Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
MIME-Version: 1.0
References: <20230630151003.3622786-1-matteorizzo@google.com> <20230630151003.3622786-2-matteorizzo@google.com>
In-Reply-To: <20230630151003.3622786-2-matteorizzo@google.com>
From:   Jann Horn <jannh@google.com>
Date:   Fri, 30 Jun 2023 17:15:44 +0200
Message-ID: <CAG48ez3k2K1_gwxo=ckHQmHxXgV-VfQ897-TXQcJjUcdiyr4Hg@mail.gmail.com>
Subject: Re: [PATCH v3 1/1] io_uring: add a sysctl to disable io_uring system-wide
To:     Matteo Rizzo <matteorizzo@google.com>
Cc:     linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
        io-uring@vger.kernel.org, axboe@kernel.dk, asml.silence@gmail.com,
        corbet@lwn.net, akpm@linux-foundation.org, keescook@chromium.org,
        ribalda@chromium.org, rostedt@goodmis.org, chenhuacai@kernel.org,
        gpiccoli@igalia.com, ldufour@linux.ibm.com, evn@google.com,
        poprdi@google.com, jordyzomer@google.com, jmoyer@redhat.com,
        krisman@suse.de
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk

On Fri, Jun 30, 2023 at 5:10=E2=80=AFPM Matteo Rizzo <matteorizzo@google.co=
m> wrote:
> Introduce a new sysctl (io_uring_disabled) which can be either 0, 1,
> or 2. When 0 (the default), all processes are allowed to create io_uring
> instances, which is the current behavior. When 1, all calls to
> io_uring_setup fail with -EPERM unless the calling process has
> CAP_SYS_ADMIN. When 2, calls to io_uring_setup fail with -EPERM
> regardless of privilege.
>
> Signed-off-by: Matteo Rizzo <matteorizzo@google.com>
> Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
> Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>

Reviewed-by: Jann Horn <jannh@google.com>