Much of the recent discussion regarding the Ktap dynamic tracing system was focused on the addition of a Lua interpreter and virtual machine to the kernel. Virtual machines seem like an inappropriate component to be running in kernel space. But, in truth, the kernel already contains more than one virtual machine. One of those, the BPF interpreter, has been growing in features and performance; it now looks to be taking on roles beyond its original purpose. In the process, it may result in a net reduction in interpreter code in the kernel.
最近关于 Ktap 动态追踪系统的讨论大多集中在将 Lua 解释器和虚拟机引入内核的问题上。虚拟机似乎并不适合运行在内核空间中。但事实上,内核中已经包含了不止一个虚拟机。其中之一就是 BPF(Berkeley Packet Filter)解释器,它的功能和性能正不断增强;现在它似乎正在承担超出其最初设计范围的角色。在这个过程中,它可能会使内核中的解释器代码总量有所减少。
"BPF" originally stood for "Berkeley packet filter"; it got its start as a simple language for writing packet-filtering code for utilities like tcpdump. Support for BPF in Linux was added by Jay Schulist for the 2.5 development kernel; for most of the time since then, the BPF interpreter has been relatively static, seeing only a few performance tweaks and the addition of a few instructions for access to packet data. Things started to change in the 3.0 release, when Eric Dumazet added a just-in-time compiler to the BPF interpreter. In the 3.4 kernel, the "secure computing" (seccomp) facility was enhanced to support a user-supplied filter for system calls; that filter, too, is written in the BPF language.
“BPF” 最初代表 “伯克利包过滤器(Berkeley Packet Filter)”;它最早作为一种用于编写数据包过滤代码的简单语言出现在诸如 tcpdump 这样的工具中。Jay Schulist 在 Linux 2.5 开发版内核中引入了对 BPF 的支持;从那以后大部分时间里,BPF 解释器基本保持不变,仅有少量性能优化以及用于访问数据包数据的指令被添加。到了 3.0 版本,情况发生了变化,Eric Dumazet 为 BPF 解释器添加了 JIT(即时编译器)。而在 3.4 内核中,“安全计算(seccomp)”机制被增强,以支持用户提供的系统调用过滤器;这些过滤器同样使用 BPF 语言编写。
The 3.15 kernel sees another significant change in BPF. The language has now been split into two variants, "classic BPF" and "internal BPF". The latter expands the set of available registers from two to ten, adds a number of instructi