#cip log

09:00:00 <masashi910> #startmeeting CIP IRC weekly meeting
09:00:00 <brlogger`> Meeting started Thu Sep 17 09:00:00 2020 UTC and is due to finish in 60 minutes.  The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:00:00 <brlogger`> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:00 <brlogger`> The meeting name has been set to 'cip_irc_weekly_meeting'
09:00:04 <masashi910> #topic rollcall
09:00:10 <masashi910> please say hi if you're around
09:00:13 <patersonc> Mornin
09:00:24 <wens> hi
09:00:29 <iwamatsu> hi
09:00:50 <samwilson_> hi
09:00:59 <masashi910> #topic AI review
09:01:06 <masashi910> 1. Combine root filesystem with kselftest binary - iwamatsu
09:01:24 <iwamatsu> no update about this, sorry
09:01:26 <pave1> hi
09:01:31 <masashi910> iwamatsu: Noted. Thanks.
09:01:37 <masashi910> 2. Post LTP results to KernelCI - patersonc
09:01:43 <masashi910> Per Chris-san's request, this AI is closed. This is in Chris-san's backlog, but will not be addressed in the near future.
09:01:55 <masashi910> any other topics?
09:01:56 <patersonc> Thanks
09:02:07 <masashi910> patersonc: Sure. :)
09:02:15 <masashi910> 3
09:02:18 <masashi910> 2
09:02:21 <masashi910> 1
09:02:22 <masashi910> #topic Kernel maintenance updates
09:02:38 <pave1> I have reviewed patches for 4.19.145 and .146.
09:03:04 <wens> nine new CVEs this week, most are fixed # https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requests/71
09:03:15 <pave1> In .146, functionality is removed (scrollback on fbcon). I believe that is bad idea as scrollback is quite important for kernel debugging on PCs.
09:03:34 <iwamatsu> I reviewed v4.4.236 and 237-rc1
09:03:46 <wens> pave1: having spent time in datacenters with VGA consoles, I agree
09:05:09 <wens> CVE-2020-25284 is in rbd ( Ceph block device ). Siemens has this built as a module in their 4.4-rt x86 config, but not their 4.19 one
09:06:06 <wens> masashi910: Could you reach out to them to clarify if they use it or not?
09:06:25 <wens> if they do, we'll need to backport the fix to 4.4
09:06:38 <masashi910> wens: CVE-2020-25284, sure, I will.
09:07:33 <masashi910> wens: if they need, backport to 4.4-rt is needed, is it correct?
09:07:59 <wens> masashi910: correct. currently it is only fixed for v4.19 and later stable kernels
09:08:20 <masashi910> pave1, wens, iwamatsu: Thanks for your works.
09:08:29 <masashi910> wens: sure.
09:08:38 <masashi910> Any other topics?
09:08:56 <masashi910> 3
09:08:59 <masashi910> 2
09:09:02 <masashi910> 1
09:09:03 <wens> hmm
09:09:06 <masashi910> #topic Kernel testing
09:09:17 <patersonc> Nothing extra to report from me since the TSC on Tuesday
09:09:46 <masashi910> patersonc: Thanks.
09:09:53 <masashi910> Any other topics?
09:10:02 <masashi910> 3
09:10:05 <masashi910> 2
09:10:08 <masashi910> 1
09:10:11 <masashi910> #topic Software update
09:10:17 <masashi910> Quote from Suzuki-san "SW Updates WG don't have any updates this week."
09:10:24 <masashi910> any other topics?
09:10:32 <masashi910> 3
09:10:36 <masashi910> 2
09:10:39 <masashi910> 1
09:10:42 <masashi910> #topic CIP Security
09:10:50 <masashi910> Yoshida-san or Dinesh-san, are you around?
09:10:53 <yoshidak[m]> hi
09:11:06 <masashi910> yoshidak[m]: the floor is yours.
09:12:12 <yoshidak[m]> We are trying to backport duplicity from bullseye to buster since current buster version depends on previous python (2.x).
09:12:12 <masashi910> yoshidak[m]: Do you have any updates?
09:12:39 <yoshidak[m]> Now, we have done to backport implementation and tesing.
09:12:54 <yoshidak[m]> That's all from me today
09:13:10 <masashi910> yoshidak[m]: Thanks for your report.
09:13:20 <masashi910> any other topics?
09:13:26 <masashi910> 3
09:13:29 <masashi910> 2
09:13:32 <masashi910> 1
09:13:35 <masashi910> #topic AOB
09:13:46 <masashi910> Any business to discuss?
09:13:54 <wens> CVE-2020-12888 is related to MMIO access from VM guest to host
09:14:09 <pave1> wens: Yes, I have seen that in 4.19.
09:14:20 <pave1> wens: Basically... you are giving your VM access to your hardware.
09:14:25 <wens> I doubt CIP members use this. Fix is missing from v4.4 (was backported to 4.9 and 4.14 though).
09:14:40 <pave1> wens: ...that means your VM can do "fun" stuff with your hardware.
09:14:50 <pave1> wens: ...simply don't do that. Or don't be surprised.
09:14:55 <wens> lol
09:15:10 <pave1> :-)
09:15:27 <wens> in other news, about MOXA's request to backport TPM support to v4.4
09:16:04 <wens> I believe they require TPM-TIS-SPI and TPM 2.0 support.
09:16:08 <pave1> (If someone needs CVE-2020-12888 to be fixed, we can do that, but... it is quite a corner case).
09:16:27 <wens> I will dig through git history to see what is needed.
09:16:55 <masashi910> wens, pave1: Shall I ask CIP members whether they need backporting of CVE-2020-12888?
09:17:46 <pave1> masashi910: I don't think that's needed.
09:18:07 <masashi910> pave1: OK, thanks!
09:18:13 <wens> Looks like Siemens (x86) and Renesas (arm64) have it enabled.
09:19:17 <wens> nothing else on my end.
09:19:35 <masashi910> wens, pave1: Thanks for your following up discussions.
09:19:46 <masashi910> any other business?
09:20:08 <masashi910> If there are no other topics, let's close the meeting.
09:20:11 <masashi910> #endmeeting