Reportedly, the Linux kernel has already tried Rust programming to improve memory security. Now, the Chinese tech giant Huawei is planning a proposal for a new “sandbox mode” for the Linux kernel to improve the C language code in the kernel. memory safety.
Linux emails show that Petr Tesarik of Huawei Cloud issued a “request for comments” patch series about the new sandbox mode. Petr described the sandbox mode as:
The ultimate goal of sandbox mode is to execute native kernel code in an environment that only allows memory access to predefined addresses, so potential vulnerabilities cannot be exploited or have no impact on the rest of the kernel.
This patch series adds sandbox-mode APIs and architecture-independent infrastructure to the kernel. It runs the target function on a vmalloc() copy of all input and output data. This alone prevents some out-of-bounds access due to the protected page.
The sandbox mode document description,
The main goal of Sandbox Mode (SBM) is to reduce the impact of potential memory safety bugs in the kernel code by breaking up the kernel. The SBM API allows each component to be run in an isolated execution environment. In particular, memory regions used as inputs and/or outputs are isolated from the rest of the kernel and surrounded by guard pages.
On an architecture that implements the necessary arch hooks, sandbox mode leverages hardware paging facilities and CPU privilege levels to force the use of only these predefined memory regions. With support from Arch, SBM can also recover from protection breaches. This means that SBM forcibly terminates the sandbox and returns an error code (such as “-EFAULT“) to the caller so that execution can continue. This implementation provides *strong isolation*.
