Skip to content

Bug 41017: Tell Nvidia drivers not to create the shader cache.

Pier Angelo Vendrame requested to merge pierov/tor-browser-build:bug_41017 into main

Merge Info

Related Issues

Backporting

Timeline

  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Other: please explain
    • Not a critical bug fix, but still a disk leak (more or less, see the description) that could be easily avoided.

Issue Tracking

Review

Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macos : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : dan, ma1, pierov, richard
    • security : ma1
    • signing : boklm, richard
    • updater : pierov
    • misc/other : pierov, richard

See also testing requirements.

Change Description

While checking ma1's fix for .local/share, I've noticed I have a .cache directory, with two children: fontconfig and nvidia.

I think fontconfig is innocuous (but I haven't checked), whereas the nvidia directory has shader caches, that are created by the driver, which doesn't care of PBM.

I don't think all the cache is bad (e.g., it shouldn't be a problem for shaders used by the browser). However, I fear it might leak some sites that use WebGL and have peculiar shaders.

The cache itself is a mixed of binary and a sort of assembly in ASCII. I think comments and other possible precise references to origins of these shaders are removed. So, I think this cache would be very difficult to exploit, but it's also very easy to disable, so we could just do it.

How Tested

Hardware requirement: an Nvidia GPU.

  1. deleted the Browser/.cache/nvidia directory
  2. launched Tor Browser with an unpatched script
  3. noticed that even just launching Tor Browser creates shader cache (no WebGL needed, which makes sense, since acceleration is used for rendering if available in any case, AFAIK)
  4. closed Tor Browser
  5. defined the variable I'm adding in my local shell
  6. started Tor Browser again
  7. noticed that the .cache/nvidia directory is not created

Merge request reports