1 .. SPDX-License-Identifier: (GPL-2.0+ OR CC-BY-4.0) 2 .. See the bottom of this file for additional redistribution information. 3 4 Handling regressions 5 ++++++++++++++++++++ 6 7 *We don't cause regressions* -- this document describes what this "first rule of 8 Linux kernel development" means in practice for developers. It complements 9 Documentation/admin-guide/reporting-regressions.rst, which covers the topic from a 10 user's point of view; if you never read that text, go and at least skim over it 11 before continuing here. 12 13 The important bits (aka "The TL;DR") 14 ==================================== 15 16 #. Ensure subscribers of the `regression mailing list <https://lore.kernel.org/regressions/>`_ 17 (regressions@lists.linux.dev) quickly become aware of any new regression 18 report: 19 20 * When receiving a mailed report that did not CC the list, bring it into the 21 loop by immediately sending at least a brief "Reply-all" with the list 22 CCed. 23 24 * Forward or bounce any reports submitted in bug trackers to the list. 25 26 #. Make the Linux kernel regression tracking bot "regzbot" track the issue (this 27 is optional, but recommended): 28 29 * For mailed reports, check if the reporter included a line like ``#regzbot 30 introduced: v5.13..v5.14-rc1``. If not, send a reply (with the regressions 31 list in CC) containing a paragraph like the following, which tells regzbot 32 when the issue started to happen:: 33 34 #regzbot ^introduced: 1f2e3d4c5b6a 35 36 * When forwarding reports from a bug tracker to the regressions list (see 37 above), include a paragraph like the following:: 38 39 #regzbot introduced: v5.13..v5.14-rc1 40 #regzbot from: Some N. Ice Human <some.human@example.com> 41 #regzbot monitor: http://some.bugtracker.example.com/ticket?id=123456789 42 43 #. When submitting fixes for regressions, add "Closes:" tags to the patch 44 description pointing to all places where the issue was reported, as 45 mandated by Documentation/process/submitting-patches.rst and 46 :ref:`Documentation/process/5.Posting.rst <development_posting>`. If you are 47 only fixing part of the issue that caused the regression, you may use 48 "Link:" tags instead. regzbot currently makes no distinction between the 49 two. 50 51 #. Try to fix regressions quickly once the culprit has been identified; fixes 52 for most regressions should be merged within two weeks, but some need to be 53 resolved within two or three days. 54 55 56 All the details on Linux kernel regressions relevant for developers 57 =================================================================== 58 59 60 The important basics in more detail 61 ----------------------------------- 62 63 64 What to do when receiving regression reports 65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 66 67 Ensure the Linux kernel's regression tracker and others subscribers of the 68 `regression mailing list <https://lore.kernel.org/regressions/>`_ 69 (regressions@lists.linux.dev) become aware of any newly reported regression: 70 71 * When you receive a report by mail that did not CC the list, immediately bring 72 it into the loop by sending at least a brief "Reply-all" with the list CCed; 73 try to ensure it gets CCed again in case you reply to a reply that omitted 74 the list. 75 76 * If a report submitted in a bug tracker hits your Inbox, forward or bounce it 77 to the list. Consider checking the list archives beforehand, if the reporter 78 already forwarded the report as instructed by 79 Documentation/admin-guide/reporting-issues.rst. 80 81 When doing either, consider making the Linux kernel regression tracking bot 82 "regzbot" immediately start tracking the issue: 83 84 * For mailed reports, check if the reporter included a "regzbot command" like 85 ``#regzbot introduced: 1f2e3d4c5b6a``. If not, send a reply (with the 86 regressions list in CC) with a paragraph like the following::: 87 88 #regzbot ^introduced: v5.13..v5.14-rc1 89 90 This tells regzbot the version range in which the issue started to happen; 91 you can specify a range using commit-ids as well or state a single commit-id 92 in case the reporter bisected the culprit. 93 94 Note the caret (^) before the "introduced": it tells regzbot to treat the 95 parent mail (the one you reply to) as the initial report for the regression 96 you want to see tracked; that's important, as regzbot will later look out 97 for patches with "Closes:" tags pointing to the report in the archives on 98 lore.kernel.org. 99 100 * When forwarding a regression reported to a bug tracker, include a paragraph 101 with these regzbot commands:: 102 103 #regzbot introduced: 1f2e3d4c5b6a 104 #regzbot from: Some N. Ice Human <some.human@example.com> 105 #regzbot monitor: http://some.bugtracker.example.com/ticket?id=123456789 106 107 Regzbot will then automatically associate patches with the report that 108 contain "Closes:" tags pointing to your mail or the mentioned ticket. 109 110 What's important when fixing regressions 111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 112 113 You don't need to do anything special when submitting fixes for regression, just 114 remember to do what Documentation/process/submitting-patches.rst, 115 :ref:`Documentation/process/5.Posting.rst <development_posting>`, and 116 Documentation/process/stable-kernel-rules.rst already explain in more detail: 117 118 * Point to all places where the issue was reported using "Closes:" tags:: 119 120 Closes: https://lore.kernel.org/r/30th.anniversary.repost@klaava.Helsinki.FI/ 121 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=1234567890 122 123 If you are only fixing part of the issue, you may use "Link:" instead as 124 described in the first document mentioned above. regzbot currently treats 125 both of these equivalently and considers the linked reports as resolved. 126 127 * Add a "Fixes:" tag to specify the commit causing the regression. 128 129 * If the culprit was merged in an earlier development cycle, explicitly mark 130 the fix for backporting using the ``Cc: stable@vger.kernel.org`` tag. 131 132 All this is expected from you and important when it comes to regression, as 133 these tags are of great value for everyone (you included) that might be looking 134 into the issue weeks, months, or years later. These tags are also crucial for 135 tools and scripts used by other kernel developers or Linux distributions; one of 136 these tools is regzbot, which heavily relies on the "Closes:" tags to associate 137 reports for regression with changes resolving them. 138 139 Expectations and best practices for fixing regressions 140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 141 142 As a Linux kernel developer, you are expected to give your best to prevent 143 situations where a regression caused by a recent change of yours leaves users 144 only these options: 145 146 * Run a kernel with a regression that impacts usage. 147 148 * Switch to an older or newer kernel series. 149 150 * Continue running an outdated and thus potentially insecure kernel for more 151 than three weeks after the regression's culprit was identified. Ideally it 152 should be less than two. And it ought to be just a few days, if the issue is 153 severe or affects many users -- either in general or in prevalent 154 environments. 155 156 How to realize that in practice depends on various factors. Use the following 157 rules of thumb as a guide. 158 159 In general: 160 161 * Prioritize work on regressions over all other Linux kernel work, unless the 162 latter concerns a severe issue (e.g. acute security vulnerability, data loss, 163 bricked hardware, ...). 164 165 * Expedite fixing mainline regressions that recently made it into a proper 166 mainline, stable, or longterm release (either directly or via backport). 167 168 * Do not consider regressions from the current cycle as something that can wait 169 till the end of the cycle, as the issue might discourage or prevent users and 170 CI systems from testing mainline now or generally. 171 172 * Work with the required care to avoid additional or bigger damage, even if 173 resolving an issue then might take longer than outlined below. 174 175 On timing once the culprit of a regression is known: 176 177 * Aim to mainline a fix within two or three days, if the issue is severe or 178 bothering many users -- either in general or in prevalent conditions like a 179 particular hardware environment, distribution, or stable/longterm series. 180 181 * Aim to mainline a fix by Sunday after the next, if the culprit made it 182 into a recent mainline, stable, or longterm release (either directly or via 183 backport); if the culprit became known early during a week and is simple to 184 resolve, try to mainline the fix within the same week. 185 186 * For other regressions, aim to mainline fixes before the hindmost Sunday 187 within the next three weeks. One or two Sundays later are acceptable, if the 188 regression is something people can live with easily for a while -- like a 189 mild performance regression. 190 191 * It's strongly discouraged to delay mainlining regression fixes till the next 192 merge window, except when the fix is extraordinarily risky or when the 193 culprit was mainlined more than a year ago. 194 195 On procedure: 196 197 * Always consider reverting the culprit, as it's often the quickest and least 198 dangerous way to fix a regression. Don't worry about mainlining a fixed 199 variant later: that should be straight-forward, as most of the code went 200 through review once already. 201 202 * Try to resolve any regressions introduced in mainline during the past 203 twelve months before the current development cycle ends: Linus wants such 204 regressions to be handled like those from the current cycle, unless fixing 205 bears unusual risks. 206 207 * Consider CCing Linus on discussions or patch review, if a regression seems 208 tangly. Do the same in precarious or urgent cases -- especially if the 209 subsystem maintainer might be unavailable. Also CC the stable team, when you 210 know such a regression made it into a mainline, stable, or longterm release. 211 212 * For urgent regressions, consider asking Linus to pick up the fix straight 213 from the mailing list: he is totally fine with that for uncontroversial 214 fixes. Ideally though such requests should happen in accordance with the 215 subsystem maintainers or come directly from them. 216 217 * In case you are unsure if a fix is worth the risk applying just days before 218 a new mainline release, send Linus a mail with the usual lists and people in 219 CC; in it, summarize the situation while asking him to consider picking up 220 the fix straight from the list. He then himself can make the call and when 221 needed even postpone the release. Such requests again should ideally happen 222 in accordance with the subsystem maintainers or come directly from them. 223 224 Regarding stable and longterm kernels: 225 226 * You are free to leave regressions to the stable team, if they at no point in 227 time occurred with mainline or were fixed there already. 228 229 * If a regression made it into a proper mainline release during the past 230 twelve months, ensure to tag the fix with "Cc: stable@vger.kernel.org", as a 231 "Fixes:" tag alone does not guarantee a backport. Please add the same tag, 232 in case you know the culprit was backported to stable or longterm kernels. 233 234 * When receiving reports about regressions in recent stable or longterm kernel 235 series, please evaluate at least briefly if the issue might happen in current 236 mainline as well -- and if that seems likely, take hold of the report. If in 237 doubt, ask the reporter to check mainline. 238 239 * Whenever you want to swiftly resolve a regression that recently also made it 240 into a proper mainline, stable, or longterm release, fix it quickly in 241 mainline; when appropriate thus involve Linus to fast-track the fix (see 242 above). That's because the stable team normally does neither revert nor fix 243 any changes that cause the same problems in mainline. 244 245 * In case of urgent regression fixes you might want to ensure prompt 246 backporting by dropping the stable team a note once the fix was mainlined; 247 this is especially advisable during merge windows and shortly thereafter, as 248 the fix otherwise might land at the end of a huge patch queue. 249 250 On patch flow: 251 252 * Developers, when trying to reach the time periods mentioned above, remember 253 to account for the time it takes to get fixes tested, reviewed, and merged by 254 Linus, ideally with them being in linux-next at least briefly. Hence, if a 255 fix is urgent, make it obvious to ensure others handle it appropriately. 256 257 * Reviewers, you are kindly asked to assist developers in reaching the time 258 periods mentioned above by reviewing regression fixes in a timely manner. 259 260 * Subsystem maintainers, you likewise are encouraged to expedite the handling 261 of regression fixes. Thus evaluate if skipping linux-next is an option for 262 the particular fix. Also consider sending git pull requests more often than 263 usual when needed. And try to avoid holding onto regression fixes over 264 weekends -- especially when the fix is marked for backporting. 265 266 267 More aspects regarding regressions developers should be aware of 268 ---------------------------------------------------------------- 269 270 271 How to deal with changes where a risk of regression is known 272 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 273 274 Evaluate how big the risk of regressions is, for example by performing a code 275 search in Linux distributions and Git forges. Also consider asking other 276 developers or projects likely to be affected to evaluate or even test the 277 proposed change; if problems surface, maybe some solution acceptable for all 278 can be found. 279 280 If the risk of regressions in the end seems to be relatively small, go ahead 281 with the change, but let all involved parties know about the risk. Hence, make 282 sure your patch description makes this aspect obvious. Once the change is 283 merged, tell the Linux kernel's regression tracker and the regressions mailing 284 list about the risk, so everyone has the change on the radar in case reports 285 trickle in. Depending on the risk, you also might want to ask the subsystem 286 maintainer to mention the issue in his mainline pull request. 287 288 What else is there to known about regressions? 289 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 290 291 Check out Documentation/admin-guide/reporting-regressions.rst, it covers a lot 292 of other aspects you want might want to be aware of: 293 294 * the purpose of the "no regressions" rule 295 296 * what issues actually qualify as regression 297 298 * who's in charge for finding the root cause of a regression 299 300 * how to handle tricky situations, e.g. when a regression is caused by a 301 security fix or when fixing a regression might cause another one 302 303 Whom to ask for advice when it comes to regressions 304 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 305 306 Send a mail to the regressions mailing list (regressions@lists.linux.dev) while 307 CCing the Linux kernel's regression tracker (regressions@leemhuis.info); if the 308 issue might better be dealt with in private, feel free to omit the list. 309 310 311 More about regression tracking and regzbot 312 ------------------------------------------ 313 314 315 Why the Linux kernel has a regression tracker, and why is regzbot used? 316 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 317 318 Rules like "no regressions" need someone to ensure they are followed, otherwise 319 they are broken either accidentally or on purpose. History has shown this to be 320 true for the Linux kernel as well. That's why Thorsten Leemhuis volunteered to 321 keep an eye on things as the Linux kernel's regression tracker, who's 322 occasionally helped by other people. Neither of them are paid to do this, 323 that's why regression tracking is done on a best effort basis. 324 325 Earlier attempts to manually track regressions have shown it's an exhausting and 326 frustrating work, which is why they were abandoned after a while. To prevent 327 this from happening again, Thorsten developed regzbot to facilitate the work, 328 with the long term goal to automate regression tracking as much as possible for 329 everyone involved. 330 331 How does regression tracking work with regzbot? 332 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 333 334 The bot watches for replies to reports of tracked regressions. Additionally, 335 it's looking out for posted or committed patches referencing such reports 336 with "Closes:" tags; replies to such patch postings are tracked as well. 337 Combined this data provides good insights into the current state of the fixing 338 process. 339 340 Regzbot tries to do its job with as little overhead as possible for both 341 reporters and developers. In fact, only reporters are burdened with an extra 342 duty: they need to tell regzbot about the regression report using the ``#regzbot 343 introduced`` command outlined above; if they don't do that, someone else can 344 take care of that using ``#regzbot ^introduced``. 345 346 For developers there normally is no extra work involved, they just need to make 347 sure to do something that was expected long before regzbot came to light: add 348 links to the patch description pointing to all reports about the issue fixed. 349 350 Do I have to use regzbot? 351 ~~~~~~~~~~~~~~~~~~~~~~~~~ 352 353 It's in the interest of everyone if you do, as kernel maintainers like Linus 354 Torvalds partly rely on regzbot's tracking in their work -- for example when 355 deciding to release a new version or extend the development phase. For this they 356 need to be aware of all unfixed regression; to do that, Linus is known to look 357 into the weekly reports sent by regzbot. 358 359 Do I have to tell regzbot about every regression I stumble upon? 360 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 361 362 Ideally yes: we are all humans and easily forget problems when something more 363 important unexpectedly comes up -- for example a bigger problem in the Linux 364 kernel or something in real life that's keeping us away from keyboards for a 365 while. Hence, it's best to tell regzbot about every regression, except when you 366 immediately write a fix and commit it to a tree regularly merged to the affected 367 kernel series. 368 369 How to see which regressions regzbot tracks currently? 370 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 371 372 Check `regzbot's web-interface <https://linux-regtracking.leemhuis.info/regzbot/>`_ 373 for the latest info; alternatively, `search for the latest regression report 374 <https://lore.kernel.org/lkml/?q=%22Linux+regressions+report%22+f%3Aregzbot>`_, 375 which regzbot normally sends out once a week on Sunday evening (UTC), which is a 376 few hours before Linus usually publishes new (pre-)releases. 377 378 What places is regzbot monitoring? 379 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 380 381 Regzbot is watching the most important Linux mailing lists as well as the git 382 repositories of linux-next, mainline, and stable/longterm. 383 384 What kind of issues are supposed to be tracked by regzbot? 385 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 386 387 The bot is meant to track regressions, hence please don't involve regzbot for 388 regular issues. But it's okay for the Linux kernel's regression tracker if you 389 use regzbot to track severe issues, like reports about hangs, corrupted data, 390 or internal errors (Panic, Oops, BUG(), warning, ...). 391 392 Can I add regressions found by CI systems to regzbot's tracking? 393 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 394 395 Feel free to do so, if the particular regression likely has impact on practical 396 use cases and thus might be noticed by users; hence, please don't involve 397 regzbot for theoretical regressions unlikely to show themselves in real world 398 usage. 399 400 How to interact with regzbot? 401 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 402 403 By using a 'regzbot command' in a direct or indirect reply to the mail with the 404 regression report. These commands need to be in their own paragraph (IOW: they 405 need to be separated from the rest of the mail using blank lines). 406 407 One such command is ``#regzbot introduced: <version or commit>``, which makes 408 regzbot consider your mail as a regressions report added to the tracking, as 409 already described above; ``#regzbot ^introduced: <version or commit>`` is another 410 such command, which makes regzbot consider the parent mail as a report for a 411 regression which it starts to track. 412 413 Once one of those two commands has been utilized, other regzbot commands can be 414 used in direct or indirect replies to the report. You can write them below one 415 of the `introduced` commands or in replies to the mail that used one of them 416 or itself is a reply to that mail: 417 418 * Set or update the title:: 419 420 #regzbot title: foo 421 422 * Monitor a discussion or bugzilla.kernel.org ticket where additions aspects of 423 the issue or a fix are discussed -- for example the posting of a patch fixing 424 the regression:: 425 426 #regzbot monitor: https://lore.kernel.org/all/30th.anniversary.repost@klaava.Helsinki.FI/ 427 428 Monitoring only works for lore.kernel.org and bugzilla.kernel.org; regzbot 429 will consider all messages in that thread or ticket as related to the fixing 430 process. 431 432 * Point to a place with further details of interest, like a mailing list post 433 or a ticket in a bug tracker that are slightly related, but about a different 434 topic:: 435 436 #regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=123456789 437 438 * Mark a regression as fixed by a commit that is heading upstream or already 439 landed:: 440 441 #regzbot fix: 1f2e3d4c5d 442 443 * Mark a regression as a duplicate of another one already tracked by regzbot:: 444 445 #regzbot dup-of: https://lore.kernel.org/all/30th.anniversary.repost@klaava.Helsinki.FI/ 446 447 * Mark a regression as invalid:: 448 449 #regzbot invalid: wasn't a regression, problem has always existed 450 451 Is there more to tell about regzbot and its commands? 452 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 453 454 More detailed and up-to-date information about the Linux 455 kernel's regression tracking bot can be found on its 456 `project page <https://gitlab.com/knurd42/regzbot>`_, which among others 457 contains a `getting started guide <https://gitlab.com/knurd42/regzbot/-/blob/main/docs/getting_started.md>`_ 458 and `reference documentation <https://gitlab.com/knurd42/regzbot/-/blob/main/docs/reference.md>`_ 459 which both cover more details than the above section. 460 461 Quotes from Linus about regression 462 ---------------------------------- 463 464 Find below a few real life examples of how Linus Torvalds expects regressions to 465 be handled: 466 467 * From `2017-10-26 (1/2) 468 <https://lore.kernel.org/lkml/CA+55aFwiiQYJ+YoLKCXjN_beDVfu38mg=Ggg5LFOcqHE8Qi7Zw@mail.gmail.com/">https://lore.kernel.org/lkml/CA+55aFwiiQYJ+YoLKCXjN_beDVfu38mg=Ggg5LFOcqHE8Qi7Zw@mail.gmail.com/>`_:: 469 470 If you break existing user space setups THAT IS A REGRESSION. 471 472 It's not ok to say "but we'll fix the user space setup". 473 474 Really. NOT OK. 475 476 [...] 477 478 The first rule is: 479 480 - we don't cause regressions 481 482 and the corollary is that when regressions *do* occur, we admit to 483 them and fix them, instead of blaming user space. 484 485 The fact that you have apparently been denying the regression now for 486 three weeks means that I will revert, and I will stop pulling apparmor 487 requests until the people involved understand how kernel development 488 is done. 489 490 * From `2017-10-26 (2/2) 491 <https://lore.kernel.org/lkml/CA+55aFxW7NMAMvYhkvz1UPbUTUJewRt6Yb51QAx5RtrWOwjebg@mail.gmail.com/">https://lore.kernel.org/lkml/CA+55aFxW7NMAMvYhkvz1UPbUTUJewRt6Yb51QAx5RtrWOwjebg@mail.gmail.com/>`_:: 492 493 People should basically always feel like they can update their kernel 494 and simply not have to worry about it. 495 496 I refuse to introduce "you can only update the kernel if you also 497 update that other program" kind of limitations. If the kernel used to 498 work for you, the rule is that it continues to work for you. 499 500 There have been exceptions, but they are few and far between, and they 501 generally have some major and fundamental reasons for having happened, 502 that were basically entirely unavoidable, and people _tried_hard_ to 503 avoid them. Maybe we can't practically support the hardware any more 504 after it is decades old and nobody uses it with modern kernels any 505 more. Maybe there's a serious security issue with how we did things, 506 and people actually depended on that fundamentally broken model. Maybe 507 there was some fundamental other breakage that just _had_ to have a 508 flag day for very core and fundamental reasons. 509 510 And notice that this is very much about *breaking* peoples environments. 511 512 Behavioral changes happen, and maybe we don't even support some 513 feature any more. There's a number of fields in /proc/<pid>/stat that 514 are printed out as zeroes, simply because they don't even *exist* in 515 the kernel any more, or because showing them was a mistake (typically 516 an information leak). But the numbers got replaced by zeroes, so that 517 the code that used to parse the fields still works. The user might not 518 see everything they used to see, and so behavior is clearly different, 519 but things still _work_, even if they might no longer show sensitive 520 (or no longer relevant) information. 521 522 But if something actually breaks, then the change must get fixed or 523 reverted. And it gets fixed in the *kernel*. Not by saying "well, fix 524 your user space then". It was a kernel change that exposed the 525 problem, it needs to be the kernel that corrects for it, because we 526 have a "upgrade in place" model. We don't have a "upgrade with new 527 user space". 528 529 And I seriously will refuse to take code from people who do not 530 understand and honor this very simple rule. 531 532 This rule is also not going to change. 533 534 And yes, I realize that the kernel is "special" in this respect. I'm 535 proud of it. 536 537 I have seen, and can point to, lots of projects that go "We need to 538 break that use case in order to make progress" or "you relied on 539 undocumented behavior, it sucks to be you" or "there's a better way to 540 do what you want to do, and you have to change to that new better 541 way", and I simply don't think that's acceptable outside of very early 542 alpha releases that have experimental users that know what they signed 543 up for. The kernel hasn't been in that situation for the last two 544 decades. 545 546 We do API breakage _inside_ the kernel all the time. We will fix 547 internal problems by saying "you now need to do XYZ", but then it's 548 about internal kernel API's, and the people who do that then also 549 obviously have to fix up all the in-kernel users of that API. Nobody 550 can say "I now broke the API you used, and now _you_ need to fix it 551 up". Whoever broke something gets to fix it too. 552 553 And we simply do not break user space. 554 555 * From `2020-05-21 556 <https://lore.kernel.org/all/CAHk-=wiVi7mSrsMP=fLXQrXK_UimybW=ziLOwSzFTtoXUacWVQ@mail.gmail.com/">https://lore.kernel.org/all/CAHk-=wiVi7mSrsMP=fLXQrXK_UimybW=ziLOwSzFTtoXUacWVQ@mail.gmail.com/>`_:: 557 558 The rules about regressions have never been about any kind of 559 documented behavior, or where the code lives. 560 561 The rules about regressions are always about "breaks user workflow". 562 563 Users are literally the _only_ thing that matters. 564 565 No amount of "you shouldn't have used this" or "that behavior was 566 undefined, it's your own fault your app broke" or "that used to work 567 simply because of a kernel bug" is at all relevant. 568 569 Now, reality is never entirely black-and-white. So we've had things 570 like "serious security issue" etc that just forces us to make changes 571 that may break user space. But even then the rule is that we don't 572 really have other options that would allow things to continue. 573 574 And obviously, if users take years to even notice that something 575 broke, or if we have sane ways to work around the breakage that 576 doesn't make for too much trouble for users (ie "ok, there are a 577 handful of users, and they can use a kernel command line to work 578 around it" kind of things) we've also been a bit less strict. 579 580 But no, "that was documented to be broken" (whether it's because the 581 code was in staging or because the man-page said something else) is 582 irrelevant. If staging code is so useful that people end up using it, 583 that means that it's basically regular kernel code with a flag saying 584 "please clean this up". 585 586 The other side of the coin is that people who talk about "API 587 stability" are entirely wrong. API's don't matter either. You can make 588 any changes to an API you like - as long as nobody notices. 589 590 Again, the regression rule is not about documentation, not about 591 API's, and not about the phase of the moon. 592 593 It's entirely about "we caused problems for user space that used to work". 594 595 * From `2017-11-05 596 <https://lore.kernel.org/all/CA+55aFzUvbGjD8nQ-+3oiMBx14c_6zOj2n7KLN3UsJ-qsd4Dcw@mail.gmail.com/">https://lore.kernel.org/all/CA+55aFzUvbGjD8nQ-+3oiMBx14c_6zOj2n7KLN3UsJ-qsd4Dcw@mail.gmail.com/>`_:: 597 598 And our regression rule has never been "behavior doesn't change". 599 That would mean that we could never make any changes at all. 600 601 For example, we do things like add new error handling etc all the 602 time, which we then sometimes even add tests for in our kselftest 603 directory. 604 605 So clearly behavior changes all the time and we don't consider that a 606 regression per se. 607 608 The rule for a regression for the kernel is that some real user 609 workflow breaks. Not some test. Not a "look, I used to be able to do 610 X, now I can't". 611 612 * From `2018-08-03 613 <https://lore.kernel.org/all/CA+55aFwWZX=CXmWDTkDGb36kf12XmTehmQjbiMPCqCRG2hi9kw@mail.gmail.com/">https://lore.kernel.org/all/CA+55aFwWZX=CXmWDTkDGb36kf12XmTehmQjbiMPCqCRG2hi9kw@mail.gmail.com/>`_:: 614 615 YOU ARE MISSING THE #1 KERNEL RULE. 616 617 We do not regress, and we do not regress exactly because your are 100% wrong. 618 619 And the reason you state for your opinion is in fact exactly *WHY* you 620 are wrong. 621 622 Your "good reasons" are pure and utter garbage. 623 624 The whole point of "we do not regress" is so that people can upgrade 625 the kernel and never have to worry about it. 626 627 > Kernel had a bug which has been fixed 628 629 That is *ENTIRELY* immaterial. 630 631 Guys, whether something was buggy or not DOES NOT MATTER. 632 633 Why? 634 635 Bugs happen. That's a fact of life. Arguing that "we had to break 636 something because we were fixing a bug" is completely insane. We fix 637 tens of bugs every single day, thinking that "fixing a bug" means that 638 we can break something is simply NOT TRUE. 639 640 So bugs simply aren't even relevant to the discussion. They happen, 641 they get found, they get fixed, and it has nothing to do with "we 642 break users". 643 644 Because the only thing that matters IS THE USER. 645 646 How hard is that to understand? 647 648 Anybody who uses "but it was buggy" as an argument is entirely missing 649 the point. As far as the USER was concerned, it wasn't buggy - it 650 worked for him/her. 651 652 Maybe it worked *because* the user had taken the bug into account, 653 maybe it worked because the user didn't notice - again, it doesn't 654 matter. It worked for the user. 655 656 Breaking a user workflow for a "bug" is absolutely the WORST reason 657 for breakage you can imagine. 658 659 It's basically saying "I took something that worked, and I broke it, 660 but now it's better". Do you not see how f*cking insane that statement 661 is? 662 663 And without users, your program is not a program, it's a pointless 664 piece of code that you might as well throw away. 665 666 Seriously. This is *why* the #1 rule for kernel development is "we 667 don't break users". Because "I fixed a bug" is absolutely NOT AN 668 ARGUMENT if that bug fix broke a user setup. You actually introduced a 669 MUCH BIGGER bug by "fixing" something that the user clearly didn't 670 even care about. 671 672 And dammit, we upgrade the kernel ALL THE TIME without upgrading any 673 other programs at all. It is absolutely required, because flag-days 674 and dependencies are horribly bad. 675 676 And it is also required simply because I as a kernel developer do not 677 upgrade random other tools that I don't even care about as I develop 678 the kernel, and I want any of my users to feel safe doing the same 679 time. 680 681 So no. Your rule is COMPLETELY wrong. If you cannot upgrade a kernel 682 without upgrading some other random binary, then we have a problem. 683 684 * From `2021-06-05 685 <https://lore.kernel.org/all/CAHk-=wiUVqHN76YUwhkjZzwTdjMMJf_zN4+u7vEJjmEGh3recw@mail.gmail.com/">https://lore.kernel.org/all/CAHk-=wiUVqHN76YUwhkjZzwTdjMMJf_zN4+u7vEJjmEGh3recw@mail.gmail.com/>`_:: 686 687 THERE ARE NO VALID ARGUMENTS FOR REGRESSIONS. 688 689 Honestly, security people need to understand that "not working" is not 690 a success case of security. It's a failure case. 691 692 Yes, "not working" may be secure. But security in that case is *pointless*. 693 694 * From `2011-05-06 (1/3) 695 <https://lore.kernel.org/all/BANLkTim9YvResB+PwRp7QTK-a5VNg2PvmQ@mail.gmail.com/">https://lore.kernel.org/all/BANLkTim9YvResB+PwRp7QTK-a5VNg2PvmQ@mail.gmail.com/>`_:: 696 697 Binary compatibility is more important. 698 699 And if binaries don't use the interface to parse the format (or just 700 parse it wrongly - see the fairly recent example of adding uuid's to 701 /proc/self/mountinfo), then it's a regression. 702 703 And regressions get reverted, unless there are security issues or 704 similar that makes us go "Oh Gods, we really have to break things". 