List of frequently asked questions| Tetragon - eBPF-based Security Observability and Runtime Enforcement
A practical reference guide to using the full power of BPF CO-RE (Compile Once – Run Everywhere).| nakryiko.com
TLDR; Starting from Linux kernel version 6.9 on x86_64, there’s a new config option CONFIG_X86_FRED enabled and it adds 16 bytes to the starting point of a task’s kernel stack area, so you’ll need to account for this extra padding in your “raw” kernel stack & pt_regs lookup code. Introduction I’ve been using Ubuntu 24.04 as my main eBPF development and testing platform without issues since its release. It is shipped with Linux kernel version 6. - Linux, Oracle, SQL performance tun...| tanelpoder.com