Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
[ Reason ]
To finish the update series of the nvidia 535 driver series and fix a
few new CVEs we need to update src:nvidia-open-gpu-kernel-modules to a
new upstream release, too.
There are no additional packaging changes besides refreshing the
patches.
[ Impact ]
A graphics driver with open CVEs.
[ Tests ]
Only building the module has been tested, everything else would require
usage of nvidia GPUs and drivers.
[ Risks ]
Updating to a new upstream release from the same series is an
established procedure in stable.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[.] I reviewed all changes and I approve them
only the debian part, the upstream part is partly firmware blobs
as hexdump and otherwise full of new features and reorganizations
[.] attach debdiff against the package in (old)stable
The full debdiff for debian/* is attached, for the upstream part
(i.e. what is equivalent to the blob in
src:nvidia-graphics-drivers/non-free I'm only attaching the diffstat.
[*] the issue is verified as fixed in unstable
[ Changes ]
+nvidia-open-gpu-kernel-modules (535.183.01-1~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm.
+
+ -- Andreas Beckmann <a...@debian.org> Wed, 19 Jun 2024 09:17:48 +0200
+
+nvidia-open-gpu-kernel-modules (535.183.01-1) unstable; urgency=medium
+
+ * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
+ * Fixed CVE-2024-0090, CVE-2024-0092. (Closes: #1072800)
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5551
+ * New upstream long term support branch release 535.179 (2024-05-09).
+ * New upstream long term support branch release 535.171.04 (2024-03-21).
+ * Sync with src:nvidia-graphics-drivers.
+ * Refresh patches.
+
+ -- Andreas Beckmann <a...@debian.org> Wed, 19 Jun 2024 04:56:43 +0200
README.md | 12 +-
debian/changelog | 18 +
debian/patches/hmm.patch | 10 +-
...-remove-empty-lines-from-uts_release-outp.patch | 6 +-
debian/patches/module/0034-fix-typos.patch | 6 +-
debian/patches/module/bashisms.patch | 2 +-
debian/patches/module/cc_version_check-gcc5.patch | 2 +-
debian/patches/module/conftest-verbose.patch | 14 +-
debian/patches/module/series.in | 2 +-
debian/patches/module/use-kbuild-flags.patch | 12 +-
kernel-open/Kbuild | 4 +-
kernel-open/common/inc/nv-linux.h | 27 +-
kernel-open/conftest.sh | 60 +-
kernel-open/nvidia-modeset/nvidia-modeset-linux.c | 6 +-
kernel-open/nvidia-uvm/uvm_ats.h | 10 -
kernel-open/nvidia-uvm/uvm_ats_faults.c | 174 +++-
kernel-open/nvidia-uvm/uvm_ats_faults.h | 20 +
kernel-open/nvidia-uvm/uvm_gpu.h | 20 +-
kernel-open/nvidia-uvm/uvm_gpu_access_counters.c | 193 +++-
kernel-open/nvidia-uvm/uvm_gpu_replayable_faults.c | 10 +-
kernel-open/nvidia-uvm/uvm_linux.h | 10 +
kernel-open/nvidia-uvm/uvm_test.c | 28 +-
kernel-open/nvidia-uvm/uvm_test_ioctl.h | 2 -
kernel-open/nvidia-uvm/uvm_va_space_mm.c | 4 +-
kernel-open/nvidia/nv-pci.c | 9 +
kernel-open/nvidia/nv.c | 6 +-
kernel-open/nvidia/nvidia.Kbuild | 2 +
kernel-open/nvidia/os-interface.c | 151 ++-
kernel-open/nvidia/os-mlock.c | 67 +-
src/common/displayport/inc/dp_connectorimpl.h | 3 +-
src/common/displayport/inc/dp_regkeydatabase.h | 10 +-
src/common/displayport/src/dp_connectorimpl.cpp | 6 +-
src/common/displayport/src/dp_evoadapter.cpp | 5 +-
src/common/inc/nvBldVer.h | 20 +-
src/common/inc/nvUnixVersion.h | 2 +-
.../inc/swref/published/ampere/ga100/dev_runlist.h | 62 +-
src/common/nvlink/interface/nvlink.h | 4 +-
.../nvswitch/kernel/inc/soe/bin/g_soeuc_lr10_dbg.h | 1098 ++++++++++----------
.../nvswitch/kernel/inc/soe/bin/g_soeuc_lr10_prd.h | 1098 ++++++++++----------
.../nvidia/inc/ctrl/ctrl2080/ctrl2080internal.h | 13 +
src/common/sdk/nvidia/inc/nvos.h | 1 +
.../uproc/os/common/include/nv-crashcat-decoder.h | 7 +
src/common/uproc/os/common/include/nv-crashcat.h | 27 +-
src/nvidia-modeset/Makefile | 1 +
src/nvidia-modeset/include/nvkms-hdmi.h | 2 +-
src/nvidia-modeset/src/nvkms-dpy.c | 23 +-
src/nvidia-modeset/src/nvkms-evo.c | 6 +-
src/nvidia-modeset/src/nvkms-evo3.c | 27 +-
src/nvidia-modeset/src/nvkms-hdmi.c | 4 +-
src/nvidia/Makefile | 1 +
.../arch/nvalloc/common/inc/dev_ctrl_defines.h | 5 +-
src/nvidia/arch/nvalloc/common/inc/nvcst.h | 3 +-
src/nvidia/arch/nvalloc/common/inc/oob/smbpbi.h | 14 +-
src/nvidia/generated/g_crashcat_report_nvoc.c | 10 +
src/nvidia/generated/g_crashcat_report_nvoc.h | 13 +
src/nvidia/generated/g_gpu_nvoc.h | 3 +
src/nvidia/generated/g_kernel_fifo_nvoc.c | 22 +
src/nvidia/generated/g_kernel_fifo_nvoc.h | 27 +
.../generated/g_kernel_graphics_context_nvoc.h | 6 +-
src/nvidia/generated/g_kernel_graphics_nvoc.c | 47 +
src/nvidia/generated/g_kernel_graphics_nvoc.h | 75 ++
src/nvidia/generated/g_kernel_gsp_nvoc.h | 10 +
src/nvidia/generated/g_nv_name_released.h | 4 +
src/nvidia/generated/g_profiler_v2_nvoc.h | 2 +-
src/nvidia/generated/g_subdevice_nvoc.c | 781 +++++++-------
src/nvidia/generated/g_subdevice_nvoc.h | 8 +
src/nvidia/generated/g_vgpuconfigapi_nvoc.c | 8 +-
src/nvidia/generated/g_vgpuconfigapi_nvoc.h | 2 +-
src/nvidia/inc/kernel/gpu/gsp/gsp_static_config.h | 1 +
src/nvidia/inc/kernel/gpu/gsp/message_queue_priv.h | 20 +
src/nvidia/interface/nvrm_registry.h | 8 +
src/nvidia/kernel/vgpu/nv/rpc.c | 4 +
src/nvidia/src/kernel/gpu/device.c | 2 +-
.../gpu/fifo/arch/ampere/kernel_fifo_ga100.c | 91 ++
src/nvidia/src/kernel/gpu/fifo/kernel_channel.c | 11 +-
src/nvidia/src/kernel/gpu/fsp/kern_fsp.c | 38 +-
.../kernel/gpu/gr/arch/turing/kgraphics_tu102.c | 333 ++++++
src/nvidia/src/kernel/gpu/gr/kernel_graphics.c | 52 +-
.../src/kernel/gpu/gr/kernel_graphics_context.c | 9 +-
.../kernel/gpu/gsp/arch/turing/kernel_gsp_tu102.c | 28 +-
src/nvidia/src/kernel/gpu/gsp/kernel_gsp.c | 75 ++
src/nvidia/src/kernel/gpu/gsp/message_queue_cpu.c | 47 +-
src/nvidia/src/kernel/gpu/mem_mgr/mem_desc.c | 2 +
src/nvidia/src/kernel/gpu/mem_mgr/vaspace_api.c | 3 +-
src/nvidia/src/kernel/mem_mgr/video_mem.c | 12 +-
src/nvidia/src/kernel/rmapi/mapping_cpu.c | 5 +-
src/nvidia/src/kernel/rmapi/nv_gpu_ops.c | 5 +-
.../crashcat/v1/impl/crashcat_report_v1_libos3.c | 5 +
version.mk | 2 +-
89 files changed, 3277 insertions(+), 1823 deletions(-)
[ Other info ]
This is a rebuild of the package from sid with no further changes.
Andreas
diff --git a/debian/changelog b/debian/changelog
index e6ad910b..b68879ea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+nvidia-open-gpu-kernel-modules (535.183.01-1~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm.
+
+ -- Andreas Beckmann <a...@debian.org> Wed, 19 Jun 2024 09:17:48 +0200
+
+nvidia-open-gpu-kernel-modules (535.183.01-1) unstable; urgency=medium
+
+ * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
+ * Fixed CVE-2024-0090, CVE-2024-0092. (Closes: #1072800)
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5551
+ * New upstream long term support branch release 535.179 (2024-05-09).
+ * New upstream long term support branch release 535.171.04 (2024-03-21).
+ * Sync with src:nvidia-graphics-drivers.
+ * Refresh patches.
+
+ -- Andreas Beckmann <a...@debian.org> Wed, 19 Jun 2024 04:56:43 +0200
+
nvidia-open-gpu-kernel-modules (535.161.08-1~deb12u1) bookworm; urgency=medium
* Rebuild for bookworm.
diff --git a/debian/patches/hmm.patch b/debian/patches/hmm.patch
index e7ee7b30..eb92335f 100644
--- a/debian/patches/hmm.patch
+++ b/debian/patches/hmm.patch
@@ -2,9 +2,9 @@ Author: Andreas Beckmann <a...@debian.org>
Description: some hmm bits are not always available
hmm_pfn_to_page() was introduced in Linux 5.8
---- a/kernel-open/nvidia-uvm/uvm_ats.h
-+++ b/kernel-open/nvidia-uvm/uvm_ats.h
-@@ -38,7 +38,9 @@
+--- a/kernel-open/nvidia-uvm/uvm_linux.h
++++ b/kernel-open/nvidia-uvm/uvm_linux.h
+@@ -118,7 +118,9 @@ static inline const struct cpumask *uvm_
// hmm_range_fault() needs CONFIG_HMM_MIRROR. To detect racing CPU invalidates
// of memory regions while hmm_range_fault() is being called, MMU interval
// notifiers are needed.
@@ -12,6 +12,6 @@ Description: some hmm bits are not always available
+// hmm_pfn_to_page() was added in Linux 5.8 (2733ea144dcce)
+ #if defined(CONFIG_HMM_MIRROR) && defined(NV_MMU_INTERVAL_NOTIFIER) && \
+ LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
- #define UVM_ATS_PREFETCH_SUPPORTED() 1
+ #define UVM_HMM_RANGE_FAULT_SUPPORTED() 1
#else
- #define UVM_ATS_PREFETCH_SUPPORTED() 0
+ #define UVM_HMM_RANGE_FAULT_SUPPORTED() 0
diff --git
a/debian/patches/module/0002-conftest.sh-remove-empty-lines-from-uts_release-outp.patch
b/debian/patches/module/0002-conftest.sh-remove-empty-lines-from-uts_release-outp.patch
index 3fd14e72..ae1828fc 100644
---
a/debian/patches/module/0002-conftest.sh-remove-empty-lines-from-uts_release-outp.patch
+++
b/debian/patches/module/0002-conftest.sh-remove-empty-lines-from-uts_release-outp.patch
@@ -1,4 +1,4 @@
-From a1133243e871c1932499e29193c8afbd4349c915 Mon Sep 17 00:00:00 2001
+From 172858a78f62259bcb6d4436c2051c3645fb2f7e Mon Sep 17 00:00:00 2001
From: Andreas Beckmann <a...@debian.org>
Date: Mon, 31 Oct 2022 14:40:42 +0100
Subject: [PATCH] conftest.sh: remove empty lines from uts_release output
@@ -8,10 +8,10 @@ Subject: [PATCH] conftest.sh: remove empty lines from
uts_release output
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conftest.sh b/conftest.sh
-index e883f3e..962b418 100755
+index fcfa9d5..376b227 100755
--- a/conftest.sh
+++ b/conftest.sh
-@@ -5856,7 +5856,7 @@ compile_test() {
+@@ -5912,7 +5912,7 @@ compile_test() {
echo "#include <generated/utsrelease.h>
UTS_RELEASE" > conftest$$.c
diff --git a/debian/patches/module/0034-fix-typos.patch
b/debian/patches/module/0034-fix-typos.patch
index 22ceafa0..cd2724ea 100644
--- a/debian/patches/module/0034-fix-typos.patch
+++ b/debian/patches/module/0034-fix-typos.patch
@@ -1,4 +1,4 @@
-From 73d99e0834961ad70a90963d42a8a1d8d225e87d Mon Sep 17 00:00:00 2001
+From 7c6f49a47ddff074f6926997f2d37f57396fd2fb Mon Sep 17 00:00:00 2001
From: Andreas Beckmann <a...@debian.org>
Date: Wed, 31 Jan 2024 03:06:19 +0100
Subject: [PATCH] fix typos
@@ -31,10 +31,10 @@ index ee5eef4..3032615 100644
(g_uvm_perf_thrashing_lapse_usec ==
UVM_PERF_THRASHING_LAPSE_USEC_DEFAULT)) {
va_space_thrashing->params.lapse_ns =
UVM_PERF_THRASHING_LAPSE_USEC_DEFAULT_EMULATION * 1000;
diff --git a/nvidia/nv.c b/nvidia/nv.c
-index 5a43c52..592a228 100644
+index 76d1ef3..4fc7966 100644
--- a/nvidia/nv.c
+++ b/nvidia/nv.c
-@@ -4485,7 +4485,7 @@ NvU64 NV_API_CALL nv_get_dma_start_address(
+@@ -4489,7 +4489,7 @@ NvU64 NV_API_CALL nv_get_dma_start_address(
* Otherwise, the DMA start address only needs to be set once, and it
* won't change afterward. Just return the cached value if asked again,
* to avoid the kernel printing redundant messages to the kernel
diff --git a/debian/patches/module/bashisms.patch
b/debian/patches/module/bashisms.patch
index b8d0ddab..55fc9ced 100644
--- a/debian/patches/module/bashisms.patch
+++ b/debian/patches/module/bashisms.patch
@@ -3,7 +3,7 @@ Description: fix bashisms in conftest.sh
--- a/conftest.sh
+++ b/conftest.sh
-@@ -6696,7 +6696,7 @@ case "$5" in
+@@ -6752,7 +6752,7 @@ case "$5" in
if [ -n "$VGX_BUILD" ]; then
if [ -f /proc/xen/capabilities ]; then
diff --git a/debian/patches/module/cc_version_check-gcc5.patch
b/debian/patches/module/cc_version_check-gcc5.patch
index 2e7f529a..84788805 100644
--- a/debian/patches/module/cc_version_check-gcc5.patch
+++ b/debian/patches/module/cc_version_check-gcc5.patch
@@ -5,7 +5,7 @@ Description: ignore __GNUC_MINOR__ from GCC 5 onwards
--- a/conftest.sh
+++ b/conftest.sh
-@@ -6530,7 +6530,7 @@ case "$5" in
+@@ -6586,7 +6586,7 @@ case "$5" in
kernel_cc_minor=`echo ${kernel_cc_version} | cut -d '.' -f 2`
echo "
diff --git a/debian/patches/module/conftest-verbose.patch
b/debian/patches/module/conftest-verbose.patch
index 1e7dbd60..9689e189 100644
--- a/debian/patches/module/conftest-verbose.patch
+++ b/debian/patches/module/conftest-verbose.patch
@@ -3,7 +3,7 @@ Description: dump the generated conftest headers
--- a/Kbuild
+++ b/Kbuild
-@@ -170,6 +170,16 @@ NV_CONFTEST_HEADERS += $(obj)/conftest/h
+@@ -166,6 +166,16 @@ NV_CONFTEST_HEADERS += $(obj)/conftest/h
NV_CONFTEST_HEADERS += $(NV_CONFTEST_COMPILE_TEST_HEADERS)
@@ -20,7 +20,7 @@ Description: dump the generated conftest headers
#
# Generate a header file for a single conftest compile test. Each compile test
# header depends on conftest.sh, as well as the generated conftest/headers.h
-@@ -194,6 +204,8 @@ define NV_GENERATE_COMPILE_TEST_HEADER
+@@ -190,6 +200,8 @@ define NV_GENERATE_COMPILE_TEST_HEADER
@mkdir -p $(obj)/conftest
@# concatenate /dev/null to prevent cat from hanging when $$^ is empty
@cat $$^ /dev/null > $$@
@@ -29,7 +29,7 @@ Description: dump the generated conftest headers
endef
#
-@@ -213,9 +225,11 @@ $(eval $(call NV_GENERATE_COMPILE_TEST_H
+@@ -209,9 +221,11 @@ $(eval $(call NV_GENERATE_COMPILE_TEST_H
$(eval $(call
NV_GENERATE_COMPILE_TEST_HEADER,symbols,$(NV_CONFTEST_SYMBOL_COMPILE_TESTS)))
$(eval $(call
NV_GENERATE_COMPILE_TEST_HEADER,types,$(NV_CONFTEST_TYPE_COMPILE_TESTS)))
@@ -42,7 +42,7 @@ Description: dump the generated conftest headers
# Each of these headers is checked for presence with a test #include; a
-@@ -322,6 +336,7 @@ NV_HEADER_PRESENCE_PART = $(addprefix $(
+@@ -318,6 +332,7 @@ NV_HEADER_PRESENCE_PART = $(addprefix $(
define NV_HEADER_PRESENCE_CHECK
$$(call NV_HEADER_PRESENCE_PART,$(1)): $$(NV_CONFTEST_SCRIPT)
$(obj)/conftest/uts_release
@mkdir -p $$(dir $$@)
@@ -50,7 +50,7 @@ Description: dump the generated conftest headers
@$$(NV_CONFTEST_CMD) test_kernel_header '$$(NV_CONFTEST_CFLAGS)' '$(1)'
> $$@
endef
-@@ -331,6 +346,8 @@ $(foreach header,$(NV_HEADER_PRESENCE_TE
+@@ -327,6 +342,8 @@ $(foreach header,$(NV_HEADER_PRESENCE_TE
# Concatenate all of the parts into headers.h.
$(obj)/conftest/headers.h: $(call
NV_HEADER_PRESENCE_PART,$(NV_HEADER_PRESENCE_TESTS))
@cat $^ > $@
@@ -59,7 +59,7 @@ Description: dump the generated conftest headers
clean-dirs := $(obj)/conftest
-@@ -351,7 +368,8 @@ BUILD_SANITY_CHECKS = \
+@@ -347,7 +364,8 @@ BUILD_SANITY_CHECKS = \
.PHONY: $(BUILD_SANITY_CHECKS)
@@ -69,7 +69,7 @@ Description: dump the generated conftest headers
@$(NV_CONFTEST_CMD) $@ full_output
# Perform all sanity checks before generating the conftest headers
-@@ -360,11 +378,13 @@ $(NV_CONFTEST_HEADERS): | $(BUILD_SANITY
+@@ -356,11 +374,13 @@ $(NV_CONFTEST_HEADERS): | $(BUILD_SANITY
# Make the conftest headers depend on the kernel version string
diff --git a/debian/patches/module/series.in b/debian/patches/module/series.in
index ee350f34..c892b7ac 100644
--- a/debian/patches/module/series.in
+++ b/debian/patches/module/series.in
@@ -8,7 +8,7 @@ bashisms.patch
# build system updates
fragile-ARCH.patch
+conftest-verbose.patch
use-kbuild-compiler.patch
use-kbuild-flags.patch
-conftest-verbose.patch
conftest-prefer-arch-headers.patch
diff --git a/debian/patches/module/use-kbuild-flags.patch
b/debian/patches/module/use-kbuild-flags.patch
index de295518..38619210 100644
--- a/debian/patches/module/use-kbuild-flags.patch
+++ b/debian/patches/module/use-kbuild-flags.patch
@@ -13,16 +13,20 @@ Description: use KBUILD_CFLAGS and (KBUILD_)LDFLAGS
--- a/Kbuild
+++ b/Kbuild
-@@ -152,6 +152,12 @@ NV_CONFTEST_CMD := /bin/sh $(NV_CONFTEST
- NV_CFLAGS_FROM_CONFTEST := $(shell $(NV_CONFTEST_CMD) build_cflags)
-
+@@ -154,6 +154,16 @@ NV_CFLAGS_FROM_CONFTEST := $(shell $(NV_
NV_CONFTEST_CFLAGS = $(NV_CFLAGS_FROM_CONFTEST) $(EXTRA_CFLAGS) -fno-pie
+ NV_CONFTEST_CFLAGS += $(call cc-disable-warning,pointer-sign)
+ NV_CONFTEST_CFLAGS += $(call cc-option,-fshort-wchar,)
+NV_CONFTEST_CFLAGS += \
+ $(patsubst -DARM64_ASM_ARCH=%,-DARM64_ASM_ARCH="%",\
-+ $(filter-out -Werror% $(GCC_PLUGINS_CFLAGS),\
++ $(filter-out $(GCC_PLUGINS_CFLAGS),\
+ $(KBUILD_CFLAGS)\
+ )\
+ )
++NV_CONFTEST_CFLAGS += $(call
cc-option,-Wno-error=implicit-function-declaration,)
++NV_CONFTEST_CFLAGS += $(call cc-option,-Wno-error=incompatible-pointer-types,)
++NV_CONFTEST_CFLAGS += $(call cc-option,-Wno-error=return-type,)
++NV_CONFTEST_CFLAGS += $(call cc-option,-Wno-error=strict-prototypes,)
NV_CONFTEST_COMPILE_TEST_HEADERS := $(obj)/conftest/macros.h
NV_CONFTEST_COMPILE_TEST_HEADERS += $(obj)/conftest/functions.h
