Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp573704rdh; Wed, 14 Feb 2024 05:44:07 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVhaf0iVaQxdVyj2eD//kWiErUGfQqbiE1Nnwl7GUQlPmdIS4rkhMCAdZl7mTRIkVUvM+4vTmeBlrBvb7DrVOkOc1HYBpVyM38Dcf2g+A== X-Google-Smtp-Source: AGHT+IFcC8Re3G5JMALF3/IAEWv1J3E1udMEHdeeR3rYj3DFP3ZPFJzhHr0EVNR2fGotoJfo+BXE X-Received: by 2002:a05:6a20:24a9:b0:1a0:5841:6740 with SMTP id m41-20020a056a2024a900b001a058416740mr2132883pzd.14.1707918247184; Wed, 14 Feb 2024 05:44:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707918247; cv=pass; d=google.com; s=arc-20160816; b=N/cdrkFzAyZY1qWV3cD6iosH7utxHd04loC5de1WgALrir4GoLtESa1G1iEGKHp5tC uYJfA4ozp0yN7Yz+CHhOM6syD1Tz+rf9SCYmGwL7nMdOXn1SrBVSjm+BFJbLCkx8A1CY GNjJ2arKnVnHHhuVMM5bwg/6vG/yeVZ608ZDfkYshRnpIsWd7TWs1VQns/eMwdWAMJ59 RdTfX/a1PTxNMMBTqBiSJF3fQyJei1REMD1wj+qsebqS//G92ZKtpYQbYfOSNXjAU7NW Tm/AEhZwLX7EHId804hM/UslMveVh4CHUlz5kyAAuBMniqny98XzupriqoXRnWIyXtQh 3FrA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=z7r73kqPkbb+wNcoUdIUzWjHv4Jw/BMXs5B9kv7i3Aw=; fh=D7P9GIb9RMqXrAr5oQon8esYUlhSnXcpBrWkfQFHOCI=; b=GpiFWekwwI+mDjWhnSLiEn9KVDzD9ZXsLj4qFYs/7do5+d4XB37jGnZTN+z7jF+AOF 8zlTaaiffKNVp6F0JDRz9Ksw3Zl3vVS9HuPgGhbGrEfL1UptRjqXGaOD7X+xD9wT5mxa 6ZqL4/GgDZNZNI2/jMep4r8XmM0GkA5/QYmxu2kp+ykdpf+Web2Rv1ME8q5mZAPegwDF IQBe6kWI9HgUffKcqd7H9NL3rPKfD4gXjxaWyG43B1lj49X3XhMhf05OCLXDThWWSbyA 2mEObqkJWzn57qumSvIvAoUzt58RFLZwh3f2Dfdr39ul2aSu0vvMCgGsq7mVNv1aDnA1 iiYA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=2Bwly8Af; arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-65279-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65279-linux.lists.archive=gmail.com@vger.kernel.org" X-Forwarded-Encrypted: i=2; AJvYcCWXZ8eZDOMRhj3+EtwmMru8egL51vt3SYEDLevjqASVR6Blq5rHzcTyk2LrkuK4yQB/7aZgwjRs9PWcuEk5u5tgDPFT2W24IUknW6qB8w== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id p20-20020a056a000b5400b006e0f046c994si3800548pfo.182.2024.02.14.05.44.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 05:44:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65279-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=2Bwly8Af; arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-65279-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65279-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 164EFB20FCD for ; Wed, 14 Feb 2024 13:31:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 88DB45475D; Wed, 14 Feb 2024 13:30:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="2Bwly8Af" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DC507499; Wed, 14 Feb 2024 13:30:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707917455; cv=none; b=GH2NiP6jcLjNtbCIXNdlpbCDCMVnP9wTq7cPHeZ7dCrkLrSzQiI3GP6Owdd6t3KqMirzcfjsPy+rCB8BoPISj1c1TZr+P+fMYOd3fDrJmVEbsJLeyD/rlk9JbRXmT51qVMEyJf7lRtUslb5LvhOkVJHA3Sy9UzoKppPCnhObMMA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707917455; c=relaxed/simple; bh=K455WI33R+3XbLzWm+QlI6MIT3mn7lkjaRiD7AzxaF4=; h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References: Mime-Version:Content-Type; b=Jp5t/J7MyHLcRQcE3EGy0wFB3CWPycJcpuq/SxmAg5q69HuWUakF0ZWBLOqBhPj3fl1OfUSOfJ1Uz0CoeSarxro3Z80x/IKvkk6vHxfKBS257w4uEHvlMPoQJLcPicu7CJF85llE/S09B5Ij1p9ojQVg+fn7Y9LH93EULEPiPYc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=2Bwly8Af; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17C54C433C7; Wed, 14 Feb 2024 13:30:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1707917454; bh=K455WI33R+3XbLzWm+QlI6MIT3mn7lkjaRiD7AzxaF4=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=2Bwly8Af5Am8RU4eqwKTcNBh/zkJGqw0bhqJFxF+8xgUQluNVkggAMsxJJ5ouGMEO kXKZ+BjwS9u8mSUR7Rf6dh4/azAGZV+s4ui/KQ7bo4KQBAStM4vZX/yChJh3LNZJ9D 2TGhKOdESaP2te+w/zP0foEfTP1WovcfGQuhLhQI= Date: Wed, 14 Feb 2024 05:30:53 -0800 From: Andrew Morton To: Petr Tesarik Cc: Jonathan Corbet , David Kaplan , Larry Dewey , Elena Reshetova , Carlos Bilbao , "Masami Hiramatsu (Google)" , Randy Dunlap , Petr Mladek , "Paul E. McKenney" , Eric DeVolder , Marc =?ISO-8859-1?Q?Aur=E8le?= La France , "Gustavo A. R. Silva" , Nhat Pham , Greg Kroah-Hartman , "Christian Brauner (Microsoft)" , Douglas Anderson , Luis Chamberlain , Guenter Roeck , Mike Christie , Kent Overstreet , Maninder Singh , linux-doc@vger.kernel.org (open list:DOCUMENTATION), linux-kernel@vger.kernel.org (open list), Roberto Sassu , petr@tesarici.cz, Petr Tesarik Subject: Re: [PATCH v1 5/5] sbm: SandBox Mode documentation Message-Id: <20240214053053.982b48d993ae99dad1d59020@linux-foundation.org> In-Reply-To: <20240214113035.2117-6-petrtesarik@huaweicloud.com> References: <20240214113035.2117-1-petrtesarik@huaweicloud.com> <20240214113035.2117-6-petrtesarik@huaweicloud.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 14 Feb 2024 12:30:35 +0100 Petr Tesarik wrote: > +Although data structures are not serialized and deserialized between kernel > +mode and sandbox mode, all directly and indirectly referenced data structures > +must be explicitly mapped into the sandbox, which requires some manual effort. Maybe I'm missing something here, but... The requirement that the sandboxed function only ever touch two linear blocks of memory (yes?) seems a tremendous limitation. I mean, how can the sandboxed function call kmalloc()? How can it call any useful kernel functions? They'll all touch memory which lies outside the sandbox areas? Perhaps a simple but real-world example would help clarify.