Software:In-Kernel Virtual Machine
In-Kernel Virtual Machine, in computer science, a Virtual machine is the virtualization/emulation of a computer system. Virtual machine applications may contain specialized hardware, software, or a combination of these. It is possible to come across virtual machines in structures called kernels.
Examples
eBPF
eBPF is an "in-kernel virtual machine" that allows users to load and run custom programs within the kernel of the operating system.[1][2]That means it can extend or even modify the way the kernel behaves.[3][4][5]
It is used as a backend for the libpcap library and performs packet filtering for tools like tcpdump. When tcpdump is executed with some filtering rules, it generates the eBPF bytecode for that rule and sends it to the kernel for inclusion in the early stages of network stack processing. This bytecode is then interpreted in the virtual machine and decides which packet will appear in the tcpdump output. This filtering mechanism is performant and safe by design. eBPF programs executed in isolation in the "in-kernel virtual machine". [6] They are limited to 4096 commands, they cannot have cycles, and all memory accesses are checked for a valid range. Therefore, it is guaranteed that the execution of the BPF bytecode will be terminated. It cannot cause kernel error, denial of service, or memory damage.(Kovalev 2020).
nftables
nftables is an in-kernel packet classification framework built on a network-specific Virtual Machine (VM) and the nft userspace command line tool.[7]
It was introduced in the Linux kernel v3.13, and it improves the kernel's network stack with new bytecode filtering capabilities, where the filters are not statically coded into kernel modules. However, the rules are compiled and optimized in user space for small bytecode programs. Those small programs are then executed in an "in-kernel virtual machine" at runtime.(Märdian {{{2}}}).
DTrace
DTrace is a performance analysis and troubleshooting tool developed by Sun Microsystems. It has Dynamic Tracing that patches live running instructions with instrumentation code, including Solaris, Mac OS X, and FreeBSD.[8] As distinct from other solutions for dynamic instrumentation that execute native instrumentation code, it implements a simple "in-kernel virtual machine"[9] that interprets byte code generated by a compiler for the "D" language.(Engel Freisleben).
References
- Engel, Michael; Freisleben, Bernd (2005), Using a Low-Level Virtual Machine to Improve Dynamic Aspect Support in Operating System Kernels, University of Marburg, https://llvm.org/pubs/2005-03-14-ACP4IS-AspectsKernel.pdf
- Kovalev, M.G (2020), Tracing Network Packets in the Linux Kernel using eBPF, St Petersburg State University, http://www.mathnet.ru/links/35d0cf7569624c0b246edfc28ea56bf0/tisp513.pdf
- Xu, Qiongwen; Wong, Michael D.; Narayana, Srinivas; Sivaraman, Anirudh (2021), Synthesizing Safe and Efficient Kernel Extensions for Packet Processing, Rutgers University, https://people.cs.rutgers.edu/~sn624/papers/k2-sigcomm21.pdf
- Märdian, Lukas M. (2021), What's New in the Linux Network Stack?, Department for Computer Science, Technische Universität München, https://blog.slyon.de/uploads/Maerdian-Linux_Network_Stack.pdf
Notes
- ↑ "Extending the Kernel with eBPF". https://source.android.com/devices/architecture/kernel/bpf. Retrieved 2022-08-12.
- ↑ Matt Fleming (December 2, 2017). "A thorough introduction to eBPF". https://lwn.net/Articles/740157/. Retrieved 2022-09-02.
- ↑ Rice, Liz (2022). What Is eBPF? An Introduction to a New Generation of Networking, Security, and Observability Tools (First ed.). California: O'Reilly Media. ISBN 978-1-492-09723-5. https://isovalent.com/data/liz-rice-what-is-ebpf.pdf.
- ↑ Stanislav Kozina. "Introduction to eBPF in Red Hat Enterprise Linux 7". https://www.darlingtree.com/static/paper/pacise22.pdf. Retrieved 2022-08-12.
- ↑ Si Chen, Liu Cui. "EXTENDED BERKELEY PACKET FILTER (EBPF) – THE NEW SWISS KNIFE FOR CYBERSECURITY EDUCATION". https://www.redhat.com/en/blog/introduction-ebpf-red-hat-enterprise-linux-7. Retrieved 2022-08-12.
- ↑ Jonathan Corbet. "BPF: the universal in-kernel virtual machine". https://lwn.net/Articles/599755/. Retrieved 2022-08-12.
- ↑ "netfilter/iptables project homepage". https://netfilter.org/projects/nftables/. Retrieved 2022-11-17.
- ↑ "About DTrace". http://dtrace.org/blogs/about/. Retrieved 2022-07-30.
- ↑ Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel. University of Washington. https://unsat.cs.washington.edu/papers/nelson-jitterbug.pdf.
External links