diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-06-02 07:46:51 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-06-02 07:46:51 +0200 |
commit | 87427b8ffdf09840cb5d84ebbe6af2507b3c9c25 (patch) | |
tree | c367bbeb7aa6a7e7ceb64f58e29ee2d0689c39df | |
parent | 6e0ff2ec8c1e2b43c167b73d87348d926eeab873 (diff) | |
parent | 4f4ecd1a03a90ef367ab075053fd972aac619748 (diff) | |
download | kernel-4.4.12-200.vanilla.knurd.1.fc22.tar.gz kernel-4.4.12-200.vanilla.knurd.1.fc22.tar.xz kernel-4.4.12-200.vanilla.knurd.1.fc22.zip |
Merge remote-tracking branch 'origin/f22' into f22-user-thl-vanilla-fedorakernel-4.4.12-200.vanilla.knurd.1.fc22
-rw-r--r-- | KVM-MTRR-remove-MSR-0x2f8.patch | 49 | ||||
-rw-r--r-- | kernel.spec | 11 | ||||
-rw-r--r-- | sources | 2 |
3 files changed, 5 insertions, 57 deletions
diff --git a/KVM-MTRR-remove-MSR-0x2f8.patch b/KVM-MTRR-remove-MSR-0x2f8.patch deleted file mode 100644 index 8066b2e8f..000000000 --- a/KVM-MTRR-remove-MSR-0x2f8.patch +++ /dev/null @@ -1,49 +0,0 @@ -From bb0f06280beb6507226627a85076ae349a23fe22 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com> -Date: Mon, 16 May 2016 09:45:35 -0400 -Subject: [PATCH] KVM: MTRR: remove MSR 0x2f8 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -MSR 0x2f8 accessed the 124th Variable Range MTRR ever since MTRR support -was introduced by 9ba075a664df ("KVM: MTRR support"). - -0x2f8 became harmful when 910a6aae4e2e ("KVM: MTRR: exactly define the -size of variable MTRRs") shrinked the array of VR MTRRs from 256 to 8, -which made access to index 124 out of bounds. The surrounding code only -WARNs in this situation, thus the guest gained a limited read/write -access to struct kvm_arch_vcpu. - -0x2f8 is not a valid VR MTRR MSR, because KVM has/advertises only 16 VR -MTRR MSRs, 0x200-0x20f. Every VR MTRR is set up using two MSRs, 0x2f8 -was treated as a PHYSBASE and 0x2f9 would be its PHYSMASK, but 0x2f9 was -not implemented in KVM, therefore 0x2f8 could never do anything useful -and getting rid of it is safe. - -This fixes CVE-2016-TBD. - -Fixes: 910a6aae4e2e ("KVM: MTRR: exactly define the size of variable MTRRs") -Cc: stable@vger.kernel.org -Reported-by: David Matlack <dmatlack@google.com> -Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> ---- - arch/x86/kvm/mtrr.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c -index 3f8c732117ec..c146f3c262c3 100644 ---- a/arch/x86/kvm/mtrr.c -+++ b/arch/x86/kvm/mtrr.c -@@ -44,8 +44,6 @@ static bool msr_mtrr_valid(unsigned msr) - case MSR_MTRRdefType: - case MSR_IA32_CR_PAT: - return true; -- case 0x2f8: -- return true; - } - return false; - } --- -2.5.5 - diff --git a/kernel.spec b/kernel.spec index 764f477c9..cafcedf3a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -58,7 +58,7 @@ Summary: The Linux kernel %define stable_rc 0 # Do we have a -stable update to apply? -%define stable_update 11 +%define stable_update 12 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -666,9 +666,6 @@ Patch716: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch #CVE-2016-0758 rhbz 1300257 1335386 Patch717: KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch -#CVE-2016-3713 rhbz 1332139 1336410 -Patch718: KVM-MTRR-remove-MSR-0x2f8.patch - #CVE-2016-4951 rhbz 1338625 1338626 Patch720: tipc-check-nl-sock-before-parsing-nested-attributes.patch @@ -1383,9 +1380,6 @@ ApplyPatch ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch #CVE-2016-0758 rhbz 1300257 1335386 ApplyPatch KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch -#CVE-2016-3713 rhbz 1332139 1336410 -ApplyPatch KVM-MTRR-remove-MSR-0x2f8.patch - #CVE-2016-4951 rhbz 1338625 1338626 ApplyPatch tipc-check-nl-sock-before-parsing-nested-attributes.patch @@ -2238,6 +2232,9 @@ fi # # %changelog +* Wed Jun 01 2016 Laura Abbott <labbott@fedoraproject.org> - 4.4.12-200 +- Linux v4.4.12 + * Mon May 23 2016 Laura Abbott <labbott@fedoraproject.org> - 4.4.11-200 - Linux v4.4.11 - Actually apply one patch @@ -1,3 +1,3 @@ 9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz dcbc8fe378a676d5d0dd208cf524e144 perf-man-4.4.tar.gz -5c1d328f03aaafb9cf7fdc442468c348 patch-4.4.11.xz +80d71a51152029a3f2fe99ba94548009 patch-4.4.12.xz |