On the implications of unsafe eBPF composition

Somaraju, Sai Roop

10 June 2024

In the era of Linux being omnipresent, the demand for dynamically extending kernel capabil- ities without requiring changes to kernel source code or loading kernel modules at runtime is increasing. This is driven by numerous use cases such as observability, security, and network- ing, which can be efficiently addressed at the system level, underscoring the importance of such extensions. Any extension requires programmers to possess high levels of skill and thor- ough testing to ensure complete safety. The eBPF subsystem in the Linux kernel addresses this challenge by allowing applications to enhance the kernel's capabilities at runtime, while ensuring stability and security. This guaranteed safety is facilitated by the verifier engine, which statically verifies BPF code. In this thesis, we identify that the verifier implicitly relies on safety assumptions about its runtime execution environment, which are not being upheld in certain scenarios. One such critical aspect of the execution environment is the availability of stack space for use while executing the BPF program. Specifically, we high- light this fundamental issue in certain configuration of the BPF runtime environment within the Linux kernel and how this unsafe composition allowed for kernel stack overflow, thus violating safety guarantees. To tackle this problem, we propose a stack switching approach to ensure stack safety and evaluate its effectiveness. / Master of Science / Many platforms worldwide, including Meta, Netflix, Google, Cloudflare, and others, rely on the Linux kernel to manage their servers. To ensure system security, improve monitoring, and enhance networking efficiency, various kernel capabilities are dynamically added or re- moved at runtime without the need for reboots, thus minimizing downtime for users. The Linux Extended Berkeley Packet Filter (eBPF) subsystem facilitates dynamic and safe ex- tension by securely verifying the code injected into the kernel. This eases server maintenance tasks, eliminating concerns about system crashes when making runtime changes as eBPF is guaranteeing safety at all times. In our research, we demonstrate that if we attach verified eBPF in a certain manner, we can potentially stack overflow the kernel stack and crash the whole kernel due to unsafe composition with the Kernel. We also propose two solutions to this problem, which can ensure that eBPF remains safe while adhering to the guarantees it provides.

Extended Berkeley Packet Filter

Linux

Stack Overflow

Segment Routing Based Traffic Engineering : A QoS adaptive rerouting using segment routing approach based on IPv6 to mitigate network congestion / Segment Routing Baserad Trafikstyrning : En QoS-anpassad omdirigering med segmenteringsrouting baserad på IPv6 för att mildra nätverksöverbelastning.

Javid, Sepehr

January 2023

In modern networks, the increasing volume of network traffic and the diverse range of services with varying requirements necessitate the implementation of more advanced routing decisions and traffic engineering. This academic study proposes a QoS adaptive mechanism called "Sepitto", which utilizes Segment routing protocols, specifically SRv6, to address network-traffic control and congestion avoidance. Sepitto leverages data-plane traffic to convey Linux Qdisc statistics, such as queue size, packet drops, and buffer occupancy, in each Linux-based virtual router. By incorporating this information, edge routers become aware of the current network status, enabling them to make informed decisions regarding traffic paths based on QoS classes. SRv6 is employed to direct traffic along desired paths, avoiding congested links and minimizing queuing delays and overall latency. Moreover, Sepitto offers network administrators an interface to customize decision-making processes based on their policies, assigning costs to network graph edges by associating the provided statistics to a certain cost. To incorporate these costs, the implementation employs the Dijkstra algorithm to determine the path with the lowest cost. Performance analysis of Sepitto reveals minimal overhead compared to traditional routing methods, while effectively mitigating network congestion. The results demonstrate that Sepitto reduces traffic round-trip time during congestion while maintaining differentiated treatment for various QoS classes. / I moderna nätverk kräver den ökande volymen av nätverkstrafik och det varierade utbudet av tjänster med olika krav att mer avancerade ruttbeslut och trafikhantering implementeras. Denna akademiska studie föreslår en QoS-anpassningsmekanism kallad Sepitto", som använder sig av Segment Routing-protokoll, specifikt SRv6, för att hantera nätverkstrafik och undvika trängsel. Sepitto utnyttjar dataplanttrafik för att överföra Linux Qdisc-statistik, såsom köstorlek, paketförluster och buffertbeläggning, i varje Linux-baserad virtuell router. Genom att införliva denna information blir kantrouter medvetna om den aktuella nätverksstatusen och kan fatta informerade beslut om trafikvägar baserat på QoS-klasser. SRv6 används för att styra trafiken längs önskade vägar, undvika överbelastade länkar och minimera köfördröjningar och övergripande latens. Dessutom erbjuder Sepitto nätverksadministratörer ett gränssnitt för att anpassa beslutsprocesser baserat på deras policy, genom att tilldela kostnader till nätverksgrafens bågar genom att associera de tillhandahållna statistiken till en viss kostnad. För att införliva dessa kostnader använder implementeringen Dijkstras algoritm för att bestämma vägen med lägst kostnad. Prestandaanalysen av Sepitto visar minimal överbelastning jämfört med traditionella rutteringsmetoder samtidigt som den effektivt motverkar nätverksträngsel. Resultaten visar att Sepitto minskar trafiklatensen under trängsel samtidigt som differentierad behandling bibehålls för olika QoS-klasser.

Segment Routing with IPv6

Quality of Service

Congestion

Extended Berkeley Packet Filter

Segmentering av vägval med IPv6

Tjänstekvalitet

Överbelastning

Utökad Berkeley Packet Filter

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik