I did some research and from what I can tell the main feature that VT-d provides is PCI passthrough.
An input/output memory management unit (IOMMU) allows guest virtual machines to directly use peripheral devices, such as Ethernet, accelerated graphics cards, and hard-drive controllers, through DMA and interrupt remapping. This is sometimes called PCI passthrough.
The next paragraph from the same article:
An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to communicate with peripheral devices whose memory address spaces are smaller than the operating system's memory address space, by using memory address translation. At the same time, an IOMMU also allows operating systems and hypervisors to prevent buggy or malicious hardware from compromising memory security.
I'm don't fully understand the implications of the above paragraph.
Questions
Assuming I'm using a hypervisor that can make use of all VT-d features:
If I'm not making use of PCI passthrough, will enabling VT-d improve guest performance?
Will I gain any security benefits by simply enabling VT-d without any additional configuration of the host OS/hypervisor/VMs?
Is there any reason not to enable VT-d if I'm not making any use of its features? For example does enabling VT-d have the potential to slow down the host?
Any other information would also be appreciated.
