On Fri, 30 Jun 2023 15:10:02 +0000, Matteo Rizzo wrote: > Over the last few years we've seen many critical vulnerabilities in > io_uring[1] which could be exploited by an unprivileged process to gain > control over the kernel. This patch introduces a new sysctl which disables > the creation of new io_uring instances system-wide. > > The goal of this patch is to give distros, system admins, and cloud > providers a way to reduce the risk of privilege escalation through io_uring > where disabling it with seccomp or at compile time is not practical. For > example a distro or cloud provider might want to disable io_uring by > default and have users enable it again if they need to run a program that > requires it. The new sysctl is designed to let a user with root on the > machine enable and disable io_uring systemwide at runtime without requiring > a kernel recompilation or a reboot. > > [...] Applied, thanks! [1/1] io_uring: add a sysctl to disable io_uring system-wide commit: d55f54dac19a0cee1818353ab5aa3edac9034db4 Best regards, -- Jens Axboe