From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail2.protonmail.ch (mail2.protonmail.ch [185.70.40.22]) by mx.groups.io with SMTP id smtpd.web09.15976.1582135761135475060 for ; Wed, 19 Feb 2020 10:09:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@protonmail.com header.s=default header.b=GabY9wBk; spf=pass (domain: protonmail.com, ip: 185.70.40.22, mailfrom: vit9696@protonmail.com) Date: Wed, 19 Feb 2020 18:09:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1582135758; bh=AUTqgHkswBfBsmKHEd4N8eHgV5+J38sa384TDNnv6SI=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=GabY9wBkUUDHKFXVGcCADHHGARN083qqQ5g4U3b0/oLUXM8IbSEOERO+gW47GhN6M debMjRYxlVVLP12r4Bg9ptZJk84flrIp+Kg1rjuNweOPDDRKC/SHwSEJfWJzKIGl+P TgpxXBN8FhI6UEVBpTQJeGiUGDP42q5C7qERtIME= To: "Gao, Liming" From: "Vitaly Cheptsov" Cc: "Kinney, Michael D" , Laszlo Ersek , "Guptha, Soumya K" , "leif@nuviainc.com" , "afish@apple.com" , "devel@edk2.groups.io" , =?UTF-8?Q?Marvin_H=C3=A4user?= Reply-To: vit9696 Subject: Re: Patch List for 202002 stable tag Message-ID: In-Reply-To: <21493dd751f34291a59874d55c34fd13@intel.com> References: <7f58502307c643999e73ee73673f5fae@intel.com> <21493dd751f34291a59874d55c34fd13@intel.com> Feedback-ID: p9QuX-L1wMgUm6nrSvNrf8juLupNs0VSnzXGVXuYDxlEahFdWtaedWDMB9zpwGDklGt7kzs1-RBc0cqz327Gcg==:Ext:ProtonMail MIME-Version: 1.0 X-Spam-Status: No, score=-0.7 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.protonmail.ch X-Groupsio-MsgNum: 54648 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha256; boundary="---------------------b064fa53d6fde6a9045456d9baf1bd30"; charset=UTF-8 -----------------------b064fa53d6fde6a9045456d9baf1bd30 Cc: "Kinney, Michael D" , Laszlo Ersek , "Guptha, Soumya K" , "leif@nuviainc.com" , "afish@apple.com" , "devel@edk2.groups.io" , =?utf-8?Q?Marvin_H=C3=A4user?= Content-Type: multipart/alternative; boundary="Apple-Mail=_14C841B9-D55B-42C7-85C5-220100A9C8D6" Date: Wed, 19 Feb 2020 21:08:00 +0300 From: vit9696 In-Reply-To: <21493dd751f34291a59874d55c34fd13@intel.com> Message-Id: Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) References: <7f58502307c643999e73ee73673f5fae@intel.com> <21493dd751f34291a59874d55c34fd13@intel.com> Subject: Re: Patch List for 202002 stable tag To: "Gao, Liming" X-Mailer: Apple Mail (2.3608.60.0.2.5) --Apple-Mail=_14C841B9-D55B-42C7-85C5-220100A9C8D6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Liming, Thanks for pinging me about this! With the PCD[1][2] I fully agree. The fact that it did not manage to land i= s mainly due to a sudden discussion that arose after complete silence for a= lmost half a year, which was sort of unexpected. I will use this message as= a suggestion to include this change as one of the primary goals for 202005= and kindly ask others to help to agree on the actual implementation. This = bug strongly concerns us and we believe the fact that it does not (yet) cau= se issues to everyone is mainly coincidence. With the Shell patch, the fact that I cannot enter upper case letters or us= e hotkeys in the editor sounds like a bug to me. The way the actual commit = message is written reflects the change of the internal logic in the codebas= e (it adds support of specific behaviour handling on the target). In my opi= nion, it should not necessarily include the word =C2=ABFix=C2=BB to be qual= ified as a bugfix, this is what bugzilla is for. I am personally ok with deferring it to a next stable tag, but if the reaso= ning for this is =C2=ABFeature planning freeze=C2=BB dates, they do not str= ictly apply due to the reasons I stated above. So far the patch received on= ly one review comment, which in fact was due to a minor misinterpretation. = We also did some fairly extensive testing on our side before the submission= (that=E2=80=99s why it actually took us a few more days). Unless the team = has a lot of important work for the release, we can postpone the merge, oth= erwise I think it should be safe to merge this. Best wishes, Vitaly [1] https://bugzilla.tianocore.org/show_bug.cgi?id=3D2054 [2] https://edk2.groups.io/g/devel/topic/69401948 > 19 =D1=84=D0=B5=D0=B2=D1=80. 