Google restricts IO_uring use due to frequent security breaches
Google restricts IO_uring use due to frequent security breaches
Google restricts IO_uring use due to frequent security breaches.
While IO_uring is one of the biggest innovations in the Linux kernel in recent years, helping to provide more efficient and high-performance I/O, it also has various security vulnerabilities.
Due to ongoing security concerns, this interface for asynchronous I/O is restricted or completely disabled in Google products.
According to the Google Security Blog , 60% of submissions in the Google bug bounty program are related to IO_uring.
And Google has paid about $1 million for the IO_uring bug bounty.
Therefore, Google believes that IO_uring shows a great security risk in terms of reward cost and number of kernel vulnerabilities.
Therefore, Google has disabled IO_uring in Chrome OS until a proper sandboxing method can be found.
At the same time, Google’s Android is using the seccomp-bpf filter to ensure that applications cannot access IO_uring.
Future versions of Android will use SELinux to restrict IO_uring to only selected system processes.
Additionally, Google is actively researching disabling IO_uring by default in GKE AutoPilot.
Finally, they have disabled the use of IO_uring on Google production servers.
The Google Security Blog continues: “While io_uring brings performance benefits and timely responses to security issues with comprehensive security fixes (such as backporting 5.15 to the 5.10 stable tree), it is a relative Newer part. So while io_uring continues to be actively developed, it is also subject to serious bugs, and it also provides powerful exploitation primitives. For these reasons, we currently only consider it useful for It is safe for use by trusted components only.”
