Rex — Rust kernel extensions without the eBPF verifier

What if kernel extensions could skip the eBPF verifier? Rex runs safe Rust in kernel space to sidestep verifier pain and simplify complex extensions.

Rex loads and executes safe-Rust kernel extension programs in place of eBPF, relying on the Rust compiler for safety and enabling implementations that the in-kernel verifier would reject.

Source: GitHub — rex-rs/rex — Source link

Highlights

Key points

• Rex replaces the in-kernel eBPF verifier by enforcing safety via the Rust compiler and a safe Rust subset
• Supports common eBPF helpers and interactions with eBPF maps
• Provides RAII-style kernel resource management and in-kernel panic cleanup with call stack traces
• Removes static complexity limits, enabling more natural Rust implementations versus verifier-driven workarounds
• Includes sample programs (error_injector, bmc) and additional examples under the samples/ directory
• Documentation and a getting-started guide are available in the repo (docs/getting-started.md)
• Demonstrated by a Rex implementation of the BPF Memcached Cache (BMC) to show simplified logic

Timeline

• Aug 13, 2025 — Release: Rex v2025.08.13
• 2025 — Talk: Open Source Summit North America 2025 — https://youtu.be/4r7ECxEaGqM
• 2025 — Talk: USENIX ATC 2025 — https://youtu.be/phJ-fb5lEA8
• 2025 — Talk: Linux Plumbers Conference 2025 — https://youtu.be/ivcLS4LFfKE

Why this matters

Rex reduces developer friction by removing verifier-driven constraints, allows more expressive and maintainable kernel extensions in safe Rust, and potentially enables better native-compiler optimizations than the eBPF backend plus in-kernel JIT — making complex, performance-sensitive extensions easier to build and audit.