From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Petr Tesarik" <petrtesarik@huaweicloud.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"David Kaplan" <david.kaplan@amd.com>,
"Larry Dewey" <larry.dewey@amd.com>,
"Elena Reshetova" <elena.reshetova@intel.com>,
"Carlos Bilbao" <carlos.bilbao@amd.com>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Petr Mladek" <pmladek@suse.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
"Eric DeVolder" <eric.devolder@oracle.com>,
"Marc Aurèle La France" <tsi@tuyoix.net>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Nhat Pham" <nphamcs@gmail.com>,
"Christian Brauner (Microsoft)" <brauner@kernel.org>,
"Douglas Anderson" <dianders@chromium.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
"Guenter Roeck" <groeck@chromium.org>,
"Mike Christie" <michael.christie@oracle.com>,
"Kent Overstreet" <kent.overstreet@linux.dev>,
"Maninder Singh" <maninder1.s@samsung.com>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>,
"Roberto Sassu" <roberto.sassu@huaweicloud.com>,
petr@tesarici.cz,
"Petr Tesarik" <petr.tesarik1@huawei-partners.com>
Subject: Re: [PATCH v1 5/5] sbm: SandBox Mode documentation
Date: Wed, 14 Feb 2024 15:01:25 +0100 [thread overview]
Message-ID: <2024021425-audition-expand-2901@gregkh> (raw)
In-Reply-To: <20240214053053.982b48d993ae99dad1d59020@linux-foundation.org>
On Wed, Feb 14, 2024 at 05:30:53AM -0800, Andrew Morton wrote:
> On Wed, 14 Feb 2024 12:30:35 +0100 Petr Tesarik <petrtesarik@huaweicloud.com> wrote:
>
> > +Although data structures are not serialized and deserialized between kernel
> > +mode and sandbox mode, all directly and indirectly referenced data structures
> > +must be explicitly mapped into the sandbox, which requires some manual effort.
>
> Maybe I'm missing something here, but...
>
> The requirement that the sandboxed function only ever touch two linear
> blocks of memory (yes?) seems a tremendous limitation. I mean, how can
> the sandboxed function call kmalloc()? How can it call any useful
> kernel functions? They'll all touch memory which lies outside the
> sandbox areas?
>
> Perhaps a simple but real-world example would help clarify.
I agree, this looks like an "interesting" framework, but we don't add
code to the kernel without a real, in-kernel user for it.
Without such a thing, we can't even consider it for inclusion as we
don't know how it will actually work and how any subsystem would use it.
Petr, do you have an user for this today?
thanks,
greg k-h
next prev parent reply other threads:[~2024-02-14 14:01 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 11:30 [PATCH v1 0/5] Introduce SandBox Mode (SBM) Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 1/5] sbm: SandBox Mode core data types and functions Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 2/5] sbm: sandbox input and output buffers Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 3/5] sbm: call helpers and thunks Petr Tesarik
2024-02-14 11:30 ` [PATCH v1 4/5] sbm: SandBox Mode KUnit test suite Petr Tesarik
2024-02-15 19:14 ` kernel test robot
2024-02-16 1:53 ` kernel test robot
2024-02-14 11:30 ` [PATCH v1 5/5] sbm: SandBox Mode documentation Petr Tesarik
2024-02-14 13:30 ` Andrew Morton
2024-02-14 14:01 ` Greg Kroah-Hartman [this message]
2024-02-14 14:55 ` Petr Tesařík
2024-02-14 15:11 ` Greg Kroah-Hartman
2024-02-14 16:31 ` Petr Tesařík
2024-02-14 18:48 ` Greg Kroah-Hartman
2024-02-14 19:42 ` Petr Tesařík
2024-02-15 9:11 ` Greg Kroah-Hartman
2024-02-15 9:45 ` Petr Tesařík
2024-02-15 11:39 ` Greg Kroah-Hartman
2024-02-14 18:54 ` Kent Overstreet
2024-02-14 20:09 ` Petr Tesařík
2024-02-14 20:19 ` Kent Overstreet
2024-02-15 6:42 ` Petr Tesařík
2024-02-15 8:52 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024021425-audition-expand-2901@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=carlos.bilbao@amd.com \
--cc=corbet@lwn.net \
--cc=david.kaplan@amd.com \
--cc=dianders@chromium.org \
--cc=elena.reshetova@intel.com \
--cc=eric.devolder@oracle.com \
--cc=groeck@chromium.org \
--cc=gustavoars@kernel.org \
--cc=kent.overstreet@linux.dev \
--cc=larry.dewey@amd.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maninder1.s@samsung.com \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=michael.christie@oracle.com \
--cc=nphamcs@gmail.com \
--cc=paulmck@kernel.org \
--cc=petr.tesarik1@huawei-partners.com \
--cc=petr@tesarici.cz \
--cc=petrtesarik@huaweicloud.com \
--cc=pmladek@suse.com \
--cc=rdunlap@infradead.org \
--cc=roberto.sassu@huaweicloud.com \
--cc=tsi@tuyoix.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox