| *** rajm has joined #cip | 04:09 | |
| *** samwilson_ has joined #cip | 08:06 | |
| *** masashi910 has joined #cip | 08:29 | |
| *** pave1 has joined #cip | 08:57 | |
| *** fujita has joined #cip | 08:57 | |
| *** p4v31 has joined #cip | 08:58 | |
| *** ltu8 has joined #cip | 08:59 | |
| masashi910 | #startmeeting CIP IRC weekly meeting | 09:00 |
|---|---|---|
| brlogger | Meeting started Thu Jan 7 09:00:01 2021 UTC and is due to finish in 60 minutes. The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot. | 09:00 |
| brlogger | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 09:00 |
| brlogger | The meeting name has been set to 'cip_irc_weekly_meeting' | 09:00 |
| *** brlogger changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | #topic rollcall | 09:00 |
| *** brlogger changes topic to "rollcall (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | please say hi if you're around | 09:00 |
| wens | hi | 09:00 |
| pave1 | hi | 09:00 |
| fujita | hi, happy new year | 09:00 |
| patersonc | Happy new year! | 09:00 |
| masashi910 | Happy New Year! | 09:01 |
| masashi910 | #topic AI review | 09:01 |
| *** brlogger changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 09:01 | |
| masashi910 | 1. Combine root filesystem with kselftest binary - iwamatsu | 09:01 |
| masashi910 | Iwamatsu-san, are you around? | 09:01 |
| masashi910 | Let's come back if he joins. | 09:01 |
| masashi910 | 2. Do some experiment to lower burdens on CI - patersonc | 09:01 |
| masashi910 | Chris-san, do you have any updates? | 09:02 |
| patersonc | I've done a workaround for the issue | 09:02 |
| patersonc | Still need to play around with having our repo in the docker image | 09:02 |
| patersonc | pave1: Have you seen any issues recently? | 09:03 |
| pave1 | patersonc: Not recently. It is better now AFAICT. | 09:04 |
| patersonc | Thanks | 09:04 |
| masashi910 | patersonc: So, shall I close this AI or keep it open? | 09:04 |
| patersonc | Keep it open for now, thanks | 09:05 |
| masashi910 | patersonc: Sure. Thanks! | 09:05 |
| masashi910 | 3. Check hitachi_omap defconfigs wrt CVE-2020-27820 [drm/nouveau UAF] - Hitachi-team | 09:05 |
| masashi910 | I believe Hitachi-team is under investigation according to Kawai-san's mail. | 09:05 |
| masashi910 | https://lore.kernel.org/cip-dev/TYAPR01MB242955EF692D73FD473196EDB5DC0@TYAPR01MB2429.jpnprd01.prod.outlook.com/ | 09:05 |
| masashi910 | So, let me move on. | 09:06 |
| masashi910 | 4. Discuss an open issue (https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/issues/8) | 09:06 |
| masashi910 | - the necessity to track issues that have been retired by distros - Kernel Team | 09:06 |
| masashi910 | This "issue" points out that there is a possibility to overlook some security patches based on the timing, and the author tries to take a look at retired patches as well. | 09:06 |
| masashi910 | Does anybody have any opinion? | 09:06 |
| wens | I ran into a new issue this week that Debian tracked then subsequently retired | 09:07 |
| wens | I believe they promptly retired it because as far as they were concerned, it was fixed for all their kernels | 09:08 |
| pave1 | Well.. | 09:08 |
| pave1 | There's ton of bugs in the kernel, some of them get CVE ids. | 09:09 |
| pave1 | The ones getting CVE ids are not neccessarily more important then the other ones. | 09:09 |
| pave1 | Yes, we can spend more efforts tracing the CVE ones.... but that only helps if we still have time for the others. | 09:10 |
