How to execute an object file: Part 4, AArch64 edition
November 17, 2023 2:00PM
The initial posts are dedicated to the x86 architecture. Since then, the fleet of our working machines has expanded to include a large and growing number of ARM CPUs. This time we’ll repeat this exercise for the aarch64 architecture....
Continue reading »
The Linux Crypto API for user applications
May 11, 2023 2:00PM
Linux
Kernel
If you run your software on Linux, the Linux Kernel itself can satisfy all your cryptographic needs! In this post we will explore Linux Crypto API for user applications and try to understand its pros and cons...
The quantum state of a TCP port
March 20, 2023 1:00PM
Kernel
Linux
Deep Dive
If I navigate to https://blog.cloudflare.com/, my browser will connect to a remote TCP address from the local IP address assigned to my machine, and a randomly chosen local TCP port. What happens if I then decide to head to another site?...
CVE-2022-47929: traffic control noqueue no problem?
January 31, 2023 2:00PM
Linux
Security
Vulnerabilities
CVE
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands....
A debugging story: corrupt packets in AF_XDP; a kernel bug or user error?
January 16, 2023 1:46PM
Deep Dive
Linux
A race condition in the virtual ethernet driver of the Linux kernel led to occasional packet content corruptions, which resulted in unwanted packet drops by one of our DDoS mitigation systems. This blogpost describes the thought process and technique we used to debug this complex issue....
November 28, 2022 2:57PM
The Linux Kernel Key Retention Service and why you should use it in your next application
Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....