Kees Cook catches up with the security-relevant changes in the 5.6 kernel release. "With my 'attack surface reduction' hat on, I remain personally suspicious of the iouring() family of APIs, but I can’t deny their utility for certain kinds of workloads. Being able to pipeline reads and writes without the overhead of actually making syscalls is pretty great for performance. Jens Axboe has added the IORINGOPOPENAT command so that existing iourings can open files to be added on the fly to the mapping of available read/write targets of a given iouring. While LSMs are still happily able to intercept these actions, I remain wary of the growing 'syscall multiplexer' that iouring is becoming."