summaryrefslogtreecommitdiffstats
path: root/zarb-ml/mageia-dev/2012-April/014148.html
blob: f33fc9adf357cfff105dabcb62382e33f2fe1ebd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20NVIDIA%20CVE%2C%20mga1%3A%20update%20driver%2C%0A%20or%20patch%20and%20break%20CUDA%20debugger%3F&In-Reply-To=%3C4F85A33C.8060408%40mageia.org%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="014147.html">
   <LINK REL="Next"  HREF="014203.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?</H1>
    <B>Anssi Hannula</B> 
    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20NVIDIA%20CVE%2C%20mga1%3A%20update%20driver%2C%0A%20or%20patch%20and%20break%20CUDA%20debugger%3F&In-Reply-To=%3C4F85A33C.8060408%40mageia.org%3E"
       TITLE="[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?">anssi at mageia.org
       </A><BR>
    <I>Wed Apr 11 17:29:00 CEST 2012</I>
    <P><UL>
        <LI>Previous message: <A HREF="014147.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?
</A></li>
        <LI>Next message: <A HREF="014203.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#14148">[ date ]</a>
              <a href="thread.html#14148">[ thread ]</a>
              <a href="subject.html#14148">[ subject ]</a>
              <a href="author.html#14148">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>11.04.2012 17:47, Pascal Terjan kirjoitti:
&gt;<i> On Wed, Apr 11, 2012 at 15:27, Anssi Hannula &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">anssi at mageia.org</A>&gt; wrote:
</I>&gt;&gt;<i> Hi all!
</I>&gt;&gt;<i>
</I>&gt;&gt;<i> We'll have to apply a patch for CVE-2012-0946 (access to arbitrary
</I>&gt;&gt;<i> system memory by any user) for cauldron and mga1.
</I>&gt;&gt;<i>
</I>&gt;&gt;<i> However, the security fix (patch to the nvidia kernel interface layer)
</I>&gt;&gt;<i> will break CUDA debugger using libcuda older than 295.40.
</I>&gt;&gt;<i>
</I>&gt;&gt;<i> While I can upgrade cauldron driver (which contains libcuda) to 295.40,
</I>&gt;&gt;<i> mga1 will be left with two options:
</I>&gt;&gt;<i> a) Apply patch, informing users that CUDA debugger will cease to
</I>&gt;&gt;<i>   function unless they upgrade their NVIDIA driver. However, as we have
</I>&gt;&gt;<i>   no backports, the remaining (non-system-breaking) option to upgrade
</I>&gt;&gt;<i>   their driver is to use <A HREF="http://onse.fi/nvidia-mgabuild/">http://onse.fi/nvidia-mgabuild/</A> , but I don't
</I>&gt;&gt;<i>   think it is very nice to link to non-official page from an advisory,
</I>&gt;&gt;<i>   right?
</I>&gt;&gt;<i>
</I>&gt;&gt;<i> b) Upgrade our MGA1 driver from 275.09.07 to 295.40 (&quot;long-lived branch
</I>&gt;&gt;<i>   release&quot;) as well. We have
</I>&gt;&gt;<i>   previously shipped an update from 270.41.19 to 275.09.07 for MGA1
</I>&gt;&gt;<i>   (that was due to an important stability bugfix). I'm not aware of
</I>&gt;&gt;<i>   any blockers for this.
</I>&gt;<i> 
</I>&gt;<i> I would vote for b provided more research about known regressions from
</I>&gt;<i> 275 to 295 (like dropping support for some devices)
</I>&gt;<i> 
</I>
No device have been dropped support for there.

And if there were any big regressions, one'd think we would've heard of
them in cauldron.

Hmm.. Actually, there is at least one regression: When in XBMC one has
enabled &quot;sync playback to display&quot;, XBMC will try to spawn a
nvidia-settings instance to detect the refresh rate - however with
295.20+ the forked process will simply block on a mutex. This is handled
gracefully and XBMC fallbacks to using RANDR, however that only works
for integer refresh rates (and when twinview isn't enabled; we default
to disabled), otherwise playback won't be synced properly (AFAIU)....

Argh, checking more, the older XBMC 10.1 we have on mga1 apparently
won't handle this gracefully, but will just get stuck. I guess we could
patch it, but the feature wouldn't still work properly for non-integer
rates...

This is reported as
<A HREF="http://www.nvnews.net/vbulletin/showthread.php?t=177596">http://www.nvnews.net/vbulletin/showthread.php?t=177596</A>

-- 
Anssi Hannula
</PRE>
































<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="014147.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?
</A></li>
	<LI>Next message: <A HREF="014203.html">[Mageia-dev] NVIDIA CVE, mga1: update driver, or patch and break CUDA debugger?
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#14148">[ date ]</a>
              <a href="thread.html#14148">[ thread ]</a>
              <a href="subject.html#14148">[ subject ]</a>
              <a href="author.html#14148">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>