2020 =D0=B3., =D0=B2 18:39, Gao, Liming =D0=BD=D0=B0=D0=BF=D0=B8=D1=81=D0=B0=D0=BB(=D0=B0): >=20 >=20 > Mike and Laszlo: > Thanks for your comments. >=20 > Vitaly: > You request below two patches to catch 202002 stable tag. I agree with M= ike and Laszlo comments. They are not ready to catch this stable tag. The f= irst one is under discussion. The second one is like the enhancement or fea= ture instead of the bug fix. It is submitted after Feb 7th Feature Planning= Freeze. So, I suggest to defer them to next stable tag 202005. >=20 > https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PA= TCH v3 0/1] Add PCD to disable safe string constraint assertions (solution = under discussion) > https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add su= pport for input with separately reported modifiers (under review, is this a= feature or bug in the discussion) >=20 > Thanks > Liming >> -----Original Message----- >> From: Kinney, Michael D >> Sent: Wednesday, February 19, 2020 4:43 AM >> To: Laszlo Ersek ; Gao, Liming = ; Guptha, Soumya K ; >> leif@nuviainc.com; afish@apple.com; Kinney, Michael D >> Cc: devel@edk2.groups.io >> Subject: RE: Patch List for 202002 stable tag >>=20 >> Hi Laszlo, >>=20 >> I agree with your assessments. >>=20 >> One comment below. >>=20 >> Mike >>=20 >>> -----Original Message----- >>> From: Laszlo Ersek >>> Sent: Tuesday, February 18, 2020 12:04 PM >>> To: Gao, Liming ; Guptha, Soumya >>> K ; Kinney, Michael D >>> ; leif@nuviainc.com; >>> afish@apple.com >>> Cc: devel@edk2.groups.io >>> Subject: Re: Patch List for 202002 stable tag >>>=20 >>> On 02/18/20 15:08, Gao, Liming wrote: >>>> Hi Stewards and all: >>>> I collect current patch lists in devel mail list. >>> Those patch >>>> contributors request to add them for 201902 stable >>> tag. Because we >>>> have enter into Soft Feature Freeze, I want to >>> collect your feedback >>>> for them. If any patches are missing, please reply >>> this mail to add >>>> them. >>>>=20 >>>> Feature List (under review): >>>=20 >>> According to >>> >> SoftFeatureFreeze>, >>> features can be merged during the SFF if their review >>> completed before >>> the SFF. >>>=20 >>> The SFF date is 2020-02-14 00:00:00 UTC-8, per >>> >> EDK-II-Release-Planning>. >>> For me (in CET =3D UTC+1), that makes the deadline 2020- >>> 02-14 09:00:00 >>> CET. >>>=20 >>>>=20 >>> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p >>> cd_to/69401948 >>>> [PATCH v3 0/1] Add PCD to disable safe string >>> constraint assertions >>>> (solution under discussion) >>>=20 >>> Posted on 2020-01-03. Review doesn't appear complete. >>> Technically >>> speaking, it has missed edk2-stable202002. >>>=20 >>> There were two large gaps in the review process, namely >>> between these >>> messages: >>>=20 >>> - https://edk2.groups.io/g/devel/message/53026 [2020- >>> 01-08] >>> - https://edk2.groups.io/g/devel/message/53485 [2020- >>> 01-27] >>> - https://edk2.groups.io/g/devel/message/54133 [2020- >>> 02-10] >>>=20 >>> If review seems stuck, it's advisable to ping once per >>> week, or a bit >>> more frequently. Two weeks ore more between pings is >>> way too long. >>>=20 >>>> https://edk2.groups.io/g/devel/message/54122 [PATCH >>> 1/1] ShellPkg: Add >>>> support for input with separately reported modifiers >>> (under review, is >>>> this a feature or bug in the disucssion) >>>=20 >>> The subject starts with "Add support for...", so it's a >>> new feature, or >>> at least a feature-enablement. >>>=20 >>> Posted on 2020-02-10. Has not been reviewed yet, >>> AFAICT. Same situation >>> as above. (Missed edk2-stable202002, technically >>> speaking.) >>>=20 >>> Note: I don't have a personal preference either way. >>> I'm just pointing >>> out what the SFF definition formally dictates, in my >>> interpretation. >>>=20 >>> If we want to extend the freeze dates, I won't object. >>>=20 >>>> Bug List (reviewed): >>>> https://edk2.groups.io/g/devel/message/54416 [PATCH >>> v2 00/10] Fix >>>> false negative issue in >>> DxeImageVerificationHandler(CVE-2019-14575) >>>=20 >>> Clearly a bug fix; it could go in even during the HFF >>> >> HardFeatureFreeze>. >>>=20 >>>> https://edk2.groups.io/g/devel/message/54523 [PATCH >>>> v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe: >>> Fix double PciIo >>>> Unmap in TRB creation (CVE-2019-14587) >>>=20 >>> Ditto. >>>=20 >>>> https://edk2.groups.io/g/devel/message/54510 [PATCH >>> v6 0/2] >>>> Enhancement and Fixes to BaseHashApiLib >>>=20 >>> Hm. I feel like I need some convincing that patch#1 -- >>> "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with >>> TPM 2.0 >>> Implementation" -- is *also* a bugfix (like patch#2). >>>=20 >>> That question matters because the reviews: >>>=20 >>> - https://edk2.groups.io/g/devel/message/54513 >>> - https://edk2.groups.io/g/devel/message/54567 >>>=20 >>> were not posted before the SFF. >>>=20 >>> ... I guess it's OK. >>=20 >> The description of the bug does not emphasis that >> this really is a bug fix. There were additional >> review comments from the CryptoPkg reviewers after >> the initial review/commit of this feature. These >> changes address that feedback. The alignment with >> TPM 2.0 is to use an existing set of defines for >> the hash algorithms instead of define yet another >> set of defines. Details in this thread: >>=20 >> https://edk2.groups.io/g/devel/topic/70960524#53733 >>=20 >>=20 >>>=20 >>>> https://edk2.groups.io/g/devel/message/53703 [PATCH >>> V2] UefiCpuPkg >>>> RegisterCpuFeaturesLib: Match data type and format >>> specifier >>>=20 >>> Even if this were a feature, it could go in; the review >>> was posted in >>> time: >>> - https://edk2.groups.io/g/devel/message/53803 >>>=20 >>> In fact I don't understand why it hasn't been merged >>> for more than a >>> week now! >>>=20 >>>> https://edk2.groups.io/g/devel/message/53577 [PATCH >>> v1 1/1] ShellPkg: >>>> acpiview: Remove duplicate ACPI structure size >>> definitions >>>=20 >>> Approved in time, regardless of bugfix vs. feature. >>> Should go in. >>>=20 >>>> https://edk2.groups.io/g/devel/message/54192 [PATCH >>> v2 1/1] ShellPkg: >>>> acpiview: Validate ACPI table 'Length' field >>>=20 >>> The review was posted past the SFF, but I agree this >>> looks like a >>> bugfix, so should be OK. (Supplying missing input >>> sanitization is >>> arguably a fix.) >>>=20 >>>>=20 >>>> Bug List (under review) >>>> https://edk2.groups.io/g/devel/message/54361 [PATCH >>> 1/1] >>>> NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE- >>> 2019-14559) >>>> https://edk2.groups.io/g/devel/message/54569 [PATCH >>> v3] >>>> NetworkPkg/Ip4Dxe: Check the received package length >>> (CVE-2019-14559) >>>=20 >>> CVE fixes can clearly go in during the HFF too. >>>=20 >>>> https://edk2.groups.io/g/devel/message/54448 [PATCH >>> v1 1/1] ShellPkg: >>>> acpiview: Prevent infinite loop if structure length >>> is 0 >>>=20 >>> Similar to "ShellPkg: acpiview: Validate ACPI table >>> 'Length' field"; >>> should be OK. >>>=20 >>>=20 >>> Just my opinion, of course. >>>=20 >>> Thanks >>> Laszlo >=20 --Apple-Mail=_14C841B9-D55B-42C7-85C5-220100A9C8D6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Liming,
Thanks for pinging me about this!

