On Thu, Jun 01, 2023 at 02:39:00PM -0400, Paul Moore wrote:
On Thu, Jun 1, 2023 at 11:51 AM Greg KH gregkh@linuxfoundation.org wrote:
On Thu, Jun 01, 2023 at 10:56:24AM -0400, Paul Moore wrote:
On Thu, Jun 1, 2023 at 9:20 AM Greg KH gregkh@linuxfoundation.org wrote:
On Thu, Jun 01, 2023 at 09:13:21AM -0400, Luiz Capitulino wrote:
...
Yes. I'm reporting this here because I'm more concerned with -stable kernels since they're more likely to be running on older user-space.
Yeah, we are bug-compatible! :)
While I really don't want to go back into the old arguments about what does, and does not, get backported to -stable, I do want to ask if there is some way to signal to the -stable maintainers that a patch should not be backported? Anything coming from the LSM, SELinux, or audit trees that I believe should be backported is explicitly marked with a stable@vger CC, as documented in stable-kernel-rules.rst, however it is generally my experience that patches with a 'Fixes:' tag are generally pulled into the -stable releases as well.
Really?
Yes, really.
Right now we HAVE to pick up the Fixes: tagged commits in those subsystems as you are missing lots of real fixes.
This starts to bring us back to the old argument about what is appropriate for -stable, but I've been sticking as close as possible to what is documented in stable-kernel-rules.rst which (ignoring things like HW enablement) advises that only patches which fix build issues or "serious issues" should be considered for -stable. I consider every bug fix that goes into the LSM, SELinux, and audit trees to see if it meets those criteria, if it does I mark it with a -stable tag, if not I leave the -stable tag and ensure it carries a 'Fixes:' tag if it makes sense and an appropriate root-cause commit is identified.
We definitely have different opinions on where the -stable bug fix threshold lies. I am of the opinion that every -stable backport carries risk, and I consider that when deciding if a commit should be marked for -stable. I do not believe that every bug fix, or every commit with a 'Fixes:' tag, should be backported to -stable.
Ok, I'll not argue here, but it feels like there is a lack of changes for some of these portions of the kernel that end up in stable kernels. I'll trust you on this.
So, can I get a directory list or file list of what we should be ignoring for the AUTOSEL and "Fixes: only" tools to be ignoring?
thanks,
greg k-h