ACK: [Focal, Jammy, OEM-6.1, Lunar, Mantic 0/1] LP: #2035116 - allow io_uring to be disabled in runtime

[Cengiz Can]

On 11/09/2023 21:43, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> io_uring has been an important attack vector in the recent years in local
> privilege escalation attacks. Allowing admins that don't use io_uring to
> disable it in their systems allows them to reduce their attack surface.
>
> [Backport]
> Except for 5.4, all backports were just context adjustment around req_cachep
> initialization and io_uring_fops declaration.
>
> On 5.4, Documentation had to be put in the right place, and options were
> added to a list of options. Code had to be manually copied to fs/io_uring.c
> since that file has been split and moved to io_uring/. And since there is
> no SYSCTL_TWO, a variable named two had to be used as it is in other sysctl
> cases.
>
> [Test case]
> sysctl -w kernel.io_uring_disabled=1
>
> then try to use io_uring from an unprivileged user, then try it with
> privileges (CAP_SYS_ADMIN)
>
> Actually also tried setting kernel.io_uring_disabled=2 and checking that
> neither (privileged or unprivileged worked).
>
> Then testing setting it back to 0.
>
> Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and
> that it worked for group 1000, then set it to 1001 and verified that it
> didn't work anymore for group 1000.
>
> [Potential regression]
> Uses can be denied from using io_uring.
>
> Matteo Rizzo (1):
>    io_uring: add a sysctl to disable io_uring system-wide
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
>   Documentation/admin-guide/sysctl/kernel.rst | 29 ++++++++++++
>   io_uring/io_uring.c                         | 51 +++++++++++++++++++++
>   2 files changed, 80 insertions(+)
>