| pave1 | You can google "crypto: ecdh - avoid buffer overflow in ecdh_set_secret()". | 09:10 |
| pave1 | I don't think it is going to get CVE id, still it is as important as other bugs that _do_ get CVE id. | 09:11 |
| wens | :/ | 09:11 |
| patersonc | Should more work be done to give cves to such (or all) issues? | 09:12 |
| pave1 | Well... that's of course one possible solution. | 09:12 |
| pave1 | Or "solution". Because it would result in a lot of work for everyone involved. | 09:12 |
| patersonc | Indeed | 09:13 |
| pave1 | And goal is to have non-buggy kernel. Not 30 CVEs a week. | 09:13 |
| pave1 | So.. at some point we may want to trust -stable maintainers that they are putting the relevant fixes in. | 09:14 |
| pave1 | They are really merging a lot of stuff, and are erring on "lets merge this it might fix something" side... | 09:14 |
| masashi910 | wens, pave1, patersonc: Thanks for your discussions. | 09:15 |
| masashi910 | This deeply relates with our future task. So, let's discuss this in another thread. | 09:15 |
| wens | agree. CVE tracking helps more in situations like "Intel forgot to tag fixes for stable" | 09:15 |
| masashi910 | So, I would like to close this AI for now. We need to revisit this anyway. | 09:16 |
| masashi910 | So, let's move on. | 09:16 |
| masashi910 | 5. Decide the timing to branch 5.10 to start CIP development - Kernel Team | 09:16 |
| masashi910 | Pavel-san has already started reviewing 4.4/4.19/5.10. | 09:16 |
| masashi910 | https://lore.kernel.org/cip-dev/20201230111924.GA2691@duo.ucw.cz/ | 09:16 |
| masashi910 | Also, Pavel-san and Chris-san are discussing 5.10 testing config/environment. | 09:17 |
| masashi910 | https://lore.kernel.org/cip-dev/20210104121516.GA11126@duo.ucw.cz/ | 09:17 |
| masashi910 | Does anybody have any idea when to start CIP development with 5.10? | 09:17 |
| pave1 | To clarify. I review 4.19... If it means 4.4 and 4.10 patch gets reviewed at the same time, yes, I review those too. | 09:17 |
| patersonc | What "development" actually needs to be done? Presumably we just follow stable until someone submits CIP only patches? | 09:17 |
| pave1 | But I did not start specifically reviewing 5.10 patches... I wanted to ask if we should be doing that. | 09:18 |
| wens | maintaining the -rt branch? | 09:18 |
| patersonc | We need to sort out what reference platforms we want to support, and what Kernel configs we want to support | 09:18 |
| pave1 | Well, actually reviewing 5.10 patches would be one thing. Testing, second. | 09:19 |
| pave1 | Making sure patches for 4.19-cip are also merged to 5.10-cip would be third. | 09:19 |
| patersonc | All of the patches? | 09:20 |
| patersonc | Did we do that for 4.4 -> 4.19? | 09:21 |
| pave1 | patersonc: If a fix is merged into 4.19-cip, we want it in 5.10-cip, too. | 09:21 |
| pave1 | I mean... if Renesas submits fix for their board to 4.19-cip, we want it to be in 5.10-cip tree, too. | 09:21 |
| pave1 | We don't need to do that for stable patches, hopefully Greg does right job there. | 09:22 |
| patersonc | Okay. In theory they should be as we upstream first. Although there will be a small difference between 5.10 and mainline now | 09:22 |
| pave1 | Yes. We are now getting patches for 4.19 that are from 5.11-rc2. | 09:22 |
| patersonc | 👍 | 09:22 |
| pave1 | There is just a small ammount of them. | 09:23 |
| pave1 | (I got unicode something I don't understand :-( ) | 09:23 |
| masashi910 | It looks like we need some criteria agreed before "starting development". | 09:24 |
| masashi910 | Let's discuss it offline via email. | 09:24 |
| masashi910 | Shall we move on? | 09:25 |
| masashi910 | 3 | 09:25 |
| masashi910 | 2 | 09:25 |
| masashi910 | 1 | 09:25 |
| masashi910 | #topic Kernel maintenance updates | 09:25 |
| *** brlogger changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 09:25 | |
| p4v31 | I have reviewed 4.19.164 and 4.19.165. I'm working on scripts that make it easier to review commits from multiple versions. | 09:25 |
| masashi910 | p4v31: Are you Pavel-san? | 09:26 |
| pave1 | Yep, sorry. My irc client... needs some work. | 09:26 |
| masashi910 | pave1: I see. Thanks for your works! | 09:27 |
| wens | 6 new CVEs from the past three weeks. Of them, CVE-2020-27066 from Android seems bogus; CVE-2020-36158 [mwifiex] fix will need backporting. | 09:27 |
| pave1 | wens: The mwifiex thing looks trivial to backport. Not sure why it is not there, yey. | 09:28 |
| pave1 | yet. | 09:28 |
| wens | I can check the stable queue. | 09:29 |
| masashi910 | wens: Thanks for your works! Please allow me to refer your three reports here for the record. | 09:29 |
| masashi910 | https://lore.kernel.org/cip-dev/CAGb2v6721zRU0CxzQOMT_=n56AVdjMYxWmfR=VmumzdvPHAJuw@mail.gmail.com/ | 09:29 |
| masashi910 | https://lore.kernel.org/cip-dev/CAGb2v66uQDUj1fgn2j2mkHQzNXGrfjZ_ygA6ZoHw-sUK=ydJQQ@mail.gmail.com/ | 09:29 |
| masashi910 | https://lore.kernel.org/cip-dev/CAGb2v65+1w18yz2R=GbxrFtq_RZO4afHry-DMgj83NGKsttBgQ@mail.gmail.com/ | 09:29 |
| wens | hmm, nothing in the queue. | 09:30 |
| pave1 | wens: My suggestion would be to revisit the issue in a week or two :-). | 09:30 |
| wens | pave1: the patch wasn't tagged for stable | 09:30 |
| wens | pave1: agreed | 09:30 |
| masashi910 | wens, pave1: Shall I open an AI to track CVE-2020-36158? | 09:30 |
| wens | masashi910: Yes please. Let's keep it on the board for two weeks. | 09:31 |
| masashi910 | wens: Sure! | 09:31 |
| masashi910 | any other topics? | 09:31 |
| masashi910 | 3 | 09:31 |
| masashi910 | 2 | 09:31 |
| masashi910 | 1 | 09:31 |
| wens | one | 09:31 |
| masashi910 | wens: Please. | 09:31 |
| wens | ebardie has worked on some improvements to the Debian importer for cip-kernel-sec | 09:32 |
| wens | GitLab is not working properly to create merge requests though. | 09:32 |
| masashi910 | wens: Ok, so, how should it be dealt with? | 09:33 |
| wens | without MRs, I suppose I could directly review the commits, but the review history would get lost? | 09:34 |
| wens | masashi910: who would have authority to reach out to GitLab about the issue? | 09:34 |
| pave1 | wens: I believe that is reasonable workaround. It is not that history for our support scripts is super important. | 09:34 |
| wens | OK. I can start reviewing then, though I believe GitLab should be fixed properly. | 09:35 |
| wens | Is anyone hitting the same roadblock on other repositories? | 09:36 |
| masashi910 | wens: Thanks. Don't you have authory to fix GitLab? | 09:36 |
| wens | masashi910: we would need to reach out to GitLab support | 09:37 |
| patersonc | We should raise an issue on their support forum at least | 09:37 |
| masashi910 | wens: I see. | 09:38 |
| masashi910 | wens: anyway, I would appreciate it if you can start reviewing. | 09:38 |
| masashi910 | any other topics? | 09:38 |
| masashi910 | 3 | 09:39 |
| masashi910 | 2 | 09:39 |
| masashi910 | 1 | 09:39 |
| masashi910 | #topic Kernel testing | 09:39 |
| *** brlogger changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 09:39 | |
| patersonc | I hope to start getting CI running on the 5.10 stable-rc releases soon, at least on in-tree defconfigs. After that we need to decide what CIP specific configs we want to support/test. | 09:39 |
| patersonc | And what the official reference platforms are | 09:39 |
| patersonc | I guess that's a topic for the TSC though | 09:39 |
| pave1 | Actually... It might be better to do it the other way around :-). | 09:40 |
| patersonc | True | 09:40 |
| pave1 | Just run the configs from 4.19, so we can tell TSC "hey, these platforms work". | 09:40 |
| patersonc | Good shout | 09:41 |
| pave1 | I assume/hope everything will just work, but it would good to confirm before something becomes "officially supported". | 09:41 |
| patersonc | Indeed | 09:41 |
| masashi910 | patersonc: Thanks for your works! | 09:42 |
| masashi910 | any other topics? | 09:42 |
| masashi910 | Today, Yoshida-san is not here. So let's skip "CIP Security". | 09:43 |
| masashi910 | #topic AOB | 09:43 |
| *** brlogger changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 09:43 | |
| masashi910 | Are there any business to discuss? | 09:43 |
| masashi910 | 3 | 09:43 |
| masashi910 | 2 | 09:43 |
| masashi910 | 1 | 09:43 |
| masashi910 | If there are no topics, then, let's close the meeting. | 09:43 |
| masashi910 | #endmeeting | 09:43 |
| brlogger | Meeting ended Thu Jan 7 09:43:54 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 09:43 |
| brlogger | Minutes: https://irclogs.baserock.org/meetings/cip/2021/01/cip.2021-01-07-09.00.html | 09:43 |
| brlogger | Minutes (text): https://irclogs.baserock.org/meetings/cip/2021/01/cip.2021-01-07-09.00.txt | 09:43 |
| brlogger | Log: https://irclogs.baserock.org/meetings/cip/2021/01/cip.2021-01-07-09.00.log.html | 09:43 |
| *** brlogger changes topic to "Civil Infrastructure Platform Project. Find the logs at https://irclogs.baserock.org/cip/" | 09:43 | |
| masashi910 | Thank you, and stay safe! | 09:44 |
| pave1 | Thank you! | 09:44 |
| wens | Thank you! | 09:44 |
| fujita | Thank you! | 09:44 |
| patersonc | Thank you masashi910 | 09:44 |
| pave1 | Well, we are "best in covid", again! Staying safe is now ... extra important :-(. | 09:44 |
| wens | :( | 09:45 |
| masashi910 | :( | 09:45 |
| wens | pave1: where are you based? | 09:45 |
| pave1 | wens: Czech Republic. | 09:46 |
| wens | I see. | 09:46 |
| pave1 | wens: Fortunately I can work from home easily, still situation is a bit interesting. | 09:46 |
| *** fujita has quit IRC | 10:18 | |
| *** monstr has joined #cip | 10:23 | |
| *** pave1 has quit IRC | 11:15 | |
| *** p4v31 has quit IRC | 11:28 | |
| *** masashi910 has quit IRC | 12:02 | |
| *** monstr has quit IRC | 12:37 | |
| *** monstr has joined #cip | 12:40 | |
| *** monstr has joined #cip | 12:40 | |
| *** tpollard has joined #cip | 13:03 | |
| sashal | wens: I've grabbed CVE-2020-36158. feel free to ping me directly if you spot missing stuff like that, less paperwork than tracking it across meetings :) | 15:20 |
| *** eduardas has joined #cip | 15:37 | |
| wens | sashal: ah, thanks! | 16:41 |
| *** eduardas_ has joined #cip | 17:12 | |
| *** eduardas has quit IRC | 17:13 | |
| *** eduardas_ has quit IRC | 17:20 | |
| *** eduardas has joined #cip | 17:20 | |
| *** samwilson_ has quit IRC | 18:26 | |
| *** samwilson_ has joined #cip | 18:53 | |
| *** samwilson_ has quit IRC | 19:19 | |
| *** eduardas has quit IRC | 19:32 | |
| *** monstr has quit IRC | 21:03 | |
| *** tpollard has quit IRC | 21:16 | |
| *** brlogger has joined #cip | 21:47 | |
| *** rajm has quit IRC | 22:59 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!