Date   

Cip-kernel-sec Updates for Week of 2021-04-08

Chen-Yu Tsai (Moxa) <wens@...>
 

Hi everyone,

Eight new issues this week:

- CVE-2020-36310 [x86/kvm: svm: infinite loop] - fixed
auto-backport failed.
- CVE-2020-36311 [x86/kvm: svm: sev: softhang] - fixed (ignore for CIP)
- CVE-2020-36312 [kvm: mem leak] - fixed
- CVE-2020-36313 [kvm: out-of-bounds access] - fixed
- CVE-2021-29657 [x86/kvm: svm: data race] - fixed
- CVE-2021-30002 [media/v4l2: ioctl mem leak] - fixed
- CVE-2021-30178 [x86/kvm: hyperv: NULL ptr deref] - fixed
- CVE-2021-3483 [firewire: nosy: UAF] - fixed (ignore for CIP) - fixed

No updates on CVE-2021-3444, CVE-2021-20292 or CVE-2021-29650 from
previous weeks.


Regards
ChenYu


Re: [PATCH 2/2] [isar-cip-core] Add support qemu-arm

Jan Kiszka
 

On 08.04.21 04:32, Nobuhiro Iwamatsu wrote:
This adds configuration files to support QEMU/arm.
This is intended to be used for a test image of LAVA of CIP.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 19 +++++++++++++++++++
conf/machine/qemu-arm.conf | 14 ++++++++++++++
kas/board/qemu-arm.yml | 16 ++++++++++++++++
3 files changed, 49 insertions(+)
create mode 100644 conf/machine/qemu-arm.conf
create mode 100644 kas/board/qemu-arm.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 01d9609..b53d9cc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -84,6 +84,16 @@ build:qemu-arm64-base:
wic_targz: disable
targz: enable

+build:qemu-arm-base:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-arm
+ extention: security
+ use_rt: disable
+ wic_targz: disable
+ targz: enable
+
# test
build:simatic-ipc227e-test:
extends:
@@ -124,3 +134,12 @@ build:qemu-arm64-test:
extention: test
wic_targz: disable
targz: enable
+
+build:qemu-arm-test:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-arm
+ extention: test
+ wic_targz: disable
+ targz: enable
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
new file mode 100644
index 0000000..81a22c1
--- /dev/null
+++ b/conf/machine/qemu-arm.conf
@@ -0,0 +1,14 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+# Copyright (c) TOSHIBA CORPORATION, 2021
+#
+# SPDX-License-Identifier: MIT
+#
+
+DISTRO_ARCH = "armhf"
+
+IMAGE_TYPE ?= "ext4-img"
+USE_CIP_KERNEL_CONFIG = "1"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm/qemu_arm_defconfig"
diff --git a/kas/board/qemu-arm.yml b/kas/board/qemu-arm.yml
new file mode 100644
index 0000000..9bf9728
--- /dev/null
+++ b/kas/board/qemu-arm.yml
@@ -0,0 +1,16 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+# Copyright (c) TOSHIBA CORPORATION, 2021
+#
+# Authors:
+# Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+machine: qemu-arm
Thanks, both applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [PATCH v2] [isar-cip-core] kas: Add opt/targz-img.yml

Jan Kiszka
 

On 08.04.21 04:29, Nobuhiro Iwamatsu wrote:
This provides the function to specify 'targz-img' for IMAGE_TYPE. This is
used when creating a tar.gz image that does not support wic. And this is intended
to be used for NFS booting of LAVA of CIP.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 3 +++
kas/opt/targz-img.yml | 17 +++++++++++++++++
2 files changed, 20 insertions(+)
create mode 100644 kas/opt/targz-img.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d14c72f..8802af1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
extention: base
use_rt: enable
wic_targz: enable
+ targz: disable
dtb: none
deploy: enable

@@ -30,6 +31,7 @@ default:
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -69,6 +71,7 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
wic_targz: disable
+ targz: enable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
new file mode 100644
index 0000000..bdb5231
--- /dev/null
+++ b/kas/opt/targz-img.yml
@@ -0,0 +1,17 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+local_conf_header:
+ image-type: |
+ IMAGE_TYPE = "targz-img"
Thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[PATCH 2/2] [isar-cip-core] Add support qemu-arm

Nobuhiro Iwamatsu
 

This adds configuration files to support QEMU/arm.
This is intended to be used for a test image of LAVA of CIP.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 19 +++++++++++++++++++
conf/machine/qemu-arm.conf | 14 ++++++++++++++
kas/board/qemu-arm.yml | 16 ++++++++++++++++
3 files changed, 49 insertions(+)
create mode 100644 conf/machine/qemu-arm.conf
create mode 100644 kas/board/qemu-arm.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 01d9609..b53d9cc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -84,6 +84,16 @@ build:qemu-arm64-base:
wic_targz: disable
targz: enable

+build:qemu-arm-base:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-arm
+ extention: security
+ use_rt: disable
+ wic_targz: disable
+ targz: enable
+
# test
build:simatic-ipc227e-test:
extends:
@@ -124,3 +134,12 @@ build:qemu-arm64-test:
extention: test
wic_targz: disable
targz: enable
+
+build:qemu-arm-test:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-arm
+ extention: test
+ wic_targz: disable
+ targz: enable
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
new file mode 100644
index 0000000..81a22c1
--- /dev/null
+++ b/conf/machine/qemu-arm.conf
@@ -0,0 +1,14 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+# Copyright (c) TOSHIBA CORPORATION, 2021
+#
+# SPDX-License-Identifier: MIT
+#
+
+DISTRO_ARCH = "armhf"
+
+IMAGE_TYPE ?= "ext4-img"
+USE_CIP_KERNEL_CONFIG = "1"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm/qemu_arm_defconfig"
diff --git a/kas/board/qemu-arm.yml b/kas/board/qemu-arm.yml
new file mode 100644
index 0000000..9bf9728
--- /dev/null
+++ b/kas/board/qemu-arm.yml
@@ -0,0 +1,16 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+# Copyright (c) TOSHIBA CORPORATION, 2021
+#
+# Authors:
+# Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+machine: qemu-arm
--
2.30.0.rc2


[PATCH 1/2] [isar-cip-core] Add support qemu-arm64

Nobuhiro Iwamatsu
 

This adds configuration files to support QEMU/arm64.
This is intended to be used for a test image of LAVA of CIP.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 19 +++++++++++++++++++
conf/machine/qemu-arm64.conf | 13 +++++++++++++
kas/board/qemu-arm64.yml | 16 ++++++++++++++++
3 files changed, 48 insertions(+)
create mode 100644 conf/machine/qemu-arm64.conf
create mode 100644 kas/board/qemu-arm64.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8802af1..01d9609 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -74,6 +74,16 @@ build:qemu-amd64-base:
targz: enable
deploy: disable

+build:qemu-arm64-base:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-arm64
+ extention: security
+ use_rt: disable
+ wic_targz: disable
+ targz: enable
+
# test
build:simatic-ipc227e-test:
extends:
@@ -105,3 +115,12 @@ build:hihope-rzg2m-test:
target: hihope-rzg2m
extention: test
dtb: renesas/r8a774a1-hihope-rzg2m-ex.dtb
+
+build:qemu-arm64-test:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-arm64
+ extention: test
+ wic_targz: disable
+ targz: enable
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
new file mode 100644
index 0000000..eb34703
--- /dev/null
+++ b/conf/machine/qemu-arm64.conf
@@ -0,0 +1,13 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# SPDX-License-Identifier: MIT
+#
+
+DISTRO_ARCH = "arm64"
+
+IMAGE_TYPE ?= "ext4-img"
+USE_CIP_KERNEL_CONFIG = "1"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm64/qemu_arm64_defconfig"
diff --git a/kas/board/qemu-arm64.yml b/kas/board/qemu-arm64.yml
new file mode 100644
index 0000000..823964d
--- /dev/null
+++ b/kas/board/qemu-arm64.yml
@@ -0,0 +1,16 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+# Copyright (c) TOSHIBA CORPORATION, 2021
+#
+# Authors:
+# Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+machine: qemu-arm64
--
2.30.0.rc2


[PATCH v2] [isar-cip-core] kas: Add opt/targz-img.yml

Nobuhiro Iwamatsu
 

This provides the function to specify 'targz-img' for IMAGE_TYPE. This is
used when creating a tar.gz image that does not support wic. And this is intended
to be used for NFS booting of LAVA of CIP.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 3 +++
kas/opt/targz-img.yml | 17 +++++++++++++++++
2 files changed, 20 insertions(+)
create mode 100644 kas/opt/targz-img.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d14c72f..8802af1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
extention: base
use_rt: enable
wic_targz: enable
+ targz: disable
dtb: none
deploy: enable

@@ -30,6 +31,7 @@ default:
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -69,6 +71,7 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
wic_targz: disable
+ targz: enable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
new file mode 100644
index 0000000..bdb5231
--- /dev/null
+++ b/kas/opt/targz-img.yml
@@ -0,0 +1,17 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+local_conf_header:
+ image-type: |
+ IMAGE_TYPE = "targz-img"
--
2.30.0.rc2


Re: [PATCH] kas: Add opt/targz-img.yml

Nobuhiro Iwamatsu
 

Hi Jan,

Thanks for your review.

On Tue, Apr 06, 2021 at 10:14:31AM +0200, Jan Kiszka wrote:
On 02.04.21 02:53, Nobuhiro Iwamatsu wrote:
This provides the function to specify 'targz-img' for IMAGE_TYPE. This is
used when creating a tar.gz image that does not support wic.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 3 +++
kas/opt/targz-img.yml | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+)
create mode 100644 kas/opt/targz-img.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d14c72f..8802af1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
extention: base
use_rt: enable
wic_targz: enable
+ targz: disable
dtb: none
deploy: enable

@@ -30,6 +31,7 @@ default:
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -69,6 +71,7 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
wic_targz: disable
+ targz: enable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
new file mode 100644
index 0000000..43c545e
--- /dev/null
+++ b/kas/opt/targz-img.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+# lava uses nfs to deploy the image. For this we need a tarball instead of
+# full image
This should rather go into the commit message as more specific reason
why we need this patch.
OK, I will remove this sentence, and add to commit message.


+
+local_conf_header:
+ image-type: |
+ IMAGE_TYPE = "targz-img"
Jan
Best regards,
Nobuhiro


Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18

Nobuhiro Iwamatsu
 

Hi all,

On Fri, Mar 19, 2021 at 04:05:32PM +0900, masashi.kudo@cybertrust.co.jp wrote:
Hi, Mnda-san,

Thanks for your confirmation!

Iwamatsu-san,

Could you remove "plathome_obsvx1.config" itself, please?
Sure. I removed plathome_obsvx1.config from repository.

Best regards,
Nobuhiro


Best regards,
--
M. Kudo

-----Original Message-----
From: Masato Minda <minmin@plathome.co.jp>
Sent: Friday, March 19, 2021 3:56 PM
To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
cip-dev@lists.cip-project.org
Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org;
jan.kiszka@siemens.com
Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
2021-03-18

Hi, Kudo-san, CIP kernel members,

On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote:
- CVE-2020-35519 is relating to X.25.
X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
Oh!
This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1
is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has
been the reference hardware for the CIP since the 4.19 kernel.

Therefore, I think "plathome_obsvx1.config" should be removed from the CIP
kernel configuration.

By the way, VX1 has almost the same hardware configuration as VX2, so the
kernel for VX2 will work as is.

Best Regards,
minmin





Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18

Nobuhiro Iwamatsu
 

Hi all,

I dropped each config from config files.

Best regards,
Nobuhiro

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of
masashi.kudo@cybertrust.co.jp
Sent: Friday, March 19, 2021 5:48 PM
To: jan.kiszka@siemens.com; minmin@plathome.co.jp; cip-dev@lists.cip-project.org
Cc: pavel@denx.de; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>; wens@csie.org
Subject: Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18

Hi, Jan-san,

Thanks for your confirmation!

Iwamatsu-san,

Could you turn off both features from the following configs?

- CVE-2020-35519 is relating to X.25.
4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
- CVE-2021-20261 is relating to floppy.
4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
Best regards,
--
M. Kudo

-----Original Message-----
From: Jan Kiszka <jan.kiszka@siemens.com>
Sent: Friday, March 19, 2021 5:06 PM
To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
minmin@plathome.co.jp; cip-dev@lists.cip-project.org
Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org
Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
2021-03-18

On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote:
Hi, Jan-san, Minda-san,

Please find the CVE report as follows.
In the analysis of those CVEs, we found some doubts about the configs.

- CVE-2020-35519 is relating to X.25.
X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
Please confirm, and let us know whether X.25 should be disabled.

- CVE-2021-20261 is relating to floppy.
It is enabled as follows.
4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
Please confirm that this can be also disabled.
Yes, both features can be turned off.

Thanks,
Jan

Best regards,
--
M. Kudo

-----Original Message-----
From: Chen-Yu Tsai <wens@csie.org>
Sent: Thursday, March 18, 2021 5:48 PM
To: cip-dev@lists.cip-project.org
Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室)
<masashi.kudo@cybertrust.co.jp>
Subject: Cip-kernel-sec Updates for Week of 2021-03-18

Hi everyone,

Six new issues this week from the Ubuntu tracker:

- CVE-2020-35519 [net/x25: buffer overflow] - fixed
Looks like a few configs still have X.25 enabled:
4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
Maybe they should be revisited? cip-kernel-config also gives warnings
for CONFIG_X25.

- CVE-2021-20219 [improper synchronization in flush_to_ldisc()] -
likely RedHat only
Report mentions incorrect backport in RedHat kernels.

- CVE-2021-20261 [floppy: race condition data corruption] - fixed
No member enables this except:
4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
which should probably be turned off.

- CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
No member enables this.

- CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
No member enables this.

- CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
Requires a specially-crafted ext4 FS image, so we likely don't care.

Unfortunately Debian's Salsa service, where the Debian kernel
security issue tracker is hosted, is currently down, so we only have one source
of data this week.


Regards
ChenYu


[1]
https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


CIP IRC weekly meeting today

masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today.

*Please note that the IRC meeting was rescheduled to UTC (GMT) 09:00 starting from the first week of Apr. according to TSC meeting*
https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=4&day=8&hour=9&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
02:00 05:00 10:00 11:00 17:00 18:00

Channel:
* irc:chat.freenode.net:6667/cip

Last meeting minutes:
https://irclogs.baserock.org/meetings/cip/2021/04/cip.2021-04-01-09.00.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu
2. Do some experiment to lower burdens on CI - patersonc
3. Ask board owners(siemens_i386-rt/plathome_obsvx1) whether X.25 and floppy can be disabled - masashi910
4. Monitor the status of CVE-2021-3444 and CVE-2021-20292 (3/25) - Kernel Team
5. Monitor the status of CVE-2021-29650 (4/1) - Kernel Team


* Kernel maintenance updates
* Kernel testing
* CIP Security
* AOB

The meeting will take 30 min, although it can be extended to an hour if it makes sense and those involved in the topics can stay. Otherwise, the topic will be taken offline or in the next meeting.

Best regards,
--
M. Kudo
Cybertrust Japan Co., Ltd.


Re: [isar-cip-core][PATCH] kas: Rename opt/targz-img.yml to opt/wic-targz-img.yml

Jan Kiszka
 

On 02.04.21 02:51, Nobuhiro Iwamatsu wrote:
'wic-targz-img' was specified to IMAGE_TYPE in the original file. And there is 'targz-img' as a
similar function in ISAR.
This renames the file to clarify the functionality it provides.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 6 +++---
kas/opt/{targz-img.yml => wic-targz-img.yml} | 0
2 files changed, 3 insertions(+), 3 deletions(-)
rename kas/opt/{targz-img.yml => wic-targz-img.yml} (100%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 77d361c..d14c72f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@ variables:
release: buster
extention: base
use_rt: enable
- targz: enable
+ wic_targz: enable
dtb: none
deploy: enable

@@ -29,7 +29,7 @@ default:
- sudo rm -rf build/tmp
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
+ - if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -68,7 +68,7 @@ build:qemu-amd64-base:
target: qemu-amd64
extention: security
use_rt: disable
- targz: disable
+ wic_targz: disable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/wic-targz-img.yml
similarity index 100%
rename from kas/opt/targz-img.yml
rename to kas/opt/wic-targz-img.yml
Thanks, applied to next.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [PATCH] kas: Add opt/targz-img.yml

Jan Kiszka
 

On 02.04.21 02:53, Nobuhiro Iwamatsu wrote:
This provides the function to specify 'targz-img' for IMAGE_TYPE. This is
used when creating a tar.gz image that does not support wic.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 3 +++
kas/opt/targz-img.yml | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+)
create mode 100644 kas/opt/targz-img.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d14c72f..8802af1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
extention: base
use_rt: enable
wic_targz: enable
+ targz: disable
dtb: none
deploy: enable

@@ -30,6 +31,7 @@ default:
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -69,6 +71,7 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
wic_targz: disable
+ targz: enable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
new file mode 100644
index 0000000..43c545e
--- /dev/null
+++ b/kas/opt/targz-img.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+# lava uses nfs to deploy the image. For this we need a tarball instead of
+# full image
This should rather go into the commit message as more specific reason
why we need this patch.

+
+local_conf_header:
+ image-type: |
+ IMAGE_TYPE = "targz-img"
Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: -stable-rc tests failing

Chris Paterson
 

Hello Pavel,

From: Pavel Machek <pavel@denx.de>
Sent: 05 April 2021 15:41

Hi!

Every single test in -stable-rc series fails:

https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-
4.4.y
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-
4.19.y
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-
5.10.y

I attempted to re-run a few, but I don't think it will fix
anything. IIRC LAVA labs should be up now, so it would be cool if
someone could investigate.
It looks like the server isn't processing any new jobs - they just stay in the queue.
I'll investigate, sorry for the disruption.

Kind regards, Chris


Best regards,
                                                              Pavel
--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


-stable-rc tests failing

Pavel Machek
 

Hi!

Every single test in -stable-rc series fails:

https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-4.4.y
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-4.19.y
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-5.10.y

I attempted to re-run a few, but I don't think it will fix
anything. IIRC LAVA labs should be up now, so it would be cool if
someone could investigate.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: [PATCH] kas: Add opt/targz-img.yml

Nobuhiro Iwamatsu
 

Hi,

This patch is for isar-cip-core.

Best regards,
Nobuhiro

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Nobuhiro Iwamatsu
Sent: Friday, April 2, 2021 9:54 AM
To: jan.kiszka@siemens.com
Cc: cip-dev@lists.cip-project.org; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>
Subject: [cip-dev] [PATCH] kas: Add opt/targz-img.yml

This provides the function to specify 'targz-img' for IMAGE_TYPE. This is
used when creating a tar.gz image that does not support wic.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 3 +++
kas/opt/targz-img.yml | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+)
create mode 100644 kas/opt/targz-img.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d14c72f..8802af1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
extention: base
use_rt: enable
wic_targz: enable
+ targz: disable
dtb: none
deploy: enable

@@ -30,6 +31,7 @@ default:
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -69,6 +71,7 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
wic_targz: disable
+ targz: enable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
new file mode 100644
index 0000000..43c545e
--- /dev/null
+++ b/kas/opt/targz-img.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+# lava uses nfs to deploy the image. For this we need a tarball instead of
+# full image
+
+local_conf_header:
+ image-type: |
+ IMAGE_TYPE = "targz-img"
--
2.30.0.rc2


[PATCH] kas: Add opt/targz-img.yml

Nobuhiro Iwamatsu
 

This provides the function to specify 'targz-img' for IMAGE_TYPE. This is
used when creating a tar.gz image that does not support wic.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 3 +++
kas/opt/targz-img.yml | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+)
create mode 100644 kas/opt/targz-img.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d14c72f..8802af1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
extention: base
use_rt: enable
wic_targz: enable
+ targz: disable
dtb: none
deploy: enable

@@ -30,6 +31,7 @@ default:
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -69,6 +71,7 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
wic_targz: disable
+ targz: enable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
new file mode 100644
index 0000000..43c545e
--- /dev/null
+++ b/kas/opt/targz-img.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 10
+
+# lava uses nfs to deploy the image. For this we need a tarball instead of
+# full image
+
+local_conf_header:
+ image-type: |
+ IMAGE_TYPE = "targz-img"
--
2.30.0.rc2


[isar-cip-core][PATCH] kas: Rename opt/targz-img.yml to opt/wic-targz-img.yml

Nobuhiro Iwamatsu
 

'wic-targz-img' was specified to IMAGE_TYPE in the original file. And there is 'targz-img' as a
similar function in ISAR.
This renames the file to clarify the functionality it provides.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 6 +++---
kas/opt/{targz-img.yml => wic-targz-img.yml} | 0
2 files changed, 3 insertions(+), 3 deletions(-)
rename kas/opt/{targz-img.yml => wic-targz-img.yml} (100%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 77d361c..d14c72f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@ variables:
release: buster
extention: base
use_rt: enable
- targz: enable
+ wic_targz: enable
dtb: none
deploy: enable

@@ -29,7 +29,7 @@ default:
- sudo rm -rf build/tmp
- if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
- if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
- - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
+ - if [ "${wic_targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/wic-targz-img.yml"; fi;
- kas build ${base_yaml}
- if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}; fi

@@ -68,7 +68,7 @@ build:qemu-amd64-base:
target: qemu-amd64
extention: security
use_rt: disable
- targz: disable
+ wic_targz: disable
deploy: disable

# test
diff --git a/kas/opt/targz-img.yml b/kas/opt/wic-targz-img.yml
similarity index 100%
rename from kas/opt/targz-img.yml
rename to kas/opt/wic-targz-img.yml
--
2.30.0.rc2


CIP IRC weekly meeting today

masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today.

*Please note that the IRC meeting was rescheduled to UTC (GMT) 09:00 starting from the first week of Apr. according to TSC meeting*
https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=4&day=1&hour=9&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
02:00 05:00 10:00 11:00 17:00 18:00

Channel:
* irc:chat.freenode.net:6667/cip

Last meeting minutes:
https://irclogs.baserock.org/meetings/cip/2021/03/cip.2021-03-25-09.00.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu
2. Do some experiment to lower burdens on CI - patersonc
3. Ask board owners(siemens_i386-rt/plathome_obsvx1) whether X.25 and floppy can be disabled - masashi910
4. Monitor the status of CVE-2021-3444 and CVE-2021-20292 - Kernel Team


* Kernel maintenance updates
* Kernel testing
* CIP Security
* AOB
1. Announcement of new reference platform - Xilinx zcu102
2. Target boards for 5.10 and 5.10-rt

The meeting will take 30 min, although it can be extended to an hour if it makes sense and those involved in the topics can stay. Otherwise, the topic will be taken offline or in the next meeting.

Best regards,
--
M. Kudo
Cybertrust Japan Co., Ltd.


Cip-kernel-sec Updates for Week of 2021-04-01

Chen-Yu Tsai (Moxa) <wens@...>
 

Hi everyone,

Nine new CVEs this week:

- CVE-2021-28688 [xen: blkback leak persistent grants] - fixed (ignore for CIP)
- CVE-2021-29264 [gianfar: jumbo frame overrun] - fixed (ignore for CIP)
Needs backport to 4.9 and 4.14.
- CVE-2021-29265 [usbip: access race] - fixed (ignore for CIP)
- CVE-2021-29266 [vhost: vdpa: UAF] - fixed (ignore for CIP)
- CVE-2021-29646 [net: tipc: user data validation] - fixed
- CVE-2021-29647 [net: qrtr: kernel info leak] - fixed (ignore for CIP)
- CVE-2021-29648 [bpf: vmlinux BTF usage leads to crash] - fixed
- CVE-2021-29649 [bpf: umd: memleak] - fixed (ignore for CIP)
- CVE-2021-29650 [netfilter: x_tables: incorrect memory barrier led to
crash] - fixed
Needs backport to 4.14 and earlier.


Regarding issues from last week,

CVE-2021-3444 - Debian added the following notes:

This last pre-requisite commit though would depend on
092ed0968bb6 ("bpf: verifier support JMP32") which does not
seem to make it possible to backport the fixes in 4.19.y
easily.

CVE-2021-20292 - Ubuntu tagged the commit introducing the
issue as 8e7e70522d76 ("drm/ttm: isolate dma data from ttm_tt V4")
from v3.3-rc1. So it looks like the fix needs to be backport to
v4.4 as well.


Regards
ChenYu


cip/linux-4.19.y-cip baseline-nfs: 8 runs, 1 regressions (v4.19.183-cip46) #kernelci

kernelci.org bot <bot@...>
 

cip/linux-4.19.y-cip baseline-nfs: 8 runs, 1 regressions (v4.19.183-cip46)

Regressions Summary
-------------------

platform | arch | lab | compiler | defconfig | regressions
----------------------+-------+--------------+----------+-----------+------------
meson-gxm-khadas-vim2 | arm64 | lab-baylibre | gcc-8 | defconfig | 1

Details: https://kernelci.org/test/job/cip/branch/linux-4.19.y-cip/kernel/v4.19.183-cip46/plan/baseline-nfs/

Test: baseline-nfs
Tree: cip
Branch: linux-4.19.y-cip
Describe: v4.19.183-cip46
URL: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
SHA: 9701ebc154a80d8752b3fa4a81a19b467168203a


Test Regressions
----------------


platform | arch | lab | compiler | defconfig | regressions
----------------------+-------+--------------+----------+-----------+------------
meson-gxm-khadas-vim2 | arm64 | lab-baylibre | gcc-8 | defconfig | 1

Details: https://kernelci.org/test/plan/id/6061530f2b6b1f9fd7af02ae

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0)
Plain log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.183-cip46/arm64/defconfig/gcc-8/lab-baylibre/baseline-nfs-meson-gxm-khadas-vim2.txt
HTML log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.183-cip46/arm64/defconfig/gcc-8/lab-baylibre/baseline-nfs-meson-gxm-khadas-vim2.html
Rootfs: http://storage.kernelci.org/images/rootfs/debian/buster/20210315.0/arm64/initrd.cpio.gz


* baseline-nfs.login: https://kernelci.org/test/case/id/6061530f2b6b1f9fd7af02af
failing since 6 days (last pass: v4.19.177-cip44, first fail: v4.19.182-cip45)

1121 - 1140 of 7474