diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel')
14 files changed, 80 insertions, 55 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index c715c7baf787..5a2fb8cf7aab 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -42,7 +42,7 @@ let TIMER_STATS = whenOlder "4.11" yes; DEBUG_NX_TEST = whenOlder "4.11" no; DEBUG_STACK_USAGE = no; - DEBUG_STACKOVERFLOW = mkIf (!features.grsecurity) no; + DEBUG_STACKOVERFLOW = mkIf (!features.grsecurity) (option no); RCU_TORTURE_TEST = no; SCHEDSTATS = no; DETECT_HUNG_TASK = yes; @@ -63,7 +63,7 @@ let PM_WAKELOCKS = yes; # Power-capping framework and support for INTEL RAPL POWERCAP = yes; - INTEL_RAPL = module; + INTEL_RAPL = whenAtLeast "5.3" module; }; external-firmware = { @@ -116,11 +116,11 @@ let CLS_U32_PERF = yes; CLS_U32_MARK = yes; BPF_JIT = whenPlatformHasEBPFJit yes; - BPF_JIT_ALWAYS_ON = no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 + BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; BPF_STREAM_PARSER = whenAtLeast "4.19" yes; XDP_SOCKETS = whenAtLeast "4.19" yes; - XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes; + XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; WAN = yes; TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 # Required by systemd per-cgroup firewalling @@ -167,13 +167,18 @@ let NF_CONNTRACK_TIMEOUT = yes; NF_CONNTRACK_TIMESTAMP = yes; NETFILTER_NETLINK_GLUE_CT = yes; - NF_TABLES_INET = whenAtLeast "4.19" yes; - NF_TABLES_NETDEV = whenAtLeast "4.19" yes; + NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module) + (whenAtLeast "4.17" yes) ]; + NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module) + (whenAtLeast "4.17" yes) ]; # IP: Netfilter Configuration - NF_TABLES_IPV4 = yes; - NF_TABLES_ARP = whenAtLeast "4.19" yes; + NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module) + (whenAtLeast "4.17" yes) ]; + NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module) + (whenAtLeast "4.17" yes) ]; # IPv6: Netfilter Configuration - NF_TABLES_IPV6 = yes; + NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module) + (whenAtLeast "4.17" yes) ]; # Bridge Netfilter Configuration NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) (whenAtLeast "5.3" module) ]; @@ -183,7 +188,7 @@ let NET_DROP_MONITOR = yes; # needed for ss - INET_DIAG = yes; + INET_DIAG = module; INET_TCP_DIAG = module; INET_UDP_DIAG = module; INET_RAW_DIAG = whenAtLeast "4.14" module; @@ -201,8 +206,8 @@ let B43_PHY_HT = option yes; BCMA_HOST_PCI = option yes; RTW88 = whenAtLeast "5.2" module; - RTW88_8822BE = whenAtLeast "5.2" yes; - RTW88_8822CE = whenAtLeast "5.2" yes; + RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; + RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; }; fb = { @@ -269,7 +274,7 @@ let SND_SOC_SOF_ELKHARTLAKE_SUPPORT = yes; SND_SOC_SOF_GEMINILAKE_SUPPORT = yes; SND_SOC_SOF_HDA_AUDIO_CODEC = yes; - SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = yes; + SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes; SND_SOC_SOF_HDA_LINK = yes; SND_SOC_SOF_ICELAKE_SUPPORT = yes; SND_SOC_SOF_INTEL_TOPLEVEL = yes; @@ -365,7 +370,7 @@ let CIFS_STATS = whenOlder "4.19" yes; CIFS_WEAK_PW_HASH = yes; CIFS_UPCALL = yes; - CIFS_ACL = yes; + CIFS_ACL = whenOlder "5.3" yes; CIFS_DFS_UPCALL = yes; CIFS_SMB2 = whenOlder "4.13" yes; @@ -396,7 +401,7 @@ let DEBUG_SET_MODULE_RONX = { optional = true; tristate = whenOlder "4.11" "y"; }; RANDOMIZE_BASE = option yes; STRICT_DEVMEM = option yes; # Filter access to /dev/mem - SECURITY_SELINUX_BOOTPARAM_VALUE = freeform "0"; # Disable SELinux by default + SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default # Prevent processes from ptracing non-children processes SECURITY_YAMA = option yes; DEVKMEM = mkIf (!features.grsecurity) no; # Disable /dev/kmem @@ -640,6 +645,8 @@ let SYSVIPC = yes; # System-V IPC + AIO = yes; # POSIX asynchronous I/O + UNIX = yes; # Unix domain sockets. MD = yes; # Device mapper (RAID, LVM, etc.) @@ -708,6 +715,7 @@ let KEXEC_FILE = option yes; KEXEC_JUMP = option yes; + PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION # Windows Logical Disk Manager (Dynamic Disk) support LDM_PARTITION = yes; LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback @@ -721,6 +729,7 @@ let PSI = whenAtLeast "4.20" yes; MODVERSIONS = whenOlder "4.9" yes; + MOUSE_ELAN_I2C_SMBUS = yes; MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension MTRR_SANITIZER = yes; NET_FC = yes; # Fibre Channel driver support @@ -765,8 +774,8 @@ let HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support # Enable AMD's ROCm GPU compute stack - HSA_AMD = whenAtLeast "4.20" yes; - ZONE_DEVICE = whenAtLeast "5.3" yes; + HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes); + ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes); HMM_MIRROR = whenAtLeast "5.3" yes; DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes; @@ -794,7 +803,7 @@ let SUN8I_DE2_CCU = whenAtLeast "4.13" yes; # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 - CRYPTO_AEGIS128_SIMD = no; + CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no; }; }; in diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index e6e1bd842363..a9d0cf451688 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -158,11 +158,8 @@ let ; }).config; - # structuredConfig = moduleStructuredConfig.settings; }; - - }; # end of configfile derivation kernel = (callPackage ./manual-config.nix {}) { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix index 95510fe218e3..c817f1044271 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -40,11 +40,12 @@ assert (versionAtLeast version "4.9"); # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS = yes; DEBUG_NOTIFIERS = yes; - DEBUG_PI_LIST = yes; # doesn't BUG() + DEBUG_PI_LIST = whenOlder "5.2" yes; # doesn't BUG() + DEBUG_PLIST = whenAtLeast "5.2" yes; DEBUG_SG = yes; SCHED_STACK_END_CHECK = yes; - REFCOUNT_FULL = whenAtLeast "4.13" yes; + REFCOUNT_FULL = whenBetween "4.13" "5.5" yes; # Randomize page allocator when page_alloc.shuffle=1 SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 59e6e768a4b2..654615ebe500 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,22 +1,22 @@ { "4.14": { - "name": "linux-hardened-4.14.182.a.patch", - "sha256": "1kkchcv3qkm41rgscm12ii852q2846crbpvafywz31qg62lb6qig", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.182.a/linux-hardened-4.14.182.a.patch" + "name": "linux-hardened-4.14.184.a.patch", + "sha256": "1g12kz6ikdwp6b7000pfy3myga90mvxyl04b9267fk88jwih6yhk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.184.a/linux-hardened-4.14.184.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.125.a.patch", - "sha256": "1dhb8syp4j7hc4mx3s7c2x0gxil5dw7jh0swfqzjm02npbwpp19r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.125.a/linux-hardened-4.19.125.a.patch" + "name": "linux-hardened-4.19.128.a.patch", + "sha256": "19ayzx9rf4j31ypavxwamd290lm95wmi7v165avxslahnx6pdsxs", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.128.a/linux-hardened-4.19.128.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.43.a.patch", - "sha256": "14d9sg1f2a0fnr2q9z6ck5biip1kbzqqwlg4xzpwv83vaycq4i3b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.43.a/linux-hardened-5.4.43.a.patch" + "name": "linux-hardened-5.4.46.a.patch", + "sha256": "0f2d53na7g6dhiba2ym09lm4fp3hwm6kw6mpm5jk46jmb6j7iwk5", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.46.a/linux-hardened-5.4.46.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.15.a.patch", - "sha256": "0gvp4mra07aj22mrjj8gzd3k7z1zafvak461iajrxfjhzh1z3bdf", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.15.a/linux-hardened-5.6.15.a.patch" + "name": "linux-hardened-5.6.18.a.patch", + "sha256": "0idvgjg7kji4w3341acfqywi0qqn3pvxcmiz70cd7inhlqaqrw63", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.18.a/linux-hardened-5.6.18.a.patch" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix index ca48ed48558b..7ee05ed47ded 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.182"; + version = "4.14.184"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "142v7qnfska86jqzilwq00kxdrq08iaaaw7f47xp9bnhb8fiy7b7"; + sha256 = "0h6r06c1d7amkfglsr66ic89p0zxpmk7jkq1ylcbknmkiwkixx9g"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix index 20aced02a86b..92281ffdd3e6 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.125"; + version = "4.19.128"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0zmxs6q2rgssvsh76xq9xgcax7bps19x2448d1q1fj9pzc7g8hwq"; + sha256 = "0g31ad3wziy4xqna0yvwjcnza3jhd93syjpfvmwh0b4pkj2adar9"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix index a9d45bcdea76..fe0406233169 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.225"; + version = "4.4.227"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0pn66hf9yrjg15skq1inscr5m0slvgsd2qm8rg5id70llrb4jis9"; + sha256 = "196x57w740firg8zchypq4vq6a83ymmwn9amqrscym9zr0pcgm40"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix index b13ed0e8fc56..5be2d7ac9bd9 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.225"; + version = "4.9.227"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1s63aymgsc4lsysy9d972ps9cyrf6bncyy5wcpv5a3wbaj678iz5"; + sha256 = "0pqc0wld4s4zjas95xm54mrkk00l9zkc59b6i9gq4km126s8bi1q"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix index 801003dc4f59..1c5bfad41681 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.43"; + version = "5.4.46"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0i07g72138xdf1l8x593jndq0waf3fx7plz3m6n5f9fl885bjrr6"; + sha256 = "13hvnfdcbcb9a21zizq8d90mc8maxz03zmzsj6iqsjd2y7r4y1rh"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.6.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.6.nix index d19fe9cbc6a0..bf245442ecef 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.15"; + version = "5.6.18"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0kh34f9vdfsi9g83fa1i1926djyzfi466w02c4y4d46ljf9pkav5"; + sha256 = "0cpiyzr62sv2yz0mla7skalb04pnr4nlkpi1zfcfzyjf1gjz8h8h"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.7.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.7.nix new file mode 100644 index 000000000000..c7f1389f1128 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.7.nix @@ -0,0 +1,18 @@ +{ stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: + +with stdenv.lib; + +buildLinux (args // rec { + version = "5.7.2"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; + + # branchVersion needs to be x.y + extraMeta.branch = versions.majorMinor version; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; + sha256 = "02brxm78n0kg4mh48acvjsr7mpvaqd279ycyaixaflid1s1awrb0"; + }; +} // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index bcea8bed7531..e531f878d029 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "17506"; - sha256 = "0yial2fib8bvv31ihzlxn80xlnpx8f0z6ml9md5xj3zxzslsy5iq"; + rev = "17537"; + sha256 = "15fj5ba28jw515fzfp4pbrkpq5xyvxvx7r9yh1l0qsxjzs2zml8b"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix index 31a2cc2aa157..a3d2bfd4836c 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix @@ -1,8 +1,8 @@ { stdenv, lib, buildPackages, fetchFromGitHub, perl, buildLinux, rpiVersion, ... } @ args: let - modDirVersion = "4.19.75"; - tag = "1.20190925"; + modDirVersion = "4.19.118"; + tag = "1.20200601"; in lib.overrideDerivation (buildLinux (args // { version = "${modDirVersion}-${tag}"; @@ -12,7 +12,7 @@ lib.overrideDerivation (buildLinux (args // { owner = "raspberrypi"; repo = "linux"; rev = "raspberrypi-kernel_${tag}-1"; - sha256 = "0l91kb4jjxg4fcp7d2aqm1fj34ns137rys93k907mdgnarcliafs"; + sha256 = "11jzsmnd1qry2ir9vmsv0nfdzjpgkn5yab5ylxcz406plc073anp"; }; defconfig = { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix index f2f0fac3b7dd..2a7a1fa93425 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,15 +3,15 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.7-rc6"; - extraMeta.branch = "5.7"; + version = "5.8-rc1"; + extraMeta.branch = "5.1"; # modDirVersion needs to be x.y.z, will always add .0 modDirVersion = if (modDirVersionArg == null) then builtins.replaceStrings ["-"] [".0-"] version else modDirVersionArg; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "0g04zwdxks7pa5q6shl5xl2rml1w95rxq7sqkkadj11mpk2k89w4"; + sha256 = "1gb7g2vrgg0zz281lv1ir1r0535spc40j65p0azmdxlk24fkfxfc"; }; # Should the testing kernels ever be built on Hydra? |