Cip-kernel-sec Updates for Week of 2021-02-18


Pavel Machek
 

Hi!

Linus doesn't seem to be processing PRs for the new merge window yet,
so we might have to wait a while before the Xen ones are fixed and
backported.
Well, Xen is not a typical thing to run on embbeded hardware, but I
did not check the configs.
I see Renesas and Siemens have it enabled. Is Xen still relevant?
Or has everyone switched over to KVM + QEMU?
Where is the mentioned kernel config located? I wasn't able to find the
correct git tree.

We already had a short internal discussion and are quite sure that we
don't need it. Just point me to the configuration. We will review again
and come up with the necessary patch to disable it.
It should be in

https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/tree/master/

One example is:

https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/blob/master/4.19.y-cip/x86/siemens_iot2000.config

If there are other options that can be disabled (maybe you don't need
CONFIG_UNIXWARE_DISKLABEL=y), that would be good to know, too.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


florian.bezdeka@siemens.com
 

On Thu, 2021-02-18 at 17:52 +0800, Chen-Yu Tsai (Moxa) wrote:
On Thu, Feb 18, 2021 at 5:49 PM Pavel Machek <pavel@denx.de> wrote:

On Thu 2021-02-18 17:21:57, Chen-Yu Tsai wrote:
Hi everyone,

Five new issues this week:

CVE-2021-20239 [setsockopt copy_from_user error] - fixed in 5.4 and
removed from 5.10
CVE-2021-26930 [xen-blkback error handling] - PR sent
CVE-2021-26931 [xen backends: BUG_ON in error handling] - PR sent
CVE-2021-26932 [xen grant mapping error handling] - PR sent
CVE-2021-26934 [xen unsupported driver] - Xen documentation change
stating be-alloc display driver is unsupported

Linus doesn't seem to be processing PRs for the new merge window yet,
so we might have to wait a while before the Xen ones are fixed and
backported.
Well, Xen is not a typical thing to run on embbeded hardware, but I
did not check the configs.
I see Renesas and Siemens have it enabled. Is Xen still relevant?
Or has everyone switched over to KVM + QEMU?
Where is the mentioned kernel config located? I wasn't able to find the
correct git tree.

We already had a short internal discussion and are quite sure that we
don't need it. Just point me to the configuration. We will review again
and come up with the necessary patch to disable it.


It seems Linus is having power problems:
I read the headline on Phoronix, but didn't know it was this bad.
That also explains why lkml.org was completely empty yesterday.


ChenYu

Best regards,
                                                                Pavel

Date: Tue, 16 Feb 2021 12:25:06 -0800
From: Linus Torvalds <torvalds@linuxfoundation.org>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: users@linux.kernel.org
Subject: Re: [kernel.org users] Partial power outage in the PDX
datacentre

[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 2.2K --]

Sadly, the power at my house is still entirely out, although cell
service
has now been fixed so at least I can read some email without walking
outside.

But with no power for my laptop or workstation, I won't be starting
the
merge window until power is back more widely in they Portland area.

My neighborhood is likely not a priority, so it very possibly will be
a few
more days (so far without power since Sunday evening).

Even the local highway 43 (ok, not a big highway, but still) is still
closed down two days later due to downed trees.

        Linus


--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Chen-Yu Tsai (Moxa) <wens@...>
 

On Thu, Feb 18, 2021 at 5:49 PM Pavel Machek <pavel@denx.de> wrote:

On Thu 2021-02-18 17:21:57, Chen-Yu Tsai wrote:
Hi everyone,

Five new issues this week:

CVE-2021-20239 [setsockopt copy_from_user error] - fixed in 5.4 and
removed from 5.10
CVE-2021-26930 [xen-blkback error handling] - PR sent
CVE-2021-26931 [xen backends: BUG_ON in error handling] - PR sent
CVE-2021-26932 [xen grant mapping error handling] - PR sent
CVE-2021-26934 [xen unsupported driver] - Xen documentation change
stating be-alloc display driver is unsupported

Linus doesn't seem to be processing PRs for the new merge window yet,
so we might have to wait a while before the Xen ones are fixed and
backported.
Well, Xen is not a typical thing to run on embbeded hardware, but I
did not check the configs.
I see Renesas and Siemens have it enabled. Is Xen still relevant?
Or has everyone switched over to KVM + QEMU?

It seems Linus is having power problems:
I read the headline on Phoronix, but didn't know it was this bad.
That also explains why lkml.org was completely empty yesterday.


ChenYu

Best regards,
Pavel

Date: Tue, 16 Feb 2021 12:25:06 -0800
From: Linus Torvalds <torvalds@linuxfoundation.org>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: users@linux.kernel.org
Subject: Re: [kernel.org users] Partial power outage in the PDX
datacentre

[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 2.2K --]

Sadly, the power at my house is still entirely out, although cell
service
has now been fixed so at least I can read some email without walking
outside.

But with no power for my laptop or workstation, I won't be starting
the
merge window until power is back more widely in they Portland area.

My neighborhood is likely not a priority, so it very possibly will be
a few
more days (so far without power since Sunday evening).

Even the local highway 43 (ok, not a big highway, but still) is still
closed down two days later due to downed trees.

Linus


--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Pavel Machek
 

On Thu 2021-02-18 17:21:57, Chen-Yu Tsai wrote:
Hi everyone,

Five new issues this week:

CVE-2021-20239 [setsockopt copy_from_user error] - fixed in 5.4 and
removed from 5.10
CVE-2021-26930 [xen-blkback error handling] - PR sent
CVE-2021-26931 [xen backends: BUG_ON in error handling] - PR sent
CVE-2021-26932 [xen grant mapping error handling] - PR sent
CVE-2021-26934 [xen unsupported driver] - Xen documentation change
stating be-alloc display driver is unsupported

Linus doesn't seem to be processing PRs for the new merge window yet,
so we might have to wait a while before the Xen ones are fixed and
backported.
Well, Xen is not a typical thing to run on embbeded hardware, but I
did not check the configs.

It seems Linus is having power problems:

Best regards,
Pavel

Date: Tue, 16 Feb 2021 12:25:06 -0800
From: Linus Torvalds <torvalds@linuxfoundation.org>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: users@linux.kernel.org
Subject: Re: [kernel.org users] Partial power outage in the PDX
datacentre

[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 2.2K --]

Sadly, the power at my house is still entirely out, although cell
service
has now been fixed so at least I can read some email without walking
outside.

But with no power for my laptop or workstation, I won't be starting
the
merge window until power is back more widely in they Portland area.

My neighborhood is likely not a priority, so it very possibly will be
a few
more days (so far without power since Sunday evening).

Even the local highway 43 (ok, not a big highway, but still) is still
closed down two days later due to downed trees.

Linus


--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Chen-Yu Tsai (Moxa) <wens@...>
 

Hi everyone,

Five new issues this week:

CVE-2021-20239 [setsockopt copy_from_user error] - fixed in 5.4 and
removed from 5.10
CVE-2021-26930 [xen-blkback error handling] - PR sent
CVE-2021-26931 [xen backends: BUG_ON in error handling] - PR sent
CVE-2021-26932 [xen grant mapping error handling] - PR sent
CVE-2021-26934 [xen unsupported driver] - Xen documentation change
stating be-alloc display driver is unsupported

Linus doesn't seem to be processing PRs for the new merge window yet,
so we might have to wait a while before the Xen ones are fixed and
backported.


ChenYu