With the PCD[1][2] I ful= ly agree. The fact that it did not manage to land is mainly due to a sudden= discussion that arose after complete silence for almost half a year, which= was sort of unexpected. I will use this message as a suggestion to include= this change as one of the primary goals for 202005 and kindly ask others t= o help to agree on the actual implementation. This bug strongly concerns us= and we believe the fact that it does not (yet) cause issues to everyone is= mainly coincidence.

With the Shell patch, the fact that I cannot enter upper case letters= or use hotkeys in the editor sounds like a bug to me. The way the actual c= ommit message is written reflects the change of the internal logic in the c= odebase (it adds support of specific behaviour handling on the target). In = my opinion, it should not necessarily include the word =C2=ABFix=C2=BB to b= e qualified as a bugfix, this is what bugzilla is for.

I am personally ok with deferring it = to a next stable tag, but if the reasoning for this is =C2=ABFeature planni= ng freeze=C2=BB dates, they do not strictly apply due to the reasons I stat= ed above. So far the patch received only one review comment, which in fact = was due to a minor misinterpretation. We also did some fairly extensive tes= ting on our side before the submission (that=E2=80=99s why it actually took= us a few more days). Unless the team has a lot of important work for the r= elease, we can postpone the merge, otherwise I think it should be safe to m= erge this.

Best w= ishes,
Vitaly

<= div>

19 =D1=84=D0=B5=D0=B2=D1=80. 2020 =D0=B3., =D0=B2 18= :39, Gao, Liming <lim= ing.gao@intel.com> =D0=BD=D0=B0=D0=BF=D0=B8=D1=81=D0=B0=D0=BB(=D0=B0= ):


Mike and Laszlo:
 Thanks for your = comments.

Vitaly:
 You req= uest below two patches to catch 202002 stable tag. I agree with Mike and La= szlo comments. They are not ready to catch this stable tag. The first one i= s under discussion. The second one is like the enhancement or feature inste= ad of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. S= o, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1= _add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string cons= traint assertions (solution under discussion)
https://edk2.groups.io= /g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with= separately reported modifiers (under review, is this a feature or bug in t= he discussion)

Thanks
Liming
-----Original Message-----<= br class=3D"">From: Kinney, Michael D <michael.d.kinney@intel.com>
Se= nt: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <= ;lersek@redhat.com>;= Gao, Liming <liming.= gao@intel.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>;
<= a href=3D"mailto:leif@nuviainc.com" class=3D"">leif@nuviainc.com; afish@apple.com; Kinney, Micha= el D <michael.d= .kinney@intel.com>
Cc: devel@edk2.groups.io
Subject: RE: Pat= ch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike

-----Original Message-= ----
From: Laszlo Ersek <lersek@redhat.com>
Sent: Tuesday, Febru= ary 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com>; Guptha, Soumy= a
K <soumya.k.guptha@intel.com>; Kinney, Michael D
<<= a href=3D"mailto:michael.d.kinney@intel.com" class=3D"">michael.d.kinney@in= tel.com>; leif@nuvia= inc.com;
af= ish@apple.com
Cc: devel@edk2.groups.io
Subj= ect: Re: Patch List for 202002 stable tag

On 0= 2/18/20 15:08, Gao, Liming wrote:
Hi Stewards and all:
 I collect current patch= lists in devel mail list.
Those patch
 contributors request to a= dd them for 201902 stable
tag. Because we
 have enter into Soft Fe= ature Freeze, I want to
collect your feedback
 for them. If any pa= tches are missing, please reply
this mail to add=
 them.

Feature List (under review):

According to
<https://github.com/tianocor= e/tianocore.github.io/wiki/
SoftFeatureFreeze>,
features can be merged during the SFF if their review
c= ompleted before
the SFF.

The SFF= date is 2020-02-14 00:00:00 UTC-8, per
<https://github.co= m/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning= >.
For me (in CET =3D UTC+1), that makes the deadline 2020= -
02-14 09:00:00
CET.


http= s://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/694= 01948
[PATCH v3 0/1] Add= PCD to disable safe string
constraint assertion= s
(solution under discus= sion)

Posted on 2020-01-03. Revie= w doesn't appear complete.
Technically
speaking= , it has missed edk2-stable202002.

There were = two large gaps in the review process, namely
between thesemessages:

- https://edk2.groups.io= /g/devel/message/53026 [2020-
01-08]
- https://= edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
0= 2-10]

If review seems stuck, it's advisable to= ping once per
week, or a bit
more frequently. = Two weeks ore more between pings is
way too long.

https://edk2.groups.= io/g/devel/message/54122 [PATCH
1/1] ShellPkg: A= dd
support for input wit= h separately reported modifiers
(under review, i= s
this a feature or bug = in the disucssion)

The subject st= arts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Post= ed on 2020-02-10. Has not been reviewed yet,
AFAICT. Same sit= uation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a perso= nal preference either way.
I'm just pointing
ou= t what the SFF definition formally dictates, in my
interpreta= tion.

If we want to extend the freeze dates, I= won't object.

Bug List (reviewed):
https://edk2.groups.io/g/devel/mes= sage/54416 [PATCH
v2 00/10] Fix
false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
= HardFeatureFreeze>.

https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo
Unmap in TRB creation (CVE-2019-14587)

Ditto.

https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]
Enhanc= ement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"Cryp= toPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:
<= br class=3D"">- https://edk2.groups.io/g/devel/message/54513
= - https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess i= t's OK.

The description of the bu= g does not emphasis that
this really is a bug fix.  Ther= e were additional
review comments from the CryptoPkg reviewer= s after
the initial review/commit of this feature.  Thes= e
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
t= he hash algorithms instead of define yet another
set of defin= es.  Details in this thread:

https://edk2= .groups.io/g/devel/topic/70960524#53733


https://edk2.groups.io/g/devel/message/53703 [PA= TCH
V2] UefiCpuPkg
RegisterCpuFeaturesLib: Match data type and format
specifier

Even if thi= s were a feature, it could go in; the review
was posted intime:
- https://edk2.groups.io/g/devel/message/53= 803

In fact I don't understand why it hasn't b= een merged
for more than a
week now!

https://edk2.grou= ps.io/g/devel/message/53577 [PATCH
v1 1/1] Shell= Pkg:
acpiview: Remove du= plicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.Should go in.

https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:
acpiview: Validate ACPI table 'Length' field
<= /blockquote>
The review was posted past the SFF, but I agree = this
looks like a
bugfix, so should be OK. (Sup= plying missing input
sanitization is
arguably a= fix.)

Bug List (under review)
https://edk2.groups.io/g= /devel/message/54361 [PATCH
1/1]
<= blockquote type=3D"cite" class=3D"">NetworkPkg/ArpDxe: Recycle invalid ARP = packets(CVE-
2019-14559)
https://edk2.groups.io/g/devel/message/54569 [P= ATCH
v3]
NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes = can clearly go in during the HFF too.

https://edk2.groups.io/g/devel/message/54448 [= PATCH
v1 1/1] ShellPkg:
acpiview: Prevent infinite loop if structure len= gth
is 0

Similar to= "ShellPkg: acpiview: Validate ACPI table
'Length' field";should be OK.


Just = my opinion, of course.

Thanks
La= szlo


--Apple-Mail=_14C841B9-D55B-42C7-85C5-220100A9C8D6-- -----------------------b064fa53d6fde6a9045456d9baf1bd30 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBmBAEBCAAQBQJeTXm9CRBPsoxt7Hy0xQAKCRBPsoxt7Hy0xWZpB/9FEZAo FM6psKH2tG42utHo2XuDoNNjbx6VnfPLRxWWdaqm+05E/9qNGAA/TjHwMGMa b5oivXGNvBkRiBh+whRSF5GtIWEtsUcrST5q6sTlX+SQgC3G+7UTAwlsg7bi Fxq4IZj/UGWh74gdUzhHJgShwjDP/tlv0vG4KP9OgIpAS8tYS0ed1uZ7ip66 oXWlqO7g2RzQX6vIqz7jwOLkMvboN9Ldj0vCN6uiF/CzxTsjxCav/77PkDm3 xRBa8HeZmYdm7K5nJLe7Wf5nTIEQicrzs0zr2uZytTiaOXatE5SUYseRf8mO WLbyQzcK9wGwujd2nzIvjNYSqQlkR8vWK2k5 =vnJ4 -----END PGP SIGNATURE----- -----------------------b064fa53d6fde6a9045456d9baf1bd30--