Verifed Programs Can Party: Optimizing Kernel Extensions via Post-Verifcation Merging

Hsuan Chi Kuo, Kai Hsun Chen, Yicheng Lu, Dan Williams, Sibin Mohan, Tianyin Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Operating system (OS) extensions are more popular than ever. For example, Linux BPF is marketed as a "superpower"that allows user programs to be downloaded into the kernel, verified to be safe and executed at kernel hook points. So, BPF extensions have high performance and are often placed at performance-critical paths for tracing and filtering. However, although BPF extension programs execute in a shared kernel environment and are already individually verified, they are often executed independently in chains. We observe that the chain pattern has large performance overhead, due to indirect jumps penalized by security mitigations (e.g., Spectre), loops, and memory accesses. In this paper, we argue for a separation of concerns. We propose to decouple the execution of BPF extensions from their verification requirements-BPF extension programs can be collectively optimized, after each BPF extension program is individually verified and loaded into the shared kernel. We present KFuse, a framework that dynamically and automatically merges chains of BPF programs by transforming indirect jumps into direct jumps, unrolling loops, and saving memory accesses, without loss of security or flexibility. KFuse can merge BPF programs that are (1) installed by multiple principals, (2) maintained to be modular and separate, (3) installed at different points of time, and (4) split into smaller, verifiable programs via BPF tail calls. KFuse demonstrates 85% performance improvement of BPF chain execution and 7% of application performance improvement over existing BPF use cases (systemd's Seccomp BPF filters). It achieves more significant benefits for longer chains.

Original languageEnglish (US)
Title of host publicationEuroSys 2022 - Proceedings of the 17th European Conference on Computer Systems
PublisherAssociation for Computing Machinery, Inc
Pages283-299
Number of pages17
ISBN (Electronic)9781450391627
DOIs
StatePublished - Mar 28 2022
Event17th European Conference on Computer Systems, EuroSys 2022 - Rennes, France
Duration: Apr 5 2022 → …

Publication series

NameEuroSys 2022 - Proceedings of the 17th European Conference on Computer Systems

Conference

Conference17th European Conference on Computer Systems, EuroSys 2022
Country/TerritoryFrance
CityRennes
Period4/5/22 → …

Keywords

  • BPF
  • Indirect jump
  • Kernel extension
  • Retpoline
  • Spectre
  • Transient attack
  • eBPF

ASJC Scopus subject areas

  • Hardware and Architecture
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Verifed Programs Can Party: Optimizing Kernel Extensions via Post-Verifcation Merging'. Together they form a unique fingerprint.

Cite this