lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171120131341.3ah2tkoqjbctoauc@phenom.ffwll.local>
Date:   Mon, 20 Nov 2017 14:13:42 +0100
From:   Daniel Vetter <daniel@...ll.ch>
To:     Emil Velikov <emil.l.velikov@...il.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        "intel-gfx@...ts.freedesktop.org" <intel-gfx@...ts.freedesktop.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        ML dri-devel <dri-devel@...ts.freedesktop.org>,
        alexander.levin@...izon.com,
        "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: Autoselect patches for stable (Was: Re: [PATCH AUTOSEL for 4.9
 36/56] drm/i915: Fix the level 0 max_wm hack on VLV/CHV)

On Mon, Nov 20, 2017 at 01:39:31PM +0100, Daniel Vetter wrote:
> On Mon, Nov 20, 2017 at 11:21:52AM +0000, Emil Velikov wrote:
> > Hi all,
> > 
> > Since I'm going slightly off-topic, I've tweaked the subject line and
> > trimmed some of the conversation.
> > I believe everyone in the CC list might be interested in the
> > following, yet feel free to adjust.
> > 
> > Above all, I'd kindly ask everyone to skim through and draw their conclusions.
> > If the ideas put forward have some value - great, if not - let my email rot.
> > 
> > On 17 November 2017 at 13:57, Greg KH <gregkh@...uxfoundation.org> wrote:
> > 
> > >>
> > >> I still have no idea how this autoselect picks up patches that do *not*
> > >> have cc: stable nor Fixes: from us. What information do you have that we
> > >> don't for making that call?
> > >
> > > I'll let Sasha describe how he's doing this, but in the end, does it
> > > really matter _how_ it is done, vs. the fact that it seems to at least
> > > one human reviewer that this is a patch that _should_ be included based
> > > on the changelog text and the code patch?
> > >
> > > By having this review process that Sasha is providing, he's saying
> > > "Here's a patch that I think might be good for stable, do you object?"
> > >
> > > If you do, great, no harm done, all is fine, the patch is dropped.  If
> > > you don't object, just ignore the email and the patch gets merged.
> > >
> > > If you don't want any of this to happen for your subsystem at all, then
> > > also fine, just let us know and we will ignore it entirely.
> > >
> > Let me start with saying that I'm handling the releases for Mesa 3D -
> > the project providing OpenGL, Vulkan and many other userspace graphics
> > drivers.
> > I've been doing that for 3 years now, which admittedly is quite a
> > short time relative to the kernel.
> > 
> > There is a procedure quite similar to the kernel, with a few
> > differences - see below for details.
> > We also autoselect patches, hence my interest in the heuristics
> > applied for nominating patches ;-)
> > 
> > That aside, here are some things I've learned from my experience.
> > Some of those may not be applicable - hope you'll find them useful:
> > 
> >  - Try to reference developers to existing documentation/procedure.
> > Was just reminded that even long standing developers can forget detail X or Y.
> > 
> >  - CC developers for the important stuff - aka do not CC on each accepted patch.
> > Accepted patches are merged in pre-release branch and a email with
> > accepted/deferred/rejected list is sent.
> > Patches that had conflicts merging, and ones that are rejected have
> > their author in the CC list.
> > Rejected patches have brief description + developers are contacted beforehand.
> > 
> >  - Autoselect patches are merged only with the approval from the
> > respective developers.
> > IMHO this engages developers into the process, without distracting
> > them too much.
> 
> Getting explicit confirmation for autoselected patches sounds like a very
> good idea to me. We intentionally limit the amount of patches we cc:
> stable, because we simply don't have the manpower around to support stable
> fully (i.e. with proper CI and everything). And less backported patches
> means fewer regressions, which is more important than fixing someone
> else's bug.
> 
> Of course our CI is open, so if someone is supremely bored and wants to
> backport more stuff for drm/i915, they could do that. But atm it doesn't
> happen, and then having to deal with the fallout is not really great (like
> I said, we don't really have anyone dedicated, and I much prefer we
> fix/improve upstream).
> 
> For the actual products we're shipping we have dedicated teams doing the
> backports. The upstream stable releases essentially have no value for us
> from a customer support pov (for drivers, I guess core stuff is an
> entirely different matter), there's not a single serious customer or
> bigger user using that. It only costs, by spamming us with mails and bug
> reports for stuff we didn't even nominate :-)
> 
> Just my 2 cents here, but I think this perpespective matches with other
> big drm drivers like amdgpu (I just discussed this exact topic of how
> upstream stable is useless with Alex).

Just to clarify, this includes non-(directly-)paying customers like community
distros: Either they track the quarterly releases (of both the kernel and
userspace) because they care about the latest gpu driver work. Or they
want LTS and stability uber alles, and in that case being aggressive with
backporting and increases the regression risk doesn't help either.
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