From: Jens Axboe <axboe@kernel.dk>
To: io-uring@vger.kernel.org
Cc: brauner@kernel.org, cyphar@cyphar.com, jannh@google.com,
kees@kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCHSET v7] Inherited restrictions and BPF filtering for io_uring
Date: Tue, 27 Jan 2026 11:29:55 -0700 [thread overview]
Message-ID: <20260127183311.86505-1-axboe@kernel.dk> (raw)
Hi,
Followup to v6 here:
https://lore.kernel.org/io-uring/20260119235456.1722452-1-axboe@kernel.dk/
Mostly just addressing a bit of feedback, feature wise this is all the
same as before. See the changelog section for more details.
Kernel branch can be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git/log/?h=io_uring-bpf-restrictions.4
and a liburing branch with support helpers, man page, and a fairly
substantial test case can be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/liburing.git/log/?h=bpf-restrictions
Feedback welcome!
Changes since v6
- Add pdu_size to struct io_uring_bpf_ctx. This will help future proof
filters as they can check if they agree with the kernel on what is
available, and it eliminates the need to pad the struct out for future
expansion (Christian)
- Various code cleanups (Christian)
- Fix for FORTIFY on how the bctx filter struct is cleared.
- Rebase on current for-7.0/io_uring tree.
include/linux/io_uring.h | 14 +-
include/linux/io_uring_types.h | 13 +
include/linux/sched.h | 1 +
include/uapi/linux/io_uring.h | 10 +
include/uapi/linux/io_uring/bpf_filter.h | 62 ++++
io_uring/Kconfig | 5 +
io_uring/Makefile | 1 +
io_uring/bpf_filter.c | 430 +++++++++++++++++++++++
io_uring/bpf_filter.h | 48 +++
io_uring/io_uring.c | 48 +++
io_uring/io_uring.h | 1 +
io_uring/net.c | 9 +
io_uring/net.h | 6 +
io_uring/openclose.c | 9 +
io_uring/openclose.h | 3 +
io_uring/register.c | 91 +++++
io_uring/tctx.c | 42 ++-
kernel/fork.c | 5 +
18 files changed, 788 insertions(+), 10 deletions(-)
--
Jens Axboe
next reply other threads:[~2026-01-27 18:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-27 18:29 Jens Axboe [this message]
2026-01-27 18:29 ` [PATCH 1/7] io_uring: add support for BPF filtering for opcode restrictions Jens Axboe
2026-01-27 18:29 ` [PATCH 2/7] io_uring/net: allow filtering on IORING_OP_SOCKET data Jens Axboe
2026-01-27 18:29 ` [PATCH 3/7] io_uring/bpf_filter: allow filtering on contents of struct open_how Jens Axboe
2026-01-27 18:29 ` [PATCH 4/7] io_uring/bpf_filter: cache lookup table in ctx->bpf_filters Jens Axboe
2026-01-27 18:30 ` [PATCH 5/7] io_uring/bpf_filter: add ref counts to struct io_bpf_filter Jens Axboe
2026-01-27 18:30 ` [PATCH 6/7] io_uring: add task fork hook Jens Axboe
2026-01-27 18:30 ` [PATCH 7/7] io_uring: allow registration of per-task restrictions Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260127183311.86505-1-axboe@kernel.dk \
--to=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=cyphar@cyphar.com \
--cc=io-uring@vger.kernel.org \
--cc=jannh@google.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox