io_uring (previously known as aioring) is a
Linux kernel
system call interface for storage device
asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read()
/write()
or aio_read()
/aio_write()
etc. for
operations on data accessed by
file descriptors.
[1]
[2]: 2
Development is ongoing, worked on primarily by Jens Axboe at Meta. [1]
It works by creating two circular buffers, called "queue rings", for storage of submission and completion of I/O requests, respectively. For storage devices, these are called the submission queue (SQ) and completion queue (CQ). [3] Keeping these buffers shared between the kernel and application helps to boost the I/O performance by eliminating the need to issue extra and expensive system calls to copy these buffers between the two. [1] [3] [4] According to the io_uring design paper, the SQ buffer is writable only by consumer applications, and the CQ buffer is writable only by the kernel. [1]: 3
eBPF can be combined with io_uring. [5]
The Linux kernel has supported asynchronous I/O since version 2.5, but it was seen as difficult to use and inefficient. [6] This older API only supported certain niche use cases, [7] notably it only enables asynchronous operation when using the O_DIRECT flag and while accessing already allocated files. This prevents utilizing the page cache, while also exposing the application to complex O_DIRECT semantics. Linux AIO also does not support sockets, so it cannot be used to multiplex network and disk I/O. [8]
The io_uring kernel interface was adopted in Linux kernel version 5.1 to resolve the deficiencies of Linux AIO.
[1]
[4]
[9] The liburing
library provides an
API to interact with the kernel interface easily from
userspace.
[1]
[1]: 12
io_uring has been noted for exposing a significant attack surface and structural difficulties integrating it with the Linux security subsystem. [10]
In June 2023, Google's security team reported that 60% of Linux kernel exploits submitted to their bug bounty program in 2022 were exploits of io_uring vulnerabilities. As a result, io_uring was disabled for apps in Android, and disabled entirely in ChromeOS as well as Google servers. [11] Docker also consequently disabled io_uring from their default seccomp profile. [12]
Blocking during io_submit on ext4, on buffered operations, network access, pipes, etc. Some operations are not well-represented by the AIO interface. With completely unsupported operations like buffered reads, operations on a socket or pipes, the entire operation will be performed during the io_submit syscall, with the completion available immediately for access with io_getevents. AIO access to a file on a filesystem like ext4 is partially supported: if a metadata read is required to look up the data block (ie if the metadata is not already in memory), then the io_submit call will block on the metadata read. Certain types of file-enlarging writes are completely unsupported and block for the entire duration of the operation.
liburing
source repositoryio_uring
source directory in the Linux kernel repositoryio_uring (previously known as aioring) is a
Linux kernel
system call interface for storage device
asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read()
/write()
or aio_read()
/aio_write()
etc. for
operations on data accessed by
file descriptors.
[1]
[2]: 2
Development is ongoing, worked on primarily by Jens Axboe at Meta. [1]
It works by creating two circular buffers, called "queue rings", for storage of submission and completion of I/O requests, respectively. For storage devices, these are called the submission queue (SQ) and completion queue (CQ). [3] Keeping these buffers shared between the kernel and application helps to boost the I/O performance by eliminating the need to issue extra and expensive system calls to copy these buffers between the two. [1] [3] [4] According to the io_uring design paper, the SQ buffer is writable only by consumer applications, and the CQ buffer is writable only by the kernel. [1]: 3
eBPF can be combined with io_uring. [5]
The Linux kernel has supported asynchronous I/O since version 2.5, but it was seen as difficult to use and inefficient. [6] This older API only supported certain niche use cases, [7] notably it only enables asynchronous operation when using the O_DIRECT flag and while accessing already allocated files. This prevents utilizing the page cache, while also exposing the application to complex O_DIRECT semantics. Linux AIO also does not support sockets, so it cannot be used to multiplex network and disk I/O. [8]
The io_uring kernel interface was adopted in Linux kernel version 5.1 to resolve the deficiencies of Linux AIO.
[1]
[4]
[9] The liburing
library provides an
API to interact with the kernel interface easily from
userspace.
[1]
[1]: 12
io_uring has been noted for exposing a significant attack surface and structural difficulties integrating it with the Linux security subsystem. [10]
In June 2023, Google's security team reported that 60% of Linux kernel exploits submitted to their bug bounty program in 2022 were exploits of io_uring vulnerabilities. As a result, io_uring was disabled for apps in Android, and disabled entirely in ChromeOS as well as Google servers. [11] Docker also consequently disabled io_uring from their default seccomp profile. [12]
Blocking during io_submit on ext4, on buffered operations, network access, pipes, etc. Some operations are not well-represented by the AIO interface. With completely unsupported operations like buffered reads, operations on a socket or pipes, the entire operation will be performed during the io_submit syscall, with the completion available immediately for access with io_getevents. AIO access to a file on a filesystem like ext4 is partially supported: if a metadata read is required to look up the data block (ie if the metadata is not already in memory), then the io_submit call will block on the metadata read. Certain types of file-enlarging writes are completely unsupported and block for the entire duration of the operation.
liburing
source repositoryio_uring
source directory in the Linux kernel repository