We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Rust and Tell - Berlin - Aya: Extending the Linux Kernel with eBPF and Rust by Michal Rostecki
Explore the intersection of Rust and eBPF, a mechanism to extend the Linux kernel, discussing challenges, benefits, and workarounds, including type safety, bounded loops, and early returns.
- BPF (eBPF) is a mechanism to handle differences in kernel structures between kernel versions.
- Rust is not allowed in the kernel by default due to its tendency to panic.
- BPF verifier is not smart, but it’s possible to work around it by using bounded loops and early returns.
- Rust compiler can compile to BPF bytecode.
- Writing BPF programs in Rust has many benefits, including type safety.
- Most BPF programs are receiving pointers to kernel or user space memory, which requires unsafe operations.
- BPF programs can observe function calls, kernel events, and network traffic.
- There are limitations on BPF program size (1 million instructions) and loops (32 tail calls).
- BPF programs can be loaded into the kernel and executed as a virtual machine.
- Rust compiler will complain about macros included in IAR (Strongly Typed).
- Rust has its own replacement for the alloc library.
- BPF verifier checks for out-of-bounds errors and crashes.
- Rust programs in BPF cannot panic, all errors must be recoverable.
- eBPF programs can be written in Rust and compiled to BPF bytecode.
- BPF programs can be used for debugging user space binaries if symbols are exposed.
- BPF projects are usually divided into user space and BPF parts.
- Rust programs in BPF can use crates without external dependencies.
- BPF verifier checks for memory access violations and crashes.
- Rust programs in BPF can use perf buffers to push logs to user space processes.