~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/process/researcher-guidelines.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/process/researcher-guidelines.rst (Version linux-6.12-rc7) and /Documentation/process/researcher-guidelines.rst (Version linux-6.11.7)


  1 .. SPDX-License-Identifier: GPL-2.0                 1 .. SPDX-License-Identifier: GPL-2.0
  2                                                     2 
  3 .. _researcher_guidelines:                          3 .. _researcher_guidelines:
  4                                                     4 
  5 Researcher Guidelines                               5 Researcher Guidelines
  6 +++++++++++++++++++++                               6 +++++++++++++++++++++
  7                                                     7 
  8 The Linux kernel community welcomes transparen      8 The Linux kernel community welcomes transparent research on the Linux
  9 kernel, the activities involved in producing i      9 kernel, the activities involved in producing it, and any other byproducts
 10 of its development. Linux benefits greatly fro     10 of its development. Linux benefits greatly from this kind of research, and
 11 most aspects of Linux are driven by research i     11 most aspects of Linux are driven by research in one form or another.
 12                                                    12 
 13 The community greatly appreciates if researche     13 The community greatly appreciates if researchers can share preliminary
 14 findings before making their results public, e     14 findings before making their results public, especially if such research
 15 involves security. Getting involved early help     15 involves security. Getting involved early helps both improve the quality
 16 of research and ability for Linux to improve f     16 of research and ability for Linux to improve from it. In any case,
 17 sharing open access copies of the published re     17 sharing open access copies of the published research with the community
 18 is recommended.                                    18 is recommended.
 19                                                    19 
 20 This document seeks to clarify what the Linux      20 This document seeks to clarify what the Linux kernel community considers
 21 acceptable and non-acceptable practices when c     21 acceptable and non-acceptable practices when conducting such research. At
 22 the very least, such research and related acti     22 the very least, such research and related activities should follow
 23 standard research ethics rules. For more backg     23 standard research ethics rules. For more background on research ethics
 24 generally, ethics in technology, and research      24 generally, ethics in technology, and research of developer communities
 25 in particular, see:                                25 in particular, see:
 26                                                    26 
 27 * `History of Research Ethics <https://www.unl     27 * `History of Research Ethics <https://www.unlv.edu/research/ORI-HSR/history-ethics>`_
 28 * `IEEE Ethics <https://www.ieee.org/about/eth     28 * `IEEE Ethics <https://www.ieee.org/about/ethics/index.html>`_
 29 * `Developer and Researcher Views on the Ethic     29 * `Developer and Researcher Views on the Ethics of Experiments on Open-Source Projects <https://arxiv.org/pdf/2112.13217.pdf>`_
 30                                                    30 
 31 The Linux kernel community expects that everyo     31 The Linux kernel community expects that everyone interacting with the
 32 project is participating in good faith to make     32 project is participating in good faith to make Linux better. Research on
 33 any publicly-available artifact (including, bu     33 any publicly-available artifact (including, but not limited to source
 34 code) produced by the Linux kernel community i     34 code) produced by the Linux kernel community is welcome, though research
 35 on developers must be distinctly opt-in.           35 on developers must be distinctly opt-in.
 36                                                    36 
 37 Passive research that is based entirely on pub     37 Passive research that is based entirely on publicly available sources,
 38 including posts to public mailing lists and co     38 including posts to public mailing lists and commits to public
 39 repositories, is clearly permissible. Though,      39 repositories, is clearly permissible. Though, as with any research,
 40 standard ethics must still be followed.            40 standard ethics must still be followed.
 41                                                    41 
 42 Active research on developer behavior, however     42 Active research on developer behavior, however, must be done with the
 43 explicit agreement of, and full disclosure to,     43 explicit agreement of, and full disclosure to, the individual developers
 44 involved. Developers cannot be interacted with     44 involved. Developers cannot be interacted with/experimented on without
 45 consent; this, too, is standard research ethic     45 consent; this, too, is standard research ethics.
 46                                                    46 
 47 Surveys                                            47 Surveys
 48 =======                                            48 =======
 49                                                    49 
 50 Research often takes the form of surveys sent      50 Research often takes the form of surveys sent to maintainers or
 51 contributors.  As a general rule, though, the      51 contributors.  As a general rule, though, the kernel community derives
 52 little value from these surveys.  The kernel d     52 little value from these surveys.  The kernel development process works
 53 because every developer benefits from their pa     53 because every developer benefits from their participation, even working
 54 with others who have different goals.  Respond     54 with others who have different goals.  Responding to a survey, though, is a
 55 one-way demand placed on busy developers with      55 one-way demand placed on busy developers with no corresponding benefit to
 56 themselves or to the kernel community as a who     56 themselves or to the kernel community as a whole.  For this reason, this
 57 method of research is discouraged.                 57 method of research is discouraged.
