MOAT: Towards Safe BPF Kernel Extension
Hongyi Lu, Shuai Wang, Yechang Wu, Wanning He, Fengwei Zhang
TL;DR
MOAT addresses the vulnerability of in-kernel BPF programs by complementing the BPF verifier with hardware-assisted isolation using Intel MPK. It introduces a two-layer isolation design (PKS-based Layer-I and per-program isolated address spaces Layer-II) along with two helper-protection mechanisms, COP and DPA, to prevent runtime exploitation via BPF helpers. The authors implement MOAT in Linux 6.1.38 and show that it mitigates a broad set of memory-exploitation CVEs while incurring modest overhead across micro and macro benchmarks, including network, tracing, and seccomp-BPF use cases. The work demonstrates a practical, extensible path toward memory-safe BPF ecosystems with acceptable performance trade-offs for real-world deployments.
Abstract
The Linux kernel extensively uses the Berkeley Packet Filter (BPF) to allow user-written BPF applications to execute in the kernel space. The BPF employs a verifier to check the security of user-supplied BPF code statically. Recent attacks show that BPF programs can evade security checks and gain unauthorized access to kernel memory, indicating that the verification process is not flawless. In this paper, we present MOAT, a system that isolates potentially malicious BPF programs using Intel Memory Protection Keys (MPK). Enforcing BPF program isolation with MPK is not straightforward; MOAT is designed to alleviate technical obstacles, such as limited hardware keys and the need to protect a wide variety of BPF helper functions. We implement MOAT on Linux (ver. 6.1.38), and our evaluation shows that MOAT delivers low-cost isolation of BPF programs under mainstream use cases, such as isolating a BPF packet filter with only 3% throughput loss.