|
example cip/linux-4.19.y-cip and stable/linux-4.19.y results
Alice Ferrazzi
hello everyone,
following on yesterday topic about difference from cip-cip+1 and lts-lts+1 I just made a diff of what was requested yesterday v4.19.216-cip61 vs v4.19.216 the diff can be viewed on the link here under: https://www.diffchecker.com/W4dpv6ep the results are get from: https://groups.io/g/kernelci-results/message/19033 [v4.19.216-cip61] https://groups.io/g/kernelci-results/message/18808 [v4.19.216] thanks, Alicef -- ====================================== Cybertrust Japan Co.,Ltd. Alice Ferrazzi alice.ferrazzi@... ======================================
|
|
|
|
Re: CVE-2021-3640: UAF in sco_send_frame function was Re: [cip-dev] New CVE entries in this week
Masami Ichikawa
Hi !
On Thu, Nov 25, 2021 at 6:53 PM Pavel Machek <pavel@...> wrote: Thank you for your analysis result ! I applied it. I checked 27c24fda62b601d6f9ca5e992502578c4310876f is able to apply cleanly to stable/5.10 tree or not. Unfortunately it need to fix conflicts. git-am shows following two errors. Applying: Bluetooth: switch to lock_sock in SCO Checking patch net/bluetooth/sco.c... error: while searching for: BT_DBG("sock %p state %d", sk, sk->sk_state); bh_lock_sock(sk); sk->sk_err = ETIMEDOUT; sk->sk_state_change(sk); bh_unlock_sock(sk); sco_sock_kill(sk); sock_put(sk); error: patch failed: net/bluetooth/sco.c:93 error: while searching for: if (sk) { sock_hold(sk); bh_lock_sock(sk); sco_sock_clear_timer(sk); sco_chan_del(sk, err); bh_unlock_sock(sk); sco_sock_kill(sk); sock_put(sk); error: patch failed: net/bluetooth/sco.c:193 Best regards,Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: New CVE entries in this week
Masami Ichikawa
Hi !
On Thu, Nov 25, 2021 at 6:09 PM Pavel Machek <pavel@...> wrote: Thank you for the review! I send patch to the stable list.\ Best regards,Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: New CVE entries in this week
Masami Ichikawa
Hi !
On Thu, Nov 25, 2021 at 5:00 PM Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@...> wrote: Thank you ! I added a comment and sent patch to the stable list. Best regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: Replacing BBB kernel config: Status and AIs
Quirin Gylstorff
Hi Kazu,
On 11/24/21 2:02 PM, Kazuhiro Hayashi via lists.cip-project.org wrote: Hi Quirin,[1] containts the current state of the integration of [2] into isar-cip-core. It can be tested for booting, but for SWUpdate test the u-boot environment is not correct. [1]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/bbb/cip-kernel-defconfig [2]: https://gitlab.com/Quirin.Gy/cip-kernel-config/-/tree/feature/bbb-isar-config Best regards Quirin [...]
|
|
|
|
CVE-2021-3640: UAF in sco_send_frame function was Re: [cip-dev] New CVE entries in this week
Pavel Machek
Hi!
Aha, but we have required information inCVE-2021-3640: UAF in sco_send_frame functionInteresting. cip-kernel-sec/issues/CVE-2021-3640.yml. It lists patches that should be fixing this. Some searching in the trees reveals that one of those patches is buggy itself, and additionaly 49d8a5606428ca0962d09050a5af81461ff90fbb is needed. The patches fixing this are: ~ stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de, f2f856b65ac4b77049c76c0e89ecd3a177e9fcd1, 98d44b7be6f1bcfd4f824c5f8bc2b742f890879f, c20d8c197454068da758a83e09d93683f520d681, a1073aad497d0d071a71f61b721966a176d50c08] But we still miss backport of 27c24fda62b6 ("Bluetooth: switch to lock_sock in SCO") to 5.10, which has its own prerequisites according to the changelog. AFAICT those prerequisites are 734bc5ff783115aa3164f4e9dd5967ae78e0a8ab and ba316be1b6a00db7126ed9a39f9bee434a508043, and both are in 5.10. I'm not sure how to express this in yml cleanly. I came with this: diff --git a/issues/CVE-2021-3640.yml b/issues/CVE-2021-3640.yml index fb52d5a..d386093 100644 --- a/issues/CVE-2021-3640.yml +++ b/issues/CVE-2021-3640.yml @@ -23,9 +23,23 @@ comments: there is no fixed information as of 2021/07/26. Fixed in bluetooth-next tree. commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951. ubuntu/sbeattie: Possibly addressed by Desmond Cheong Zhi Xi's patchset. + pavel: We are one patch away from fixing this 5.10, 27c24fda62b6 is needed. fixed-by: - mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951] - stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de] + mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951, + e04480920d1eec9c061841399aa6f35b6f987d8b, + 734bc5ff783115aa3164f4e9dd5967ae78e0a8ab, + 49d8a5606428ca0962d09050a5af81461ff90fbb, + ba316be1b6a00db7126ed9a39f9bee434a508043, + 27c24fda62b601d6f9ca5e992502578c4310876f, + 734bc5ff783115aa3164f4e9dd5967ae78e0a8ab, + ba316be1b6a00db7126ed9a39f9bee434a508043] + stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de, + f2f856b65ac4b77049c76c0e89ecd3a177e9fcd1, + 98d44b7be6f1bcfd4f824c5f8bc2b742f890879f, + c20d8c197454068da758a83e09d93683f520d681, + a1073aad497d0d071a71f61b721966a176d50c08, + 98d44b7be6f1bcfd4f824c5f8bc2b742f890879f, + a1073aad497d0d071a71f61b721966a176d50c08] stable/5.14: [2c2b295af72e4e30d17556375e100ae65ac0b896] stable/5.15: [b990c219c4c9d4993ef65ea9db73d9497e70f697] stable/5.4: [d416020f1a9cc5f903ae66649b2c56d9ad5256ab] Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
|
|
|
|
Re: New CVE entries in this week
Pavel Machek
Hi!
* Updated CVEsInteresting. commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951 Author: Takashi Iwai <tiwai@...> Says: This should be the last piece for fixing CVE-2021-3640 after a few already queued fixes. Which means more than 99c23da0eed is needed to fix this one, unfortunately it does not give us good way to identify what commits are needed. CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_waitThis is protection of kernel against malicious hardware. I believe we can ignore this. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
|
|
|
|
Re: New CVE entries in this week
Pavel Machek
Hi!
Thank you.Fixed statusI attached a patch for 5.10. Looks good to me, Reviewed-by: Pavel Machek <pavel@...> Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
|
|
|
|
Re: New CVE entries in this week
Nobuhiro Iwamatsu
Hi,
Thanks, LGTM.CVE-2021-4001: bpf: Fix toctou on read-only map''s constant scalar trackingI attached a patch for 5.10. I think it would be better to add the comment of the conflict fixing. e.g. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=1ada86999dc84b852fcc32962f4002e939f4beb7 Best regards, Nobuhiro ________________________________________ 差出人: cip-dev@... <cip-dev@...> が Masami Ichikawa <masami.ichikawa@...> の代理で送信 送信日時: 2021年11月25日 14:16 宛先: cip-dev@... 件名: Re: [cip-dev] New CVE entries in this week Hi ! On Thu, Nov 25, 2021 at 11:42 AM Masami Ichikawa via lists.cip-project.org <masami.ichikawa=miraclelinux.com@...> wrote: I attached a patch for 5.10. * Updated CVEsRegards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
CIP IRC weekly meeting today on libera.chat
Jan Kiszka
Hi all,
Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today. Please note that we moved from Freenode to libera.chat. Our channel is the following: irc:irc.libera.chat:6667/cip Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00: https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=11&day=25&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248 USWest USEast UK DE TW JP 06:00 09:00 13:00 14:00 21:00 22:00 Last meeting minutes: https://irclogs.baserock.org/meetings/cip/2021/11/cip.2021-11-18-13.00.log.html * Action item 1. Combine root filesystem with kselftest binary - iwamatsu & alicef 2. Look into S3 artifact upload issues - patersonc * Kernel maintenance updates * Kernel testing * AOB Jan
|
|
|
|
Re: [isar-cip-core][PATCH 0/2] start-qemu add missing option
Jan Kiszka
On 24.11.21 16:17, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>Both applied, I've just made the wording in README.md even clearer. Thanks, Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
Re: New CVE entries in this week
Masami Ichikawa
Hi !
