[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Writing to arbritary cannonical addresses

  • To: xen-devel@xxxxxxxxxxxxx
  • From: Charles Gonçalves <charles.fg@xxxxxxxxx>
  • Date: Tue, 20 Apr 2021 17:13:01 +0100
  • Delivery-date: Tue, 20 Apr 2021 16:13:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hello Guys,

I'm trying to reproduce old exploit behaviors in a simplistic way:  create an hypercall to write a buffer to a specific MFN. 

At first, I thought that updating an l1 page in a valid VA in guest kernel space would do the trick. 
But for addresses outside the  Guest-defined use (0x0000000000000000 - 0x00007fffffffffff ) is a no go! 
I get a page fault with  'reserved bit in page table' warning message.

Now I'm trying to write to the address inside the hypervisor code, but not sure how to do it.  

Any comments or tips on this?


Atenciosamente,
Charles Ferreira Gonçalves


 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.