* [xen-4.3-testing test] 24749: regressions - trouble: blocked/broken/fail/pass
@ 2014-02-07 0:32 xen.org
0 siblings, 0 replies; only message in thread
From: xen.org @ 2014-02-07 0:32 UTC (permalink / raw)
To: xen-devel; +Cc: ian.jackson
[-- Attachment #1: Type: text/plain, Size: 9563 bytes --]
flight 24749 xen-4.3-testing real [real]
http://www.chiark.greenend.org.uk/~xensrcts/logs/24749/
Regressions :-(
Tests which did not succeed and are blocking,
including tests which could not be run:
build-amd64-pvops 3 host-build-prep fail REGR. vs. 24716
Tests which did not succeed, but are not blocking:
test-amd64-amd64-xl-pcipt-intel 1 xen-build-check(1) blocked n/a
test-amd64-amd64-pv 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-sedf-pin 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-win7-amd64 13 guest-stop fail never pass
test-amd64-i386-xl-qemuu-win7-amd64 13 guest-stop fail never pass
test-amd64-amd64-xl-sedf 1 xen-build-check(1) blocked n/a
test-armhf-armhf-xl 5 xen-boot fail never pass
test-amd64-amd64-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-qemut-winxpsp3-vcpus1 13 guest-stop fail never pass
test-amd64-amd64-xl-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-amd64-pair 1 xen-build-check(1) blocked n/a
test-amd64-i386-xend-qemut-winxpsp3 16 leak-check/check fail never pass
test-amd64-amd64-xl-qemuu-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemut-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-i386-xend-winxpsp3 16 leak-check/check fail never pass
test-amd64-i386-xl-winxpsp3-vcpus1 13 guest-stop fail never pass
test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 13 guest-stop fail never pass
test-amd64-i386-xl-qemut-win7-amd64 13 guest-stop fail never pass
test-amd64-amd64-xl-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemut-winxpsp3 1 xen-build-check(1) blocked n/a
version targeted for testing:
xen d7c6be61836b0a4d996f82d3e7c7e50150996701
baseline version:
xen c450908dc9168c3f20787aab268fcc295feaed7d
------------------------------------------------------------
People who touched revisions under test:
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Ian Jackson <ian.jackson@eu.citrix.com>
Jan Beulich <jbeulich@suse.com>
Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Matthew Daley <mattd@bugfuzz.com>
------------------------------------------------------------
jobs:
build-amd64 pass
build-armhf pass
build-i386 pass
build-amd64-oldkern pass
build-i386-oldkern pass
build-amd64-pvops broken
build-armhf-pvops pass
build-i386-pvops pass
test-amd64-amd64-xl blocked
test-armhf-armhf-xl fail
test-amd64-i386-xl pass
test-amd64-i386-rhel6hvm-amd pass
test-amd64-i386-qemut-rhel6hvm-amd pass
test-amd64-i386-qemuu-rhel6hvm-amd pass
test-amd64-i386-freebsd10-amd64 pass
test-amd64-amd64-xl-qemut-win7-amd64 blocked
test-amd64-i386-xl-qemut-win7-amd64 fail
test-amd64-amd64-xl-qemuu-win7-amd64 blocked
test-amd64-i386-xl-qemuu-win7-amd64 fail
test-amd64-amd64-xl-win7-amd64 blocked
test-amd64-i386-xl-win7-amd64 fail
test-amd64-i386-xl-credit2 pass
test-amd64-i386-freebsd10-i386 pass
test-amd64-amd64-xl-pcipt-intel blocked
test-amd64-i386-rhel6hvm-intel pass
test-amd64-i386-qemut-rhel6hvm-intel pass
test-amd64-i386-qemuu-rhel6hvm-intel pass
test-amd64-i386-xl-multivcpu pass
test-amd64-amd64-pair blocked
test-amd64-i386-pair pass
test-amd64-amd64-xl-sedf-pin blocked
test-amd64-amd64-pv blocked
test-amd64-i386-pv pass
test-amd64-amd64-xl-sedf blocked
test-amd64-i386-xl-qemut-winxpsp3-vcpus1 fail
test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 fail
test-amd64-i386-xl-winxpsp3-vcpus1 fail
test-amd64-i386-xend-qemut-winxpsp3 fail
test-amd64-amd64-xl-qemut-winxpsp3 blocked
test-amd64-amd64-xl-qemuu-winxpsp3 blocked
test-amd64-i386-xend-winxpsp3 fail
test-amd64-amd64-xl-winxpsp3 blocked
------------------------------------------------------------
sg-report-flight on woking.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images
Logs, config files, etc. are available at
http://www.chiark.greenend.org.uk/~xensrcts/logs
Test harness code can be found at
http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary
Not pushing.
------------------------------------------------------------
commit d7c6be61836b0a4d996f82d3e7c7e50150996701
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Thu Feb 6 17:27:10 2014 +0100
libvchan: Fix handling of invalid ring buffer indices
The remote (hostile) process can set ring buffer indices to any value
at any time. If that happens, it is possible to get "buffer space"
(either for writing data, or ready for reading) negative or greater
than buffer size. This will end up with buffer overflow in the second
memcpy inside of do_send/do_recv.
Fix this by introducing new available bytes accessor functions
raw_get_data_ready and raw_get_buffer_space which are robust against
mad ring states, and only return sanitised values.
Proof sketch of correctness:
Now {rd,wr}_{cons,prod} are only ever used in the raw available bytes
functions, and in do_send and do_recv.
The raw available bytes functions do unsigned arithmetic on the
returned values. If the result is "negative" or too big it will be
>ring_size (since we used unsigned arithmetic). Otherwise the result
is a positive in-range value representing a reasonable ring state, in
which case we can safely convert it to int (as the rest of the code
expects).
do_send and do_recv immediately mask the ring index value with the
ring size. The result is always going to be plausible. If the ring
state has become mad, the worst case is that our behaviour is
inconsistent with the peer's ring pointer. I.e. we read or write to
arguably-incorrect parts of the ring - but always parts of the ring.
And of course if a peer misoperates the ring they can achieve this
effect anyway.
So the security problem is fixed.
This is XSA-86.
(The patch is essentially Ian Jackson's work, although parts of the
commit message are by Marek.)
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
master commit: 2efcb0193bf3916c8ce34882e845f5ceb1e511f7
master date: 2014-02-06 16:44:41 +0100
commit 11b3280cc0ce64b375492416a23aa6a15f45a796
Author: Matthew Daley <mattd@bugfuzz.com>
Date: Thu Feb 6 17:25:43 2014 +0100
xsm/flask: correct off-by-one in flask_security_avc_cachestats cpu id check
This is XSA-85.
Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
master commit: 2e1cba2da4631c5cd7218a8f30d521dce0f41370
master date: 2014-02-06 16:42:36 +0100
commit e9c5e56b4c17fd1ce28577df23cc53cc62c0d792
Author: Jan Beulich <jbeulich@suse.com>
Date: Thu Feb 6 17:21:16 2014 +0100
flask: fix reading strings from guest memory
Since the string size is being specified by the guest, we must range
check it properly before doing allocations based on it. While for the
two cases that are exposed only to trusted guests (via policy
restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for
the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit
gets enforced based on the longest name across all boolean settings.
This is XSA-84.
Reported-by: Matthew Daley <mattd@bugfuzz.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
master commit: 6c79e0ab9ac6042e60434c02e1d99b0cf0cc3470
master date: 2014-02-06 16:33:50 +0100
(qemu changes not included)
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-02-07 0:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-07 0:32 [xen-4.3-testing test] 24749: regressions - trouble: blocked/broken/fail/pass xen.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).