Hi All,
As a sort of 'prototype`' email for reporting back on one of the potential sources for 4.9 kernel fixes, I went trolling into the gentoo repo. (gentoo-sources to be exact, I didn't look at hardened tho I will)
For 4.9 it's a pretty short list of potential fixes. Being more verbose about this just because well first post as well get started, here's what I've whittled the list down to and recommendations for the two patches.
Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-e... Desc: Enable link security restrictions by default. Recommendation : Interesting but I have hard accepting this as a 'fix' as compared to a feature change.
Patch: 2900_dev-root-proc-mount-fix.patch From: https://bugs.gentoo.org/show_bug.cgi?id=438380 Desc: Ensure that /dev/root doesn't appear in /proc/mounts when bootint without an initramfs. Discussion: https://patchwork.kernel.org/patch/2076031/ (unresolved) Recommendation: no action
On Mon, Feb 13, 2017 at 03:42:42PM -0600, Tom Gall wrote:
Hi All,
As a sort of 'prototype`' email for reporting back on one of the potential sources for 4.9 kernel fixes, I went trolling into the gentoo repo. (gentoo-sources to be exact, I didn't look at hardened tho I will)
For 4.9 it's a pretty short list of potential fixes. Being more verbose about this just because well first post as well get started, here's what I've whittled the list down to and recommendations for the two patches.
Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-e... Desc: Enable link security restrictions by default. Recommendation : Interesting but I have hard accepting this as a 'fix' as compared to a feature change.
Patch: 2900_dev-root-proc-mount-fix.patch From: https://bugs.gentoo.org/show_bug.cgi?id=438380 Desc: Ensure that /dev/root doesn't appear in /proc/mounts when bootint without an initramfs. Discussion: https://patchwork.kernel.org/patch/2076031/ (unresolved) Recommendation: no action
Wait, you do know the rules for the stable kernel trees, right? Please go read Documentation/stable_kernel_rules.txt.
In other words, I can't do anything with patches that are not already in Linus's tree, that's just not how the development process works. The things you list above are all crazy things that are not accepted into mainline, for good reasons.
Also, I wouldn't worry about Gentoo, they usually don't have many, if any, bugfixes in their kernels, as I think you found out already :)
Now if someone could dig in the ubuntu or fedora or openSUSE kernels, that would be useful...
thanks,
greg k-h
Thanks for the RTFineM, definitely appreciated and in my case needed.
Yeah I didn't expect to find anything in the gentoo tree truth be told, figured it'd just be a good very small get my feet wet exercise. In the small pile there was all of one patch that fits the criteria, but you already have it.
Anyway, thanks! Tom
On Mon, Feb 13, 2017 at 4:31 PM, Greg KH gregkh@google.com wrote:
On Mon, Feb 13, 2017 at 03:42:42PM -0600, Tom Gall wrote:
Hi All,
As a sort of 'prototype`' email for reporting back on one of the potential sources for 4.9 kernel fixes, I went trolling into the gentoo repo. (gentoo-sources to be exact, I didn't look at hardened tho I will)
For 4.9 it's a pretty short list of potential fixes. Being more verbose about this just because well first post as well get started, here's what I've whittled the list down to and recommendations for the two patches.
Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-e... Desc: Enable link security restrictions by default. Recommendation : Interesting but I have hard accepting this as a 'fix' as compared to a feature change.
Patch: 2900_dev-root-proc-mount-fix.patch From: https://bugs.gentoo.org/show_bug.cgi?id=438380 Desc: Ensure that /dev/root doesn't appear in /proc/mounts when bootint without an initramfs. Discussion: https://patchwork.kernel.org/patch/2076031/ (unresolved) Recommendation: no action
Wait, you do know the rules for the stable kernel trees, right? Please go read Documentation/stable_kernel_rules.txt.
In other words, I can't do anything with patches that are not already in Linus's tree, that's just not how the development process works. The things you list above are all crazy things that are not accepted into mainline, for good reasons.
Also, I wouldn't worry about Gentoo, they usually don't have many, if any, bugfixes in their kernels, as I think you found out already :)
Now if someone could dig in the ubuntu or fedora or openSUSE kernels, that would be useful...
thanks,
greg k-h
Hi Greg,
On 14 February 2017 at 04:01, Greg KH gregkh@google.com wrote:
On Mon, Feb 13, 2017 at 03:42:42PM -0600, Tom Gall wrote:
Hi All,
As a sort of 'prototype`' email for reporting back on one of the potential sources for 4.9 kernel fixes, I went trolling into the gentoo repo. (gentoo-sources to be exact, I didn't look at hardened tho I will)
For 4.9 it's a pretty short list of potential fixes. Being more verbose about this just because well first post as well get started, here's what I've whittled the list down to and recommendations for the two patches.
Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/
debian/patches/debian/fs-enable-link-security- restrictions-by-default.patch/
Desc: Enable link security restrictions by default. Recommendation : Interesting but I have hard accepting this as a 'fix' as compared to a feature change.
Patch: 2900_dev-root-proc-mount-fix.patch From: https://bugs.gentoo.org/show_bug.cgi?id=438380 Desc: Ensure that /dev/root doesn't appear in /proc/mounts when bootint without an initramfs. Discussion: https://patchwork.kernel.org/patch/2076031/ (unresolved) Recommendation: no action
Wait, you do know the rules for the stable kernel trees, right? Please go read Documentation/stable_kernel_rules.txt.
In other words, I can't do anything with patches that are not already in Linus's tree, that's just not how the development process works. The things you list above are all crazy things that are not accepted into mainline, for good reasons.
Also, I wouldn't worry about Gentoo, they usually don't have many, if any, bugfixes in their kernels, as I think you found out already :)
Now if someone could dig in the ubuntu or fedora or openSUSE kernels, that would be useful...
So Arnd and I discussed this yesterday - he is going to dig at openSUSE,
while I'll be hunting fedora to start with. Based on how many such changes, we will add a couple more distros (raspbian, lede-project seem interesting...). Also, one idea I got was to have engineers working with our members CC this list on kernel backports that they push to their kernels - would you think that'd make any sense?
thanks,
greg k-h _______________________________________________ Lts-dev mailing list Lts-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/lts-dev
Best, ~Sumit.
On Tue, Feb 14, 2017 at 09:43:57AM +0530, Sumit Semwal wrote:
Now if someone could dig in the ubuntu or fedora or openSUSE kernels, that would be useful...So Arnd and I discussed this yesterday - he is going to dig at openSUSE, while I'll be hunting fedora to start with. Based on how many such changes, we will add a couple more distros (raspbian, lede-project seem interesting...).
Where are those two project's kernels at?
Also, one idea I got was to have engineers working with our members CC this list on kernel backports that they push to their kernels - would you think that'd make any sense?
Why not have them cc: stable@kernel.org? No need to have them send stuff to this odd one-off list. How about just looking at those kernels as well? That might be a good place to start.
thanks,
greg k-h
On 14 February 2017 at 10:48, Greg KH gregkh@google.com wrote:
On Tue, Feb 14, 2017 at 09:43:57AM +0530, Sumit Semwal wrote:
Now if someone could dig in the ubuntu or fedora or openSUSE kernels, that would be useful...So Arnd and I discussed this yesterday - he is going to dig at openSUSE,
while
I'll be hunting fedora to start with. Based on how many such changes, we
will
add a couple more distros (raspbian, lede-project seem interesting...).
Where are those two project's kernels at?
raspbian seems to be at: https://github.com/raspberrypi/linux, while lede-project has its entire source at: https://git.lede-project.org/source.git, and then deltas for linux kernel(s) per platform at target/linux. Generic patches applied on top of specific linux versions are in target/linux/generic/patches-XXX.
Also, one idea I got was to have engineers working with our members CC
this
list on kernel backports that they push to their kernels - would you
think
that'd make any sense?
Why not have them cc: stable@kernel.org? No need to have them send stuff to this odd one-off list. How about just looking at those kernels as well? That might be a good place to start.
Yes, of course cc: stable@kernel.org is a better idea.
I'll try and gather whatever member kernels we can lay our hands on. In my past experience though, some kernels might not be 'as open' atleast to begin with. Worth a try still.
thanks,
greg k-h
Best, ~Sumit.
-
Greg KH -
Sumit Semwal -
Tom Gall