1.. _stable_kernel_rules:
2
3Everything you ever wanted to know about Linux -stable releases
4===============================================================
5
6Rules on what kind of patches are accepted, and which ones are not, into the
7"-stable" tree:
8
9 - It or an equivalent fix must already exist in Linus' tree (upstream).
10 - It must be obviously correct and tested.
11 - It cannot be bigger than 100 lines, with context.
12 - It must follow the
13   :ref:`Documentation/process/submitting-patches.rst <submittingpatches>`
14   rules.
15 - It must either fix a real bug that bothers people or just add a device ID.
16   To elaborate on the former:
17
18   - It fixes a problem like an oops, a hang, data corruption, a real security
19     issue, a hardware quirk, a build error (but not for things marked
20     CONFIG_BROKEN), or some "oh, that's not good" issue.
21   - Serious issues as reported by a user of a distribution kernel may also
22     be considered if they fix a notable performance or interactivity issue.
23     As these fixes are not as obvious and have a higher risk of a subtle
24     regression they should only be submitted by a distribution kernel
25     maintainer and include an addendum linking to a bugzilla entry if it
26     exists and additional information on the user-visible impact.
27   - No "This could be a problem..." type of things like a "theoretical race
28     condition", unless an explanation of how the bug can be exploited is also
29     provided.
30   - No "trivial" fixes without benefit for users (spelling changes, whitespace
31     cleanups, etc).
32
33
34Procedure for submitting patches to the -stable tree
35----------------------------------------------------
36
37.. note::
38
39   Security patches should not be handled (solely) by the -stable review
40   process but should follow the procedures in
41   :ref:`Documentation/process/security-bugs.rst <securitybugs>`.
42
43There are three options to submit a change to -stable trees:
44
45 1. Add a 'stable tag' to the description of a patch you then submit for
46    mainline inclusion.
47 2. Ask the stable team to pick up a patch already mainlined.
48 3. Submit a patch to the stable team that is equivalent to a change already
49    mainlined.
50
51The sections below describe each of the options in more detail.
52
53:ref:`option_1` is **strongly** preferred, it is the easiest and most common.
54:ref:`option_2` is mainly meant for changes where backporting was not considered
55at the time of submission. :ref:`option_3` is an alternative to the two earlier
56options for cases where a mainlined patch needs adjustments to apply in older
57series (for example due to API changes).
58
59When using option 2 or 3 you can ask for your change to be included in specific
60stable series. When doing so, ensure the fix or an equivalent is applicable,
61submitted, or already present in all newer stable trees still supported. This is
62meant to prevent regressions that users might later encounter on updating, if
63e.g. a fix merged for 5.19-rc1 would be backported to 5.10.y, but not to 5.15.y.
64
65.. _option_1:
66
67Option 1
68********
69
70To have a patch you submit for mainline inclusion later automatically picked up
71for stable trees, add the tag
72
73.. code-block:: none
74
75     Cc: stable@vger.kernel.org
76
77in the sign-off area. Once the patch is mainlined it will be applied to the
78stable tree without anything else needing to be done by the author or
79subsystem maintainer.
80
81To sent additional instructions to the stable team, use a shell-style inline
82comment:
83
84 * To specify any additional patch prerequisites for cherry picking use the
85   following format in the sign-off area:
86
87   .. code-block:: none
88
89     Cc: <stable@vger.kernel.org> # 3.3.x: a1f84a3: sched: Check for idle
90     Cc: <stable@vger.kernel.org> # 3.3.x: 1b9508f: sched: Rate-limit newidle
91     Cc: <stable@vger.kernel.org> # 3.3.x: fd21073: sched: Fix affinity logic
92     Cc: <stable@vger.kernel.org> # 3.3.x
93     Signed-off-by: Ingo Molnar <mingo@elte.hu>
94
95   The tag sequence has the meaning of:
96
97   .. code-block:: none
98
99     git cherry-pick a1f84a3
100     git cherry-pick 1b9508f
101     git cherry-pick fd21073
102     git cherry-pick <this commit>
103
104   Note that for a patch series, you do not have to list as prerequisites the
105   patches present in the series itself. For example, if you have the following
106   patch series:
107
108   .. code-block:: none
109
110     patch1
111     patch2
112
113   where patch2 depends on patch1, you do not have to list patch1 as
114   prerequisite of patch2 if you have already marked patch1 for stable
115   inclusion.
116
117 * For patches that may have kernel version prerequisites specify them using
118   the following format in the sign-off area:
119
120   .. code-block:: none
121
122     Cc: <stable@vger.kernel.org> # 3.3.x
123
124   The tag has the meaning of:
125
126   .. code-block:: none
127
128     git cherry-pick <this commit>
129
130   For each "-stable" tree starting with the specified version.
131
132   Note, such tagging is unnecessary if the stable team can derive the
133   appropriate versions from Fixes: tags.
134
135 * To delay pick up of patches, use the following format:
136
137   .. code-block:: none
138
139     Cc: <stable@vger.kernel.org> # after 4 weeks in mainline
140
141 * For any other requests, just add a note to the stable tag. This for example
142   can be used to point out known problems:
143
144   .. code-block:: none
145
146     Cc: <stable@vger.kernel.org> # see patch description, needs adjustments for <= 6.3
147
148.. _option_2:
149
150Option 2
151********
152
153If the patch already has been merged to mainline, send an email to
154stable@vger.kernel.org containing the subject of the patch, the commit ID,
155why you think it should be applied, and what kernel versions you wish it to
156be applied to.
157
158.. _option_3:
159
160Option 3
161********
162
163Send the patch, after verifying that it follows the above rules, to
164stable@vger.kernel.org and mention the kernel versions you wish it to be applied
165to. When doing so, you must note the upstream commit ID in the changelog of your
166submission with a separate line above the commit text, like this:
167
168.. code-block:: none
169
170    commit <sha1> upstream.
171
172or alternatively:
173
174.. code-block:: none
175
176    [ Upstream commit <sha1> ]
177
178If the submitted patch deviates from the original upstream patch (for example
179because it had to be adjusted for the older API), this must be very clearly
180documented and justified in the patch description.
181
182
183Following the submission
184------------------------
185
186The sender will receive an ACK when the patch has been accepted into the
187queue, or a NAK if the patch is rejected.  This response might take a few
188days, according to the schedules of the stable team members.
189
190If accepted, the patch will be added to the -stable queue, for review by other
191developers and by the relevant subsystem maintainer.
192
193
194Review cycle
195------------
196
197 - When the -stable maintainers decide for a review cycle, the patches will be
198   sent to the review committee, and the maintainer of the affected area of
199   the patch (unless the submitter is the maintainer of the area) and CC: to
200   the linux-kernel mailing list.
201 - The review committee has 48 hours in which to ACK or NAK the patch.
202 - If the patch is rejected by a member of the committee, or linux-kernel
203   members object to the patch, bringing up issues that the maintainers and
204   members did not realize, the patch will be dropped from the queue.
205 - The ACKed patches will be posted again as part of release candidate (-rc)
206   to be tested by developers and testers.
207 - Usually only one -rc release is made, however if there are any outstanding
208   issues, some patches may be modified or dropped or additional patches may
209   be queued. Additional -rc releases are then released and tested until no
210   issues are found.
211 - Responding to the -rc releases can be done on the mailing list by sending
212   a "Tested-by:" email with any testing information desired. The "Tested-by:"
213   tags will be collected and added to the release commit.
214 - At the end of the review cycle, the new -stable release will be released
215   containing all the queued and tested patches.
216 - Security patches will be accepted into the -stable tree directly from the
217   security kernel team, and not go through the normal review cycle.
218   Contact the kernel security team for more details on this procedure.
219
220
221Trees
222-----
223
224 - The queues of patches, for both completed versions and in progress
225   versions can be found at:
226
227	https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git
228
229 - The finalized and tagged releases of all stable kernels can be found
230   in separate branches per version at:
231
232	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
233
234 - The release candidate of all stable kernel versions can be found at:
235
236        https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/
237
238   .. warning::
239      The -stable-rc tree is a snapshot in time of the stable-queue tree and
240      will change frequently, hence will be rebased often. It should only be
241      used for testing purposes (e.g. to be consumed by CI systems).
242
243
244Review committee
245----------------
246
247 - This is made up of a number of kernel developers who have volunteered for
248   this task, and a few that haven't.
249