Date   

Re: [isar-cip-core][PATCH] conf/machine/*: Add variable to set version of kernel defconfig

Quirin Gylstorff
 

On 12/10/21 10:58, Jan Kiszka wrote:
On 10.12.21 10:34, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes an issue, that the defconfig from kernel 4.19.X does not
work with kernel 5.10.X. The kernel boots but cannot find any qemu hard
disk.

The fix adds the new Variable
KERNEL_DEFCONFIG_VERSION to select to correct path in [1].

This fixes issue [17].

[1]: https://gitlab.com/cip-project/cip-kernel/cip-kernel-config
[17]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/17

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
conf/machine/hihope-rzg2m.conf | 3 ++-
conf/machine/qemu-amd64.conf | 3 ++-
conf/machine/qemu-arm.conf | 3 ++-
conf/machine/qemu-arm64.conf | 3 ++-
conf/machine/simatic-ipc227e.conf | 3 ++-
kas/opt/4.19.yml | 2 ++
kas/opt/4.4.yml | 2 ++
kas/opt/5.10.yml | 2 ++
8 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index 4f4ee81..74f03df 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -13,7 +13,8 @@ DISTRO_ARCH = "arm64"
IMAGE_TYPE ?= "wic-img"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/arm64/renesas_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
This variable must be set by the kernel recipe, not the machine.
Jan
Ok, my reasoning was that I want the variable near it usage for readability. It is only used when the KERNEL_DEFCONFIG is from [1].

Quirin

[1]: https://gitlab.com/cip-project/cip-kernel/cip-kernel-config


+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
DTB_FILES = "r8a774a1-hihope-rzg2m-ex.dtb"
IMAGE_BOOT_FILES = "${KERNEL_IMAGE} ${DTB_FILES}"
diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index c90d957..af20bf4 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "amd64"
IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/x86/cip_qemu_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_qemu_defconfig"
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
index 81a22c1..f9e665d 100644
--- a/conf/machine/qemu-arm.conf
+++ b/conf/machine/qemu-arm.conf
@@ -11,4 +11,5 @@ DISTRO_ARCH = "armhf"
IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm/qemu_arm_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/qemu_arm_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index eb34703..1a48093 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "arm64"
IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm64/qemu_arm64_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
diff --git a/conf/machine/simatic-ipc227e.conf b/conf/machine/simatic-ipc227e.conf
index 3c9638f..d8c7fec 100644
--- a/conf/machine/simatic-ipc227e.conf
+++ b/conf/machine/simatic-ipc227e.conf
@@ -11,4 +11,5 @@ DISTRO_ARCH = "amd64"
IMAGE_TYPE ?= "wic-img"
IMAGER_INSTALL += "${GRUB_BOOTLOADER_INSTALL}"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/x86/siemens_ipc227e_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/siemens_ipc227e_defconfig"
diff --git a/kas/opt/4.19.yml b/kas/opt/4.19.yml
index 5ff1683..581ea93 100644
--- a/kas/opt/4.19.yml
+++ b/kas/opt/4.19.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "4.19.%"
PREFERRED_VERSION_linux-cip-rt = "4.19.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "4.19.y-cip"
diff --git a/kas/opt/4.4.yml b/kas/opt/4.4.yml
index 65a4775..dae1b52 100644
--- a/kas/opt/4.4.yml
+++ b/kas/opt/4.4.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "4.4.%"
PREFERRED_VERSION_linux-cip-rt = "4.4.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "4.4.y-cip"
diff --git a/kas/opt/5.10.yml b/kas/opt/5.10.yml
index 612b7f9..e048450 100644
--- a/kas/opt/5.10.yml
+++ b/kas/opt/5.10.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "5.10.%"
PREFERRED_VERSION_linux-cip-rt = "5.10.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
--




With best regards,
Quirin Gylstorff

Siemens AG
Technology
Research in Digitalization and Automation
Smart Embedded Systems
T RDA IOT SES-DE
Otto-Hahn-Ring 6
81739 Muenchen, Germany
Mobile: +49 173 3746683
mailto:quirin.gylstorff@... <mailto:quirin.gylstorff@...>
www.siemens.com <https://siemens.com>

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim
Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and
Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P.
Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany;
Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB
6684; WEEE-Reg.-No. DE 23691322

Important notice: This e-mail and any attachment thereof contain
corporate proprietary information. If you have received it by mistake,
please notify us immediately by reply e-mail and delete this e-mail and
its attachments from your system. Thank you.


Re: [isar-cip-core][PATCH] conf/machine/*: Add variable to set version of kernel defconfig

Jan Kiszka
 

On 10.12.21 10:34, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes an issue, that the defconfig from kernel 4.19.X does not
work with kernel 5.10.X. The kernel boots but cannot find any qemu hard
disk.

The fix adds the new Variable
KERNEL_DEFCONFIG_VERSION to select to correct path in [1].

This fixes issue [17].

[1]: https://gitlab.com/cip-project/cip-kernel/cip-kernel-config
[17]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/17

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
conf/machine/hihope-rzg2m.conf | 3 ++-
conf/machine/qemu-amd64.conf | 3 ++-
conf/machine/qemu-arm.conf | 3 ++-
conf/machine/qemu-arm64.conf | 3 ++-
conf/machine/simatic-ipc227e.conf | 3 ++-
kas/opt/4.19.yml | 2 ++
kas/opt/4.4.yml | 2 ++
kas/opt/5.10.yml | 2 ++
8 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index 4f4ee81..74f03df 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -13,7 +13,8 @@ DISTRO_ARCH = "arm64"

IMAGE_TYPE ?= "wic-img"

-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/arm64/renesas_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
This variable must be set by the kernel recipe, not the machine.

Jan

+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
DTB_FILES = "r8a774a1-hihope-rzg2m-ex.dtb"
IMAGE_BOOT_FILES = "${KERNEL_IMAGE} ${DTB_FILES}"
diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index c90d957..af20bf4 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "amd64"

IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/x86/cip_qemu_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_qemu_defconfig"
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
index 81a22c1..f9e665d 100644
--- a/conf/machine/qemu-arm.conf
+++ b/conf/machine/qemu-arm.conf
@@ -11,4 +11,5 @@ DISTRO_ARCH = "armhf"

IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm/qemu_arm_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/qemu_arm_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index eb34703..1a48093 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "arm64"

IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm64/qemu_arm64_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
diff --git a/conf/machine/simatic-ipc227e.conf b/conf/machine/simatic-ipc227e.conf
index 3c9638f..d8c7fec 100644
--- a/conf/machine/simatic-ipc227e.conf
+++ b/conf/machine/simatic-ipc227e.conf
@@ -11,4 +11,5 @@ DISTRO_ARCH = "amd64"
IMAGE_TYPE ?= "wic-img"
IMAGER_INSTALL += "${GRUB_BOOTLOADER_INSTALL}"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/x86/siemens_ipc227e_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/siemens_ipc227e_defconfig"
diff --git a/kas/opt/4.19.yml b/kas/opt/4.19.yml
index 5ff1683..581ea93 100644
--- a/kas/opt/4.19.yml
+++ b/kas/opt/4.19.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "4.19.%"
PREFERRED_VERSION_linux-cip-rt = "4.19.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "4.19.y-cip"
diff --git a/kas/opt/4.4.yml b/kas/opt/4.4.yml
index 65a4775..dae1b52 100644
--- a/kas/opt/4.4.yml
+++ b/kas/opt/4.4.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "4.4.%"
PREFERRED_VERSION_linux-cip-rt = "4.4.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "4.4.y-cip"
diff --git a/kas/opt/5.10.yml b/kas/opt/5.10.yml
index 612b7f9..e048450 100644
--- a/kas/opt/5.10.yml
+++ b/kas/opt/5.10.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "5.10.%"
PREFERRED_VERSION_linux-cip-rt = "5.10.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[isar-cip-core][PATCH] conf/machine/*: Add variable to set version of kernel defconfig

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes an issue, that the defconfig from kernel 4.19.X does not
work with kernel 5.10.X. The kernel boots but cannot find any qemu hard
disk.

The fix adds the new Variable
KERNEL_DEFCONFIG_VERSION to select to correct path in [1].

This fixes issue [17].

[1]: https://gitlab.com/cip-project/cip-kernel/cip-kernel-config
[17]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/17

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
conf/machine/hihope-rzg2m.conf | 3 ++-
conf/machine/qemu-amd64.conf | 3 ++-
conf/machine/qemu-arm.conf | 3 ++-
conf/machine/qemu-arm64.conf | 3 ++-
conf/machine/simatic-ipc227e.conf | 3 ++-
kas/opt/4.19.yml | 2 ++
kas/opt/4.4.yml | 2 ++
kas/opt/5.10.yml | 2 ++
8 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index 4f4ee81..74f03df 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -13,7 +13,8 @@ DISTRO_ARCH = "arm64"

IMAGE_TYPE ?= "wic-img"

-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/arm64/renesas_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
DTB_FILES = "r8a774a1-hihope-rzg2m-ex.dtb"
IMAGE_BOOT_FILES = "${KERNEL_IMAGE} ${DTB_FILES}"
diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index c90d957..af20bf4 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "amd64"

IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/x86/cip_qemu_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_qemu_defconfig"
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
index 81a22c1..f9e665d 100644
--- a/conf/machine/qemu-arm.conf
+++ b/conf/machine/qemu-arm.conf
@@ -11,4 +11,5 @@ DISTRO_ARCH = "armhf"

IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm/qemu_arm_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/qemu_arm_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index eb34703..1a48093 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "arm64"

IMAGE_TYPE ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG ?= "cip-kernel-config/4.19.y-cip/arm64/qemu_arm64_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
diff --git a/conf/machine/simatic-ipc227e.conf b/conf/machine/simatic-ipc227e.conf
index 3c9638f..d8c7fec 100644
--- a/conf/machine/simatic-ipc227e.conf
+++ b/conf/machine/simatic-ipc227e.conf
@@ -11,4 +11,5 @@ DISTRO_ARCH = "amd64"
IMAGE_TYPE ?= "wic-img"
IMAGER_INSTALL += "${GRUB_BOOTLOADER_INSTALL}"
USE_CIP_KERNEL_CONFIG = "1"
-KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/x86/siemens_ipc227e_defconfig"
+KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
+KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/siemens_ipc227e_defconfig"
diff --git a/kas/opt/4.19.yml b/kas/opt/4.19.yml
index 5ff1683..581ea93 100644
--- a/kas/opt/4.19.yml
+++ b/kas/opt/4.19.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "4.19.%"
PREFERRED_VERSION_linux-cip-rt = "4.19.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "4.19.y-cip"
diff --git a/kas/opt/4.4.yml b/kas/opt/4.4.yml
index 65a4775..dae1b52 100644
--- a/kas/opt/4.4.yml
+++ b/kas/opt/4.4.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "4.4.%"
PREFERRED_VERSION_linux-cip-rt = "4.4.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "4.4.y-cip"
diff --git a/kas/opt/5.10.yml b/kas/opt/5.10.yml
index 612b7f9..e048450 100644
--- a/kas/opt/5.10.yml
+++ b/kas/opt/5.10.yml
@@ -16,3 +16,5 @@ local_conf_header:
kernel-version: |
PREFERRED_VERSION_linux-cip = "5.10.%"
PREFERRED_VERSION_linux-cip-rt = "5.10.%"
+ defconfig: |
+ KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"
--
2.33.0


Re: New CVE entries in this week

Masami Ichikawa
 

Hi !

On Thu, Dec 9, 2021 at 6:21 PM Pavel Machek <pavel@...> wrote:

Hi!

* New CVEs

CVE-2021-39636: "no details"

CVSS v3 score is not provided

There is no vulnerability details yet. However, there is five patches
are addressed so the bug is in the netfilter module.

f32815d ("xtables: add xt_match, xt_target and data copy_to_user
functions"): merged in 4.11-rc1
f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
merged in 4.11-rc1
e47ddb2 ("ip6tables: use match, target and data copy_to_user
helpers"): merged in 4.11-rc1
ec23189 ("xtables: extend matches and targets with .usersize"): merged
in 4.11-rc1
1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
matches and targets with .usersize") that was merged in 4.11-rc1.

Fixed status

mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
1e98ffea5a8935ec040ab72299e349cb44b8defd]
stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
ad10785a706e63ff155fc97860cdcc5e3bc5992d]
Hmm. Fun. 1e98ffea5a8935ec040ab72299e349cb44b8defd may have a clue:

This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.

So that sounds like KASLR workaround? iptables are normally limited to
priviledged users, and KASLR is just a technology to make exploitation
hard. I don't think we care too much here.
I got it.

CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions

CVSS v3 score is not provided

Fixed status

The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.

mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]
Fun. JITs are hard to get right. I guess "avoid BPF" and "certainly
don't allow unpriviledged access to BPF" is good advice.
Yeah, I agree.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,


--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


Re: [isar-cip-core][PATCH] start-qemu.sh: Add option to start a wic.img

Jan Kiszka
 

On 08.12.21 17:09, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

To test image created for swupdate the resulting wic image needs
to be boot by qemu.

Also fix indentation.

This fixes issue [18]:

[18]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/18

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index c700974..4ab3861 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -22,6 +22,8 @@ usage()

if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
SECURE_BOOT="true"
+elif grep -s -q "IMAGE_SWUPDATE: true" .config.yaml; then
+ SWUPDATE_BOOT="true"
fi

if [ -n "${QEMU_PATH}" ]; then
@@ -42,7 +44,7 @@ if [ -z "${TARGET_IMAGE}" ];then
TARGET_IMAGE="cip-core-image"
if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
TARGET_IMAGE="cip-core-image-security"
- fi
+ fi
if [ -n "${SECURE_BOOT}" ]; then
TARGET_IMAGE="cip-core-image-read-only"
fi
@@ -58,7 +60,7 @@ case "$1" in
-machine q35,accel=kvm:tcg \
-device virtio-net-pci,netdev=net"
if [ -n "${SECURE_BOOT}" ]; then
- # set bootindex=0 to boot disk instead of EFI-shell
+ # set bootindex=0 to boot disk instead of EFI-shell
QEMU_EXTRA_ARGS=" \
${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
else
@@ -127,6 +129,9 @@ if [ -n "${SECURE_BOOT}" ]; then
BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
+elif [ -n "${SWUPDATE_BOOT}" ]; then
+ BOOT_FILES="-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -bios OVMF.fd "
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

Thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][PATCH] sw-description: Use Labels for Boot partitions

Jan Kiszka
 

On 08.12.21 12:28, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This allows an update process independent from boot order or
file systems, e.g. if a usb stick is plug in.

As SWUpdate returns only the device identifier in case of device mapper
mount point the `sw-description` for secure boot
still use device identifiers.

This also fixes [1].

[1]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/16

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
recipes-core/images/files/secure-boot/sw-description.tmpl | 2 +-
recipes-core/images/files/sw-description.tmpl | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-core/images/files/secure-boot/sw-description.tmpl b/recipes-core/images/files/secure-boot/sw-description.tmpl
index 34a58a3..f8e5375 100644
--- a/recipes-core/images/files/secure-boot/sw-description.tmpl
+++ b/recipes-core/images/files/secure-boot/sw-description.tmpl
@@ -26,7 +26,7 @@ software =
filename = "linux.signed.efi";
path = "linux.signed.efi";
type = "roundrobin";
- device = "sda4->sda2,sda5->sda3";
+ device = "sda4->BOOT0,sda5->BOOT1";
filesystem = "vfat";
properties: {
subtype = "kernel";
diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
index 3309271..c44c2a8 100644
--- a/recipes-core/images/files/sw-description.tmpl
+++ b/recipes-core/images/files/sw-description.tmpl
@@ -26,7 +26,7 @@ software =
filename = "${KERNEL_IMAGE}";
path = "vmlinuz";
type = "roundrobin";
- device = "fedcba98-7654-3210-cafe-5e0710000001->sda2,fedcba98-7654-3210-cafe-5e0710000002->sda3";
+ device = "fedcba98-7654-3210-cafe-5e0710000001->BOOT0,fedcba98-7654-3210-cafe-5e0710000002->BOOT1";
filesystem = "vfat";
properties: {
subtype = "kernel";
@@ -36,7 +36,7 @@ software =
filename = "${INITRD_IMAGE}";
path = "${INITRD_IMAGE}";
type = "roundrobin";
- device = "fedcba98-7654-3210-cafe-5e0710000001->sda2,fedcba98-7654-3210-cafe-5e0710000002->sda3";
+ device = "fedcba98-7654-3210-cafe-5e0710000001->BOOT0,fedcba98-7654-3210-cafe-5e0710000002->BOOT1";
filesystem = "vfat";
properties: {
subtype = "initrd";
thanks, applied

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[isar-cip-core][PATCH] linux-cip-rt: Add 5.10.83-cip1-rt1 recipe

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

With 5.10, we slightly need to tune the config fragment in order to
enable RT. Rather than carrying both, simply merge all switches needed
for 4.4 up to 5.10 into one - the kernel will pick what it knows.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---

Pavel, does the resulting preempt-rt.cfg (still) make sense?
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/next/recipes-kernel/linux/files/preempt-rt.cfg

Srinu, please also check. If things are fine, we could re-use
preempt-rt.cfg downstream as is.

Kconfig | 1 -
recipes-kernel/linux/files/preempt-rt.cfg | 4 ++++
.../linux/linux-cip-rt_5.10.83-cip1-rt1.bb | 14 ++++++++++++++
3 files changed, 18 insertions(+), 1 deletion(-)
create mode 100644 recipes-kernel/linux/linux-cip-rt_5.10.83-cip1-rt1.bb

diff --git a/Kconfig b/Kconfig
index e03ab50..e69293f 100644
--- a/Kconfig
+++ b/Kconfig
@@ -70,7 +70,6 @@ config KAS_INCLUDE_KERNEL

config KERNEL_RT
bool "Real-time CIP kernel"
- depends on !KERNEL_5_10

config KAS_INCLUDE_KERNEL_RT
string
diff --git a/recipes-kernel/linux/files/preempt-rt.cfg b/recipes-kernel/linux/files/preempt-rt.cfg
index 6b52f32..4afe1bf 100644
--- a/recipes-kernel/linux/files/preempt-rt.cfg
+++ b/recipes-kernel/linux/files/preempt-rt.cfg
@@ -1,3 +1,7 @@
+# >= 5.10
+CONFIG_EXPERT=y
+CONFIG_PREEMPT_RT=y
+# <= 4.19
CONFIG_PREEMPT_RT_FULL=y

CONFIG_DEBUG_ATOMIC_SLEEP=y
diff --git a/recipes-kernel/linux/linux-cip-rt_5.10.83-cip1-rt1.bb b/recipes-kernel/linux/linux-cip-rt_5.10.83-cip1-rt1.bb
new file mode 100644
index 0000000..7b38c1e
--- /dev/null
+++ b/recipes-kernel/linux/linux-cip-rt_5.10.83-cip1-rt1.bb
@@ -0,0 +1,14 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require linux-cip-rt-common.inc
+
+SRC_URI[sha256sum] = "e10b3ab1ad09ed7650883c5357b68660ac1c56f6d71b3b82feb0d69ed182ea54"
--
2.31.1


Re: New CVE entries in this week

Pavel Machek
 

Hi!

* New CVEs

CVE-2021-39636: "no details"

CVSS v3 score is not provided

There is no vulnerability details yet. However, there is five patches
are addressed so the bug is in the netfilter module.

f32815d ("xtables: add xt_match, xt_target and data copy_to_user
functions"): merged in 4.11-rc1
f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
merged in 4.11-rc1
e47ddb2 ("ip6tables: use match, target and data copy_to_user
helpers"): merged in 4.11-rc1
ec23189 ("xtables: extend matches and targets with .usersize"): merged
in 4.11-rc1
1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
matches and targets with .usersize") that was merged in 4.11-rc1.

Fixed status

mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
1e98ffea5a8935ec040ab72299e349cb44b8defd]
stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
ad10785a706e63ff155fc97860cdcc5e3bc5992d]
Hmm. Fun. 1e98ffea5a8935ec040ab72299e349cb44b8defd may have a clue:

This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.

So that sounds like KASLR workaround? iptables are normally limited to
priviledged users, and KASLR is just a technology to make exploitation
hard. I don't think we care too much here.

CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions

CVSS v3 score is not provided

Fixed status

The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.

mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]
Fun. JITs are hard to get right. I guess "avoid BPF" and "certainly
don't allow unpriviledged access to BPF" is good advice.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: CIP IRC weekly meeting today on libera.chat

Chris Paterson
 

Hello Jan,

Please accept my apologies for today, I have a meeting clash.

Kind regards, Chris

-----Original Message-----
From: cip-dev@... <cip-dev@...> On
Behalf Of Jan Kiszka via lists.cip-project.org
Sent: 09 December 2021 07:46
To: cip-dev <cip-dev@...>
Subject: [cip-dev] CIP IRC weekly meeting today on libera.chat

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT)
13:00:

https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
.timeanddate.com%2Fworldclock%2Fmeetingdetails.html%3Fyear%3D2021%
26month%3D12%26day%3D9%26hour%3D13%26min%3D0%26sec%3D0%26p
1%3D224%26p2%3D179%26p3%3D136%26p4%3D37%26p5%3D241%26p6%3D
248&amp;data=04%7C01%7Cchris.paterson2%40renesas.com%7C6b90d8827f
0f43901f6c08d9bae7f7b4%7C53d82571da1947e49cb4625a166a4a2a%7C0%7C0
%7C637746327717652724%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;s
data=KL4ev1%2BUkJ99WpuNcl5Z3kPkT7t%2B8BUY0T%2BnAw4ChYU%3D&a
mp;reserved=0

USWest USEast UK DE TW JP
06:00 09:00 13:00 14:00 21:00 22:00

Last meeting minutes:

https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Firclog
s.baserock.org%2Fmeetings%2Fcip%2F2021%2F12%2Fcip.2021-12-02-
13.01.log.html&amp;data=04%7C01%7Cchris.paterson2%40renesas.com%7C
6b90d8827f0f43901f6c08d9bae7f7b4%7C53d82571da1947e49cb4625a166a4a2
a%7C0%7C0%7C637746327717652724%7CUnknown%7CTWFpbGZsb3d8eyJWI
joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3
000&amp;sdata=kbhp5P3IqLwkESXPlrei4xKt6tKE0eH7US%2BnOu1Obrw%3D
&amp;reserved=0

* Action item
1. Combine root filesystem with kselftest binary (finishing) - alicef
2. Perform initial comparison of KernelCI results 5.10 LTS vs. CIP - iwamatsu
& alicef
3. Propose tweet on KernelCI-CIP collaboration progress - alicef
* Kernel maintenance updates
* Kernel testing
* AOB

Jan


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=12&day=9&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 13:00 14:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/12/cip.2021-12-02-13.01.log.html

* Action item
1. Combine root filesystem with kselftest binary (finishing) - alicef
2. Perform initial comparison of KernelCI results 5.10 LTS vs. CIP - iwamatsu & alicef
3. Propose tweet on KernelCI-CIP collaboration progress - alicef
* Kernel maintenance updates
* Kernel testing
* AOB

Jan


New CVE entries in this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported three new CVEs.

* New CVEs

CVE-2021-1048: fix regression in "epoll: Keep a reference on files
added to the check list"

CVSS v3 score is not provided

The bug in ep_loop_check_proc(), which mishandled reference of file.
This bug has been fixed in 5.9-rc4 so 5.9 or later kernel aren't
affected.

Fixed status

mainline: [77f4689de17c0887775bb77896f4cc11a39bf848]
stable/4.14: [c5c6e00f6cc5d3ed0d6464b14e33f2f5c8505888]
stable/4.19: [37d933e8b41b83bb8278815e366aec5a542b7e31]
stable/4.4: [6504c100804870911f074fd67f280756b6805958]
stable/4.9: [8238ee93a30a5ff6fc75751e122a28e0d92f3e12]
stable/5.4: [88405cf0f2bd771670b76c42b169527ff86048da]

CVE-2021-39636: "no details"

CVSS v3 score is not provided

There is no vulnerability details yet. However, there is five patches
are addressed so the bug is in the netfilter module.

f32815d ("xtables: add xt_match, xt_target and data copy_to_user
functions"): merged in 4.11-rc1
f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
merged in 4.11-rc1
e47ddb2 ("ip6tables: use match, target and data copy_to_user
helpers"): merged in 4.11-rc1
ec23189 ("xtables: extend matches and targets with .usersize"): merged
in 4.11-rc1
1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
matches and targets with .usersize") that was merged in 4.11-rc1.

Fixed status

mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
1e98ffea5a8935ec040ab72299e349cb44b8defd]
stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
ad10785a706e63ff155fc97860cdcc5e3bc5992d]

CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions

CVSS v3 score is not provided

Fixed status

The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.

mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]

* Updated CVEs

CVE-2021-4037: kernel: security regression for CVE-2018-13405

The commit 01ea173 ("fix up non-directory creation in SGID
directories") has been merged since 5.12-rc1-dontuse so after this
version aren't affected.

