* [qemu-upstream-4.4-testing test] 81280: regressions - FAIL
@ 2016-02-09 13:40 osstest service owner
0 siblings, 0 replies; only message in thread
From: osstest service owner @ 2016-02-09 13:40 UTC (permalink / raw)
To: xen-devel, osstest-admin
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 17388 bytes --]
flight 81280 qemu-upstream-4.4-testing real [real]
http://logs.test-lab.xenproject.org/osstest/logs/81280/
Regressions :-(
Tests which did not succeed and are blocking,
including tests which could not be run:
test-amd64-i386-xl-qemuu-debianhvm-amd64 9 debian-hvm-install fail REGR. vs. 77834
test-amd64-amd64-qemuu-nested-intel 9 debian-hvm-install fail REGR. vs. 77834
test-amd64-amd64-xl-qemuu-debianhvm-amd64 9 debian-hvm-install fail REGR. vs. 77834
test-amd64-amd64-qemuu-nested-amd 9 debian-hvm-install fail REGR. vs. 77834
test-amd64-i386-freebsd10-i386 10 guest-start fail REGR. vs. 77834
test-amd64-i386-freebsd10-amd64 10 guest-start fail REGR. vs. 77834
test-amd64-i386-qemuu-rhel6hvm-intel 9 redhat-install fail REGR. vs. 77834
test-amd64-i386-qemuu-rhel6hvm-amd 9 redhat-install fail REGR. vs. 77834
test-amd64-amd64-xl-qemuu-winxpsp3 9 windows-install fail REGR. vs. 77834
test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 9 windows-install fail REGR. vs. 77834
test-amd64-amd64-xl-qemuu-win7-amd64 9 windows-install fail REGR. vs. 77834
test-amd64-i386-xl-qemuu-win7-amd64 9 windows-install fail REGR. vs. 77834
Regressions which are regarded as allowable (not blocking):
test-amd64-i386-xl-qemuu-ovmf-amd64 9 debian-hvm-install fail like 77618
test-amd64-amd64-xl-qemuu-ovmf-amd64 9 debian-hvm-install fail like 77618
Tests which did not succeed, but are not blocking:
test-amd64-i386-libvirt 12 migrate-support-check fail never pass
test-amd64-amd64-libvirt 12 migrate-support-check fail never pass
test-amd64-amd64-libvirt-vhd 11 migrate-support-check fail never pass
version targeted for testing:
qemuu 11ac1da95c4e8b2c9c627e0cbcaa50c90c298a1b
baseline version:
qemuu 2264b0c66075cc34c252a1386f019f8be6240890
Last test of basis 77834 2016-01-11 13:28:00 Z 29 days
Testing same since 80734 2016-02-05 15:19:13 Z 3 days 3 attempts
------------------------------------------------------------
People who touched revisions under test:
Gerd Hoffmann <kraxel@redhat.com>
Jason Wang <jasowang@redhat.com>
John Snow <jsnow@redhat.com>
Laszlo Ersek <lersek@redhat.com>
P J P <ppandit@redhat.com>
Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell <peter.maydell@linaro.org>
Prasad J Pandit <pjp@fedoraproject.org>
Roger Pau Monne <roger.pau@citrix.com>
Roger Pau Monné <roger.pau@citrix.com>
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
jobs:
build-amd64-xend pass
build-i386-xend pass
build-amd64 pass
build-i386 pass
build-amd64-libvirt pass
build-i386-libvirt pass
build-amd64-pvops pass
build-i386-pvops pass
test-amd64-amd64-xl pass
test-amd64-i386-xl pass
test-amd64-amd64-qemuu-nested-amd fail
test-amd64-i386-qemuu-rhel6hvm-amd fail
test-amd64-amd64-xl-qemuu-debianhvm-amd64 fail
test-amd64-i386-xl-qemuu-debianhvm-amd64 fail
test-amd64-i386-freebsd10-amd64 fail
test-amd64-amd64-xl-qemuu-ovmf-amd64 fail
test-amd64-i386-xl-qemuu-ovmf-amd64 fail
test-amd64-amd64-xl-qemuu-win7-amd64 fail
test-amd64-i386-xl-qemuu-win7-amd64 fail
test-amd64-amd64-xl-credit2 pass
test-amd64-i386-freebsd10-i386 fail
test-amd64-amd64-qemuu-nested-intel fail
test-amd64-i386-qemuu-rhel6hvm-intel fail
test-amd64-amd64-libvirt pass
test-amd64-i386-libvirt pass
test-amd64-amd64-xl-multivcpu pass
test-amd64-amd64-pair pass
test-amd64-i386-pair pass
test-amd64-amd64-libvirt-pair pass
test-amd64-i386-libvirt-pair pass
test-amd64-amd64-pv pass
test-amd64-i386-pv pass
test-amd64-amd64-amd64-pvgrub pass
test-amd64-amd64-i386-pvgrub pass
test-amd64-amd64-pygrub pass
test-amd64-amd64-xl-qcow2 pass
test-amd64-i386-xl-raw pass
test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 fail
test-amd64-amd64-libvirt-vhd pass
