They all seemed to involve communication with the owner of a PCIe Virtual Function (VF). A VF might be assigned to a VM or privileged process. In Civil Infrastructure systems those should already be t

I will be leaving Codethink next month, and will no longer be working directly on CIP. (With my Debian hat on, I may still submit merge requests to the cip-kernel-sec repository.) My last working day

Please push them directly. Ben.

[...] I was going to suggest you do that, for other reasons. I didn't realise you weren't able to do so. It looks you have been granted that permission now, is that right? Ben.

[...] I think this script is trying to do too many different things: 1. Importing data from NVD 2. Importing data from Debian security tracker 3. Parsing an existing report (!) 4. Generating a new rep

OK. Possibly... but then: 1. You have to make sure that builds are only signed when the source is from a tag signed by one of a defined set of trusted keys. 2. You have to somehow keep the signing key

Including punctuation in the date may make it more readable. Also the day-of-month could be omitted if there will be no more than one release per month. An md5sum would help to detect accidental corru

The security tracker shows a lot of fixes missing from 4.4. Ben.

That's what I would do. This reference is wrong; the upstream commit is 6f601265215a421f425ba3a4850a35861d024643. Also the usual format for this reference has "upstream." after the commit hash. [...]

I also had a go at this before catching up on cip-dev and finding you had also done so. So I've compared this with my version. I haven't done real testing yet either. This leaves the ret variable unus

[...] Some self-tests will fail on older kernel versions due to missing features or bugs that might not be practically fixable. Test cases can report "skip" rather than "fail" for missing features, bu

[...] [...] When bisection finds a commit touching code that you're not even building, the answer should not be "don't ask me why" but "this is not a reproducible bug". Ben.

On Wed, 2020-01-08 at 04:02 +0000, nobuhiro1.iwamatsu@... wrote: [...] > > Any idea what is going on there? Which version is ok and which should > > be adjusted? > > I already fixed these is

[+cc cip-dev]

Yes they are the *.sources files. [...] They require a kernel repository with the CIP branches, and suitable compilers installed. Ben. Pavel

[...] The failing assertions were added by "pinctrl: sh-pfc: Validate pins/marks in pin groups at build time". We could revert that one patch, but it seems to be detecting actual bugs in r8a7740.c, so

So far as I could see, the only hardening option enabled there is PIE. That's good for user-space but can't be used in the kernel (currently). There is another source of default tool-chain options for

This might seem clear to you, but at least for source code I think it's less clear. Also, if the copyright holder is required to license it under GPL to comply with the kernel's copyright license, tha

On Thu, 2019-08-08 at 12:05 +0000, Chris Paterson wrote: [...] > Do Debian make any changes/fixes in their gcc package? Yes, they are usually snapshots of a release branch, with some cherry- picked fi

I suspect the intent is to work without a trailing " ", but you're right that this parsing is rather lax. All attribute writes should be going through kernfs_fop_write(), which writes a null terminato