The article doesn’t explain the acronym. As far as I can tell, this refers to eBPF which is a bytecode that runs in a small VM within the Linux kernel. Originally intended for tracing network behavior it’s now used for tracing a lot more?

And since clang/LLVM compile to it, gcc is as well.

VMs are truly everywhere.

Given how ms have been targets elsewhere, like font rendering, I am curious how much this increases the attack surface of the kernel.