|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [xen-4.3-testing test] 24749: regressions - trouble: blocked/broken/fail/pass
flight 24749 xen-4.3-testing real [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/24749/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: build-amd64-pvops 3 host-build-prep fail REGR. vs. 24716 Tests which did not succeed, but are not blocking: test-amd64-amd64-xl-pcipt-intel 1 xen-build-check(1) blocked n/a test-amd64-amd64-pv 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-sedf-pin 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-win7-amd64 13 guest-stop fail never pass test-amd64-i386-xl-qemuu-win7-amd64 13 guest-stop fail never pass test-amd64-amd64-xl-sedf 1 xen-build-check(1) blocked n/a test-armhf-armhf-xl 5 xen-boot fail never pass test-amd64-amd64-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-qemut-winxpsp3-vcpus1 13 guest-stop fail never pass test-amd64-amd64-xl-winxpsp3 1 xen-build-check(1) blocked n/a test-amd64-amd64-pair 1 xen-build-check(1) blocked n/a test-amd64-i386-xend-qemut-winxpsp3 16 leak-check/check fail never pass test-amd64-amd64-xl-qemuu-win7-amd64 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-qemut-win7-amd64 1 xen-build-check(1) blocked n/a test-amd64-i386-xend-winxpsp3 16 leak-check/check fail never pass test-amd64-i386-xl-winxpsp3-vcpus1 13 guest-stop fail never pass test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 13 guest-stop fail never pass test-amd64-i386-xl-qemut-win7-amd64 13 guest-stop fail never pass test-amd64-amd64-xl-win7-amd64 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-qemut-winxpsp3 1 xen-build-check(1) blocked n/a version targeted for testing: xen d7c6be61836b0a4d996f82d3e7c7e50150996701 baseline version: xen c450908dc9168c3f20787aab268fcc295feaed7d ------------------------------------------------------------ People who touched revisions under test: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Jan Beulich <jbeulich@xxxxxxxx> Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Matthew Daley <mattd@xxxxxxxxxxx> ------------------------------------------------------------ jobs: build-amd64 pass build-armhf pass build-i386 pass build-amd64-oldkern pass build-i386-oldkern pass build-amd64-pvops broken build-armhf-pvops pass build-i386-pvops pass test-amd64-amd64-xl blocked test-armhf-armhf-xl fail test-amd64-i386-xl pass test-amd64-i386-rhel6hvm-amd pass test-amd64-i386-qemut-rhel6hvm-amd pass test-amd64-i386-qemuu-rhel6hvm-amd pass test-amd64-i386-freebsd10-amd64 pass test-amd64-amd64-xl-qemut-win7-amd64 blocked test-amd64-i386-xl-qemut-win7-amd64 fail test-amd64-amd64-xl-qemuu-win7-amd64 blocked test-amd64-i386-xl-qemuu-win7-amd64 fail test-amd64-amd64-xl-win7-amd64 blocked test-amd64-i386-xl-win7-amd64 fail test-amd64-i386-xl-credit2 pass test-amd64-i386-freebsd10-i386 pass test-amd64-amd64-xl-pcipt-intel blocked test-amd64-i386-rhel6hvm-intel pass test-amd64-i386-qemut-rhel6hvm-intel pass test-amd64-i386-qemuu-rhel6hvm-intel pass test-amd64-i386-xl-multivcpu pass test-amd64-amd64-pair blocked test-amd64-i386-pair pass test-amd64-amd64-xl-sedf-pin blocked test-amd64-amd64-pv blocked test-amd64-i386-pv pass test-amd64-amd64-xl-sedf blocked test-amd64-i386-xl-qemut-winxpsp3-vcpus1 fail test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 fail test-amd64-i386-xl-winxpsp3-vcpus1 fail test-amd64-i386-xend-qemut-winxpsp3 fail test-amd64-amd64-xl-qemut-winxpsp3 blocked test-amd64-amd64-xl-qemuu-winxpsp3 blocked test-amd64-i386-xend-winxpsp3 fail test-amd64-amd64-xl-winxpsp3 blocked ------------------------------------------------------------ sg-report-flight on woking.cam.xci-test.com logs: /home/xc_osstest/logs images: /home/xc_osstest/images Logs, config files, etc. are available at http://www.chiark.greenend.org.uk/~xensrcts/logs Test harness code can be found at http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary Not pushing. ------------------------------------------------------------ commit d7c6be61836b0a4d996f82d3e7c7e50150996701 Author: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Date: Thu Feb 6 17:27:10 2014 +0100 libvchan: Fix handling of invalid ring buffer indices The remote (hostile) process can set ring buffer indices to any value at any time. If that happens, it is possible to get "buffer space" (either for writing data, or ready for reading) negative or greater than buffer size. This will end up with buffer overflow in the second memcpy inside of do_send/do_recv. Fix this by introducing new available bytes accessor functions raw_get_data_ready and raw_get_buffer_space which are robust against mad ring states, and only return sanitised values. Proof sketch of correctness: Now {rd,wr}_{cons,prod} are only ever used in the raw available bytes functions, and in do_send and do_recv. The raw available bytes functions do unsigned arithmetic on the returned values. If the result is "negative" or too big it will be >ring_size (since we used unsigned arithmetic). Otherwise the result is a positive in-range value representing a reasonable ring state, in which case we can safely convert it to int (as the rest of the code expects). do_send and do_recv immediately mask the ring index value with the ring size. The result is always going to be plausible. If the ring state has become mad, the worst case is that our behaviour is inconsistent with the peer's ring pointer. I.e. we read or write to arguably-incorrect parts of the ring - but always parts of the ring. And of course if a peer misoperates the ring they can achieve this effect anyway. So the security problem is fixed. This is XSA-86. (The patch is essentially Ian Jackson's work, although parts of the commit message are by Marek.) Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> master commit: 2efcb0193bf3916c8ce34882e845f5ceb1e511f7 master date: 2014-02-06 16:44:41 +0100 commit 11b3280cc0ce64b375492416a23aa6a15f45a796 Author: Matthew Daley <mattd@xxxxxxxxxxx> Date: Thu Feb 6 17:25:43 2014 +0100 xsm/flask: correct off-by-one in flask_security_avc_cachestats cpu id check This is XSA-85. Signed-off-by: Matthew Daley <mattd@xxxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: 2e1cba2da4631c5cd7218a8f30d521dce0f41370 master date: 2014-02-06 16:42:36 +0100 commit e9c5e56b4c17fd1ce28577df23cc53cc62c0d792 Author: Jan Beulich <jbeulich@xxxxxxxx> Date: Thu Feb 6 17:21:16 2014 +0100 flask: fix reading strings from guest memory Since the string size is being specified by the guest, we must range check it properly before doing allocations based on it. While for the two cases that are exposed only to trusted guests (via policy restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit gets enforced based on the longest name across all boolean settings. This is XSA-84. Reported-by: Matthew Daley <mattd@xxxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> master commit: 6c79e0ab9ac6042e60434c02e1d99b0cf0cc3470 master date: 2014-02-06 16:33:50 +0100 (qemu changes not included) _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |