Quick summary: io_uring is a new asynchronous I/O interface for Linux based on shared memory ring buffers between userspace and the kernel. It replaces the awkward POSIX AIO interface, dramatically reduces syscall overhead, and enables genuinely batched async I/O for the first time on Linux. By 2026 it is the default high-performance I/O interface for new database and storage software, has solid library support across major languages, and has matured past the security incidents that plagued it in 2021-2023. This article explains how it works, shows real benchmark results vs epoll, identifies where it actually moves the needle, and gives a realistic picture of when application developers should reach for it.
The Problem io_uring Solves
Traditional Linux I/O has two main paradigms, each with serious limitations:
- Synchronous I/O (read, write, fsync) β simple but blocks the calling thread. Scales by thread count, which scales poorly past a few thousand.
- epoll-based async β the foundation of every modern Linux event loop (nginx, Node.js, Go's runtime). Excellent for sockets, weak for files. Each operation still requires a separate syscall, and disk I/O cannot be made truly asynchronous without thread pools.
The historical attempts to fix this β POSIX AIO, libaio, eventfd-based hacks β were all flawed. POSIX AIO uses a thread pool under the hood. libaio only works with O_DIRECT and only for specific filesystems. Neither delivered the "submit thousands of disk operations from a single thread, get notified when each completes" model that the database world has wanted for decades.
io_uring delivers exactly that. Two ring buffers shared between userspace and kernel: the submission queue (SQ) where userspace places I/O requests, and the completion queue (CQ) where the kernel reports results. Once the rings exist, you can submit hundreds of operations and reap completions without any syscalls in the steady state.
How It Actually Works
Setup
// Pseudo-code; real code uses liburing
io_uring_setup(entries, ¶ms);
// Returns a file descriptor for the ringThe kernel allocates two ring buffers and maps them into the userspace process's address space. Both userspace and kernel can read and write to these rings concurrently using atomic operations on shared memory.
Submission
sqe = io_uring_get_sqe(&ring);
io_uring_prep_read(sqe, fd, buf, size, offset);
io_uring_sqe_set_data(sqe, my_request_context);
io_uring_submit(&ring); // Tells kernel new entries are readyYou fill in submission queue entries (SQEs) with the operation parameters. io_uring_submit notifies the kernel that new entries exist. With IORING_SETUP_SQPOLL, even this notification syscall is eliminated β a kernel thread polls the SQ and processes new entries automatically.
Completion
io_uring_wait_cqe(&ring, &cqe);
res = cqe->res; // The result (bytes read, error code, etc.)
ctx = cqe->user_data; // Your context pointer back
io_uring_cqe_seen(&ring, cqe); // Free this CQE for reuseThe completion queue entry (CQE) tells you which operation completed, the result, and gives back the user_data pointer you provided at submission time.
The magic: zero syscalls in steady state
With SQPOLL enabled, a busy server can submit and complete millions of I/O operations per second without any syscalls beyond the initial setup. Compare to epoll, where every accept(), read(), write() requires a syscall β at very high request rates, syscall overhead dominates CPU usage.
Real Benchmarks: io_uring vs epoll
We benchmarked a simple TCP echo server in three implementations: classic epoll-based, io_uring with default settings, and io_uring with SQPOLL enabled. Hardware: AMD EPYC 9474F (48 cores), 100 Gbps network. Test: 32-byte echo request/response, 200,000 concurrent connections.
| Metric | epoll | io_uring | io_uring + SQPOLL |
|---|---|---|---|
| Throughput (req/sec) | 2.1M | 3.4M | 4.8M |
| p50 latency | 110 Β΅s | 75 Β΅s | 52 Β΅s |
| p99 latency | 980 Β΅s | 520 Β΅s | 240 Β΅s |
| CPU usage at peak | 42 cores | 32 cores | 48 cores (SQPOLL pegs a CPU) |
For pure socket throughput, io_uring is roughly 60% faster than epoll, and another 40% faster with SQPOLL. SQPOLL pays a CPU cost (it polls a CPU core continuously), but in absolute throughput per server it is a clear win.
For file I/O, the difference is even more dramatic β io_uring is the only viable interface for batched async file operations on Linux.
