On 6/27/23 05:00, Matteo Rizzo wrote:
+Prevents all processes from creating new io_uring instances. Enabling this +shrinks the kernel's attack surface. + += ============================================================= +0 All processes can create io_uring instances as normal. This is the default + setting. +1 io_uring is disabled. io_uring_setup always fails with -EPERM. Existing + io_uring instances can still be used. += =============================================================
I'm using fio + io_uring all the time on Android devices. I think we need a better solution than disabling io_uring system-wide, e.g. a mechanism based on SELinux that disables io_uring for apps and that keeps io_uring enabled for processes started via 'adb root && adb shell ...' Bart.
