Tag - C - Dawid Macek

eBPF offers unparalleled observability into the Linux kernel. Mechanisms such as LSM probes, bpf_override_return and bpf_send_signal extend it beyond just a visibility provider, giving it the power to act as a policy enforcer. However, building sophisticated policies in eBPF is challenging due to constraints imposed by the verifier, making it difficult to implement complex matching logic. In this post, I’ll explore a generic approach to bridging that gap by bringing the Rust regex library directly into the eBPF context.

User-space stacks can grow to considerable sizes - megabytes and more. The size of the stack is not really a limitation there. However, it can still become a problem for low-level environments such as kernel space, firmware, and embedded OSes. Such targets typically come with tiny, fixed-size stacks - not more than a few pages of memory. This post explores a last-resort technique to bypass such a limitation.