io_uring: set io_uring_disabled sysctl to 1 by default

This forces processes to have `CAP_SYS_ADMIN` in order to use io_uring or to be in the io_uring_group. The patch alter the sysctl value range in order that once set to "2" it can't be lowered again. The io_uring_group sysctl option is set to -1 by default, user should define a proper group and set the sysctl properly if they want it configured. Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
anthraxx · Mar 6, 2024 · 29d3cf6 · 29d3cf6
1 parent bb72050
commit 29d3cf6
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
@@ -150,7 +150,7 @@ static void io_queue_sqe(struct io_kiocb *req);
 
 struct kmem_cache *req_cachep;
 
-static int __read_mostly sysctl_io_uring_disabled;
+static int __read_mostly sysctl_io_uring_disabled = 1;
 static int __read_mostly sysctl_io_uring_group = -1;
 
 #ifdef CONFIG_SYSCTL
@@ -160,8 +160,9 @@ static struct ctl_table kernel_io_uring_disabled_table[] = {
 		.data		= &sysctl_io_uring_disabled,
 		.maxlen		= sizeof(sysctl_io_uring_disabled),
 		.mode		= 0644,
+		/* only handle a transition from default "1" to "2" */
 		.proc_handler	= proc_dointvec_minmax,
-		.extra1		= SYSCTL_ZERO,
+		.extra1		= SYSCTL_TWO,
 		.extra2		= SYSCTL_TWO,
 	},
 	{