| *** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has joined #cip | 05:59 | |
| *** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has quit IRC (Quit: Konversation terminated!) | 06:13 | |
| *** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has joined #cip | 06:19 | |
| *** toscalix_ <toscalix_!~agustinbe@239.red-79-144-155.dynamicip.rima-tde.net> has joined #cip | 07:23 | |
| *** toscalix_ <toscalix_!~agustinbe@239.red-79-144-155.dynamicip.rima-tde.net> has quit IRC (Client Quit) | 07:24 | |
| *** toscalix_ <toscalix_!~agustinbe@239.red-79-144-155.dynamicip.rima-tde.net> has joined #cip | 07:26 | |
| *** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has joined #cip | 08:06 | |
| *** uli <uli!~uli@55d44b04.access.ecotel.net> has joined #cip | 08:44 | |
| *** toscalix_ is now known as toscalix | 10:49 | |
| *** monstr <monstr!~monstr@2a02:768:2307:40d6::f9e> has joined #cip | 11:01 | |
| *** masami <masami!~masami@FL1-125-198-44-131.tky.mesh.ad.jp> has joined #cip | 11:42 | |
| *** jki <jki!~jki@195.145.170.194> has joined #cip | 11:54 | |
| jki | hi everyone! | 12:00 |
|---|---|---|
| patersonc[m] | Hello | 12:01 |
| uli | hello | 12:01 |
| iwamatsu | hi | 12:01 |
| masami | hi | 12:01 |
| pave1 | hi | 12:02 |
| jki | ok, let's go | 12:03 |
| jki | #startmeeting CIP IRC weekly meeting | 12:03 |
| collab-meetbot | Meeting started Thu Oct 6 12:03:13 2022 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot. | 12:03 |
| collab-meetbot | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 12:03 |
| collab-meetbot | The meeting name has been set to 'cip_irc_weekly_meeting' | 12:03 |
| *** collab-meetbot changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 12:03 | |
| jki | #topic AI review | 12:03 |
| *** collab-meetbot changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 12:03 | |
| jki | 1. Resolve/ignore failures of KernelCI on 4.4-cip - alicefm | 12:03 |
| jki | likely no news without alicefm around | 12:04 |
| jki | 2. Add qemu-riscv to cip-kernel-config - patersonc | 12:04 |
| patersonc[m] | Ah sorry, not done yet | 12:04 |
| patersonc[m] | Although I don't remember that action ;) | 12:05 |
| jki | read the logs ;) | 12:05 |
| patersonc[m] | Ah yes, I've read up now :P | 12:05 |
| patersonc[m] | Sorry | 12:05 |
| jki | np | 12:05 |
| alicefm | Hi | 12:05 |
| jki | Hi! | 12:05 |
| jki | alicefm: anything to add on AI #1? | 12:05 |
| alicef | no | 12:06 |
| jki | any other AI-related topics? | 12:06 |
| jki | 3 | 12:07 |
| jki | 2 | 12:07 |
| jki | 1 | 12:07 |
| jki | #topic Kernel maintenance updates | 12:07 |
| *** collab-meetbot changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 12:07 | |
| uli | done with 5.10.146 | 12:07 |
| iwamatsu | I reviewed 5.10.146 and 5.10.147. | 12:07 |
| masami | This week reported 7 new CVEs and 2 updated CVEs. | 12:07 |
| pave1 | Reviewing 5.10.147. | 12:08 |
| masami | according to the Debian security tracker, they decided to ignore CVE-2022-23816, CVE-2022-29900 and CVE-2022-29901 for buster(linux 4.19) | 12:08 |
| masami | https://security-tracker.debian.org/tracker/CVE-2022-29900 | 12:08 |
| pave1 | CVE-2022-40307 should now be patched in 4.4-cip. | 12:08 |
| pave1 | CVE-2022-23816, | 12:10 |
| pave1 | +CVE-2022-29900 and CVE-2022-29901 -- that is retpoline stuff, AFAICT. | 12:10 |
| pave1 | If stable takes the backports (unlikely), we | 12:10 |
| pave1 | will inherit them. But I don't believe we want to do much more. | 12:11 |
| pave1 | Complain to Intel & AMD if they sold you a buggy CPU :-(. | 12:11 |
| masami | I found patch for 4.4-cip. thanks. https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/commit/?h=linux-4.4.y-cip&id=7f7838c92740fa423a5a3f12c00ed02d92851254 | 12:11 |
| pave1 | [Intel made it clear that we can expect more of the similar bugs in future :-(.] | 12:12 |
| masami | it looks was if e need a lot of effort to backport patches :( | 12:13 |
| masami | s/was/as | 12:13 |
| jki | I think we had the discussion already on threat scenarios for our domain when meltdown showed up | 12:14 |
| jki | if we communicate clearly what we will (not) do with 4.4 here, we should be able to skip this | 12:15 |
| pave1 | That would be 4.4 and 4.19, if I understand that correctly. | 12:15 |
| masami | mainline, 5.18, and 5.10 were fixed but 4.x series are not yet. | 12:17 |
| jki | then even for 4.19 - the key question is, though, if CIP members agree that there are no use cases of untrustworthy workload aside sensitive one | 12:17 |
| pave1 | jki: On affected CPUs. | 12:19 |
| jki | sure | 12:19 |
| pave1 | jki: I believe this is going to repeat in future, and perhaps we should start pointing out that "out-of-order CPUs are not suitable for protecting sensitive data". | 12:20 |
| jki | which will not prevent people from designing new systems at least that will have this expectation | 12:22 |
| pave1 | jki: Not really. Just use CPU that is suitable for the job. | 12:22 |
| pave1 | There should be PowerPCs suitable, Cortex A53 & friends, most RISC-Vs. | 12:23 |
| jki | in-order will not deliver you the performance you need when co-locating modern workloads | 12:23 |
| jki | but this discussion is possibly a bit too fundamental for this round | 12:24 |
| patersonc[m] | pave1: That doesn't help users who are in a situation where they can't just swap out the processor for 10+ years - which was kinda the original point of CIP | 12:24 |
| pave1 | Don't do it, then. At least Intel made it clear that security is not their priority. | 12:24 |
| pave1 | patersonc: True. But in control applications people are still using in-order CPUs I believe. | 12:25 |
| pave1 | And if you have sensitive data & untrusted userspace, then you a) should not really do that and b) at least use suitable CPU. | 12:25 |
| patersonc[m] | sure | 12:26 |
| jki | so, I would now inform the members about our plan to not back-port anything related at next TSC | 12:29 |
| jki | any concerns about this? | 12:29 |
| pave1 | I guess so. -stable is not backporting it, and this would be likely a lot of work. | 12:29 |
| jki | any other maintenance topics? | 12:30 |
| jki | 3 | 12:31 |
| jki | 2 | 12:31 |
| jki | 1 | 12:31 |
| jki | #topic Kernel testing | 12:31 |
| *** collab-meetbot changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 12:31 | |
| patersonc[m] | We have some issues with the gitlab runners. 1) Runners seem to be "not found", even though jobs are already running on them (thanks pavel) 2) Container builds using kaniko aren't working | 12:33 |
| patersonc[m] | Our runner boss is travelling this week and will look into it more next week | 12:33 |
| alicefm | Jki i just replayed to the gitlab issue about creating cip-core on KernelCI and closed it. as that work is already done. | 12:33 |
| alicefm | Thanks for reminding | 12:34 |
| jki | is the runner topic blocking us? | 12:34 |
| patersonc[m] | jkl: I started adding risc-v build support to our gitlab CI testing setup - but was blocked by the second runner issue above | 12:34 |
| patersonc[m] | s/jkl/jki/ | 12:35 |
| jki | let me check if someone else could help | 12:35 |
| patersonc[m] | Thanks | 12:36 |
| patersonc[m] | The other issue is also a pain for kernel testing in general | 12:36 |
| patersonc[m] | The KernelCI testing side of things obviously isn't affected though | 12:37 |
| patersonc[m] | alicef: do you know if kernelci is already testing qemu-riscv? | 12:38 |
| patersonc[m] | I forgot to check | 12:38 |
| alicefm | Sorry im not sure about that | 12:38 |
| alicefm | https://github.com/kernelci/kernelci-core/pull/1460 | 12:39 |
| alicefm | There is some effort on that direction | 12:40 |
| jki | but only fairly recently... | 12:40 |
| alicefm | Yes is some recent effort | 12:41 |
| alicefm | But will be merged soon | 12:43 |
| patersonc[m] | When it is we'll enable testing on the CIP kernel | 12:44 |
| patersonc[m] | s/kernel/kernels/ | 12:44 |
| patersonc[m] | s/kernel/kernels, assuming it works/ | 12:44 |
| pave1 | :-) | 12:44 |
| alicefm | Yes! | 12:44 |
| jki | it should at least in QEMU ;) | 12:45 |
| jki | but they are brave to take random sid-ports... | 12:46 |
| jki | anyway - anything else on testing? | 12:46 |
| patersonc[m] | I don't think so | 12:47 |
| jki | 3 | 12:47 |
| jki | 2 | 12:47 |
| jki | 1 | 12:47 |
| jki | #topic AOB | 12:47 |
| *** collab-meetbot changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 12:47 | |
| alicefm | Yes all for me also | 12:47 |
| jki | no other businesses? | 12:50 |
| patersonc[m] | Nope | 12:51 |
| jki | then let's close in... | 12:51 |
| jki | 3 | 12:51 |
| jki | 2 | 12:51 |
| jki | 1 | 12:51 |
| jki | #endmeeting | 12:52 |
| collab-meetbot | Meeting ended Thu Oct 6 12:52:00 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 12:52 |
| collab-meetbot | Minutes: http://ircbot.wl.linuxfoundation.org/meetings/cip/2022/10/cip.2022-10-06-12.03.html | 12:52 |
| collab-meetbot | Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/cip/2022/10/cip.2022-10-06-12.03.txt | 12:52 |
| collab-meetbot | Log: http://ircbot.wl.linuxfoundation.org/meetings/cip/2022/10/cip.2022-10-06-12.03.log.html | 12:52 |
| *** collab-meetbot changes topic to "Civil Infrastructure Platform Project. CIP mailing list at https://lists.cip-project.org/g/cip-dev | CIP kernel meeting every Thursday at 12:00 UTC | Find the meeting logs at https://ircbot.wl.linuxfoundation.org/meetings/cip/ and chat logs at https://ircbot.wl.linuxfoundation.org/logs/%23cip/"" | 12:52 | |
| jki | thanks all! | 12:52 |
| pave1 | Thank you! | 12:52 |
| uli | thanks | 12:52 |
| masami | thank you | 12:52 |
| patersonc[m] | jki: Thank you for looking into the RZ/Five. prabhakarlad is going to port the board to the latest u-boot to help with the distro booting etc. | 12:52 |
| alicefm | Thanks you | 12:52 |
| iwamatsu | thank you | 12:52 |
| jki | patersonc[m]: thanks - even more important now would be understanding the Debian issues | 12:52 |
| jki | that could be critical for moving forward, with Debian or with that hardware | 12:53 |
| patersonc[m] | Sure | 12:53 |
| jki | did we get early samples of the CPU or already rather final ones? | 12:53 |
| patersonc[m] | Sadly almost all of our experiences are with Poky, not Debian | 12:54 |
| jki | that is unrelated | 12:54 |
| patersonc[m] | It's a production version | 12:54 |
| jki | it is a crash in userspace that needs to be understood, if there is a toolchain / package issue (Debian's problem), a kernel problem, or a HW bug | 12:54 |
| patersonc[m] | Lots of variables | 12:55 |
| patersonc[m] | What toolchain were you using? | 12:55 |
| jki | the fact that things worked so far with Poky and buildroot(?) is indicating that we may be able to resolve the issue in software | 12:55 |
| jki | Debian sid's | 12:55 |
| jki | all Debian, that's the CIP strategy ;) | 12:55 |
| jki | at least source-wise | 12:56 |
| patersonc[m] | :) | 12:56 |
| jki | Debian may miss some patch, like your kernel was missing something as well | 12:56 |
| jki | but then we should resolve that as well | 12:56 |
| patersonc[m] | Sure | 12:56 |
| jki | I'm no expert in the architecture, so I also do not feel ready yet to open a debian bug here | 12:57 |
| patersonc[m] | It's a shame that we haven't got everything upstreamed yet, but these things take time... | 12:57 |
| jki | I know | 12:57 |
| jki | maybe you can find someone how can reproduce and further analyze the CPU state when the trap occurs, maybe via jtag? | 12:58 |
| patersonc[m] | Yea | 13:00 |
| jki | patersonc[m]: Michael will look into the runner issue tomorrow, he said | 13:00 |
| jki | and I will arrange that Quirin can do so as well next time ;) | 13:00 |
| jki | oh, and if kernelci should pick up that PR regarding using Debian, and you want to hook your board into kernelci, you really want to fix this issue as well :D | 13:02 |
| patersonc[m] | jki: Thank you! | 13:02 |
| *** jki <jki!~jki@195.145.170.194> has quit IRC (Quit: Leaving) | 13:19 | |
| *** masami <masami!~masami@FL1-125-198-44-131.tky.mesh.ad.jp> has quit IRC (Quit: Leaving) | 13:44 | |
| *** uli <uli!~uli@55d44b04.access.ecotel.net> has left #cip (Leaving) | 14:09 | |
| *** monstr <monstr!~monstr@2a02:768:2307:40d6::f9e> has quit IRC (Remote host closed the connection) | 14:47 | |
| *** toscalix <toscalix!~agustinbe@239.red-79-144-155.dynamicip.rima-tde.net> has quit IRC (Quit: Konversation terminated!) | 16:38 | |
| *** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has quit IRC (Ping timeout: 252 seconds) | 17:33 | |
| *** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has joined #cip | 18:58 | |
| *** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has quit IRC (Client Quit) | 19:00 | |
| *** prabhakarlad <prabhakarlad!~prabhakar@pc.renesas.eu> has joined #cip | 19:04 | |
| *** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has quit IRC (Ping timeout: 252 seconds) | 21:46 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!