Обсуждение: [PATCH] test_aio: Skip io_uring tests when kernel disables it
Hi hackers,
I encountered test_aio failures on RHEL 9 / Rocky Linux 9 systems where
io_uring is disabled by default (io_uring_disabled=2). This is increasingly
common in enterprise environments.
Background:
Red Hat disabled io_uring in 2021 and maintains this policy in RHEL 9
for security reasons. Many critical CVEs have been found (CVE-2021-41073,
CVE-2022-2602, CVE-2024-0582, etc.), and Google reported that 60% of their
2022 kernel exploit submissions targeted io_uring, leading them to disable
it across Android, ChromeOS, and production servers.
Current behavior:
The test_aio module only checks if PostgreSQL was compiled with io_uring
support (have_io_uring) but doesn't check if the kernel allows it.
This causes test failures on RHEL 9 and similar distributions.
Proposed solution:
Add io_uring_enabled() to check /proc/sys/kernel/io_uring_disabled.
Only run io_uring tests when the value is 0 (fully enabled).
Why skip io_uring_disabled=1 (CAP_SYS_ADMIN required) as well:
- Checking for CAP_SYS_ADMIN capability adds complexity
- Most test users don't have CAP_SYS_ADMIN
- High probability of failure, safer to skip
- Prioritize test simplicity and stability over coverage
Testing:
- ✓ RHEL 9 (io_uring_disabled=2): Tests skip correctly
- ✓ Ubuntu 24 (io_uring_disabled=0): Tests run normally
The patch is minimal (adds one function, modifies one condition) and
follows the existing pattern used for injection points testing.
Thoughts?
Best regards,
Henson Choi
I encountered test_aio failures on RHEL 9 / Rocky Linux 9 systems where
io_uring is disabled by default (io_uring_disabled=2). This is increasingly
common in enterprise environments.
Background:
Red Hat disabled io_uring in 2021 and maintains this policy in RHEL 9
for security reasons. Many critical CVEs have been found (CVE-2021-41073,
CVE-2022-2602, CVE-2024-0582, etc.), and Google reported that 60% of their
2022 kernel exploit submissions targeted io_uring, leading them to disable
it across Android, ChromeOS, and production servers.
Current behavior:
The test_aio module only checks if PostgreSQL was compiled with io_uring
support (have_io_uring) but doesn't check if the kernel allows it.
This causes test failures on RHEL 9 and similar distributions.
Proposed solution:
Add io_uring_enabled() to check /proc/sys/kernel/io_uring_disabled.
Only run io_uring tests when the value is 0 (fully enabled).
Why skip io_uring_disabled=1 (CAP_SYS_ADMIN required) as well:
- Checking for CAP_SYS_ADMIN capability adds complexity
- Most test users don't have CAP_SYS_ADMIN
- High probability of failure, safer to skip
- Prioritize test simplicity and stability over coverage
Testing:
- ✓ RHEL 9 (io_uring_disabled=2): Tests skip correctly
- ✓ Ubuntu 24 (io_uring_disabled=0): Tests run normally
The patch is minimal (adds one function, modifies one condition) and
follows the existing pattern used for injection points testing.
Thoughts?
Best regards,
Henson Choi
Вложения
Hi,
On Mon, 8 Dec 2025 at 05:12, Henson Choi <assam258@gmail.com> wrote:
>
> Hi hackers,
>
> I encountered test_aio failures on RHEL 9 / Rocky Linux 9 systems where
> io_uring is disabled by default (io_uring_disabled=2). This is increasingly
> common in enterprise environments.
>
> Background:
> Red Hat disabled io_uring in 2021 and maintains this policy in RHEL 9
> for security reasons. Many critical CVEs have been found (CVE-2021-41073,
> CVE-2022-2602, CVE-2024-0582, etc.), and Google reported that 60% of their
> 2022 kernel exploit submissions targeted io_uring, leading them to disable
> it across Android, ChromeOS, and production servers.
>
> Current behavior:
> The test_aio module only checks if PostgreSQL was compiled with io_uring
> support (have_io_uring) but doesn't check if the kernel allows it.
> This causes test failures on RHEL 9 and similar distributions.
>
> Proposed solution:
> Add io_uring_enabled() to check /proc/sys/kernel/io_uring_disabled.
> Only run io_uring tests when the value is 0 (fully enabled).
>
> Why skip io_uring_disabled=1 (CAP_SYS_ADMIN required) as well:
> - Checking for CAP_SYS_ADMIN capability adds complexity
> - Most test users don't have CAP_SYS_ADMIN
> - High probability of failure, safer to skip
> - Prioritize test simplicity and stability over coverage
>
> Testing:
> - ✓ RHEL 9 (io_uring_disabled=2): Tests skip correctly
> - ✓ Ubuntu 24 (io_uring_disabled=0): Tests run normally
>
> The patch is minimal (adds one function, modifies one condition) and
> follows the existing pattern used for injection points testing.
>
> Thoughts?
Thank you for the report! I am able to reproduce the problem you
mentioned by disabling io_uring with 'sysctl -w
kernel.io_uring_disabled=2' command.
method_io_uring.c has a hint about this problem:
/* add hints for some failures that errno explains sufficiently */
if (-ret == EPERM)
{
err = ERRCODE_INSUFFICIENT_PRIVILEGE;
hint = _("Check if io_uring is disabled via
/proc/sys/kernel/io_uring_disabled.");
}
and this hint is shown when you try to set the io_method to io_uring
also this hint is written to the 'regress_log_001_aio' if aio tests
fail because of that. I think it is correct to fail the test and show
the hint when you have an io_uring support but you can not use it
because of some kernel parameters.
--
Regards,
Nazir Bilal Yavuz
Microsoft