From dc217d2def84959139294b4208de52a3fca5f529 Mon Sep 17 00:00:00 2001 From: yunwei37 Date: Sat, 4 Oct 2025 01:39:48 -0700 Subject: [PATCH] docs: update eBPF tutorial to include recent advancements in CPU scheduling and adoption by major organizations --- src/0-introduce/README.md | 9 +++++---- src/0-introduce/README.zh.md | 7 ++++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/0-introduce/README.md b/src/0-introduce/README.md index 310cb91..24fd2cf 100644 --- a/src/0-introduce/README.md +++ b/src/0-introduce/README.md @@ -33,15 +33,16 @@ Here are some key areas where eBPF is widely used today: - **Security:** eBPF plays a vital role in real-time security monitoring. It enables deep inspection of system calls, network traffic, and other kernel activities, helping to enforce dynamic security policies and detect anomalous behavior, providing an efficient way to safeguard infrastructure. -- **Scheduler Optimization:** eBPF is increasingly used to enhance CPU scheduling, offering the ability to monitor CPU load and optimize how tasks are distributed across cores. This can lead to more efficient use of CPU resources and improved system responsiveness. +- **Scheduler Optimization:** Since Linux kernel 6.12, eBPF-powered CPU schedulers (sched_ext) are now mainline, allowing custom scheduling policies to be implemented as BPF programs. This enables runtime-customizable scheduling that can optimize for different workloads without kernel modifications, and is already deployed on over 1 million machines in production. - **HID (Human Interface Device) Driver Enhancements:** Developers use eBPF to optimize HID drivers for devices like keyboards, mice, and touchscreens. By adding custom logic for handling input events, eBPF improves responsiveness in latency-sensitive applications. Organizations across industries have adopted eBPF at scale: -- **Google:** Uses eBPF for security auditing, packet processing, real-time performance monitoring, and optimizing CPU scheduling across its vast infrastructure. +- **Google:** Uses eBPF for security auditing, packet processing, real-time performance monitoring, and is actively testing eBPF-based CPU schedulers across its vast infrastructure. - **Netflix:** Leverages eBPF for network traffic analysis, ensuring high availability and performance for streaming services. -- **Android:** Applies eBPF to optimize network usage, power consumption, and resource allocation, improving performance and battery life on millions of devices. +- **Android:** Every Android phone uses eBPF to optimize network usage, power consumption, and resource allocation, improving performance and battery life across billions of devices worldwide. +- **Meta:** Runs eBPF-based schedulers in production (over 1 million machines with scx_layered) alongside its network load balancing (Katran). - **S&P Global:** Utilizes eBPF through **Cilium** for managing networking across multiple clouds and on-premises systems, ensuring scalability and security. - **Shopify:** Implements eBPF with **Falco** for intrusion detection, bolstering security on its e-commerce platform. - **Cloudflare:** Uses eBPF for network observability, security monitoring, and performance optimization, protecting millions of websites globally. @@ -148,7 +149,7 @@ Have questions or things you want to know, whether or not they are related to th Answer some questions and try some experiments (2-5h): 1. How to develop the simplest eBPF program? -2. How to trace a kernel feature or function with eBPF? There are many ways, provide corresponding code examples; +2. How to trace a kernel feature or function with eBPF? There are many ways, provide corresponding code examples; How to write a XDP network function or write a scheduler? 3. What are the solutions for communication between user mode and kernel mode? How to send information from user mode to kernel mode? How to pass information from kernel mode to user mode? Provide code examples; 4. Write your own eBPF program to implement a feature; 5. In the entire lifecycle of an eBPF program, what does it do in user mode and kernel mode? diff --git a/src/0-introduce/README.zh.md b/src/0-introduce/README.zh.md index 4b9dd92..964ada4 100644 --- a/src/0-introduce/README.zh.md +++ b/src/0-introduce/README.zh.md @@ -34,15 +34,16 @@ eBPF 已发展为一个多功能框架,超越了其最初的网络用途,现 - **安全**:eBPF 在实时安全监控中发挥重要作用。它能够深入检查系统调用、网络流量和其他内核活动,帮助执行动态安全策略和检测异常行为,为基础设施提供高效的保护。 -- **调度器优化**:eBPF 越来越多地用于增强 CPU 调度,能够监控 CPU 负载并优化任务在核心之间的分配。这可以更有效地利用 CPU 资源,提高系统响应能力。 +- **调度器优化**:自 Linux 内核 6.12 起,基于 eBPF 的 CPU 调度器(sched_ext)已进入主线,允许将自定义调度策略实现为 BPF 程序。这使得运行时可定制的调度能够针对不同工作负载进行优化,无需修改内核,目前已在超过 100 万台机器上生产部署。 - **HID(人机接口设备)驱动增强**:开发者使用 eBPF 优化键盘、鼠标和触摸屏等设备的 HID 驱动程序。通过为处理输入事件添加自定义逻辑,eBPF 提高了对延迟敏感应用的响应速度。 各行业组织已大规模采用 eBPF: -- **Google**:使用 eBPF 进行安全审计、数据包处理、实时性能监控以及优化其庞大基础设施的 CPU 调度。 +- **Google**:使用 eBPF 进行安全审计、数据包处理、实时性能监控,并正在其庞大基础设施中积极测试基于 eBPF 的 CPU 调度器。 - **Netflix**:利用 eBPF 进行网络流量分析,确保流媒体服务的高可用性和性能。 -- **Android**:应用 eBPF 优化网络使用、功耗和资源分配,提升数百万设备的性能和电池寿命。 +- **Android**:每部 Android 手机都使用 eBPF 优化网络使用、功耗和资源分配,在全球数十亿设备上提升性能和电池寿命。 +- **Meta**:在生产环境中运行基于 eBPF 的调度器(超过 100 万台机器运行 scx_layered),同时还使用网络负载均衡器(Katran)。 - **S&P Global**:通过 **Cilium** 使用 eBPF 管理跨多个云和本地系统的网络,确保可扩展性和安全性。 - **Shopify**:与 **Falco** 一起实施 eBPF 进行入侵检测,增强其电子商务平台的安全性。 - **Cloudflare**:使用 eBPF 进行网络可观测性、安全监控和性能优化,保护全球数百万网站。