| *** vigneshr <vigneshr!uid375618@user/vigneshr> has joined #cip | 03:52 | |
| *** prabhakalad <prabhakalad!~prabhakar@165.225.17.174> has quit IRC (Ping timeout: 252 seconds) | 04:18 | |
| *** prabhakalad <prabhakalad!~prabhakar@165.225.17.174> has joined #cip | 04:25 | |
| *** tmerciai1 <tmerciai1!~tmerciai3@net-188-217-58-182.cust.vodafonedsl.it> has quit IRC (Remote host closed the connection) | 07:34 | |
| *** tmerciai <tmerciai!~tmerciai3@net-188-217-58-182.cust.vodafonedsl.it> has joined #cip | 07:36 | |
| *** uli_ <uli_!~quassel@static.153.40.69.159.clients.your-server.de> has quit IRC (Server closed connection) | 09:19 | |
| *** uli <uli!~quassel@static.153.40.69.159.clients.your-server.de> has joined #cip | 09:20 | |
| *** masami <masami!~masami@FL1-125-194-6-184.tky.mesh.ad.jp> has joined #cip | 12:58 | |
| *** jki <jki!~jki@195.145.170.160> has joined #cip | 13:00 | |
| jki | hi all | 13:00 |
|---|---|---|
| uli | hello | 13:00 |
| masami | hi | 13:00 |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@ae036005.dynamic.ppp.asahi-net.or.jp> has joined #cip | 13:00 | |
| patersonc | Hello | 13:00 |
| pave1 | Hi! | 13:01 |
| iwamatsu__ | hello | 13:01 |
| arisut | hi | 13:01 |
| jki | ok, let's go | 13:01 |
| jki | #startmeeting CIP IRC weekly meeting | 13:01 |
| collab-meetbot | Meeting started Thu Aug 7 13:01:53 2025 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:01 |
| collab-meetbot | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:01 |
| collab-meetbot | The meeting name has been set to 'cip_irc_weekly_meeting' | 13:01 |
| *** collab-meetbot changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 13:01 | |
| jki | #topic AI review | 13:02 |
| *** collab-meetbot changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 13:02 | |
| jki | none on my list, and I found none in the past weeks | 13:02 |
| jki | 5 | 13:02 |
| jki | 4 | 13:02 |
| jki | 3 | 13:02 |
| jki | 2 | 13:02 |
| jki | 1 | 13:02 |
| jki | #topic Kernel maintenance updates | 13:02 |
| *** collab-meetbot changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 13:02 | |
| masami | This week reported 4 new CVEs and 8 updated CVEs. | 13:02 |
| pave1 | I'm reviewing 6.12.40 and 41. | 13:02 |
| uli | i'm preparing 4.19 | 13:02 |
| iwamatsu__ | I reviewed 6.12.40 and 41. | 13:02 |
| jki | anything to add? | 13:04 |
| jki | 5 | 13:04 |
| jki | 4 | 13:04 |
| jki | 3 | 13:04 |
| jki | 2 | 13:04 |
| jki | 1 | 13:04 |
| jki | #topic Kernel release status | 13:04 |
| *** collab-meetbot changes topic to "Kernel release status (Meeting topic: CIP IRC weekly meeting)" | 13:04 | |
| jki | all lights green right now | 13:04 |
| jki | any issues upcoming? | 13:05 |
| jki | 5 | 13:05 |
| jki | 4 | 13:05 |
| jki | 3 | 13:05 |
| jki | 2 | 13:05 |
| jki | 1 | 13:05 |
| jki | #topic Kernel testing | 13:05 |
| *** collab-meetbot changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 13:05 | |
| patersonc | Arisu-san has been continuing to get our boards added to the new KernelCI | 13:06 |
| arisut | I could send test to the cip boards on lava, currently going on improving the work | 13:06 |
| arisut | https://lava.ciplatform.org/scheduler/alljobs?page=1&length=25&search=kci-staging#table | 13:06 |
| arisut | from KernelCI | 13:06 |
| patersonc | Thanks :) | 13:06 |
| patersonc | It looks like not all boards boot when using the merged config | 13:06 |
| patersonc | arisut please ping me if there's anything specific you'd like me to investigate | 13:07 |
| jki | some examples at hand? | 13:07 |
| jki | and we do have configs for them in our repo that used to boot? | 13:07 |
| patersonc | jki: https://lava.ciplatform.org/scheduler/job/1298034 | 13:07 |
| arisut | sure, currently I just need to finalize the PR and be sure that what we expect is what we get | 13:08 |
| patersonc | arisut: Thanks | 13:08 |
| patersonc | Does anyone know if the 6.12 merged CIP config is meant to work with de0-nano? | 13:09 |
| patersonc | Maybe we don't need to support it, depending on the blank cell in https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/cipreferencehardware#cip_reference_hardware | 13:09 |
| jki | likely not yet | 13:09 |
| jki | if there is no nano-soc config for 6.12 uploaded | 13:10 |
