Post Syndicated from original https://lwn.net/Articles/902466/

The relatively new io_uring subsystem has
changed the way asynchronous I/O is done on Linux systems and improved
performance significantly. It has also, however, begun to run up a record
of disagreements with the kernel’s security community. A recent
discussion about security hooks for the new uring_cmd mechanism
shows how easily requirements can be overlooked in a complex system with no
overall supervision.