Synthesizing safe and efficient kernel extensions for packet processing

Qiongwen Xu, Michael D. Wong, Tanvi Wagle, Srinivas Narayana, Anirudh Sivaraman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data. BPF programming is not easy. One, even modest-sized BPF programs are deemed too large to analyze and rejected by the kernel checker. Two, the kernel checker may incorrectly determine that a BPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be meticulously hand-crafted by expert developers. Traditional optimizing compilers for BPF are often inadequate since the kernel checker's safety constraints are incompatible with rule-based optimizations. We present K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode with formal correctness and safety guarantees. K2 produces code with 6 - 26% reduced size, 1.36% - 55.03% lower average packet-processing latency, and 0 - 4.75% higher throughput (packets per second per core) relative to the best clang-compiled program, across benchmarks drawn from Cilium, Facebook, and the Linux kernel. K2 incorporates several domain-specific techniques to make synthesis practical by accelerating equivalence-checking of BPF programs by 6 orders of magnitude.

Original languageEnglish (US)
Title of host publicationSIGCOMM 2021 - Proceedings of the ACM SIGCOMM 2021 Conference
PublisherAssociation for Computing Machinery, Inc
Pages50-64
Number of pages15
ISBN (Electronic)9781450383837
DOIs
StatePublished - Aug 9 2021
Event2021 Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, SIGCOMM 2021 - Virtual, Online, United States
Duration: Aug 23 2021Aug 27 2021

Publication series

NameSIGCOMM 2021 - Proceedings of the ACM SIGCOMM 2021 Conference

Conference

Conference2021 Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, SIGCOMM 2021
Country/TerritoryUnited States
CityVirtual, Online
Period8/23/218/27/21

Keywords

  • BPF
  • endpoint packet processing
  • stochastic optimization
  • synthesis

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Synthesizing safe and efficient kernel extensions for packet processing'. Together they form a unique fingerprint.

Cite this