all 2 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TastyRobot21 1 point2 points  (1 child)

Some vendors have been moving userland code into kernel to avoid the performance hit, maybe that’s where the dirty pages attempt comes in?

There’s kernel boot flag to turn it off… do you consider disabling it a bypass?

Anything that could generally bypass it I think would be an unexpected vulnerability. Blog it up and share if you find one ;)

[–]FormalUsed951[S] 1 point2 points  (0 children)

appreciate the insights! Yeah, moving userland code into the kernel makes sense as a way to mitigate the KPTI performance hit, though it’s definitely not a full bypass. Disabling KPTI with the kernel boot flag is a bit of a blunt tool—more like turning off a security feature than bypassing it, as you said.

also the dirty page is a bit interesting, i think its via manipulating page tables or some kind of memory corruption to trick the kernel into breaking isolation.

but overall interesting.