diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-03-24 11:04:41 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-03-24 11:04:41 +0100 |
commit | 5423cabbbf2b6dec5568f1ecabd288d5d9a642ec (patch) | |
tree | f316a6a921bfefd3a63bd4502c2eb50ff1644f67 /nixpkgs/pkgs/os-specific/linux/kernel | |
parent | 46a88117a05c3469af5d99433af140c3de8ca088 (diff) | |
parent | 8aa81f34981add12aecada6c702ddbbd0375ca36 (diff) | |
download | nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.tar nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.tar.gz nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.tar.bz2 nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.tar.lz nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.tar.xz nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.tar.zst nixlib-5423cabbbf2b6dec5568f1ecabd288d5d9a642ec.zip |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel')
11 files changed, 239 insertions, 79 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index fb59bfecaa01..f46f413f9e0a 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -23,7 +23,7 @@ let # configuration items have to be part of a subattrs - flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); + flattenKConf = nested: mapAttrs (name: values: if length values == 1 then head values else throw "duplicate kernel configuration option: ${name}") (zipAttrs (attrValues nested)); whenPlatformHasEBPFJit = mkIf (stdenv.hostPlatform.isAarch32 || @@ -62,10 +62,26 @@ let SUNRPC_DEBUG = yes; # Provide access to tunables like sched_migration_cost_ns SCHED_DEBUG = yes; + + # Count IRQ and steal CPU time separately + IRQ_TIME_ACCOUNTING = yes; + PARAVIRT_TIME_ACCOUNTING = yes; + + # Enable CPU lockup detection + LOCKUP_DETECTOR = yes; + SOFTLOCKUP_DETECTOR = yes; + HARDLOCKUP_DETECTOR = yes; + + # Enable streaming logs to a remote device over a network + NETCONSOLE = module; + NETCONSOLE_DYNAMIC = yes; + + # Export known printks in debugfs + PRINTK_INDEX = whenAtLeast "5.15" yes; }; power-management = { - CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes; + CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes; CPU_FREQ_GOV_SCHEDUTIL = yes; PM_ADVANCED_DEBUG = yes; PM_WAKELOCKS = yes; @@ -85,6 +101,27 @@ let # depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT, # so we can't force-enable this RCU_LAZY = whenAtLeast "6.2" (option yes); + + # Auto suspend Bluetooth devices at idle + BT_HCIBTUSB_AUTOSUSPEND = yes; + + # Expose cpufreq stats in sysfs + CPU_FREQ_STAT = yes; + + # Enable CPU energy model for scheduling + ENERGY_MODEL = whenAtLeast "5.0" yes; + + # Enable thermal interface netlink API + THERMAL_NETLINK = whenAtLeast "5.9" yes; + + # Prefer power-efficient workqueue implementation to per-CPU workqueues, + # which is slightly slower, but improves battery life. + # This is opt-in per workqueue, and can be disabled globally with a kernel command line option. + WQ_POWER_EFFICIENT_DEFAULT = yes; + + # Default SATA link power management to "medium with device initiated PM" + # for some extra power savings. + SATA_MOBILE_LPM_POLICY = whenAtLeast "5.18" (freeform "3"); } // optionalAttrs (stdenv.hostPlatform.isx86) { INTEL_IDLE = yes; INTEL_RAPL = whenAtLeast "5.3" module; @@ -109,6 +146,9 @@ let CHT_DC_TI_PMIC_OPREGION = whenAtLeast "5.10" yes; MFD_TPS68470 = whenBetween "5.10" "5.13" yes; TPS68470_PMIC_OPREGION = whenAtLeast "5.10" yes; + + # Enable Intel thermal hardware feedback + INTEL_HFI_THERMAL = whenAtLeast "5.18" yes; }; external-firmware = { @@ -136,6 +176,16 @@ let DAMON_DBGFS = whenAtLeast "5.15" yes; DAMON_RECLAIM = whenAtLeast "5.16" yes; DAMON_LRU_SORT = whenAtLeast "6.0" yes; + # Support recovering from memory failures on systems with ECC and MCA recovery. + MEMORY_FAILURE = yes; + + # Collect ECC errors and retire pages that fail too often + RAS_CEC = yes; + } // optionalAttrs (stdenv.is32bit) { + # Enable access to the full memory