cip-dev@lists.cip-project.org

[isar-cip-core v3] README.swupdate.md: add readme file with steps to verify swupdate

Kunijadar Shivanand

#7581

From: Shivanand Kunijadar <Shivanand.Kunijadar@...>

Prepare readme file with necessary steps to verify swupdate feature
with rollback functionality.

Signed-off-by: Shivanand Kunijadar <Shivanand.Kunijadar@...>
---
 doc/README.swupdate.md | 203 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 203 insertions(+)
 create mode 100644 doc/README.swupdate.md

diff --git a/doc/README.swupdate.md b/doc/README.swupdate.md
new file mode 100644
index 0000000..05768da
--- /dev/null
+++ b/doc/README.swupdate.md
@@ -0,0 +1,203 @@
+
+Clone the isar-cip-core repository
+```
+host$ git clone https://gitlab.com/cip-project/cip-core/isar-cip-core.git
+```
+
+Build the CIP Core image
+
+Set up `kas-container` as described in the [top-level README](../README.md).
+Then build the image:
+```
+host$ ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml
+```
+- save the generated swu build/tmp/deploy/images/qemu-amd64/cip-core-image-cip-core-buster-qemu-amd64.swu in a separate folder (ex: tmp)
+- modify the image for example add a new version to the image by adding PV=2.0.0 to cip-core-image.bb
+- rebuild the image using above command and start the new target
+```
+host$ SWUPDATE_BOOT=y ./start-qemu.sh amd64
+```
+
+Copy `cip-core-image-cip-core-buster-qemu-amd64.swu` file from `tmp` folder to the running system
+
+```
+root@demo:~# scp <host-user>@10.0.2.2:<path-to-swu-file>/tmp/cip-core-image-cip-core-buster-qemu-amd64.swu .
+```
+
+Check which partition is booted, e.g. with lsblk:
+
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part /
+└─sda5   8:5    0 1000M  0 part
+```
+
+Apply swupdate and reboot
+```
+root@demo:~# swupdate -i cip-core-image-cip-core-buster-qemu-amd64.swu
+root@demo:~# reboot
+```
+Check which partition is booted, e.g. with lsblk and the rootfs should have changed
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part
+└─sda5   8:5    0 1000M  0 part /
+```
+
+Check bootloader ustate after swupdate
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+
+----------------------------
+ Config Partition #1 Values:
+in_progress:      no
+revision:         3
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 console=tty0 console=ttyS0,115200 rootwait earlyprintk rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           2 (TESTING)
+```
+
+if Partition #1 usate is 2 (TESTING) then execute below command to confirm swupdate and the command will set ustate to "OK"
+```
+root@demo:~# bg_setenv -c
+```
+
+# swupdate rollback example
+
+Build the image for swupdate with service which causes kernel panic during system boot using below command.
+
+```
+host$ ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml:kas/opt/kernel-panic.yml
+```
+- save the generated swu build/tmp/deploy/images/qemu-amd64/cip-core-image-cip-core-buster-qemu-amd64.swu in a separate folder (ex: tmp)
+- build the image again without `kernel-panic.yml` recipe using below command
+```
+host$ ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml
+```
+
+Start the target on QEMU
+```
+host$ SWUPDATE_BOOT=y ./start-qemu.sh amd64
+```
+
+Copy `cip-core-image-cip-core-buster-qemu-amd64.swu` file from `tmp` folder to the running system
+
+```
+root@demo:~# scp <host-user>@10.0.2.2:<path-to-swu-file>/tmp/cip-core-image-cip-core-buster-qemu-amd64.swu .
+```
+
+Check which partition is booted, e.g. with lsblk:
+
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part /
+└─sda5   8:5    0 1000M  0 part
+```
+
+Check bootloader ustate before swupdate and should be as below
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+Config Partition #1 Values:
+in_progress:      no
+revision:         1
+kernel:           C:BOOT1:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+```
+
+Apply swupdate as below
+```
+root@demo:~# swupdate -i cip-core-image-cip-core-buster-qemu-amd64.swu
+```
+
+check bootloader ustate after swupdate. if the swupdate is successful then **revision number** should increase to **3** and status should be changed to **INSTALLED** for Partition #1.
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+Config Partition #1 Values:
+in_progress:      no
+revision:         3
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 console=tty0 console=ttyS0,115200 rootwait earlyprintk rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           1 (INSTALLED)
+```
+
+Execute reboot command
+- reboot command should cause kernel panic error.
+- watchdog timer should expire and restart the qemu. bootloader should select previous partition to boot.
+```
+root@demo:~# reboot
+```
+
+Once the system is restarted, check the bootloader ustate
+- if update is failed then **revision number** should reduce to **0** and status should change to **FAILED** for Partition #1.
+```
+root@demo:~# bg_printenv
+----------------------------
+ Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-corg
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+ Config Partition #1 Values:
+in_progress:      no
+revision:         0
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 console=tty0 console=ttyS0,115200 rootwait earlyprintk rw initrd=cip-core-image-cip-corg
+watchdog timeout: 60 seconds
+ustate:           3 (FAILED)
+```
-- 
2.20.1

Re: 4.4.302 is going to be last 4.4 release

Chris Paterson

#7580

Hello,

From: cip-dev@... <cip-dev@...> On
Behalf Of Jan Kiszka via lists.cip-project.org
Sent: 06 February 2022 18:48
[...]


BTW, do you have any future information about the RT kernel team?
We may also need to check the RT patch.
If you don't have the information, I'll ask the RT team about this.
Why should 4.4-rt continue if its former upstream retired?Didn't CIP commit to maintaining a real-time version of each SLTS for the 10 years?

Kind regards, Chris

Re: [isar-cip-core][PATCH] swupdate: Remove usb.service

Quirin Gylstorff

#7579

On 2/7/22 10:22, Jan Kiszka wrote:
On 07.02.22 10:17, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Upstream adds an udev-rules and systemd service to install a swu from
a plug-in USB stick.

If the signing of the SWUpdate binary is deactivated
(current default in isar-cip-core) this service allows the installation
of a abitrary SWUpdate binary from a plug-in USB stick.

Remove the installation and the files from the debian folder to
deactivate the possibility to install from USB.

Reported-by: Lisicki, Raphael <raphael.lisicki@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
  ...onfig-Make-image-encryption-optional.patch |  2 +-
  .../0002-debian-rules-Add-CONFIG_MTD.patch    |  2 +-
  ...es-Add-option-to-disable-fs-creation.patch |  2 +-
  ...ules-Add-option-to-disable-webserver.patch |  2 +-
  ...Make-CONFIG_HW_COMPATIBILTY-optional.patch |  2 +-
  ...ules-Add-Embedded-Lua-handler-option.patch |  2 +-
  ...prepare-build-for-isar-debian-buster.patch |  2 +-
  ...-SWUpdate-USB-service-and-Udev-rules.patch | 57 +++++++++++++++++++
  .../swupdate/swupdate_2021.11-1+debian-gbp.bb |  3 +-
  9 files changed, 66 insertions(+), 8 deletions(-)
  create mode 100644 recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch

diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
index c07b103..8b186e0 100644
--- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
+++ b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
@@ -1,7 +1,7 @@
  From 20bb45563fe8f3ec95ef22d715d1add014156543 Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Wed, 29 Sep 2021 15:28:21 +0200
-Subject: [PATCH 1/7] debian/config: Make image encryption optional
+Subject: [PATCH 1/8] debian/config: Make image encryption optional
  This can be use to ease the setup with SWUpdate.
  diff --git a/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
index 8ebd09e..eb5067d 100644
--- a/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
+++ b/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
@@ -1,7 +1,7 @@
  From 1d52fe25e72f9e33525bca7efa5efe901cb32c65 Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Wed, 29 Sep 2021 11:29:57 +0200
-Subject: [PATCH 2/7] debian/rules: Add CONFIG_MTD
+Subject: [PATCH 2/8] debian/rules: Add CONFIG_MTD
  if pkg.swupdate.bpo is set CONFIG_MTD is disable but not enabled.
  diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
index 876e164..3671709 100644
--- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
+++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
@@ -1,7 +1,7 @@
  From 8b6f01b6126933723963497d0db0c256e5251c5b Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Mon, 4 Oct 2021 17:15:56 +0200
-Subject: [PATCH 3/7] debian/rules: Add option to disable fs creation
+Subject: [PATCH 3/8] debian/rules: Add option to disable fs creation
  Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
  ---
diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
index 66e48e6..8fbb722 100644
--- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
+++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
@@ -1,7 +1,7 @@
  From c1f46ecb2ac3aed3a711dec767321afa92b600d8 Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Mon, 4 Oct 2021 17:27:11 +0200
-Subject: [PATCH 4/7] debian/rules: Add option to disable webserver
+Subject: [PATCH 4/8] debian/rules: Add option to disable webserver
  Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
  ---
diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
index 4cca3bf..96443f2 100644
--- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
+++ b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
@@ -1,7 +1,7 @@
  From ccc6f5d04aba0f1270f7d6b6de298b2084ad3bfd Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Tue, 5 Oct 2021 10:56:25 +0200
-Subject: [PATCH 5/7] debian: Make CONFIG_HW_COMPATIBILTY optional
+Subject: [PATCH 5/8] debian: Make CONFIG_HW_COMPATIBILTY optional
  Add option for qemu.
  diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
index 447f6ad..324f079 100644
--- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
+++ b/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
@@ -1,7 +1,7 @@
  From 7107052e6aa1a35a2900070797ac013d49814f0b Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Wed, 29 Sep 2021 11:32:41 +0200
-Subject: [PATCH 6/7] debian/rules: Add Embedded Lua handler option
+Subject: [PATCH 6/8] debian/rules: Add Embedded Lua handler option
  Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
  ---
diff --git a/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
index 3ff4ca9..0b08f25 100644
--- a/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
+++ b/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
@@ -1,7 +1,7 @@
  From 123190b2aa72818186ba12a04d793ff7d4244828 Mon Sep 17 00:00:00 2001
  From: Quirin Gylstorff <quirin.gylstorff@...>
  Date: Wed, 29 Sep 2021 16:17:03 +0200
-Subject: [PATCH 7/7] debian: prepare build for isar debian buster
+Subject: [PATCH 7/8] debian: prepare build for isar debian buster
  Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
  ---
diff --git a/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
new file mode 100644
index 0000000..3cce24b
--- /dev/null
+++ b/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
@@ -0,0 +1,57 @@
+From 93b9a179119394395c72e62e59a73d29e9bba735 Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@...>
+Date: Mon, 7 Feb 2022 09:28:39 +0100
+Subject: [PATCH 8/8] debian: Remove SWUpdate USB service and Udev rules
+
+The current implementation will install an abitrary SWUpdate binary
+from a plug-in USB stick. This is a major security risk for devices
+using the SWUpdate package from Debian.
+
+Remove the installation and the files from the debian folder.
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
+---
+ debian/rules                          | 1 -
+ debian/swupdate.swupdate-usb@.service | 8 --------
+ debian/swupdate.udev                  | 2 --
+ 3 files changed, 11 deletions(-)
+ delete mode 100644 debian/swupdate.swupdate-usb@.service
+ delete mode 100644 debian/swupdate.udev
+
+diff --git a/debian/rules b/debian/rules
+index e1c4a921..84ed55d4 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -103,7 +103,6 @@ override_dh_auto_install:
+ override_dh_installsystemd:
+ 	dh_installsystemd --no-start
+ 	dh_installsystemd --name=swupdate-progress
+-	dh_installsystemd --no-start --name=swupdate-usb@
+
+ ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES)))
+ override_dh_gencontrol:
+diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service
+deleted file mode 100644
+index eda9d153..00000000
+--- a/debian/swupdate.swupdate-usb@.service
++++ /dev/null
+@@ -1,8 +0,0 @@
+-[Unit]
+-Description=usb media swupdate service
+-Requires=swupdate-progress.service
+-
+-[Service]
+-ExecStartPre=/bin/mount /dev/%I /mnt
+-ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu"
+-ExecStopPost=/bin/umount /mnt
+diff --git a/debian/swupdate.udev b/debian/swupdate.udev
+deleted file mode 100644
+index b4efd0b7..00000000
+--- a/debian/swupdate.udev
++++ /dev/null
+@@ -1,2 +0,0 @@
+-ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
+-
+--
+2.34.1
+
diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
index 48a6cc1..2995d71 100644
--- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
@@ -21,7 +21,8 @@ SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \
              file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \
              file://0004-debian-rules-Add-option-to-disable-webserver.patch \
              file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
-            file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch"
+            file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \
+            file://0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch"
  # end patching for dm-verity based images
  Thanks, applied to next as quick-fix.
Wouldn't it be more useful to make this configurable (opt-in via
/etc/something on the device), possibly also in Debian?
Jan
I currently looking into it to make it configurable in upstream.
I will also try to add a warning to the upstream build.


Quirin

Re: [isar-cip-core][PATCH] swupdate: Remove usb.service

Jan Kiszka

#7578

On 07.02.22 10:17, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Upstream adds an udev-rules and systemd service to install a swu from
a plug-in USB stick.

If the signing of the SWUpdate binary is deactivated
(current default in isar-cip-core) this service allows the installation
of a abitrary SWUpdate binary from a plug-in USB stick.

Remove the installation and the files from the debian folder to
deactivate the possibility to install from USB.

Reported-by: Lisicki, Raphael <raphael.lisicki@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
 ...onfig-Make-image-encryption-optional.patch |  2 +-
 .../0002-debian-rules-Add-CONFIG_MTD.patch    |  2 +-
 ...es-Add-option-to-disable-fs-creation.patch |  2 +-
 ...ules-Add-option-to-disable-webserver.patch |  2 +-
 ...Make-CONFIG_HW_COMPATIBILTY-optional.patch |  2 +-
 ...ules-Add-Embedded-Lua-handler-option.patch |  2 +-
 ...prepare-build-for-isar-debian-buster.patch |  2 +-
 ...-SWUpdate-USB-service-and-Udev-rules.patch | 57 +++++++++++++++++++
 .../swupdate/swupdate_2021.11-1+debian-gbp.bb |  3 +-
 9 files changed, 66 insertions(+), 8 deletions(-)
 create mode 100644 recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch

diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
index c07b103..8b186e0 100644
--- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
+++ b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
@@ -1,7 +1,7 @@
 From 20bb45563fe8f3ec95ef22d715d1add014156543 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 15:28:21 +0200
-Subject: [PATCH 1/7] debian/config: Make image encryption optional
+Subject: [PATCH 1/8] debian/config: Make image encryption optional
 
 This can be use to ease the setup with SWUpdate.
 
diff --git a/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
index 8ebd09e..eb5067d 100644
--- a/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
+++ b/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
@@ -1,7 +1,7 @@
 From 1d52fe25e72f9e33525bca7efa5efe901cb32c65 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 11:29:57 +0200
-Subject: [PATCH 2/7] debian/rules: Add CONFIG_MTD
+Subject: [PATCH 2/8] debian/rules: Add CONFIG_MTD
 
 if pkg.swupdate.bpo is set CONFIG_MTD is disable but not enabled.
 
diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
index 876e164..3671709 100644
--- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
+++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
@@ -1,7 +1,7 @@
 From 8b6f01b6126933723963497d0db0c256e5251c5b Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Mon, 4 Oct 2021 17:15:56 +0200
-Subject: [PATCH 3/7] debian/rules: Add option to disable fs creation
+Subject: [PATCH 3/8] debian/rules: Add option to disable fs creation
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
index 66e48e6..8fbb722 100644
--- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
+++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
@@ -1,7 +1,7 @@
 From c1f46ecb2ac3aed3a711dec767321afa92b600d8 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Mon, 4 Oct 2021 17:27:11 +0200
-Subject: [PATCH 4/7] debian/rules: Add option to disable webserver
+Subject: [PATCH 4/8] debian/rules: Add option to disable webserver
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
index 4cca3bf..96443f2 100644
--- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
+++ b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
@@ -1,7 +1,7 @@
 From ccc6f5d04aba0f1270f7d6b6de298b2084ad3bfd Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Tue, 5 Oct 2021 10:56:25 +0200
-Subject: [PATCH 5/7] debian: Make CONFIG_HW_COMPATIBILTY optional
+Subject: [PATCH 5/8] debian: Make CONFIG_HW_COMPATIBILTY optional
 
 Add option for qemu.
 
diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
index 447f6ad..324f079 100644
--- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
+++ b/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
@@ -1,7 +1,7 @@
 From 7107052e6aa1a35a2900070797ac013d49814f0b Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 11:32:41 +0200
-Subject: [PATCH 6/7] debian/rules: Add Embedded Lua handler option
+Subject: [PATCH 6/8] debian/rules: Add Embedded Lua handler option
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
index 3ff4ca9..0b08f25 100644
--- a/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
+++ b/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
@@ -1,7 +1,7 @@
 From 123190b2aa72818186ba12a04d793ff7d4244828 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 16:17:03 +0200
-Subject: [PATCH 7/7] debian: prepare build for isar debian buster
+Subject: [PATCH 7/8] debian: prepare build for isar debian buster
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
new file mode 100644
index 0000000..3cce24b
--- /dev/null
+++ b/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
@@ -0,0 +1,57 @@
+From 93b9a179119394395c72e62e59a73d29e9bba735 Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@...>
+Date: Mon, 7 Feb 2022 09:28:39 +0100
+Subject: [PATCH 8/8] debian: Remove SWUpdate USB service and Udev rules
+
+The current implementation will install an abitrary SWUpdate binary
+from a plug-in USB stick. This is a major security risk for devices
+using the SWUpdate package from Debian.
+
+Remove the installation and the files from the debian folder.
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
+---
+ debian/rules                          | 1 -
+ debian/swupdate.swupdate-usb@.service | 8 --------
+ debian/swupdate.udev                  | 2 --
+ 3 files changed, 11 deletions(-)
+ delete mode 100644 debian/swupdate.swupdate-usb@.service
+ delete mode 100644 debian/swupdate.udev
+
+diff --git a/debian/rules b/debian/rules
+index e1c4a921..84ed55d4 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -103,7 +103,6 @@ override_dh_auto_install:
+ override_dh_installsystemd:
+ 	dh_installsystemd --no-start
+ 	dh_installsystemd --name=swupdate-progress
+-	dh_installsystemd --no-start --name=swupdate-usb@
+ 
+ ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES)))
+ override_dh_gencontrol:
+diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service
+deleted file mode 100644
+index eda9d153..00000000
+--- a/debian/swupdate.swupdate-usb@.service
++++ /dev/null
+@@ -1,8 +0,0 @@
+-[Unit]
+-Description=usb media swupdate service
+-Requires=swupdate-progress.service
+-
+-[Service]
+-ExecStartPre=/bin/mount /dev/%I /mnt
+-ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu"
+-ExecStopPost=/bin/umount /mnt
+diff --git a/debian/swupdate.udev b/debian/swupdate.udev
+deleted file mode 100644
+index b4efd0b7..00000000
+--- a/debian/swupdate.udev
++++ /dev/null
+@@ -1,2 +0,0 @@
+-ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
+-
+-- 
+2.34.1
+
diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
index 48a6cc1..2995d71 100644
--- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
@@ -21,7 +21,8 @@ SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \
             file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \
             file://0004-debian-rules-Add-option-to-disable-webserver.patch \
             file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
-            file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch"
+            file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \
+            file://0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch"
 
 # end patching for dm-verity based images
 Thanks, applied to next as quick-fix.

Wouldn't it be more useful to make this configurable (opt-in via
/etc/something on the device), possibly also in Debian?

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

[isar-cip-core][PATCH] swupdate: Remove usb.service

Quirin Gylstorff

#7577

From: Quirin Gylstorff <quirin.gylstorff@...>

Upstream adds an udev-rules and systemd service to install a swu from
a plug-in USB stick.

If the signing of the SWUpdate binary is deactivated
(current default in isar-cip-core) this service allows the installation
of a abitrary SWUpdate binary from a plug-in USB stick.

Remove the installation and the files from the debian folder to
deactivate the possibility to install from USB.

Reported-by: Lisicki, Raphael <raphael.lisicki@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
 ...onfig-Make-image-encryption-optional.patch |  2 +-
 .../0002-debian-rules-Add-CONFIG_MTD.patch    |  2 +-
 ...es-Add-option-to-disable-fs-creation.patch |  2 +-
 ...ules-Add-option-to-disable-webserver.patch |  2 +-
 ...Make-CONFIG_HW_COMPATIBILTY-optional.patch |  2 +-
 ...ules-Add-Embedded-Lua-handler-option.patch |  2 +-
 ...prepare-build-for-isar-debian-buster.patch |  2 +-
 ...-SWUpdate-USB-service-and-Udev-rules.patch | 57 +++++++++++++++++++
 .../swupdate/swupdate_2021.11-1+debian-gbp.bb |  3 +-
 9 files changed, 66 insertions(+), 8 deletions(-)
 create mode 100644 recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch

diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
index c07b103..8b186e0 100644
--- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
+++ b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
@@ -1,7 +1,7 @@
 From 20bb45563fe8f3ec95ef22d715d1add014156543 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 15:28:21 +0200
-Subject: [PATCH 1/7] debian/config: Make image encryption optional
+Subject: [PATCH 1/8] debian/config: Make image encryption optional
 
 This can be use to ease the setup with SWUpdate.
 
diff --git a/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
index 8ebd09e..eb5067d 100644
--- a/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
+++ b/recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
@@ -1,7 +1,7 @@
 From 1d52fe25e72f9e33525bca7efa5efe901cb32c65 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 11:29:57 +0200
-Subject: [PATCH 2/7] debian/rules: Add CONFIG_MTD
+Subject: [PATCH 2/8] debian/rules: Add CONFIG_MTD
 
 if pkg.swupdate.bpo is set CONFIG_MTD is disable but not enabled.
 
diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
index 876e164..3671709 100644
--- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
+++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
@@ -1,7 +1,7 @@
 From 8b6f01b6126933723963497d0db0c256e5251c5b Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Mon, 4 Oct 2021 17:15:56 +0200
-Subject: [PATCH 3/7] debian/rules: Add option to disable fs creation
+Subject: [PATCH 3/8] debian/rules: Add option to disable fs creation
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
index 66e48e6..8fbb722 100644
--- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
+++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
@@ -1,7 +1,7 @@
 From c1f46ecb2ac3aed3a711dec767321afa92b600d8 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Mon, 4 Oct 2021 17:27:11 +0200
-Subject: [PATCH 4/7] debian/rules: Add option to disable webserver
+Subject: [PATCH 4/8] debian/rules: Add option to disable webserver
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
index 4cca3bf..96443f2 100644
--- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
+++ b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
@@ -1,7 +1,7 @@
 From ccc6f5d04aba0f1270f7d6b6de298b2084ad3bfd Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Tue, 5 Oct 2021 10:56:25 +0200
-Subject: [PATCH 5/7] debian: Make CONFIG_HW_COMPATIBILTY optional
+Subject: [PATCH 5/8] debian: Make CONFIG_HW_COMPATIBILTY optional
 
 Add option for qemu.
 
diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
index 447f6ad..324f079 100644
--- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
+++ b/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
@@ -1,7 +1,7 @@
 From 7107052e6aa1a35a2900070797ac013d49814f0b Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 11:32:41 +0200
-Subject: [PATCH 6/7] debian/rules: Add Embedded Lua handler option
+Subject: [PATCH 6/8] debian/rules: Add Embedded Lua handler option
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
index 3ff4ca9..0b08f25 100644
--- a/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
+++ b/recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
@@ -1,7 +1,7 @@
 From 123190b2aa72818186ba12a04d793ff7d4244828 Mon Sep 17 00:00:00 2001
 From: Quirin Gylstorff <quirin.gylstorff@...>
 Date: Wed, 29 Sep 2021 16:17:03 +0200
-Subject: [PATCH 7/7] debian: prepare build for isar debian buster
+Subject: [PATCH 7/8] debian: prepare build for isar debian buster
 
 Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
 ---
diff --git a/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
new file mode 100644
index 0000000..3cce24b
--- /dev/null
+++ b/recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
@@ -0,0 +1,57 @@
+From 93b9a179119394395c72e62e59a73d29e9bba735 Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@...>
+Date: Mon, 7 Feb 2022 09:28:39 +0100
+Subject: [PATCH 8/8] debian: Remove SWUpdate USB service and Udev rules
+
+The current implementation will install an abitrary SWUpdate binary
+from a plug-in USB stick. This is a major security risk for devices
+using the SWUpdate package from Debian.
+
+Remove the installation and the files from the debian folder.
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
+---
+ debian/rules                          | 1 -
+ debian/swupdate.swupdate-usb@.service | 8 --------
+ debian/swupdate.udev                  | 2 --
+ 3 files changed, 11 deletions(-)
+ delete mode 100644 debian/swupdate.swupdate-usb@.service
+ delete mode 100644 debian/swupdate.udev
+
+diff --git a/debian/rules b/debian/rules
+index e1c4a921..84ed55d4 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -103,7 +103,6 @@ override_dh_auto_install:
+ override_dh_installsystemd:
+ 	dh_installsystemd --no-start
+ 	dh_installsystemd --name=swupdate-progress
+-	dh_installsystemd --no-start --name=swupdate-usb@
+ 
+ ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES)))
+ override_dh_gencontrol:
+diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service
+deleted file mode 100644
+index eda9d153..00000000
+--- a/debian/swupdate.swupdate-usb@.service
++++ /dev/null
+@@ -1,8 +0,0 @@
+-[Unit]
+-Description=usb media swupdate service
+-Requires=swupdate-progress.service
+-
+-[Service]
+-ExecStartPre=/bin/mount /dev/%I /mnt
+-ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu"
+-ExecStopPost=/bin/umount /mnt
+diff --git a/debian/swupdate.udev b/debian/swupdate.udev
+deleted file mode 100644
+index b4efd0b7..00000000
+--- a/debian/swupdate.udev
++++ /dev/null
+@@ -1,2 +0,0 @@
+-ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
+-
+-- 
+2.34.1
+
diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
index 48a6cc1..2995d71 100644
--- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
@@ -21,7 +21,8 @@ SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \
             file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \
             file://0004-debian-rules-Add-option-to-disable-webserver.patch \
             file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
-            file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch"
+            file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \
+            file://0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch"
 
 # end patching for dm-verity based images
 
-- 
2.34.1

Re: 4.4.302 is going to be last 4.4 release

Jan Kiszka

#7576

On 03.02.22 08:13, nobuhiro1.iwamatsu@... wrote:
Hi Pavel,
-----Original Message-----
From: cip-dev@... <cip-dev@...> On
Behalf Of Pavel Machek
Sent: Wednesday, February 2, 2022 6:33 AM
To: jan.kiszka@...; cip-dev@...
Subject: [cip-dev] 4.4.302 is going to be last 4.4 release

Hi!

Greg says:

# Message-Id: <20220201180822.148370751@...>
# Subject: [PATCH 4.4 00/25] 4.4.302-rc1 review # ...
# NOTE!  This is the proposed LAST 4.4.y kernel release to happen under # the
rules of the normal stable kernel releases.  After this one, it will # be marked
End-Of-Life as it has been 6 years and you really should know # better by now
and have moved to a newer kernel tree.  After this one, no # more security fixes
will be backported and you will end up with an # insecure system over time.
# ...
# Responses should be made by Thu, 03 Feb 2022 18:08:10 +0000.
# Anything received after that time might be too late.

(He sometimes releases kernels before the deadline).

We may want to make any announcements now or just after 4.4.302 is
released... so I guess we should start working on suitable wording.

Something like:

CIP project is committed to maintain 4.4.x kernel till January of 2027 [1]. We are
maintaining -cip branch [2], that is stable kernel with about
1000 of patches to support our reference hardware [3] and -cip-rt branch, with
is merge of -rt and -cip trees.

If you for some reason need 4.4.x with bug and security fixes, and are running
similar hardware to our reference hardware (x86-64 and armv7), -cip tree may
be good base for that work. Testing of the -cip tree is welcome, as is joining the
CIP project.

[1] https://wiki.linuxfoundation.org/civilinfrastructureplatform/start
[2]
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linu
x-4.4.y-cip-rt
[3]
https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/ciprefe
rencehardwareThank you for taking up the issue. I think the content is fine.Looks good to me as well.

Given that 4.4 is now history and Greg even mentioned CIP in his
discontinuation message [1] but said that we would only "consider" to
continue: Let's follow up on his post, only referring to the regular
linux-4.4.y-cip for now. Who of you two could do that?

BTW, do you have any future information about the RT kernel team?
We may also need to check the RT patch.
If you don't have the information, I'll ask the RT team about this.
Why should 4.4-rt continue if its former upstream retired?

Jan

[1] https://lkml.org/lkml/2022/2/3/91

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-dev][PATCH] Uprevision the cip-kernel-config to latest one

Jan Kiszka

#7575

On 04.02.22 06:40, Srinuvasan A wrote:
From: Srinuvasan A <srinuvasan_a@...>

Uprevision the cip-kernel-config to latest one.

Signed-off-by: Srinuvasan A <srinuvasan_a@...>
---
 recipes-kernel/linux/linux-cip-common.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 8fa8988..84515c2 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -1,7 +1,7 @@
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2019
+# Copyright (c) Siemens AG, 2022
 #
 # Authors:
 #  Jan Kiszka <jan.kiszka@...>
@@ -25,6 +25,6 @@ SRC_URI_append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi
 
 SRC_URI_append_bbb = "file://${KERNEL_DEFCONFIG}"
 
-SRCREV_cip-kernel-config ?= "4f80764b80a81f9590e927fb202f358465b322a6"
+SRCREV_cip-kernel-config ?= "3f527304fdadd163e20b7a5a9cfabaca7506c716"
 
 S = "${WORKDIR}/linux-cip-v${PV}"Thanks applied.

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-core v2 1/2] Add recipe to cause kernel panic during system boot

Jan Kiszka

#7574

On 01.02.22 16:35, Shivanand.Kunijadar@... wrote:
From: Shivanand Kunijadar <Shivanand.Kunijadar@...>

This recipe adds systemd service to cause kernel panic during system
boot.
It helps to check the swupdate-rollback feature.

Signed-off-by: Shivanand Kunijadar <Shivanand.Kunijadar@...>
---
 kas/opt/kernel-panic.yml                      | 18 ++++++++++++++
 .../kernel-panic/files/sysrq-panic.service    | 10 ++++++++
 recipes-core/kernel-panic/kernel-panic.bb     | 24 +++++++++++++++++++
 3 files changed, 52 insertions(+)
 create mode 100644 kas/opt/kernel-panic.yml
 create mode 100644 recipes-core/kernel-panic/files/sysrq-panic.service
 create mode 100644 recipes-core/kernel-panic/kernel-panic.bb

diff --git a/kas/opt/kernel-panic.yml b/kas/opt/kernel-panic.yml
new file mode 100644
index 0000000..47df7b1
--- /dev/null
+++ b/kas/opt/kernel-panic.yml
@@ -0,0 +1,18 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Toshiba Corporation, 2022
+#
+# Authors:
+#  Shivanand Kunijadar <Shivanand.Kunijadar@...>
+#
+# SPDX-License-Identifier: MIT
+#
+# This kas file adds systemd service file to cause kernel panic during system boot.
+
+header:
+  version: 10
+
+local_conf_header:
+  kernel-panic: |
+    IMAGE_INSTALL_append = " kernel-panic"
diff --git a/recipes-core/kernel-panic/files/sysrq-panic.service b/recipes-core/kernel-panic/files/sysrq-panic.service
new file mode 100644
index 0000000..169a97c
--- /dev/null
+++ b/recipes-core/kernel-panic/files/sysrq-panic.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=sysrq panic
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "echo c > /proc/sysrq-trigger"
+
+[Install]
+WantedBy=default.target
+
diff --git a/recipes-core/kernel-panic/kernel-panic.bb b/recipes-core/kernel-panic/kernel-panic.bb
new file mode 100644
index 0000000..511febb
--- /dev/null
+++ b/recipes-core/kernel-panic/kernel-panic.bb
@@ -0,0 +1,24 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Toshiba Corporation, 2022
+#
+# Authors:
+#  Shivanand Kunijadar <Shivanand.Kunijadar@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+DESCRIPTION = "Systemd service file to cause kernel panic"
+
+SRC_URI = " \
+    file://sysrq-panic.service"
+
+do_install() {
+	install -v -d ${D}/lib/systemd/system
+	install -v -m 0644 ${WORKDIR}/sysrq-panic.service ${D}/lib/systemd/system/
+	install -v -d ${D}/etc/systemd/system/default.target.wants
+	ln -s /lib/systemd/system/sysrq-panic.service ${D}/etc/systemd/system/default.target.wants/
+}Applied already to next, dropping the extra new-line in sysrq-panic.service.

Thanks,
Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-core v2 2/2] README.swupdate.md: add readme file with steps to verify swupdate

Jan Kiszka

#7573

On 03.02.22 12:57, Gylstorff Quirin wrote:
Hi,

On 2/1/22 16:35, Shivanand.Kunijadar@... wrote:
From: Shivanand Kunijadar <Shivanand.Kunijadar@...>

Prepare readme file with necessary steps to verify swupdate feature
with rollback functionality.

Signed-off-by: Shivanand Kunijadar <Shivanand.Kunijadar@...>
---
  doc/README.swupdate.md | 208 +++++++++++++++++++++++++++++++++++++++++
  1 file changed, 208 insertions(+)
  create mode 100644 doc/README.swupdate.md

diff --git a/doc/README.swupdate.md b/doc/README.swupdate.md
new file mode 100644
index 0000000..56bc77c
--- /dev/null
+++ b/doc/README.swupdate.md
@@ -0,0 +1,208 @@
+
+Clone the isar-cip-core repository
+```
+host$ git clone
https://gitlab.com/cip-project/cip-core/isar-cip-core.git
+```
+
+Install `kas-container` from the [kas
project](https://github.com/siemens/kas):
+
+```
+host$ wget
https://raw.githubusercontent.com/siemens/kas/2.6.2/kas-container
+host$ chmod a+x kas-container
+```
+Please refer to the existing instructions, rather than duplicating them.
Otherwise, we have to patch the kas-container version information in yet
another place.

+Build the image for swupdate
+
+```
+host$ ./kas-container --isar build
kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.ymlWould it be better to use ./kas-container menu?Technically the same, but the above is probably easier to describe here.
But drop the obsolete "--isar".


+```
+- save the generated swu
build/tmp/deploy/images/qemu-amd64/cip-core-image-cip-core-buster-qemu-amd64.swu
in a separate folder (ex: tmp)
+- modify the image for example add a new version to the image by
adding PV=2.0.0 to cip-core-image.bb
+- rebuild the image using above command and start the new target
+```
+host$ SWUPDATE_BOOT=y ./start-qemu.sh amd64
+```OK, here that explicit building above, not using kas-container menu,
requires this explicit "SWUPDATE_BOOT=y". But not a major issue, also
given that we will add the panic option below, something that is likely
not helpful to expose in the kconfig menu.

+
+Copy `cip-core-image-cip-core-buster-qemu-amd64.swu` file from `tmp`
folder to the running system
+
+```
+root@demo:~# scp
<host-user>@<host-ip>:<path-to-swu-file>/tmp/cip-core-image-cip-core-buster-qemu-amd64.swu
.
+```According to https://wiki.qemu.org/Documentation/Networking the default
host ip should be 10.0.2.2.Indeed, would be one variable less.

+
+Check which partition is booted, e.g. with lsblk:
+
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part /
+└─sda5   8:5    0 1000M  0 part
+```
+
+Apply swupdate and reboot
+```
+root@demo:~# swupdate -i cip-core-image-cip-core-buster-qemu-amd64.swu
+root@demo:~# reboot
+```
+Check which partition is booted, e.g. with lsblk and the rootfs
should have changed
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part
+└─sda5   8:5    0 1000M  0 part /
+```
+
+Check bootloader ustate after swupdate
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:          
C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait
earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw
initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+
+----------------------------
+ Config Partition #1 Values:
+in_progress:      no
+revision:         3
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002
console=tty0 console=ttyS0,115200 rootwait earlyprintk rw
initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           2 (TESTING)
+```
+
+if Partition #1 usate is 2 (TESTING) then execute below command to
confirm swupdate and the command will set ustate to "OK"
+```
+root@demo:~# bg_setenv -c
+```
+
+# swupdate rollback example
+
+Build the image for swupdate with service which causes kernel panic
during system boot using below command.
+
+```
+host$ ./kas-container --isar build
kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml:kas/opt/kernel-panic.ymlAgain, no more "--isar".


+```
+- save the generated swu
build/tmp/deploy/images/qemu-amd64/cip-core-image-cip-core-buster-qemu-amd64.swu
in a separate folder (ex: tmp)
+- build the image again without `kernel-panic.yml` recipe using below
command
+```
+host$ ./kas-container --isar build
kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.ymlAlso here.

+```
+
+Start the target on QEMU
+```
+host$ SWUPDATE_BOOT=y ./start-qemu.sh amd64
+```
+
+Copy `cip-core-image-cip-core-buster-qemu-amd64.swu` file from `tmp`
folder to the running system
+
+```
+root@demo:~# scp
<host-user>@<host-ip>:<path-to-swu-file>/tmp/cip-core-image-cip-core-buster-qemu-amd64.swu
.
+```
+
+Check which partition is booted, e.g. with lsblk:
+
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part /
+└─sda5   8:5    0 1000M  0 part
+```
+
+Check bootloader ustate before swupdate and should be as below
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:          
C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait
earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw
initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+Config Partition #1 Values:
+in_progress:      no
+revision:         1
+kernel:          
C:BOOT1:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait
earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 rw
initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK > +```
+
+Apply swupdate as below
+```
+root@demo:~# swupdate -i cip-core-image-cip-core-buster-qemu-amd64.swu
+```
+
+check bootloader ustate after swupdate. if the swupdate is successful
then **revision number** should increase to **3** and status should be
changed to **INSTALLED** for Partition #1.
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:          
C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait
earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw
initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+Config Partition #1 Values:
+in_progress:      no
+revision:         3
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002
console=tty0 console=ttyS0,115200 rootwait earlyprintk rw
initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           1 (INSTALLED)
+```
+
+Execute reboot command
+- reboot command should cause kernel panic error.
+- watchdog timer should expire and restart the qemu. bootloader
should select previous partition to boot.
+```
+root@demo:~# reboot
+```
+
+Once the system is restarted, check the bootloader ustate
+- if update is failed then **revision number** should reduce to **0**
and status should change to **FAILED** for Partition #1.
+```
+root@demo:~# bg_printenv
+----------------------------
+ Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:          
C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait
earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw
initrd=cip-core-image-cip-corg
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+ Config Partition #1 Values:
+in_progress:      no
+revision:         0
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002
console=tty0 console=ttyS0,115200 rootwait earlyprintk rw
initrd=cip-core-image-cip-corg
+watchdog timeout: 60 seconds
+ustate:           3 (FAILED)
+```Quirin
Thanks,
Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

[isar-cip-dev][PATCH] Uprevision the cip-kernel-config to latest one

Srinuvasan A

#7572

From: Srinuvasan A <srinuvasan_a@...>

Uprevision the cip-kernel-config to latest one.

Signed-off-by: Srinuvasan A <srinuvasan_a@...>
---
 recipes-kernel/linux/linux-cip-common.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 8fa8988..84515c2 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -1,7 +1,7 @@
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2019
+# Copyright (c) Siemens AG, 2022
 #
 # Authors:
 #  Jan Kiszka <jan.kiszka@...>
@@ -25,6 +25,6 @@ SRC_URI_append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi
 
 SRC_URI_append_bbb = "file://${KERNEL_DEFCONFIG}"
 
-SRCREV_cip-kernel-config ?= "4f80764b80a81f9590e927fb202f358465b322a6"
+SRCREV_cip-kernel-config ?= "3f527304fdadd163e20b7a5a9cfabaca7506c716"
 
 S = "${WORKDIR}/linux-cip-v${PV}"
-- 
2.25.1

Re: CIP IRC weekly meeting today on libera.chat

Pavel Machek

#7571

Hi!

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today. Our channel is the
following:I'm sorry I missed the meeting.

I was mostly reviewing 5.10.96.

Last meeting minutes:
https://irclogs.baserock.org/meetings/cip/2022/01/cip.2022-01-27-13.00.log.htmlAha, and useful trick, directory listings are enabled, so going to
https://irclogs.baserock.org/meetings/cip/2022/02/ allows me to access
the logs.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

signature.asc

Re: Preparing a container for kernel compilation using the Debian compiler

Chris Paterson

#7570

Hello Iwamatsu-san,

Apologies in taking a while to get to this.

From: nobuhiro1.iwamatsu@...
<nobuhiro1.iwamatsu@...>
Sent: 18 January 2022 12:36

Hi Chris,

The 5.10.y tree building is failing due to a problem with the version of the
compiler
currently used for kernel compiling. To solve this, I thought it was necessary
to prepare
an environment where each tree could be compiled. We also suggest using
Debian as the
compiler as we are developing using Debian.

I have created a fix and MR[0][1] to solve these.
Could you check these?I've added some comments to the linux-cip-ci MR.
linux-cip-pipelines MR is approved but obviously the first MR needs to be merged first.

We can migrate to cip-core-isar once we're done with this first step.

Kind regards, Chris


Best regards,
  Nobuhiro

[0]:
https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab
.com%2Fcip-project%2Fcip-testing%2Flinux-cip-ci%2F-
%2Fmerge_requests%2F53&amp;data=04%7C01%7CChris.Paterson2%40ren
esas.com%7Ce01604e9a78c4a058b0208d9da7f2b4e%7C53d82571da1947e49c
b4625a166a4a2a%7C0%7C0%7C637781061993287282%7CUnknown%7CTWFp
bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
I6Mn0%3D%7C3000&amp;sdata=%2BxpkKQJX1QrSJrNnVbAFCmhHR97nZhre
rqfc3xjgj6M%3D&amp;reserved=0
[1]:
https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab
.com%2Fcip-project%2Fcip-testing%2Flinux-cip-pipelines%2F-
%2Fmerge_requests%2F25&amp;data=04%7C01%7CChris.Paterson2%40ren
esas.com%7Ce01604e9a78c4a058b0208d9da7f2b4e%7C53d82571da1947e49c
b4625a166a4a2a%7C0%7C0%7C637781061993287282%7CUnknown%7CTWFp
bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
I6Mn0%3D%7C3000&amp;sdata=NESpNj06G410KlYrpKIhPoGIwQp6Z2ZFfeFF
6mesvHE%3D&amp;reserved=0

Re: [isar-cip-core v2 2/2] README.swupdate.md: add readme file with steps to verify swupdate

Quirin Gylstorff

#7569

Hi,

On 2/1/22 16:35, Shivanand.Kunijadar@... wrote:
From: Shivanand Kunijadar <Shivanand.Kunijadar@...>
Prepare readme file with necessary steps to verify swupdate feature
with rollback functionality.
Signed-off-by: Shivanand Kunijadar <Shivanand.Kunijadar@...>
---
  doc/README.swupdate.md | 208 +++++++++++++++++++++++++++++++++++++++++
  1 file changed, 208 insertions(+)
  create mode 100644 doc/README.swupdate.md
diff --git a/doc/README.swupdate.md b/doc/README.swupdate.md
new file mode 100644
index 0000000..56bc77c
--- /dev/null
+++ b/doc/README.swupdate.md
@@ -0,0 +1,208 @@
+
+Clone the isar-cip-core repository
+```
+host$ git clone https://gitlab.com/cip-project/cip-core/isar-cip-core.git
+```
+
+Install `kas-container` from the [kas project](https://github.com/siemens/kas):
+
+```
+host$ wget https://raw.githubusercontent.com/siemens/kas/2.6.2/kas-container
+host$ chmod a+x kas-container
+```
+
+Build the image for swupdate
+
+```
+host$ ./kas-container --isar build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.ymlWould it be better to use ./kas-container menu?

+```
+- save the generated swu build/tmp/deploy/images/qemu-amd64/cip-core-image-cip-core-buster-qemu-amd64.swu in a separate folder (ex: tmp)
+- modify the image for example add a new version to the image by adding PV=2.0.0 to cip-core-image.bb
+- rebuild the image using above command and start the new target
+```
+host$ SWUPDATE_BOOT=y ./start-qemu.sh amd64
+```
+
+Copy `cip-core-image-cip-core-buster-qemu-amd64.swu` file from `tmp` folder to the running system
+
+```
+root@demo:~# scp <host-user>@<host-ip>:<path-to-swu-file>/tmp/cip-core-image-cip-core-buster-qemu-amd64.swu .
+```According to https://wiki.qemu.org/Documentation/Networking the default host ip should be 10.0.2.2.
+
+Check which partition is booted, e.g. with lsblk:
+
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part /
+└─sda5   8:5    0 1000M  0 part
+```
+
+Apply swupdate and reboot
+```
+root@demo:~# swupdate -i cip-core-image-cip-core-buster-qemu-amd64.swu
+root@demo:~# reboot
+```
+Check which partition is booted, e.g. with lsblk and the rootfs should have changed
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part
+└─sda5   8:5    0 1000M  0 part /
+```
+
+Check bootloader ustate after swupdate
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+
+----------------------------
+ Config Partition #1 Values:
+in_progress:      no
+revision:         3
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 console=tty0 console=ttyS0,115200 rootwait earlyprintk rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           2 (TESTING)
+```
+
+if Partition #1 usate is 2 (TESTING) then execute below command to confirm swupdate and the command will set ustate to "OK"
+```
+root@demo:~# bg_setenv -c
+```
+
+# swupdate rollback example
+
+Build the image for swupdate with service which causes kernel panic during system boot using below command.
+
+```
+host$ ./kas-container --isar build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml:kas/opt/kernel-panic.yml
+```
+- save the generated swu build/tmp/deploy/images/qemu-amd64/cip-core-image-cip-core-buster-qemu-amd64.swu in a separate folder (ex: tmp)
+- build the image again without `kernel-panic.yml` recipe using below command
+```
+host$ ./kas-container --isar build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml
+```
+
+Start the target on QEMU
+```
+host$ SWUPDATE_BOOT=y ./start-qemu.sh amd64
+```
+
+Copy `cip-core-image-cip-core-buster-qemu-amd64.swu` file from `tmp` folder to the running system
+
+```
+root@demo:~# scp <host-user>@<host-ip>:<path-to-swu-file>/tmp/cip-core-image-cip-core-buster-qemu-amd64.swu .
+```
+
+Check which partition is booted, e.g. with lsblk:
+
+```
+root@demo:~# lsblk
+NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda      8:0    0    2G  0 disk
+├─sda1   8:1    0 16.4M  0 part
+├─sda2   8:2    0   32M  0 part
+├─sda3   8:3    0   32M  0 part
+├─sda4   8:4    0 1000M  0 part /
+└─sda5   8:5    0 1000M  0 part
+```
+
+Check bootloader ustate before swupdate and should be as below
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+Config Partition #1 Values:
+in_progress:      no
+revision:         1
+kernel:           C:BOOT1:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK > +```
+
+Apply swupdate as below
+```
+root@demo:~# swupdate -i cip-core-image-cip-core-buster-qemu-amd64.swu
+```
+
+check bootloader ustate after swupdate. if the swupdate is successful then **revision number** should increase to **3** and status should be changed to **INSTALLED** for Partition #1.
+```
+root@demo:~# bg_printenv
+----------------------------
+Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+Config Partition #1 Values:
+in_progress:      no
+revision:         3
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 console=tty0 console=ttyS0,115200 rootwait earlyprintk rw initrd=cip-core-image-cip-core-buster-qemu-amd64-initrd.img
+watchdog timeout: 60 seconds
+ustate:           1 (INSTALLED)
+```
+
+Execute reboot command
+- reboot command should cause kernel panic error.
+- watchdog timer should expire and restart the qemu. bootloader should select previous partition to boot.
+```
+root@demo:~# reboot
+```
+
+Once the system is restarted, check the bootloader ustate
+- if update is failed then **revision number** should reduce to **0** and status should change to **FAILED** for Partition #1.
+```
+root@demo:~# bg_printenv
+----------------------------
+ Config Partition #0 Values:
+in_progress:      no
+revision:         2
+kernel:           C:BOOT0:cip-core-image-cip-core-buster-qemu-amd64-vmlinuz
+kernelargs:       console=tty0 console=ttyS0,115200 rootwait earlyprintk root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 rw initrd=cip-core-image-cip-corg
+watchdog timeout: 60 seconds
+ustate:           0 (OK)
+
+user variables:
+----------------------------
+ Config Partition #1 Values:
+in_progress:      no
+revision:         0
+kernel:           C:BOOT1:vmlinuz
+kernelargs:       root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000002 console=tty0 console=ttyS0,115200 rootwait earlyprintk rw initrd=cip-core-image-cip-corg
+watchdog timeout: 60 seconds
+ustate:           3 (FAILED)
+```Quirin

Re: [isar-cip-core v2 0/2] Add necessary steps to verify swupdate

Quirin Gylstorff

#7568

Hi,

On 2/1/22 16:35, Shivanand.Kunijadar@... wrote:
From: Shivanand Kunijadar <Shivanand.Kunijadar@...>
The current isar-cip-core provides verification of successful swupdate
but lacks the recipe to verify swupdate-rollback feature, the below
patches provides the necessary script to verify swupdate-rollback.
Shivanand Kunijadar (2):
   Add recipe to cause kernel panic during system boot
   README.swupdate.md: add readme file with steps to verify swupdate
doc/README.swupdate.md                        | 208 ++++++++++++++++++
  kas/opt/kernel-panic.yml                      |  18 ++
  .../kernel-panic/files/sysrq-panic.service    |  10 +
  recipes-core/kernel-panic/kernel-panic.bb     |  24 ++
  4 files changed, 260 insertions(+)
  create mode 100644 doc/README.swupdate.md
  create mode 100644 kas/opt/kernel-panic.yml
  create mode 100644 recipes-core/kernel-panic/files/sysrq-panic.service
  create mode 100644 recipes-core/kernel-panic/kernel-panic.bb

Should we try to automate this with LAVA. With https://github.com/siemens/mtda it should be possible.

@Chris what are your thoughts.

Kind regards

Quirin

Re: 4.4.302 is going to be last 4.4 release

Nobuhiro Iwamatsu

#7567

Hi Pavel,

Show quoted text

-----Original Message-----
From: cip-dev@... <cip-dev@...> On
Behalf Of Pavel Machek
Sent: Wednesday, February 2, 2022 6:33 AM
To: jan.kiszka@...; cip-dev@...
Subject: [cip-dev] 4.4.302 is going to be last 4.4 release

Hi!

Greg says:

# Message-Id: <20220201180822.148370751@...>
# Subject: [PATCH 4.4 00/25] 4.4.302-rc1 review # ...
# NOTE!  This is the proposed LAST 4.4.y kernel release to happen under # the
rules of the normal stable kernel releases.  After this one, it will # be marked
End-Of-Life as it has been 6 years and you really should know # better by now
and have moved to a newer kernel tree.  After this one, no # more security fixes
will be backported and you will end up with an # insecure system over time.
# ...
# Responses should be made by Thu, 03 Feb 2022 18:08:10 +0000.
# Anything received after that time might be too late.

(He sometimes releases kernels before the deadline).

We may want to make any announcements now or just after 4.4.302 is
released... so I guess we should start working on suitable wording.

Something like:

CIP project is committed to maintain 4.4.x kernel till January of 2027 [1]. We are
maintaining -cip branch [2], that is stable kernel with about
1000 of patches to support our reference hardware [3] and -cip-rt branch, with
is merge of -rt and -cip trees.

If you for some reason need 4.4.x with bug and security fixes, and are running
similar hardware to our reference hardware (x86-64 and armv7), -cip tree may
be good base for that work. Testing of the -cip tree is welcome, as is joining the
CIP project.

[1] https://wiki.linuxfoundation.org/civilinfrastructureplatform/start
[2]
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linu
x-4.4.y-cip-rt
[3]
https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/ciprefe
rencehardwareThank you for taking up the issue. I think the content is fine.
BTW, do you have any future information about the RT kernel team?
We may also need to check the RT patch.
If you don't have the information, I'll ask the RT team about this.

Best regards,
  Nobuhiro

?

Best regards,
								Pavel
--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

CIP IRC weekly meeting today on libera.chat

Jan Kiszka

#7566

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today. Our channel is the following:

    irc:irc.libera.chat:6667/cip

The IRC meeting is scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2022&month=2&day=3&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest    USEast    UK        DE        TW        JP
06:00     09:00     13:00     14:00     21:00     22:00

Last meeting minutes:
https://irclogs.baserock.org/meetings/cip/2022/01/cip.2022-01-27-13.00.log.html

* Action items
  1. Request private KernelCI branches for CIP maintainers - patersonc
  2. Make TSC motion regarding linux-4.4.y branch by CIP - jan 
  3. Draft press announcement about 5.10 release and 4.4 self-maintenance - jan
* Kernel maintenance updates
* Kernel testing
* AOB

Jan

New CVE entries this week

Masami Ichikawa

#7565

Hi!

It's this week's CVE report.

This week reported 8 new CVEs.

* New CVEs

CVE-2022-22942: drm/vmwgfx: Fix stale file descriptors on failed usercopy

CVSS v3 score is not provided

A local attacker who is able to access to /dev/dri/card0 or
/dev/dri/rendererD128 will be able to gain access to files opened by
other processes on the system.
This issue was introduced by commit c906965 ("drm/vmwgfx: Add export
fence to file descriptor support") which was merged at 4.14-rc1.

Fixed status

mainline: [a0f90c8815706981c483a652a6aefca51a5e191c]

CVE-2021-4159: bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds()

CVSS v3 score is not provided

Kernel pointer leak vulnerability in eBPF. If a user have a permission
to insert eBPF code, user will be able to expose internal kernel
memory details.

Fixed status

mainline: [294f2fc6da27620a506e6c050241655459ccd6bd]

CVE-2022-0382: net ticp:fix a kernel-infoleak in __tipc_sendmsg()

CVSS v3 score is not provided

An infoleak vulnerability was found in __tipc_sendmsg(). A local user
can read some kernel memory (no more than 7 bytes and cannot control
what is read).

Fixed status

mainline: [d6d86830705f173fca6087a3e67ceaf68db80523]
stable/5.15: [d57da5185defccf383be53f41604fd5f006aba8c]

CVE-2022-24122: ucount:  Make get_ucount a safe get_user replacement

CVSS v3 score is not provided

A use-after-free vulnerability was found. This bug was introduced by
following commits.

- d646969 ("Reimplement RLIMIT_SIGPENDING on top of ucounts")
- 6e52a9f ("Reimplement RLIMIT_MSGQUEUE on top of ucounts")
- d7c9e99 ("Reimplement RLIMIT_MEMLOCK on top of ucounts")

These commits were merged since 5.14-rc1. so before 5.14 kernels were
not affected.

Fixed status

mainline: [f9d87929d451d3e649699d0f1d74f71f77ad38f5]
stable/5.15: [348a8501e6029f9308ea7675edfa645b5e669c9e]
stable/5.16: [aec8904396dc6c34a104f42b02d50ca9de58ab13]

CVE-2022-0286: bonding: fix null dereference in bond_ipsec_add_sa()

CVSS v3 score is not provided

A flaw was found in the Linux kernel. A null pointer dereference in
bond_ipsec_add_sa() may lead to local denial of service.
This issue was intoduced by 18cb261 ("bonding: support hardware
encryption offload to slaves") which was merged at 5.9-rc1.

Fixed status

mainline: [105cd17a866017b45f3c45901b394c711c97bf40]
stable/5.10: [ba7bfcdff1ad4ea475395079add1cd7b79f81684]

CVE-2022-0400: Out of bounds read in the smc protocol stack

CVSS v3 score is not provided

There is no information as of 2022/02/03.

Fixed status

Not fixed yet.

CVE-2022-0433: bpf: Add missing map_get_next_key method to bloom filter map.

CVSS v3 score is not provided

A NULL pointer dereference bug was found in map_get_next_key() in the
BPF subsystem. A local attacker will be able to crash the system.
This issues was introduced with 9330986c0300 ("bpf: Add bloom filter
map implementation") in 5.16-rc1.

Fixed status

mainline: [3ccdcee28415c4226de05438b4d89eb5514edf73]
stable/5.16: [f7a6dd58e0817b063252d7c5bec88e588df34b31]

CVE-2021-4218: sysctl: pass kernel pointers to ->proc_handler

CVSS v3 score is not provided

This issue allows a local user with local access to cause a DoS while
the system reboot.
It was fixed in 5.8-rc1.

Fixed status

mainline: [32927393dc1ccd60fb2bdc05b9e8e88753761469]

* Updated CVEs

CVE-2020-29374: gup: document and work around "COW can break either way" issue

4.14 and 4.19 were added following patches to fix bug in
get_user_pages_fast(), which need to fix CVE-2020-29374 correctly.

4.14: 70b5928 ("mips,s390,sh,sparc: gup: Work around the "COW can
break either way" issue")
4.19: 294c7a9 ("mips,s390,sh,sparc: gup: Work around the "COW can
break either way" issue")

It seems that 4.4.y also needs this patch too.

Fixed status

mainline: [17839856fd588f4ab6b789f482ed3ffd7c403e1f]
stable/4.14: [407faed92b4a4e2ad900d61ea3831dd597640f29,
70b5928f5cd289b2ccf34384ca83b1d9ee7a0fad]
stable/4.19: [5e24029791e809d641e9ea46a1f99806484e53fc,
294c7a9fb608c29a9e49010b515228e20ccbec8f]
stable/4.4: [58facc9c7ae307be5ecffc1697552550fedb55bd]
stable/4.9: [9bbd42e79720122334226afad9ddcac1c3e6d373]
stable/5.4: [1027dc04f557328eb7b7b7eea48698377a959157]

CVE-2020-36322: fuse: fix bad inode

4.14, 4.19, and 4.9 were fixed this week.

Fixed status

mainline: [5d069dbe8aaf2a197142558b6fb2978189ba3454]
stable/4.14: [2cd45139c0f28ebfa7604866faee00c99231a62b]
stable/4.19: [1e1bb4933f1faafc68db8e0ecd5838a65dd1aae9]
stable/4.9: [3a2f8823aa565cc67bdd00c4cd5e1d8ad81e8436]
stable/5.10: [36cf9ae54b0ead0daab7701a994de3dcd9ef605d]
stable/5.4: [732251cabeb3bfd917d453a42274d769d6883fc4]

CVE-2021-20292: drm/ttm/nouveau: don''t call tt destroy callback on
alloc failure.

4.14 and 4.9 were fixed this week.

Fixed status

mainline: [5de5b6ecf97a021f29403aa272cb4e03318ef586]
stable/4.14: [4a2cec066dc8d099d30c649ae7ed26771029e0b5]
stable/4.19: [10c8a526b2db1fcdf9e2d59d4885377b91939c55]
stable/4.9: [70f44dfbde027f444412cfb4ea9b485a4c1dec0e]
stable/5.4: [c6d2ddf1a30d524106265ad2c48b907cd7a083d4]

CVE-2021-20317: lib/timerqueue: Rely on rbtree semantics for next timer

4.9 was fixed this week.

Fixed status

mainline: [511885d7061eda3eb1faf3f57dcc936ff75863f1]
stable/4.14: [0135fcb86a0bc9e4484f7e1228cadcc343c5edef]
stable/4.19: [b9a1ac8e7c03fd09992352c7fb1a61cbbb9ad52b]
stable/4.9: [ef2e64035f074bfeef14c28347aaec0b486a9e9f]
stable/5.10: [511885d7061eda3eb1faf3f57dcc936ff75863f1]
stable/5.14: [511885d7061eda3eb1faf3f57dcc936ff75863f1]
stable/5.4: [511885d7061eda3eb1faf3f57dcc936ff75863f1]

CVE-2021-22543: KVM through Improper handling of VM_IO|VM_PFNMAP vmas
in KVM can bypass RO checks and can lead to pages being freed while
still accessible by the VMM and guest

4.9 was fixed this week.

Fixed status

mainline: [f8be156be163a052a067306417cd0ff679068c97]
stable/4.14: [46d75ff2c1beebe90e7af8887256d8f0323679e4]
stable/4.19: [117777467bc015f0dc5fc079eeba0fa80c965149]
stable/4.9: [f4b2bfed80e8d0e91b431dd1c21bc3c2c4d5f07e]
stable/5.10: [dd8ed6c9bc2224c1ace5292d01089d3feb7ebbc3]
stable/5.12: [c36fbd888dcc27d365c865e6c959d7f7802a207c]
stable/5.4: [bb85717e3797123ae7724751af21d0c9d605d61e]

CVE-2021-28950: fuse: fix live lock in fuse_iget()

4.14, 4.19, and 4.9 were fixed this week.

Fixed status

mainline: [775c5033a0d164622d9d10dd0f0a5531639ed3ed]
stable/4.14: [f78d626801194ffac2c140de72e5b7937fac33f6]
stable/4.19: [8a8908cb82568c71b672e83d834e8b59ccf75f8e]
stable/4.9: [fde32bbe9a540af28579da6480fc55cc50099ece]
stable/5.10: [d955f13ea2120269319d6133d0dd82b66d1eeca3]
stable/5.11: [5676df54d7d44f497b8dbf7bff04f2f1b165da93]
stable/5.4: [187ae04636531065cdb4d0f15deac1fe0e812104]

CVE-2021-29264: gianfar: fix jumbo packets+napi+rx overrun crash

4.14 and 4.9 were fixed this week.

Fixed status

mainline: [d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f]
stable/4.14: [93e83b226a16bcc800013c6e02c98eef7ba9868c]
stable/4.19: [9943741c2792a7f1d091aad38f496ed6eb7681c4]
stable/4.9: [2cf34285e6eac396a180762c5504e2911df88c9a]
stable/5.10: [b8bfda6e08b8a419097eea5a8e57671bc36f9939]
stable/5.11: [5b54b18449d8f7302bc2e16d52121f6f87a81c3c]
stable/5.4: [ec7ce1e337ec2b5641dcc639396e04a28454f21a]

CVE-2021-33033: cipso,calipso: resolve a number of problems with the
DOI refcounts

4.9 was fixed this week.

Fixed status

mainline: [ad5d07f4a9cd671233ae20983848874731102c08]
stable/4.14: [ab44f7317c16ddcf9ee12ba2aca60771266c2dc6]
stable/4.19: [a44af1c69737f9e64d5134c34eb9d5c4c2e04da1]
stable/4.9: [f49f0e65a95664b648e058aa923f651ec08dfeb7]
stable/5.10: [85178d76febd30a745b7d947dbd9751919d0fa5b]
stable/5.11: [00d566df2cceb8591913b3ea3b43d2918915f7e3]
stable/5.4: [b4800e7a1c9f80a1a0e417ab36a1da4959f8b399]

CVE-2021-38199: NFSv4: Initialise connection to the server in
nfs4_alloc_client()

4.14 was fixed this week.

Fixed status

mainline: [dd99e9f98fbf423ff6d365b37a98e8879170f17c]
stable/4.14: [d5e6dff8c92943a2719fa5415cc3d333e57d5d90]
stable/4.19: [743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368]
stable/5.10: [ff4023d0194263a0827c954f623c314978cf7ddd]
stable/5.13: [b0bfac939030181177373f549398ba94c384713d]
stable/5.4: [81e03fe5bf8f5f66b8a62429fb4832b11ec6b272]

CVE-2021-43976: mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv

All stable kernels were fixed this week.

Fixed status

mainline: [04d80663f67ccef893061b49ec8a42ff7045ae84]
stable/4.14: [8c9261b84c9b90d130d97fc7d13727706253af87]
stable/4.19: [2f4b037bf6e8c663a593b8149263c5b6940c7afd]
stable/4.4: [7d5e12e452771509d94db391a3b5e428325ed268]
stable/4.9: [b233d7395cd104398dd83f130df5f0d57036c95e]
stable/5.10: [6036500fdf77caaca9333003f78d25a3d61c4e40]
stable/5.15: [b2762757f4e484f8a164546f93aca82568d87649]
stable/5.16: [9d3989c5050f10ae9bbec9f32492b500420d04a1]
stable/5.4: [ae56c5524a750fd8cf32565cb3902ce5baaeb4e6]

CVE-2021-45469: f2fs: fix to do sanity check on last xattr entry in
__f2fs_setxattr()

5.16 was fixed this week.

Fixed status

mainline: [645a3c40ca3d40cc32b4b5972bf2620f2eb5dba6]
stable/4.14: [88dedecc24763c2e0bc1e8eeb35f9f2cd785a7e5]
stable/4.19: [f9dfa44be0fb5e8426183a70f69a246cf5827f49]
stable/5.10: [fffb6581a23add416239dfcf7e7f3980c6b913da]
stable/5.15: [a8a9d753edd7f71e6a2edaa580d8182530b68791]
stable/5.16: [258b26a34778cde43f228a392e242d3d0420624a]
stable/5.4: [b0406b5ef4e2c4fb21d9e7d5c36a0453b4279e9b]

CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page

4.9 was fixed this week.

Fixed status

mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.14: [cea9e8ee3b8059bd2b36d68f1f428d165e5d13ce]
stable/4.19: [4c07e70141eebd3db64297515a427deea4822957]
stable/4.9: [e262acbda232b6a2a9adb53f5d2b2065f7626625]
stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
stable/5.4: [d28adaabbbf4a6949d0f6f71daca6744979174e2]

CVE-2021-38199: NFSv4: Initialise connection to the server in
nfs4_alloc_client()

4.9 was fixed this week.

mainline: [dd99e9f98fbf423ff6d365b37a98e8879170f17c]
stable/4.14: [d5e6dff8c92943a2719fa5415cc3d333e57d5d90]
stable/4.19: [743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368]
stable/4.9: [993892ed82350d0b4eb7d321d2bb225219bd1cfc]
stable/5.10: [ff4023d0194263a0827c954f623c314978cf7ddd]
stable/5.13: [b0bfac939030181177373f549398ba94c384713d]
stable/5.4: [81e03fe5bf8f5f66b8a62429fb4832b11ec6b272]

CVE-2021-42739: media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt()

4.9 was fixed this week.

Fixed status

mainline: [35d2969ea3c7d32aee78066b1f3cf61a0d935a4e]
stable/4.14: [8d6c05da808f8351db844b69a9d6ce7f295214bb]
stable/4.19: [53ec9dab4eb0a8140fc85760fb50effb526fe219]
stable/4.9: [1795af6435fa5f17ced2d34854fd4871e0780092]
stable/5.10: [d7fc85f6104259541ec136199d3bf7c8a736613d]
stable/5.14: [02a476ca886dc8155025fe99cbbad4121d029fa7]
stable/5.15: [cb667140875a3b1db92e4c50b4617a7cbf84659b]
stable/5.4: [2461f38384d50dd966e1db44fe165b1896f5df5a]

CVE-2022-0330: drm/i915: Flush TLBs before releasing backing store

All stable kernels were fixed this week.

Fixed status

mainline: [7938d61591d33394a21bdd7797a245b65428f44c]
stable/4.14: [eed39c1918f1803948d736c444bfacba2a482ad0]
stable/4.19: [b188780649081782e341e52223db47c49f172712]
stable/4.4: [db6a2082d5a2ebc5ffa41f7213a544d55f73793a]
stable/4.9: [84f4ab5b47d955ad2bb30115d7841d3e8f0994f4]
stable/5.10: [6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88]
stable/5.15: [8a17a077e7e9ecce25c95dbdb27843d2d6c2f0f7]
stable/5.16: [ec1b6497a2bc0293c064337e981ea1f6cbe57930]
stable/5.4: [1b5553c79d52f17e735cd924ff2178a2409e6d0b]

CVE-2022-22942: drm/vmwgfx: Fix stale file descriptors on failed usercopy

stable kernels were fixed this week. 4.4 and 4.9 are not affected this issue.

Fixed status

mainline: [a0f90c8815706981c483a652a6aefca51a5e191c]
stable/4.14: [e8d092a62449dcfc73517ca43963d2b8f44d0516]
stable/4.19: [0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d]
stable/5.10: [ae2b20f27732fe92055d9e7b350abc5cdf3e2414]
stable/5.15: [6066977961fc6f437bc064f628cf9b0e4571c56c]
stable/5.16: [1d833b27fb708d6fdf5de9f6b3a8be4bd4321565]
stable/5.4: [84b1259fe36ae0915f3d6ddcea6377779de48b82]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,
-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
          :masami.ichikawa@...

cip/linux-5.10.y-cip baseline: 129 runs, 2 regressions (v5.10.83-cip1-178-g2cf1d12aab81) #kernelci

kernelci.org bot <bot@...>

#7564

cip/linux-5.10.y-cip baseline: 129 runs, 2 regressions (v5.10.83-cip1-178-g2cf1d12aab81)

Regressions Summary
-------------------

platform                 | arch | lab          | compiler | defconfig          | regressions
-------------------------+------+--------------+----------+--------------------+------------
imx6q-var-dt6customboard | arm  | lab-baylibre | gcc-10   | multi_v7_defconfig | 2          

  Details:  https://kernelci.org/test/job/cip/branch/linux-5.10.y-cip/kernel/v5.10.83-cip1-178-g2cf1d12aab81/plan/baseline/

  Test:     baseline
  Tree:     cip
  Branch:   linux-5.10.y-cip
  Describe: v5.10.83-cip1-178-g2cf1d12aab81
  URL:      https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
  SHA:      2cf1d12aab81945a16019888de695cb923db5225 


Test Regressions
---------------- 


platform                 | arch | lab          | compiler | defconfig          | regressions
-------------------------+------+--------------+----------+--------------------+------------
imx6q-var-dt6customboard | arm  | lab-baylibre | gcc-10   | multi_v7_defconfig | 2          

  Details:     https://kernelci.org/test/plan/id/61f9d65c9cdd86ce275d6f27

  Results:     4 PASS, 2 FAIL, 0 SKIP
  Full config: multi_v7_defconfig
  Compiler:    gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110)
  Plain log:   https://storage.kernelci.org//cip/linux-5.10.y-cip/v5.10.83-cip1-178-g2cf1d12aab81/arm/multi_v7_defconfig/gcc-10/lab-baylibre/baseline-imx6q-var-dt6customboard.txt
  HTML log:    https://storage.kernelci.org//cip/linux-5.10.y-cip/v5.10.83-cip1-178-g2cf1d12aab81/arm/multi_v7_defconfig/gcc-10/lab-baylibre/baseline-imx6q-var-dt6customboard.html
  Rootfs:      http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220121.0/armel/rootfs.cpio.gz 


  * baseline.dmesg.alert: https://kernelci.org/test/case/id/61f9d65c9cdd86ce275d6f2e
        new failure (last pass: v5.10.83-cip1-151-ga4163710a1dc)
        4 lines

    2022-02-02T00:54:35.795933  kern  :alert : 8<--- cut here ---
    2022-02-02T00:54:35.827053  kern  :alert : Unable to handle kernel NULL pointer dereference at virtual address 0000004c
    2022-02-02T00:54:35.828239  kern  :alert : pgd = (ptrval)<8>[   39.450731] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=alert RESULT=fail UNITS=lines MEASUREMENT=4>
    2022-02-02T00:54:35.828510  
    2022-02-02T00:54:35.828748  kern  :alert : [0000004c] *pgd=491b4831   

  * baseline.dmesg.emerg: https://kernelci.org/test/case/id/61f9d65c9cdd86ce275d6f2f
        new failure (last pass: v5.10.83-cip1-151-ga4163710a1dc)
        53 lines

    2022-02-02T00:54:35.843912  kern  :emerg : Internal error: Oops: 17 [#1] SMP ARM
    2022-02-02T00:54:35.885831  kern  :emerg : Process udevd (pid: 130, stack limit = 0x(ptrval))
    2022-02-02T00:54:35.886351  kern  :emerg : Stack: (0xc397bcd8 to 0xc397c000)
    2022-02-02T00:54:35.886599  kern  :emerg : bcc0:                                                       c0f00590 c09ddbbc
    2022-02-02T00:54:35.886833  kern  :emerg : bce0: c39fcdb0 c39fcdb4 c39fcc00 c09e369c c397a000 c1445d0c 0000000c c0c5ce69
    2022-02-02T00:54:35.887317  kern  :emerg : bd00: c19c7a10 c3a64d00 c2001d80 ef86cc80 c09f0e24 c1445d0c 0000000c c3268d40
    2022-02-02T00:54:35.887791  kern  :emerg : bd20: c19c7a10 c0c5ce69 00000001 c3a6bdc0 c3075d80 c39fcc00 c39fcc14 c1445d0c
    2022-02-02T00:54:35.929222  kern  :emerg : bd40: 0000000c c3268d40 c19c7a10 c09f0df8 c1443a30 00000000 c39fcc00 fffffdfb
    2022-02-02T00:54:35.929491  kern  :emerg : bd60: bf026000 c22d8c10 00000120 c09c6df0 c39fcc00 bf022120 c2329f40 c3966d08
    2022-02-02T00:54:35.929971  kern  :emerg : bd80: c3af08c0 c19c7a2c 00000120 c0a237c8 c3a6b3c0 c3a6b3c0 c2232c00 c3af08c0 
    ... (34 line(s) more)

cip/linux-5.10.y-cip build: 180 builds: 2 failed, 178 passed, 4 errors, 9 warnings (v5.10.83-cip1-178-g2cf1d12aab81) #kernelci

kernelci.org bot <bot@...>

#7563

cip/linux-5.10.y-cip build: 180 builds: 2 failed, 178 passed, 4 errors, 9 warnings (v5.10.83-cip1-178-g2cf1d12aab81)

Full Build Summary: https://kernelci.org/build/cip/branch/linux-5.10.y-cip/kernel/v5.10.83-cip1-178-g2cf1d12aab81/

Tree: cip
Branch: linux-5.10.y-cip
Git Describe: v5.10.83-cip1-178-g2cf1d12aab81
Git Commit: 2cf1d12aab81945a16019888de695cb923db5225
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
Built: 7 unique architectures

Build Failures Detected:

arm:
    rpc_defconfig: (gcc-10) FAIL

mips:
    ip28_defconfig: (gcc-10) FAIL

Errors and Warnings Detected:

arc:

arm64:

arm:
    rpc_defconfig (gcc-10): 4 errors

i386:

mips:
    32r2el_defconfig (gcc-10): 1 warning
    decstation_64_defconfig (gcc-10): 1 warning
    decstation_r4k_defconfig (gcc-10): 1 warning
    lemote2f_defconfig (gcc-10): 1 warning
    rm200_defconfig (gcc-10): 1 warning

riscv:
    rv32_defconfig (gcc-10): 4 warnings

x86_64:

Errors summary:

    2    arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3m
    2    arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’

Warnings summary:

    2    kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]
    2    <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp]
    2    <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp]
    1    net/mac80211/mlme.c:4328:1: warning: the frame size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=]
    1    drivers/block/paride/bpck.c:32: warning: "PC" redefined
    1    WARNING: modpost: Symbol info of vmlinux is missing. Unresolved symbol check will be entirely skipped.

================================================================================

Detailed per-defconfig build reports:

--------------------------------------------------------------------------------
32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
    WARNING: modpost: Symbol info of vmlinux is missing. Unresolved symbol check will be entirely skipped.

--------------------------------------------------------------------------------
allnoconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
allnoconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
am200epdkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ar7_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
assabet_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
at91_dt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ath25_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ath79_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axm55xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axs103_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axs103_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
badge4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm2835_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm47xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm63xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bigsur_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bmips_be_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bmips_stb_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cavium_octeon_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cerfcube_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ci20_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cm_x300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cobalt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
collie_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
corgi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cu1000-neo_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cu1830-neo_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
davinci_all_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
db1xxx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
decstation_64_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
    kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]

--------------------------------------------------------------------------------
decstation_r4k_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
    kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]

--------------------------------------------------------------------------------
defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+arm64-chromebook+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
dove_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
e55_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ebsa110_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
efm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ep93xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
eseries_pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
exynos_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ezx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
footbridge_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
fuloong2e_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gcw0_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gemini_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gpr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h3600_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h5000_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hackkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hisi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hsdk_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
i386_defconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imote2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v4_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
integrator_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop32x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip22_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip28_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip32_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ixp4xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jazz_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jmr3927_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jornada720_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
keystone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lemote2f_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
    net/mac80211/mlme.c:4328:1: warning: the frame size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=]

--------------------------------------------------------------------------------
loongson1b_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
loongson1c_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
loongson3_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc18xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc32xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpd270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lubbock_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
magician_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mainstone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_kvm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_kvm_guest_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_qemu_32r6_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltaaprp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltasmvp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltasmvp_eva_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltaup_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltaup_xpa_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
milbeaut_m10v_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mini2440_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mmp2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
moxart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mpc30x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mps2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mtx1_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v4t_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mxs_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
neponset_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
netwinder_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nhk8815_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nlm_xlp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nlm_xlr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nommu_k210_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nsimosci_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nsimosci_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap1_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
orion5x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
oxnas_v6_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
palmz72_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pcm027_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pic32mzda_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pistachio_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pleb_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
prima2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa168_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa255-idp_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
qcom_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
qi_lb60_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rb532_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rbtx49xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
realview_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rm200_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
    drivers/block/paride/bpck.c:32: warning: "PC" redefined

--------------------------------------------------------------------------------
rpc_defconfig (arm, gcc-10) — FAIL, 4 errors, 0 warnings, 0 section mismatches

Errors:
    arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3m
    arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’
    arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3m
    arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’

--------------------------------------------------------------------------------
rs90_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rt305x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 4 warnings, 0 section mismatches

Warnings:
    <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp]
    <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp]
    <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp]
    <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp]

--------------------------------------------------------------------------------
s3c2410_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s3c6400_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s5pv210_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sama5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sb1250_swarm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
shannon_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
shmobile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
simpad_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
socfpga_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spitz_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
stm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sunxi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tango4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tb0219_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tb0226_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tb0287_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tct_hammer_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tegra_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tinyconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tinyconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
trizeps4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
u8500_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vdk_hs38_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vdk_hs38_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
versatile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vf610m4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
viper_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vocore2_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vt8500_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
workpad_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+x86-chromebook+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
xcep_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zeus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

---
For more info write to <info@...>

4.4.302 is going to be last 4.4 release

Pavel Machek

#7562

Hi!

Greg says:

# Message-Id: <20220201180822.148370751@...>
# Subject: [PATCH 4.4 00/25] 4.4.302-rc1 review
# ...
# NOTE!  This is the proposed LAST 4.4.y kernel release to happen under
# the rules of the normal stable kernel releases.  After this one, it will
# be marked End-Of-Life as it has been 6 years and you really should know
# better by now and have moved to a newer kernel tree.  After this one, no
# more security fixes will be backported and you will end up with an
# insecure system over time.
# ...
# Responses should be made by Thu, 03 Feb 2022 18:08:10 +0000.
# Anything received after that time might be too late.

(He sometimes releases kernels before the deadline).

We may want to make any announcements now or just after 4.4.302 is
released... so I guess we should start working on suitable wording.

Something like:

CIP project is committed to maintain 4.4.x kernel till January of 2027
[1]. We are maintaining -cip branch [2], that is stable kernel with about
1000 of patches to support our reference hardware [3] and -cip-rt
branch, with is merge of -rt and -cip trees.

If you for some reason need 4.4.x with bug and security fixes, and are
running similar hardware to our reference hardware (x86-64 and armv7),
-cip tree may be good base for that work. Testing of the -cip tree is
welcome, as is joining the CIP project.

[1] https://wiki.linuxfoundation.org/civilinfrastructureplatform/start
[2] https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-4.4.y-cip-rt
[3] https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/cipreferencehardware

?

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

signature.asc