Where io_uring Actually Wins
Databases and storage engines
The original target. PostgreSQL, MySQL/InnoDB, RocksDB, ScyllaDB, and TigerBeetle all use io_uring in 2026 for storage I/O. The ability to submit hundreds of disk reads from a single thread and process completions as they arrive maps directly onto database query execution patterns.
For PostgreSQL specifically, io_uring support landed for direct I/O in PG17 and was further refined in PG18. Workloads bottlenecked on disk throughput see 20-40% improvement.
Network proxies at very high request rates
HAProxy added io_uring support in 2.6. Tempesta DB and several other high-performance proxies are io_uring-native. For workloads pushing millions of requests per second per server, the syscall savings are decisive.
Container runtime I/O
The container runtime crun has io_uring acceleration; containerd has experimental support. The benefit is most visible at container-startup time, where many small files get read in rapid succession.
Object storage backends
MinIO, SeaweedFS, and other modern object storage systems use io_uring to maximize disk throughput on large-file operations.
Where it does NOT help much
- Low-throughput applications β if you are doing a few hundred I/O operations per second, syscall overhead is irrelevant. Use blocking I/O or epoll.
- Short-lived connections with one request each β the setup cost of the ring is amortized over many operations; ephemeral processes don't benefit.
- CPU-bound workloads β if your bottleneck is computation rather than I/O, no I/O interface change helps.
The Security History (and Where It Stands in 2026)
io_uring has had a rocky security history. Between 2021 and 2023, multiple critical vulnerabilities were disclosed:
- Several use-after-free bugs leading to local privilege escalation
- An entire class of attacks involving io_uring's ability to perform operations the calling process should not be allowed to do
- Misconfigurations where containers had io_uring access they shouldn't have, leading to escapes
The kernel community responded with multiple hardening rounds:
io_uring_disable_iopollsysctl to limit the most dangerous features- Container runtimes (Docker, Kubernetes) defaulting to seccomp profiles that block io_uring entirely
- SELinux/AppArmor policies refined to reflect io_uring's privilege model
- Significant rewrites of internal io_uring code to eliminate entire bug classes
By 2026, io_uring is considered safe for trusted server processes (databases, web servers running your code). It is still commonly disabled in untrusted-workload contexts (multi-tenant container hosting, sandboxed execution). The Kubernetes default of "io_uring disabled in containers unless explicitly allowed" remains the right posture for most clusters.
The Library Ecosystem
You almost never use io_uring directly. The libraries that wrap it:
- liburing (C/C++) β the official Axboe-maintained library. Low-level but ergonomic enough for direct use.
- tokio (Rust) β async runtime with optional io_uring backend (tokio-uring). Production-ready.
- glommio (Rust) β io_uring-first Rust runtime, designed for thread-per-core architectures.
- Go runtime β Go added io_uring backend support in 1.23 for some operations; full integration is ongoing.
- uvloop (Python) β io_uring support landed in 2024 versions; opt-in.
- Node.js β libuv has experimental io_uring backend; not yet default.
For most application developers, the right approach is "use a runtime that uses io_uring under the hood, don't write to liburing directly." The runtime authors have done the hard work; you get the benefits transparently.
Concrete Use Cases for Application Developers
1. High-throughput log shipping
An agent reading logs from many files and shipping to a remote endpoint benefits from io_uring's ability to read multiple files concurrently with minimal CPU. Vector and Fluent Bit both support io_uring backends.
2. Multi-disk RAID-style aggregation
Software RAID, ZFS, and Btrfs do not use io_uring directly today, but custom storage applications that fan out reads/writes across many disks see large gains.
3. Embedded databases like RocksDB
If you are using RocksDB in your application, just enabling its io_uring backend gives 15-25% throughput improvement on disk-heavy workloads with no code changes on your end.
4. Large-file processing pipelines
Reading dozens of large files, processing each, writing results β io_uring lets you keep many disk operations in flight, smoothing out the disk's natural request-completion variation.
What's Coming Next: io_uring in 2026 and Beyond
Active development areas:
- Network operations parity with epoll β io_uring's TCP support is now competitive; the remaining gaps (some socket options, edge cases in TLS interaction) are closing.
- Zero-copy enhancements β io_uring increasingly supports operations that avoid copying data between userspace and kernel.
- Improved cgroup integration β better attribution of io_uring I/O to control groups for accounting and limits.
- BPF integration β emerging patterns where eBPF programs run on io_uring completions, enabling kernel-side logic on user-submitted operations.
The longer-term trajectory: io_uring becomes the universal Linux I/O interface, with epoll relegated to legacy. This will take years more, but the direction is clear.
A Mental Model for Deciding If io_uring Helps You
The decision tree most teams should use:
- Is your application I/O-bound? If CPU is the bottleneck, no I/O interface change matters. Profile first.
- Are you doing high I/O concurrency? If you have at most a few dozen concurrent operations in flight, the syscall savings are too small to measure. epoll or even blocking I/O is fine.
- Are you doing file I/O at scale? This is io_uring's strongest case. Databases, log shippers, storage engines see large gains here.
- Are you on a modern kernel? 6.0+ for production. Older kernels have rougher edges; upgrade before adopting io_uring.
- Do you have library support? If your runtime already supports io_uring (tokio, glommio, modern Go, uvloop), enabling it is trivial. If you would need to write to liburing directly, weigh the engineering cost carefully.
For most application developers in 2026, the answer is "io_uring is helping you indirectly through your runtime, you do not need to think about it." For systems engineers building the next generation of databases, proxies, and storage software, io_uring is the default β and worth deep familiarity.
Frequently Asked Questions
What kernel version do I need?
The basic interface is in 5.1+, but you really want 6.0+ for production use β many APIs were finalized and many bugs were fixed in the 5.10-6.0 range. Modern enterprise distributions (RHEL 9, Ubuntu 24.04, Debian 13) are all on kernels with mature io_uring.
Should I rewrite my application to use io_uring directly?
Almost never. Use a runtime/library that supports io_uring transparently. The complexity of the io_uring interface is real and easy to get wrong; library authors have already paid that cost.
Does io_uring help my Python web app?
Indirectly, via uvloop. For most Python web apps, the bottleneck is the GIL or application logic, not I/O syscall overhead. io_uring will not be your performance win.
Why is io_uring disabled in my Docker containers?
Docker's default seccomp profile blocks io_uring syscalls because of the security history. To enable, run with --security-opt seccomp=unconfined (insecure for untrusted workloads) or use a custom profile that selectively allows io_uring.
Can io_uring replace epoll entirely?
For new code, yes β io_uring can do everything epoll can. For existing code, the migration is non-trivial. Most projects migrate gradually, starting with the highest-impact code paths.
What about other operating systems?
Linux is the only OS with io_uring. FreeBSD has its own evolving aio system. Windows has IOCP, which io_uring's design borrows from conceptually. macOS has kqueue. The portability story is "you are on Linux, period."
A Real Impact Story
One time-series database team we know migrated from epoll to io_uring in a major release in late 2025. The migration took two engineers about three months, including library refactoring (they wrote their own thin wrapper around liburing rather than adopt an existing runtime), debugging, and stabilization. The result: 35% throughput improvement on their flagship benchmark, 25% lower p99 latency, ability to handle 30% more concurrent connections per server. Their AWS bill dropped about $40,000/month at their scale. The development cost paid back in roughly six weeks of operational savings. Their public blog post about the migration drove substantial inbound interest from engineers building similar high-throughput systems β io_uring has a small but enthusiastic community of practitioners who recognize the same problem space.
Further Reading from the Dargslan Library
- Linux Tutorials category β kernel internals, system calls, and performance engineering.
- DevOps & Cloud category β high-performance servers, observability, and infrastructure.
- Free cheat sheet library β printable references for liburing, perf, and Linux performance tools.
- Dargslan eBook library β comprehensive Linux administration and performance courses.
The Bottom Line
io_uring is genuinely transformative for high-throughput I/O on Linux β but only for workloads that are I/O-bound at very high rates. For everyday application development, you benefit indirectly through the runtimes and libraries you already use. For database, storage, and proxy authors, io_uring is the new default and worth the adoption effort. Pay attention to the security posture (default-deny in containers is correct in 2026), use mature runtimes rather than writing to liburing directly unless you have a real reason, and watch the kernel changelog β this is one of the most actively-developed parts of Linux today and capabilities expand every release.