range (aka PAE) on 32-bit architectures + # This check isn't super accurate but it's close enough + HIGHMEM = option yes; + BOUNCE = option yes; }; memtest = { @@ -154,6 +204,9 @@ let BFQ_GROUP_IOSCHED = yes; MQ_IOSCHED_KYBER = yes; IOSCHED_BFQ = module; + # Enable CPU utilization clamping for RT tasks + UCLAMP_TASK = whenAtLeast "5.3" yes; + UCLAMP_TASK_GROUP = whenAtLeast "5.4" yes; }; @@ -166,6 +219,7 @@ let # Enable NUMA. numa = { NUMA = option yes; + NUMA_BALANCING = option yes; }; networking = { @@ -250,6 +304,9 @@ let # Bridge Netfilter Configuration NF_TABLES_BRIDGE = mkMerge [ (whenOlder "5.3" yes) (whenAtLeast "5.3" module) ]; + # Expose some debug info + NF_CONNTRACK_PROCFS = yes; + NF_FLOW_TABLE_PROCFS = whenAtLeast "6.0" yes; # needed for `dropwatch` # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 @@ -276,6 +333,10 @@ let INFINIBAND = module; INFINIBAND_IPOIB = module; INFINIBAND_IPOIB_CM = yes; + + # Enable debugfs for wireless drivers + CFG80211_DEBUGFS = yes; + MAC80211_DEBUGFS = yes; } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { # Not enabled by default, hides modules behind it NET_VENDOR_MEDIATEK = yes; @@ -288,8 +349,8 @@ let CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build IPW2100_MONITOR = option yes; # support promiscuous mode IPW2200_MONITOR = option yes; # support promiscuous mode - HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver - HOSTAP_FIRMWARE_NVRAM = option yes; + HOSTAP_FIRMWARE = whenOlder "6.8" (option yes); # Support downloading firmware images with Host AP driver + HOSTAP_FIRMWARE_NVRAM = whenOlder "6.8" (option yes); MAC80211_MESH = option yes; # Enable 802.11s (mesh networking) support ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus ATH9K_AHB = option yes; # Ditto, AHB bus @@ -345,8 +406,11 @@ let FONT_TER16x32 = whenAtLeast "5.0" yes; }; - video = { + video = let + whenHasDevicePrivate = mkIf (!stdenv.isx86_32 && versionAtLeast version "5.1"); + in { DRM_LEGACY = whenOlder "6.8" no; + NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no; # Allow specifying custom EDID on the kernel command line @@ -371,6 +435,25 @@ let DRM_AMD_DC_FP = whenAtLeast "6.4" yes; DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes; DRM_AMD_DC_SI = whenAtLeast "5.10" yes; + + # Enable AMD Audio Coprocessor support for HDMI outputs + DRM_AMD_ACP = yes; + + # Enable AMD secure display when available + DRM_AMD_SECURE_DISPLAY = whenAtLeast "5.13" yes; + + # Enable new firmware (and by extension NVK) for compatible hardware on Nouveau + DRM_NOUVEAU_GSP_DEFAULT = whenAtLeast "6.8" yes; + + # Enable Nouveau shared virtual memory (used by OpenCL) + DEVICE_PRIVATE = whenHasDevicePrivate yes; + DRM_NOUVEAU_SVM = whenHasDevicePrivate yes; + + # Enable HDMI-CEC receiver support + MEDIA_CEC_RC = whenAtLeast "5.10" yes; + + # Enable CEC over DisplayPort + DRM_DP_CEC = yes; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { # Intel GVT-g graphics virtualization supports 64-bit only DRM_I915_GVT = yes; @@ -395,6 +478,11 @@ let sound = { SND_DYNAMIC_MINORS = yes; SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode + # 10s for the idle timeout, Fedora does 1, Arch does 10. + # The kernel says we should do 10. + # Read: https://docs.kernel.org/sound/designs/powersave.html + SND_AC97_POWER_SAVE_DEFAULT = freeform "10"; + SND_HDA_POWER_SAVE_DEFAULT = freeform "10"; SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions # Support configuring jack functions via fw mechanism at boot @@ -402,6 +490,7 @@ let SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon SND_OSSEMUL = yes; SND_USB_CAIAQ_INPUT = yes; + SND_USB_AUDIO_MIDI_V2 = whenAtLeast "6.5" yes; # Enable Sound Open Firmware support } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && versionAtLeast version "5.5") { @@ -438,14 +527,23 @@ let SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes; }; - usb-serial = { - USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver - }; - usb = { + USB = yes; # compile USB core into kernel, so we can use USB_SERIAL_CONSOLE before modules + USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) + + # default to dual role mode + USB_DWC2_DUAL_ROLE = yes; + USB_DWC3_DUAL_ROLE = yes; + }; + + usb-serial = { + USB_SERIAL = yes; + USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver + USB_SERIAL_CONSOLE = yes; # Allow using USB serial adapter as console + U_SERIAL_CONSOLE = whenAtLeast "5.10" yes; # Allow using USB gadget as console }; # Filesystem options - in particular, enable extended attributes and @@ -526,6 +624,7 @@ let SQUASHFS_FILE_DIRECT = yes; SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder "6.2" yes; + SQUASHFS_CHOICE_DECOMP_BY_MOUNT = whenAtLeast "6.2" yes; SQUASHFS_XATTR = yes; SQUASHFS_ZLIB = yes; SQUASHFS_LZO = yes; @@ -591,6 +690,16 @@ let CRYPTO_DRBG_HASH = yes; CRYPTO_DRBG_CTR = yes; + # Enable KFENCE + # See: https://docs.kernel.org/dev-tools/kfence.html + KFENCE = whenAtLeast "5.12" yes; + + # Enable support for page poisoning. Still needs to be enabled on the command line to actually work. + PAGE_POISONING = yes; + + # Enable stack smashing protections in schedule() + # See: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8&id=0d9e26329b0c9263d4d9e0422d80a0e73268c52f + SCHED_STACK_END_CHECK = yes; } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; @@ -607,6 +716,9 @@ let SEV_GUEST = whenAtLeast "5.19" module; # Shadow stacks X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes; + + # Mitigate straight line speculation at the cost of some file size + SLS = whenAtLeast "5.17" yes; }; microcode = { @@ -774,7 +886,6 @@ let NOTIFIER_ERROR_INJECTION = option no; RCU_PERF_TEST = whenOlder "5.9" no; RCU_SCALE_TEST = whenAtLeast "5.10" no; - RCU_TORTURE_TEST = option no; TEST_ASYNC_DRIVER_PROBE = option no; WW_MUTEX_SELFTEST = option no; XZ_DEC_TEST = option no; @@ -784,6 +895,10 @@ let # Unconditionally enabled, because it is required for CRIU and # it provides the kcmp() system call that Mesa depends on. CHECKPOINT_RESTORE = yes; + + # Allows soft-dirty tracking on pages, used by CRIU. + # See https://docs.kernel.org/admin-guide/mm/soft-dirty.html + MEM_SOFT_DIRTY = mkIf (!stdenv.isx86_32) yes; }; misc = let @@ -798,6 +913,9 @@ let # enabled by default in x86_64 but not arm64, so we do that here HIDRAW = yes; + # Enable loading HID fixups as eBPF from userspace + HID_BPF = whenAtLeast "6.3" yes; + HID_ACRUX_FF = yes; DRAGONRISE_FF = yes; GREENASIA_FF = yes; @@ -825,7 +943,10 @@ let # Enable initrd support. BLK_DEV_INITRD = yes; - PM_TRACE_RTC = no; # Disable some expensive (?) features. + # Allows debugging systems that get stuck during suspend/resume + PM_TRACE = yes; + PM_TRACE_RTC = yes; + ACCESSIBILITY = yes; # Accessibility support AUXDISPLAY = yes; # Auxiliary Display support HIPPI = yes; @@ -850,6 +971,11 @@ let BLK_SED_OPAL = yes; + # Enable support for block layer inline encryption + BLK_INLINE_ENCRYPTION = whenAtLeast "5.8" yes; + # ...but fall back to CPU encryption if unavailable + BLK_INLINE_ENCRYPTION_FALLBACK = whenAtLeast "5.8" yes; + BSD_PROCESS_ACCT_V3 = yes; SERIAL_DEV_BUS = yes; # enables support for serial devices @@ -868,7 +994,6 @@ let # Removed on 5.17 as it was unused # upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31 CLEANCACHE = whenOlder "5.17" (option yes); - CRASH_DUMP = option no; FSCACHE_STATS = yes; @@ -964,7 +1089,7 @@ let # Disable the firmware helper fallback, udev doesn't implement it any more FW_LOADER_USER_HELPER_FALLBACK = option no; - FW_LOADER_COMPRESS = option yes; + FW_LOADER_COMPRESS = whenAtLeast "5.3" yes; HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support @@ -1011,6 +1136,13 @@ let # Set system time from RTC on startup and resume RTC_HCTOSYS = option yes; + + # Expose watchdog information in sysfs + WATCHDOG_SYSFS = yes; + + # Enable generic