Dynamic Control of eBPF Program Execution in an Operating System Kernel

Dynamic Control of eBPF Program Execution in an Operating System Kernel

Managing execution of eBPF program capabilities is provided. A comparison of a currently in use helper-id list with an allowable helper-id list of an eBPF program is performed. It is determined whether a set of unallowable helper-ids exists that is included in the currently in use helper-id list but...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Li, Qi, Liu, Xiaojing, Tian, Yong Quan, Huo, Qi Feng, Chen, Xiao Ling
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Managing execution of eBPF program capabilities is provided. A comparison of a currently in use helper-id list with an allowable helper-id list of an eBPF program is performed. It is determined whether a set of unallowable helper-ids exists that is included in the currently in use helper-id list but not in the allowable helper-id list based on the comparison. A blocked helper-id list of the eBPF program that includes the set of unallowable helper-ids and a corresponding unallowable capability of each respective unallowable helper-id is generated in response to determining that the set of unallowable helper-ids does exist. The set of unallowable helper-ids and the corresponding unallowable capability of each respective unallowable helper-id is removed from bytecode of the eBPF program in order to have only allowable helper-ids remain in the bytecode along with corresponding allowable capabilities of the eBPF program.