Io uring: Difference between revisions

Content deleted Content added

Inline

Revision as of 16:38, 16 June 2023

io_uring (previously known as aioring) is a Linux kernel system call interface for storage device asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read()/write() or aio_read()/aio_write() etc. for operations on data accessed by file descriptors.^[1]^[2]^: 2

Development is ongoing, worked on primarily by Jens Axboe at Meta.^[1]

Interface

It works by creating two circular buffers, called "queue rings", for storage of submission and completion of I/O requests, respectively. For storage devices, these are called the submission queue (SQ) and completion queue (CQ).^[3] Keeping these buffers shared between the kernel and application helps to boost the I/O performance by eliminating the need to issue extra and expensive system calls to copy these buffers between the two.^[1]^[4]^[3] According to the io_uring design paper, the SQ buffer is writable only by consumer applications, and the CQ buffer is writable only by the kernel.^[1]^: 3

eBPF can be combined with io_uring.^[5]

History

The kernel interface was adopted in Linux kernel version 5.1.^[1]^[4]^[6] The liburing library provides an API to interact with the kernel interface easily from userspace.^[1]^[1]^: 12 The Linux kernel has supported asynchronous I/O since version 2.5, but it was seen as difficult to use and inefficient.^[7] This older API only supported certain niche use cases.^[8]

Security

io_uring has been noted for exposing a significant attack surface and structural difficulties integrating it with the Linux security subsystem.^[9]

In June 2023, Google's security team reported that 60% of Linux kernel exploits submitted to their bug bounty program in 2022 were exploits of io_uring vulnerabilities. As a result, io_uring was disabled for apps in Android, and disabled entirely in ChromeOS as well as Google servers.^[10]

References

^ ^a ^b ^c ^d ^e ^f ^g "Linux Kernel Getting io_uring To Deliver Fast & Efficient I/O - Phoronix". Phoronix. Retrieved 2021-03-14.{{cite web}}: CS1 maint: url-status (link)
^ Axboe, Jens (October 15, 2019). "Efficient IO with io_uring" (PDF).{{cite web}}: CS1 maint: url-status (link)
^ ^a ^b "Getting Hands-on with io_uring using Go". developers.mattermost.com. Retrieved 2021-11-20.
^ ^a ^b "The rapid growth of io_uring [LWN.net]". lwn.net. Retrieved 2021-11-20.
^ "BPF meets io_uring [LWN.net]". LWN.net. Retrieved 2023-04-17.
^ "Faster IO through io_uring | Kernel Recipes 2019". Retrieved 2021-03-14.
^ Corbet, Jonathan. "Ringing in a new asynchronous I/O API". LWN.net. Retrieved 2021-03-14.{{cite web}}: CS1 maint: url-status (link)
^ "What's new with io_uring" (PDF). Retrieved 2022-06-01.
^ Corbet, Jonathan (2022-07-28). "Security requirements for new kernel features". LWN.net. Retrieved 2023-06-16.
^ Koczka, Tamás. "Learnings from kCTF VRP's 42 Linux kernel exploits submissions". Google Online Security Blog. Google. Retrieved 14 June 2023.

External links

Efficient I/O with io_uring, in-depth description of motivation behind io_uring, interface (data structures etc.), and performance assessment
liburing source repository
io_uring source directory in the Linux kernel repository

[Axboe2019-1] ^ ^a ^b ^c ^d ^e ^f ^g "Linux Kernel Getting io_uring To Deliver Fast & Efficient I/O - Phoronix". Phoronix. Retrieved 2021-03-14.{{cite web}}: CS1 maint: url-status (link)

[2] Axboe, Jens (October 15, 2019). "Efficient IO with io_uring" (PDF).{{cite web}}: CS1 maint: url-status (link)

[:1-3] "Getting Hands-on with io_uring using Go". developers.mattermost.com. Retrieved 2021-11-20.

[:0-4] "The rapid growth of io_uring [LWN.net]". lwn.net. Retrieved 2021-11-20.

[5] "BPF meets io_uring [LWN.net]". LWN.net. Retrieved 2023-04-17.

[6] "Faster IO through io_uring | Kernel Recipes 2019". Retrieved 2021-03-14.

[7] Corbet, Jonathan. "Ringing in a new asynchronous I/O API". LWN.net. Retrieved 2021-03-14.{{cite web}}: CS1 maint: url-status (link)

[8] "What's new with io_uring" (PDF). Retrieved 2022-06-01.

[9] Corbet, Jonathan (2022-07-28). "Security requirements for new kernel features". LWN.net. Retrieved 2023-06-16.

[10] Koczka, Tamás. "Learnings from kCTF VRP's 42 Linux kernel exploits submissions". Google Online Security Blog. Google. Retrieved 14 June 2023.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

@@ Line 17: / Line 17: @@
 ==Security==
-io_uring has been noted for exposing a significant attack surface and difficulties integrating it with the [[Linux Security Modules|Linux security subsystem]].<ref>{{Cite web |url=https://lwn.net/Articles/902466/ |title=Security requirements for new kernel features |date=2022-07-28 |access-date=2023-06-16 |website=[[LWN.net]] |last=Corbet |first=Jonathan}}</ref>.
+io_uring has been noted for exposing a significant attack surface and structural difficulties integrating it with the [[Linux Security Modules|Linux security subsystem]].<ref>{{Cite web |url=https://lwn.net/Articles/902466/ |title=Security requirements for new kernel features |date=2022-07-28 |access-date=2023-06-16 |website=[[LWN.net]] |last=Corbet |first=Jonathan}}</ref>
 In June 2023, Google's security team reported that 60% of Linux kernel [[Exploit (computer security)|exploits]] submitted to their [[bug bounty program]] in 2022 were exploits of io_uring vulnerabilities. As a result, io_uring was disabled for apps in [[Android (operating system)|Android]], and disabled entirely in [[ChromeOS]] as well as Google servers.<ref>{{cite web |last1=Koczka |first1=Tamás |title=Learnings from kCTF VRP's 42 Linux kernel exploits submissions |url=https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html |website=Google Online Security Blog |publisher=Google |access-date=14 June 2023 |language=en}}</ref>