Kernel Analysis Using eBPF - Daniel Thompson, Linaro

The extensions in eBPF, the extended Berkley Packet Filter, transformed BPF into a powerful in-kernel virtual machine and ultimately allowed eBPF programs to be attached to many parts of the kernel, many of which have nothing to do with network packets!

In this session Daniel will review the low-level mechanisms that allow developers to gather information for debug and tuning by attaching eBPF programs to probe and tracepoints. Daniel will follow up by dissecting a roll-your-own example program to illustrate how userspace exploits these mechanisms.

After that we move from theory to practice by looking at several userspace tools that allow developers to write high level eBPF programs (or run other peoples pre-canned ones) and process the resulting data.

About Daniel Thompson

Currently working at Linaro where I am tech lead for the Support and Solutions Engineering team. This team provides a mixture of technical support (for developers), training and custom engineering services to Linaro members and our professional services customers. As part of my work at Linaro I have become a co-maintainer of the Linux kernel kgdb/kdb and backlight sub-systems. I am also heavily involved in the 96Boards activities at Linaro.

My speaking experience includes presenting our real-time communications software at a small conference for silicon vendors (under a previous employer) and I have spoken numerous times at the Linaro Connect conference. At ‘Connect I have presented in the technical track and the training track. I also presented a short slot during the keynotes at the last connect.