Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp18037813rwd; Tue, 27 Jun 2023 10:41:09 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ48k+lhePLJDhkpR2NrHaPz+767cI9MwOd2aeihjZDXaLDVuT7D6sDUiWntDzyzbLb91pLe X-Received: by 2002:a05:6a20:428b:b0:126:3759:582d with SMTP id o11-20020a056a20428b00b001263759582dmr9150024pzj.15.1687887668957; Tue, 27 Jun 2023 10:41:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687887668; cv=none; d=google.com; s=arc-20160816; b=rFUxzCRLtMy/kNthQlfkS9MMLKy6j8I7dtQSybnCcUGRtc4MUQSufjGs1aZw+lD8ve 3ZvmpMZU80n5OMHwqRjFNyb6h8NhaxABXcO91byrCe+Dh0Yn0z656tUX6f4dqnoUW5nj VU6uYcVQp0fYZf/bZR0O/Pw7EDkcNAEYenjaKNdudouccRczGlbnommuNfa5/FlGoghn B0RJrpUbFM2cCJ8w/2QEkZqRBrt/u3yFuc9AyQ5H6IO2vwXSkVdZGgvELVt8KlRGP1PB I/mV0V/J9JJfuDLmcV1xkRixFe7McDDYqCRZohKVg6eqzQa5ucZ7ygzMS1QUCAeEgH6t 2D1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=QCwreXgAeapFWNeRBQ+PIDdq1pcxDkY0t7LqXpgTL40=; fh=h1jtkvG6fHy8esRhm4ngbs/KyU39/fn1fR6HVR99tE0=; b=Mhgv2ey4gla40IiDCbj9M/hGd4fetzWC2+9SCBqz0aMLwhksgu89buPOZEg9KrCyiq q8EWMHUTnB+i40YGvE5IP636YwmfKROKzMHi5eQKJ/oN1xKmMaCWOMcdAyuxUP/ksvbR z1qjVOaRBLZLEGyJTcG7bdFm0vJ8R2Rj0IJLpwE387OCFPi229zcqK79E9Kx3FaweUyD QpKEnbdrHKwEP2rgEAvW6Jmuc+byju1eBeFwg4Ul3/+D/DrAZ5Hd6OSKgCRDbYRLzyV3 F74/4Kv0oVhE/eHNLxfAMCqoJ9XqDlTiLdutUm9muIk8bRdIGgcyij7DtZ/aLMkvkjzt OGWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=acm.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fi4-20020a056a00398400b006665df4f1f0si7509731pfb.136.2023.06.27.10.40.56; Tue, 27 Jun 2023 10:41:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=acm.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230511AbjF0RKn (ORCPT + 99 others); Tue, 27 Jun 2023 13:10:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229567AbjF0RKm (ORCPT ); Tue, 27 Jun 2023 13:10:42 -0400 Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EB871708; Tue, 27 Jun 2023 10:10:41 -0700 (PDT) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-6689430d803so2715724b3a.0; Tue, 27 Jun 2023 10:10:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687885841; x=1690477841; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QCwreXgAeapFWNeRBQ+PIDdq1pcxDkY0t7LqXpgTL40=; b=Jpm7sVu9mTIi9yW+4WcKRT72q+gwbNkg+u+zWHhO8PtzBLIYS6MQNd5zk2yzgv8obK zRN6zYtkdWOiGGSKx8zL99yX8w1s3Gf/Gd58ABW+J3hjEZ0M2HPOAgw51nVhLQ5uZen8 bStQWyjRjUwfTUknzv6hPBrU6LbWwWBC8ATE4isgXHOWYB0zaJIvr+bbSqCm1/5EvlyH l7rIvVEEIVP4iWB23EKTXtCv0zB/dbEZpTtO1Kb0pvL+aMFgWYBHlZF9SVAVcKZ4+2O1 lGJBQMZPCIoSlFL8irTiPFBaXEsltqCVf63Tz/711YYezawmjBre3IwzrjdwtORGVIH0 NRLg== X-Gm-Message-State: AC+VfDx8nDq1rjQng4QrdhVJJAcnm198MWljH/WeuYXQ46u6u7Dr0Duq emKdTGZigOpt3tx5o8vU2OM= X-Received: by 2002:a05:6a00:1356:b0:67f:e74a:d309 with SMTP id k22-20020a056a00135600b0067fe74ad309mr615067pfu.30.1687885840698; Tue, 27 Jun 2023 10:10:40 -0700 (PDT) Received: from ?IPV6:2620:15c:211:201:5a8b:4bea:e452:f031? ([2620:15c:211:201:5a8b:4bea:e452:f031]) by smtp.gmail.com with ESMTPSA id t17-20020a62ea11000000b0066355064acbsm5644002pfh.104.2023.06.27.10.10.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 27 Jun 2023 10:10:40 -0700 (PDT) Message-ID: Date: Tue, 27 Jun 2023 10:10:36 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide Content-Language: en-US To: Matteo Rizzo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, io-uring@vger.kernel.org Cc: jordyzomer@google.com, evn@google.com, poprdi@google.com, corbet@lwn.net, axboe@kernel.dk, asml.silence@gmail.com, akpm@linux-foundation.org, keescook@chromium.org, rostedt@goodmis.org, dave.hansen@linux.intel.com, ribalda@chromium.org, chenhuacai@kernel.org, steve@sk2.org, gpiccoli@igalia.com, ldufour@linux.ibm.com References: <20230627120058.2214509-1-matteorizzo@google.com> <20230627120058.2214509-2-matteorizzo@google.com> From: Bart Van Assche In-Reply-To: <20230627120058.2214509-2-matteorizzo@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/27/23 05:00, Matteo Rizzo wrote: > +Prevents all processes from creating new io_uring instances. Enabling this > +shrinks the kernel's attack surface. > + > += ============================================================= > +0 All processes can create io_uring instances as normal. This is the default > + setting. > +1 io_uring is disabled. io_uring_setup always fails with -EPERM. Existing > + io_uring instances can still be used. > += ============================================================= I'm using fio + io_uring all the time on Android devices. I think we need a better solution than disabling io_uring system-wide, e.g. a mechanism based on SELinux that disables io_uring for apps and that keeps io_uring enabled for processes started via 'adb root && adb shell ...' Bart.