Systemd discusses its kernel-version needs

A query regarding the possibility of dropping support for older kernels in systemd led to some discussion on the systemd-devel mailing list recently. As might be guessed, exactly which kernel would be the minimum supported, what kernel features systemd is using, and when those kernel features became available, were all part of that conversation. A component like systemd that is closely tied to the kernel, and the interfaces different versions provide, has a number of different factors to consider when making a decision of this sort.

Zbigniew Jędrzejewski-Szmek started things off by asking if changing the minimum required kernel version for systemd to 4.4 would cause problems for anyone. He said that if it did, "please substantiate why you are running new systemd with such old kernels". Currently, systemd minimally requires Linux 3.15 or later, as noted in its README file.

Which version?

But Greg Kroah-Hartman was quick to point out that the stable-kernel team recently stopped supporting 4.4, so the 4.9 kernel is the oldest version that is still getting stable updates. He suggested using that as the baseline instead. Jędrzejewski-Szmek noted that the Civil Infrastructure Platform (CIP) will continue to use 4.4, but that Debian 9.x ("stretch") uses 4.9 and has its end of life in June 2022. "Of course we'd like to move to 4.19, but we don't want to disrupt distros that use older kernels. Is ≤4.19 really unused?"

Michael Biebl filled in more details for the Debian picture. Newer systemd versions are being backported to Debian 11.x ("bullseye"), which uses the 5.10 kernel, but not to earlier Debian releases. He did note that downstream Debian derivatives (such as Raspbian) might have other requirements, as might those who build their own kernels. Neal Gompa said that there are active efforts to bring newer systemd releases to CentOS Stream 8, which is based on 4.18 plus a bunch of kernel-feature backports. He would like to see that continue to be supported.

Luca Boccassi said that he would like to see the minimum version only go as far as 4.4 since "what's on kernel.org is not really that important, as real usage is downstream from there anyway". The important thing is to identify what's needed for systemd core compatibility—all of that is available in 4.4, he said. He noted that support for version 2 of control groups (cgroupv2) came in 4.1; being able to count on cgroupv2 support would be helpful. Control groups are a resource-management mechanism that is used extensively by systemd.

Not surprisingly, Kroah-Hartman had a rather different take on that; "anyone still using 4.4.y today has an insecure and unsupported system". He does not want to encourage anyone to use that version. While CIP is supporting 4.4 until 2027, it is using that kernel "in a very limited set of use cases and configurations". He is somewhat skeptical that CIP will be able to keep that kernel "alive and secure"; for anyone else that is still using 4.4, "send them to me please".

Boccassi disagreed with that view; kernel-version choices are often out of the hands of the user because they have to use what their distribution or vendor provides. If the kernel version for systemd changes, he expects that the project will hear from "some poor soul stuck on 3.x because of $crappy_arm_vendor with no way to move on from there". Even so, moving to 4.4 has some advantages:

Jumping forward from 3.13 to 4.4 as the baseline, allowing to take cgroupsv2 for granted, seems like a good starting point to me. There's very obvious and public evidence of that being used in the wild. We can start to drop a bunch of backward-compat cruft, wait and see who complains, and if nobody does we can re-evaluate again in a couple of years.

But Kroah-Hartman thought it is unlikely that people stuck on 3.x kernels are updating to the latest systemd version; "if they are, they need to get $crappy_arm_vendor to do the work for them as they PAID for that support and work already".

Ulrich Windl said there can be value in sticking with the same kernel over time, though, because "new features intended to improve things sometimes actually make things worse". But in choosing which kernels to support for systemd, that is not really the issue, Kroah-Hartman said:

Do you want to run a kernel with known security problems, or one with "unknown potential problems." The latter is always the case, so please don't pick the known-insecure one, that's just foolish.

Boccassi was not impressed with that argument, noting that "'security problems' are a dime a dozen, as they say" and complaining that the stable kernels often have regressions of various sorts. He made a rather surprising claim about the nature of those regressions, however:

Upgrading major kernel version is like rolling a dice, you never know what kind of extremely expensive and time consuming rabbit hole you'll be dragged into because the kernel plays fast and loose with its userspace interfaces, and each and every time there's a chance one might end up having to do major reworks to deal with it.

Kroah-Hartman seemed surprised to hear that, since the kernel developers take user-space compatibility seriously. As readers of the LWN kernel page know, Linus Torvalds will quickly step in and remind kernel developers, sometimes rather harshly, that the kernel does not break user space. There are often complaints about regressions in the stable tree, but it does not typically involve breaking user-space interfaces. Kroah-Hartman said that he was interested in hearing any such reports and that the proper place to report them was the kernel's regressions mailing list.

That was something of a side conversation to the main point of the discussion, but the resistance to upgrading to new kernel versions is real; it is somewhat unclear why that resistance would not also extend to systemd versions, however. The kernel-upgrade resistance is something that the stable maintainers (and others) have been struggling with for a long time. Those who plan to stay on older releases, or not upgrade series that are still supported, are playing a dangerous game. Kroah-Hartman clearly sees the choice of the minimum supported kernel version as a means to help spread that message further, though it is unclear how successful it would be.

Control group evolution

Back to systemd itself, Lennart Poettering said that there had been an evolution in cgroupv2 support over time, so narrowing down exactly what systemd needs or wants in that support is needed:

Note that "cgroupv2 exists" and "cgroupv2 works well" are two distinct things. Initially too few controllers supported cgroupv2 for cgroupv2 to be actually useful.

What I am trying to say is that it would actually help us a lot if we'd not just be able to take [cgroupv2] for granted but to take a reasonably complete cgroupv2 for granted.

Boccassi agreed that information would be useful, especially which cgroupv2 controllers are needed and when they were added. As Jędrzejewski-Szmek pointed out, the README does list some features that systemd can use and what kernel is needed for them:

Linux kernel >= 4.2 for unified cgroup hierarchy support
Linux kernel >= 4.10 for cgroup-bpf egress and ingress hooks
Linux kernel >= 4.15 for cgroup-bpf device hook
Linux kernel >= 4.17 for cgroup-bpf socket address hooks

In this light, 4.19 is better than 4.4 or 4.9 ;)

Given that, Kroah-Hartman was in favor of choosing 4.19: "I strongly doubt that any distro that is using older kernels would ever be willing to update systemd." Windl added a data point, saying that the most recent service pack of SUSE Enterprise Linux 12 (SLES12 SP5) is using 4.12, but he agreed that it was not likely it would be moving to newer systemd versions.

The list of kernel versions in the README is mostly concerned with various BPF-related features, Boccassi said. But systemd should still run without support for BPF; "There's plenty of use cases that disable it entirely (in the sense, things shouldn't fall apart if we run on a non-bpf kernel and there are no bpf options configured in any unit). I have one of them." BPF-related features should remain optional in systemd forever, he said.

Poettering took a look through the systemd man pages to get a sense for what kernel features are being used and when they were added. He noted that cgroupv2 support was not really viable for systemd until 4.15, since before that it lacked the CPU controller, which is used to partition the CPU use between different groups. Beyond that:

some other interesting milestones:

• kcmp → 3.5
• renameat2 on all relevant file systems → 4.0
• pids controller in cgroupv1 → 4.3
• pids controller in cgroupv2 → 4.5
• cgroup namespaces → 4.6
• statx → 4.11
• pidfd → 5.3

This is just some quick search through man pages. There might be a lot of other stuff that would make sense for us to be able to rely on.

Windl wondered if some sort of conformance test suite for systemd made sense; "If the test suite succeeds, systemd might work; if it doesn't, manual steps are needed." Windl guessed that if manual steps were required, it might deter most people from going any further. But Poettering thought that was not the right path forward: "One goal here is to reduce our [maintenance] burden, not increase it. Another is to communicate clearly what we support and what we don't. Any such test suite collides with both these goals."

The conversation wound down, seemingly without any final conclusions. While support for 4.4 might send the wrong message, at least from the stable-kernel maintainers' point of view, it may make sense if the CIP project has plans to upgrade its systemd along the way. Jędrzejewski-Szmek opened an issue on the project's GitLab site to try to find out. It does seem reasonable to at least conjecture that distributions (and others) that are unwilling to upgrade their kernel might also be leery of upgrading a major component like systemd.

Since 4.4 lacks the cgroupv2 support that is desirable, 4.9 or even 4.19 seem like the next logical possibilities, though 4.9 reaches end of life in January 2023. In addition, 4.9 is lacking in the cgroupv2 department as well. The 4.19 kernel will be supported for nearly two years longer than 4.9, until December 2024, and has most of the desired features. It may well be where the project decides to land.

In the end, the systemd project will need to find a good balance between the features it needs from the kernel and the kernel versions that its users are running—if they still plan to upgrade to newer systemd versions anyway. Most distributions will likely shy away from kernels that have fallen outside of the stable-kernel support windows, though, so that helps bound the search space to a certain extent. Settling on a choice, and being able to remove a bunch of compatibility code for earlier kernels, will presumably result in a nice code cleanup as well.