Overview (Yes, this is just copied from our paper abstract.)

The Linux kernel extensively uses the Berkeley Packet Filter (BPF) to allow user-written BPF applications to execute in the kernel space. The BPF employs a verifier to check the security of user-supplied BPF code statically. Recent attacks show that BPF programs can evade security checks and gain unauthorized access to kernel memory, indicating that the verification process is not flawless. In this paper, we present Moat, a system that isolates potentially malicious BPF programs using Intel Memory Protection Keys (MPK). Enforcing BPF program isolation with MPK is not straightforward; Moat is designed to alleviate technical obstacles, such as limited hardware keys and the need to protect a wide variety of BPF helper functions. We implement Moat on Linux (ver. 6.1.38), and our evaluation shows that Moat delivers low-cost isolation of BPF programs under mainstream use cases, such as isolating a BPF packet filter with only 3% throughput loss.


(1) How to run Moat?

Check out our repo. We have a detailed guide on how to setup and run Moat. If you have questions about Moat, you can contact @jwnhy. We will try to help you. (if you cite this paper; this is a joke.)
Note that this is a highly experimental prototype. DO NOT USE IT IN PRODUCTION.

(2) What challenges has Moat overcome?

MPK only supports up to 16 domains, the # BPF could be way over this number. We use a 2-layer isolation scheme to support unlimited BPF programs. The first layer deploys MPK to set up a lightweight isolation between the kernel and BPF programs. This eliminates the possibility of BPF program attacking the kernel. However, MPK alone cannot prevent a malicious BPF program from attacking other BPF programs. To address this problem, we put each BPF program into its own address space and use PCID to reduce the TLB overhead.
We also propose two scheme to regulate the bahavior of BPF helper functions to prevent them from being abused by malicious BPF programs.

(3) What are the application scenarios for Moat?

If you want to allow unprivileged user to run BPF programs, but you don't want these BPF programs break your system, then you might consider migrating Moat to your system.
There are other things you need to fully enable unprivileged BPF on your system (e.g., access control), Moat only ensures the memory/helper safety of your BPF programs.

(4) What will we do in the future?

We are actively working with some company on turning Moat into a production-level system.

Manuscript & Prototype

Prototype on Github


Moat: Towards Safe BPF Kernel Extension

Hongyi Lu, Shuai Wang, Yechang Wu, Wanning He, Fengwei Zhang

To Appear in the Proceedings of 33nd USENIX Security Symposium

author = {Lu, Hongyi and Wang, Shuai and Wu, Yechang and He, Wanning and Zhang, Fengwei},
title = {{MOAT}: {Towards} {Safe} {BPF} {Kernel} {Extension}},
booktitle = {33nd USENIX Security Symposium},
year = {2024}