On Thu, 26 Sept 2024 at 14:24, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > Daniel took a different approach for averting the security issue > in the FUSE BPF patches. > The OPEN response itself was converted to use an ioctl instead of write: > https://lore.kernel.org/linux-fsdevel/20240329015351.624249-6-drosen@xxxxxxxxxx/ > as well as the LOOKUP response. > > Are there any negative performance or other implications in this approach? It would work, but I'd try to avoid adding more ioctls if possible. Hence the io-uring suggestion. OTOH I'm not sure io_uring is the best interface for all cases, so it might make sense to cherry pick some features from the io-uring API (like COMMIT_AND_FETCH) to the regular synchronous API. And that would need new ioctl commands anyway. Thanks, Miklos
