Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide

From: Bart Van Assche
Date: Tue Jun 27 2023 - 13:10:46 EST

Next message: Jens Axboe: "Re: [GIT PULL] bcachefs"
Previous message: Suren Baghdasaryan: "Re: [PATCH 1/2] kernfs: add kernfs_ops.free operation to free resources tied to the file"
In reply to: Randy Dunlap: "Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide"
Next in thread: Matteo Rizzo: "Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/27/23 05:00, Matteo Rizzo wrote:

+Prevents all processes from creating new io_uring instances. Enabling this
+shrinks the kernel's attack surface.
+
+= =============================================================
+0 All processes can create io_uring instances as normal. This is the default
+ setting.
+1 io_uring is disabled. io_uring_setup always fails with -EPERM. Existing
+ io_uring instances can still be used.
+= =============================================================

I'm using fio + io_uring all the time on Android devices. I think we need a
better solution than disabling io_uring system-wide, e.g. a mechanism based
on SELinux that disables io_uring for apps and that keeps io_uring enabled
for processes started via 'adb root && adb shell ...'

Bart.

Next message: Jens Axboe: "Re: [GIT PULL] bcachefs"
Previous message: Suren Baghdasaryan: "Re: [PATCH 1/2] kernfs: add kernfs_ops.free operation to free resources tied to the file"
In reply to: Randy Dunlap: "Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide"
Next in thread: Matteo Rizzo: "Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]