Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

eBPF Pitfall: The FRED in Linux Kernel 6.9+

2025-03-01

The Linux kernel 6.9+ introduces CONFIG_X86_FRED on x86_64, adding 16 bytes of padding to the bottom of a task's kernel stack. This breaks eBPF programs directly accessing the kernel stack and pt_regs, returning garbage. The author encountered this issue with their xcapture-next eBPF tool after upgrading to kernel 6.11. Analysis revealed FRED's stack offset as the culprit. A dynamic FRED detection mechanism is presented to adjust stack address calculations, resolving the problem. This article is crucial for eBPF developers, especially those working with raw kernel stack manipulation.

(tanelpoder.com)
Development
Alphabet's Laser Internet: Taara Takes on Starlink
Board Exam Scores Predict Patient Outcomes: A Large-Scale Study