Daniel Borkmann <daniel@xxxxxxxxxxxxx> writes: > On 1/17/23 1:22 PM, Toke Høiland-Jørgensen wrote: >> Daniel Borkmann <daniel@xxxxxxxxxxxxx> writes: >>> On 1/17/23 12:30 PM, Toke Høiland-Jørgensen wrote: >>>> Daniel Borkmann <daniel@xxxxxxxxxxxxx> writes: >>>>> On 1/16/23 11:57 PM, Toke Høiland-Jørgensen wrote: >>>>>> Following up on the discussion at the BPF office hours, this patch adds a >>>>>> description of the (new) concept of "stable kfuncs", which are kfuncs that >>>>>> offer a "more stable" interface than what we have now, but is still not >>>>>> part of UAPI. >>>>>> >>>>>> This is mostly meant as a straw man proposal to focus discussions around >>>>>> stability guarantees. From the discussion, it seemed clear that there were >>>>>> at least some people (myself included) who felt that there needs to be some >>>>>> way to export functionality that we consider "stable" (in the sense of >>>>>> "applications can rely on its continuing existence"). >>>>>> >>>>>> One option is to keep BPF helpers as the stable interface and implement >>>>>> some technical solution for moving functionality from kfuncs to helpers >>>>>> once it has stood the test of time and we're comfortable committing to it >>>>>> as a stable API. Another is to freeze the helper definitions, and instead >>>>>> use kfuncs for this purpose as well, by marking a subset of them as >>>>>> "stable" in some way. Or we can do both and have multiple levels of "stable", >>>>>> I suppose. >>>>>> >>>>>> This patch is an attempt to describe what the "stable kfuncs" idea might look >>>>>> like, as well as to formulate some criteria for what we mean by "stable", and >>>>>> describe an explicit deprecation procedure. Feel free to critique any part >>>>>> of this (including rejecting the notion entirely). >>>>>> >>>>>> Some people mentioned (in the office hours) that should we decide to go in >>>>>> this direction, there's some work that needs to be done in libbpf (and >>>>>> probably the kernel too?) to bring the kfunc developer experience up to par >>>>>> with helpers. Things like exporting kfunc definitions to vmlinux.h (to make >>>>>> them discoverable), and having CO-RE support for using them, etc. I kinda >>>>>> consider that orthogonal to what's described here, but I added a >>>>>> placeholder reference indicating that this (TBD) functionality exists. >>>>> >>>>> Thanks for the writeup.. I did some edits to your sections to make some parts >>>>> more clear and to leave out other parts (e.g. libbpf-related bits which are not >>>>> relevant in here and it's one of many libs). I also edited some parts to leave >>>>> us more flexibility. Here would be my take mixed in: >>>> >>>> Edits LGTM, with just one nit, below: >>>> >>>>> 3. API (in)stability of kfuncs >>>>> ============================== >>>>> >>>>> By default, kfuncs exported to BPF programs are considered a kernel-internal >>>>> interface that can change between kernel versions. In the extreme case that >>>>> could also include removal of a kfunc. This means that BPF programs using >>>>> kfuncs might need to adapt to changes between kernel versions. In other words, >>>>> kfuncs are _not_ part of the kernel UAPI! Rather, these kfuncs can be thought >>>>> of as being similar to internal kernel API functions exported using the >>>>> ``EXPORT_SYMBOL_GPL`` macro. All new BPF kernel helper-like functionality must >>>>> initially start out as kfuncs. >>>>> >>>>> 3.1 Promotion to "stable" >>>>> ------------------------- >>>>> >>>>> While kfuncs are by default considered unstable as described above, some kfuncs >>>>> may warrant a stronger stability guarantee and could be marked as *stable*. The >>>>> decision to move a kfunc to *stable* is taken on a case-by-case basis and has >>>>> a high barrier, taking into account its usefulness under longer-term production >>>>> deployment without any unforeseen API issues or limitations. In general, it is >>> >>> Forgot, we should probably also add after "[...] or limitations.": >>> >>> Such promotion request along with aforementioned argumentation on why a kfunc >>> is ready to be stabilized must be driven from developer-side. >> >> What does "driven from developer-side" mean, exactly? And what kind of >> developers (BPF app developers, or kernel devs)? > > Mainly to denote that this needs to be an explicit request from the community > rather than something that would happen automagically after some time (e.g. > where maintainers would just put the KF_STABLE stamp to it). 'kfunc xyz has > been used in our fleet in production in the context of project abc for two > years now and its API is sufficient to cover all foreseeable needs. The > kfunc didn't need to get extended since it was added [...]', for example. > The developer-hat can be both as long as there is a concrete relation to > usage of the kfunc that can be provided to then make the case. Right, makes sense! So how about: "The process for requesting a kfunc be marked as stable consists of submitting a patch to the bpf@xxxxxxxxxxxxxxx mailing list adding the KF_STABLE tag to that kfunc's definition. The patch description must include the rationale for why the kfunc should be promoted to stable, including references to existing production uses, etc." -Toke
