Hi Everyone, A recent email to the kernel mailing list by Konrad Wilk caught my interest, here''s the relevant extract: "First of Xen PCI frontend driver can be used by PV guests on hardware that with or without hardware IOMMU. Without an hardware IOMMU you have a potential security hole wherein a guest domain can use the hardware to map pages outside its memory range and slurp pages up. As such, this is more restricted to a Privileged PV domain, aka - device driver domain (similar to Qubes but a poor-man mechanism [1])." Am I right in thinking that this means hardware pass through to a PV guest is possible on a system without IOMMU? (Eg. Nvidia chipset Opteron). How dangerous is the "Potential Security Hole" for VMs controlled by the system admin? Thanks, Rob The SAQ Group Registered Office: 18 Chapel Street, Petersfield, Hampshire GU32 3DZ SAQ is the trading name of SEMTEC Limited. Registered in England & Wales Company Number: 06481952 http://www.saqnet.co.uk AS29219 SAQ Group Delivers high quality, honestly priced communication and I.T. services to UK Business. Broadband : Domains : Email : Hosting : CoLo : Servers : Racks : Transit : Backups : Managed Networks : Remote Support. ISPA Member _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users