Unsafe Nesting in BPF Programs
| dc.contributor.author | Chintamaneni, Siddharth | en |
| dc.contributor.committeechair | Williams, Daniel John | en |
| dc.contributor.committeemember | Nikolopoulos, Dimitrios S. | en |
| dc.contributor.committeemember | Noh, Sam Hyuk | en |
| dc.contributor.department | Computer Science and#38; Applications | en |
| dc.date.accessioned | 2025-01-15T09:00:46Z | en |
| dc.date.available | 2025-01-15T09:00:46Z | en |
| dc.date.issued | 2025-01-14 | en |
| dc.description.abstract | Safe kernel extensions are crucial for adding features like networking filters, security policies, and monitoring capabilities that organizations require in production environments. The Linux kernel traditionally lacked mechanisms for safe runtime extensions. BPF addressed this problem by enabling dynamic kernel extensions with safety guarantees enforced by an in-kernel verifier, ensuring kernel stability. The verifier verifies each BPF program without considering its interactions with other BPF programs, assuming these interactions will be safe. This assumption relies on both static limits enforced by the verifier and runtime checks in the kernel. However, this verification approach leaves the kernel vulnerable to safety issues when BPF programs nest within each other. This work identifies such safety issues, including stack overflows, deadlocks, performance issues, and missed events. To address these challenges, this research presents an approach for providing a global system view to the verifier to prevent uncontrolled nesting. We explored the first steps in this direction through a helper-rooted callgraph approach that provides a global view of BPF program interactions, enabling the prevention of these safety issues. | en |
| dc.description.abstractgeneral | Linux is one of the most popular mainstream operating systems, running on over 96% of the world's servers. Extending the kernel is important because users need features like network filtering and system monitoring. Recently, BPF provided a safe way to extend Linux's capabilities by using an in-kernel safety checker called the verifier, which examines each program before it runs to prevent crashes and system stalls. Due to these safety guarantees, BPF has been widely adopted in industry for various use cases. In this work, we identified that when multiple BPF programs are nested, they can cause problems even though the programs are individually verified as safe. Our experiments showed three critical issues: stack overflows, deadlocks and performance problems (such as throughput loss). We identified that these crashes occur because the verifier lacks knowledge about how BPF programs interact with each other. To address this problem, we developed an approach called helper-rooted callgraphs that shows how different programs interact. This information can then be used by the verifier to prevent unsafe program interactions. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:42171 | en |
| dc.identifier.uri | https://hdl.handle.net/10919/124192 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | eBPF | en |
| dc.subject | Linux | en |
| dc.subject | Kernel extensions | en |
| dc.subject | Nesting | en |
| dc.title | Unsafe Nesting in BPF Programs | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Science & Applications | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1