* [qemu-upstream-4.4-testing baseline-only test] 44411: tolerable FAIL
@ 2016-05-13 4:34 Platform Team regression test user
0 siblings, 0 replies; only message in thread
From: Platform Team regression test user @ 2016-05-13 4:34 UTC (permalink / raw)
To: xen-devel, osstest-admin
This run is configured for baseline tests only.
flight 44411 qemu-upstream-4.4-testing real [real]
http://osstest.xs.citrite.net/~osstest/testlogs/logs/44411/
Failures :-/ but no regressions.
Regressions which are regarded as allowable (not blocking):
test-amd64-amd64-xl-credit2 19 guest-start/debian.repeat fail blocked in 44171
test-amd64-amd64-pv 17 guest-localmigrate/x10 fail blocked in 44171
Tests which did not succeed, but are not blocking:
test-amd64-amd64-libvirt 12 migrate-support-check fail never pass
test-amd64-amd64-qemuu-nested-amd 16 debian-hvm-install/l1/l2 fail never pass
test-amd64-amd64-qemuu-nested-intel 16 debian-hvm-install/l1/l2 fail never pass
test-amd64-amd64-libvirt-vhd 11 migrate-support-check fail never pass
test-amd64-i386-libvirt 12 migrate-support-check fail never pass
test-amd64-i386-xl-qemuu-win7-amd64 16 guest-stop fail never pass
test-amd64-amd64-xl-qemuu-win7-amd64 16 guest-stop fail never pass
version targeted for testing:
qemuu a2fd7eba04d4c69e4ee18a43eb6cf32aaffb3c98
baseline version:
qemuu 16169ab825a03262cd66382dc0b02caa0dbd636a
Last test of basis 44171 2016-02-26 11:55:40 Z 76 days
Testing same since 44411 2016-05-12 23:20:28 Z 0 days 1 attempts
------------------------------------------------------------
People who touched revisions under test:
Gerd Hoffmann <kraxel@redhat.com>
Stefano Stabellini <sstabellini@kernel.org>
jobs:
build-amd64-xend pass
build-i386-xend pass
build-amd64 pass
build-i386 pass
build-amd64-libvirt pass
build-i386-libvirt pass
build-amd64-pvops pass
build-i386-pvops pass
test-amd64-amd64-xl pass
test-amd64-i386-xl pass
test-amd64-amd64-qemuu-nested-amd fail
test-amd64-i386-qemuu-rhel6hvm-amd pass
test-amd64-amd64-xl-qemuu-debianhvm-amd64 pass
test-amd64-i386-xl-qemuu-debianhvm-amd64 pass
test-amd64-i386-freebsd10-amd64 pass
test-amd64-amd64-xl-qemuu-ovmf-amd64 pass
test-amd64-i386-xl-qemuu-ovmf-amd64 pass
test-amd64-amd64-xl-qemuu-win7-amd64 fail
test-amd64-i386-xl-qemuu-win7-amd64 fail
test-amd64-amd64-xl-credit2 fail
test-amd64-i386-freebsd10-i386 pass
test-amd64-amd64-qemuu-nested-intel fail
test-amd64-i386-qemuu-rhel6hvm-intel pass
test-amd64-amd64-libvirt pass
test-amd64-i386-libvirt pass
test-amd64-amd64-xl-multivcpu pass
test-amd64-amd64-pair pass
test-amd64-i386-pair pass
test-amd64-amd64-libvirt-pair pass
test-amd64-i386-libvirt-pair pass
test-amd64-amd64-pv fail
test-amd64-i386-pv pass
test-amd64-amd64-amd64-pvgrub pass
test-amd64-amd64-i386-pvgrub pass
test-amd64-amd64-pygrub pass
test-amd64-amd64-xl-qcow2 pass
test-amd64-i386-xl-raw pass
test-amd64-i386-xl-qemuu-winxpsp3-vcpus1 pass
test-amd64-amd64-libvirt-vhd pass
test-amd64-amd64-xl-qemuu-winxpsp3 pass
------------------------------------------------------------
sg-report-flight on osstest.xs.citrite.net
logs: /home/osstest/logs
images: /home/osstest/images
Logs, config files, etc. are available at
http://osstest.xs.citrite.net/~osstest/testlogs/logs
Test harness code can be found at
http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary
Push not applicable.
------------------------------------------------------------
commit a2fd7eba04d4c69e4ee18a43eb6cf32aaffb3c98
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue Apr 26 14:48:06 2016 +0200
vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
Call vbe_update_vgaregs() when the guest touches GFX, SEQ or CRT
registers, to make sure the vga registers will always have the
values needed by vbe mode. This makes sure the sanity checks
applied by vbe_fixup_regs() are effective.
Without this guests can muck with shift_control, can turn on planar
vga modes or text mode emulation while VBE is active, making qemu
take code paths meant for CGA compatibility, but with the very
large display widths and heigts settable using VBE registers.
Which is good for one or another buffer overflow. Not that
critical as they typically read overflows happening somewhere
in the display code. So guests can DoS by crashing qemu with a
segfault, but it is probably not possible to break out of the VM.
upstream-commit-id: fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7
Fixes: CVE-2016-3712
Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
Reported-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
commit af973cb46a7883d102d53bcf8cf96f7ec1a3eaf4
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue Apr 26 15:39:22 2016 +0200
vga: update vga register setup on vbe changes
Call the new vbe_update_vgaregs() function on vbe configuration
changes, to make sure vga registers are up-to-date.
upstream-commit-id: 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
commit eb3b47943a27152b0ff62a6a8736648304139029
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue Apr 26 15:24:18 2016 +0200
vga: factor out vga register setup
When enabling vbe mode qemu will setup a bunch of vga registers to make
sure the vga emulation operates in correct mode for a linear
framebuffer. Move that code to a separate function so we can call it
from other places too.
upstream-commit-id: 7fa5c2c5dc9f9bf878c1e8669eb9644d70a71e71
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
commit 915674299f076729dd4f392b907fa6e59377dcf2
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue Apr 26 14:11:34 2016 +0200
vga: add vbe_enabled() helper
Makes code a bit easier to read.
upstream-commit-id: bfa0f151a564a83b5a26f3e917da98674bf3cf62
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
commit f5491c3d32f417a65fc15c241705fc0e00834bca
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue Apr 26 08:49:10 2016 +0200
vga: fix banked access bounds checking (CVE-2016-3710)
vga allows banked access to video memory using the window at 0xa00000
and it supports a different access modes with different address
calculations.
The VBE bochs extentions support banked access too, using the
VBE_DISPI_INDEX_BANK register. The code tries to take the different
address calculations into account and applies different limits to
VBE_DISPI_INDEX_BANK depending on the current access mode.
Which is probably effective in stopping misprogramming by accident.
But from a security point of view completely useless as an attacker
can easily change access modes after setting the bank register.
Drop the bogus check, add range checks to vga_mem_{readb,writeb}
instead.
upstream-commit-id: 3bf1817079bb0d80c0d8a86a7c7dd0bfe90eb82e
Fixes: CVE-2016-3710
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-05-13 4:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-13 4:34 [qemu-upstream-4.4-testing baseline-only test] 44411: tolerable FAIL Platform Team regression test user
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).