#cip log

09:00:01 <masashi910> #startmeeting CIP IRC weekly meeting
09:00:01 <brlogger> Meeting started Thu Jan  7 09:00:01 2021 UTC and is due to finish in 60 minutes.  The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:00:01 <brlogger> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:01 <brlogger> The meeting name has been set to 'cip_irc_weekly_meeting'
09:00:05 <masashi910> #topic rollcall
09:00:11 <masashi910> please say hi if you're around
09:00:12 <wens> hi
09:00:22 <pave1> hi
09:00:29 <fujita> hi, happy new year
09:00:30 <patersonc> Happy new year!
09:01:00 <masashi910> Happy New Year!
09:01:03 <masashi910> #topic AI review
09:01:11 <masashi910> 1. Combine root filesystem with kselftest binary - iwamatsu
09:01:21 <masashi910> Iwamatsu-san, are you around?
09:01:43 <masashi910> Let's come back if he joins.
09:01:46 <masashi910> 2. Do some experiment to lower burdens on CI - patersonc
09:02:37 <masashi910> Chris-san, do you have any updates?
09:02:40 <patersonc> I've done a workaround for the issue
09:02:59 <patersonc> Still need to play around with having our repo in the docker image
09:03:16 <patersonc> pave1: Have you seen any issues recently?
09:04:09 <pave1> patersonc: Not recently. It is better now AFAICT.
09:04:20 <patersonc> Thanks
09:04:48 <masashi910> patersonc: So, shall I close this AI or keep it open?
09:05:11 <patersonc> Keep it open for now, thanks
09:05:22 <masashi910> patersonc: Sure. Thanks!
09:05:31 <masashi910> 3. Check hitachi_omap defconfigs wrt CVE-2020-27820 [drm/nouveau UAF] - Hitachi-team
09:05:41 <masashi910> I believe Hitachi-team is under investigation according to Kawai-san's mail.
09:05:49 <masashi910> https://lore.kernel.org/cip-dev/TYAPR01MB242955EF692D73FD473196EDB5DC0@TYAPR01MB2429.jpnprd01.prod.outlook.com/
09:06:06 <masashi910> So, let me move on.
09:06:09 <masashi910> 4. Discuss an open issue (https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/issues/8)
09:06:17 <masashi910> - the necessity to track issues that have been retired by distros - Kernel Team
09:06:26 <masashi910> This "issue" points out that there is a possibility to overlook some security patches based on the timing, and the author tries to take a look at retired patches as well.
09:06:31 <masashi910> Does anybody have any opinion?
09:07:10 <wens> I ran into a new issue this week that Debian tracked then subsequently retired
09:08:21 <wens> I believe they promptly retired it because as far as they were concerned, it was fixed for all their kernels
09:08:56 <pave1> Well..
09:09:12 <pave1> There's ton of bugs in the kernel, some of them get CVE ids.
09:09:31 <pave1> The ones getting CVE ids are not neccessarily more important then the other ones.
09:10:36 <pave1> Yes, we can spend more efforts tracing the CVE ones.... but that only helps if we still have time for the others.
09:10:44 <pave1> You can google "crypto: ecdh - avoid buffer overflow in ecdh_set_secret()".
09:11:33 <pave1> I don't think it is going to get CVE id, still it is as important as other bugs that _do_ get CVE id.
09:11:41 <wens> :/
09:12:03 <patersonc> Should more work be done to give cves to such (or all) issues?
09:12:30 <pave1> Well... that's of course one possible solution.
09:12:47 <pave1> Or "solution". Because it would result in a lot of work for everyone involved.
09:13:08 <patersonc> Indeed
09:13:14 <pave1> And goal is to have non-buggy kernel. Not 30 CVEs a week.
09:14:15 <pave1> So.. at some point we may want to trust -stable maintainers that they are putting the relevant fixes in.
09:14:42 <pave1> They are really merging a lot of stuff, and are erring on "lets merge this it might fix something" side...
09:15:09 <masashi910> wens, pave1, patersonc: Thanks for your discussions.
09:15:20 <masashi910> This deeply relates with our future task. So, let's discuss this in another thread.
09:15:31 <wens> agree. CVE tracking helps more in situations like "Intel forgot to tag fixes for stable"
09:16:02 <masashi910> So, I would like to close this AI for now. We need to revisit this anyway.
09:16:33 <masashi910> So, let's move on.
09:16:42 <masashi910> 5. Decide the timing to branch 5.10 to start CIP development - Kernel Team
09:16:47 <masashi910> Pavel-san has already started reviewing 4.4/4.19/5.10.
09:16:54 <masashi910> https://lore.kernel.org/cip-dev/20201230111924.GA2691@duo.ucw.cz/
09:17:01 <masashi910> Also, Pavel-san and Chris-san are discussing 5.10 testing config/environment.
09:17:09 <masashi910> https://lore.kernel.org/cip-dev/20210104121516.GA11126@duo.ucw.cz/
09:17:15 <masashi910> Does anybody have any idea when to start CIP development with 5.10?
09:17:41 <pave1> To clarify. I review 4.19... If it means 4.4 and 4.10 patch gets reviewed at the same time, yes, I review those too.
09:17:53 <patersonc> What "development" actually needs to be done? Presumably we just follow stable until someone submits CIP only patches?
09:18:12 <pave1> But I did not start specifically reviewing 5.10 patches... I wanted to ask if we should be doing that.
09:18:13 <wens> maintaining the -rt branch?
09:18:19 <patersonc> We need to sort out what reference platforms we want to support, and what Kernel configs we want to support
09:19:02 <pave1> Well, actually reviewing 5.10 patches would be one thing. Testing, second.
09:19:22 <pave1> Making sure patches for 4.19-cip are also merged to 5.10-cip would be third.
09:20:20 <patersonc> All of the patches?
09:21:05 <patersonc> Did we do that for 4.4 -> 4.19?
09:21:24 <pave1> patersonc: If a fix is merged into 4.19-cip, we want it in 5.10-cip, too.
09:21:43 <pave1> I mean... if Renesas submits fix for their board to 4.19-cip, we want it to be in 5.10-cip tree, too.
09:22:07 <pave1> We don't need to do that for stable patches, hopefully Greg does right job there.
09:22:28 <patersonc> Okay. In theory they should be as we upstream first. Although there will be a small difference between 5.10 and mainline now
09:22:51 <pave1> Yes. We are now getting patches for 4.19 that are from 5.11-rc2.
09:22:55 <patersonc> 👍
09:23:00 <pave1> There is just a small ammount of them.
09:23:53 <pave1> (I got unicode something I don't understand :-( )
09:24:14 <masashi910> It looks like we need some criteria agreed before "starting development".
09:24:49 <masashi910> Let's discuss it offline via email.
09:25:02 <masashi910> Shall we move on?
09:25:16 <masashi910> 3
09:25:19 <masashi910> 2
09:25:21 <masashi910> 1
09:25:24 <masashi910> #topic Kernel maintenance updates
09:25:38 <p4v31> I have reviewed 4.19.164 and 4.19.165. I'm working on scripts that make it easier to review commits from multiple versions.
09:26:19 <masashi910> p4v31: Are you Pavel-san?
09:26:44 <pave1> Yep, sorry. My irc client... needs some work.
09:27:11 <masashi910> pave1: I see. Thanks for your works!
09:27:31 <wens> 6 new CVEs from the past three weeks. Of them, CVE-2020-27066 from Android seems bogus; CVE-2020-36158 [mwifiex] fix will need backporting.
09:28:03 <pave1> wens: The mwifiex thing looks trivial to backport. Not sure why it is not there, yey.
09:28:05 <pave1> yet.
09:29:06 <wens> I can check the stable queue.
09:29:07 <masashi910> wens: Thanks for your works! Please allow me to refer your three reports here for the record.
09:29:23 <masashi910> https://lore.kernel.org/cip-dev/CAGb2v6721zRU0CxzQOMT_=n56AVdjMYxWmfR=VmumzdvPHAJuw@mail.gmail.com/
09:29:24 <masashi910> https://lore.kernel.org/cip-dev/CAGb2v66uQDUj1fgn2j2mkHQzNXGrfjZ_ygA6ZoHw-sUK=ydJQQ@mail.gmail.com/
09:29:24 <masashi910> https://lore.kernel.org/cip-dev/CAGb2v65+1w18yz2R=GbxrFtq_RZO4afHry-DMgj83NGKsttBgQ@mail.gmail.com/
09:30:04 <wens> hmm, nothing in the queue.
09:30:24 <pave1> wens: My suggestion would be to revisit the issue in a week or two :-).
09:30:28 <wens> pave1: the patch wasn't tagged for stable
09:30:45 <wens> pave1: agreed
09:30:55 <masashi910> wens, pave1: Shall I open an AI to track CVE-2020-36158?
09:31:18 <wens> masashi910: Yes please. Let's keep it on the board for two weeks.
09:31:28 <masashi910> wens: Sure!
09:31:37 <masashi910> any other topics?
09:31:46 <masashi910> 3
09:31:49 <masashi910> 2
09:31:52 <masashi910> 1
09:31:53 <wens> one
09:31:59 <masashi910> wens: Please.
09:32:14 <wens> ebardie has worked on some improvements to the Debian importer for cip-kernel-sec
09:32:43 <wens> GitLab is not working properly to create merge requests though.
09:33:52 <masashi910> wens: Ok, so, how should it be dealt with?
09:34:07 <wens> without MRs, I suppose I could directly review the commits, but the review history would get lost?
09:34:27 <wens> masashi910: who would have authority to reach out to GitLab about the issue?
09:34:55 <pave1> wens: I believe that is reasonable workaround. It is not that history for our support scripts is super important.
09:35:43 <wens> OK. I can start reviewing then, though I believe GitLab should be fixed properly.
09:36:12 <wens> Is anyone hitting the same roadblock on other repositories?
09:36:49 <masashi910> wens: Thanks. Don't you have authory to fix GitLab?
09:37:30 <wens> masashi910: we would need to reach out to GitLab support
09:37:45 <patersonc> We should raise an issue on their support forum at least
09:38:00 <masashi910> wens: I see.
09:38:35 <masashi910> wens: anyway, I would appreciate it if you can start reviewing.
09:38:49 <masashi910> any other topics?
09:39:06 <masashi910> 3
09:39:09 <masashi910> 2
09:39:12 <masashi910> 1
09:39:15 <masashi910> #topic Kernel testing
09:39:27 <patersonc> I hope to start getting CI running on the 5.10 stable-rc releases soon, at least on in-tree defconfigs. After that we need to decide what CIP specific configs we want to support/test.
09:39:44 <patersonc> And what the official reference platforms are
09:39:55 <patersonc> I guess that's a topic for the TSC though
09:40:18 <pave1> Actually... It might be better to do it the other way around :-).
09:40:37 <patersonc> True
09:40:48 <pave1> Just run the configs from 4.19, so we can tell TSC "hey, these platforms work".
09:41:03 <patersonc> Good shout
09:41:21 <pave1> I assume/hope everything will just work, but it would good to confirm before something becomes "officially supported".
09:41:42 <patersonc> Indeed
09:42:13 <masashi910> patersonc: Thanks for your works!
09:42:24 <masashi910> any other topics?
09:43:07 <masashi910> Today, Yoshida-san is not here. So let's skip "CIP Security".
09:43:17 <masashi910> #topic AOB
09:43:25 <masashi910> Are there any business to discuss?
09:43:40 <masashi910> 3
09:43:43 <masashi910> 2
09:43:44 <masashi910> 1
09:43:48 <masashi910> If there are no topics, then, let's close the meeting.
09:43:54 <masashi910> #endmeeting