Kernel Self Protection Project/Patch Tracking

From Linux Kernel Security Subsystem
Jump to navigation Jump to search

Overview

The primary place where KSPP patches are tracked is through our patchwork instance. This helps collect Reviewed-by, Acked-by, Tested-by, etc, tags in a single place to see status.

Process

The overview list shows patches that need some kind of work to move through the tracking process:

  • Action Needed: Needs work from someone from the linux-hardening patchwork team.

The specific "state machine" we use follows this path:

  • New: No activity yet.
    • Move to "Under Review" (possibly with a delegate assigned to do the review).
    • Move to "Superseded" if a newer version of the same patch has been sent (the patchwork-bot usually does this automatically).
  • Under Review: Reviewers need to give feedback on the patch.
    • Move to "Changes Requested" if a new version of the patch is needed after review feedback.
    • Move to "Needs ACK" if another subsystem is expected to take the patch into their tree.
    • Move to "Handled Elsewhere" if a non-linux-hardening tree says they are applying the patch.
    • Move to "Queued" if a linux-hardening tree applies the patch.
    • Move to "Superseded" if a newer version of the same patch has been sent (the patchwork-bot usually does this automatically).
    • Move to "In Next" if the patch appears in linux-next (the patchwork-bot usually does this automatically).
    • In rare cases, a patch can be moved to "Rejected", but that is uncommon, as normally review feedback is expected to be acted on.
  • Queued: Going via a linux-hardening tree, but not yet in linux-next.
    • Move to "In Next" once a patch appears in linux-next (the patchwork-bot usually does this automatically).
  • Needs ACK: Going via another tree, but not yet reviewed by maintainer.
    • Move to "Handled Elsewhere" once other tree maintainer says they are applying the patch.
    • Move to "In Next" once a patch appears in linux-next (the patchwork-bot usually does this automatically).
  • Handled Elsewhere: Going via another tree, but not yet in linux-next.
    • Move to "In Next" once a patch appears in linux-next (the patchwork-bot usually does this automatically).
  • In Next: In linux-next, but not yet in Linus's tree.
    • Move to "Mainlined" once a patch appears in Linus's tree (the patchwork-bot usually does this automatically).
  • Mainlined: Done! In Linus's tree.