APPLIED [OEM-6.1] Re: [Focal, Jammy, OEM-6.1, Lunar, Mantic 0/1] LP: #2035116 - allow io_uring to be disabled in runtime

[Timo Aaltonen]

Thadeu Lima de Souza Cascardo kirjoitti 11.9.2023 klo 21.43:
> [Impact]
> io_uring has been an important attack vector in the recent years in local
> privilege escalation attacks. Allowing admins that don't use io_uring to
> disable it in their systems allows them to reduce their attack surface.
> 
> [Backport]
> Except for 5.4, all backports were just context adjustment around req_cachep
> initialization and io_uring_fops declaration.
> 
> On 5.4, Documentation had to be put in the right place, and options were
> added to a list of options. Code had to be manually copied to fs/io_uring.c
> since that file has been split and moved to io_uring/. And since there is
> no SYSCTL_TWO, a variable named two had to be used as it is in other sysctl
> cases.
> 
> [Test case]
> sysctl -w kernel.io_uring_disabled=1
> 
> then try to use io_uring from an unprivileged user, then try it with
> privileges (CAP_SYS_ADMIN)
> 
> Actually also tried setting kernel.io_uring_disabled=2 and checking that
> neither (privileged or unprivileged worked).
> 
> Then testing setting it back to 0.
> 
> Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and
> that it worked for group 1000, then set it to 1001 and verified that it
> didn't work anymore for group 1000.
> 
> [Potential regression]
> Uses can be denied from using io_uring.
> 
> Matteo Rizzo (1):
>    io_uring: add a sysctl to disable io_uring system-wide
> 
>   Documentation/admin-guide/sysctl/kernel.rst | 29 ++++++++++++
>   io_uring/io_uring.c                         | 51 +++++++++++++++++++++
>   2 files changed, 80 insertions(+)
> 

applied to oem-6.1, thanks

-- 
t