Subscription confirmed. Thank you for subscribing!
November 28, 2022 2:57PM
Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....
October 10, 2022 2:00PM
Kernel BPF Assembly Deep DiveWe have first adopted the BPF tail calls when building our XDP-based packet processing pipeline. BPF tail calls have served us well since then. But they do have their caveats...
February 04, 2022 1:58PM
Kernel Linux io_uring Deep DiveChances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...
March 04, 2021 12:00PM
Conntrack Linux Network Kernel TracingWe have been dealing with conntrack, the connection tracking layer in the Linux kernel, for years. And yet, despite the collected know-how, questions about its inner workings occasionally come up. When they do, it is hard to resist the temptation to go digging for answers....
March 25, 2020 12:00PM
Linux Kernel Crypto Performance SecurityEncrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!...
More Posts
July 10, 2019 2:07PM
For some time I’ve wanted to play with coverage-guided fuzzing. I decided to have a go at the Linux Kernel netlink machinery. It's a good target: it's an obscure part of kernel, and it's relatively easy to automatically craft valid messages....
