Add io_uring tracepoints

[yanivagman]

io_uring is a relatively new and interesting interface between the user space and the kernel. It is built around a ring buffer in memory shared between user space and the kernel, that allows the submission of operations (and collecting the results) without the need to call into the kernel in many cases.

With io_uring, a program doesn't have to call system calls to performs operations like open, close, read, write and more (for more info: https://lwn.net/Articles/810414/). For this reason, it is also interesting from a security perspective.

We should add support in tracee for the relevant io_uring tracepoints, as defined in: https://github.com/torvalds/linux/blob/master/include/trace/events/io_uring.h

[yanivagman]

@AsafEitani @idanr1986 @roikol @AlonZivony any plans to add these events? I think they are a blind spot we might have in newer kernels

[rafaeldtinoco]

I'm afraid that is also true for aio_writes/aio_reads, no ? One could use async I/O instead of regular I/O as a blind spot I believe.

io_submit() -> aio_read/aio_write() -> call_read/write_iter() -> file_operations "write_iter" implementation (all kinds of backing drivers such as block, char, net, vhost, ext4, fat, fuse, nfs, overlays, ...).

[itaysk]

libuv is starting to use io_uring now, which means it might get wide adoption soon https://github.com/libuv/libuv/pull/3952