| *** rajm has joined #cip | 06:27 | |
| *** samwilson has joined #cip | 07:22 | |
| *** masashi910 has joined #cip | 07:48 | |
| *** tpollard has joined #cip | 08:07 | |
| *** samwilson has quit IRC | 08:20 | |
| *** samwilson has joined #cip | 08:29 | |
| *** eduardas has joined #cip | 08:46 | |
| masashi910 | #startmeeting CIP IRC weekly meeting | 09:00 |
|---|---|---|
| brlogger | Meeting started Thu Apr 22 09:00:01 2021 UTC and is due to finish in 60 minutes. The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot. | 09:00 |
| brlogger | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 09:00 |
| brlogger | The meeting name has been set to 'cip_irc_weekly_meeting' | 09:00 |
| *** brlogger changes topic to " (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | #topic rollcall | 09:00 |
| *** brlogger changes topic to "rollcall (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | please say hi if you're around | 09:00 |
| wens | hi | 09:00 |
| patersonc | hi | 09:00 |
| *** pave11 has joined #cip | 09:00 | |
| pave11 | hi | 09:00 |
| masashi910 | Let's get started. | 09:00 |
| masashi910 | #topic AI review | 09:00 |
| *** brlogger changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)" | 09:00 | |
| masashi910 | 1. Combine root filesystem with kselftest binary - iwamatsu | 09:01 |
| masashi910 | == Quote from iwamatsu == | 09:01 |
| masashi910 | It is progressing little by little. This is discussed on ML and gitlab. | 09:01 |
| masashi910 | Simple operation has been tested and I have confirmed that it works with QEMU. | 09:01 |
| masashi910 | ==== | 09:01 |
| masashi910 | 2. Do some experiment to lower burdens on CI - patersonc | 09:01 |
| patersonc | No updates :) | 09:01 |
| masashi910 | patersonc: Sure. Thanks. | 09:01 |
| masashi910 | 3. Monitor the status of CVE-2021-3444 and CVE-2021-20292 (3/25) - Kernel Team | 09:02 |
| masashi910 | 4. Monitor the status of CVE-2021-29650 (4/1) - Kernel Team | 09:02 |
| wens | No updates for the first two. | 09:02 |
| wens | As mentioned in this week's report, pave11's backport fix for CVE-2021-29650 didn't hit the stable ML | 09:02 |
| pave11 | wens: Ok, I'll make a note to resend and cc you this time. | 09:03 |
| wens | Guenter Rock did a separate backport, but there were some issues and the series has been put on hold # https://lore.kernel.org/stable/1780f159-140b-231f-8af5-ccec049dc8b0@roeck-us.net/ | 09:03 |
| wens | pave11: I think you used the wrong address for stable? I did get the patch you sent out last week after the meeting, but it's not on the list. | 09:04 |
| pave11 | wens: I'll need to take a look... and also review the on-list discussion. | 09:05 |
| wens | OK. | 09:05 |
| masashi910 | wens, pavel1: Thanks. So, for the moment, I will keep both AIs open. | 09:06 |
| masashi910 | 5. Update Testing table below with 5.10 info - patersonc | 09:06 |
| masashi910 | https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/centalisedtesting/cioverview | 09:06 |
| patersonc | I haven't done this yet | 09:06 |
| masashi910 | patersonc: Ok, I will keep this open. | 09:07 |
| masashi910 | any other topics? | 09:07 |
| masashi910 | 3 | 09:07 |
| masashi910 | 2 | 09:07 |
| masashi910 | 1 | 09:07 |
| masashi910 | #topic Kernel maintenance updates | 09:07 |
| *** brlogger changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)" | 09:07 | |
| masashi910 | == Quote from iwamatsu == | 09:07 |
| masashi910 | I reviewed 4.9.267 and 5.10.32. | 09:07 |
| masashi910 | ==== | 09:08 |
| wens | This week's report: https://lore.kernel.org/cip-dev/CAGb2v662tfa68d6areLEJV=RA3Gwn751-uT7t99uvRe3PN6KKg@mail.gmail.com/ | 09:08 |
| pave11 | I have reviewed patches queued for 5.10.32 & corresponding 4.19 queue. | 09:08 |
| wens | Seven CVEs this week: 3 ignored, 3 fixed, of them 1 needs backporting (CVE-2021-23133 [net/sctp: race in sctp_destroy_sock]), and last one has fixed queued for -next. | 09:09 |
| wens | also for CVE-2021-29155, of all the fix commits, only 1 has a fixes tag. | 09:10 |
| masashi910 | wens, pave11: Thanks for your works. | 09:11 |
| wens | seems CVE-2021-29155 only affects v5.8+ | 09:12 |
| wens | though I am not 100% certain | 09:12 |
| masashi910 | Do we need time to check it? | 09:12 |
| pave11 | wens: If you could push cip-kernel-sec changes, it would be easier to look the information up. | 09:12 |
| wens | pave11: right, now pushed | 09:13 |
| pave11 | wens: Thank yoU! | 09:13 |
| masashi910 | wens, pave11: For now, should both CVE-2021-23133 and CVE-2021-29155 be monitored? | 09:15 |
| wens | CVE-2021-29155 is bpf related, probably not worth the effort | 09:16 |
| masashi910 | wens: Ok, thanks for your comment. | 09:16 |
| wens | and CVE-2021-23133 is SCTP related. Not sure who uses SCTP for what, but IIRC it's pretty niche. | 09:17 |
| pave11 | Agreed about bpf. | 09:17 |
| pave11 | We should really make sure untrusted users are not using BPF on our boxes. | 09:18 |
| pave11 | SCTP seems to be enabled by at least ./4.19.y-cip/x86/plathome_obsvx2.config | 09:18 |
| pave11 | Which does not mean they are using it... | 09:18 |
| masashi910 | wens, pave11: Thanks for your comments. I will ask Minda-san@PlatHome about SCTP. | 09:19 |
| pave11 | masashi910: It is in Siemens configurations, too. | 09:20 |
| masashi910 | pave11: Then, I will ask Jan-san as well. Thanks! | 09:20 |
| pave11 | Thank you! | 09:21 |
| masashi910 | Any other topics? | 09:21 |
| masashi910 | 3 | 09:21 |
| wens | so before v5.8, bpf needed CAP_SYS_ADMIN, or root privs.. After v5.8, it changed to CAP_BPF, allowing non-root users to run bpf. | 09:21 |
| masashi910 | wens: I see. Thanks for this background. | 09:22 |
| wens | I think that means we can ignore CVE-2021-29155. If the user is root they already can look at kernel memory. | 09:22 |
| pave11 | wens: I'd say so. | 09:22 |
| wens | :) | 09:23 |
| masashi910 | wens, pave11: So, we decided to ignore CVE-2021-29155. Thanks. | 09:23 |
| masashi910 | 2 | 09:23 |
| masashi910 | 1 | 09:23 |
| masashi910 | #topic Kernel testing | 09:23 |
| *** brlogger changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)" | 09:23 | |
| masashi910 | patersonc: The floor is yours. | 09:24 |
| patersonc | Sorry I had a Q for the Kernel team | 09:24 |
| patersonc | Do we need to do anything with regards to the UMN reverts? (https://lwn.net/SubscriberLink/853717/333c1087131ab995/) Have any of the patches made it into CIP? Or do we just depend on stable reverting the relevant patches? | 09:24 |
| pave11 | patersonc: We need to revert everything from Greg :-). | 09:25 |
| patersonc | ha :P | 09:25 |
| pave11 | He's wrong here. | 09:25 |
| pave11 | Let me dig an explanation. | 09:25 |
| pave11 | 00~https://lore.kernel.org/lkml/20210422083850.GA5316@amd/01~ | 09:26 |
| pave11 | https://lore.kernel.org/lkml/20210422083850.GA5316@amd/01 | 09:26 |
| masashi910 | patersonc: BTW, revert patches are arriving: | 09:27 |
| masashi910 | https://lore.kernel.org/stable/YIEVGXEoeizx6O1p@debian/T/#t | 09:27 |
| masashi910 | patersonc: BTW do you have any updates? | 09:28 |
| patersonc | From the emails I've seen, a lot of the UDM patches do actually seem to fix issues | 09:28 |
| pave11 | patersonc: Please speak up when you see that. | 09:28 |
| patersonc | I don't have anything particular to add, it's just a surprising story I just started reading on | 09:28 |
| pave11 | patersonc: Because Greg is pushing revert without without proper review. | 09:29 |
| pave11 | If that actually hits the stable, we may want to avoid those stable kernels for a while. | 09:29 |
| pave11 | And yes, it is a big story. | 09:29 |
| patersonc | pave11: positive commits example: https://www.spinics.net/lists/kernel/msg3914800.html | 09:30 |
| pave11 | UMN are not the bad guyes, see the email for explanation. | 09:31 |
| masashi910 | patersonc, pave11: Thanks. If we need to discuss this issue, let's do that after the IRC. | 09:31 |
| patersonc | Sure | 09:31 |
| patersonc | Onto the testing report... | 09:31 |
| patersonc | Work has resumed on getting kselftest working with CIP testing | 09:32 |
| patersonc | Our LAVA infrastructure has been behaving for a change | 09:32 |
| patersonc | That's probably about it | 09:32 |
| pave11 | Yes, so... Testing seems to be better now. | 09:33 |
| masashi910 | patersonc: Thanks for your works. | 09:33 |
| masashi910 | any other topics? | 09:33 |
| pave11 | But I still got timeout. | 09:33 |
| patersonc | pave11: Dohs. For LAVA jobs? Or for gitlab runners? | 09:33 |
| pave11 | When three kernels hit testing at the same time (4.4, 4.19, 5.10)... is 2 hours for a job enough? | 09:33 |
| pave11 | I see it in gitlab. I'm not sure about the background. | 09:34 |
| pave11 | It is easy to just hit retry, but I guess you should know :-). | 09:34 |
| patersonc | I can increase the timeout if you want. Now that we're only using "small" AWS instances for those test jobs the cost impact would be minimal | 09:35 |
| patersonc | Are the jobs timing out waiting for the LAVA jobs to run? | 09:35 |
| patersonc | Or is there another issue? | 09:35 |
| pave11 | I'll grab the debug info next time it happens, ok? | 09:35 |
| masashi910 | pave11: Thanks, yes please. | 09:36 |
| masashi910 | Any other topics? | 09:36 |
| masashi910 | 3 | 09:36 |
| masashi910 | 2 | 09:36 |
| masashi910 | 1 | 09:36 |
| masashi910 | #topic CIP Security | 09:37 |
| *** brlogger changes topic to "CIP Security (Meeting topic: CIP IRC weekly meeting)" | 09:37 | |
| masashi910 | Yoshida-san, are you here? | 09:37 |
| masashi910 | Yoshida-san does not seem to be here, so let's skip. | 09:37 |
| masashi910 | #topic AOB | 09:37 |
| *** brlogger changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)" | 09:37 | |
| masashi910 | 1. Next IRC meeting | 09:37 |
| masashi910 | I cannot host the IRC meeting next week. Can we skip it? | 09:37 |
| pave11 | I believe that makes sense. | 09:38 |
| patersonc | pave11: Thank you Pavel | 09:38 |
| masashi910 | pave11: Thanks. Then, let's meet on May 6. | 09:39 |
| wens | masashi910: happy golden week holidays :) | 09:39 |
| masashi910 | wens: Exactly. :) | 09:39 |
| masashi910 | Are there any business to discuss? | 09:39 |
| masashi910 | 5 | 09:39 |
| patersonc | Enjoy the holiday! | 09:39 |
| masashi910 | patersonc: Oh, Thanks!! But I cannot go anywhere due to COVID19. :( | 09:40 |
| masashi910 | 4 | 09:40 |
| masashi910 | 3 | 09:40 |
| masashi910 | 2 | 09:40 |
| masashi910 | 1 | 09:40 |
| masashi910 | So, let's close today's meeting. | 09:40 |
| masashi910 | #endmeeting | 09:40 |
| brlogger | Meeting ended Thu Apr 22 09:40:42 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 09:40 |
| brlogger | Minutes: https://irclogs.baserock.org/meetings/cip/2021/04/cip.2021-04-22-09.00.html | 09:40 |
| brlogger | Minutes (text): https://irclogs.baserock.org/meetings/cip/2021/04/cip.2021-04-22-09.00.txt | 09:40 |
| brlogger | Log: https://irclogs.baserock.org/meetings/cip/2021/04/cip.2021-04-22-09.00.log.html | 09:40 |
| *** brlogger changes topic to "Civil Infrastructure Platform Project. Find the logs at https://irclogs.baserock.org/cip/" | 09:40 | |
| masashi910 | Thanks, see you! | 09:40 |
| wens | Thank you! | 09:41 |
| pave11 | Thank you, good luck with Covid, and with us luck with Covid and Russia. | 09:41 |
| wens | two things to deal with, ouch | 09:41 |
| pave11 | wens: We are in far better situation than Ukraine, but it is still not fun :-(. | 09:42 |
| pave11 | patersonc: UMN situation: I'm not sure Greg got it right. I'll go through the LWN stuff, but I believe what was hit in review were simply honest mistakes. | 09:43 |
| pave11 | patersonc: From my side I believe it simply shows that stable is _way_ too happy to accept patches. | 09:44 |
| patersonc | Tricky job | 09:44 |
| alicef | o/ | 09:45 |
| pave11 | alicef: Go ahead. | 09:45 |
| alicef | just wanted to say hi :) and that I'm also here. | 09:45 |
| pave11 | patersonc: -stable rules say "known and bad bug" needs to be fixed... but noone really enforces that, so "hmm this is a tiny leak someone may hit, lets fix it" hits stable :-(. | 09:46 |
| iwamatsu | hi all, I am checking meeting log.... | 09:46 |
| patersonc | evening | 09:47 |
| wens | alicef: Welcome :) | 09:47 |
| pave11 | iwamatsu: hi! | 09:47 |
| alicef | I'm working with patersonc and iwamatsu in the kselftest implementation | 09:47 |
| patersonc | alicef: Hello! | 09:47 |
| pave11 | alicef: Good luck :-). Testing can be a lot of fun. | 09:47 |
| patersonc | :) | 09:48 |
| sudip | pave11: I think Greg is not going to revert all the patches, only the patches which does not get another re-review before its merged, and I do have the same concern like you that stable is accepting too many patches than it used to do before. | 09:48 |
| pave11 | sudip: I hope/believe Linus will simply not take the series. | 09:48 |
| sudip | lets see, Greg is planning to send them during the merge window | 09:49 |
| pave11 | sudip: If you believe stable is taking too many patches... I certainly share the concern. Please speak up on the mailing lists... | 09:51 |
| sudip | pave11: but what Greg says is also true that those patches are fixing something | 09:56 |
| pave11 | Well... One possibility would be to ask for stable-kernel-rules document to be fixed. Because according to that document, only subset of fixes is acceptable. | 09:57 |
| pave11 | But what happens in -stable is that "as long as it is not obviously causing problems, it is acceptable". | 09:58 |
| *** pave11 has quit IRC | 10:25 | |
| *** masashi910 has quit IRC | 11:28 | |
| *** monstr has joined #cip | 11:50 | |
| *** monstr has joined #cip | 11:50 | |
| sashal | w.r.t the reverts: there's just no other way to trigger a mass review of those patches again. we suspect that the amount of reverts that'll actually go in will be much smaller | 12:49 |
| sashal | some subsys maintainers err on the "doesn't look useful, so revert" side while others don't too | 12:49 |
| *** samwilson has quit IRC | 13:15 | |
| *** samwilson has joined #cip | 13:39 | |
| *** samwilson has quit IRC | 15:12 | |
| *** samwilson has joined #cip | 15:33 | |
| *** samwilson has quit IRC | 15:40 | |
| *** samwilson has joined #cip | 15:52 | |
| *** eduardas has quit IRC | 15:58 | |
| *** samwilson has quit IRC | 16:28 | |
| *** tpollard has quit IRC | 17:02 | |
| *** monstr has quit IRC | 17:14 | |
| *** ltu86 has joined #cip | 17:40 | |
| *** ltu8 has quit IRC | 17:48 | |
| *** ltu86 is now known as ltu8 | 17:48 | |
| *** samwilson has joined #cip | 18:55 | |
| *** samwilson has quit IRC | 18:55 | |
| *** jwardy has quit IRC | 19:52 | |
| *** jwardy has joined #cip | 19:58 | |
| *** rajm has quit IRC | 22:01 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!