Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp511298rdh;
        Wed, 14 Feb 2024 03:52:40 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCV3eig2lQCp44JEbu/eqcPERDSkNPiqTnUQSAjVfIb/L+L9rIoljJPPRIbnBFY0kkjzYYGsHdtsVooAcesjYG3SiJ7MGCatpOADA2D3mA==
X-Google-Smtp-Source: AGHT+IEBsBiKh/aiWuHXnWAtBH4lu6ojGmFuDaTS/nFsmfe0DZCG7fXvqQt6IzTx0+JBKy4HeyRB
X-Received: by 2002:a05:6830:c7:b0:6e2:e324:ebe2 with SMTP id x7-20020a05683000c700b006e2e324ebe2mr2610570oto.25.1707911560666;
        Wed, 14 Feb 2024 03:52:40 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707911560; cv=pass;
        d=google.com; s=arc-20160816;
        b=WsTKFXmUNCcfqel/ve+wMq83kwwmW/ZwT54Xo8jmexnmurgxQP9fCzHlRXdJzgeNWM
         hD4B4oYBo+H37wrhGMhodiba3l+rPH1eTnTkiNrtBejVvZzlakIQtg4Fn3x2zBaMa1sR
         5J2JZ7ruCiVAw7HoUaJVRBqn2OTuL3s48IbErQxyJBVcH1Ih7gTVNqVDrVVMEEmGPiRh
         /p4YKvaL0l5rXI+U4YZ6ApAq56DEyzg08njUxuEBHs2g2O7e8oXDXoTmH7bnLEKh3ef3
         BJ9cD9HRuT/awIUfhfIbP6m9TxKGl3h8yPgH5kqAHD1SsLEjOK3vVckfi1KzGMHAK3zJ
         UvQg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from;
        bh=DhTYfT5+xxeQJ9T/Yi4VaEoUm8Xi8iZjJ1T6RTkgq08=;
        fh=tqVrOLbZ3qtIH9M9IYiCmejswpbo4yugEHyXtTNQD9g=;
        b=YjslwU0uHO0kjKI98KW6BlAFBmMSF62gX5brrq1PcZhC13zKGCzfIqwOk3gk9Yj484
         8DVedFGQcc5p3ZWVwPlsf1/ottlVnuBYkYkSouknG2d7oS3VWuuZcwnPVPt2Tw16J7fy
         G4Y4LYAr5suf3PvOcrINQBRc4K6Dn1ZVNxrDbdh8tSaDjh7RQ9QFCFPGV++qQYltVziS
         kbplmdIm5Li1gwKe/bLYTRrJoFv1Vr/FrsmCltnEnNxVt1kWxZk6JHj2SU3rmQQQwtXL
         TLpTzXm6X/ZZycz1/XGEoymhZ9cHjZsMBY97QiawWtX8vx38e92A3eKetl5WwVlLXPST
         HX2w==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=huaweicloud.com);
       spf=pass (google.com: domain of linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org"
X-Forwarded-Encrypted: i=2; AJvYcCVai5mYPeAzbSZDoYa9acbi1dFMbqkG17WsHbbldtwC59hIObLwvWYwtY21hszdyNN13B3XUXpuBzTUa6Ii9dTQJGIFWfjgkfw0LmJrvw==
Return-Path: <linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id c30-20020a63725e000000b005dc556b1defsi3585329pgn.485.2024.02.14.03.52.40
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 14 Feb 2024 03:52:40 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=huaweicloud.com);
       spf=pass (google.com: domain of linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id CC81BB28EED
	for <linux.lists.archive@gmail.com>; Wed, 14 Feb 2024 11:31:55 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 378D2199C2;
	Wed, 14 Feb 2024 11:31:46 +0000 (UTC)
Received: from frasgout12.his.huawei.com (frasgout12.his.huawei.com [14.137.139.154])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E06321946C;
	Wed, 14 Feb 2024 11:31:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=14.137.139.154
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1707910305; cv=none; b=kWrYOudJah+6voVZ71qyBxhydtCcXtrjrUYXNjYKcxH0toQb3miES3Meh6TjgnNQ3Z/qWwnI6bHIi02u3Ylu/oVt23w8Lr1ct6j38cF13WWMH+LE5KUXn6DyjSAyBzP7R+LxKDAX2furPP/IJrWqNMp5uKTH2t6rkQPm5dIE2XE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1707910305; c=relaxed/simple;
	bh=aA0v41Fy4FPPkbpbsVHTm7iflrURNRSRGkKW/fkpDsU=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=r5zeh584L5auL48DHZiKzqNIBD0Z6haQ5VabSLvKzbQP8sHwQkNhEC5uWo1f2tVlkPHkeqDT+kGiehBwtMgVPY6PWvgFu5AJSOjlWmp50ZAVltvwbclpLLAM76NIyGEbrFlETsxJMR8DWwV9UbeiWMOZNeYAYToG3J2QzUT5eSE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=14.137.139.154
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com
Received: from mail.maildlp.com (unknown [172.18.186.29])
	by frasgout12.his.huawei.com (SkyGuard) with ESMTP id 4TZbBf69lYz9y61k;
	Wed, 14 Feb 2024 19:12:26 +0800 (CST)
Received: from mail02.huawei.com (unknown [7.182.16.47])
	by mail.maildlp.com (Postfix) with ESMTP id DA080140732;
	Wed, 14 Feb 2024 19:31:23 +0800 (CST)
Received: from huaweicloud.com (unknown [10.45.156.69])
	by APP1 (Coremail) with SMTP id LxC2BwAn0Rl8pMxlwo99Ag--.51308S2;
	Wed, 14 Feb 2024 12:31:23 +0100 (CET)
From: Petr Tesarik <petrtesarik@huaweicloud.com>
To: Jonathan Corbet <corbet@lwn.net>,
	David Kaplan <david.kaplan@amd.com>,
	Larry Dewey <larry.dewey@amd.com>,
	Elena Reshetova <elena.reshetova@intel.com>,
	Carlos Bilbao <carlos.bilbao@amd.com>,
	"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	Petr Mladek <pmladek@suse.com>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	Eric DeVolder <eric.devolder@oracle.com>,
	=?UTF-8?q?Marc=20Aur=C3=A8le=20La=20France?= <tsi@tuyoix.net>,
	"Gustavo A. R. Silva" <gustavoars@kernel.org>,
	Nhat Pham <nphamcs@gmail.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"Christian Brauner (Microsoft)" <brauner@kernel.org>,
	Douglas Anderson <dianders@chromium.org>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Guenter Roeck <groeck@chromium.org>,
	Mike Christie <michael.christie@oracle.com>,
	Kent Overstreet <kent.overstreet@linux.dev>,
	Maninder Singh <maninder1.s@samsung.com>,
	linux-doc@vger.kernel.org (open list:DOCUMENTATION),
	linux-kernel@vger.kernel.org (open list)
Cc: Roberto Sassu <roberto.sassu@huaweicloud.com>,
	petr@tesarici.cz,
	Petr Tesarik <petr.tesarik1@huawei-partners.com>
Subject: [PATCH v1 0/5] Introduce SandBox Mode (SBM)
Date: Wed, 14 Feb 2024 12:30:30 +0100
Message-Id: <20240214113035.2117-1-petrtesarik@huaweicloud.com>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID:LxC2BwAn0Rl8pMxlwo99Ag--.51308S2
X-Coremail-Antispam: 1UD129KBjvJXoW7Kw1DWF17ZF47Gry8XF1kXwb_yoW8Wr4Dp3
	Z3tF1Fg3Z8tFy2y3yfJ3WrCa4Sy3yxCr43GFnrXryYyFyavr1kAFnaqr12qFyrurWxKayY
	qw1Fkr18Kw1UJwUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDU0xBIdaVrnRJUUU9214x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0
	rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02
	1l84ACjcxK6xIIjxv20xvE14v26r1j6r1xM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j
	6F4UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v26r4j6r
	4UJwAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0
	I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r
	4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628v
	n2kIc2xKxwCY1x0264kExVAvwVAq07x20xyl42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x
	0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2
	zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF
	4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWrZr1j
	6s0DMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYx
	BIdaVFxhVjvjDU0xZFpf9x0JU7CzZUUUUU=
X-CM-SenderInfo: hshw23xhvd2x3n6k3tpzhluzxrxghudrp/

From: Petr Tesarik <petr.tesarik1@huawei-partners.com>

The ultimate goal of SandBox Mode is to execute native kernel code
in an environment which permits memory access only to predefined
addresses, so potential vulnerabilities cannot be exploited or will
have no impact on the rest of the kernel.

This patch series adds the API and arch-independent infrastructure
of SandBox Mode to the kernel. It runs the target function on a
vmalloc()'ed copy of all input and output data. This alone prevents
some out-of-bounds accesses thanks to guard pages.

Patch 4/5 adds KUnit tests. It is also a good starting point to
understand how SandBox Mode is supposed to be used.

Detailed description of SandBox Mode goals, usage and future plans
can be found in patch 5/5 of this series and is not repeated in
this cover letter.

Petr Tesarik (5):
  sbm: SandBox Mode core data types and functions
  sbm: sandbox input and output buffers
  sbm: call helpers and thunks
  sbm: SandBox Mode KUnit test suite
  sbm: SandBox Mode documentation

 Documentation/security/index.rst        |   1 +
 Documentation/security/sandbox-mode.rst | 180 ++++++
 include/linux/sbm.h                     | 516 +++++++++++++++++
 init/Kconfig                            |   2 +
 kernel/Kconfig.sbm                      |  43 ++
 kernel/Makefile                         |   2 +
 kernel/sbm.c                            | 133 +++++
 kernel/sbm_test.c                       | 735 ++++++++++++++++++++++++
 8 files changed, 1612 insertions(+)
 create mode 100644 Documentation/security/sandbox-mode.rst
 create mode 100644 include/linux/sbm.h
 create mode 100644 kernel/Kconfig.sbm
 create mode 100644 kernel/sbm.c
 create mode 100644 kernel/sbm_test.c

-- 
2.34.1