ksummit.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: Hans de Goede <hdegoede@redhat.com>, ksummit@lists.linux.dev
Subject: Re: [Ksummit-discuss] [MAINTAINERS SUMMIT] How far to go with eBPF
Date: Tue, 21 Jun 2022 11:05:14 -0400	[thread overview]
Message-ID: <20220621110514.6ef174d0@rorschach.local.home> (raw)
In-Reply-To: <20220620091344.6c6499e4@rorschach.local.home>

On Mon, 20 Jun 2022 09:13:44 -0400
Steven Rostedt <rostedt@goodmis.org> wrote:

> This statement is the issue. There's not a clear line of what
> constitutes what eBPF is being used for, and worse, what is guaranteed
> to work across kernel versions.
> 
> My fear is that we will start having an expectation that pretty much
> any eBPF program will continue to work, and there's going to be a lot
> of disgruntled users when it doesn't.
> 
> Having configuration uses is one thing, enabling full device
> functionality is another. And anything that touches core interfaces
> need to be scrutinized.
> 
> If we look at where BPF came from (iptables et.al.) and having it do
> nothing more that that but for other parts of the system, it may be a
> good start. But even that could introduce dependencies of internal
> kernel implementations that could break over time. Basically, we can
> try to not break BPF programs but we really need the decree that it's
> not user API, and does not follow the "don't break user space" agenda,
> as anything that uses eBPF, is *not* user space. It's just another kind
> of kernel module.
> 
> And if an eBPF program does break, if the source of that program is not
> available, then the answer to fixing it should be "tough luck". This
> should not be a way for proprietary code to have their kernel API.

I'm currently at the Open Source Summit, and Dirk basically asked my
question almost verbatim to Linus (during the "Dirk and Linus show").

And Linus stated that there is no defined "API". It's just "do not
break user space tools", and this includes eBPF. That is, if something
that is useful in user space that breaks with an upgrade, what breaks
it either gets reverted, or a "fix" is done to make it work again.

Linus specified that when it gets to eBPF programs that do debugging or
tracing, or other really low level interactions with the kernel, then
if it breaks a user space tool that is doing this low level work, then
that's just part of the work flow (fix user space to match, it's
already dependent on the kernel implementations). He specified if you
break "real user space tools, that normal (non kernel developers) users
use" then you need to fix it, regardless if it is using eBPF or not.

This still does not address the problem. First, where's the line where a
tool becomes something for normal users?

Next, eBPF can now attach to pretty much *any* function, and modify how
that function operates (changing parameters, etc) Basically, eBPF can
do live kernel patching like changes.

If a new feature is implemented with eBPF and that eBPF feature depends
on some internal kernel implementation, where the maintainer of that
code is unaware of this new eBPF implemented feature, if they change
their code and break this, then the burden is on the maintainer to fix
that breakage, not those that implemented the eBPF feature.

This is the worry I have. Maintainers now have no control over what is
exposed to users that can become 'user API", aka break normal user
tooling, without having a clue that something now depends on the
implementation of their code.

We really need to take a step back before we let eBPF become fully
controlling of anything in the kernel. Because that's going to add a
huge burden on maintainers that do not even use eBPF.

Exposing information for consumption only is one thing, and what I
would like to have more of, but once you allow non-passive interactions
with the tracing infrastructure, it changes things where I can see a
lot of maintainers will have more push back against the former (reading
only tracing, as there's no way to keep it from making changes).

-- Steve


  reply	other threads:[~2022-06-21 15:05 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-15  6:55 [Ksummit-discuss] [MAINTAINERS SUMMIT] How far to go with eBPF Jiri Kosina
2022-06-15  8:05 ` Linus Walleij
2022-06-15  8:36   ` Jiri Kosina
2022-06-15 17:04     ` Jan Kara
2022-06-15 17:25       ` Jonathan Corbet
     [not found]         ` <20220615174601.GX1790663@paulmck-ThinkPad-P17-Gen-1>
2022-06-15 18:25           ` Jiri Kosina
2022-06-16 16:26             ` Steven Rostedt
2022-06-16 16:38               ` James Bottomley
2022-06-16 16:51                 ` Steven Rostedt
2022-06-16 18:25                   ` James Bottomley
2022-06-16 19:08                     ` Steven Rostedt
2022-06-17  7:53                     ` Jiri Kosina
2022-06-17  8:24                       ` Linus Walleij
2022-06-17 10:30                       ` Jan Kara
2022-06-17 11:04                         ` Benjamin Tissoires
     [not found]                           ` <dc6ca88d-d1ef-a1ab-dbef-e9338467271d@redhat.com>
2022-06-17 11:25                             ` Benjamin Tissoires
2022-06-17 11:32                               ` Hans de Goede
2022-06-20 13:13                               ` Steven Rostedt
2022-06-21 15:05                                 ` Steven Rostedt [this message]
2022-06-21 16:33                                   ` Benjamin Tissoires
2022-06-23 20:15                                     ` Jiri Kosina
2022-06-23 21:23                                       ` Alexei Starovoitov
2022-06-23 21:36                                         ` Steven Rostedt
     [not found]         ` <20220615174358.GA26358@lst.de>
     [not found]           ` <CAO-hwJKqA07KX+6QtotCS8PtHFtk3DLQPJ3W8puaHOv7tOdi+Q@mail.gmail.com>
     [not found]             ` <20220616114856.GA11127@lst.de>
2022-06-16 12:14               ` Benjamin Tissoires
     [not found]     ` <CAO-hwJJmW_STS=nT22n4pcaZf9gz953K4o2vhgmq-ig4OzxOLg@mail.gmail.com>
2022-06-16  8:02       ` Jiri Kosina
2022-06-16 11:37         ` Linus Walleij
2022-06-16 12:09           ` Benjamin Tissoires
2022-06-15 18:35 ` Luis Chamberlain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220621110514.6ef174d0@rorschach.local.home \
    --to=rostedt@goodmis.org \
    --cc=benjamin.tissoires@redhat.com \
    --cc=hdegoede@redhat.com \
    --cc=ksummit@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).