Android kernels: does upstream matter?
There is this false narrative floating around in the dev community on how upstreaming breaks drivers and OEM code. Upstreaming breaking drivers and OEM code is not universally true- in contrast, it defies the very definition of a stable kernel.
You see, each and every Android device out there runs a version of the Linux Kernel– and it doesn’t have to be the latest version all the time.
Why aren’t kernels up-to-date with the latest version on some devices?
The reason originates from CAF. CAF, or Code Aurora Forum is an open-source collaborative sponsored by Qualcomm. Now, most of the times CAF refrains from merging upstream updates into their kernels. Hence, most OEMs skip updating to the latest version as well.
It is, as a matter of fact, important to stay up-to-date with the latest version of the Android kernel. If you don’t take my word for it, take one of the most influential kernel developers- Greg Kroah-Hartman’s word. Quoting him,
If you are not using an up-to-date stable/longterm kernel, your machine is insecure.
A counter for every counter
Counter 1- Upstreaming is irrelevant
A counter most naysayers make when they’re shown the clip hooked to the quote above is saying that a lot of patches from upstream are usually irrelevant to the architecture of most Android devices. The statement, though true, doesn’t shadow the fact that there’s a ton of patches actually relevent to the architecture. Greg Kroa-Hartman said basically the same in his talk linked above- if you think you can sort through what’s relevant for the device you’re working on and what isn’t, good luck!
Due to the fact that sorting the “relevant” out is just as tough as discarding the “irrelevant,” it is recommended to merge the whole thing.
At this point, most of those thinking all of the above (merging upstream) is irrelevant should know that Greg is being sponsored by Google in order to strap uptreaming to the back of kernel/common (3.18, 4.4 and 4.9). Also, he’s been helping the Google Pixel team in upstreaming the kernel for Android O, which is quite evident here.
Had this been an “irrelevant” process, Google wouldn’t have been investing the amount of time invested already- especially since 3.18 was at the end of it’s cycle before the upstreaming.
Counter 2- Upstreaming causes instability
Upstreaming can cause instability only in the cases of a few problematic patches scattered across the upstream. However, this is not the norm at all. Most of the times, breakage after upstreaming originates from a dev error. Not paying attention to conflicts and disregarding the context for every patch can cause breakage. Although, in the cases of breakage, gettin back to normal isn’t all too tough.
You might want to give this documentation a read.
As a matter of fact, merging upstream allows you to get ahead of Google’s security upstream. An example could be taken by looking at the day Google commited the fix for the infamous Dirty COW vulnerability. Google added the fix in the December security update– however, the fix was available on the 20th of October that year already.
tl;dr for busy people-
Upstreaming is important. Sure, you could go ahead and merge individual patches- however, it takes a lot less effort (and time) to merge it all in.
