flight 114448 xen-4.9-testing real [real]
http://logs.test-lab.xenproject.org/osstest/logs/114448/

Regressions :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 build-amd64                   6 xen-build                fail REGR. vs. 114118
 build-amd64-pvops             6 kernel-build             fail REGR. vs. 114118

Tests which did not succeed, but are not blocking:
 test-amd64-i386-libvirt-qcow2  1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-debianhvm-amd64  1 build-check(1)        blocked n/a
 test-amd64-i386-freebsd10-i386  1 build-check(1)               blocked  n/a
 test-amd64-amd64-qemuu-nested-intel  1 build-check(1)              blocked n/a
 test-xtf-amd64-amd64-1        1 build-check(1)               blocked  n/a
 test-amd64-amd64-migrupgrade  1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemut-win10-i386  1 build-check(1)              blocked n/a
 test-amd64-amd64-xl-qemut-stubdom-debianhvm-amd64-xsm 1 build-check(1) blocked 
n/a
 test-amd64-i386-xl-qemuu-win10-i386  1 build-check(1)              blocked n/a
 test-amd64-amd64-xl-multivcpu  1 build-check(1)               blocked  n/a
 test-amd64-amd64-libvirt      1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemut-ws16-amd64  1 build-check(1)              blocked n/a
 test-amd64-amd64-xl-qemut-win10-i386  1 build-check(1)             blocked n/a
 test-amd64-i386-xl-qemut-debianhvm-amd64  1 build-check(1)         blocked n/a
 test-amd64-i386-qemut-rhel6hvm-intel  1 build-check(1)             blocked n/a
 test-amd64-i386-freebsd10-amd64  1 build-check(1)               blocked  n/a
 test-amd64-amd64-pair         1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-win10-i386  1 build-check(1)             blocked n/a
 test-amd64-amd64-xl-qemuu-win7-amd64  1 build-check(1)             blocked n/a
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 1 build-check(1) blocked n/a
 test-amd64-amd64-pygrub       1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-ws16-amd64  1 build-check(1)              blocked n/a
 test-amd64-amd64-xl-qcow2     1 build-check(1)               blocked  n/a
 test-amd64-amd64-amd64-pvgrub  1 build-check(1)               blocked  n/a
 test-xtf-amd64-amd64-2        1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemut-win7-amd64  1 build-check(1)             blocked n/a
 test-amd64-i386-xl-qemuu-debianhvm-amd64  1 build-check(1)         blocked n/a
 build-amd64-rumprun           1 build-check(1)               blocked  n/a
 test-amd64-i386-xl            1 build-check(1)               blocked  n/a
 test-amd64-i386-libvirt-pair  1 build-check(1)               blocked  n/a
 test-amd64-i386-livepatch     1 build-check(1)               blocked  n/a
 test-xtf-amd64-amd64-4        1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-ovmf-amd64  1 build-check(1)             blocked n/a
 test-amd64-amd64-libvirt-vhd  1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-credit2   1 build-check(1)               blocked  n/a
 build-amd64-libvirt           1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-debianhvm-amd64-xsm  1 build-check(1)    blocked n/a
 test-amd64-amd64-rumprun-amd64  1 build-check(1)               blocked  n/a
 test-xtf-amd64-amd64-3        1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-ovmf-amd64  1 build-check(1)              blocked n/a
 test-amd64-i386-xl-raw        1 build-check(1)               blocked  n/a
 test-amd64-amd64-i386-pvgrub  1 build-check(1)               blocked  n/a
 test-amd64-i386-qemuu-rhel6hvm-amd  1 build-check(1)               blocked n/a
 test-amd64-amd64-xl-qemut-ws16-amd64  1 build-check(1)             blocked n/a
 test-xtf-amd64-amd64-5        1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemuu-ws16-amd64  1 build-check(1)             blocked n/a
 test-amd64-amd64-libvirt-pair  1 build-check(1)               blocked  n/a
 test-amd64-i386-libvirt       1 build-check(1)               blocked  n/a
 test-amd64-amd64-libvirt-xsm  1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-xsm       1 build-check(1)               blocked  n/a
 test-amd64-i386-qemuu-rhel6hvm-intel  1 build-check(1)             blocked n/a
 test-amd64-i386-migrupgrade   1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemuu-win7-amd64  1 build-check(1)              blocked n/a
 test-amd64-amd64-xl           1 build-check(1)               blocked  n/a
 test-amd64-i386-pair          1 build-check(1)               blocked  n/a
 test-amd64-i386-rumprun-i386  1 build-check(1)               blocked  n/a
 test-amd64-amd64-qemuu-nested-amd  1 build-check(1)               blocked  n/a
 test-amd64-i386-xl-qemut-win7-amd64  1 build-check(1)              blocked n/a
 test-amd64-i386-qemut-rhel6hvm-amd  1 build-check(1)               blocked n/a
 test-amd64-amd64-livepatch    1 build-check(1)               blocked  n/a
 test-amd64-amd64-xl-qemut-debianhvm-amd64  1 build-check(1)        blocked n/a
 test-amd64-amd64-xl-qemut-debianhvm-amd64-xsm  1 build-check(1)    blocked n/a
 test-amd64-amd64-xl-rtds      1 build-check(1)               blocked  n/a
 test-amd64-i386-libvirt-xsm  13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-arndale  13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-arndale  14 saverestore-support-check    fail   never pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 11 migrate-support-check 
fail never pass
 test-armhf-armhf-xl          13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl          14 saverestore-support-check    fail   never pass
 test-armhf-armhf-xl-xsm      13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-xsm      14 saverestore-support-check    fail   never pass
 test-armhf-armhf-xl-cubietruck 13 migrate-support-check        fail never pass
 test-armhf-armhf-libvirt     13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-cubietruck 14 saverestore-support-check    fail never pass
 test-armhf-armhf-libvirt     14 saverestore-support-check    fail   never pass
 test-armhf-armhf-libvirt-xsm 13 migrate-support-check        fail   never pass
 test-armhf-armhf-libvirt-xsm 14 saverestore-support-check    fail   never pass
 test-armhf-armhf-xl-credit2  13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-credit2  14 saverestore-support-check    fail   never pass
 test-armhf-armhf-xl-multivcpu 13 migrate-support-check        fail  never pass
 test-armhf-armhf-xl-multivcpu 14 saverestore-support-check    fail  never pass
 test-armhf-armhf-libvirt-raw 12 migrate-support-check        fail   never pass
 test-armhf-armhf-libvirt-raw 13 saverestore-support-check    fail   never pass
 test-armhf-armhf-xl-rtds     13 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-rtds     14 saverestore-support-check    fail   never pass
 test-armhf-armhf-xl-vhd      12 migrate-support-check        fail   never pass
 test-armhf-armhf-xl-vhd      13 saverestore-support-check    fail   never pass

version targeted for testing:
 xen                  de38e28cc2cc62e6e9e4741403e4a8f6c07d8cfd
baseline version:
 xen                  9cde7a833db53c9c3a88b767af8c7cb07053a6fd

Last test of basis   114118  2017-10-08 03:30:54 Z    6 days
Failing since        114312  2017-10-11 00:44:07 Z    3 days    3 attempts
Testing same since   114448  2017-10-13 03:26:47 Z    1 days    1 attempts

------------------------------------------------------------
People who touched revisions under test:
  Andrew Cooper <andrew.coop...@citrix.com>
  George Dunlap <george.dun...@citrix.com>
  Jan Beulich <jbeul...@suse.com>
  Julien Grall <julien.gr...@arm.com>
  Stefano Stabellini <sstabell...@kernel.org>
  Tim Deegan <t...@xen.org>
  Vitaly Kuznetsov <vkuzn...@redhat.com>

jobs:
 build-amd64-xsm                                              pass    
 build-armhf-xsm                                              pass    
 build-i386-xsm                                               pass    
 build-amd64-xtf                                              pass    
 build-amd64                                                  fail    
 build-armhf                                                  pass    
 build-i386                                                   pass    
 build-amd64-libvirt                                          blocked 
 build-armhf-libvirt                                          pass    
 build-i386-libvirt                                           pass    
 build-amd64-prev                                             pass    
 build-i386-prev                                              pass    
 build-amd64-pvops                                            fail    
 build-armhf-pvops                                            pass    
 build-i386-pvops                                             pass    
 build-amd64-rumprun                                          blocked 
 build-i386-rumprun                                           pass    
 test-xtf-amd64-amd64-1                                       blocked 
 test-xtf-amd64-amd64-2                                       blocked 
 test-xtf-amd64-amd64-3                                       blocked 
 test-xtf-amd64-amd64-4                                       blocked 
 test-xtf-amd64-amd64-5                                       blocked 
 test-amd64-amd64-xl                                          blocked 
 test-armhf-armhf-xl                                          pass    
 test-amd64-i386-xl                                           blocked 
 test-amd64-amd64-xl-qemut-debianhvm-amd64-xsm                blocked 
 test-amd64-i386-xl-qemut-debianhvm-amd64-xsm                 pass    
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm           blocked 
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm            pass    
 test-amd64-amd64-xl-qemuu-debianhvm-amd64-xsm                blocked 
 test-amd64-i386-xl-qemuu-debianhvm-amd64-xsm                 pass    
 test-amd64-amd64-xl-qemut-stubdom-debianhvm-amd64-xsm        blocked 
 test-amd64-i386-xl-qemut-stubdom-debianhvm-amd64-xsm         pass    
 test-amd64-amd64-libvirt-xsm                                 blocked 
 test-armhf-armhf-libvirt-xsm                                 pass    
 test-amd64-i386-libvirt-xsm                                  pass    
 test-amd64-amd64-xl-xsm                                      blocked 
 test-armhf-armhf-xl-xsm                                      pass    
 test-amd64-i386-xl-xsm                                       pass    
 test-amd64-amd64-qemuu-nested-amd                            blocked 
 test-amd64-i386-qemut-rhel6hvm-amd                           blocked 
 test-amd64-i386-qemuu-rhel6hvm-amd                           blocked 
 test-amd64-amd64-xl-qemut-debianhvm-amd64                    blocked 
 test-amd64-i386-xl-qemut-debianhvm-amd64                     blocked 
 test-amd64-amd64-xl-qemuu-debianhvm-amd64                    blocked 
 test-amd64-i386-xl-qemuu-debianhvm-amd64                     blocked 
 test-amd64-i386-freebsd10-amd64                              blocked 
 test-amd64-amd64-xl-qemuu-ovmf-amd64                         blocked 
 test-amd64-i386-xl-qemuu-ovmf-amd64                          blocked 
 test-amd64-amd64-rumprun-amd64                               blocked 
 test-amd64-amd64-xl-qemut-win7-amd64                         blocked 
 test-amd64-i386-xl-qemut-win7-amd64                          blocked 
 test-amd64-amd64-xl-qemuu-win7-amd64                         blocked 
 test-amd64-i386-xl-qemuu-win7-amd64                          blocked 
 test-amd64-amd64-xl-qemut-ws16-amd64                         blocked 
 test-amd64-i386-xl-qemut-ws16-amd64                          blocked 
 test-amd64-amd64-xl-qemuu-ws16-amd64                         blocked 
 test-amd64-i386-xl-qemuu-ws16-amd64                          blocked 
 test-armhf-armhf-xl-arndale                                  pass    
 test-amd64-amd64-xl-credit2                                  blocked 
 test-armhf-armhf-xl-credit2                                  pass    
 test-armhf-armhf-xl-cubietruck                               pass    
 test-amd64-i386-freebsd10-i386                               blocked 
 test-amd64-i386-rumprun-i386                                 blocked 
 test-amd64-amd64-xl-qemut-win10-i386                         blocked 
 test-amd64-i386-xl-qemut-win10-i386                          blocked 
 test-amd64-amd64-xl-qemuu-win10-i386                         blocked 
 test-amd64-i386-xl-qemuu-win10-i386                          blocked 
 test-amd64-amd64-qemuu-nested-intel                          blocked 
 test-amd64-i386-qemut-rhel6hvm-intel                         blocked 
 test-amd64-i386-qemuu-rhel6hvm-intel                         blocked 
 test-amd64-amd64-libvirt                                     blocked 
 test-armhf-armhf-libvirt                                     pass    
 test-amd64-i386-libvirt                                      blocked 
 test-amd64-amd64-livepatch                                   blocked 
 test-amd64-i386-livepatch                                    blocked 
 test-amd64-amd64-migrupgrade                                 blocked 
 test-amd64-i386-migrupgrade                                  blocked 
 test-amd64-amd64-xl-multivcpu                                blocked 
 test-armhf-armhf-xl-multivcpu                                pass    
 test-amd64-amd64-pair                                        blocked 
 test-amd64-i386-pair                                         blocked 
 test-amd64-amd64-libvirt-pair                                blocked 
 test-amd64-i386-libvirt-pair                                 blocked 
 test-amd64-amd64-amd64-pvgrub                                blocked 
 test-amd64-amd64-i386-pvgrub                                 blocked 
 test-amd64-amd64-pygrub                                      blocked 
 test-amd64-i386-libvirt-qcow2                                blocked 
 test-amd64-amd64-xl-qcow2                                    blocked 
 test-armhf-armhf-libvirt-raw                                 pass    
 test-amd64-i386-xl-raw                                       blocked 
 test-amd64-amd64-xl-rtds                                     blocked 
 test-armhf-armhf-xl-rtds                                     pass    
 test-amd64-amd64-libvirt-vhd                                 blocked 
 test-armhf-armhf-xl-vhd                                      pass    


------------------------------------------------------------
sg-report-flight on osstest.test-lab.xenproject.org
logs: /home/logs/logs
images: /home/logs/images

Logs, config files, etc. are available at
    http://logs.test-lab.xenproject.org/osstest/logs

Explanation of these reports, and of osstest in general, is at
    http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master
    http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master

Test harness code can be found at
    http://xenbits.xen.org/gitweb?p=osstest.git;a=summary


Not pushing.

------------------------------------------------------------
commit de38e28cc2cc62e6e9e4741403e4a8f6c07d8cfd
Author: Andrew Cooper <andrew.coop...@citrix.com>
Date:   Thu Oct 12 15:08:34 2017 +0200

    x86/cpu: Fix IST handling during PCPU bringup
    
    Clear IST references in newly allocated IDTs.  Nothing good will come of
    having them set before the TSS is suitably constructed (although the chances
    of the CPU surviving such an IST interrupt/exception is extremely slim).
    
    Uniformly set the IST references after the TSS is in place.  This fixes an
    issue on AMD hardware, where onlining a PCPU while PCPU0 is in HVM context
    will cause IST_NONE to be copied into the new IDT, making that PCPU 
vulnerable
    to privilege escalation from PV guests until it subsequently schedules an 
HVM
    guest.
    
    This is XSA-244.
    
    Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
    Reviewed-by: Jan Beulich <jbeul...@suse.com>
    master commit: cc08c73c8c1f5ba5ed0f8274548db6725e1c3157
    master date: 2017-10-12 14:50:31 +0200

commit 7fe0a245286d4c38c5913f5642b0955096dc6135
Author: Andrew Cooper <andrew.coop...@citrix.com>
Date:   Thu Oct 12 15:08:05 2017 +0200

    x86/shadow: Don't create self-linear shadow mappings for 4-level translated 
guests
    
    When initially creating a monitor table for 4-level translated guests, don't
    install a shadow-linear mapping.  This mapping is actually self-linear, and
    trips up the writeable heuristic logic into following Xen's mappings, not 
the
    guests' shadows it was expecting to follow.
    
    A consequence of this is that sh_guess_wrmap() needs to cope with there 
being
    no shadow-linear mapping present, which in practice occurs once each time a
    vcpu switches to 4-level paging from a different paging mode.
    
    An appropriate shadow-linear slot will be inserted into the monitor table
    either while constructing lower level monitor tables, or by sh_update_cr3().
    
    While fixing this, clarify the safety of the other mappings.  Despite
    appearing unsafe, it is correct to create a guest-linear mapping for
    translated domains; this is self-linear and doesn't point into the 
translated
    domain.  Drop a dead clause for translate != external guests.
    
    This is XSA-243.
    
    Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
    Acked-by: Tim Deegan <t...@xen.org>
    master commit: bf2b4eadcf379d0361b38de9725ea5f7a18a5205
    master date: 2017-10-12 14:50:07 +0200

commit a2af47d9ebbf3aa0fc80f697b37df878242f36f6
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:07:28 2017 +0200

    x86: don't allow page_unlock() to drop the last type reference
    
    Only _put_page_type() does the necessary cleanup, and hence not all
    domain pages can be released during guest cleanup (leaving around
    zombie domains) if we get this wrong.
    
    This is XSA-242.
    
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    master commit: 6410733a8a0dff2fe581338ff631670cf91889db
    master date: 2017-10-12 14:49:46 +0200

commit 61a2d314813f9c142b5965da2f5f8684b123afb8
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:06:55 2017 +0200

    x86: don't store possibly stale TLB flush time stamp
    
    While the timing window is extremely narrow, it is theoretically
    possible for an update to the TLB flush clock and a subsequent flush
    IPI to happen between the read and write parts of the update of the
    per-page stamp. Exclude this possibility by disabling interrupts
    across the update, preventing the IPI to be serviced in the middle.
    
    This is XSA-241.
    
    Reported-by: Jann Horn <ja...@google.com>
    Suggested-by: George Dunlap <george.dun...@citrix.com>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Reviewed-by: George Dunlap <george.dun...@citrix.com>
    master commit: 23a183607a427572185fc51c76cc5ab11c00c4cc
    master date: 2017-10-12 14:48:25 +0200

commit c2b0a92d23a5b884879f8e86a629a297427dd71d
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:06:12 2017 +0200

    x86: limit linear page table use to a single level
    
    That's the only way that they're meant to be used. Without such a
    restriction arbitrarily long chains of same-level page tables can be
    built, tearing down of which may then cause arbitrarily deep recursion,
    causing a stack overflow. To facilitate this restriction, a counter is
    being introduced to track both the number of same-level entries in a
    page table as well as the number of uses of a page table in another
    same-level one (counting into positive and negative direction
    respectively, utilizing the fact that both counts can't be non-zero at
    the same time).
    
    Note that the added accounting introduces a restriction on the number
    of times a page can be used in other same-level page tables - more than
    32k of such uses are no longer possible.
    
    Note also that some put_page_and_type[_preemptible]() calls are
    replaced with open-coded equivalents.  This seemed preferrable to
    adding "parent_table" to the matrix of functions.
    
    Note further that cross-domain same-level page table references are no
    longer permitted (they probably never should have been).
    
    This is XSA-240.
    
    Reported-by: Jann Horn <ja...@google.com>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Signed-off-by: George Dunlap <george.dun...@citrix.com>
    master commit: 6987fc7558bdbab8119eabf026e3cdad1053f0e5
    master date: 2017-10-12 14:44:34 +0200

commit d8426300dbdc06ba77f97a60ada018b37aea5ad1
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:05:44 2017 +0200

    x86/HVM: prefill partially used variable on emulation paths
    
    Certain handlers ignore the access size (vioapic_write() being the
    example this was found with), perhaps leading to subsequent reads
    seeing data that wasn't actually written by the guest. For
    consistency and extra safety also do this on the read path of
    hvm_process_io_intercept(), even if this doesn't directly affect what
    guests get to see, as we've supposedly already dealt with read handlers
    leaving data completely unitialized.
    
    This is XSA-239.
    
    Reported-by: Roger Pau Monné <roger....@citrix.com>
    Reviewed-by: Roger Pau Monné <roger....@citrix.com>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    master commit: 0d4732ac29b63063764c29fa3bd8946daf67d6f3
    master date: 2017-10-12 14:43:26 +0200

commit ef61bcff39d907fede18aecc57651bd2beed789a
Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
Date:   Thu Oct 12 15:04:56 2017 +0200

    x86/ioreq server: correctly handle bogus 
XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    
    Misbehaving device model can pass incorrect XEN_DMOP_map/
    unmap_io_range_to_ioreq_server arguments, namely end < start when
    specifying address range. When this happens we hit ASSERT(s <= e) in
    rangeset_contains_range()/rangeset_overlaps_range() with debug builds.
    Production builds will not trap right away but may misbehave later
    while handling such bogus ranges.
    
    This is XSA-238.
    
    Signed-off-by: Vitaly Kuznetsov <vkuzn...@redhat.com>
    Reviewed-by: Jan Beulich <jbeul...@suse.com>
    master commit: d59e55b018cfb79d0c4f794041aff4fe1cd0d570
    master date: 2017-10-12 14:43:02 +0200

commit 44ceb192b50d48398dfd9e3b83870b872f507473
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:04:27 2017 +0200

    x86/FLASK: fix unmap-domain-IRQ XSM hook
    
    The caller and the FLASK implementation of xsm_unmap_domain_irq()
    disagreed about what the "data" argument points to in the MSI case:
    Change both sides to pass/take a PCI device.
    
    This is part of XSA-237.
    
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
    master commit: 6f17f5c43a3bd28d27ed8133b2bf513e2eab7d59
    master date: 2017-10-12 14:37:56 +0200

commit ae454429648edfa2d3c17082fcded405a6cc4dcc
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:03:53 2017 +0200

    x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
    
    Mappings that had been set up before should not be torn down when
    handling unrelated errors.
    
    This is part of XSA-237.
    
    Reported-by: HW42 <h...@ipsumj.de>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Reviewed-by: George Dunlap <george.dun...@citrix.com>
    master commit: 573ac7b22aba9e5b8d40d9cdccd744af57cd5928
    master date: 2017-10-12 14:37:26 +0200

commit 784afd92e9e8e32e840a88e7571532cba2494ef5
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:03:26 2017 +0200

    x86/MSI: disallow redundant enabling
    
    At the moment, Xen attempts to allow redundant enabling of MSI by
    having pci_enable_msi() return 0, and point to the existing MSI
    descriptor, when the msi already exists.
    
    Unfortunately, if subsequent errors are encountered, the cleanup
    paths assume pci_enable_msi() had done full initialization, and
    hence undo everything that was assumed to be done by that
    function without also undoing other setup that would normally
    occur only after that function was called (in map_domain_pirq()
    itself).
    
    Rather than try to make the redundant enabling case work properly, just
    forbid it entirely by having pci_enable_msi() return -EEXIST when MSI
    is already set up.
    
    This is part of XSA-237.
    
    Reported-by: HW42 <h...@ipsumj.de>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
    Reviewed-by: George Dunlap <george.dun...@citrix.com>
    master commit: a46126fec20e0cf4f5442352ef45efaea8c89646
    master date: 2017-10-12 14:36:58 +0200

commit 22032b2d7e339cf8aecc5302ab49f9d9d15360f3
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:02:54 2017 +0200

    x86: enforce proper privilege when (un)mapping pIRQ-s
    
    (Un)mapping of IRQs, just like other RESOURCE__ADD* / RESOURCE__REMOVE*
    actions (in FLASK terms) should be XSM_DM_PRIV rather than XSM_TARGET.
    This in turn requires bypassing the XSM check in physdev_unmap_pirq()
    for the HVM emuirq case just like is being done in physdev_map_pirq().
    The primary goal security wise, however, is to no longer allow HVM
    guests, by specifying their own domain ID instead of DOMID_SELF, to
    enter code paths intended for PV guest and the control domains of HVM
    guests only.
    
    This is part of XSA-237.
    
    Reported-by: HW42 <h...@ipsumj.de>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Reviewed-by: George Dunlap <george.dun...@citrix.com>
    master commit: db72faf69c94513e180568006a9d899ed422ff90
    master date: 2017-10-12 14:36:30 +0200

commit 58da67fb92b85598e0cd7e88adff14b0d7ffa05a
Author: Jan Beulich <jbeul...@suse.com>
Date:   Thu Oct 12 15:02:08 2017 +0200

    x86: don't allow MSI pIRQ mapping on unowned device
    
    MSI setup should be permitted only for existing devices owned by the
    respective guest (the operation may still be carried out by the domain
    controlling that guest).
    
    This is part of XSA-237.
    
    Reported-by: HW42 <h...@ipsumj.de>
    Signed-off-by: Jan Beulich <jbeul...@suse.com>
    Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
    master commit: 3308374b1be7d43e23bd2e9eaf23ec06d7959882
    master date: 2017-10-12 14:35:14 +0200

commit d1b64ccd9694c32e6b499d8380507c22dcdef4e1
Author: Julien Grall <julien.gr...@arm.com>
Date:   Thu Sep 14 16:39:01 2017 +0100

    xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken
    
    *_mapped_gfn are currently read before acquiring the lock. However, they
    may be modified by the p2m code before the lock was acquired. This means
    we will use the wrong values.
    
    Fix it by moving the read inside the section protected by the p2m lock.
    
    Signed-off-by: Julien Grall <julien.gr...@arm.com>
    Reviewed-by: Stefano Stabellini <sstabell...@kernel.org>
    Signed-off-by: Stefano Stabellini <sstabell...@kernel.org>
    (cherry picked from commit 2c2ae1976da06283e923d97720c0bdcbebf04515)
(qemu changes not included)

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to