Website for EuroSys'25 paper "Revealing the Unstable Foundations of eBPF-Based Kernel Extensions"
Shawn (Wanxiang) Zhong, Jing Liu, Andrea Arpaci-Dusseau, and Remzi Arpaci-Dusseau
Paper | Code | Dataset | Website | Slides | Poster
Abstract
eBPF programs significantly enhance kernel capabilities, but encounter substantial compatibility challenges due to their deep integration with unstable kernel internals. We introduce DepSurf, a tool that identifies dependency mismatches between eBPF programs and kernel images. Our analysis of 25 kernel images spanning 8 years reveals that dependency mismatches are pervasive, stemming from kernel source code evolution, diverse configuration options, and intricate compilation processes. We apply DepSurf to 53 real-world eBPF programs, and find that 83% are impacted by dependency mismatches, underscoring the urgent need for systematic dependency analysis. By identifying these mismatches, DepSurf enables a more robust development and maintenance process for eBPF programs, enhancing their reliability across a wide range of kernels.Citation
@inproceedings{10.1145/3689031.3717497,
author = {Zhong, Shawn Wanxiang and Liu, Jing and Arpaci-Dusseau, Andrea and Arpaci-Dusseau, Remzi},
title = {Revealing the Unstable Foundations of eBPF-Based Kernel Extensions},
year = {2025},
isbn = {9798400711961},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3689031.3717497},
doi = {10.1145/3689031.3717497},
abstract = {eBPF programs significantly enhance kernel capabilities, but encounter substantial compatibility challenges due to their deep integration with unstable kernel internals. We introduce DepSurf, a tool that identifies dependency mismatches between eBPF programs and kernel images. Our analysis of 25 kernel images spanning 8 years reveals that dependency mismatches are pervasive, stemming from kernel source code evolution, diverse configuration options, and intricate compilation processes. We apply DepSurf to 53 real-world eBPF programs, and find that 83\% are impacted by dependency mismatches, underscoring the urgent need for systematic dependency analysis. By identifying these mismatches, DepSurf enables a more robust development and maintenance process for eBPF programs, enhancing their reliability across a wide range of kernels.},
booktitle = {Proceedings of the Twentieth European Conference on Computer Systems},
pages = {21–41},
numpages = {21},
location = {Rotterdam, Netherlands},
series = {EuroSys '25}
}
DepSurf requires Python 3.11 or higher. Tested on Ubuntu 22.04 and Ubuntu 24.04.
We recommend using uv for environment setup:
curl -LsSf https://astral.sh/uv/install.sh | shDownload the source code from GitHub:
git clone https://github.com/ShawnZhong/DepSurf.git
cd DepSurf
git submodule update --init --recursiveThen, you can run the following commands to start Jupyter Lab:
uv run jupyter labPlease follow the instructions in the following Jupyter notebooks to reproduce the results in the paper.
Note
We have pre-generated the dataset and made it available at data/dataset. If you only wish to analyze the results, you may skip 11_download.ipynb and 20_dataset.ipynb to save time and disk space.
-
00_deps.ipynbinstalls the dependencies (3 min) -
11_download.ipynbdownloads the Linux kernel packages (15 min, 23 GB) -
20_dataset.ipynbgenerates the dataset (10 min, 20 GB) -
30_diff.ipynbanalyzes the dependency surface differences (2 min) -
35_src.ipynbgenerates Table 3 for source code changes -
36_breakdown.ipynbgenerates Table 4 for a breakdown of changes -
39_config.ipynbgenerates Table 5 for configuration differences -
40_inline.ipynbplots Figure 5 for function inlining (3 min) -
41_transform.ipynbplots Figure 6 for function transformations (3 min) -
42_dup.ipynbgenerates Table 6 for functions with the same name (30 sec) -
50_programs.ipynbanalyzes the eBPF programs (5 min) -
51_plot.ipynbplots Figure 4 for dependency report -
52_summary.ipynbgenerates Table 7 & 8 for summary of dependency set analysis