test-amd64-amd64-xl-qemuu-winxpsp3 fail
------------------------------------------------------------
sg-report-flight on osstest.test-lab.xenproject.org
logs: /home/logs/logs
images: /home/logs/images
Logs, config files, etc. are available at
http://logs.test-lab.xenproject.org/osstest/logs
Explanation of these reports, and of osstest in general, is at
http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master
http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master
Test harness code can be found at
http://xenbits.xen.org/gitweb?p=osstest.git;a=summary
Not pushing.
------------------------------------------------------------
commit 11ac1da95c4e8b2c9c627e0cbcaa50c90c298a1b
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri Nov 20 11:50:31 2015 +0530
net: pcnet: add check to validate receive data size(CVE-2015-7504)
In loopback mode, pcnet_receive routine appends CRC code to the
receive buffer. If the data size given is same as the buffer size,
the appended CRC code overwrites 4 bytes after s->buffer. Added a
check to avoid that.
Reported by: Qinghao Tang <luodalongde@gmail.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
commit 5e4b77ec2c43b3230c717e4470a7c89465fc87c5
Author: Jason Wang <jasowang@redhat.com>
Date: Mon Nov 30 15:00:06 2015 +0800
pcnet: fix rx buffer overflow(CVE-2015-7512)
Backends could provide a packet whose length is greater than buffer
size. Check for this and truncate the packet to avoid rx buffer
overflow in this case.
Cc: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
commit 6178660b8f4891bdf4810be5b9f9e9aabebda1ed
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon Dec 14 09:21:23 2015 +0100
ehci: make idt processing more robust
Make ehci_process_itd return an error in case we didn't do any actual
iso transfer because we've found no active transaction. That'll avoid
ehci happily run in circles forever if the guest builds a loop out of
idts.
This is CVE-2015-8558.
Cc: qemu-stable@nongnu.org
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Tested-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
commit 2600664a4e8d333290f01f0a957ea996e300bc6f
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon Jan 25 19:59:50 2016 +0530
exec: fix a glitch in checking dma r/w access
While checking r/w access in 'memory_access_is_direct' routine
a glitch in the expression leads to segmentation fault while
performing dma read operation.
Reported-by: Donghai Zdh <donghai.zdh@alibaba-inc.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
commit d08f9e6bfc8d15d1ac6377e4cfe48e1f4ef4d932
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed Jan 20 01:26:46 2016 +0530
usb: check page select value while processing iTD
While processing isochronous transfer descriptors(iTD), the page
select(PG) field value could lead to an OOB read access. Add
check to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
commit a37e0e9de748f58b793a83e5d680f474c640f87e
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri Jan 15 12:30:40 2016 +0530
net: cadence_gem: check packet size in gem_recieve
While receiving packets in 'gem_receive' routine, if Frame Check
Sequence(FCS) is enabled, it copies the packet into a local
buffer without checking its size. Add check to validate packet
length against the buffer size to avoid buffer overflow.
Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
commit cf39008ae613cea09b4dc2c0da3e1c68373936f5
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri Feb 5 13:58:20 2016 +0000
ide: ahci: reset ncq object to unused on error
When processing NCQ commands, AHCI device emulation prepares a
NCQ transfer object; To which an aio control block(aiocb) object
is assigned in 'execute_ncq_command'. In case, when the NCQ
command is invalid, the 'aiocb' object is not assigned, and NCQ
transfer object is left as 'used'. This leads to a use after
free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
Reset NCQ transfer object to 'unused' to avoid it.
[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
commit 8067f9c7ff1456e464640be558a03e1d198af78a
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu Dec 31 17:05:27 2015 +0530
net: ne2000: fix bounds check in ioport operations
While doing ioport r/w operations, ne2000 device emulation suffers
from OOB r/w errors. Update respective array bounds check to avoid
OOB access.
Reported-by: Ling Liu <liuling-it@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
commit 3a28ed2d1ca6e3204393350fa39833be896033d0
Author: P J P <ppandit@redhat.com>
Date: Mon Dec 21 15:13:13 2015 +0530
scsi: initialise info object with appropriate size
While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
commit 3f71820abe33f7f32c5983c6b88afc4a992e3c89
Author: P J P <ppandit@redhat.com>
Date: Tue Dec 15 12:27:54 2015 +0530
net: vmxnet3: avoid memory leakage in activate_device
Vmxnet3 device emulator does not check if the device is active
before activating it, also it did not free the transmit & receive
buffers while deactivating the device, thus resulting in memory
leakage on the host. This patch fixes both these issues to avoid
host memory leakage.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
commit 3d84bde9aa0d8af7c2b78b5c7737e76ed3f4b177
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu Dec 3 18:54:17 2015 +0530
ui: vnc: avoid floating point exception
While sending 'SetPixelFormat' messages to a VNC server,
the client could set the 'red-max', 'green-max' and 'blue-max'
values to be zero. This leads to a floating point exception in
write_png_palette while doing frame buffer updates.
Reported-by: Lian Yihan <lianyihan@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit e331500ea4e69ec8376b012d39aef2bcba84cb81
Author: Laszlo Ersek <lersek@redhat.com>
Date: Tue Jan 19 14:17:20 2016 +0100
e1000: eliminate infinite loops on out-of-bounds transfer start
The start_xmit() and e1000_receive_iov() functions implement DMA transfers
iterating over a set of descriptors that the guest's e1000 driver
prepares:
- the TDLEN and RDLEN registers store the total size of the descriptor
area,
- while the TDH and RDH registers store the offset (in whole tx / rx
descriptors) into the area where the transfer is supposed to start.
Each time a descriptor is processed, the TDH and RDH register is bumped
(as appropriate for the transfer direction).
QEMU already contains logic to deal with bogus transfers submitted by the
guest:
- Normally, the transmit case wants to increase TDH from its initial value
to TDT. (TDT is allowed to be numerically smaller than the initial TDH
value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
that QEMU currently has here is a check against reaching the original
TDH value again -- a complete wraparound, which should never happen.
- In the receive case RDH is increased from its initial value until
"total_size" bytes have been received; preferably in a single step, or
in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
RX descriptors are skipped without receiving data, while RDH is
incremented just the same. QEMU tries to prevent an infinite loop
(processing only null RX descriptors) by detecting whether RDH assumes
its original value during the loop. (Again, wrapping from RDLEN to 0 is
normal.)
What both directions miss is that the guest could program TDLEN and RDLEN
so low, and the initial TDH and RDH so high, that these registers will
immediately be truncated to zero, and then never reassume their initial
values in the loop -- a full wraparound will never occur.
The condition that expresses this is:
xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
i.e., TDH or RDH start out after the last whole rx or tx descriptor that
fits into the TDLEN or RDLEN sized area.
This condition could be checked before we enter the loops, but
pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
bogus DMA addresses, so we just extend the existing failsafes with the
above condition.
This is CVE-2016-1981.
upstream-commit-id: dd793a74882477ca38d49e191110c17dfee51dcc
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Prasad Pandit <ppandit@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
commit 7891bba284582bbf963f1bdcdaba334dcaa086c5
Author: Roger Pau Monne <roger.pau@citrix.com>
Date: Fri Nov 13 17:38:06 2015 +0000
xen: fix usage of xc_domain_create in domain builder
Due to the addition of HVMlite and the requirement to always provide a
valid xc_domain_configuration_t, xc_domain_create now always takes an arch
domain config, which can be NULL in order to mimic previous behaviour.
Add a small stub called xen_domain_create that encapsulates the correct
call to xc_domain_create depending on the libxc version detected.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-02-09 13:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-09 13:40 [qemu-upstream-4.4-testing test] 81280: regressions - FAIL osstest service owner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.