| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Feb 2024 12:35:15 +0100 From: Petr Tesarik <petrtesarik@...weicloud.com> To: Jonathan Corbet <corbet@....net>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), "H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>, Oleg Nesterov <oleg@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Xin Li <xin3.li@...el.com>, Arnd Bergmann <arnd@...db.de>, Andrew Morton <akpm@...ux-foundation.org>, Rick Edgecombe <rick.p.edgecombe@...el.com>, Kees Cook <keescook@...omium.org>, "Masami Hiramatsu (Google)" <mhiramat@...nel.org>, Pengfei Xu <pengfei.xu@...el.com>, Josh Poimboeuf <jpoimboe@...nel.org>, Ze Gao <zegao2021@...il.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Kai Huang <kai.huang@...el.com>, David Woodhouse <dwmw@...zon.co.uk>, Brian Gerst <brgerst@...il.com>, Jason Gunthorpe <jgg@...pe.ca>, Joerg Roedel <jroedel@...e.de>, "Mike Rapoport (IBM)" <rppt@...nel.org>, Tina Zhang <tina.zhang@...el.com>, Jacob Pan <jacob.jun.pan@...ux.intel.com>, linux-doc@...r.kernel.org (open list:DOCUMENTATION), linux-kernel@...r.kernel.org (open list) Cc: Roberto Sassu <roberto.sassu@...weicloud.com>, petr@...arici.cz, Petr Tesarik <petr.tesarik1@...wei-partners.com> Subject: [PATCH v1 7/8] sbm: documentation of the x86-64 SandBox Mode implementation From: Petr Tesarik <petr.tesarik1@...wei-partners.com> Add a section about the x86-64 implementation. Signed-off-by: Petr Tesarik <petr.tesarik1@...wei-partners.com> --- Documentation/security/sandbox-mode.rst | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/Documentation/security/sandbox-mode.rst b/Documentation/security/sandbox-mode.rst index 4405b8858c4a..84816b6b68de 100644 --- a/Documentation/security/sandbox-mode.rst +++ b/Documentation/security/sandbox-mode.rst @@ -111,6 +111,31 @@ These hooks must be implemented to select HAVE_ARCH_SBM. :identifiers: arch_sbm_init arch_sbm_destroy arch_sbm_exec arch_sbm_map_readonly arch_sbm_map_writable +X86_64 Implementation +===================== + +The x86_64 implementation provides strong isolation and recovery from CPU +exceptions. + +Sandbox mode runs in protection ring 3 (same as user mode). This means that: + +* sandbox code cannot execute privileged CPU instructions, +* memory accesses are treated as user accesses. + +The thread stack is readable in sandbox mode, because an on-stack data +structure is used by call helpers and thunks to pass target function +arguments. However, it is not writable, and sandbox code runs on its own +stack. The thread stack is not used by interrupt handlers either. Non-IST +interrupt handlers run on a separate sandbox exception stack. + +The interrupt entry path modifies the saved pt_regs to make it appear as +coming from kernel mode. The CR3 register is then switched to kernel mode. +The interrupt exit path is modified to restore actual pt_regs and switch the +CR3 register back to its sandbox mode value, overriding CR3 changes for page +table isolation. + +Support for paravirtualized kernels is not (yet) provided. + Current Limitations =================== -- 2.34.1
Powered by blists - more mailing lists