flight 18230 xen-4.2-testing real [real]
http://www.chiark.greenend.org.uk/~xensrcts/logs/18230/
Regressions :-(
Tests which did not succeed and are blocking,
including tests which could not be run:
build-i386 4 xen-build fail REGR. vs. 18207
build-i386-oldkern 4 xen-build fail REGR. vs. 18207
Tests which did not succeed, but are not blocking:
build-armhf 4 xen-build fail never pass
test-amd64-amd64-xl-pcipt-intel 9 guest-start fail never pass
test-amd64-i386-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemuu-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-i386-i386-xl 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemut-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-amd64-i386-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemuu-rhel6hvm-intel 1 xen-build-check(1) blocked n/a
test-i386-i386-pair 1 xen-build-check(1) blocked n/a
test-i386-i386-pv 1 xen-build-check(1) blocked n/a
test-amd64-i386-pair 1 xen-build-check(1) blocked n/a
test-amd64-i386-pv 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-multivcpu 1 xen-build-check(1) blocked n/a
test-amd64-i386-qemut-rhel6hvm-amd 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-winxpsp3 13 guest-stop fail never pass
test-amd64-i386-xl-qemut-winxpsp3-vcpus1 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-win7-amd64 13 guest-stop fail never pass
test-amd64-i386-xl-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemut-win7-amd64 13 guest-stop fail never pass
test-amd64-amd64-xl-qemuu-win7-amd64 13 guest-stop fail never pass
test-i386-i386-xl-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemut-winxpsp3 13 guest-stop fail never pass
test-amd64-i386-xl-credit2 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-qemut-win7-amd64 1 xen-build-check(1) blocked n/a
test-amd64-i386-xl-winxpsp3-vcpus1 1 xen-build-check(1) blocked n/a
test-amd64-i386-xend-qemut-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-i386-xend-winxpsp3 1 xen-build-check(1) blocked n/a
test-i386-i386-xl-qemut-winxpsp3 1 xen-build-check(1) blocked n/a
test-amd64-amd64-xl-qemuu-winxpsp3 13 guest-stop fail never pass
test-i386-i386-xl-qemuu-winxpsp3 1 xen-build-check(1) blocked n/a
version targeted for testing:
xen 85fac79f83f96e5a626d9d0509c1533c6320ea5c
baseline version:
xen 63a1ea8506d520881e4f7426b39774dce4be1ff9
------------------------------------------------------------
People who touched revisions under test:
Ian Campbell <ian.campbell@citrix.com>
------------------------------------------------------------
jobs:
build-amd64 pass
build-armhf fail
build-i386 fail
build-amd64-oldkern pass
build-i386-oldkern fail
build-amd64-pvops pass
build-i386-pvops pass
test-amd64-amd64-xl pass
test-amd64-i386-xl blocked
test-i386-i386-xl blocked
test-amd64-i386-rhel6hvm-amd blocked
test-amd64-i386-qemut-rhel6hvm-amd blocked
test-amd64-i386-qemuu-rhel6hvm-amd blocked
test-amd64-amd64-xl-qemut-win7-amd64 fail
test-amd64-i386-xl-qemut-win7-amd64 blocked
test-amd64-amd64-xl-qemuu-win7-amd64 fail
test-amd64-amd64-xl-win7-amd64 fail
test-amd64-i386-xl-win7-amd64 blocked
test-amd64-i386-xl-credit2 blocked
test-amd64-amd64-xl-pcipt-intel fail
test-amd64-i386-rhel6hvm-intel blocked
test-amd64-i386-qemut-rhel6hvm-intel blocked
test-amd64-i386-qemuu-rhel6hvm-intel blocked
test-amd64-i386-xl-multivcpu blocked
test-amd64-amd64-pair pass
test-amd64-i386-pair blocked
test-i386-i386-pair blocked
test-amd64-amd64-xl-sedf-pin pass
test-amd64-amd64-pv pass
test-amd64-i386-pv blocked
test-i386-i386-pv blocked
test-amd64-amd64-xl-sedf pass
test-amd64-i386-xl-qemut-winxpsp3-vcpus1 blocked
test-amd64-i386-xl-winxpsp3-vcpus1 blocked
test-amd64-i386-xend-qemut-winxpsp3 blocked
test-amd64-amd64-xl-qemut-winxpsp3 fail
test-i386-i386-xl-qemut-winxpsp3 blocked
test-amd64-amd64-xl-qemuu-winxpsp3 fail
test-i386-i386-xl-qemuu-winxpsp3 blocked
test-amd64-i386-xend-winxpsp3 blocked
test-amd64-amd64-xl-winxpsp3 fail
test-i386-i386-xl-winxpsp3 blocked
------------------------------------------------------------
sg-report-flight on woking.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images
Logs, config files, etc. are available at
http://www.chiark.greenend.org.uk/~xensrcts/logs
Test harness code can be found at
http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary
Not pushing.
------------------------------------------------------------
commit 85fac79f83f96e5a626d9d0509c1533c6320ea5c
Author: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Thu Jun 27 17:25:18 2013 +0100
libxl: Restrict permissions on PV console device xenstore nodes
Matthew Daley has observed that the PV console protocol places sensitive
host
state into a guest writeable xenstore locations, this includes:
- The pty used to communicate between the console backend daemon and its
client, allowing the guest administrator to read and write arbitrary host
files.
- The output file, allowing the guest administrator to write arbitrary host
files or to target arbitrary qemu chardevs which include sockets, udp,
ptr,
pipes etc (see -chardev in qemu(1) for a more complete list).
- The maximum buffer size, allowing the guest administrator to consume more
resources than the host administrator has configured.
- The backend to use (qemu vs xenconsoled), potentially allowing the guest
administrator to confuse host software.
So we arrange to make the sensitive keys in the xenstore frontend directory
read only for the guest. This is safe since the xenstore permissions model,
unlike POSIX directory permissions, does not allow the guest to remove and
recreate a node if it has write access to the containing directory.
There are a few associated wrinkles:
- The primary PV console is "special". It''s xenstore
node is not under the
usual /devices/ subtree and it does not use the customary xenstore state
machine protocol. Unfortunately its directory is used for other things,
including the vnc-port node, which we do not want the guest to be able to
write to. Rather than trying to track down all the possible secondary
uses
of this directory just make it r/o to the guest. All newly created
subdirectories inherit these permissions and so are now safe by default.
- The other serial consoles do use the customary xenstore state machine and
therefore need write access to at least the "protocol" and
"state" nodes,
however they may also want to use arbitrary "feature-foo" nodes
(although
I''m not aware of any) and therefore we cannot simply lock down
the entire
frontend directory. Instead we add support to libxl__device_generic_add
for
frontend keys which are explicitly read only and use that to lock down
the
sensitive keys.
- Minios'' console frontend wants to write the "type"
node, which it has no
business doing since this is a host/toolstack level decision. This fails
now that the node has become read only to the PV guest. Since the
toolstack
already writes this node just remove the attempt to set it.
This is CVE-2013-2211 / XSA-57
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Conflicts:
tools/libxl/libxl.c (no vtpm, free front_ro on error in
libxl__device_console_add)
(qemu changes not included)