Re: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33

Nobuhiro Iwamatsu


-----Original Message-----
From: Jan Kiszka [mailto:jan.kiszka@...]
Sent: Thursday, June 20, 2019 1:59 AM
To: iwamatsu nobuhiro(岩松 信洋 ○SWC□OST)
<nobuhiro1.iwamatsu@...>; cip-dev@...
Cc: SZ.Lin@...
Subject: Re: [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33

On 17.06.19 00:14, nobuhiro1.iwamatsu@... wrote:

-----Original Message-----
From: iwamatsu nobuhiro(岩松 信洋 ○SWC□OST)
Sent: Friday, June 14, 2019 6:12 PM
To: cip-dev@...
Cc: SZ.Lin@...; Pavel Machek <pavel@...>; Ben Hutchings
Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33

Hi all,

CIP kernel team has released Linux kernel 4.19.50-cip3 and
You can get this release via the git tree at:


branch: linux-4.19.y-cip
commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6


branch: linux-4.4.y-cip
commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9

And I introduce the updates for each kernel below.

About 4.19.50-cip3:
* This version has been updated from stable version 4.19.13 to
4.19.50, and
many CVE fixes including MDS (Microarchitectural Data Sampling:
CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091).
* CIP updates include device-tree fixes by Renesas.

About 4.4.176-cip32:
* This version has been updated from stable version 4.4.176 to
4.4.181, and
this also includes MDS fixes as in 4.19.y.
* CIP updates include update of RZ/G1C by Renesas.
I forgot to explain about MDS.

Although patches for MDS are included in this release, no test code
has been published for these, so we have not tested for MDS. Also,
patches did not really follow the stable rules, so they could not be
checked the same way as checking for other patches. But the bug is
ugly enough so we included the patches anyway.
For the above reasons, modern x86 CPUs can not really be trusted with
secrets; similar attacks are likely to happen in future.
I wouldn't see it that extreme, it still heavily depends on what you are
running and where. Also, the attacks are getting more complex.

Anyway, different while similar topic: Is there a plan to quickly follow
up with releases containing the SACK issue patches? That is cooking
everywhere now.
We talked about this at today's IRC meeting, we decided to release this soon.

Best regards,

Join to automatically receive all group messages.