hardware isolation

Java Tech Enthusiast

Feb 17, 2024 · Information Security

Linux Kernel SandBox Mode (SBM) Patch Enhances Memory Safety

Huawei engineer Petr Tesarik submitted a Linux kernel patch that adds SandBox Mode (SBM), an API confining kernel code to predefined memory regions, using hardware paging and CPU privilege levels to isolate components, detect out‑of‑bounds accesses, recover from violations, terminate the sandbox and return error codes such as -EFAULT, enabling continued execution.