From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] linux: Disable io_uring
Date: Fri, 13 Oct 2023 09:03:00 +0000
Message-ID: <d09d71ec-4501-44e7-ad47-631ebe654f91@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3069074654787614485=="
List-Id: <development.lists.ipfire.org>

--===============3069074654787614485==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This subsystem has been a frequent source of security vulnerabilities
affecting the Linux kernel; as a result, Google announced on June 14,
2023, that they would disable it in their environment as widely as
possible.

IPFire does not depend on the availability of io_uring. Therefore,
disable this subsystem as well in order to preemptively cut attack
surface.

See also: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42=
-linux.html

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 3 +--
 config/kernel/kernel.config.x86_64-ipfire  | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne=
l.config.aarch64-ipfire
index 96944c3d5..0d7c1ba8a 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -229,7 +229,7 @@ CONFIG_TIMERFD=3Dy
 CONFIG_EVENTFD=3Dy
 CONFIG_SHMEM=3Dy
 CONFIG_AIO=3Dy
-CONFIG_IO_URING=3Dy
+# CONFIG_IO_URING is not set
 CONFIG_ADVISE_SYSCALLS=3Dy
 CONFIG_MEMBARRIER=3Dy
 CONFIG_KALLSYMS=3Dy
@@ -7824,7 +7824,6 @@ CONFIG_NLS_MAC_TURKISH=3Dm
 CONFIG_NLS_UTF8=3Dm
 # CONFIG_DLM is not set
 # CONFIG_UNICODE is not set
-CONFIG_IO_WQ=3Dy
 # end of File systems
=20
 #
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel=
.config.x86_64-ipfire
index 129e0d209..48fdbd8ff 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -249,7 +249,7 @@ CONFIG_TIMERFD=3Dy
 CONFIG_EVENTFD=3Dy
 CONFIG_SHMEM=3Dy
 CONFIG_AIO=3Dy
-CONFIG_IO_URING=3Dy
+# CONFIG_IO_URING is not set
 CONFIG_ADVISE_SYSCALLS=3Dy
 CONFIG_MEMBARRIER=3Dy
 CONFIG_KALLSYMS=3Dy
@@ -7047,7 +7047,6 @@ CONFIG_DLM=3Dm
 # CONFIG_DLM_DEPRECATED_API is not set
 # CONFIG_DLM_DEBUG is not set
 # CONFIG_UNICODE is not set
-CONFIG_IO_WQ=3Dy
 # end of File systems
=20
 #
--=20
2.35.3

--===============3069074654787614485==--