eBPF is a virtual machine that can run user-defined code in the Linux kernel. The ability to generate eBPF bytecode from Julia would allow our Linux users to introspect, manipulate, and explore the core of their operating system from the comfort of a high-level language. In this talk, I will explain the basics of eBPF, how it's integrated and used in the Linux kernel, and how we can use "eBPF superpowers" from Julia.
eBPF (extended Berkeley Packet Filter) is a virtual machine specification and machine code ISA originally designed for packet filtering in operating system kernels. eBPF is designed to be simple and compact enough to be trivially converted to native machine code, making it very portable across machine architectures. eBPF is developed in tandem with the Linux kernel, intended to be an internal runtime for safely executing user-defined code within the Linux kernel, where it allows users to introspect (and even modify) the functioning of their kernel's various subsystems. Given the key role that the OS kernel plays in allowing modern computers to function, it is thus no surprise that the ability to write and install eBPF kernels is considered a Linux "superpower".
As we can see from the example set by CUDA.jl, Julia is an excellent language for writing portable code which can execute on a variety of architectures with minimal changes. Recognizing this, I created BPFnative.jl as an interface from Julia to eBPF and the Linux kernel. BPFnative.jl allows users to write eBPF kernels in pure Julia, compile them into eBPF bytecode, and install them at various locations in the Linux kernel. This allows users with a minimal understanding of eBPF to explore their OS kernel at runtime, and thanks to the security measures and verifier built into the Linux eBPF VM, makes this a very safe thing to do.
For this talk, I will introduce the basics of eBPF and why Linux users should care about it, and then provide examples (including code snippets) of how to create eBPF kernels for introspecting various parts of the Linux kernel with BPFnative.jl. I will strive to make the examples relevant to everyday Linux users who want to find out more about what their OS is doing behind the scenes, without having to fully understand how the Linux kernel works. I will also encourage interested users to explore other parts of their OS with eBPF, and submit examples to BPFnative.jl to benefit the community.