[$] Reconsidering the multi-generational LRU
The multi-generational LRU (MGLRU) is an alternative memory-management algorithm that was merged for the 6.1 kernel in late 2022. It brought a promise of much-improved performance [...]
https://lwn.net/Articles/1060967/ #LWN #Linux #kernel #Android #Git #BPF #LSFMMBPF
@yuka@s.umeyashiki.org @davidculley@hachyderm.io @sakarepmu@mstdn.party
Let's not forget #nvme, #io_uring, #blockdev, and #bpf subsystems. Those are also maintained by #facebook employees.
[$] The ongoing quest for atomic buffered writes
There are many applications that need to be able to write multi-block chunks of data to disk with the assurance that the operation will either complete successfully or fail altoget [...]
https://lwn.net/Articles/1060063/ #LWN #Linux #kernel #Git #PostgreSQL #PostgreSQL #XFS #BPF #io_uring
[$] No hardware memory isolation for BPF programs
On February 12, Yeoreum Yun posted a suggestion for an improvement to the security of the kernel's BPF implementation: use memory protection keys to prevent unauthorized access to [...]
[$] Compact formats for debugging—and more
At the 2025 Linux Plumbers Conference in Tokyo, Stephen Brennan gave a presentation on the debuginfo format, which contains the symbols and other information needed for debugging, [...]
https://lwn.net/Articles/1057295/ #LWN #Linux #Debian #GCC #Python #BPF #LPC
[$] The first half of the 7.0 merge window
The merge window for Linux 7.0 has opened, and with it comes a number of interesting improvements and enhancements. At the time of writing, there have been 7,695 non-merge commits [...]
https://lwn.net/Articles/1057769/ #LWN #Linux #kernel #Clang #Rust #Git #XFS #BPF #io_uring
Linux 7.0 Adds support For BPF Filtering To IO_uring (phoronix.com)
#io_uring #bpf filter support was merged for #Linux 7.0 by @axboe
https://git.kernel.org/torvalds/c/591beb0e3a03258ef9c01893a5209845799a7c33 [update] see also: https://lwn.net/Articles/1054225/ and for the liburing side (which has both man pages and an extensive test case that also demonstrate how to use it) https://git.kernel.org/pub/scm/linux/kernel/git/axboe/liburing.git/commit/ [/update]
""This adds support for both cBPF filters for io_uring, as well as task inherited restrictions and filters. […]
seccomp and io_uring don't play along nicely, […] As a result, things like containers and systemd that apply seccomp filters, can't filter io_uring operations.
That leaves them with just one choice if filtering is critical - filter the actual io_uring_setup(2) system call to simply disallow io_uring. That's rather unfortunate, and has limited us because of it.
io_uring already has some filtering support. […] This first adds support for cBPF filters for opcodes, which enables tighter control over what exactly a specific opcode may do. […] These filters are run post the init phase of the request […] On top of that support is added for per-task filters , meaning that any ring created with a task that has a per-task filter will get those filters applied when it's created.[…]""
Решаем архитектурную проблему nginx с HTTP/3: опыт Angie и магия eBPF
Для пользователя может показаться, что переход с HTTP/2 на HTTP/3 — это просто замена TCP на UDP в конфиге. Но для серверного ПО с многопроцессной архитектурой этот шаг превращается в настоящую «головную боль». Классическая схема с accept() , на которой годами строилась работа с TCP‑соединениями, в мире QUIC попросту не существует. Пакеты летят в UDP‑порт, и ядро ОС больше не знает, какому именно рабочему процессу их отдать. В оригинальном nginx это привело к тому, что поддержка HTTP/3 уже долгое время остается «экспериментальной» и ограниченной: она страдает от проблем с обрывами сессий при миграции клиентов и деградации сервиса при обновлении конфигурации. Для многих это стало стоп‑фактором для внедрения протокола в реальный продакшен. В этой статье мы расскажем, как в Angie 1.11 нам удалось устранить эти фундаментальные недостатки. Мы не просто добавили поддержку протокола, а пересмотрели механику взаимодействия с ядром. Путь от простых хешей до создания полноценного аналога accept() для QUIC с помощью BPF‑программ позволил нам заявить: реализация HTTP/3 в Angie закончена, лишена «детских болезней» nginx и полностью готова к эксплуатации в высоконагруженных средах. Добро пожаловать под капот современного транспорта данных.
https://habr.com/ru/articles/989748/
#http3 #nginx #quic #сетевое_программирование #ebpf #bpf #angie #h3 #многопроцессность #udp
eBPF.party – Learn eBPF through hands-on exercises. Write, compile, and run programs directly in your browser:
""[…] eBPF (Extended Berkeley Packet Filter) lets you attach tiny, sandboxed programs directly to the #Linux #kernel, no restarts, no recompiling, no intrusive overhead. In practice, you gain X-ray vision into your system’s behavior, in real time, with almost zero performance penalty.
