The blacklisted entry was introduced by the latest security patch to the nvidia drivers.
nvidia-graphics-drivers-updates (295.49-0ubuntu0.2) precise-security; urgency=low
* SECURITY UPDATE: privilege escalation via kernel memory access - debian/dkms/patches/blacklist-vga-pmu-registers.patch: blacklist more offsets in nv.{c,h}. - debian/dkms.conf{.in}: added new patch. - CVE number pending -- Marc Deslauriers <email address hidden> Sun, 05 Aug 2012 09:49:25 -0400
The code:
diff -ur kernel/nv.h kernel/nv.h --- kernel/nv.h 2012-08-02 18:19:37.000000000 -0700 +++ kernel/nv.h 2012-08-02 18:19:37.000000000 -0700 @@ -448,7 +448,20 @@
#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) \ ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\ - (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length))) + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x84000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x85000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x86000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x87000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x89000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0xa0000, 0x20000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x104000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x105000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x10a000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c2000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c3000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x618000, 0x2000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x627000, 0x1000, offset, length)) ||\ + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
/* duplicated from nvos.h for external builds */ #ifndef NVOS_AGP_CONFIG_DISABLE_AGP
The blacklisted entry was introduced by the latest security patch to the nvidia drivers.
nvidia- graphics- drivers- updates (295.49-0ubuntu0.2) precise-security; urgency=low
* SECURITY UPDATE: privilege escalation via kernel memory access dkms/patches/ blacklist- vga-pmu- registers. patch: blacklist dkms.conf{ .in}: added new patch.
- debian/
more offsets in nv.{c,h}.
- debian/
- CVE number pending
-- Marc Deslauriers <email address hidden> Sun, 05 Aug 2012 09:49:25 -0400
The code:
diff -ur kernel/nv.h kernel/nv.h
--- kernel/nv.h 2012-08-02 18:19:37.000000000 -0700
+++ kernel/nv.h 2012-08-02 18:19:37.000000000 -0700
@@ -448,7 +448,20 @@
#define IS_BLACKLISTED_ REG_OFFSET( nv, offset, length) \
((IS_REG_ RANGE_WITHIN_ MAPPING( nv, 0x1000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x700000, 0x100000, offset, length))) RANGE_WITHIN_ MAPPING( nv, 0x84000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x85000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x86000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x87000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x89000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0xa0000, 0x20000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x104000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x105000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x10a000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x1c2000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x1c3000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x618000, 0x2000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x627000, 0x1000, offset, length)) ||\ RANGE_WITHIN_ MAPPING( nv, 0x700000, 0x100000, offset, length)))
- (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
+ (IS_REG_
/* duplicated from nvos.h for external builds */ CONFIG_ DISABLE_ AGP
#ifndef NVOS_AGP_