CopperheadOS disables the kernel's CONFIG_AIO feature
authorAlexander Popov <alex.popov@linux.com>
Fri, 20 Mar 2020 20:24:03 +0000 (23:24 +0300)
committerAlexander Popov <alex.popov@linux.com>
Fri, 20 Mar 2020 20:24:03 +0000 (23:24 +0300)
commit1e2a12519efdb70fd5456f08b1726eaa75d6913f
tree23e5a7431e7b12a5f3456d9af45a32ee60f96139
parentb66e0ce2796947670b2dc15ad28f5fdc8164e82e
CopperheadOS disables the kernel's CONFIG_AIO feature

It isn't used or exposed by the base system and is a dubious feature.
It performs no better than thread pools and it can still block, along
with having coverage of only a tiny portion of blocking system calls
even when considering only commonly used system calls for IO.
There are no known compatibility issues caused by having this disabled.
Since this is such a dubious niche feature, it's also very poorly tested
and it doesn't get much attention. Proposed improvements have been blocked
based on the concern that POSIX AIO is such a bad interface that trying
to improve/extend it would be harmful. Following the lead of CopperheadOS
on this front has been proposed and accepted upstream for the recommended
Android kernel configuration used to derive device specific configurations.

https://github.com/AndroidHardeningArchive/documentation/blob/master/technical_overview.md#attack-surface-reduction
kconfig-hardened-check.py