check_kernel_commits.py: Fix corner case around Fixes: commits (cve-bf)#74
Open
roxanan1996 wants to merge 1 commit into
Open
check_kernel_commits.py: Fix corner case around Fixes: commits (cve-bf)#74roxanan1996 wants to merge 1 commit into
roxanan1996 wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the kernel commit checking/cherry-pick helpers to better handle a corner case where Fixes: (cve-bf) commits may appear “already applied” locally (full history) but “unapplied” in PR validation (limited fetched history), and adds local warning output to highlight that situation.
Changes:
- Add interval-limited commit existence checks (via
base_commit_hash) to better emulate PR-validation’s limited history. - Split “find Fixes in mainline” from “filter unapplied in branch” to allow reuse and clearer composition.
- Update
check_kernel_commits.pyto compare full-history vs limited-history results and emit a warning whenFixes:commits were applied before the fetched interval.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
kt/ktlib/ciq_helpers.py |
Adds interval support to commit lookup and introduces helpers to filter unapplied Fixes commits. |
ciq-cherry-pick.py |
Switches Fixes discovery to the new “unapplied” helper. |
check_kernel_commits.py |
Emulates PR-validation’s limited history locally and warns on the “Fixes applied before interval” corner case. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
roxanan1996
force-pushed
the
{rnicolescu}_fixes_better_check
branch
from
bb6097c to
3c4feb2
Compare
PlaidCat
previously approved these changes
Jun 8, 2026
PlaidCat
left a comment
PlaidCat
left a comment
Collaborator
There was a problem hiding this comment.
Thanks for addressing the comments and updating from base_commit_hash to interval ... I'm not sure why but it made more more sense with the lastest update.
Original issue: ctrliq/kernel-src-tree#1212 (comment) In the above link, we had a weird case where commit X was reverted by commit Y, but then our cve tracker picked the X commit again (why is irrelevant to this story). check_kernel_commits.py did not detect any issues locally, but it did flag it during the validate step when the PR was created. The discrepancy is due to the fact that, locally, the whole pr/local branch is fetched, but during Pr reviews, only the new commits are fetches, hence the history is way limited, which is more than enough considering that the 'fixes:' (cve-bf) commits should be applied after the commit of interest. While the different results locally vs during Pr review make sense, we need to catch issues like this locally, during development as well. Because locally we cannot fetch just the new commits (we need the whole history to make sure we cherry pick commits properly), check_kernel_commits now checks the interval of commits it has to check. And since we ran into this weird case described at the beginning, flag a warnining in case a commit X has a cve-bf that was applied beforehand so that the developer sees it and acts accordingly and not be confused during Pr review. Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
roxanan1996
force-pushed
the
{rnicolescu}_fixes_better_check
branch
from
3c4feb2 to
0bb6f94
Compare
Contributor
Author
|
I just fixed a typo, the rest of the copilot feedback I found pedantic tbh. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Original issue: ctrliq/kernel-src-tree#1212 (comment)
In the above link, we had a weird case where commit X was reverted by commit Y, but then our cve tracker picked the X commit again (why is irrelevant to this story).
check_kernel_commits.py did not detect any issues locally, but it did flag it during the validate step when the PR was created. The discrepancy is due to the fact that, locally, the whole pr/local branch is fetched, but during Pr reviews, only the new commits are fetches, hence the history is way limited, which is more than enough considering that the 'fixes:' (cve-bf) commits should be applied after the commit of interest.
While the different results locally vs during Pr review make sense, we need to catch issues like this locally, during development as well.
Because locally we cannot fetch just the new commits (we need the whole history to make sure we cherry pick commits properly), check_kernel_commits now checks the interval of commits it has to check.
And since we ran into this weird case described at the beginning, flag a warnining in case a commit X has a cve-bf that was applied beforehand so that the developer sees it and acts accordingly and not be confused during Pr review.
Jira ticket https://ciqinc.atlassian.net/browse/KERNEL-970