[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [ovmf baseline-only test] 74601: trouble: blocked/broken



This run is configured for baseline tests only.

flight 74601 ovmf real [real]
http://osstest.xs.citrite.net/~osstest/testlogs/logs/74601/

Failures and problems with tests :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 build-amd64-xsm                 <job status>                 broken
 build-i386                      <job status>                 broken
 build-amd64-pvops               <job status>                 broken
 build-i386-xsm                  <job status>                 broken
 build-amd64                     <job status>                 broken
 build-i386-pvops                <job status>                 broken

Tests which did not succeed, but are not blocking:
 test-amd64-amd64-xl-qemuu-ovmf-amd64  1 build-check(1)             blocked n/a
 build-amd64-libvirt           1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-ovmf-amd64  1 build-check(1)              blocked n/a
 build-i386-libvirt            1 build-check(1)               blocked  n/a
 build-amd64-xsm               4 host-install(4)       broken baseline untested
 build-amd64                   4 host-install(4)       broken baseline untested
 build-amd64-pvops             4 host-install(4)       broken baseline untested
 build-i386                    4 host-install(4)       broken baseline untested
 build-i386-xsm                4 host-install(4)       broken baseline untested
 build-i386-pvops              4 host-install(4)       broken baseline untested

version targeted for testing:
 ovmf                 2167c7f7a55b9964912d08aae71879357101ace1
baseline version:
 ovmf                 54ec85dd2902bd5dee39106d5291f71088b7d85a

Last test of basis    74595  2018-04-13 17:56:39 Z    0 days
Testing same since    74601  2018-04-14 00:18:54 Z    0 days    1 attempts

------------------------------------------------------------
People who touched revisions under test:
  Gary Lin <glin@xxxxxxxx>
  Laszlo Ersek <lersek@xxxxxxxxxx>

jobs:
 build-amd64-xsm                                              broken  
 build-i386-xsm                                               broken  
 build-amd64                                                  broken  
 build-i386                                                   broken  
 build-amd64-libvirt                                          blocked 
 build-i386-libvirt                                           blocked 
 build-amd64-pvops                                            broken  
 build-i386-pvops                                             broken  
 test-amd64-amd64-xl-qemuu-ovmf-amd64                         blocked 
 test-amd64-i386-xl-qemuu-ovmf-amd64                          blocked 


------------------------------------------------------------
sg-report-flight on osstest.xs.citrite.net
logs: /home/osstest/logs
images: /home/osstest/images

Logs, config files, etc. are available at
    http://osstest.xs.citrite.net/~osstest/testlogs/logs

Test harness code can be found at
    http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary

broken-job build-amd64-xsm broken
broken-job build-i386 broken
broken-job build-amd64-pvops broken
broken-job build-i386-xsm broken
broken-job build-amd64 broken
broken-job build-i386-pvops broken
broken-step build-amd64-xsm host-install(4)
broken-step build-amd64 host-install(4)
broken-step build-amd64-pvops host-install(4)
broken-step build-i386 host-install(4)
broken-step build-i386-xsm host-install(4)
broken-step build-i386-pvops host-install(4)

Push not applicable.

------------------------------------------------------------
commit 2167c7f7a55b9964912d08aae71879357101ace1
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sat Mar 31 17:33:14 2018 +0200

    CryptoPkg/TlsLib: rewrite TlsSetCipherList()
    
    Rewrite the TlsSetCipherList() function in order to fix the following
    issues:
    
    - Any cipher identifier in CipherId that is not recognized by
      TlsGetCipherMapping() will cause the function to return EFI_UNSUPPORTED.
    
      This is a problem because CipherId is an ordered preference list, and a
      caller should not get EFI_UNSUPPORTED just because it has an elaborate
      CipherId preference list. Instead, we can filter out cipher identifiers
      that we don't recognize, as long as we keep the relative order intact.
    
    - CipherString is allocated on the stack, with 500 bytes.
    
      While processing a large CipherId preference list, this room may not be
      enough. Although no buffer overflow is possible, CipherString exhaustion
      can lead to a failed TLS connection, because any cipher names that don't
      fit on CipherString cannot be negotiated.
    
      Compute CipherStringSize first, and allocate CipherString dynamically.
    
    - Finally, the "@STRENGTH" pseudo cipher name is appended to CipherString.
      (Assuming there is enough room left in CipherString.) This causes
      OpenSSL to sort the cipher list "in order of encryption algorithm key
      length".
    
      This is a bad idea. The caller specifically passes an ordered preference
      list in CipherId. Therefore TlsSetCipherList() must not ask OpenSSL to
      reorder the list, for any reason. Drop "@STRENGTH".
    
    While at it, fix and unify the documentation of the CipherId parameter.
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Qin Long <qin.long@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Cc: Ting Ye <ting.ye@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit a347b0897384a2af6605bdd19a7740972b73f1e7
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sat Mar 31 22:25:15 2018 +0200

    CryptoPkg/TlsLib: sanitize lib classes in internal header and INF
    
    "InternalTlsLib.h" includes "BaseCryptLib.h", but the lib class is not
    listed in the INF file.
    
    The INF file lists a good number of lib classes, but none of the lib class
    headers are included by "InternalTlsLib.h".
    
    Synchronize & sort both lists, while removing those library classes that
    aren't actually needed. (IntrinsicLib and OpensslLib have no edk2 class
    headers.)
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Qin Long <qin.long@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Cc: Ting Ye <ting.ye@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit 96015d5fc51f6c81902a212662c73b512b0c8535
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sun Apr 1 11:51:46 2018 +0200

    CryptoPkg/TlsLib: pre-compute OpensslCipherLength in TlsCipherMappingTable
    
    In the next patches, we'll need the lengths of the
    TLS_CIPHER_MAPPING.OpensslCipher string fields. These lengths can be
    computed at build time; add the new field "OpensslCipherLength", and
    introduce the MAP() macro for populating it.
    
    While at it, add some horizontal whitespace to "TlsCipherMappingTable",
    and add a comma after the last element. This will come handy in a later
    patch.
    
    (The patch does not change the first two columns of
    "TlsCipherMappingTable", which can be easily verified with "git show
    --word-diff".)
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Qin Long <qin.long@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Cc: Ting Ye <ting.ye@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit 5eadb54e26e239429e8b4fe18897781f2321738a
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sat Mar 31 17:06:39 2018 +0200

    CryptoPkg/TlsLib: use binary search in the TlsGetCipherMapping() function
    
    Improve the performance of the TlsGetCipherMapping() function by adopting
    the binary search from DhcpFindOptionFormat()
    [MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c].
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Qin Long <qin.long@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Cc: Ting Ye <ting.ye@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit ecfd37ba1bfe0aacfd4c234013a8aa77811f8b80
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sun Apr 1 12:53:23 2018 +0200

    CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping()
    
    In the following patches it will be useful if the IANA CipherId lookup
    returns a pointer to the whole matching IANA-to-OpenSSL mapping structure,
    not just the OpenSSL cipher suite name. Rename TLS_CIPHER_PAIR and
    TlsGetCipherString() to TLS_CIPHER_MAPPING and TlsGetCipherMapping()
    respectively, and make the function return a pointer to
    TLS_CIPHER_MAPPING.
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Qin Long <qin.long@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Cc: Ting Ye <ting.ye@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit b1c81b6ec3dc3776ffbe8bcc37b1049afcabd24f
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sat Mar 31 16:36:39 2018 +0200

    NetworkPkg/TlsDxe: clean up byte order conversion for EfiTlsCipherList
    
    Fix the following style issues:
    
    - "Data" is accessed through a pointer to UINT16 rather than to a pointer
      to EFI_TLS_CIPHER. While technically correct, UINT16 is harder to
      interpret against the UEFI spec.
    
    - Array subscripting is written with weird *(Pointer + Offset)
      expressions, rather than with Pointer[Offset].
    
    - The byte order is converted with HTONS(), while it should be NTOHS().
      Either way, use the Data1 and Data2 fields of EFI_TLS_CIPHER instead.
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Fu Siyuan <siyuan.fu@xxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit 44eb974081ce6abb98fb82ec35b77d790f48dda3
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sat Mar 31 16:04:10 2018 +0200

    NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList
    
    TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER
    element at the end of "Data":
    
    - Generally speaking, malformed input for a security API is best rejected
      explicitly.
    
    - Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If
      DataSize is 1 on input, then the initial check for (DataSize == 0) will
      fail, but then TlsSetCipherList() will be called with CipherNum=0.
    
    Return EFI_INVALID_PARAMETER from TlsSetSessionData() if "Data" doesn't
    contain a whole number of EFI_TLS_CIPHER elements. While at it, introduce
    the dedicated variable CipherCount.
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Fu Siyuan <siyuan.fu@xxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit 344d057a2b539cf34420e2afad2351b45c65178e
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sat Mar 31 16:20:37 2018 +0200

    MdePkg/Include/Protocol/Tls.h: pack structures from the TLS RFC
    
    The structures defined in RFC 5246 are not to have any padding between
    fields or at the end; use the "pack" pragma as necessary.
    
    Cc: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    Cc: Liming Gao <liming.gao@xxxxxxxxx>
    Cc: Michael D Kinney <michael.d.kinney@xxxxxxxxx>
    Cc: Siyuan Fu <siyuan.fu@xxxxxxxxx>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Fu Siyuan <siyuan.fu@xxxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>

commit ba9c8a8ccbb79697509cba482f9d7b9e8526c7e2
Author: Laszlo Ersek <lersek@xxxxxxxxxx>
Date:   Sun Apr 1 01:27:43 2018 +0200

    OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot
    
    Read the list of trusted cipher suites from fw_cfg and to store it to
    EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE.
    
    The fw_cfg file will be formatted by the "update-crypto-policies" utility
    on the host side, so that the host settings take effect in guest HTTPS
    boot as well. QEMU forwards the file intact to the firmware. The contents
    are forwarded by NetworkPkg/HttpDxe (in TlsConfigCipherList()) to
    NetworkPkg/TlsDxe (TlsSetSessionData()) and TlsLib (TlsSetCipherList()).
    
    Note: the development of the "update-crypto-policies" feature is underway
    at this time. Meanwhile the following script can be used to generate the
    binary file for fw_cfg:
    
      export LC_ALL=C
      openssl ciphers -V \
      | sed -r -n \
          -e 's/^ *0x([0-9A-F]{2}),0x([0-9A-F]{2}) - .*$/\\\\x\1 \\\\x\2/p' \
      | xargs -r -- printf -- '%b' > ciphers.bin
    
    Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
    Cc: Gary Ching-Pang Lin <glin@xxxxxxxx>
    Cc: Jordan Justen <jordan.l.justen@xxxxxxxxx>
    Contributed-under: TianoCore Contribution Agreement 1.1
    Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
    Reviewed-by: Gary Lin <glin@xxxxxxxx>
    Tested-by: Gary Lin <glin@xxxxxxxx>
    Reviewed-by: Long Qin <qin.long@xxxxxxxxx>
    Reviewed-by: Jiaxin Wu <jiaxin.wu@xxxxxxxxx>
    [lersek@xxxxxxxxxx: update commit msg and add script as requested by Gary]
    [lersek@xxxxxxxxxx: update commit msg as requested by Jiaxin]

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.