74081e0354558f6449ebd9a6e02c734542a7cd9e - third_party/kernel

commit	74081e0354558f6449ebd9a6e02c734542a7cd9e	[log] [tgz]
author	Matteo Rizzo <matteorizzo@google.com>	Fri Jun 30 15:10:03 2023 +0000
committer	COS Cherry Picker <cloud-image-release@prod.google.com>	Mon Aug 21 23:35:26 2023 -0700
tree	21e143891b46219d85e13ac68dfb77acabc76ee5
parent	a42d8b9891c3b11cafa7c256cd18a581f7b995f8 [diff]

io_uring: add a sysctl to disable io_uring system-wide

Introduce a new sysctl (io_uring_disabled) which can be either 0, 1,
or 2. When 0 (the default), all processes are allowed to create io_uring
instances, which is the current behavior. When 1, all calls to
io_uring_setup fail with -EPERM unless the calling process has
CAP_SYS_ADMIN. When 2, calls to io_uring_setup fail with -EPERM
regardless of privilege.

BUG=b/293017665
TEST=presubmit
RELEASE_NOTE=None

cos-patch: bug
Signed-off-by: Matteo Rizzo <matteorizzo@google.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
Reviewed-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20230630151003.3622786-2-matteorizzo@google.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Change-Id: I0536bc6e6443ddacadf463fcb78e708a34d88fe5
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/55596
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Arnav Kansal <rnv@google.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>

2 files changed

tree: 21e143891b46219d85e13ac68dfb77acabc76ee5