On 6/3/21 9:43 AM, Justin Forbes wrote: > On Thu, May 27, 2021 at 11:01 AM Justin Forbes <jforbes@xxxxxxxxxx> wrote: >> >> On Thu, May 27, 2021 at 9:19 AM Jens Axboe <axboe@xxxxxxxxx> wrote: >>> >>> On 5/27/21 8:12 AM, Justin Forbes wrote: >>>> On Thu, May 27, 2021 at 8:43 AM Jens Axboe <axboe@xxxxxxxxx> wrote: >>>>> >>>>> On 5/26/21 4:34 PM, Justin M. Forbes wrote: >>>>>> While IO_URING has been in fairly heavy development, it is hidden behind >>>>>> CONFIG_EXPERT with a default of on. It has been long enough now that I >>>>>> think we should remove EXPERT and allow users and distros to decide how >>>>>> they want this config option set without jumping through hoops. >>>>> >>>>> The whole point of EXPERT is to ensure that it doesn't get turned off >>>>> "by accident". It's a core feature, and something that more and more >>>>> apps or libraries are relying on. It's not something I intended to ever >>>>> go away, just like it would never go away for eg futex or epoll support. >>>>> >>>> >>>> I am not arguing with that, I don't expect it will go away. I >>>> certainly do not have an issue with it defaulting to on, and I didn't >>>> even submit this with intention to turn it off for default Fedora. I >>>> do think that there are cases where people might not wish it turned on >>>> at this point in time. Hiding it behind EXPERT makes it much more >>>> difficult than it needs to be. There are plenty of config options >>>> that are largely expected default and not hidden behind EXPERT. >>> >>> Right there are, but not really core kernel features like the ones >>> I mentioned. Hence my argument for why it's correct as-is and I >>> don't think it should be changed. >>> >> >> Honestly, this is fair, and I understand your concerns behind it. I >> think my real issue is that there is no simple way to override one >> EXPERT setting without having to set them all. It would be nice if >> expert were a "visible if" menu, setting defaults if not selected, >> which allows direct override with a config file. Perhaps I will try to >> fix this in kbuild. >> > > So it turns out that untangling this in kbuild is very difficult > without getting very unexpected results. Given the audit and security > discussions around io_uring lately, I am inclined to believe the > proper action is still to remove 'if EXPERT'. I'm still going to disagree with that. In terms of security, io_uring is in a much better spot than it was in the past. Arguably it should have been easier to turn off when it went in, but that ship has sailed a long time ago and the need now isn't really there imho. The lack of audit isn't new and is something that'll be solved for the next release. -- Jens Axboe
