Waiting for many things at once with io_uring

1. jeffbee ◴[18 Nov 24 18:32 UTC] No.42175397[source]▶

Some of the things that you cannot wait on using io_uring are your kernel actually supporting the feature mentioned in the article, io_uring actually working properly, and io_uring solving its seemingly bottomless supply of local user exploits. In the early days of this feature I was bullish but the way its implementation has emitted CVEs has not been a source of joy, and now many major Linux operators have banned the API internally. Maybe what is needed is a moment of reflection and a scratch reimplementation that learns the lessons of io_uring?

replies(2): >>42176924 #>>42177157 #

2. ◴[18 Nov 24 20:56 UTC] No.42176924[source]▶

>>42175397 (TP) #

3. loeg ◴[18 Nov 24 21:18 UTC] No.42177157[source]▶

>>42175397 (TP) #

A new from-scratch implementation would suffer from a similar problem as early io_uring did (high rate of code change, which seems to be what drives security bug rates).

replies(1): >>42178630 #

4. KerrAvon ◴[18 Nov 24 23:59 UTC] No.42178630[source]▶

>>42177157 #

Isn't something fundamentally broken with either the kernel or the adoption process if that's true? It seems like you should be able to do fast async I/O without the kind of privilege escalation vulnerabilities that are still happening.