Is io_uring supported in Red Hat Enterprise Linux?

Environment

• Red Hat Enterprise Linux (RHEL) 10
• Red Hat Enterprise Linux (RHEL) 9
• Red Hat Enterprise Linux (RHEL) 8

Issue

• Is io_uring supported in Red Hat Enterprise Linux?

Resolution

• RHEL 8.x: This was being considered for RHEL8 in This content is not included.RHELPLAN-54699 where unfortunately it was decided that io_uring support will not be enabled in RHEL8.

• RHEL 9.x: This content is not included.RHELPLAN-116748 - Add io_uring Support proposed to release this feature in RHEL 9.3 GA. It was released in RHSA-2023:6583, with kernel-5.14.0-362.8.1.el9_3 as Tech Preview only. This content is not included.RHEL-120699 was used to promote io_uring to full support.

  • io_uring is fully supported starting with kernel-5.14.0-687.5.1.el9_8 or higher (released via This content is not included.ERRATA).

• RHEL 10.x: This was available as Tech Preview previously. This content is not included.RHEL-120700 planned to upgrade io_uring to full support.

  • io_uring is fully supported starting with kernel-6.12.0-211.7.1.el10_2 or higher (released with This content is not included.ERRATA).

Root Cause

The reason for io_uring being Tech Preview only previously is because of the exposure to many security vulnerabilities, and issues involving privilege escalation stemming from bugs like use-after-free and race conditions.

Currently io_uring is fully supported from specific releases on both RHEL 9 and RHEL 10.

The io_uring interface was available as a Technology Preview. Right now it is fully supported.
io_uring is a new and effective asynchronous I/O interface. By default, this feature is disabled. You can enable this interface by setting the kernel.io_uring_disabled sysctl variable to any one of the following values:
0:: All processes can create io_uring instances as usual.
1:: io_uring creation is disabled for unprivileged processes. The io_uring_setup fails with the -EPERM error unless the calling process is privileged by the CAP_SYS_ADMIN capability. Existing io_uring instances can still be used.
2:: io_uring creation is disabled for all processes. The io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used. This is the default setting.
An updated version of the SELinux policy to enable the mmap system call on anonymous inodes is also required to use this feature.
By using the io_uring command pass-through, an application can issue commands directly to the underlying hardware, such as nvme. Use of io_uring command pass-through currently requires a custom SELinux policy module. Execute the following steps to create a custom SELinux policy module:
Save the following lines as io_uring_cmd_passthrough.cil file:
( allow unconfined_domain_type device_node ( io_uring ( cmd )))

( allow unconfined_domain_type file_type ( io_uring ( cmd )))
Load the policy module:
semodule -i io_uring_cmd_passthrough.cil

Diagnostic Steps

• An explanation of what io_uring is can be found at Content from kernel.dk is not included.Efficient IO with io_uring.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.