With rapid improvements in NVM storage devices, the performance bottleneck is gradually shifting to the network, thus giving rise to the notion of "data movement wall". To reduce the amount of data movement over the network, researchers have proposed near-data computing by shipping operations and compute-extensions closer to storage devices. However, running arbitrary, user-provided extensions in a shared, disaggregated storage environment presents multiple challenges regarding safety, isolation, and performance. Instead of approaching this problem from scratch, in this work we make a case for leveraging the Linux kernel eBPF framework to program disaggregated NVM storage devices. eBPF offers a safe, verifiable, and high-performance way of executing untrusted, user-defined code in a shared runtime. In this paper, we describe our experiences building a first prototype that supports remote operations on storage using eBPF, discuss the limitations of our approach, and directions for addressing them.

中文翻译：

---

使用 eBPF 在分解的 NVM 存储上安全高效地远程执行应用程序代码

随着 NVM 存储设备的快速改进，性能瓶颈逐渐转移到网络，从而产生了“数据移动墙”的概念。为了减少网络上的数据移动量，研究人员提出了通过将操作和计算扩展运送到更靠近存储设备的方式来进行近数据计算。然而，在共享的、分散的存储环境中运行任意的、用户提供的扩展会带来安全、隔离和性能方面的多重挑战。在这项工作中，我们不是从头开始解决这个问题，而是利用 Linux 内核 eBPF 框架对分解的 NVM 存储设备进行编程。eBPF 提供了一种在共享运行时中执行不受信任的用户定义代码的安全、可验证和高性能的方式。在本文中，