Software:Io uring

From HandWiki
Short description: Linux kernel interface for storage devices


io_uring (previously known as aioring) is a Linux kernel system call interface for storage device asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read()/write() or aio_read()/aio_write() etc. for operations on data accessed by file descriptors.[1][2](p2)

Development is ongoing, worked on primarily by Jens Axboe at Meta.[1]

Interface

It works by creating two circular buffers, called "queue rings", for storage of submission and completion of I/O requests, respectively. For storage devices, these are called the submission queue (SQ) and completion queue (CQ).[3] Keeping these buffers shared between the kernel and application helps to boost the I/O performance by eliminating the need to issue extra and expensive system calls to copy these buffers between the two.[1][3][4] According to the io_uring design paper, the SQ buffer is writable only by consumer applications, and the CQ buffer is writable only by the kernel.[5]:3

eBPF can be combined with io_uring.[6]

History

The Linux kernel has supported asynchronous I/O since version 2.5, but it was seen as difficult to use and inefficient.[7] This older API only supported certain niche use cases,[8] notably it only enables asynchronous operation when using the O_DIRECT flag and while accessing already allocated files. This prevents utilizing the page cache, while also exposing the application to complex O_DIRECT semantics. Linux AIO also does not support sockets, so it cannot be used to multiplex network and disk I/O.[9]

The io_uring kernel interface was adopted in Linux kernel version 5.1 to resolve the deficiencies of Linux AIO.[1][4][10] The liburing library provides an API to interact with the kernel interface easily from userspace.[1][5]:12

Security

io_uring has been noted for exposing a significant attack surface and structural difficulties integrating it with the Linux security subsystem.[11]

In June 2023, Google's security team reported that 60% of Linux kernel exploits submitted to their bug bounty program in 2022 were exploits of io_uring vulnerabilities. As a result, io_uring was disabled for apps in Android, and disabled entirely in ChromeOS as well as Google servers.[12] Docker also consequently disabled io_uring from their default seccomp profile.[13]

References

  1. 1.0 1.1 1.2 1.3 1.4 "Linux Kernel Getting io_uring To Deliver Fast & Efficient I/O - Phoronix". https://www.phoronix.com/scan.php?page=news_item&px=Linux-io_uring-Fast-Efficient. 
  2. Axboe, Jens (October 15, 2019). "Efficient IO with io_uring". https://kernel.dk/io_uring.pdf. 
  3. 3.0 3.1 "Getting Hands-on with io_uring using Go" (in en-us). https://developers.mattermost.com/blog/hands-on-iouring-go/. 
  4. 4.0 4.1 "The rapid growth of io_uring [LWN.net"]. https://lwn.net/Articles/810414/. 
  5. 5.0 5.1 Cite error: Invalid <ref> tag; no text was provided for refs named {{{1}}}
  6. "BPF meets io_uring [LWN.net"]. https://lwn.net/Articles/847951/. 
  7. Corbet, Jonathan. "Ringing in a new asynchronous I/O API". https://lwn.net/Articles/776703/. 
  8. "What's new with io_uring". https://kernel.dk/axboe-kr2022.pdf. 
  9. "Linux Asynchronous I/O". 2014-04-21. http://code.google.com/p/kernel/wiki/AIOUserGuide. "Blocking during io_submit on ext4, on buffered operations, network access, pipes, etc. Some operations are not well-represented by the AIO interface. With completely unsupported operations like buffered reads, operations on a socket or pipes, the entire operation will be performed during the io_submit syscall, with the completion available immediately for access with io_getevents. AIO access to a file on a filesystem like ext4 is partially supported: if a metadata read is required to look up the data block (ie if the metadata is not already in memory), then the io_submit call will block on the metadata read. Certain types of file-enlarging writes are completely unsupported and block for the entire duration of the operation." 
  10. "Faster IO through io_uring | Kernel Recipes 2019" (in en-GB). https://kernel-recipes.org/en/2019/talks/faster-io-through-io_uring/. 
  11. Corbet, Jonathan (2022-07-28). "Security requirements for new kernel features". https://lwn.net/Articles/902466/. 
  12. Koczka, Tamás. "Learnings from kCTF VRP's 42 Linux kernel exploits submissions" (in en). Google. https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html. 
  13. "seccomp: block io_uring_* syscalls in default profile by akerouanton · Pull Request #46762 · moby/moby" (in en). https://github.com/moby/moby/pull/46762. 

External links



Retrieved from "https://handwiki.org/wiki/index.php?title=Software:Io_uring&oldid=3461467"