https://lwn.net/Articles/1010404/ This is a special feed containing comments posted to the individual LWN article titled "A possible path for cancelable BPF programs". en-us Sun, 12 Oct 2025 15:46:26 +0000 Sun, 12 Oct 2025 15:46:26 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/1011998/ https://lwn.net/Articles/1011998/ Cyberax <div class="FormattedComment"> Classic BPF is ancient. The new eBPF with all the bells and whistles started taking shape around 2016. At some point, they should have done a bit of self-reflection and looked at the state of the art around them.<br> <p> But yeah, all other technologies have just one fatal flaw.<br> </div> Wed, 26 Feb 2025 20:27:57 +0000 https://lwn.net/Articles/1011882/ https://lwn.net/Articles/1011882/ aviallon <div class="FormattedComment"> I second this. Some resources just can't be released at any random time.<br> Or is it that BPF programs can't modify problematic resources directly anyway?<br> </div> Wed, 26 Feb 2025 10:44:32 +0000 https://lwn.net/Articles/1011865/ https://lwn.net/Articles/1011865/ taladar <div class="FormattedComment"> Isn't the idea that locks can just be freed at any time overly naive? Maybe that works for read locks but for write locks that would cause a lot of issues.<br> <p> Usually write locks are held to make some changes to a data structure that should not be seen by anyone else in isolation but as a completed whole. If we just kill the program in the middle of such a change that would just leave the data structure in an undefined state forever, a much worse problem than a BPF program taking longer to finish than anticipated.<br> </div> Wed, 26 Feb 2025 09:00:16 +0000 https://lwn.net/Articles/1011857/ https://lwn.net/Articles/1011857/ tullmann <div class="FormattedComment"> The original BPF paper is from 1992, so I don't think this is a case of NIH.<br> <p> I do think the idea of isolating untrusted code so you can cleanly and efficiently terminate it is ... what user mode was originally designed for. So there is definitely a lot of prior art nearby in the kernel ....<br> <p> </div> Wed, 26 Feb 2025 05:24:45 +0000 https://lwn.net/Articles/1011821/ https://lwn.net/Articles/1011821/ pj <div class="FormattedComment"> Would this affect all BPF runtimes? I could imagine how some calls to a BPF module might want to limit their execution overhead by, for instance, having a lower permitted maximum number of instructions, while other places that aren't on such a deadline might have much more relaxed requirements.<br> </div> Tue, 25 Feb 2025 20:58:41 +0000 https://lwn.net/Articles/1011818/ https://lwn.net/Articles/1011818/ Cyberax <div class="FormattedComment"> BPF is basically repeating the entire WASM saga, with the same end result.<br> <p> At what point are they going to admit that they literally reimplemented a WASM runtime piecemeal? <br> </div> Tue, 25 Feb 2025 20:27:49 +0000 https://lwn.net/Articles/1011799/ https://lwn.net/Articles/1011799/ roc <div class="FormattedComment"> Dynamically tracking which resources need to be released is only a performance issue. Lots of things affect performance, e.g. the JIT. Therefore it doesn't make sense to impose "no dynamic tracking" as a hard design requirement.<br> <p> <span class="QuotedText">&gt; BPF, on the other hand, essentially makes anything the verifier can't understand the programmer's problem. </span><br> <p> This is a nightmare. Other comparable systems (CIL, JVM, WASM) carefully define what bytecode programs are valid and pretty much never change them (maybe relaxing a bit here and there), but valid bytecode is rich enough for compilers to compile any valid source program so users don't have to care.<br> <p> I hope the BPF community eventually figures this out, but they're accumulating a horrendous amount of baggage in the meantime.<br> </div> Tue, 25 Feb 2025 19:16:27 +0000