|
KernelCI reports
Hi! First... what I am currently using for testing: gitlab; I simply watch for green ticks there. It takes ~15 minutes to get results. Red cross in compile stage is pretty sure sign of build error. Re
Hi! First... what I am currently using for testing: gitlab; I simply watch for green ticks there. It takes ~15 minutes to get results. Red cross in compile stage is pretty sure sign of build error. Re
|
By
Pavel Machek
· #8586
·
|
|
[4.4.y] cred_getsecid hook
Hi! ... Let me see. 4.19 has that commit; it was merged during merge window. 4.9 does not have that commit. If CVE-2021-39686 is important to you, right way forward would be to backport neccessary cha
Hi! ... Let me see. 4.19 has that commit; it was merged during merge window. 4.9 does not have that commit. If CVE-2021-39686 is important to you, right way forward would be to backport neccessary cha
|
By
Pavel Machek
· #8582
·
|
|
Reported 4.4.y-st issue from Flamefire
#cip
Hi! Upstream said this code is correct and affected drivers should be fixed, instead, so we don't plan to do anything here. Best regards, Pavel
Hi! Upstream said this code is correct and affected drivers should be fixed, instead, so we don't plan to do anything here. Best regards, Pavel
|
By
Pavel Machek
· #8581
·
|
|
New CVE entries this week
Hi! They certainly have good marketing and clearly want attention. Whether they deserve attention... is hard to tell. Maybe situation will be more clear after reading the paper. There are three more v
Hi! They certainly have good marketing and clearly want attention. Whether they deserve attention... is hard to tell. Maybe situation will be more clear after reading the paper. There are three more v
|
By
Pavel Machek
· #8570
·
|
|
4.4 backports -- x86 speculation
Hi! It seems this patch depends on a65655d40c8235. I have backported it an am proceeding with testing. Best regards, Pavel
Hi! It seems this patch depends on a65655d40c8235. I have backported it an am proceeding with testing. Best regards, Pavel
|
By
Pavel Machek
· #8557
·
|
|
4.4 backports -- x86 speculation
Hi! My tree currently looks like this: 882867c873bbf048cd3574a3fda18742726839b8 x86/retpoline: Remove minimal retpoline support 5a5cafcebb8d249808b0bd63ca75642e5e1ec821 x86/retpoline: Make CONFIG_RETP
Hi! My tree currently looks like this: 882867c873bbf048cd3574a3fda18742726839b8 x86/retpoline: Remove minimal retpoline support 5a5cafcebb8d249808b0bd63ca75642e5e1ec821 x86/retpoline: Make CONFIG_RETP
|
By
Pavel Machek
· #8556
·
|
|
4.4 backports -- x86 speculation
Hi! With all the patches applied, I get this: https://gitlab.com/cip-project/cip-kernel/linux-cip/-/jobs/2581576742 LD arch/x86/platform/intel-mid/built-in.o 1704 CC arch/x86/platform/efi/efi.o 1705 C
Hi! With all the patches applied, I get this: https://gitlab.com/cip-project/cip-kernel/linux-cip/-/jobs/2581576742 LD arch/x86/platform/intel-mid/built-in.o 1704 CC arch/x86/platform/efi/efi.o 1705 C
|
By
Pavel Machek
· #8555
·
|
|
4.4 backports -- x86 speculation
Hi! (I put mailing list in the cc). > > > And possibly these? > > > > > > 4.9.306: speculation fixes, mostly x86 + 7833a9b54 > > > > > > ** !M | 890fb470c 0cbb76 o | x86/speculation: Add RETPOLINE_AMD
Hi! (I put mailing list in the cc). > > > And possibly these? > > > > > > 4.9.306: speculation fixes, mostly x86 + 7833a9b54 > > > > > > ** !M | 890fb470c 0cbb76 o | x86/speculation: Add RETPOLINE_AMD
|
By
Pavel Machek
· #8550
·
|
|
New CVE entries this week
Hi! Thanks for CVEs. I think there's another one we need to track -- CVE-2021-4034 -- kernel vs pkexec API confusion leads to easy local root. I created an initial yml and pushed it to the repository.
Hi! Thanks for CVEs. I think there's another one we need to track -- CVE-2021-4034 -- kernel vs pkexec API confusion leads to easy local root. I created an initial yml and pushed it to the repository.
|
By
Pavel Machek
· #8521
·
|
|
pkexec vs kernel -- root to anyone who asks nicely
Hi! Yes, it is same thing... see dcd46d897adb70d63e025f175a00a89797d31a43 and https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt . Pkexec is gnome-related, so should not be too usual on embedd
Hi! Yes, it is same thing... see dcd46d897adb70d63e025f175a00a89797d31a43 and https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt . Pkexec is gnome-related, so should not be too usual on embedd
|
By
Pavel Machek
· #8501
·
|
|
pkexec vs kernel -- root to anyone who asks nicely
Hi! There's a security problem in pkexec vs. kernel interaction. Impact is local root. If you want to get root on someone else's system, it should be easy right now. It is fixed in 5.18, 5.10.120, and
Hi! There's a security problem in pkexec vs. kernel interaction. Impact is local root. If you want to get root on someone else's system, it should be easy right now. It is fixed in 5.18, 5.10.120, and
|
By
Pavel Machek
· #8497
·
|
|
Kernel hardening / security documentation
Hi! Below is document about kernel security I have mentioned on the irc. But looking at it some more, TSC might have been looking at easier "turn this CONFIG on and this off" kind of hardening. I'll l
Hi! Below is document about kernel security I have mentioned on the irc. But looking at it some more, TSC might have been looking at easier "turn this CONFIG on and this off" kind of hardening. I'll l
|
By
Pavel Machek
· #8483
·
|
|
Reported 4.4.y-st issue from Flamefire
#cip
Hi! Thanks for the report. Unfortunately, mainline seems to be different here. Looking at the code, is min < 0 in your case? Best regards, Pavel
Hi! Thanks for the report. Unfortunately, mainline seems to be different here. Looking at the code, is min < 0 in your case? Best regards, Pavel
|
By
Pavel Machek
· #8482
·
|
|
[ANNOUNCE] v4.4.302-cip69-rt39 (-rt232)
Hi! New realtime trees should be available at kernel.org. Trees are available at https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-4.4.y-cip-rt https://git.kernel.org/pub/
Hi! New realtime trees should be available at kernel.org. Trees are available at https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-4.4.y-cip-rt https://git.kernel.org/pub/
|
By
Pavel Machek
· #8416
·
|
|
CIP IRC weekly meeting today on libera.chat
Hi! https://www.timeanddate.com/worldclock/meetingdetails.html?year=2022&month=5&day=12&hour=12&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248 I'm not sure if I'll be able to make it today. I wa
Hi! https://www.timeanddate.com/worldclock/meetingdetails.html?year=2022&month=5&day=12&hour=12&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248 I'm not sure if I'll be able to make it today. I wa
|
By
Pavel Machek
· #8338
·
|
|
Coordintaing -rt releases in May
Hi! Ok, I created 5.10.109-based -rt release. I believe that would be rather "strange". I could do 4.19.240-rt108-cip72 based release, but I guess it will be better to wait for next 4.19-rt and do a m
Hi! Ok, I created 5.10.109-based -rt release. I believe that would be rather "strange". I could do 4.19.240-rt108-cip72 based release, but I guess it will be better to wait for next 4.19-rt and do a m
|
By
Pavel Machek
· #8286
·
|
|
[ANNOUNCE] v5.10.109-cip5-rt4
Hi! New realtime trees should be available at kernel.org. Trees are available at https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-5.10.y-cip-rt https://git.kernel.org/pub
Hi! New realtime trees should be available at kernel.org. Trees are available at https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-5.10.y-cip-rt https://git.kernel.org/pub
|
By
Pavel Machek
· #8279
·
|
|
linux-4.4.y-cip-rebase: patches in wrong order?
Hi! In previous linux-4.4.y-cip-rebases, order of patches was: git log: [CIP patches] [Greg's stable tree] [Linus tree] With start of self-maintainance, we now have: git log: [-st patches] [CIP patche
Hi! In previous linux-4.4.y-cip-rebases, order of patches was: git log: [CIP patches] [Greg's stable tree] [Linus tree] With start of self-maintainance, we now have: git log: [-st patches] [CIP patche
|
By
Pavel Machek
· #8254
·
|
|
4.19 oopses on socfpga
Hi! I tried to do some testing, but it fails on two targets: https://gitlab.com/cip-project/cip-kernel/linux-cip/-/pipelines/522211501 And failed test says: https://lava.ciplatform.org/scheduler/job/6
Hi! I tried to do some testing, but it fails on two targets: https://gitlab.com/cip-project/cip-kernel/linux-cip/-/pipelines/522211501 And failed test says: https://lava.ciplatform.org/scheduler/job/6
|
By
Pavel Machek
· #8228
·
|
|
4.19 oopses on socfpga
Hi! There's oops during boot on socfpga: 4.19.240-cip72-00010-g0ffbb4b1066 -- https://lava.ciplatform.org/scheduler/job/669893 4.19.240-rc1-g5e5c9d690926 -- https://lava.ciplatform.org/scheduler/job/6
Hi! There's oops during boot on socfpga: 4.19.240-cip72-00010-g0ffbb4b1066 -- https://lava.ciplatform.org/scheduler/job/669893 4.19.240-rc1-g5e5c9d690926 -- https://lava.ciplatform.org/scheduler/job/6
|
By
Pavel Machek
· #8227
·
|