Vendor Kernels, Bugs and Stability
Linux vendor kernels are currently created by taking a frozen snapshot of a specific linux release associated with a git reference or git tag, and then back-porting selected fixes as the upstream git tree changes. Changes are selected to address specific bug fixes, and to a much lesser extent, new features may be added. This model was invented twenty-five years ago when out of tree device drivers were much more common, as many device vendors had not yet understood how important Linux support was going to be for their hardware.
The theory is that by carefully selecting changes to be back-ported, usually associated with security problems, the resulting kernel will be more stable and secure.
This paper analyzes this theory by examining the change rate and bug count of a selected vendor kernel - Red Hat Enterprise Linux (RHEL) 8.8, kernel version 4.18.0-477.27.1 and comparing this to upstream kernels published by kernel.org. Kernel version 4.18.0-477.27.1 is the version that Rocky Linux 8 is also based upon. In particular, we analyzed the kernel-4.18.0-477.27.1.el8_8.src.rpm source code RPM.
Analyzing the number of back-ports into RHEL 8.8 we find that there are 111750 individual commits listed in the change-log. Analyzing this further we can see when these commits were back-ported over time.
