* [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33
@ 2019-06-14 9:11 nobuhiro1.iwamatsu at toshiba.co.jp
2019-06-16 22:14 ` nobuhiro1.iwamatsu at toshiba.co.jp
0 siblings, 1 reply; 5+ messages in thread
From: nobuhiro1.iwamatsu at toshiba.co.jp @ 2019-06-14 9:11 UTC (permalink / raw)
To: cip-dev
Hi all,
CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33.
You can get this release via the git tree at:
4.19.50-cip3:
repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch: linux-4.19.y-cip
commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6
4.4.181-cip33:
repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch: linux-4.4.y-cip
commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9
And I introduce the updates for each kernel below.
About 4.19.50-cip3:
* This version has been updated from stable version 4.19.13 to 4.19.50, and
many CVE fixes including MDS (Microarchitectural Data Sampling: CVE-2018-12130,
CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091).
* CIP updates include device-tree fixes by Renesas.
About 4.4.176-cip32:
* This version has been updated from stable version 4.4.176 to 4.4.181, and
this also includes MDS fixes as in 4.19.y.
* CIP updates include update of RZ/G1C by Renesas.
We plan to update the next CIP kernel on the fourth Friday.
Best regards,
Nobuhiro
^ permalink raw reply [flat|nested] 5+ messages in thread* [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 2019-06-14 9:11 [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 nobuhiro1.iwamatsu at toshiba.co.jp @ 2019-06-16 22:14 ` nobuhiro1.iwamatsu at toshiba.co.jp 2019-06-19 16:58 ` Jan Kiszka 0 siblings, 1 reply; 5+ messages in thread From: nobuhiro1.iwamatsu at toshiba.co.jp @ 2019-06-16 22:14 UTC (permalink / raw) To: cip-dev Hi, > -----Original Message----- > From: iwamatsu nobuhiro(?? ?? ????????) > Sent: Friday, June 14, 2019 6:12 PM > To: cip-dev at lists.cip-project.org > Cc: SZ.Lin at moxa.com; Pavel Machek <pavel@denx.de>; Ben Hutchings > <ben.hutchings@codethink.co.uk> > Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 > > Hi all, > > CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33. > You can get this release via the git tree at: > > 4.19.50-cip3: > > repository: > https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git > branch: linux-4.19.y-cip > commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 > > 4.4.181-cip33: > > repository: > https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git > branch: linux-4.4.y-cip > commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 > > And I introduce the updates for each kernel below. > > About 4.19.50-cip3: > * This version has been updated from stable version 4.19.13 to 4.19.50, > and > many CVE fixes including MDS (Microarchitectural Data Sampling: > CVE-2018-12130, > CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). > * CIP updates include device-tree fixes by Renesas. > > About 4.4.176-cip32: > * This version has been updated from stable version 4.4.176 to 4.4.181, > and > this also includes MDS fixes as in 4.19.y. > * CIP updates include update of RZ/G1C by Renesas. > I forgot to explain about MDS. Although patches for MDS are included in this release, no test code has been published for these, so we have not tested for MDS. Also, patches did not really follow the stable rules, so they could not be checked the same way as checking for other patches. But the bug is ugly enough so we included the patches anyway. For the above reasons, modern x86 CPUs can not really be trusted with secrets; similar attacks are likely to happen in future. Best regards, Nobuhiro ^ permalink raw reply [flat|nested] 5+ messages in thread
* [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 2019-06-16 22:14 ` nobuhiro1.iwamatsu at toshiba.co.jp @ 2019-06-19 16:58 ` Jan Kiszka 2019-06-20 10:00 ` nobuhiro1.iwamatsu at toshiba.co.jp 2019-06-24 11:11 ` Pavel Machek 0 siblings, 2 replies; 5+ messages in thread From: Jan Kiszka @ 2019-06-19 16:58 UTC (permalink / raw) To: cip-dev On 17.06.19 00:14, nobuhiro1.iwamatsu at toshiba.co.jp wrote: > Hi, > >> -----Original Message----- >> From: iwamatsu nobuhiro(?? ?? ????????) >> Sent: Friday, June 14, 2019 6:12 PM >> To: cip-dev at lists.cip-project.org >> Cc: SZ.Lin at moxa.com; Pavel Machek <pavel@denx.de>; Ben Hutchings >> <ben.hutchings@codethink.co.uk> >> Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 >> >> Hi all, >> >> CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33. >> You can get this release via the git tree at: >> >> 4.19.50-cip3: >> >> repository: >> https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git >> branch: linux-4.19.y-cip >> commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 >> >> 4.4.181-cip33: >> >> repository: >> https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git >> branch: linux-4.4.y-cip >> commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 >> >> And I introduce the updates for each kernel below. >> >> About 4.19.50-cip3: >> * This version has been updated from stable version 4.19.13 to 4.19.50, >> and >> many CVE fixes including MDS (Microarchitectural Data Sampling: >> CVE-2018-12130, >> CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). >> * CIP updates include device-tree fixes by Renesas. >> >> About 4.4.176-cip32: >> * This version has been updated from stable version 4.4.176 to 4.4.181, >> and >> this also includes MDS fixes as in 4.19.y. >> * CIP updates include update of RZ/G1C by Renesas. >> > > I forgot to explain about MDS. > > Although patches for MDS are included in this release, no test code has been > published for these, so we have not tested for MDS. Also, patches did not > really follow the stable rules, so they could not be checked the same way > as checking for other patches. But the bug is ugly enough so we included > the patches anyway. > For the above reasons, modern x86 CPUs can not really be trusted with secrets; > similar attacks are likely to happen in future. > I wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex. Anyway, different while similar topic: Is there a plan to quickly follow up with releases containing the SACK issue patches? That is cooking everywhere now. Thanks, Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux ^ permalink raw reply [flat|nested] 5+ messages in thread
