While the situation has improved, if your threat model is such you can block io_uring during boot or in containers with a seccomp policy:

    DENY_RULE (io_uring_enter, EPERM);
    DENY_RULE (io_uring_register, EPERM);
    DENY_RULE (io_uring_setup, EPERM);