On 2012-06-07 14:17, Abel Gordon wrote: > > > Jan Kiszka <jan.kiszka@xxxxxx> wrote on 07/06/2012 14:40:57: > >> But even if we consider the IDT unsafe, what does that IDT limiting buy >> us? > > The limit lets you force an exit (#GP exception) whenever the shadow IDT > is ok or not. In this case, you simple shadow the GUEST_IDTR register > and not a memory area > >> The guest can still mask interrupts above that limit via cli, no? >> So the only measures that save us from CPU hogging guests are the >> preemption timer and kicking via NMI. Or what am I missing? > > Nothing :) As we described in the paper, this is what we do to avoid > this situation. So the other measures are redundant, right? They only seem to complicate the approach without any gain, that is my point. Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