705 706 I don't understand why this simple logic is so hard for some kernel 707 developers to understand. Reality matters. Your personal wishes matter 708 NOT AT ALL. 709 710 If you made an interface that can be used without parsing the 711 interface description, then we're stuck with the interface. Theory 712 simply doesn't matter. 713 714 You could help fix the tools, and try to avoid the compatibility 715 issues that way. There aren't that many of them. 716 717 From `2011-05-06 (2/3) 718 <https://lore.kernel.org/all/BANLkTi=KVXjKR82sqsz4gwjr+E0vtqCmvA@mail.gmail.com/">https://lore.kernel.org/all/BANLkTi=KVXjKR82sqsz4gwjr+E0vtqCmvA@mail.gmail.com/>`_:: 719 720 it's clearly NOT an internal tracepoint. By definition. It's being 721 used by powertop. 722 723 From `2011-05-06 (3/3) 724 <https://lore.kernel.org/all/BANLkTinazaXRdGovYL7rRVp+j6HbJ7pzhg@mail.gmail.com/">https://lore.kernel.org/all/BANLkTinazaXRdGovYL7rRVp+j6HbJ7pzhg@mail.gmail.com/>`_:: 725 726 We have programs that use that ABI and thus it's a regression if they break. 727 728 * From `2012-07-06 <https://lore.kernel.org/all/CA+55aFwnLJ+0sjx92EGREGTWOx84wwKaraSzpTNJwPVV8edw8g@mail.gmail.com/">https://lore.kernel.org/all/CA+55aFwnLJ+0sjx92EGREGTWOx84wwKaraSzpTNJwPVV8edw8g@mail.gmail.com/>`_:: 729 730 > Now this got me wondering if Debian _unstable_ actually qualifies as a 731 > standard distro userspace. 732 733 Oh, if the kernel breaks some standard user space, that counts. Tons 734 of people run Debian unstable 735 736 * From `2019-09-15 737 <https://lore.kernel.org/lkml/CAHk-=wiP4K8DRJWsCo=20hn_6054xBamGKF2kPgUzpB5aMaofA@mail.gmail.com/">https://lore.kernel.org/lkml/CAHk-=wiP4K8DRJWsCo=20hn_6054xBamGKF2kPgUzpB5aMaofA@mail.gmail.com/>`_:: 738 739 One _particularly_ last-minute revert is the top-most commit (ignoring 740 the version change itself) done just before the release, and while 741 it's very annoying, it's perhaps also instructive. 742 743 What's instructive about it is that I reverted a commit that wasn't 744 actually buggy. In fact, it was doing exactly what it set out to do, 745 and did it very well. In fact it did it _so_ well that the much 746 improved IO patterns it caused then ended up revealing a user-visible 747 regression due to a real bug in a completely unrelated area. 748 749 The actual details of that regression are not the reason I point that 750 revert out as instructive, though. It's more that it's an instructive 751 example of what counts as a regression, and what the whole "no 752 regressions" kernel rule means. The reverted commit didn't change any 753 API's, and it didn't introduce any new bugs. But it ended up exposing 754 another problem, and as such caused a kernel upgrade to fail for a 755 user. So it got reverted. 756 757 The point here being that we revert based on user-reported _behavior_, 758 not based on some "it changes the ABI" or "it caused a bug" concept. 759 The problem was really pre-existing, and it just didn't happen to 760 trigger before. The better IO patterns introduced by the change just 761 happened to expose an old bug, and people had grown to depend on the 762 previously benign behavior of that old issue. 763 764 And never fear, we'll re-introduce the fix that improved on the IO 765 patterns once we've decided just how to handle the fact that we had a 766 bad interaction with an interface that people had then just happened 767 to rely on incidental behavior for before. It's just that we'll have 768 to hash through how to do that (there are no less than three different 769 patches by three different developers being discussed, and there might 770 be more coming...). In the meantime, I reverted the thing that exposed 771 the problem to users for this release, even if I hope it will be 772 re-introduced (perhaps even backported as a stable patch) once we have 773 consensus about the issue it exposed. 774 775 Take-away from the whole thing: it's not about whether you change the 776 kernel-userspace ABI, or fix a bug, or about whether the old code 777 "should never have worked in the first place". It's about whether 778 something breaks existing users' workflow. 779 780 Anyway, that was my little aside on the whole regression thing. Since 781 it's that "first rule of kernel programming", I felt it is perhaps 782 worth just bringing it up every once in a while 783 784 .. 785 end-of-content 786 .. 787 This text is available under GPL-2.0+ or CC-BY-4.0, as stated at the top 788 of the file. If you want to distribute this text under CC-BY-4.0 only, 789 please use "The Linux kernel developers" for author attribution and link 790 this as source: 791 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/Documentation/process/handling-regressions.rst 792 .. 793 Note: Only the content of this RST file as found in the Linux kernel sources 794 is available under CC-BY-4.0, as versions of this text that were processed 795 (for example by the kernel's build system) might contain content taken from 796 files which use a more restrictive license.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.