[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [xen-4.2-testing test] 24775: regressions - FAIL

flight 24775 xen-4.2-testing real [real]

Regressions :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 build-amd64-oldkern           4 xen-build        fail in 24755 REGR. vs. 24699

Tests which are failing intermittently (not blocking):
 test-amd64-i386-rhel6hvm-intel  7 redhat-install            fail pass in 24755
 test-amd64-amd64-xl-qemut-win7-amd64 12 guest-localmigrate/x10 fail pass in 

Tests which did not succeed, but are not blocking:
 test-amd64-amd64-xl-pcipt-intel  9 guest-start                 fail never pass
 test-amd64-amd64-xl-winxpsp3 13 guest-stop                   fail   never pass
 test-amd64-i386-xend-qemut-winxpsp3 16 leak-check/check        fail never pass
 test-amd64-i386-xl-qemut-winxpsp3-vcpus1 13 guest-stop         fail never pass
 test-amd64-i386-xl-qemuu-win7-amd64 13 guest-stop              fail never pass
 test-amd64-amd64-xl-qemuu-win7-amd64 13 guest-stop             fail never pass
 test-i386-i386-xl-qemut-winxpsp3 13 guest-stop                 fail never pass
 test-amd64-i386-xl-qemut-win7-amd64 13 guest-stop              fail never pass
 test-amd64-amd64-xl-win7-amd64 13 guest-stop                   fail never pass
 test-amd64-i386-xl-win7-amd64 13 guest-stop                   fail  never pass
 test-amd64-i386-xl-winxpsp3-vcpus1 13 guest-stop               fail never pass
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 13 guest-stop         fail never pass
 test-amd64-i386-xend-winxpsp3 16 leak-check/check             fail  never pass
 test-i386-i386-xl-qemuu-winxpsp3 13 guest-stop                 fail never pass
 test-amd64-amd64-xl-qemuu-winxpsp3 13 guest-stop               fail never pass
 test-i386-i386-xl-winxpsp3   13 guest-stop                   fail   never pass
 test-amd64-amd64-xl-qemut-winxpsp3 13 guest-stop               fail never pass
 test-amd64-amd64-xl-qemut-win7-amd64 13 guest-stop    fail in 24755 never pass

version targeted for testing:
 xen                  ae5d69f1c6d6cf5960e72d79ac0840eec1d75856
baseline version:
 xen                  0037ec360b8792f966acc154e06ac9f627b00f9f

People who touched revisions under test:
  Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
  Jan Beulich <jbeulich@xxxxxxxx>
  Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
  Matthew Daley <mattd@xxxxxxxxxxx>

 build-amd64                                                  pass    
 build-i386                                                   pass    
 build-amd64-oldkern                                          pass    
 build-i386-oldkern                                           pass    
 build-amd64-pvops                                            pass    
 build-i386-pvops                                             pass    
 test-amd64-amd64-xl                                          pass    
 test-amd64-i386-xl                                           pass    
 test-i386-i386-xl                                            pass    
 test-amd64-i386-rhel6hvm-amd                                 pass    
 test-amd64-i386-qemut-rhel6hvm-amd                           pass    
 test-amd64-i386-qemuu-rhel6hvm-amd                           pass    
 test-amd64-i386-qemuu-freebsd10-amd64                        pass    
 test-amd64-amd64-xl-qemut-win7-amd64                         fail    
 test-amd64-i386-xl-qemut-win7-amd64                          fail    
 test-amd64-amd64-xl-qemuu-win7-amd64                         fail    
 test-amd64-i386-xl-qemuu-win7-amd64                          fail    
 test-amd64-amd64-xl-win7-amd64                               fail    
 test-amd64-i386-xl-win7-amd64                                fail    
 test-amd64-i386-xl-credit2                                   pass    
 test-amd64-i386-qemuu-freebsd10-i386                         pass    
 test-amd64-amd64-xl-pcipt-intel                              fail    
 test-amd64-i386-rhel6hvm-intel                               fail    
 test-amd64-i386-qemut-rhel6hvm-intel                         pass    
 test-amd64-i386-qemuu-rhel6hvm-intel                         pass    
 test-amd64-i386-xl-multivcpu                                 pass    
 test-amd64-amd64-pair                                        pass    
 test-amd64-i386-pair                                         pass    
 test-i386-i386-pair                                          pass    
 test-amd64-amd64-xl-sedf-pin                                 pass    
 test-amd64-amd64-pv                                          pass    
 test-amd64-i386-pv                                           pass    
 test-i386-i386-pv                                            pass    
 test-amd64-amd64-xl-sedf                                     pass    
 test-amd64-i386-xl-qemut-winxpsp3-vcpus1                     fail    
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1                     fail    
 test-amd64-i386-xl-winxpsp3-vcpus1                           fail    
 test-amd64-i386-xend-qemut-winxpsp3                          fail    
 test-amd64-amd64-xl-qemut-winxpsp3                           fail    
 test-i386-i386-xl-qemut-winxpsp3                             fail    
 test-amd64-amd64-xl-qemuu-winxpsp3                           fail    
 test-i386-i386-xl-qemuu-winxpsp3                             fail    
 test-amd64-i386-xend-winxpsp3                                fail    
 test-amd64-amd64-xl-winxpsp3                                 fail    
 test-i386-i386-xl-winxpsp3                                   fail    

sg-report-flight on woking.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images

Logs, config files, etc. are available at

Test harness code can be found at

Not pushing.

commit ae5d69f1c6d6cf5960e72d79ac0840eec1d75856
Author: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Date:   Thu Feb 6 17:39:17 2014 +0100

    libvchan: Fix handling of invalid ring buffer indices
    The remote (hostile) process can set ring buffer indices to any value
    at any time. If that happens, it is possible to get "buffer space"
    (either for writing data, or ready for reading) negative or greater
    than buffer size.  This will end up with buffer overflow in the second
    memcpy inside of do_send/do_recv.
    Fix this by introducing new available bytes accessor functions
    raw_get_data_ready and raw_get_buffer_space which are robust against
    mad ring states, and only return sanitised values.
    Proof sketch of correctness:
    Now {rd,wr}_{cons,prod} are only ever used in the raw available bytes
    functions, and in do_send and do_recv.
    The raw available bytes functions do unsigned arithmetic on the
    returned values.  If the result is "negative" or too big it will be
    >ring_size (since we used unsigned arithmetic).  Otherwise the result
    is a positive in-range value representing a reasonable ring state, in
    which case we can safely convert it to int (as the rest of the code
    do_send and do_recv immediately mask the ring index value with the
    ring size.  The result is always going to be plausible.  If the ring
    state has become mad, the worst case is that our behaviour is
    inconsistent with the peer's ring pointer.  I.e. we read or write to
    arguably-incorrect parts of the ring - but always parts of the ring.
    And of course if a peer misoperates the ring they can achieve this
    effect anyway.
    So the security problem is fixed.
    This is XSA-86.
    (The patch is essentially Ian Jackson's work, although parts of the
    commit message are by Marek.)
    Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
    master commit: 2efcb0193bf3916c8ce34882e845f5ceb1e511f7
    master date: 2014-02-06 16:44:41 +0100

commit 1d65af769af52199132df8ebacc0e7a52fd1f4ca
Author: Matthew Daley <mattd@xxxxxxxxxxx>
Date:   Thu Feb 6 17:38:22 2014 +0100

    xsm/flask: correct off-by-one in flask_security_avc_cachestats cpu id check
    This is XSA-85.
    Signed-off-by: Matthew Daley <mattd@xxxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
    master commit: 2e1cba2da4631c5cd7218a8f30d521dce0f41370
    master date: 2014-02-06 16:42:36 +0100

commit 6c6b5568e8d2342de1bb653eb70aee4615430db0
Author: Jan Beulich <jbeulich@xxxxxxxx>
Date:   Thu Feb 6 17:36:40 2014 +0100

    flask: fix reading strings from guest memory
    Since the string size is being specified by the guest, we must range
    check it properly before doing allocations based on it. While for the
    two cases that are exposed only to trusted guests (via policy
    restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for
    the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit
    gets enforced based on the longest name across all boolean settings.
    This is XSA-84.
    Reported-by: Matthew Daley <mattd@xxxxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
    master commit: 6c79e0ab9ac6042e60434c02e1d99b0cf0cc3470
    master date: 2014-02-06 16:33:50 +0100
(qemu changes not included)

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.