diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-April/014203.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-April/014203.html | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-April/014203.html b/zarb-ml/mageia-dev/2012-April/014203.html new file mode 100644 index 000000000..59daa2131 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014203.html @@ -0,0 +1,129 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20NVIDIA%20CVE%2C%20mga1%3A%20update%20driver%2C%0A%20or%20patch%20and%20break%20CUDA%20debugger%3F&In-Reply-To=%3C4F872AD1.7040703%40mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="014148.html"> + <LINK REL="Next" HREF="014204.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?</H1> + <B>Anssi Hannula</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20NVIDIA%20CVE%2C%20mga1%3A%20update%20driver%2C%0A%20or%20patch%20and%20break%20CUDA%20debugger%3F&In-Reply-To=%3C4F872AD1.7040703%40mageia.org%3E" + TITLE="[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?">anssi at mageia.org + </A><BR> + <I>Thu Apr 12 21:19:45 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="014148.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger? +</A></li> + <LI>Next message: <A HREF="014204.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#14203">[ date ]</a> + <a href="thread.html#14203">[ thread ]</a> + <a href="subject.html#14203">[ subject ]</a> + <a href="author.html#14203">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>11.04.2012 18:29, Anssi Hannula kirjoitti: +><i> 11.04.2012 17:47, Pascal Terjan kirjoitti: +</I>>><i> On Wed, Apr 11, 2012 at 15:27, Anssi Hannula <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">anssi at mageia.org</A>> wrote: +</I>>>><i> Hi all! +</I>>>><i> +</I>>>><i> We'll have to apply a patch for CVE-2012-0946 (access to arbitrary +</I>>>><i> system memory by any user) for cauldron and mga1. +</I>>>><i> +</I>>>><i> However, the security fix (patch to the nvidia kernel interface layer) +</I>>>><i> will break CUDA debugger using libcuda older than 295.40. +</I>>>><i> +</I>>>><i> While I can upgrade cauldron driver (which contains libcuda) to 295.40, +</I>>>><i> mga1 will be left with two options: +</I>>>><i> a) Apply patch, informing users that CUDA debugger will cease to +</I>>>><i> function unless they upgrade their NVIDIA driver. However, as we have +</I>>>><i> no backports, the remaining (non-system-breaking) option to upgrade +</I>>>><i> their driver is to use <A HREF="http://onse.fi/nvidia-mgabuild/">http://onse.fi/nvidia-mgabuild/</A> , but I don't +</I>>>><i> think it is very nice to link to non-official page from an advisory, +</I>>>><i> right? +</I>>>><i> +</I>>>><i> b) Upgrade our MGA1 driver from 275.09.07 to 295.40 ("long-lived branch +</I>>>><i> release") as well. We have +</I>>>><i> previously shipped an update from 270.41.19 to 275.09.07 for MGA1 +</I>>>><i> (that was due to an important stability bugfix). I'm not aware of +</I>>>><i> any blockers for this. +</I>>><i> +</I>>><i> I would vote for b provided more research about known regressions from +</I>>><i> 275 to 295 (like dropping support for some devices) +</I>>><i> +</I>><i> +</I>><i> No device have been dropped support for there. +</I>><i> +</I>><i> And if there were any big regressions, one'd think we would've heard of +</I>><i> them in cauldron. +</I>><i> +</I>><i> Hmm.. Actually, there is at least one regression: When in XBMC one has +</I>><i> enabled "sync playback to display", XBMC will try to spawn a +</I>><i> nvidia-settings instance to detect the refresh rate - however with +</I>><i> 295.20+ the forked process will simply block on a mutex. This is handled +</I>><i> gracefully and XBMC fallbacks to using RANDR, however that only works +</I>><i> for integer refresh rates (and when twinview isn't enabled; we default +</I>><i> to disabled), otherwise playback won't be synced properly (AFAIU).... +</I>><i> +</I>><i> Argh, checking more, the older XBMC 10.1 we have on mga1 apparently +</I>><i> won't handle this gracefully, but will just get stuck. I guess we could +</I>><i> patch it, but the feature wouldn't still work properly for non-integer +</I>><i> rates... +</I>><i> +</I>><i> This is reported as +</I>><i> <A HREF="http://www.nvnews.net/vbulletin/showthread.php?t=177596">http://www.nvnews.net/vbulletin/showthread.php?t=177596</A> +</I> +So I think I'll go with option (a). I guess I can attach a current +version of the nvidia-mgabuild.sh script to the bugreport and then refer +users to it? + +-- +Anssi Hannula +</PRE> + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="014148.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger? +</A></li> + <LI>Next message: <A HREF="014204.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#14203">[ date ]</a> + <a href="thread.html#14203">[ thread ]</a> + <a href="subject.html#14203">[ subject ]</a> + <a href="author.html#14203">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |