Bug#1056138: bullseye-pu: package nvidia-graphics-drivers/470.223.02-1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
In oder to fix CVE-2023-31022 we need to upgrade nvidia-graphics-drivers
to a new upstream release.
[ Impact ]
A proprietary graphics driver with more CVEs open.
[ Tests ]
Only module building has been tested. Anything else would require
certain hardware and driver usage.
[ Risks ]
Low. Upgrading to a new nvidia driver release in (old-)stable is an
established procedure.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
(excluding the blobs)
[*] attach debdiff against the package in (old)stable
(excluding the blobs)
[ ] the issue is verified as fixed in unstable
will be fixed by uploads of src:nvidia-graphics-drivers{,-tesla} 525.*
and src:nvidia-graphics-drivers-tesla-470 to sid soon
[ Changes ]
There is a new patch added which is only relevant for using this driver
with a backported Linux 6.2+ on a recent Intel CPU. As the blob parts
are not built with Indirect Branch Tracking (IBT) support, the module
cannot be used on CPU+kernel combination that enables IBT by default
unless it is booted with ibt=off.
There are only minor additional packaging changes.
[ Other info ]
This package is functionally equivalent to
src:nvidia-graphics-drivers-tesla-470 470.223.02-1 which will soon be in
sid and bookworm-pu.
Andreas
diff --git a/debian/README.source b/debian/README.source
index 4c3ae0a0..ad7d55ba 100644
--- a/debian/README.source
+++ b/debian/README.source
@@ -29,7 +29,7 @@ Upstream support timeframes
Tesla 410 EoL
Tesla 418 (LTSB) 03/2022 EoL
Tesla 440 11/2020 EoL
- Tesla 450 (LTSB) 07/2023
+ Tesla 450 (LTSB) 07/2023 EoL
Tesla 460 (PB) 01/2022 EoL
Tesla 470 (LTSB) 07/2024
Tesla 510 (PB) 01/2023 EoL
@@ -61,9 +61,10 @@ The branch structure in the GIT repository
418-bullseye EoL (bullseye) 450, 418-tesla
418-tesla EoL (bullseye) 450-tesla, tesla-418/main
tesla-418/main EoL bullseye,sid tesla-450/main
- 450 (bullseye) 460, 450-tesla
- 450-tesla (bullseye) 460-tesla, tesla-450/main
- tesla-450/main bullseye,sid tesla-460/main
+ 450 EoL (bullseye) 460, 450-tesla
+ 450-tesla EoL (bullseye) 460-tesla, tesla-450/main
+ tesla-450/main EoL (bullseye),(sid) tesla-460/main, tesla-450/transition-470
+ tesla-450/transition-470 bullseye,sid tesla-460/transition-470
460 EoL (bullseye) 470, 460-tesla
460-tesla EoL (bullseye) 470-tesla, tesla-460/main
tesla-460/main EoL (bullseye),(sid) tesla-470/main, tesla-460/transition-470
diff --git a/debian/changelog b/debian/changelog
index 95a17e09..70ab5236 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,44 @@
+nvidia-graphics-drivers (470.223.02-1) bullseye; urgency=medium
+
+ * New upstream long term support branch release 470.223.02 (2023-10-31).
+ * Fixed CVE-2023-31022. (Closes: #1055136)
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5491
+ - Fixed a bug which caused incorrect reporting of presentation
+ times when using the VK_NV_present_barrier Vulkan extension.
+ * Improved compatibility with recent Linux kernels.
+
+ [ Andreas Beckmann ]
+ * Refresh patches.
+ * Upload to bullseye.
+
+ -- Andreas Beckmann <anbe@debian.org> Fri, 17 Nov 2023 14:40:09 +0100
+
+nvidia-graphics-drivers (470.199.02-4) UNRELEASED; urgency=medium
+
+ * Refuse to load module if IBT is enabled. (Closes: #1052069)
+ * Switch suggestion from obsolete vulkan-utils to vulkan-tools
+ (525.125.06-3). (Closes: #1055503)
+
+ -- Andreas Beckmann <anbe@debian.org> Wed, 15 Nov 2023 09:41:22 +0100
+
+nvidia-graphics-drivers (470.199.02-3) UNRELEASED; urgency=medium
+
+ * Revert backport of pin_user_pages changes.
+ * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
+ module build for Linux 6.6.
+
+ -- Andreas Beckmann <anbe@debian.org> Fri, 03 Nov 2023 12:03:43 +0100
+
+nvidia-graphics-drivers (470.199.02-2) UNRELEASED; urgency=medium
+
+ * Backport get_user_pages and pin_user_pages changes from 520.56.06,
+ 525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
+
+ -- Andreas Beckmann <anbe@debian.org> Wed, 16 Aug 2023 20:12:16 +0200
+
nvidia-graphics-drivers (470.199.02-1) bullseye; urgency=medium
- * New upstream production branch release 470.199.02 (2023-06-26).
+ * New upstream long term support branch release 470.199.02 (2023-06-26).
* Fixed CVE-2023-25515, CVE-2023-25516. (Closes: #1039678)
https://nvidia.custhelp.com/app/answers/detail/a_id/5468
* Improved compatibility with recent Linux kernels.
@@ -13,16 +51,16 @@ nvidia-graphics-drivers (470.199.02-1) bullseye; urgency=medium
nvidia-graphics-drivers (470.182.03-2) UNRELEASED; urgency=medium
- * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
- kernel module build for Linux 6.3.
* Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
module build for Linux 6.4.
+ * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
+ kernel module build for Linux 6.3.
-- Andreas Beckmann <anbe@debian.org> Sun, 18 Jun 2023 14:02:19 +0200
nvidia-graphics-drivers (470.182.03-1) bullseye; urgency=medium
- * New upstream production branch release 470.182.03 (2023-03-30).
+ * New upstream long term support branch release 470.182.03 (2023-03-30).
* Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185,
CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
@@ -63,7 +101,7 @@ nvidia-graphics-drivers (470.161.03-2) UNRELEASED; urgency=medium
nvidia-graphics-drivers (470.161.03-1) bullseye; urgency=medium
- * New upstream production branch release 470.161.03 (2022-11-22).
+ * New upstream long term support branch release 470.161.03 (2022-11-22).
* Fixed CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
@@ -111,7 +149,7 @@ nvidia-graphics-drivers (470.141.03-1~deb11u1) bullseye; urgency=medium
nvidia-graphics-drivers (470.141.03-1) unstable; urgency=medium
- * New upstream production branch release 470.141.03 (2022-08-02).
+ * New upstream long term support branch release 470.141.03 (2022-08-02).
* Fixed CVE-2022-31607, CVE-2022-31608, CVE-2022-31615. (Closes: #1016614)
https://nvidia.custhelp.com/app/answers/detail/a_id/5383
- Added support for the following GPU: GeForce RTX 3050 OEM.
@@ -174,7 +212,7 @@ nvidia-graphics-drivers (470.129.06-2) unstable; urgency=medium
nvidia-graphics-drivers (470.129.06-1) unstable; urgency=medium
- * New upstream production branch release 470.129.06 (2022-05-16).
+ * New upstream long term support branch release 470.129.06 (2022-05-16).
* Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
CVE-2022-28191, CVE-2022-28192. (Closes: #1011140)
https://nvidia.custhelp.com/app/answers/detail/a_id/5353
@@ -241,7 +279,7 @@ nvidia-graphics-drivers (470.103.01-2) unstable; urgency=medium
nvidia-graphics-drivers (470.103.01-1) unstable; urgency=medium
- * New upstream production branch release 470.103.01 (2022-01-31).
+ * New upstream long term support branch release 470.103.01 (2022-01-31).
* Fixed CVE-2022-21813, CVE-2022-21814. (Closes: #1004847)
https://nvidia.custhelp.com/app/answers/detail/a_id/5312
- Added an application profile to avoid an image corruption issue in
@@ -574,12 +612,23 @@ nvidia-graphics-drivers (465.24.02-1) experimental; urgency=medium
-- Andreas Beckmann <anbe@debian.org> Tue, 27 Apr 2021 18:48:53 +0200
+nvidia-graphics-drivers (460.106.00-13) UNRELEASED; urgency=medium
+
+ * Revert backport of pin_user_pages changes.
+ * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
+ module build for Linux 6.6.
+ * Refuse to load module if IBT is enabled.
+
+ -- Andreas Beckmann <anbe@debian.org> Tue, 14 Nov 2023 17:03:30 +0100
+
nvidia-graphics-drivers (460.106.00-12) UNRELEASED; urgency=medium
+ * Backport get_user_pages and pin_user_pages changes from 520.56.06,
+ 525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
* Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
module build for Linux 6.4.
- -- Andreas Beckmann <anbe@debian.org> Fri, 16 Jun 2023 18:50:07 +0200
+ -- Andreas Beckmann <anbe@debian.org> Wed, 16 Aug 2023 13:52:46 +0200
nvidia-graphics-drivers (460.106.00-11) UNRELEASED; urgency=medium
@@ -1015,6 +1064,22 @@ nvidia-graphics-drivers (455.23.04-1) experimental; urgency=medium
-- Andreas Beckmann <anbe@debian.org> Thu, 24 Sep 2020 21:52:54 +0200
+nvidia-graphics-drivers (450.248.02-3) UNRELEASED; urgency=medium
+
+ * Revert backport of pin_user_pages changes.
+ * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
+ module build for Linux 6.6.
+ * Refuse to load module if IBT is enabled.
+
+ -- Andreas Beckmann <anbe@debian.org> Tue, 14 Nov 2023 09:51:10 +0100
+
+nvidia-graphics-drivers (450.248.02-2) UNRELEASED; urgency=medium
+
+ * Backport get_user_pages and pin_user_pages changes from 520.56.06,
+ 525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
+
+ -- Andreas Beckmann <anbe@debian.org> Mon, 14 Aug 2023 23:37:02 +0200
+
nvidia-graphics-drivers (450.248.02-1) UNRELEASED; urgency=medium
* New upstream Tesla release 450.248.02 (2023-06-26).
@@ -1951,12 +2016,23 @@ nvidia-graphics-drivers (430.14-1) experimental; urgency=medium
-- Andreas Beckmann <anbe@debian.org> Sat, 25 May 2019 13:49:09 +0200
+nvidia-graphics-drivers (418.226.00-13) UNRELEASED; urgency=medium
+
+ * Revert backport of pin_user_pages changes.
+ * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
+ module build for Linux 6.6.
+ * Refuse to load module if IBT is enabled.
+
+ -- Andreas Beckmann <anbe@debian.org> Mon, 13 Nov 2023 13:27:57 +0100
+
nvidia-graphics-drivers (418.226.00-12) UNRELEASED; urgency=medium
+ * Backport get_user_pages and pin_user_pages changes from 520.56.06,
+ 525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
* Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
module build for Linux 6.4.
- -- Andreas Beckmann <anbe@debian.org> Fri, 16 Jun 2023 17:43:27 +0200
+ -- Andreas Beckmann <anbe@debian.org> Mon, 14 Aug 2023 13:47:48 +0200
nvidia-graphics-drivers (418.226.00-11) UNRELEASED; urgency=medium
@@ -2714,12 +2790,28 @@ nvidia-graphics-drivers (396.18-1) experimental; urgency=medium
-- Andreas Beckmann <anbe@debian.org> Sun, 22 Apr 2018 13:59:45 +0200
+nvidia-graphics-drivers (390.157-6) UNRELEASED; urgency=medium
+
+ * Revert backport of pin_user_pages changes.
+ * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
+ module build for Linux 6.6.
+ * Refuse to load module if IBT is enabled.
+
+ -- Andreas Beckmann <anbe@debian.org> Mon, 13 Nov 2023 10:01:19 +0100
+
+nvidia-graphics-drivers (390.157-5) UNRELEASED; urgency=medium
+
+ * Backport get_user_pages and pin_user_pages changes from 418.30, 520.56.06,
+ 525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
+
+ -- Andreas Beckmann <anbe@debian.org> Mon, 14 Aug 2023 02:18:45 +0200
+
nvidia-graphics-drivers (390.157-4) UNRELEASED; urgency=medium
* Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
module build for Linux 6.4.
- -- Andreas Beckmann <anbe@debian.org> Fri, 16 Jun 2023 17:29:02 +0200
+ -- Andreas Beckmann <anbe@debian.org> Wed, 02 Aug 2023 17:08:58 +0200
nvidia-graphics-drivers (390.157-3) UNRELEASED; urgency=medium
@@ -5519,6 +5611,15 @@ nvidia-graphics-drivers (343.22-1) experimental; urgency=medium
nvidia-graphics-drivers (340.108-2) UNRELEASED; urgency=medium
+ * Revert backport of pin_user_pages changes.
+ * Backport drm/drm_device.h check needed by drm_device_has_pdev backport.
+ * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
+ module build for Linux 6.6.
+ * Refuse to load module if IBT is enabled.
+
+ * Backport get_user_pages and pin_user_pages changes from 418.30, 520.56.06,
+ 525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
+
* Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
kernel module build for Linux 6.3.
@@ -8097,7 +8198,7 @@ nvidia-graphics-drivers (304.37-1) unstable; urgency=low
certain OpenGL applications such as Amnesia: The Dark Descent on GeForce
6 and 7 GPUs.
* New upstream release 295 series.
- * CVE-2012-4225 (Closes: 684781)
+ * CVE-2012-4225 (Closes: #684781)
- Implemented hotfix for a privilege escalation vulnerability reported on
August 1, 2012. For more details, see:
https://nvidia.custhelp.com/app/answers/detail/a_id/3140
diff --git a/debian/control b/debian/control
index cae4c936..eb5c5396 100644
--- a/debian/control
+++ b/debian/control
@@ -573,7 +573,7 @@ Recommends:
lib${nvidia}-cbl (= ${binary:Version}) [!i386 !ppc64el],
lib${nvidia}-rtcore (= ${binary:Version}) [!i386 !ppc64el],
Suggests:
- vulkan-utils,
+ vulkan-tools,
Enhances:
libvulkan1,
Provides:
diff --git a/debian/control.in b/debian/control.in
index 6fdb37ab..a2040d85 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -728,7 +728,7 @@ Recommends:
lib${nvidia}-cbl (= ${binary:Version}) [!i386 !ppc64el],
lib${nvidia}-rtcore (= ${binary:Version}) [!i386 !ppc64el],
Suggests:
- vulkan-utils,
+ vulkan-tools,
Enhances:
libvulkan1,
Provides:
diff --git a/debian/control.md5sum b/debian/control.md5sum
index 76e5a243..bb378212 100644
--- a/debian/control.md5sum
+++ b/debian/control.md5sum
@@ -1,5 +1,5 @@
-84fec3fc1b6554d3817ff507323c1491 debian/control
-a03b1c3511020f2bae70f2b938d106ee debian/control.in
+600775081fb8f27baa371a8ce1513b78 debian/control
+99d10c60efc952782c805b8ea4d00496 debian/control.in
8489c83cfe0171c9de6d052c01a6d19b debian/gen-control.pl
-38c5abbc803a9ccc4c7356d7bb12e641 debian/rules
-9b6a75c099315e21ed4bad4dedb3a0c7 debian/rules.defs
+71801b66e1b9d004d29d3f489a8879ec debian/rules
+d37390828cc9487fc8060d5145379af6 debian/rules.defs
diff --git a/debian/copyright b/debian/copyright
index bfb83b3c..bada53c9 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -15,7 +15,8 @@ Disclaimer:
Files:
amd64/*
arm64/*
-Copyright: 1993-2022 NVIDIA Corporation. All rights reserved.
+Copyright:
+ 1993-2023 NVIDIA Corporation. All rights reserved.
License: NVIDIA-graphics-drivers
Files: supported-gpus/supported-gpus.json
diff --git a/debian/module/debian/patches/0010-backport-pci-dma-changes-for-ppc64el.patch b/debian/module/debian/patches/0010-backport-pci-dma-changes-for-ppc64el.patch
deleted file mode 100644
index 6ee29edf..00000000
--- a/debian/module/debian/patches/0010-backport-pci-dma-changes-for-ppc64el.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 507de271fdf3d3c6649369efa1e681026f1695c1 Mon Sep 17 00:00:00 2001
-From: Andreas Beckmann <anbe@debian.org>
-Date: Mon, 20 Jun 2022 10:14:54 +0200
-Subject: [PATCH] backport pci/dma changes for ppc64el
-
----
- nvidia/nv.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/nvidia/nv.c b/nvidia/nv.c
-index dd57639..17e835f 100644
---- a/nvidia/nv.c
-+++ b/nvidia/nv.c
-@@ -4520,7 +4520,7 @@ NvU64 NV_API_CALL nv_get_dma_start_address(
- * Otherwise, the DMA start address only needs to be set once, and it
- * won't change afterward. Just return the cached value if asked again,
- * to avoid the kernel printing redundant messages to the kernel
-- * log when we call pci_set_dma_mask().
