Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp511298rdh; Wed, 14 Feb 2024 03:52:40 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV3eig2lQCp44JEbu/eqcPERDSkNPiqTnUQSAjVfIb/L+L9rIoljJPPRIbnBFY0kkjzYYGsHdtsVooAcesjYG3SiJ7MGCatpOADA2D3mA== X-Google-Smtp-Source: AGHT+IEBsBiKh/aiWuHXnWAtBH4lu6ojGmFuDaTS/nFsmfe0DZCG7fXvqQt6IzTx0+JBKy4HeyRB X-Received: by 2002:a05:6830:c7:b0:6e2:e324:ebe2 with SMTP id x7-20020a05683000c700b006e2e324ebe2mr2610570oto.25.1707911560666; Wed, 14 Feb 2024 03:52:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707911560; cv=pass; d=google.com; s=arc-20160816; b=WsTKFXmUNCcfqel/ve+wMq83kwwmW/ZwT54Xo8jmexnmurgxQP9fCzHlRXdJzgeNWM hD4B4oYBo+H37wrhGMhodiba3l+rPH1eTnTkiNrtBejVvZzlakIQtg4Fn3x2zBaMa1sR 5J2JZ7ruCiVAw7HoUaJVRBqn2OTuL3s48IbErQxyJBVcH1Ih7gTVNqVDrVVMEEmGPiRh /p4YKvaL0l5rXI+U4YZ6ApAq56DEyzg08njUxuEBHs2g2O7e8oXDXoTmH7bnLEKh3ef3 BJ9cD9HRuT/awIUfhfIbP6m9TxKGl3h8yPgH5kqAHD1SsLEjOK3vVckfi1KzGMHAK3zJ UvQg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=DhTYfT5+xxeQJ9T/Yi4VaEoUm8Xi8iZjJ1T6RTkgq08=; fh=tqVrOLbZ3qtIH9M9IYiCmejswpbo4yugEHyXtTNQD9g=; b=YjslwU0uHO0kjKI98KW6BlAFBmMSF62gX5brrq1PcZhC13zKGCzfIqwOk3gk9Yj484 8DVedFGQcc5p3ZWVwPlsf1/ottlVnuBYkYkSouknG2d7oS3VWuuZcwnPVPt2Tw16J7fy G4Y4LYAr5suf3PvOcrINQBRc4K6Dn1ZVNxrDbdh8tSaDjh7RQ9QFCFPGV++qQYltVziS kbplmdIm5Li1gwKe/bLYTRrJoFv1Vr/FrsmCltnEnNxVt1kWxZk6JHj2SU3rmQQQwtXL TLpTzXm6X/ZZycz1/XGEoymhZ9cHjZsMBY97QiawWtX8vx38e92A3eKetl5WwVlLXPST HX2w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org" X-Forwarded-Encrypted: i=2; AJvYcCVai5mYPeAzbSZDoYa9acbi1dFMbqkG17WsHbbldtwC59hIObLwvWYwtY21hszdyNN13B3XUXpuBzTUa6Ii9dTQJGIFWfjgkfw0LmJrvw== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id c30-20020a63725e000000b005dc556b1defsi3585329pgn.485.2024.02.14.03.52.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 03:52:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65129-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id CC81BB28EED for ; Wed, 14 Feb 2024 11:31:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 378D2199C2; Wed, 14 Feb 2024 11:31:46 +0000 (UTC) Received: from frasgout12.his.huawei.com (frasgout12.his.huawei.com [14.137.139.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E06321946C; Wed, 14 Feb 2024 11:31:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=14.137.139.154 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707910305; cv=none; b=kWrYOudJah+6voVZ71qyBxhydtCcXtrjrUYXNjYKcxH0toQb3miES3Meh6TjgnNQ3Z/qWwnI6bHIi02u3Ylu/oVt23w8Lr1ct6j38cF13WWMH+LE5KUXn6DyjSAyBzP7R+LxKDAX2furPP/IJrWqNMp5uKTH2t6rkQPm5dIE2XE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707910305; c=relaxed/simple; bh=aA0v41Fy4FPPkbpbsVHTm7iflrURNRSRGkKW/fkpDsU=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=r5zeh584L5auL48DHZiKzqNIBD0Z6haQ5VabSLvKzbQP8sHwQkNhEC5uWo1f2tVlkPHkeqDT+kGiehBwtMgVPY6PWvgFu5AJSOjlWmp50ZAVltvwbclpLLAM76NIyGEbrFlETsxJMR8DWwV9UbeiWMOZNeYAYToG3J2QzUT5eSE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=14.137.139.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.29]) by frasgout12.his.huawei.com (SkyGuard) with ESMTP id 4TZbBf69lYz9y61k; Wed, 14 Feb 2024 19:12:26 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.47]) by mail.maildlp.com (Postfix) with ESMTP id DA080140732; Wed, 14 Feb 2024 19:31:23 +0800 (CST) Received: from huaweicloud.com (unknown [10.45.156.69]) by APP1 (Coremail) with SMTP id LxC2BwAn0Rl8pMxlwo99Ag--.51308S2; Wed, 14 Feb 2024 12:31:23 +0100 (CET) From: Petr Tesarik To: Jonathan Corbet , David Kaplan , Larry Dewey , Elena Reshetova , Carlos Bilbao , "Masami Hiramatsu (Google)" , Andrew Morton , Randy Dunlap , Petr Mladek , "Paul E. McKenney" , Eric DeVolder , =?UTF-8?q?Marc=20Aur=C3=A8le=20La=20France?= , "Gustavo A. R. Silva" , Nhat Pham , Greg Kroah-Hartman , "Christian Brauner (Microsoft)" , Douglas Anderson , Luis Chamberlain , Guenter Roeck , Mike Christie , Kent Overstreet , Maninder Singh , linux-doc@vger.kernel.org (open list:DOCUMENTATION), linux-kernel@vger.kernel.org (open list) Cc: Roberto Sassu , petr@tesarici.cz, Petr Tesarik Subject: [PATCH v1 0/5] Introduce SandBox Mode (SBM) Date: Wed, 14 Feb 2024 12:30:30 +0100 Message-Id: <20240214113035.2117-1-petrtesarik@huaweicloud.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:LxC2BwAn0Rl8pMxlwo99Ag--.51308S2 X-Coremail-Antispam: 1UD129KBjvJXoW7Kw1DWF17ZF47Gry8XF1kXwb_yoW8Wr4Dp3 Z3tF1Fg3Z8tFy2y3yfJ3WrCa4Sy3yxCr43GFnrXryYyFyavr1kAFnaqr12qFyrurWxKayY qw1Fkr18Kw1UJwUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9214x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26r1j6r1xM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j 6F4UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v26r4j6r 4UJwAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628v n2kIc2xKxwCY1x0264kExVAvwVAq07x20xyl42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x 0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2 zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF 4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWrZr1j 6s0DMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYx BIdaVFxhVjvjDU0xZFpf9x0JU7CzZUUUUU= X-CM-SenderInfo: hshw23xhvd2x3n6k3tpzhluzxrxghudrp/ From: Petr Tesarik The ultimate goal of SandBox Mode is to execute native kernel code in an environment which permits memory access only to predefined addresses, so potential vulnerabilities cannot be exploited or will have no impact on the rest of the kernel. This patch series adds the API and arch-independent infrastructure of SandBox Mode to the kernel. It runs the target function on a vmalloc()'ed copy of all input and output data. This alone prevents some out-of-bounds accesses thanks to guard pages. Patch 4/5 adds KUnit tests. It is also a good starting point to understand how SandBox Mode is supposed to be used. Detailed description of SandBox Mode goals, usage and future plans can be found in patch 5/5 of this series and is not repeated in this cover letter. Petr Tesarik (5): sbm: SandBox Mode core data types and functions sbm: sandbox input and output buffers sbm: call helpers and thunks sbm: SandBox Mode KUnit test suite sbm: SandBox Mode documentation Documentation/security/index.rst | 1 + Documentation/security/sandbox-mode.rst | 180 ++++++ include/linux/sbm.h | 516 +++++++++++++++++ init/Kconfig | 2 + kernel/Kconfig.sbm | 43 ++ kernel/Makefile | 2 + kernel/sbm.c | 133 +++++ kernel/sbm_test.c | 735 ++++++++++++++++++++++++ 8 files changed, 1612 insertions(+) create mode 100644 Documentation/security/sandbox-mode.rst create mode 100644 include/linux/sbm.h create mode 100644 kernel/Kconfig.sbm create mode 100644 kernel/sbm.c create mode 100644 kernel/sbm_test.c -- 2.34.1