Re: [PATCH] io_uring, audit: don't log IORING_OP_RECV_ZC
From: Ricardo Robaina
Date: Tue Jun 16 2026 - 10:52:05 EST
On Tue, Jun 16, 2026 at 11:44 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Tue, Jun 16, 2026 at 8:36 AM Ricardo Robaina <rrobaina@xxxxxxxxxx> wrote:
> >
> > IORING_OP_RECV_ZC is a read operation. Audit only tracks file/socket
> > creation ...
>
> That's not strictly correct, audit tracks more than just socket
> creation. Connection events and connection-less writes are also of
> interest.
>
> > ... not subsequent reads. Set audit_skip to align with
> > audit-userspace uringop_table.h.
>
> While the logic above is correct, IORING_OP_RECV_ZC should be
> "audit_skip", the reasoning is backwards: the audit userspace io_uring
> table is dependent on the kernel, not the other way around (for what
> should be obvious reasons).
>
> Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>
>
> > Fixes: 11ed914bbf94 ("io_uring/zcrx: add io_recvzc request")
> > Suggested-by: Steve Grubb <sgrubb@xxxxxxxxxx>
> > Signed-off-by: Ricardo Robaina <rrobaina@xxxxxxxxxx>
> > ---
> > io_uring/opdef.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/io_uring/opdef.c b/io_uring/opdef.c
> > index c3ef52b70811..fef134a21113 100644
> > --- a/io_uring/opdef.c
> > +++ b/io_uring/opdef.c
> > @@ -519,6 +519,7 @@ const struct io_issue_def io_issue_defs[] = {
> > #endif
> > },
> > [IORING_OP_RECV_ZC] = {
> > + .audit_skip = 1,
> > .needs_file = 1,
> > .unbound_nonreg_file = 1,
> > .pollin = 1,
> > --
> > 2.53.0
>
> --
> paul-moore.com
>
Thanks for reviewing the patch and the clarification, Paul!
-Ricardo