This article can be found at: https://www.ebpf.top/post/bpf_sched_ext_dive_into Linux Process Scheduler CFS Scheduler EEVDF Scheduler Implementation Mechanism of BPF Scheduler Extender sched_ext Addition 1: SCHED_EXT Scheduling Class Addition 2: eBPF Custom Scheduler Functions Workflow of SCHED_EXT Scheduling Class Scheduling Cycle Workflow Switching to sched_ext Summary In the article Linus Strongly Pushes for Inclusion: BPF Empowers Scheduler Success, we reviewed the journey of BPF in the scheduler integration process within the community. Patch V7 is prepared for merging into 6.11, and subsequently, the code repository has also changed to kernel git address. It is only a matter of time for the merge to happen. This blog post will focus on the implementation principles of sched_ext. sched_ext is an extensible scheduler class jointly introduced by Meta and Google, referred to as ext_sched_class or sched_ext. This mechanism allows users to optimize scheduler strategies for specific workloads or scenarios by implementing scheduling classes through defined BPF programs.……

Continue reading

Read more at: https://www.ebpf.top/post/bpf_sched_ext 1. The Emergence of Pluggable Scheduler [2004] In 2004, Con Kolivas from the Linux community proposed the idea of a pluggable scheduler, envisioning multiple schedulers in the kernel that users could choose during boot. The principle behind the patch submission involved splitting a significant amount of code into a common part in kernel/sched.c and a private part. It also included pointers in the scheduler.c file that directed functions handling scheduling tasks, which were invoked for various process events (fork(), exit(), etc.), to gather scheduling-related information. Implementing a new scheduler simply required writing replacement functions and integrating them. However, this submission faced strong opposition from community developer Ingo Molnar, who believed that having pluggable schedulers would discourage patches for scheduling domains and instead lead to separate schedulers for specific scenarios like NUMA scheduling and SMP scheduling. Ingo Molnar’s standpoint was clear: If everyone focuses on their own little family, the scheduler as a big family will lack organization and code contributions, leading to the existence of schedulers tailored to specific scenarios.……

Continue reading

This article is available at: https://www.ebpf.top/post/lsm_bpf_intro 1. Background on Security 2. General Framework of Kernel Security Policy Module LSM 2.1 Introduction to LSM Framework 2.2 Architecture of LSM 2.3 Hook Functions in LSM 3. LSM BPF 3.1 BCC Practice 3.2 libbpf-bootstrap Framework Practice 4. Summary 5. Appendix: Process of Finding LSM Hot Patch Kernel Vulnerabilities Monitoring Hook Points 1. Background on Security Internationally, computer security is summarized by three main characteristics: Confidentiality, Integrity, and Availability (CIA). Confidentiality means that data is not visible to unauthorized individuals. Integrity refers to information not being altered during storage or transmission. Availability implies that one’s devices can be used when needed. There are roughly four methods that computer systems employ to address security challenges: isolation, control, auditing, and obfuscation. Access control involves controlling access, representing the subject’s actions on objects. Access control primarily involves defining subjects and objects, operations, and setting access policies.……

Continue reading

Site link: https://www.ebpf.top/post/bpf2pbpf_tail_call Author: Richard Li (Original author’s permission obtained) Original article link: https://blog.csdn.net/weixin_43705457/article/details/123474244 1. Introduction 2. Tail Call 3. BPF to BPF Calls 4. CO-RE Sample 5. Tail Call Costs in eBPF 6. Summary 7. References 1. Introduction This article first introduces the general restrictions and usage of tail calls, compares them with BPF to BPF calls, and finally provides a modified version I made of the tail call sample in the kernel source code (using CO-RE). (When learning about tail calls, I struggled with not having a simple and understandable example that could run, so I ended up creating one myself. I believe this version is the most beginner-friendly and logically clear among all examples currently available). 2. Tail Call BPF provides a capability to safely inject code when kernel events and user program events occur, allowing non-kernel developers to control the kernel.……

Continue reading