| .. _stable_kernel_rules: |
| |
| Everything you ever wanted to know about Linux -stable releases |
| =============================================================== |
| |
| Rules on what kind of patches are accepted, and which ones are not, into the |
| "-stable" tree: |
| |
| - It or an equivalent fix must already exist in Linux mainline (upstream). |
| - It must be obviously correct and tested. |
| - It cannot be bigger than 100 lines, with context. |
| - It must follow the |
| :ref:`Documentation/process/submitting-patches.rst <submittingpatches>` |
| rules. |
| - It must either fix a real bug that bothers people or just add a device ID. |
| To elaborate on the former: |
| |
| - It fixes a problem like an oops, a hang, data corruption, a real security |
| issue, a hardware quirk, a build error (but not for things marked |
| CONFIG_BROKEN), or some "oh, that's not good" issue. |
| - Serious issues as reported by a user of a distribution kernel may also |
| be considered if they fix a notable performance or interactivity issue. |
| As these fixes are not as obvious and have a higher risk of a subtle |
| regression they should only be submitted by a distribution kernel |
| maintainer and include an addendum linking to a bugzilla entry if it |
| exists and additional information on the user-visible impact. |
| - No "This could be a problem..." type of things like a "theoretical race |
| condition", unless an explanation of how the bug can be exploited is also |
| provided. |
| - No "trivial" fixes without benefit for users (spelling changes, whitespace |
| cleanups, etc). |
| |
| |
| Procedure for submitting patches to the -stable tree |
| ---------------------------------------------------- |
| |
| .. note:: |
| |
| Security patches should not be handled (solely) by the -stable review |
| process but should follow the procedures in |
| :ref:`Documentation/process/security-bugs.rst <securitybugs>`. |
| |
| There are three options to submit a change to -stable trees: |
| |
| 1. Add a 'stable tag' to the description of a patch you then submit for |
| mainline inclusion. |
| 2. Ask the stable team to pick up a patch already mainlined. |
| 3. Submit a patch to the stable team that is equivalent to a change already |
| mainlined. |
| |
| The sections below describe each of the options in more detail. |
| |
| :ref:`option_1` is **strongly** preferred, it is the easiest and most common. |
| :ref:`option_2` is mainly meant for changes where backporting was not considered |
| at the time of submission. :ref:`option_3` is an alternative to the two earlier |
| options for cases where a mainlined patch needs adjustments to apply in older |
| series (for example due to API changes). |
| |
| When using option 2 or 3 you can ask for your change to be included in specific |
| stable series. When doing so, ensure the fix or an equivalent is applicable, |
| submitted, or already present in all newer stable trees still supported. This is |
| meant to prevent regressions that users might later encounter on updating, if |
| e.g. a fix merged for 5.19-rc1 would be backported to 5.10.y, but not to 5.15.y. |
| |
| .. _option_1: |
| |
| Option 1 |
| ******** |
| |
| To have a patch you submit for mainline inclusion later automatically picked up |
| for stable trees, add this tag in the sign-off area:: |
| |
| Cc: stable@vger.kernel.org |
| |
| Use ``Cc: stable@kernel.org`` instead when fixing unpublished vulnerabilities: |
| it reduces the chance of accidentally exposing the fix to the public by way of |
| 'git send-email', as mails sent to that address are not delivered anywhere. |
| |
| Once the patch is mainlined it will be applied to the stable tree without |
| anything else needing to be done by the author or subsystem maintainer. |
| |
| To send additional instructions to the stable team, use a shell-style inline |
| comment to pass arbitrary or predefined notes: |
| |
| * Specify any additional patch prerequisites for cherry picking:: |
| |
| Cc: <stable@vger.kernel.org> # 3.3.x: a1f84a3: sched: Check for idle |
| Cc: <stable@vger.kernel.org> # 3.3.x: 1b9508f: sched: Rate-limit newidle |
| Cc: <stable@vger.kernel.org> # 3.3.x: fd21073: sched: Fix affinity logic |
| Cc: <stable@vger.kernel.org> # 3.3.x |
| Signed-off-by: Ingo Molnar <mingo@elte.hu> |
| |
| The tag sequence has the meaning of:: |
| |
| git cherry-pick a1f84a3 |
| git cherry-pick 1b9508f |
| git cherry-pick fd21073 |
| git cherry-pick <this commit> |
| |
| Note that for a patch series, you do not have to list as prerequisites the |
| patches present in the series itself. For example, if you have the following |
| patch series:: |
| |
| patch1 |
| patch2 |
| |
| where patch2 depends on patch1, you do not have to list patch1 as |
| prerequisite of patch2 if you have already marked patch1 for stable |
| inclusion. |
| |
| * Point out kernel version prerequisites:: |
| |
| Cc: <stable@vger.kernel.org> # 3.3.x |
| |
| The tag has the meaning of:: |
| |
| git cherry-pick <this commit> |
| |
| For each "-stable" tree starting with the specified version. |
| |
| Note, such tagging is unnecessary if the stable team can derive the |
| appropriate versions from Fixes: tags. |
| |
| * Delay pick up of patches:: |
| |
| Cc: <stable@vger.kernel.org> # after -rc3 |
| |
| * Point out known problems:: |
| |
| Cc: <stable@vger.kernel.org> # see patch description, needs adjustments for <= 6.3 |
| |
| There furthermore is a variant of the stable tag you can use to make the stable |
| team's backporting tools (e.g AUTOSEL or scripts that look for commits |
| containing a 'Fixes:' tag) ignore a change:: |
| |
| Cc: <stable+noautosel@kernel.org> # reason goes here, and must be present |
| |
| .. _option_2: |
| |
| Option 2 |
| ******** |
| |
| If the patch already has been merged to mainline, send an email to |
| stable@vger.kernel.org containing the subject of the patch, the commit ID, |
| why you think it should be applied, and what kernel versions you wish it to |
| be applied to. |
| |
| .. _option_3: |
| |
| Option 3 |
| ******** |
| |
| Send the patch, after verifying that it follows the above rules, to |
| stable@vger.kernel.org and mention the kernel versions you wish it to be applied |
| to. When doing so, you must note the upstream commit ID in the changelog of your |
| submission with a separate line above the commit text, like this:: |
| |
| commit <sha1> upstream. |
| |
| Or alternatively:: |
| |
| [ Upstream commit <sha1> ] |
| |
| If the submitted patch deviates from the original upstream patch (for example |
| because it had to be adjusted for the older API), this must be very clearly |
| documented and justified in the patch description. |
| |
| |
| Following the submission |
| ------------------------ |
| |
| The sender will receive an ACK when the patch has been accepted into the |
| queue, or a NAK if the patch is rejected. This response might take a few |
| days, according to the schedules of the stable team members. |
| |
| If accepted, the patch will be added to the -stable queue, for review by other |
| developers and by the relevant subsystem maintainer. |
| |
| |
| Review cycle |
| ------------ |
| |
| - When the -stable maintainers decide for a review cycle, the patches will be |
| sent to the review committee, and the maintainer of the affected area of |
| the patch (unless the submitter is the maintainer of the area) and CC: to |
| the linux-kernel mailing list. |
| - The review committee has 48 hours in which to ACK or NAK the patch. |
| - If the patch is rejected by a member of the committee, or linux-kernel |
| members object to the patch, bringing up issues that the maintainers and |
| members did not realize, the patch will be dropped from the queue. |
| - The ACKed patches will be posted again as part of release candidate (-rc) |
| to be tested by developers and testers. |
| - Usually only one -rc release is made, however if there are any outstanding |
| issues, some patches may be modified or dropped or additional patches may |
| be queued. Additional -rc releases are then released and tested until no |
| issues are found. |
| - Responding to the -rc releases can be done on the mailing list by sending |
| a "Tested-by:" email with any testing information desired. The "Tested-by:" |
| tags will be collected and added to the release commit. |
| - At the end of the review cycle, the new -stable release will be released |
| containing all the queued and tested patches. |
| - Security patches will be accepted into the -stable tree directly from the |
| security kernel team, and not go through the normal review cycle. |
| Contact the kernel security team for more details on this procedure. |
| |
| |
| Trees |
| ----- |
| |
| - The queues of patches, for both completed versions and in progress |
| versions can be found at: |
| |
| https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git |
| |
| - The finalized and tagged releases of all stable kernels can be found |
| in separate branches per version at: |
| |
| https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git |
| |
| - The release candidate of all stable kernel versions can be found at: |
| |
| https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/ |
| |
| .. warning:: |
| The -stable-rc tree is a snapshot in time of the stable-queue tree and |
| will change frequently, hence will be rebased often. It should only be |
| used for testing purposes (e.g. to be consumed by CI systems). |
| |
| |
| Review committee |
| ---------------- |
| |
| - This is made up of a number of kernel developers who have volunteered for |
| this task, and a few that haven't. |