High Velocity Kernel File Systems with Bento

https://www.usenix.org/conference/fast21/presentation/miller

  • Kernel File System Development is slow

    • High development and deployment velocity are critical to modern cloud systems

    • Linux kernel development and deployment are slow

    • File systems are particularly affected due to advances in storage hardware and new demands by cloud systems

  • Existing techniques aren't efficient

    • eBPF: in-kernel VM that runs user-provided program at pre-specified points, but quite restricted

  • Goals

    • High performance: has low performance overhead

    • Safety: prevention of bugs in the file system

    • General programmability: supports a wide variety of potential file systems

    • Compatibility: works with Linux and existing Linux binaries

    • Live Upgrade: can redeploy file systems without service downtime

    • User-level debugging: file system can be debugged easily with a variety of tools

    • Open Source

  • Bento

    • File systems are implemented in safe Rust

      • Imposes little overhead and supports most designs

    • How can we integrate a safe Rust system in the kernel?

    • How can we dynamically replace the file system?

    • How can we support user-level execution?

BentoFS

  • Standalone C kernel module that hooks into VFS

  • Maintains an active list of file systems

  • Translate VFS calls to FUSE low-level API

  • Forwards call to the correct FS

FS module

  • Contains the file system and two Rust libraries: libBentoFS and libBentoKS

libBentoFS

  • Between BentoFS and the file system

  • Converts unsafe C from BentoFS to safe Rust

    • Converts C types to Rust types

    • Converts pointers to references

libBentoKS

  • Between the file system and the rest of the kernel

  • Provides access to efficient, well-tested kernel services

  • Provides safe abstractions around kernel services

    • Ensures correct ownership

    • Handles resource allocation and deallocation

Live Upgrade

  • Live upgrade component in BentoFS

  • When an upgrade module is inserted

    • BentoFS stop calls to the file system

    • Old file system cleans up and returns state struct

    • New file system initializes using state and returns

    • BentoFS swaps pointers and allows calls to proceed

Userspace Execution

  • Bento file system can be run in userspace without any changes to the code

  • Most interfaces provided by libBentoFS and libBentoKS are identical to existing userspace interfaces

  • File system can be compiled to run in userspace using a build flag

Evaluation

  • Competitive performance?

  • How does live upgrade impact availability?

PreviousBPF for Storage: An Exokernel-Inspired ApproachNextIncremental Path Towards a Safe OS Kernel

Last updated