[Focal, Jammy, OEM-6.1, Lunar, Mantic 0/1] LP: #2035116 - allow io_uring to be disabled in runtime

[Thadeu Lima de Souza Cascardo]

[Impact]
io_uring has been an important attack vector in the recent years in local
privilege escalation attacks. Allowing admins that don't use io_uring to
disable it in their systems allows them to reduce their attack surface.

[Backport]
Except for 5.4, all backports were just context adjustment around req_cachep
initialization and io_uring_fops declaration.

On 5.4, Documentation had to be put in the right place, and options were
added to a list of options. Code had to be manually copied to fs/io_uring.c
since that file has been split and moved to io_uring/. And since there is
no SYSCTL_TWO, a variable named two had to be used as it is in other sysctl
cases.

[Test case]
sysctl -w kernel.io_uring_disabled=1

then try to use io_uring from an unprivileged user, then try it with
privileges (CAP_SYS_ADMIN)

Actually also tried setting kernel.io_uring_disabled=2 and checking that
neither (privileged or unprivileged worked).

Then testing setting it back to 0.

Then tested with io_uring_disabled set to 1 and io_uring_group=1000 and
that it worked for group 1000, then set it to 1001 and verified that it
didn't work anymore for group 1000.

[Potential regression]
Uses can be denied from using io_uring.

Matteo Rizzo (1):
  io_uring: add a sysctl to disable io_uring system-wide

 Documentation/admin-guide/sysctl/kernel.rst | 29 ++++++++++++
 io_uring/io_uring.c                         | 51 +++++++++++++++++++++
 2 files changed, 80 insertions(+)

-- 
2.34.1