logo

io_uring: So Fast. It's Scary.

2022-09-15

Authors:   Paul Moore


Summary

The presentation discusses the importance of identifying complex code patterns and using tools like cachanel and machine learning for code analysis to prevent security issues like the IOU ring problem in the Linux kernel. The speaker also emphasizes the need for a more formal security review process in the Linux kernel development.
  • Identifying complex code patterns is crucial for preventing security issues in the Linux kernel
  • Tools like cachanel and machine learning can be used for code analysis
  • A more formal security review process should be added to the Linux kernel development
  • CVs are important for security issues but the process of getting them is difficult
  • The speaker recommends using the mailing list for kernel development communication
The speaker shares an anecdote about how the development process for IPv6 integrated security from the beginning to avoid playing catch-up like with IPv4. However, the Linux kernel development process is more organic and there is some reluctance to acknowledge security concerns. The speaker hopes for a more formal security review process in the future.

Abstract

The io_uring subsystem was introduced in Linux v5.1 and provided a new way to do asynchronous I/O on Linux, improving on the existing AIO subsystem. Since then io_uring has been a source of active development, gaining the ability to delegate credentials across process boundaries in Linux v5.6. Unfortunately, all of this happened without engaging the LSM community, and as a result LSM access controls were not added to io_uring until Linux v5.16. This talk will discuss the challenges in adding LSM controls to the io_uring subsystem, thoughts on why the controls lagged the functional development, and what the LSM community might do to help reduce the changes of similar problems in the future.

Materials: