linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Petr Tesarik <petrtesarik@huaweicloud.com>
To: "Jonathan Corbet" <corbet@lwn.net>,
	"David Kaplan" <david.kaplan@amd.com>,
	"Larry Dewey" <larry.dewey@amd.com>,
	"Elena Reshetova" <elena.reshetova@intel.com>,
	"Carlos Bilbao" <carlos.bilbao@amd.com>,
	"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Randy Dunlap" <rdunlap@infradead.org>,
	"Petr Mladek" <pmladek@suse.com>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	"Eric DeVolder" <eric.devolder@oracle.com>,
	"Marc Aurèle La France" <tsi@tuyoix.net>,
	"Gustavo A. R. Silva" <gustavoars@kernel.org>,
	"Nhat Pham" <nphamcs@gmail.com>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Christian Brauner (Microsoft)" <brauner@kernel.org>,
	"Douglas Anderson" <dianders@chromium.org>,
	"Luis Chamberlain" <mcgrof@kernel.org>,
	"Guenter Roeck" <groeck@chromium.org>,
	"Mike Christie" <michael.christie@oracle.com>,
	"Kent Overstreet" <kent.overstreet@linux.dev>,
	"Maninder Singh" <maninder1.s@samsung.com>,
	linux-doc@vger.kernel.org (open list:DOCUMENTATION),
	linux-kernel@vger.kernel.org (open list)
Cc: Roberto Sassu <roberto.sassu@huaweicloud.com>,
	petr@tesarici.cz,
	Petr Tesarik <petr.tesarik1@huawei-partners.com>
Subject: [PATCH v1 0/5] Introduce SandBox Mode (SBM)
Date: Wed, 14 Feb 2024 12:30:30 +0100	[thread overview]
Message-ID: <20240214113035.2117-1-petrtesarik@huaweicloud.com> (raw)

From: Petr Tesarik <petr.tesarik1@huawei-partners.com>

The ultimate goal of SandBox Mode is to execute native kernel code
in an environment which permits memory access only to predefined
addresses, so potential vulnerabilities cannot be exploited or will
have no impact on the rest of the kernel.

This patch series adds the API and arch-independent infrastructure
of SandBox Mode to the kernel. It runs the target function on a
vmalloc()'ed copy of all input and output data. This alone prevents
some out-of-bounds accesses thanks to guard pages.

Patch 4/5 adds KUnit tests. It is also a good starting point to
understand how SandBox Mode is supposed to be used.

Detailed description of SandBox Mode goals, usage and future plans
can be found in patch 5/5 of this series and is not repeated in
this cover letter.

Petr Tesarik (5):
  sbm: SandBox Mode core data types and functions
  sbm: sandbox input and output buffers
  sbm: call helpers and thunks
  sbm: SandBox Mode KUnit test suite
  sbm: SandBox Mode documentation

 Documentation/security/index.rst        |   1 +
 Documentation/security/sandbox-mode.rst | 180 ++++++
 include/linux/sbm.h                     | 516 +++++++++++++++++
 init/Kconfig                            |   2 +
 kernel/Kconfig.sbm                      |  43 ++
 kernel/Makefile                         |   2 +
 kernel/sbm.c                            | 133 +++++
 kernel/sbm_test.c                       | 735 ++++++++++++++++++++++++
 8 files changed, 1612 insertions(+)
 create mode 100644 Documentation/security/sandbox-mode.rst
 create mode 100644 include/linux/sbm.h
 create mode 100644 kernel/Kconfig.sbm
 create mode 100644 kernel/sbm.c
 create mode 100644 kernel/sbm_test.c

-- 
2.34.1


             reply	other threads:[~2024-02-14 11:31 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-14 11:30 Petr Tesarik [this message]
2024-02-14 11:30 ` [PATCH v1 1/5] sbm: SandBox Mode core data types and functions Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 2/5] sbm: sandbox input and output buffers Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 3/5] sbm: call helpers and thunks Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 4/5] sbm: SandBox Mode KUnit test suite Petr Tesarik
2024-02-15 19:14   ` kernel test robot
2024-02-16  1:53   ` kernel test robot
2024-02-14 11:30 ` [PATCH v1 5/5] sbm: SandBox Mode documentation Petr Tesarik
2024-02-14 13:30   ` Andrew Morton
2024-02-14 14:01     ` Greg Kroah-Hartman
2024-02-14 14:55       ` Petr Tesařík
2024-02-14 15:11         ` Greg Kroah-Hartman
2024-02-14 16:31           ` Petr Tesařík
2024-02-14 18:48             ` Greg Kroah-Hartman
2024-02-14 19:42               ` Petr Tesařík
2024-02-15  9:11                 ` Greg Kroah-Hartman
2024-02-15  9:45                   ` Petr Tesařík
2024-02-15 11:39                     ` Greg Kroah-Hartman
2024-02-14 18:54             ` Kent Overstreet
2024-02-14 20:09               ` Petr Tesařík
2024-02-14 20:19                 ` Kent Overstreet
2024-02-15  6:42                   ` Petr Tesařík
2024-02-15  8:52                   ` Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240214113035.2117-1-petrtesarik@huaweicloud.com \
    --to=petrtesarik@huaweicloud.com \
    --cc=akpm@linux-foundation.org \
    --cc=brauner@kernel.org \
    --cc=carlos.bilbao@amd.com \
    --cc=corbet@lwn.net \
    --cc=david.kaplan@amd.com \
    --cc=dianders@chromium.org \
    --cc=elena.reshetova@intel.com \
    --cc=eric.devolder@oracle.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=groeck@chromium.org \
    --cc=gustavoars@kernel.org \
    --cc=kent.overstreet@linux.dev \
    --cc=larry.dewey@amd.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maninder1.s@samsung.com \
    --cc=mcgrof@kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=michael.christie@oracle.com \
    --cc=nphamcs@gmail.com \
    --cc=paulmck@kernel.org \
    --cc=petr.tesarik1@huawei-partners.com \
    --cc=petr@tesarici.cz \
    --cc=pmladek@suse.com \
    --cc=rdunlap@infradead.org \
    --cc=roberto.sassu@huaweicloud.com \
    --cc=tsi@tuyoix.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).