Date   

[isar-cip-core][PATCH 0/8] Secureboot on QEMU with EDK2, OP-TEE and RPBM

Schultschik, Sven
 

From: Sven Schultschik <sven.schultschik@...>

This series of patches will add recipes to build a QEMU setup
which uses OP-TEE to use RPBM (Replay protected memory) of
an EMMC for a secure storage. Which is used within Secureboot
on ARM64. QEMU itself does not have an implementation of a
virtual RPBM. Therefore a patch for u-boot is needed which
adds this feature to u-boot, but breaks hardware
compatibility within u-boot. As soon as QEMU has a native
RPMB support included, the patch can be removed.

The last patch is ment for manually test and verify the
patches, but should not be merged.

Sven Schultschik (8):
add recipe for edk2
add recipe for optee qemu arm64
Include optee into u-boot
add u-boot patch for qemu to support RPMB
add recipe for trusted firmware a qemu arm64
add kas files for building qemu secure boot images
enhance start-qemu.sh for arm64 secure boot
no merge - manually instructions test secure boot

README.md | 65 +
kas/opt/u-boot-efi-ebg-op-tee-qemu.yml | 11 +
keys/helloworld.efi | Bin 0 -> 4576 bytes
recipes-bsp/edk2/edk2_202205.bb | 43 +
recipes-bsp/edk2/files/rules.tmpl | 61 +
.../op-tee/optee-os-qemu-arm64_3.17.0.bb | 54 +
.../trusted-firmware-a-qemu-arm64_2.7.0.bb | 61 +
...hack.-Breaks-proper-hardware-support.patch | 1375 +++++++++++++++++
recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 9 +-
recipes-bsp/u-boot/u-boot-qemu-common.inc | 5 +
start-qemu.sh | 14 +-
11 files changed, 1695 insertions(+), 3 deletions(-)
create mode 100644 kas/opt/u-boot-efi-ebg-op-tee-qemu.yml
create mode 100644 keys/helloworld.efi
create mode 100644 recipes-bsp/edk2/edk2_202205.bb
create mode 100755 recipes-bsp/edk2/files/rules.tmpl
create mode 100644 recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb
create mode 100644 recipes-bsp/u-boot/files/0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch

--
2.30.2


Re: [isar-cip-core] doc/README.secureboot.md : Add method to check secure boot status in arm arch.

Jan Kiszka
 

On 21.10.22 13:16, Sai.Sathujoda@... wrote:
From: Sai <Sai.Sathujoda@...>

The dmesg will not show secure boot status for arm64 or armhf
architectures.
Signed-off-by: Sai <Sai.Sathujoda@...>
---
doc/README.secureboot.md | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md
index 26d8c87..714331f 100644
--- a/doc/README.secureboot.md
+++ b/doc/README.secureboot.md
@@ -217,6 +217,10 @@ After boot check the dmesg for secure boot status like below:
root@demo:~# dmesg | grep Secure
[ 0.008368] Secure boot enabled
```
+In case of arm64 or armhf architectures, the secure boot status can be found in bootloader logs like below:
+```
+EFI stub: UEFI Secure Boot is enabled.
+```
## Example: Update the image

For updating the image, the following steps are necessary:
Indeed - thanks, applied.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


[isar-cip-core] doc/README.secureboot.md : Add method to check secure boot status in arm arch.

sai.sathujoda@...
 

From: Sai <Sai.Sathujoda@...>

The dmesg will not show secure boot status for arm64 or armhf
architectures.
Signed-off-by: Sai <Sai.Sathujoda@...>
---
doc/README.secureboot.md | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md
index 26d8c87..714331f 100644
--- a/doc/README.secureboot.md
+++ b/doc/README.secureboot.md
@@ -217,6 +217,10 @@ After boot check the dmesg for secure boot status like below:
root@demo:~# dmesg | grep Secure
[ 0.008368] Secure boot enabled
```
+In case of arm64 or armhf architectures, the secure boot status can be found in bootloader logs like below:
+```
+EFI stub: UEFI Secure Boot is enabled.
+```
## Example: Update the image

For updating the image, the following steps are necessary:
--
2.20.1


Re: KernelCI, gitlab testing notes

Florian Bezdeka
 

Hi all,

On Thu, 2022-10-20 at 18:08 +0200, Pavel Machek via lists.cip-
project.org wrote:
Hi!

* 4.4 kernelci warnings

https://linux.kernelci.org/build/cip/branch/linux-4.4.y-cip/kernel/v4.4.302-cip70-98-g7f7838c92740f/

Thanks for pointer. This looks good. Most of warnings are
"net/ipv4/inet_hashtables.c:608:68: warning: suggest parentheses
around ‘+’ in operand of ‘&’ [-Wparentheses]" which is my fault and on
my TODO list.
Great, so the filtering seems to work as expected.


* SMC QEMU x86-64

https://storage.kernelci.org/cip/linux-4.4.y-cip/v4.4.302-cip70-98-g7f7838c92740f/x86_64/x86_64_defconfig/gcc-10/lab-collabora/smc-qemu_x86_64.html

Ok, I'll need to know more about the config. Is it possible that qemu
runs paravirtualized -- KVM?
According to line 174 of the referenced job log above /dev/kvm is
mounted into the container running what they seem to call "qemu
emulator" and -enable-kvm is given.

Depending on the concrete hardware this test is scheduled on, it might
deliver different results. That seems to be a general issue. I can try
to address that.

Is the 4.4 series missing the backport of the mitigation for this CVE
or is that really a "can be fixed by microcode only" thing? I don't
want to silence a real issue. My question is: If we would run a newer
kernel, would we still be affected on the same (virtual) hardware?


If yes, we are basically testing whatever hardware it happens to run
on. Not good.

If no... the "soft" cpu it runs on does not have those bugs.

* Understanding gitlab results
[snip, I don't know the gitlab infrastructure]


Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

Jan Kiszka
 

On 20.10.22 18:24, Schultschik, Sven wrote:


-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:58
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>; cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>

+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause-Patent"
+
+inherit dpkg
+
+SRC_URI =
"gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;destsuff
ix=git/edk2;rev=edk2-stable${PV} \
+
+git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuff
+ix=git/edk2-platforms;rev=3b896d1a325686de3942723c42f286090453e37a \
- gitsm (see patch 1/7)
- please factor out revisions into separate variables

Or can we also address the revisions via release tags? The recipe carries a
release version number in the end...
I checked and edk2-platforms does not have any tags. In theory you could use always the latest. But then you can't reproduce the builds.
The version of the recipe is the tag for the edk2 repository, which is already in use
Indeed, seems revisions are managed via the tags in edk2 and the
submodule shas there. Or via edk2-edkrepo-manifest (sigh...).

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

Schultschik, Sven
 

-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 15:22
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>;
cip-dev@...
Betreff: Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

On 19.10.22 15:14, Schultschik, Sven (DI PA DCP R&D 2) wrote:


-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:58
An: Schultschik, Sven (DI PA DCP R&D 2)
<sven.schultschik@...>; cip- dev@...
Betreff: Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause-Patent"
+
+inherit dpkg
+
+SRC_URI =
"gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;d
estsuff
ix=git/edk2;rev=edk2-stable${PV} \
+
+git://github.com/tianocore/edk2-platforms.git;protocol=https;destsu
+ff
+ix=git/edk2-
platforms;rev=3b896d1a325686de3942723c42f286090453e37a
+\
- gitsm (see patch 1/7)
EDK2 really uses submodules which need to be pulled

- please factor out revisions into separate variables

Or can we also address the revisions via release tags? The recipe
carries a release version number in the end...

+ file://debian \
+ "
+S = "${WORKDIR}/git"
+
+BUILD_DEPENDS += ""
+
+TEMPLATE_FILES = "debian/changelog.tmpl debian/control.tmpl
debian/rules.tmpl"
+TEMPLATE_VARS += "BUILD_DEPENDS S"
+
+ISAR_CROSS_COMPILE = "0"
Why?
EDK2 has it's own build parameter for the target architecture, which
activates cross compile Within EDK2 build which breaks if isar cross is
activated.
build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n
$(shell nproc)

You suggest to turn it off and try if isar cross compile could be enough?
Cross-compile should give you some relevant toolchain bits and libs at least.
And it makes sure that you have a native toolchain for the build environment,
rather than running with emulation for that.

If you need different compiler settings, adjust the rules file.
Currently strugling with the "true" cross compile. At some point it seems to use the wrong compiler.

gcc: error: unrecognized command-line option ‘-mlittle-endian’
| Building ... /<<PKGBUILDDIR>>/edk2/MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf [AARCH64]
| gcc: error: unrecognized command-line option ‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’?
| gcc: error: unrecognized command-line option ‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’?


Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

Schultschik, Sven
 

-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:58
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>; cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>

+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause-Patent"
+
+inherit dpkg
+
+SRC_URI =
"gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;destsuff
ix=git/edk2;rev=edk2-stable${PV} \
+
+git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuff
+ix=git/edk2-platforms;rev=3b896d1a325686de3942723c42f286090453e37a \
- gitsm (see patch 1/7)
- please factor out revisions into separate variables

Or can we also address the revisions via release tags? The recipe carries a
release version number in the end...
I checked and edk2-platforms does not have any tags. In theory you could use always the latest. But then you can't reproduce the builds.
The version of the recipe is the tag for the edk2 repository, which is already in use


KernelCI, gitlab testing notes

Pavel Machek
 

Hi!

* 4.4 kernelci warnings

https://linux.kernelci.org/build/cip/branch/linux-4.4.y-cip/kernel/v4.4.302-cip70-98-g7f7838c92740f/

Thanks for pointer. This looks good. Most of warnings are
"net/ipv4/inet_hashtables.c:608:68: warning: suggest parentheses
around ‘+’ in operand of ‘&’ [-Wparentheses]" which is my fault and on
my TODO list.

* SMC QEMU x86-64

https://storage.kernelci.org/cip/linux-4.4.y-cip/v4.4.302-cip70-98-g7f7838c92740f/x86_64/x86_64_defconfig/gcc-10/lab-collabora/smc-qemu_x86_64.html

Ok, I'll need to know more about the config. Is it possible that qemu
runs paravirtualized -- KVM?

If yes, we are basically testing whatever hardware it happens to run
on. Not good.

If no... the "soft" cpu it runs on does not have those bugs.

* Understanding gitlab results

+https://gitlab.com/cip-project/cip-kernel/linux-cip/-/jobs/3184699360

Ok, so what should I be looking at?

-----------------------------------
374All submitted tests were successful
375-----------------------------------
376------------------------------
377Job Summary
378------------------------------
379Job #763143 Finished. Job health: Complete. URL: https://lava.ciplatform.org/scheduler/job/763143
380Job #763147 Finished. Job health: Complete. URL: https://lava.ciplatform.org/scheduler/job/763147
382

I have see. "Job health: incomplete" and that indicated problems. I
see "All submitted tests were successful". I guess that's ok.

https://gitlab.com/cip-project/cip-kernel/linux-cip/-/jobs/3141003858

Now that's pretty evil:

* 0_spectre-meltdown-checker-test.CVE-2018-12126 [fail]
266* 0_spectre-meltdown-checker-test.CVE-2018-3646 [pass]
...
288-----------------------------------
289All submitted tests were successful
290-----------------------------------
291

First, make it stand out visually. [pass] => [ok] and [fail] =>
[FAILURE] or something like that.

Second, saying all tests were successful (line 289) when there's
failure is ... confusing.

* LTP failures

I'm not sure where we run this or how. Anyway.

https://lava.ciplatform.org/scheduler/job/763461

I picked up one failure randomly, and that's config failure, not
kernel failure: utimensat01 1 TBROK: can't read /etc/sudoers

Not sure what is going there: quotactl01. Do we have quotas enabled?
syslog01 and friends is also failing. Is syslog configured correctly?

I guess best way would be to run ltp on 4.4-mainline, 4.4.302, 4.4-cip
and compare the results.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: New CVE entries this week

Masami Ichikawa
 

Hi.

On Thu, Oct 20, 2022 at 4:58 PM Pavel Machek <pavel@...> wrote:

Hi!

CVE-2022-3523: mm/memory.c: fix race when faulting a device private page

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel. It has been classified as
problematic. Affected is an unknown function of the file mm/memory.c
of the component Driver Handler. The manipulation leads to use after
free.
...
This fix is based on Memory folios feature so that it cannot apply to
older kernels straightly.
Sounds like fun, but changelog also says:

During normal usage it is unlikely these will cause any problems.
However
without these fixes it is possible to crash the kernel from
userspace.
These crashes can be triggered either by unloading the kernel
module or
unbinding the device from the driver prior to a userspace task
exiting.

Yeah, so.. don't let untrusted users play with modules / device
bindings. We don't do that by default.

CVE-2022-3524: tcp/udp: Fix memory leak in ipv6_renew_options().

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
ipv6_renew_options of the component IPv6 Handler. The manipulation
leads to memory leak. The attack can be launched remotely.

CVSS v3 score is 7.5 HIGH(NIST).
CVSS v3 score is 4.3 MEDIUM(VulDB).

Kernel 4.4 is also affected by this issue. applying this fix needs to
modify the patch.

Fixed status
mainline: [3c52c6bb831f6335c176a0fc7214e26f43adbd11]
Sounds like more fun.

CVE-2022-3535: net: mvpp2: fix mvpp2 debugfs leak

CVSS v3 score is not provided(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability classified as problematic was found in Linux Kernel.
Affected by this vulnerability is the function mvpp2_dbgfs_port_init
of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the
component mvpp2. The manipulation leads to memory leak.

Introduced by commit 21da57a ("net: mvpp2: add a debugfs interface for
the Header Parser") in 4.19-rc1.
4.4, 4.9, 4.10, and 4.19 kernels are not affected by this issue.
4.19-rc1 means that 4.19 is affected, and indeed that commit is in
4.19-stable. Due to severity of the vulnerability (very low), I don't
think we care much.
oops, you're right. 4.19 is affected.
4.19 is not listed in the ignore section in CVE-2022-3535.yml. so I
made a mistake when writing this report.

CVE-2022-3565: mISDN: fix use-after-free bugs in l1oip timer handlers

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability, which was classified as critical, has been found in
Linux Kernel. Affected by this issue is the function del_timer of the
file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The
manipulation leads to use after free.
"Critial" -- really? mISDN does not have much to do with bluetooth. i
don't think we care.
I think it is not a critical vulnerability. Sometimes NVD's
description is exaggerated :(

CVE-2022-3566: tcp: Fix data races around icsk->icsk_af_ops.

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability, which was classified as problematic, was found in
Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt
of the component TCP Handler. The manipulation leads to race
conditions.
There's no race in the compile code assuming sane compiler; this is
just READ_ONCE() annotation for the tools.

I wonder if we should simply ignore anything that is "medium" or
lower? This is not too useful. There are _lot_ of READ_ONCE
annotations:
I think it is okay to ignore low score vulnerabilities.
I think it is okay to ignore low score vulnerabilities. I think if
vulnerability to local privilege escalation/remote code
execution/remote DoS, the score will get high or at least medium.

rc-v5.10.132.list:a just a READ_ONCE annotation |dd36fc0e5 1f1be0 o: 5.10| sysctl: Fix data races in proc_dointvec().
rc-v5.10.132.list:a just a READ_ONCE annotation |3c353ca70 4762b5 o: 5.10| sysctl: Fix data races in proc_douintvec().
rc-v5.10.132.list:a just a READ_ONCE annotation |2d706aadb f613d8 o: 5.10| sysctl: Fix data races in proc_dointvec_minmax().
rc-v5.10.132.list:a just a READ_ONCE annotation |23f9db9f8 2d3b55 o: 5.10| sysctl: Fix data races in proc_douintvec_minmax().
rc-v5.10.132.list:a just a READ_ONCE annotation |3b18d2877 c31bcc o: 5.10| sysctl: Fix data races in proc_doulongvec_minmax().
rc-v5.10.132.list:a just a READ_ONCE annotation |fbb481c6c e87782 o: 5.10| sysctl: Fix data races in proc_dointvec_jiffies().
rc-v5.10.132.list:a just a READ_ONCE annotation |569565b31 47e6ab o: 5.10| tcp: Fix a data-race around sysctl_tcp_max_orphans.
rc-v5.10.132.list:a just a READ_ONCE annotation |1ffd2f3ca 3d32ed o: 4.19| inetpeer: Fix data-races around sysctl.
rc-v5.10.132.list:a just a READ_ONCE annotation |759957e29 310731 o: 4.19| net: Fix data-races around sysctl_mem.
rc-v5.10.132.list:a not a minimum fix, just a READ_ONCE annotation |2afb079f1 dd44f0 o: 4.9| cipso: Fix data-races around sysctl.
rc-v5.10.132.list:a just a READ_ONCE annotation |cc7dc7f73 48d7ee o: 4.9| icmp: Fix data-races around sysctl.
rc-v5.10.132.list:a just a READ_ONCE annotation |ecc3b5b6d 73318c o: 5.10| ipv4: Fix a data-race around sysctl_fib_sync_mem.
rc-v5.10.132.list:a just a READ_ONCE annotation |8c0062e3d 2a4eb7 o: 4.19| icmp: Fix a data-race around sysctl_icmp_ratelimit.
rc-v5.10.132.list:a just a READ_ONCE annotation |abf7c1c68 1ebcb2 o: 4.19| icmp: Fix a data-race around sysctl_icmp_ratemask.
rc-v5.10.132.list:a not a minimum fix, just a READ_ONCE annotation |66a01e657 e49e4a o: 4.9| ipv4: Fix data-races around sysctl_ip_dynaddr.
rc-v5.10.132.list:a just a READ_ONCE annotation |a9f8eb955 bdf00b o: 5.10| nexthop: Fix data-races around nexthop_compat_mode.
rc-v5.10.137.list:a just a READ_ONCE annotation |6a5c5b381 4915d5 o: 5.10| inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
rc-v5.10.137.list:a just a READ_ONCE annotation, not a minimum fix |8d69424fb 5d368f o: 5.10| ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
rc-v5.10.137.list:a just a READ_ONCE annotation |1651eed8e 08a75f o: 5.10| tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
rc-v5.10.140.list:a just a READ_ONCE annotation |1cf035989 027395 o: 5.10| net: Fix data-races around sysctl_[rw]mem(_offset)?.
rc-v5.10.140.list:a just a READ_ONCE annotation |c430cce0f 1227c1 o: 5.10| net: Fix data-races around sysctl_[rw]mem_(max|default).
rc-v5.10.140.list:a just a READ_ONCE annotation |0ca09591c 5dcd08 o: 5.10| net: Fix data-races around netdev_max_backlog.
rc-v5.10.140.list:a just a READ_ONCE annotation |c9a25e523 61adf4 o: 4.19| net: Fix data-races around netdev_tstamp_prequeue.
rc-v5.10.140.list:a just a READ_ONCE annotation |33a56c470 7de6d0 o: 5.10| net: Fix data-races around sysctl_optmem_max.
rc-v5.10.140.list:a just a READ_ONCE annotation |b88a8545b d2154b o: 4.9| net: Fix a data-race around sysctl_tstamp_allow_data.
rc-v5.10.140.list:a just a READ_ONCE annotation |ff5a88e37 c42b7c o: 4.9| net: Fix a data-race around sysctl_net_busy_poll.
rc-v5.10.140.list:a just a READ_ONCE annotation |b99764a7c e59ef3 o: 4.9| net: Fix a data-race around sysctl_net_busy_read.
rc-v5.10.140.list:a just a READ_ONCE annotation |6d73091c1 fa45d4 o: 4.19| net: Fix a data-race around netdev_budget_usecs.
rc-v5.10.140.list:a just a READ_ONCE annotation |99e03c89b 3c9ba8 o: 4.9| net: Fix a data-race around sysctl_somaxconn.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |b88a8545b d2154b o: 4.9| net: Fix a data-race around sysctl_tstamp_allow_data.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |ff5a88e37 c42b7c o: 4.9| net: Fix a data-race around sysctl_net_busy_poll.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |b99764a7c e59ef3 o: 4.9| net: Fix a data-race around sysctl_net_busy_read.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |99e03c89b 3c9ba8 o: 4.9| net: Fix a data-race around sysctl_somaxconn.
rc-v5.10.14X-pre.list:a just a READ_ONCE annotation 5.10 05/16] cgroup: Remove data-race around cgrp_dfl_visible
rc-v5.10.150.list:a just a READ_ONCE annotation |1b3ae95b2 aacd46 o: 4.9| tcp: annotate data-race around tcp_md5sig_pool_populated

CVE-2022-3567: ipv6: Fix data races around sk->sk_prot.

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability has been found in Linux Kernel and classified as
problematic. This vulnerability affects the function
inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The
manipulation leads to race conditions.

According to the commit log, commit 086d490 ("ipv6: annotate some
data-races around sk->sk_prot") fixes a race condition bug but it was
not enough.
Therefore it seems that both commit 086d490 and 364f997 need to fix
this issue.
This is a tiny bit more serious than usual READ_ONCE annotations,
but...

CVE-2022-3541: eth: sp7021: fix use after free bug in
spl2sw_nvmem_get_mac_address

CVSS v3 score is 7.8 HIGH(NIST).
CVSS v3 score is 5.5 MEDIUM(VulDB).

A vulnerability classified as critical has been found in Linux Kernel.
This affects the function spl2sw_nvmem_get_mac_address of the file
drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The
manipulation leads to use after free.
Component BPF?

CVE-2022-3594: r8152: Rate limit overflow messages

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
intr_callback of the file drivers/net/usb/r8152.c of the component
BPF. The manipulation leads to logging of excessive data. The attack
can be launched remotely.

Fixed status
mainline: [93e2be344a7db169b7119de21ac1bf253b8c6907]
The "attack" is writing line to syslog. Seems like every bug can get a
CVE if someone tries.
yeah, even though remote user could write lots of data in the syslog
with this issue, it seems to be a normal bug.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


Re: New CVE entries this week

Pavel Machek
 

Hi!

CVE-2022-3523: mm/memory.c: fix race when faulting a device private page

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel. It has been classified as
problematic. Affected is an unknown function of the file mm/memory.c
of the component Driver Handler. The manipulation leads to use after
free.
...
This fix is based on Memory folios feature so that it cannot apply to
older kernels straightly.
Sounds like fun, but changelog also says:

During normal usage it is unlikely these will cause any problems.
However
without these fixes it is possible to crash the kernel from
userspace.
These crashes can be triggered either by unloading the kernel
module or
unbinding the device from the driver prior to a userspace task
exiting.

Yeah, so.. don't let untrusted users play with modules / device
bindings. We don't do that by default.

CVE-2022-3524: tcp/udp: Fix memory leak in ipv6_renew_options().

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
ipv6_renew_options of the component IPv6 Handler. The manipulation
leads to memory leak. The attack can be launched remotely.

CVSS v3 score is 7.5 HIGH(NIST).
CVSS v3 score is 4.3 MEDIUM(VulDB).

Kernel 4.4 is also affected by this issue. applying this fix needs to
modify the patch.

Fixed status
mainline: [3c52c6bb831f6335c176a0fc7214e26f43adbd11]
Sounds like more fun.

CVE-2022-3535: net: mvpp2: fix mvpp2 debugfs leak

CVSS v3 score is not provided(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability classified as problematic was found in Linux Kernel.
Affected by this vulnerability is the function mvpp2_dbgfs_port_init
of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the
component mvpp2. The manipulation leads to memory leak.

Introduced by commit 21da57a ("net: mvpp2: add a debugfs interface for
the Header Parser") in 4.19-rc1.
4.4, 4.9, 4.10, and 4.19 kernels are not affected by this issue.
4.19-rc1 means that 4.19 is affected, and indeed that commit is in
4.19-stable. Due to severity of the vulnerability (very low), I don't
think we care much.

CVE-2022-3565: mISDN: fix use-after-free bugs in l1oip timer handlers

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability, which was classified as critical, has been found in
Linux Kernel. Affected by this issue is the function del_timer of the
file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The
manipulation leads to use after free.
"Critial" -- really? mISDN does not have much to do with bluetooth. i
don't think we care.

CVE-2022-3566: tcp: Fix data races around icsk->icsk_af_ops.

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability, which was classified as problematic, was found in
Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt
of the component TCP Handler. The manipulation leads to race
conditions.
There's no race in the compile code assuming sane compiler; this is
just READ_ONCE() annotation for the tools.

I wonder if we should simply ignore anything that is "medium" or
lower? This is not too useful. There are _lot_ of READ_ONCE
annotations:

rc-v5.10.132.list:a just a READ_ONCE annotation |dd36fc0e5 1f1be0 o: 5.10| sysctl: Fix data races in proc_dointvec().
rc-v5.10.132.list:a just a READ_ONCE annotation |3c353ca70 4762b5 o: 5.10| sysctl: Fix data races in proc_douintvec().
rc-v5.10.132.list:a just a READ_ONCE annotation |2d706aadb f613d8 o: 5.10| sysctl: Fix data races in proc_dointvec_minmax().
rc-v5.10.132.list:a just a READ_ONCE annotation |23f9db9f8 2d3b55 o: 5.10| sysctl: Fix data races in proc_douintvec_minmax().
rc-v5.10.132.list:a just a READ_ONCE annotation |3b18d2877 c31bcc o: 5.10| sysctl: Fix data races in proc_doulongvec_minmax().
rc-v5.10.132.list:a just a READ_ONCE annotation |fbb481c6c e87782 o: 5.10| sysctl: Fix data races in proc_dointvec_jiffies().
rc-v5.10.132.list:a just a READ_ONCE annotation |569565b31 47e6ab o: 5.10| tcp: Fix a data-race around sysctl_tcp_max_orphans.
rc-v5.10.132.list:a just a READ_ONCE annotation |1ffd2f3ca 3d32ed o: 4.19| inetpeer: Fix data-races around sysctl.
rc-v5.10.132.list:a just a READ_ONCE annotation |759957e29 310731 o: 4.19| net: Fix data-races around sysctl_mem.
rc-v5.10.132.list:a not a minimum fix, just a READ_ONCE annotation |2afb079f1 dd44f0 o: 4.9| cipso: Fix data-races around sysctl.
rc-v5.10.132.list:a just a READ_ONCE annotation |cc7dc7f73 48d7ee o: 4.9| icmp: Fix data-races around sysctl.
rc-v5.10.132.list:a just a READ_ONCE annotation |ecc3b5b6d 73318c o: 5.10| ipv4: Fix a data-race around sysctl_fib_sync_mem.
rc-v5.10.132.list:a just a READ_ONCE annotation |8c0062e3d 2a4eb7 o: 4.19| icmp: Fix a data-race around sysctl_icmp_ratelimit.
rc-v5.10.132.list:a just a READ_ONCE annotation |abf7c1c68 1ebcb2 o: 4.19| icmp: Fix a data-race around sysctl_icmp_ratemask.
rc-v5.10.132.list:a not a minimum fix, just a READ_ONCE annotation |66a01e657 e49e4a o: 4.9| ipv4: Fix data-races around sysctl_ip_dynaddr.
rc-v5.10.132.list:a just a READ_ONCE annotation |a9f8eb955 bdf00b o: 5.10| nexthop: Fix data-races around nexthop_compat_mode.
rc-v5.10.137.list:a just a READ_ONCE annotation |6a5c5b381 4915d5 o: 5.10| inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
rc-v5.10.137.list:a just a READ_ONCE annotation, not a minimum fix |8d69424fb 5d368f o: 5.10| ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
rc-v5.10.137.list:a just a READ_ONCE annotation |1651eed8e 08a75f o: 5.10| tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
rc-v5.10.140.list:a just a READ_ONCE annotation |1cf035989 027395 o: 5.10| net: Fix data-races around sysctl_[rw]mem(_offset)?.
rc-v5.10.140.list:a just a READ_ONCE annotation |c430cce0f 1227c1 o: 5.10| net: Fix data-races around sysctl_[rw]mem_(max|default).
rc-v5.10.140.list:a just a READ_ONCE annotation |0ca09591c 5dcd08 o: 5.10| net: Fix data-races around netdev_max_backlog.
rc-v5.10.140.list:a just a READ_ONCE annotation |c9a25e523 61adf4 o: 4.19| net: Fix data-races around netdev_tstamp_prequeue.
rc-v5.10.140.list:a just a READ_ONCE annotation |33a56c470 7de6d0 o: 5.10| net: Fix data-races around sysctl_optmem_max.
rc-v5.10.140.list:a just a READ_ONCE annotation |b88a8545b d2154b o: 4.9| net: Fix a data-race around sysctl_tstamp_allow_data.
rc-v5.10.140.list:a just a READ_ONCE annotation |ff5a88e37 c42b7c o: 4.9| net: Fix a data-race around sysctl_net_busy_poll.
rc-v5.10.140.list:a just a READ_ONCE annotation |b99764a7c e59ef3 o: 4.9| net: Fix a data-race around sysctl_net_busy_read.
rc-v5.10.140.list:a just a READ_ONCE annotation |6d73091c1 fa45d4 o: 4.19| net: Fix a data-race around netdev_budget_usecs.
rc-v5.10.140.list:a just a READ_ONCE annotation |99e03c89b 3c9ba8 o: 4.9| net: Fix a data-race around sysctl_somaxconn.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |b88a8545b d2154b o: 4.9| net: Fix a data-race around sysctl_tstamp_allow_data.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |ff5a88e37 c42b7c o: 4.9| net: Fix a data-race around sysctl_net_busy_poll.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |b99764a7c e59ef3 o: 4.9| net: Fix a data-race around sysctl_net_busy_read.
rc-v5.10.140-sep7.list:a just a READ_ONCE annotation |99e03c89b 3c9ba8 o: 4.9| net: Fix a data-race around sysctl_somaxconn.
rc-v5.10.14X-pre.list:a just a READ_ONCE annotation 5.10 05/16] cgroup: Remove data-race around cgrp_dfl_visible
rc-v5.10.150.list:a just a READ_ONCE annotation |1b3ae95b2 aacd46 o: 4.9| tcp: annotate data-race around tcp_md5sig_pool_populated

CVE-2022-3567: ipv6: Fix data races around sk->sk_prot.

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability has been found in Linux Kernel and classified as
problematic. This vulnerability affects the function
inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The
manipulation leads to race conditions.

According to the commit log, commit 086d490 ("ipv6: annotate some
data-races around sk->sk_prot") fixes a race condition bug but it was
not enough.
Therefore it seems that both commit 086d490 and 364f997 need to fix
this issue.
This is a tiny bit more serious than usual READ_ONCE annotations,
but...

CVE-2022-3541: eth: sp7021: fix use after free bug in
spl2sw_nvmem_get_mac_address

CVSS v3 score is 7.8 HIGH(NIST).
CVSS v3 score is 5.5 MEDIUM(VulDB).

A vulnerability classified as critical has been found in Linux Kernel.
This affects the function spl2sw_nvmem_get_mac_address of the file
drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The
manipulation leads to use after free.
Component BPF?

CVE-2022-3594: r8152: Rate limit overflow messages

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
intr_callback of the file drivers/net/usb/r8152.c of the component
BPF. The manipulation leads to logging of excessive data. The attack
can be launched remotely.

Fixed status
mainline: [93e2be344a7db169b7119de21ac1bf253b8c6907]
The "attack" is writing line to syslog. Seems like every bug can get a
CVE if someone tries.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today. Our channel is the following:

irc:irc.libera.chat:6667/cip

The IRC meeting is scheduled to UTC (GMT) 12:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2022&month=10&day=20&hour=12&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
05:00 08:00 13:00 14:00 20:00 21:00

Last meeting minutes:
https://ircbot.wl.linuxfoundation.org/meetings/cip/2022/10/cip.2022-10-13-12.03.log.html

* Action items
1. Add qemu-riscv to cip-kernel-config - patersonc
2. Ask Florian to support with 4.4 kernel-ci reports - jki
* Kernel maintenance updates
* Kernel testing
* AOB

Jan


New CVE entries this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 23 new CVEs and 2 updated CVEs.
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720 are remote code
execution vulnerabilities. These CVEs are already fixed.

* New CVEs

CVE-2022-41674: fix u8 overflow in cfg80211_update_notlisted_nontrans

CVSS v3 score is 8.1 HIGH.

There is a buffer overflow bug in cfg80211_update_notlisted_nontrans()
which causes 2 bytes to be overwritten.
This overflow result leads to remote code execution.

This bug was introduced by commit 0b8fb82 ("cfg80211: Parsing of
Multiple BSSID information in scanning") in 5.1-rc1.
This commit isn't backported to 4.x kernels so 4.x kernels aren't
affected by this vulnerability.

Fixed status
mainline: [aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d]
stable/5.10: [a6408e0b694c1bdd8ae7dd0464a86b98518145ec]
stable/5.15: [9a8ef2030510a9d6ce86fd535b8d10720230811f]
stable/5.19: [42ea11a81ac853c3e870c70d61ab435d0b09b851]
stable/5.4: [020402c7dd587a8a4725d32bbd172a5f7ecc5f8f]
stable/6.0: [fc1ed6d0c9898a68da7f1f7843560dfda57683e2]

CVE-2022-42719: wifi: mac80211: fix MBSSID parsing use-after-free

CVSS v3 score is 8.8 HIGH.

There is a use-after-free bug in the mac80211 subsystem. The result
will cause a remote code execution.

This vulnerability was introduced by commit 5023b14 ("mac80211:
support profile split between elements") in 5.2-rc1.
The commit 5023b14cf4df is not backported to 4.x kernels. so they
aren't affected by this vulnerability.

Fixed status
mainline: [ff05d4b45dd89b922578dac497dcabf57cf771c6]
stable/5.10: [31ce5da48a845bac48930bbde1d45e7449591728]
stable/5.15: [de124365a7d2deed22cf706583930f28d537ff0f]
stable/5.19: [e6d77ac0132da7e73fdcc4a38dd4c40ac0226466]
stable/6.0: [4afcb8886800131f8dd58d82754ee0c508303d46]

CVE-2022-42720: wifi: cfg80211: fix BSS refcounting bugs

CVSS v3 score is 7.8 HIGH.

There is a use-after-free bug in cfg80211 subsystem. The result will
cause a remote code execution.

Introduced by commit a3584f5 ("cfg80211: Properly track transmitting
and non-transmitting BSS") which is not backported to 4.x kernels. so
they aren't affected by this vulnerability.

Fixed status
mainline: [0b7808818cb9df6680f98996b8e9a439fa7bcc2f]
stable/5.10: [6b944845031356f3e0c0f6695f9252a8ddc8b02f]
stable/5.15: [bfe29873454f38eb1a511a76144ad1a4848ca176]
stable/5.19: [46b23a9559580a72d8cc5811b1bce8db099806d6]
stable/5.4: [785eaabfe3103e8bfa36aebacff6e8f69f092ed7]
stable/6.0: [e97a5d7091e6d2df05f8378a518a9bbf81688b77]

CVE-2022-42721: wifi: cfg80211: avoid non transmitted BSS list corruption

CVSS v3 score is 5.5 MEDIUM.

If there is an invalid BSS(Basic Service Set), the cfg80211 subsystem
will loop the data forever. That causes DoS attacks.

Introduced by commit 0b8fb82 ("cfg80211: Parsing of Multiple BSSID
information in scanning") which is not backported to 4.x kernels. so
they aren't affected by this vulnerability.

Fixed status
mainline: [bcca852027e5878aec911a347407ecc88d6fff7f]
stable/5.10: [b0e5c5deb7880be5b8a459d584e13e1f9879d307]
stable/5.15: [0a8ee682e4f992eccce226b012bba600bb2251e2]
stable/5.19: [1d73c990e9bafc2754b1ced71345f73f5beb1781]
stable/5.4: [77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc]
stable/6.0: [377cb1ce85878c197904ca8383e6b41886e3994d]

CVE-2022-42722: wifi: mac80211: fix crash in beacon protection for P2P-device

CVSS v3 score is 5.5 MEDIUM.

There is a NULL pointer dereference bug in ieee80211_rx_h_decrypt()
and ieee80211_rx_h_decrypt() when processing beacon protection for
P2P-device. This bug leads to DoS attacks.

This bug was introduced by commit 9eaf183 ("mac80211: Report beacon
protection failures to user space") which is not backported to 5.4 and
4.x kernels. so they aren't affected by this vulnerability.

Fixed status
mainline: [b2d03cabe2b2e150ff5a381731ea0355459be09f]
stable/5.10: [58c0306d0bcd5f541714bea8765d23111c9af68a]
stable/5.15: [93a3a32554079432b49cf87f326607b2a2fab4f2]
stable/5.19: [fa63b5f6f8853ace755d9a23fb75817d5ba20df5]
stable/6.0: [8ed62f2df8ebcf79c185f1bc3e4f346ea0905da6]

CVE-2022-3521: kcm: avoid potential race in kcm_tx_work

CVSS v3 score is 2.5 LOW(NIST).
CVSS v3 score is 2.6 LOW(VulDB).

A vulnerability has been found in Linux Kernel and classified as
problematic. This vulnerability affects the function kcm_tx_work of
the file net/kcm/kcmsock.c of the component kcm. The manipulation
leads to race conditions.

This bug was introduced by ab7ac4e ("kcm: Kernel Connection
Multiplexor module") in 4.6-rc1.
The kcm was introduced in 4.6 so 4.4 kernel is not affected by this issue.

Fixed status
mainline: [ec7eede369fe5b0d085ac51fdbb95184f87bfc6c]

CVE-2022-3522: mm/hugetlb: use hugetlb_pte_stable in migration race check

CVSS v3 score is 7.0 HIGH(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel and classified as
problematic. This issue affects the function hugetlb_no_page of the
file mm/hugetlb.c. The manipulation leads to race conditions.

Commit 2ea7ff1 ("mm/hugetlb: fix race condition of uffd missing/minor
handling") in 6.1-rc1 added a new function called
hugetlb_pte_stable(). Commit f9bf6c0 ("mm/hugetlb: use
hugetlb_pte_stable in migration race check") uses the function so
applying this patch requires commit 2ea7ff1.

Fixed status
mainline: [f9bf6c03eca1077cae8de0e6d86427656fa42a9b]

CVE-2022-3523: mm/memory.c: fix race when faulting a device private page

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel. It has been classified as
problematic. Affected is an unknown function of the file mm/memory.c
of the component Driver Handler. The manipulation leads to use after
free.

Commit log said that.

```
When the CPU tries to access a device private page the migrate_to_ram()
callback associated with the pgmap for the page is called. However no
reference is taken on the faulting page. Therefore a concurrent migration
of the device private page can free the page and possibly the underlying
pgmap. This results in a race which can crash the kernel due to the
migrate_to_ram() function pointer becoming invalid. It also means drivers
can't reliably read the zone_device_data field because the page may have
been freed with memunmap_pages().
```

According to the above commit log, accessing invalid migrate_to_ram
pointer will cause a bug.
This migrate_to_ram pointer was added by commit 897e636 ("memremap:
add a migrate_to_ram method to struct dev_pagemap_ops") in 5.3-rc1.
Therefore, kernel versions from 5.3-rc1 to 6.1-rc1 are affected by
thid vulnerability.

This fix is based on Memory folios feature so that it cannot apply to
older kernels straightly.

- mm/migrate_device.c was introduced by commit 76cbbea ("mm: move the
migrate_vma_* device migration code into its own file") in 5.18-rc1.
- migrate_folio() was added into include/linux/migrate.h by commit
5418465 ("mm/migrate: Convert migrate_page() to migrate_folio()") in
6.0-rc1.
- Memory folios feature was introduced in 5.16.

Fixed status
mainline: [16ce101db85db694a91380aa4c89b25530871d33]

CVE-2022-3524: tcp/udp: Fix memory leak in ipv6_renew_options().

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
ipv6_renew_options of the component IPv6 Handler. The manipulation
leads to memory leak. The attack can be launched remotely.

CVSS v3 score is 7.5 HIGH(NIST).
CVSS v3 score is 4.3 MEDIUM(VulDB).

Kernel 4.4 is also affected by this issue. applying this fix needs to
modify the patch.

Fixed status
mainline: [3c52c6bb831f6335c176a0fc7214e26f43adbd11]

CVE-2022-3526: macvlan: Fix leaking skb in source mode with nodst option

CVSS v3 score is 7.5 HIGH(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability classified as problematic was found in Linux Kernel.
This vulnerability affects the function macvlan_handle_frame of the
file drivers/net/macvlan.c of the component skb. The manipulation
leads to memory leak. The attack can be initiated remotely.

Introduced by 427f0c8 ("macvlan: Add nodst option to macvlan type
source") in 5.13-rc1.
Before 5.13-rc1 kernels are not affected.

Fixed status
mainline: [e16b859872b87650bb55b12cca5a5fcdc49c1442]
stable/5.15: [8f79ce226ad2e9b2ec598de2b9560863b7549d1b]

CVE-2022-3531: selftest/bpf: Fix memory leak in kprobe_multi_test

CVSS v3 score is 5.7 MEDIUM(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability was found in Linux Kernel. It has been classified as
problematic. This affects the function get_syms of the file
tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c of the
component BPF. The manipulation leads to memory leak.

Introduced by commit 5b6c7e5c4434 ("selftests/bpf: Add attach bench
test") in 5.19-rc1. It isn't backported to older kernels.
btw, users shouldn't run kselftest on their production environment, anyway.

Fixed status
Fixed in bpf-next tree as of 2022-10-18.

CVE-2022-3532: selftests/bpf: Fix memory leak caused by not destroying skeleton

CVSS v3 score is 5.7 MEDIUM(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. This vulnerability affects the function
test_map_kptr_success/test_fentry of the component BPF. The
manipulation leads to memory leak.

Introduced by commit 0ef6740e9777 ("selftests/bpf: Add tests for
kptr_ref refcounting") in 5.19-rc1 and 1642a3945e22 ("selftests/bpf:
Add struct argument tests with fentry/fexit programs.") in 6.1-rc1.
These commits are not backported to stable kernels.
Users shouldn't run kselftest on their production environment, anyway.

4.4, 4.9, 4.14, 4.19, 5.4, and 5.10 kernels are not affected by this issue.

Fixed status
Fixed in bpf-next tree as of 2022-10-18.

CVE-2022-3535: net: mvpp2: fix mvpp2 debugfs leak

CVSS v3 score is not provided(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability classified as problematic was found in Linux Kernel.
Affected by this vulnerability is the function mvpp2_dbgfs_port_init
of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the
component mvpp2. The manipulation leads to memory leak.

Introduced by commit 21da57a ("net: mvpp2: add a debugfs interface for
the Header Parser") in 4.19-rc1.
4.4, 4.9, 4.10, and 4.19 kernels are not affected by this issue.

Fixed status
mainline: [0152dfee235e87660f52a117fc9f70dc55956bb4]

CVE-2022-3543: af_unix: Fix memory leaks of the whole sk due to OOB skb.

CVSS v3 score is 5.5 MEDIUM(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability, which was classified as problematic, has been found
in Linux Kernel. This issue affects the function
unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c
of the component BPF. The manipulation leads to memory leak.

Introduced by commit 314001f ("af_unix: Add OOB support") in 5.15-rc1.
This commit is not backported to older kernels.
4.4, 4.9, 4.14, 4.19, 5.4, and 5.10 kernels are not affected by this issue.

Fixed status.
mainline: [7a62ed61367b8fd01bae1e18e30602c25060d824]

CVE-2022-3564: Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.5 MEDIUM(VulDB).

A vulnerability classified as critical was found in Linux Kernel.
Affected by this vulnerability is the function l2cap_reassemble_sdu of
the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
manipulation leads to use after free. I

Introduced by commit d2a7ac5d5d3a ("Bluetooth: Add the ERTM receive
state machine") in 3.6-rc1 and 4b51dae96731 ("Bluetooth: Add streaming
mode receive and incoming packet classifier") in 3.6-rc1.

Fixed status
fixed in bluetooth-next tree as of 2022-10-18

CVE-2022-3565: mISDN: fix use-after-free bugs in l1oip timer handlers

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability, which was classified as critical, has been found in
Linux Kernel. Affected by this issue is the function del_timer of the
file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The
manipulation leads to use after free.

Fixed status
mainline: [2568a7e0832ee30b0a351016d03062ab4e0e0a3f]

CVE-2022-3566: tcp: Fix data races around icsk->icsk_af_ops.

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability, which was classified as problematic, was found in
Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt
of the component TCP Handler. The manipulation leads to race
conditions.

Fixed status
mainline: [f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57]

CVE-2022-3567: ipv6: Fix data races around sk->sk_prot.

CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM(VulDB).

A vulnerability has been found in Linux Kernel and classified as
problematic. This vulnerability affects the function
inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The
manipulation leads to race conditions.

According to the commit log, commit 086d490 ("ipv6: annotate some
data-races around sk->sk_prot") fixes a race condition bug but it was
not enough.
Therefore it seems that both commit 086d490 and 364f997 need to fix this issue.

Fixed status
mainline: [364f997b5cfe1db0d63a390fe7c801fa2b3115f6]

CVE-2022-2602: io_uring/af_unix: defer registered files gc to io_uring release

CVSS v3 score is not provided.

A use-after-free bug was found in the io_uring subsystem. When
io_uring releasing registered fds, Unix socket Garbage Collection
process is used. If Unix GC is run before io_uring released fds, a
use-after-free bug will happen. That causes local privilege escalation
vulnerability.

Fixed status
mainline: [0091bfc81741b8d3aeb3b7ab8636f911b2de6e80]

CVE-2022-3542: bnx2x: fix potential memory leak in bnx2x_tpa_stop()

CVSS v3 score is 5.5 MEDIUM(NIST).
CVSS v3 score is 3.5 LOW(VulDB).

A vulnerability classified as problematic was found in Linux Kernel.
This vulnerability affects the function bnx2x_tpa_stop of the file
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF.
The manipulation leads to memory leak.

This bug was in a driver for Broadcom NetXtremeII 10 gigabit Ethernet
cards (CONFIG_BNX2X).

Fixed status
mainline: [b43f9acbb8942b05252be83ac25a81cec70cc192]

CVE-2022-3545: nfp: fix use-after-free in area_cache_get()

CVSS v3 score is 7.8 HIGH(NIST).
CVSS v3 score is 5.5 MEDIUM(VulDB).

A vulnerability has been found in Linux Kernel and classified as
critical. Affected by this vulnerability is the function
area_cache_get of the file
drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the
component IPsec. The manipulation leads to use after free.

The nfp/nfpcore was added by 4cb584e0 ("nfp: add CPP access core") in
4.11-rc1. So, 4.4 and 4.9 are not affected.

Fixed status
mainline: [02e1a114fdb71e59ee6770294166c30d437bf86a]

CVE-2022-3541: eth: sp7021: fix use after free bug in
spl2sw_nvmem_get_mac_address

CVSS v3 score is 7.8 HIGH(NIST).
CVSS v3 score is 5.5 MEDIUM(VulDB).

A vulnerability classified as critical has been found in Linux Kernel.
This affects the function spl2sw_nvmem_get_mac_address of the file
drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The
manipulation leads to use after free.

This issue was introduced by commit fd3040b ("net: ethernet: Add
driver for Sunplus SP7021") in 5.19-rc1.
Therefore, 4.x, 5.10, and 5.15 kernels are not affected by this issue.

Fixed status
mainline: [12aece8b01507a2d357a1861f470e83621fbb6f2]

CVE-2022-3594: r8152: Rate limit overflow messages

CVSS v3 score is not provided(NIST).
CVSS v3 score is 5.3 MEDIUM(VulDB).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
intr_callback of the file drivers/net/usb/r8152.c of the component
BPF. The manipulation leads to logging of excessive data. The attack
can be launched remotely.

Fixed status
mainline: [93e2be344a7db169b7119de21ac1bf253b8c6907]

* Updated CVEs

CVE-2022-3303: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

5.10 was fixed this week.

Fixed status
mainline: [8423f0b6d513b259fdab9c9bf4aaa6188d054c2d]
stable/5.10: [fce793a056c604b41a298317cf704dae255f1b36]
stable/5.15: [8015ef9e8a0ee5cecfd0cb6805834d007ab26f86]
stable/5.19: [723ac5ab2891b6c10dd6cc78ef5456af593490eb]
stable/5.4: [4051324a6dafd7053c74c475e80b3ba10ae672b0]

CVE-2022-40768: scsi: stex: properly zero out the passthrough command structure

stable 5.10, 5.15, 5.19, 5.4, and 6.0 were fixed this week.

Fixed status
mainline: [6022f210461fef67e6e676fd8544ca02d1bcfa7a]
stable/5.10: [36b33c63515a93246487691046d18dd37a9f589b]
stable/5.15: [76efb4897bc38b2f16176bae27ae801037ebf49a]
stable/5.19: [6ae8aa5dcf0d7ada07964c8638e55d3af5896a86]
stable/5.4: [20a5bde605979af270f94b9151f753ec2caf8b05]
stable/6.0: [b9b7369d89924a366b20045dc26dc4dc6b0567a4]


Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


Re: [isar-cip-core][PATCH] Update ISAR revision

Jan Kiszka
 

On 19.10.22 15:43, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Update for downstream layers.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas-cip.yml | 2 +-
kas/opt/swupdate.yml | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/kas-cip.yml b/kas-cip.yml
index 24062c5..10f4594 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -22,7 +22,7 @@ repos:

isar:
url: https://github.com/ilbers/isar.git
- refspec: 0daa55195f0f55465a367aec1ceeec5f26c161af
+ refspec: fc4f004eb67237d9d09b1ffad0de1a19217fa94a
layers:
meta:

diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index b2bff64..f0d3f1b 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -24,3 +24,4 @@ local_conf_header:
IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
INITRAMFS_INSTALL_append = " initramfs-squashfs-hook"
+ WIC_DEPLOY_PARTITIONS = "1"
Thanks, applied.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


[isar-cip-core][PATCH] Update ISAR revision

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Update for downstream layers.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas-cip.yml | 2 +-
kas/opt/swupdate.yml | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/kas-cip.yml b/kas-cip.yml
index 24062c5..10f4594 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -22,7 +22,7 @@ repos:

isar:
url: https://github.com/ilbers/isar.git
- refspec: 0daa55195f0f55465a367aec1ceeec5f26c161af
+ refspec: fc4f004eb67237d9d09b1ffad0de1a19217fa94a
layers:
meta:

diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index b2bff64..f0d3f1b 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -24,3 +24,4 @@ local_conf_header:
IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
INITRAMFS_INSTALL_append = " initramfs-squashfs-hook"
+ WIC_DEPLOY_PARTITIONS = "1"
--
2.35.1


Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

Jan Kiszka
 

On 19.10.22 15:21, Schultschik, Sven (DI PA DCP R&D 2) wrote:


-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:44
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>;
cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>

The recipe provides the possibility to create optee-os binaries for
use inside of an qemu secureboot setup with edk2, rpmb, u-boot and
uefi

Signed-off-by: Sven Schultschik <sven.schultschik@...>
---
.../op-tee/optee-os-qemu-arm64_3.17.0.bb | 57 +++++++++++++++++++
recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 7 +++
recipes-bsp/u-boot/u-boot-common.inc | 6 +-
3 files changed, 67 insertions(+), 3 deletions(-) create mode 100644
recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb

diff --git a/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
new file mode 100644
index 000000000..5e60041af
--- /dev/null
+++ b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
@@ -0,0 +1,57 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Sven Schultschik <sven.schultschik@...> # #
+SPDX-License-Identifier: MIT #
+
+HOMEPAGE =
"https://github.c
om%2FOP-
TEE%2Foptee_os&amp;data=05%7C01%7Csven.schultschik%40siemens.com%7
C4f98c0d0333a4da5414a08dab1bee02e%7C38ae3bcd95794fd4addab42e1495d
55a%7C1%7C0%7C638017730602326587%7CUnknown%7CTWFpbGZsb3d8eyJ
WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C
3000%7C%7C%7C&amp;sdata=EnwEqlIP690Rw3fcrJv0Wc9dfcAc%2BN8h4O%2B
yRdvsXX4%3D&amp;reserved=0"
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause"
+
+require recipes-bsp/optee-os/optee-os-custom.inc
+
+SRC_URI += " \
+ gitsm://github.com/OP-
TEE/optee_os.git;branch=master;protocol=https;destsuffix=git;rev=${PV}"

Do we really need the second-class supported gitsm fetcher here? Also,
destsuffix and rev are both redundant (they are defaults).
I tried your suggestion and removed destsuffix and rev and now I remember
why I added it initially:

SRC_URI += " \
git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"

optee-os-qemu-arm64-3.17.0-r0 do_fetch: Fetcher failure for URL:
'git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https'. Please
set a valid SRCREV for url ['SRCREV_default_pn-optee-os-qemu-arm64',
'SRCREV_default', 'SRCREV_pn-optee-os-qemu-arm64', 'SRCREV'] (possible key
names are git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https,
or use a ;rev=X URL parameter)
Right, it gives you an even better suggestion than I what to do /wrt
SRCREV when you have multiple repos (not here but in edk2).

--
Siemens AG, Technology
Competence Center Embedded Linux


Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

Schultschik, Sven
 

-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:44
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>;
cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>

The recipe provides the possibility to create optee-os binaries for
use inside of an qemu secureboot setup with edk2, rpmb, u-boot and
uefi

Signed-off-by: Sven Schultschik <sven.schultschik@...>
---
.../op-tee/optee-os-qemu-arm64_3.17.0.bb | 57 +++++++++++++++++++
recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 7 +++
recipes-bsp/u-boot/u-boot-common.inc | 6 +-
3 files changed, 67 insertions(+), 3 deletions(-) create mode 100644
recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb

diff --git a/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
new file mode 100644
index 000000000..5e60041af
--- /dev/null
+++ b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
@@ -0,0 +1,57 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Sven Schultschik <sven.schultschik@...> # #
+SPDX-License-Identifier: MIT #
+
+HOMEPAGE =
"https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c
om%2FOP-
TEE%2Foptee_os&amp;data=05%7C01%7Csven.schultschik%40siemens.com%7
C4f98c0d0333a4da5414a08dab1bee02e%7C38ae3bcd95794fd4addab42e1495d
55a%7C1%7C0%7C638017730602326587%7CUnknown%7CTWFpbGZsb3d8eyJ
WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C
3000%7C%7C%7C&amp;sdata=EnwEqlIP690Rw3fcrJv0Wc9dfcAc%2BN8h4O%2B
yRdvsXX4%3D&amp;reserved=0"
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause"
+
+require recipes-bsp/optee-os/optee-os-custom.inc
+
+SRC_URI += " \
+ gitsm://github.com/OP-
TEE/optee_os.git;branch=master;protocol=https;destsuffix=git;rev=${PV}"

Do we really need the second-class supported gitsm fetcher here? Also,
destsuffix and rev are both redundant (they are defaults).
I tried your suggestion and removed destsuffix and rev and now I remember
why I added it initially:

SRC_URI += " \
git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"

optee-os-qemu-arm64-3.17.0-r0 do_fetch: Fetcher failure for URL:
'git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https'. Please
set a valid SRCREV for url ['SRCREV_default_pn-optee-os-qemu-arm64',
'SRCREV_default', 'SRCREV_pn-optee-os-qemu-arm64', 'SRCREV'] (possible key
names are git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https,
or use a ;rev=X URL parameter)


Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

Jan Kiszka
 

On 19.10.22 15:14, Schultschik, Sven (DI PA DCP R&D 2) wrote:


-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:58
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>; cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause-Patent"
+
+inherit dpkg
+
+SRC_URI =
"gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;destsuff
ix=git/edk2;rev=edk2-stable${PV} \
+
+git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuff
+ix=git/edk2-platforms;rev=3b896d1a325686de3942723c42f286090453e37a \
- gitsm (see patch 1/7)
EDK2 really uses submodules which need to be pulled

- please factor out revisions into separate variables

Or can we also address the revisions via release tags? The recipe carries a
release version number in the end...

+ file://debian \
+ "
+S = "${WORKDIR}/git"
+
+BUILD_DEPENDS += ""
+
+TEMPLATE_FILES = "debian/changelog.tmpl debian/control.tmpl
debian/rules.tmpl"
+TEMPLATE_VARS += "BUILD_DEPENDS S"
+
+ISAR_CROSS_COMPILE = "0"
Why?
EDK2 has it's own build parameter for the target architecture, which activates cross compile
Within EDK2 build which breaks if isar cross is activated.
build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc)

You suggest to turn it off and try if isar cross compile could be enough?
Cross-compile should give you some relevant toolchain bits and libs at
least. And it makes sure that you have a native toolchain for the build
environment, rather than running with emulation for that.

If you need different compiler settings, adjust the rules file.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

Schultschik, Sven
 

-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:58
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>; cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 2/7] add recipe for for edk2

On 19.10.22 11:21, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-2-Clause-Patent"
+
+inherit dpkg
+
+SRC_URI =
"gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;destsuff
ix=git/edk2;rev=edk2-stable${PV} \
+
+git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuff
+ix=git/edk2-platforms;rev=3b896d1a325686de3942723c42f286090453e37a \
- gitsm (see patch 1/7)
EDK2 really uses submodules which need to be pulled

- please factor out revisions into separate variables

Or can we also address the revisions via release tags? The recipe carries a
release version number in the end...

+ file://debian \
+ "
+S = "${WORKDIR}/git"
+
+BUILD_DEPENDS += ""
+
+TEMPLATE_FILES = "debian/changelog.tmpl debian/control.tmpl
debian/rules.tmpl"
+TEMPLATE_VARS += "BUILD_DEPENDS S"
+
+ISAR_CROSS_COMPILE = "0"
Why?
EDK2 has it's own build parameter for the target architecture, which activates cross compile
Within EDK2 build which breaks if isar cross is activated.
build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc)

You suggest to turn it off and try if isar cross compile could be enough?

Sven


Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

Jan Kiszka
 

On 19.10.22 15:05, Schultschik, Sven (DI PA DCP R&D 2) wrote:


-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:44
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>; cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

+ gcc-arm-linux-gnueabihf,"
+
+OPTEE_EXTRA_BUILDARGS =
"CFG_STMM_PATH=/usr/lib/edk2/BL32_AP_MM.fd CFG_RPMB_FS=y \
+ CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288
CFG_RPMB_WRITE_KEY=1 \
+ CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
+ CFG_REE_FS=n\
+ CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1
CFG_SCTLR_ALIGNMENT_CHECK=n \
+ CFG_ARM64_core=y CFG_CORE_ARM64_PA_BITS=48"
+
+ISAR_CROSS_COMPILE = "0"
This looks wrong, specifically as you are installing a 32-bit cross-compiler and
calling a 64-bit one as well below.
Optee has it's own weired way to cross compile. If you configure optee for arm64 and activate ISAR cross compile it breaks.
That is at least not generally true:
https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/optee-os/optee-os-iot2050_3.18.0.bb


Just come in my mind. I could delete the exports completly and set isar cross compile to true. So deactivate the
Cross compile of optee and use the isar one. I will test if this will work.
Will be curious to see the result.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

Schultschik, Sven
 

-----Ursprüngliche Nachricht-----
Von: Kiszka, Jan (T CED) <jan.kiszka@...>
Gesendet: Mittwoch, 19. Oktober 2022 12:44
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@...>; cip-
dev@...
Betreff: Re: [isar-cip-core][PATCH 1/7] add recipe for optee qemu arm64

+ gcc-arm-linux-gnueabihf,"
+
+OPTEE_EXTRA_BUILDARGS =
"CFG_STMM_PATH=/usr/lib/edk2/BL32_AP_MM.fd CFG_RPMB_FS=y \
+ CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288
CFG_RPMB_WRITE_KEY=1 \
+ CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
+ CFG_REE_FS=n\
+ CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1
CFG_SCTLR_ALIGNMENT_CHECK=n \
+ CFG_ARM64_core=y CFG_CORE_ARM64_PA_BITS=48"
+
+ISAR_CROSS_COMPILE = "0"
This looks wrong, specifically as you are installing a 32-bit cross-compiler and
calling a 64-bit one as well below.
Optee has it's own weired way to cross compile. If you configure optee for arm64 and activate ISAR cross compile it breaks.

Just come in my mind. I could delete the exports completly and set isar cross compile to true. So deactivate the
Cross compile of optee and use the isar one. I will test if this will work.


+
+dpkg_runbuild_prepend() {
+ # $(ARCH) is the CPU architecture to be built.
+ # Currently, the only supported value is arm for 32-bit or 64-bit Armv7-A or
Armv8-A.
+ # Please note that contrary to the Linux kernel, $(ARCH) should not be set
to arm64 for 64-bit builds.
+ export ARCH="arm"
+ export CROSS_COMPILE32=arm-linux-gnueabihf-
+ export CROSS_COMPILE64=aarch64-linux-gnu-
That is a deprecated style, and sbuild will complain. Move into the rules file.
Sven

321 - 340 of 10122