 58                                                    58 
 59 Kernel community members already receive far t     59 Kernel community members already receive far too much email and are likely
 60 to perceive survey requests as just another de     60 to perceive survey requests as just another demand on their time.  Sending
 61 such requests deprives the community of valuab     61 such requests deprives the community of valuable contributor time and is
 62 unlikely to yield a statistically useful respo     62 unlikely to yield a statistically useful response.
 63                                                    63 
 64 As an alternative, researchers should consider     64 As an alternative, researchers should consider attending developer events,
 65 hosting sessions where the research project an     65 hosting sessions where the research project and its benefits to the
 66 participants can be explained, and interacting     66 participants can be explained, and interacting directly with the community
 67 there.  The information received will be far r     67 there.  The information received will be far richer than that obtained from
 68 an email survey, and the community will gain f     68 an email survey, and the community will gain from the ability to learn from
 69 your insights as well.                             69 your insights as well.
 70                                                    70 
 71 Patches                                            71 Patches
 72 =======                                            72 =======
 73                                                    73 
 74 To help clarify: sending patches to developers     74 To help clarify: sending patches to developers *is* interacting
 75 with them, but they have already consented to      75 with them, but they have already consented to receiving *good faith
 76 contributions*. Sending intentionally flawed/v     76 contributions*. Sending intentionally flawed/vulnerable patches or
 77 contributing misleading information to discuss     77 contributing misleading information to discussions is not consented
 78 to. Such communication can be damaging to the      78 to. Such communication can be damaging to the developer (e.g. draining
 79 time, effort, and morale) and damaging to the      79 time, effort, and morale) and damaging to the project by eroding
 80 the entire developer community's trust in the      80 the entire developer community's trust in the contributor (and the
 81 contributor's organization as a whole), underm     81 contributor's organization as a whole), undermining efforts to provide
 82 constructive feedback to contributors, and put     82 constructive feedback to contributors, and putting end users at risk of
 83 software flaws.                                    83 software flaws.
 84                                                    84 
 85 Participation in the development of Linux itse     85 Participation in the development of Linux itself by researchers, as
 86 with anyone, is welcomed and encouraged. Resea     86 with anyone, is welcomed and encouraged. Research into Linux code is
 87 a common practice, especially when it comes to     87 a common practice, especially when it comes to developing or running
 88 analysis tools that produce actionable results     88 analysis tools that produce actionable results.
 89                                                    89 
 90 When engaging with the developer community, se     90 When engaging with the developer community, sending a patch has
 91 traditionally been the best way to make an imp     91 traditionally been the best way to make an impact. Linux already has
 92 plenty of known bugs -- what's much more helpf     92 plenty of known bugs -- what's much more helpful is having vetted fixes.
 93 Before contributing, carefully read the approp     93 Before contributing, carefully read the appropriate documentation:
 94                                                    94 
 95 * Documentation/process/development-process.rs     95 * Documentation/process/development-process.rst
 96 * Documentation/process/submitting-patches.rst     96 * Documentation/process/submitting-patches.rst
 97 * Documentation/admin-guide/reporting-issues.r     97 * Documentation/admin-guide/reporting-issues.rst
 98 * Documentation/process/security-bugs.rst          98 * Documentation/process/security-bugs.rst
 99                                                    99 
100 Then send a patch (including a commit log with    100 Then send a patch (including a commit log with all the details listed
101 below) and follow up on any feedback from othe    101 below) and follow up on any feedback from other developers.
102                                                   102 
103 When sending patches produced from research, t    103 When sending patches produced from research, the commit logs should
104 contain at least the following details, so tha    104 contain at least the following details, so that developers have
105 appropriate context for understanding the cont    105 appropriate context for understanding the contribution. Answer:
106                                                   106 
107 * What is the specific problem that has been f    107 * What is the specific problem that has been found?
108 * How could the problem be reached on a runnin    108 * How could the problem be reached on a running system?
109 * What effect would encountering the problem h    109 * What effect would encountering the problem have on the system?
110 * How was the problem found? Specifically incl    110 * How was the problem found? Specifically include details about any
111   testing, static or dynamic analysis programs    111   testing, static or dynamic analysis programs, and any other tools or
112   methods used to perform the work.               112   methods used to perform the work.
113 * Which version of Linux was the problem found    113 * Which version of Linux was the problem found on? Using the most recent
114   release or a recent linux-next branch is str    114   release or a recent linux-next branch is strongly preferred (see
115   Documentation/process/howto.rst).               115   Documentation/process/howto.rst).
116 * What was changed to fix the problem, and why    116 * What was changed to fix the problem, and why it is believed to be correct?
117 * How was the change build tested and run-time    117 * How was the change build tested and run-time tested?
118 * What prior commit does this change fix? This    118 * What prior commit does this change fix? This should go in a "Fixes:"
119   tag as the documentation describes.             119   tag as the documentation describes.
120 * Who else has reviewed this patch? This shoul    120 * Who else has reviewed this patch? This should go in appropriate
121   "Reviewed-by:" tags; see below.                 121   "Reviewed-by:" tags; see below.
122                                                   122 
123 For example::                                     123 For example::
124                                                   124 
125   From: Author <author@email>                      125   From: Author <author@email>
126   Subject: [PATCH] drivers/foo_bar: Add missin    126   Subject: [PATCH] drivers/foo_bar: Add missing kfree()
127                                                   127 
128   The error path in foo_bar driver does not co    128   The error path in foo_bar driver does not correctly free the allocated
129   struct foo_bar_info. This can happen if the     129   struct foo_bar_info. This can happen if the attached foo_bar device
130   rejects the initialization packets sent duri    130   rejects the initialization packets sent during foo_bar_probe(). This
131   would result in a 64 byte slab memory leak o    131   would result in a 64 byte slab memory leak once per device attach,
132   wasting memory resources over time.             132   wasting memory resources over time.
133                                                   133 
134   This flaw was found using an experimental st    134   This flaw was found using an experimental static analysis tool we are
135   developing, LeakMagic[1], which reported the    135   developing, LeakMagic[1], which reported the following warning when
136   analyzing the v5.15 kernel release:             136   analyzing the v5.15 kernel release:
137                                                   137 
138    path/to/foo_bar.c:187: missing kfree() call    138    path/to/foo_bar.c:187: missing kfree() call?
139                                                   139 
140   Add the missing kfree() to the error path. N    140   Add the missing kfree() to the error path. No other references to
141   this memory exist outside the probe function    141   this memory exist outside the probe function, so this is the only
142   place it can be freed.                          142   place it can be freed.
143                                                   143 
144   x86_64 and arm64 defconfig builds with CONFI    144   x86_64 and arm64 defconfig builds with CONFIG_FOO_BAR=y using GCC
145   11.2 show no new warnings, and LeakMagic no     145   11.2 show no new warnings, and LeakMagic no longer warns about this
146   code path. As we don't have a FooBar device     146   code path. As we don't have a FooBar device to test with, no runtime
147   testing was able to be performed.               147   testing was able to be performed.
148                                                   148 
149   [1] https://url/to/leakmagic/details            149   [1] https://url/to/leakmagic/details
150                                                   150 
151   Reported-by: Researcher <researcher@email>       151   Reported-by: Researcher <researcher@email>
152   Fixes: aaaabbbbccccdddd ("Introduce support     152   Fixes: aaaabbbbccccdddd ("Introduce support for FooBar")
153   Signed-off-by: Author <author@email>             153   Signed-off-by: Author <author@email>
154   Reviewed-by: Reviewer <reviewer@email>           154   Reviewed-by: Reviewer <reviewer@email>
155                                                   155 
156 If you are a first time contributor it is reco    156 If you are a first time contributor it is recommended that the patch
157 itself be vetted by others privately before be    157 itself be vetted by others privately before being posted to public lists.
158 (This is required if you have been explicitly     158 (This is required if you have been explicitly told your patches need
159 more careful internal review.) These people ar    159 more careful internal review.) These people are expected to have their
160 "Reviewed-by" tag included in the resulting pa    160 "Reviewed-by" tag included in the resulting patch. Finding another
161 developer familiar with Linux contribution, es    161 developer familiar with Linux contribution, especially within your own
162 organization, and having them help with review    162 organization, and having them help with reviews before sending them to
163 the public mailing lists tends to significantl    163 the public mailing lists tends to significantly improve the quality of the
164 resulting patches, and there by reduces the bu    164 resulting patches, and there by reduces the burden on other developers.
165                                                   165 
166 If no one can be found to internally review pa    166 If no one can be found to internally review patches and you need
167 help finding such a person, or if you have any    167 help finding such a person, or if you have any other questions
168 related to this document and the developer com    168 related to this document and the developer community's expectations,
169 please reach out to the private Technical Advi    169 please reach out to the private Technical Advisory Board mailing list:
170 <tech-board@groups.linuxfoundation.org>.           170 <tech-board@groups.linuxfoundation.org>.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php