14 repositorios
Custom code executed within secure kernel sandboxes to enable advanced system observability.
Distinct from Kernel Development: Distinct from Kernel Development: focuses on observability and tracing rather than building kernel images.
Explore 14 awesome GitHub repositories matching operating systems & systems programming · Kernel Observability Programs. Refine with filters or upvote what's useful.
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
Develops and executes BPF programs for advanced system observability and kernel analysis.
FlameGraph is a performance profiling and visualization toolkit designed to identify bottlenecks in software execution. It functions as a processing engine that transforms raw stack trace samples into interactive, hierarchical diagrams. By representing aggregated execution frequency as nested rectangles, the tool allows developers to visualize hot code paths and analyze system behavior across both kernel and user-space environments. The project distinguishes itself through its ability to perform differential profile analysis, which highlights performance regressions or improvements by compari
Runs custom code within a secure kernel sandbox to enable advanced observability without modifying kernel source.
This project is a bare-metal operating system developed for ARM64 architecture. It serves as a low-level implementation of kernel engineering, focusing on the fundamental construction of an OS from the hardware level up. The system is distinguished by its comprehensive approach to ARM64 processor control, featuring a red-black tree task scheduler and a hierarchical page table system for virtual memory management. It implements a sophisticated privilege model that handles transitions between kernel and user modes, ensuring process isolation through address space splitting and exception level m
Provides a formatted print function via UART to display register values and variables for kernel troubleshooting.
Waydroid is a containerized mobile runtime that executes a full Android operating system directly on Linux desktop environments. By utilizing Linux kernel namespaces, it isolates the mobile environment while sharing the host kernel to provide native-like performance and hardware access for mobile applications. The project distinguishes itself through deep integration with the host system, bridging mobile display buffers to native desktop windows and translating host input events into mobile gestures. It enables multi-window management, allowing mobile applications to run alongside native desk
Checks the host system for required kernel features to ensure the underlying platform supports containerized mobile operating system execution.
bpftrace is a high-level eBPF tracing tool and kernel instrumentation framework for Linux. It provides a tracing language to instrument kernel and user-space events without recompiling the system, functioning as a dynamic system profiler and event aggregator. The project enables dynamic system tracing and Linux kernel observability by capturing tracepoints and dynamic probes in real time. It allows for kernel data inspection and runtime process debugging by accessing internal data structures and filtering specific process events. Its capability surface covers system performance analysis, inc
Provides advanced observability of the Linux kernel by capturing internal events and inspecting system state in real time.
This project is a Go library and runtime for loading and managing eBPF programs and maps. It provides a bytecode loader and kernel interface to inject instructions into kernel hooks for system-level execution and observability across both Linux and Windows operating systems. The library features a relocation engine and tooling to ensure program compatibility across different kernel versions and distributions. It supports portable deployment by embedding compiled objects for multiple CPU architectures into a single binary and provides the ability to load signed system drivers on Windows. The
Loads and compiles programs to run within the kernel for system-level observability, networking, and security.
Pixie is an open-source observability platform for Kubernetes that uses eBPF to automatically capture telemetry data from clusters without requiring any manual instrumentation or code changes. It functions as an eBPF telemetry collector, a continuous application profiler, a network traffic analyzer, and a scriptable telemetry query engine, all within a single Kubernetes-native tool. The platform distinguishes itself through several integrated capabilities. It continuously samples stack traces from compiled-language code to identify CPU performance bottlenecks, visualizing the results as inter
Deploys arbitrary bpftrace programs across a cluster and collects their output into queryable tables.
