|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [qemu-mainline test] 116627: regressions - FAIL
flight 116627 qemu-mainline real [real] http://logs.test-lab.xenproject.org/osstest/logs/116627/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: test-armhf-armhf-xl-xsm 6 xen-install fail REGR. vs. 116533 Tests which did not succeed, but are not blocking: test-armhf-armhf-libvirt 14 saverestore-support-check fail like 116533 test-armhf-armhf-libvirt-xsm 14 saverestore-support-check fail like 116533 test-amd64-amd64-xl-qemuu-ws16-amd64 17 guest-stop fail like 116533 test-armhf-armhf-libvirt-raw 13 saverestore-support-check fail like 116533 test-amd64-amd64-xl-qemuu-win7-amd64 17 guest-stop fail like 116533 test-amd64-i386-xl-qemuu-win7-amd64 17 guest-stop fail like 116533 test-amd64-amd64-xl-pvhv2-intel 12 guest-start fail never pass test-amd64-i386-libvirt 13 migrate-support-check fail never pass test-amd64-i386-libvirt-xsm 13 migrate-support-check fail never pass test-amd64-amd64-libvirt-xsm 13 migrate-support-check fail never pass test-amd64-amd64-libvirt 13 migrate-support-check fail never pass test-amd64-amd64-xl-pvhv2-amd 12 guest-start fail never pass test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 11 migrate-support-check fail never pass test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 11 migrate-support-check fail never pass test-amd64-i386-libvirt-qcow2 12 migrate-support-check fail never pass test-amd64-amd64-libvirt-vhd 12 migrate-support-check fail never pass test-armhf-armhf-xl-arndale 13 migrate-support-check fail never pass test-armhf-armhf-xl-arndale 14 saverestore-support-check fail never pass test-amd64-amd64-qemuu-nested-amd 17 debian-hvm-install/l1/l2 fail never pass test-armhf-armhf-libvirt 13 migrate-support-check fail never pass test-armhf-armhf-libvirt-xsm 13 migrate-support-check fail never pass test-armhf-armhf-xl-rtds 13 migrate-support-check fail never pass test-armhf-armhf-xl-rtds 14 saverestore-support-check fail never pass test-armhf-armhf-xl-credit2 13 migrate-support-check fail never pass test-armhf-armhf-xl-credit2 14 saverestore-support-check fail never pass test-armhf-armhf-xl-multivcpu 13 migrate-support-check fail never pass test-armhf-armhf-xl-multivcpu 14 saverestore-support-check fail never pass test-armhf-armhf-xl-cubietruck 13 migrate-support-check fail never pass test-armhf-armhf-xl-cubietruck 14 saverestore-support-check fail never pass test-armhf-armhf-libvirt-raw 12 migrate-support-check fail never pass test-armhf-armhf-xl 13 migrate-support-check fail never pass test-armhf-armhf-xl 14 saverestore-support-check fail never pass test-amd64-i386-xl-qemuu-ws16-amd64 17 guest-stop fail never pass test-armhf-armhf-xl-vhd 12 migrate-support-check fail never pass test-armhf-armhf-xl-vhd 13 saverestore-support-check fail never pass test-amd64-i386-xl-qemuu-win10-i386 10 windows-install fail never pass test-amd64-amd64-xl-qemuu-win10-i386 10 windows-install fail never pass version targeted for testing: qemuu 844496f3e55a2155200fdcf7f6320acef03d4e9f baseline version: qemuu e7b47c22e2df14d55e3e4426688c929bf8e3f7fb Last test of basis 116533 2017-11-25 17:34:19 Z 4 days Failing since 116583 2017-11-27 13:48:20 Z 2 days 4 attempts Testing same since 116627 2017-11-28 14:24:47 Z 1 days 1 attempts ------------------------------------------------------------ People who touched revisions under test: Daniel P. Berrange <berrange@xxxxxxxxxx> David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> Eric Blake <eblake@xxxxxxxxxx> Jason Wang <jasowang@xxxxxxxxxx> Peter Maydell <peter.maydell@xxxxxxxxxx> Suraj Jitindar Singh <sjitindarsingh@xxxxxxxxx> jobs: build-amd64-xsm pass build-armhf-xsm pass build-i386-xsm pass build-amd64 pass build-armhf pass build-i386 pass build-amd64-libvirt pass build-armhf-libvirt pass build-i386-libvirt pass build-amd64-pvops pass build-armhf-pvops pass build-i386-pvops pass test-amd64-amd64-xl pass test-armhf-armhf-xl pass test-amd64-i386-xl pass test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm pass test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm pass test-amd64-amd64-xl-qemuu-debianhvm-amd64-xsm pass test-amd64-i386-xl-qemuu-debianhvm-amd64-xsm pass test-amd64-amd64-libvirt-xsm pass test-armhf-armhf-libvirt-xsm pass test-amd64-i386-libvirt-xsm pass test-amd64-amd64-xl-xsm pass test-armhf-armhf-xl-xsm fail test-amd64-i386-xl-xsm pass test-amd64-amd64-qemuu-nested-amd fail test-amd64-amd64-xl-pvhv2-amd fail test-amd64-i386-qemuu-rhel6hvm-amd pass test-amd64-amd64-xl-qemuu-debianhvm-amd64 pass test-amd64-i386-xl-qemuu-debianhvm-amd64 pass test-amd64-i386-freebsd10-amd64 pass test-amd64-amd64-xl-qemuu-ovmf-amd64 pass test-amd64-i386-xl-qemuu-ovmf-amd64 pass test-amd64-amd64-xl-qemuu-win7-amd64 fail test-amd64-i386-xl-qemuu-win7-amd64 fail test-amd64-amd64-xl-qemuu-ws16-amd64 fail test-amd64-i386-xl-qemuu-ws16-amd64 fail test-armhf-armhf-xl-arndale pass test-amd64-amd64-xl-credit2 pass test-armhf-armhf-xl-credit2 pass test-armhf-armhf-xl-cubietruck pass test-amd64-i386-freebsd10-i386 pass test-amd64-amd64-xl-qemuu-win10-i386 fail test-amd64-i386-xl-qemuu-win10-i386 fail test-amd64-amd64-qemuu-nested-intel pass test-amd64-amd64-xl-pvhv2-intel fail test-amd64-i386-qemuu-rhel6hvm-intel pass test-amd64-amd64-libvirt pass test-armhf-armhf-libvirt pass test-amd64-i386-libvirt pass test-amd64-amd64-xl-multivcpu pass test-armhf-armhf-xl-multivcpu pass test-amd64-amd64-pair pass test-amd64-i386-pair pass test-amd64-amd64-libvirt-pair pass test-amd64-i386-libvirt-pair pass test-amd64-amd64-amd64-pvgrub pass test-amd64-amd64-i386-pvgrub pass test-amd64-amd64-pygrub pass test-amd64-i386-libvirt-qcow2 pass test-amd64-amd64-xl-qcow2 pass test-armhf-armhf-libvirt-raw pass test-amd64-i386-xl-raw pass test-amd64-amd64-xl-rtds pass test-armhf-armhf-xl-rtds pass test-amd64-amd64-libvirt-vhd pass test-armhf-armhf-xl-vhd pass ------------------------------------------------------------ sg-report-flight on osstest.test-lab.xenproject.org logs: /home/logs/logs images: /home/logs/images Logs, config files, etc. are available at http://logs.test-lab.xenproject.org/osstest/logs Explanation of these reports, and of osstest in general, is at http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master Test harness code can be found at http://xenbits.xen.org/gitweb?p=osstest.git;a=summary Not pushing. ------------------------------------------------------------ commit 844496f3e55a2155200fdcf7f6320acef03d4e9f Merge: a914f04 51ae4f8 Author: Peter Maydell <peter.maydell@xxxxxxxxxx> Date: Tue Nov 28 13:12:48 2017 +0000 Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-11-28' into staging nbd patches for 2017-11-28 Eric Blake - 0/2 fix two NBD server CVEs # gpg: Signature made Tue 28 Nov 2017 12:58:29 GMT # gpg: using RSA key 0xA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@xxxxxxxxxx>" # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@xxxxxxx>" # gpg: aka "[jpeg image of size 6874]" # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2017-11-28: nbd/server: CVE-2017-15118 Stack smash on large export name nbd/server: CVE-2017-15119 Reject options larger than 32M Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx> commit 51ae4f8455c9e32c54770c4ebc25bf86a8128183 Author: Eric Blake <eblake@xxxxxxxxxx> Date: Wed Nov 22 15:07:22 2017 -0600 nbd/server: CVE-2017-15118 Stack smash on large export name Introduced in commit f37708f6b8 (2.10). The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and fails to filter out a client that probes for a longer name; the result is a stack smash that can potentially give an attacker arbitrary control over the qemu process. The smash can be easily demonstrated with this client: $ qemu-io f raw nbd://localhost:10809/$(printf %3000d 1 | tr ' ' a) If the qemu NBD server binary (whether the standalone qemu-nbd, or the builtin server of QMP nbd-server-start) was compiled with -fstack-protector-strong, the ability to exploit the stack smash into arbitrary execution is a lot more difficult (but still theoretically possible to a determined attacker, perhaps in combination with other CVEs). Still, crashing a running qemu (and losing the VM) is bad enough, even if the attacker did not obtain full execution control. CC: qemu-stable@xxxxxxxxxx Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> commit fdad35ef6c5839d50dfc14073364ac893afebc30 Author: Eric Blake <eblake@xxxxxxxxxx> Date: Wed Nov 22 16:25:16 2017 -0600 nbd/server: CVE-2017-15119 Reject options larger than 32M The NBD spec gives us permission to abruptly disconnect on clients that send outrageously large option requests, rather than having to spend the time reading to the end of the option. No real option request requires that much data anyways; and meanwhile, we already have the practice of abruptly dropping the connection on any client that sends NBD_CMD_WRITE with a payload larger than 32M. For comparison, nbdkit drops the connection on any request with more than 4096 bytes; however, that limit is probably too low (as the NBD spec states an export name can theoretically be up to 4096 bytes, which means a valid NBD_OPT_INFO could be even longer) - even if qemu doesn't permit exports longer than 256 bytes. It could be argued that a malicious client trying to get us to read nearly 4G of data on a bad request is a form of denial of service. In particular, if the server requires TLS, but a client that does not know the TLS credentials sends any option (other than NBD_OPT_STARTTLS or NBD_OPT_EXPORT_NAME) with a stated payload of nearly 4G, then the server was keeping the connection alive trying to read all the payload, tying up resources that it would rather be spending on a client that can get past the TLS handshake. Hence, this warranted a CVE. Present since at least 2.5 when handling known options, and made worse in 2.6 when fixing support for NBD_FLAG_C_FIXED_NEWSTYLE to handle unknown options. CC: qemu-stable@xxxxxxxxxx Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> commit a914f04c23385953cb2f9b34dc879e03c880d4b2 Merge: c7e1f82 2d7ad7c Author: Peter Maydell <peter.maydell@xxxxxxxxxx> Date: Tue Nov 28 11:52:11 2017 +0000 Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-11-28-1' into staging Merge qio 2017/11/28 v1 # gpg: Signature made Tue 28 Nov 2017 10:49:08 GMT # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>" # gpg: aka "Daniel P. Berrange <berrange@xxxxxxxxxx>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qio-2017-11-28-1: sockets: avoid crash when cleaning up sockets for an invalid FD Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx> commit 2d7ad7c05e762d5b10a57eba9af1bb6b41700854 Author: Daniel P. Berrange <berrange@xxxxxxxxxx> Date: Fri Oct 27 08:51:59 2017 +0100 sockets: avoid crash when cleaning up sockets for an invalid FD If socket_listen_cleanup is passed an invalid FD, then querying the socket local address will fail. We must thus be prepared for the returned addr to be NULL Reported-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx> Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> commit c7e1f823aed63f49e559e7463da76d5b320be35b Merge: 5e19aed 70e53e6 Author: Peter Maydell <peter.maydell@xxxxxxxxxx> Date: Tue Nov 28 10:03:26 2017 +0000 Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging # gpg: Signature made Tue 28 Nov 2017 03:58:11 GMT # gpg: using RSA key 0xEF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@xxxxxxxxxx>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: virtio-net: don't touch virtqueue if vm is stopped Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx> commit 70e53e6e4da3db4b2c31981191753a7e974936d0 Author: Jason Wang <jasowang@xxxxxxxxxx> Date: Wed Nov 22 17:57:19 2017 +0800 virtio-net: don't touch virtqueue if vm is stopped Guest state should not be touched if VM is stopped, unfortunately we didn't check running state and tried to drain tx queue unconditionally in virtio_net_set_status(). A crash was then noticed as a migration destination when user type quit after virtqueue state is loaded but before region cache is initialized. In this case, virtio_net_drop_tx_queue_data() tries to access the uninitialized region cache. Fix this by only dropping tx queue data when vm is running. Fixes: 283e2c2adcb80 ("net: virtio-net discards TX data after link down") Cc: Yuri Benditovich <yuri.benditovich@xxxxxxxxxx> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx> Cc: Michael S. Tsirkin <mst@xxxxxxxxxx> Cc: qemu-stable@xxxxxxxxxx Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx> Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx> commit 5e19aed59ab48ca3c7f1e2da203eed27b91bef2d Merge: e7b47c2 e07cc19 Author: Peter Maydell <peter.maydell@xxxxxxxxxx> Date: Mon Nov 27 11:16:20 2017 +0000 Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171127' into staging ppc patch queue 2017-11-27 This series contains a couple of migration fixes for hash guests on POWER9 radix MMU hosts. # gpg: Signature made Mon 27 Nov 2017 04:27:15 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>" # gpg: aka "David Gibson (Red Hat) <dgibson@xxxxxxxxxx>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@xxxxxxxxxx>" # gpg: aka "David Gibson (kernel.org) <dwg@xxxxxxxxxx>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.11-20171127: target/ppc: Fix setting of cpu->compat_pvr on incoming migration target/ppc: Move setting of patb_entry on hash table init Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx> commit e07cc1929515cfb808b5c2fcc60c079e6be110cf Author: Suraj Jitindar Singh <sjitindarsingh@xxxxxxxxx> Date: Fri Nov 24 15:23:25 2017 +1100 target/ppc: Fix setting of cpu->compat_pvr on incoming migration cpu->compat_pvr is used to store the current compat mode of the cpu. On the receiving side during incoming migration we check compatibility with the compat mode by calling ppc_set_compat(). However we fail to set the compat mode with the hypervisor since the "new" compat mode doesn't differ from the current (due to a "cpu->compat_pvr != compat_pvr" check). This means that kvm runs the vcpus without a compat mode, which is the incorrect behaviour. The implication being that a compatibility mode will never be in effect after migration. To fix this so that the compat mode is correctly set with the hypervisor, store the desired compat mode and reset cpu->compat_pvr to zero before calling ppc_set_compat(). Fixes: 5dfaa532 ("ppc: fix ppc_set_compat() with KVM PR") Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@xxxxxxxxx> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> commit ee4d9ecc3675af1e68a9c00a8b338641898d613e Author: Suraj Jitindar Singh <sjitindarsingh@xxxxxxxxx> Date: Fri Nov 24 15:23:24 2017 +1100 target/ppc: Move setting of patb_entry on hash table init The patb_entry is used to store the location of the process table in guest memory. The msb is also used to indicate the mmu mode of the guest, that is patb_entry & 1 << 63 ? radix_mode : hash_mode. Currently we set this to zero in spapr_setup_hpt_and_vrma() since if this function gets called then we know we're hash. However some code paths, such as setting up the hpt on incoming migration of a hash guest, call spapr_reallocate_hpt() directly bypassing this higher level function. Since we assume radix if the host is capable this results in the msb in patb_entry being left set so in spapr_post_load() we call kvmppc_configure_v3_mmu() and tell the host we're radix which as expected means addresses cannot be translated once we actually run the cpu. To fix this move the zeroing of patb_entry into spapr_reallocate_hpt(). Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@xxxxxxxxx> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> _______________________________________________ osstest-output mailing list osstest-output@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/osstest-output
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |