On Wed, Jan 18, 2023 at 11:48:59AM +0100, Daniel Borkmann wrote: > On 1/18/23 3:00 AM, Stanislav Fomichev wrote: > > On Tue, Jan 17, 2023 at 3:19 PM Alexei Starovoitov > > <alexei.starovoitov@xxxxxxxxx> wrote: > > > On Tue, Jan 17, 2023 at 2:20 PM Stanislav Fomichev <sdf@xxxxxxxxxx> wrote: > > > > On Tue, Jan 17, 2023 at 2:04 PM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > > > > Stanislav Fomichev <sdf@xxxxxxxxxx> writes: > > > > > > On Tue, Jan 17, 2023 at 1:27 PM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > > > > > > > > > > > > > Following up on the discussion at the BPF office hours, this patch adds a > > > > > > > description of the (new) concept of "stable kfuncs", which are kfuncs that > > > > > > > offer a "more stable" interface than what we have now, but is still not > > > > > > > part of UAPI. > > > > > > > > > > > > > > This is mostly meant as a straw man proposal to focus discussions around > > > > > > > stability guarantees. From the discussion, it seemed clear that there were > > > > > > > at least some people (myself included) who felt that there needs to be some > > > > > > > way to export functionality that we consider "stable" (in the sense of > > > > > > > "applications can rely on its continuing existence"). > > > > > > > > > > > > > > One option is to keep BPF helpers as the stable interface and implement > > > > > > > some technical solution for moving functionality from kfuncs to helpers > > > > > > > once it has stood the test of time and we're comfortable committing to it > > > > > > > as a stable API. Another is to freeze the helper definitions, and instead > > > > > > > use kfuncs for this purpose as well, by marking a subset of them as > > > > > > > "stable" in some way. Or we can do both and have multiple levels of > > > > > > > "stable", I suppose. > > > > > > > > > > > > > > This patch is an attempt to describe what the "stable kfuncs" idea might > > > > > > > look like, as well as to formulate some criteria for what we mean by > > > > > > > "stable", and describe an explicit deprecation procedure. Feel free to > > > > > > > critique any part of this (including rejecting the notion entirely). > > > > > > > > > > > > > > Some people mentioned (in the office hours) that should we decide to go in > > > > > > > this direction, there's some work that needs to be done in libbpf (and > > > > > > > probably the kernel too?) to bring the kfunc developer experience up to par > > > > > > > with helpers. Things like exporting kfunc definitions to vmlinux.h (to make > > > > > > > them discoverable), and having CO-RE support for using them, etc. I kinda > > > > > > > consider that orthogonal to what's described here, but I do think we should > > > > > > > fix those issues before implementing the procedures described here. > > > > > > > > > > > > > > v2: > > > > > > > - Incorporate Daniel's changes > > > > > > > > > > > > > > Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx> > > > > > > > --- > > > > > > > Documentation/bpf/kfuncs.rst | 87 +++++++++++++++++++++++++++++++++--- > > > > > > > 1 file changed, 81 insertions(+), 6 deletions(-) > > > > > > > > > > > > > > diff --git a/Documentation/bpf/kfuncs.rst b/Documentation/bpf/kfuncs.rst > > > > > > > index 9fd7fb539f85..dd40a4ee35f2 100644 > > > > > > > --- a/Documentation/bpf/kfuncs.rst > > > > > > > +++ b/Documentation/bpf/kfuncs.rst > > > > > > > @@ -7,9 +7,9 @@ BPF Kernel Functions (kfuncs) > > > > > > > > > > > > > > BPF Kernel Functions or more commonly known as kfuncs are functions in the Linux > > > > > > > kernel which are exposed for use by BPF programs. Unlike normal BPF helpers, > > > > > > > -kfuncs do not have a stable interface and can change from one kernel release to > > > > > > > -another. Hence, BPF programs need to be updated in response to changes in the > > > > > > > -kernel. > > > > > > > +kfuncs by default do not have a stable interface and can change from one kernel > > > > > > > +release to another. Hence, BPF programs may need to be updated in response to > > > > > > > +changes in the kernel. See :ref:`BPF_kfunc_stability`. > > > > > > > > > > > > > > 2. Defining a kfunc > > > > > > > =================== > > > > > > > @@ -223,14 +223,89 @@ type. An example is shown below:: > > > > > > > } > > > > > > > late_initcall(init_subsystem); > > > > > > > > > > > > > > -3. Core kfuncs > > > > > > > + > > > > > > > +.. _BPF_kfunc_stability: > > small nit: please also link from Documentation/bpf/bpf_design_QA.rst, so these sections > here are easier to find. > > > > > > > > +3. API (in)stability of kfuncs > > > > > > > +============================== > > > > > > > + > > > > > > > +By default, kfuncs exported to BPF programs are considered a kernel-internal > > > > > > > +interface that can change between kernel versions. This means that BPF programs > > > > > > > +using kfuncs may need to adapt to changes between kernel versions. In the > > > > > > > +extreme case that could also include removal of a kfunc. In other words, kfuncs > > > > > > > +are _not_ part of the kernel UAPI! Rather, these kfuncs can be thought of as > > > > > > > +being similar to internal kernel API functions exported using the > > > > > > > > > > > > [..] > > > > > > > > > > > > > +``EXPORT_SYMBOL_GPL`` macro. All new BPF kernel helper-like functionality must > > > > > > > +initially start out as kfuncs. > > > > > > > > > > > > To clarify, as part of this proposal, are we making a decision here > > > > > > that we ban new helpers going forward? > > > > > > > > > > Good question! That is one of the things I'm hoping we can clear up by > > > > > this discussing. I don't have a strong opinion on the matter myself, as > > > > > long as there is *some* way to mark a subset of helpers/kfuncs as > > > > > "stable"... > > > > > > > > Might be worth it to capitalize in this case to indicate that it's a > > > > MUST from the RFC world? (or go with SHOULD otherwise). > > > > I'm fine either way. The only thing that stops me from fully embracing > > > > MUST is the kfunc requirement on the explicit jit support; I'm not > > > > sure why it exists and at this point I'm too afraid to ask. But having > > > > MUST here might give us motivation to address the shortcomings... > > > > > > Did you do: > > > git grep bpf_jit_supports_kfunc_call > > > and didn't find your favorite architecture there and > > > didn't find it in the upcoming patches for riscv and arm32? > > > If you care about kfuncs on arm32 please help reviewing posted patches. > > > > Exactly why I'm going to support whatever decision is being made here. > > Just trying to clarify what that decision is. > > My $0.02 is that I don't think we need to make a hard-cut ban as part of this. > The 'All new BPF kernel helper-like functionality must initially start out as > kfuncs.' is pretty clear where things would need to start out with, and we could > leave the option on the table if really needed to go BPF helper route when > promoting kfunc to stable at the same time. I had that in the text suggestion > earlier, it's more corner case and maybe we'll never need it but we also don't > drive ourselves into a corner where we close the door on it. Lets let the infra > around kfuncs evolve further first. I think that's reasonable, though I also think it would be good for us to be concrete about what we mean by "if really needed to go BPF helper route". One of Andrii's main points (hopefully I'm not misrepresenting anything) was that having things as kfuncs requires JIT support, which means that architectures which don't yet have JIT support wouldn't be able to reap the benefits of whatever functionality is added with kfuncs. On the other hand, Alexei pointed out in [0] that riscv and arm32 support is coming for JIT. [0]: https://lore.kernel.org/all/CAADnVQKy1QzM+wg1BxfYA30QsTaM4M5RRCi+VHN6A7ah2BeZZw@xxxxxxxxxxxxxx/ I propose that we also specify that wanting the feature to be present on non-JIT / non-BTF kernels is not a sufficient reason for making them a helper. Not because there are no tradeoffs in doing so, but rather because: 1. I think we just need to make a decision and be consistent here to avoid more lengthy debates. 2. I think that if something is really useful on an architecture, people will add JIT support for it. An argument could always be made that we should be able to rely only on the interpreter for new architectures that are added, etc. As more time passes, BPF sans JIT (i.e. interpreter BPF) will be less and less useful, and will diverge more and more from JIT-BPF. It's really inevitable anyways given the direction that things are going, and IMO we should just embrace that and focus on enabling JIT / modern BPF on useful architectures rather than adding things to helpers for the sake of those platforms. Thanks, David
