From: Theodore Ts'o <tytso@mit.edu>
To: Dan Williams <dan.j.williams@intel.com>
Cc: ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [CORE TOPIC] [nomination] Move Fast and Oops Things
Date: Thu, 22 May 2014 11:48:59 -0400 [thread overview]
Message-ID: <20140522154859.GA28971@thunk.org> (raw)
In-Reply-To: <CAPcyv4hJvjY94-agCi8Twz-Np8_vxv3G7+eFSaAPjVOVyQ0gOQ@mail.gmail.com>
On Wed, May 21, 2014 at 04:03:49PM -0700, Dan Williams wrote:
> Simply, if an end user knows how to override a "gatekeeper" that user
> can test features that we are otherwise still debating upstream. They
> can of course also apply the patches directly, but I am proposing we
> formalize a mechanism to encourage more experimentation in-tree.
>
> I'm fully aware we do not have the tactical data nor operational
> control to run the kernel like a website, that's not my concern. My
> concern is with expanding a maintainer's options for mitigating risk.
Various maintainers are doing this sort of thing already. For
example, file system developers stage new file system features in
precisely this way. Both xfs and ext4 have done this sort of thing,
and certainly SuSE has used this technique with btrfs to only support
those file system features which they are prepared to support.
The problem is using this sort of gatekeeper is something that a
maintainer has to use in combination with existing techniques, and it
doesn't necessarliy accelerate development by all that much. In
particular, if it has any kind of kernel ABI or file system format
implications, we need to make sure the interfaces are set in stone
before we can let it into the mainline kernel, even if it is not
enabled by default. (Consider the avidity that userspace application
developers can sometimes have for using even debugging interfaces such
as ftrace, and the "no userspace breakages" rule. So not only do you
have to worry about userspace applicaitons not using a feature which
is protected by a gatekeeper, you also have to worry about premature
pervasive use of a feature such that you can't change the interface
any more.)
That by the way is the singular huge advangtage that centralized code
bases such as those found at Google and Facebook have --- if I need to
make a kernel change for some feature that hasn't made it upstream
yet, all of the users of some particular Google-specific kernel<->user
space interface is under a single source tree, and while I do need to
worry about staged deployments, I can be extremely confident that I
can identify all of the users of a particular interface, and put in
appropriate measures to update an interface. It still might take
several release candences, but that's typically far shorter than what
it would take to obsolete a published upstream interface.
As a result, I am much more willing to let a ugly, but operationally
necessary new feature (such as say a netlink interface to export
information about file system errors, for example) into an internal
Google kernel interface, but I'd be much less willing to let something
like that go upstream, because while it's annoying to have to forward
port such an out-of-tree patch, having to deal with fixing or
upgrading a published interface is at least an order or two more work.
In addition, both Google and Facebook can afford to make changes that
only need to worry about their data center environment, where as an
upstream change has to work in a much larger variety of situations and
circumstances.
The bottom line is just because you can do something at Facebook or
Google does not necessarily mean that the same technique will port
over easily into the upstream development model.
- Ted
next prev parent reply other threads:[~2014-05-22 15:49 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-15 23:13 Dan Williams
2014-05-16 2:56 ` NeilBrown
2014-05-16 15:04 ` Chris Mason
2014-05-16 17:09 ` Andy Grover
2014-05-23 8:11 ` Dan Carpenter
2014-05-16 18:31 ` Randy Dunlap
2014-05-21 7:48 ` Dan Williams
2014-05-21 7:55 ` Greg KH
2014-05-21 9:05 ` Matt Fleming
2014-05-21 12:52 ` Greg KH
2014-05-21 13:23 ` Matt Fleming
2014-05-21 8:25 ` NeilBrown
2014-05-21 8:36 ` Dan Williams
2014-05-21 8:53 ` Matt Fleming
2014-05-21 10:11 ` NeilBrown
2014-05-21 15:35 ` Dan Williams
2014-05-21 23:06 ` Rafael J. Wysocki
2014-05-21 23:03 ` Dan Williams
2014-05-21 23:40 ` Laurent Pinchart
2014-05-22 0:10 ` Rafael J. Wysocki
2014-05-22 15:48 ` Theodore Ts'o [this message]
2014-05-22 16:31 ` Dan Williams
2014-05-22 17:38 ` Theodore Ts'o
2014-05-22 18:42 ` Dan Williams
2014-05-22 19:06 ` Chris Mason
2014-05-22 20:31 ` Dan Carpenter
2014-05-22 20:56 ` Geert Uytterhoeven
2014-05-23 6:21 ` James Bottomley
2014-05-23 14:11 ` John W. Linville
2014-05-24 9:14 ` James Bottomley
2014-05-24 19:19 ` Geert Uytterhoeven
2014-05-23 2:13 ` Greg KH
2014-05-23 3:03 ` Dan Williams
2014-05-23 7:44 ` Greg KH
2014-05-23 14:02 ` Josh Boyer
2014-05-21 23:48 ` NeilBrown
2014-05-22 4:04 ` Dan Williams
2014-05-21 7:22 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140522154859.GA28971@thunk.org \
--to=tytso@mit.edu \
--cc=dan.j.williams@intel.com \
--cc=ksummit-discuss@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox