[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [xen-4.2-testing test] 24755: regressions - FAIL
flight 24755 xen-4.2-testing real [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/24755/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: build-amd64-oldkern 4 xen-build fail REGR. vs. 24699 Tests which did not succeed, but are not blocking: test-amd64-amd64-xl-pcipt-intel 9 guest-start fail never pass test-i386-i386-xl-qemut-winxpsp3 13 guest-stop fail never pass test-amd64-amd64-xl-winxpsp3 13 guest-stop fail never pass test-amd64-i386-xend-qemut-winxpsp3 16 leak-check/check fail never pass test-amd64-i386-xl-qemut-win7-amd64 13 guest-stop fail never pass test-amd64-i386-xl-qemuu-win7-amd64 13 guest-stop fail never pass test-amd64-i386-xl-qemut-winxpsp3-vcpus1 13 guest-stop fail never pass test-amd64-amd64-xl-qemuu-win7-amd64 13 guest-stop fail never pass test-amd64-i386-xl-winxpsp3-vcpus1 13 guest-stop fail never pass test-amd64-amd64-xl-win7-amd64 13 guest-stop fail never pass test-amd64-i386-xl-win7-amd64 13 guest-stop fail never pass test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 13 guest-stop fail never pass test-amd64-i386-xend-winxpsp3 16 leak-check/check fail never pass test-i386-i386-xl-qemuu-winxpsp3 13 guest-stop fail never pass test-amd64-amd64-xl-qemuu-winxpsp3 13 guest-stop fail never pass test-i386-i386-xl-winxpsp3 13 guest-stop fail never pass test-amd64-amd64-xl-qemut-win7-amd64 13 guest-stop fail never pass test-amd64-amd64-xl-qemut-winxpsp3 13 guest-stop fail never pass version targeted for testing: xen ae5d69f1c6d6cf5960e72d79ac0840eec1d75856 baseline version: xen 0037ec360b8792f966acc154e06ac9f627b00f9f ------------------------------------------------------------ People who touched revisions under test: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Jan Beulich <jbeulich@xxxxxxxx> Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Matthew Daley <mattd@xxxxxxxxxxx> ------------------------------------------------------------ jobs: build-amd64 pass build-i386 pass build-amd64-oldkern fail build-i386-oldkern pass build-amd64-pvops pass build-i386-pvops pass test-amd64-amd64-xl pass test-amd64-i386-xl pass test-i386-i386-xl pass test-amd64-i386-rhel6hvm-amd pass test-amd64-i386-qemut-rhel6hvm-amd pass test-amd64-i386-qemuu-rhel6hvm-amd pass test-amd64-i386-qemuu-freebsd10-amd64 pass test-amd64-amd64-xl-qemut-win7-amd64 fail test-amd64-i386-xl-qemut-win7-amd64 fail test-amd64-amd64-xl-qemuu-win7-amd64 fail test-amd64-i386-xl-qemuu-win7-amd64 fail test-amd64-amd64-xl-win7-amd64 fail test-amd64-i386-xl-win7-amd64 fail test-amd64-i386-xl-credit2 pass test-amd64-i386-qemuu-freebsd10-i386 pass test-amd64-amd64-xl-pcipt-intel fail test-amd64-i386-rhel6hvm-intel pass test-amd64-i386-qemut-rhel6hvm-intel pass test-amd64-i386-qemuu-rhel6hvm-intel pass test-amd64-i386-xl-multivcpu pass test-amd64-amd64-pair pass test-amd64-i386-pair pass test-i386-i386-pair pass test-amd64-amd64-xl-sedf-pin pass test-amd64-amd64-pv pass test-amd64-i386-pv pass test-i386-i386-pv pass test-amd64-amd64-xl-sedf pass test-amd64-i386-xl-qemut-winxpsp3-vcpus1 fail test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 fail test-amd64-i386-xl-winxpsp3-vcpus1 fail test-amd64-i386-xend-qemut-winxpsp3 fail test-amd64-amd64-xl-qemut-winxpsp3 fail test-i386-i386-xl-qemut-winxpsp3 fail test-amd64-amd64-xl-qemuu-winxpsp3 fail test-i386-i386-xl-qemuu-winxpsp3 fail test-amd64-i386-xend-winxpsp3 fail test-amd64-amd64-xl-winxpsp3 fail test-i386-i386-xl-winxpsp3 fail ------------------------------------------------------------ sg-report-flight on woking.cam.xci-test.com logs: /home/xc_osstest/logs images: /home/xc_osstest/images Logs, config files, etc. are available at http://www.chiark.greenend.org.uk/~xensrcts/logs Test harness code can be found at http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary Not pushing. ------------------------------------------------------------ commit ae5d69f1c6d6cf5960e72d79ac0840eec1d75856 Author: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Date: Thu Feb 6 17:39:17 2014 +0100 libvchan: Fix handling of invalid ring buffer indices The remote (hostile) process can set ring buffer indices to any value at any time. If that happens, it is possible to get "buffer space" (either for writing data, or ready for reading) negative or greater than buffer size. This will end up with buffer overflow in the second memcpy inside of do_send/do_recv. Fix this by introducing new available bytes accessor functions raw_get_data_ready and raw_get_buffer_space which are robust against mad ring states, and only return sanitised values. Proof sketch of correctness: Now {rd,wr}_{cons,prod} are only ever used in the raw available bytes functions, and in do_send and do_recv. The raw available bytes functions do unsigned arithmetic on the returned values. If the result is "negative" or too big it will be >ring_size (since we used unsigned arithmetic). Otherwise the result is a positive in-range value representing a reasonable ring state, in which case we can safely convert it to int (as the rest of the code expects). do_send and do_recv immediately mask the ring index value with the ring size. The result is always going to be plausible. If the ring state has become mad, the worst case is that our behaviour is inconsistent with the peer's ring pointer. I.e. we read or write to arguably-incorrect parts of the ring - but always parts of the ring. And of course if a peer misoperates the ring they can achieve this effect anyway. So the security problem is fixed. This is XSA-86. (The patch is essentially Ian Jackson's work, although parts of the commit message are by Marek.) Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> master commit: 2efcb0193bf3916c8ce34882e845f5ceb1e511f7 master date: 2014-02-06 16:44:41 +0100 commit 1d65af769af52199132df8ebacc0e7a52fd1f4ca Author: Matthew Daley <mattd@xxxxxxxxxxx> Date: Thu Feb 6 17:38:22 2014 +0100 xsm/flask: correct off-by-one in flask_security_avc_cachestats cpu id check This is XSA-85. Signed-off-by: Matthew Daley <mattd@xxxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: 2e1cba2da4631c5cd7218a8f30d521dce0f41370 master date: 2014-02-06 16:42:36 +0100 commit 6c6b5568e8d2342de1bb653eb70aee4615430db0 Author: Jan Beulich <jbeulich@xxxxxxxx> Date: Thu Feb 6 17:36:40 2014 +0100 flask: fix reading strings from guest memory Since the string size is being specified by the guest, we must range check it properly before doing allocations based on it. While for the two cases that are exposed only to trusted guests (via policy restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit gets enforced based on the longest name across all boolean settings. This is XSA-84. Reported-by: Matthew Daley <mattd@xxxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> master commit: 6c79e0ab9ac6042e60434c02e1d99b0cf0cc3470 master date: 2014-02-06 16:33:50 +0100 (qemu changes not included) _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |