Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp5411rdb; Wed, 14 Feb 2024 10:55:01 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVbst94yV+tXw4sVcmcxdgs6ZLvpyoEZJviZxy2hzr6teCHGB/7kcxciTm+27+XvcyK7jTwa94OAD/7h9fCUzn25ZEfZrmozxOpA0sVOA== X-Google-Smtp-Source: AGHT+IG5dDiKbEBpZLYRImtDnTLTJYuHG21jVA/49pql9kH9CLGacQrDn+Oe3DHKHDwc8mGsAYAi X-Received: by 2002:a05:6a20:9f98:b0:19e:aa16:2189 with SMTP id mm24-20020a056a209f9800b0019eaa162189mr4471410pzb.42.1707936900681; Wed, 14 Feb 2024 10:55:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707936900; cv=pass; d=google.com; s=arc-20160816; b=DOt8sZpwcHus1FPQnNCTSK8sv2Vk8CTyeiwAsCdoVkBkaLO2qkkFY7Z/1J9p/y+Kzq +sHFjMe96UK2lCO2sWrzpCUiAYFCo2lQ/G4lohWu3VlIn5ZvGDKGsM3Q5pB3bAHunEwK 4M3fAJUW5BRdcAc05CxqwGsWRe/YNd+ufCj7Udz5hMa0cDOrufIQHVwazkYnkrY0X7fo GubAE4WNa+6VVPtf0vELg4EBc2DiWjtgt5sNH3eqCVrzoNC6HMGJGaovfV5x5QnGUdJx u7y9MYW8mre8KEqhZa7kF40Pc+zu0CPoFSvuhsbtzP/9eI8nxbsXagCREdg4rOGd4pWN MGdg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:date:message-id :dkim-signature:dkim-filter; bh=unkqLgBp2GNddyUvgmq2FNkcavYkXdIC280T9onDTEQ=; fh=mhI4a6p6qsnlyU0ymm2jboGOha/3XN7XfIck5BIwbnk=; b=PsZ/cIfQzoSFN+wOuzXNldwtY0AvVgQdYAm2wgDg7OBUlt/NLM1ylx4pYMrS8WVjFG iTKN1MrbK0jLTr+0OOKl7LsLq3jlq/3KRBh3P1elbLp/oKJmtBdt3lkserIU2FuXtztG 8m2+NF4FUrzdk+nFgZBHqR4iUnHwpLla220CXMHN1PPXiMcw3pAYTPxSgtCFUqmdrrxB e0viIC0JQOZKk4lh+aHx5Rur/eg6J/sSAADiHAaUYr0Dlw7VX0bT05brpBUPMrV9eRze PJJrR5UgQG8X0WEQeSS37qBoxUI6Bkig78WjFjNy0MHhb/Yrnr2dI2B5nN1BJYSGXbHW EDng==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zytor.com header.s=2024021201 header.b="aG0I/ZQR"; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-65841-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65841-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com X-Forwarded-Encrypted: i=2; AJvYcCW1MuivadCXzDcDPjYaBonUGIy5QuFnZBfM4q/51Xc082AuUybhCUh/Qt1892kXjxoYLfSVHAcyqYNBFItQT7hNkJoyDqzq/52in0pL1Q== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id z11-20020aa7888b000000b006e08c4f7d69si8805251pfe.191.2024.02.14.10.55.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 10:55:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65841-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2024021201 header.b="aG0I/ZQR"; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-65841-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65841-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 1128C28E51B for ; Wed, 14 Feb 2024 18:53:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AB45613A272; Wed, 14 Feb 2024 18:53:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="aG0I/ZQR" Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF1D95C605; Wed, 14 Feb 2024 18:53:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707936831; cv=none; b=hVlL/1raVYWj4OI322FtyoLmrjNL9RmK18jgesEKo4OZGdhYz8sr4OHVqv0mwJJHHfzcj78jo4p5UmLDgJNGDfuIgtYKI6oUFRm/aJqPI2P3rc+qZVu2y43E6+txqGp3f96/x38VdxjlQeUkc9W9Tvmg0HaAL1GfCcwKpyK6Yv0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707936831; c=relaxed/simple; bh=q6KVf1rb7wRPyYfJTs8Acuti84MIGAmX8UZUXvHjmW4=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=d33JNbJ703YCpHrzn8Jbz5a5nVAOm+yjdLmInMjsgLZdXZBKtUCAH++y0IdIiolH4JDNAvDn7v2195OJ0YtItXZyH2md1Cjsy6wbRX6lBzKCGYceESPr9MHpZcoAY2B7G2JJ/jcQApU9xrliP5Pj8OnLyv2QOrWXMbs0f/qXSuk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=aG0I/ZQR; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Received: from [192.168.7.187] ([71.202.196.111]) (authenticated bits=0) by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 41EIqo0G1386660 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 14 Feb 2024 10:52:50 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 41EIqo0G1386660 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2024021201; t=1707936775; bh=unkqLgBp2GNddyUvgmq2FNkcavYkXdIC280T9onDTEQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=aG0I/ZQRF07AIaagS5nTESheASqN61LGkmnen6yZ40j1Rtb/9+kLEWJDOCgQr05PW pDYsPeTsGA31nOuxczZpGRGcz2+xhwcB2w/girrVGZdEqUPz7W2a1LP3VBgFboSY0N i48j35JEqzlmveGJ3nvf27UJmqsW6JJY2kVsj/Hvg5Q5o/Hfv53Fo5TbPM8GDwWa/l n+sy6OSGQbE21PMp1wqRnvGwxlTX407NgOTd7aA8yXgJf/Ab/+v7N6zt3TaKO8Z9il uPLknhZaKQEajDl/CJJpndg+qoL8GPEtggic2E/dCT0wLPeQyPlDn63lEOO+bBCTCA 1Zb+zMB0yOArg== Message-ID: Date: Wed, 14 Feb 2024 10:52:47 -0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v1 0/8] x86_64 SandBox Mode arch hooks To: =?UTF-8?B?UGV0ciBUZXNhxZnDrWs=?= , Dave Hansen Cc: Petr Tesarik , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , Andy Lutomirski , Oleg Nesterov , Peter Zijlstra , Xin Li , Arnd Bergmann , Andrew Morton , Rick Edgecombe , Kees Cook , "Masami Hiramatsu (Google)" , Pengfei Xu , Josh Poimboeuf , Ze Gao , "Kirill A. Shutemov" , Kai Huang , David Woodhouse , Brian Gerst , Jason Gunthorpe , Joerg Roedel , "Mike Rapoport (IBM)" , Tina Zhang , Jacob Pan , "open list:DOCUMENTATION" , open list , Roberto Sassu , Petr Tesarik References: <20240214113516.2307-1-petrtesarik@huaweicloud.com> <20240214192214.78734652@meshulam.tesarici.cz> Content-Language: en-US From: Xin Li Autocrypt: addr=xin@zytor.com; keydata= xsDNBGUPz1cBDACS/9yOJGojBFPxFt0OfTWuMl0uSgpwk37uRrFPTTLw4BaxhlFL0bjs6q+0 2OfG34R+a0ZCuj5c9vggUMoOLdDyA7yPVAJU0OX6lqpg6z/kyQg3t4jvajG6aCgwSDx5Kzg5 Rj3AXl8k2wb0jdqRB4RvaOPFiHNGgXCs5Pkux/qr0laeFIpzMKMootGa4kfURgPhRzUaM1vy bsMsL8vpJtGUmitrSqe5dVNBH00whLtPFM7IbzKURPUOkRRiusFAsw0a1ztCgoFczq6VfAVu raTye0L/VXwZd+aGi401V2tLsAHxxckRi9p3mc0jExPc60joK+aZPy6amwSCy5kAJ/AboYtY VmKIGKx1yx8POy6m+1lZ8C0q9b8eJ8kWPAR78PgT37FQWKYS1uAroG2wLdK7FiIEpPhCD+zH wlslo2ETbdKjrLIPNehQCOWrT32k8vFNEMLP5G/mmjfNj5sEf3IOKgMTMVl9AFjsINLHcxEQ 6T8nGbX/n3msP6A36FDfdSEAEQEAAc0WWGluIExpIDx4aW5Aenl0b3IuY29tPsLBDQQTAQgA NxYhBIUq/WFSDTiOvUIqv2u9DlcdrjdRBQJlD89XBQkFo5qAAhsDBAsJCAcFFQgJCgsFFgID AQAACgkQa70OVx2uN1HUpgv/cM2fsFCQodLArMTX5nt9yqAWgA5t1srri6EgS8W3F+3Kitge tYTBKu6j5BXuXaX3vyfCm+zajDJN77JHuYnpcKKr13VcZi1Swv6Jx1u0II8DOmoDYLb1Q2ZW v83W55fOWJ2g72x/UjVJBQ0sVjAngazU3ckc0TeNQlkcpSVGa/qBIHLfZraWtdrNAQT4A1fa sWGuJrChBFhtKbYXbUCu9AoYmmbQnsx2EWoJy3h7OjtfFapJbPZql+no5AJ3Mk9eE5oWyLH+ QWqtOeJM7kKvn/dBudokFSNhDUw06e7EoVPSJyUIMbYtUO7g2+Atu44G/EPP0yV0J4lRO6EA wYRXff7+I1jIWEHpj5EFVYO6SmBg7zF2illHEW31JAPtdDLDHYcZDfS41caEKOQIPsdzQkaQ oW2hchcjcMPAfyhhRzUpVHLPxLCetP8vrVhTvnaZUo0xaVYb3+wjP+D5j/3+hwblu2agPsaE vgVbZ8Fx3TUxUPCAdr/p73DGg57oHjgezsDNBGUPz1gBDAD4Mg7hMFRQqlzotcNSxatlAQNL MadLfUTFz8wUUa21LPLrHBkUwm8RujehJrzcVbPYwPXIO0uyL/F///CogMNx7Iwo6by43KOy g89wVFhyy237EY76j1lVfLzcMYmjBoTH95fJC/lVb5Whxil6KjSN/R/y3jfG1dPXfwAuZ/4N cMoOslWkfZKJeEut5aZTRepKKF54T5r49H9F7OFLyxrC/uI9UDttWqMxcWyCkHh0v1Di8176 jjYRNTrGEfYfGxSp+3jYL3PoNceIMkqM9haXjjGl0W1B4BidK1LVYBNov0rTEzyr0a1riUrp Qk+6z/LHxCM9lFFXnqH7KWeToTOPQebD2B/Ah5CZlft41i8L6LOF/LCuDBuYlu/fI2nuCc8d m4wwtkou1Y/kIwbEsE/6RQwRXUZhzO6llfoN96Fczr/RwvPIK5SVMixqWq4QGFAyK0m/1ap4 bhIRrdCLVQcgU4glo17vqfEaRcTW5SgX+pGs4KIPPBE5J/ABD6pBnUUAEQEAAcLA/AQYAQgA JhYhBIUq/WFSDTiOvUIqv2u9DlcdrjdRBQJlD89ZBQkFo5qAAhsMAAoJEGu9DlcdrjdR4C0L /RcjolEjoZW8VsyxWtXazQPnaRvzZ4vhmGOsCPr2BPtMlSwDzTlri8BBG1/3t/DNK4JLuwEj OAIE3fkkm+UG4Kjud6aNeraDI52DRVCSx6xff3bjmJsJJMb12mWglN6LjdF6K+PE+OTJUh2F dOhslN5C2kgl0dvUuevwMgQF3IljLmi/6APKYJHjkJpu1E6luZec/lRbetHuNFtbh3xgFIJx 2RpgVDP4xB3f8r0I+y6ua+p7fgOjDLyoFjubRGed0Be45JJQEn7A3CSb6Xu7NYobnxfkwAGZ Q81a2XtvNS7Aj6NWVoOQB5KbM4yosO5+Me1V1SkX2jlnn26JPEvbV3KRFcwV5RnDxm4OQTSk PYbAkjBbm+tuJ/Sm+5Yp5T/BnKz21FoCS8uvTiziHj2H7Cuekn6F8EYhegONm+RVg3vikOpn gao85i4HwQTK9/D1wgJIQkdwWXVMZ6q/OALaBp82vQ2U9sjTyFXgDjglgh00VRAHP7u1Rcu4 l75w1xInsg== In-Reply-To: <20240214192214.78734652@meshulam.tesarici.cz> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/14/2024 10:22 AM, Petr Tesařík wrote: > On Wed, 14 Feb 2024 06:52:53 -0800 > Dave Hansen wrote: > >> On 2/14/24 03:35, Petr Tesarik wrote: >>> This patch series implements x86_64 arch hooks for the generic SandBox >>> Mode infrastructure. >> >> I think I'm missing a bit of context here. What does one _do_ with >> SandBox Mode? Why is it useful? > > I see, I split the patch series into the base infrastructure and the > x86_64 implementation, but I forgot to merge the two recipient lists. > :-( > > Anyway, in the long term I would like to work on gradual decomposition > of the kernel into a core part and many self-contained components. > Sandbox mode is a useful tool to enforce isolation. > > In its current form, sandbox mode is too limited for that, but I'm > trying to find some balance between "publish early" and reaching a > feature level where some concrete examples can be shown. I'd rather > fail fast than maintain hundreds of patches in an out-of-tree branch > before submitting (and failing anyway). > > Petr T > What you're proposing sounds a gigantic thing, which could potentially impact all subsystems. Unless you prove it has big advantages with real world usages, I guess nobody even wants to look into the patches. BTW, this seems another attempt to get the idea of micro-kernel into Linux. -- Thanks! Xin