On Thu, Nov 25, 2021 at 11:42 AM Masami Ichikawa via lists.cip-project.org <masami.ichikawa=miraclelinux.com@...> wrote: I attached a patch for 5.10. * Updated CVEsRegards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
New CVE entries in this week
Masami Ichikawa
Hi ! It's this week's CVE report. This week reported two new CVEs. * New CVEs CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. CVSS v3 score is 5.5 MEDIUM. Intel released fixed version of driver kit. Not sure this CVE affects mainline's source code. Fixed status Intel released fixed version of driver kit. CVE-2021-4001: bpf: Fix toctou on read-only map''s constant scalar tracking CVSS v3 score is not provided. This bug was introduced in 5.5-rc1 and fixed in 5.16-rc2. Patch for 5.15 is in stable-rt tree. Patch for 5.4(https://lore.kernel.org/stable/163757721744154@.../) and 5.10(https://lore.kernel.org/stable/1637577215186161@.../) are failed to apply. However, this bug was introduced in 5.5-rc1 so 5.4 can be ignored? Fixed status mainline: [353050be4c19e102178ccc05988101887c25ae53] * Updated CVEs CVE-2021-3640: UAF in sco_send_frame function 5.10 and 5.15 are fixed this week. Fixed status mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951] stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de] stable/5.14: [2c2b295af72e4e30d17556375e100ae65ac0b896] stable/5.15: [b990c219c4c9d4993ef65ea9db73d9497e70f697] stable/5.4: [d416020f1a9cc5f903ae66649b2c56d9ad5256ab] CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait The mainline kernel was fixed in 5.16-rc2. Fixed status mainline: [b922f622592af76b57cbc566eaeccda0b31a3496] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality
Quirin Gylstorff
Hi Jan,
toggle quoted messageShow quoted text
please Ignore v2. I sent the changes in a extra patchset. Quirin
On 11/24/21 3:31 PM, Quirin Gylstorff via lists.cip-project.org wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>
|
|
|
|
[isar-cip-core][PATCH 0/2] start-qemu add missing option
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
Add the missing option for cip-core-image-security. Add documentation for start-qemu.sh defaults from kas-container menu Quirin Gylstorff (2): start-qemu.sh: Add defaults for IMAGE_SECURITY README: Add information about start-qemu-defaults with menu config README.md | 6 ++++-- doc/README.secureboot.md | 7 +++++++ start-qemu.sh | 3 +++ 3 files changed, 14 insertions(+), 2 deletions(-) -- 2.30.2
|
|
|
|
[isar-cip-core][PATCH 1/2] start-qemu.sh: Add defaults for IMAGE_SECURITY
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
for ease of use Suggested-by: Jan Kiszka <jan.kiszka@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- start-qemu.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/start-qemu.sh b/start-qemu.sh index 4817790..a92e9f4 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -40,6 +40,9 @@ fi if [ -z "${TARGET_IMAGE}" ];then TARGET_IMAGE="cip-core-image" + if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then + TARGET_IMAGE="cip-core-image-security" + fi fi case "$1" in -- 2.30.2
|
|
|
|
[isar-cip-core][PATCH 2/2] README: Add information about start-qemu-defaults with menu config
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- README.md | 6 ++++-- doc/README.secureboot.md | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 53ef679..bd707a4 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,10 @@ Run, e.g., ./start-qemu.sh x86 -when having built a QEMU AMD64 image. A security image for QEMU can be started -like this: +when having built a QEMU AMD64 image. Using the image configuration menu will +initialize variables used by start-qemu.sh with fitting defaults. + +A security image for QEMU can be started like this: TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86 diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md index b5056f2..3c2d524 100644 --- a/doc/README.secureboot.md +++ b/doc/README.secureboot.md @@ -181,6 +181,13 @@ SECURE_BOOT=y \ ./start-qemu.sh amd64 ``` +The image configuration menu will set default values for start-qemu.sh for secureboot +and the following command is sufficient: + +``` +./start-qemu.sh amd64 +``` + The default `OVMF_VARS.snakeoil_4M.fd` boot to the EFI shell. To boot Linux enter the following command: ``` FS0:\EFI\BOOT\bootx64.efi -- 2.30.2
|
|
|
|
[PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
Suggested-by: Jan Kiszka <jan.kiszka@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- README.md | 6 ++++-- start-qemu.sh | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 53ef679..bd707a4 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,10 @@ Run, e.g., ./start-qemu.sh x86 -when having built a QEMU AMD64 image. A security image for QEMU can be started -like this: +when having built a QEMU AMD64 image. Using the image configuration menu will +initialize variables used by start-qemu.sh with fitting defaults. + +A security image for QEMU can be started like this: TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86 diff --git a/start-qemu.sh b/start-qemu.sh index 2c0a751..94c3611 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -20,15 +20,29 @@ usage() exit 1 } +if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then + SECURE_BOOT="true" +fi + if [ -n "${QEMU_PATH}" ]; then QEMU_PATH="${QEMU_PATH}/" fi if [ -z "${DISTRO_RELEASE}" ]; then - DISTRO_RELEASE="buster" + if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then + DISTRO_RELEASE="bullseye" + elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then + DISTRO_RELEASE="stretch" + else + DISTRO_RELEASE="buster" + fi fi + if [ -z "${TARGET_IMAGE}" ];then TARGET_IMAGE="cip-core-image" + if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then + TARGET_IMAGE="cip-core-image-security" + fi fi case "$1" in -- 2.30.2
|
|
|
|
[PATCH v2 3/3] start-qemu.sh: Simplify qemu call
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
Move qemu call out of if clause to avoid code duplications and use the same behavior for secure boot and non secure boot images. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- start-qemu.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/start-qemu.sh b/start-qemu.sh index 94c3611..a92e9f4 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -123,18 +123,16 @@ if [ -n "${SECURE_BOOT}" ]; then BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \ -drive if=pflash,format=raw,file=${ovmf_vars} \ -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw" - ${QEMU_PATH}${QEMU} \ - -m 1G -serial mon:stdio -netdev user,id=net \ - ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@" else IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img) KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1) INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1) - ${QEMU_PATH}${QEMU} \ - -m 1G -serial mon:stdio -netdev user,id=net \ - -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \ + BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \ -kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \ - -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@" + -initrd ${INITRD_FILE}" fi +${QEMU_PATH}${QEMU} \ + -m 1G -serial mon:stdio -netdev user,id=net \ + ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@" -- 2.30.2
|
|
|
|
[PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
Set the bootindex to avoid booting into the default uefi shell. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- start-qemu.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/start-qemu.sh b/start-qemu.sh index 3f62257..2c0a751 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -39,8 +39,14 @@ case "$1" in -cpu qemu64 \ -smp 4 \ -machine q35,accel=kvm:tcg \ - -device ide-hd,drive=disk \ -device virtio-net-pci,netdev=net" + if [ -n "${SECURE_BOOT}" ]; then + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0" + else + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk" + fi KERNEL_CMDLINE=" \ root=/dev/sda" ;; -- 2.30.2
|
|
|