Drive-By Contributors to the Linux Kernel

eldavojohn writes "There's an interesting post over at the Kernel Trap that focuses on a man's attempt to find out how many one-time contributors Linux averages per release. Although imperfect due to some obvious unavoidable flaws, he got a few dirty numbers of 'never seen from agains' in the commits from patches 2.6.11 through 2.6.25 and the numbers are: {63, 148, 128, 92, 96, 122, 137, 140, 135, 95, 136, 153, 179, 179, 304}. This makes sense as another reader, Greg KH, pointed out that the distribution curve is tilted towards one-hit contributions, 'the distribution of all of our users are: 50% only contributed 1 patch; 25% contributed 2; 12% contributed 3; 6% contributed 4 and so on ...'"

won't something think of the children?

[hostyle]

How long til we get Jack Thompson on the case? Drive-bys and other kernel related violence is just not on! ~

Re:

[Kamokazi]

He's busy getting disbarred, and hopefully imprisoned.

Re:won't something think of the children?

[bsDaemon]

That's why I use FreeBSD -- JAILS make it the law-and-order OS of choice :-p

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[sirmonkey]

+5 funny allready!
also someone needs to add a "butt to jokes" section on wikipedia and add this to jack's :-p hehe

Suggestions for evil?

[Henry V .009]

There doesn't seem to be a lot of room for a web of trust here. I wonder how hard it would be to inject some sort of extremely non-obvious race condition hidden in a large and useful patch that just so happens to let you execute arbitrary code?

If you were found out, you could just claim, plausibly, that you hadn't seen the possibility of the race. Or maybe just be a one-time contributor so there is no way to track you down if the hole is discovered.

Re:

[menace3society]

More importantly, if you covered your tracks properly, you wouldn't need an excuse at all. Set up a fake persona to submit it, and you can even have your real self speak out against this sort of behavior.

Re:Suggestions for evil?

[Henry V .009]

Well, I for one am willing to subvert the entire open source movement this way, but only for the United States government, and only for a great deal of money.

Representatives of the NSA: if you're reading this, you know who I am and how to get in touch with me. And probably what I'm doing at exactly this moment.

Re:Suggestions for evil?

[Anonymous Coward]

Representatives of the NSA: if you're reading this, you know who I am and how to get in touch with me. And probably what I'm doing at exactly this moment.

Yes, we do. And we've got a request: next time you post something that will prompt us to monitor the surveillance cameras in your home, could you please put on some pants first?

Re:

[Azghoul]

Kent!

Stop touching yourself!

Re:

[Rycross]

I'm pretty sure submitted code is reviewed, so you'd have to be pretty clever.

It has been tried before. [kerneltrap.org] In this case, someone attempted to use the common C programming mistake of using the assignment operator instead of the comparison operator to backdoor the kernel.

Not the way to do it

[mbessey]

That's not a very good example. Hacking a CVS repository and adding a relatively easy to detect root exploit isn't how you'd want to go about this. It's far too likely to get noticed.

As the parent poster mentioned, you'd ideally want to submit a fairly large patch that does something useful (fixes a bug, adds a minor feature), but whicvh itself contains an exploitable bug.

The trick would be in making the submission large enough and the bug subtle enough that it just skates past review. Of course, it'd be *m

Re:

[Rycross]

Kinda like the OpenSSH fix that went in and removed the entropy collection, thus severly weakening the security? Except done maliciously. Hmm, that would be interesting.

Yeah, that was what I had in mind

[mbessey]

I was even going to call out the Debian OPENSSL debacle as an example, but I figured they'd had enough grief over it already.

Re:

[Anonymous Coward]

Please don't confuse OpenSSH and OpenSSL. Especially the OpenSSL from Debian.

Re:

[Rycross]

My mistake. Too bad I can't edit the posts. I even Googled it before posting too.

Re:

[LingNoi]

It's a good idea but the problem is that you first have to come up with a useful patch which is then going to move its way up the branches before it hits Linus's kernel tree. By the time it gets there it's probably been reviewed quite a few times by different people.

Also patches get rejected all the time, even useful ones because they aren't up to standard.

Why put it in one patch?

[patio11]

The Internet is a wide open place. Software testing is inadequate. I'm sure there is no way you could possibly have known that when combined with that patch from the florist in Scotland, your code could possibly overwrite a few bytes of memory if called with an unlikely sequence of parameters. Whoops, I clobbered the userid? How silly of me.

Alternatively, accomplish the same thing via 2+ patches to 2+ projects which are likely to be used together. One patch against httpd + one patch against php = potential for a lot of mischief. Its not hard to fit a key to a lock when you're allowed to modify both the key and the lock to suit your tastes.

Re:

[ShawnX]

I'm apparently on the drive-by list, but I'm not evil. Userspace is more fun.

Re:

[RiotingPacifist]

Given the difficulty certain repeated contributors have getting code into the kernel, id guess that most of the one-timers are submitting small easily understood bug fixes. Sure its not like linux code is read as thoroughly as BSD but stuff doesn't just get stuck in there on trust either.

Re:

[Darkness404]

Hmm? I would say it would take less time and effort to find the malicious changes to the Linux kernel then it is for MS to fix all the (hopefully) non-malicious changes to Windows. Basically, the system isn't perfect, but it is Linux or Windows if you want an OS (yes, there are Macs but they are more expensive then most computers and the OS doesn't work on non-Macs without a bit of hacking) and it seems that Linux is much more secure then Windows can ever hope to be.

Re:

[Anonymous Coward]

it is Linux or Windows if you want an OS

You just really pissed off the whole freeBSD userbase. Both of them.

Well....

[Darkness404]

Well when you think about it, 1 patch just happens to be the number that most people will use. For example, a hardware business may put in one patch to get a device to work, a software company may put in one patch to make other things work, an individual may put in one patch to fix an obvious bug, etc. The kernel, though needed is not what the end-user generally uses, so for the most part it is in the background as a stable kernel should be, making it less of a chance someone would find many bugs to have to fix.

Re:Well....

[taniwha]

well, as an occasional patch submitter I think you're probably right - mine have all been itches I've needed to scratch (stuff that was broken that I needed) or bugs I found while wandering thru the code for other reasons - I don't do that often and as things have gotten more mature I'm just not finding problems I need fixing

Drive-by

[Rydia]

My own confusion as to the meaning of "drive by" in this context did make me wonder about ease of contribution.

What if there were a bifurcation or distribution of the bug-fixing/feature-adding problem? This may be really stupid, but I imagine a situation where testers go through finding things that are wrong or where they go wrong, then submit that bit of code.

On top of this, there is a system which grabs the trace and shows the bit of code where everything got derailed, and in other panes the stuff it called to, so anybody could look over the "offending" code, without having to be intimately familiar with the kernel or the library or whatever, since it is all laid out for them. Then, people can tinker with the code and submit them for (automatic, since you know what to look for) testing, maybe leave comments on the ticket to help others' or as a group try to figure it out.

I don't have time to wade through mountains of kernel code looking for bugs, but I would be more than willing to look over a (relatively) small bit of code in a collaborative fashion to see if I pick up on something others had missed.

Re:

[McGiraf]

That is a very good idea, you should submit it to the kernel maintainers. I would be interested in contributing bug fixes like this.

Really good idea

[Enderandrew]

I think this is a very good idea as well. Right now I wish I had mod points. The kernel is just massive code-wise, not to mention there are tons of legacy bits of code that can be reduced, or just removed, or rewritten but people don't have the time to hunt them all down.

Quite frankly, I'd love to see professors assign this sort of thing as homework to their students. Grab a piece of OSS, and squash a bug. Or give them a reasonable size chunk of code and have them review it.

Re:

[i.r.id10t]

I teach an "intro to linux admin" course at a local comm. college, and I offer an A for anyone who gets a kernel patch into the main tree and submitted it using their student email address. No takers yet, but I'm hoping one day...

I'm one!

[Kev Vance]

Nice to see my name in 2.6.25 :)

I submitted a workaround for a buggy USB device [kvance.com] a few months ago, which was my first patch after using linux for more than 10 years. Usually when I find a problem in the kernel it's either already been fixed in a later version, or it looks too complicated for me to risk wasting my time on. I would bet that a lot of my one-off colleagues have had the same experience.

Re:

[smittyoneeach]

I'm hoping to acquire the skillz.
While stuck in the Manchester, NH airport, I've just had my first bootable 2.6.26-rc4 compile.
With my Intel ICH7 drive, the ata_piix module apparently wasn't initializing things, and I had no /sys/block entries, and thus no /dev entries available after mdev to mount and boot.
Everything is easy when you know how to do it, but the make menuconfig options had change enough from my previous bootable 2.6.25.x image that I was hating life for a while.
Documentation? Stuff that

They probably gave up...

[Anonymous Coward]

... whenever I've tried to submit a patch, it's a nightmare of process. Make sure you have the latest build, use the right diff tool, package it the right way, submit it to the right place, get the attention of the right person. Even then, you have to convince whomever that your patch is actually needed (are you sure you have the latest code, I'm not convinced that this is a real bug), and that your code doesn't stink -- "not invented here" is a huge problem.

Re:

[Anonymous Coward]

I agree. The experience is pretty trying. It's worse if you're young and care too much about what people think of you, because you're trying to look really professional throughout the whole process. (My experience was with Git, not the kernel--but it's the same process.)

They prob. had good reasons to refuse your patches

[this great guy]

These stringent development procedures are precisely what make the Linux kernel that robust. It's not the code, it's the coding procedures. Your patches should be documented, easy to review, QA, and apply. I wouldn't accept patches from a sloppy developer who wouldn't be bothered following the appropriate procedures.

Re:

[quanticle]

Maybe not straight into the kernel tree, but if a person can only contribute 25% of what needs doing and do so, shouldn't inherently prevent a patch from being accepted.

I'm not sure about that. Arguably, if you're not experienced enough to follow good coding procedures and have proper tests and documentation, you have no business to be messing about with the kernel. Same if you don't have knowledge of the concepts behind low level OS code.

As a user of the Linux kernel, I expect it to perform reliably. Having a high code quality standards helps ensure that. In the open source model you only get an opportunity to have your code included, not a right.

Anonymous Cowards

[Thelasko]

I predict a record number of AC posts on this article.

Re:

[smittyoneeach]

Better still, record number of one-off accounts with names like d1b946b97d71423f365fa797d1428e1847c0bec1 that look like
#include "small_patch_preempted_by_fascist_Filter_error_ hmm_wonder_what_that_means_WRT_popularity_of_once_great_site as_I_break_this_up_to_work_around_yet_another_asinine_error.c"

Re:

[Anonymous Coward]

I've had some success getting modded up here on /., so I tried a one-off submission to the Linux kernel. Haven't heard back from them so far. Here it is:

--- filetable.c.orig
+++ filetable.c
+//
+// You must be new here!
+//
  exit(1);
  }

I've been thinking of doing this myself.

[whoever57]

I have been thinking of a single contribution to the kernel myself. I would like to see a link somewhere in /proc that points to the location of kernel source code used to build the currently running kernel. This would remove the need to the current hacks of using a link in /usr/src/kernel that may or may not point to the correct kernel source. This would be used by scripts that build kernel modules for code that is not in the normal kernel. If not a link, then a file whose contents is a file (somewhere in /proc) containing the pathname would also provide a similar capability.

Re:

[McGiraf]

some distributions (all?) have a link to the headers somewhere in /lib/modules/kernel-version .

Re:

[piojo]

Wouldn't you rather have it as a configured variable whose value shows up in /proc/config.gz? The problem I see with it actually being a value in /proc is that this would imply that it's accurate at runtime, which is impossible to ensure. (For example, if a user moves or updates the sources.)

Re:

[whoever57]

The problem I see with it actually being a value in /proc is that this would imply that it's accurate at runtime, which is impossible to ensure. (For example, if a user moves or updates the sources.)

As opposed to say a link in /usr/src, which may or may not be correct? Yes, it's not perfect, but it would be better than what is used today. And, as for "updating the sources" -- the point is that when you want to run one of these scripts that needs to know where the kernel sources are, it doesn't want to know

Re:

[piojo]

The fact that I disagree aside, you might be interested in this [linuxmafia.com]. It's Linus Torvalds explaining why /usr/src/linux actually shouldn't contain the sources of the kernel that is running, but the sources that glibc is linked against.

Re:

[whoever57]

It's Linus Torvalds explaining why /usr/src/linux actually shouldn't contain the sources of the kernel that is running, but the sources that glibc is linked against.

I don't read it that way. He appears to be complaining about a symbolic link called /usr/include/asm.

Re:

[bfields]

I would like to see a link somewhere in /proc that points to the location of kernel source code used to build the currently running kernel.

Of course, chances are if you're patching kernels and such then the source at that path will change, and you'll forget about it.

The reason that, e.g., /proc/config.gz is useful, is that that config file is actually built in to the running kernel image. So it's pretty hard for it to get out of sync with the running kernel. But few people are going to want the entire

I'm...

[fitten]

I'm a drive by contributor to the "Drive-By Contributors to the Linux Kernel" thread!

How many contributed 0 patches?

[Gavin Scott]

'the distribution of all of our users are: 50% only contributed 1 patch; 25% contributed 2; 12% contributed 3; 6% contributed 4 and so on ...'"

Ah, but how many people wanted or attempted to contribute a patch but the process was either too complex or the powers that be just couldn't be convinced of the patch's value and so it didn't make it in?

I think that would be a very interesting statistic.

G.

Re:

[JasterBobaMereel]

Sounds like a good way of stopping lazy, stupid, and pointless patches getting into the kernel ...

It is the old principal of 'stupid' managers, anything someone is still trying to explain to you after 15 minutes is probably worth paying attention to ...

If someone can actually be bothered to go through the process of submitting a patch and do it correctly then they the code they are submitting is much more likely to be useful....

Ego

[mqduck]

Sorry if someone already said this, but here's what I think: All you have to do is write a patch that gets in *once* and you can forever brag about how your code is in the Linux kernel.

Re:

[chunk08]

SCO didn't even go that far. They just bragged (or whined) about their code being in Linux. No contribution necessary.

Re:

[Icarium]

... Until you check the source code a year later and see the "Removed - What idiot wrote this? " comment where your precious code used to be.

another reader, Greg KH ???

[gwniobombux]

Would you please get a clue, who Greg Kroah-Hartman [wikipedia.org] is? Thanks.

Obvious flaw

[jgoemat]

The most obvious flaw I can think of is that the newer releases have fewer follow-up releases with which to submit extra patches. This doesn't seem to be mentioned in the article. For instance the 2.6.25 release is the most current. Of course all 'new' submitters to the 2.6.25 release will not have submitted any more patches. All 'new' submitters to the 2.6.24 release will have had the chance to also submit a patch for 2.6.25.

Let's assume that each release has 100 'new' submitters and that the chanc