Bug#856171: jessie-pu: package nvidia-graphics-drivers/340.102-1

Sat, 25 Feb 2017 13:57:59 -0800 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

to fix the next round of CVEs in nvidia-graphics-drivers, we need a new
upstream release in stable, again.
Intentionally no +deb8u1 suffix, since I want to prevent version
inflation in the followup pu request for nvidia-graphics-modules.
The Linux 4.10 support patches are not needed for stable, but make the
live easier for people running current kernels - this is also what we
ship in nvidia-graphics-drivers-legacy-340xx for stretch.


Andreas

Index: debian/changelog
===================================================================
--- debian/changelog	(.../tags/340.101-1)	(revision 7208)
+++ debian/changelog	(.../branches/340)	(revision 7208)
@@ -1,3 +1,19 @@
+nvidia-graphics-drivers (340.102-1) jessie; urgency=medium
+
+  * New upstream legacy 340xx branch release 340.102 (2017-02-14).
+    * Fixed CVE-2017-0309, CVE-2017-0310, CVE-2017-0311, CVE-2017-0318,
+      CVE-2017-0321.  (Closes: #855277)
+
+  [ Andreas Beckmann ]
+  * unregister_proc_on_failure.patch: New, unregister procfs entries during
+    error unwind if loading the module failed.  (Closes: #764639)
+
+  [ Luca Boccassi ]
+  * Add deprecated-cpu-events.patch and vmf-address.patch to fix kernel
+    module build on Linux 4.10 and newer.
+
+ -- Andreas Beckmann <a...@debian.org>  Fri, 10 Feb 2017 23:05:58 +0100
+
 nvidia-graphics-drivers (340.101-1) jessie; urgency=medium
 
   * New upstream legacy 340xx branch release 340.101 (2016-12-14).
Index: debian/module/debian/patches/deprecated-cpu-events.patch
===================================================================
--- debian/module/debian/patches/deprecated-cpu-events.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/deprecated-cpu-events.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,49 @@
+Author: Luca Boccassi <luca.bocca...@gmail.com>
+Description: Fix kernel module build on 4.10 and greater
+ From kernel 4.10 and newer (commit 530e9b76ae8f8) CPU_DOWN_FAILED and
+ CPU_DOWN_PREPARE are no longer available as events, together with their
+ callback registers.
+--- a/nv-pat.c
++++ b/nv-pat.c
+@@ -210,19 +210,23 @@
+ 
+     switch (action)
+     {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         case CPU_DOWN_FAILED:
++#endif
+         case CPU_ONLINE:
+             if (cpu == (NvUPtr)hcpu)
+                 nv_setup_pat_entries(NULL);
+             else
+                 NV_SMP_CALL_FUNCTION(nv_setup_pat_entries, hcpu, 1);
+             break;
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         case CPU_DOWN_PREPARE:
+             if (cpu == (NvUPtr)hcpu)
+                 nv_restore_pat_entries(NULL);
+             else
+                 NV_SMP_CALL_FUNCTION(nv_restore_pat_entries, hcpu, 1);
+             break;
++#endif
+     }
+ 
+     put_cpu();
+@@ -252,7 +256,7 @@
+     if (!disable_pat)
+     {
+         nv_enable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+         {
+             if (register_hotcpu_notifier(&nv_hotcpu_nfb) != 0)
+@@ -279,7 +283,7 @@
+     if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+     {
+         nv_disable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         unregister_hotcpu_notifier(&nv_hotcpu_nfb);
+ #endif
+     }
Index: debian/module/debian/patches/series.in
===================================================================
--- debian/module/debian/patches/series.in	(.../tags/340.101-1)	(revision 7208)
+++ debian/module/debian/patches/series.in	(.../branches/340)	(revision 7208)
@@ -1,5 +1,8 @@
 # kernel support
 drm-driver-legacy.patch
+unregister_procfs_on_failure.patch
+deprecated-cpu-events.patch
+vmf-address.patch
 
 # build system updates
 separate-makefile-kbuild.patch
Index: debian/module/debian/patches/unregister_procfs_on_failure.patch
===================================================================
--- debian/module/debian/patches/unregister_procfs_on_failure.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/unregister_procfs_on_failure.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,28 @@
+Author: Andreas Beckmann <a...@debian.org>
+Description: unregister procfs upon module load failure
+ the nvidia module may leave stale proc entries if it refuses to be
+ loaded becase nouveau is already loaded and has claimed the device
+ .
+ the error unwinding in nvidia_init_module() is insane
+ (375.26 looks much better)
+ .
+ this patch is probably not correct in all cases, but the unwinding is
+ not reverse linear in creation and the gotos are all across everything
+ .
+ leaving stale proc entries prevents the nvidia module from loading again
+ .
+ accessing the stale proc entries results in
+   BUG: unable to handle kernel paging request at ...
+Bug-Debian: #764639
+
+--- a/nv.c
++++ b/nv.c
+@@ -1040,6 +1040,8 @@ failed3:
+ 
+     pci_unregister_driver(&nv_pci_driver);
+ 
++    nv_unregister_procfs();
++
+ failed5:
+     rm_shutdown_rm(sp);
+ 
Index: debian/module/debian/patches/vmf-address.patch
===================================================================
--- debian/module/debian/patches/vmf-address.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/vmf-address.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,19 @@
+Author: Luca Boccassi <luca.bocca...@gmail.com>
+Description: Fix kernel module build on 4.10 and greater
+ From kernel 4.10 and newer (commit 1a29d85eb0f19) virtual_address is no longer
+ available as a member of struct vm_fault. Use the address member as suggested
+ by the changelog.
+--- a/uvm/nvidia_uvm_lite.c
++++ b/uvm/nvidia_uvm_lite.c
+@@ -820,7 +820,11 @@
+ #if defined(NV_VM_OPERATIONS_STRUCT_HAS_FAULT)
+ int _fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+     unsigned long vaddr = (unsigned long)vmf->virtual_address;
++#else
++    unsigned long vaddr = vmf->address;
++#endif
+     struct page *page = NULL;
+     int retval;
+ 
Index: debian/copyright
===================================================================
--- debian/copyright	(.../tags/340.101-1)	(revision 7208)
+++ debian/copyright	(.../branches/340)	(revision 7208)
@@ -18,7 +18,7 @@
 
 Files: debian/*
 Copyright: 2001-2010 Randall Donald <rdon...@debian.org>
-           2009-2016 Andreas Beckmann <a...@debian.org>
+           2009-2017 Andreas Beckmann <a...@debian.org>
            2010 Russ Allbery <r...@debian.org>
            Based on packages by Christopher Cheney.
 License: GPL-2.0+

Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /packages/nvidia-graphics-drivers/branches/304:r7072-7188
   Merged /packages/nvidia-graphics-drivers/branches/304-jessie:r7074-7190

Reply via email to