[NOTES] Sandbox concept

This forum is dedicated to feedback, discussions about ongoing or future developments, ideas and suggestions regarding the ChibiOS projects are welcome.
User avatar
Giovanni
Site Admin
Posts: 12021
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 543 times
Been thanked: 455 times
Contact:

[NOTES] Sandbox concept

Postby Giovanni » Thu Jul 18, 2019 2:08 pm

Hi,

Just writing some notes about this idea: create an "unprivileged sandbox".

- Threads could be privileged or not privileged.
- The address space is by accessible only by privileged code (this is the Cortex-M default).
- The application can create a "sandbox" using one or two MPU regions (for code and data).
- The sandbox code would start with an header containing some metadata (entry points and stack sizes).
- The application starts one or more threads to enter the sandbox and be trapped there using the metadata for entry points.
- The boxed threads cannot touch anything, just call SVC for services (API TBD), threads cannot call ChibiOS functions directly.
- Exceptions caused by sandboxed threads would just terminate the thread without affecting the rest of the system.
- The sandbox is static, no MPU reconfiguration at context switch (fast).
- Sandbox is pretty much like a Posix process but static and without overhead.
- It would be an optional module on top of both RT or NIL, it makes more sense for RT anyway.

Use cases:
- Run loadable code safely (sandbox in RAM, or in a dedicated flash that can be rewritten with external code).
- ISO26262 isolation concept (non-ASIL code in the sandbox in an ASIL system).

Possible enhancements:
- Multiple sandboxes isolated from each other, pretty much processes, would require MPU dynamic handling.

API ideas:
- exit, sleep for sure.
- Access to named global objects like mailboxes or message servers.
- Posix-like API? as an option?

To verify:
- How much isolation is really possible on Cortex-M.

Just writing notes right now, feedback is of course welcome.

Giovanni

Return to “Development and Feedback”

Who is online

Users browsing this forum: Google Adsense [Bot] and 3 guests