08:59:59 <masashi910> #startmeeting CIP IRC weekly meeting
08:59:59 <brlogger> Meeting started Thu Oct 22 08:59:59 2020 UTC and is due to finish in 60 minutes.  The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:59:59 <brlogger> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
08:59:59 <brlogger> The meeting name has been set to 'cip_irc_weekly_meeting'
09:00:02 <masashi910> #topic rollcall
09:00:10 <masashi910> please say hi if you're around
09:00:17 <patersonc> hi
09:00:18 <wens> hi
09:00:23 <fujita> hi
09:00:51 <iwamatsu> hi
09:01:02 <masashi910> #topic AI review
09:01:16 <masashi910> 1. Combine root filesystem with kselftest binary - iwamatsu
09:01:18 <iwamatsu> no update for this.
09:01:29 <masashi910> iwamatsu: Noted. Thanks.
09:01:36 <masashi910> 2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - masashi910
09:01:43 <pave1> hi
09:01:46 <masashi910> Pavel-san, Chen-Yu-san, thanks for your follow-up discussions on this.
09:01:53 <masashi910> https://lore.kernel.org/cip-dev/20201014141355.GA16362@duo.ucw.cz/
09:01:53 <masashi910> https://lore.kernel.org/cip-dev/CAGb2v66aPu3wn_0PwRsp3V=LV5aFPwxEO8Rhzsz-bCeF2PDv-g@mail.gmail.com/
09:02:00 <masashi910> Do you have any suggestions how to proceed or conclude this?
09:02:13 <wens> there's another new CVE (or old, since it's from 2019) for i40e :(
09:02:32 <masashi910> wens: Oh...
09:02:39 <wens> I'd say just backport the commits Intel listed.
09:02:39 <iwamatsu> what CVE number?
09:02:48 <pave1> From the commits we identified, there was nothing that looked like worth backporting.
09:02:57 <wens> iwamatsu: CVE-2019-0149
09:03:06 <iwamatsu> wens: thanks
09:03:36 <pave1> Memory leaks in error paths...
09:04:11 <iwamatsu> I see.
09:04:14 <masashi910> pave1: Please let me confirm. Not worth backporting for CVE-2019-0145, CVE-2019-0147, CVE-2019-0148?
09:05:35 <pave1> I guess I would need to take another look. But it certainly did not look urgent.
09:05:44 <pave1> 7015ca3df965378bcef072cca9cd63ed098665b5 -- can malicious user trigger this at all?
09:06:24 <masashi910> pave1: Thanks for your comments. Then, shall I keep this AI open and follow at the next IRC meeting?
09:06:31 <pave1> 147: references the same CVE.
09:06:57 <pave1> If wens has time, perhaps we can talk after the meeting?
09:07:02 <wens> sure
09:07:12 <pave1> Thanks :-).
09:07:16 <masashi910> pave1, wens: Thanks!
09:07:26 <masashi910> So, let's move on.
09:07:36 <masashi910> #topic Kernel maintenance updates
09:08:14 <wens> 5 new CVEs this week, including the i40e one:
09:08:23 <wens> - CVE-2019-0149 [net/i40e]
09:08:23 <wens> - CVE-2020-0423 [binder] - fixed in mainline
09:08:23 <wens> - CVE-2020-25656 [vt_do_kdgkb_ioctl use after free]
09:08:23 <wens> - CVE-2020-27152 [KVM]
09:08:24 <wens> - CVE-2020-27194 [bpf verifier] - fixed in mainline and 5.8 (introduced in v5.7)
09:08:24 <iwamatsu> I revewed 4.4.240.
09:08:45 <pave1> Investigating CVEs, reviewing PCIe EP changes, few patches reviewed for 4.19.153.
09:09:05 <wens> I haven't finished this week's merge request, so the details aren't on gitlab yet.
09:09:07 <masashi910> wens: Are there any urgent patches among 5 CVEs?
09:09:38 <wens> no.
09:09:47 <wens> I don't believe we need to care about binder.
09:09:52 <masashi910> wens: I see. Thanks.
09:10:03 <wens> KVM and vt don't have fixes yet
09:10:52 <masashi910> wens, iwamatsu, pave1: Thanks for your works!
09:11:15 <masashi910> any other topics?
09:11:28 <masashi910> 3
09:11:29 <wens> I haven't included pave1's investigation into the Bluetooth patches either.
09:11:44 <wens> hopefully I will get everything done by this weekend.
09:12:01 <pave1> wens: AFAICT, Bluetooth is now solved.
09:12:55 <wens> pave1: thanks. I will make sure they are documented properly, instead of the big mess it is right now.
09:13:44 <masashi910> wens, pave1: Thanks for additional info and works.
09:13:51 <masashi910> Any other topics?
09:13:59 <masashi910> 3
09:14:02 <masashi910> 2
09:14:05 <masashi910> 1
09:14:08 <masashi910> #topic Kernel testing
09:14:28 <patersonc> Hello
09:14:38 <patersonc> Not much done since last week.
09:14:53 <patersonc> I recorded a presentation for ELC-E with Kudo-san. That's probably about it.
09:15:29 <masashi910> patersonc: Thanks!
09:15:33 <pave1> I wanted to follow up to zoom meeting...
09:15:46 <masashi910> pave1: please/
09:15:59 <pave1> I submit kernel for testing, then I look for the green tick marks.
09:16:09 <pave1> ...on gitlab.
09:16:30 <pave1> But I should be really going deeper into the test results to see what really failed, right?
09:17:02 <patersonc> Yea
09:17:17 <pave1> Are there some long term plans to fix that?
09:17:33 <patersonc> Yea. I plan to start using KernelCI's front end
09:17:46 <pave1> Great, thanks.
09:18:14 <masashi910> Thanks for the discussion. Any other topics?
09:18:25 <masashi910> 3
09:18:29 <masashi910> 2
09:18:32 <masashi910> 1
09:18:35 <masashi910> #topic CIP Security
09:18:43 <masashi910> Today, Yoshida-san is not here.
09:18:49 <masashi910> As was reported, the WG started the discussion with the certification body.
09:18:59 <masashi910> We are discussing both IEC62443-4-1 (process requirements) and -4-2 (feature requirements).
09:19:22 <patersonc> For example pave1: from the test run you ran yesterday, you can see results like this for each individual test job: https://lava.ciplatform.org/results/68202
09:19:37 <masashi910> When the requirements become clear, they will be shared with each team how to deal with them.
09:19:56 <patersonc> pave1: And then at a lower level: https://lava.ciplatform.org/results/68202/0_spectre-meltdown-checker-test
09:21:12 <masashi910> ok, let's move on.
09:21:20 <masashi910> #topic AOB
09:21:27 <masashi910> I would like to propose to skip the IRC meeting next week because of ELCE2020.
09:21:34 <masashi910> Any objections?
09:22:03 <masashi910> 3
09:22:08 <masashi910> 2
09:22:12 <masashi910> 1
09:22:15 <masashi910> Thanks, then there is no IRC meeting next week.
09:22:23 <masashi910> Are there any business to discuss?
09:22:51 <masashi910> If no, let's close the meeting today.
09:23:00 <masashi910> #endmeeting