APPLIED[L/J/F]/Cmnt: [Focal, Jammy, OEM-6.1, Lunar, Mantic 0/1] LP: #2035116 - allow io_uring to be disabled in runtime

Stefan Bader stefan.bader at canonical.com
Fri Sep 15 09:02:11 UTC 2023 

On 11.09.23 20:43, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> io_uring has been an important attack vector in the recent years in local
> privilege escalation attacks. Allowing admins that don't use io_uring to
> disable it in their systems allows them to reduce their attack surface.
> 
> [Backport]
> Except for 5.4, all backports were just context adjustment around req_cachep
> initialization and io_uring_fops declaration.
> 
> On 5.4, Documentation had to be put in the right place, and options were
> added to a list of options. Code had to be manually copied to fs/io_uring.c
> since that file has been split and moved to io_uring/. And since there is
> no SYSCTL_TWO, a variable named two had to be used as it is in other sysctl
> cases.
> 
> [Test case]
> sysctl -w kernel.io_uring_disabled=1
> 
> then try to use io_uring from an unprivileged user, then try it with
> privileges (CAP_SYS_ADMIN)
> 
> Actually also tried setting kernel.io_uring_disabled=2 and checking that
> neither (privileged or unprivileged worked).
> 
> Then testing setting it back to 0.
> 
> Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and
> that it worked for group 1000, then set it to 1001 and verified that it
> didn't work anymore for group 1000.
> 
> [Potential regression]
> Uses can be denied from using io_uring.
> 
> Matteo Rizzo (1):
>    io_uring: add a sysctl to disable io_uring system-wide
> 
>   Documentation/admin-guide/sysctl/kernel.rst | 29 ++++++++++++
>   io_uring/io_uring.c                         | 51 +++++++++++++++++++++
>   2 files changed, 80 insertions(+)
> 

Applied to lunar,jammy,focal:linux/master-next (added BugLink on Focal). 
Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230915/a485ff2e/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230915/a485ff2e/attachment-0001.sig>

More information about the kernel-team mailing list