←back to thread

lsr: ls with io_uring

(rockorager.dev)
335 points mpweiher | 10 comments | 18 Jul 25 12:40 UTC | HN request time: 1.127s | source | bottom
Show context
SillyUsername ◴[18 Jul 25 13:13 UTC] No.44604307[source]
Love it.

I'm trying to understand why all command line tools don't use io_uring.

As an example, all my nvme's on usb 3.2 gen 2 only reach 740MB/s peak.

If I use tools with aio or io_uring I get 1005MB/s.

I know I may not be copying many files simultaneously every time, but the queue length strategies and the fewer locks also help I guess.

replies(9): >>44604401 #>>44604434 #>>44604490 #>>44604735 #>>44604738 #>>44604905 #>>44605976 #>>44607467 #>>44608653 #
1. Thaxll ◴[18 Jul 25 14:18 UTC] No.44604905[source]
io_uring is a security nightmare.
replies(2): >>44604952 #>>44608476 #
2. pjc50 ◴[18 Jul 25 14:24 UTC] No.44604952[source]
How so?
replies(3): >>44605001 #>>44605028 #>>44608441 #
3. Thaxll ◴[18 Jul 25 14:28 UTC] No.44605001[source]
This is a good read on the topic: https://chomp.ie/Blog+Posts/Put+an+io_uring+on+it+-+Exploiti...
4. sim7c00 ◴[18 Jul 25 14:30 UTC] No.44605028[source]
you give process direct access to a piece of kernel memory. its a reason why there is separation. thats all.
replies(3): >>44605444 #>>44605743 #>>44606164 #
5. wtallis ◴[18 Jul 25 15:04 UTC] No.44605444{3}[source]
Most of the security concerns with io_uring that I've seen aren't related to the shared buffers at all but simply stem from the fact that io_uring is a mechanism to instruct the kernel to do stuff without making system calls, so security measures that focus on what system calls a process is allowed to do are ineffective.
6. loeg ◴[18 Jul 25 15:24 UTC] No.44605743{3}[source]
This isn't the issue; it's relatively easy to safely share some ring buffers. The issue was/is that io_uring is rapidly growing the equivalent of ~all historical Linux syscall interfaces and sometimes comparable security measures were missed on the new interfaces. (Also, stuff like seccomp filters on syscalls are kind of meaningless for io_uring.)
7. duped ◴[18 Jul 25 15:53 UTC] No.44606164{3}[source]
...don't you supply the memory in the submission queue? or do you mean the queues themselves?
replies(1): >>44611437 #
8. raesene9 ◴[18 Jul 25 18:53 UTC] No.44608441[source]
https://security.googleblog.com/2023/06/learnings-from-kctf-... - Has some interesting information on that topic.
9. marcodiego ◴[18 Jul 25 18:57 UTC] No.44608476[source]
I updated the Wikipedia article on io_uring to dispute that.
10. LAC-Tech ◴[19 Jul 25 00:37 UTC] No.44611437{4}[source]
The memory for the submission queue is mmapd into user space. Easiest implementation to read is the Zig stdlib:

https://github.com/ziglang/zig/blob/69cf40da600224734d39c6f6...