On Wed, 14 Feb 2024 12:30:35 +0100 Petr Tesarik <petrtesarik@xxxxxxxxxxxxxxx> wrote: > +Although data structures are not serialized and deserialized between kernel > +mode and sandbox mode, all directly and indirectly referenced data structures > +must be explicitly mapped into the sandbox, which requires some manual effort. Maybe I'm missing something here, but... The requirement that the sandboxed function only ever touch two linear blocks of memory (yes?) seems a tremendous limitation. I mean, how can the sandboxed function call kmalloc()? How can it call any useful kernel functions? They'll all touch memory which lies outside the sandbox areas? Perhaps a simple but real-world example would help clarify.
