flight 95350 qemu-upstream-4.3-testing real [real]
http://logs.test-lab.xenproject.org/osstest/logs/95350/

Failures and problems with tests :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 build-amd64                   3 host-install(3)         broken REGR. vs. 80927
 build-i386-pvops              3 host-install(3)         broken REGR. vs. 80927
 build-i386                    3 host-install(3)         broken REGR. vs. 80927
 build-amd64-pvops             3 host-install(3)         broken REGR. vs. 80927

Tests which did not succeed, but are not blocking:
 test-amd64-amd64-xl-qemuu-debianhvm-amd64  1 build-check(1)        blocked n/a
 build-amd64-libvirt           1 build-check(1)               blocked  n/a
 test-amd64-amd64-i386-pvgrub  1 build-check(1)               blocked  n/a
 test-amd64-i386-libvirt       1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1  1 build-check(1)         blocked n/a
 test-amd64-i386-xl-raw        1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-win7-amd64  1 build-check(1)              blocked n/a
 test-amd64-amd64-xl-credit2   1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-ovmf-amd64  1 build-check(1)             blocked n/a
 build-i386-libvirt            1 build-check(1)               blocked  n/a
 test-amd64-i386-pair          1 build-check(1)               blocked  n/a
 test-amd64-i386-freebsd10-i386  1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-multivcpu  1 build-check(1)               blocked  n/a
 test-amd64-i386-freebsd10-amd64  1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-win7-amd64  1 build-check(1)             blocked n/a
 test-amd64-amd64-pygrub       1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-winxpsp3  1 build-check(1)               blocked n/a
 test-amd64-amd64-xl-qcow2     1 build-check(1)               blocked  n/a
 test-amd64-amd64-amd64-pvgrub  1 build-check(1)               blocked  n/a
 test-amd64-amd64-libvirt      1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl           1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-debianhvm-amd64  1 build-check(1)         blocked n/a
 test-amd64-i386-xl-qemuu-ovmf-amd64  1 build-check(1)              blocked n/a
 test-amd64-i386-qemuu-rhel6hvm-intel  1 build-check(1)             blocked n/a
 test-amd64-i386-xl            1 build-check(1)               blocked  n/a
 test-amd64-i386-qemuu-rhel6hvm-amd  1 build-check(1)               blocked n/a
 test-amd64-i386-pv            1 build-check(1)               blocked  n/a
 test-amd64-amd64-libvirt-vhd  1 build-check(1)               blocked  n/a
 test-amd64-amd64-pair         1 build-check(1)               blocked  n/a
 test-amd64-amd64-pv           1 build-check(1)               blocked  n/a

version targeted for testing:
 qemuu                c97c20f71240a538a19cb6b0e598bc1bbd5168f1
baseline version:
 qemuu                10c1b763c26feb645627a1639e722515f3e1e876

Last test of basis    80927  2016-02-06 13:30:02 Z  121 days
Testing same since    93977  2016-05-10 11:09:16 Z   27 days  116 attempts

------------------------------------------------------------
People who touched revisions under test:
  Gerd Hoffmann <kra...@redhat.com>
  Stefano Stabellini <sstabell...@kernel.org>

jobs:
 build-amd64                                                  broken  
 build-i386                                                   broken  
 build-amd64-libvirt                                          blocked 
 build-i386-libvirt                                           blocked 
 build-amd64-pvops                                            broken  
 build-i386-pvops                                             broken  
 test-amd64-amd64-xl                                          blocked 
 test-amd64-i386-xl                                           blocked 
 test-amd64-i386-qemuu-rhel6hvm-amd                           blocked 
 test-amd64-amd64-xl-qemuu-debianhvm-amd64                    blocked 
 test-amd64-i386-xl-qemuu-debianhvm-amd64                     blocked 
 test-amd64-i386-freebsd10-amd64                              blocked 
 test-amd64-amd64-xl-qemuu-ovmf-amd64                         blocked 
 test-amd64-i386-xl-qemuu-ovmf-amd64                          blocked 
 test-amd64-amd64-xl-qemuu-win7-amd64                         blocked 
 test-amd64-i386-xl-qemuu-win7-amd64                          blocked 
 test-amd64-amd64-xl-credit2                                  blocked 
 test-amd64-i386-freebsd10-i386                               blocked 
 test-amd64-i386-qemuu-rhel6hvm-intel                         blocked 
 test-amd64-amd64-libvirt                                     blocked 
 test-amd64-i386-libvirt                                      blocked 
 test-amd64-amd64-xl-multivcpu                                blocked 
 test-amd64-amd64-pair                                        blocked 
 test-amd64-i386-pair                                         blocked 
 test-amd64-amd64-pv                                          blocked 
 test-amd64-i386-pv                                           blocked 
 test-amd64-amd64-amd64-pvgrub                                blocked 
 test-amd64-amd64-i386-pvgrub                                 blocked 
 test-amd64-amd64-pygrub                                      blocked 
 test-amd64-amd64-xl-qcow2                                    blocked 
 test-amd64-i386-xl-raw                                       blocked 
 test-amd64-i386-xl-qemuu-winxpsp3-vcpus1                     blocked 
 test-amd64-amd64-libvirt-vhd                                 blocked 
 test-amd64-amd64-xl-qemuu-winxpsp3                           blocked 


------------------------------------------------------------
sg-report-flight on osstest.test-lab.xenproject.org
logs: /home/logs/logs
images: /home/logs/images

Logs, config files, etc. are available at
    http://logs.test-lab.xenproject.org/osstest/logs

Explanation of these reports, and of osstest in general, is at
    http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master
    http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master

Test harness code can be found at
    http://xenbits.xen.org/gitweb?p=osstest.git;a=summary

broken-step build-amd64 host-install(3)
broken-step build-i386-pvops host-install(3)
broken-step build-i386 host-install(3)
broken-step build-amd64-pvops host-install(3)

Not pushing.

------------------------------------------------------------
commit c97c20f71240a538a19cb6b0e598bc1bbd5168f1
Author: Gerd Hoffmann <kra...@redhat.com>
Date:   Wed May 4 17:43:36 2016 +0100

    vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
    
    Call vbe_update_vgaregs() when the guest touches GFX, SEQ or CRT
    registers, to make sure the vga registers will always have the
    values needed by vbe mode.  This makes sure the sanity checks
    applied by vbe_fixup_regs() are effective.
    
    Without this guests can muck with shift_control, can turn on planar
    vga modes or text mode emulation while VBE is active, making qemu
    take code paths meant for CGA compatibility, but with the very
    large display widths and heigts settable using VBE registers.
    
    Which is good for one or another buffer overflow.  Not that
    critical as they typically read overflows happening somewhere
    in the display code.  So guests can DoS by crashing qemu with a
    segfault, but it is probably not possible to break out of the VM.
    
    upstream-commit-id: fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7
    
    Fixes: CVE-2016-3712
    Reported-by: Zuozhi Fzz <zuozhi....@alibaba-inc.com>
    Reported-by: P J P <ppan...@redhat.com>
    Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
    Signed-off-by: Stefano Stabellini <sstabell...@kernel.org>

commit 5ee8a0795e9656b370e9f67b6acea2f2690a1aca
Author: Gerd Hoffmann <kra...@redhat.com>
Date:   Wed May 4 17:42:59 2016 +0100

    vga: update vga register setup on vbe changes
    
    Call the new vbe_update_vgaregs() function on vbe configuration
    changes, to make sure vga registers are up-to-date.
    
    upstream-commit-id: 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4
    
    Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
    Signed-off-by: Stefano Stabellini <sstabell...@kernel.org>

commit 7073ff0127babd7d8b35326cf50753b337b23bb0
Author: Gerd Hoffmann <kra...@redhat.com>
Date:   Wed May 4 17:42:24 2016 +0100

    vga: factor out vga register setup
    
    When enabling vbe mode qemu will setup a bunch of vga registers to make
    sure the vga emulation operates in correct mode for a linear
    framebuffer.  Move that code to a separate function so we can call it
    from other places too.
    
    upstream-commit-id: 7fa5c2c5dc9f9bf878c1e8669eb9644d70a71e71
    
    Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
    Signed-off-by: Stefano Stabellini <sstabell...@kernel.org>

commit 856e1ebb1fcc44856ef682e31295310a29e66ffd
Author: Gerd Hoffmann <kra...@redhat.com>
Date:   Wed May 4 17:41:39 2016 +0100

    vga: add vbe_enabled() helper
    
    Makes code a bit easier to read.
    
    upstream-commit-id: bfa0f151a564a83b5a26f3e917da98674bf3cf62
    
    Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
    Signed-off-by: Stefano Stabellini <sstabell...@kernel.org>

commit cae20a4a923c292158080bf538d7583fc2e1b455
Author: Gerd Hoffmann <kra...@redhat.com>
Date:   Wed May 4 17:40:58 2016 +0100

    vga: fix banked access bounds checking (CVE-2016-3710)
    
    vga allows banked access to video memory using the window at 0xa00000
    and it supports a different access modes with different address
    calculations.
    
    The VBE bochs extentions support banked access too, using the
    VBE_DISPI_INDEX_BANK register.  The code tries to take the different
    address calculations into account and applies different limits to
    VBE_DISPI_INDEX_BANK depending on the current access mode.
    
    Which is probably effective in stopping misprogramming by accident.
    But from a security point of view completely useless as an attacker
    can easily change access modes after setting the bank register.
    
    Drop the bogus check, add range checks to vga_mem_{readb,writeb}
    instead.
    
    upstream-commit-id: 3bf1817079bb0d80c0d8a86a7c7dd0bfe90eb82e
    
    Fixes: CVE-2016-3710
    Reported-by: Qinghao Tang <luodalon...@gmail.com>
    Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
    Signed-off-by: Stefano Stabellini <sstabell...@kernel.org>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to