Author: leigh123linux Update of /cvs/nonfree/rpms/nvidia-kmod/F-15 In directory se02.es.rpmfusion.net:/tmp/cvs-serv13771 Modified Files: nvidia-kmod.spec Added Files: nvidia-blacklist-register-mapping-256-285.diff Log Message: * Wed Apr 11 2012 leigh scott <leigh123linux(a)googlemail.com&gt; - 1:280.13-4 - patch for CVE-2012-0946 nvidia-blacklist-register-mapping-256-285.diff: nv.c | 6 ++++++ nv.h | 8 ++++++++ 2 files changed, 14 insertions(+) --- NEW FILE nvidia-blacklist-register-mapping-256-285.diff --- diff -ur kernel/nv.c kernel/nv.c --- kernel/nv.c 2012-04-05 14:45:07.000000000 -0500 +++ kernel/nv.c 2012-04-05 14:45:07.000000000 -0500 @@ -2279,6 +2279,12 @@ /* NV reg space */ if (IS_REG_OFFSET(nv, NV_VMA_OFFSET(vma), NV_VMA_SIZE(vma))) { + if (IS_BLACKLISTED_REG_OFFSET(nv, NV_VMA_OFFSET(vma), NV_VMA_SIZE(vma))) + { + status = -EINVAL; + goto done; + } + if (nv_encode_caching(&vma->vm_page_prot, NV_MEMORY_UNCACHED, NV_MEMORY_TYPE_REGISTERS)) diff -ur kernel/nv.h kernel/nv.h --- kernel/nv.h 2012-04-05 14:45:07.000000000 -0500 +++ kernel/nv.h 2012-04-05 14:45:07.000000000 -0500 @@ -435,6 +435,14 @@ ((offset) >= (nv)->agp.address) && \ (((offset) + ((length)-1)) <= (nv)->agp.address + ((nv)->agp.size-1))) +#define IS_REG_RANGE_WITHIN_MAPPING(nv, roffset, rlength, moffset, mlength) \ + (((moffset) <= ((nv)->regs->address + ((roffset) + (rlength)-1))) &&\ + (((moffset) + (mlength)-1) >= ((nv)->regs->address + (roffset)))) + +#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) \ + ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length))) + /* duplicated from nvos.h for external builds */ #ifndef NVOS_AGP_CONFIG_DISABLE_AGP # define NVOS_AGP_CONFIG_DISABLE_AGP (0x00000000) Index: nvidia-kmod.spec =================================================================== RCS file: /cvs/nonfree/rpms/nvidia-kmod/F-15/nvidia-kmod.spec,v retrieving revision 1.120 retrieving revision 1.121 diff -u -r1.120 -r1.121 --- nvidia-kmod.spec 3 Apr 2012 18:28:17 -0000 1.120 +++ nvidia-kmod.spec 11 Apr 2012 14:50:11 -0000 1.121 @@ -9,7 +9,7 @@ Epoch: 1 Version: 280.13 # Taken over by kmodtool -Release: 3%{?dist} +Release: 4%{?dist} Summary: NVIDIA display driver kernel module Group: System Environment/Kernel License: Redistributable, no modification permitted @@ -26,6 +26,8 @@ Source11: nvidia-kmodtool-excludekernel-filterfile Patch0: kernel-3.3.patch +#http://nvidia.custhelp.com/app/answers/detail/a_id/3109 +Patch1: nvidia-blacklist-register-mapping-256-285.diff BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -53,6 +55,7 @@ do pushd nvidiapkg-${arch} %patch0 -p1 +%patch1 -p0 popd done @@ -95,6 +98,9 @@ %changelog +* Wed Apr 11 2012 leigh scott <leigh123linux(a)googlemail.com&gt; - 1:280.13-4 +- patch for CVE-2012-0946 + * Tue Apr 03 2012 leigh scott <leigh123linux(a)googlemail.com&gt; - 1:280.13-3 - patched to build with 3.3.0 kernel