kernel watch queues + # See https://docs.kernel.org/core-api/watch_queue.html + WATCH_QUEUE = whenAtLeast "5.8" yes; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { # Enable CPU/memory hotplug support # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot @@ -1041,6 +1173,10 @@ let # https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44 CMA_SIZE_MBYTES = freeform "32"; + # Add debug interfaces for CMA + CMA_DEBUGFS = yes; + CMA_SYSFS = yes; + # Many ARM SBCs hand off a pre-configured framebuffer. # This always can can be replaced by the actual native driver. # Keeping it a built-in ensures it will be used if possible. @@ -1086,6 +1222,24 @@ let } // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") { CHROMEOS_LAPTOP = module; CHROMEOS_PSTORE = module; + } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { + # Enable x86 resource control + X86_CPU_RESCTRL = whenAtLeast "5.0" yes; + + # Enable TSX on CPUs where it's not vulnerable + X86_INTEL_TSX_MODE_AUTO = yes; + + # Enable AMD Wi-Fi RF band mitigations + # See https://cateee.net/lkddb/web-lkddb/AMD_WBRF.html + AMD_WBRF = whenAtLeast "6.8" yes; + + # Enable Intel Turbo Boost Max 3.0 + INTEL_TURBO_MAX_3 = yes; + }; + + accel = { + # Build DRM accelerator devices + DRM_ACCEL = whenAtLeast "6.2" yes; }; }; in diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index 14c863b459b1..ae602ee0c112 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -12,8 +12,10 @@ , rustc , rustPlatform , rust-bindgen +, nixosTests +}: -, # The kernel source tarball. +lib.makeOverridable ({ # The kernel source tarball. src , # The kernel version. @@ -66,7 +68,6 @@ , preferBuiltin ? stdenv.hostPlatform.linux-kernel.preferBuiltin or false , kernelArch ? stdenv.hostPlatform.linuxArch , kernelTests ? [] -, nixosTests , ... }@args: @@ -239,4 +240,4 @@ kernel.overrideAttrs (finalAttrs: previousAttrs: { in [ (nixosTests.kernel-generic.passthru.testsForKernel overridableKernel) ] ++ kernelTests; }; -}) +})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index cb825a1adbac..21772b2e03eb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,52 +2,52 @@ "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.307-hardened1.patch", - "sha256": "01i15w3qzwag2v4r5r5bqyk337pidhmcfif228f286cnjnqz5d7h", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.307-hardened1/linux-hardened-4.19.307-hardened1.patch" + "name": "linux-hardened-4.19.309-hardened1.patch", + "sha256": "1hww72w5anmfr9czqbl31glzl70s34492k9qz9zax141zg1sf6sp", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.309-hardened1/linux-hardened-4.19.309-hardened1.patch" }, - "sha256": "0lp3fc7sqy48vpcl2g0n1bz7i1hp9k0nlz3i1xfh9l056ihzzvl3", - "version": "4.19.307" + "sha256": "1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm", + "version": "4.19.309" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.210-hardened1.patch", - "sha256": "1fdkkl303kvw9sg9lpzg83157xrl9jcl4jjli1gi2a4j0yz2479n", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.210-hardened1/linux-hardened-5.10.210-hardened1.patch" + "name": "linux-hardened-5.10.212-hardened1.patch", + "sha256": "0h04i94vshhcli5m4qpnqg4vsi5v1ifvdhhklk7c0bvkfk35cbml", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.212-hardened1/linux-hardened-5.10.212-hardened1.patch" }, - "sha256": "0vggj3a71awc1w803cdzrnkn88rxr7l1xh9mmdcw9hzxj1d3r9jf", - "version": "5.10.210" + "sha256": "14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc", + "version": "5.10.212" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.149-hardened1.patch", - "sha256": "1y56l5l50h673a4n2pb3i3wh494lpnlw9vvdfr6m0jr0vymldb57", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.149-hardened1/linux-hardened-5.15.149-hardened1.patch" + "name": "linux-hardened-5.15.151-hardened1.patch", + "sha256": "040jc5n9qsdz2wv5ksfvc28vd72nmya2i2f0ps0jiras6l2wlhjz", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.151-hardened1/linux-hardened