[linux-block.git] / Documentation / process / researcher-guidelines.rst

.. SPDX-License-Identifier: GPL-2.0

.. _researcher_guidelines:

Researcher Guidelines
+++++++++++++++++++++

The Linux kernel community welcomes transparent research on the Linux
kernel, the activities involved in producing it, and any other byproducts
of its development. Linux benefits greatly from this kind of research, and
most aspects of Linux are driven by research in one form or another.

The community greatly appreciates if researchers can share preliminary
findings before making their results public, especially if such research
involves security. Getting involved early helps both improve the quality
of research and ability for Linux to improve from it. In any case,
sharing open access copies of the published research with the community
is recommended.

This document seeks to clarify what the Linux kernel community considers
acceptable and non-acceptable practices when conducting such research. At
the very least, such research and related activities should follow
standard research ethics rules. For more background on research ethics
generally, ethics in technology, and research of developer communities
in particular, see:

* `History of Research Ethics <https://www.unlv.edu/research/ORI-HSR/history-ethics>`_
* `IEEE Ethics <https://www.ieee.org/about/ethics/index.html>`_
* `Developer and Researcher Views on the Ethics of Experiments on Open-Source Projects <https://arxiv.org/pdf/2112.13217.pdf>`_

The Linux kernel community expects that everyone interacting with the
project is participating in good faith to make Linux better. Research on
any publicly-available artifact (including, but not limited to source
code) produced by the Linux kernel community is welcome, though research
on developers must be distinctly opt-in.

Passive research that is based entirely on publicly available sources,
including posts to public mailing lists and commits to public
repositories, is clearly permissible. Though, as with any research,
standard ethics must still be followed.

Active research on developer behavior, however, must be done with the
explicit agreement of, and full disclosure to, the individual developers
involved. Developers cannot be interacted with/experimented on without
consent; this, too, is standard research ethics.

To help clarify: sending patches to developers *is* interacting
with them, but they have already consented to receiving *good faith
contributions*. Sending intentionally flawed/vulnerable patches or
contributing misleading information to discussions is not consented
to. Such communication can be damaging to the developer (e.g. draining
time, effort, and morale) and damaging to the project by eroding
the entire developer community's trust in the contributor (and the
contributor's organization as a whole), undermining efforts to provide
constructive feedback to contributors, and putting end users at risk of
software flaws.

Participation in the development of Linux itself by researchers, as
with anyone, is welcomed and encouraged. Research into Linux code is
a common practice, especially when it comes to developing or running
analysis tools that produce actionable results.

When engaging with the developer community, sending a patch has
traditionally been the best way to make an impact. Linux already has
plenty of known bugs -- what's much more helpful is having vetted fixes.
Before contributing, carefully read the appropriate documentation:

* Documentation/process/development-process.rst
* Documentation/process/submitting-patches.rst
* Documentation/admin-guide/reporting-issues.rst
* Documentation/admin-guide/security-bugs.rst

Then send a patch (including a commit log with all the details listed
below) and follow up on any feedback from other developers.

When sending patches produced from research, the commit logs should
contain at least the following details, so that developers have
appropriate context for understanding the contribution. Answer:

* What is the specific problem that has been found?
* How could the problem be reached on a running system?
* What effect would encountering the problem have on the system?
* How was the problem found? Specifically include details about any
  testing, static or dynamic analysis programs, and any other tools or
  methods used to perform the work.
* Which version of Linux was the problem found on? Using the most recent
  release or a recent linux-next branch is strongly preferred (see
  Documentation/process/howto.rst).
* What was changed to fix the problem, and why it is believed to be correct?
* How was the change build tested and run-time tested?
* What prior commit does this change fix? This should go in a "Fixes:"
  tag as the documentation describes.
* Who else has reviewed this patch? This should go in appropriate
  "Reviewed-by:" tags; see below.

For example::

  From: Author <author@email>
  Subject: [PATCH] drivers/foo_bar: Add missing kfree()

  The error path in foo_bar driver does not correctly free the allocated
  struct foo_bar_info. This can happen if the attached foo_bar device
  rejects the initialization packets sent during foo_bar_probe(). This
  would result in a 64 byte slab memory leak once per device attach,
  wasting memory resources over time.

