On 2012-06-07 12:51, Jan Kiszka wrote: > BTW, the shadow IDT has to be put in the guest address space, right? So > we need to make it read-only for the guest? Just found your solution: Append to a PCI bar. That's nasty. Better reserve some memory via e820. There is a paravirtual channel from QEMU to the BIOS to communicate such reservations. BTW, the IDTR holds a linear address, not a virtual one. Unless I misremember, there is no need to map the IDT via the page table. The processor will not consult it for reading its entries. Also, you do not discuss making the shadow table read-only in the guest address space. This should help enforcing some security properties, no? Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
