20-24 September 2021
US/Pacific timezone

BPF security auditing at Google

24 Sep 2021, 08:40
40m
Networking and BPF Summit/Virtual-Room (LPC Virtual)

Networking and BPF Summit/Virtual-Room

LPC Virtual

150
Networking & BPF Summit (Closed) BPF & Networking Summit

Speakers

Brendan Jackman (Google) KP Singh (Google)

Description

We’ll discuss some recent and ongoing work we’ve been doing to audit Google’s Linux systems with eBPF. We’ll look at a case study of the problems we’ve solved for logging process lifecycles, and then look at the challenges we’re facing to make these systems as reliable and maintainable as possible. The topics we’ll cover include:

  • A brief overview of the BPF LSM
  • Why and how we ended up adding atomics to eBPF
  • Why we implemented task-local BPF storage
  • How we push large data blobs through the BPF ringbuffer (and how we’d like to improve it)
  • Why we wish we didn’t have to attach to so many fexit hooks (and what we’d like to do about it)
I agree to abide by the anti-harassment policy I agree

Primary authors

Brendan Jackman (Google) KP Singh (Google)

Presentation Materials