Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp585809rdh; Wed, 14 Feb 2024 06:04:21 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVLyYNcbeT+/gZhFRVGozblHnAs7UM7G9Oh8YbLR2N4egAKkTlTD4zI2b1zRhG9GC7fGKGUhjReCWPaVqn5gfSXjcjX40y8EECllI1Qdw== X-Google-Smtp-Source: AGHT+IEykzXA4R6vTupVlFNk2dfRHhA2mAoAGzgEshGwPugM1SikEjy/dUc2Ytq7f2yewt/QFiY5 X-Received: by 2002:a0d:d488:0:b0:5ff:981a:2aa5 with SMTP id w130-20020a0dd488000000b005ff981a2aa5mr2595382ywd.46.1707919461453; Wed, 14 Feb 2024 06:04:21 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707919461; cv=pass; d=google.com; s=arc-20160816; b=HyqfdKXR5IpUpI3xycGS7US37wI7j2uhhQDtd+FhUoTXm88Ya+Uy5S5zrJoZ05QVPk zrT1zejLdgYuFKrkslbSbt46xJ69yQ7hyzc+ubTdO5SvvWx5ttHk7PD/Je1f8obn96Zz 9CuIPm5UIfQIa0iB4iwD3tStqKWRiN3AlmKvgGcbuxDjRcDaRTvuKvSAFcYbu2ekdVgI 7oP8/1d4IN3hTVnjsLww+faQ3f5blfOCVD7LwqJGcCR2T1I4UoBc4LQhLHypBqyWRx9Z yM89egpyQsABhpDW2v1RKUKXigcldKVnRdVciVh3HEp4MZ/LiyHZaxcRwQS3H8iNc05c jOtQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=FH2FKFke6fun4ezZZIJHJ7CCjfWerZcbTI7saEfhOB4=; fh=rI9pWKJqeSdARuWN9fzPc3Yz9BR2d2+/I2QdcO+9mJE=; b=D6R45e1n4a1nOHUyq+AK7bHxI9BRComRAmqabVCkQj7PAzGFKIn7VHRrGVgDRiHp4L ybI8x0FfSlvVmP2pGNh7cWPeaTAwsFk4OlOCE1OPgCAuvpwUZW5rhb6ORHJ+jrVkIsVP GLdoybXo8+zccKZaYm3acJ6BUXUbw4BAPsxPoJeAtkeDruRa6kVjrT0jjmEf/EAU53cF v0RkI4AD+72a6j/1EeGsxnDxxNT4k7XSE3JqfNzmpTcms2wwjtYSQHxTMervpNlqTjJH 1AfwqujM58XKnJgaaCZaQmwML33TQ6Xy20PO3k9gkAW6QvQbsRqTJE7OAKSWZAoFSqTt 89rw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="j/M2c/3c"; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-65313-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65313-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org X-Forwarded-Encrypted: i=2; AJvYcCV/r4tZ3nFeba0fL6CXTojcHHctvSgQ+faRUAPvyWjZ0qI1Z3167hkvbGoJvNq8+NGJnppNxSYxfUfKM9d6p98JtJ22LuKWvcy89ZIdRg== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id s11-20020a819f0b000000b00607bbcecd3asi128215ywn.198.2024.02.14.06.04.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 06:04:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65313-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="j/M2c/3c"; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-65313-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65313-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 66F511C28878 for ; Wed, 14 Feb 2024 14:01:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C35315810D; Wed, 14 Feb 2024 14:01:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="j/M2c/3c" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC4D057862; Wed, 14 Feb 2024 14:01:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707919289; cv=none; b=WFfGe4/HWsJdoIB11eGL9oe/LNVY9nMWGW77RG6MO2C5fSvk4ysp5ASvP2nfA3niuhKe6t3Pwxhl5Km5E8c5NNxE3PWVQu3ps5WgBi7IKeBw0EFe1zE9aU6wnBMcdbDfMhUvNBDCcv1KLliNOYJXnq0b4a1kJigOXQMxVLt/qeQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707919289; c=relaxed/simple; bh=7IrcdoZ+vjPqqPjNfjOphNDGS4S9Nw4aZ0rqVEytrxo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=a+rj+OPc+pxyrVrw68NfGLWPS8Pd6XXW5HvK1xvOaRl7HOZOG1yxwIsiY9UcKov/gS4R8EZsDgSmq7Z0NXu3xHXh7efsP++6mYwSVflhU1E13R02OCC6SoEjdrgWyHmtEkjWGbBO+JltJN8WgVwgcJIcZIWDbzWRp5tprfSrpEE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=j/M2c/3c; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C440DC433F1; Wed, 14 Feb 2024 14:01:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1707919288; bh=7IrcdoZ+vjPqqPjNfjOphNDGS4S9Nw4aZ0rqVEytrxo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=j/M2c/3cbTThd3pdkPLqPNOr4VYk61qNokoju9FQWUn7Htjn5KZSEBz+1s6+BEyGf d6dvM6THbYUYzGTmj8q5spmk3LbLiJjPRCNA5J+BaPBhy1CoA0Sl9/luMUx5Qw9PaS TxMsYAhesRRly5/b4y6GWqC5M6oaLi0Gyp6+0k9s= Date: Wed, 14 Feb 2024 15:01:25 +0100 From: Greg Kroah-Hartman To: Andrew Morton Cc: Petr Tesarik , Jonathan Corbet , David Kaplan , Larry Dewey , Elena Reshetova , Carlos Bilbao , "Masami Hiramatsu (Google)" , Randy Dunlap , Petr Mladek , "Paul E. McKenney" , Eric DeVolder , Marc =?iso-8859-1?Q?Aur=E8le?= La France , "Gustavo A. R. Silva" , Nhat Pham , "Christian Brauner (Microsoft)" , Douglas Anderson , Luis Chamberlain , Guenter Roeck , Mike Christie , Kent Overstreet , Maninder Singh , "open list:DOCUMENTATION" , open list , Roberto Sassu , petr@tesarici.cz, Petr Tesarik Subject: Re: [PATCH v1 5/5] sbm: SandBox Mode documentation Message-ID: <2024021425-audition-expand-2901@gregkh> References: <20240214113035.2117-1-petrtesarik@huaweicloud.com> <20240214113035.2117-6-petrtesarik@huaweicloud.com> <20240214053053.982b48d993ae99dad1d59020@linux-foundation.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240214053053.982b48d993ae99dad1d59020@linux-foundation.org> On Wed, Feb 14, 2024 at 05:30:53AM -0800, Andrew Morton wrote: > On Wed, 14 Feb 2024 12:30:35 +0100 Petr Tesarik wrote: > > > +Although data structures are not serialized and deserialized between kernel > > +mode and sandbox mode, all directly and indirectly referenced data structures > > +must be explicitly mapped into the sandbox, which requires some manual effort. > > Maybe I'm missing something here, but... > > The requirement that the sandboxed function only ever touch two linear > blocks of memory (yes?) seems a tremendous limitation. I mean, how can > the sandboxed function call kmalloc()? How can it call any useful > kernel functions? They'll all touch memory which lies outside the > sandbox areas? > > Perhaps a simple but real-world example would help clarify. I agree, this looks like an "interesting" framework, but we don't add code to the kernel without a real, in-kernel user for it. Without such a thing, we can't even consider it for inclusion as we don't know how it will actually work and how any subsystem would use it. Petr, do you have an user for this today? thanks, greg k-h