Merge remote-tracking branch 'origin/f22' into f22-user-thl-vanilla-fedorakernel-4.4.12-200.vanilla.knurd.1.fc22

3 files changed, 5 insertions, 57 deletions

diff --git a/KVM-MTRR-remove-MSR-0x2f8.patch b/KVM-MTRR-remove-MSR-0x2f8.patch
deleted file mode 100644
index 8066b2e8f..000000000
--- a/KVM-MTRR-remove-MSR-0x2f8.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From bb0f06280beb6507226627a85076ae349a23fe22 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
-Date: Mon, 16 May 2016 09:45:35 -0400
-Subject: [PATCH] KVM: MTRR: remove MSR 0x2f8
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-MSR 0x2f8 accessed the 124th Variable Range MTRR ever since MTRR support
-was introduced by 9ba075a664df ("KVM: MTRR support").
-
-0x2f8 became harmful when 910a6aae4e2e ("KVM: MTRR: exactly define the
-size of variable MTRRs") shrinked the array of VR MTRRs from 256 to 8,
-which made access to index 124 out of bounds.  The surrounding code only
-WARNs in this situation, thus the guest gained a limited read/write
-access to struct kvm_arch_vcpu.
-
-0x2f8 is not a valid VR MTRR MSR, because KVM has/advertises only 16 VR
-MTRR MSRs, 0x200-0x20f.  Every VR MTRR is set up using two MSRs, 0x2f8
-was treated as a PHYSBASE and 0x2f9 would be its PHYSMASK, but 0x2f9 was
-not implemented in KVM, therefore 0x2f8 could never do anything useful
-and getting rid of it is safe.
-
-This fixes CVE-2016-TBD.
-
-Fixes: 910a6aae4e2e ("KVM: MTRR: exactly define the size of variable MTRRs")
-Cc: stable@vger.kernel.org
-Reported-by: David Matlack <dmatlack@google.com>
-Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
----
- arch/x86/kvm/mtrr.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
-index 3f8c732117ec..c146f3c262c3 100644
---- a/arch/x86/kvm/mtrr.c
-+++ b/arch/x86/kvm/mtrr.c
-@@ -44,8 +44,6 @@ static bool msr_mtrr_valid(unsigned msr)
- 	case MSR_MTRRdefType:
- 	case MSR_IA32_CR_PAT:
- 		return true;
--	case 0x2f8:
--		return true;
- 	}
- 	return false;
- }
--- 
-2.5.5
-
diff --git a/kernel.spec b/kernel.spec
index 764f477c9..cafcedf3a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -58,7 +58,7 @@ Summary: The Linux kernel
 %define stable_rc 0
 
 # Do we have a -stable update to apply?
-%define stable_update 11
+%define stable_update 12
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -666,9 +666,6 @@ Patch716: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch
 #CVE-2016-0758 rhbz 1300257 1335386
 Patch717: KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch
 
-#CVE-2016-3713 rhbz 1332139 1336410
-Patch718: KVM-MTRR-remove-MSR-0x2f8.patch
-
 #CVE-2016-4951 rhbz 1338625 1338626
 Patch720: tipc-check-nl-sock-before-parsing-nested-attributes.patch
 
@@ -1383,9 +1380,6 @@ ApplyPatch ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch
 #CVE-2016-0758 rhbz 1300257 1335386
 ApplyPatch KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch
 
-#CVE-2016-3713 rhbz 1332139 1336410
-ApplyPatch KVM-MTRR-remove-MSR-0x2f8.patch
-
 #CVE-2016-4951 rhbz 1338625 1338626
 ApplyPatch tipc-check-nl-sock-before-parsing-nested-attributes.patch
 
@@ -2238,6 +2232,9 @@ fi
 #
 # 
 %changelog
+* Wed Jun 01 2016 Laura Abbott <labbott@fedoraproject.org> - 4.4.12-200
+- Linux v4.4.12
+
 * Mon May 23 2016 Laura Abbott <labbott@fedoraproject.org> - 4.4.11-200
 - Linux v4.4.11
 - Actually apply one patch
diff --git a/sources b/sources
index 288997114..631ce0fc5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 9a78fa2eb6c68ca5a40ed5af08142599  linux-4.4.tar.xz
 dcbc8fe378a676d5d0dd208cf524e144  perf-man-4.4.tar.gz
-5c1d328f03aaafb9cf7fdc442468c348  patch-4.4.11.xz
+80d71a51152029a3f2fe99ba94548009  patch-4.4.12.xz