On 2012-06-07 14:25, Abel Gordon wrote: > Jan Kiszka <jan.kiszka@xxxxxx> wrote on 07/06/2012 15:11:24: > >>> Am I missing something ? In your case, I assume, [virtual = logical] > and >>> [linear = linear] >>> or you are using some different semantics ? >> No, you are right, the descriptor tables run through paging as well. > > Txs. Now that you understand your mistake, the discussion will be simpler. > > > But how do you ensure that the shadow IDT is mapped where you expect it? > > First, I assume, you will agree with us that using the e820 as you > suggested doesn't help because we need mapped memory. > > How ? As we described in the paper, we use the PCI BAR to obtain mapped > memory. > Where ? Doesn't matter. We know the GPA of the BAR and just do a reverse > translation to obtain the GVA. It remains a fragile approach: - host-side reverse translations may not return a stable result, thus may require to redo this step several times - the guest may decide to remove/disable the device you chose for appending the IDT - changing the real BAR size can confuse the guest, or it only maps what it requires of the real device That's why I consider it nasty. I'm wondering if redirecting (to different cores) or masking (at device/IOAPIC/LAPIC level) of non-guest interrupts and only relying on preemption timer/NMI isn't simpler. Then you wouldn't have to shadow the IDT. Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
