[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [qemu-upstream-4.3-testing test] 96335: regressions - FAIL



flight 96335 qemu-upstream-4.3-testing real [real]
http://logs.test-lab.xenproject.org/osstest/logs/96335/

Regressions :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 build-amd64-libvirt           5 libvirt-build             fail REGR. vs. 80927
 build-i386-libvirt            5 libvirt-build             fail REGR. vs. 80927

Regressions which are regarded as allowable (not blocking):
 test-amd64-i386-xl-qemuu-win7-amd64 16 guest-stop              fail like 80927
 test-amd64-amd64-xl-qemuu-win7-amd64 16 guest-stop             fail like 80927

Tests which did not succeed, but are not blocking:
 test-amd64-i386-libvirt       1 build-check(1)               blocked  n/a
 test-amd64-amd64-libvirt-vhd  1 build-check(1)               blocked  n/a
 test-amd64-amd64-libvirt      1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-ovmf-amd64  9 debian-hvm-install     fail never pass
 test-amd64-i386-xl-qemuu-ovmf-amd64  9 debian-hvm-install      fail never pass

version targeted for testing:
 qemuu                12e8fccf5b5460be7aecddc71d27eceaba6e1f15
baseline version:
 qemuu                10c1b763c26feb645627a1639e722515f3e1e876

Last test of basis    80927  2016-02-06 13:30:02 Z  143 days
Failing since         93977  2016-05-10 11:09:16 Z   49 days  154 attempts
Testing same since    95534  2016-06-11 00:59:46 Z   17 days   34 attempts

------------------------------------------------------------
People who touched revisions under test:
  Anthony PERARD <anthony.perard@xxxxxxxxxx>
  Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
  Stefano Stabellini <sstabellini@xxxxxxxxxx>
  Wei Liu <wei.liu2@xxxxxxxxxx>

jobs:
 build-amd64                                                  pass    
 build-i386                                                   pass    
 build-amd64-libvirt                                          fail    
 build-i386-libvirt                                           fail    
 build-amd64-pvops                                            pass    
 build-i386-pvops                                             pass    
 test-amd64-amd64-xl                                          pass    
 test-amd64-i386-xl                                           pass    
 test-amd64-i386-qemuu-rhel6hvm-amd                           pass    
 test-amd64-amd64-xl-qemuu-debianhvm-amd64                    pass    
 test-amd64-i386-xl-qemuu-debianhvm-amd64                     pass    
 test-amd64-i386-freebsd10-amd64                              pass    
 test-amd64-amd64-xl-qemuu-ovmf-amd64                         fail    
 test-amd64-i386-xl-qemuu-ovmf-amd64                          fail    
 test-amd64-amd64-xl-qemuu-win7-amd64                         fail    
 test-amd64-i386-xl-qemuu-win7-amd64                          fail    
 test-amd64-amd64-xl-credit2                                  pass    
 test-amd64-i386-freebsd10-i386                               pass    
 test-amd64-i386-qemuu-rhel6hvm-intel                         pass    
 test-amd64-amd64-libvirt                                     blocked 
 test-amd64-i386-libvirt                                      blocked 
 test-amd64-amd64-xl-multivcpu                                pass    
 test-amd64-amd64-pair                                        pass    
 test-amd64-i386-pair                                         pass    
 test-amd64-amd64-pv                                          pass    
 test-amd64-i386-pv                                           pass    
 test-amd64-amd64-amd64-pvgrub                                pass    
 test-amd64-amd64-i386-pvgrub                                 pass    
 test-amd64-amd64-pygrub                                      pass    
 test-amd64-amd64-xl-qcow2                                    pass    
 test-amd64-i386-xl-raw                                       pass    
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1                     pass    
 test-amd64-amd64-libvirt-vhd                                 blocked 
 test-amd64-amd64-xl-qemuu-winxpsp3                           pass    


------------------------------------------------------------
sg-report-flight on osstest.test-lab.xenproject.org
logs: /home/logs/logs
images: /home/logs/images

Logs, config files, etc. are available at
    http://logs.test-lab.xenproject.org/osstest/logs

Explanation of these reports, and of osstest in general, is at
    http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master
    http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master

Test harness code can be found at
    http://xenbits.xen.org/gitweb?p=osstest.git;a=summary


Not pushing.

------------------------------------------------------------
commit 12e8fccf5b5460be7aecddc71d27eceaba6e1f15
Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date:   Thu May 26 16:21:56 2016 +0100

    main loop: Big hammer to fix logfile disk DoS in Xen setups
    
    Each time round the main loop, we now fstat stderr.  If it is too big,
    we dup2 /dev/null onto it.  This is not a very pretty patch but it is
    very simple, easy to see that it's correct, and has a low risk of
    collateral damage.
    
    There is no limit by default but can be adjusted by setting a new
    environment variable.
    
    This fixes CVE-2014-3672.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Tested-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    
    Set the default to 0 so that it won't affect non-xen installation. The
    limit will be set by Xen toolstack.
    
    Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
    Acked-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
    (cherry picked from commit 44a072f0de0d57c95c2212bbce02888832b7b74f)

commit 0aabf85123a437e60e6cfb15f13bc559b75a21d5
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Tue May 17 10:54:54 2016 +0200

    vga: add sr_vbe register set
    
    Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
    (CVE-2016-3712)." causes a regression.  The win7 installer is unhappy
    because it can't freely modify vga registers any more while in vbe mode.
    
    This patch introduces a new sr_vbe register set.  The vbe_update_vgaregs
    will fill sr_vbe[] instead of sr[].  Normal vga register reads and
    writes go to sr[].  Any sr register read access happens through a new
    sr() helper function which will read from sr_vbe[] with vbe active and
    from sr[] otherwise.
    
    This way we can allow guests update sr[] registers as they want, without
    allowing them disrupt vbe video modes that way.
    
    upstream-commit-id: 94ef4f337fb614f18b765a8e0e878a4c23cdedcd
    
    Cc: qemu-stable@xxxxxxxxxx
    Reported-by: Thomas Lamprecht <thomas@xxxxxxxxxxxxx>
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Message-id: 1463475294-14119-1-git-send-email-kraxel@xxxxxxxxxx

commit c97c20f71240a538a19cb6b0e598bc1bbd5168f1
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed May 4 17:43:36 2016 +0100

    vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
    
    Call vbe_update_vgaregs() when the guest touches GFX, SEQ or CRT
    registers, to make sure the vga registers will always have the
    values needed by vbe mode.  This makes sure the sanity checks
    applied by vbe_fixup_regs() are effective.
    
    Without this guests can muck with shift_control, can turn on planar
    vga modes or text mode emulation while VBE is active, making qemu
    take code paths meant for CGA compatibility, but with the very
    large display widths and heigts settable using VBE registers.
    
    Which is good for one or another buffer overflow.  Not that
    critical as they typically read overflows happening somewhere
    in the display code.  So guests can DoS by crashing qemu with a
    segfault, but it is probably not possible to break out of the VM.
    
    upstream-commit-id: fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7
    
    Fixes: CVE-2016-3712
    Reported-by: Zuozhi Fzz <zuozhi.fzz@xxxxxxxxxxxxxxx>
    Reported-by: P J P <ppandit@xxxxxxxxxx>
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>

commit 5ee8a0795e9656b370e9f67b6acea2f2690a1aca
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed May 4 17:42:59 2016 +0100

    vga: update vga register setup on vbe changes
    
    Call the new vbe_update_vgaregs() function on vbe configuration
    changes, to make sure vga registers are up-to-date.
    
    upstream-commit-id: 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4
    
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>

commit 7073ff0127babd7d8b35326cf50753b337b23bb0
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed May 4 17:42:24 2016 +0100

    vga: factor out vga register setup
    
    When enabling vbe mode qemu will setup a bunch of vga registers to make
    sure the vga emulation operates in correct mode for a linear
    framebuffer.  Move that code to a separate function so we can call it
    from other places too.
    
    upstream-commit-id: 7fa5c2c5dc9f9bf878c1e8669eb9644d70a71e71
    
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>

commit 856e1ebb1fcc44856ef682e31295310a29e66ffd
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed May 4 17:41:39 2016 +0100

    vga: add vbe_enabled() helper
    
    Makes code a bit easier to read.
    
    upstream-commit-id: bfa0f151a564a83b5a26f3e917da98674bf3cf62
    
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>

commit cae20a4a923c292158080bf538d7583fc2e1b455
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Date:   Wed May 4 17:40:58 2016 +0100

    vga: fix banked access bounds checking (CVE-2016-3710)
    
    vga allows banked access to video memory using the window at 0xa00000
    and it supports a different access modes with different address
    calculations.
    
    The VBE bochs extentions support banked access too, using the
    VBE_DISPI_INDEX_BANK register.  The code tries to take the different
    address calculations into account and applies different limits to
    VBE_DISPI_INDEX_BANK depending on the current access mode.
    
    Which is probably effective in stopping misprogramming by accident.
    But from a security point of view completely useless as an attacker
    can easily change access modes after setting the bank register.
    
    Drop the bogus check, add range checks to vga_mem_{readb,writeb}
    instead.
    
    upstream-commit-id: 3bf1817079bb0d80c0d8a86a7c7dd0bfe90eb82e
    
    Fixes: CVE-2016-3710
    Reported-by: Qinghao Tang <luodalongde@xxxxxxxxx>
    Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.