From: Chuck Wolber <chuckwolber@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Gabriele Paoloni <gpaoloni@redhat.com>,
shuah@kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org, corbet@lwn.net,
linux-doc@vger.kernel.org, linux-mm@kvack.org,
safety-architecture@lists.elisa.tech, acarmina@redhat.com,
kstewart@linuxfoundation.org, chuck@wolber.net
Subject: Re: [RFC PATCH v2 0/3] Add testable code specifications
Date: Fri, 7 Nov 2025 16:29:13 +0000 [thread overview]
Message-ID: <CAB=6tBSaGfKq4RgV=nbw28Yq59jHMrVOkm_dx2bqD1AjU37oaw@mail.gmail.com> (raw)
In-Reply-To: <2025102211-wolverine-cradling-b4ec@gregkh>
On Wed, Oct 22, 2025 at 5:13 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Wed, Oct 22, 2025 at 04:06:10PM +0200, Gabriele Paoloni wrote:
> > > Every in-kernel api documented in a "formal" way like this? Or a subset?
> > > If a subset, which ones specifically? How many? And who is going to do
> > > that? And who is going to maintain it? And most importantly, why is it
> > > needed at all?
I appreciate the questions. I sense there may be some confusion over who this
is intended to benefit.
The design of the Linux kernel is emergent. This is a fundamental property of
the way it is developed, and the source of its greatest strength. But it has
some shortcomings that place a burden on kernel maintainers, all kernel
testing, and even people who wish to contribute.
We intend this as a tool to address those areas.
> > > For some reason Linux has succeeded in pretty much every place an
> > > operating system is needed for cpus that it can run on (zephyr for those
> > > others that it can not.) So why are we suddenly now, after many decades,
> > > requiring basic user/kernel stuff to be formally documented like this?
You are correct, the kernel has succeeded over many decades, and will continue
succeeding for many decades to come.
With the exception of some very narrow situations, the emergent design (or
"nuanced complexity" if you prefer that term) of the Linux kernel is not
communicated in a broadly consistent way. This affects the way the kernel is
tested, and also the way it is developed. Even veteran kernel maintainers are
tripping over nuance and complexity.
> > Let me try to answer starting from the "why".
>
> Let's ignore the "why" for now, and get to the "how" and "what" which you
> skipped from my questions above.
>
> _Exactly_ how many in-kernel functions are you claiming is needed to be
> documented in this type of way before Linux would become "acceptable" to
> these regulatory agencies, and which ones _specifically_ are they?
Exactly zero. This is not for regulators.
> Without knowing that, we could argue about the format all day long, and
> yet have nothing to show for it.
As this is not intended for regulators, it is not clear to me that catering to
their desires would be a good use of anyone's time.
I say this as a software engineer who works in a _highly_ regulated industry,
and who knows the relevant regulations quite well. There are good ideas buried
in those regulations, but (in their default form) they are _not_ appropriate
for the Linux kernel development process.
> And then, I have to ask, exactly "who" is going to do that work.
The intent is to allow for a separate maintainer path. There is more to it than
that, but I do not want to bury the lede here.
> I'll point at another "you must do this for reasons" type of request we have
> had in the past, SPDX. Sadly that task was never actually finished as it
> looks like no one really cared to do the real work involved. We got other
> benefits out of that effort, but the "goal" that people started that effort
> with was never met. Part of that is me not pushing back hard enough on the
> "who is going to do the work" part of that question, which is important in
> stuff like this.
Well, I am sorry for that. I am not quite sure how to respond, but I certainly
sympathize with past frustrations. I have plenty of my own.
We are not offering a silver bullet here, and the work to describe the kernel's
design will be finished when the work of development is finished. This is just
an attempt to fill in a semantic gap that is responsible for a great deal of
technical debt and maintainer burnout.
> If you never complete the effort, your end goal of passing Linux off to those
> customers will never happen.
It is not clear to me what customers you are talking about. That is certainly
not a goal in the mind of anyone working on this project that I am aware of.
> So, try to answer that, with lots and lots of specifics, and then, if we
> agree that it is a sane thing to attempt (i.e. you are going to do all the
> work and it actually would be possible to complete), then we can argue about
> the format of the text :)
I respect what you are saying here, and perhaps the point of confusion came
from the safety related source? As is often the case in science and
engineering, we are borrowing (and _heavily_ modifying) a technique that is
found in a different domain.
The intent is to target technical debt and maintainer burnout by filling in a
semantic gap that occurs when a human idea is turned into code. Ironically,
this is why the safety regulations were written in the first place, but little
consideration was given to development methodology during that process.
Thank you,
..Ch:W..
next prev parent reply other threads:[~2025-11-07 16:29 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-10 16:59 Gabriele Paoloni
2025-09-10 16:59 ` [RFC v2 PATCH 1/3] Documentation: add guidelines for writing " Gabriele Paoloni
2025-09-15 22:33 ` Jonathan Corbet
2025-09-17 15:24 ` Gabriele Paoloni
2025-10-20 19:35 ` David Hildenbrand
2025-10-20 20:54 ` Chuck Wolber
2025-10-20 21:02 ` Chuck Wolber
2025-10-21 15:37 ` David Hildenbrand
2025-10-21 16:27 ` Gabriele Paoloni
2025-10-21 16:34 ` David Hildenbrand
2025-10-21 16:43 ` Gabriele Paoloni
2025-09-10 16:59 ` [RFC v2 PATCH 2/3] /dev/mem: Add initial documentation of memory_open() and mem_fops Gabriele Paoloni
2025-09-15 22:39 ` Jonathan Corbet
2025-09-16 7:29 ` Chuck Wolber
2025-09-17 15:38 ` Gabriele Paoloni
2025-09-10 17:00 ` [RFC v2 PATCH 3/3] selftests/devmem: initial testset Gabriele Paoloni
2025-10-21 7:35 ` Greg KH
2025-10-21 17:40 ` Alessandro Carminati
2025-10-21 7:35 ` [RFC PATCH v2 0/3] Add testable code specifications Greg KH
2025-10-21 9:42 ` Gabriele Paoloni
2025-10-21 16:46 ` Greg KH
2025-10-22 14:06 ` Gabriele Paoloni
2025-10-22 17:13 ` Greg KH
2025-11-07 16:29 ` Chuck Wolber [this message]
2025-11-26 13:55 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAB=6tBSaGfKq4RgV=nbw28Yq59jHMrVOkm_dx2bqD1AjU37oaw@mail.gmail.com' \
--to=chuckwolber@gmail.com \
--cc=acarmina@redhat.com \
--cc=chuck@wolber.net \
--cc=corbet@lwn.net \
--cc=gpaoloni@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=kstewart@linuxfoundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=safety-architecture@lists.elisa.tech \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox