Bug#856171: jessie-pu: package nvidia-graphics-drivers/340.102-1

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-04-02 at 21:44 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2017-02-25 at 22:55 +0100, Andreas Beckmann wrote:
> > to fix the next round of CVEs in nvidia-graphics-drivers, we need a new
> > upstream release in stable, again.
> > Intentionally no +deb8u1 suffix, since I want to prevent version
> > inflation in the followup pu request for nvidia-graphics-modules.
> > The Linux 4.10 support patches are not needed for stable, but make the
> > live easier for people running current kernels - this is also what we
> > ship in nvidia-graphics-drivers-legacy-340xx for stretch.
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#856171: jessie-pu: package nvidia-graphics-drivers/340.102-1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2017-02-25 at 22:55 +0100, Andreas Beckmann wrote:
> to fix the next round of CVEs in nvidia-graphics-drivers, we need a new
> upstream release in stable, again.
> Intentionally no +deb8u1 suffix, since I want to prevent version
> inflation in the followup pu request for nvidia-graphics-modules.
> The Linux 4.10 support patches are not needed for stable, but make the
> live easier for people running current kernels - this is also what we
> ship in nvidia-graphics-drivers-legacy-340xx for stretch.

Please go ahead.

Regards,

Adam

Bug#856171: jessie-pu: package nvidia-graphics-drivers/340.102-1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

to fix the next round of CVEs in nvidia-graphics-drivers, we need a new
upstream release in stable, again.
Intentionally no +deb8u1 suffix, since I want to prevent version
inflation in the followup pu request for nvidia-graphics-modules.
The Linux 4.10 support patches are not needed for stable, but make the
live easier for people running current kernels - this is also what we
ship in nvidia-graphics-drivers-legacy-340xx for stretch.


Andreas
Index: debian/changelog
===
--- debian/changelog	(.../tags/340.101-1)	(revision 7208)
+++ debian/changelog	(.../branches/340)	(revision 7208)
@@ -1,3 +1,19 @@
+nvidia-graphics-drivers (340.102-1) jessie; urgency=medium
+
+  * New upstream legacy 340xx branch release 340.102 (2017-02-14).
+* Fixed CVE-2017-0309, CVE-2017-0310, CVE-2017-0311, CVE-2017-0318,
+  CVE-2017-0321.  (Closes: #855277)
+
+  [ Andreas Beckmann ]
+  * unregister_proc_on_failure.patch: New, unregister procfs entries during
+error unwind if loading the module failed.  (Closes: #764639)
+
+  [ Luca Boccassi ]
+  * Add deprecated-cpu-events.patch and vmf-address.patch to fix kernel
+module build on Linux 4.10 and newer.
+
+ -- Andreas Beckmann   Fri, 10 Feb 2017 23:05:58 +0100
+
 nvidia-graphics-drivers (340.101-1) jessie; urgency=medium
 
   * New upstream legacy 340xx branch release 340.101 (2016-12-14).
Index: debian/module/debian/patches/deprecated-cpu-events.patch
===
--- debian/module/debian/patches/deprecated-cpu-events.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/deprecated-cpu-events.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,49 @@
+Author: Luca Boccassi 
+Description: Fix kernel module build on 4.10 and greater
+ From kernel 4.10 and newer (commit 530e9b76ae8f8) CPU_DOWN_FAILED and
+ CPU_DOWN_PREPARE are no longer available as events, together with their
+ callback registers.
+--- a/nv-pat.c
 b/nv-pat.c
+@@ -210,19 +210,23 @@
+ 
+ switch (action)
+ {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+ case CPU_DOWN_FAILED:
++#endif
+ case CPU_ONLINE:
+ if (cpu == (NvUPtr)hcpu)
+ nv_setup_pat_entries(NULL);
+ else
+ NV_SMP_CALL_FUNCTION(nv_setup_pat_entries, hcpu, 1);
+ break;
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+ case CPU_DOWN_PREPARE:
+ if (cpu == (NvUPtr)hcpu)
+ nv_restore_pat_entries(NULL);
+ else
+ NV_SMP_CALL_FUNCTION(nv_restore_pat_entries, hcpu, 1);
+ break;
++#endif
+ }
+ 
+ put_cpu();
+@@ -252,7 +256,7 @@
+ if (!disable_pat)
+ {
+ nv_enable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+ if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+ {
+ if (register_hotcpu_notifier(_hotcpu_nfb) != 0)
+@@ -279,7 +283,7 @@
+ if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+ {
+ nv_disable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+ unregister_hotcpu_notifier(_hotcpu_nfb);
+ #endif
+ }
Index: debian/module/debian/patches/series.in
===
--- debian/module/debian/patches/series.in	(.../tags/340.101-1)	(revision 7208)
+++ debian/module/debian/patches/series.in	(.../branches/340)	(revision 7208)
@@ -1,5 +1,8 @@
 # kernel support
 drm-driver-legacy.patch
+unregister_procfs_on_failure.patch
+deprecated-cpu-events.patch
+vmf-address.patch
 
 # build system updates
 separate-makefile-kbuild.patch
Index: debian/module/debian/patches/unregister_procfs_on_failure.patch
===
--- debian/module/debian/patches/unregister_procfs_on_failure.patch	(.../tags/340.101-1)	(revision 0)
+++ debian/module/debian/patches/unregister_procfs_on_failure.patch	(.../branches/340)	(revision 7208)
@@ -0,0 +1,28 @@
+Author: Andreas Beckmann 
+Description: unregister procfs upon module load failure
+ the nvidia module may leave stale proc entries if it refuses to be
+ loaded becase nouveau is already loaded and has claimed the device
+ .
+ the error unwinding in nvidia_init_module() is insane
+ (375.26 looks much better)
+ .
+ this patch is probably not correct in all cases, but the unwinding is
+ not reverse linear in creation and the gotos are all across everything
+ .
+ leaving stale