The kernel/user-space boundary
Peter started by saying that we have a clear "don't break user space"
policy. For the most part, living up to that policy is relatively
straightforward; one avoids making incompatible changes to system calls and
things continue to work. We are also getting better with other kernel
interfaces like sysfs and /proc. But there was, he said, an
![[Peter Anvin]](https://web.archive.org/web/20240110063447im_/https://static.lwn.net/images/conf/2013/lce-ks/PeterAnvin-sm.jpg)
interesting corner case last year: the GRUB2 bootloader was making a habit
of looking at the kernel configuration files during installation for the
setup of its menus. The restructuring of some internal kernel code broke
GRUB2. At this point, Linus jumped
in to claim that the kernel's configuration files do not constitute
a part of the kernel's ABI. When somebody does something that stupid, he
said, one really cannot blame the kernel.
Peter moved on to another problem, one he himself introduced some sixteen years ago. The automounter ABI has issues such that it failed to work with a 32-bit user space on a 64-bit kernel. A new type of pipe had to be introduced to fix this problem; it was, he said, an example of how far we are willing to go to avoid breaking applications.
What about, he asked, cases where we need to shift to a new ABI altogether? Changes to the pseudo terminal (pty) interface are needed to get ptys to work from within containers; it's still not clear how to handle the master device in such situations. The control group interface is in flux, and there have been some disagreements with the systemd folks over who "owns" the container hierarchy as a whole. When it was suggested that systemd "wants to take over" control groups, Linus was quick to state that no such thing was going to happen. James Bottomley jumped in to note that the issue had been discussed and that a mutually acceptable solution was at hand.
Another ABI issue is the current limitation, built into the Linux virtual filesystem layer, that no single I/O operation can transfer more than 2GB of data. As systems and memory sizes get larger, that limit may eventually hurt, he said, but Linus said that this limit would not be lifted. We are, he said, better than OS X, which causes overly large I/O requests to fail outright; Linux, instead, just transfers the maximum allowed amount of data. There are huge security implications to allowing larger I/O operations, to the point that there is no excuse for removing the limit. A whole lot of potential problems will simply be avoided if filesystem code just never sees 64-bit I/O request sizes. And, he said, if you try to do a 4GB write, "you're a moron." Such requests will not be any faster, there is just no reason to do it.
In general, Linus said, he is fundamentally opposed to doing anything that might break user space; he was not sure why the topic was being discussed at all. The old issue of tracepoints came up, and Linus said that, if we break something with a tracepoint change, that is a problem and we will fix it. Greg Kroah-Hartman pointed out that some subsystem maintainers — himself and Al Viro, for example — are refusing to add tracepoints because they are afraid of being committed to supporting them forever. Others thought that this policy was excessively cautious, noting that actual problems with tracepoint ABI compatibility have been few and far between. No-tracepoints policies, Ingo Molnar said, are simply not justified.
What about changes to printk() calls that break scripts that grep through the system logs? Linus answered that printk() is not special, and that problems there will be fixed as well. Masami Hiramatsu suggested that the sort of string-oriented data found in the logs is relatively easy to work with, and changes are easy to adapt to, but that hints that, perhaps, users are just coping with problems there rather than complaining about them. It would be interesting to see what would happen if a user were to actually complain about broken scripts resulting from a printk() change. Linus closed things off by complaining that the kernel developers have spent far more time worrying about this problem than they ever have dealing with actual issues.
Miklos stepped up to ask more specifically: where is the boundary that sets
the kernel ABI? Some parts of the operating system live in the kernel,
![[Miklos Szeredi]](https://web.archive.org/web/20240110063447im_/https://static.lwn.net/images/conf/2013/lce-ks/MiklosSzeredi-sm.jpg)
while others can be found in libraries and the kernel. Sometimes things
move; rename() was once in the C library, now it's a system call
provided by the kernel. NFS servers have been found on both sides of the
divide, graphics drivers have been moving into the kernel, sound drivers
have moved in both directions, and filesystems can be found on both sides.
Miklos may have been hoping for some sort of discussion of whether the interface between the kernel and some of these low-level components could be considered to be internal and not part of the kernel's ABI, but things didn't go in that direction. Instead, the discussion wandered a bit, covering whether parts of NetworkManager should be in the kernel (no, they would just have to call out to user space for authentication and such), drivers that require closed user-space components (still considered unwelcome), and the implementation of protocols like MTP, which, evidently, has more stuff in user space than should really be there.
[Next: Outreach Program for Women]
| Index entries for this article | |
|---|---|
| Kernel | Development model/User-space ABI |
| Conference | Kernel Summit/2013 |
(Log in to post comments)
The kernel/user-space boundary
Posted Nov 1, 2013 1:31 UTC (Fri) by k8to (guest, #15413) [Link]
Sometimes the messages you're sending out into the world are just wrong and stupid and you have to reformat, reword, clarify them. Yes, someone could be depending upon the exact wording, but you either have to accept that your logs aren't an ABI, or you have to formalize some component of the messaging as rigid and leave the informative text as not being part of it.
The kernel/user-space boundary
Posted Nov 5, 2013 0:55 UTC (Tue) by pj (subscriber, #4506) [Link]
Not that I'm advocating xml in the kernel, but at the point people are trying to actually parse printk()s, abstract error symbols make some amount of sense.
The kernel/user-space boundary
Posted Nov 5, 2013 8:24 UTC (Tue) by k8to (guest, #15413) [Link]
An apology...
Posted Nov 1, 2013 22:28 UTC (Fri) by pr1268 (subscriber, #24648) [Link]
In our editor's summary, he linked the LWN article regarding the broken Autofs ABI. I made a curt comment ranting that autofs and systemd need to work better together. In view of how much I've learned since then about just how difficult system- and kernel-level programming can be, especially when supporting a plethora of architectures and user-spaces, I've realized just how selfish and short-sighted my original comment is. I'm sorry for making that comment.
It is too easy to dismiss programming issues such as kernel ↔ userspace ABI breakage, but time and again I see that the kernel devs always try to Do The Right Thing™.
The kernel/user-space boundary
Posted Nov 7, 2013 13:01 UTC (Thu) by dakas (guest, #88146) [Link]
where, exactly, does the boundary between the kernel and user space lie?Now for thinking about the question where it can lie and what it can or should signify, looking at the HURD might actually prove educational. Some problems might benefit from shifting the boundary a lot.