io_uring: So Fast. It's Scary. – Paul Moore, Microsoft

io_uring: So Fast. It’s Scary. – Paul Moore, Microsoft

The io_uring subsystem was introduced in Linux v5.1 and provided a new way to do asynchronous I/O on Linux, improving on the existing AIO subsystem. Since then io_uring has been a source of active development, gaining the ability to delegate credentials across process boundaries in Linux v5.6. Unfortunately, all of this happened without engaging the LSM community, and as a result LSM access controls were not added to io_uring until Linux v5.16. This talk will discuss the challenges in adding LSM controls to the io_uring subsystem, thoughts on why the controls lagged the functional development, and what the LSM community might do to help reduce the changes of similar problems in the future.

source by The Linux Foundation

linux foundation