forked from eunomia-bpf/bpftime
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CITATION.cff
65 lines (64 loc) · 2.47 KB
/
CITATION.cff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!
cff-version: 1.2.0
title: bpftime
message: >-
If you use this software, please cite it using the
metadata from this file.
type: software
authors:
- given-names: Yusheng
family-names: Zheng
email: [email protected]
- given-names: Tong
family-names: Yu
- given-names: Yiwei
family-names: Yang
- given-names: Yanpeng
family-names: Hu
- given-names: XiaoZheng
family-names: Lai
- given-names: Andrew
family-names: Quinn
identifiers:
- type: url
value: 'https://arxiv.org/abs/2311.07923'
description: >-
bpftime: userspace eBPF Runtime for Uprobe, Syscall
and Kernel-User Interactions
repository-code: 'https://github.com/eunomia-bpf/bpftime'
url: 'https://eunomia.dev/bpftime/'
abstract: >-
In kernel-centric operations, the uprobe component of eBPF
frequently encounters performance bottlenecks, largely
attributed to the overheads borne by context switches.
Transitioning eBPF operations to user space bypasses these
hindrances, thereby optimizing performance. This also
enhances configurability and obviates the necessity for
root access or privileges for kernel eBPF, subsequently
minimizing the kernel attack surface. This paper
introduces bpftime, a novel user-space eBPF runtime, which
leverages binary rewriting to implement uprobe and syscall
hook capabilities. Through bpftime, userspace uprobes
achieve a 10x speed enhancement compared to their kernel
counterparts without requiring dual context switches.
Additionally, this runtime facilitates the programmatic
hooking of syscalls within a process, both safely and
efficiently. Bpftime can be seamlessly attached to any
running process, limiting the need for either a restart or
manual recompilation. Our implementation also extends to
interprocess eBPF Maps within shared memory, catering to
summary aggregation or control plane communication
requirements. Compatibility with existing eBPF toolchains
such as clang and libbpf is maintained, not only
simplifying the development of user-space eBPF without
necessitating any modifications but also supporting CO-RE
through BTF. Through bpftime, we not only enhance uprobe
performance but also extend the versatility and
user-friendliness of eBPF runtime in user space, paving
the way for more efficient and secure kernel operations.
keywords:
- userspace
- plugin
- eBPF
license: MIT