Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel

guest · Dec 5, 2019

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel
...BPF promises a fundamental change to a 50-year-old kernel model
December 5, 2019
https://www.zdnet.com/article/netfl...use-to-run-linux-apps-securely-in-the-kernel/

There's growing interest in a new type of software for Linux machines called BPF, which allows the user to run a program in the kernel and enjoy "observability super powers", according to Brendan Gregg, a senior performance architect at Netflix.

According to Gregg, BPF promises to make "a fundamental change to a 50-year-old kernel model by introducing a new interface for applications to make kernel requests, alongside syscalls".
The term BPF is derived from Berkeley Packet Filter, which in the 1990s was a virtual machine for efficient packet filters.
However, as Gregg explained this week at an Ubuntu Masters talk, BPF in 2019 is now a "generic kernel execution engine". With this broader functionality, he argues BPF is now the name of a technology and not just an acronym.

The big change BPF allows for is achieved through BPF Helper Calls, which are the equivalent of system API calls to the kernel in user-mode applications.

"This allows you to write kernel mode applications that can access resources and run with high performance and efficiency with guarantees of security," he said.
Gregg argues this is different to writing a kernel module because while these modules do have access to hardware, there's no fixed API, which creates security risks.
Click to expand...

fblais · Dec 6, 2019

Is this really secure

reasonablePrivacy · Dec 6, 2019

fblais said: ↑

Is this really secure
Click to expand...

It is not intended to be used to run unknown, unverified, not-trusted programs from random sources.

It is more secure to load BPF application than traditional Linux kernel module. Great for writing drivers and system services. Secure in this context means that accidental bugs in these BPF programs will likely be less endangering system reliability and security than similar bug in traditional Linux kernel module.

reasonablePrivacy · May 11, 2021

Microsoft Bringing eBPF Support To Windows
https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Windows-eBPF

eBPF has been one of the greatest Linux kernel innovations of the past decade and now Microsoft has decided to bring this "revolutionary technology" to Windows Server and Windows 10.
Click to expand...

Those wanting to learn more about Microsoft bringing eBPF to Windows can see this blog post.
Click to expand...

Log in or Sign up

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel

guest Guest

fblais Registered Member

reasonablePrivacy Registered Member

reasonablePrivacy Registered Member

Log in or Sign up

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel

guest Guest

fblais Registered Member

reasonablePrivacy Registered Member

reasonablePrivacy Registered Member

Useful Searches