Hi Jonathon, On Tue, May 25, 2021 at 01:47:36AM -0400, Jonathon Reinhart wrote: > Hello Debian kernel team, > > I have recently gone about ensuring that all 'net' sysctls are > properly isolated within kernel network namespaces. In doing so, I > fixed three Linux kernel bugs in mainline and backported to all > relevant LTS kernels. > > The README on this GitHub project should provide all relevant > information about the motivation, bugs, and fixes: > https://github.com/JonathonReinhart/linux-netns-sysctl-verify > > I have confirmed the the following Debian kernels exhibit these bugs: > > Debian 9.13 (stretch): 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 > (2021-03-08) -- "Bug 1" > Debian 10.9 (buster): 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 > (2021-03-19) -- "Bug 1" and "Bug 3" > Debian 11 (bullseye): 5.10.28 -- I haven't yet tested, but this > presumably exhibits "Bug 1", "Bug 2", and "Bug 3" > > Since these kernels track upstream, I'm assuming they will get rolled > into the next release of each. Are these the correct places to track?
Yes correctly, we follow the upstream stable series for 4.19.y in buster and 5.10.y for the upcoming bullseye release, so ensuring they land in the respective branches we will pick them up automaticaly. > > 4.19 stable updates > https://salsa.debian.org/kernel-team/linux/-/merge_requests/343 > > 5.10 stable updates -- I'm assuming this is what will make it into the > bullseye release. > https://salsa.debian.org/kernel-team/linux/-/merge_requests/364 > > Should I assume there will be no updates to the 4.9.0 kernel? No, for stretch's 4.9.y based kernel it is followed the same strategy, and in fact Ben already imported the versions up to 4.9.268 already. https://salsa.debian.org/kernel-team/linux/-/tree/stretch-security > BTW: I'd just like to acknowledge the request-for-help. I can't > promise any time right now, but this is on my radar :-) Thanks, I in particular need feedback on - the libcpupower1 question - the "tools/perf: pmu-events: Fix reproducibility" temporary disablement. I need to look to reneable the rt patchset and obvousliy in meanwhile rebase to 5.13 release candidates. Regards, Salvatore
