08:59:59 #startmeeting CIP IRC weekly meeting 08:59:59 Meeting started Thu Oct 22 08:59:59 2020 UTC and is due to finish in 60 minutes. The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot. 08:59:59 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 08:59:59 The meeting name has been set to 'cip_irc_weekly_meeting' 09:00:02 #topic rollcall 09:00:10 please say hi if you're around 09:00:17 hi 09:00:18 hi 09:00:23 hi 09:00:51 hi 09:01:02 #topic AI review 09:01:16 1. Combine root filesystem with kselftest binary - iwamatsu 09:01:18 no update for this. 09:01:29 iwamatsu: Noted. Thanks. 09:01:36 2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - masashi910 09:01:43 hi 09:01:46 Pavel-san, Chen-Yu-san, thanks for your follow-up discussions on this. 09:01:53 https://lore.kernel.org/cip-dev/20201014141355.GA16362@duo.ucw.cz/ 09:01:53 https://lore.kernel.org/cip-dev/CAGb2v66aPu3wn_0PwRsp3V=LV5aFPwxEO8Rhzsz-bCeF2PDv-g@mail.gmail.com/ 09:02:00 Do you have any suggestions how to proceed or conclude this? 09:02:13 there's another new CVE (or old, since it's from 2019) for i40e :( 09:02:32 wens: Oh... 09:02:39 I'd say just backport the commits Intel listed. 09:02:39 what CVE number? 09:02:48 From the commits we identified, there was nothing that looked like worth backporting. 09:02:57 iwamatsu: CVE-2019-0149 09:03:06 wens: thanks 09:03:36 Memory leaks in error paths... 09:04:11 I see. 09:04:14 pave1: Please let me confirm. Not worth backporting for CVE-2019-0145, CVE-2019-0147, CVE-2019-0148? 09:05:35 I guess I would need to take another look. But it certainly did not look urgent. 09:05:44 7015ca3df965378bcef072cca9cd63ed098665b5 -- can malicious user trigger this at all? 09:06:24 pave1: Thanks for your comments. Then, shall I keep this AI open and follow at the next IRC meeting? 09:06:31 147: references the same CVE. 09:06:57 If wens has time, perhaps we can talk after the meeting? 09:07:02 sure 09:07:12 Thanks :-). 09:07:16 pave1, wens: Thanks! 09:07:26 So, let's move on. 09:07:36 #topic Kernel maintenance updates 09:08:14 5 new CVEs this week, including the i40e one: 09:08:23 - CVE-2019-0149 [net/i40e] 09:08:23 - CVE-2020-0423 [binder] - fixed in mainline 09:08:23 - CVE-2020-25656 [vt_do_kdgkb_ioctl use after free] 09:08:23 - CVE-2020-27152 [KVM] 09:08:24 - CVE-2020-27194 [bpf verifier] - fixed in mainline and 5.8 (introduced in v5.7) 09:08:24 I revewed 4.4.240. 09:08:45 Investigating CVEs, reviewing PCIe EP changes, few patches reviewed for 4.19.153. 09:09:05 I haven't finished this week's merge request, so the details aren't on gitlab yet. 09:09:07 wens: Are there any urgent patches among 5 CVEs? 09:09:38 no. 09:09:47 I don't believe we need to care about binder. 09:09:52 wens: I see. Thanks. 09:10:03 KVM and vt don't have fixes yet 09:10:52 wens, iwamatsu, pave1: Thanks for your works! 09:11:15 any other topics? 09:11:28 3 09:11:29 I haven't included pave1's investigation into the Bluetooth patches either. 09:11:44 hopefully I will get everything done by this weekend. 09:12:01 wens: AFAICT, Bluetooth is now solved. 09:12:55 pave1: thanks. I will make sure they are documented properly, instead of the big mess it is right now. 09:13:44 wens, pave1: Thanks for additional info and works. 09:13:51 Any other topics? 09:13:59 3 09:14:02 2 09:14:05 1 09:14:08 #topic Kernel testing 09:14:28 Hello 09:14:38 Not much done since last week. 09:14:53 I recorded a presentation for ELC-E with Kudo-san. That's probably about it. 09:15:29 patersonc: Thanks! 09:15:33 I wanted to follow up to zoom meeting... 09:15:46 pave1: please/ 09:15:59 I submit kernel for testing, then I look for the green tick marks. 09:16:09 ...on gitlab. 09:16:30 But I should be really going deeper into the test results to see what really failed, right? 09:17:02 Yea 09:17:17 Are there some long term plans to fix that? 09:17:33 Yea. I plan to start using KernelCI's front end 09:17:46 Great, thanks. 09:18:14 Thanks for the discussion. Any other topics? 09:18:25 3 09:18:29 2 09:18:32 1 09:18:35 #topic CIP Security 09:18:43 Today, Yoshida-san is not here. 09:18:49 As was reported, the WG started the discussion with the certification body. 09:18:59 We are discussing both IEC62443-4-1 (process requirements) and -4-2 (feature requirements). 09:19:22 For example pave1: from the test run you ran yesterday, you can see results like this for each individual test job: https://lava.ciplatform.org/results/68202 09:19:37 When the requirements become clear, they will be shared with each team how to deal with them. 09:19:56 pave1: And then at a lower level: https://lava.ciplatform.org/results/68202/0_spectre-meltdown-checker-test 09:21:12 ok, let's move on. 09:21:20 #topic AOB 09:21:27 I would like to propose to skip the IRC meeting next week because of ELCE2020. 09:21:34 Any objections? 09:22:03 3 09:22:08 2 09:22:12 1 09:22:15 Thanks, then there is no IRC meeting next week. 09:22:23 Are there any business to discuss? 09:22:51 If no, let's close the meeting today. 09:23:00 #endmeeting