-
Notifications
You must be signed in to change notification settings - Fork 1
/
nvidia-390xx-kmod-0030-kernel-6.6-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
63 lines (55 loc) · 2.23 KB
/
nvidia-390xx-kmod-0030-kernel-6.6-refuse-to-load-legacy-module-if-IBT-is-enabled.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
From 482c238246824854f9b732b514318a5cc736b712 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann <[email protected]>
Date: Sat, 4 Nov 2023 00:44:56 +0100
Subject: [PATCH] refuse to load legacy module if IBT is enabled
IBT (Indirect Branch Tracking) has been enabled by default (compiled in
everywhere since it is effectively a no-op and enabled at runtime on
supported CPUs, i.e. 11th gen. Intel Core processors (aka Tigerlake) or
newer) since Linux 6.2, it can be disabled by booting with ibt=off.
All entry points reachable from indirect JMP or CALL instructions need
to contain the ENDBR instruction (actually just a NOP that is given a
special meaning by enabling IBT) otherwise the CPU will raise a control
flow exception.
If the BLOB part of the NVIDIA module hasn't been built with IBT
support, the module cannot be used if IBT is active. Check for that
condition and abort module load to avoid kernel errors later.
https://bugs.debian.org/1052069
---
nvidia-modeset/nvidia-modeset-linux.c | 7 +++++++
nvidia/nv.c | 7 +++++++
2 files changed, 14 insertions(+)
diff --git a/nvidia-modeset/nvidia-modeset-linux.c b/nvidia-modeset/nvidia-modeset-linux.c
index e98c748..5bed9dd 100644
--- a/nvidia-modeset/nvidia-modeset-linux.c
+++ b/nvidia-modeset/nvidia-modeset-linux.c
@@ -1205,6 +1205,13 @@ static int __init nvkms_init(void)
{
int ret;
+#ifdef CONFIG_X86_KERNEL_IBT
+ if (cpu_feature_enabled(X86_FEATURE_IBT)) {
+ printk(KERN_ERR NVKMS_LOG_PREFIX "This NVIDIA driver version is incompatible with IBT. Try booting with ibt=off.");
+ return -EINVAL;
+ }
+#endif
+
ret = nvkms_alloc_rm();
if (ret != 0) {
diff --git a/nvidia/nv.c b/nvidia/nv.c
index 4fa9c23..ad64e88 100644
--- a/nvidia/nv.c
+++ b/nvidia/nv.c
@@ -776,6 +776,13 @@ int __init nvidia_init_module(void)
nv_state_t *nv = NV_STATE_PTR(&nv_ctl_device);
nvidia_stack_t *sp = NULL;
+#ifdef CONFIG_X86_KERNEL_IBT
+ if (cpu_feature_enabled(X86_FEATURE_IBT)) {
+ printk(KERN_ERR "NVRM: This NVIDIA driver version is incompatible with IBT. Try booting with ibt=off.");
+ return -EINVAL;
+ }
+#endif
+
if (nv_multiple_kernel_modules)
{
nv_printf(NV_DBG_INFO, "NVRM: nvidia module instance %d\n",
--
2.20.1