15 comments

[ 4.3 ms ] story [ 44.2 ms ] thread
ED: Can't delete.
> tl;dr

Well, that doesn’t say much. :-)

Here’s more:

BPF (eBPF) tracing is a superpower that can analyze everything, and I'll show you how in my upcoming book BPF Performance Tools: Linux System and Application Observability, coming soon from Addison Wesley. The book includes over 150 BPF observability tools that you can run to find performance wins and troubleshoot software, and also shows you how to write your own. Over one hundred of these BPF tools are newly-developed for this book; you can see many of them in this diagram...

http://www.brendangregg.com/blog/2019-07-15/bpf-performance-...

And a writeup:

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel

A Netflix performance architect says BPF promises a fundamental change to a 50-year-old kernel model.

https://www.zdnet.com/article/netflix-bpf-is-a-new-type-of-s...

The presenter expresses BPF has become a technology name for this type of kernel application and is no longer an acronym
BPF is an awesome VM. A huge thanks to Brendan on the work he has done to make it usable outside the kernel.

We built a whole rust tool chain around it.

https://github.com/solana-labs/rust-bpf-sysroot https://github.com/solana-labs/rust-bpf-builder

Can you elaborate on what makes it a good VM? I know very little about VMs, but I'm curious.
It’s doesn’t have a stack pointer, just stack frames. So hardware that doesn’t implement a stack can execute BPF kernels.
Is there a good explanation for why saying this is a 'new type of software' and a 'fundamental change to the 50 year old kernel structure' isn't hyperbole? I understand that it is some sort of constrained virtual machine that can analyze packets, bit it seems like the marketing here is a little much.
It can do much more than analyze packets. It's a way of running user defined programs in kernel space with fairly strong assurances that it won't crash the kernel.
(comment deleted)
BPF programs can hook directly into the kernel more or less and can safely share memory to userspace. This is important because after all the fall out from Spectre and Meltdown, they found that the BPF virtual machine programs were immune from this class of vulnerabilities.
It’s a culmination of decades of research and implementation to mainstream Ring-0 OS kernels that are upgradable at runtime with untrusted userspace code.
If this isn't really about packet filtering we could call it something else, right?

xmlHttpRequest became Ajax after all.