Nvidia 535.154.05 is affected by serious CVEs

[Kreyren]

Referencing: https://discourse.nixos.org/t/all-nividia-drivers-crash-or-do-not-work/47427/7

[Kreyren]

Heads-up @TanvirOnGH

[Kreyren]

Statement: NiXium doesn't use this package in any of it's systems as the open-source drivers (Nouveau) work better on the systems that are using Nvidia GPUs, patch incoming for to handle security for upcoming #74 and Tanvir's system in #58, the affected version appears to be currently in stable nixos and NiXium would not be affected either way as we lag behind the stable release.

Instruction for members: Make sure that you do not use this driver, the logical check might need adjustments, if your system ends up using the driver then provide:

$ nix repl
Welcome to Nix X.XX.X. Type :? for help.

nix-repl> :l <nixpkgs>
loaded X variables

nix-repl> pkgs.linuxPackages.nvidiaPackages.<YOUR_RELEASE>.version
"XXX.XX"

[ghost]

The open-source drivers (Nouveau) work better on the systems that are using Nvidia GPUs

Source? Benchmarks? Results? Proofs?

According to official nixos nvidia wiki (https://wiki.nixos.org/wiki/Nvidia#Modifying_NixOS_configuration):

Nvidia's proprietary kernel module. Better 3D performance than nouveau.

hardware.nvidia.open = mkForce true; # Recommended by Nvidia

Source? If this is the case why isn't it enforced by nixpkgs/NixOS?

In the unofficial nixos nvidia wiki it says:

Currently alpha-quality/buggy, so false is currently the recommended setting

outdated!

Many critical issues are still open: https://github.com/NVIDIA/open-gpu-kernel-modules/issues and many proposed fixes: https://github.com/NVIDIA/open-gpu-kernel-modules/pulls

The open driver is recommended even by nvidia these days
open = true;
How come? Look here at their new releases: https://us.download.nvidia.com/XFree86/Linux-x86_64/550.54.14/README/kernel_open.html, says
Use of the open kernel modules on GeForce and Workstation GPUs should be considered Beta quality ...

And also

Nvidia's open-source kernel module, which is beta-quality and x11-only.

Even in their official wiki which is maintained and updated often:

Currently "beta quality", so false is currently the recommended setting. source

Even though the user TLATER mentions some points on the practicality of using it in this discourse thread. Further investigations is needed before enabling it!

@Kreyren

[Kreyren]

Nvidia's open-source kernel module, which is beta-quality and x11-only. -- @TanvirOnGH (#79 (comment))

Everything that comes out of Nvidia in terms of software is beta quality at best to the point where even an AI generated code looks much better according to their CEO.

Was tested to work on wayland without problems for tupan which is the only affected system atm and that way we at least know what issues there are to be able to prepare management for it + i was reading though it and the characteristic Nvidia-style code seems to be mostly replaced with a real code to consider it superior.

Source? Benchmarks? Results? Proofs? -- @TanvirOnGH (#79 (comment))

Out of 67 systems that are currently managed by nixium-legacy (proprietary and slowly being migrated) and nixium only sinnenfreude and mracek use nvidia GPUs:

• Sinnenfreude with GTX 760M

The Nvidia Drivers are very broken the system gets into a slideshow and can't be used for anything, X11 works better but there is a huge performance hit and struggles with vulkan and wine + are proprietary and abandonware.

Nvidia Open Source drivers are not supported

Nouveau works without issues and it's performance is on whole another level to anything that came out of nvidia for this GPU to the point where the GPU has to be downclocked as it pulls more resources out of the system than what the cooling solution was designed for and i am currently looking on how to upgrade the cooling for it.

For proofs and source all systems in NiXium are reproducible and sinnenfreude's readme has instructions on how to obtain one.

• Mracek with GTX1050M

Mracek is a control server in charge of sending instructions to the rest of the infrastructure while being very energy efficient. So less proprietary code the better as nvidia open-source drivers are not supported and sufficient yet.

In the unofficial nixos nvidia wiki it says: -- @TanvirOnGH (#79 (comment))

That wiki is outdated and unmaintained, nixos has an official wiki on https://wiki.nixos.org now

Source? If this is the case why isn't it enforced by nixpkgs/NixOS? -- @TanvirOnGH (#79 (comment))

it's specific to the device as nixos is used in production where the drivers are more critical they default the closed-source once.

Many critical issues are still open: NVIDIA/open-gpu-kernel-modules/issues and many proposed fixes: NVIDIA/open-gpu-kernel-modules/pulls -- @TanvirOnGH (#79 (comment))

Yea was looking at the driver being a piece of shit, but there doesn't seem to be much on what we can do.. going back in the releases we get more shit going up in releases we get a schrodinger's cat in terms of shit..

For Tupan user was informed about options which were:

1. Downgrading and getting more shit
2. Upgrading and getting shrodinger's cat shit
3. Using open-source drivers that nvidia considers beta quality
4. Nouveau that doesn't work for RTX4060M atm

It was decided to use the open-source nvidia drivers as they behave better and appear to be in much higher code quality with me monitoring the problem and changing the package as needs be and then migrating to nouveau even at the cost of performance hit as the system has way too much system resources and even if the performance drop was 30% it wouldn't affect the workflow.

I will have a similar brainstorm with you for cookie later.

Even though the user TLATER mentions some points on the practicality of using it in this discourse thread. Further investigations is needed before enabling it! -- @TanvirOnGH (#79 (comment))

NiXium in general is avoiding Nvidia GPUs whenever possible so that out of 67 systems it only became relevant with the introduction of tupac and cookie.. i have like 6 of their GPUs in a PCIE x16 format and i rather use the less resourceful intel and AMD as nvidia always was and is a trashware for anything software.

If you have better idea than what was said then propose it, i am monitoring this problem long term and looked into it at depth for 5 days and my conclusion was that with nvidia it's about deciding which pile of shit smells nicer.