09:00:00 <masashi910> #startmeeting CIP IRC weekly meeting
09:00:00 <brlogger> Meeting started Thu Jan 28 09:00:00 2021 UTC and is due to finish in 60 minutes.  The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:00:00 <brlogger> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:00 <brlogger> The meeting name has been set to 'cip_irc_weekly_meeting'
09:00:03 <masashi910> #topic rollcall
09:00:11 <masashi910> please say hi if you're around
09:00:15 <pave1> hi
09:00:18 <wens> hi
09:00:19 <iwamatsu> hi
09:00:24 <yoshidak[m]> hi
09:01:01 <masashi910> #topic AI review
09:01:08 <masashi910> 1. Combine root filesystem with kselftest binary - iwamatsu
09:01:17 <iwamatsu> no update about this.
09:01:26 <masashi910> iwamatsu: Sure. Thanks.
09:01:29 <masashi910> 2. Do some experiment to lower burdens on CI - patersonc
09:01:40 <patersonc> Hi all, I'm afraid I'm still in another meeting so I'll have to miss this meeting today. I don't have any testing updates.
09:02:04 <masashi910> patersonc: Note. Thanks.
09:02:13 <masashi910> 3. Check hitachi_omap defconfigs wrt CVE-2020-27820 [drm/nouveau UAF] - Hitachi-team
09:02:20 <masashi910> Still waiting for Hitachi-team's response. Keep it open.
09:02:27 <masashi910> any other topics?
09:02:35 <masashi910> 3
09:02:38 <pave1> For the record... nouveau code is not really up to usual kernel standards.
09:02:59 <pave1> I hope Hitachi is not really using it, but if they are, they should move away.
09:03:58 <masashi910> pave1: Thanks for your comment. Let's wait for their response.
09:04:07 <masashi910> 2
09:04:10 <masashi910> 1
09:04:12 <masashi910> #topic Kernel maintenance updates
09:04:35 <pave1> Reviews of 5.10.10 and 5.10.11, and corresponding 4.19 commits.
09:05:03 <wens> One new issue this week, CVE-2020-35513 [nfsd: incorrect umask], which was fixed way back in 4.17.
09:05:40 <wens> and some updates regarding three existing CVEs in this week's report
09:05:52 <iwamatsu> I revewed 4.4.253 and 5.10.11
09:06:29 <wens> see the report here: https://lore.kernel.org/cip-dev/CAGb2v67U62fBOE-OxbfGkOa-SJhmiJQQCXDvJ3bd44sWhsoTig@mail.gmail.com/
09:06:31 <masashi910> pave1, wens, iwamatsu: Thanks for your works!
09:07:15 <wens> I'm not sure what's going on with CVE-2020-27825's fix backport
09:08:06 <wens> ah, looks like there's an update: https://lore.kernel.org/stable/20210125142126.70d6a33c@gandalf.local.home/
09:09:29 <masashi910> wens: At least, CVE-2021-3178, which was reported last week, was backported to all stable kernels. So, it is fixed.
09:10:02 <wens> Indeed.
09:11:02 <masashi910> wens: So,  CVE-2020-27825 should be monitored for the time being?
09:11:46 <pave1> I don't think that one warrants monitoring. It is not important for our workloads.
09:12:15 <masashi910> pave1: Thanks for your comment.
09:12:20 <wens> I agree. I doubt anyone does tracing on production systems.
09:12:57 <masashi910> wens: Ok. Then treat it as it should be.
09:13:12 <masashi910> any other topics?
09:15:07 <masashi910> As Chris-san mentioned that he has no updates, let's skip "Testing"
09:15:24 <masashi910> So, next is Security.
09:15:25 <masashi910> #topic CIP Security
09:15:32 <masashi910> yoshidak[m]: The floor is yours.
09:15:35 <yoshidak[m]> Hi
09:16:11 <yoshidak[m]> There is no major update this week, but we are considering about static code analysis now.
09:16:57 <yoshidak[m]> We are confirming a few static code analysis tools, still continue to discuss internally.
09:17:18 <yoshidak[m]> Thank you, that's the end from me.
09:17:27 <pave1> yoshidak: You had some questions about kernel design on the mailing list. Perhaps we should talk when the meeting ends?
09:17:44 <masashi910> yoshidak[m]: Thanks for your reports!
09:18:39 <masashi910> pave1, iwamatsu, wens: Do you know whether upstreams are doing static code analysis by using coverity or something?
09:19:06 <pave1> masashi: There are multiple efforts running static analysis on kernel, yes.
09:19:49 <masashi910> pave1: Thanks. Then, are those efforts done on 4.4 and 4.19 as well?
09:20:44 <pave1> masashi: Not sure, probably not. As new development is not supposed to happen there, it should not be too useful.
09:21:05 <yoshidak[m]> <pave1 "yoshidak: You had some questions"> pave1: Thank you for proposing this, but I don't know what Dinesh wants to know is. so, could you discuss on line with Dinesh again?
09:21:30 <masashi910> pave1: Thanks, again. I checked web sites, but I cannot find code scanning works specific to 4.4 and 4.19.
09:21:53 <pave1> masashi: Coverity fixes can be identified by "Addresses-Coverity:" in the commit log.
09:22:08 <pave1> yoshidak: ok.
09:22:31 <masashi910> pave1: Yes, thanks!
09:22:49 <masashi910> any other topics?
09:23:00 <masashi910> 3
09:23:03 <iwamatsu> I remember seeing the presentation about it before.
09:23:04 <masashi910> 2
09:23:55 <iwamatsu> https://elinux.org/images/d/d3/Bargmann.pdf
09:24:06 <masashi910> iwamatsu: Yes, there is some on-going task, like: https://scan.coverity.com/projects/linux
09:24:40 <masashi910> It is active and the latest scanning was done 3 days ago.
09:25:10 <masashi910> It is tagerting the latest version. Now, 5.11.0-rc5.
09:26:03 <masashi910> Anyway, we need to figure out how to satisfy IEC62443-4-1 security requirement from kernel side.
09:26:06 <iwamatsu> I see.
09:26:29 <masashi910> iwamatsu: Thanks for your comment!
09:26:40 <masashi910> Any other topics?
09:26:50 <masashi910> 3
09:26:53 <masashi910> 2
09:26:57 <masashi910> 1
09:27:00 <masashi910> #topic AOB
09:27:06 <masashi910> Are there any business to discuss?
09:27:19 <masashi910> 5
09:27:23 <masashi910> 4
09:27:27 <masashi910> 3
09:27:30 <masashi910> 2
09:27:33 <masashi910> 1
09:27:34 <masashi910> There seem to be no topics to be discussed, so let's close the meeting.
09:27:40 <masashi910> #endmeeting