-+ * log when we call dma_set_mask().
- */
- if ((nv_tce_bypass_mode == NV_TCE_BYPASS_MODE_DISABLE) ||
- (nvl->tce_bypass_enabled))
-@@ -4570,19 +4570,19 @@ NvU64 NV_API_CALL nv_get_dma_start_address(
- * as the starting address for all DMA mappings.
- */
- saved_dma_mask = pci_dev->dma_mask;
-- if (pci_set_dma_mask(pci_dev, DMA_BIT_MASK(64)) != 0)
-+ if (dma_set_mask(&pci_dev->dev, DMA_BIT_MASK(64)) != 0)
- {
- goto done;
- }
-
-- dma_addr = pci_map_single(pci_dev, NULL, 1, DMA_BIDIRECTIONAL);
-- if (pci_dma_mapping_error(pci_dev, dma_addr))
-+ dma_addr = dma_map_single(&pci_dev->dev, NULL, 1, DMA_BIDIRECTIONAL);
-+ if (dma_mapping_error(&pci_dev->dev, dma_addr))
- {
-- pci_set_dma_mask(pci_dev, saved_dma_mask);
-+ dma_set_mask(&pci_dev->dev, saved_dma_mask);
- goto done;
- }
-
-- pci_unmap_single(pci_dev, dma_addr, 1, DMA_BIDIRECTIONAL);
-+ dma_unmap_single(&pci_dev->dev, dma_addr, 1, DMA_BIDIRECTIONAL);
-
- /*
- * From IBM: "For IODA2, native DMA bypass or KVM TCE-based implementation
-@@ -4614,7 +4614,7 @@ NvU64 NV_API_CALL nv_get_dma_start_address(
- */
- nv_printf(NV_DBG_WARNINGS,
- "NVRM: DMA window limited by platform\n");
-- pci_set_dma_mask(pci_dev, saved_dma_mask);
-+ dma_set_mask(&pci_dev->dev, saved_dma_mask);
- goto done;
- }
- else if ((dma_addr & saved_dma_mask) != 0)
-@@ -4633,7 +4633,7 @@ NvU64 NV_API_CALL nv_get_dma_start_address(
- */
- nv_printf(NV_DBG_WARNINGS,
- "NVRM: DMA window limited by memory size\n");
-- pci_set_dma_mask(pci_dev, saved_dma_mask);
-+ dma_set_mask(&pci_dev->dev, saved_dma_mask);
- goto done;
- }
- }
---
-2.20.1
-
diff --git a/debian/module/debian/patches/0033-refuse-to-load-legacy-module-if-IBT-is-enabled.patch b/debian/module/debian/patches/0033-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
new file mode 100644
index 00000000..fdf164a3
--- /dev/null
+++ b/debian/module/debian/patches/0033-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
@@ -0,0 +1,63 @@
+From 4cbf69d932c2802dd52bb6f3036909d3c46861e5 Mon Sep 17 00:00:00 2001
+From: Andreas Beckmann <anbe@debian.org>
+Date: Sat, 4 Nov 2023 00:44:56 +0100
+Subject: [PATCH] refuse to load legacy module if IBT is enabled
+
+IBT (Indirect Branch Tracking) has been enabled by default (compiled in
+everywhere since it is effectively a no-op and enabled at runtime on
+supported CPUs, i.e. 11th gen. Intel Core processors (aka Tigerlake) or
+newer) since Linux 6.2, it can be disabled by booting with ibt=off.
+All entry points reachable from indirect JMP or CALL instructions need
+to contain the ENDBR instruction (actually just a NOP that is given a
+special meaning by enabling IBT) otherwise the CPU will raise a control
+flow exception.
+
+If the BLOB part of the NVIDIA module hasn't been built with IBT
+support, the module cannot be used if IBT is active. Check for that
+condition and abort module load to avoid kernel errors later.
+
+https://bugs.debian.org/1052069
+---
+ nvidia-modeset/nvidia-modeset-linux.c | 7 +++++++
+ nvidia/nv.c | 7 +++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/nvidia-modeset/nvidia-modeset-linux.c b/nvidia-modeset/nvidia-modeset-linux.c
+index 04a8ac4..b0a3443 100644
+--- a/nvidia-modeset/nvidia-modeset-linux.c
++++ b/nvidia-modeset/nvidia-modeset-linux.c
+@@ -1651,6 +1651,13 @@ static int __init nvkms_init(void)
+ {
+ int ret;
+
++#ifdef CONFIG_X86_KERNEL_IBT
++ if (cpu_feature_enabled(X86_FEATURE_IBT)) {
++ printk(KERN_ERR NVKMS_LOG_PREFIX "This NVIDIA driver version is incompatible with IBT. Try booting with ibt=off.");
++ return -EINVAL;
++ }
++#endif
++
+ atomic_set(&nvkms_alloc_called_count, 0);
+
+ ret = nvkms_alloc_rm();
+diff --git a/nvidia/nv.c b/nvidia/nv.c
+index 42778da..7f57503 100644
+--- a/nvidia/nv.c
++++ b/nvidia/nv.c
+@@ -739,6 +739,13 @@ int __init nvidia_init_module(void)
+ nvidia_stack_t *sp = NULL;
+ NvU32 allow_no_gpu_init = 0;
+
++#ifdef CONFIG_X86_KERNEL_IBT
++ if (cpu_feature_enabled(X86_FEATURE_IBT)) {
++ printk(KERN_ERR "NVRM: This NVIDIA driver version is incompatible with IBT. Try booting with ibt=off.");
++ return -EINVAL;
++ }
++#endif
++
+ nv_memdbg_init();
+
+ rc = nv_procfs_init();
+--
+2.20.1
+
diff --git a/debian/module/debian/patches/bashisms.patch b/debian/module/debian/patches/bashisms.patch
index b3b77a67..8e934075 100644
--- a/debian/module/debian/patches/bashisms.patch
+++ b/debian/module/debian/patches/bashisms.patch
@@ -3,7 +3,7 @@ Description: fix bashisms in conftest.sh
--- a/conftest.sh
+++ b/conftest.sh
-@@ -5151,7 +5151,7 @@ case "$5" in
+@@ -5311,7 +5311,7 @@ case "$5" in
if [ -n "$VGX_BUILD" ]; then
if [ -f /proc/xen/capabilities ]; then
diff --git a/debian/module/debian/patches/cc_version_check-gcc5.patch b/debian/module/debian/patches/cc_version_check-gcc5.patch
index e836edf6..40f14c60 100644
--- a/debian/module/debian/patches/cc_version_check-gcc5.patch
+++ b/debian/module/debian/patches/cc_version_check-gcc5.patch
@@ -5,7 +5,7 @@ Description: ignore __GNUC_MINOR__ from GCC 5 onwards
--- a/conftest.sh
+++ b/conftest.sh
-@@ -4981,7 +4981,7 @@ case "$5" in
+@@ -5141,7 +5141,7 @@ case "$5" in
kernel_cc_minor=`echo ${kernel_cc_version} | cut -d '.' -f 2`
echo "
diff --git a/debian/module/debian/patches/conftest-verbose.patch b/debian/module/debian/patches/conftest-verbose.patch
index ac7db766..8fbecb4a 100644
--- a/debian/module/debian/patches/conftest-verbose.patch
+++ b/debian/module/debian/patches/conftest-verbose.patch
@@ -42,7 +42,7 @@ Description: dump the generated conftest headers
# Each of these headers is checked for presence with a test #include; a
-@@ -251,8 +265,9 @@ NV_HEADER_PRESENCE_PART = $(addprefix $(
+@@ -252,8 +266,9 @@ NV_HEADER_PRESENCE_PART = $(addprefix $(
# Define a rule to check the header $(1).
define NV_HEADER_PRESENCE_CHECK
@@ -53,7 +53,7 @@ Description: dump the generated conftest headers
@$$(NV_CONFTEST_CMD) test_kernel_header '$$(NV_CONFTEST_CFLAGS)' '$(1)' > $$@
endef
-@@ -262,6 +277,8 @@ $(foreach header,$(NV_HEADER_PRESENCE_TE
+@@ -263,6 +278,8 @@ $(foreach header,$(NV_HEADER_PRESENCE_TE
# Concatenate all of the parts into headers.h.
$(obj)/conftest/headers.h: $(call NV_HEADER_PRESENCE_PART,$(NV_HEADER_PRESENCE_TESTS))
@cat $^ > $@
@@ -62,7 +62,7 @@ Description: dump the generated conftest headers
clean-dirs := $(obj)/conftest
-@@ -282,7 +299,8 @@ BUILD_SANITY_CHECKS = \
+@@ -283,7 +300,8 @@ BUILD_SANITY_CHECKS = \
.PHONY: $(BUILD_SANITY_CHECKS)
diff --git a/debian/module/debian/patches/linux-2.6.34-dev_pm_info-runtime_auto.patch b/debian/module/debian/patches/linux-2.6.34-dev_pm_info-runtime_auto.patch
index 3714e837..5a5b26cd 100644
--- a/debian/module/debian/patches/linux-2.6.34-dev_pm_info-runtime_auto.patch
+++ b/debian/module/debian/patches/linux-2.6.34-dev_pm_info-runtime_auto.patch
@@ -2,7 +2,7 @@ Description: dev->power.runtime_auto was not yet in v2.6.32
--- a/conftest.sh
+++ b/conftest.sh
-@@ -3494,12 +3494,14 @@ compile_test() {
+@@ -3654,12 +3654,14 @@ compile_test() {
# d30d819dc8310 in v3.19 (2014-11-27).
# Rather than attempt to select the appropriate CONFIG option,
# simply check if this member is present.
diff --git a/debian/module/debian/patches/series.in b/debian/module/debian/patches/series.in
index 342b3b34..dabdb473 100644
--- a/debian/module/debian/patches/series.in
+++ b/debian/module/debian/patches/series.in
@@ -3,7 +3,7 @@ bashisms.patch
# kernel support
linux-2.6.34-dev_pm_info-runtime_auto.patch
-0010-backport-pci-dma-changes-for-ppc64el.patch
+0033-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
ppc64el.patch
# build system updates
diff --git a/debian/nvidia-options.conf.in b/debian/nvidia-options.conf.in
index 5f878850..014bb5d9 100644
--- a/debian/nvidia-options.conf.in
+++ b/debian/nvidia-options.conf.in
@@ -1,4 +1,10 @@
#options #MODULE# NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 NVreg_DeviceFileMode=0660
-# To enable FastWrites and Sidebus addressing, uncomment these lines
-# options #MODULE# NVreg_EnableAGPSBA=1
-# options #MODULE# NVreg_EnableAGPFW=1
+
+# To grant performance counter access to unprivileged users, uncomment the following line:
+#options #MODULE# NVreg_RestrictProfilingToAdminUsers=0
+
+# Uncomment to enable this power management feature:
+#options #MODULE# NVreg_PreserveVideoMemoryAllocations=1
+
+# Uncomment to enable this power management feature:
+#options #MODULE# NVreg_EnableS0ixPowerManagement=1
diff --git a/debian/rules b/debian/rules
index 6f060858..551d91b7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,8 @@
include /usr/share/dpkg/architecture.mk
include /usr/share/dpkg/pkg-info.mk
+NVIDIA_RELEASE = $(DEB_VERSION_UPSTREAM)
+NVIDIA_MAJOR = $(firstword $(subst ., ,$(NVIDIA_RELEASE)))
include debian/rules.defs
NVIDIA_TESLA ?=
NVIDIA_LEGACY ?=
@@ -25,9 +27,8 @@ NO_AUTOPKGTEST_ARCH_LIST?=
NO_VULKAN_ARCH_LIST ?=
NO_GSP_ARCH_LIST ?=
-NVIDIA_RELEASE = $(DEB_VERSION_UPSTREAM)
version = $(NVIDIA_RELEASE)
-version_major = $(firstword $(subst ., ,$(version)))
+version_major = $(NVIDIA_MAJOR)
ifeq (yes,$(NVIDIA_TESLA))
variant = $(if $(NVIDIA_TESLA),tesla)
variant_description = $(if $(NVIDIA_TESLA), (Tesla version))
@@ -233,6 +234,8 @@ override_dh_auto_clean:
execute_after_dh_clean:
$(RM) $(AUTOCLEAN)
+ md5sum --check debian/control.md5sum --status || \
+ touch debian/rules.defs
$(MAKE) -f debian/rules $(AUTOKEEP)
# this will fail unless debian/control{,.md5sum} is up-to-date
md5sum --check debian/control.md5sum --status || \
diff --git a/debian/rules.defs b/debian/rules.defs
index 97fda3f3..61d8600f 100644
--- a/debian/rules.defs
+++ b/debian/rules.defs
@@ -3,15 +3,15 @@
#NVIDIA_TESLA = yes
#NVIDIA_TESLA = $(TESLA_MAJOR)
#NVIDIA_LEGACY =
-WATCH_VERSION = 470
+WATCH_VERSION = $(NVIDIA_MAJOR)
-NVIDIA_SETTINGS = nvidia-settings (>= $(version_major))
+NVIDIA_SETTINGS = nvidia-settings (>= $(NVIDIA_MAJOR))
NVIDIA_LEGACY_CHECK = nvidia-legacy-check (>= 396) [amd64]
XORG_ABI_LIST = 25 24 23 20 19 18 15 14 13 12 11 10 8 6.0
XORG_BOUND = (<< 2:21.99)
-LINUX_KMOD_TESTED = 6.4
+LINUX_KMOD_TESTED = 6.6
ARCH_LIST = amd64
ARCH_LIST += i386
diff --git a/debian/tests/control b/debian/tests/control
index 22890398..e752de28 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -8,21 +8,21 @@ Depends:
# amd64
linux-headers-amd64 [amd64],
linux-headers-cloud-amd64 [amd64],
- linux-headers-rt-amd64 [amd64],
+# linux-headers-rt-amd64 [amd64],
# i386
linux-headers-686 [i386],
linux-headers-686-pae [i386],
- linux-headers-rt-686-pae [i386],
+# linux-headers-rt-686-pae [i386],
# armhf
linux-headers-armmp [armhf],
linux-headers-armmp-lpae [armhf],
- linux-headers-rt-armmp [armhf],
+# linux-headers-rt-armmp [armhf],
# ppc64el
linux-headers-powerpc64le [ppc64el],
# arm64
linux-headers-arm64 [arm64],
linux-headers-cloud-arm64 [arm64],
- linux-headers-rt-arm64 [arm64],
+# linux-headers-rt-arm64 [arm64],
Restrictions:
superficial,
needs-root,
diff --git a/debian/tests/control.in b/debian/tests/control.in
index 6aa0a3bd..f476e9b3 100644
--- a/debian/tests/control.in
+++ b/debian/tests/control.in
@@ -8,21 +8,21 @@ Depends:
# amd64
linux-headers-amd64 [amd64],
linux-headers-cloud-amd64 [amd64],
- linux-headers-rt-amd64 [amd64],
+# linux-headers-rt-amd64 [amd64],
# i386
linux-headers-686 [i386],
linux-headers-686-pae [i386],
- linux-headers-rt-686-pae [i386],
+# linux-headers-rt-686-pae [i386],
# armhf
linux-headers-armmp [armhf],
linux-headers-armmp-lpae [armhf],
- linux-headers-rt-armmp [armhf],
+# linux-headers-rt-armmp [armhf],
# ppc64el
linux-headers-powerpc64le [ppc64el],
# arm64
linux-headers-arm64 [arm64],
linux-headers-cloud-arm64 [arm64],
- linux-headers-rt-arm64 [arm64],
+# linux-headers-rt-arm64 [arm64],
Restrictions:
superficial,
needs-root,
Reply to: