Jenn
@zolutal.bsky.social
PhD Student at ASU | blog.zolutal.io
Captain of Shellphish | shellphish.net
she/her
Captain of Shellphish | shellphish.net
she/her
Reposted by Jenn
that my normal guest page-walking code for converting an L1 virtual address to an L1 physical address was able to be entirely reused to do an L2 physical address to L1 physical address walk by just using the L1 EPTP in place of the L1 cr3 was pretty neat
October 3, 2025 at 7:24 PM
that my normal guest page-walking code for converting an L1 virtual address to an L1 physical address was able to be entirely reused to do an L2 physical address to L1 physical address walk by just using the L1 EPTP in place of the L1 cr3 was pretty neat
it was actually surprisingly easy to implement, except that I for some reason was treating the result of the nested page walk as an L1 physical address instead of an L2 physical address, just needed one more page walk to finish it off
October 3, 2025 at 7:24 PM
it was actually surprisingly easy to implement, except that I for some reason was treating the result of the nested page walk as an L1 physical address instead of an L2 physical address, just needed one more page walk to finish it off
We brought the FineIBT bypass to the linux-hardening mailing list a few months ago and it has since been addressed by introducing a new paranoid FineIBT mode that adds caller-side checks.
The LWN article that got written about it does a good job describing the issue and fix: lwn.net/Articles/101...
The LWN article that got written about it does a good job describing the issue and fix: lwn.net/Articles/101...
A hole in FineIBT protection
Intel's indirect branch tracking (IBT) is a hardware-implemented control-flow-integrity mechani [...]
lwn.net
May 5, 2025 at 10:03 PM
We brought the FineIBT bypass to the linux-hardening mailing list a few months ago and it has since been addressed by introducing a new paranoid FineIBT mode that adds caller-side checks.
The LWN article that got written about it does a good job describing the issue and fix: lwn.net/Articles/101...
The LWN article that got written about it does a good job describing the issue and fix: lwn.net/Articles/101...