commit 2f9e01e0c5c79490eb8232cafa479f77ca95f080
Author: Nicolas Viéville <nicolas.vieville(a)uphf.fr>
Date: Sat Dec 2 16:02:04 2023 +0100
Add patch for kernel >= 6.6
Add patch for disabling module loading when Indirect Branch Tracking is active
Signed-off-by: Nicolas Viéville <nicolas.vieville(a)uphf.fr>
...m_gem_prime_handle_to_fd-changes-from-470.patch | 49 +++++++++++++++++
...e-to-load-legacy-module-if-IBT-is-enabled.patch | 63 ++++++++++++++++++++++
nvidia-390xx-kmod.spec | 11 +++-
3 files changed, 122 insertions(+), 1 deletion(-)
---
diff --git
a/nvidia-390xx-kmod-0029-kernel-6.6-backport-drm_gem_prime_handle_to_fd-changes-from-470.patch
b/nvidia-390xx-kmod-0029-kernel-6.6-backport-drm_gem_prime_handle_to_fd-changes-from-470.patch
new file mode 100644
index 0000000..8fa15d5
--- /dev/null
+++
b/nvidia-390xx-kmod-0029-kernel-6.6-backport-drm_gem_prime_handle_to_fd-changes-from-470.patch
@@ -0,0 +1,49 @@
+From df6b55bb77ad479fcbcbcdaffd756369ed9dc4fb Mon Sep 17 00:00:00 2001
+From: Andreas Beckmann <anbe(a)debian.org>
+Date: Wed, 1 Nov 2023 10:31:40 +0100
+Subject: [PATCH] backport drm_gem_prime_handle_to_fd changes from 470.223.02
+
+---
+ nvidia-drm/nvidia-drm-drv.c | 12 ++++++++++++
+ nvidia-drm/nvidia-drm.Kbuild | 1 +
+ 2 files changed, 13 insertions(+)
+
+diff --git a/nvidia-drm/nvidia-drm-drv.c b/nvidia-drm/nvidia-drm-drv.c
+index 7e6f5e8..c0cc77a 100644
+--- a/nvidia-drm/nvidia-drm-drv.c
++++ b/nvidia-drm/nvidia-drm-drv.c
+@@ -697,7 +697,19 @@ static struct drm_driver nv_drm_driver = {
+ .ioctls = nv_drm_ioctls,
+ .num_ioctls = ARRAY_SIZE(nv_drm_ioctls),
+
++/*
++ * linux-next commit 71a7974ac701 ("drm/prime: Unexport helpers for fd/handle
++ * conversion") unexports drm_gem_prime_handle_to_fd() and
++ * drm_gem_prime_fd_to_handle().
++ *
++ * Prior linux-next commit 6b85aa68d9d5 ("drm: Enable PRIME import/export for
++ * all drivers") made these helpers the default when .prime_handle_to_fd /
++ * .prime_fd_to_handle are unspecified, so it's fine to just skip specifying
++ * them if the helpers aren't present.
++ */
++#if NV_IS_EXPORT_SYMBOL_PRESENT_drm_gem_prime_handle_to_fd
+ .prime_handle_to_fd = drm_gem_prime_handle_to_fd,
++#endif
+
+ #if defined(NV_DRM_DRIVER_HAS_GEM_PRIME_CALLBACKS)
+ .gem_prime_export = nv_drm_gem_prime_export,
+diff --git a/nvidia-drm/nvidia-drm.Kbuild b/nvidia-drm/nvidia-drm.Kbuild
+index 60b0412..2a8148f 100644
+--- a/nvidia-drm/nvidia-drm.Kbuild
++++ b/nvidia-drm/nvidia-drm.Kbuild
+@@ -51,6 +51,7 @@ NV_CONFTEST_GENERIC_COMPILE_TESTS += drm_available
+ NV_CONFTEST_GENERIC_COMPILE_TESTS += drm_atomic_available
+ NV_CONFTEST_GENERIC_COMPILE_TESTS += is_export_symbol_gpl_refcount_inc
+ NV_CONFTEST_GENERIC_COMPILE_TESTS += is_export_symbol_gpl_refcount_dec_and_test
++NV_CONFTEST_GENERIC_COMPILE_TESTS +=
is_export_symbol_present_drm_gem_prime_handle_to_fd
+
+ NV_CONFTEST_FUNCTION_COMPILE_TESTS += drm_dev_unref
+ NV_CONFTEST_FUNCTION_COMPILE_TESTS += drm_reinit_primary_mode_group
+--
+2.20.1
+
diff --git
a/nvidia-390xx-kmod-0030-kernel-6.6-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
b/nvidia-390xx-kmod-0030-kernel-6.6-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
new file mode 100644
index 0000000..42b6ee9
--- /dev/null
+++
b/nvidia-390xx-kmod-0030-kernel-6.6-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
@@ -0,0 +1,63 @@
+From 482c238246824854f9b732b514318a5cc736b712 Mon Sep 17 00:00:00 2001
+From: Andreas Beckmann <anbe(a)debian.org>
+Date: Sat, 4 Nov 2023 00:44:56 +0100
+Subject: [PATCH] refuse to load legacy module if IBT is enabled
+
+IBT (Indirect Branch Tracking) has been enabled by default (compiled in
+everywhere since it is effectively a no-op and enabled at runtime on
+supported CPUs, i.e. 11th gen. Intel Core processors (aka Tigerlake) or
+newer) since Linux 6.2, it can be disabled by booting with ibt=off.
+All entry points reachable from indirect JMP or CALL instructions need
+to contain the ENDBR instruction (actually just a NOP that is given a
+special meaning by enabling IBT) otherwise the CPU will raise a control
+flow exception.
+
+If the BLOB part of the NVIDIA module hasn't been built with IBT
+support, the module cannot be used if IBT is active. Check for that
+condition and abort module load to avoid kernel errors later.
+
+https://bugs.debian.org/1052069
+---
+ nvidia-modeset/nvidia-modeset-linux.c | 7 +++++++
+ nvidia/nv.c | 7 +++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/nvidia-modeset/nvidia-modeset-linux.c
b/nvidia-modeset/nvidia-modeset-linux.c
+index e98c748..5bed9dd 100644
+--- a/nvidia-modeset/nvidia-modeset-linux.c
++++ b/nvidia-modeset/nvidia-modeset-linux.c
+@@ -1205,6 +1205,13 @@ static int __init nvkms_init(void)
+ {
+ int ret;
+
++#ifdef CONFIG_X86_KERNEL_IBT
++ if (cpu_feature_enabled(X86_FEATURE_IBT)) {
++ printk(KERN_ERR NVKMS_LOG_PREFIX "This NVIDIA driver version is
incompatible with IBT. Try booting with ibt=off.");
++ return -EINVAL;
++ }
++#endif
++
+ ret = nvkms_alloc_rm();
+
+ if (ret != 0) {
+diff --git a/nvidia/nv.c b/nvidia/nv.c
+index 4fa9c23..ad64e88 100644
+--- a/nvidia/nv.c
++++ b/nvidia/nv.c
+@@ -776,6 +776,13 @@ int __init nvidia_init_module(void)
+ nv_state_t *nv = NV_STATE_PTR(&nv_ctl_device);
+ nvidia_stack_t *sp = NULL;
+
++#ifdef CONFIG_X86_KERNEL_IBT
++ if (cpu_feature_enabled(X86_FEATURE_IBT)) {
++ printk(KERN_ERR "NVRM: This NVIDIA driver version is incompatible with IBT.
Try booting with ibt=off.");
++ return -EINVAL;
++ }
++#endif
++
+ if (nv_multiple_kernel_modules)
+ {
+ nv_printf(NV_DBG_INFO, "NVRM: nvidia module instance %d\n",
+--
+2.20.1
+
diff --git a/nvidia-390xx-kmod.spec b/nvidia-390xx-kmod.spec
index fc5456d..35a3111 100644
--- a/nvidia-390xx-kmod.spec
+++ b/nvidia-390xx-kmod.spec
@@ -18,7 +18,7 @@ Name: nvidia-390xx-kmod
Epoch: 3
Version: 390.157
# Taken over by kmodtool
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: NVIDIA 390xx display driver kernel module
Group: System Environment/Kernel
License: Redistributable, no modification permitted
@@ -42,6 +42,8 @@ Patch21: nvidia-390xx-kmod-0025-kernel-6.3-adaptation.patch
Patch22: nvidia-390xx-kmod-0026-kernel-6.4-adaptation.patch
Patch23:
nvidia-390xx-kmod-0027-kernel-6.5-garbage-collect-all-references-to-get_user.patch
Patch24:
nvidia-390xx-kmod-0028-kernel-6.5-handle-get_user_pages-vmas-argument-remova.patch
+Patch25:
nvidia-390xx-kmod-0029-kernel-6.6-backport-drm_gem_prime_handle_to_fd-changes-from-470.patch
+Patch26:
nvidia-390xx-kmod-0030-kernel-6.6-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
# build system updates
Patch30: use-kbuild-compiler.patch
@@ -85,6 +87,8 @@ tar --use-compress-program xz -xf
%{_datadir}/%{name}-%{version}/%{name}-%{versi
%patch -P 22 -p1 -b 22
%patch -P 23 -p1 -b 23 -d kernel
%patch -P 24 -p1 -b 24 -d kernel
+%patch -P 25 -p1 -b 25 -d kernel
+%patch -P 26 -p1 -b 26 -d kernel
%patch -P 30 -p1 -b 30 -d kernel
%patch -P 31 -p1 -b 31 -d kernel
@@ -122,6 +126,11 @@ done
%changelog
+* Sat Dec 02 2023 Nicolas Viéville <nicolas.vieville(a)uphf.fr> - 3:390.157-6
+- Renamed kernel 6.5 patches
+- Add patch for kernel >= 6.6 - RFBZ#6802
+- Add patch for disabling module loading when Indirect Branch Tracking is active
+
* Tue Sep 12 2023 Leigh Scott <leigh123linux(a)gmail.com> - 3:390.157-5
- Add patch for kernel >= 6.5