Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

eBPF Pitfall: The FRED in Linux Kernel 6.9+

2025-03-01

The Linux kernel 6.9+ introduces CONFIG_X86_FRED on x86_64, adding 16 bytes of padding to the bottom of a task's kernel stack. This breaks eBPF programs directly accessing the kernel stack and pt_regs, returning garbage. The author encountered this issue with their xcapture-next eBPF tool after upgrading to kernel 6.11. Analysis revealed FRED's stack offset as the culprit. A dynamic FRED detection mechanism is presented to adjust stack address calculations, resolving the problem. This article is crucial for eBPF developers, especially those working with raw kernel stack manipulation.

Read more
(tanelpoder.com)
Development

TracepointArgs: Unlocking Linux Kernel Tracepoints

2025-02-04

Tired of hunting through Linux kernel source code for tracepoint metadata and struct layouts? Meet tracepointargs, a new command-line tool that lists all available Linux kernel tracepoints, their arguments, datatypes, and related structs. It even parses kernel struct layouts, allowing you to understand tracepoint details without digging through source files. Combined with bpftool to generate a vmlinux.h file, you can easily inspect the internals of structures, even recursively expanding nested ones. A must-have for eBPF developers and kernel explorers!

Read more
(tanelpoder.com)
Development