* [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 2019-06-19 16:58 ` Jan Kiszka @ 2019-06-20 10:00 ` nobuhiro1.iwamatsu at toshiba.co.jp 2019-06-24 11:11 ` Pavel Machek 1 sibling, 0 replies; 5+ messages in thread From: nobuhiro1.iwamatsu at toshiba.co.jp @ 2019-06-20 10:00 UTC (permalink / raw) To: cip-dev Hi! > -----Original Message----- > From: Jan Kiszka [mailto:jan.kiszka at siemens.com] > Sent: Thursday, June 20, 2019 1:59 AM > To: iwamatsu nobuhiro(?? ?? ????????) > <nobuhiro1.iwamatsu@toshiba.co.jp>; cip-dev at lists.cip-project.org > Cc: SZ.Lin at moxa.com > Subject: Re: [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 > > On 17.06.19 00:14, nobuhiro1.iwamatsu at toshiba.co.jp wrote: > > Hi, > > > >> -----Original Message----- > >> From: iwamatsu nobuhiro(?? ?? ????????) > >> Sent: Friday, June 14, 2019 6:12 PM > >> To: cip-dev at lists.cip-project.org > >> Cc: SZ.Lin at moxa.com; Pavel Machek <pavel@denx.de>; Ben Hutchings > >> <ben.hutchings@codethink.co.uk> > >> Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 > >> > >> Hi all, > >> > >> CIP kernel team has released Linux kernel 4.19.50-cip3 and > 4.4.181-cip33. > >> You can get this release via the git tree at: > >> > >> 4.19.50-cip3: > >> > >> repository: > >> https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git > >> branch: linux-4.19.y-cip > >> commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 > >> > >> 4.4.181-cip33: > >> > >> repository: > >> https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git > >> branch: linux-4.4.y-cip > >> commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 > >> > >> And I introduce the updates for each kernel below. > >> > >> About 4.19.50-cip3: > >> * This version has been updated from stable version 4.19.13 to > >> 4.19.50, and > >> many CVE fixes including MDS (Microarchitectural Data Sampling: > >> CVE-2018-12130, > >> CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). > >> * CIP updates include device-tree fixes by Renesas. > >> > >> About 4.4.176-cip32: > >> * This version has been updated from stable version 4.4.176 to > >> 4.4.181, and > >> this also includes MDS fixes as in 4.19.y. > >> * CIP updates include update of RZ/G1C by Renesas. > >> > > > > I forgot to explain about MDS. > > > > Although patches for MDS are included in this release, no test code > > has been published for these, so we have not tested for MDS. Also, > > patches did not really follow the stable rules, so they could not be > > checked the same way as checking for other patches. But the bug is > > ugly enough so we included the patches anyway. > > For the above reasons, modern x86 CPUs can not really be trusted with > > secrets; similar attacks are likely to happen in future. > > > > I wouldn't see it that extreme, it still heavily depends on what you are > running and where. Also, the attacks are getting more complex. > > Anyway, different while similar topic: Is there a plan to quickly follow > up with releases containing the SACK issue patches? That is cooking > everywhere now. > We talked about this at today's IRC meeting, we decided to release this soon. Best regards, Nobuhiro ^ permalink raw reply [flat|nested] 5+ messages in thread
* [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 2019-06-19 16:58 ` Jan Kiszka 2019-06-20 10:00 ` nobuhiro1.iwamatsu at toshiba.co.jp @ 2019-06-24 11:11 ` Pavel Machek 1 sibling, 0 replies; 5+ messages in thread From: Pavel Machek @ 2019-06-24 11:11 UTC (permalink / raw) To: cip-dev Hi! > > Although patches for MDS are included in this release, no test code has been > > published for these, so we have not tested for MDS. Also, patches did not > > really follow the stable rules, so they could not be checked the same way > > as checking for other patches. But the bug is ugly enough so we included > > the patches anyway. > > For the above reasons, modern x86 CPUs can not really be trusted with secrets; > > similar attacks are likely to happen in future. > > > > I wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex. > Well, most systems do not really need to protect local user's secrets from each other. We simply don't allow code execution for untrusted parties. If someone decides to combine "top secret document storage" and "honeypot giving shell to attackers" on single machine, well, they are asking for trouble. Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: <http://lists.cip-project.org/pipermail/cip-dev/attachments/20190624/698caec2/attachment.sig> ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-06-24 11:11 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-06-14 9:11 [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 nobuhiro1.iwamatsu at toshiba.co.jp 2019-06-16 22:14 ` nobuhiro1.iwamatsu at toshiba.co.jp 2019-06-19 16:58 ` Jan Kiszka 2019-06-20 10:00 ` nobuhiro1.iwamatsu at toshiba.co.jp 2019-06-24 11:11 ` Pavel Machek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox