Post Syndicated from daroc original https://lwn.net/Articles/982077/

LWN has covered BPF

since its initial introduction to Linux, usually through the lens of the newest
developments; this can make it hard to view the whole picture. BPF provides
a way to extend a running kernel, without having to recompile and reboot.
It does this in a safe way, so that malicious BPF
programs cannot crash a running kernel, thanks to the BPF verifier. So how does
the verifier actually work, what are its limits, and how has it changed since
the early days of BPF?