Re: [PATCH 1/1] Add a new sysctl to disable io_uring system-wide
From: Randy Dunlap
Date: Tue Jun 27 2023 - 12:24:06 EST
Hi--
On 6/27/23 05:00, Matteo Rizzo wrote:
> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
> index d85d90f5d000..3c53a238332a 100644
> --- a/Documentation/admin-guide/sysctl/kernel.rst
> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> @@ -450,6 +450,20 @@ this allows system administrators to override the
> ``IA64_THREAD_UAC_NOPRINT`` ``prctl`` and avoid logs being flooded.
>
>
> +io_uring_disabled
> +=========================
> +
> +Prevents all processes from creating new io_uring instances. Enabling this
> +shrinks the kernel's attack surface.
> +
> += =============================================================
> +0 All processes can create io_uring instances as normal. This is the default
> + setting.
> +1 io_uring is disabled. io_uring_setup always fails with -EPERM. Existing
> + io_uring instances can still be used.
> += =============================================================
These table lines should be extended at least as far as the text that they
enclose. I.e., the top and bottom lines should be like:
> += ==========================================================================
thanks.
--
~Randy