Over the last few years we've seen many critical vulnerabilities in io_uring (https://goo.gle/limit-iouring) which could be exploited by an unprivileged process. There is currently no way to disable io_uring system-wide except by compiling it out of the kernel entirely. The only way to prevent a process from accessing io_uring is to use a seccomp filter, but seccomp cannot be applied system-wide. This patch introduces a new sysctl which disables the creation of new io_uring instances system-wide. This gives system admins a way to reduce the kernel's attack surface on systems where io_uring is not used. Matteo Rizzo (1): Add a new sysctl to disable io_uring system-wide Documentation/admin-guide/sysctl/kernel.rst | 14 ++++++++++++ io_uring/io_uring.c | 24 +++++++++++++++++++++ 2 files changed, 38 insertions(+) -- 2.41.0.162.gfafddb0af9-goog
