Is io_uring supported in Red Hat Enterprise Linux?

Environment

• Red Hat Enterprise Linux (RHEL) 10
• Red Hat Enterprise Linux (RHEL) 9
• Red Hat Enterprise Linux (RHEL) 8

Issue

• Is io_uring supported in Red Hat Enterprise Linux?

Resolution

• RHEL 8.x: This was being considered for RHEL8 in This content is not included.RHELPLAN-54699 where unfortunately it was decided that io_uring support will not be enabled in RHEL8.

• RHEL 9.x: This content is not included.RHELPLAN-116748 - Add io_uring Support proposed to release this feature in RHEL 9.3 GA. It was released in RHSA-2023:6583 (kernel-5.14.0-362.8.1.el9_3) as Tech Preview only. This content is not included.RHEL-120699 is in planning to promote io_uring to full support. Currently there is no release date specified.

• RHEL 10: This is available as Tech Preview. This content is not included.RHEL-120700 is in planning to upgrade io_uring to full support. Currently there is no release date specified.

• As the above bugs are private, for full details on the internals, please contact Red Hat Support.

• The feature is available in RHEL 9.3+ and RHEL 10 as Tech Preview. It is currently disabled and must be manually enabled. Please note the below documentation regarding usage.

The io_uring interface is available as a Technology Preview
io_uring is a new and effective asynchronous I/O interface, which is now available as a Technology Preview. By default, this feature is disabled. You can enable this interface by setting the kernel.io_uring_disabled sysctl variable to any one of the following values:
0:: All processes can create io_uring instances as usual.
1:: io_uring creation is disabled for unprivileged processes. The io_uring_setup fails with the -EPERM error unless the calling process is privileged by the CAP_SYS_ADMIN capability. Existing io_uring instances can still be used.
2:: io_uring creation is disabled for all processes. The io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used. This is the default setting.
An updated version of the SELinux policy to enable the mmap system call on anonymous inodes is also required to use this feature.
By using the io_uring command pass-through, an application can issue commands directly to the underlying hardware, such as nvme. Use of io_uring command pass-through currently requires a custom SELinux policy module. Execute the following steps to create a custom SELinux policy module:
Save the following lines as io_uring_cmd_passthrough.cil file:
( allow unconfined_domain_type device_node ( io_uring ( cmd )))

( allow unconfined_domain_type file_type ( io_uring ( cmd )))
Load the policy module:
semodule -i io_uring_cmd_passthrough.cil

Root Cause

**
The reason for io_uring being Tech Preview only as of now is because of the exposure to many security vulnerabilities, and issues involving privilege escalation stemming from bugs like use-after-free and race conditions.
Currently io_uring will remain Tech Preview until the security vulnerabilities can be fully addressed and mitigated.
**

Diagnostic Steps

• An explanation of what io_uring is can be found at Content from kernel.dk is not included.Efficient IO with io_uring.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.