BPF in Stable Kernels

1 BPF in Stable Kernels LSF/MM/BPF Summit 2025 Shung-Hsi Yu

- Purpose - Stable Kernel - Challenges & Improvements -
Remarks - Discussion 2 Agenda

1. Have a better guarantee of BPF quality in stable
kernels - stable kernels have the largest user base - bug-free experience - vulnerability-free 2. Find other that are interested/have stake in BPF in stable 3 Purpose Discuss How To Provide

4 Stable Kernels Deﬁnition

- stable/linux.git - Distro Kernels - Vendor Kernels - Android
Common Kernel - Civil Infrastructure Platform Kernel 5 Stable Kernels

- stable/linux.git - non-LTS (every release) - LTS (v6.12, v6.6,
v6.1, v5.15, v5.10, …) 6 Stable Kernels Deﬁnition

- Distro Kernels - RHEL, SLES, Ubuntu, … (LTS-like, alphanumeric
order) - Vendor Kernels - Hardware-speciﬁc (e.g. SteamOS, probably LTS-based) 7 Stable Kernels Deﬁnition

- Android - Android Common Kernel (LTS-based, extended by ?
yrs) - Civil Infrastructure Platform cip/linux-cip.git - SLTS (LTS-based, extended by ~8 yrs) 8 Stable Kernels Deﬁnition

- stable/linux.git - LTS (v6.12, v6.6, v6.1, v5.15, v5.10, …)
- large user base - common ground - more code deviation (compared to non-LTS stables) 9 Stable Kernels Focus

10 LTS in stable/linux.git

- How does a patch ended up in stable/linux.git? (i.e.
how are patch selected for backporting) 1. CCed [email protected] 2. AUTOSEL selection (usually those that had Fixes tag) 3. Ask stable team explicitly for backporting 11 LTS in stable/linux.git

- Additional criterias 1. Patch applies as-is (e.g. no merge
conﬂict) 2. Builds after applying 12 LTS in stable/linux.git

- Assumption 1. Patch works as-is, or 2. If it
doesn’t, will be caught by stable release testers Tested-by: Some One <[email protected]> 13 LTS in stable/linux.git

14 Challenges

- Does it really work? - patches receives less thorough
review, if any - (AFAIK) not tested with BPF selftests - v6.6 BPF selftests fails to compile & pass - does it changes existing behavior (veriﬁer rejection)? 15 Challenges Elephant in the Room

- Test LTS in BPF CI (and Agni, etc.) -
v6.12 (hopefully v6.6 & v6.1 as well) - Error reported to where? - stable mailing list - interest group / volunteer (not necessary ML) 16 Improvements A Low Hanging Fruit?

- Less-than-idea BPF selftests coverage - most ﬁxes has a
corresponding BPF selftests test case - while a ﬁxes is add to stable, such test case are ignored 17 Challenges

- Backport BPF selftests - Greg would take them -
Finding the commits takes time and effort 18 Improvements Nice to Have

- Not all ﬁxes are backported - patch may fail
to apply, build, or work due to missing dependencies 19 Challenges

- How does a patch ended up in stable/linux.git? 1.
CCed [email protected] 2. AUTOSEL selection (usually those that had Fixes tag) 3. Ask stable team explicitly for backporting 4. Send patch to stable mailing list - the only way to send modiﬁed patches 20 LTS in stable/linux.git

to apply, build, or work due to missing dependencies 21 Challenges

to apply, build, or work due to missing dependencies - ﬁx as side effect of feature, e.g. support non-r10 register spill/ﬁll to/from stack in precision tracking 22 Challenges

- Backport missing ﬁxes 23 Improvements The Unlikely Ones

- Backport missing ﬁxes - time-intensive, mechanical work - more
likely to run into issues - if nobody complains, then it probably doesn’t matter - unless it’s security vulnerability (80%+) 24 Improvements The Unlikely Ones

25 Remarks

- Problems in stable often aren’t BPF-speciﬁc - BPF-speciﬁc low
hanging fruits - Quality of BPF in stable kernels ultimately depends on the quality of bpf-next - diverting existing maintainers’ attention - get others involved 26 Remarks

- Technical Improvements 1. Test LTS in BPF CI 2.
Backport BPF selftests 3. Backport missing ﬁxes 27 Remarks Overview

- Non-technical Improvements 1. Find volunteers/stakeholders/interested 2. ? 28 Remarks
Overview

- Run bpf-next BPF selftests on stable kernels? - kABI
breakage due to struct bpf_verifier* changes - LTS v6.1 need some more love? - Where to share stable backports after stable/linux.git branch reach EOL? - Possibility of aligning BPF subsystem across the Stable Kernels 30 Miscellaneous

BPF in Stable Kernels

BPF in Stable Kernels

shunghsiyu

More Decks by shunghsiyu

Other Decks in Technology

Featured

Transcript

1 BPF in Stable Kernels LSF/MM/BPF Summit 2025 Shung-Hsi Yu

- Purpose - Stable Kernel - Challenges & Improvements -

1. Have a better guarantee of BPF quality in stable

4 Stable Kernels Deﬁnition

- stable/linux.git - Distro Kernels - Vendor Kernels - Android

- stable/linux.git - non-LTS (every release) - LTS (v6.12, v6.6,

- Distro Kernels - RHEL, SLES, Ubuntu, … (LTS-like, alphanumeric

- Android - Android Common Kernel (LTS-based, extended by ?

- stable/linux.git - LTS (v6.12, v6.6, v6.1, v5.15, v5.10, …)

10 LTS in stable/linux.git

- How does a patch ended up in stable/linux.git? (i.e.

- Additional criterias 1. Patch applies as-is (e.g. no merge

- Assumption 1. Patch works as-is, or 2. If it

14 Challenges

- Does it really work? - patches receives less thorough

- Test LTS in BPF CI (and Agni, etc.) -

- Less-than-idea BPF selftests coverage - most ﬁxes has a

- Backport BPF selftests - Greg would take them -

- Not all ﬁxes are backported - patch may fail

- How does a patch ended up in stable/linux.git? 1.

- Not all ﬁxes are backported - patch may fail

- Not all ﬁxes are backported - patch may fail

- Backport missing ﬁxes 23 Improvements The Unlikely Ones

- Backport missing ﬁxes - time-intensive, mechanical work - more

25 Remarks

- Problems in stable often aren’t BPF-speciﬁc - BPF-speciﬁc low

- Technical Improvements 1. Test LTS in BPF CI 2.

- Non-technical Improvements 1. Find volunteers/stakeholders/interested 2. ? 28 Remarks

29 ?

- Run bpf-next BPF selftests on stable kernels? - kABI