"SandBox Mode" Proposed For The Linux Kernel To Improve Memory Safety

Written by Michael Larabel in Linux Security on 14 February 2024 at 06:55 AM EST. 18 Comments
LINUX SECURITY
While there is already the work underway on allowing the Rust programming language within the Linux kernel in part to leverage its memory safety potential, a proposal was sent out this morning for a new "SandBox Mode" for the Linux kernel to also increase the memory safety of C code within the kernel.

Petr Tesarik with Huawei sent out the "request for comments" patch series on the new SandBox Mode. Petr describes the SandBox Mode as:
"The ultimate goal of SandBox Mode is to execute native kernel code in an environment which permits memory access only to predefined addresses, so potential vulnerabilities cannot be exploited or will have no impact on the rest of the kernel.

This patch series adds the API and arch-independent infrastructure of SandBox Mode to the kernel. It runs the target function on a vmalloc()'ed copy of all input and output data. This alone prevents some out-of-bounds accesses thanks to guard pages."

The SandBox Mode documentation further adds:
"The primary goal of SandBox Mode (SBM) is to reduce the impact of potential memory safety bugs in kernel code by decomposing the kernel. The SBM API allows to run each component inside an isolated execution environment. In particular, memory areas used as input and/or output are isolated from the rest of the kernel and surrounded by guard pages. Without arch hooks, this common base provides *weak isolation*.

On architectures which implement the necessary arch hooks, SandBox Mode leverages hardware paging facilities and CPU privilege levels to enforce the use of only these predefined memory areas. With arch support, SBM can also recover from protection violations. This means that SBM forcibly terminates the sandbox and returns an error code (e.g. ``-EFAULT``) to the caller, so execution can continue. Such implementation provides *strong isolation*."

It will be interesting to see how this SandBox Mode proposal is received by upstream kernel developers. Those interested can see the RFC patch series for more information on this just-proposed addition to the Linux kernel.
18 Comments
Related News
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Godot's Vulkan Backend Seeing Better Performance, 10~20% Reduction In Frame Times
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations