Jan Kiszka <jan.kiszka@xxxxxx> wrote on 07/06/2012 14:40:57: > But even if we consider the IDT unsafe, what does that IDT limiting buy > us? The limit lets you force an exit (#GP exception) whenever the shadow IDT is ok or not. In this case, you simple shadow the GUEST_IDTR register and not a memory area > The guest can still mask interrupts above that limit via cli, no? > So the only measures that save us from CPU hogging guests are the > preemption timer and kicking via NMI. Or what am I missing? Nothing :) As we described in the paper, this is what we do to avoid this situation. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
