tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

docs: handling-regressions: rework section about fixing procedures

This basically rewrites the 'Prioritize work on fixing regressions'
section of Documentation/process/handling-regressions.rst for various
reasons. Among them: some things were too demanding, some didn't align
well with the usual workflows, and some apparently were not clear enough
-- and of course a few things were missing that would be good to have in
there.

Linus for example recently stated that regressions introduced during the
past year should be handled similarly to regressions from the current
cycle, if it's a clear fix with no semantic subtlety. His exact
wording[1] didn't fit well into the text structure, but the author tried
to stick close to the apparent intention.

It was a noble goal from the original author to state "[prevent
situations that might force users to] continue running an outdated and
thus potentially insecure kernel version for more than two weeks after a
regression's culprit was identified"; this directly led to the goal "fix
regression in mainline within one week, if the issue made it into a
stable/longterm kernel", because the stable team needs time to pick up
and prepare a new release. But apparently all that was a bit too
demanding.

That "one week" target for example doesn't align well with the usual
habits of the subsystem maintainers, which normally send their fixes to
Linus once a week; and it doesn't align too well with stable/longterm
releases either, which often enter a -rc phase on Mondays or Tuesdays
and then are released two to three days later. And asking developers to
create, review, and mainline fixes within one week might be too much to
ask for in general. Hence tone the general goal down to three weeks and
use an approach that better aligns with the usual merging and release
habits.

While at it, also make the rules of thumb a bit easier to follow by
grouping them by topic (e.g. generic things, timing, procedures, ...).

Also add text for a few cases where recent discussions showed they need
covering. Among them are multiple points that better explain the
relations to stable and longterm kernels and the team that manages them;
they and the group seperators are the primary reason why this whole
section sadly grew somewhat in the rewrite.

The group about those relations led to one addition the author came up
with without any precedent from Linus: the text now tells developers to
add a stable tag for any regression that made it into a proper mainline
release during the past 12 months. This is meant to ensure the stable
team will definitely notice any fixes for recent regressions. That
includes those introduced shortly before a new mainline release and
found right after it; without such a rule the stable team might miss the
fix, which then would only reach users after weeks or months with later
releases.

Note, the aspect "Do not consider regressions from the current cycle as
something that can wait till the cycle's end [...]" might look like an
addition, but was kinda was in the old text as well -- but only
indirectly. That apparently was too subtle, as many developers seem to
assume waiting till the end of the cycle is fine (even for build
fixes).

In practice this was especially problematic when a cause of a regression
made it into a proper release (either directly or through a backport). A
revert performed by Linus shortly before the 6.3 release illustrated
that[2], as the developer of the culprit had been willing to revert the
culprit about three weeks earlier already -- but didn't do so when a fix
came into sight and a maintainer suggested it can wait. Due to that the
issue in the end plagued users of 6.2.y at least two weeks longer than
necessary, as the fix in the end didn't become ready in time. This issue
in fact could have been resolved one or two additional weeks earlier, if
the developer had reverted the culprit shortly after it had been
identified (which even the old version of the text suggest to do in such
cases).

[1] https://lore.kernel.org/all/CAHk-=wis_qQy4oDNynNKi5b7Qhosmxtoj1jxo5wmB6SRUwQUBQ@mail.gmail.com/

[2] https://lore.kernel.org/all/CAHk-=wgD98pmSK3ZyHk_d9kZ2bhgN6DuNZMAJaV0WTtbkf=RDw@mail.gmail.com/

CC: Linus Torvalds <torvalds@linux-foundation.org>
CC: Greg KH <gregkh@linuxfoundation.org>
CC: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/6971680941a5b7b9cb0c2839c75b5cc4ddb2d162.1684139586.git.linux@leemhuis.info
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

authored by

Thorsten Leemhuis and committed by
Jonathan Corbet eed892da a1d2c9b3

+110 -66
+110 -66
Documentation/process/handling-regressions.rst
··· 129 129 these tools is regzbot, which heavily relies on the "Link:" tags to associate 130 130 reports for regression with changes resolving them. 131 131 132 - Prioritize work on fixing regressions 133 - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 132 + Expectations and best practices for fixing regressions 133 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 134 134 135 - You should fix any reported regression as quickly as possible, to provide 136 - affected users with a solution in a timely manner and prevent more users from 137 - running into the issue; nevertheless developers need to take enough time and 138 - care to ensure regression fixes do not cause additional damage. 135 + As a Linux kernel developer, you are expected to give your best to prevent 136 + situations where a regression caused by a recent change of yours leaves users 137 + only these options: 139 138 140 - In the end though, developers should give their best to prevent users from 141 - running into situations where a regression leaves them only three options: "run 142 - a kernel with a regression that seriously impacts usage", "continue running an 143 - outdated and thus potentially insecure kernel version for more than two weeks 144 - after a regression's culprit was identified", and "downgrade to a still 145 - supported kernel series that lack required features". 139 + * Run a kernel with a regression that impacts usage. 146 140 147 - How to realize this depends a lot on the situation. Here are a few rules of 148 - thumb for you, in order or importance: 141 + * Switch to an older or newer kernel series. 149 142 150 - * Prioritize work on handling regression reports and fixing regression over all 151 - other Linux kernel work, unless the latter concerns acute security issues or 152 - bugs causing data loss or damage. 143 + * Continue running an outdated and thus potentially insecure kernel for more 144 + than three weeks after the regression's culprit was identified. Ideally it 145 + should be less than two. And it ought to be just a few days, if the issue is 146 + severe or affects many users -- either in general or in prevalent 147 + environments. 153 148 154 - * Always consider reverting the culprit commits and reapplying them later 155 - together with necessary fixes, as this might be the least dangerous and 156 - quickest way to fix a regression. 149 + How to realize that in practice depends on various factors. Use the following 150 + rules of thumb as a guide. 157 151 158 - * Developers should handle regressions in all supported kernel series, but are 159 - free to delegate the work to the stable team, if the issue probably at no 160 - point in time occurred with mainline. 152 + In general: 161 153 162 - * Try to resolve any regressions introduced in the current development before 163 - its end. If you fear a fix might be too risky to apply only days before a new 164 - mainline release, let Linus decide: submit the fix separately to him as soon 165 - as possible with the explanation of the situation. He then can make a call 166 - and postpone the release if necessary, for example if multiple such changes 167 - show up in his inbox. 154 + * Prioritize work on regressions over all other Linux kernel work, unless the 155 + latter concerns a severe issue (e.g. acute security vulnerability, data loss, 156 + bricked hardware, ...). 168 157 169 - * Address regressions in stable, longterm, or proper mainline releases with 170 - more urgency than regressions in mainline pre-releases. That changes after 171 - the release of the fifth pre-release, aka "-rc5": mainline then becomes as 172 - important, to ensure all the improvements and fixes are ideally tested 173 - together for at least one week before Linus releases a new mainline version. 158 + * Expedite fixing mainline regressions that recently made it into a proper 159 + mainline, stable, or longterm release (either directly or via backport). 174 160 175 - * Fix regressions within two or three days, if they are critical for some 176 - reason -- for example, if the issue is likely to affect many users of the 177 - kernel series in question on all or certain architectures. Note, this 178 - includes mainline, as issues like compile errors otherwise might prevent many 179 - testers or continuous integration systems from testing the series. 161 + * Do not consider regressions from the current cycle as something that can wait 162 + till the end of the cycle, as the issue might discourage or prevent users and 163 + CI systems from testing mainline now or generally. 180 164 181 - * Aim to fix regressions within one week after the culprit was identified, if 182 - the issue was introduced in either: 165 + * Work with the required care to avoid additional or bigger damage, even if 166 + resolving an issue then might take longer than outlined below. 183 167 184 - * a recent stable/longterm release 168 + On timing once the culprit of a regression is known: 185 169 186 - * the development cycle of the latest proper mainline release 170 + * Aim to mainline a fix within two or three days, if the issue is severe or 171 + bothering many users -- either in general or in prevalent conditions like a 172 + particular hardware environment, distribution, or stable/longterm series. 187 173 188 - In the latter case (say Linux v5.14), try to address regressions even 189 - quicker, if the stable series for the predecessor (v5.13) will be abandoned 190 - soon or already was stamped "End-of-Life" (EOL) -- this usually happens about 191 - three to four weeks after a new mainline release. 174 + * Aim to mainline a fix by Sunday after the next, if the culprit made it 175 + into a recent mainline, stable, or longterm release (either directly or via 176 + backport); if the culprit became known early during a week and is simple to 177 + resolve, try to mainline the fix within the same week. 192 178 193 - * Try to fix all other regressions within two weeks after the culprit was 194 - found. Two or three additional weeks are acceptable for performance 195 - regressions and other issues which are annoying, but don't prevent anyone 196 - from running Linux (unless it's an issue in the current development cycle, 197 - as those should ideally be addressed before the release). A few weeks in 198 - total are acceptable if a regression can only be fixed with a risky change 199 - and at the same time is affecting only a few users; as much time is 200 - also okay if the regression is already present in the second newest longterm 201 - kernel series. 179 + * For other regressions, aim to mainline fixes before the hindmost Sunday 180 + within the next three weeks. One or two Sundays later are acceptable, if the 181 + regression is something people can live with easily for a while -- like a 182 + mild performance regression. 202 183 203 - Note: The aforementioned time frames for resolving regressions are meant to 204 - include getting the fix tested, reviewed, and merged into mainline, ideally with 205 - the fix being in linux-next at least briefly. This leads to delays you need to 206 - account for. 184 + * It's strongly discouraged to delay mainlining regression fixes till the next 185 + merge window, except when the fix is extraordinarily risky or when the 186 + culprit was mainlined more than a year ago. 207 187 208 - Subsystem maintainers are expected to assist in reaching those periods by doing 209 - timely reviews and quick handling of accepted patches. They thus might have to 210 - send git-pull requests earlier or more often than usual; depending on the fix, 211 - it might even be acceptable to skip testing in linux-next. Especially fixes for 212 - regressions in stable and longterm kernels need to be handled quickly, as fixes 213 - need to be merged in mainline before they can be backported to older series. 188 + On procedure: 189 + 190 + * Always consider reverting the culprit, as it's often the quickest and least 191 + dangerous way to fix a regression. Don't worry about mainlining a fixed 192 + variant later: that should be straight-forward, as most of the code went 193 + through review once already. 194 + 195 + * Try to resolve any regressions introduced in mainline during the past 196 + twelve months before the current development cycle ends: Linus wants such 197 + regressions to be handled like those from the current cycle, unless fixing 198 + bears unusual risks. 199 + 200 + * Consider CCing Linus on discussions or patch review, if a regression seems 201 + tangly. Do the same in precarious or urgent cases -- especially if the 202 + subsystem maintainer might be unavailable. Also CC the stable team, when you 203 + know such a regression made it into a mainline, stable, or longterm release. 204 + 205 + * For urgent regressions, consider asking Linus to pick up the fix straight 206 + from the mailing list: he is totally fine with that for uncontroversial 207 + fixes. Ideally though such requests should happen in accordance with the 208 + subsystem maintainers or come directly from them. 209 + 210 + * In case you are unsure if a fix is worth the risk applying just days before 211 + a new mainline release, send Linus a mail with the usual lists and people in 212 + CC; in it, summarize the situation while asking him to consider picking up 213 + the fix straight from the list. He then himself can make the call and when 214 + needed even postpone the release. Such requests again should ideally happen 215 + in accordance with the subsystem maintainers or come directly from them. 216 + 217 + Regarding stable and longterm kernels: 218 + 219 + * You are free to leave regressions to the stable team, if they at no point in 220 + time occurred with mainline or were fixed there already. 221 + 222 + * If a regression made it into a proper mainline release during the past 223 + twelve months, ensure to tag the fix with "Cc: stable@vger.kernel.org", as a 224 + "Fixes:" tag alone does not guarantee a backport. Please add the same tag, 225 + in case you know the culprit was backported to stable or longterm kernels. 226 + 227 + * When receiving reports about regressions in recent stable or longterm kernel 228 + series, please evaluate at least briefly if the issue might happen in current 229 + mainline as well -- and if that seems likely, take hold of the report. If in 230 + doubt, ask the reporter to check mainline. 231 + 232 + * Whenever you want to swiftly resolve a regression that recently also made it 233 + into a proper mainline, stable, or longterm release, fix it quickly in 234 + mainline; when appropriate thus involve Linus to fast-track the fix (see 235 + above). That's because the stable team normally does neither revert nor fix 236 + any changes that cause the same problems in mainline. 237 + 238 + * In case of urgent regression fixes you might want to ensure prompt 239 + backporting by dropping the stable team a note once the fix was mainlined; 240 + this is especially advisable during merge windows and shortly thereafter, as 241 + the fix otherwise might land at the end of a huge patch queue. 242 + 243 + On patch flow: 244 + 245 + * Developers, when trying to reach the time periods mentioned above, remember 246 + to account for the time it takes to get fixes tested, reviewed, and merged by 247 + Linus, ideally with them being in linux-next at least briefly. Hence, if a 248 + fix is urgent, make it obvious to ensure others handle it appropriately. 249 + 250 + * Reviewers, you are kindly asked to assist developers in reaching the time 251 + periods mentioned above by reviewing regression fixes in a timely manner. 252 + 253 + * Subsystem maintainers, you likewise are encouraged to expedite the handling 254 + of regression fixes. Thus evaluate if skipping linux-next is an option for 255 + the particular fix. Also consider sending git pull requests more often than 256 + usual when needed. And try to avoid holding onto regression fixes over 257 + weekends -- especially when the fix is marked for backporting. 214 258 215 259 216 260 More aspects regarding regressions developers should be aware of