And thanks to the amazing CLI tools built around eBPF, you can debug problems that were previously “impossible” to catch. […]""
1. bpftrace: The ultimate custom debugger
2. execsnoop: Catching fleeting processes
3. opensnoop: Permission denied demystified
4. tcplife: Tracing microservice sessions
5. gethostlatency: Fixing intermittent slowness
6. biotop: Disk I/O task manager
7. biolatency: The I/O performance historian
8. tcpretrans: Spotting network reliability issues
9. tcpconnect: Tracing outbound connections
10. tcpaccept: Tracing inbound connections
11. biosnoop: I/O operations in detail
12. bpftool: Inspect and debug eBPF programs already running
Recordings from last week's @linuxplumbersconf 2025 are now available.🥳
You have two options to find the ones you might be interested in:
* Look through this YouTube-Playlist (https://www.youtube.com/playlist?list=PLVsQ_xZBEyN3-ZbrEgTiCpm1-Sg_ihLVF)
* Find and open interesting talks via the Schedule Overview (https://lpc.events/event/19/timetable/#all) or the Detailed Schedule (https://lpc.events/event/19/timetable/?view=lpc), as the individual talk descriptions link to the videos. And as a bonus, they besides the summary usually contain links to the slides shown, too.
#Linux #kernel #LinuxPlumbersConference #LinuxPlumbersConference2025 #eBPF #BPF
Мониторинг в Linux на уровне ядра. Краткое практическое введение в eBPF+Cilium
Добрый день, всем читающим данную статью. Недавно эксперементируя с eBPF для разработки нового функционала своей EDR для linux-серверов , я столкнулся с огромной проблемой: на просторах интернета есть огромный пласт статей по теории работы с eBPF, однако кратких практических статей как работать с BPF мной найдено не было. Если быть более точным, то такие статьи есть, однако, они не дают понимания функционала. В общем, в данной статье хотелось бы написать краткий гайд по работе с eBPF с уклоном в практику
https://habr.com/ru/articles/972602/
#eBPF #bpf #go #edr #разработка #мониторинг #трассировка #ядро #ядро_linux #linux
☀️The deeply detailed talk from ulexec and secoalba from @inversive_xyz about reverse engineering #Solana #eBPF binaries with #radare2 was built on top of several improvements for the elf bin parser and the architecture support for the 64bit #BPF.
All that stuff was also included in the last r2-6.0.6 release:
- esil emulation of bytecode
- pseudo decompilation
- AI-based disassembly
- bpf-specific elf relocs
- bpf-specific analysis plugin to extract strings
- document every bpf instruction
- support multiple "cpu" models
- binary patching and assembling BPF instructions
Cook some popcorns and take notes because their presentation was really detailed! Worth watching!
🎥 https://www.youtube.com/watch?v=IAt-HgKPN88
Je suis à Cyb'Air aujourd'hui et mes slides sont sur https://GitHub.com/cryptax/talks.
C'était sur des variantes de 2025 de Linux/Symbiote et BPFDoor. Avec des nouveautés sur le filtre BPF comme le support d'IPv6.
Les samples sont analysés avec r2, r2ai, r2mcp et mcpico.
Kernel Recipes 2025 c'est fini : les vidéos sont en ligne ! https://linuxfr.org/news/kernel-recipes-2025-c-est-fini-les-videos-sont-en-ligne #kernel_recipes #virtualisation #conférence #communauté #kernel #Noyau #rust #bpf
Wow, riveting stuff: a bunch of geeks decided it's finally time for a #GNU makeover with #BPF support. They gathered at the 2025 GNU Tools #Cauldron to talk shop—because nothing screams #innovation like a cauldron and a horde of #kernel #enthusiasts 🧙🔧. Who knew #toolchains could be this exciting? 🌟
https://lwn.net/Articles/1039827/ #HackerNews #ngated
Next steps for BPF support in the GNU toolchain
https://lwn.net/Articles/1039827/
#HackerNews #BPF #GNU #Toolchain #Linux #Development #OpenSource #TechNews