Fixed status

mainline: [01ea173e103edd5ec41acec65b9261b87e123fc2]

CVE-2021-4002: hugetlbfs: flush TLBs correctly after huge_pmd_unshare

stable 4.14, 4.4 and 4.9 kernels are fixed in this week.

Fixed status

mainline: [a4a118f2eead1d6c49e00765de89878288d4b890]
stable/4.14: [7bf1f5cb5150b1a53f6ccaadc0bc77f8f33206c8]
stable/4.19: [b0313bc7f5fbb6beee327af39d818ffdc921821a]
stable/4.4: [8a8ae093b52ba76b650b493848d67e7b526c8751]
stable/4.9: [8e80bf5d001594b037de04fb4fe89f34cfbcb3ba]
stable/5.10: [40bc831ab5f630431010d1ff867390b07418a7ee]
stable/5.15: [556d59293a2a94863797a7a50890992aa5e8db16]
stable/5.4: [201340ca4eb748c52062c5e938826ddfbe313088]

CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait

stable 4.19, 5.10, 5,15, and 5.4 kernels are fixed in this week.

Fixed status

mainline: [b922f622592af76b57cbc566eaeccda0b31a3496]
stable/4.19: [0275fcd9b54f0364f66f2f3f6a0f3748648f3d35]
stable/5.10: [2c514d25003ac89bb7716bb4402918ccb141f8f5]
stable/5.15: [cec49b6dfdb0b9fefd0f17c32014223f73ee2605]
stable/5.4: [89d15a2e40d7edaaa16da2763b349dd7b056cc09]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


[isar-cip-core][PATCH] start-qemu.sh: Add option to start a wic.img

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

To test image created for swupdate the resulting wic image needs
to be boot by qemu.

Also fix indentation.

This fixes issue [18]:

[18]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/18

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index c700974..4ab3861 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -22,6 +22,8 @@ usage()

if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
SECURE_BOOT="true"
+elif grep -s -q "IMAGE_SWUPDATE: true" .config.yaml; then
+ SWUPDATE_BOOT="true"
fi

if [ -n "${QEMU_PATH}" ]; then
@@ -42,7 +44,7 @@ if [ -z "${TARGET_IMAGE}" ];then
TARGET_IMAGE="cip-core-image"
if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
TARGET_IMAGE="cip-core-image-security"
- fi
+ fi
if [ -n "${SECURE_BOOT}" ]; then
TARGET_IMAGE="cip-core-image-read-only"
fi
@@ -58,7 +60,7 @@ case "$1" in
-machine q35,accel=kvm:tcg \
-device virtio-net-pci,netdev=net"
if [ -n "${SECURE_BOOT}" ]; then
- # set bootindex=0 to boot disk instead of EFI-shell
+ # set bootindex=0 to boot disk instead of EFI-shell
QEMU_EXTRA_ARGS=" \
${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
else
@@ -127,6 +129,9 @@ if [ -n "${SECURE_BOOT}" ]; then
BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
+elif [ -n "${SWUPDATE_BOOT}" ]; then
+ BOOT_FILES="-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -bios OVMF.fd "
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

--
2.30.2


[isar-cip-core][PATCH] sw-description: Use Labels for Boot partitions

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

This allows an update process independent from boot order or
file systems, e.g. if a usb stick is plug in.

As SWUpdate returns only the device identifier in case of device mapper
mount point the `sw-description` for secure boot
still use device identifiers.

This also fixes [1].

[1]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/16

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
recipes-core/images/files/secure-boot/sw-description.tmpl | 2 +-
recipes-core/images/files/sw-description.tmpl | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-core/images/files/secure-boot/sw-description.tmpl b/recipes-core/images/files/secure-boot/sw-description.tmpl
index 34a58a3..f8e5375 100644
--- a/recipes-core/images/files/secure-boot/sw-description.tmpl
+++ b/recipes-core/images/files/secure-boot/sw-description.tmpl
@@ -26,7 +26,7 @@ software =
filename = "linux.signed.efi";
path = "linux.signed.efi";
type = "roundrobin";
- device = "sda4->sda2,sda5->sda3";
+ device = "sda4->BOOT0,sda5->BOOT1";
filesystem = "vfat";
properties: {
subtype = "kernel";
diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
index 3309271..c44c2a8 100644
--- a/recipes-core/images/files/sw-description.tmpl
+++ b/recipes-core/images/files/sw-description.tmpl
@@ -26,7 +26,7 @@ software =
filename = "${KERNEL_IMAGE}";
path = "vmlinuz";
type = "roundrobin";
- device = "fedcba98-7654-3210-cafe-5e0710000001->sda2,fedcba98-7654-3210-cafe-5e0710000002->sda3";
+ device = "fedcba98-7654-3210-cafe-5e0710000001->BOOT0,fedcba98-7654-3210-cafe-5e0710000002->BOOT1";
filesystem = "vfat";
properties: {
subtype = "kernel";
@@ -36,7 +36,7 @@ software =
filename = "${INITRD_IMAGE}";
path = "${INITRD_IMAGE}";
type = "roundrobin";
- device = "fedcba98-7654-3210-cafe-5e0710000001->sda2,fedcba98-7654-3210-cafe-5e0710000002->sda3";
+ device = "fedcba98-7654-3210-cafe-5e0710000001->BOOT0,fedcba98-7654-3210-cafe-5e0710000002->BOOT1";
filesystem = "vfat";
properties: {
subtype = "initrd";
--
2.30.2


[ANNOUNCE] 5.10.83-cip1-rt1 (-rt58)

Pavel Machek
 

Hi!

There is first release of 5.10-cip-rt kernel available at kernel.org.

Trees are available at

https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-5.10.y-cip-rt
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-5.10.y-cip-rt-rebase

And their content should be identical.

Best regards,
Pavel

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Realtime branch on 5.10 -- 5.10.83-cip1-rt0

Pavel Machek
 

Hi!

-cip-rt branch is available at

https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-5.10.y-cip-rt

and it passes basic testing we do on gitlab.

More testing would be welcome, but I believe we are ready to release
this as 5.10.83-cip1-rt1.

Unless there are objections, I'll proceed to create -rebase branch and
announce this in usual way.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: Planned maintenance for lab-cip-renesas: 4-5th Dec

Chris Paterson
 

Hello Alice,

From: cip-dev@... <cip-dev@...> On
Behalf Of Alice Ferrazzi via lists.cip-project.org
Sent: 06 December 2021 09:22

On Mon, Dec 6, 2021 at 6:08 PM Chris Paterson
<chris.paterson2@...> wrote:

From: cip-dev@... <cip-dev@...> On
Behalf Of Chris Paterson via lists.cip-project.org
Sent: 03 December 2021 20:03

Hello all,

From: cip-dev@... <cip-dev@...> On
Behalf Of Chris Paterson via lists.cip-project.org
Sent: 19 November 2021 12:33

Hello all,

Just a heads up, on the weekend of the 4/5th December the Renesas
UK
office will be undergoing maintenance on its power infrastructure.
As such I will be taking lab-cip-renesas offline for the weekend starting
from
Friday evening (UK time).
lab-cip-renesas is now offline until Monday morning (UK time).
lab-cip-renesas is now back online.
we still have some devices offline with no machine available:
r8a77470-iwg23s-sbc
I only have 1 of these in the lab, and the serial connection is really unreliable.
It's probably best to skip adding this to KernelCI.

x86-openblocks-iot-vx2
We haven't got this booting yet.

Kind regards, Chris


As I'm adding this devices to KernelCI,
can we get it back online for testing ?

--
======================================
Cybertrust Japan Co.,Ltd.
Alice Ferrazzi
alice.ferrazzi@...
======================================


Re: [ANNOUNCE] Release v5.10.83-cip1 / First release of the CIP 5.10.y Linux kernel

Alice Ferrazzi
 



On Mon, Dec 6, 2021 at 6:36 PM Alice Ferrazzi via lists.cip-project.org <alice.ferrazzi=miraclelinux.com@...> wrote:
>
> On Sun, Dec 5, 2021 at 8:24 AM Nobuhiro Iwamatsu
> <nobuhiro1.iwamatsu@...> wrote:
> >
> > Hi all,
> >
> > We release v5.10.83-cip1, which is the first release of the CIP 5.10.y Linux kernel !
> > This is based on v5.10.83 with some additional updates for the Renesas reference
> > boards.
> >
> > You can get this release via the git tree at:
> >
> >   v5.10.83-cip1:
> >     repository:
> >       https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
> >     branch:
> >       linux-5.10.y-cip
> >     commit hash:
> >       2332f07a324fd78d7c7436deeed23cd7db441ea7
> >     added commits:
> >       CIP: Add a number to the version suffix
> >       dt-bindings: pci: rcar-pci-ep: Document missing interrupts property
> >       dt-bindings: timer: renesas: tmu: Document r8a774e1 bindings
> >       dt-bindings: PCI: rcar-pci-host: Document r8a774e1 bindings
> >       memory: renesas-rpc-if: Make rpcif_enable/disable_rpm() as static inline
> >       spi: spi-mem: Fix passing zero to 'PTR_ERR' warning
> >       clk: renesas: r8a774a1: Add RPC clocks
> >       clk: renesas: r8a774b1: Add RPC clocks
> >       clk: renesas: r8a774c0: Add RPC clocks
> >       pinctrl: renesas: r8a77990: Add QSPI[01] pins, groups and functions
> >       pinctrl: renesas: r8a77990: Optimize pinctrl image size for R8A774C0
> >       pinctrl: renesas: r8a77951: Add QSPI[01] pins, groups and functions
> >       pinctrl: renesas: r8a77951: Optimize pinctrl image size for R8A774E1
> >       pinctrl: renesas: r8a7796: Add QSPI[01] pins, groups and functions
> >       pinctrl: renesas: r8a7796: Optimize pinctrl image size for R8A774A1
> >       pinctrl: renesas: r8a77965: Add QSPI[01] pins, groups and functions
> >       pinctrl: renesas: r8a77965: Optimize pinctrl image size for R8A774B1
> >       Add configuration for gitlab-ci.
> >
>
> In the link here under there is the difference with Linux stable v5.10.83:
> https://www.diffchecker.com/1Ber9vjb
>
> Other than having linux-5.10.y-cip tested on more boards,
> respectively 164 builds vs 184 builds for CIP kernel.
> We could also test CIP kernel on arm64,
> Linux stable looks not yet tested on arm64 with KernelCI.
> I currently don't see any relevant difference from both build tests.

From KernelCI log, we had two regressions on the baseline-nfs test on linux-5.10.83-cip1 from
From what I could see Linux stable v5.10.83 didn't get under baseline-nfs test,
so we don't have a comparison for this test.
The logs can be found here:

Thanks,
Alicef

--
======================================
Cybertrust Japan Co.,Ltd.
Alice Ferrazzi
alice.ferrazzi@...
======================================


Re: [ANNOUNCE] Release v5.10.83-cip1 / First release of the CIP 5.10.y Linux kernel

Alice Ferrazzi
 

On Sun, Dec 5, 2021 at 8:24 AM Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@...> wrote:

Hi all,

We release v5.10.83-cip1, which is the first release of the CIP 5.10.y Linux kernel !
This is based on v5.10.83 with some additional updates for the Renesas reference
boards.

You can get this release via the git tree at:

v5.10.83-cip1:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-5.10.y-cip
commit hash:
2332f07a324fd78d7c7436deeed23cd7db441ea7
added commits:
CIP: Add a number to the version suffix
dt-bindings: pci: rcar-pci-ep: Document missing interrupts property
dt-bindings: timer: renesas: tmu: Document r8a774e1 bindings
dt-bindings: PCI: rcar-pci-host: Document r8a774e1 bindings
memory: renesas-rpc-if: Make rpcif_enable/disable_rpm() as static inline
spi: spi-mem: Fix passing zero to 'PTR_ERR' warning
clk: renesas: r8a774a1: Add RPC clocks
clk: renesas: r8a774b1: Add RPC clocks
clk: renesas: r8a774c0: Add RPC clocks
pinctrl: renesas: r8a77990: Add QSPI[01] pins, groups and functions
pinctrl: renesas: r8a77990: Optimize pinctrl image size for R8A774C0
pinctrl: renesas: r8a77951: Add QSPI[01] pins, groups and functions
pinctrl: renesas: r8a77951: Optimize pinctrl image size for R8A774E1
pinctrl: renesas: r8a7796: Add QSPI[01] pins, groups and functions
pinctrl: renesas: r8a7796: Optimize pinctrl image size for R8A774A1
pinctrl: renesas: r8a77965: Add QSPI[01] pins, groups and functions
pinctrl: renesas: r8a77965: Optimize pinctrl image size for R8A774B1
Add configuration for gitlab-ci.
In the link here under there is the difference with Linux stable v5.10.83:
https://www.diffchecker.com/1Ber9vjb

Other than having linux-5.10.y-cip tested on more boards,
respectively 164 builds vs 184 builds for CIP kernel.
We could also test CIP kernel on arm64,
Linux stable looks not yet tested on arm64 with KernelCI.
I currently don't see any relevant difference from both build tests.

--
======================================
Cybertrust Japan Co.,Ltd.
Alice Ferrazzi
alice.ferrazzi@...
======================================


Re: Planned maintenance for lab-cip-renesas: 4-5th Dec

Alice Ferrazzi
 

On Mon, Dec 6, 2021 at 6:08 PM Chris Paterson
<chris.paterson2@...> wrote:

From: cip-dev@... <cip-dev@...> On
Behalf Of Chris Paterson via lists.cip-project.org
Sent: 03 December 2021 20:03

Hello all,

From: cip-dev@... <cip-dev@...> On
Behalf Of Chris Paterson via lists.cip-project.org
Sent: 19 November 2021 12:33

Hello all,

Just a heads up, on the weekend of the 4/5th December the Renesas UK
office will be undergoing maintenance on its power infrastructure.
As such I will be taking lab-cip-renesas offline for the weekend starting
from
Friday evening (UK time).
lab-cip-renesas is now offline until Monday morning (UK time).
lab-cip-renesas is now back online.
we still have some devices offline with no machine available:
r8a77470-iwg23s-sbc
x86-openblocks-iot-vx2

As I'm adding this devices to KernelCI,
can we get it back online for testing ?

--
======================================
Cybertrust Japan Co.,Ltd.
Alice Ferrazzi
alice.ferrazzi@...
======================================


Re: Planned maintenance for lab-cip-renesas: 4-5th Dec

Chris Paterson
 

From: cip-dev@... <cip-dev@...> On
Behalf Of Chris Paterson via lists.cip-project.org
Sent: 03 December 2021 20:03

Hello all,

From: cip-dev@... <cip-dev@...> On
Behalf Of Chris Paterson via lists.cip-project.org
Sent: 19 November 2021 12:33

Hello all,

Just a heads up, on the weekend of the 4/5th December the Renesas UK
office will be undergoing maintenance on its power infrastructure.
As such I will be taking lab-cip-renesas offline for the weekend starting
from
Friday evening (UK time).
lab-cip-renesas is now offline until Monday morning (UK time).
lab-cip-renesas is now back online.

Kind regards, Chris

3041 - 3060 of 10124