| iwamatsu__ | not yet | 13:10 |
| jki | expected error | 13:10 |
| patersonc | Maybe Arisu-san we skip nano-soc and iwg20m for 6.12? | 13:10 |
| arisut | actually we could support it, one of the problem is that currently KernelCI is mixing up configurations | 13:11 |
| jki | we can simply fix the config, I would say | 13:11 |
| arisut | patersonc, I don't mind to push as is and improve it later | 13:11 |
| arisut | same for riscv | 13:11 |
| patersonc | Again it's a question of do we build/test boards not listed as reference h/w ? | 13:11 |
| jki | oh, we didn't decide whether to keep the nanosoc in support, right | 13:12 |
| arisut | nano is listed | 13:12 |
| arisut | for v6.1 | 13:12 |
| arisut | and 4.19/5.10 | 13:12 |
| patersonc | Sure. Was it working with those branches? | 13:13 |
| arisut | we currently don't know, actually | 13:13 |
| arisut | as I said my PR is still in progress | 13:13 |
| arisut | is not yet merged | 13:13 |
| patersonc | Sure. I'd remove the not-working ones from your PR for now. Then we can add more as we test they work? | 13:14 |
| arisut | and configurations are not always used as expected | 13:14 |
| patersonc | arisut: Should I talk to Denys about getting me set up so I can push/test with staging? Or would it clash with your work? | 13:14 |
| arisut | patersonc, currently my PR is not stable to be merged. we are still not applying the right configurations to the right boards | 13:15 |
| arisut | and some configurations are not yet merged in the *-cip sub configurations | 13:15 |
| patersonc | Question for the kernel team - are we currently maintaining the in-tree defconfigs for each arch? | 13:17 |
| jki | which defconfigs? those inside the kernel tree? they are per-arch, obviously | 13:18 |
| pave1 | That's iwamatsu-san question, but I don't believe we touch those configs. | 13:18 |
| pave1 | ...or actually... | 13:19 |
| pave1 | ...we are getting patches to arch/arm64/configs/defconfig when the driver is merged, etc, | 13:19 |
| pave1 | and we merge those patches. | 13:20 |
| pave1 | I guess you could call that "maintaining" :-) | 13:20 |
| jki | yeah, would be strange to see normal stable fixes touching those defconfigs | 13:20 |
| patersonc | Okay. Then I'll aim to include defconfig builds in the kernelci setup | 13:21 |
| patersonc | I think it's worth making sure they at least build - as I assume a lot of users would use them as a first step | 13:21 |
| pave1 | Actually, that happens, too. 72ce323e17d0f6a6d586cdded4dc38cdcba31b6d . It should not, but when stable | 13:21 |
| pave1 | team picks up dependencies for a fix, they tend to pick lot of interesting stuff. | 13:22 |
| arisut | My PR is currently not finished, at this time working on a unfinished PR would clash with my work as the code could change later on | 13:24 |
| patersonc | Sure | 13:24 |
| pave1 | patersonc: The way I see renesas updates .. I'd say their goal is for defconfig to boot / work on that hardware. | 13:26 |
| patersonc | Yea | 13:26 |
| pave1 | So.. yes, I'd say testing it builds an boots would be useful. | 13:27 |
| patersonc | Okay | 13:27 |
| arisut | another question is if we want also to test mainline kernel on the cip boards or only cip kernel? | 13:28 |
| arisut | as sometime mainline kernel could be useful as reference | 13:29 |
| pave1 | Older -stable kernels may not work on all cip boards. | 13:29 |
| pave1 | Where it works, it is useful to make sure it keeps working. | 13:29 |
| pave1 | So that we catch bugs early. | 13:29 |
| patersonc | Agreed. Should that can be part of the standard Maestro though rather than the CIP yaml files Arisu? | 13:30 |
| arisut | sure | 13:30 |
| patersonc | I'm happy for the boards to be used for any KernelCI testing - part of CIP's contribution etc. | 13:30 |
| arisut | actually I'm not sure what is better, I think they are still cip board | 13:31 |
| arisut | so having them in one cip file is still better, if we want to do some changes | 13:31 |
| jki | can we prioritize board usage? | 13:32 |
| arisut | maybe I don't remember sorry | 13:32 |
| arisut | but that is a good question | 13:32 |
| jki | we should give boards into general testing, but if they become "overused", cip should be first | 13:32 |
| arisut | right | 13:32 |
| arisut | will check if is possible | 13:33 |
| patersonc | Sure. We can investigate/add support once we start having capacity issues :) | 13:33 |
| jki | anything else on testing? | 13:34 |
| jki | 5 | 13:35 |
| jki | 4 | 13:35 |
| jki | 3 | 13:35 |
| jki | 2 | 13:35 |
| jki | 1 | 13:35 |
| jki | #topic AOB | 13:35 |
| *** collab-meetbot changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 13:35 | |
| patersonc | o/ I have an AOB about CVEs | 13:35 |
| jki | go ahead | 13:36 |
| patersonc | Do we have a process for monitoring the CVEs that get created to see if they should be applied to our self-maintained SLTS kernels? | 13:36 |
| patersonc | I assume that stable will sort out the LTS based kernels? | 13:36 |
| patersonc | But is someone looking at each CVE "fix" and seeing if it should be backported to 4.4 and 4.19? | 13:37 |
| pave1 | Not sure that assumption is correct :-) | 13:37 |
| patersonc | pave1: Sure :P | 13:37 |
| pave1 | When patch fails to apply to our -cip kernels, we take a look if it looks serious. | 13:38 |
| pave1 | CVEs is just another ID for patches. | 13:38 |
| pave1 | So yes, we kind of do that. | 13:38 |
| iwamatsu__ | I checked CVEs sometime, and backport. | 13:38 |
| patersonc | So we don't have a mechanism as part of cip-kernel-sec? | 13:39 |
| patersonc | I ask, because a couple were flagged to me recently | 13:39 |
| pave1 | But stable team may not backport patch if it looks too complex or does not look like serious-enough problem. | 13:39 |
| patersonc | Here's an example: https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2025-21917.yml. It's been labelled as introduced in v3.0-rc1, and "fixed" in CIP 5.10 onwards. But no "fix" in 4.4 and 4.19 | 13:40 |
| iwamatsu__ | We are still stuck with CVE management, and we don't have a process for how to deal with unfixed CVEs. | 13:40 |
| jki | we tried to filter at least irrelevant CVEs based on our configs | 13:41 |
| jki | irrelevant = not used in CIP configurations, thus not officially supported | 13:41 |
| pave1 | I'm sure you can find many more such issue. Greg ~ automatically creates CVE for each stable patch. | 13:42 |
| patersonc | We have these yaml files - is there a way to compare the "introduced-by" with the "fixed-version" fields? | 13:42 |
| patersonc | iwamatsu__: Sure. But this example hasn't been marked as "irrelevant" | 13:42 |
| pave1 | For the CVE-2025-21917, look at the description, and note that it does not describe anything. | 13:43 |
| pave1 | So yes, you can (probably) run some kind of script. | 13:43 |
| pave1 | You'll get 1000+ results. | 13:43 |
| pave1 | Then you can laugh... or cry :-). | 13:43 |
| jki | tooling and maintenance capacity need to be increased to track CVEs on "paper", with VEX output or whatever | 13:44 |
| iwamatsu__ | I thought it might be necessary to keep a record of checking for unfixed CVEs as CIP. | 13:45 |
| iwamatsu__ | I am checking CVEs via web interface | 13:45 |
| jki | we have the KNOWN-BUGS file, but that is only for prominent ones | 13:45 |
| pave1 | Yeah, putting every single CVE would make that file completely useless. | 13:46 |
| pave1 | Yeah, putting every single CVE there would make that file completely useless. | 13:46 |
| patersonc | Maybe we need to first work out which CVEs aren't fixed, then work out how many could be easily. | 13:47 |
| jki | we should probably discuss the existing process and possible enhancements/costs during the extended meetup | 13:47 |
| patersonc | jki: Good shout | 13:47 |
| iwamatsu__ | Can we use cip-kernel-sec? | 13:47 |
| patersonc | Makes sense to me | 13:47 |
| jki | there is no "just do X" or "just spend some extra hour" to address this | 13:47 |
| pave1 | If you want to see log of various patches not backported | 13:47 |
| pave1 | ...which is basically CVEs... | 13:48 |
| pave1 | ...you can take a look at v4.4.org and v4.19.org | 13:48 |
| pave1 | in git@gitlab.com:cip-project/cip-kernel/lts-commit-list.git repository. | 13:48 |
| pave1 | That's where the work is recorded. | 13:48 |
| arisut | makes sense | 13:49 |
| pave1 | There's aproximately 9000 patches not applied to 4.4, and 1500 not applied to 4.19. | 13:49 |
| pave1 | (that was wc, so its less than that, but you get the idea). | 13:50 |
| pave1 | (7000 and 1000). | 13:51 |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@ae036005.dynamic.ppp.asahi-net.or.jp> has quit IRC (Quit: Client closed) | 13:53 | |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@ae036005.dynamic.ppp.asahi-net.or.jp> has joined #cip | 13:54 | |
| jki | let me try to prepare some discussion about that for Amsterdam | 13:54 |
| jki | do we have some material to start from? | 13:54 |
| patersonc | uli did you present a bit about the CVE tools a while back? | 13:55 |
| pave1 | I did take 9 randomly selected CVEs and tried to review them at one point. | 13:56 |
| uli | patersonc: not specifically, it was about the maintenance process in general | 13:56 |
| patersonc | okay | 13:56 |
| uli | actually only mentioned cves when somebody asked about it :) | 13:56 |
| jki | yeah, these questions will increase... | 13:57 |
| jki | anyway, will share with you upfront for alignment | 13:57 |
| jki | anything else for today? | 13:57 |
| iwamatsu__ | I'm on vacation next week. | 13:57 |
| jki | ok | 13:58 |
| jki | enjoy :) | 13:58 |
| iwamatsu__ | :-) | 13:58 |
| pave1 | I decided 3 were not security issue, one could not be determined in reasonable time, 2 were "ok, maybe that should be fixed", rest was "that's really low severity". | 13:58 |
| jki | ok, let's close... | 14:00 |
| patersonc | For CVEs we've spotted like this, should we backport the patch and send to cip-dev? How does cip-kernel-sec then get updated? | 14:00 |
| pave1 | patersonc: If you believe you see a real security issue that's "bad" and want it fixed... | 14:00 |
| pave1 | yes, backport, cip-dev and uli. | 14:01 |
| patersonc | Okay | 14:02 |
| pave1 | Please have real description of a bug ("uid 123 can echo baz into /sys/foo to crash the system"). | 14:02 |
| masami | if patch is merged into git repo, cip-kernel-sec can be updated. | 14:02 |
| patersonc | Thanks masami | 14:02 |
| jki | great! but I suspect too much manual work still ;) | 14:02 |
| jki | ok... anything else? | 14:02 |
| jki | 5 | 14:03 |
| jki | 4 | 14:03 |
| jki | 3 | 14:03 |
| jki | 2 | 14:03 |
| jki | 1 | 14:03 |
| jki | #endmeeting | 14:03 |
| collab-meetbot | Meeting ended Thu Aug 7 14:03:18 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:03 |
| collab-meetbot | Minutes: http://ircbot.wl.linuxfoundation.org/meetings/cip/2025/08/cip.2025-08-07-13.01.html | 14:03 |
| collab-meetbot | Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/cip/2025/08/cip.2025-08-07-13.01.txt | 14:03 |
| collab-meetbot | Log: http://ircbot.wl.linuxfoundation.org/meetings/cip/2025/08/cip.2025-08-07-13.01.log.html | 14:03 |
| *** collab-meetbot changes topic to "Civil Infrastructure Platform Project. CIP mailing list at https://lists.cip-project.org/g/cip-dev | CIP kernel meeting every Thursday at 13:00 UTC | Find the meeting logs at https://ircbot.wl.linuxfoundation.org/meetings/cip/ and chat logs at https://ircbot.wl.linuxfoundation.org/logs/%23cip/" | 14:03 | |
| jki | thanks! | 14:03 |
| arisut | enjoy your holiday iwamatsu__ | 14:03 |
| arisut | thanks | 14:03 |
| uli | thanks | 14:03 |
| pave1 | Thank you! | 14:03 |
| iwamatsu__ | Thank you | 14:03 |
| masami | thank you | 14:03 |
| *** masami <masami!~masami@FL1-125-194-6-184.tky.mesh.ad.jp> has quit IRC (Quit: Leaving) | 14:03 | |
| patersonc | Cheers | 14:03 |
| iwamatsu__ | arisut: thanks | 14:03 |
| *** iwamatsu__ <iwamatsu__!~iwamatsu_@ae036005.dynamic.ppp.asahi-net.or.jp> has quit IRC (Quit: Client closed) | 14:03 | |
| *** jki <jki!~jki@195.145.170.160> has quit IRC (Ping timeout: 248 seconds) | 14:07 | |
| *** jki <jki!~jki@62.156.206.59> has joined #cip | 14:21 | |
| *** jki <jki!~jki@62.156.206.59> has quit IRC (Ping timeout: 276 seconds) | 14:45 | |
| *** jki <jki!~jki@195.145.170.160> has joined #cip | 14:45 | |
| *** jki <jki!~jki@195.145.170.160> has quit IRC (Remote host closed the connection) | 14:47 | |
| *** tmerciai2 <tmerciai2!~tmerciai3@net-188-217-56-130.cust.vodafonedsl.it> has joined #cip | 18:29 | |
| *** tmerciai <tmerciai!~tmerciai3@net-188-217-58-182.cust.vodafonedsl.it> has quit IRC (Ping timeout: 260 seconds) | 18:32 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!