-5.15.151-hardened1.patch" }, - "sha256": "1c01fnaghj55mkgsgddznq1zq4mswsa05rz00kmh1d3y6sd8115x", - "version": "5.15.149" + "sha256": "0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la", + "version": "5.15.151" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.269-hardened1.patch", - "sha256": "06vf0mlp822i4bkpsxbyk1xjlbzabqpncy8qw9zajpjajwv87d7x", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.269-hardened1/linux-hardened-5.4.269-hardened1.patch" + "name": "linux-hardened-5.4.271-hardened1.patch", + "sha256": "0rw5il7885d0d3k2hmh46541svib6rp32g00fcl5bw37ydmq3z8b", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.271-hardened1/linux-hardened-5.4.271-hardened1.patch" }, - "sha256": "1kqqm4hpif3jy2ycnb0dfjgzyn18vqhm1i5q7d7rkisks33bwm7z", - "version": "5.4.269" + "sha256": "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d", + "version": "5.4.271" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.79-hardened1.patch", - "sha256": "0inip6pmlwrj75vwjimkjgvh4jn6ldrq5312r02xh1i95qb0sg3a", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.79-hardened1/linux-hardened-6.1.79-hardened1.patch" + "name": "linux-hardened-6.1.81-hardened1.patch", + "sha256": "0af9dxdsa858zyqc0vsrzg098afhg5vpb2wpr6gj2ykwc13iaf07", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.81-hardened1/linux-hardened-6.1.81-hardened1.patch" }, - "sha256": "16xkd0hcslqlcf55d4ivzhf1fkhfs5yy0m9arbax8pmm5yi9r97s", - "version": "6.1.79" + "sha256": "0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f", + "version": "6.1.81" }, "6.5": { "patch": { @@ -62,12 +62,12 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.18-hardened1.patch", - "sha256": "0svlck53b7bd38b9b0hzgppmhm59d35r2vqv30ga85ghkvc61byn", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.18-hardened1/linux-hardened-6.6.18-hardened1.patch" + "name": "linux-hardened-6.6.21-hardened1.patch", + "sha256": "0k35s5pj92lvfp6kw3isg78zc3gijsg0xbzcyvxdkmhzaq8j6i1i", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.21-hardened1/linux-hardened-6.6.21-hardened1.patch" }, - "sha256": "07cv97l5jiakmmv35n0ganvqfr0590b02f3qb617qkx1zg2xhhsf", - "version": "6.6.18" + "sha256": "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf", + "version": "6.6.21" }, "6.7": { "patch": { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json index e16804af99d3..b9207f0ac2f5 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json @@ -4,31 +4,35 @@ "hash": "sha256:0q9isgv6lxzrmb4idl0spxv2l7fsk3nn4cdq0vdw9c8lyzrh5yy0" }, "6.1": { - "version": "6.1.81", - "hash": "sha256:0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f" + "version": "6.1.82", + "hash": "sha256:01pcrcjp5mifjjmfz7j1jb8nhq8nkxspavxmv1l7d1qnskcx4l6i" }, "5.15": { - "version": "5.15.151", - "hash": "sha256:0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la" + "version": "5.15.152", + "hash": "sha256:0zm4wkryj4mim4fr7pf5g9rlzh31yb1c40lkp85lvcm5yhjm507h" }, "5.10": { - "version": "5.10.212", - "hash": "sha256:14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc" + "version": "5.10.213", + "hash": "sha256:105df7w6m5a3fngi6ajqs5qblaq4lbxsgcppllrk7v1r68i31kw4" }, "5.4": { - "version": "5.4.271", - "hash": "sha256:0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d" + "version": "5.4.272", + "hash": "sha256:0rp3waqrm489crcrms2ls7fxcw5jdkjhazvx82z68gj0kaaxb69m" }, "4.19": { - "version": "4.19.309", - "hash": "sha256:1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm" + "version": "4.19.310", + "hash": "sha256:0sfy2g9jzxd8ia0idll72l7npi2kssdkz29h8jjxhilgmg299v4m" }, "6.6": { - "version": "6.6.21", - "hash": "sha256:0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf" + "version": "6.6.22", + "hash": "sha256:1x52c6ywmspp3naishzsknhy7i0b7mv9baxx25a0y987cjsygqr3" }, "6.7": { - "version": "6.7.9", - "hash": "sha256:0inkvyrvq60j9lxgivkivq3qh94lsfc1dpv6vwgxmy3q0zy37mqg" + "version": "6.7.10", + "hash": "sha256:00vw90mypcliq0d72jdh1ql2dfmm7gpswln2qycxdz7rfsrrzfd9" + }, + "6.8": { + "version": "6.8.1", + "hash": "sha256:0s7zgk9m545v8y7qjhv7cprrh58j46gpmb8iynyhy2hlwcv8j34d" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index afdc6bb5fd01..01daee4015f0 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19500"; - sha256 = "1xlicxwb1j5m4yjyw9ybyffmilzg7xh847jxfl4jy318vjpkmffr"; + rev = "19509"; + sha256 = "0dkjvpb075jdasvic8sfpy0dj48fsxgj2yl0zrply7gkaahgns8q"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 747d5aec7790..188ca24100b1 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.210-rt102"; # updated by ./update-rt.sh + version = "5.10.211-rt103"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -17,14 +17,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0vggj3a71awc1w803cdzrnkn88rxr7l1xh9mmdcw9hzxj1d3r9jf"; + sha256 = "1cir36s369fl6s46x16xnjg0wdlnkipsp2zhz11m9d3z205hly1s"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1q4365ix990iw33a63cpn61qvgf8rkzf658xyi0hnr6292hlvajj"; + sha256 = "07br63p90gwmijxq8ad7iyi4d3fkm6jwwl2s2k1549bbaldchbk6"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix index cd2f60d3921d..463385036292 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.4.264-rt88"; # updated by ./update-rt.sh + version = "5.4.271-rt89"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -14,14 +14,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1c5n47dq9khb15hz24a000k3hj913vv1dda6famnm8wpjbfr176k"; + sha256 = "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1yzdiip1fm9szx2hhvq9ph7jq00qglb1skis6gv0184g0ls2qddg"; + sha256 = "15k9jja5yd9zf5yhd7hhydwh4hksg2mybk66jhdjsryh4w9jav7z"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix index 514baa0ca598..4ff7e1c54b04 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "6.6.20-rt25"; # updated by ./update-rt.sh + version = "6.6.21-rt26"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "08nxv2240d2ak6p2vsbjasnp7askamswby3h6cclhhihkgrwgxp2"; + sha256 = "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1sfalbcfzzjmskxpix1850cypg4zixwzbd9rmpg37n8lclivn2gv"; + sha256 = "1sh2jkm3h52a5dkc72xgrw1kz1faw1kzhpbqg64gsxbivmxfvf21"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix b/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix index 172965f2a78f..02f0407425d1 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix @@ -164,6 +164,7 @@ stdenv.mkDerivation { meta = with lib; { homepage = "https://perf.wiki.kernel.org/"; description = "Linux tools to profile with performance counters"; + mainProgram = "perf"; maintainers = with maintainers; [ viric ]; platforms = platforms.linux; broken = kernel.kernelOlder "5"; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 348a4c36adc4..08e6f83a2ffe 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -6,14 +6,14 @@ let # NOTE: When updating these, please also take a look at the changes done to # kernel config in the xanmod version commit ltsVariant = { - version = "6.6.19"; - hash = "sha256-DfoClySWV0vlDDRAJsujGj5ypnGr+HsVbszCYfi+2V0="; + version = "6.6.22"; + hash = "sha256-vpWUdzgI8i/1r5nMp0tx+x67GDTnjQF5ueITIl36lvA="; variant = "lts"; }; mainVariant = { - version = "6.7.7"; - hash = "sha256-Y+SvnvkFOGCxq+hGwpiiymNr1rYbNqppNA0d63TyUmo="; + version = "6.7.10"; + hash = "sha256-uwlvQh11uf1skSdlIz7XdjRkdI/wf3VqEeOP20JO5OU="; variant = "main"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix index 2994bf5064fe..d8261beb1764 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.7.7"; #zen + version = "6.8"; #zen suffix = "zen1"; #zen - sha256 = "18h2ng7m70bwl8b80a26rhmnc4ivxcv4ppkn1fviz43x6j2h81mg"; #zen + sha256 = "19rsi8747xw5lsq4pwizq2va6inmwrywgy8b5f2ppcd6ny0whn1i"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.7.6"; #lqx + version = "6.7.9"; #lqx suffix = "lqx1"; #lqx - sha256 = "1z737ma2ak2yddc416svr5s2f7pl31v1cs2bknl9v6syl6xm9sxk"; #lqx + sha256 = "0hhkn2098h69l8slz5f0krkckf3qm7hmh5z233j341jpc0qv8p6b"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { |