[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [xen-4.4-testing baseline-only test] 38236: tolerable FAIL
This run is configured for baseline tests only. flight 38236 xen-4.4-testing real [real] http://osstest.xs.citrite.net/~osstest/testlogs/logs/38236/ Failures :-/ but no regressions. Tests which did not succeed, but are not blocking: test-amd64-i386-rumpuserxen-i386 1 build-check(1) blocked n/a test-amd64-amd64-rumpuserxen-amd64 1 build-check(1) blocked n/a build-i386-rumpuserxen 6 xen-build fail never pass test-armhf-armhf-libvirt-raw 9 debian-di-install fail never pass test-armhf-armhf-libvirt 11 guest-start fail never pass test-armhf-armhf-xl-vhd 9 debian-di-install fail never pass test-armhf-armhf-libvirt-qcow2 9 debian-di-install fail never pass build-amd64-rumpuserxen 6 xen-build fail never pass test-armhf-armhf-xl-multivcpu 13 saverestore-support-check fail never pass test-armhf-armhf-xl-multivcpu 12 migrate-support-check fail never pass test-armhf-armhf-xl-credit2 12 migrate-support-check fail never pass test-armhf-armhf-xl-credit2 13 saverestore-support-check fail never pass test-armhf-armhf-xl 13 saverestore-support-check fail never pass test-armhf-armhf-xl 12 migrate-support-check fail never pass test-armhf-armhf-xl-midway 12 migrate-support-check fail never pass test-armhf-armhf-xl-midway 13 saverestore-support-check fail never pass test-amd64-amd64-libvirt 12 migrate-support-check fail never pass test-amd64-i386-libvirt 12 migrate-support-check fail never pass test-amd64-amd64-libvirt-vhd 11 migrate-support-check fail never pass test-amd64-amd64-xl-qemuu-win7-amd64 17 guest-stop fail never pass test-amd64-i386-xl-qemut-win7-amd64 17 guest-stop fail never pass test-amd64-i386-xl-qemuu-win7-amd64 17 guest-stop fail never pass test-amd64-amd64-xl-qemut-win7-amd64 17 guest-stop fail never pass test-amd64-i386-xend-qemut-winxpsp3 21 leak-check/check fail never pass version targeted for testing: xen 73b70e3c5d59e63126c890068ee0cbf8a2a3b640 baseline version: xen e321898a39222ad1feef352d65f71cef362b4a16 Last test of basis 38198 2015-10-22 13:55:20 Z 10 days Testing same since 38236 2015-11-01 15:50:10 Z 0 days 1 attempts ------------------------------------------------------------ People who touched revisions under test: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Ian Campbell <ian.campbell@xxxxxxxxxx> Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Jan Beulich <jbeulich@xxxxxxxx> Julien Grall <julien.grall@xxxxxxxxxx> jobs: build-amd64-xend pass build-i386-xend pass build-amd64 pass build-armhf pass build-i386 pass build-amd64-libvirt pass build-armhf-libvirt pass build-i386-libvirt pass build-amd64-prev pass build-i386-prev pass build-amd64-pvops pass build-armhf-pvops pass build-i386-pvops pass build-amd64-rumpuserxen fail build-i386-rumpuserxen fail test-amd64-amd64-xl pass test-armhf-armhf-xl pass test-amd64-i386-xl pass test-amd64-i386-qemut-rhel6hvm-amd pass test-amd64-i386-qemuu-rhel6hvm-amd pass test-amd64-amd64-xl-qemut-debianhvm-amd64 pass test-amd64-i386-xl-qemut-debianhvm-amd64 pass test-amd64-amd64-xl-qemuu-debianhvm-amd64 pass test-amd64-i386-xl-qemuu-debianhvm-amd64 pass test-amd64-i386-freebsd10-amd64 pass test-amd64-amd64-xl-qemuu-ovmf-amd64 pass test-amd64-i386-xl-qemuu-ovmf-amd64 pass test-amd64-amd64-rumpuserxen-amd64 blocked test-amd64-amd64-xl-qemut-win7-amd64 fail test-amd64-i386-xl-qemut-win7-amd64 fail test-amd64-amd64-xl-qemuu-win7-amd64 fail test-amd64-i386-xl-qemuu-win7-amd64 fail test-amd64-amd64-xl-credit2 pass test-armhf-armhf-xl-credit2 pass test-amd64-i386-freebsd10-i386 pass test-amd64-i386-rumpuserxen-i386 blocked test-amd64-i386-qemut-rhel6hvm-intel pass test-amd64-i386-qemuu-rhel6hvm-intel pass test-amd64-amd64-libvirt pass test-armhf-armhf-libvirt fail test-amd64-i386-libvirt pass test-armhf-armhf-xl-midway pass test-amd64-amd64-migrupgrade pass test-amd64-i386-migrupgrade pass test-amd64-amd64-xl-multivcpu pass test-armhf-armhf-xl-multivcpu pass test-amd64-amd64-pair pass test-amd64-i386-pair pass test-amd64-amd64-libvirt-pair pass test-amd64-i386-libvirt-pair pass test-amd64-amd64-pv pass test-amd64-i386-pv pass test-amd64-amd64-amd64-pvgrub pass test-amd64-amd64-i386-pvgrub pass test-amd64-amd64-pygrub pass test-armhf-armhf-libvirt-qcow2 fail test-amd64-amd64-xl-qcow2 pass test-armhf-armhf-libvirt-raw fail test-amd64-i386-xl-raw pass test-amd64-i386-xl-qemut-winxpsp3-vcpus1 pass test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 pass test-amd64-amd64-libvirt-vhd pass test-armhf-armhf-xl-vhd fail test-amd64-i386-xend-qemut-winxpsp3 fail test-amd64-amd64-xl-qemut-winxpsp3 pass test-amd64-amd64-xl-qemuu-winxpsp3 pass ------------------------------------------------------------ sg-report-flight on osstest.xs.citrite.net logs: /home/osstest/logs images: /home/osstest/images Logs, config files, etc. are available at http://osstest.xs.citrite.net/~osstest/testlogs/logs Test harness code can be found at http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary Push not applicable. ------------------------------------------------------------ commit 73b70e3c5d59e63126c890068ee0cbf8a2a3b640 Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Date: Wed Oct 21 16:18:30 2015 +0100 libxl: adjust PoD target by memory fudge, too PoD guests need to balloon at least as far as required by PoD, or risk crashing. Currently they don't necessarily know what the right value is, because our memory accounting is (at the very least) confusing. Apply the memory limit fudge factor to the in-hypervisor PoD memory target, too. This will increase the size of the guest's PoD cache by the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures that even with a slightly-off balloon driver, the guest will be stable even under memory pressure. There are two call sites of xc_domain_set_pod_target that need fixing: The one in libxl_set_memory_target is straightforward. The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply setting the PoD target differently does not work because the various amounts of memory during domain construction no longer match up. Instead, we adjust the guest memory target in xenstore (but only for PoD guests). This introduces a 1Mby discrepancy between the balloon target of a PoD guest at boot, and the target set by an apparently-equivalent `xl mem-set' (or similar) later. This approach is low-risk for a security fix but we need to fix this up properly in xen.git#staging and probably also in stable trees. This is XSA-153. Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> (cherry picked from commit 56fb5fd62320eb40a7517206f9706aa9188d6f7b) (cherry picked from commit 423d2cd814e8460d5ea8bd191a770f3c48b3947c) Conflicts: tools/libxl/libxl_dom.c Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> commit 0613780df68c4a35a0bde1584daea0697666ef01 Author: Jan Beulich <jbeulich@xxxxxxxx> Date: Thu Oct 29 14:15:22 2015 +0100 x86: rate-limit logging in do_xen{oprof,pmu}_op() Some of the sub-ops are acessible to all guests, and hence should be rate-limited. In the xenoprof case, just like for XSA-146, include them only in debug builds. Since the vPMU code is rather new, allow them to be always present, but downgrade them to (rate limited) guest messages. This is CVE-2015-7971 / XSA-152. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: 95e7415843b94c346e5ba8682665f508f220e04b master date: 2015-10-29 13:37:19 +0100 commit 76782e03f49d0ac79451db92a11877d2add8e811 Author: Jan Beulich <jbeulich@xxxxxxxx> Date: Thu Oct 29 14:14:55 2015 +0100 xenoprof: free domain's vcpu array This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per guest"). This is CVE-2015-7969 / XSA-151. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: 6e97c4b37386c2d09e09e9b5d5d232e37728b960 master date: 2015-10-29 13:36:52 +0100 commit 3638ff0e711e1a2bcb1ad8f3706d5ea079a54e79 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Oct 29 14:14:30 2015 +0100 x86/PoD: Eager sweep for zeroed pages Based on the contents of a guests physical address space, p2m_pod_emergency_sweep() could degrade into a linear memcmp() from 0 to max_gfn, which runs non-preemptibly. As p2m_pod_emergency_sweep() runs behind the scenes in a number of contexts, making it preemptible is not feasible. Instead, a different approach is taken. Recently-populated pages are eagerly checked for reclaimation, which amortises the p2m_pod_emergency_sweep() operation across each p2m_pod_demand_populate() operation. Note that in the case that a 2M superpage can't be reclaimed as a superpage, it is shattered if 4K pages of zeros can be reclaimed. This is unfortunate but matches the previous behaviour, and is required to avoid regressions (domain crash from PoD exhaustion) with VMs configured close to the limit. This is CVE-2015-7970 / XSA-150. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> master commit: 101ce53266866144e724ed593173bc4098b300b9 master date: 2015-10-29 13:36:25 +0100 commit 63c4744f4eef34af1cd77a2abb3edaf46c0d9fd1 Author: Jan Beulich <jbeulich@xxxxxxxx> Date: Thu Oct 29 14:13:30 2015 +0100 free domain's vcpu array This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per guest"). This is CVE-2015-7969 / XSA-149. Reported-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> commit 477bc9b11964414aa6f6bf3733c6868c712fb5f1 Author: Ian Campbell <ian.campbell@xxxxxxxxxx> Date: Thu Oct 29 14:09:45 2015 +0100 xen: common: Use unbounded array for symbols_offset. Using a singleton array causes gcc5 to report: symbols.c: In function 'symbols_lookup': symbols.c:128:359: error: array subscript is above array bounds [-Werror=array-bounds] symbols.c:136:176: error: array subscript is above array bounds [-Werror=array-bounds] Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 3f82ea62826d4eb06002d8dba475bafcc454b845 master date: 2015-03-20 12:02:03 +0000 commit a6646a52fd7aad00c6d50668f7ae362288ec9a98 Author: Jan Beulich <jbeulich@xxxxxxxx> Date: Thu Oct 29 14:07:01 2015 +0100 x86: guard against undue super page PTE creation When optional super page support got added (commit bd1cd81d64 "x86: PV support for hugepages"), two adjustments were missed: mod_l2_entry() needs to consider the PSE and RW bits when deciding whether to use the fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK unconditionally. This is CVE-2015-7835 / XSA-148. Reported-by: "æ ¾å°?è?ª(好é£?)" <shangcong.lsc@xxxxxxxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Tim Deegan <tim@xxxxxxx> master commit: fe360c90ea13f309ef78810f1a2b92f2ae3b30b8 master date: 2015-10-29 13:35:07 +0100 commit d889704e1bc0b2d6b2b92adc2c54ac5db17f51ea Author: Ian Campbell <ian.campbell@xxxxxxxxxx> Date: Thu Oct 29 14:06:35 2015 +0100 arm: handle races between relinquish_memory and free_domheap_pages Primarily this means XENMEM_decrease_reservation from a toolstack domain. Unlike x86 we have no requirement right now to queue such pages onto a separate list, if we hit this race then the other code has already fully accepted responsibility for freeing this page and therefore there is no more for relinquish_memory to do. This is CVE-2015-7814 / XSA-147. Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Reviewed-by: Julien Grall <julien.grall@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 1ef01396fdff88b1c3331a09ca5c69619b90f4ea master date: 2015-10-29 13:34:17 +0100 commit e6e24d73697dd127a31554c88d3d66bda5c89ee6 Author: Ian Campbell <ian.campbell@xxxxxxxxxx> Date: Thu Oct 29 14:05:25 2015 +0100 arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. These are guest accessible and should therefore be rate-limited. Moreover, include them only in debug builds. This is CVE-2015-7813 / XSA-146. Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 1c0e59ff15764e7b0c59282365974f5b8924ce83 master date: 2015-10-29 13:33:38 +0100 commit 16486fc03070f678e3a5266ca53907e2862e9e6b Author: Julien Grall <julien.grall@xxxxxxxxxx> Date: Thu Oct 29 14:05:07 2015 +0100 arm: Support hypercall_create_continuation for multicall Multicall for ARM has been supported since commit f0dbdc6 "xen: arm: fully implement multicall interface.". Although, if an hypercall in multicall requires preemption, it will crash the host: (XEN) Xen BUG at domain.c:347 (XEN) ----[ Xen-4.7-unstable arm64 debug=y Tainted: C ]---- [...] (XEN) Xen call trace: (XEN) [<00000000002420cc>] hypercall_create_continuation+0x64/0x380 (PC) (XEN) [<0000000000217274>] do_memory_op+0x1b00/0x2334 (LR) (XEN) [<0000000000250d2c>] do_multicall_call+0x114/0x124 (XEN) [<0000000000217ff0>] do_multicall+0x17c/0x23c (XEN) [<000000000024f97c>] do_trap_hypercall+0x90/0x12c (XEN) [<0000000000251ca8>] do_trap_hypervisor+0xd2c/0x1ba4 (XEN) [<00000000002582cc>] guest_sync+0x88/0xb8 (XEN) (XEN) (XEN) **************************************** (XEN) Panic on CPU 5: (XEN) Xen BUG at domain.c:347 (XEN) **************************************** (XEN) (XEN) Manual reset required ('noreboot' specified) Looking to the code, the support of multicall looks valid to me, as we only need to fill call.args[...]. So drop the BUG(); This is CVE-2015-7812 / XSA-145. Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: 29bcf64ce8bc0b1b7aacd00c8668f255c4f0686c master date: 2015-10-29 13:31:10 +0100 ======================================== _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |