flight 14089 xen-4.1-testing real [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/14089/ Failures and problems with tests :-( Tests which did not succeed and are blocking, including tests which could not be run: build-i386 2 host-install(2) broken REGR. vs. 13919 build-amd64 2 host-install(2) broken REGR. vs. 13919 build-i386-pvops 2 host-install(2) broken REGR. vs. 13919 build-amd64-oldkern 2 host-install(2) broken REGR. vs. 13919 build-amd64-pvops 2 host-install(2) broken REGR. vs. 13919 build-i386-oldkern 2 host-install(2) broken REGR. vs. 13919 Tests which did not succeed, but are not blocking: test-i386-i386-win 1 xen-build-check(1) blocked n/a test-amd64-i386-win 1 xen-build-check(1) blocked n/a test-i386-i386-xl 1 xen-build-check(1) blocked n/a test-amd64-i386-rhel6hvm-amd 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-win-vcpus1 1 xen-build-check(1) blocked n/a test-i386-i386-pv 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-qemuu-win7-amd64 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-win7-amd64 1 xen-build-check(1) blocked n/a test-amd64-i386-qemuu-rhel6hvm-amd 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-sedf 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-multivcpu 1 xen-build-check(1) blocked n/a test-amd64-amd64-pv 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-win7-amd64 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-sedf-pin 1 xen-build-check(1) blocked n/a test-amd64-amd64-win 1 xen-build-check(1) blocked n/a test-amd64-i386-pv 1 xen-build-check(1) blocked n/a test-i386-i386-xl-winxpsp3 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-winxpsp3 1 xen-build-check(1) blocked n/a test-amd64-i386-xend-winxpsp3 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-credit2 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-win 1 xen-build-check(1) blocked n/a test-i386-i386-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a test-amd64-i386-xl-winxpsp3-vcpus1 1 xen-build-check(1) blocked n/a test-amd64-i386-rhel6hvm-intel 1 xen-build-check(1) blocked n/a test-amd64-i386-xl 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-pcipt-intel 1 xen-build-check(1) blocked n/a test-amd64-i386-win-vcpus1 1 xen-build-check(1) blocked n/a test-amd64-i386-pair 1 xen-build-check(1) blocked n/a test-amd64-amd64-pair 1 xen-build-check(1) blocked n/a test-i386-i386-pair 1 xen-build-check(1) blocked n/a test-amd64-i386-qemuu-rhel6hvm-intel 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl 1 xen-build-check(1) blocked n/a test-i386-i386-xl-win 1 xen-build-check(1) blocked n/a test-amd64-amd64-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a version targeted for testing: xen 69d1cc78a5bd baseline version: xen a15596a619ed ------------------------------------------------------------ People who touched revisions under test: Daniel De Graaf <dgdegra@tycho.nsa.gov> Ian Campbell <ian.campbell@citrix.com> Ian Jackson <ian.jackson@eu.citrix.com> Jan Beulich <jbeulich@suse.com> ------------------------------------------------------------ jobs: build-amd64 broken build-i386 broken build-amd64-oldkern broken build-i386-oldkern broken build-amd64-pvops broken build-i386-pvops broken test-amd64-amd64-xl blocked test-amd64-i386-xl blocked test-i386-i386-xl blocked test-amd64-i386-rhel6hvm-amd blocked test-amd64-i386-qemuu-rhel6hvm-amd blocked test-amd64-amd64-xl-qemuu-win7-amd64 blocked test-amd64-amd64-xl-win7-amd64 blocked test-amd64-i386-xl-win7-amd64 blocked test-amd64-i386-xl-credit2 blocked test-amd64-amd64-xl-pcipt-intel blocked test-amd64-i386-rhel6hvm-intel blocked test-amd64-i386-qemuu-rhel6hvm-intel blocked test-amd64-i386-xl-multivcpu blocked test-amd64-amd64-pair blocked test-amd64-i386-pair blocked test-i386-i386-pair blocked test-amd64-amd64-xl-sedf-pin blocked test-amd64-amd64-pv blocked test-amd64-i386-pv blocked test-i386-i386-pv blocked test-amd64-amd64-xl-sedf blocked test-amd64-i386-win-vcpus1 blocked test-amd64-i386-xl-win-vcpus1 blocked test-amd64-i386-xl-winxpsp3-vcpus1 blocked test-amd64-amd64-win blocked test-amd64-i386-win blocked test-i386-i386-win blocked test-amd64-amd64-xl-win blocked test-i386-i386-xl-win blocked test-amd64-amd64-xl-qemuu-winxpsp3 blocked test-i386-i386-xl-qemuu-winxpsp3 blocked test-amd64-i386-xend-winxpsp3 blocked test-amd64-amd64-xl-winxpsp3 blocked test-i386-i386-xl-winxpsp3 blocked ------------------------------------------------------------ sg-report-flight on woking.cam.xci-test.com logs: /home/xc_osstest/logs images: /home/xc_osstest/images Logs, config files, etc. are available at http://www.chiark.greenend.org.uk/~xensrcts/logs Test harness code can be found at http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary Not pushing. ------------------------------------------------------------ changeset: 23385:69d1cc78a5bd tag: tip user: Ian Jackson <Ian.Jackson@eu.citrix.com> date: Fri Oct 26 16:10:04 2012 +0100 libxc: builder: limit maximum size of kernel/ramdisk. Allowing user supplied kernels of arbitrary sizes, especially during decompression, can swallow up dom0 memory leading to either virtual address space exhaustion in the builder process or allocation failures/OOM killing of both toolstack and unrelated processes. We disable these checks when building in a stub domain for pvgrub since this uses the guest''s own memory and is isolated. Decompression of gzip compressed kernels and ramdisks has been safe since 14954:58205257517d (Xen 3.1.0 onwards). This is XSA-25 / CVE-2012-4544. Also make explicit checks for buffer overflows in various decompression routines. These were already ruled out due to other properties of the code but check them as a belt-and-braces measure. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> [ Includes 25589:60f09d1ab1fe for CVE-2012-2625 ] changeset: 23384:a15596a619ed user: Daniel De Graaf <dgdegra@tycho.nsa.gov> date: Thu Oct 04 10:44:43 2012 +0200 x86: check remote MMIO remap permissions When a domain is mapping pages from a different pg_owner domain, the iomem_access checks are currently only applied to the pg_owner domain, potentially allowing a domain with a more restrictive iomem_access policy to have the pages mapped into its page tables. To catch this, also check the owner of the page tables. The current domain does not need to be checked because the ability to manipulate a domain''s page tables implies full access to the target domain, so checking that domain''s permission is sufficient. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Jan Beulich <jbeulich@suse.com> xen-unstable changeset: 25952:8278d7d8fa48 xen-unstable date: Wed Sep 26 09:56:07 UTC 2012 =======================================commit d7d453f51459b591faa96d1c123b5bfff7c5b6b6 Author: Ian Jackson <ian.jackson@eu.citrix.com> Date: Thu Sep 6 17:05:30 2012 +0100 Disable qemu monitor by default. The qemu monitor is an overly powerful feature which must be protected from untrusted (guest) administrators. Neither xl nor xend expect qemu to produce this monitor unless it is explicitly requested. This is a security problem, XSA-19. Previously it was CVE-2007-0998 in Red Hat but we haven''t dealt with it in upstream. We hope to have a new CVE for it here but we don''t have one yet. Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> (cherry picked from commit bacc0d302445c75f18f4c826750fb5853b60e7ca)