Add some desc for userspace eBPF

src/0-introduce/README.md

@@ -32,6 +32,8 @@ Linux 内核的主要目的是抽象出硬件或虚拟硬件，并提供一个
 
 不仅如此，eBPF 还有能力往用户空间任意进程的任意地址写入数据（bpf_probe_write_user[7]），有限度地修改内核函数的返回值（bpf_override_return[8]），甚至在内核态直接执行某些系统调用[9]；所幸的是，eBPF 在加载进内核之前对字节码会进行严格的安全检查，确保没有内存越界等操作，同时，许多可能会扩大攻击面、带来安全风险的功能都是需要在编译内核时明确选择启用才能使用的；在 Wasm 虚拟机将字节码加载进内核之前，也可以明确选择启用或者禁用某些 eBPF 功能，以确保沙箱的安全性。
 
+除了内核态的 eBPF 运行时，eBPF 也可以拓展到用户空间，例如 [bpftime](https://github.com/eunomia-bpf/bpftime)，实现更高性能的用户态追踪、性能分析、插件等等。
+
 ## 2. 关于如何学习 eBPF 相关的开发的一些建议
 
 本文不会对 eBPF 的原理做更详细的介绍，不过这里有一个学习规划和参考资料，也许会有一些价值：

src/0-introduce/README_en.md

@@ -25,6 +25,8 @@ Currently, eBPF is still in the early stages. However, with the help of the kern
 
 Moreover, eBPF has the ability to write data to any address of a user space process (bpf_probe_write_user[7]), partially modify the return value of a kernel function (bpf_override_return[8]), and even directly execute certain system calls in kernel mode[9]. Fortunately, eBPF performs strict security checks on the bytecode before loading it into the kernel to ensure that there are no operations such as memory out-of-bounds. Moreover, many features that may expand the attack surface and pose security risks need to be explicitly enabled during kernel compilation. Before loading the bytecode into the kernel, the Wasm virtual machine can also choose to enable or disable certain eBPF features to ensure the security of the sandbox.
 
+In addition to the kernel mode eBPF runtime, eBPF can also be extended to user space, for example, [bpftime](https://github.com/eunomia-bpf/bpftime) to achieve higher performance user space tracing, performance analysis, plugins, etc.
+
 ## 2. Some Tips on Learning eBPF Development
 
 This article will not provide a more detailed introduction to the principles of eBPF, but here is a learning plan and reference materials that may be of value: