Thursday, 2023-11-30

*** monstr <monstr!~monstr@nat-35.starnet.cz> has joined #cip		06:53
*** rajm <rajm!~robert@82.27.50.32> has joined #cip		06:54
*** frieder <frieder!~frieder@i5C75E691.versanet.de> has joined #cip		07:25
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has joined #cip		08:45
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has quit IRC (Ping timeout: 250 seconds)		10:42
*** prabhakar <prabhakar!~prabhakar@217.163.141.2> has quit IRC (Ping timeout: 252 seconds)		10:42
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has joined #cip		12:06
*** masami <masami!~masami@FL1-219-107-72-235.tky.mesh.ad.jp> has joined #cip		12:45
*** monstr <monstr!~monstr@nat-35.starnet.cz> has quit IRC (Read error: Connection reset by peer)		12:55
*** monstr <monstr!~monstr@nat-35.starnet.cz> has joined #cip		12:55
iwamatsu	hello	13:00
masami	hello	13:01
arisut	hello	13:01
*** jki <jki!~jki@46.128.89.130> has joined #cip		13:02
iwamatsu	Hi Jan,	13:03
jki	hi!	13:03
jki	meeting started already - or do I have to?	13:03
patersonc	Hello	13:03
iwamatsu	not start yet.	13:04
jki	ah, ok	13:04
jki	then let me try to handle that	13:04
jki	#startmeeting CIP IRC weekly meeting	13:04
collab-meetbot	Meeting started Thu Nov 30 13:04:50 2023 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot.	13:04
collab-meetbot	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	13:04
collab-meetbot	The meeting name has been set to 'cip_irc_weekly_meeting'	13:04
*** collab-meetbot changes topic to " (Meeting topic: CIP IRC weekly meeting)"		13:04
iwamatsu	I am going to be in charge today	13:04
jki	oh, sorry, I was too fast then :)	13:05
jki	#topic AI review	13:05
*** collab-meetbot changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)"		13:05
iwamatsu	no problem, Can I take it?	13:05
jki	sure - go ahead!	13:05
pave1	Hello!	13:05
iwamatsu	ok	13:05
iwamatsu	hi pave1.	13:05
iwamatsu	Nothing on the list	13:06
iwamatsu	moving on	13:06
iwamatsu	5	13:06
iwamatsu	4	13:06
iwamatsu	3	13:06
iwamatsu	2	13:06
iwamatsu	1	13:06
iwamatsu	#topic Kernel maintenance updates	13:06
masami	This week reported 1 new CVEs and 6 updated CVEs.	13:07
pave1	I did reviews, 6.1.63 and .64	13:07
jki	#topic Kernel maintenance updates	13:07
*** collab-meetbot changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)"		13:07
jki	(seems I can only change the topic now)	13:07
iwamatsu	jki: thank you	13:07
iwamatsu	I reviewed 6.1.64.	13:10
iwamatsu	Anything else?	13:10
iwamatsu	3	13:10
iwamatsu	2	13:10
iwamatsu	1	13:10
iwamatsu	#topic Kernel release status	13:10
iwamatsu	4.4	13:10
pave1	4.4, 4.19, 5.10: -rt is on schedule.	13:10
iwamatsu	4.19	13:11
iwamatsu	on track	13:11
iwamatsu	5.10	13:12
iwamatsu	on trak	13:12
iwamatsu	6.10	13:12
iwamatsu	-cip and cip-rt is late.	13:13
iwamatsu	I am going to release -cip after this meeting.	13:13
pave1	6.1-rt: we don't have suitable rt release. I tried to ping maintainers for one.	13:13
iwamatsu	ok, thanks.	13:14
iwamatsu	Anything else?	13:14
iwamatsu	5	13:14
iwamatsu	4	13:14
iwamatsu	3	13:14
iwamatsu	2	13:14
iwamatsu	1	13:14
iwamatsu	#topic Kernel testing	13:14
patersonc	I've not much to share this week	13:15
iwamatsu	Got it.	13:15
arisut	nothing from me	13:15
iwamatsu	Anything else?	13:15
iwamatsu	5	13:16
iwamatsu	4	13:16
iwamatsu	3	13:16
iwamatsu	2	13:16
iwamatsu	1	13:16
iwamatsu	#topic AOB	13:16
iwamatsu	F2F meeting before OSSJ.	13:17
pave1	Will there be some kind of remote bridge?	13:17
patersonc	At the E-TSC next week, I'd like to re-visit the RZ/Five reference platform proposal - is that okay?	13:18
jki	pavel: I assume so	13:18
jki	patersonc: are the linker problems resolved by now?	13:19
patersonc	jkl: This is one of the sticking points. It would require the filesystem to be built specifically for RZ/Five, which doesn't really work with Debian packages	13:20
jki	yes, that will be challenging	13:20
iwamatsu	Other topic?	13:21
jki	who will run the meeting next week?	13:21
jki	I'm on a plane, may or may not be online...	13:22
patersonc	I won't be around next week	13:22
iwamatsu	I can take over	13:22
pave1	thank you!	13:23
iwamatsu	Anything else?	13:23
iwamatsu	5	13:23
iwamatsu	4	13:23
iwamatsu	3	13:23
iwamatsu	2	13:23
iwamatsu	1	13:23
iwamatsu	#endmeeting	13:23
jki	thanks, folks!	13:24
iwamatsu	jki: please re-type "#endmeeting"	13:24
jki	#endmeeting	13:24
collab-meetbot	Meeting ended Thu Nov 30 13:24:31 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	13:24
collab-meetbot	Minutes: http://ircbot.wl.linuxfoundation.org/meetings/cip/2023/11/cip.2023-11-30-13.04.html	13:24
collab-meetbot	Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/cip/2023/11/cip.2023-11-30-13.04.txt	13:24
collab-meetbot	Log: http://ircbot.wl.linuxfoundation.org/meetings/cip/2023/11/cip.2023-11-30-13.04.log.html	13:24
*** collab-meetbot changes topic to "Civil Infrastructure Platform Project. CIP mailing list at https://lists.cip-project.org/g/cip-dev \| CIP kernel meeting every Thursday at 12:00 UTC \| Find the meeting logs at https://ircbot.wl.linuxfoundation.org/meetings/cip/ and chat logs at https://ircbot.wl.linuxfoundation.org/logs/%23cip/"		13:24
jki	:)	13:24
pave1	Thank you, see you next week.	13:24
patersonc	jkl: On the cip-core topic...	13:24
jki	see (some of you) in Japan!	13:24
masami	thank you	13:24
iwamatsu	see you next week	13:24
arisut	see you	13:24
*** masami <masami!~masami@FL1-219-107-72-235.tky.mesh.ad.jp> has quit IRC (Quit: Leaving)		13:24
patersonc	Do you think there's an option to not support a reference platform in cip-core Or is the mandatory for a CIP reference platform?	13:25
jki	patersonc: yes?	13:25
jki	I don't think we have such a rule somewhere, it's more a practical concern	13:25
jki	how many packages would you have to patch in practice?	13:25
jki	we only saw issues with some - or do all have this in principle?	13:26
jki	...with some that did no dynamic linking IIRC	13:26
patersonc	I think in theory everything should be compiled differently, but in practice we've only seen issues with a few	13:26
jki	reminds me of our "fun" with that Quark processor...	13:28
jki	we need to have a picture what it will practically mean for testing the kernel	13:28
patersonc	Sure - I'm putting something together	13:29
jki	also, as there is not much activitiy on the tiny profile anymore, userspace would remaing out of scope for CIP on that board	13:29
patersonc	Yes that's a shame	13:29
jki	if we are expanding our test images via isar-cip-core, coverage for the RZ/Five could suffer, even kernel-wise	13:30
patersonc	Deby could have been an option because it compiles the packages from source, so we could have added our flag	13:30
patersonc	On the kernel side of things the only "issue" is a large number of core riscv patches that would need backporting	13:30
jki	...or if our test infrastructure would need special care only for that board	13:31
pave1	Could we get a summary of the bug and the workaround, somewhere?	13:33
pave1	I believe we really should aim for workaround at hw or kernel level...	13:33
pave1	Because if userland has to care, that is no longer riscv architecture, that is something slightly different.	13:34
pave1	...and will cause problems. For example security will be very different.	13:35
patersonc	Sure, and we've fixed the kernel side as much as can be done without redesigning the hardware	13:36
pave1	So what is the end result?	13:37
pave1	Part of virtual space of each process is unusable.	13:38
pave1	... is unusable for normal mappings?	13:38
jki	+ is always accessable by userspace, no?	13:39
jki	is this security-wise fixable at all in software?	13:40
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has quit IRC (Quit: Client closed)		13:44
patersonc	Access to naughty areas is blocked by the memory protection unit	13:45
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has joined #cip		13:45
*** prabhakar <prabhakar!~prabhakar@217.163.141.2> has joined #cip		13:46
pave1	Aha, ok so we can't run normal binaries...	13:47
pave1	...because they may have fixed mappings at that areas?	13:47
pave1	But security is not completely broken...	13:47
patersonc	Correct	13:47
pave1	...because we can use MPU to prevent such accesses.	13:47
patersonc	The TEXT_START_ADDR needs to be set from 0x10000 to 0x50000	13:48
pave1	I guess using MPU faults to emulate such accesses (ala math fpu emulation for 386) is not feasible?	13:50
prabhakar	pave1: basically on RISC-V we have PMP regions (16 on rz/five) available on memory protection unit (MPU). This allows users to configure regions to give permission for R/W/X in M/S/U modes.	13:55
pave1	Prabhakar: Thanks. Is there description of MPU unit somewhere?	13:57
prabhakar	so currently for rz/five we only allow M mode to access the ILM/DLM regions any access tried from S/U (kernel/user space) will cause a panic/fault.	13:57
prabhakarlad	let me check.	13:58
patersonc	https://www.renesas.com/eu/en/products/microcontrollers-microprocessors/rz-mpus/rzfive-general-purpose-microprocessors-risc-v-cpu-core-andes-ax45mp-single-10-ghz-2ch-gigabit-ethernet	13:58
patersonc	"Download Manual HW" - blue button at the top	14:00
prabhakarlad	https://www.andestech.com/wp-content/uploads/AX45MP-1C-Rev.-5.0.0-Datasheet.pdf	14:01
pave1	prabhakarlad: Thank you!	14:01
prabhakarlad	page 263, i termed it as MPU as its used commonly in arm but in risc-v we its called "Physical Memory Protection Unit"	14:02
pave1	patersonc: I went through those, but... if it is there it is hidden in all the hardware stuff.	14:02
prabhakarlad	Opensbi patch which does this change https://github.com/riscv-software-src/opensbi/commit/dea0922f867f3d681ad3191fb562a082ea4a339f which is already accepted upstream.	14:06
pave1	Ok, this is rather small and elegant.	14:08
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has quit IRC (Quit: Client closed)		14:08
pave1	But as a result board can no longer run normal risc-v binaries, which is a problem.	14:09
pave1	Proper solution would to be new architecture -- rv64-nolowmem.	14:09
pave1	Or convince everyone that memory below 0x5_0000 should be reserved on all rv64 linux platforms.	14:10
patersonc	That may be a hard sell	14:11
jki	those faults will be taken to M mode, right? any chance to replay them from there as regular page faults to S mode?	14:11
pave1	jki: normal page fault handler will map the area and retry execution.	14:12
pave1	jki: That can't be done here;	14:12
pave1	jki: we'd have to emulate the instruction.	14:12
jki	so the kernel gets at least the information about the access, and we "only" need to emulate?	14:14
pave1	jki: Ok, that would work. But performance penalty would be high.	14:16
jki	maybe KVM for RISC-V has instruction emulation support which could be reused here (code-wise, not configuration-wise as there is no hypervisor support on that chip)	14:16
jki	question remains how many apps this will affect in practice	14:16
jki	but, yes, all that remains a de-facto show stopper for distros	14:17
pave1	jki: yes. :-(.	14:17
pave1	Ok. I guess we should not advertise this as risc-v platform.	14:17
pave1	It can not run normal risc-v distribution.	14:17
pave1	Sorry :-(.	14:17
patersonc	:)	14:19
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has joined #cip		14:20
prabhakar	pave1: for user space we plan to propose similar patch https://paste.debian.net/1299716/ for isar-cip-core.	14:22
jki	that alone does not help	14:24
jki	we need a list of Debian packages that require recompilation against such patched binutils	14:24
pave1	prabhakar: Patch alone looks good, but...	14:25
jki	in theory, all debian packages could be rebuild via isar[-cip-core], but... no...	14:25
patersonc	Indeed	14:26
patersonc	Perhaps we could generate a test image this way for kernel testing - but not a great setup for "production" cip-core	14:27
jki	even generating that for testing only would be a lot of effort - at least regarding CI time	14:28
patersonc	Sure	14:29
patersonc	Either that or use Renesas' Poky based BSP	14:29
patersonc	Or work out what ASUS have done for their Debian bases Tinker V board	14:30
patersonc	s/bases/based	14:30
patersonc	https://tinker-board.asus.com/series/tinker-v.html	14:31
jki	can you summarize what Asus did?	14:31
patersonc	I don't actually know!	14:31
patersonc	I can't see any docs, but they say they have a Debian based OS	14:32
patersonc	I'll see if I can find out	14:32
*** jki <jki!~jki@46.128.89.130> has quit IRC (Ping timeout: 255 seconds)		14:37
*** jki <jki!~jki@46.128.89.130> has joined #cip		14:50
*** jki <jki!~jki@46.128.89.130> has quit IRC (Remote host closed the connection)		14:58
*** monstr <monstr!~monstr@nat-35.starnet.cz> has quit IRC (Remote host closed the connection)		17:21
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has quit IRC (Quit: Client closed)		20:02
*** frieder <frieder!~frieder@i5C75E691.versanet.de> has quit IRC (Remote host closed the connection)		20:16
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has joined #cip		20:40
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has quit IRC (Quit: Client closed)		21:14
*** prabhakar <prabhakar!~prabhakar@217.163.141.2> has quit IRC (Quit: Connection closed)		21:14
*** prabhakar <prabhakar!~prabhakar@217.163.141.2> has joined #cip		21:14
*** prabhakarlad <prabhakarlad!~prabhakar@217.163.141.2> has joined #cip		21:15
*** rajm <rajm!~robert@82.27.50.32> has quit IRC (Ping timeout: 256 seconds)		22:47

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!