Skip to content
/ klp-bugzilla Public

Automated analysis of bugzilla bugs for kernel livepatching

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fgyanz/klp-bugzilla

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
klp-bugzilla-cli.py
klp-bugzilla-cli.py
 
 

Repository files navigation

klp-bugzilla

Automated analysis of bugzilla bugs for kernel livepatching. The tool fetches all the livepatching-related bugs from the indicated bugzilla instance and makes a small report about each one of them.

Setup

$ zypper in python311-bugzilla python311-tabulate
$ export BUGZILLA_API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxx"

Note: The script uses klp-build to scan each of the bugs found in the bugzilla instance. Make sure it is correctly installed and configured.

Run

klp-bugzilla is pretty straightforward and does not require any kind of configuration. The current version does not support commandline options, but that might change in the future. Beware that klp-bugzilla is a multi-threaded program, and it will use all available cores to speed up the analysis. For a batch of 111 bugs and 16 threads, it takes roughly 35 minutes to process everything.

$ ./klp-bugzilla-cli.py
[+] Connecting to 'https://bugzilla.suse.com'
[+] Downloading bugs...
[+] Processing 111 bugs
[+] Scanning bugs with klp-build. Go for a coffee :)

     ID  CVE         SUBSYSTEM       CVSS    CLASSIFICATION    STATUS         AFFECTED
-------  ----------  ------------  ------    ----------------  -------------  --------------------
122xxxx  2021-xxxxx  scsi             7.8    complex           Incomplete(0)  No
122xxxx  2024-xxxxx  drm/amdgpu       7.8    trivial           Fixed(3)       15.6rtu0 15.6u0
122xxxx  2024-xxxxx  iommu/vt-d       7.8    None              Fixed(1)       15.6rtu0 15.6u0-1
122xxxx  2024-xxxxx  scsi             7.0    trivial           Fixed(11)      12.5u50-54 15.4u20-26 15.5rtu7-15 15.5u7-14
...
...

Output

Once all the bugs have been analyzed, klp-bugzilla spits to stdout a table with the full report. Most of the fields are self-explanatory except for perhaps the status and affected ones.

  • status:
    • Fixed(n): Bug has been fixed in all the vulnerable SLEs.
    • Incomplete(n): Most likely someone is working on the bug.
    • Not-Fixed: No one has started working on the bug yet. OR it has been discarded.

n is the total number of commits fixing the bug.

NOTE: The status is derived from the available information in bugzilla, and as such it might be incorrect and should be manually verified. That being said, in most cases the reported information is realiable enough to be used as a hint.

  • affected:
    • No: No codestreams were found that required to be livepatched.
    • xx.x xx.x...: List of codestreams still affected by the bug that need to be livepatched.

About

Automated analysis of bugzilla bugs for kernel livepatching

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages