linux-xfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Amir Goldstein <amir73il@gmail.com>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: Dave Chinner <david@fromorbit.com>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Christoph Hellwig <hch@infradead.org>,
	"Darrick J . Wong" <darrick.wong@oracle.com>,
	Adam Manzanares <a.manzanares@samsung.com>,
	Tyler Hicks <code@tyhicks.com>,
	linux-xfs <linux-xfs@vger.kernel.org>,
	fstests <fstests@vger.kernel.org>
Subject: Re: [PATH 5.10 0/4] xfs stable candidate patches for 5.10.y (part 1)
Date: Thu, 2 Jun 2022 08:34:15 +0300	[thread overview]
Message-ID: <CAOQ4uxgeV++F53MV3pYR3SpLY357Fe=KvQVM1jFQ59jSSm4b+g@mail.gmail.com> (raw)
In-Reply-To: <Ypg4wS3G42NSWWdQ@mit.edu>

> > I was thinking later that there is another point of failure in the
> > backport process that is demonstrated in this incident -
> > An elephant in the room even -
> > We have no *standard* way to mark a patch as a bug fix,
> > so everyone is using their own scripts and regex magic.
> >
> > Fixes: is a standard that works, but it does not apply in many
> > cases, for example:
> >
> > 1. Zero day (some mark those as Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2"))
> > 2. Hard work to figure out the fix commit
> > 3. Discourage AUTOSEL
>
> For security fixes, just marking a bug as fixing a security bug, even
> if you try to obfuscate the Fixes tag, is often enough to tip off a
> potential attacker.   So I would consider:
>
>     Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2"))
>
> to Not Be A Solution for security related patches.  The real fix here

I miswrote. I meant fixes for bugs that existed since day 1.
The annotation above is adequate, but is also a bit ugly IMO.

>
>
> The hard work to figure out the fix commit is a real one, and this is
> an example of where the interests of upstream and people who want to
> do backports come into partial conflict.  The more we do code cleanup,
> refactoring, etc., to reduce technical debt --- something which is of
> great interest to upstream developers --- the harder it is to
> idetntify the fixes tag, and the harder it is to backport to bug and
> security fixes after the tech debt reduction commit has gone in.  So
> someone who only cares about backports into product kernels, to the
> exclusion of all else, would want to discourage tech debt reudction
> commits.  Except they know that won't fly, and they would be flamed to
> a crisp if they try.  :-)
>
> I suppose one workaround is if an upstream developer is too tired or
> too harried to figure out the correct value of a fixes tag, one cheesy
> way around it would be to use:
>
>     Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2"))
>

I am sure that we can be more expressive than that :)

I suggested:
  Fixes: ????

Not as a joke. It is more descriptive than the above which could really
mean "I know this bug existed since day 1"

> to basically mean, this fixes a bug, but I'm not sure where it is, and
> it's long enough ago that maybe it's better if we ask the backport
> folks to figure out the dependency if the patch doesn't apply cleanly
> as to whether or not they need to do the code archeology to figure out
> if it applies to an ancient kernel like 4.19 or 5.10, because again,
> the product backport folks are likely to outnumber the upstream
> developers, and the product backport folks are linked to revenue
> streams.
>
> So I would argue that maybe a more sustainable approach is to find a
> way for the product backport folks to work together to take load off
> of the upstream developers.  I'm sure there will be times when there
> are some easy things that upstream folks can do to make things better,
> but trying to move all or most of the burden onto the upstream
> developers is as much of an unfunded mandate as Syzbot is.  :-/
>

The funny thing is that my rant was about a cover letter written
by an upstream developer, so unless what you mean is that backport
teams should invest in review and make those comments during
review, then it's too late by the time the backport team got to do their job.

You raise the resources problem and I understand that, but
I am not looking for a solution that creates more work for upstream
maintainers. Quite the contrary.

I am simply looking for a standard way to express
"attention backport teams".

What I am looking for is a solution for this problem:

Developer/maintainer has information that can be very helpful to backport
teams.

The information is known at the time of the writing and it requires no extra
effort on their part, but is not mentioned in a standard way because there
is no standard way that does not incur extra work.

Some maintainers that I am working with are very diligent about requiring Fixes:
when applicable.

It may be because of $$$ as you say, but I have a more romantic interpretation.
I believe it is because they care about the code they are developing and they
understand that mainstream is not a product and has no real user.

Unless maintainers care about downstream products, real users will perceive
their code as bad quality - no matter whose responsibility it was to
backport the
fixes or point out to the relevant fixes.

Thanks,
Amir.

      reply	other threads:[~2022-06-02  5:34 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-25 11:17 [PATH 5.10 0/4] xfs stable candidate patches for 5.10.y (part 1) Amir Goldstein
2022-05-25 11:17 ` [PATH 5.10 1/4] xfs: detect overflows in bmbt records Amir Goldstein
2022-05-25 11:17 ` [PATH 5.10 2/4] xfs: show the proper user quota options Amir Goldstein
2022-05-25 11:17 ` [PATH 5.10 3/4] xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks Amir Goldstein
2022-05-25 11:17 ` [PATH 5.10 4/4] xfs: fix an ABBA deadlock in xfs_rename Amir Goldstein
2022-05-26 17:27 ` [PATH 5.10 0/4] xfs stable candidate patches for 5.10.y (part 1) Darrick J. Wong
2022-05-26 18:44   ` Luis Chamberlain
2022-05-26 18:59     ` Amir Goldstein
2022-05-27 13:10       ` Luis Chamberlain
2022-05-26 18:47   ` Amir Goldstein
2022-05-27  6:06 ` Christoph Hellwig
2022-05-27  7:01   ` Amir Goldstein
2022-05-27  9:08     ` Dave Chinner
2022-05-27 12:24       ` Amir Goldstein
2022-05-27 15:40         ` Luis Chamberlain
2022-05-27 17:19           ` Darrick J. Wong
2022-05-27 23:42           ` Dave Chinner
2022-05-28  5:00             ` Amir Goldstein
2022-06-01  4:31               ` Dave Chinner
2022-06-01  7:10                 ` Amir Goldstein
2022-06-02  4:12                   ` Theodore Ts'o
2022-06-02  5:34                     ` Amir Goldstein [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAOQ4uxgeV++F53MV3pYR3SpLY357Fe=KvQVM1jFQ59jSSm4b+g@mail.gmail.com' \
    --to=amir73il@gmail.com \
    --cc=a.manzanares@samsung.com \
    --cc=code@tyhicks.com \
    --cc=darrick.wong@oracle.com \
    --cc=david@fromorbit.com \
    --cc=fstests@vger.kernel.org \
    --cc=hch@infradead.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).