  This flaw was found using an experimental static analysis tool we are
  developing, LeakMagic[1], which reported the following warning when
  analyzing the v5.15 kernel release:

   path/to/foo_bar.c:187: missing kfree() call?

  Add the missing kfree() to the error path. No other references to
  this memory exist outside the probe function, so this is the only
  place it can be freed.

  x86_64 and arm64 defconfig builds with CONFIG_FOO_BAR=y using GCC
  11.2 show no new warnings, and LeakMagic no longer warns about this
  code path. As we don't have a FooBar device to test with, no runtime
  testing was able to be performed.

  [1] https://url/to/leakmagic/details

  Reported-by: Researcher <researcher@email>
  Fixes: aaaabbbbccccdddd ("Introduce support for FooBar")
  Signed-off-by: Author <author@email>
  Reviewed-by: Reviewer <reviewer@email>

If you are a first time contributor it is recommended that the patch
itself be vetted by others privately before being posted to public lists.
(This is required if you have been explicitly told your patches need
more careful internal review.) These people are expected to have their
"Reviewed-by" tag included in the resulting patch. Finding another
developer familiar with Linux contribution, especially within your own
organization, and having them help with reviews before sending them to
the public mailing lists tends to significantly improve the quality of the
resulting patches, and there by reduces the burden on other developers.

If no one can be found to internally review patches and you need
help finding such a person, or if you have any other questions
related to this document and the developer community's expectations,
please reach out to the private Technical Advisory Board mailing list:
<tech-board@lists.linux-foundation.org>.
Commit	Line	Data
f09f6f9b KC	1	.. SPDX-License-Identifier: GPL-2.0
	2
	3	.. _researcher_guidelines:
	4
	5	Researcher Guidelines
	6	+++++++++++++++++++++
	7
	8	The Linux kernel community welcomes transparent research on the Linux
	9	kernel, the activities involved in producing it, and any other byproducts
	10	of its development. Linux benefits greatly from this kind of research, and
	11	most aspects of Linux are driven by research in one form or another.
	12
	13	The community greatly appreciates if researchers can share preliminary
	14	findings before making their results public, especially if such research
	15	involves security. Getting involved early helps both improve the quality
	16	of research and ability for Linux to improve from it. In any case,
	17	sharing open access copies of the published research with the community
	18	is recommended.
	19
	20	This document seeks to clarify what the Linux kernel community considers
	21	acceptable and non-acceptable practices when conducting such research. At
	22	the very least, such research and related activities should follow
	23	standard research ethics rules. For more background on research ethics
	24	generally, ethics in technology, and research of developer communities
	25	in particular, see:
	26
	27	* `History of Research Ethics <https://www.unlv.edu/research/ORI-HSR/history-ethics>`_
	28	* `IEEE Ethics <https://www.ieee.org/about/ethics/index.html>`_
	29	* `Developer and Researcher Views on the Ethics of Experiments on Open-Source Projects <https://arxiv.org/pdf/2112.13217.pdf>`_
	30
	31	The Linux kernel community expects that everyone interacting with the
	32	project is participating in good faith to make Linux better. Research on
	33	any publicly-available artifact (including, but not limited to source
	34	code) produced by the Linux kernel community is welcome, though research
	35	on developers must be distinctly opt-in.
	36
	37	Passive research that is based entirely on publicly available sources,
	38	including posts to public mailing lists and commits to public
	39	repositories, is clearly permissible. Though, as with any research,
	40	standard ethics must still be followed.
	41
	42	Active research on developer behavior, however, must be done with the
	43	explicit agreement of, and full disclosure to, the individual developers
	44	involved. Developers cannot be interacted with/experimented on without
	45	consent; this, too, is standard research ethics.
	46
	47	To help clarify: sending patches to developers is interacting
	48	with them, but they have already consented to receiving *good faith
	49	contributions*. Sending intentionally flawed/vulnerable patches or
	50	contributing misleading information to discussions is not consented
	51	to. Such communication can be damaging to the developer (e.g. draining
	52	time, effort, and morale) and damaging to the project by eroding
	53	the entire developer community's trust in the contributor (and the
	54	contributor's organization as a whole), undermining efforts to provide
	55	constructive feedback to contributors, and putting end users at risk of
	56	software flaws.
	57
	58	Participation in the development of Linux itself by researchers, as
	59	with anyone, is welcomed and encouraged. Research into Linux code is
	60	a common practice, especially when it comes to developing or running
	61	analysis tools that produce actionable results.
	62
	63	When engaging with the developer community, sending a patch has
	64	traditionally been the best way to make an impact. Linux already has
65	plenty of known bugs -- what's much more helpful is having vetted fixes.
66	Before contributing, carefully read the appropriate documentation:
67
68	* Documentation/process/development-process.rst
69	* Documentation/process/submitting-patches.rst
70	* Documentation/admin-guide/reporting-issues.rst
71	* Documentation/admin-guide/security-bugs.rst
72
73	Then send a patch (including a commit log with all the details listed
74	below) and follow up on any feedback from other developers.
75
76	When sending patches produced from research, the commit logs should
77	contain at least the following details, so that developers have
78	appropriate context for understanding the contribution. Answer:
79
80	* What is the specific problem that has been found?
81	* How could the problem be reached on a running system?
82	* What effect would encountering the problem have on the system?
83	* How was the problem found? Specifically include details about any
84	testing, static or dynamic analysis programs, and any other tools or
85	methods used to perform the work.
86	* Which version of Linux was the problem found on? Using the most recent
87	release or a recent linux-next branch is strongly preferred (see
88	Documentation/process/howto.rst).
89	* What was changed to fix the problem, and why it is believed to be correct?
90	* How was the change build tested and run-time tested?
91	* What prior commit does this change fix? This should go in a "Fixes:"
92	tag as the documentation describes.
93	* Who else has reviewed this patch? This should go in appropriate
94	"Reviewed-by:" tags; see below.
95
96	For example::
97
98	From: Author <author@email>
99	Subject: [PATCH] drivers/foo_bar: Add missing kfree()
100
101	The error path in foo_bar driver does not correctly free the allocated
102	struct foo_bar_info. This can happen if the attached foo_bar device
103	rejects the initialization packets sent during foo_bar_probe(). This
104	would result in a 64 byte slab memory leak once per device attach,
105	wasting memory resources over time.
106
107	This flaw was found using an experimental static analysis tool we are
108	developing, LeakMagic[1], which reported the following warning when
109	analyzing the v5.15 kernel release:
110
111	path/to/foo_bar.c:187: missing kfree() call?
112
113	Add the missing kfree() to the error path. No other references to
114	this memory exist outside the probe function, so this is the only
115	place it can be freed.
116
117	x86_64 and arm64 defconfig builds with CONFIG_FOO_BAR=y using GCC
118	11.2 show no new warnings, and LeakMagic no longer warns about this
119	code path. As we don't have a FooBar device to test with, no runtime
120	testing was able to be performed.
121
122	[1] https://url/to/leakmagic/details
123
124	Reported-by: Researcher <researcher@email>
125	Fixes: aaaabbbbccccdddd ("Introduce support for FooBar")
126	Signed-off-by: Author <author@email>
127	Reviewed-by: Reviewer <reviewer@email>
128
129	If you are a first time contributor it is recommended that the patch
130	itself be vetted by others privately before being posted to public lists.
131	(This is required if you have been explicitly told your patches need
132	more careful internal review.) These people are expected to have their
133	"Reviewed-by" tag included in the resulting patch. Finding another
134	developer familiar with Linux contribution, especially within your own
135	organization, and having them help with reviews before sending them to
136	the public mailing lists tends to significantly improve the quality of the
137	resulting patches, and there by reduces the burden on other developers.
138
139	If no one can be found to internally review patches and you need
140	help finding such a person, or if you have any other questions
141	related to this document and the developer community's expectations,
142	please reach out to the private Technical Advisory Board mailing list:
143	<tech-board@lists.linux-foundation.org>.