← Back to context

Comment by holowoodman

7 months ago

This just reinforces the (maybe unfounded) impression that security is a secondary consideration, and performance is primary.

I'd use io_uring in a heartbeat on a dedicated system where the job is only I/O and security isolation isn't a concern. But multiuser/multiapplication/networked? Not a chance.

7 comments

holowoodman

Reply
weitendorf  7 months ago

I think there is a very large amount of overlap between the people who

1. know what io_uring is

2. are interested in performance enough to look at improvements based on new linux kernel system calls and talk about it in public

3. care about security in multitenant environments or the syscalls used by third party libraries

I think io_uring right now probably makes a lot of sense for HPC and highly technical, performance-sensitive financial stuff, but they can be kind of insular. I don't think most linux hobbyists really need the performance benefits enough t care about it, and most businesses are using a major cloud vendor/don't have the scale or expertise to be thinking about this kind of stuff. Which leaves major cloud providers and really big businesses like Meta with their own internal clouds as the ones that stand to benefit enough to care about performance while really caring about security

  • throwaway81523  7 months ago

    For me it's less about performance than cleaner concurrency. Do you know (unless this has been fixed recently) that io_uring is the only way you can asynchronously open a file? Erlang and GHC both have lightweight threads/processes that use asynchronous i/o (for sockets, say), but they keep a separate OS threadpool to be able to do stuff like open files. io_uring lets you write an actual multitasking OS-like thing that runs in a single Linux thread.

Asmod4n  7 months ago

There should be no issue with disabling it altogether by banning its setup and usage syscalls.

  • holowoodman  7 months ago

    Which would be prone to misconfiguration, accidents and exploits. Better to not include it at all.

    • Asmod4n  7 months ago

      Are you saying it’s impossible to misuse disabling the accept syscall but it’s prone to misconfiguration with disabling io_uring_enter?

      1 reply →

  • accelbred  7 months ago

    Yup, but that leads to io-uring devs complaining that people dislike software using io-uring because it doesn't run in containers/etc blocking io-uring entirely