←back to thread

122 points ashvardanian | 3 comments | | HN request time: 0.634s | source
Show context
refulgentis ◴[] No.42176793[source]
It took me many io_uring hello world articles to find out it's not really used in production (ex. Android and ChromeOS both disable it) because it was, and continues to be, a source of an absolutely bonkers outsized # of security issues.

I don't remember much more than that*, but just dropping it here because I learned a ton more from reading about that, than my Nth io_uring article.

* for example, the article mentioning relevant buffers are shared with the system made me want to say "aHA, yes, that's what the security articles said was a core issue!" -- but I can't actually remember with 100% confidence

replies(2): >>42177121 #>>42178527 #
1. loeg ◴[] No.42177121[source]
Well, it's not true that it isn't used in production. Google has been burned and at least historically did not use it. But I know some services at Facebook use it in production.

Yes, historically it was a big source of security bugs. I think that has tapered off somewhat as the rate of change slows down.

replies(1): >>42181937 #
2. junon ◴[] No.42181937[source]
Jens Axboe, io_uring creator, works at Facebook if memory serves, so I'd imagine that's why it's used in prod at Facebook.
replies(1): >>42186304 #
3. loeg ◴[] No.42186304[source]
He does, and these things are somewhat related, though it's not like services are compelled to use io_uring on his behalf.