[efefef3]

Hmm, looks like you are missing some crucial details, eBPF has the same mitigations to the CPU bugs in place as the rest of the kernel (e.g. retpolines on tail calls, index masking for arrays, sanitation of speculative store bypass, etc). Also, eBPF probes do not only work in the kernel but user space as well via uprobes as one example.

[rurban]

Of course they ran after possible array problems post-spectre, but nevertheless it still allows precise timings on anything cache related. it's still highly insecure and needs to be turned off in production. and this is where it makes sense to use.

2nd: do you see uprobes supported anywhere? I still can only use DTrace with high level languages. and I wouldn't use this island solution anyway. DTrace works everywhere, now even on windows. eBPF is Linux-only. And should have stayed netfilter only BTW.