[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#856171: marked as done (jessie-pu: package nvidia-graphics-drivers/340.102-1)

Your message dated Sat, 06 May 2017 14:44:18 +0100
with message-id <1494078258.26551.13.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 8.8
has caused the Debian Bug report #856171,
regarding jessie-pu: package nvidia-graphics-drivers/340.102-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856171
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

to fix the next round of CVEs in nvidia-graphics-drivers, we need a new
upstream release in stable, again.
Intentionally no +deb8u1 suffix, since I want to prevent version
inflation in the followup pu request for nvidia-graphics-modules.
The Linux 4.10 support patches are not needed for stable, but make the
live easier for people running current kernels - this is also what we
ship in nvidia-graphics-drivers-legacy-340xx for stretch.


Andreas

Index: debian/changelog
===================================================================
--- debian/changelog	(.../tags/340.101-1)	(revision 7208)
+++ debian/changelog	(.../branches/340)	(revision 7208)
@@ -1,3 +1,19 @@
+nvidia-graphics-drivers (340.102-1) jessie; urgency=medium
+
+  * New upstream legacy 340xx branch release 340.102 (2017-02-14).
+    * Fixed CVE-2017-0309, CVE-2017-0310, CVE-2017-0311, CVE-2017-0318,
+      CVE-2017-0321.  (Closes: #855277)
+
+  [ Andreas Beckmann ]
+  * unregister_proc_on_failure.patch: New, unregister procfs entries during
+    error unwind if loading the module failed.  (Closes: #764639)
+
+  [ Luca Boccassi ]
+  * Add deprecated-cpu-events.patch and vmf-address.patch to fix kernel
+    module build on Linux 4.10 and newer.
+
+ -- Andreas Beckmann <anbe@debian.org>  Fri, 10 Feb 2017 23:05:58 +0100
+
 nvidia-graphics-drivers (340.101-1) jessie; urgency=medium
 
   * New upstream legacy 340xx branch release 340.101 (2016-12-14).
Index: debian/module/debian/patches/deprecated-cpu-events.patch
===================================================================
--- debian/module/debian/patches/deprecated-cpu-events.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/deprecated-cpu-events.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,49 @@
+Author: Luca Boccassi <luca.boccassi@gmail.com>
+Description: Fix kernel module build on 4.10 and greater
+ From kernel 4.10 and newer (commit 530e9b76ae8f8) CPU_DOWN_FAILED and
+ CPU_DOWN_PREPARE are no longer available as events, together with their
+ callback registers.
+--- a/nv-pat.c
++++ b/nv-pat.c
+@@ -210,19 +210,23 @@
+ 
+     switch (action)
+     {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         case CPU_DOWN_FAILED:
++#endif
+         case CPU_ONLINE:
+             if (cpu == (NvUPtr)hcpu)
+                 nv_setup_pat_entries(NULL);
+             else
+                 NV_SMP_CALL_FUNCTION(nv_setup_pat_entries, hcpu, 1);
+             break;
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         case CPU_DOWN_PREPARE:
+             if (cpu == (NvUPtr)hcpu)
+                 nv_restore_pat_entries(NULL);
+             else
+                 NV_SMP_CALL_FUNCTION(nv_restore_pat_entries, hcpu, 1);
+             break;
++#endif
+     }
+ 
+     put_cpu();
+@@ -252,7 +256,7 @@
+     if (!disable_pat)
+     {
+         nv_enable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+         {
+             if (register_hotcpu_notifier(&nv_hotcpu_nfb) != 0)
+@@ -279,7 +283,7 @@
+     if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+     {
+         nv_disable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         unregister_hotcpu_notifier(&nv_hotcpu_nfb);
+ #endif
+     }
Index: debian/module/debian/patches/series.in
===================================================================
--- debian/module/debian/patches/series.in	(.../tags/340.101-1)	(revision 7208)
+++ debian/module/debian/patches/series.in	(.../branches/340)	(revision 7208)
@@ -1,5 +1,8 @@
 # kernel support
 drm-driver-legacy.patch
+unregister_procfs_on_failure.patch
+deprecated-cpu-events.patch
+vmf-address.patch
 
 # build system updates
 separate-makefile-kbuild.patch
Index: debian/module/debian/patches/unregister_procfs_on_failure.patch
===================================================================
--- debian/module/debian/patches/unregister_procfs_on_failure.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/unregister_procfs_on_failure.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,28 @@
+Author: Andreas Beckmann <anbe@debian.org>
+Description: unregister procfs upon module load failure
+ the nvidia module may leave stale proc entries if it refuses to be
+ loaded becase nouveau is already loaded and has claimed the device
+ .
+ the error unwinding in nvidia_init_module() is insane
+ (375.26 looks much better)
+ .
+ this patch is probably not correct in all cases, but the unwinding is
+ not reverse linear in creation and the gotos are all across everything
+ .
+ leaving stale proc entries prevents the nvidia module from loading again
+ .
+ accessing the stale proc entries results in
+   BUG: unable to handle kernel paging request at ...
+Bug-Debian: #764639
+
+--- a/nv.c
++++ b/nv.c
+@@ -1040,6 +1040,8 @@ failed3:
+ 
+     pci_unregister_driver(&nv_pci_driver);
+ 
++    nv_unregister_procfs();
++
+ failed5:
+     rm_shutdown_rm(sp);
+ 
Index: debian/module/debian/patches/vmf-address.patch
===================================================================
--- debian/module/debian/patches/vmf-address.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/vmf-address.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,19 @@
+Author: Luca Boccassi <luca.boccassi@gmail.com>
+Description: Fix kernel module build on 4.10 and greater
+ From kernel 4.10 and newer (commit 1a29d85eb0f19) virtual_address is no longer
+ available as a member of struct vm_fault. Use the address member as suggested
+ by the changelog.
+--- a/uvm/nvidia_uvm_lite.c
++++ b/uvm/nvidia_uvm_lite.c
+@@ -820,7 +820,11 @@
+ #if defined(NV_VM_OPERATIONS_STRUCT_HAS_FAULT)
+ int _fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+     unsigned long vaddr = (unsigned long)vmf->virtual_address;
++#else
++    unsigned long vaddr = vmf->address;
++#endif
+     struct page *page = NULL;
+     int retval;
+ 
Index: debian/copyright
===================================================================
--- debian/copyright	(.../tags/340.101-1)	(revision 7208)
+++ debian/copyright	(.../branches/340)	(revision 7208)
@@ -18,7 +18,7 @@
 
 Files: debian/*
 Copyright: 2001-2010 Randall Donald <rdonald@debian.org>
-           2009-2016 Andreas Beckmann <anbe@debian.org>
+           2009-2017 Andreas Beckmann <anbe@debian.org>
            2010 Russ Allbery <rra@debian.org>
            Based on packages by Christopher Cheney.
 License: GPL-2.0+

Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /packages/nvidia-graphics-drivers/branches/304:r7072-7188
   Merged /packages/nvidia-graphics-drivers/branches/304-jessie:r7074-7190

--- End Message ---
--- Begin Message --- 
Version: 8.8

Hi,

Each of these bugs refers to an update that was included in today's
jessie point release. Thanks!

Regards,

Adam

--- End Message ---
Reply to: