

Regarding claim 10, the limitations of this claim have been noted in the rejection of claim 8, it is noted that neither Kegel nor Aggarwal explicitly disclose:
wherein the VMM is to expose a virtual I/O memory management unit (IOMMU) to the VM, the virtual IOMMU to allocate and manage its own guest PASID space.
However, Hummel discloses:
wherein the VMM is to expose a virtual I/O memory management unit (IOMMU) to the VM, the virtual IOMMU to allocate and manage its own guest PASID space (the guest OS manages mappings of virtual addresses to "guest physical" addresses (which are further mapped to physical addresses by the VMM 106). Accordingly, the guest OSs 104A-104B are shown as using the guest physical space between lines 108A-108B. The guest OSs 104A-140B manage the mappings from virtual addresses to physical addresses using the guest translation tables 110 [0057]).
The systems of Kegel and Hummel are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of “memory control.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the systems of Kegel and Hummel since this would enable the system of Kegel to allow the virtual IOMMU to allocate and manage its own guest PASID space. This system would improve system security [0006]. 

Regarding claim 11, the limitations of this claim have been noted in the rejection of claim 8, it is noted that neither Kegel nor Aggarwal explicitly disclose:
wherein the VMM is to expose a virtual I/O memory management unit (IOMMU) to the VM, the virtual IOMMU to use system-wide host PASIDs, provided by the VMM, from a host IOMMU driver.
However, Hummel discloses:
wherein the VMM is to expose a virtual I/O memory management unit (IOMMU) to the VM, the virtual IOMMU to use system-wide host PASIDs, provided by the VMM, from a host IOMMU driver (the guest OS manages mappings of virtual addresses to "guest physical" addresses (which are further mapped to physical addresses by the VMM 106). Accordingly, the guest OSs 104A-104B are shown as using the guest physical space between lines 108A-108B. The guest OSs 104A-140B manage the mappings from virtual addresses to physical addresses using the guest translation tables 110 [0057] Other embodiments may not share translation tables between the IOMMU 26 and the MMU 14 [0024]).
The systems of Kegel and Hummel are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of “memory control.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the systems of Kegel and Hummel since this would enable the system of Kegel to allow the virtual IOMMU to allocate and manage its own guest PASID space. This system would improve system security [0006]. 
Regarding claim 12 the limitations of this claim have been noted in the rejection of claim 10. Hummel also discloses:
wherein the VMM is also to shadow a guest PASID table for the VM in a physical PASID table (The memory management module may update the translation tables in memory to reflect the translations created by the memory management module and to delete translations for virtual pages that have been unmapped from the corresponding physical pages [0050]).

Regarding claim 13 the limitations of this claim have been noted in the rejection of claim 12. Hummel also discloses:
wherein the VMM is also to configure a host PASID corresponding to a guest PASID in a shadow PASID table to support SVM operations with enqueuing instructions (a translation from a virtual address to a physical address may be stored in one or more entries in one or more translation tables, and some of the entries may be shared with other translations [0027]).

Regarding claim 14 the limitations of this claim have been noted in the rejection of claim 11. Hummel also discloses:
wherein the VMM is also to allocate a private PASID table to the VM and to allocate and configure system-wide host PASIDs for the VM in the private PASID table to support SVM operations with and without enqueuing instructions (there may be a set of host translation tables 112 maintained by the VMM 106 to map the guest physical addresses to physical addresses. However, the host translation tables 112 may not be used by hardware and thus may have any desired construction and data structure. That is, the host translation tables 112 may be private to the VMM 106, and thus need not match the construction of other translation tables (which are generally dictated by the instruction set architecture and/or other architectural specifications such as the IOMMU architecture) [0058]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SEAN D ROSSITER whose telephone number is (571)270-3788. The examiner can normally be reached M-F 8AM-4PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jared Rutz can be reached on 571-272-5535. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SEAN D ROSSITER/Primary Examiner, Art Unit 2133