Thanks again Andrew, ...
My initial idea was to allocate a frame on kernel space and change the
update_va_mapping to "forcibly" write the desired MFN as the l1 page table
and return the va.
You can see what I did here:
On 20/04/2021 17:13, Charles Gonçalves wrote:
> Hello Guys,
>
> I'm trying to reproduce old exploit behaviors in a simplistic way:
> create an hypercall to write a buffer to a specific MFN.
>
> At first, I thought that updating an l1 page in a valid VA in guest
> kernel space would do the trick.
Hello Guys,
I'm trying to reproduce old exploit behaviors in a simplistic way: create
an hypercall to write a buffer to a specific MFN.
At first, I thought that updating an l1 page in a valid VA in guest kernel
space would do the trick.
But for addresses outside the Guest-defined use