BestHub
Sign in
Linux Kernel Journey
Linux Kernel Journey
Nov 12, 2024 · Operations

eBPF Talk: Fixing a 7‑Year‑Old Bug in bpftool

The article details how a long‑standing bug that displayed incorrect call‑address information in bpftool’s JIT disassembly was reproduced, analyzed, and fixed by correcting the PC parameter to use the function’s kernel symbol address, with patches applied to both LLVM and libbfd back‑ends.

LLVMbpftooldisassembly
0 likes · 9 min read
eBPF Talk: Fixing a 7‑Year‑Old Bug in bpftool
Linux Kernel Journey
Linux Kernel Journey
Nov 7, 2024 · Information Security

Using eBPF to Protect, Detect, and Audit Malicious eBPF Programs

The article analyzes how attackers can abuse eBPF to steal data, elevate privileges, execute commands, and hide processes, then presents concrete eBPF code for such attacks and outlines practical protection, detection, and auditing techniques—including file analysis, bpftool usage, and kernel tracing—to mitigate these threats.

bpftooleBPFkernel security
0 likes · 27 min read
Using eBPF to Protect, Detect, and Audit Malicious eBPF Programs