11.04.2012 18:29, Anssi Hannula kirjoitti: > 11.04.2012 17:47, Pascal Terjan kirjoitti: >> On Wed, Apr 11, 2012 at 15:27, Anssi Hannula <[email protected]> wrote: >>> Hi all! >>> >>> We'll have to apply a patch for CVE-2012-0946 (access to arbitrary >>> system memory by any user) for cauldron and mga1. >>> >>> However, the security fix (patch to the nvidia kernel interface layer) >>> will break CUDA debugger using libcuda older than 295.40. >>> >>> While I can upgrade cauldron driver (which contains libcuda) to 295.40, >>> mga1 will be left with two options: >>> a) Apply patch, informing users that CUDA debugger will cease to >>> function unless they upgrade their NVIDIA driver. However, as we have >>> no backports, the remaining (non-system-breaking) option to upgrade >>> their driver is to use http://onse.fi/nvidia-mgabuild/ , but I don't >>> think it is very nice to link to non-official page from an advisory, >>> right? >>> >>> b) Upgrade our MGA1 driver from 275.09.07 to 295.40 ("long-lived branch >>> release") as well. We have >>> previously shipped an update from 270.41.19 to 275.09.07 for MGA1 >>> (that was due to an important stability bugfix). I'm not aware of >>> any blockers for this. >> >> I would vote for b provided more research about known regressions from >> 275 to 295 (like dropping support for some devices) >> > > No device have been dropped support for there. > > And if there were any big regressions, one'd think we would've heard of > them in cauldron. > > Hmm.. Actually, there is at least one regression: When in XBMC one has > enabled "sync playback to display", XBMC will try to spawn a > nvidia-settings instance to detect the refresh rate - however with > 295.20+ the forked process will simply block on a mutex. This is handled > gracefully and XBMC fallbacks to using RANDR, however that only works > for integer refresh rates (and when twinview isn't enabled; we default > to disabled), otherwise playback won't be synced properly (AFAIU).... > > Argh, checking more, the older XBMC 10.1 we have on mga1 apparently > won't handle this gracefully, but will just get stuck. I guess we could > patch it, but the feature wouldn't still work properly for non-integer > rates... > > This is reported as > http://www.nvnews.net/vbulletin/showthread.php?t=177596
So I think I'll go with option (a). I guess I can attach a current version of the nvidia-mgabuild.sh script to the bugreport and then refer users to it? -- Anssi Hannula
