| Summary: | x11-drivers/nvidia-drivers-355.06: pax_kernel patches must be updated to reflect changes in driver's directory structure | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Arseny Solokha <asolokha> |
| Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | creideiki+gentoo-bugzilla, jer, kroemmelbein, norman.shulman, pageexec, zerochaos |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
https://grsecurity.net/~paxguy1/nvidia-drivers-355.06-pax.patch should do the job. i also wonder why the 346 patches are used at all, they already stopped working earlier and i had a patch for 352.09 back in June already... (In reply to PaX Team from comment #1) > https://grsecurity.net/~paxguy1/nvidia-drivers-355.06-pax.patch should do > the job. i also wonder why the 346 patches are used at all, they already > stopped working earlier and i had a patch for 352.09 back in June already... This let me build x11-drivers/nvidia-drivers-355.11 on a 4.0.8-hardened kernel. Please add this patch to files/ and update the ebuilds. *** Bug 560602 has been marked as a duplicate of this bug. *** https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7218d0969f77eb765e88bc4f581fa5a818498ff fixed, thanks PaX Team! |
Directory structure of the driver archive was changed, so pax_kernel patches and the build itself have to be updated accordingly, otherwise it's not possible to build the driver for hardened profile. Reproducible: Always files/pax-usercopy.patch --- files/nvidia-drivers-346.16-pax-usercopy.patch 2014-12-01 19:47:46.000000000 +0700 +++ files/nvidia-drivers-355.06-pax-usercopy.patch 2015-08-09 19:26:17.640173727 +0700 @@ -1,5 +1,5 @@ ---- a/kernel/nv.c -+++ b/kernel/nv.c +--- a/kernel/nvidia/nv.c ++++ b/kernel/nvidia/nv.c @@ -705,7 +705,7 @@ int __init nvidia_init_module(void) #endif @@ -27,8 +27,8 @@ if (nvidia_p2p_page_t_cache == NULL) { rc = -ENOMEM; ---- a/kernel/nv-linux.h -+++ b/kernel/nv-linux.h +--- a/kernel/common/inc/nv-linux.h ++++ b/kernel/common/inc/nv-linux.h @@ -1431,11 +1431,11 @@ extern void *nvidia_stack_t_cache; #if !defined(NV_VMWARE) files/pax-constify.patch --- files/nvidia-drivers-346.16-pax-constify.patch 2014-12-01 19:47:46.000000000 +0700 +++ files/nvidia-drivers-355.06-pax-constify.patch 2015-08-09 19:28:17.824671214 +0700 @@ -1,5 +1,5 @@ ---- a/kernel/uvm/uvm_common.c -+++ b/kernel/uvm/uvm_common.c +--- a/kernel/nvidia-uvm/uvm_common.c ++++ b/kernel/nvidia-uvm/uvm_common.c @@ -95,7 +95,6 @@ static RM_STATUS uvmnext_gpu_event_stop_ #endif // NVIDIA_UVM_NEXT_ENABLED --- nvidia-drivers-352.30.ebuild 2015-08-08 14:01:17.000000000 +0700 +++ nvidia-drivers-355.06.ebuild 2015-08-09 19:28:38.864408181 +0700 @@ -168,8 +168,8 @@ ewarn "Using PAX patches is not supported. You will be asked to" ewarn "use a standard kernel should you have issues. Should you" ewarn "need support with these patches, contact the PaX team." - epatch "${FILESDIR}"/${PN}-346.16-pax-usercopy.patch - epatch "${FILESDIR}"/${PN}-346.16-pax-constify.patch + epatch "${FILESDIR}"/${P}-pax-usercopy.patch + epatch "${FILESDIR}"/${P}-pax-constify.patch fi # Allow user patches so they can support RC kernels and whatever else