Re: KVM handling external interrupts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2012-06-07 11:55, Abel Gordon wrote:
> Security holes: not if you are OK with the threat model we describe in the
> paper

Back to this: I don't get your threat model completely. How should the
guest be able to manipulate the shadow IDT if we a) mark it read-only in
the host's page table that maps the guest physical memory and b) prevent
via the IOMMU that any assigned devices can address this page via DMA?

But even if we consider the IDT unsafe, what does that IDT limiting buy
us? The guest can still mask interrupts above that limit via cli, no?
Also, unless I misunderstood your suggestions, I wouldn't try to run
normal interrupt handlers in NMI context. That's asking for lots of
troubles or lots of code changes.

So the only measures that save us from CPU hogging guests are the
preemption timer and kicking via NMI. Or what am I missing?

Jan

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux