High Velocity Kernel File Systems with Bento

https://www.usenix.org/conference/fast21/presentation/miller

• Kernel File System Development is slow

  • High development and deployment velocity are critical to modern cloud systems

  • Linux kernel development and deployment are slow

  • File systems are particularly affected due to advances in storage hardware and new demands by cloud systems

• Existing techniques aren't efficient

  • 

  • eBPF: in-kernel VM that runs user-provided program at pre-specified points, but quite restricted

• Goals

  • High performance: has low performance overhead

  • Safety: prevention of bugs in the file system

  • General programmability: supports a wide variety of potential file systems

  • Compatibility: works with Linux and existing Linux binaries

  • Live Upgrade: can redeploy file systems without service downtime

  • User-level debugging: file system can be debugged easily with a variety of tools

  • Open Source

• Bento

  • File systems are implemented in safe Rust

    • Imposes little overhead and supports most designs

  • How can we integrate a safe Rust system in the kernel?

  • How can we dynamically replace the file system?

  • How can we support user-level execution?

BentoFS

• Standalone C kernel module that hooks into VFS

• Maintains an active list of file systems

• Translate VFS calls to FUSE low-level API

• Forwards call to the correct FS

FS module

• Contains the file system and two Rust libraries: libBentoFS and libBentoKS

libBentoFS

• Between BentoFS and the file system

• Converts unsafe C from BentoFS to safe Rust

  • Converts C types to Rust types

  • Converts pointers to references

libBentoKS

• Between the file system and the rest of the kernel

• Provides access to efficient, well-tested kernel services

• Provides safe abstractions around kernel services

  • Ensures correct ownership

  • Handles resource allocation and deallocation

Live Upgrade

• Live upgrade component in BentoFS

• When an upgrade module is inserted

  • BentoFS stop calls to the file system

  • Old file system cleans up and returns state struct

  • New file system initializes using state and returns

  • BentoFS swaps pointers and allows calls to proceed

Userspace Execution

• Bento file system can be run in userspace without any changes to the code

• Most interfaces provided by libBentoFS and libBentoKS are identical to existing userspace interfaces

• File system can be compiled to run in userspace using a build flag

Evaluation

• Competitive performance?

• How does live upgrade impact availability?