Startseite Erkunden Hilfe
Anmelden
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: 5c86c450e2
Branches Tags
android_kernel_...
/
Documentation
/
process
/
researcher-guidelines.rst

researcher-guidelines.rst 6.9 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. .. SPDX-License-Identifier: GPL-2.0
    2. 

  2. 

  3. .. _researcher_guidelines:
    4. 

  4. 

  5. Researcher Guidelines
    6. 

  6. +++++++++++++++++++++
    7. 

  7. 

  8. The Linux kernel community welcomes transparent research on the Linux
    9. 

  9. kernel, the activities involved in producing it, and any other byproducts
    10. 

  10. of its development. Linux benefits greatly from this kind of research, and
    11. 

  11. most aspects of Linux are driven by research in one form or another.
    12. 

  12. 

  13. The community greatly appreciates if researchers can share preliminary
    14. 

  14. findings before making their results public, especially if such research
    15. 

  15. involves security. Getting involved early helps both improve the quality
    16. 

  16. of research and ability for Linux to improve from it. In any case,
    17. 

  17. sharing open access copies of the published research with the community
    18. 

  18. is recommended.
    19. 

  19. 

  20. This document seeks to clarify what the Linux kernel community considers
    21. 

  21. acceptable and non-acceptable practices when conducting such research. At
    22. 

  22. the very least, such research and related activities should follow
    23. 

  23. standard research ethics rules. For more background on research ethics
    24. 

  24. generally, ethics in technology, and research of developer communities
    25. 

  25. in particular, see:
    26. 

  26. 

  27. * `History of Research Ethics <https://www.unlv.edu/research/ORI-HSR/history-ethics>`_
    28. 

  28. * `IEEE Ethics <https://www.ieee.org/about/ethics/index.html>`_
    29. 

  29. * `Developer and Researcher Views on the Ethics of Experiments on Open-Source Projects <https://arxiv.org/pdf/2112.13217.pdf>`_
    30. 

  30. 

  31. The Linux kernel community expects that everyone interacting with the
    32. 

  32. project is participating in good faith to make Linux better. Research on
    33. 

  33. any publicly-available artifact (including, but not limited to source
    34. 

  34. code) produced by the Linux kernel community is welcome, though research
    35. 

  35. on developers must be distinctly opt-in.
    36. 

  36. 

  37. Passive research that is based entirely on publicly available sources,
    38. 

  38. including posts to public mailing lists and commits to public
    39. 

  39. repositories, is clearly permissible. Though, as with any research,
    40. 

  40. standard ethics must still be followed.
    41. 

  41. 

  42. Active research on developer behavior, however, must be done with the
    43. 

  43. explicit agreement of, and full disclosure to, the individual developers
    44. 

  44. involved. Developers cannot be interacted with/experimented on without
    45. 

  45. consent; this, too, is standard research ethics.
    46. 

  46. 

  47. To help clarify: sending patches to developers *is* interacting
    48. 

  48. with them, but they have already consented to receiving *good faith
    49. 

  49. contributions*. Sending intentionally flawed/vulnerable patches or
    50. 

  50. contributing misleading information to discussions is not consented
    51. 

  51. to. Such communication can be damaging to the developer (e.g. draining
    52. 

  52. time, effort, and morale) and damaging to the project by eroding
    53. 

  53. the entire developer community's trust in the contributor (and the
    54. 

  54. contributor's organization as a whole), undermining efforts to provide
    55. 

  55. constructive feedback to contributors, and putting end users at risk of
    56. 

  56. software flaws.
    57. 

  57. 

  58. Participation in the development of Linux itself by researchers, as
    59. 

  59. with anyone, is welcomed and encouraged. Research into Linux code is
    60. 

  60. a common practice, especially when it comes to developing or running
    61. 

  61. analysis tools that produce actionable results.
    62. 

  62. 

  63. When engaging with the developer community, sending a patch has
    64. 

  64. traditionally been the best way to make an impact. Linux already has
    65. 

  65. plenty of known bugs -- what's much more helpful is having vetted fixes.
    66. 

  66. Before contributing, carefully read the appropriate documentation:
    67. 

  67. 

  68. * Documentation/process/development-process.rst
    69. 

  69. * Documentation/process/submitting-patches.rst
    70. 

  70. * Documentation/admin-guide/reporting-issues.rst
    71. 

  71. * Documentation/admin-guide/security-bugs.rst
    72. 

  72. 

  73. Then send a patch (including a commit log with all the details listed
    74. 

  74. below) and follow up on any feedback from other developers.
    75. 

  75. 

  76. When sending patches produced from research, the commit logs should
    77. 

  77. contain at least the following details, so that developers have
    78. 

  78. appropriate context for understanding the contribution. Answer:
    79. 

  79. 

  80. * What is the specific problem that has been found?
    81. 

  81. * How could the problem be reached on a running system?
    82. 

  82. * What effect would encountering the problem have on the system?
    83. 

  83. * How was the problem found? Specifically include details about any
    84. 

  84.   testing, static or dynamic analysis programs, and any other tools or
    85. 

  85.   methods used to perform the work.
    86. 

  86. * Which version of Linux was the problem found on? Using the most recent
    87. 

  87.   release or a recent linux-next branch is strongly preferred (see
    88. 

  88.   Documentation/process/howto.rst).
    89. 

  89. * What was changed to fix the problem, and why it is believed to be correct?
    90. 

  90. * How was the change build tested and run-time tested?
    91. 

  91. * What prior commit does this change fix? This should go in a "Fixes:"
    92. 

  92.   tag as the documentation describes.
    93. 

  93. * Who else has reviewed this patch? This should go in appropriate
    94. 

  94.   "Reviewed-by:" tags; see below.
    95. 

  95. 

  96. For example::
    97. 

  97. 

  98.   From: Author <author@email>
    99. 

  99.   Subject: [PATCH] drivers/foo_bar: Add missing kfree()
    100. 

  100. 

  101.   The error path in foo_bar driver does not correctly free the allocated
    102. 

  102.   struct foo_bar_info. This can happen if the attached foo_bar device
    103. 

  103.   rejects the initialization packets sent during foo_bar_probe(). This
    104. 

  104.   would result in a 64 byte slab memory leak once per device attach,
    105. 

  105.   wasting memory resources over time.
    106. 

  106. 

  107.   This flaw was found using an experimental static analysis tool we are
    108. 

  108.   developing, LeakMagic[1], which reported the following warning when
    109. 

  109.   analyzing the v5.15 kernel release:
    110. 

  110. 

  111.    path/to/foo_bar.c:187: missing kfree() call?
    112. 

  112. 

  113.   Add the missing kfree() to the error path. No other references to
    114. 

  114.   this memory exist outside the probe function, so this is the only
    115. 

  115.   place it can be freed.
    116. 

  116. 

  117.   x86_64 and arm64 defconfig builds with CONFIG_FOO_BAR=y using GCC
    118. 

  118.   11.2 show no new warnings, and LeakMagic no longer warns about this
    119. 

  119.   code path. As we don't have a FooBar device to test with, no runtime
    120. 

  120.   testing was able to be performed.
    121. 

  121. 

  122.   [1] https://url/to/leakmagic/details
    123. 

  123. 

  124.   Reported-by: Researcher <researcher@email>
    125. 

  125.   Fixes: aaaabbbbccccdddd ("Introduce support for FooBar")
    126. 

  126.   Signed-off-by: Author <author@email>
    127. 

  127.   Reviewed-by: Reviewer <reviewer@email>
    128. 

  128. 

  129. If you are a first time contributor it is recommended that the patch
    130. 

  130. itself be vetted by others privately before being posted to public lists.
    131. 

  131. (This is required if you have been explicitly told your patches need
    132. 

  132. more careful internal review.) These people are expected to have their
    133. 

  133. "Reviewed-by" tag included in the resulting patch. Finding another
    134. 

  134. developer familiar with Linux contribution, especially within your own
    135. 

  135. organization, and having them help with reviews before sending them to
    136. 

  136. the public mailing lists tends to significantly improve the quality of the
    137. 

  137. resulting patches, and there by reduces the burden on other developers.
    138. 

  138. 

  139. If no one can be found to internally review patches and you need
    140. 

  140. help finding such a person, or if you have any other questions
    141. 

  141. related to this document and the developer community's expectations,
    142. 

  142. please reach out to the private Technical Advisory Board mailing list:
    143. 

  143. <[email protected]>.
    144.