lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 2 Dec 2020 22:04:17 +0100
From:   Greg Kroah-Hartman <>
To:     Dave Chinner <>
Cc:     Miklos Szeredi <>,
        David Howells <>,
        Ira Weiny <>,
        Eric Sandeen <>,
        Linus Torvalds <>,
        Miklos Szeredi <>,,
        linux-man <>,, xfs <>,, Xiaoli Feng <>
Subject: Re: [PATCH V2] uapi: fix statx attribute value overlap for DAX &

On Thu, Dec 03, 2020 at 07:40:45AM +1100, Dave Chinner wrote:
> On Wed, Dec 02, 2020 at 08:06:01PM +0100, Greg Kroah-Hartman wrote:
> > On Wed, Dec 02, 2020 at 06:41:43PM +0100, Miklos Szeredi wrote:
> > > On Wed, Dec 2, 2020 at 5:24 PM David Howells <> wrote:
> > > >
> > > > Miklos Szeredi <> wrote:
> > > >
> > > > > Stable cc also?
> > > > >
> > > > > Cc: <> # 5.8
> > > >
> > > > That seems to be unnecessary, provided there's a Fixes: tag.
> > > 
> > > Is it?
> > > 
> > > Fixes: means it fixes a patch, Cc: stable means it needs to be
> > > included in stable kernels.  The two are not necessarily the same.
> > > 
> > > Greg?
> > 
> > You are correct.  cc: stable, as is documented in
> >
> > ensures that the patch will get merged into the stable tree.
> > 
> > Fixes: is independent of it.  It's great to have for stable patches so
> > that I know how far back to backport patches.
> > 
> > We do scan all commits for Fixes: tags that do not have cc: stable, and
> > try to pick them up when we can and have the time to do so.  But it's
> > not guaranteed at all that this will happen.
> > 
> > I don't know why people keep getting confused about this, we don't
> > document the "Fixes: means it goes to stable" anywhere...
> Except that is exactly what happens, sometimes within a day of two
> of a patch with a Fixes tag hitting Linus' kernel. We have had a
> serious XFS regression in the 5.9.9 stable kernel that should never
> have happened as a result of exactly this "Fixes = automatically
> swept immediately into stable kernels" behaviour. See here for
> post-mortem analysis:
> This happened because these auotmated Fixes scans seem to occur
> weekly during -rcX release periods, which means there really is *no
> practical difference* between the way the stable process treats
> Fixes tags and cc: stable.

Sometimes, yes, that is true.  But as it went into Linus's tree at the
same time, we just ended up with "bug compatible" trees :)

Not a big deal overall, happens every few releases, we fix it up and
move on.  The benifits in doing all of this _FAR_ outweigh the very
infrequent times that kernel developers get something wrong.

As always, if you do NOT want your subsystem to have fixes: tags picked
up automatically by us for stable trees, just email us and let us know
to not do that and we gladly will.

> It seems like this can all be avoided simply by scheduling the
> automated fixes scans once the upstream kernel is released, not
> while it is still being stabilised by -rc releases. That way stable
> kernels get better tested fixes, they still get the same quantity of
> fixes, and upstream developers have some margin to detect and
> correct regressions in fixes before they get propagated to users.

So the "magic" -final release from Linus would cause this to happen?
That means that the world would go for 3 months without some known fixes
being applied to the tree?  That's not acceptable to me, as I started
doing this because it was needed to be done, not just because I wanted
to do more work...

> It also creates a clear demarcation between fixes and cc: stable for
> maintainers and developers: only patches with a cc: stable will be
> backported immediately to stable. Developers know what patches need
> urgent backports and, unlike developers, the automated fixes scan
> does not have the subject matter expertise or background to make
> that judgement....

Some subsystems do not have such clear demarcation at all.  Heck, some
subsystems don't even add a cc: stable to known major fixes.  And that's
ok, the goal of the stable kernel work is to NOT impose additional work
on developers or maintainers if they don't want to do that work.


greg k-h

Powered by blists - more mailing lists