I love dense material like this. Each time you watch it you notice something you didn't before. Notice I said dense, not sparse. Too many of the few talks cover advanced topics do it in a way that does not connect the series of ideas. Well done & thanks for posting.
This is brilliant. I didn't know you could do stuff like this. Being able to access the kernel with minimal over head on running systems, makes this ideal for troubleshooting on production. This is very cool.
I'm not sure that I understand correctly. Is BPF a way to safely issue instructions from user space to kernel space? Is it a way to safely run some part of a user space program in kernel space? Is it a performance tracer? Is it something to build and/or base performance tracers on?
All of the above, and more. Except the instructions you issue are BPF instructions (its own basic instruction set) -- which are executed by an in-kernel virtual machine that maps them to native instructions (x86_64, etc). That virtual machine provides various security safeguards, so it's preferable to writing a kernel module. It can be used for performance tracers, but also security monitors, and software defined network programs. Lots of uses. So far I've mostly used BPF for performance tracers.
In some cases, yes. The actions a BPF program can do are limited, and while enough for things like observability or redirecting packets, it's unlikely to ever be enough for a full device driver. But yes, the question will be asked in the future whenever someone is proposing writing a kernel module will be -- can this just be a BPF program?
I love dense material like this. Each time you watch it you notice something you didn't before. Notice I said dense, not sparse. Too many of the few talks cover advanced topics do it in a way that does not connect the series of ideas. Well done & thanks for posting.
Great talk. Timely, important, and 99.99 on a geek scale.
very informative talk, thanks. Have watched this video more than 20 times and each time understood some more stuff...
This is brilliant. I didn't know you could do stuff like this. Being able to access the kernel with minimal over head on running systems, makes this ideal for troubleshooting on production. This is very cool.
03:22 I think you forgot the 'Amplification' box on the LHS... :-/
Nice talk! sir how we can use it for power consumption estimation ?
1:54 What architecture is that?
BPF VM in Linux kernel, on whatever ISA Linux is running on.
BCC is now available as snap, wiki.ubuntu.com/Kernel/Reference/bcc
I'm not sure that I understand correctly.
Is BPF a way to safely issue instructions from user space to kernel space?
Is it a way to safely run some part of a user space program in kernel space?
Is it a performance tracer?
Is it something to build and/or base performance tracers on?
All of the above, and more. Except the instructions you issue are BPF instructions (its own basic instruction set) -- which are executed by an in-kernel virtual machine that maps them to native instructions (x86_64, etc). That virtual machine provides various security safeguards, so it's preferable to writing a kernel module. It can be used for performance tracers, but also security monitors, and software defined network programs. Lots of uses. So far I've mostly used BPF for performance tracers.
So BPF could be used instead of dedicated kernel modules like drivers in the kernel? That could really slim down the kernel's footprint, I imagine.
In some cases, yes. The actions a BPF program can do are limited, and while enough for things like observability or redirecting packets, it's unlikely to ever be enough for a full device driver. But yes, the question will be asked in the future whenever someone is proposing writing a kernel module will be -- can this just be a BPF program?
Hello Sir, can you point such example where a BPF program can work as kernel driver? (beginner here). Thank you in advance.
attack surface ?
SSsssssshhh!!!11!
:-/
FYI, pony characters who have both a unicorn horn and Pegasus wings are called Alicorns.
Remember, There Is No Flame...
04:00 There's thing we used to used, called 'Hardware'...
they are great but using macos seems weird lol
Bpatl
White Anthony Perez Michael Taylor Jeffrey