rpms/nvidia-kmod/F-15 nvidia-blacklist-register-mapping-256-285.diff, NONE, 1.1 nvidia-kmod.spec, 1.120, 1.121

Leigh Scott leigh123linux at rpmfusion.org
Wed Apr 11 16:50:11 CEST 2012 

Author: leigh123linux

Update of /cvs/nonfree/rpms/nvidia-kmod/F-15
In directory se02.es.rpmfusion.net:/tmp/cvs-serv13771

Modified Files:
	nvidia-kmod.spec 
Added Files:
	nvidia-blacklist-register-mapping-256-285.diff 
Log Message:
* Wed Apr 11 2012 leigh scott <leigh123linux at googlemail.com> - 1:280.13-4
- patch for CVE-2012-0946


nvidia-blacklist-register-mapping-256-285.diff:
 nv.c |    6 ++++++
 nv.h |    8 ++++++++
 2 files changed, 14 insertions(+)

--- NEW FILE nvidia-blacklist-register-mapping-256-285.diff ---
diff -ur kernel/nv.c kernel/nv.c
--- kernel/nv.c	2012-04-05 14:45:07.000000000 -0500
+++ kernel/nv.c	2012-04-05 14:45:07.000000000 -0500
@@ -2279,6 +2279,12 @@
     /* NV reg space */
     if (IS_REG_OFFSET(nv, NV_VMA_OFFSET(vma), NV_VMA_SIZE(vma)))
     {
+        if (IS_BLACKLISTED_REG_OFFSET(nv, NV_VMA_OFFSET(vma), NV_VMA_SIZE(vma)))
+        {
+            status = -EINVAL;
+            goto done;
+        }
+
         if (nv_encode_caching(&vma->vm_page_prot,
                               NV_MEMORY_UNCACHED,
                               NV_MEMORY_TYPE_REGISTERS))
diff -ur kernel/nv.h kernel/nv.h
--- kernel/nv.h	2012-04-05 14:45:07.000000000 -0500
+++ kernel/nv.h	2012-04-05 14:45:07.000000000 -0500
@@ -435,6 +435,14 @@
              ((offset) >= (nv)->agp.address) &&                                \
              (((offset) + ((length)-1)) <= (nv)->agp.address + ((nv)->agp.size-1)))
 
+#define IS_REG_RANGE_WITHIN_MAPPING(nv, roffset, rlength, moffset, mlength)    \
+             (((moffset) <= ((nv)->regs->address + ((roffset) + (rlength)-1))) &&\
+             (((moffset) + (mlength)-1) >= ((nv)->regs->address + (roffset))))
+
+#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length)                          \
+             ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\
+             (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
+
 /* duplicated from nvos.h for external builds */
 #ifndef NVOS_AGP_CONFIG_DISABLE_AGP
 #  define NVOS_AGP_CONFIG_DISABLE_AGP (0x00000000)


Index: nvidia-kmod.spec
===================================================================
RCS file: /cvs/nonfree/rpms/nvidia-kmod/F-15/nvidia-kmod.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- nvidia-kmod.spec	3 Apr 2012 18:28:17 -0000	1.120
+++ nvidia-kmod.spec	11 Apr 2012 14:50:11 -0000	1.121
@@ -9,7 +9,7 @@
 Epoch:         1
 Version:       280.13
 # Taken over by kmodtool
-Release:       3%{?dist}
+Release:       4%{?dist}
 Summary:       NVIDIA display driver kernel module
 Group:         System Environment/Kernel
 License:       Redistributable, no modification permitted
@@ -26,6 +26,8 @@
 Source11:       nvidia-kmodtool-excludekernel-filterfile
 
 Patch0:         kernel-3.3.patch
+#http://nvidia.custhelp.com/app/answers/detail/a_id/3109
+Patch1:         nvidia-blacklist-register-mapping-256-285.diff
 
 BuildRoot:     %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -53,6 +55,7 @@
 do
 pushd nvidiapkg-${arch}
 %patch0 -p1
+%patch1 -p0
 popd
 done
 
@@ -95,6 +98,9 @@
 
 
 %changelog
+* Wed Apr 11 2012 leigh scott <leigh123linux at googlemail.com> - 1:280.13-4
+- patch for CVE-2012-0946
+
 * Tue Apr 03 2012 leigh scott <leigh123linux at googlemail.com> - 1:280.13-3
 - patched to build with 3.3.0 kernel

More information about the rpmfusion-commits mailing list