Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp19099045rwd; Wed, 28 Jun 2023 05:11:53 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7iBt3FgCL2uEYf5UXte22nMk9C0zTEgrquraxB1XLRndgF1dS72R7zLiILIeQ4bBnhVO/b X-Received: by 2002:a05:6a00:168d:b0:66f:912b:d6f with SMTP id k13-20020a056a00168d00b0066f912b0d6fmr14515931pfc.0.1687954313281; Wed, 28 Jun 2023 05:11:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687954313; cv=none; d=google.com; s=arc-20160816; b=TvIfOtsbha9N2wF7TLDWWtZCwe8AeTkeDVkBah2Uh8JZCcu/wOjC73adWPsGrtRtCk kj8mQXcnPFBugGqT+R32El0+FBzFEhK2JzYlZhpJLJfo4fDXu32gPt9w5Z4L84YnlhgA 1AVHU1YYbSeJ0Zt86pS/u3nJhEFWYUVE1BUhur4nxnaAlevI+zPVSrdCxZYnCkKzxKTd E+EAk5favUuKywcEWjrL5hLFo7SnFop5WsKUbazB3iWqXpRE0WPwL2MywxOoaR+62Oi7 hXWi2ttAwngOh4cUxTNM7X3I00QRpsukKLn0DEbbffaA9eiDKSGlDRdSeR8g0kqdjV8r dXhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=skyq5jJecX8gUzH/HELKhPjfwUeihuLQSPsIi6eg0Xg=; fh=12e+ZbEHCs3VHG6wR6bi4r4MAVmxznxpsMAEFGdbe0c=; b=dTYSQhv9wt8YjMN4IrhbjGdLTZjOhnkE6YM5t5xyTGt+0s2AOL5NNUBGYKNC/PGTZv 8Wjg1XUS3kbTKaovrGyiTRa8HbY9RiUy7ZXOZOZPG3HcPqx2Lm0+w1YtvQPevOeg5T7U VU6UPstG7rA8v+BuqjR7POl0XYvmKlKr8xIzapiV2K1FTm7VE+wUyzeHLrWoaBIL9wme T5vVgS6aYGgj+DI9c7spktJpcqCvWUVM/V3KBvOxgz7ORFv0PlB2HQLrCvqr1gUszE80 cYCQY0a/hziHfvOIsxj7MvCDcgB60Ivec0LSdjiMdNnGFhj3nG98+IyVoR2qKuU1v2Ko UZVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=nIS0UlAR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cj22-20020a056a00299600b006634db9e11dsi4287090pfb.313.2023.06.28.05.11.40; Wed, 28 Jun 2023 05:11:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=nIS0UlAR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231613AbjF1LgU (ORCPT + 99 others); Wed, 28 Jun 2023 07:36:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231636AbjF1LgS (ORCPT ); Wed, 28 Jun 2023 07:36:18 -0400 Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD8322D63 for ; Wed, 28 Jun 2023 04:36:17 -0700 (PDT) Received: by mail-qk1-x733.google.com with SMTP id af79cd13be357-76547539775so449142985a.3 for ; Wed, 28 Jun 2023 04:36:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1687952176; x=1690544176; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=skyq5jJecX8gUzH/HELKhPjfwUeihuLQSPsIi6eg0Xg=; b=nIS0UlARyFAuCW2qzN87wbOXLlUXoB5UUaCDASFT2QFcOUJ5dAClbAzVKhizUmxCjy mhVB/WHlMOZrDwgO0nOyfXLYxhb8Y6E3RT7IBLLMojQ7nsxzAdiOs95KTO1EuPEklMxR N21rifgjXEp9ZhY2ZwTzV9GjGBDmlVapq99mY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687952176; x=1690544176; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=skyq5jJecX8gUzH/HELKhPjfwUeihuLQSPsIi6eg0Xg=; b=RoN3n2KhhXHjLp1OCapG5+KEOiYMxIhhKKtfw+8OGy7dig1dO6JoZFrzls07QZTc7W w8PEYQM67uQknvJYXISpydKYFLcquzUdph4KW9uZJdoeMr5JpXAwuSPpLNHDP7UBVzSe mZojrFs7Z0w7iKZ5wtc7VhV4pnlvVAoWR57I8ffCiA43HitgizwWsA0ZpkOK/fqU93wG yYxVdUB8SMrFQgOQ9AHWRb1GvMgIe7g6RwCfL87esNiZcG+Xhgsc/v+XaB9BG4cNmnZC EpurWhx66zJqXAyFaRWDO/ruq7L2gWaCHpVXV/xG4n/x2A/R2oMznVW0j3ZVir2fHu6F WQ/A== X-Gm-Message-State: AC+VfDxp2NuRuGwZc2DYDo4waWq0E7lDpxZl4MVLJczKV0C0ncx7LZsa NGasq3M88BlShqYgJK8HmWpmZJC++HgP377mPEaCqQ== X-Received: by 2002:a05:620a:31a9:b0:765:3eba:1663 with SMTP id bi41-20020a05620a31a900b007653eba1663mr19218243qkb.52.1687952176510; Wed, 28 Jun 2023 04:36:16 -0700 (PDT) Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com. [209.85.219.53]) by smtp.gmail.com with ESMTPSA id z19-20020a05620a101300b007625382f4d6sm4966758qkj.84.2023.06.28.04.36.15 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 28 Jun 2023 04:36:15 -0700 (PDT) Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-635d9d6daabso28724446d6.0 for ; Wed, 28 Jun 2023 04:36:15 -0700 (PDT) X-Received: by 2002:a05:6214:c63:b0:62b:6999:ab7b with SMTP id t3-20020a0562140c6300b0062b6999ab7bmr36306952qvj.16.1687952174945; Wed, 28 Jun 2023 04:36:14 -0700 (PDT) MIME-Version: 1.0 References: <20230627120058.2214509-1-matteorizzo@google.com> <20230627120058.2214509-2-matteorizzo@google.com> In-Reply-To: From: Ricardo Ribalda Date: Wed, 28 Jun 2023 13:36:04 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide To: Matteo Rizzo Cc: Bart Van Assche , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, io-uring@vger.kernel.org, jordyzomer@google.com, evn@google.com, poprdi@google.com, corbet@lwn.net, axboe@kernel.dk, asml.silence@gmail.com, akpm@linux-foundation.org, keescook@chromium.org, rostedt@goodmis.org, dave.hansen@linux.intel.com, chenhuacai@kernel.org, steve@sk2.org, gpiccoli@igalia.com, ldufour@linux.ibm.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Matteo On Tue, 27 Jun 2023 at 20:15, Matteo Rizzo wrote: > > On Tue, 27 Jun 2023 at 19:10, Bart Van Assche wrote: > > I'm using fio + io_uring all the time on Android devices. I think we need a > > better solution than disabling io_uring system-wide, e.g. a mechanism based > > on SELinux that disables io_uring for apps and that keeps io_uring enabled > > for processes started via 'adb root && adb shell ...' > > Android already uses seccomp to prevent untrusted applications from using > io_uring. This patch is aimed at server/desktop environments where there is > no easy way to set a system-wide seccomp policy and right now the only way > to disable io_uring system-wide is to compile it out of the kernel entirely > (not really feasible for e.g. a general-purpose distro). > > I thought about adding a capability check that lets privileged processes > bypass this sysctl, but it wasn't clear to me which capability I should use. > For userfaultfd the kernel uses CAP_SYS_PTRACE, but I wasn't sure that's > the best choice here since io_uring has nothing to do with ptrace. > If anyone has any suggestions please let me know. A LSM hook also sounds > like an option but it would be more complicated to implement and use. Have you considered that the new sysctl is "sticky like kexec_load_disabled. When the user disables it there is no way to turn it back on until the system is rebooted. Best regards! -- Ricardo Ribalda