From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@web.de>
Subject: Re: KVM handling external interrupts
Date: Thu, 07 Jun 2012 13:10:32 +0200
Message-ID: <4FD08C28.9070600@web.de>
References: <CAB7xdi=b_2jK33bW=cMt_k4+ehwzzf6synHsXf+1gboXtvWVNQ@mail.gmail.com> <OF0A8D80DC.FDEDAC2E-ONC2257A16.002A8BD4-C2257A16.002B31FA@il.ibm.com> <4FD062BC.5090703@web.de> <4FD06E27.9020201@web.de> <OFAE83139A.8E1DE2DE-ONC2257A16.003ACA72-C2257A16.003B498D@il.ibm.com> <4FD087A7.8000508@web.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig3F72B3DBF3B24846B5867CA7"
Cc: Alex Landau <LALEX@il.ibm.com>,
	Dan Tsafrir <dan.tsafrir@gmail.com>,
	sheng qiu <herbert1984106@gmail.com>,
	kvm <kvm@vger.kernel.org>,
	Muli Ben-Yehuda <muli@cs.technion.ac.il>,
	Nadav Har'El <NYH@il.ibm.com>,
	Nadav Amit <nadav.amit@gmail.com>
To: Abel Gordon <ABELG@il.ibm.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mout.web.de ([212.227.17.11]:57381 "EHLO mout.web.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1760698Ab2FGLKh (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 7 Jun 2012 07:10:37 -0400
In-Reply-To: <4FD087A7.8000508@web.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3F72B3DBF3B24846B5867CA7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 2012-06-07 12:51, Jan Kiszka wrote:
> BTW, the shadow IDT has to be put in the guest address space, right? So=

> we need to make it read-only for the guest?

Just found your solution: Append to a PCI bar. That's nasty. Better
reserve some memory via e820. There is a paravirtual channel from QEMU
to the BIOS to communicate such reservations.

BTW, the IDTR holds a linear address, not a virtual one. Unless I
misremember, there is no need to map the IDT via the page table. The
processor will not consult it for reading its entries.

Also, you do not discuss making the shadow table read-only in the guest
address space. This should help enforcing some security properties, no?

Jan


--------------enig3F72B3DBF3B24846B5867CA7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/QjCgACgkQitSsb3rl5xSBNQCeIMi7iIVb32xDFKTDH8VjMM4N
+3IAn34WjxHGVCBQl5axj/euDKaY4niU
=qJo4
-----END PGP SIGNATURE-----

--------------enig3F72B3DBF3B24846B5867CA7--