[rhinoceraptor]

You can see which bpf programs are loaded in the kernel via the bpf() syscall.

Theoretically it could be used for a rootkit, but the programs needed to loaded as root, and they can't have side effects. BPF has also been around for a long time, and it's in basically all of the nix operating systems.

[sanxiyn]

Generally agreed, but Linux BPF is considerably more powerful than traditional Unix BPF, so I wouldn't depend on "it has been around for a long time" for safety.

I would like to see some academic research on Linux BPF verifier. If you are a graduate student working on formal methods looking for a topic, this is a hint.

[allset_]

If someone has root, it's already game over. An attacker could just hook the syscalls directly which would be more stealthy that using BPF programs.