CppGuide is a curated collection of educational resources and practical guides focused on C++ server development, Linux kernel internals, concurrent programming, network protocols, and security exploitation. It provides structured learning paths for backend developers, covering everything from interview preparation to building high-performance network servers and understanding operating system fundamentals. The guide distinguishes itself by offering in-depth, hands-on tutorials that walk through real-world implementations, including building a Redis-like server from scratch, designing custom
Covers writing, verifying, and attaching eBPF programs to kernel hooks for secure kernel extension.
seL4 is a formally verified microkernel whose C implementation is backed by machine-checked mathematical proofs of correctness, confidentiality, integrity, and availability. It enforces strict isolation between processes through hardware-enforced address space separation and a capability-based access control system, where each process holds explicit rights only to the resources it has been granted. The kernel exposes hardware resources through a minimal API of system calls that manage threads, address spaces, and inter-process communication, with synchronous IPC supporting sender-identifying b
Implements a pluggable driver framework for early UART console output during kernel boot.
This is the official documentation repository for Raspberry Pi hardware and software. It covers the complete range of Raspberry Pi single-board computers, the RP-series microcontrollers, and the Raspberry Pi operating system. The documentation provides reference material for setting up devices, configuring hardware, and using the system for tasks including AI inference, camera and video capture, embedded development, and remote access. The documentation covers the full boot chain from the GPU firmware and EEPROM bootloader through to kernel loading, with detailed guidance on boot configuratio
Documents activating UART debug logging in the bootloader and GPU firmware.
Aya is a Rust-native framework for writing, compiling, and loading eBPF programs into the Linux kernel. It provides a complete development environment that eliminates the need for a C toolchain or libbpf, allowing developers to work entirely within the Rust ecosystem. The framework manages the full lifecycle of eBPF programs, including async runtime integration, CO-RE BTF resolution for kernel version portability, ELF-based program loading, and safe kernel memory access. The framework distinguishes itself through its pure Rust compilation pipeline, which compiles Rust source code directly int
Builds single compiled eBPF binaries that run across different Linux kernel versions using CO-RE and BTF.
Este proyecto es un recurso educativo que proporciona un tutorial de desarrollo integral para escribir y cargar programas eBPF utilizando C, Go y Rust dentro del kernel de Linux. Sirve como una guía técnica para desarrollar lógica personalizada para ejecutar directamente en el kernel. Los materiales cubren dominios especializados incluyendo observabilidad y rastreo del kernel, implementación de seguridad para detección de intrusiones e ingeniería de red de alto rendimiento para filtrado de paquetes y balanceo de carga. También incluye manuales dedicados para el rastreo del kernel de Linux y el uso de kprobes, uprobes y tracepoints. El proyecto abarca una amplia gama de áreas de capacidad, como instrumentación del kernel, monitoreo y observabilidad del sistema, análisis de red y aplicación de seguridad. Además, se extiende a la depuración a nivel de hardware para GPUs y controladores, así como a la manipulación de sistemas de bajo nivel y gestión de recursos.
Provides a comprehensive tutorial on writing and loading eBPF programs using C, Go, and Rust.
m1n1 es un bootloader de bajo nivel para hardware Apple Silicon basado en ARM64. Sirve como herramienta de firmware y entorno de experimentación para cargar kernels externos y sistemas operativos no nativos. El proyecto permite la ejecución de payloads binarios concatenados que contienen kernels, device trees y ramdisks. Proporciona una plataforma para la experimentación con firmware y el despliegue de kernels personalizados en chips Apple Silicon. El sistema cubre la abstracción de hardware de bajo nivel, incluyendo el acceso a registros mapeados en memoria, la transmisión de device trees y el bootloading por etapas. También incluye depuración serie basada en UART para registros del sistema y resolución de problemas.
Provides debug logging and command acceptance via the UART serial port for low-level troubleshooting.
Inspektor Gadget is an eBPF observability toolset and program framework designed for tracing Linux systems and debugging Kubernetes nodes. It provides a suite of tools to collect kernel-level telemetry and export system metrics via the OpenTelemetry standard. The project distinguishes itself by packaging inspection tools as OCI-compliant container images, allowing for standardized distribution and deployment across clusters and hosts. It employs a modular data processing pipeline that utilizes WebAssembly modules to transform and filter telemetry, and leverages Compile Once Run Everywhere for
Manages the loading and execution of eBPF bytecode within the Linux kernel from a userspace application.