diff options
| author | Alexey Dokuchaev <danfe@FreeBSD.org> | 2012-05-10 11:22:00 +0000 |
|---|---|---|
| committer | Alexey Dokuchaev <danfe@FreeBSD.org> | 2012-05-10 11:22:00 +0000 |
| commit | dbacad32aebe2ff303e5f5e4553e4b4346727a96 (patch) | |
| tree | e7b8f6ded5653119d9b5a80a97c9ebe5ee83c8dc /x11 | |
| parent | - Update to 1.3.2.1 (diff) | |
Provide home-made patch for legacy nVidia drivers against recent arbitrary
memory access vulnerability. While affected underlying code is very similar
in all released drivers, and they all are technically exploitable the same
way, the exploit relies on hardware that is not present in GPUs older than
NV50/G80, hence versions starting from 100.14.03 must be patched.
That said, while the patch does apply to all legacy versions, port revision
bump makes sense only for 173.14.xx series (as 96.43.xx and 71.86.xx do not
hardware exploit relies upon).
Discussed with: Christian Zander
Security: CVE-2012-0946
Notes
Notes:
svn path=/head/; revision=296355
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/nvidia-driver-173/Makefile | 1 | ||||
| -rw-r--r-- | x11/nvidia-driver/Makefile | 4 | ||||
| -rw-r--r-- | x11/nvidia-driver/files/security-patch-CVE-2012-0946 | 28 |
3 files changed, 33 insertions, 0 deletions
diff --git a/x11/nvidia-driver-173/Makefile b/x11/nvidia-driver-173/Makefile index e764fe98cfd2..3bf2ef5c32cb 100644 --- a/x11/nvidia-driver-173/Makefile +++ b/x11/nvidia-driver-173/Makefile @@ -6,6 +6,7 @@ # DISTVERSION= 173.14.31 +PORTREVISION= 1 MASTERDIR= ${.CURDIR}/../nvidia-driver NO_LATEST_LINK= yes diff --git a/x11/nvidia-driver/Makefile b/x11/nvidia-driver/Makefile index e084ad371d0f..4fb0ec1b851e 100644 --- a/x11/nvidia-driver/Makefile +++ b/x11/nvidia-driver/Makefile @@ -61,6 +61,10 @@ MASTER_SITE_SUBDIR= freebsd/${DISTVERSION} ONLY_FOR_ARCHS= i386 .endif +.if ${NVVERSION} <= 1905300 +EXTRA_PATCHES= ${PATCHDIR}/security-patch-CVE-2012-0946 +.endif + OPTIONS= FREEBSD_AGP "Use FreeBSD AGP GART driver" off \ ACPI_PM "Enable support for ACPI Power Management" off \ LINUX "Build with support for Linux compatibility" on diff --git a/x11/nvidia-driver/files/security-patch-CVE-2012-0946 b/x11/nvidia-driver/files/security-patch-CVE-2012-0946 new file mode 100644 index 000000000000..86e7dce9936b --- /dev/null +++ b/x11/nvidia-driver/files/security-patch-CVE-2012-0946 @@ -0,0 +1,28 @@ +--- src/nv.h.orig 2011-07-14 02:51:53.000000000 +0800 ++++ src/nv.h 2012-05-10 18:15:51.000000000 +0800 +@@ -364,6 +364,14 @@ + ((offset) >= (nv)->agp.address) && \ + (((offset) + ((length)-1)) <= (nv)->agp.address + ((nv)->agp.size-1))) + ++#define IS_REG_RANGE_WITHIN_MAPPING(nv, roffset, rlength, moffset, mlength) \ ++ (((moffset) <= ((nv)->regs->address + ((roffset) + (rlength)-1))) &&\ ++ (((moffset) + (mlength)-1) >= ((nv)->regs->address + (roffset)))) ++ ++#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) \ ++ ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\ ++ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length))) ++ + /* duplicated from nvos.h for external builds */ + #ifndef NVOS_AGP_CONFIG_DISABLE_AGP + # define NVOS_AGP_CONFIG_DISABLE_AGP (0x00000000) +--- src/nvidia_subr.c.orig 2012-05-10 18:09:01.000000000 +0800 ++++ src/nvidia_subr.c 2012-05-10 18:13:41.000000000 +0800 +@@ -1464,6 +1464,8 @@ + } + + if (IS_REG_OFFSET(nv, offset, PAGE_SIZE)) { ++ if (IS_BLACKLISTED_REG_OFFSET(nv, offset, PAGE_SIZE)) ++ return -1; + *physical = offset; + return 0; + } |