Cook: Security things in Linux v5.6

Kees Cook catchesup with the security-relevant changes in the 5.6 kernel release."With my 'attack surface reduction' hat on, I remain personallysuspicious of the io_uring() family of APIs, but I can't deny their utilityfor certain kinds of workloads. Being able to pipeline reads and writeswithout the overhead of actually making syscalls is pretty great forperformance. Jens Axboe has added the IORING_OP_OPENAT command so thatexisting io_urings can open files to be added on the fly to the mapping ofavailable read/write targets of a given io_uring. While LSMs are stillhappily able to intercept these actions, I remain wary of the growing'syscall multiplexer' that io_uring is becoming."