flight 14092 xen-4.1-testing real [real]
http://www.chiark.greenend.org.uk/~xensrcts/logs/14092/
Failures and problems with tests :-(
Tests which did not succeed and are blocking,
including tests which could not be run:
build-i386 2 host-install(2) broken REGR. vs. 13919
build-amd64 2 host-install(2) broken REGR. vs. 13919
build-i386-pvops 2 host-install(2) broken REGR. vs. 13919
build-amd64-oldkern 2 host-install(2) broken REGR. vs. 13919
build-amd64-pvops 2 host-install(2) broken REGR. vs. 13919
build-i386-oldkern 2 host-install(2) broken REGR. vs. 13919
Tests which did not succeed, but are not blocking:
test-i386-i386-win 1 xen-build-check(1) blocked n/a
test-amd64-i386-win 1 xen-build-check(1) blocked n/a
test-i386-i386-xl 1 xen-build-check(1) blocked n/a
test-amd64-i386-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-win-vcpus1 1 xen-build-check(1) blocked n/a
test-i386-i386-pv 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemuu-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemuu-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-sedf 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-multivcpu 1 xen-build-check(1) blocked n/a
test-amd64-amd64-pv 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-sedf-pin 1 xen-build-check(1) blocked n/a
test-amd64-amd64-win 1 xen-build-check(1) blocked n/a
test-amd64-i386-pv 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xend-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-credit2 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-win 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-winxpsp3-vcpus1 1 xen-build-check(1) blocked n/a
test-amd64-i386-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-pcipt-intel 1 xen-build-check(1) blocked n/a
test-amd64-i386-win-vcpus1 1 xen-build-check(1) blocked n/a
test-amd64-i386-pair 1 xen-build-check(1) blocked n/a
test-amd64-amd64-pair 1 xen-build-check(1) blocked n/a
test-i386-i386-pair 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemuu-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-win 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a
version targeted for testing:
xen 69d1cc78a5bd
baseline version:
xen a15596a619ed
------------------------------------------------------------
People who touched revisions under test:
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Ian Campbell <ian.campbell@citrix.com>
Ian Jackson <ian.jackson@eu.citrix.com>
Jan Beulich <jbeulich@suse.com>
------------------------------------------------------------
jobs:
build-amd64 broken
build-i386 broken
build-amd64-oldkern broken
build-i386-oldkern broken
build-amd64-pvops broken
build-i386-pvops broken
test-amd64-amd64-xl blocked
test-amd64-i386-xl blocked
test-i386-i386-xl blocked
test-amd64-i386-rhel6hvm-amd blocked
test-amd64-i386-qemuu-rhel6hvm-amd blocked
test-amd64-amd64-xl-qemuu-win7-amd64 blocked
test-amd64-amd64-xl-win7-amd64 blocked
test-amd64-i386-xl-win7-amd64 blocked
test-amd64-i386-xl-credit2 blocked
test-amd64-amd64-xl-pcipt-intel blocked
test-amd64-i386-rhel6hvm-intel blocked
test-amd64-i386-qemuu-rhel6hvm-intel blocked
test-amd64-i386-xl-multivcpu blocked
test-amd64-amd64-pair blocked
test-amd64-i386-pair blocked
test-i386-i386-pair blocked
test-amd64-amd64-xl-sedf-pin blocked
test-amd64-amd64-pv blocked
test-amd64-i386-pv blocked
test-i386-i386-pv blocked
test-amd64-amd64-xl-sedf blocked
test-amd64-i386-win-vcpus1 blocked
test-amd64-i386-xl-win-vcpus1 blocked
test-amd64-i386-xl-winxpsp3-vcpus1 blocked
test-amd64-amd64-win blocked
test-amd64-i386-win blocked
test-i386-i386-win blocked
test-amd64-amd64-xl-win blocked
test-i386-i386-xl-win blocked
test-amd64-amd64-xl-qemuu-winxpsp3 blocked
test-i386-i386-xl-qemuu-winxpsp3 blocked
test-amd64-i386-xend-winxpsp3 blocked
test-amd64-amd64-xl-winxpsp3 blocked
test-i386-i386-xl-winxpsp3 blocked
------------------------------------------------------------
sg-report-flight on woking.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images
Logs, config files, etc. are available at
http://www.chiark.greenend.org.uk/~xensrcts/logs
Test harness code can be found at
http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary
Not pushing.
------------------------------------------------------------
changeset: 23385:69d1cc78a5bd
tag: tip
user: Ian Jackson <Ian.Jackson@eu.citrix.com>
date: Fri Oct 26 16:10:04 2012 +0100
libxc: builder: limit maximum size of kernel/ramdisk.
Allowing user supplied kernels of arbitrary sizes, especially during
decompression, can swallow up dom0 memory leading to either virtual
address space exhaustion in the builder process or allocation
failures/OOM killing of both toolstack and unrelated processes.
We disable these checks when building in a stub domain for pvgrub
since this uses the guest's own memory and is isolated.
Decompression of gzip compressed kernels and ramdisks has been safe
since 14954:58205257517d (Xen 3.1.0 onwards).
This is XSA-25 / CVE-2012-4544.
Also make explicit checks for buffer overflows in various
decompression routines. These were already ruled out due to other
properties of the code but check them as a belt-and-braces measure.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
[ Includes 25589:60f09d1ab1fe for CVE-2012-2625 ]
changeset: 23384:a15596a619ed
user: Daniel De Graaf <dgdegra@tycho.nsa.gov>
date: Thu Oct 04 10:44:43 2012 +0200
x86: check remote MMIO remap permissions
When a domain is mapping pages from a different pg_owner domain, the
iomem_access checks are currently only applied to the pg_owner domain,
potentially allowing a domain with a more restrictive iomem_access
policy to have the pages mapped into its page tables. To catch this,
also check the owner of the page tables. The current domain does not
need to be checked because the ability to manipulate a domain's page
tables implies full access to the target domain, so checking that
domain's permission is sufficient.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>
xen-unstable changeset: 25952:8278d7d8fa48
xen-unstable date: Wed Sep 26 09:56:07 UTC 2012
========================================
commit d7d453f51459b591faa96d1c123b5bfff7c5b6b6
Author: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Thu Sep 6 17:05:30 2012 +0100
Disable qemu monitor by default. The qemu monitor is an overly
powerful feature which must be protected from untrusted (guest)
administrators.
Neither xl nor xend expect qemu to produce this monitor unless it is
explicitly requested.
This is a security problem, XSA-19. Previously it was CVE-2007-0998
in Red Hat but we haven't dealt with it in upstream. We hope to have
a new CVE for it here but we don't have one yet.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
(cherry picked from commit bacc0d302445c75f18f4c826750fb5853b60e7ca)
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
http://www.chiark.greenend.org.uk/~xensrcts/logs/14092/
Failures and problems with tests :-(
Tests which did not succeed and are blocking,
including tests which could not be run:
build-i386 2 host-install(2) broken REGR. vs. 13919
build-amd64 2 host-install(2) broken REGR. vs. 13919
build-i386-pvops 2 host-install(2) broken REGR. vs. 13919
build-amd64-oldkern 2 host-install(2) broken REGR. vs. 13919
build-amd64-pvops 2 host-install(2) broken REGR. vs. 13919
build-i386-oldkern 2 host-install(2) broken REGR. vs. 13919
Tests which did not succeed, but are not blocking:
test-i386-i386-win 1 xen-build-check(1) blocked n/a
test-amd64-i386-win 1 xen-build-check(1) blocked n/a
test-i386-i386-xl 1 xen-build-check(1) blocked n/a
test-amd64-i386-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-win-vcpus1 1 xen-build-check(1) blocked n/a
test-i386-i386-pv 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemuu-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemuu-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-sedf 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-multivcpu 1 xen-build-check(1) blocked n/a
test-amd64-amd64-pv 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-sedf-pin 1 xen-build-check(1) blocked n/a
test-amd64-amd64-win 1 xen-build-check(1) blocked n/a
test-amd64-i386-pv 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xend-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-credit2 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-win 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-winxpsp3-vcpus1 1 xen-build-check(1) blocked n/a
test-amd64-i386-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-pcipt-intel 1 xen-build-check(1) blocked n/a
test-amd64-i386-win-vcpus1 1 xen-build-check(1) blocked n/a
test-amd64-i386-pair 1 xen-build-check(1) blocked n/a
test-amd64-amd64-pair 1 xen-build-check(1) blocked n/a
test-i386-i386-pair 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemuu-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-win 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a
version targeted for testing:
xen 69d1cc78a5bd
baseline version:
xen a15596a619ed
------------------------------------------------------------
People who touched revisions under test:
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Ian Campbell <ian.campbell@citrix.com>
Ian Jackson <ian.jackson@eu.citrix.com>
Jan Beulich <jbeulich@suse.com>
------------------------------------------------------------
jobs:
build-amd64 broken
build-i386 broken
build-amd64-oldkern broken
build-i386-oldkern broken
build-amd64-pvops broken
build-i386-pvops broken
test-amd64-amd64-xl blocked
test-amd64-i386-xl blocked
test-i386-i386-xl blocked
test-amd64-i386-rhel6hvm-amd blocked
test-amd64-i386-qemuu-rhel6hvm-amd blocked
test-amd64-amd64-xl-qemuu-win7-amd64 blocked
test-amd64-amd64-xl-win7-amd64 blocked
test-amd64-i386-xl-win7-amd64 blocked
test-amd64-i386-xl-credit2 blocked
test-amd64-amd64-xl-pcipt-intel blocked
test-amd64-i386-rhel6hvm-intel blocked
test-amd64-i386-qemuu-rhel6hvm-intel blocked
test-amd64-i386-xl-multivcpu blocked
test-amd64-amd64-pair blocked
test-amd64-i386-pair blocked
test-i386-i386-pair blocked
test-amd64-amd64-xl-sedf-pin blocked
test-amd64-amd64-pv blocked
test-amd64-i386-pv blocked
test-i386-i386-pv blocked
test-amd64-amd64-xl-sedf blocked
test-amd64-i386-win-vcpus1 blocked
test-amd64-i386-xl-win-vcpus1 blocked
test-amd64-i386-xl-winxpsp3-vcpus1 blocked
test-amd64-amd64-win blocked
test-amd64-i386-win blocked
test-i386-i386-win blocked
test-amd64-amd64-xl-win blocked
test-i386-i386-xl-win blocked
test-amd64-amd64-xl-qemuu-winxpsp3 blocked
test-i386-i386-xl-qemuu-winxpsp3 blocked
test-amd64-i386-xend-winxpsp3 blocked
test-amd64-amd64-xl-winxpsp3 blocked
test-i386-i386-xl-winxpsp3 blocked
------------------------------------------------------------
sg-report-flight on woking.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images
Logs, config files, etc. are available at
http://www.chiark.greenend.org.uk/~xensrcts/logs
Test harness code can be found at
http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary
Not pushing.
------------------------------------------------------------
changeset: 23385:69d1cc78a5bd
tag: tip
user: Ian Jackson <Ian.Jackson@eu.citrix.com>
date: Fri Oct 26 16:10:04 2012 +0100
libxc: builder: limit maximum size of kernel/ramdisk.
Allowing user supplied kernels of arbitrary sizes, especially during
decompression, can swallow up dom0 memory leading to either virtual
address space exhaustion in the builder process or allocation
failures/OOM killing of both toolstack and unrelated processes.
We disable these checks when building in a stub domain for pvgrub
since this uses the guest's own memory and is isolated.
Decompression of gzip compressed kernels and ramdisks has been safe
since 14954:58205257517d (Xen 3.1.0 onwards).
This is XSA-25 / CVE-2012-4544.
Also make explicit checks for buffer overflows in various
decompression routines. These were already ruled out due to other
properties of the code but check them as a belt-and-braces measure.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
[ Includes 25589:60f09d1ab1fe for CVE-2012-2625 ]
changeset: 23384:a15596a619ed
user: Daniel De Graaf <dgdegra@tycho.nsa.gov>
date: Thu Oct 04 10:44:43 2012 +0200
x86: check remote MMIO remap permissions
When a domain is mapping pages from a different pg_owner domain, the
iomem_access checks are currently only applied to the pg_owner domain,
potentially allowing a domain with a more restrictive iomem_access
policy to have the pages mapped into its page tables. To catch this,
also check the owner of the page tables. The current domain does not
need to be checked because the ability to manipulate a domain's page
tables implies full access to the target domain, so checking that
domain's permission is sufficient.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>
xen-unstable changeset: 25952:8278d7d8fa48
xen-unstable date: Wed Sep 26 09:56:07 UTC 2012
========================================
commit d7d453f51459b591faa96d1c123b5bfff7c5b6b6
Author: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Thu Sep 6 17:05:30 2012 +0100
Disable qemu monitor by default. The qemu monitor is an overly
powerful feature which must be protected from untrusted (guest)
administrators.
Neither xl nor xend expect qemu to produce this monitor unless it is
explicitly requested.
This is a security problem, XSA-19. Previously it was CVE-2007-0998
in Red Hat but we haven't dealt with it in upstream. We hope to have
a new CVE for it here but we don't have one yet.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
(cherry picked from commit bacc0d302445c75f18f4c826750fb5853b60e7ca)
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel