diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
41 files changed, 0 insertions, 6551 deletions
diff --git a/pkgs/os-specific/linux/kernel/README.md b/pkgs/os-specific/linux/kernel/README.md deleted file mode 100644 index 84fb05fc07a2..000000000000 --- a/pkgs/os-specific/linux/kernel/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# How to add a new (major) version of the Linux kernel to Nixpkgs: - -1. Copy the old Nix expression (e.g., `linux-2.6.21.nix`) to the new one (e.g., `linux-2.6.22.nix`) and update it. - -2. Add the new kernel to the `kernels` attribute set in [`linux-kernels.nix`](./linux-kernels.nix) (e.g., create an attribute `kernel_2_6_22`). - -3. Update the kernel configuration: - - 1. While in the Nixpkgs repository, enter the development shell for that kernel: - - ```console - $ nix-shell -A linuxKernel.kernels.linux_2_6_22 - ``` - - 2. Unpack the kernel: - - ```console - [nix-shell]$ pushd $(mktemp -d) - [nix-shell]$ unpackPhase - ``` - - 3. For each supported platform (`i686`, `x86_64`, `uml`) do the following: - - 1. Make a copy from the old config (e.g., `config-2.6.21-i686-smp`) to the new one (e.g., `config-2.6.22-i686-smp`). - - 2. Copy the config file for this platform (e.g., `config-2.6.22-i686-smp`) to `.config` in the unpacked kernel source tree. - - 3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e., don’t enable some feature on `i686` and disable it on `x86_64`). - - 4. If needed, you can also run `make menuconfig`: - - ```ShellSession - $ nix-shell -p ncurses pkg-config - $ make menuconfig ARCH=arch - ``` - - 5. Copy `.config` over the new config file (e.g., `config-2.6.22-i686-smp`). - -4. Test building the kernel: - -```ShellSession -nix-build -A linuxKernel.kernels.kernel_2_6_22 -``` - -If it compiles, ship it! For extra credit, try booting NixOS with it. - -5. It may be that the new kernel requires updating the external kernel modules and kernel-dependent packages listed in the `linuxPackagesFor` function in `linux-kernels.nix` (such as the NVIDIA drivers, AUFS, etc.). If the updated packages aren’t backwards compatible with older kernels, you may need to keep the older versions around. diff --git a/pkgs/os-specific/linux/kernel/bridge-stp-helper.patch b/pkgs/os-specific/linux/kernel/bridge-stp-helper.patch deleted file mode 100644 index 70d0f944c2a0..000000000000 --- a/pkgs/os-specific/linux/kernel/bridge-stp-helper.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h -index aea3d13..8fcbf81 100644 ---- a/net/bridge/br_private.h -+++ b/net/bridge/br_private.h -@@ -39,7 +39,7 @@ - #define BR_GROUPFWD_8021AD 0xB801u - - /* Path to usermode spanning tree program */ --#define BR_STP_PROG "/sbin/bridge-stp" -+#define BR_STP_PROG "/run/current-system/sw/bin/bridge-stp" - - typedef struct bridge_id bridge_id; - typedef struct mac_addr mac_addr; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix deleted file mode 100644 index c9bf29616062..000000000000 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ /dev/null @@ -1,1282 +0,0 @@ -# WARNING/NOTE: whenever you want to add an option here you need to either -# * mark it as an optional one with `option`, -# * or make sure it works for all the versions in nixpkgs, -# * or check for which kernel versions it will work (using kernel -# changelog, google or whatever) and mark it with `whenOlder` or -# `whenAtLeast`. -# Then do test your change by building all the kernels (or at least -# their configs) in Nixpkgs or else you will guarantee lots and lots -# of pain to users trying to switch to an older kernel because of some -# hardware problems with a new one. - -# Configuration -{ lib, stdenv, version - -, features ? {} -}: - -with lib; -with lib.kernel; -with (lib.kernel.whenHelpers version); - -let - - - # configuration items have to be part of a subattrs - flattenKConf = nested: mapAttrs (name: values: if length values == 1 then head values else throw "duplicate kernel configuration option: ${name}") (zipAttrs (attrValues nested)); - - whenPlatformHasEBPFJit = - mkIf (stdenv.hostPlatform.isAarch32 || - stdenv.hostPlatform.isAarch64 || - stdenv.hostPlatform.isx86_64 || - (stdenv.hostPlatform.isPower && stdenv.hostPlatform.is64bit) || - (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit)); - - options = { - - debug = { - # Necessary for BTF - DEBUG_INFO = mkMerge [ - (whenOlder "5.2" (if (features.debug or false) then yes else no)) - (whenBetween "5.2" "5.18" yes) - ]; - DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes; - # Reduced debug info conflict with BTF and have been enabled in - # aarch64 defconfig since 5.13 - DEBUG_INFO_REDUCED = whenAtLeast "5.13" (option no); - DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes); - # Allow loading modules with mismatched BTFs - # FIXME: figure out how to actually make BTFs reproducible instead - # See https://github.com/NixOS/nixpkgs/pull/181456 for details. - MODULE_ALLOW_BTF_MISMATCH = whenAtLeast "5.18" (option yes); - BPF_LSM = whenAtLeast "5.7" (option yes); - DEBUG_KERNEL = yes; - DEBUG_DEVRES = no; - DYNAMIC_DEBUG = yes; - DEBUG_STACK_USAGE = no; - RCU_TORTURE_TEST = no; - SCHEDSTATS = yes; - DETECT_HUNG_TASK = yes; - CRASH_DUMP = option no; - # Easier debugging of NFS issues. - SUNRPC_DEBUG = yes; - # Provide access to tunables like sched_migration_cost_ns - SCHED_DEBUG = yes; - - # Count IRQ and steal CPU time separately - IRQ_TIME_ACCOUNTING = yes; - PARAVIRT_TIME_ACCOUNTING = yes; - - # Enable CPU lockup detection - LOCKUP_DETECTOR = yes; - SOFTLOCKUP_DETECTOR = yes; - HARDLOCKUP_DETECTOR = yes; - - # Enable streaming logs to a remote device over a network - NETCONSOLE = module; - NETCONSOLE_DYNAMIC = yes; - - # Export known printks in debugfs - PRINTK_INDEX = whenAtLeast "5.15" yes; - }; - - power-management = { - CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes; - CPU_FREQ_GOV_SCHEDUTIL = yes; - PM_ADVANCED_DEBUG = yes; - PM_WAKELOCKS = yes; - POWERCAP = yes; - # ACPI Firmware Performance Data Table Support - ACPI_FPDT = whenAtLeast "5.12" (option yes); - # ACPI Heterogeneous Memory Attribute Table Support - ACPI_HMAT = whenAtLeast "5.2" (option yes); - # ACPI Platform Error Interface - ACPI_APEI = (option yes); - # APEI Generic Hardware Error Source - ACPI_APEI_GHES = (option yes); - - # Enable lazy RCUs for power savings: - # https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/ - # RCU_LAZY depends on RCU_NOCB_CPU depends on NO_HZ_FULL - # depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT, - # so we can't force-enable this - RCU_LAZY = whenAtLeast "6.2" (option yes); - - # Auto suspend Bluetooth devices at idle - BT_HCIBTUSB_AUTOSUSPEND = yes; - - # Expose cpufreq stats in sysfs - CPU_FREQ_STAT = yes; - - # Enable CPU energy model for scheduling - ENERGY_MODEL = whenAtLeast "5.0" yes; - - # Enable thermal interface netlink API - THERMAL_NETLINK = whenAtLeast "5.9" yes; - - # Prefer power-efficient workqueue implementation to per-CPU workqueues, - # which is slightly slower, but improves battery life. - # This is opt-in per workqueue, and can be disabled globally with a kernel command line option. - WQ_POWER_EFFICIENT_DEFAULT = yes; - - # Default SATA link power management to "medium with device initiated PM" - # for some extra power savings. - SATA_MOBILE_LPM_POLICY = whenAtLeast "5.18" (freeform "3"); - - # GPIO power management - POWER_RESET_GPIO = option yes; - POWER_RESET_GPIO_RESTART = option yes; - - # Enable Pulse-Width-Modulation support, commonly used for fan and backlight. - PWM = yes; - } // optionalAttrs (stdenv.hostPlatform.isx86) { - INTEL_IDLE = yes; - INTEL_RAPL = whenAtLeast "5.3" module; - X86_INTEL_LPSS = yes; - X86_INTEL_PSTATE = yes; - X86_AMD_PSTATE = whenAtLeast "5.17" yes; - # Intel DPTF (Dynamic Platform and Thermal Framework) Support - ACPI_DPTF = whenAtLeast "5.10" yes; - - # Required to bring up some Bay Trail devices properly - I2C = yes; - I2C_DESIGNWARE_PLATFORM = yes; - PMIC_OPREGION = whenAtLeast "5.10" yes; - INTEL_SOC_PMIC = whenAtLeast "5.10" yes; - BYTCRC_PMIC_OPREGION = whenAtLeast "5.10" yes; - CHTCRC_PMIC_OPREGION = whenAtLeast "5.10" yes; - XPOWER_PMIC_OPREGION = whenAtLeast "5.10" yes; - BXT_WC_PMIC_OPREGION = whenAtLeast "5.10" yes; - INTEL_SOC_PMIC_CHTWC = whenAtLeast "5.10" yes; - CHT_WC_PMIC_OPREGION = whenAtLeast "5.10" yes; - INTEL_SOC_PMIC_CHTDC_TI = whenAtLeast "5.10" yes; - CHT_DC_TI_PMIC_OPREGION = whenAtLeast "5.10" yes; - MFD_TPS68470 = whenBetween "5.10" "5.13" yes; - TPS68470_PMIC_OPREGION = whenAtLeast "5.10" yes; - - # Enable Intel thermal hardware feedback - INTEL_HFI_THERMAL = whenAtLeast "5.18" yes; - }; - - external-firmware = { - # Support drivers that need external firmware. - STANDALONE = no; - }; - - proc-config-gz = { - # Make /proc/config.gz available - IKCONFIG = yes; - IKCONFIG_PROC = yes; - }; - - optimization = { - X86_GENERIC = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; - # Optimize with -O2, not -Os - CC_OPTIMIZE_FOR_SIZE = no; - }; - - memory = { - DAMON = whenAtLeast "5.15" yes; - DAMON_VADDR = whenAtLeast "5.15" yes; - DAMON_PADDR = whenAtLeast "5.16" yes; - DAMON_SYSFS = whenAtLeast "5.18" yes; - DAMON_DBGFS = whenBetween "5.15" "6.9" yes; - DAMON_RECLAIM = whenAtLeast "5.16" yes; - DAMON_LRU_SORT = whenAtLeast "6.0" yes; - # Support recovering from memory failures on systems with ECC and MCA recovery. - MEMORY_FAILURE = yes; - - # Collect ECC errors and retire pages that fail too often - RAS_CEC = yes; - } // optionalAttrs (stdenv.is32bit) { - # Enable access to the full memory range (aka PAE) on 32-bit architectures - # This check isn't super accurate but it's close enough - HIGHMEM = option yes; - BOUNCE = option yes; - }; - - memtest = { - MEMTEST = yes; - }; - - # Include the CFQ I/O scheduler in the kernel, rather than as a - # module, so that the initrd gets a good I/O scheduler. - scheduler = { - IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 - BLK_CGROUP = yes; # required by CFQ" - BLK_CGROUP_IOLATENCY = yes; - BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes; - IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1 - MQ_IOSCHED_DEADLINE = yes; - BFQ_GROUP_IOSCHED = yes; - MQ_IOSCHED_KYBER = yes; - IOSCHED_BFQ = module; - # Enable CPU utilization clamping for RT tasks - UCLAMP_TASK = whenAtLeast "5.3" yes; - UCLAMP_TASK_GROUP = whenAtLeast "5.4" yes; - }; - - - timer = { - # Enable Full Dynticks System. - # NO_HZ_FULL depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT - NO_HZ_FULL = mkIf stdenv.is64bit yes; - }; - - # Enable NUMA. - numa = { - NUMA = option yes; - NUMA_BALANCING = option yes; - }; - - networking = { - NET = yes; - IP_ADVANCED_ROUTER = yes; - IP_PNP = no; - IP_ROUTE_MULTIPATH = yes; - IP_VS_PROTO_TCP = yes; - IP_VS_PROTO_UDP = yes; - IP_VS_PROTO_ESP = yes; - IP_VS_PROTO_AH = yes; - IP_VS_IPV6 = yes; - IP_DCCP_CCID3 = no; # experimental - CLS_U32_PERF = yes; - CLS_U32_MARK = yes; - BPF_JIT = whenPlatformHasEBPFJit yes; - BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 - HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; - BPF_STREAM_PARSER = yes; - XDP_SOCKETS = yes; - XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; - WAN = yes; - TCP_CONG_ADVANCED = yes; - TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 - # Required by systemd per-cgroup firewalling - CGROUP_BPF = option yes; - CGROUP_NET_PRIO = yes; # Required by systemd - IP_ROUTE_VERBOSE = yes; - IP_MROUTE_MULTIPLE_TABLES = yes; - IP_MULTICAST = yes; - IP_MULTIPLE_TABLES = yes; - IPV6 = yes; - IPV6_ROUTER_PREF = yes; - IPV6_ROUTE_INFO = yes; - IPV6_OPTIMISTIC_DAD = yes; - IPV6_MULTIPLE_TABLES = yes; - IPV6_SUBTREES = yes; - IPV6_MROUTE = yes; - IPV6_MROUTE_MULTIPLE_TABLES = yes; - IPV6_PIMSM_V2 = yes; - IPV6_FOU_TUNNEL = module; - IPV6_SEG6_LWTUNNEL = yes; - IPV6_SEG6_HMAC = yes; - IPV6_SEG6_BPF = yes; - NET_CLS_BPF = module; - NET_ACT_BPF = module; - NET_SCHED = yes; - L2TP_V3 = yes; - L2TP_IP = module; - L2TP_ETH = module; - BRIDGE_VLAN_FILTERING = yes; - BONDING = module; - NET_L3_MASTER_DEV = option yes; - NET_FOU_IP_TUNNELS = option yes; - IP_NF_TARGET_REDIRECT = module; - - PPP_MULTILINK = yes; # PPP multilink support - PPP_FILTER = yes; - - # needed for iwd WPS support (wpa_supplicant replacement) - KEY_DH_OPERATIONS = yes; - - # needed for nftables - # Networking Options - NETFILTER = yes; - NETFILTER_ADVANCED = yes; - # Core Netfilter Configuration - NF_CONNTRACK_ZONES = yes; - NF_CONNTRACK_EVENTS = yes; - NF_CONNTRACK_TIMEOUT = yes; - NF_CONNTRACK_TIMESTAMP = yes; - NETFILTER_NETLINK_GLUE_CT = yes; - NF_TABLES_INET = yes; - NF_TABLES_NETDEV = yes; - NFT_REJECT_NETDEV = whenAtLeast "5.11" module; - - # IP: Netfilter Configuration - NF_TABLES_IPV4 = yes; - NF_TABLES_ARP = yes; - # IPv6: Netfilter Configuration - NF_TABLES_IPV6 = yes; - # Bridge Netfilter Configuration - NF_TABLES_BRIDGE = mkMerge [ (whenOlder "5.3" yes) - (whenAtLeast "5.3" module) ]; - # Expose some debug info - NF_CONNTRACK_PROCFS = yes; - NF_FLOW_TABLE_PROCFS = whenAtLeast "6.0" yes; - - # needed for `dropwatch` - # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 - NET_DROP_MONITOR = yes; - - # needed for ss - # Use a lower priority to allow these options to be overridden in hardened/config.nix - INET_DIAG = mkDefault module; - INET_TCP_DIAG = mkDefault module; - INET_UDP_DIAG = mkDefault module; - INET_RAW_DIAG = mkDefault module; - INET_DIAG_DESTROY = mkDefault yes; - - # enable multipath-tcp - MPTCP = whenAtLeast "5.6" yes; - MPTCP_IPV6 = whenAtLeast "5.6" yes; - INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module); - - # Kernel TLS - TLS = module; - TLS_DEVICE = yes; - - # infiniband - INFINIBAND = module; - INFINIBAND_IPOIB = module; - INFINIBAND_IPOIB_CM = yes; - - # Enable debugfs for wireless drivers - CFG80211_DEBUGFS = yes; - MAC80211_DEBUGFS = yes; - } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { - # Not enabled by default, hides modules behind it - NET_VENDOR_MEDIATEK = yes; - # Enable SoC interface for MT7915 module, required for MT798X. - MT7986_WMAC = whenBetween "5.18" "6.6" yes; - MT798X_WMAC = whenAtLeast "6.6" yes; - }; - - wireless = { - CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build - IPW2100_MONITOR = option yes; # support promiscuous mode - IPW2200_MONITOR = option yes; # support promiscuous mode - HOSTAP_FIRMWARE = whenOlder "6.8" (option yes); # Support downloading firmware images with Host AP driver - HOSTAP_FIRMWARE_NVRAM = whenOlder "6.8" (option yes); - MAC80211_MESH = option yes; # Enable 802.11s (mesh networking) support - ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus - ATH9K_AHB = option yes; # Ditto, AHB bus - # The description of this option makes it sound dangerous or even illegal - # But OpenWRT enables it by default: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/Makefile#L55 - # At the time of writing (25-06-2023): this is only used in a "correct" way by ath drivers for initiating DFS radiation - # for "certified devices" - EXPERT = option yes; # this is needed for offering the certification option - RFKILL_INPUT = option yes; # counteract an undesired effect of setting EXPERT - CFG80211_CERTIFICATION_ONUS = option yes; - # DFS: "Dynamic Frequency Selection" is a spectrum-sharing mechanism that allows - # you to use certain interesting frequency when your local regulatory domain mandates it. - # ATH drivers hides the feature behind this option and makes hostapd works with DFS frequencies. - # OpenWRT enables it too: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/ath.mk#L42 - ATH9K_DFS_CERTIFIED = option yes; - ATH10K_DFS_CERTIFIED = option yes; - B43_PHY_HT = option yes; - BCMA_HOST_PCI = option yes; - RTW88 = whenAtLeast "5.2" module; - RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; - RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; - }; - - fb = { - FB = yes; - FB_EFI = yes; - FB_NVIDIA_I2C = yes; # Enable DDC Support - FB_RIVA_I2C = yes; - FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support - FB_ATY_GX = yes; # Mach64 GX support - FB_SAVAGE_I2C = yes; - FB_SAVAGE_ACCEL = yes; - FB_SIS_300 = yes; - FB_SIS_315 = yes; - FB_3DFX_ACCEL = yes; - FB_VESA = yes; - FRAMEBUFFER_CONSOLE = yes; - FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes; - FRAMEBUFFER_CONSOLE_ROTATION = yes; - FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes; - FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; - # Use simplefb on older kernels where we don't have simpledrm (enabled below) - FB_SIMPLE = whenOlder "5.15" yes; - DRM_FBDEV_EMULATION = yes; - }; - - fonts = { - FONTS = yes; - # Default fonts enabled if FONTS is not set - FONT_8x8 = yes; - FONT_8x16 = yes; - # High DPI font - FONT_TER16x32 = whenAtLeast "5.0" yes; - }; - - video = let - whenHasDevicePrivate = mkIf (!stdenv.isx86_32 && versionAtLeast version "5.1"); - in { - # compile in DRM so simpledrm can load before initrd if necessary - AGP = yes; - DRM = yes; - - DRM_LEGACY = whenOlder "6.8" no; - - NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no; - - # Enable simpledrm and use it for generic framebuffer - # Technically added in 5.14, but adding more complex configuration is not worth it - DRM_SIMPLEDRM = whenAtLeast "5.15" yes; - SYSFB_SIMPLEFB = whenAtLeast "5.15" yes; - - # Allow specifying custom EDID on the kernel command line - DRM_LOAD_EDID_FIRMWARE = yes; - VGA_SWITCHEROO = yes; # Hybrid graphics support - DRM_GMA500 = whenAtLeast "5.12" module; - DRM_GMA600 = whenOlder "5.13" yes; - DRM_GMA3600 = whenOlder "5.12" yes; - DRM_VMWGFX_FBCON = whenOlder "6.2" yes; - # (experimental) amdgpu support for verde and newer chipsets - DRM_AMDGPU_SI = yes; - # (stable) amdgpu support for bonaire and newer chipsets - DRM_AMDGPU_CIK = yes; - # Allow device firmware updates - DRM_DP_AUX_CHARDEV = whenOlder "6.10" yes; - DRM_DISPLAY_DP_AUX_CHARDEV = whenAtLeast "6.10" yes; - # amdgpu display core (DC) support - DRM_AMD_DC_DCN1_0 = whenOlder "5.6" yes; - DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes; - DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes; - DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes; - DRM_AMD_DC_DCN = whenBetween "5.11" "6.4" yes; - DRM_AMD_DC_FP = whenAtLeast "6.4" yes; - DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes; - DRM_AMD_DC_SI = whenAtLeast "5.10" yes; - - # Enable AMD Audio Coprocessor support for HDMI outputs - DRM_AMD_ACP = yes; - - # Enable AMD secure display when available - DRM_AMD_SECURE_DISPLAY = whenAtLeast "5.13" yes; - - # Enable new firmware (and by extension NVK) for compatible hardware on Nouveau - DRM_NOUVEAU_GSP_DEFAULT = whenAtLeast "6.8" yes; - - # Enable Nouveau shared virtual memory (used by OpenCL) - DEVICE_PRIVATE = whenHasDevicePrivate yes; - DRM_NOUVEAU_SVM = whenHasDevicePrivate yes; - - # Enable HDMI-CEC receiver support - RC_CORE = yes; - MEDIA_CEC_RC = whenAtLeast "5.10" yes; - - # Enable CEC over DisplayPort - DRM_DP_CEC = whenOlder "6.10" yes; - DRM_DISPLAY_DP_AUX_CEC = whenAtLeast "6.10" yes; - } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { - # Intel GVT-g graphics virtualization supports 64-bit only - DRM_I915_GVT = yes; - DRM_I915_GVT_KVMGT = module; - # Enable Hyper-V Synthetic DRM Driver - DRM_HYPERV = whenAtLeast "5.14" module; - } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { - # enable HDMI-CEC on RPi boards - DRM_VC4_HDMI_CEC = yes; - }; - - # Enables Rust support in the Linux kernel. This is currently not enabled by default, because it occasionally requires - # patching the Linux kernel for the specific Rust toolchain in nixpkgs. These patches usually take a bit - # of time to appear and this would hold up Linux kernel and Rust toolchain updates. - # - # Once Rust in the kernel has more users, we can reconsider enabling it by default. - rust = optionalAttrs ((features.rust or false) && versionAtLeast version "6.7") { - RUST = yes; - GCC_PLUGINS = no; - }; - - sound = { - SND_DYNAMIC_MINORS = yes; - SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode - # 10s for the idle timeout, Fedora does 1, Arch does 10. - # The kernel says we should do 10. - # Read: https://docs.kernel.org/sound/designs/powersave.html - SND_AC97_POWER_SAVE_DEFAULT = freeform "10"; - SND_HDA_POWER_SAVE_DEFAULT = freeform "10"; - SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer - SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions - # Support configuring jack functions via fw mechanism at boot - SND_HDA_PATCH_LOADER = yes; - SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon - SND_OSSEMUL = yes; - SND_USB_CAIAQ_INPUT = yes; - SND_USB_AUDIO_MIDI_V2 = whenAtLeast "6.5" yes; - # Enable Sound Open Firmware support - } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && - versionAtLeast version "5.5") { - SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast "5.10" module; - SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast "5.10" yes; # dep of SOF_MACH - SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween "5.10" "5.11" yes; # dep of SOF_MACH - SND_SOC_SOF_TOPLEVEL = yes; - SND_SOC_SOF_ACPI = module; - SND_SOC_SOF_PCI = module; - SND_SOC_SOF_APOLLOLAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_CANNONLAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_COFFEELAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_COMETLAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder "5.8" yes; - SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_ELKHARTLAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_GEMINILAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_HDA_AUDIO_CODEC = yes; - SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes; - SND_SOC_SOF_HDA_LINK = yes; - SND_SOC_SOF_ICELAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_INTEL_TOPLEVEL = yes; - SND_SOC_SOF_JASPERLAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_MERRIFIELD = whenAtLeast "5.12" module; - SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder "5.12" yes; - SND_SOC_SOF_TIGERLAKE = whenAtLeast "5.12" module; - SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes; - }; - - usb = { - USB = yes; # compile USB core into kernel, so we can use USB_SERIAL_CONSOLE before modules - - USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators - USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling - USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) - - # default to dual role mode - USB_DWC2_DUAL_ROLE = yes; - USB_DWC3_DUAL_ROLE = yes; - }; - - usb-serial = { - USB_SERIAL = yes; - USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver - USB_SERIAL_CONSOLE = yes; # Allow using USB serial adapter as console - U_SERIAL_CONSOLE = whenAtLeast "5.10" yes; # Allow using USB gadget as console - }; - - # Filesystem options - in particular, enable extended attributes and - # ACLs for all filesystems that support them. - filesystem = { - FANOTIFY = yes; - FANOTIFY_ACCESS_PERMISSIONS = yes; - - TMPFS = yes; - TMPFS_POSIX_ACL = yes; - FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else option module; - - EXT2_FS_XATTR = yes; - EXT2_FS_POSIX_ACL = yes; - EXT2_FS_SECURITY = yes; - - EXT3_FS_POSIX_ACL = yes; - EXT3_FS_SECURITY = yes; - - EXT4_FS_POSIX_ACL = yes; - EXT4_FS_SECURITY = yes; - EXT4_ENCRYPTION = whenOlder "5.1" yes; - - NTFS_FS = whenBetween "5.15" "6.9" no; - NTFS3_LZX_XPRESS = whenAtLeast "5.15" yes; - NTFS3_FS_POSIX_ACL = whenAtLeast "5.15" yes; - - REISERFS_FS_XATTR = option yes; - REISERFS_FS_POSIX_ACL = option yes; - REISERFS_FS_SECURITY = option yes; - - JFS_POSIX_ACL = option yes; - JFS_SECURITY = option yes; - - XFS_QUOTA = option yes; - XFS_POSIX_ACL = option yes; - XFS_RT = option yes; # XFS Realtime subvolume support - XFS_ONLINE_SCRUB = option yes; - - OCFS2_DEBUG_MASKLOG = option no; - - BTRFS_FS_POSIX_ACL = yes; - - BCACHEFS_QUOTA = whenAtLeast "6.7" (option yes); - BCACHEFS_POSIX_ACL = whenAtLeast "6.7" (option yes); - - UBIFS_FS_ADVANCED_COMPR = option yes; - - F2FS_FS = module; - F2FS_FS_SECURITY = option yes; - F2FS_FS_ENCRYPTION = whenOlder "5.1" yes; - F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes; - UDF_FS = module; - - NFSD_V2_ACL = whenOlder "5.15" yes; - NFSD_V3 = whenOlder "5.15" yes; - NFSD_V3_ACL = yes; - NFSD_V4 = yes; - NFSD_V4_SECURITY_LABEL = yes; - - NFS_FSCACHE = yes; - NFS_SWAP = yes; - NFS_V3_ACL = yes; - NFS_V4_1 = yes; # NFSv4.1 client support - NFS_V4_2 = yes; - NFS_V4_SECURITY_LABEL = yes; - - CIFS_XATTR = yes; - CIFS_POSIX = option yes; - CIFS_FSCACHE = yes; - CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; - CIFS_UPCALL = yes; - CIFS_ACL = whenOlder "5.3" yes; - CIFS_DFS_UPCALL = yes; - - CEPH_FSCACHE = yes; - CEPH_FS_POSIX_ACL = yes; - - SQUASHFS_FILE_DIRECT = yes; - SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder "6.2" yes; - SQUASHFS_CHOICE_DECOMP_BY_MOUNT = whenAtLeast "6.2" yes; - SQUASHFS_XATTR = yes; - SQUASHFS_ZLIB = yes; - SQUASHFS_LZO = yes; - SQUASHFS_XZ = yes; - SQUASHFS_LZ4 = yes; - SQUASHFS_ZSTD = yes; - - # Native Language Support modules, needed by some filesystems - NLS = yes; - NLS_DEFAULT = freeform "utf8"; - NLS_UTF8 = module; - NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option - NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option - - # Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64) - ISO9660_FS = module; - - DEVTMPFS = yes; - - UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems - }; - - security = { - FORTIFY_SOURCE = option yes; - - # https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html - DEBUG_LIST = yes; - HARDENED_USERCOPY = yes; - RANDOMIZE_BASE = option yes; - STRICT_DEVMEM = mkDefault yes; # Filter access to /dev/mem - IO_STRICT_DEVMEM = mkDefault yes; - SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default - # Prevent processes from ptracing non-children processes - SECURITY_YAMA = option yes; - # The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. - # This does not have any effect if a program does not support it - SECURITY_LANDLOCK = whenAtLeast "5.13" yes; - DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem - - USER_NS = yes; # Support for user namespaces - - SECURITY_APPARMOR = yes; - DEFAULT_SECURITY_APPARMOR = yes; - - RANDOM_TRUST_CPU = whenOlder "6.2" yes; # allow RDRAND to seed the RNG - RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG - - MODULE_SIG = no; # r13y, generates a random key during build and bakes it in - # Depends on MODULE_SIG and only really helps when you sign your modules - # and enforce signatures which we don't do by default. - SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" no; - - # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis - PERSISTENT_KEYRINGS = yes; - # enable temporary caching of the last request_key() result - KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; - # randomized slab caches - RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; - - # NIST SP800-90A DRBG modes - enabled by most distributions - # and required by some out-of-tree modules (ShuffleCake) - # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. - CRYPTO_DRBG_HASH = yes; - CRYPTO_DRBG_CTR = yes; - - # Enable KFENCE - # See: https://docs.kernel.org/dev-tools/kfence.html - KFENCE = whenAtLeast "5.12" yes; - - # Enable support for page poisoning. Still needs to be enabled on the command line to actually work. - PAGE_POISONING = yes; - - # Enable stack smashing protections in schedule() - # See: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8&id=0d9e26329b0c9263d4d9e0422d80a0e73268c52f - SCHED_STACK_END_CHECK = yes; - } // optionalAttrs stdenv.hostPlatform.isx86_64 { - # Enable Intel SGX - X86_SGX = whenAtLeast "5.11" yes; - # Allow KVM guests to load SGX enclaves - X86_SGX_KVM = whenAtLeast "5.13" yes; - - # AMD Cryptographic Coprocessor (CCP) - CRYPTO_DEV_CCP = yes; - # AMD SME - AMD_MEM_ENCRYPT = yes; - # AMD SEV and AMD SEV-SE - KVM_AMD_SEV = yes; - # AMD SEV-SNP - SEV_GUEST = whenAtLeast "5.19" module; - # Shadow stacks - X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes; - - # Mitigate straight line speculation at the cost of some file size - SLS = whenBetween "5.17" "6.9" yes; - MITIGATION_SLS = whenAtLeast "6.9" yes; - }; - - microcode = { - MICROCODE = yes; - MICROCODE_INTEL = whenOlder "6.6" yes; - MICROCODE_AMD = whenOlder "6.6" yes; - # Write Back Throttling - # https://lwn.net/Articles/682582/ - # https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655 - BLK_WBT = yes; - BLK_WBT_SQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 - BLK_WBT_MQ = yes; - }; - - container = { - NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install' - RT_GROUP_SCHED = no; - CGROUP_DEVICE = yes; - CGROUP_HUGETLB = yes; - CGROUP_PERF = yes; - CGROUP_RDMA = yes; - - MEMCG = yes; - MEMCG_SWAP = whenOlder "6.1" yes; - - BLK_DEV_THROTTLING = yes; - CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1 - CGROUP_PIDS = yes; - }; - - staging = { - # Enable staging drivers. These are somewhat experimental, but - # they generally don't hurt. - STAGING = yes; - }; - - proc-events = { - # PROC_EVENTS requires that the netlink connector is not built - # as a module. This is required by libcgroup's cgrulesengd. - CONNECTOR = yes; - PROC_EVENTS = yes; - }; - - tracing = { - FTRACE = yes; - KPROBES = yes; - FUNCTION_TRACER = yes; - FTRACE_SYSCALLS = yes; - SCHED_TRACER = yes; - STACK_TRACER = yes; - UPROBE_EVENTS = option yes; - BPF_SYSCALL = yes; - BPF_UNPRIV_DEFAULT_OFF = whenBetween "5.10" "5.16" yes; - BPF_EVENTS = yes; - FUNCTION_PROFILER = yes; - RING_BUFFER_BENCHMARK = no; - }; - - perf = { - # enable AMD Zen branch sampling if available - PERF_EVENTS_AMD_BRS = whenAtLeast "5.19" (option yes); - }; - - virtualisation = { - PARAVIRT = option yes; - - HYPERVISOR_GUEST = yes; - PARAVIRT_SPINLOCKS = option yes; - - KVM_ASYNC_PF = yes; - KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes; - KVM_GUEST = yes; - KVM_MMIO = yes; - KVM_VFIO = yes; - KSM = yes; - VIRT_DRIVERS = yes; - # We need 64 GB (PAE) support for Xen guest support - HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";}; - - VFIO_PCI_VGA = mkIf stdenv.is64bit yes; - - UDMABUF = whenAtLeast "4.20" yes; - - # VirtualBox guest drivers in the kernel conflict with the ones in the - # official additions package and prevent the vboxsf module from loading, - # so disable them for now. - VBOXGUEST = option no; - DRM_VBOXVIDEO = option no; - - XEN = option yes; - XEN_DOM0 = option yes; - PCI_XEN = option yes; - HVC_XEN = option yes; - HVC_XEN_FRONTEND = option yes; - XEN_SYS_HYPERVISOR = option yes; - SWIOTLB_XEN = option yes; - XEN_BACKEND = option yes; - XEN_BALLOON = option yes; - XEN_BALLOON_MEMORY_HOTPLUG = option yes; - XEN_EFI = option yes; - XEN_HAVE_PVMMU = option yes; - XEN_MCE_LOG = option yes; - XEN_PVH = option yes; - XEN_PVHVM = option yes; - XEN_SAVE_RESTORE = option yes; - XEN_SELFBALLOONING = whenOlder "5.3" yes; - - # Enable device detection on virtio-mmio hypervisors - VIRTIO_MMIO_CMDLINE_DEVICES = yes; - }; - - media = { - MEDIA_DIGITAL_TV_SUPPORT = yes; - MEDIA_CAMERA_SUPPORT = yes; - MEDIA_CONTROLLER = yes; - MEDIA_PCI_SUPPORT = yes; - MEDIA_USB_SUPPORT = yes; - MEDIA_ANALOG_TV_SUPPORT = yes; - VIDEO_STK1160_COMMON = whenOlder "6.5" module; - }; - - "9p" = { - # Enable the 9P cache to speed up NixOS VM tests. - "9P_FSCACHE" = option yes; - "9P_FS_POSIX_ACL" = option yes; - }; - - huge-page = { - TRANSPARENT_HUGEPAGE = option yes; - TRANSPARENT_HUGEPAGE_ALWAYS = option no; - TRANSPARENT_HUGEPAGE_MADVISE = option yes; - }; - - zram = { - ZRAM = module; - ZRAM_WRITEBACK = option yes; - ZRAM_MULTI_COMP = whenAtLeast "6.2" yes; - ZRAM_DEF_COMP_ZSTD = whenAtLeast "5.11" yes; - ZSWAP = option yes; - ZSWAP_COMPRESSOR_DEFAULT_ZSTD = whenAtLeast "5.7" (mkOptionDefault yes); - ZPOOL = yes; - ZSMALLOC = option yes; - }; - - brcmfmac = { - # Enable PCIe and USB for the brcmfmac driver - BRCMFMAC_USB = option yes; - BRCMFMAC_PCIE = option yes; - }; - - # Support x2APIC (which requires IRQ remapping) - x2apic = optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { - X86_X2APIC = yes; - IRQ_REMAP = yes; - }; - - # Disable various self-test modules that have no use in a production system - tests = { - # This menu disables all/most of them on >= 4.16 - RUNTIME_TESTING_MENU = option no; - } // { - CRC32_SELFTEST = option no; - CRYPTO_TEST = option no; - EFI_TEST = option no; - GLOB_SELFTEST = option no; - LOCK_TORTURE_TEST = option no; - MTD_TESTS = option no; - NOTIFIER_ERROR_INJECTION = option no; - RCU_PERF_TEST = whenOlder "5.9" no; - RCU_SCALE_TEST = whenAtLeast "5.10" no; - TEST_ASYNC_DRIVER_PROBE = option no; - WW_MUTEX_SELFTEST = option no; - XZ_DEC_TEST = option no; - }; - - criu = { - # Unconditionally enabled, because it is required for CRIU and - # it provides the kcmp() system call that Mesa depends on. - CHECKPOINT_RESTORE = yes; - - # Allows soft-dirty tracking on pages, used by CRIU. - # See https://docs.kernel.org/admin-guide/mm/soft-dirty.html - MEM_SOFT_DIRTY = mkIf (!stdenv.isx86_32) yes; - }; - - misc = let - # Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz. - # i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375 - useZstd = stdenv.buildPlatform.is64bit && versionAtLeast version "5.9"; - in { - # stdenv.hostPlatform.linux-kernel.target assumes uncompressed on RISC-V. - KERNEL_UNCOMPRESSED = mkIf stdenv.hostPlatform.isRiscV yes; - KERNEL_XZ = mkIf (!stdenv.hostPlatform.isRiscV && !useZstd) yes; - KERNEL_ZSTD = mkIf (!stdenv.hostPlatform.isRiscV && useZstd) yes; - - HID_BATTERY_STRENGTH = yes; - # enabled by default in x86_64 but not arm64, so we do that here - HIDRAW = yes; - - # Enable loading HID fixups as eBPF from userspace - HID_BPF = whenAtLeast "6.3" yes; - - HID_ACRUX_FF = yes; - DRAGONRISE_FF = yes; - GREENASIA_FF = yes; - HOLTEK_FF = yes; - JOYSTICK_PSXPAD_SPI_FF = yes; - LOGIG940_FF = yes; - NINTENDO_FF = whenAtLeast "5.16" yes; - PLAYSTATION_FF = whenAtLeast "5.12" yes; - SONY_FF = yes; - SMARTJOYPLUS_FF = yes; - THRUSTMASTER_FF = yes; - ZEROPLUS_FF = yes; - - MODULE_COMPRESS = whenOlder "5.13" yes; - MODULE_COMPRESS_XZ = yes; - - SYSVIPC = yes; # System-V IPC - - AIO = yes; # POSIX asynchronous I/O - - UNIX = yes; # Unix domain sockets. - - MD = yes; # Device mapper (RAID, LVM, etc.) - - # Enable initrd support. - BLK_DEV_INITRD = yes; - - # Allows debugging systems that get stuck during suspend/resume - PM_TRACE = yes; - PM_TRACE_RTC = yes; - - ACCESSIBILITY = yes; # Accessibility support - AUXDISPLAY = yes; # Auxiliary Display support - HIPPI = yes; - MTD_COMPLEX_MAPPINGS = yes; # needed for many devices - - SCSI_LOWLEVEL = yes; # enable lots of SCSI devices - SCSI_LOWLEVEL_PCMCIA = yes; - SCSI_SAS_ATA = yes; # added to enable detection of hard drive - - SPI = yes; # needed for many devices - SPI_MASTER = yes; - - "8139TOO_8129" = yes; - "8139TOO_PIO" = no; # PIO is slower - - AIC79XX_DEBUG_ENABLE = no; - AIC7XXX_DEBUG_ENABLE = no; - AIC94XX_DEBUG = no; - - BLK_DEV_INTEGRITY = yes; - BLK_DEV_ZONED = yes; - - BLK_SED_OPAL = yes; - - # Enable support for block layer inline encryption - BLK_INLINE_ENCRYPTION = whenAtLeast "5.8" yes; - # ...but fall back to CPU encryption if unavailable - BLK_INLINE_ENCRYPTION_FALLBACK = whenAtLeast "5.8" yes; - - BSD_PROCESS_ACCT_V3 = yes; - - SERIAL_DEV_BUS = yes; # enables support for serial devices - SERIAL_DEV_CTRL_TTYPORT = yes; # enables support for TTY serial devices - - BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support - BT_HCIUART_QCA = yes; # Qualcomm Atheros protocol support - BT_HCIUART_SERDEV = yes; # required by BT_HCIUART_QCA - BT_HCIUART = module; # required for BT devices with serial port interface (QCA6390) - BT_HCIUART_BCSP = option yes; - BT_HCIUART_H4 = option yes; # UART (H4) protocol support - BT_HCIUART_LL = option yes; - BT_RFCOMM_TTY = option yes; # RFCOMM TTY support - BT_QCA = module; # enables QCA6390 bluetooth - - # Removed on 5.17 as it was unused - # upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31 - CLEANCACHE = whenOlder "5.17" (option yes); - - FSCACHE_STATS = yes; - - DVB_DYNAMIC_MINORS = option yes; # we use udev - - EFI_STUB = yes; # EFI bootloader in the bzImage itself - EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER = - whenOlder "6.2" (whenAtLeast "5.8" yes); # initrd kernel parameter for EFI - CGROUPS = yes; # used by systemd - FHANDLE = yes; # used by systemd - SECCOMP = yes; # used by systemd >= 231 - SECCOMP_FILTER = yes; # ditto - POSIX_MQUEUE = yes; - FRONTSWAP = whenOlder "6.6" yes; - FUSION = yes; # Fusion MPT device support - IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14 - IDLE_PAGE_TRACKING = yes; - - JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels - JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels - JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support - JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED - - KEYBOARD_APPLESPI = whenAtLeast "5.3" module; - - KEXEC_FILE = option yes; - KEXEC_JUMP = option yes; - - PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION - # Windows Logical Disk Manager (Dynamic Disk) support - LDM_PARTITION = yes; - LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback - LOGO = no; # not needed - MEDIA_ATTACH = yes; - MEGARAID_NEWGEN = yes; - - MLX5_CORE_EN = option yes; - - NVME_MULTIPATH = yes; - - NVME_AUTH = mkMerge [ - (whenBetween "6.0" "6.7" yes) - (whenAtLeast "6.7" module) - ]; - - NVME_HOST_AUTH = whenAtLeast "6.7" yes; - NVME_TCP_TLS = whenAtLeast "6.7" yes; - - NVME_TARGET = module; - NVME_TARGET_PASSTHRU = whenAtLeast "5.9" yes; - NVME_TARGET_AUTH = whenAtLeast "6.0" yes; - NVME_TARGET_TCP_TLS = whenAtLeast "6.7" yes; - - PCI_P2PDMA = mkIf (stdenv.hostPlatform.is64bit && versionAtLeast version "4.20") yes; - - PSI = whenAtLeast "4.20" yes; - - MOUSE_ELAN_I2C_SMBUS = yes; - MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension - MOUSE_PS2_VMMOUSE = yes; - MTRR_SANITIZER = yes; - NET_FC = yes; # Fibre Channel driver support - # Needed for touchpads to work on some AMD laptops - PINCTRL_AMD = whenAtLeast "5.19" yes; - # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks - PINCTRL_BAYTRAIL = yes; - # GPIO for Braswell and Cherryview devices - # Needs to be built-in to for integrated keyboards to function properly - PINCTRL_CHERRYVIEW = yes; - # 8 is default. Modern gpt tables on eMMC may go far beyond 8. - MMC_BLOCK_MINORS = freeform "32"; - - REGULATOR = yes; # Voltage and Current Regulator Support - RC_DEVICES = option yes; # Enable IR devices - RC_DECODERS = option yes; # Required for IR devices to work - - RT2800USB_RT53XX = yes; - RT2800USB_RT55XX = yes; - - SCHED_AUTOGROUP = yes; - CFS_BANDWIDTH = yes; - - SCSI_LOGGING = yes; # SCSI logging facility - SERIAL_8250 = yes; # 8250/16550 and compatible serial support - - SLAB_FREELIST_HARDENED = yes; - SLAB_FREELIST_RANDOM = yes; - - SLIP_COMPRESSED = yes; # CSLIP compressed headers - SLIP_SMART = yes; - - HWMON = yes; - THERMAL_HWMON = yes; # Hardware monitoring support - NVME_HWMON = whenAtLeast "5.5" yes; # NVMe drives temperature reporting - UEVENT_HELPER = no; - - USERFAULTFD = yes; - X86_CHECK_BIOS_CORRUPTION = yes; - X86_MCE = yes; - - RAS = yes; # Needed for EDAC support - - # Our initrd init uses shebang scripts, so can't be modular. - BINFMT_SCRIPT = yes; - # For systemd-binfmt - BINFMT_MISC = option yes; - - # Disable the firmware helper fallback, udev doesn't implement it any more - FW_LOADER_USER_HELPER_FALLBACK = option no; - - FW_LOADER_COMPRESS = whenAtLeast "5.3" yes; - FW_LOADER_COMPRESS_ZSTD = whenAtLeast "5.19" yes; - - HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI - HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support - - # Enable AMD's ROCm GPU compute stack - HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes); - ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes); - HMM_MIRROR = whenAtLeast "5.3" yes; - DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes; - - PREEMPT = no; - PREEMPT_VOLUNTARY = yes; - - X86_AMD_PLATFORM_DEVICE = yes; - X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes; - X86_PLATFORM_DRIVERS_HP = whenAtLeast "6.1" yes; - - LIRC = yes; - - SCHED_CORE = whenAtLeast "5.14" yes; - - LRU_GEN = whenAtLeast "6.1" yes; - LRU_GEN_ENABLED = whenAtLeast "6.1" yes; - - FSL_MC_UAPI_SUPPORT = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "5.12" yes); - - ASHMEM = { optional = true; tristate = whenBetween "5.0" "5.18" "y";}; - ANDROID = { optional = true; tristate = whenBetween "5.0" "5.19" "y";}; - ANDROID_BINDER_IPC = { optional = true; tristate = whenAtLeast "5.0" "y";}; - ANDROID_BINDERFS = { optional = true; tristate = whenAtLeast "5.0" "y";}; - ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";}; - - TASKSTATS = yes; - TASK_DELAY_ACCT = yes; - TASK_XACCT = yes; - TASK_IO_ACCOUNTING = yes; - - # Fresh toolchains frequently break -Werror build for minor issues. - WERROR = whenAtLeast "5.15" no; - - # > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production. - # https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html - KUNIT = whenAtLeast "5.5" no; - - # Set system time from RTC on startup and resume - RTC_HCTOSYS = option yes; - - # Expose watchdog information in sysfs - WATCHDOG_SYSFS = yes; - - # Enable generic kernel watch queues - # See https://docs.kernel.org/core-api/watch_queue.html - WATCH_QUEUE = whenAtLeast "5.8" yes; - } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { - # Enable CPU/memory hotplug support - # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot - ACPI_HOTPLUG_CPU = yes; - ACPI_HOTPLUG_MEMORY = yes; - MEMORY_HOTPLUG = yes; - MEMORY_HOTREMOVE = yes; - HOTPLUG_CPU = yes; - MIGRATION = yes; - SPARSEMEM = yes; - - # Bump the maximum number of CPUs to support systems like EC2 x1.* - # instances and Xeon Phi. - NR_CPUS = freeform "384"; - - # Enable LEDS to display link-state status of PHY devices (i.e. eth lan/wan interfaces) - LED_TRIGGER_PHY = whenAtLeast "4.10" yes; - } // optionalAttrs (stdenv.hostPlatform.system == "armv7l-linux" || stdenv.hostPlatform.system == "aarch64-linux") { - # Enables support for the Allwinner Display Engine 2.0 - SUN8I_DE2_CCU = yes; - - # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 - CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no; - - # Distros should configure the default as a kernel option. - # We previously defined it on the kernel command line as cma= - # The kernel command line will override a platform-specific configuration from its device tree. - # https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44 - CMA_SIZE_MBYTES = freeform "32"; - - # Add debug interfaces for CMA - CMA_DEBUGFS = yes; - CMA_SYSFS = yes; - - # https://docs.kernel.org/arch/arm/mem_alignment.html - # tldr: - # when buggy userspace code emits illegal misaligned LDM, STM, - # LDRD and STRDs, the instructions trap, are caught, and then - # are emulated by the kernel. - # - # This is the default on armv7l, anyway, but it is explicitly - # enabled here for the sake of providing context for the - # aarch64 compat option which follows. - ALIGNMENT_TRAP = mkIf (stdenv.hostPlatform.system == "armv7l-linux") yes; - - # https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220701135322.3025321-1-ardb@kernel.org/ - # tldr: - # when encountering alignment faults under aarch64, this option - # makes the kernel attempt to handle the fault by doing the - # same style of misaligned emulation that is performed under - # armv7l (see above option). - # - # This minimizes the potential for aarch32 userspace to behave - # differently when run under aarch64 kernels compared to when - # it is run under an aarch32 kernel. - COMPAT_ALIGNMENT_FIXUPS = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "6.1" yes); - } // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) { - # Required for various hardware features on Chrome OS devices - CHROME_PLATFORMS = yes; - CHROMEOS_TBMC = module; - - CROS_EC = module; - - CROS_EC_I2C = module; - CROS_EC_SPI = module; - CROS_EC_LPC = module; - CROS_EC_ISHTP = module; - - CROS_KBD_LED_BACKLIGHT = module; - - TCG_TIS_SPI_CR50 = whenAtLeast "5.5" yes; - } // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") { - CHROMEOS_LAPTOP = module; - CHROMEOS_PSTORE = module; - } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { - # Enable x86 resource control - X86_CPU_RESCTRL = whenAtLeast "5.0" yes; - - # Enable TSX on CPUs where it's not vulnerable - X86_INTEL_TSX_MODE_AUTO = yes; - - # Enable AMD Wi-Fi RF band mitigations - # See https://cateee.net/lkddb/web-lkddb/AMD_WBRF.html - AMD_WBRF = whenAtLeast "6.8" yes; - - # Enable Intel Turbo Boost Max 3.0 - INTEL_TURBO_MAX_3 = yes; - }; - - accel = { - # Build DRM accelerator devices - DRM_ACCEL = whenAtLeast "6.2" yes; - }; - }; -in - flattenKConf options diff --git a/pkgs/os-specific/linux/kernel/export-rt-sched-migrate.patch b/pkgs/os-specific/linux/kernel/export-rt-sched-migrate.patch deleted file mode 100644 index 1d8ed6f712cb..000000000000 --- a/pkgs/os-specific/linux/kernel/export-rt-sched-migrate.patch +++ /dev/null @@ -1,11 +0,0 @@ -Export linux-rt (PREEMPT_RT) specific symbols needed by ZFS. -(Regular kernel provides them static inline in linux/preempt.h.) - ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -1812 +1812 @@ void migrate_disable(void) --EXPORT_SYMBOL_GPL(migrate_disable); -+EXPORT_SYMBOL(migrate_disable); -@@ -1843 +1843 @@ void migrate_enable(void) --EXPORT_SYMBOL_GPL(migrate_enable); -+EXPORT_SYMBOL(migrate_enable); diff --git a/pkgs/os-specific/linux/kernel/generate-config.pl b/pkgs/os-specific/linux/kernel/generate-config.pl deleted file mode 100644 index 7e12ca5d96a9..000000000000 --- a/pkgs/os-specific/linux/kernel/generate-config.pl +++ /dev/null @@ -1,154 +0,0 @@ -# This script runs `make config' to generate a Linux kernel -# configuration file. For each question (i.e. kernel configuration -# option), unless an override is provided, it answers "m" if possible, -# and otherwise uses the default answer (as determined by the default -# config for the architecture). Overrides are read from the file -# $KERNEL_CONFIG, which on each line contains an option name and an -# answer, e.g. "EXT2_FS_POSIX_ACL y". The script warns about ignored -# options in $KERNEL_CONFIG, and barfs if `make config' selects -# another answer for an option than the one provided in -# $KERNEL_CONFIG. - -use strict; -use IPC::Open2; -use Cwd; - -# exported via nix -my $debug = $ENV{'DEBUG'}; -my $autoModules = $ENV{'AUTO_MODULES'}; -my $preferBuiltin = $ENV{'PREFER_BUILTIN'}; -my $ignoreConfigErrors = $ENV{'ignoreConfigErrors'}; -my $buildRoot = $ENV{'BUILD_ROOT'}; -my $makeFlags = $ENV{'MAKE_FLAGS'}; -$SIG{PIPE} = 'IGNORE'; - -# Read the answers. -my %answers; -my %requiredAnswers; -open ANSWERS, "<$ENV{KERNEL_CONFIG}" or die "Could not open answer file"; -while (<ANSWERS>) { - chomp; - s/#.*//; - if (/^\s*([A-Za-z0-9_]+)(\?)?\s+(.*\S)\s*$/) { - $answers{$1} = $3; - $requiredAnswers{$1} = !(defined $2); - } elsif (!/^\s*$/) { - die "invalid config line: $_"; - } -} -close ANSWERS; - -sub runConfig { - - # Run `make config'. - my $pid = open2(\*IN, \*OUT, "make -C $ENV{SRC} O=$buildRoot config SHELL=bash ARCH=$ENV{ARCH} CC=$ENV{CC} HOSTCC=$ENV{HOSTCC} HOSTCXX=$ENV{HOSTCXX} $makeFlags"); - - # Parse the output, look for questions and then send an - # appropriate answer. - my $line = ""; my $s; - my %choices = (); - - my ($prevQuestion, $prevName); - - while (!eof IN) { - read IN, $s, 1 or next; - $line .= $s; - - #print STDERR "LINE: $line\n"; - - if ($s eq "\n") { - print STDERR "GOT: $line" if $debug; - - # Remember choice alternatives ("> 1. bla (FOO)" or " 2. bla (BAR) (NEW)"). - if ($line =~ /^\s*>?\s*(\d+)\.\s+.*?\(([A-Za-z0-9_]+)\)(?:\s+\(NEW\))?\s*$/) { - $choices{$2} = $1; - } else { - # The list of choices has ended without us being - # asked. This happens for options where only one value - # is valid, for instance. The results can foul up - # later options, so forget about it. - %choices = (); - } - - $line = ""; - } - - elsif ($line =~ /###$/) { - # The config program is waiting for an answer. - - # Is this a regular question? ("bla bla (OPTION_NAME) [Y/n/m/...] ") - if ($line =~ /(.*) \(([A-Za-z0-9_]+)\) \[(.*)\].*###$/) { - my $question = $1; my $name = $2; my $alts = $3; - my $answer = ""; - # Build everything as a module if possible. - $answer = "m" if $autoModules && $alts =~ qr{\A(\w/)+m/(\w/)*\?\z} && !($preferBuiltin && $alts =~ /Y/); - $answer = $answers{$name} if defined $answers{$name}; - print STDERR "QUESTION: $question, NAME: $name, ALTS: $alts, ANSWER: $answer\n" if $debug; - print OUT "$answer\n"; - die "repeated question: $question" if $prevQuestion && $prevQuestion eq $question && $name eq $prevName; - $prevQuestion = $question; - $prevName = $name; - } - - # Is this a choice? ("choice[1-N]: ") - elsif ($line =~ /choice\[(.*)\]: ###$/) { - my $answer = ""; - foreach my $name (keys %choices) { - $answer = $choices{$name} if ($answers{$name} || "") eq "y"; - } - print STDERR "CHOICE: $1, ANSWER: $answer\n" if $debug; - print OUT "$answer\n" if $1 =~ /-/; - } - - # Some questions lack the option name ("bla bla [Y/n/m/...] "). - elsif ($line =~ /(.*) \[(.*)\] ###$/) { - print OUT "\n"; - } - - else { - warn "don't know how to answer this question: $line\n"; - print OUT "\n"; - } - - $line = ""; - %choices = (); - } - } - - close IN; - waitpid $pid, 0; -} - -# Run `make config' several times to converge on the desired result. -# (Some options may only become available after other options are -# set in a previous run.) -runConfig; -runConfig; - -# Read the final .config file and check that our answers are in -# there. `make config' often overrides answers if later questions -# cause options to be selected. -my %config; -open CONFIG, "<$buildRoot/.config" or die "Could not read .config"; -while (<CONFIG>) { - chomp; - if (/^CONFIG_([A-Za-z0-9_]+)="(.*)"$/) { - # String options have double quotes, e.g. 'CONFIG_NLS_DEFAULT="utf8"' and allow escaping. - ($config{$1} = $2) =~ s/\\([\\"])/$1/g; - } elsif (/^CONFIG_([A-Za-z0-9_]+)=(.*)$/) { - $config{$1} = $2; - } elsif (/^# CONFIG_([A-Za-z0-9_]+) is not set$/) { - $config{$1} = "n"; - } -} -close CONFIG; - -my $ret = 0; -foreach my $name (sort (keys %answers)) { - my $f = $requiredAnswers{$name} && $ignoreConfigErrors ne "1" - ? sub { warn "error: " . $_[0]; $ret = -1; } : sub { warn "warning: " . $_[0]; }; - &$f("unused option: $name\n") unless defined $config{$name}; - &$f("option not set correctly: $name (wanted '$answers{$name}', got '$config{$name}')\n") - if $config{$name} && $config{$name} ne $answers{$name}; -} -exit $ret; diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix deleted file mode 100644 index 081cfcaa8b60..000000000000 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ /dev/null @@ -1,289 +0,0 @@ -{ buildPackages -, callPackage -, perl -, bison ? null -, flex ? null -, gmp ? null -, libmpc ? null -, mpfr ? null -, pahole -, lib -, stdenv -, rustc -, rustPlatform -, rust-bindgen -# testing -, emptyFile -, nixos -, nixosTests -}@args': - -let overridableKernel = -lib.makeOverridable ({ # The kernel source tarball. - src - -, # The kernel version. - version - -, # Allows overriding the default defconfig - defconfig ? null - -, # Legacy overrides to the intermediate kernel config, as string - extraConfig ? "" - - # Additional make flags passed to kbuild -, extraMakeFlags ? [] - -, # enables the options in ./common-config.nix; if `false` then only - # `structuredExtraConfig` is used - enableCommonConfig ? true - -, # kernel intermediate config overrides, as a set - structuredExtraConfig ? {} - -, # The version number used for the module directory - # If unspecified, this is determined automatically from the version. - modDirVersion ? null - -, # An attribute set whose attributes express the availability of - # certain features in this kernel. E.g. `{ia32Emulation = true;}' - # indicates a kernel that provides Intel wireless support. Used in - # NixOS to implement kernel-specific behaviour. - features ? {} - -, # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is - # automatically extended with extra per-version and per-config values. - randstructSeed ? "" - -, # A list of patches to apply to the kernel. Each element of this list - # should be an attribute set {name, patch} where `name' is a - # symbolic name and `patch' is the actual patch. The patch may - # optionally be compressed with gzip or bzip2. - kernelPatches ? [] -, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name != "pc" -, extraMeta ? {} - -, isZen ? false -, isLibre ? false -, isHardened ? false - -# easy overrides to stdenv.hostPlatform.linux-kernel members -, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules -, preferBuiltin ? stdenv.hostPlatform.linux-kernel.preferBuiltin or false -, kernelArch ? stdenv.hostPlatform.linuxArch -, kernelTests ? [] - -, stdenv ? args'.stdenv -, buildPackages ? args'.buildPackages - -, ... -}@args: - -# Note: this package is used for bootstrapping fetchurl, and thus -# cannot use fetchpatch! All mutable patches (generated by GitHub or -# cgit) that are needed here should be included directly in Nixpkgs as -# files. - -assert stdenv.isLinux; - -let - # Dirty hack to make sure that `version` & `src` have - # `<nixpkgs/pkgs/os-specific/linux/kernel/linux-x.y.nix>` as position - # when using `builtins.unsafeGetAttrPos`. - # - # This is to make sure that ofborg actually detects changes in the kernel derivation - # and pings all maintainers. - # - # For further context, see https://github.com/NixOS/nixpkgs/pull/143113#issuecomment-953319957 - basicArgs = builtins.removeAttrs - args - (lib.filter (x: ! (builtins.elem x [ "version" "pname" "src" ])) (lib.attrNames args)); - - # Combine the `features' attribute sets of all the kernel patches. - kernelFeatures = lib.foldr (x: y: (x.features or {}) // y) ({ - efiBootStub = true; - netfilterRPFilter = true; - ia32Emulation = true; - } // features) kernelPatches; - - commonStructuredConfig = import ./common-config.nix { - inherit lib stdenv version; - - features = kernelFeatures; # Ensure we know of all extra patches, etc. - }; - - intermediateNixConfig = configfile.moduleStructuredConfig.intermediateNixConfig - # extra config in legacy string format - + extraConfig - + stdenv.hostPlatform.linux-kernel.extraConfig or ""; - - structuredConfigFromPatches = - map ({extraStructuredConfig ? {}, ...}: {settings=extraStructuredConfig;}) kernelPatches; - - # appends kernel patches extraConfig - kernelConfigFun = baseConfigStr: - let - configFromPatches = - map ({extraConfig ? "", ...}: extraConfig) kernelPatches; - in lib.concatStringsSep "\n" ([baseConfigStr] ++ configFromPatches); - - withRust = ((configfile.moduleStructuredConfig.settings.RUST or {}).tristate or null) == "y"; - - configfile = stdenv.mkDerivation { - inherit ignoreConfigErrors autoModules preferBuiltin kernelArch extraMakeFlags; - pname = "linux-config"; - inherit version; - - generateConfig = ./generate-config.pl; - - kernelConfig = kernelConfigFun intermediateNixConfig; - passAsFile = [ "kernelConfig" ]; - - depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl gmp libmpc mpfr ] - ++ lib.optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ lib.optional (lib.versionAtLeast version "5.2") pahole - ++ lib.optionals withRust [ rust-bindgen rustc ] - ; - - RUST_LIB_SRC = lib.optionalString withRust rustPlatform.rustLibSrc; - - platformName = stdenv.hostPlatform.linux-kernel.name; - # e.g. "defconfig" - kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; - - makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags - ++ extraMakeFlags; - - postPatch = kernel.postPatch + '' - # Patch kconfig to print "###" after every question so that - # generate-config.pl from the generic builder can answer them. - sed -e '/fflush(stdout);/i\printf("###");' -i scripts/kconfig/conf.c - ''; - - preUnpack = kernel.preUnpack or ""; - - inherit (kernel) src patches; - - buildPhase = '' - export buildRoot="''${buildRoot:-build}" - export HOSTCC=$CC_FOR_BUILD - export HOSTCXX=$CXX_FOR_BUILD - export HOSTAR=$AR_FOR_BUILD - export HOSTLD=$LD_FOR_BUILD - - # Get a basic config file for later refinement with $generateConfig. - make $makeFlags \ - -C . O="$buildRoot" $kernelBaseConfig \ - ARCH=$kernelArch \ - HOSTCC=$HOSTCC HOSTCXX=$HOSTCXX HOSTAR=$HOSTAR HOSTLD=$HOSTLD \ - CC=$CC OBJCOPY=$OBJCOPY OBJDUMP=$OBJDUMP READELF=$READELF \ - $makeFlags - - # Create the config file. - echo "generating kernel configuration..." - ln -s "$kernelConfigPath" "$buildRoot/kernel-config" - DEBUG=1 ARCH=$kernelArch KERNEL_CONFIG="$buildRoot/kernel-config" AUTO_MODULES=$autoModules \ - PREFER_BUILTIN=$preferBuiltin BUILD_ROOT="$buildRoot" SRC=. MAKE_FLAGS="$makeFlags" \ - perl -w $generateConfig - ''; - - installPhase = "mv $buildRoot/.config $out"; - - enableParallelBuilding = true; - - passthru = rec { - module = import ../../../../nixos/modules/system/boot/kernel_config.nix; - # used also in apache - # { modules = [ { options = res.options; config = svc.config or svc; } ]; - # check = false; - # The result is a set of two attributes - moduleStructuredConfig = (lib.evalModules { - modules = [ - module - ] ++ lib.optionals enableCommonConfig [ - { settings = commonStructuredConfig; _file = "pkgs/os-specific/linux/kernel/common-config.nix"; } - ] ++ [ - { settings = structuredExtraConfig; _file = "structuredExtraConfig"; } - ] - ++ structuredConfigFromPatches - ; - }).config; - - structuredConfig = moduleStructuredConfig.settings; - }; - }; # end of configfile derivation - - kernel = (callPackage ./manual-config.nix { inherit lib stdenv buildPackages; }) (basicArgs // { - inherit kernelPatches randstructSeed extraMakeFlags extraMeta configfile modDirVersion; - pos = builtins.unsafeGetAttrPos "version" args; - - config = { - CONFIG_MODULES = "y"; - CONFIG_FW_LOADER = "m"; - CONFIG_RUST = if withRust then "y" else "n"; - }; - }); - -in -kernel.overrideAttrs (finalAttrs: previousAttrs: { - - passthru = previousAttrs.passthru or { } // basicArgs // { - features = kernelFeatures; - inherit commonStructuredConfig structuredExtraConfig extraMakeFlags isZen isHardened isLibre; - isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; - - # Adds dependencies needed to edit the config: - # nix-shell '<nixpkgs>' -A linux.configEnv --command 'make nconfig' - configEnv = kernel.overrideAttrs (old: { - nativeBuildInputs = old.nativeBuildInputs or [] ++ (with buildPackages; [ - pkg-config ncurses - ]); - }); - - tests = let - overridableKernel = finalAttrs.finalPackage // { - override = args: - lib.warn ( - "override is stubbed for NixOS kernel tests, not applying changes these arguments: " - + toString (lib.attrNames (lib.toFunction args { })) - ) overridableKernel; - }; - /* Certain arguments must be evaluated lazily; so that only the output(s) depend on them. - Original reproducer / simplified use case: - */ - versionDoesNotDependOnPatchesEtcNixOS = - builtins.seq - (nixos ({ config, pkgs, ... }: { - boot.kernelPatches = [ - (builtins.seq config.boot.kernelPackages.kernel.version { patch = pkgs.emptyFile; }) - ]; - })).config.boot.kernelPackages.kernel.outPath - emptyFile; - versionDoesNotDependOnPatchesEtc = - builtins.seq - (import ./generic.nix args' (args // ( - let explain = attrName: - '' - The ${attrName} attribute must be able to access the kernel.version attribute without an infinite recursion. - That means that the kernel attrset (attrNames) and the kernel.version attribute must not depend on the ${attrName} argument. - The fact that this exception is raised shows that such a dependency does exist. - This is a problem for the configurability of ${attrName} in version-aware logic such as that in NixOS. - Strictness can creep in through optional attributes, or assertions and warnings that run as part of code that shouldn't access what is checked. - ''; - in { - kernelPatches = throw (explain "kernelPatches"); - structuredExtraConfig = throw (explain "structuredExtraConfig"); - modDirVersion = throw (explain "modDirVersion"); - }))).version - emptyFile; - in [ - (nixosTests.kernel-generic.passthru.testsForKernel overridableKernel) - versionDoesNotDependOnPatchesEtc - # Disabled by default, because the infinite recursion is hard to understand. The other test's error is better and produces a shorter trace. - # versionDoesNotDependOnPatchesEtcNixOS - ] ++ kernelTests; - }; - -})); -in overridableKernel diff --git a/pkgs/os-specific/linux/kernel/gpio-utils.nix b/pkgs/os-specific/linux/kernel/gpio-utils.nix deleted file mode 100644 index 40e282bbf541..000000000000 --- a/pkgs/os-specific/linux/kernel/gpio-utils.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, stdenv, linux }: - -with lib; - -stdenv.mkDerivation { - pname = "gpio-utils"; - version = linux.version; - - inherit (linux) src makeFlags; - - preConfigure = '' - cd tools/gpio - ''; - - separateDebugInfo = true; - installFlags = [ "install" "DESTDIR=$(out)" "bindir=/bin" ]; - - meta = { - description = "Linux tools to inspect the gpiochip interface"; - maintainers = with maintainers; [ kwohlfahrt ]; - platforms = platforms.linux; - license = licenses.gpl2; - }; -} diff --git a/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc deleted file mode 100644 index 101ccfbf0f2b..000000000000 --- a/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc +++ /dev/null @@ -1,325 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQINBE64OEUBEADPS1v+zoCdKA6zyfUtVIaBoIwMhCibqurXi30tVoC9LgM6W1ve -HwPFukWq7DAS0mZUPE3mSV63JFLaTy0bY/6GO1D4wLdWZx4ppH7XKNCvKCbsi70k -UozFykNVf+83WEskuF1oYzXlF3aB5suz2IWJl7ey1EXgIpehwQaTJUA5JIWYFp9A -566LRNJefYMzUR33xc4dRKj6Etg0xdLVq7/vZoo8HpLCBGNWiP0AKqFWEwTg0xQL -7nsJA5tfJJdwAJvrzjpFsvb63PKG6waAtdHhON4q7E2Udak9fz2tRjxA5l9l2zXk -aqsysUzkxPhNjwMENoQ04KZg4aT+ZhhBzTowSWLp3KV2uaZ66kdPUO3s+/1bPp5/ -N/IlykaUwyL773iYOZ5dOY/9hIuX/zssihcrGEMW6yIyZR5uKhzYdaM9ExTXP637 -UccgNS9/pskPGPx/xK23NDCfeHzL9YHS5KokA2wb/b9hqpwvLaeblbMl2pt79F1R -ac+rZlrRyX3NvlTQP4hqM9Ei2YBAU7QFDJEjH8pVIceL7grxi1Ju1iD5QiSK+je5 -Jj5EAikfwSeAttSzsqNvaXJHfABrv5mkkVt1z3icP3HIHTYnG+uj+t8kvW+o9/1i -pD6e6LUh4w5v1aY9kaK/M3+eBH59yNYI99crPUKUBVfW4gv4DBUJAQTWRQARAQAB -tDVMZXZlbnRlIFBvbHlhayAoYW50aHJheHgpIDxsZXZlbnRlQGxldmVudGVwb2x5 -YWsubmV0PokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEF -AlSXU9QFCQfATw8ACgkQ/BtUfI2BcsjPbxAAs+UR/bJz/HeYTpPy+HnKwDJgI9GP -AZlNvp+QSIhOTtKCYkQ/Iu+5scY5J0Qyv0pcJW5Rxjx+l7KGovw84jzVznnYsJoy -UQ5H3Ev9T2xW1nrZT3abJ7j6ZIck+Q+WFHu5Plsq6doSXOXmJNoehvT3BVolvc6w -S1+CAoyA5Wm1yfocZgVOvWPWQaa1T4XA7OwxFWrvNWEZwAzTSjkGHkwmji+DxdBd -RPam9+qm/rcN1IJTu6xJPr38a9LydWonsUpTR2Qn7Bo4EJp8yHJLaiLEMV/Nmgrr -1orBYw/OzDzhbdMl+2zzwEBLUMPABdgnPM6ZCZ5PWyWnCU4jsBGyVd0IC5xEu3Eg -a0EtIdvx2lXiLfh2dulpMn52uJY5iNwaTleO+z9CENQVhh5R4FuN9H0BLiyAxf1+ -MkD3jLT+DGl02hQghtxz18iTkRk7KOw/NFn4z0is+TRl4/ocNt1LiWQXt8dr7qdx -zvUpDnxCSYZkeutzopo1TA4lKpnsS2mHabx6CbrUmF+wOIr8gHUfpBFeEQ8BHebU -5X0JrFF5mjeNl4uK9l9lD9ng74rsSpKPr15DU41jIuQDHJYd6H3TXQ4K1z7Ciivy -r4vgsruAFX/GduKseOx1obWW3GfIQzLAIuVdjldgREl61GWoLiGFqlcveiAIkN5p -Bxc20hSrHgZP9ZyIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GTK7AKC8Sd1ndNvc -1ispBaECbHT/JPfGrQCgvkfGBsFn/KBrgC5hTm0mSxdy942JAkEEEwECACsCGwMF -CQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOuD2qAhkBAAoJEPwbVHyN -gXLIXL4QAJtbs62EpOIFld0N+tTEFn1qQPPaExAXmH/RF5Epf+0rSS6B0OXEZBXz -cWtMPbHxoLjN1iY8o0QC1ex7/KDfYq8Ho18M9P+Lf6XfW0sJ9d021U5MJWGPs4zA -lNFXJqeMgfJZAno2N6dO/azcYHq1wmSgUbTb9Oyi1PHfn3g0UAW59dfkB8d2jEvY -Yed1X0mBPPXcbgnYNZ514JQtm9wuDdVWrh/Si9EhKg6+MPcbv18G4lpPGR+yNq9y -3Jze4vmmWen0ceDJEp06IAeTfJzzD80Oui2WXtLfaQxgf9uuZtGjrMX5l+mq7rBS -VH/dsHP1VYI0efKIs7qbmiLcMRVWYIGix9I1C3UYr3ImYiCGlBG/uQ929xbjWAHa -hy4W6rzruUWjyi/Kz7QRnyBgtHfhDO7hYziTr5hoGhd4VeUpcbxL+MegXFZsWJlE -kz8TOOsZ/4XxXHVoalg8fYOcA7j/aoszsPMQUOL/5jsVRhyP3evtVxb3m1EwvYDK -Lii4IkVxGztlBOIgeT4kwXgoJEASSZHgcd6tDv9q7o33n2I1DGL8X3axcHES2/C7 -cP+li3KL3Hc9vjgaJ9HfcQLuMcHqfoHn+YzVfbG5XeFcxhgQpwpYsZv3MTbXAQwI -fRHXRuIfOiFwqUXahi5N1WSIXNBGSyI7pu9ht5I7gIIOINE+VS7FiQJBBBMBAgAr -AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUNol8QUJA/yTqwAKCRD8 -G1R8jYFyyIqUD/9yWw7WBQiWyIMpVuX9c2Ov1fAkDya43fDm0gqIgNsdaxCt5ATh -XaXZ/p2jglWwon5jDLDNsVR0/Q/t8ugdcP3bcwRtW2YYQ2F1PaNjfr5WsuPEadyc -J62DIobY4IzqBpDuqGLYdbzZeKr49VwbRRvIJpphrk3+CekFvdIs1ofEpA2Kn2oA -DXfYuaWoVBF7fTwAZmc3hYPOI1jK7nrFZbCnAT4WZPzZ4IY9lsaNTF/4mQ8vV1xF -De6HjfslHURlZWsWtQIKhIPBKoZC1nP5VRK3IHYgKw8toq780kalLH8ofv9BkSrs -t98JOoJX4etdmE8Ta/+Wg5C9EzR+909tQfdWdkaRbhvbtl/x7X76HU4ItefLR5pW -d0OSo488QZMQjCUWlzgPMsmnYMQm6ckNOp0B/RtMfbJV7t5H+JE3PLfFG55jcz3w -uNGhfZyl/ZhV9fvGLU/sPyhIW7ewuIwd+7i12fH9r4NAGB/mkSKK+tHGcTZvXxux -5QMKE+a9u6NMJRrbsIiTFwhrCLMgzLYL0mtX8FZXNFFZzGFYkiXymBR0ze4LKzRo -dMFpyP/w/IIjYBhVpgboT2EMMIgJHSsMJDCdDjI+9cAykVF6ccSiUQ11devHL6Pv -WwlT2Ub4TP4yCScHDPyfWq+tfdQlWFVRZMRJ7kmq0VagqomdRHgLPyPgDYkCHAQQ -AQIABgUCUtgrXgAKCRBH1QFsQv98LACcEACFq3Oz8nHAa6KsyspIWo0+HjzCtTv0 -G6TB+svf3fl24C93IfFhpSyxNf8XVa9h9kCU5ZImYN+LaoUGiz3lcYxjdOeFYDc4 -GU5TFrJwY9eOYYCsr+z+NLn7wlLZEO772lGUDPJMWxSGqR9yOGhQCTIADLLcp6mt -07zdejESYxMT6IjYR+rX6miWG5Hr9/lBdh/X4XhGpHEY64IL8vVB3C+FQfG3hiMB -bHbvJ4/S/cjfNM1T9oKiA0H6jklRHIdstj+2eeWA7lS+GE3Mpkra+8KmkEjV4O03 -izcRpMm1yTGoTjp9UddTNYErb/sha5YigYAqK8bj3gh6tTFNJHbN4RWgtPDyc5Va -1u+sH2ob6JS5tez8/Z6pMarGpTQujIGAlntP4igi0Q4hxyLof6Vtc6XF80uSwTvN -RRmQrcq+kLPwX0NbyZCBCI+kjBPu2b932JDTfVBKwJCLF3e1zvQqN0C7EZnIzveX -r7VtJ4WHIfSyi/HQP7xm5L0uQj+KRr+/LMaxkCDgrlqoWTgAoxCAPYH1XCvBoJRc -DHjNikyEAS8WUGl9ZHQyAoFngi/jqH6WoDAmfBUKRoBMR2hXLOKUBmObw0DHgauM -kk4kD6CW4UEy0SM/i9JD7sk9KiKoHMip1jguKRJkHJ1WSkNl7nZpeo+KG0WbGHXN -b7hnrQsNyqJkUokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AC -GQEFAlLV0QIFCQXdHmsACgkQ/BtUfI2Bcsj8DA//b8wZrFY/Fj/iR5ZaO0AjmMV1 -hM7lAFWLfDiLyYofuiGLUg9rqFWj+Ks2kedVN7+22Bjgi5fvpXv3Uy4trZKKw8Xs -FJ/s8HQ6jzIv6pFdIYPLFQBqS2tEgfsanPZWIqJI9fbhOrRGN7WV5tXiksCaRO+u -rLjIhAYmsDb//BD2xqsY54ouRdrz5nRG3qG2odq2Lw8XquW6srouGaSm+BI3sow6 -l2eAW8UjbxwICQg2ZPZYCBc9ArbgLS1ha+yPhp65nGpVbqDA8rUKC11op1ArAbY3 -Yt6xzLg+RCuCHBa1gNPpDoYV9V8Zve03mEIcsK10X0RhJQ+z4INvrjtelPRCOLpN -179JmsyxwOzwAPg773SK1Z31jSirsiEke/q8j13PGNDBCb4ZKpm/KOht+4d0jJLK -GLqD85cv3/uAeSh2zWkoKcVW6uVZpiz3KA3i4YMWnteOlrlZH28nIrDXevPzkOxo -pZlhuLboCD6g6yuZI4Wm9fEiga8xmRDw4RrOIuDXWjNW6IVaeFGvnYaNf0wnmBD+ -FE1SMWwcmqgB1yIylmKqH0lYce8SVAMLkkOlaijhWrfCO5iS7zjWaVz98HCqFfwR -gHuJTxOwwlf9Qb6cyC3bGsfILBUuE0L5vUAZUAc61H+6Sv88CDDUO1EOKaqAAYhR -plvoyYZ3xiSMgzYKGZ+0OkxldmVudGUgUG9seWFrIChKYWJiZXIvWE1QUCBvbmx5 -KSA8YW50aHJheHhAamFiYmVyLmNjYy5kZT6JAj4EEwECACgCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheABQJUl1PaBQkHwE8PAAoJEPwbVHyNgXLIQokQAKxJB9/F -TfBae6eqcT+izxGSnsvbc2bcrtsmKkhu9HwpsJ4IDutphXFB0wFalI40BL0o1k54 -Wlfv5GHbq7Ju3kW2dmTMP0WpfFytV7rr2yqSmik+skJw27BDk74rP0v4TNOHaTrP -nokfTnlaKuv1bqlwbIwV7rJ5jbAtw5hueeN4jghGU8SGlCOEZ/xGxYYsvtyPhZhn -kmsAzcPr/BpW4NkSb2SnRIO8KzcPnzxz7JDdeIusq/YW7P5OlhDx4ejdh0Wg6ISl -zxB5VoqFqNuKTBQNz4HHpqDVQqEDE4JngMerDr+4qAiDYI4w6kN3Ce2LqciRyMVh -YYnTqyyjXYY3C1WwXIa1tZb2Cw2DorshNFdACr7wKQMOoJtAFpdd3d/DRKQWCc3x -jkBERqZ+55unTY0/0uyNPoK0noAcGydiU8WGh6wyi+Do+Zxq4QJEcqL/FHrhlaiw -LTmgDS+XDl7zRtQia7ykpi/xqe74ujOHcJO8tpY0ZCdR2A13xiOi+11wndbOkBFv -dQ0vgih9ROzwe3hBbBQQOdF4hkA9vEd2Ks4gF8IR+5ixWAIyZAVbnDiLelWgQgnE -aeEwTtfcXRNAxuj+MgMPQhXQ2/cK0dPD4z51DchVRIf9G3hAuBT/CEhTqNkkm5F0 -og7azwd75+vh5RxwVld3ES6CMXKaiV4csQkdiEYEEBECAAYFAk64PygACgkQvnQP -QT8iuxlligCeNgfNE4w1AQuOC4ef3HNNY0GXgVMAnjmtCVIUJv/w6PDimvf20rgF -GVHxiQI+BBMBAgAoBQJOuD0KAhsDBQkCHIcABgsJCAcDAgYVCAIJCgsEFgIDAQIe -AQIXgAAKCRD8G1R8jYFyyPv3D/wJ+sYXqSxoo8OriGMUzG5LXs2Hf1YULdlysGa8 -mxWTwCIEMSSx8AoOKf/FyXglDVl9msfOgv6jRiN+UyNCQEv+6a5ZCL7BlAVU0Q4W -w2/UUlOUlLMC1QAodGcC3kiPSy41jnDVswKYRrICuiW1Pqgad3h7u7caqvqG1D/A -YOR2Q8JjY15j6Qf62Xx+YANx2tPWKeDyPUAN/x1W6RrEDbN5F+1qOpPFuTnpPmqH -q4zxm4Dz4szypmAKsN+5/q8T6DJtSnP7COtsY467oX2XtNTTuCIsU79lBVo/yan9 -ofB6hu12KyXwJIl1OK34g9VEP5suU3hcEw7uVAvxyMYJQlxORUCG0DAFc/oPm3d0 -ypRdbxXJMjoS3pmCf7kwnEA9PIAjZDYuVHGZkAdmYYInTIH6ipjkVxDHEF1en0h2 -zHJEZC7NIYgPyzHXmH7Xy3VZVhhKKKM12VDOuIOOecQPuFIw3hG7dymjn5e9dMzv -+DMkbEZzoFahLYkbVGG1FGzhE6Uvb/IG0UJCC4nDz0pzZpV++QHvgEvbY/HLbHJ4 -o3CT5aVE0YIhTP+zqXNFMOao8yZy+AzdMzdX+Y3ADZfY0oiZ+JH1Zo++rdrgXUhg -Y98QgMwVwESbwaBKjsC0JnlmWyNivhIOS6NRyqR75E7j7JSvgJdxhvpQXXkQ/BzL -FM1Ej4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlDaJfoF -CQP8k6sACgkQ/BtUfI2BcsiEahAArZfD1yJK385eqgCZ5LryVLRXrocuF1zlHl/6 -ugRy2TEe43ex4eTOY+mv4ZJVSxbDzUqMbBv0m3IETbM0CSESjGD+i5I7K3IToZO9 -ZgIXDbpoy9x2KWjU+R5oaxCTmZ9jk1p+f4zHxc8lJdgOXPwcIIT5Euwk4LAFN+wn -CUHkO/D0xzP2ivTrM+VHNWqSUcNInAGRx+R0NvdSryIAsdA/5E3ql786WQhPy6L6 -1d7cmxaLsfAKIOf8ydNyoiqmJkT62omLLnqyERfLZRa9RKt5EgnxX6kR2BA+h/Gn -KVV18bCIJjF3Gjnh3qjJehKRaw9nmzrB9KtGQAHdIp8ivNvjMitc1ijRIECfidWd -lGxgmuI/gX58eaV3scjbs5YUFmGhcZIgjCxWWxFSwmzJTUVT5XqBpXFQB4dokj9m -NNMpM3YH8T9QaaS/m9j7cmCJ4gxp7i1bJsqsVG5BjRLiZv701eVKVmU6vqhubR0R -eSZghqho9e44ZMbn4rJ5kTQhGc7ZGNsIyChMSaYVreB8IBLDC7rg8dB/umg1OYOp -8EqRLJyXdtpa4DN3X0e4WcWb0Toj4QuyCh/es1CtBldhdqHr0aLZYCX4i/KuGTXI -kA8LTOJmZsE+K+/NCux1VHK9DADKcNjhSV0QTf+8ntGlNW6i2Mlt34thZK5eeB6W -Bbo1zl6JAhwEEAECAAYFAlLYK14ACgkQR9UBbEL/fCyyQBAA0931q8dBD/6COmat -8S+JSgcuIpylukFxU2vySBWSGRHFmFzwbokUE4bbNyutwNO2cNBa9zcxRPrkIg+7 -d65QjdZNDV2zWTjv5GwzEMjWxhP7VpTwTouYgx9j2d2KpFo2jfhTtZ7OU7DDF9YT -FsaRiZHHZT+W/JHuB9Lxc55HkSagu00yTaZURc0olBui5c/hqBte1b3OWTjCmysG -mwDL2FwdmFi9mbEm77sdD8PSVfkZaBv5rIaet+Xe/JMZoz0WUkZRCFXMr6B7aOdS -WeB7kUsPh2J5dhf4x4YaxKLOHod9JQF/DGJsdexKqMTqM/xOMSQ1FTUMCQ5SBWJc -3PywqMB/0eqlteHydlk7bb9HLCT3M6vVxTkpj834wGRsoVXPqWKzAHPpO2kjxXtc -4DBh7T88YGE2k5rxdJHb3MjWVJQzHGhrO5Ji8CQaHjUJ4BTyim++RDisDi4C/QJ4 -qPOrafw/+KyJoWyfmAUpxplPvY/LKJlvKaKxmpwlildYjH7HjoYvCjagbSCUOnzo -uM//YIJ8/o8QdxEDdYiTd7cwskYWphrAlV8+vCl/Y0lepRf+hsUS+uZi/NX4qYMx -CTsewnnqJQduuehQl9/RnoBX9T04kS64cWNaPZ4dxZUYJm3us5QFcQJMysZ4tT1Y -A0oEUX1KUTDzTQXT/kFi8MtmXauJAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheABQJS1dELBQkF3R5rAAoJEPwbVHyNgXLIV98P/jcu/DiP/muH2Qsy -FtjscyLu1NzBbSFB9q1jMVfx3VbaIT22Ly6BIQNHF7L2fpjf36EWpdJzpfR+Glp5 -1+KqZgIMAW5CGguSy8v7iHs6Rh5hzChiF48wCqxUmMdQ0ITTrnAXIYq6H6s8ytKF -Y31znXmne1XYBg8e4yb3pcBhkzIPeVU7rMz9PjPB0+Q2jWCpqPA4eUSV8rL2TxFR -KbEt8XlkZ6yuCLnkN84aLZFxfZA1tIGifi0PpeaO2z/IwOmftbQRiljMdnsPye49 -j4wlJS7yRIpnH3nH9Zku/MrDV/M0z7BVwKfF2F95/2QX4Tdyd/UESTdLqGtXpX4c -axahZKrOhNr+k60qSBxoBqKauZkSbZunRnbYmVa3nA2kQuIPF9/QmoZgDUfdkKZJ -u1RjwcRUGKd1XV19QjUvBMD3oHA4G6Jbi5vWKQZ40KVcL78YIL7C8dUOiPIasA45 -olaGpCSsGsfrMp5ngegxM+uh9Tc2kTFC9bTqp17VYI96cAqGrEBUQrmLmZLk0HUm -a6MNZO/+vKN4UTlgjpjxZon+/yK8bsmT/VNie5hzqZim6tfztl3rpJ9jPUeLgr5x -oGePYV02inapzNHdWFHk0L9zR/3KKfJ3IRJwUXp00Eya28hEepIvdxgLYcN1UqVn -VuFuMY8zYSl/VXtPxySCLENJHxvdtClMZXZlbnRlIFBvbHlhayA8bGV2ZW50ZUBs -ZXZlbnRlcG9seWFrLmRlPokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC -HgECF4AFAlSXU9oFCQfATw8ACgkQ/BtUfI2BcsiPxw//X2xUctIrd1O7UOk7LHBX -/xI7xXoWQcA7l/1XMuZhM8yC8yIoAgvFrWBP1a29I0P3/yigkQXs+eTDTdvb0QP2 -q72q7Azt852v5u8+dHzoOXDpbo+4lfX+0OBDWimwJuChD8LQH7b7jO0oqWIV0AzM -vegFJVp3cDbyqw08lBz3xZ79A9JtBeewf6PLpXKjEVS8bEAZjZKjsjAY+5ShtJAf -PsD8r353dmkaHgC5Aji74ijZeY3PUCvGVVCGeN9isLnRpTEn7qUvN2DfHJU4w6aw -sXu7m7zidISo6dQLUzo54dHKWPGFy6INNkzXPOgrlbYnjt7v0Ou21/R6HrhdmsSw -lt7GALJcgAUxrcT/ljB3SZhSB0BdH0DXPcUziEdfhgMhhrXYpMjwH2XFBD1MLusW -GaVDbpPrSoEnmPVePcDUonDHePcuLjfOl13mOER1Kf6WFapOCa+4HCLakfKcPnGY -eyfD7Dbz3/046MmfQ8/Iyf8ipFXN6tI2WkRKj8uq9IFYrX3yoCBxZJN837DM3Grq -h48/T3pYU1f9LiekxbsgXmcHoGNdXX5+EsuO+QILZPttlG5QLuqFdJHei77uvW+B -4u8mgzi1Zhh0hRLm4K6UaJ/fBJ87BZSHShPKI9PI073U1O/CcYXnb8cdPLu3UgSQ -FM/bxT70TSYKI01Dt4KXRfWIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GT9FAJ47 -X5+0dQaOFkfy3WnMgX3AmIXJYQCfR4XL47rZ9a66jWaD0IbcXMK4oE2JAj4EEwEC -ACgFAk64PJ4CGwMFCQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwb -VHyNgXLI2U8QAJGKPv1gWLn7P1KeHVsKkfRf+zgdsoY4mF3bUjX/03z1h1OKp+S7 -gZD/ZI80ckw/ElgFt9sr8J+pOgHk+aGHW+V0cZNgDHXCINb17s+Ra7SA/SWeJOrr -d4IpvTnjGc88C/j+bzRFagfnGXU601PeJdXIe6H75xVGIb0DgQBfPB9m+7p3sq/R -6UigzLwwhIQRW/l77hq79v5Rm77e0GTfcYHSuKu2Itim8p5OYCNchr4ZpBzrv5cF -/nH+HyD0AnM1q4a3mT9y4abNgtxJMGJBoIUEDT5vaTRpPowVHIGg9QroHkrYkMWA -ffIBzoq38WLnPjvjNtTncyP7sjbP8KS7NfjxZ6RAcNO6m6BTDYG/lM9jwCcOma90 -RZDVYD8hy+z1hXWFfB7zB+5TYuuKV5SXZpS9/JUR1BuI44WkY0hLHUa7inpqLlqc -b9O7KYikgyaeUKAN5LkF8A7rMVzuhrSItNzJVOs7WLnNAe9+Frzqx/jZ9aU04avS -r5OlWLdL7k9JNDnsLFqNtG/XQ7Hc8CPl0HvY3YXYGD3xwW6Ua6+ykxZGmQGPB68W -6a7G5EX+MEWKZgMQYsl1HgU49/sOD6QnCG3m2IB7bRAf5Kd527BnSgAaYHjVug8G -+X9opDwUW1b73Ut5tWfZJqQ4XBjl0Hc7Zi7OtlqdBeKGu/65QU+N9x33iQI+BBMB -AgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8 -G1R8jYFyyPv+D/9lA9yMXPBROLaCRab8Ca2QJBEtpT6lGVlkQ5Am2C8xdoLGiuJF -E7Cn/lS1j4RSVDK6DELeaBMXaY2g1eun8g2ERJIUGC98zrPjZXs/ZtCZtX8vYr1X -Bf9U8Ty6N3rKgt1XHc1oMgzkKLUc72RC+P/fkDsiAg62nVcmOFFykyTXnpM/5Ux/ -9kaahjf4LwGeRqkDIoLrXdZ7FHPjei8VlKSiHTkl4F+UCzEySxiInV+BWAhL5Lvb -zHxHaNDCquOb2zbgafVKON3oa8nCZoUw3iwpjrEy/JT+1BG6vxyT/LX7wPG3SKEw -8QTl8YBF8wvHS0JHW4KTc4grCMNWDwfkrlXnp6ZzTpy4JXZfYs/ltR4FH3atDG2C -xRCSAWXkGyTPMZkougdDbJ3jjViYcWO6B//LE1qDjeC05O9G3MXVxu16M5U8nVA2 -B3bo5cVv7+ECBTKaAvG3ZV6eOaeJ63gHRY8qI7y5OgzuNfxUXMTIAjHfO2mvSy5M -qFgDI10F8rYevGOKxvPVE1F8aiD1uRAOMCcLTy3oUKHIdaskSytL1D/bT9WqWzii -OXhLhSjMzkdPSUWVABeC6KM+Jcll0A0sHTkKWS3mavx3dUacB+O4efuTKNhSvo7n -XhUvSOOikRityipE5Ma5WlXBiu54DdIMGFzANHFdb5GmC7da9F1aALkshokCHAQQ -AQIABgUCUtgrXgAKCRBH1QFsQv98LMmaD/9W2qJyFlZAsjOWgNQPwUU4vV9/Ursj -kt4RI/oS0Gzovw2bmL0a+Q/dp6wM4PBMuYQXCepF8V+o4uKzL2OjVZDVtU/KqGCY -rEigiAhG0gHxgF1ukc9JQzhShFeq7/wkY+FQ4MOhuhuUsSMlvFzAd1hY+xlvckol -DEeS54loDspUh4EwxsWlopaA1rs5dzVXrYcinz9iDzLj6ujb6uJzCQVogk9w3dv8 -smKn81TVhtR4RFecqL9mURZcGnj7NV3n2Lrl2Pe0u/DiTtpavCkzVx7v9qiB/2Di -dqWR7OtYcywUr6lZeZsNabNwntPxSP7V6EcNXF3Qpi2IkAcwdJKb+aIG1v7/Wx77 -GhpBhbtdgKEebttzO4EVVeE8a2kmgqc8VXeAeqI89egU53dUdAinejFVDyemxHnJ -L4L6uVnSxbk/vRzu+fr6EaPyBsqORGXj2OuwxlWcnWs/N9XzNaiq6funedUSYtbP -trdpt7ogvzrQew7wetcwfxSB3IWcVwA9QvGDIBHTWPrb87jKV153w9I+cSfz9jg8 -qTIOw4qad7VOC4L1oaoRsLq6VFgnoW5DLsuhaVd6fgdY/byL6H5q2FPYJ+F8ovhR -2yPlQm8UYIFwmnwzpnuGBaPtU0bP7C+SNMK+G/9+b5q4psh1MnK8sg1RfSr1w7sw -b+Tur045QrUDu4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AF -AlLV0QsFCQXdHmsACgkQ/BtUfI2BcsitRA/7BbFuuAXPJMA4XtPhlYbfhNkYQ7+v -vx9HIZ1SgJfhpYwt/vbNTVclO79XD65v5JSWx+0gVJfHNolP5umB0++giIw9NCIx -uVa5eh3kS5NFfJ0YHrYgpFDdZPHRA9wI+oZgJBC/Cm40kafgTUoPFqXb0Sdlcz3R -hciLZBgYXV/uYubczfmAaJpmrVI1UuUWYrdPnmUkgitp9e6IePYiKVDeIGhBW8Bc -7Nbs2hc9yH1zwv3Affs8m+4tQQiwQHsB29WEZcmBuFllTbA5g5bvTvhfCRmYVgWC -Ti4SW+uA0B05a/aVP8fDXk82qCQ4cRB1BOwVNn+1/Aqcw+Zh8KKzH8gpPcsKGGP6 -uNg9uinuxYDneEY8cG7FSpm3XsXu4q4N6j5R63U6hz39pY/5Ib8mzYMEoLEZOLPu -CkVH9OOQc8zuiRL/wGc0pbMiGPEp13rAI0WbIFahrWS60bwtM1YEM5Ep8vD3TLl1 -pTWlF/zWpM/uJ6n/4nDXGQsGzKQn5D5Nsu7+55C0du0d1VRvYd8oG3AaNqhtM46V -C4eOqxH8XZtkJ3WMxhsHnV9acuDTpn5E5JKL7vEq0btN2UQ69lpKv7PmV/TgOJhf -KKvHZ0dh6KYY7iKW7NUCouLGibBoxDa+K4reh0i0M5UcsNiPkCqDIHUAIxW6FrvQ -xBr7NgCls+B9Kwu0JExldmVudGUgUG9seWFrIDxaM3IwLjB4MDBAZ21haWwuY29t -PokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlSXU9oFCQfA -Tw8ACgkQ/BtUfI2Bcsg4cw/5Af5/cxr5s8qiPvcGDglJyzFj8VBk0d7hpgdxcOi3 -VCOJY4YRoliu8WKThwxt7sD03fSZurFDDx+X27y3zPtgH/qBohmcr51jbSNom4mH -Gf8gpViFqbQlFh7tYz4kSQExgmpFx/FIaxmwFoEqiVrp6VpM2DZ6kg//4M+Ka2Mt -nuzV3C631A0eoMCJhPWPTgkGGknURvzhw6m2aGFWC/HE1yzf7Ej7fQeaqIxIG4Wy -Fk3lMV9rxMxGuUZTqIhvcU85JSriHowfX1VsAI2LXJYQ9c0jI737FcLwHv8VCa5s -NKDkLkb5S83/4Ep8e9M+a7u4WvkAqzmPfSna7bLxdsTS5gKGqEtMvMP2YGWWQxSR -GRSttiMmIC8Cnd45S8cASA2mR/ebNcrYOpa48cjYpBKDG2BIYU7oSLNulsM1qbxL -WJ0QM/g7iKHcrXhyIBaI22GS9hvmYcS960cox9oPCvNZcOKA6FBklnUg/ReJ3JTj -6D6v9SUxOOfXPQIon8EzB7BNKGedHxCFgniZnl10k+pP34YGyphMZTYGdhtAm6zq -T7PlraHQaFgQ3ba78lJcn3cWVZYpbCNJiH+Nna/Akm3/qQKTst3eW1lqopffCs1m -F6G6wjiHCw2bio5uX1c/gDr4Peh0E28heAqKopjultPXPZbSZL4D3fJIGP2j6e1B -wvmIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GcYrAKCgKW+qFwbMNeh4ikFg9fJx -4/lH9wCdGevT7dwBzPe6L+aWZxipEXYmjx6JAj4EEwECACgFAk64PN0CGwMFCQIc -hwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwbVHyNgXLIThYP/AnoLpQl -whEEKaIhOSOKXegfdUHK6cL4cHRACzRIbBk/S4G2Vg/bnUW8tvWZDQLZ3CGL8Z0F -tNQ6GusUxt7mcYdSj7xynbi7bZiurgYp7B7hh1hVG3pAXEwlDnJgfoc0YZHrHZwt -HnNVYOfGEQF4zyplmUUxDyp/ZMYcXMr3PVJkYBJhYKCHOkMUtzzNjSSginaqZY1p -fgbP+Gou/9qgotkYiH84oUG9yTSKLIO5x0WzQYuoPNJyOdSHaLPfEqCC435vCYT5 -YLZB1YI5xzQiGsAL//cUCe267oiFmO9Ioky/azeX1Ouy2DH8uEDQPQFTJYXt3CbL -i10HkoBWdmncPC6+b0IJjDUo8Iv4yk0xFt2/DGkGK3h6jJxJ9pzx5KBT46iLfU50 -iTWMTguXn9ud/UJV0MpKgKjvO9hB4fae60n2UootknzEw6Y5W55PfGkT14WcrGGo -WHLSbpR6+gA9apU1cdoOC8nXlf3Eb2No6LP3X7RJXqiRsdP0s6QXkZGfR/qyNXI9 -S5j6wIyqNFU0cX21UgI9oJSKEKIKEFacgyD9za0gswEI+DZr8/p3cJE89ZX8ySgO -FG148wgaakTNGyGwR6aogGZ8IAHc83bnwGCgTeK6ZPSKNLSE/sImcTOrxIN1/x39 -r8o0TxuZjqFH+zKWfpdHX+sJLyi8Gs29CsUhiQI+BBMBAgAoAhsDBgsJCAcDAgYV -CAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8G1R8jYFyyLl/EACG6QRV -kKVBoI2Ycr4UISk2+gCD2r4xSK/QLEhDFcZRgMctvPVnhod3uJOsMGJCk3aPGu91 -Jtwuj0CkeURa/cVzOjC+f7baveTuWQaAqW+r70m6F4gYHU0aDD/uQ75rTCcrsmt2 -pnZCyA9jLJxQGG11AvbOcV+7K7BuIvXs4iAactZ0hRvDVuGXuup2LnUbxyBU2oj7 -OWCXKTpZcJ0KGTWapMf8ClYYsEgS0wvMWotJzAov7ijkoP2DyEQVOPTnGWcfjsTk -QgbyqiFeBl+3IT4+xSzkPsd75dCYhsHBvCoT8cfUH4wvDXzU2CwpC1CDfHit6Hw5 -UigvZ8HXyn00Bm0UjLHGW+haS3kyOoz+z09gVFYd33cpjSnFr5is8ZMBPW31PE15 -q9/l6G/o6OGJCtOax3Yi6ttqn+KbDXIooZoRPZlayOSghyjoD40+ErevmqZPfJ3E -o1kHz62B1YpoXmhUm2Ihf2SbjWJRaW9Hp2nd81kAAXjr+8k4yvOuHxwYPFnpBjfV -cfYNQ3Zf5xF4nfszFuZMc5JYrIR3EYVgEk+n8VpulAqd0rXUEODwGy7rPjdxLY7w -DhUEZMQN3xweIb4vjPDBb0Ax3ACyfWKIdT0kC3rGOy9xyCzxWO2CjHMjrbxy4jL7 -B0WIQ5fpRcV2+wozs2WYgJKVKJgJZGYsW8dDLYkCHAQQAQIABgUCUtgrXgAKCRBH -1QFsQv98LIX0EADVefJUEMGKiTFLwUmWNF2X4oCzEZEMsQ6NliiQFvtNkKrT+OzZ -zggxfINUr0XEKgjjoGZ03Hmm7xAFc1Y51QZEr25H18PuSixz2YSHPqYwwVgLUh0v -u2AqaP0mQckssK+ZAQVvoZ7ZOI22ZXIZ6CPEPY6aJawHov8Strlm8oTbFgLfZ5Wo -3NCxMkkq3NFNHuwesccelNPefgnFZWhwr1mkUeX+rCAbQF/QHYEAi7KjfKyY+XKs -ccjYS+RWxpte21ejngp7pRYli3M8cZoaWKCzLTrD8gKztlo3op9Zc2+hjOY9gZtG -CaXkN8lchJ1yMyWju61ZO++AJq6S2OdBVxgsj9xPm+x91RbZRHQmUuq8mefUzaEm -NHE29udVFfuV//Fpabi04IrOuabkrSvP27eX9FT1y25tKFHuJdL5fDUFGnNnTvcR -X51lJmvnuIKJQ+Lthup7npS0L06+dPIDoqyxF8hmdu3RtwEsvkboPaxx5XTB5d8y -3wzBFWd4ePwBIumrY1YHSzdJCvyyLRXZbSOsHXgZfhfQ1LVgxxebP7E+stWqGLLC -Fry0WGG8f/UUgVr1QpluT6NjioUnuI/ZmKR/aKewqVYWAnr54fF+np4VdxPfYwci -lpbXpkamORZqPfq/nyoWgnp+y4AptDdDkSWnFxfcJ1wnFFcrHVUSFQ1wBYkCPgQT -AQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlLV0QsFCQXdHmsACgkQ -/BtUfI2BcsjV6w/9Fe1+3Mc6wG3R9VbxiYo13/JV4t+tA9/tcJ1R/Y96eAqVajoK -c2ZQ7FrimmlzvLIvxpH4Z76h3NmPWfOQ6qEumZQ5BM3QwBfQQ3Tmj10gfiL5vOZJ -6dUaJjwXgjz0Qyk1G3gw7K1xmtnXgBPyGT9T9q3OAhHHdV2b6xS9dWoNKhUV8GUn -HfIKwq+87aZqexjFE7ubZdOAe+5nrqnlMEfJKgDjXbazES9IYvPQiSjwR3xaIPOa -ma5WfQV0SHg3Vkhtv2PjuoYWNfNy17N7u+dfg7nAtKLIQCPht45uKk66BYWYBoDI -VQfg6zcFLpdNcFzzwmgrYRZvEvBf5aSG3KFD7UReT0695/lHheRxEAA3thsx8gaM -CCavtVxbVUluEfYZ7TgXLMuIO9OBKhi7MwB3iL5qacrNShMB+1J5FxieJBmWXdla -+kCdCdS+9kIZH+mnQ8daGEJ5R9mNcVwcWasI0o9NObqIZwhKw4obrC5Q7m2NfXL6 -FUScfA7yn7+/icdQB9fH2ZXGJVuNm1b8OBN6Nbz0QauaCystWzKXKwpVb/5M623v -Vw75RfnqCFiAf4tX58nL/QalJc4C0E+TvQ2pXC47VQvHmiAB31vKvU0nbo+lzi64 -hAPWJnhr2pmTvglquTFzLwEsWfO4zDtUwFo8KM1XFsonaoX5UzGTXPmIN5+0J0xl -dmVudGUgUG9seWFrIDxhbnRocmF4eEBhcmNobGludXgub3JnPokCPwQTAQIAKQIb -AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJUl1PbBQkHwE8PAAoJEPwbVHyN -gXLIdGAP/0ch1NeFyXWszqA5ow+itBn6iyUaplXB5I56Q77cTIFB6LqJ5+2kdUuO -UqPvOilGS3dxbyDsSdWDLs+bHRFG4uqZyGUDhmu2mvS+uDqPFwcKJUNDlgdccxph -sA5HJFGg1ca0TWWg8vjwANdU4sL9Ujbaw93v0Mx/1+aSIxyEJBNxc6DJWEfCjpSy -R9JB8WTHgvxEAImVNsT1OGNTvd2DN+17WBhxBktLHDocIGJ/fttzFgKkv6NTPwt+ -y4QyP3UgeYRZR21B6MVckk2/UuCuCY7gAGruTFVoINa/Wqn2YPPZhJYrTX7ysDaV -QLObxlepeo0UWC7wFEiuqu5OM75MWLUX8j/1OAIE6my85vrlcWSf0Z3jOAgPTjJw -VT5h7T/7NPP2azoIlOE2bh5UcKXFkT0xDYPcMr2hV2Ih+jU+Ygiyg/1yIIxearmm -PFjfIHMLepa+7RPtTlHwu4fpNPXzL13W6PXSoCTTi/suGlYmSyLtOwxq15GGT3vg -1Xh8wfkuWwbWJnBKXtt8HkteQRgDngDnRSJwsO2nnQ7+sr+F8J3rQDdlVdVcolic -ekup8ZgSjJYinfcpF+H+qy2kK2jOYyyHI/+zHQtwy1R7MbLwPJe7WNWrBmEvmazB -2//Iu5EVIfFX3flPjeRQbKX4B/SuXF48uo0/8WfdgaMW8glRWJnbiQI/BBMBAgAp -BQJUSwOnAhsDBQkF3R5rBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ/BtU -fI2Bcsj5ihAAg0d0A8OUsNWG7TiPQTuC/D4e/5JTkJARmQ5xO6gMPxTpjSZCyWEl -7gQOg/liU8nz5HZGaJgg4HuBwTs6euqdnVi6zhW1c1wye2thGTQ7DeSPJnhju3Qe -mPS1jEdC34lXCo6eGjdKnGb7TV7hkptHKHh7XCU9n6qcXQ2cNQQbdqSCRsfVm1XD -+p+mM/FGOz8uFOrhERAUl99WkVZ4NKTdws8U6FXulbdWrWwI4eRggIdwI/Tl7zuy -ja7KxBCCeJ/gFY6g+iOYmIo6//bJITgmAG60hFHJ9JigcN6xglYFI28TCdNqM0+C -hgbZUner0vLmaxRNoXqV9Xw8ihNMQa7fUFYkX8VrXOdLdVvee7OaeLuWWE8x6usQ -NzgLDQQx9fmxtrQY+dC6Y25IPMm094z0nrbM1wtfG2+8Vw4mQ2U099fT5t3Yl7fE -PlanhgQxRZE78PxezyYxms4HV+wqvrhlBzFnWAd6H27uDPfUfO9cLgbmFTUlwFhg -gsDeIFRFx8+h4/0xAIPqUODmTiN0mj5sLRW7zvqZW6zhsGIMdPd+IkhHiGjeJqme -Ai0iOjpV3tRteoW51/+/ajPmyUBbvOxiFJNADHH2NvqoBMU1pkTvpc7Wy+2J9VcF -4TFdWBbwjU8BoC3ZgixTrT0zCSwabnKriglOhA5Ik/n5HsR7S76V13y0KExldmVu -dGUgUG9seWFrIDxhbnRocmF4eEBoYW1idXJnLmNjYy5kZT6JAj0EEwEIACcFAlSX -VHICGwMFCQfATw8FCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ/BtUfI2Bcsia -Wg//SKLFNUTEBQG11cV/AljxmI2s8y+cPKs3VqlwEjiuRMu4DRkFVaZNEuPq0b8q -8pwcHIJ5/nZvOticm9M/g7TrTp3pOxmSYf7WG31vVrprig22dz8WxQAy76srNn1z -stg0TFO7nKNVjZOFz5D0RpWazwnXyDed3l2/7RZ1CMv7ue/rZez8FnDHN7Di3daX -AJ5XkvDAsD6AITYQd+4XEbh2rt9p8G6qUUjwzoVU/aGVgo1CGZydYMJQVccNL7kv -fumnwkAED8u9j0ZI+xfaD3c1rP98bnqk9u8rJPCAeIkA4ppisDb7noz0NaO7dDyM -ywBK4OR478fw5h7GfiIwZdVAHkCoEHNvF1ON8JnYgyplLvZvxZ0dtYGDYDiFdORN -gVgGMU12kemPws4hEx3WMgUu/BBkF58XyQyqcwt7q+WGI2lQ88UzZ/FAsu8i8r/J -jkV8FsiCJ2rSHEMddmOHoaTM+6oB2i9kZo7KmToSZu7DxuemlHpuOO3kG/iRga2y -NeancRJwbxgZhNGBbhrA/7k5UOcXkmfW74oBkbCci0ncVhHu12dsJXhk+eprkOXv -nD1vEIeuzL4V/SMDar3SxFlfLFwQk4cn9+pdeP3LxwHKBn74pABsbEBhEY4IjUEL -YOTEVoP6s+Ou1NcLxFl3elmniwL2+GV5rDM8pctkKNemtZa5Ag0ETrg4RQEQALfu -qEihKS+DTVlWUujzSq5zK/5oQ1ZL8AiTUTZuVtrRWCq0HE8tWaVxEP3Vt9FCo7yF -afXigokChzHOgzczg80tctrlv+vbFyaZnjGQH20Nlz8EnZP102zudx/RdFXG/up8 -PX50Eck2lH+IvvosMLdvrZTkFJ4SgqMGSoAgMhJHZdZB5N0y8yPPAjcEnSXp8L2A -mo9e0egCrEuqBrCZld00nIoipyDlYNZkLjPf0JRgFPO/AWWgBZLvLlteLu0emq8N -96bT3QTdXpRVPM0qeX94+2gIj+0V1uQ9+k5Xkslbbii9TnOzMnLRO6dBAONVTTb3 -ajzdXK71iv2a8Y9lKShxhYWP9JNOFlXkAp+ZoD7EZex4dgu6giV3PrTDJLyWSu41 -WfqOz6cJGpJSTacrenC542ynAaSVKXH+1plqB9kq/M7HtE/P4GveQXIVT9Sho394 -4hwkuETo20KwCgFPMmiNaBysnOykIcDsDutBOyygdovzdGEyHVsM8/kz007QFgJf -hKy91H6O/Cg7VH+yaUKllRZ+kFsoSy8/E0IqLzqBHG3sUGM6lJ0Q9fgSnpzIZsdE -jRhczNCvlovGLa/kBHcEUWQ2zrjnfjsLkxvamKJ8N6LLIXIDRv5dE2smpdi3oiVg -XdOKshyXB+obhRFlWtirK4udX5yYzUpcB0zBoo1hABEBAAGJAiUEGAECAA8CGwwF -AlSXVAEFCQfATzwACgkQ/BtUfI2Bcsj0Tw//dyDYwcnh0BIb+nDCXFC91KiPUILa -f+wI5w6c9YYEo6TR89q6Wsq8EDiqcqSJcztuNvw3MZGHWA25nNB/0046CGM/tUBd -Jyudd3TxQBi6XMMSTbG1EMtSN1UMV4guuUfYcAGW38oZ+YJACCBFFz/Kt0aa/hhi -/hBNyvI73vZfQ/fsScFDewkxikUEspRsLVmX6gaEmumOxOhJP3HBoxeBCM4Z3IXo -dON2SiiMxt9BPIPJOyKNkFQGQ3dqJIag3GnsZ1s0CEoi8iqF7uS4RjC7uOJtvn74 -CODxg1Ibl1IweyAuBEA80wUh9DGLAdRJpxWy1B2fDhIROvpcg0R5p6j9UX0b0esc -jKLQEiE1wRswjXhWpZhe7Pjl38KhwqMyaeR3OnDtP7JXazIG6HiBIp4cx4k5A2TT -X+LhvG3NHCeuxIyjLTRTWgv241kf7uAu+qgjHDSKXQqpjvo+cUYQgSxQZZXnmlz0 -sz/tEeiWl+i8kW/RNKQvNNR8ghWDW3YRak/zS+WFNoLZchecIzMj+je1vSg411o4 -Xd3LHDur6boCetaq7ZkqoS+NcX9n8MnKhHKYJblvXyc1h67s90+wSwhlumA8WqlM -yqn99m13aF8GuGZbw5B2/x/Cd7WW5wZV6ioola/yqDXB1XtDFBy2Hxr/VMRlE3Cu -kekzzVjVTZxOgZE= -=yRuG ------END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix deleted file mode 100644 index d687366dbe2f..000000000000 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ /dev/null @@ -1,133 +0,0 @@ -# Based on recommendations from: -# http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Recommended_settings -# https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project -# -# Dangerous features that can be permanently (for the boot session) disabled at -# boot via sysctl or kernel cmdline are left enabled here, for improved -# flexibility. -# -# See also <nixos/modules/profiles/hardened.nix> - -{ stdenv, lib, version }: - -with lib; -with lib.kernel; -with (lib.kernel.whenHelpers version); - -assert (versionAtLeast version "4.9"); - -{ - # Report BUG() conditions and kill the offending process. - BUG = yes; - - # Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n - # conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter - # implicitly marks LSM hooks read-only after init. - # - # SELinux can only be disabled at boot via selinux=0 - # - # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the - # config builder fails to detect that it has indeed been unset. - SECURITY_SELINUX_DISABLE = whenOlder "6.4" no; # On 6.4: error: unused option: SECURITY_SELINUX_DISABLE - SECURITY_WRITABLE_HOOKS = option no; - - STRICT_KERNEL_RWX = yes; - - # Perform additional validation of commonly targeted structures. - DEBUG_CREDENTIALS = whenOlder "6.6" yes; - DEBUG_NOTIFIERS = yes; - DEBUG_PI_LIST = whenOlder "5.2" yes; # doesn't BUG() - DEBUG_PLIST = whenAtLeast "5.2" yes; - DEBUG_SG = yes; - DEBUG_VIRTUAL = yes; - SCHED_STACK_END_CHECK = yes; - - REFCOUNT_FULL = whenOlder "5.4.208" yes; - - # tell EFI to wipe memory during reset - # https://lwn.net/Articles/730006/ - RESET_ATTACK_MITIGATION = yes; - - # restricts loading of line disciplines via TIOCSETD ioctl to CAP_SYS_MODULE - CONFIG_LDISC_AUTOLOAD = option no; - - # Randomize page allocator when page_alloc.shuffle=1 - SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; - - # Wipe higher-level memory allocations on free() with page_poison=1 - PAGE_POISONING = yes; - PAGE_POISONING_NO_SANITY = whenOlder "5.11" yes; - PAGE_POISONING_ZERO = whenOlder "5.11" yes; - - # Enable init_on_alloc and init_on_free by default - INIT_ON_ALLOC_DEFAULT_ON = whenAtLeast "5.3" yes; - INIT_ON_FREE_DEFAULT_ON = whenAtLeast "5.3" yes; - - # Wipe all caller-used registers on exit from a function - ZERO_CALL_USED_REGS = whenAtLeast "5.15" yes; - - # Enable the SafeSetId LSM - SECURITY_SAFESETID = whenAtLeast "5.1" yes; - - # Reboot devices immediately if kernel experiences an Oops. - PANIC_TIMEOUT = freeform "-1"; - - GCC_PLUGINS = yes; # Enable gcc plugin options - # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. - GCC_PLUGIN_LATENT_ENTROPY = yes; - - GCC_PLUGIN_STRUCTLEAK = option yes; # A port of the PaX structleak plugin - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = option yes; # Also cover structs passed by address - GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin - GCC_PLUGIN_RANDSTRUCT = whenOlder "5.19" yes; # A port of the PaX randstruct plugin - GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenOlder "5.19" yes; - - # Runtime undefined behaviour checks - # https://www.kernel.org/doc/html/latest/dev-tools/ubsan.html - # https://developers.redhat.com/blog/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan - UBSAN = yes; - UBSAN_TRAP = whenAtLeast "5.7" yes; - UBSAN_BOUNDS = whenAtLeast "5.7" yes; - UBSAN_SANITIZE_ALL = whenOlder "6.9" yes; - UBSAN_LOCAL_BOUNDS = option yes; # clang only - CFI_CLANG = option yes; # clang only Control Flow Integrity since 6.1 - - # Same as GCC_PLUGIN_RANDSTRUCT*, but has been renamed to `RANDSTRUCT*` in 5.19. - RANDSTRUCT = whenAtLeast "5.19" yes; - RANDSTRUCT_PERFORMANCE = whenAtLeast "5.19" yes; - - # Disable various dangerous settings - ACPI_CUSTOM_METHOD = whenOlder "6.9" no; # Allows writing directly to physical memory - PROC_KCORE = no; # Exposes kernel text image layout - INET_DIAG = no; # Has been used for heap based attacks in the past - - # INET_DIAG=n causes the following options to not exist anymore, but since they are defined in common-config.nix, - # make them optional - INET_DIAG_DESTROY = option no; - INET_RAW_DIAG = option no; - INET_TCP_DIAG = option no; - INET_UDP_DIAG = option no; - INET_MPTCP_DIAG = option no; - - # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. - CC_STACKPROTECTOR_REGULAR = lib.mkForce (whenOlder "4.18" no); - CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; - - # Detect out-of-bound reads/writes and use-after-free - KFENCE = whenAtLeast "5.12" yes; - - # CONFIG_DEVMEM=n causes these to not exist anymore. - STRICT_DEVMEM = option no; - IO_STRICT_DEVMEM = option no; - - # stricter IOMMU TLB invalidation - IOMMU_DEFAULT_DMA_STRICT = option yes; - IOMMU_DEFAULT_DMA_LAZY = option no; - - # not needed for less than a decade old glibc versions - LEGACY_VSYSCALL_NONE = yes; - - # Straight-Line-Speculation - # https://lwn.net/Articles/877845/ - SLS = option yes; -} diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json deleted file mode 100644 index 62f1fcdda20c..000000000000 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "4.19": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-4.19.315-hardened1.patch", - "sha256": "1w17mwsv618pw5bkahmz6in0i5zjjxd3d14gggafqdd3dgfr1h8q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.315-hardened1/linux-hardened-4.19.315-hardened1.patch" - }, - "sha256": "1j1j8awy0237jp2r211qpa305c10y7rlcbkxkzdvzbgyhwy4spkc", - "version": "4.19.315" - }, - "5.10": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-5.10.218-hardened1.patch", - "sha256": "1ah4pznha17ngg3w7l0j74h4910gjv8qj503adrap7plvapf82m4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.218-hardened1/linux-hardened-5.10.218-hardened1.patch" - }, - "sha256": "1mmj5hwm5i16gc1y4nzr1cs882vi6vrihrincdcivv63x11v4dlw", - "version": "5.10.218" - }, - "5.15": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-5.15.160-hardened1.patch", - "sha256": "1r10ylx886rslsmrixlijjm4crhwzkl3wj6kpyn2344qik1gxpqr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.160-hardened1/linux-hardened-5.15.160-hardened1.patch" - }, - "sha256": "018v19a7rhzc4szybzzn86jlnk42x7jm6xkadfd2d3xq6f7727pl", - "version": "5.15.160" - }, - "5.4": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-5.4.277-hardened1.patch", - "sha256": "1zjw5wl8lj69j402qm8dg3m4dxgq3ppx2jyz8jks976vyhh8fsg4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.277-hardened1/linux-hardened-5.4.277-hardened1.patch" - }, - "sha256": "0l8zq3k07hdprfpvw69ykkf2pdg8wiv28xz733yxsjcfb0l5n7vy", - "version": "5.4.277" - }, - "6.1": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.1.92-hardened1.patch", - "sha256": "0cw87ygmisi823y3f7xrck12b6zh3mq1qmb7lcmr3hg6w3xskmn3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.92-hardened1/linux-hardened-6.1.92-hardened1.patch" - }, - "sha256": "1j9n8gk76nn4gw42iba5zgghr360gb9n1mslr5dyv76wpwkz86ch", - "version": "6.1.92" - }, - "6.6": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.6.32-hardened1.patch", - "sha256": "19362a6lxs3cnaw19jvda7n791y95lfgn9ki4wmaxnw2qbpi0bgg", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.32-hardened1/linux-hardened-6.6.32-hardened1.patch" - }, - "sha256": "1qbc8dqmk2xs1cz968rysw5xvhq3lj8g0pxp48fr2qbzy3m29a5a", - "version": "6.6.32" - }, - "6.8": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.8.11-hardened1.patch", - "sha256": "08i03dmri9h6jxcjd9g6s7pv0spqi3f4fgch1ars68cgngikvbpq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.8.11-hardened1/linux-hardened-6.8.11-hardened1.patch" - }, - "sha256": "1di8kr596sf68sm61kp5rz6bn3sb0q5ag1qc5hm8f9dpyq4wv3dp", - "version": "6.8.11" - }, - "6.9": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.9.2-hardened1.patch", - "sha256": "0ph1m0pnlqrhvddz2mjgcwvs0ddcpzigz8kgi9zi063qinlfbm3q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.9.2-hardened1/linux-hardened-6.9.2-hardened1.patch" - }, - "sha256": "1yg5j284y1gz7zwxjz2abvlnas259m1y1vzd9lmcqqar5kgmnv6l", - "version": "6.9.2" - } -} diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py deleted file mode 100755 index 1e34ca209aa9..000000000000 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ /dev/null @@ -1,306 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python -p "python3.withPackages (ps: [ps.pygithub ps.packaging])" git gnupg - -# This is automatically called by ../update.sh. - -from __future__ import annotations - -import json -import os -import re -import subprocess -import sys -from dataclasses import dataclass -from pathlib import Path -from tempfile import TemporaryDirectory -from typing import ( - Dict, - Iterator, - List, - Optional, - Sequence, - Tuple, - TypedDict, - Union, -) - -from github import Github -from github.GitRelease import GitRelease - -from packaging.version import parse as parse_version, Version - -VersionComponent = Union[int, str] -Version = List[VersionComponent] - - -PatchData = TypedDict("PatchData", {"name": str, "url": str, "sha256": str, "extra": str}) -Patch = TypedDict("Patch", { - "patch": PatchData, - "version": str, - "sha256": str, -}) - - -def read_min_kernel_branch() -> List[str]: - with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as f: - return list(parse_version(sorted(json.load(f).keys())[0]).release) - - -@dataclass -class ReleaseInfo: - version: Version - release: GitRelease - - -HERE = Path(__file__).resolve().parent -NIXPKGS_KERNEL_PATH = HERE.parent -NIXPKGS_PATH = HERE.parents[4] -HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" -HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" -HARDENED_PATCHES_PATH = HERE / "patches.json" -MIN_KERNEL_VERSION: Version = read_min_kernel_branch() - - -def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: - try: - return subprocess.run( - args, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - encoding="utf-8", - ) - except subprocess.CalledProcessError as err: - print( - f"error: `{err.cmd}` failed unexpectedly\n" - f"status code: {err.returncode}\n" - f"stdout:\n{err.stdout.strip()}\n" - f"stderr:\n{err.stderr.strip()}", - file=sys.stderr, - ) - sys.exit(1) - - -def nix_prefetch_url(url: str) -> Tuple[str, Path]: - output = run("nix-prefetch-url", "--print-path", url).stdout - sha256, path = output.strip().split("\n") - return sha256, Path(path) - - -def verify_openpgp_signature( - *, name: str, trusted_key: Path, sig_path: Path, data_path: Path, -) -> bool: - with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str: - gnupg_home = Path(gnupg_home_str) - run("gpg", "--homedir", gnupg_home, "--import", trusted_key) - keyring = gnupg_home / "pubring.kbx" - try: - subprocess.run( - ("gpgv", "--keyring", keyring, sig_path, data_path), - check=True, - stderr=subprocess.PIPE, - encoding="utf-8", - ) - return True - except subprocess.CalledProcessError as err: - print( - f"error: signature for {name} failed to verify!", - file=sys.stderr, - ) - print(err.stderr, file=sys.stderr, end="") - return False - - -def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]: - release = release_info.release - extra = f'-{release_info.version[-1]}' - - def find_asset(filename: str) -> str: - try: - it: Iterator[str] = ( - asset.browser_download_url - for asset in release.get_assets() - if asset.name == filename - ) - return next(it) - except StopIteration: - raise KeyError(filename) - - patch_filename = f"{name}.patch" - try: - patch_url = find_asset(patch_filename) - sig_url = find_asset(patch_filename + ".sig") - except KeyError: - print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr) - return None - - sha256, patch_path = nix_prefetch_url(patch_url) - _, sig_path = nix_prefetch_url(sig_url) - sig_ok = verify_openpgp_signature( - name=name, - trusted_key=HARDENED_TRUSTED_KEY, - sig_path=sig_path, - data_path=patch_path, - ) - if not sig_ok: - return None - - kernel_ver = re.sub(r"(.*)(-hardened[\d]+)$", r'\1', release_info.release.tag_name) - major = kernel_ver.split('.')[0] - sha256_kernel, _ = nix_prefetch_url(f"mirror://kernel/linux/kernel/v{major}.x/linux-{kernel_ver}.tar.xz") - - return Patch( - patch=PatchData(name=patch_filename, url=patch_url, sha256=sha256, extra=extra), - version=kernel_ver, - sha256=sha256_kernel - ) - - -def parse_version(version_str: str) -> Version: - version: Version = [] - for component in re.split('\.|\-', version_str): - try: - version.append(int(component)) - except ValueError: - version.append(component) - return version - - -def version_string(version: Version) -> str: - return ".".join(str(component) for component in version) - - -def major_kernel_version_key(kernel_version: Version) -> str: - return version_string(kernel_version[:-1]) - - -def commit_patches(*, kernel_key: str, message: str) -> None: - new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new") - with open(new_patches_path, "w") as new_patches_file: - json.dump(patches, new_patches_file, indent=4, sort_keys=True) - new_patches_file.write("\n") - os.rename(new_patches_path, HARDENED_PATCHES_PATH) - message = f"linux/hardened/patches/{kernel_key}: {message}" - print(message) - if os.environ.get("COMMIT"): - run( - "git", - "-C", - NIXPKGS_PATH, - "commit", - f"--message={message}", - HARDENED_PATCHES_PATH, - ) - - -# Load the existing patches. -patches: Dict[str, Patch] -with open(HARDENED_PATCHES_PATH) as patches_file: - patches = json.load(patches_file) - -# Get the set of currently packaged kernel versions. -kernel_versions = {} -with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as kernel_versions_json: - kernel_versions = json.load(kernel_versions_json) - for kernel_branch_str in kernel_versions: - if kernel_branch_str == "testing": continue - kernel_branch = [int(i) for i in kernel_branch_str.split(".")] - if kernel_branch < MIN_KERNEL_VERSION: continue - kernel_version = [int(i) for i in kernel_versions[kernel_branch_str]["version"].split(".")] - kernel_versions[kernel_branch_str] = kernel_version - -# Remove patches for unpackaged kernel versions. -for kernel_key in sorted(patches.keys() - kernel_versions.keys()): - del patches[kernel_key] - commit_patches(kernel_key=kernel_key, message="remove") - -g = Github(os.environ.get("GITHUB_TOKEN")) -repo = g.get_repo(HARDENED_GITHUB_REPO) -failures = False - -# Match each kernel version with the best patch version. -releases = {} -i = 0 -for release in repo.get_releases(): - # Dirty workaround to make sure that we don't run into issues because - # GitHub's API only allows fetching the last 1000 releases. - # It's not reliable to exit earlier because not every kernel minor may - # have hardened patches, hence the naive search below. - i += 1 - if i > 500: - break - - version = parse_version(release.tag_name) - # needs to look like e.g. 5.6.3-hardened1 - if len(version) < 4: - continue - - if not (isinstance(version[-2], int)): - continue - - kernel_version = version[:-1] - - kernel_key = major_kernel_version_key(kernel_version) - try: - packaged_kernel_version = kernel_versions[kernel_key] - except KeyError: - continue - - release_info = ReleaseInfo(version=version, release=release) - - if kernel_version == packaged_kernel_version: - releases[kernel_key] = release_info - else: - # Fall back to the latest patch for this major kernel version, - # skipping patches for kernels newer than the packaged one. - if '.'.join(str(x) for x in kernel_version) > '.'.join(str(x) for x in packaged_kernel_version): - continue - elif ( - kernel_key not in releases or releases[kernel_key].version < version - ): - releases[kernel_key] = release_info - -# Update hardened-patches.json for each release. -for kernel_key in sorted(releases.keys()): - release_info = releases[kernel_key] - release = release_info.release - version = release_info.version - version_str = release.tag_name - name = f"linux-hardened-{version_str}" - - old_version: Optional[Version] = None - old_version_str: Optional[str] = None - update: bool - try: - old_filename = patches[kernel_key]["patch"]["name"] - old_version_str = old_filename.replace("linux-hardened-", "").replace( - ".patch", "" - ) - old_version = parse_version(old_version_str) - update = old_version < version - except KeyError: - update = True - - if update: - patch = fetch_patch(name=name, release_info=release_info) - if patch is None: - failures = True - else: - patches[kernel_key] = patch - if old_version: - message = f"{old_version_str} -> {version_str}" - else: - message = f"init at {version_str}" - commit_patches(kernel_key=kernel_key, message=message) - -missing_kernel_versions = kernel_versions.keys() - patches.keys() - -if missing_kernel_versions: - print( - f"warning: no patches for kernel versions " - + ", ".join(missing_kernel_versions), - file=sys.stderr, - ) - -if failures: - sys.exit(1) diff --git a/pkgs/os-specific/linux/kernel/htmldocs.nix b/pkgs/os-specific/linux/kernel/htmldocs.nix deleted file mode 100644 index b811cf12bb01..000000000000 --- a/pkgs/os-specific/linux/kernel/htmldocs.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib -, stdenv -, graphviz -, imagemagick -, linux_latest -, makeFontsConf -, perl -, python3 -, which -}: - -stdenv.mkDerivation { - pname = "linux-kernel-latest-htmldocs"; - - inherit (linux_latest) version src; - - postPatch = '' - patchShebangs \ - Documentation/sphinx/parse-headers.pl \ - scripts/{get_abi.pl,get_feat.pl,kernel-doc,sphinx-pre-install} \ - tools/net/ynl/ynl-gen-rst.py - ''; - - FONTCONFIG_FILE = makeFontsConf { - fontDirectories = [ ]; - }; - - nativeBuildInputs = [ - graphviz - imagemagick - perl - python3.pkgs.sphinx - python3.pkgs.sphinx-rtd-theme - python3.pkgs.pyyaml - which - ]; - - preBuild = '' - export XDG_CACHE_HOME="$(mktemp -d)" - ''; - - makeFlags = [ "htmldocs" ]; - - installPhase = '' - mkdir -p $out/share/doc - mv Documentation/output $out/share/doc/linux-doc - cp -r Documentation/* $out/share/doc/linux-doc/ - ''; - - meta = { - description = "Linux kernel html documentation"; - homepage = "https://www.kernel.org/doc/htmldocs/"; - platforms = lib.platforms.linux; - inherit (linux_latest.meta) license; - maintainers = with lib.maintainers; [ sigmanificient ]; - }; -} diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json deleted file mode 100644 index 1619002be01c..000000000000 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "testing": { - "version": "6.10-rc4", - "hash": "sha256:1cx7c25fa8pvabhwph0rdqdryalxgl7rs1ry0v4k048bxpisvahf" - }, - "6.1": { - "version": "6.1.94", - "hash": "sha256:0sakp5k4q2xfd3la7j8s2rcbvndh6fdqgzz5ivyqf0df4anp3siq" - }, - "5.15": { - "version": "5.15.161", - "hash": "sha256:0k277hz6nq62v0xfc1n2hc69cyvmnxpl0qcbszinajywh23gfafn" - }, - "5.10": { - "version": "5.10.219", - "hash": "sha256:0c6dhi6w8likvyyzw7wj2fqhz8nhv760kkic8bk66r1prhakzdwk" - }, - "5.4": { - "version": "5.4.278", - "hash": "sha256:1245zf7vk2fyprw9fspljqy9wlzma9bayri7xx2g8iam2430d875" - }, - "4.19": { - "version": "4.19.316", - "hash": "sha256:0lmyhwr4la7kvim7jqdi29scjkvqp9crpvdbhpb4j8d7mj5kgzz4" - }, - "6.6": { - "version": "6.6.34", - "hash": "sha256:180v8q5376gl6zmjd54qcb1wpmz7cq299bdbhmz738rsb67yrq64" - }, - "6.8": { - "version": "6.8.12", - "hash": "sha256:0fb0m0fv4521g63gq04d7lm6hy8169s1rykiav5bkd99s9b1kcqr" - }, - "6.9": { - "version": "6.9.5", - "hash": "sha256:1ccm5w2x3faln5d0jj954xf99x7hn74ihk5zv6di99h3a2mv87x5" - } -} diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix deleted file mode 100644 index b5be3ba7230a..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ stdenv, lib, fetchsvn, linux -, scripts ? fetchsvn { - url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19584"; - sha256 = "1vhk4jnx8f98lkj2isrms2jm9c5qrpgayxbhawslqrprq1pmzlif"; - } -, ... -}: - -let - majorMinor = lib.versions.majorMinor linux.modDirVersion; - - major = lib.versions.major linux.modDirVersion; - minor = lib.versions.minor linux.modDirVersion; - patch = lib.versions.patch linux.modDirVersion; - - # See http://linux-libre.fsfla.org/pub/linux-libre/releases - versionPrefix = if linux.kernelOlder "5.14" then - "gnu1" - else - "gnu"; -in linux.override { - argsOverride = { - modDirVersion = "${linux.modDirVersion}-${versionPrefix}"; - isLibre = true; - pname = "linux-libre"; - - src = stdenv.mkDerivation { - name = "${linux.name}-libre-src"; - src = linux.src; - buildPhase = '' - # --force flag to skip empty files after deblobbing - ${scripts}/${majorMinor}/deblob-${majorMinor} --force \ - ${major} ${minor} ${patch} - ''; - checkPhase = '' - ${scripts}/deblob-check - ''; - installPhase = '' - cp -r . "$out" - ''; - }; - - passthru.updateScript = ./update-libre.sh; - - maintainers = with lib.maintainers; [ qyliss ivar ]; - }; -} diff --git a/pkgs/os-specific/linux/kernel/linux-rpi.nix b/pkgs/os-specific/linux/kernel/linux-rpi.nix deleted file mode 100644 index 775a50980f6d..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-rpi.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ stdenv, lib, buildPackages, fetchFromGitHub, fetchpatch, perl, buildLinux, rpiVersion, ... } @ args: - -let - # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this - modDirVersion = "6.6.31"; - tag = "stable_20240529"; -in -lib.overrideDerivation (buildLinux (args // { - version = "${modDirVersion}-${tag}"; - inherit modDirVersion; - pname = "linux-rpi"; - - src = fetchFromGitHub { - owner = "raspberrypi"; - repo = "linux"; - rev = tag; - hash = "sha256-UWUTeCpEN7dlFSQjog6S3HyEWCCnaqiUqV5KxCjYink="; - }; - - defconfig = { - "1" = "bcmrpi_defconfig"; - "2" = "bcm2709_defconfig"; - "3" = if stdenv.hostPlatform.isAarch64 then "bcmrpi3_defconfig" else "bcm2709_defconfig"; - "4" = "bcm2711_defconfig"; - }.${toString rpiVersion}; - - structuredExtraConfig = (args.structuredExtraConfig or {}) // (with lib.kernel; { - # Workaround https://github.com/raspberrypi/linux/issues/6198 - # Needed because NixOS 24.05+ sets DRM_SIMPLEDRM=y which pulls in - # DRM_KMS_HELPER=y. - BACKLIGHT_CLASS_DEVICE = yes; - }); - - features = { - efiBootStub = false; - } // (args.features or {}); - - kernelPatches = (args.kernelPatches or []) ++ [ - # Fix compilation errors due to incomplete patch backport. - # https://github.com/raspberrypi/linux/pull/6223 - { - name = "gpio-pwm_-_pwm_apply_might_sleep.patch"; - patch = fetchpatch { - url = "https://github.com/peat-psuwit/rpi-linux/commit/879f34b88c60dd59765caa30576cb5bfb8e73c56.patch"; - hash = "sha256-HlOkM9EFmlzOebCGoj7lNV5hc0wMjhaBFFZvaRCI0lI="; - }; - } - - { - name = "ir-rx51_-_pwm_apply_might_sleep.patch"; - patch = fetchpatch { - url = "https://github.com/peat-psuwit/rpi-linux/commit/23431052d2dce8084b72e399fce82b05d86b847f.patch"; - hash = "sha256-UDX/BJCJG0WVndP/6PbPK+AZsfU3vVxDCrpn1kb1kqE="; - }; - } - ]; - - extraMeta = if (rpiVersion < 3) then { - platforms = with lib.platforms; arm; - hydraPlatforms = []; - } else { - platforms = with lib.platforms; arm ++ aarch64; - hydraPlatforms = [ "aarch64-linux" ]; - }; -} // (args.argsOverride or {}))) (oldAttrs: { - postConfigure = '' - # The v7 defconfig has this set to '-v7' which screws up our modDirVersion. - sed -i $buildRoot/.config -e 's/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=""/' - sed -i $buildRoot/include/config/auto.conf -e 's/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=""/' - ''; - - # Make copies of the DTBs named after the upstream names so that U-Boot finds them. - # This is ugly as heck, but I don't know a better solution so far. - postFixup = '' - dtbDir=${if stdenv.isAarch64 then "$out/dtbs/broadcom" else "$out/dtbs"} - rm $dtbDir/bcm283*.dtb - copyDTB() { - cp -v "$dtbDir/$1" "$dtbDir/$2" - } - '' + lib.optionalString (lib.elem stdenv.hostPlatform.system ["armv6l-linux"]) '' - copyDTB bcm2708-rpi-zero-w.dtb bcm2835-rpi-zero.dtb - copyDTB bcm2708-rpi-zero-w.dtb bcm2835-rpi-zero-w.dtb - copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-a.dtb - copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-b.dtb - copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-b-rev2.dtb - copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-a-plus.dtb - copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-b-plus.dtb - copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-zero.dtb - copyDTB bcm2708-rpi-cm.dtb bcm2835-rpi-cm.dtb - '' + lib.optionalString (lib.elem stdenv.hostPlatform.system ["armv7l-linux"]) '' - copyDTB bcm2709-rpi-2-b.dtb bcm2836-rpi-2-b.dtb - '' + lib.optionalString (lib.elem stdenv.hostPlatform.system ["armv7l-linux" "aarch64-linux"]) '' - copyDTB bcm2710-rpi-zero-2.dtb bcm2837-rpi-zero-2.dtb - copyDTB bcm2710-rpi-3-b.dtb bcm2837-rpi-3-b.dtb - copyDTB bcm2710-rpi-3-b-plus.dtb bcm2837-rpi-3-a-plus.dtb - copyDTB bcm2710-rpi-3-b-plus.dtb bcm2837-rpi-3-b-plus.dtb - copyDTB bcm2710-rpi-cm3.dtb bcm2837-rpi-cm3.dtb - copyDTB bcm2711-rpi-4-b.dtb bcm2838-rpi-4-b.dtb - ''; -}) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix deleted file mode 100644 index ec7f104bcb1d..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ lib, buildLinux, fetchurl -, kernelPatches ? [ ] -, structuredExtraConfig ? {} -, extraMeta ? {} -, argsOverride ? {} -, ... } @ args: - -let - version = "5.10.218-rt110"; # updated by ./update-rt.sh - branch = lib.versions.majorMinor version; - kversion = builtins.elemAt (lib.splitString "-" version) 0; -in buildLinux (args // { - inherit version; - pname = "linux-rt"; - - # modDirVersion needs a patch number, change X.Y-rtZ to X.Y.0-rtZ. - modDirVersion = lib.versions.pad 3 version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1mmj5hwm5i16gc1y4nzr1cs882vi6vrihrincdcivv63x11v4dlw"; - }; - - kernelPatches = let rt-patch = { - name = "rt"; - patch = fetchurl { - url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0zam7hlcrphxv53jcza7sw0lv8a9mz15cl35adwb2rd2y1x9nhad"; - }; - }; in [ rt-patch ] ++ kernelPatches; - - structuredExtraConfig = with lib.kernel; { - PREEMPT_RT = yes; - # Fix error: unused option: PREEMPT_RT. - EXPERT = yes; # PREEMPT_RT depends on it (in kernel/Kconfig.preempt) - # Fix error: option not set correctly: PREEMPT_VOLUNTARY (wanted 'y', got 'n'). - PREEMPT_VOLUNTARY = lib.mkForce no; # PREEMPT_RT deselects it. - # Fix error: unused option: RT_GROUP_SCHED. - RT_GROUP_SCHED = lib.mkForce (option no); # Removed by sched-disable-rt-group-sched-on-rt.patch. - } // structuredExtraConfig; - - extraMeta = extraMeta // { - inherit branch; - }; -} // argsOverride) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix deleted file mode 100644 index 127d7e663513..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ lib, buildLinux, fetchurl -, kernelPatches ? [ ] -, structuredExtraConfig ? {} -, extraMeta ? {} -, argsOverride ? {} -, ... } @ args: - -let - version = "5.15.160-rt77"; # updated by ./update-rt.sh - branch = lib.versions.majorMinor version; - kversion = builtins.elemAt (lib.splitString "-" version) 0; -in buildLinux (args // { - inherit version; - pname = "linux-rt"; - - # modDirVersion needs a patch number, change X.Y-rtZ to X.Y.0-rtZ. - modDirVersion = if (builtins.match "[^.]*[.][^.]*-.*" version) == null then version - else lib.replaceStrings ["-"] [".0-"] version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "018v19a7rhzc4szybzzn86jlnk42x7jm6xkadfd2d3xq6f7727pl"; - }; - - kernelPatches = let rt-patch = { - name = "rt"; - patch = fetchurl { - url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0id4m1k1xq84bxgnchm8r2iwfqw6nacv5n1ksgyzj6q6v66ik3wk"; - }; - }; in [ rt-patch ] ++ kernelPatches; - - structuredExtraConfig = with lib.kernel; { - PREEMPT_RT = yes; - # Fix error: unused option: PREEMPT_RT. - EXPERT = yes; # PREEMPT_RT depends on it (in kernel/Kconfig.preempt) - # Fix error: option not set correctly: PREEMPT_VOLUNTARY (wanted 'y', got 'n'). - PREEMPT_VOLUNTARY = lib.mkForce no; # PREEMPT_RT deselects it. - # Fix error: unused option: RT_GROUP_SCHED. - RT_GROUP_SCHED = lib.mkForce (option no); # Removed by sched-disable-rt-group-sched-on-rt.patch. - } // structuredExtraConfig; - - extraMeta = extraMeta // { - inherit branch; - }; -} // argsOverride) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix deleted file mode 100644 index 2fc18c76e570..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, buildLinux, fetchurl -, kernelPatches ? [ ] -, structuredExtraConfig ? {} -, extraMeta ? {} -, argsOverride ? {} -, ... } @ args: - -let - version = "5.4.271-rt89"; # updated by ./update-rt.sh - branch = lib.versions.majorMinor version; - kversion = builtins.elemAt (lib.splitString "-" version) 0; -in buildLinux (args // { - inherit version; - pname = "linux-rt"; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d"; - }; - - kernelPatches = let rt-patch = { - name = "rt"; - patch = fetchurl { - url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "15k9jja5yd9zf5yhd7hhydwh4hksg2mybk66jhdjsryh4w9jav7z"; - }; - }; in [ rt-patch ] ++ kernelPatches; - - structuredExtraConfig = with lib.kernel; { - PREEMPT_RT = yes; - # Fix error: unused option: PREEMPT_RT. - EXPERT = yes; # PREEMPT_RT depends on it (in kernel/Kconfig.preempt) - # Fix error: option not set correctly: PREEMPT_VOLUNTARY (wanted 'y', got 'n'). - PREEMPT_VOLUNTARY = lib.mkForce no; # PREEMPT_RT deselects it. - # Fix error: unused option: RT_GROUP_SCHED. - RT_GROUP_SCHED = lib.mkForce (option no); # Removed by sched-disable-rt-group-sched-on-rt.patch. - } // structuredExtraConfig; - - extraMeta = extraMeta // { - inherit branch; - }; -} // argsOverride) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix b/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix deleted file mode 100644 index 0427f9c15986..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ lib, buildLinux, fetchurl -, kernelPatches ? [ ] -, structuredExtraConfig ? {} -, extraMeta ? {} -, argsOverride ? {} -, ... } @ args: - -let - version = "6.1.92-rt32"; # updated by ./update-rt.sh - branch = lib.versions.majorMinor version; - kversion = builtins.elemAt (lib.splitString "-" version) 0; -in buildLinux (args // { - inherit version; - pname = "linux-rt"; - - # modDirVersion needs a patch number, change X.Y-rtZ to X.Y.0-rtZ. - modDirVersion = if (builtins.match "[^.]*[.][^.]*-.*" version) == null then version - else lib.replaceStrings ["-"] [".0-"] version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "1j9n8gk76nn4gw42iba5zgghr360gb9n1mslr5dyv76wpwkz86ch"; - }; - - kernelPatches = let rt-patch = { - name = "rt"; - patch = fetchurl { - url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "00qa6l4jvkdny276jnwnra5dkagnp3qr43amf2mpqx3kdfw28g1q"; - }; - }; in [ rt-patch ] ++ kernelPatches; - - structuredExtraConfig = with lib.kernel; { - PREEMPT_RT = yes; - # Fix error: unused option: PREEMPT_RT. - EXPERT = yes; # PREEMPT_RT depends on it (in kernel/Kconfig.preempt) - # Fix error: option not set correctly: PREEMPT_VOLUNTARY (wanted 'y', got 'n'). - PREEMPT_VOLUNTARY = lib.mkForce no; # PREEMPT_RT deselects it. - # Fix error: unused option: RT_GROUP_SCHED. - RT_GROUP_SCHED = lib.mkForce (option no); # Removed by sched-disable-rt-group-sched-on-rt.patch. - } // structuredExtraConfig; - - extraMeta = extraMeta // { - inherit branch; - }; -} // argsOverride) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix b/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix deleted file mode 100644 index 57c268fe397e..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-rt-6.6.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ lib, buildLinux, fetchurl -, kernelPatches ? [ ] -, structuredExtraConfig ? {} -, extraMeta ? {} -, argsOverride ? {} -, ... } @ args: - -let - version = "6.6.32-rt32"; # updated by ./update-rt.sh - branch = lib.versions.majorMinor version; - kversion = builtins.elemAt (lib.splitString "-" version) 0; -in buildLinux (args // { - inherit version; - pname = "linux-rt"; - - # modDirVersion needs a patch number, change X.Y-rtZ to X.Y.0-rtZ. - modDirVersion = if (builtins.match "[^.]*[.][^.]*-.*" version) == null then version - else lib.replaceStrings ["-"] [".0-"] version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "1qbc8dqmk2xs1cz968rysw5xvhq3lj8g0pxp48fr2qbzy3m29a5a"; - }; - - kernelPatches = let rt-patch = { - name = "rt"; - patch = fetchurl { - url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0hv2z6d2gw7hqfzw6dgrzxlirk4yifcxbmx71hxlvd9l2vgp72q5"; - }; - }; in [ rt-patch ] ++ kernelPatches; - - structuredExtraConfig = with lib.kernel; { - PREEMPT_RT = yes; - # Fix error: unused option: PREEMPT_RT. - EXPERT = yes; # PREEMPT_RT depends on it (in kernel/Kconfig.preempt) - # Fix error: option not set correctly: PREEMPT_VOLUNTARY (wanted 'y', got 'n'). - PREEMPT_VOLUNTARY = lib.mkForce no; # PREEMPT_RT deselects it. - # Fix error: unused option: RT_GROUP_SCHED. - RT_GROUP_SCHED = lib.mkForce (option no); # Removed by sched-disable-rt-group-sched-on-rt.patch. - } // structuredExtraConfig; - - extraMeta = extraMeta // { - inherit branch; - }; -} // argsOverride) diff --git a/pkgs/os-specific/linux/kernel/mainline.nix b/pkgs/os-specific/linux/kernel/mainline.nix deleted file mode 100644 index 4e1d5b8a9e87..000000000000 --- a/pkgs/os-specific/linux/kernel/mainline.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ branch, lib, fetchurl, fetchzip, buildLinux, ... } @ args: - -let - allKernels = builtins.fromJSON (builtins.readFile ./kernels-org.json); - thisKernel = allKernels.${branch}; - inherit (thisKernel) version; - - src = - # testing kernels are a special case because they don't have tarballs on the CDN - if branch == "testing" - then fetchzip { - url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - inherit (thisKernel) hash; - } - else fetchurl { - url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - inherit (thisKernel) hash; - }; - - args' = (builtins.removeAttrs args ["branch"]) // { - inherit src version; - - modDirVersion = lib.versions.pad 3 version; - extraMeta.branch = branch; - } // (args.argsOverride or {}); -in -buildLinux args' diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix deleted file mode 100644 index 3060ff9ef775..000000000000 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ /dev/null @@ -1,426 +0,0 @@ -{ lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod, ubootTools -, fetchpatch -, rustc, rust-bindgen, rustPlatform -}: - -let - lib_ = lib; - stdenv_ = stdenv; - - readConfig = configfile: import (runCommand "config.nix" {} '' - echo "{" > "$out" - while IFS='=' read key val; do - [ "x''${key#CONFIG_}" != "x$key" ] || continue - no_firstquote="''${val#\"}"; - echo ' "'"$key"'" = "'"''${no_firstquote%\"}"'";' >> "$out" - done < "${configfile}" - echo "}" >> $out - '').outPath; -in lib.makeOverridable ({ - # The kernel version - version, - # The kernel pname (should be set for variants) - pname ? "linux", - # Position of the Linux build expression - pos ? null, - # Additional kernel make flags - extraMakeFlags ? [], - # The name of the kernel module directory - # Needs to be X.Y.Z[-extra], so pad with zeros if needed. - modDirVersion ? null /* derive from version */, - # The kernel source (tarball, git checkout, etc.) - src, - # a list of { name=..., patch=..., extraConfig=...} patches - kernelPatches ? [], - # The kernel .config file - configfile, - # Manually specified nixexpr representing the config - # If unspecified, this will be autodetected from the .config - config ? lib.optionalAttrs allowImportFromDerivation (readConfig configfile), - # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is - # automatically extended with extra per-version and per-config values. - randstructSeed ? "", - # Extra meta attributes - extraMeta ? {}, - - # for module compatibility - isZen ? false, - isLibre ? false, - isHardened ? false, - - # Whether to utilize the controversial import-from-derivation feature to parse the config - allowImportFromDerivation ? false, - # ignored - features ? null, lib ? lib_, stdenv ? stdenv_, -}: - -let - # Provide defaults. Note that we support `null` so that callers don't need to use optionalAttrs, - # which can lead to unnecessary strictness and infinite recursions. - modDirVersion_ = if modDirVersion == null then lib.versions.pad 3 version else modDirVersion; -in -let - # Shadow the un-defaulted parameter; don't want null. - modDirVersion = modDirVersion_; - inherit (lib) - hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms; - - drvAttrs = config_: kernelConf: kernelPatches: configfile: - let - # Folding in `ubootTools` in the default nativeBuildInputs is problematic, as - # it makes updating U-Boot cumbersome, since it will go above the current - # threshold of rebuilds - # - # To prevent these needless rounds of staging for U-Boot builds, we can - # limit the inclusion of ubootTools to target platforms where uImage *may* - # be produced. - # - # This command lists those (kernel-named) platforms: - # .../linux $ grep -l uImage ./arch/*/Makefile | cut -d'/' -f3 | sort - # - # This is still a guesstimation, but since none of our cached platforms - # coincide in that list, this gives us "perfect" decoupling here. - linuxPlatformsUsingUImage = [ - "arc" - "arm" - "csky" - "mips" - "powerpc" - "sh" - "sparc" - "xtensa" - ]; - needsUbootTools = - lib.elem stdenv.hostPlatform.linuxArch linuxPlatformsUsingUImage - ; - - config = let attrName = attr: "CONFIG_" + attr; in { - isSet = attr: hasAttr (attrName attr) config; - - getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; - - isYes = attr: (config.getValue attr) == "y"; - - isNo = attr: (config.getValue attr) == "n"; - - isModule = attr: (config.getValue attr) == "m"; - - isEnabled = attr: (config.isModule attr) || (config.isYes attr); - - isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); - } // config_; - - isModular = config.isYes "MODULES"; - withRust = config.isYes "RUST"; - - buildDTBs = kernelConf.DTB or false; - - # Dependencies that are required to build kernel modules - moduleBuildDependencies = [ - pahole - perl - libelf - # module makefiles often run uname commands to find out the kernel version - (buildPackages.deterministic-uname.override { inherit modDirVersion; }) - ] - ++ optional (lib.versionAtLeast version "5.13") zstd - ++ optionals withRust [ rustc rust-bindgen ] - ; - - in (optionalAttrs isModular { outputs = [ "out" "dev" ]; }) // { - passthru = rec { - inherit version modDirVersion config kernelPatches configfile - moduleBuildDependencies stdenv; - inherit isZen isHardened isLibre withRust; - isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; - baseVersion = lib.head (lib.splitString "-rc" version); - kernelOlder = lib.versionOlder baseVersion; - kernelAtLeast = lib.versionAtLeast baseVersion; - }; - - inherit src; - - depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ] - ++ optional needsUbootTools ubootTools - ++ optional (lib.versionOlder version "5.8") libelf - ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] - ++ optional (lib.versionAtLeast version "5.8") elfutils - ++ optionals withRust [ rustc rust-bindgen ]; - - RUST_LIB_SRC = lib.optionalString withRust rustPlatform.rustLibSrc; - - patches = - map (p: p.patch) kernelPatches - # Required for deterministic builds along with some postPatch magic. - ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch - ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch - # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks - # OpenZFS; this was fixed in Linux 5.19 so we backport the fix - # https://github.com/openzfs/zfs/pull/13367 - ++ optional (lib.versionAtLeast version "5.12" && - lib.versionOlder version "5.19" && - stdenv.hostPlatform.isPower) - (fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; - hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; - }); - - postPatch = '' - # Ensure that depmod gets resolved through PATH - sed -i Makefile -e 's|= /sbin/depmod|= depmod|' - - # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. - [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh - - # Set randstruct seed to a deterministic but diversified value. Note: - # we could have instead patched gen-random-seed.sh to take input from - # the buildFlags, but that would require also patching the kernel's - # toplevel Makefile to add a variable export. This would be likely to - # cause future patch conflicts. - for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do - if [ -f "$file" ]; then - substituteInPlace "$file" \ - --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') - break - fi - done - - patchShebangs scripts - - # also patch arch-specific install scripts - for i in $(find arch -name install.sh); do - patchShebangs "$i" - done - ''; - - configurePhase = '' - runHook preConfigure - - mkdir build - export buildRoot="$(pwd)/build" - - echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" - - if [ -f "$buildRoot/.config" ]; then - echo "Could not link $buildRoot/.config : file exists" - exit 1 - fi - ln -sv ${configfile} $buildRoot/.config - - # reads the existing .config file and prompts the user for options in - # the current kernel source that are not found in the file. - make $makeFlags "''${makeFlagsArray[@]}" oldconfig - runHook postConfigure - - make $makeFlags "''${makeFlagsArray[@]}" prepare - actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" - if [ "$actualModDirVersion" != "${modDirVersion}" ]; then - echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" - exit 1 - fi - - buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") - - cd $buildRoot - ''; - - buildFlags = [ - "KBUILD_BUILD_VERSION=1-NixOS" - kernelConf.target - "vmlinux" # for "perf" and things like that - ] ++ optional isModular "modules" - ++ optionals buildDTBs ["dtbs" "DTC_FLAGS=-@"] - ++ extraMakeFlags; - - installFlags = [ - "INSTALL_PATH=$(out)" - ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") - ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; - - preInstall = let - # All we really need to do here is copy the final image and System.map to $out, - # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets - # for the rest. Easy, right? - # - # Unfortunately for us, the obvious way of getting the built image path, - # make -s image_name, does not work correctly, because some architectures - # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, - # so we end up attempting to install the thing we didn't actually build. - # - # Thankfully, there's a way out that doesn't involve just hardcoding everything. - # - # The kernel has an install target, which runs a pretty simple shell script - # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on - # which kernel version you're looking at) that tries to do something sensible. - # - # (it would be great to hijack this script immediately, as it has all the - # information we need passed to it and we don't need it to try and be smart, - # but unfortunately, the exact location of the scripts differs between kernel - # versions, and they're seemingly not considered to be public API at all) - # - # One of the ways it tries to discover what "something sensible" actually is - # is by delegating to what's supposed to be a user-provided install script - # located at ~/bin/installkernel. - # - # (the other options are: - # - a distribution-specific script at /sbin/installkernel, - # which we can't really create in the sandbox easily - # - an architecture-specific script at arch/$arch/boot/install.sh, - # which attempts to guess _something_ and usually guesses very wrong) - # - # More specifically, the install script exec's into ~/bin/installkernel, if one - # exists, with the following arguments: - # - # $1: $KERNELRELEASE - full kernel version string - # $2: $KBUILD_IMAGE - the final image path - # $3: System.map - path to System.map file, seemingly hardcoded everywhere - # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags - # - # $2 is exactly what we want, so hijack the script and use the knowledge given to it - # by the makefile overlords for our own nefarious ends. - # - # Note that the makefiles specifically look in ~/bin/installkernel, and - # writeShellScriptBin writes the script to <store path>/bin/installkernel, - # so HOME needs to be set to just the store path. - # - # FIXME: figure out a less roundabout way of doing this. - installkernel = buildPackages.writeShellScriptBin "installkernel" '' - cp -av $2 $4 - cp -av $3 $4 - ''; - in '' - installFlagsArray+=("-j$NIX_BUILD_CORES") - export HOME=${installkernel} - ''; - - # Some image types need special install targets (e.g. uImage is installed with make uinstall on arm) - installTargets = [ - (kernelConf.installTarget or ( - /**/ if kernelConf.target == "uImage" && stdenv.hostPlatform.linuxArch == "arm" then "uinstall" - else if kernelConf.target == "zImage" || kernelConf.target == "Image.gz" then "zinstall" - else "install")) - ]; - - postInstall = optionalString isModular '' - mkdir -p $dev - cp vmlinux $dev/ - if [ -z "''${dontStrip-}" ]; then - installFlagsArray+=("INSTALL_MOD_STRIP=1") - fi - make modules_install $makeFlags "''${makeFlagsArray[@]}" \ - $installFlags "''${installFlagsArray[@]}" - unlink $out/lib/modules/${modDirVersion}/build - rm -f $out/lib/modules/${modDirVersion}/source - - mkdir -p $dev/lib/modules/${modDirVersion}/{build,source} - - # To save space, exclude a bunch of unneeded stuff when copying. - (cd .. && rsync --archive --prune-empty-dirs \ - --exclude='/build/' \ - * $dev/lib/modules/${modDirVersion}/source/) - - cd $dev/lib/modules/${modDirVersion}/source - - cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build - make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build - - # For reproducibility, removes accidental leftovers from a `cc1` call - # from a `try-run` call from the Makefile - rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d - - # Keep some extra files on some arches (powerpc, aarch64) - for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o; do - if [ -f "$buildRoot/$f" ]; then - cp $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f - fi - done - - # !!! No documentation on how much of the source tree must be kept - # If/when kernel builds fail due to missing files, you can add - # them here. Note that we may see packages requiring headers - # from drivers/ in the future; it adds 50M to keep all of its - # headers on 3.10 though. - - chmod u+w -R .. - arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) - - # Remove unused arches - for d in $(cd arch/; ls); do - if [ "$d" = "$arch" ]; then continue; fi - if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi - rm -rf arch/$d - done - - # Remove all driver-specific code (50M of which is headers) - rm -fR drivers - - # Keep all headers - find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w - - # Keep linker scripts (they are required for out-of-tree modules on aarch64) - find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w - - # Keep root and arch-specific Makefiles - chmod u-w Makefile arch/"$arch"/Makefile* - - # Keep whole scripts dir - chmod u-w -R scripts - - # Delete everything not kept - find . -type f -perm -u=w -print0 | xargs -0 -r rm - - # Delete empty directories - find -empty -type d -delete - ''; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = - "The Linux kernel" + - (if kernelPatches == [] then "" else - " (with patches: " - + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) - + ")"); - license = lib.licenses.gpl2Only; - homepage = "https://www.kernel.org/"; - maintainers = lib.teams.linux-kernel.members ++ [ - maintainers.thoughtpolice - ]; - platforms = platforms.linux; - badPlatforms = - lib.optionals (lib.versionOlder version "4.15") [ "riscv32-linux" "riscv64-linux" ] ++ - lib.optional (lib.versionOlder version "5.19") "loongarch64-linux"; - timeout = 14400; # 4 hours - } // extraMeta; - }; -in - -assert lib.versionOlder version "5.8" -> libelf != null; -assert lib.versionAtLeast version "5.8" -> elfutils != null; - -stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) // { - inherit pname version; - - enableParallelBuilding = true; - - hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; - - # Absolute paths for compilers avoid any PATH-clobbering issues. - makeFlags = [ - "O=$(buildRoot)" - "CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" - "HOSTCC=${buildPackages.stdenv.cc}/bin/${buildPackages.stdenv.cc.targetPrefix}cc" - "HOSTLD=${buildPackages.stdenv.cc.bintools}/bin/${buildPackages.stdenv.cc.targetPrefix}ld" - "ARCH=${stdenv.hostPlatform.linuxArch}" - ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ - "CROSS_COMPILE=${stdenv.cc.targetPrefix}" - ] ++ (stdenv.hostPlatform.linux-kernel.makeFlags or []) - ++ extraMakeFlags; - - karch = stdenv.hostPlatform.linuxArch; -} // (optionalAttrs (pos != null) { inherit pos; }))) diff --git a/pkgs/os-specific/linux/kernel/modinst-arg-list-too-long.patch b/pkgs/os-specific/linux/kernel/modinst-arg-list-too-long.patch deleted file mode 100644 index 58a9191989ae..000000000000 --- a/pkgs/os-specific/linux/kernel/modinst-arg-list-too-long.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst -index 07650ee..934a7a8 100644 ---- a/scripts/Makefile.modinst -+++ b/scripts/Makefile.modinst -@@ -9,7 +9,8 @@ include scripts/Kbuild.include - - # - --__modules := $(sort $(shell grep -h '\.ko$$' /dev/null $(wildcard $(MODVERDIR)/*.mod))) -+__modules := $(sort $(foreach f,$(wildcard $(MODVERDIR)/*.mod),$(shell \ -+ grep -h '\.ko$$' '$f'))) - modules := $(patsubst %.o,%.ko,$(wildcard $(__modules:.ko=.o))) - - PHONY += $(modules) diff --git a/pkgs/os-specific/linux/kernel/mptcp-config.nix b/pkgs/os-specific/linux/kernel/mptcp-config.nix deleted file mode 100644 index 59b11167ac22..000000000000 --- a/pkgs/os-specific/linux/kernel/mptcp-config.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib }: -with lib.kernel; -{ - # DRM_AMDGPU = yes; - - IPV6 = yes; - MPTCP = yes; - IP_MULTIPLE_TABLES = yes; - - # Enable advanced path-managers... - MPTCP_PM_ADVANCED = yes; - MPTCP_FULLMESH = yes; - MPTCP_NDIFFPORTS = yes; - # ... but use none by default. - # The default is safer if source policy routing is not setup. - DEFAULT_DUMMY = yes; - DEFAULT_MPTCP_PM.freeform = "default"; - - # MPTCP scheduler selection. - MPTCP_SCHED_ADVANCED = yes; - DEFAULT_MPTCP_SCHED.freeform = "default"; - - # Smarter TCP congestion controllers - TCP_CONG_LIA = module; - TCP_CONG_OLIA = module; - TCP_CONG_WVEGAS = module; - TCP_CONG_BALIA = module; -} diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix deleted file mode 100644 index c1715a91e5fb..000000000000 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ lib, fetchpatch, fetchurl }: - -{ - ath_regd_optional = rec { - name = "ath_regd_optional"; - patch = fetchpatch { - name = name + ".patch"; - url = "https://github.com/openwrt/openwrt/raw/ed2015c38617ed6624471e77f27fbb0c58c8c660/package/kernel/mac80211/patches/ath/402-ath_regd_optional.patch"; - sha256 = "1ssDXSweHhF+pMZyd6kSrzeW60eb6MO6tlf0il17RC0="; - postFetch = '' - sed -i 's/CPTCFG_/CONFIG_/g' $out - sed -i '/--- a\/local-symbols/,$d' $out - ''; - }; - }; - - bridge_stp_helper = - { name = "bridge-stp-helper"; - patch = ./bridge-stp-helper.patch; - }; - - # Reverts the buggy commit causing https://bugzilla.kernel.org/show_bug.cgi?id=217802 - dell_xps_regression = { - name = "dell_xps_regression"; - patch = fetchpatch { - name = "Revert-101bd907b424-misc-rtsx-judge-ASPM-Mode-to-set.patch"; - url = "https://raw.githubusercontent.com/openSUSE/kernel-source/1b02b1528a26f4e9b577e215c114d8c5e773ee10/patches.suse/Revert-101bd907b424-misc-rtsx-judge-ASPM-Mode-to-set.patch"; - sha256 = "sha256-RHJdQ4p0msTOVPR+/dYiKuwwEoG9IpIBqT4dc5cJjf8="; - }; - }; - - request_key_helper = - { name = "request-key-helper"; - patch = ./request-key-helper.patch; - }; - - request_key_helper_updated = - { name = "request-key-helper-updated"; - patch = ./request-key-helper-updated.patch; - }; - - modinst_arg_list_too_long = - { name = "modinst-arglist-too-long"; - patch = ./modinst-arg-list-too-long.patch; - }; - - hardened = let - mkPatch = kernelVersion: { version, sha256, patch }: let src = patch; in { - name = lib.removeSuffix ".patch" src.name; - patch = fetchurl (lib.filterAttrs (k: v: k != "extra") src); - extra = src.extra; - inherit version sha256; - }; - patches = lib.importJSON ./hardened/patches.json; - in lib.mapAttrs mkPatch patches; - - # Adapted for Linux 5.4 from: - # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04896832c94aae4842100cafb8d3a73e1bed3a45 - rtl8761b_support = - { name = "rtl8761b-support"; - patch = ./rtl8761b-support.patch; - }; - - export-rt-sched-migrate = { - name = "export-rt-sched-migrate"; - patch = ./export-rt-sched-migrate.patch; - }; - - rust_1_75 = { - name = "rust-1.75.patch"; - patch = ./rust-1.75.patch; - }; - - rust_1_76 = { - name = "rust-1.76.patch"; - patch = fetchurl { - name = "rust-1.76.patch"; - url = "https://lore.kernel.org/rust-for-linux/20240217002638.57373-2-ojeda@kernel.org/raw"; - hash = "sha256-q3iNBo8t4b1Rn5k5lau2myqOAqdA/9V9A+ok2jGkLdY="; - }; - }; - - rust_1_77-6_8 = { - name = "rust-1.77.patch"; - patch = ./rust-1.77-6.8.patch; - }; - - rust_1_77-6_9 = { - name = "rust-1.77.patch"; - patch = ./rust-1.77.patch; - }; - - rust_1_78 = { - name = "rust-1.78.patch"; - patch = fetchpatch { - name = "rust-1.78.patch"; - url = "https://lore.kernel.org/rust-for-linux/20240401212303.537355-4-ojeda@kernel.org/raw"; - excludes = [ "Documentation/process/changes.rst" ]; # Conflicts on 6.8. - hash = "sha256-EZ+Qa9z1AtAv08e72M7BEsCZi9UK572gmW+AR62a8EM="; - }; - }; -} diff --git a/pkgs/os-specific/linux/kernel/perf/default.nix b/pkgs/os-specific/linux/kernel/perf/default.nix deleted file mode 100644 index 851a4c8d5d7b..000000000000 --- a/pkgs/os-specific/linux/kernel/perf/default.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ lib -, stdenv -, fetchurl -, kernel -, elfutils -, python3 -, perl -, newt -, slang -, asciidoc -, xmlto -, makeWrapper -, docbook_xsl -, docbook_xml_dtd_45 -, libxslt -, flex -, bison -, pkg-config -, libunwind -, binutils-unwrapped -, libiberty -, audit -, libbfd -, libbfd_2_38 -, libopcodes -, libopcodes_2_38 -, libpfm -, libtraceevent -, openssl -, systemtap -, numactl -, zlib -, babeltrace -, withGtk ? false -, gtk2 -, withZstd ? true -, zstd -, withLibcap ? true -, libcap -}: -let - d3-flame-graph-templates = stdenv.mkDerivation rec { - pname = "d3-flame-graph-templates"; - version = "4.1.3"; - - src = fetchurl { - url = "https://registry.npmjs.org/d3-flame-graph/-/d3-flame-graph-${version}.tgz"; - sha256 = "sha256-W5/Vh5jarXUV224aIiTB2TnBFYT3naEIcG2945QjY8Q="; - }; - - installPhase = '' - install -D -m 0755 -t $out/share/d3-flame-graph/ ./dist/templates/* - ''; - }; -in - -stdenv.mkDerivation { - pname = "perf-linux"; - version = kernel.version; - - inherit (kernel) src; - - postPatch = '' - # Linux scripts - patchShebangs scripts - patchShebangs tools/perf/check-headers.sh - '' + lib.optionalString (lib.versionAtLeast kernel.version "6.3") '' - # perf-specific scripts - patchShebangs tools/perf/pmu-events - '' + '' - cd tools/perf - - for x in util/build-id.c util/dso.c; do - substituteInPlace $x --replace /usr/lib/debug /run/current-system/sw/lib/debug - done - - '' + lib.optionalString (lib.versionAtLeast kernel.version "5.8") '' - substituteInPlace scripts/python/flamegraph.py \ - --replace "/usr/share/d3-flame-graph/d3-flamegraph-base.html" \ - "${d3-flame-graph-templates}/share/d3-flame-graph/d3-flamegraph-base.html" - - '' + lib.optionalString (lib.versionAtLeast kernel.version "6.0") '' - patchShebangs pmu-events/jevents.py - ''; - - makeFlags = [ "prefix=$(out)" "WERROR=0" "ASCIIDOC8=1" ] ++ kernel.makeFlags - ++ lib.optional (!withGtk) "NO_GTK2=1" - ++ lib.optional (!withZstd) "NO_LIBZSTD=1" - ++ lib.optional (!withLibcap) "NO_LIBCAP=1"; - - hardeningDisable = [ "format" ]; - - # perf refers both to newt and slang - nativeBuildInputs = [ - asciidoc - xmlto - docbook_xsl - docbook_xml_dtd_45 - libxslt - flex - bison - libiberty - audit - makeWrapper - pkg-config - python3 - ]; - - buildInputs = [ - elfutils - newt - slang - libtraceevent - libunwind - zlib - openssl - numactl - python3 - perl - babeltrace - ] ++ (if (lib.versionAtLeast kernel.version "5.19") - then [ libbfd libopcodes ] - else [ libbfd_2_38 libopcodes_2_38 ]) - ++ lib.optional (lib.meta.availableOn stdenv.hostPlatform systemtap) systemtap.stapBuild - ++ lib.optional withGtk gtk2 - ++ lib.optional withZstd zstd - ++ lib.optional withLibcap libcap - ++ lib.optional (lib.versionAtLeast kernel.version "5.8") libpfm - ++ lib.optional (lib.versionAtLeast kernel.version "6.0") python3.pkgs.setuptools; - - env.NIX_CFLAGS_COMPILE = toString ([ - "-Wno-error=cpp" - "-Wno-error=bool-compare" - "-Wno-error=deprecated-declarations" - "-Wno-error=stringop-truncation" - ] ++ lib.optionals (stdenv.cc.isGNU && lib.versions.major stdenv.cc.version == "13") [ - # Workaround gcc bug that causes enev simplest `perf top` runs to - # crash: https://gcc.gnu.org/PR111009. - # Can be removed once gcc-13 is updated past 13.2.0. - "-O1" - ]); - - doCheck = false; # requires "sparse" - - installTargets = [ "install" "install-man" ]; - - # TODO: Add completions based on perf-completion.sh - postInstall = '' - # Same as perf. Remove. - rm -f $out/bin/trace - ''; - - separateDebugInfo = true; - - preFixup = '' - # Pull in 'objdump' into PATH to make annotations work. - # The embedded Python interpreter will search PATH to calculate the Python path configuration(Should be fixed by upstream). - # Add python.interpreter to PATH for now. - wrapProgram $out/bin/perf \ - --prefix PATH : ${lib.makeBinPath [ binutils-unwrapped python3 ]} - ''; - - meta = with lib; { - homepage = "https://perf.wiki.kernel.org/"; - description = "Linux tools to profile with performance counters"; - mainProgram = "perf"; - maintainers = with maintainers; [ viric ]; - platforms = platforms.linux; - broken = kernel.kernelOlder "5"; - }; -} diff --git a/pkgs/os-specific/linux/kernel/randstruct-provide-seed-5.19.patch b/pkgs/os-specific/linux/kernel/randstruct-provide-seed-5.19.patch deleted file mode 100644 index 5ca897a76bf6..000000000000 --- a/pkgs/os-specific/linux/kernel/randstruct-provide-seed-5.19.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/scripts/gen-randstruct-seed.sh b/scripts/gen-randstruct-seed.sh -index 61017b36c464..7bb494dd2e18 100755 ---- a/scripts/gen-randstruct-seed.sh -+++ b/scripts/gen-randstruct-seed.sh -@@ -1,7 +1,7 @@ - #!/bin/sh - # SPDX-License-Identifier: GPL-2.0 - --SEED=$(od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n') -+SEED="NIXOS_RANDSTRUCT_SEED" - echo "$SEED" > "$1" - HASH=$(echo -n "$SEED" | sha256sum | cut -d" " -f1) - echo "#define RANDSTRUCT_HASHED_SEED \"$HASH\"" > "$2" diff --git a/pkgs/os-specific/linux/kernel/randstruct-provide-seed.patch b/pkgs/os-specific/linux/kernel/randstruct-provide-seed.patch deleted file mode 100644 index 1328b9cee3c9..000000000000 --- a/pkgs/os-specific/linux/kernel/randstruct-provide-seed.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh ---- a/scripts/gcc-plugins/gen-random-seed.sh 2019-01-11 11:50:29.228258920 +0100 -+++ b/scripts/gcc-plugins/gen-random-seed.sh 2019-01-11 12:18:33.555902720 +0100 -@@ -2,7 +2,7 @@ - # SPDX-License-Identifier: GPL-2.0 - - if [ ! -f "$1" ]; then -- SEED=`od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n'` -+ SEED="NIXOS_RANDSTRUCT_SEED" - echo "const char *randstruct_seed = \"$SEED\";" > "$1" - HASH=`echo -n "$SEED" | sha256sum | cut -d" " -f1 | tr -d ' \n'` - echo "#define RANDSTRUCT_HASHED_SEED \"$HASH\"" > "$2" diff --git a/pkgs/os-specific/linux/kernel/request-key-helper-updated.patch b/pkgs/os-specific/linux/kernel/request-key-helper-updated.patch deleted file mode 100644 index aabb9e801be4..000000000000 --- a/pkgs/os-specific/linux/kernel/request-key-helper-updated.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/security/keys/request_key.c b/security/keys/request_key.c -index 88172c163953..4da74a1eebb2 100644 ---- a/security/keys/request_key.c -+++ b/security/keys/request_key.c -@@ -161,7 +161,7 @@ static int call_sbin_request_key(struct key_construction *cons, - - /* set up the argument list */ - i = 0; -- argv[i++] = "/sbin/request-key"; -+ argv[i++] = "/run/current-system/sw/bin/request-key"; - argv[i++] = (char *) op; - argv[i++] = key_str; - argv[i++] = uid_str; diff --git a/pkgs/os-specific/linux/kernel/request-key-helper.patch b/pkgs/os-specific/linux/kernel/request-key-helper.patch deleted file mode 100644 index 8264e265aedf..000000000000 --- a/pkgs/os-specific/linux/kernel/request-key-helper.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/security/keys/request_key.c b/security/keys/request_key.c -index 957b9e3e1492..5436a0d8b81d 100644 ---- a/security/keys/request_key.c -+++ b/security/keys/request_key.c -@@ -114,7 +114,7 @@ static int call_usermodehelper_keys(const char *path, char **argv, char **envp, - */ - static int call_sbin_request_key(struct key *authkey, void *aux) - { -- static char const request_key[] = "/sbin/request-key"; -+ static char const request_key[] = "/run/current-system/sw/bin/request-key"; - struct request_key_auth *rka = get_request_key_auth(authkey); - const struct cred *cred = current_cred(); - key_serial_t prkey, sskey; diff --git a/pkgs/os-specific/linux/kernel/rtl8761b-support.patch b/pkgs/os-specific/linux/kernel/rtl8761b-support.patch deleted file mode 100644 index b6d80d5bc8d3..000000000000 --- a/pkgs/os-specific/linux/kernel/rtl8761b-support.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c -index 67f4bc21e7c5..3a9afc905f24 100644 ---- a/drivers/bluetooth/btrtl.c -+++ b/drivers/bluetooth/btrtl.c -@@ -130,12 +130,19 @@ static const struct id_table ic_id_table[] = { - .cfg_name = "rtl_bt/rtl8821c_config" }, - - /* 8761A */ -- { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8761A, 0x0, -+ { IC_INFO(RTL_ROM_LMP_8761A, 0xa), - .config_needed = false, - .has_rom_version = true, - .fw_name = "rtl_bt/rtl8761a_fw.bin", - .cfg_name = "rtl_bt/rtl8761a_config" }, - -+ /* 8761B */ -+ { IC_INFO(RTL_ROM_LMP_8761A, 0xb), -+ .config_needed = false, -+ .has_rom_version = true, -+ .fw_name = "rtl_bt/rtl8761b_fw.bin", -+ .cfg_name = "rtl_bt/rtl8761b_config" }, -+ - /* 8822C with USB interface */ - { IC_INFO(RTL_ROM_LMP_8822B, 0xc), - .config_needed = false, -@@ -251,6 +258,7 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, - { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ - { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ - { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ -+ { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ - }; - - min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3; diff --git a/pkgs/os-specific/linux/kernel/rust-1.75.patch b/pkgs/os-specific/linux/kernel/rust-1.75.patch deleted file mode 100644 index 9d6b1a3dcc75..000000000000 --- a/pkgs/os-specific/linux/kernel/rust-1.75.patch +++ /dev/null @@ -1,373 +0,0 @@ -From 77007eef13d52d0a5df9706d47078c4e1390a0a9 Mon Sep 17 00:00:00 2001 -From: Miguel Ojeda <ojeda@kernel.org> -Date: Sun, 24 Dec 2023 18:21:28 +0100 -Subject: [PATCH] rust: upgrade to Rust 1.75.0 - -This is the next upgrade to the Rust toolchain, from 1.74.1 to 1.75.0 -(i.e. the latest) [1]. - -See the upgrade policy [2] and the comments on the first upgrade in -commit 3ed03f4da06e ("rust: upgrade to Rust 1.68.2"). - -# Unstable features - -The `const_maybe_uninit_zeroed` unstable feature [3] was stabilized in -Rust 1.75.0, which we were using in the PHYLIB abstractions. - -The only unstable features allowed to be used outside the `kernel` crate -are still `new_uninit,offset_of`, though other code to be upstreamed -may increase the list. - -Please see [4] for details. - -# Other improvements - -Rust 1.75.0 stabilized `pointer_byte_offsets` [5] which we could -potentially use as an alternative for `ptr_metadata` in the future. - -# Required changes - -For this upgrade, no changes were required (i.e. on our side). - -# `alloc` upgrade and reviewing - -The vast majority of changes are due to our `alloc` fork being upgraded -at once. - -There are two kinds of changes to be aware of: the ones coming from -upstream, which we should follow as closely as possible, and the updates -needed in our added fallible APIs to keep them matching the newer -infallible APIs coming from upstream. - -Instead of taking a look at the diff of this patch, an alternative -approach is reviewing a diff of the changes between upstream `alloc` and -the kernel's. This allows to easily inspect the kernel additions only, -especially to check if the fallible methods we already have still match -the infallible ones in the new version coming from upstream. - -Another approach is reviewing the changes introduced in the additions in -the kernel fork between the two versions. This is useful to spot -potentially unintended changes to our additions. - -To apply these approaches, one may follow steps similar to the following -to generate a pair of patches that show the differences between upstream -Rust and the kernel (for the subset of `alloc` we use) before and after -applying this patch: - - # Get the difference with respect to the old version. - git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) - git -C linux ls-tree -r --name-only HEAD -- rust/alloc | - cut -d/ -f3- | - grep -Fv README.md | - xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH - git -C linux diff --patch-with-stat --summary -R > old.patch - git -C linux restore rust/alloc - - # Apply this patch. - git -C linux am rust-upgrade.patch - - # Get the difference with respect to the new version. - git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) - git -C linux ls-tree -r --name-only HEAD -- rust/alloc | - cut -d/ -f3- | - grep -Fv README.md | - xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH - git -C linux diff --patch-with-stat --summary -R > new.patch - git -C linux restore rust/alloc - -Now one may check the `new.patch` to take a look at the additions (first -approach) or at the difference between those two patches (second -approach). For the latter, a side-by-side tool is recommended. - -Link: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1750-2023-12-28 [1] -Link: https://rust-for-linux.com/rust-version-policy [2] -Link: https://github.com/rust-lang/rust/issues/91850 [3] -Link: https://github.com/Rust-for-Linux/linux/issues/2 [4] -Link: https://github.com/rust-lang/rust/issues/96283 [5] -Signed-off-by: Miguel Ojeda <ojeda@kernel.org> -Link: https://lore.kernel.org/lkml/20231224172128.271447-1-ojeda@kernel.org/ -Signed-off-by: Alyssa Ross <hi@alyssa.is> ---- - Documentation/process/changes.rst | 2 +- - rust/alloc/alloc.rs | 9 ++++++++- - rust/alloc/boxed.rs | 20 ++++++++++++-------- - rust/alloc/lib.rs | 7 ++++--- - rust/alloc/raw_vec.rs | 19 +++++++++++++++---- - rust/alloc/vec/mod.rs | 16 ++++++++++------ - scripts/min-tool-version.sh | 2 +- - 7 files changed, 51 insertions(+), 24 deletions(-) - -diff --git a/Documentation/process/changes.rst b/Documentation/process/changes.rst -index 169f67773518..52284fdbaf23 100644 ---- a/Documentation/process/changes.rst -+++ b/Documentation/process/changes.rst -@@ -31,7 +31,7 @@ you probably needn't concern yourself with pcmciautils. - ====================== =============== ======================================== - GNU C 5.1 gcc --version - Clang/LLVM (optional) 11.0.0 clang --version --Rust (optional) 1.74.1 rustc --version -+Rust (optional) 1.75.0 rustc --version - bindgen (optional) 0.65.1 bindgen --version - GNU make 3.82 make --version - bash 4.2 bash --version -diff --git a/rust/alloc/alloc.rs b/rust/alloc/alloc.rs -index 150e13750ff7..8a6be8c98173 100644 ---- a/rust/alloc/alloc.rs -+++ b/rust/alloc/alloc.rs -@@ -379,13 +379,20 @@ const fn ct_error(_: Layout) -> ! { - panic!("allocation failed"); - } - -+ #[inline] - fn rt_error(layout: Layout) -> ! { - unsafe { - __rust_alloc_error_handler(layout.size(), layout.align()); - } - } - -- unsafe { core::intrinsics::const_eval_select((layout,), ct_error, rt_error) } -+ #[cfg(not(feature = "panic_immediate_abort"))] -+ unsafe { -+ core::intrinsics::const_eval_select((layout,), ct_error, rt_error) -+ } -+ -+ #[cfg(feature = "panic_immediate_abort")] -+ ct_error(layout) - } - - // For alloc test `std::alloc::handle_alloc_error` can be used directly. -diff --git a/rust/alloc/boxed.rs b/rust/alloc/boxed.rs -index 9620eba17268..f5f40778a193 100644 ---- a/rust/alloc/boxed.rs -+++ b/rust/alloc/boxed.rs -@@ -161,7 +161,7 @@ - use core::marker::Unsize; - use core::mem::{self, SizedTypeProperties}; - use core::ops::{ -- CoerceUnsized, Deref, DerefMut, DispatchFromDyn, Generator, GeneratorState, Receiver, -+ CoerceUnsized, Coroutine, CoroutineState, Deref, DerefMut, DispatchFromDyn, Receiver, - }; - use core::pin::Pin; - use core::ptr::{self, NonNull, Unique}; -@@ -211,7 +211,7 @@ impl<T> Box<T> { - /// ``` - /// let five = Box::new(5); - /// ``` -- #[cfg(all(not(no_global_oom_handling)))] -+ #[cfg(not(no_global_oom_handling))] - #[inline(always)] - #[stable(feature = "rust1", since = "1.0.0")] - #[must_use] -@@ -2110,28 +2110,28 @@ fn as_mut(&mut self) -> &mut T { - #[stable(feature = "pin", since = "1.33.0")] - impl<T: ?Sized, A: Allocator> Unpin for Box<T, A> where A: 'static {} - --#[unstable(feature = "generator_trait", issue = "43122")] --impl<G: ?Sized + Generator<R> + Unpin, R, A: Allocator> Generator<R> for Box<G, A> -+#[unstable(feature = "coroutine_trait", issue = "43122")] -+impl<G: ?Sized + Coroutine<R> + Unpin, R, A: Allocator> Coroutine<R> for Box<G, A> - where - A: 'static, - { - type Yield = G::Yield; - type Return = G::Return; - -- fn resume(mut self: Pin<&mut Self>, arg: R) -> GeneratorState<Self::Yield, Self::Return> { -+ fn resume(mut self: Pin<&mut Self>, arg: R) -> CoroutineState<Self::Yield, Self::Return> { - G::resume(Pin::new(&mut *self), arg) - } - } - --#[unstable(feature = "generator_trait", issue = "43122")] --impl<G: ?Sized + Generator<R>, R, A: Allocator> Generator<R> for Pin<Box<G, A>> -+#[unstable(feature = "coroutine_trait", issue = "43122")] -+impl<G: ?Sized + Coroutine<R>, R, A: Allocator> Coroutine<R> for Pin<Box<G, A>> - where - A: 'static, - { - type Yield = G::Yield; - type Return = G::Return; - -- fn resume(mut self: Pin<&mut Self>, arg: R) -> GeneratorState<Self::Yield, Self::Return> { -+ fn resume(mut self: Pin<&mut Self>, arg: R) -> CoroutineState<Self::Yield, Self::Return> { - G::resume((*self).as_mut(), arg) - } - } -@@ -2448,4 +2448,8 @@ fn cause(&self) -> Option<&dyn core::error::Error> { - fn source(&self) -> Option<&(dyn core::error::Error + 'static)> { - core::error::Error::source(&**self) - } -+ -+ fn provide<'b>(&'b self, request: &mut core::error::Request<'b>) { -+ core::error::Error::provide(&**self, request); -+ } - } -diff --git a/rust/alloc/lib.rs b/rust/alloc/lib.rs -index 9c7ea73da108..345cf5c9cf92 100644 ---- a/rust/alloc/lib.rs -+++ b/rust/alloc/lib.rs -@@ -80,6 +80,8 @@ - not(no_sync), - target_has_atomic = "ptr" - ))] -+#![cfg_attr(not(bootstrap), doc(rust_logo))] -+#![cfg_attr(not(bootstrap), feature(rustdoc_internals))] - #![no_std] - #![needs_allocator] - // Lints: -@@ -115,7 +117,6 @@ - #![feature(const_eval_select)] - #![feature(const_maybe_uninit_as_mut_ptr)] - #![feature(const_maybe_uninit_write)] --#![feature(const_maybe_uninit_zeroed)] - #![feature(const_pin)] - #![feature(const_refs_to_cell)] - #![feature(const_size_of_val)] -@@ -141,7 +142,7 @@ - #![feature(maybe_uninit_uninit_array)] - #![feature(maybe_uninit_uninit_array_transpose)] - #![feature(pattern)] --#![feature(pointer_byte_offsets)] -+#![feature(ptr_addr_eq)] - #![feature(ptr_internals)] - #![feature(ptr_metadata)] - #![feature(ptr_sub_ptr)] -@@ -168,7 +169,7 @@ - // - // Language features: - // tidy-alphabetical-start --#![cfg_attr(not(test), feature(generator_trait))] -+#![cfg_attr(not(test), feature(coroutine_trait))] - #![cfg_attr(test, feature(panic_update_hook))] - #![cfg_attr(test, feature(test))] - #![feature(allocator_internals)] -diff --git a/rust/alloc/raw_vec.rs b/rust/alloc/raw_vec.rs -index a7425582a323..f1b8cec8cc62 100644 ---- a/rust/alloc/raw_vec.rs -+++ b/rust/alloc/raw_vec.rs -@@ -338,10 +338,13 @@ pub fn reserve_for_push(&mut self, len: usize) { - /// The same as `reserve`, but returns on errors instead of panicking or aborting. - pub fn try_reserve(&mut self, len: usize, additional: usize) -> Result<(), TryReserveError> { - if self.needs_to_grow(len, additional) { -- self.grow_amortized(len, additional) -- } else { -- Ok(()) -+ self.grow_amortized(len, additional)?; - } -+ unsafe { -+ // Inform the optimizer that the reservation has succeeded or wasn't needed -+ core::intrinsics::assume(!self.needs_to_grow(len, additional)); -+ } -+ Ok(()) - } - - /// The same as `reserve_for_push`, but returns on errors instead of panicking or aborting. -@@ -378,7 +381,14 @@ pub fn try_reserve_exact( - len: usize, - additional: usize, - ) -> Result<(), TryReserveError> { -- if self.needs_to_grow(len, additional) { self.grow_exact(len, additional) } else { Ok(()) } -+ if self.needs_to_grow(len, additional) { -+ self.grow_exact(len, additional)?; -+ } -+ unsafe { -+ // Inform the optimizer that the reservation has succeeded or wasn't needed -+ core::intrinsics::assume(!self.needs_to_grow(len, additional)); -+ } -+ Ok(()) - } - - /// Shrinks the buffer down to the specified capacity. If the given amount -@@ -569,6 +579,7 @@ fn alloc_guard(alloc_size: usize) -> Result<(), TryReserveError> { - // ensure that the code generation related to these panics is minimal as there's - // only one location which panics rather than a bunch throughout the module. - #[cfg(not(no_global_oom_handling))] -+#[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] - fn capacity_overflow() -> ! { - panic!("capacity overflow"); - } -diff --git a/rust/alloc/vec/mod.rs b/rust/alloc/vec/mod.rs -index 41ca71805ef0..0d95fd7ef337 100644 ---- a/rust/alloc/vec/mod.rs -+++ b/rust/alloc/vec/mod.rs -@@ -1376,7 +1376,7 @@ pub fn as_mut_slice(&mut self) -> &mut [T] { - /// [`as_mut_ptr`]: Vec::as_mut_ptr - /// [`as_ptr`]: Vec::as_ptr - #[stable(feature = "vec_as_ptr", since = "1.37.0")] -- #[cfg_attr(not(bootstrap), rustc_never_returns_null_ptr)] -+ #[rustc_never_returns_null_ptr] - #[inline] - pub fn as_ptr(&self) -> *const T { - // We shadow the slice method of the same name to avoid going through -@@ -1436,7 +1436,7 @@ pub fn as_ptr(&self) -> *const T { - /// [`as_mut_ptr`]: Vec::as_mut_ptr - /// [`as_ptr`]: Vec::as_ptr - #[stable(feature = "vec_as_ptr", since = "1.37.0")] -- #[cfg_attr(not(bootstrap), rustc_never_returns_null_ptr)] -+ #[rustc_never_returns_null_ptr] - #[inline] - pub fn as_mut_ptr(&mut self) -> *mut T { - // We shadow the slice method of the same name to avoid going through -@@ -1565,7 +1565,8 @@ pub unsafe fn set_len(&mut self, new_len: usize) { - #[stable(feature = "rust1", since = "1.0.0")] - pub fn swap_remove(&mut self, index: usize) -> T { - #[cold] -- #[inline(never)] -+ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] -+ #[track_caller] - fn assert_failed(index: usize, len: usize) -> ! { - panic!("swap_remove index (is {index}) should be < len (is {len})"); - } -@@ -1606,7 +1607,8 @@ fn assert_failed(index: usize, len: usize) -> ! { - #[stable(feature = "rust1", since = "1.0.0")] - pub fn insert(&mut self, index: usize, element: T) { - #[cold] -- #[inline(never)] -+ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] -+ #[track_caller] - fn assert_failed(index: usize, len: usize) -> ! { - panic!("insertion index (is {index}) should be <= len (is {len})"); - } -@@ -1667,7 +1669,7 @@ fn assert_failed(index: usize, len: usize) -> ! { - #[track_caller] - pub fn remove(&mut self, index: usize) -> T { - #[cold] -- #[inline(never)] -+ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] - #[track_caller] - fn assert_failed(index: usize, len: usize) -> ! { - panic!("removal index (is {index}) should be < len (is {len})"); -@@ -2097,6 +2099,7 @@ pub fn pop(&mut self) -> Option<T> { - } else { - unsafe { - self.len -= 1; -+ core::intrinsics::assume(self.len < self.capacity()); - Some(ptr::read(self.as_ptr().add(self.len()))) - } - } -@@ -2299,7 +2302,8 @@ pub fn split_off(&mut self, at: usize) -> Self - A: Clone, - { - #[cold] -- #[inline(never)] -+ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] -+ #[track_caller] - fn assert_failed(at: usize, len: usize) -> ! { - panic!("`at` split index (is {at}) should be <= len (is {len})"); - } -diff --git a/scripts/min-tool-version.sh b/scripts/min-tool-version.sh -index c62066825f53..bcc7d4247290 100755 ---- a/scripts/min-tool-version.sh -+++ b/scripts/min-tool-version.sh -@@ -31,7 +31,7 @@ llvm) - fi - ;; - rustc) -- echo 1.74.1 -+ echo 1.75.0 - ;; - bindgen) - echo 0.65.1 --- -2.43.0 - diff --git a/pkgs/os-specific/linux/kernel/rust-1.77-6.8.patch b/pkgs/os-specific/linux/kernel/rust-1.77-6.8.patch deleted file mode 100644 index 4b25d3e60e39..000000000000 --- a/pkgs/os-specific/linux/kernel/rust-1.77-6.8.patch +++ /dev/null @@ -1,799 +0,0 @@ -From 82a754271336c7736fb0350692be85fecb30e38e Mon Sep 17 00:00:00 2001 -From: Miguel Ojeda <ojeda@kernel.org> -Date: Sat, 17 Feb 2024 01:27:17 +0100 -Subject: [PATCH] rust: upgrade to Rust 1.77.1 - -This is the next upgrade to the Rust toolchain, from 1.76.0 to 1.77.1 -(i.e. the latest) [1]. - -See the upgrade policy [2] and the comments on the first upgrade in -commit 3ed03f4da06e ("rust: upgrade to Rust 1.68.2"). - -# Unstable features - -The `offset_of` feature (single-field `offset_of!`) that we were using -got stabilized in Rust 1.77.0 [3]. - -Therefore, now the only unstable features allowed to be used outside the -`kernel` crate is `new_uninit`, though other code to be upstreamed may -increase the list. - -Please see [4] for details. - -# Required changes - -Rust 1.77.0 merged the `unused_tuple_struct_fields` lint into `dead_code`, -thus upgrading it from `allow` to `warn` [5]. In turn, this made `rustc` -complain about the `ThisModule`'s pointer field being never read, but -the previous patch adds the `as_ptr` method to it, needed by Binder [6], -so that we do not need to locally `allow` it. - -# Other changes - -Rust 1.77.0 introduces the `--check-cfg` feature [7], for which there -is a Call for Testing going on [8]. We were requested to test it and -we found it useful [9] -- we will likely enable it in the future. - -# `alloc` upgrade and reviewing - -The vast majority of changes are due to our `alloc` fork being upgraded -at once. - -There are two kinds of changes to be aware of: the ones coming from -upstream, which we should follow as closely as possible, and the updates -needed in our added fallible APIs to keep them matching the newer -infallible APIs coming from upstream. - -Instead of taking a look at the diff of this patch, an alternative -approach is reviewing a diff of the changes between upstream `alloc` and -the kernel's. This allows to easily inspect the kernel additions only, -especially to check if the fallible methods we already have still match -the infallible ones in the new version coming from upstream. - -Another approach is reviewing the changes introduced in the additions in -the kernel fork between the two versions. This is useful to spot -potentially unintended changes to our additions. - -To apply these approaches, one may follow steps similar to the following -to generate a pair of patches that show the differences between upstream -Rust and the kernel (for the subset of `alloc` we use) before and after -applying this patch: - - # Get the difference with respect to the old version. - git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) - git -C linux ls-tree -r --name-only HEAD -- rust/alloc | - cut -d/ -f3- | - grep -Fv README.md | - xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH - git -C linux diff --patch-with-stat --summary -R > old.patch - git -C linux restore rust/alloc - - # Apply this patch. - git -C linux am rust-upgrade.patch - - # Get the difference with respect to the new version. - git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) - git -C linux ls-tree -r --name-only HEAD -- rust/alloc | - cut -d/ -f3- | - grep -Fv README.md | - xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH - git -C linux diff --patch-with-stat --summary -R > new.patch - git -C linux restore rust/alloc - -Now one may check the `new.patch` to take a look at the additions (first -approach) or at the difference between those two patches (second -approach). For the latter, a side-by-side tool is recommended. - -Link: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1770-2024-03-21 [1] -Link: https://rust-for-linux.com/rust-version-policy [2] -Link: https://github.com/rust-lang/rust/pull/118799 [3] -Link: https://github.com/Rust-for-Linux/linux/issues/2 [4] -Link: https://github.com/rust-lang/rust/pull/118297 [5] -Link: https://lore.kernel.org/rust-for-linux/20231101-rust-binder-v1-2-08ba9197f637@google.com/#Z31rust:kernel:lib.rs [6] -Link: https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/check-cfg.html [7] -Link: https://github.com/rust-lang/rfcs/pull/3013#issuecomment-1936648479 [8] -Link: https://github.com/rust-lang/rust/issues/82450#issuecomment-1947462977 [9] -Reviewed-by: Alice Ryhl <aliceryhl@google.com> -Tested-by: Boqun Feng <boqun.feng@gmail.com> -Link: https://lore.kernel.org/r/20240217002717.57507-1-ojeda@kernel.org -[ Upgraded to 1.77.1. Removed `allow(dead_code)` thanks to the previous - patch. Reworded accordingly. No changes to `alloc` during the beta. ] -Signed-off-by: Miguel Ojeda <ojeda@kernel.org> -Signed-off-by: Alyssa Ross <hi@alyssa.is> - -# Conflicts: -# Documentation/process/changes.rst -# rust/kernel/lib.rs ---- - Documentation/process/changes.rst | 2 +- - rust/alloc/alloc.rs | 6 +- - rust/alloc/boxed.rs | 4 +- - rust/alloc/lib.rs | 7 +- - rust/alloc/raw_vec.rs | 13 ++-- - rust/alloc/slice.rs | 4 +- - rust/alloc/vec/into_iter.rs | 104 +++++++++++++++++++----------- - rust/alloc/vec/mod.rs | 101 ++++++++++++++++++++--------- - rust/kernel/lib.rs | 1 - - scripts/Makefile.build | 2 +- - scripts/min-tool-version.sh | 2 +- - 11 files changed, 158 insertions(+), 88 deletions(-) - -diff --git a/Documentation/process/changes.rst b/Documentation/process/changes.rst -index c78ecc1e176f..641d67363b92 100644 ---- a/Documentation/process/changes.rst -+++ b/Documentation/process/changes.rst -@@ -31,7 +31,7 @@ you probably needn't concern yourself with pcmciautils. - ====================== =============== ======================================== - GNU C 5.1 gcc --version - Clang/LLVM (optional) 11.0.0 clang --version --Rust (optional) 1.76.0 rustc --version -+Rust (optional) 1.77.1 rustc --version - bindgen (optional) 0.65.1 bindgen --version - GNU make 3.82 make --version - bash 4.2 bash --version -diff --git a/rust/alloc/alloc.rs b/rust/alloc/alloc.rs -index abb791cc2371..b1204f87227b 100644 ---- a/rust/alloc/alloc.rs -+++ b/rust/alloc/alloc.rs -@@ -5,7 +5,7 @@ - #![stable(feature = "alloc_module", since = "1.28.0")] - - #[cfg(not(test))] --use core::intrinsics; -+use core::hint; - - #[cfg(not(test))] - use core::ptr::{self, NonNull}; -@@ -210,7 +210,7 @@ unsafe fn grow_impl( - let new_size = new_layout.size(); - - // `realloc` probably checks for `new_size >= old_layout.size()` or something similar. -- intrinsics::assume(new_size >= old_layout.size()); -+ hint::assert_unchecked(new_size >= old_layout.size()); - - let raw_ptr = realloc(ptr.as_ptr(), old_layout, new_size); - let ptr = NonNull::new(raw_ptr).ok_or(AllocError)?; -@@ -301,7 +301,7 @@ unsafe fn shrink( - // SAFETY: `new_size` is non-zero. Other conditions must be upheld by the caller - new_size if old_layout.align() == new_layout.align() => unsafe { - // `realloc` probably checks for `new_size <= old_layout.size()` or something similar. -- intrinsics::assume(new_size <= old_layout.size()); -+ hint::assert_unchecked(new_size <= old_layout.size()); - - let raw_ptr = realloc(ptr.as_ptr(), old_layout, new_size); - let ptr = NonNull::new(raw_ptr).ok_or(AllocError)?; -diff --git a/rust/alloc/boxed.rs b/rust/alloc/boxed.rs -index c93a22a5c97f..5fc39dfeb8e7 100644 ---- a/rust/alloc/boxed.rs -+++ b/rust/alloc/boxed.rs -@@ -26,6 +26,7 @@ - //! Creating a recursive data structure: - //! - //! ``` -+//! ##[allow(dead_code)] - //! #[derive(Debug)] - //! enum List<T> { - //! Cons(T, Box<List<T>>), -@@ -194,8 +195,7 @@ - #[fundamental] - #[stable(feature = "rust1", since = "1.0.0")] - // The declaration of the `Box` struct must be kept in sync with the --// `alloc::alloc::box_free` function or ICEs will happen. See the comment --// on `box_free` for more details. -+// compiler or ICEs will happen. - pub struct Box< - T: ?Sized, - #[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global, -diff --git a/rust/alloc/lib.rs b/rust/alloc/lib.rs -index 36f79c075593..39afd55ec074 100644 ---- a/rust/alloc/lib.rs -+++ b/rust/alloc/lib.rs -@@ -105,7 +105,6 @@ - #![feature(allocator_api)] - #![feature(array_chunks)] - #![feature(array_into_iter_constructors)] --#![feature(array_methods)] - #![feature(array_windows)] - #![feature(ascii_char)] - #![feature(assert_matches)] -@@ -122,7 +121,6 @@ - #![feature(const_size_of_val)] - #![feature(const_waker)] - #![feature(core_intrinsics)] --#![feature(core_panic)] - #![feature(deprecated_suggestion)] - #![feature(dispatch_from_dyn)] - #![feature(error_generic_member_access)] -@@ -132,6 +130,7 @@ - #![feature(fmt_internals)] - #![feature(fn_traits)] - #![feature(hasher_prefixfree_extras)] -+#![feature(hint_assert_unchecked)] - #![feature(inline_const)] - #![feature(inplace_iteration)] - #![feature(iter_advance_by)] -@@ -141,6 +140,8 @@ - #![feature(maybe_uninit_slice)] - #![feature(maybe_uninit_uninit_array)] - #![feature(maybe_uninit_uninit_array_transpose)] -+#![feature(non_null_convenience)] -+#![feature(panic_internals)] - #![feature(pattern)] - #![feature(ptr_internals)] - #![feature(ptr_metadata)] -@@ -149,7 +150,6 @@ - #![feature(set_ptr_value)] - #![feature(sized_type_properties)] - #![feature(slice_from_ptr_range)] --#![feature(slice_group_by)] - #![feature(slice_ptr_get)] - #![feature(slice_ptr_len)] - #![feature(slice_range)] -@@ -182,6 +182,7 @@ - #![feature(const_ptr_write)] - #![feature(const_trait_impl)] - #![feature(const_try)] -+#![feature(decl_macro)] - #![feature(dropck_eyepatch)] - #![feature(exclusive_range_pattern)] - #![feature(fundamental)] -diff --git a/rust/alloc/raw_vec.rs b/rust/alloc/raw_vec.rs -index 98b6abf30af6..1839d1c8ee7a 100644 ---- a/rust/alloc/raw_vec.rs -+++ b/rust/alloc/raw_vec.rs -@@ -4,7 +4,7 @@ - - use core::alloc::LayoutError; - use core::cmp; --use core::intrinsics; -+use core::hint; - use core::mem::{self, ManuallyDrop, MaybeUninit, SizedTypeProperties}; - use core::ptr::{self, NonNull, Unique}; - use core::slice; -@@ -317,7 +317,7 @@ fn current_memory(&self) -> Option<(NonNull<u8>, Layout)> { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Aborts - /// -@@ -358,7 +358,7 @@ pub fn try_reserve(&mut self, len: usize, additional: usize) -> Result<(), TryRe - } - unsafe { - // Inform the optimizer that the reservation has succeeded or wasn't needed -- core::intrinsics::assume(!self.needs_to_grow(len, additional)); -+ hint::assert_unchecked(!self.needs_to_grow(len, additional)); - } - Ok(()) - } -@@ -381,7 +381,7 @@ pub fn try_reserve_for_push(&mut self, len: usize) -> Result<(), TryReserveError - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Aborts - /// -@@ -402,7 +402,7 @@ pub fn try_reserve_exact( - } - unsafe { - // Inform the optimizer that the reservation has succeeded or wasn't needed -- core::intrinsics::assume(!self.needs_to_grow(len, additional)); -+ hint::assert_unchecked(!self.needs_to_grow(len, additional)); - } - Ok(()) - } -@@ -553,7 +553,7 @@ fn finish_grow<A>( - debug_assert_eq!(old_layout.align(), new_layout.align()); - unsafe { - // The allocator checks for alignment equality -- intrinsics::assume(old_layout.align() == new_layout.align()); -+ hint::assert_unchecked(old_layout.align() == new_layout.align()); - alloc.grow(ptr, old_layout, new_layout) - } - } else { -@@ -591,7 +591,6 @@ fn handle_reserve(result: Result<(), TryReserveError>) { - // `> isize::MAX` bytes will surely fail. On 32-bit and 16-bit we need to add - // an extra guard for this in case we're running on a platform which can use - // all 4GB in user-space, e.g., PAE or x32. -- - #[inline] - fn alloc_guard(alloc_size: usize) -> Result<(), TryReserveError> { - if usize::BITS < 64 && alloc_size > isize::MAX as usize { -diff --git a/rust/alloc/slice.rs b/rust/alloc/slice.rs -index 1181836da5f4..a36b072c9519 100644 ---- a/rust/alloc/slice.rs -+++ b/rust/alloc/slice.rs -@@ -53,14 +53,14 @@ - pub use core::slice::{from_mut_ptr_range, from_ptr_range}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{from_raw_parts, from_raw_parts_mut}; -+#[stable(feature = "slice_group_by", since = "1.77.0")] -+pub use core::slice::{ChunkBy, ChunkByMut}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{Chunks, Windows}; - #[stable(feature = "chunks_exact", since = "1.31.0")] - pub use core::slice::{ChunksExact, ChunksExactMut}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{ChunksMut, Split, SplitMut}; --#[unstable(feature = "slice_group_by", issue = "80552")] --pub use core::slice::{GroupBy, GroupByMut}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{Iter, IterMut}; - #[stable(feature = "rchunks", since = "1.31.0")] -diff --git a/rust/alloc/vec/into_iter.rs b/rust/alloc/vec/into_iter.rs -index 136bfe94af6c..0f11744c44b3 100644 ---- a/rust/alloc/vec/into_iter.rs -+++ b/rust/alloc/vec/into_iter.rs -@@ -20,6 +20,17 @@ - use core::ptr::{self, NonNull}; - use core::slice::{self}; - -+macro non_null { -+ (mut $place:expr, $t:ident) => {{ -+ #![allow(unused_unsafe)] // we're sometimes used within an unsafe block -+ unsafe { &mut *(ptr::addr_of_mut!($place) as *mut NonNull<$t>) } -+ }}, -+ ($place:expr, $t:ident) => {{ -+ #![allow(unused_unsafe)] // we're sometimes used within an unsafe block -+ unsafe { *(ptr::addr_of!($place) as *const NonNull<$t>) } -+ }}, -+} -+ - /// An iterator that moves out of a vector. - /// - /// This `struct` is created by the `into_iter` method on [`Vec`](super::Vec) -@@ -43,10 +54,12 @@ pub struct IntoIter< - // the drop impl reconstructs a RawVec from buf, cap and alloc - // to avoid dropping the allocator twice we need to wrap it into ManuallyDrop - pub(super) alloc: ManuallyDrop<A>, -- pub(super) ptr: *const T, -- pub(super) end: *const T, // If T is a ZST, this is actually ptr+len. This encoding is picked so that -- // ptr == end is a quick test for the Iterator being empty, that works -- // for both ZST and non-ZST. -+ pub(super) ptr: NonNull<T>, -+ /// If T is a ZST, this is actually ptr+len. This encoding is picked so that -+ /// ptr == end is a quick test for the Iterator being empty, that works -+ /// for both ZST and non-ZST. -+ /// For non-ZSTs the pointer is treated as `NonNull<T>` -+ pub(super) end: *const T, - } - - #[stable(feature = "vec_intoiter_debug", since = "1.13.0")] -@@ -70,7 +83,7 @@ impl<T, A: Allocator> IntoIter<T, A> { - /// ``` - #[stable(feature = "vec_into_iter_as_slice", since = "1.15.0")] - pub fn as_slice(&self) -> &[T] { -- unsafe { slice::from_raw_parts(self.ptr, self.len()) } -+ unsafe { slice::from_raw_parts(self.ptr.as_ptr(), self.len()) } - } - - /// Returns the remaining items of this iterator as a mutable slice. -@@ -99,7 +112,7 @@ pub fn allocator(&self) -> &A { - } - - fn as_raw_mut_slice(&mut self) -> *mut [T] { -- ptr::slice_from_raw_parts_mut(self.ptr as *mut T, self.len()) -+ ptr::slice_from_raw_parts_mut(self.ptr.as_ptr(), self.len()) - } - - /// Drops remaining elements and relinquishes the backing allocation. -@@ -126,7 +139,7 @@ pub(super) fn forget_allocation_drop_remaining(&mut self) { - // this creates less assembly - self.cap = 0; - self.buf = unsafe { NonNull::new_unchecked(RawVec::NEW.ptr()) }; -- self.ptr = self.buf.as_ptr(); -+ self.ptr = self.buf; - self.end = self.buf.as_ptr(); - - // Dropping the remaining elements can panic, so this needs to be -@@ -138,9 +151,9 @@ pub(super) fn forget_allocation_drop_remaining(&mut self) { - - /// Forgets to Drop the remaining elements while still allowing the backing allocation to be freed. - pub(crate) fn forget_remaining_elements(&mut self) { -- // For th ZST case, it is crucial that we mutate `end` here, not `ptr`. -+ // For the ZST case, it is crucial that we mutate `end` here, not `ptr`. - // `ptr` must stay aligned, while `end` may be unaligned. -- self.end = self.ptr; -+ self.end = self.ptr.as_ptr(); - } - - #[cfg(not(no_global_oom_handling))] -@@ -162,7 +175,7 @@ pub(crate) fn into_vecdeque(self) -> VecDeque<T, A> { - // say that they're all at the beginning of the "allocation". - 0..this.len() - } else { -- this.ptr.sub_ptr(buf)..this.end.sub_ptr(buf) -+ this.ptr.sub_ptr(this.buf)..this.end.sub_ptr(buf) - }; - let cap = this.cap; - let alloc = ManuallyDrop::take(&mut this.alloc); -@@ -189,29 +202,35 @@ impl<T, A: Allocator> Iterator for IntoIter<T, A> { - - #[inline] - fn next(&mut self) -> Option<T> { -- if self.ptr == self.end { -- None -- } else if T::IS_ZST { -- // `ptr` has to stay where it is to remain aligned, so we reduce the length by 1 by -- // reducing the `end`. -- self.end = self.end.wrapping_byte_sub(1); -+ if T::IS_ZST { -+ if self.ptr.as_ptr() == self.end as *mut _ { -+ None -+ } else { -+ // `ptr` has to stay where it is to remain aligned, so we reduce the length by 1 by -+ // reducing the `end`. -+ self.end = self.end.wrapping_byte_sub(1); - -- // Make up a value of this ZST. -- Some(unsafe { mem::zeroed() }) -+ // Make up a value of this ZST. -+ Some(unsafe { mem::zeroed() }) -+ } - } else { -- let old = self.ptr; -- self.ptr = unsafe { self.ptr.add(1) }; -+ if self.ptr == non_null!(self.end, T) { -+ None -+ } else { -+ let old = self.ptr; -+ self.ptr = unsafe { old.add(1) }; - -- Some(unsafe { ptr::read(old) }) -+ Some(unsafe { ptr::read(old.as_ptr()) }) -+ } - } - } - - #[inline] - fn size_hint(&self) -> (usize, Option<usize>) { - let exact = if T::IS_ZST { -- self.end.addr().wrapping_sub(self.ptr.addr()) -+ self.end.addr().wrapping_sub(self.ptr.as_ptr().addr()) - } else { -- unsafe { self.end.sub_ptr(self.ptr) } -+ unsafe { non_null!(self.end, T).sub_ptr(self.ptr) } - }; - (exact, Some(exact)) - } -@@ -219,7 +238,7 @@ fn size_hint(&self) -> (usize, Option<usize>) { - #[inline] - fn advance_by(&mut self, n: usize) -> Result<(), NonZeroUsize> { - let step_size = self.len().min(n); -- let to_drop = ptr::slice_from_raw_parts_mut(self.ptr as *mut T, step_size); -+ let to_drop = ptr::slice_from_raw_parts_mut(self.ptr.as_ptr(), step_size); - if T::IS_ZST { - // See `next` for why we sub `end` here. - self.end = self.end.wrapping_byte_sub(step_size); -@@ -261,7 +280,7 @@ fn count(self) -> usize { - // Safety: `len` indicates that this many elements are available and we just checked that - // it fits into the array. - unsafe { -- ptr::copy_nonoverlapping(self.ptr, raw_ary.as_mut_ptr() as *mut T, len); -+ ptr::copy_nonoverlapping(self.ptr.as_ptr(), raw_ary.as_mut_ptr() as *mut T, len); - self.forget_remaining_elements(); - return Err(array::IntoIter::new_unchecked(raw_ary, 0..len)); - } -@@ -270,7 +289,7 @@ fn count(self) -> usize { - // Safety: `len` is larger than the array size. Copy a fixed amount here to fully initialize - // the array. - return unsafe { -- ptr::copy_nonoverlapping(self.ptr, raw_ary.as_mut_ptr() as *mut T, N); -+ ptr::copy_nonoverlapping(self.ptr.as_ptr(), raw_ary.as_mut_ptr() as *mut T, N); - self.ptr = self.ptr.add(N); - Ok(raw_ary.transpose().assume_init()) - }; -@@ -288,7 +307,7 @@ unsafe fn __iterator_get_unchecked(&mut self, i: usize) -> Self::Item - // Also note the implementation of `Self: TrustedRandomAccess` requires - // that `T: Copy` so reading elements from the buffer doesn't invalidate - // them for `Drop`. -- unsafe { if T::IS_ZST { mem::zeroed() } else { ptr::read(self.ptr.add(i)) } } -+ unsafe { if T::IS_ZST { mem::zeroed() } else { self.ptr.add(i).read() } } - } - } - -@@ -296,18 +315,25 @@ unsafe fn __iterator_get_unchecked(&mut self, i: usize) -> Self::Item - impl<T, A: Allocator> DoubleEndedIterator for IntoIter<T, A> { - #[inline] - fn next_back(&mut self) -> Option<T> { -- if self.end == self.ptr { -- None -- } else if T::IS_ZST { -- // See above for why 'ptr.offset' isn't used -- self.end = self.end.wrapping_byte_sub(1); -+ if T::IS_ZST { -+ if self.end as *mut _ == self.ptr.as_ptr() { -+ None -+ } else { -+ // See above for why 'ptr.offset' isn't used -+ self.end = self.end.wrapping_byte_sub(1); - -- // Make up a value of this ZST. -- Some(unsafe { mem::zeroed() }) -+ // Make up a value of this ZST. -+ Some(unsafe { mem::zeroed() }) -+ } - } else { -- self.end = unsafe { self.end.sub(1) }; -+ if non_null!(self.end, T) == self.ptr { -+ None -+ } else { -+ let new_end = unsafe { non_null!(self.end, T).sub(1) }; -+ *non_null!(mut self.end, T) = new_end; - -- Some(unsafe { ptr::read(self.end) }) -+ Some(unsafe { ptr::read(new_end.as_ptr()) }) -+ } - } - } - -@@ -333,7 +359,11 @@ fn advance_back_by(&mut self, n: usize) -> Result<(), NonZeroUsize> { - #[stable(feature = "rust1", since = "1.0.0")] - impl<T, A: Allocator> ExactSizeIterator for IntoIter<T, A> { - fn is_empty(&self) -> bool { -- self.ptr == self.end -+ if T::IS_ZST { -+ self.ptr.as_ptr() == self.end as *mut _ -+ } else { -+ self.ptr == non_null!(self.end, T) -+ } - } - } - -diff --git a/rust/alloc/vec/mod.rs b/rust/alloc/vec/mod.rs -index 220fb9d6f45b..0be27fff4554 100644 ---- a/rust/alloc/vec/mod.rs -+++ b/rust/alloc/vec/mod.rs -@@ -360,7 +360,7 @@ - /// - /// `vec![x; n]`, `vec![a, b, c, d]`, and - /// [`Vec::with_capacity(n)`][`Vec::with_capacity`], will all produce a `Vec` --/// with exactly the requested capacity. If <code>[len] == [capacity]</code>, -+/// with at least the requested capacity. If <code>[len] == [capacity]</code>, - /// (as is the case for the [`vec!`] macro), then a `Vec<T>` can be converted to - /// and from a [`Box<[T]>`][owned slice] without reallocating or moving the elements. - /// -@@ -447,7 +447,7 @@ pub const fn new() -> Self { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -690,7 +690,7 @@ pub const fn new_in(alloc: A) -> Self { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -1013,7 +1013,7 @@ pub fn capacity(&self) -> usize { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -1043,7 +1043,7 @@ pub fn reserve(&mut self, additional: usize) { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -1140,8 +1140,11 @@ pub fn try_reserve_exact(&mut self, additional: usize) -> Result<(), TryReserveE - - /// Shrinks the capacity of the vector as much as possible. - /// -- /// It will drop down as close as possible to the length but the allocator -- /// may still inform the vector that there is space for a few more elements. -+ /// The behavior of this method depends on the allocator, which may either shrink the vector -+ /// in-place or reallocate. The resulting vector might still have some excess capacity, just as -+ /// is the case for [`with_capacity`]. See [`Allocator::shrink`] for more details. -+ /// -+ /// [`with_capacity`]: Vec::with_capacity - /// - /// # Examples - /// -@@ -1191,10 +1194,10 @@ pub fn shrink_to(&mut self, min_capacity: usize) { - - /// Converts the vector into [`Box<[T]>`][owned slice]. - /// -- /// If the vector has excess capacity, its items will be moved into a -- /// newly-allocated buffer with exactly the right capacity. -+ /// Before doing the conversion, this method discards excess capacity like [`shrink_to_fit`]. - /// - /// [owned slice]: Box -+ /// [`shrink_to_fit`]: Vec::shrink_to_fit - /// - /// # Examples - /// -@@ -2017,7 +2020,7 @@ fn drop(&mut self) { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -2133,7 +2136,7 @@ pub fn pop(&mut self) -> Option<T> { - } else { - unsafe { - self.len -= 1; -- core::intrinsics::assume(self.len < self.capacity()); -+ core::hint::assert_unchecked(self.len < self.capacity()); - Some(ptr::read(self.as_ptr().add(self.len()))) - } - } -@@ -2143,7 +2146,7 @@ pub fn pop(&mut self) -> Option<T> { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -2315,6 +2318,12 @@ pub fn is_empty(&self) -> bool { - /// `[at, len)`. After the call, the original vector will be left containing - /// the elements `[0, at)` with its previous capacity unchanged. - /// -+ /// - If you want to take ownership of the entire contents and capacity of -+ /// the vector, see [`mem::take`] or [`mem::replace`]. -+ /// - If you don't need the returned vector at all, see [`Vec::truncate`]. -+ /// - If you want to take ownership of an arbitrary subslice, or you don't -+ /// necessarily want to store the removed items in a vector, see [`Vec::drain`]. -+ /// - /// # Panics - /// - /// Panics if `at > len`. -@@ -2346,14 +2355,6 @@ fn assert_failed(at: usize, len: usize) -> ! { - assert_failed(at, self.len()); - } - -- if at == 0 { -- // the new vector can take over the original buffer and avoid the copy -- return mem::replace( -- self, -- Vec::with_capacity_in(self.capacity(), self.allocator().clone()), -- ); -- } -- - let other_len = self.len - at; - let mut other = Vec::with_capacity_in(other_len, self.allocator().clone()); - -@@ -3027,6 +3028,50 @@ fn index_mut(&mut self, index: I) -> &mut Self::Output { - } - } - -+/// Collects an iterator into a Vec, commonly called via [`Iterator::collect()`] -+/// -+/// # Allocation behavior -+/// -+/// In general `Vec` does not guarantee any particular growth or allocation strategy. -+/// That also applies to this trait impl. -+/// -+/// **Note:** This section covers implementation details and is therefore exempt from -+/// stability guarantees. -+/// -+/// Vec may use any or none of the following strategies, -+/// depending on the supplied iterator: -+/// -+/// * preallocate based on [`Iterator::size_hint()`] -+/// * and panic if the number of items is outside the provided lower/upper bounds -+/// * use an amortized growth strategy similar to `pushing` one item at a time -+/// * perform the iteration in-place on the original allocation backing the iterator -+/// -+/// The last case warrants some attention. It is an optimization that in many cases reduces peak memory -+/// consumption and improves cache locality. But when big, short-lived allocations are created, -+/// only a small fraction of their items get collected, no further use is made of the spare capacity -+/// and the resulting `Vec` is moved into a longer-lived structure, then this can lead to the large -+/// allocations having their lifetimes unnecessarily extended which can result in increased memory -+/// footprint. -+/// -+/// In cases where this is an issue, the excess capacity can be discarded with [`Vec::shrink_to()`], -+/// [`Vec::shrink_to_fit()`] or by collecting into [`Box<[T]>`][owned slice] instead, which additionally reduces -+/// the size of the long-lived struct. -+/// -+/// [owned slice]: Box -+/// -+/// ```rust -+/// # use std::sync::Mutex; -+/// static LONG_LIVED: Mutex<Vec<Vec<u16>>> = Mutex::new(Vec::new()); -+/// -+/// for i in 0..10 { -+/// let big_temporary: Vec<u16> = (0..1024).collect(); -+/// // discard most items -+/// let mut result: Vec<_> = big_temporary.into_iter().filter(|i| i % 100 == 0).collect(); -+/// // without this a lot of unused capacity might be moved into the global -+/// result.shrink_to_fit(); -+/// LONG_LIVED.lock().unwrap().push(result); -+/// } -+/// ``` - #[cfg(not(no_global_oom_handling))] - #[stable(feature = "rust1", since = "1.0.0")] - impl<T> FromIterator<T> for Vec<T> { -@@ -3069,14 +3114,8 @@ fn into_iter(self) -> Self::IntoIter { - begin.add(me.len()) as *const T - }; - let cap = me.buf.capacity(); -- IntoIter { -- buf: NonNull::new_unchecked(begin), -- phantom: PhantomData, -- cap, -- alloc, -- ptr: begin, -- end, -- } -+ let buf = NonNull::new_unchecked(begin); -+ IntoIter { buf, phantom: PhantomData, cap, alloc, ptr: buf, end } - } - } - } -@@ -3598,8 +3637,10 @@ fn from(s: Box<[T], A>) -> Self { - impl<T, A: Allocator> From<Vec<T, A>> for Box<[T], A> { - /// Convert a vector into a boxed slice. - /// -- /// If `v` has excess capacity, its items will be moved into a -- /// newly-allocated buffer with exactly the right capacity. -+ /// Before doing the conversion, this method discards excess capacity like [`Vec::shrink_to_fit`]. -+ /// -+ /// [owned slice]: Box -+ /// [`Vec::shrink_to_fit`]: Vec::shrink_to_fit - /// - /// # Examples - /// -diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs -index 75efe47522e4..f07bc5a2c6b4 100644 ---- a/rust/kernel/lib.rs -+++ b/rust/kernel/lib.rs -@@ -17,7 +17,6 @@ - #![feature(const_maybe_uninit_zeroed)] - #![feature(dispatch_from_dyn)] - #![feature(new_uninit)] --#![feature(offset_of)] - #![feature(ptr_metadata)] - #![feature(receiver_trait)] - #![feature(unsize)] -diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index 1633175846df..0bc7c5fe64b1 100644 ---- a/scripts/Makefile.build -+++ b/scripts/Makefile.build -@@ -262,7 +262,7 @@ $(obj)/%.lst: $(src)/%.c FORCE - # Compile Rust sources (.rs) - # --------------------------------------------------------------------------- - --rust_allowed_features := new_uninit,offset_of -+rust_allowed_features := new_uninit - - # `--out-dir` is required to avoid temporaries being created by `rustc` in the - # current working directory, which may be not accessible in the out-of-tree -diff --git a/scripts/min-tool-version.sh b/scripts/min-tool-version.sh -index e217683b10d6..db2b0bc5866b 100755 ---- a/scripts/min-tool-version.sh -+++ b/scripts/min-tool-version.sh -@@ -33,7 +33,7 @@ llvm) - fi - ;; - rustc) -- echo 1.76.0 -+ echo 1.77.1 - ;; - bindgen) - echo 0.65.1 --- -2.44.0 - diff --git a/pkgs/os-specific/linux/kernel/rust-1.77.patch b/pkgs/os-specific/linux/kernel/rust-1.77.patch deleted file mode 100644 index ed9eb56bf6d7..000000000000 --- a/pkgs/os-specific/linux/kernel/rust-1.77.patch +++ /dev/null @@ -1,795 +0,0 @@ -From b256fc507d4710287b22077834c16d18cee4ab17 Mon Sep 17 00:00:00 2001 -From: Miguel Ojeda <ojeda@kernel.org> -Date: Sat, 17 Feb 2024 01:27:17 +0100 -Subject: [PATCH] rust: upgrade to Rust 1.77.1 - -This is the next upgrade to the Rust toolchain, from 1.76.0 to 1.77.1 -(i.e. the latest) [1]. - -See the upgrade policy [2] and the comments on the first upgrade in -commit 3ed03f4da06e ("rust: upgrade to Rust 1.68.2"). - -# Unstable features - -The `offset_of` feature (single-field `offset_of!`) that we were using -got stabilized in Rust 1.77.0 [3]. - -Therefore, now the only unstable features allowed to be used outside the -`kernel` crate is `new_uninit`, though other code to be upstreamed may -increase the list. - -Please see [4] for details. - -# Required changes - -Rust 1.77.0 merged the `unused_tuple_struct_fields` lint into `dead_code`, -thus upgrading it from `allow` to `warn` [5]. In turn, this made `rustc` -complain about the `ThisModule`'s pointer field being never read, but -the previous patch adds the `as_ptr` method to it, needed by Binder [6], -so that we do not need to locally `allow` it. - -# Other changes - -Rust 1.77.0 introduces the `--check-cfg` feature [7], for which there -is a Call for Testing going on [8]. We were requested to test it and -we found it useful [9] -- we will likely enable it in the future. - -# `alloc` upgrade and reviewing - -The vast majority of changes are due to our `alloc` fork being upgraded -at once. - -There are two kinds of changes to be aware of: the ones coming from -upstream, which we should follow as closely as possible, and the updates -needed in our added fallible APIs to keep them matching the newer -infallible APIs coming from upstream. - -Instead of taking a look at the diff of this patch, an alternative -approach is reviewing a diff of the changes between upstream `alloc` and -the kernel's. This allows to easily inspect the kernel additions only, -especially to check if the fallible methods we already have still match -the infallible ones in the new version coming from upstream. - -Another approach is reviewing the changes introduced in the additions in -the kernel fork between the two versions. This is useful to spot -potentially unintended changes to our additions. - -To apply these approaches, one may follow steps similar to the following -to generate a pair of patches that show the differences between upstream -Rust and the kernel (for the subset of `alloc` we use) before and after -applying this patch: - - # Get the difference with respect to the old version. - git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) - git -C linux ls-tree -r --name-only HEAD -- rust/alloc | - cut -d/ -f3- | - grep -Fv README.md | - xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH - git -C linux diff --patch-with-stat --summary -R > old.patch - git -C linux restore rust/alloc - - # Apply this patch. - git -C linux am rust-upgrade.patch - - # Get the difference with respect to the new version. - git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) - git -C linux ls-tree -r --name-only HEAD -- rust/alloc | - cut -d/ -f3- | - grep -Fv README.md | - xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH - git -C linux diff --patch-with-stat --summary -R > new.patch - git -C linux restore rust/alloc - -Now one may check the `new.patch` to take a look at the additions (first -approach) or at the difference between those two patches (second -approach). For the latter, a side-by-side tool is recommended. - -Link: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1770-2024-03-21 [1] -Link: https://rust-for-linux.com/rust-version-policy [2] -Link: https://github.com/rust-lang/rust/pull/118799 [3] -Link: https://github.com/Rust-for-Linux/linux/issues/2 [4] -Link: https://github.com/rust-lang/rust/pull/118297 [5] -Link: https://lore.kernel.org/rust-for-linux/20231101-rust-binder-v1-2-08ba9197f637@google.com/#Z31rust:kernel:lib.rs [6] -Link: https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/check-cfg.html [7] -Link: https://github.com/rust-lang/rfcs/pull/3013#issuecomment-1936648479 [8] -Link: https://github.com/rust-lang/rust/issues/82450#issuecomment-1947462977 [9] -Reviewed-by: Alice Ryhl <aliceryhl@google.com> -Tested-by: Boqun Feng <boqun.feng@gmail.com> -Link: https://lore.kernel.org/r/20240217002717.57507-1-ojeda@kernel.org -[ Upgraded to 1.77.1. Removed `allow(dead_code)` thanks to the previous - patch. Reworded accordingly. No changes to `alloc` during the beta. ] -Signed-off-by: Miguel Ojeda <ojeda@kernel.org> -Signed-off-by: Alyssa Ross <hi@alyssa.is> ---- - Documentation/process/changes.rst | 2 +- - rust/alloc/alloc.rs | 6 +- - rust/alloc/boxed.rs | 4 +- - rust/alloc/lib.rs | 7 +- - rust/alloc/raw_vec.rs | 13 ++-- - rust/alloc/slice.rs | 4 +- - rust/alloc/vec/into_iter.rs | 104 +++++++++++++++++++----------- - rust/alloc/vec/mod.rs | 101 ++++++++++++++++++++--------- - rust/kernel/lib.rs | 1 - - scripts/Makefile.build | 2 +- - scripts/min-tool-version.sh | 2 +- - 11 files changed, 158 insertions(+), 88 deletions(-) - -diff --git a/Documentation/process/changes.rst b/Documentation/process/changes.rst -index 7ef8de58f7f8..b5d3107c6734 100644 ---- a/Documentation/process/changes.rst -+++ b/Documentation/process/changes.rst -@@ -31,7 +31,7 @@ you probably needn't concern yourself with pcmciautils. - ====================== =============== ======================================== - GNU C 5.1 gcc --version - Clang/LLVM (optional) 13.0.1 clang --version --Rust (optional) 1.76.0 rustc --version -+Rust (optional) 1.77.1 rustc --version - bindgen (optional) 0.65.1 bindgen --version - GNU make 3.82 make --version - bash 4.2 bash --version -diff --git a/rust/alloc/alloc.rs b/rust/alloc/alloc.rs -index abb791cc2371..b1204f87227b 100644 ---- a/rust/alloc/alloc.rs -+++ b/rust/alloc/alloc.rs -@@ -5,7 +5,7 @@ - #![stable(feature = "alloc_module", since = "1.28.0")] - - #[cfg(not(test))] --use core::intrinsics; -+use core::hint; - - #[cfg(not(test))] - use core::ptr::{self, NonNull}; -@@ -210,7 +210,7 @@ unsafe fn grow_impl( - let new_size = new_layout.size(); - - // `realloc` probably checks for `new_size >= old_layout.size()` or something similar. -- intrinsics::assume(new_size >= old_layout.size()); -+ hint::assert_unchecked(new_size >= old_layout.size()); - - let raw_ptr = realloc(ptr.as_ptr(), old_layout, new_size); - let ptr = NonNull::new(raw_ptr).ok_or(AllocError)?; -@@ -301,7 +301,7 @@ unsafe fn shrink( - // SAFETY: `new_size` is non-zero. Other conditions must be upheld by the caller - new_size if old_layout.align() == new_layout.align() => unsafe { - // `realloc` probably checks for `new_size <= old_layout.size()` or something similar. -- intrinsics::assume(new_size <= old_layout.size()); -+ hint::assert_unchecked(new_size <= old_layout.size()); - - let raw_ptr = realloc(ptr.as_ptr(), old_layout, new_size); - let ptr = NonNull::new(raw_ptr).ok_or(AllocError)?; -diff --git a/rust/alloc/boxed.rs b/rust/alloc/boxed.rs -index c93a22a5c97f..5fc39dfeb8e7 100644 ---- a/rust/alloc/boxed.rs -+++ b/rust/alloc/boxed.rs -@@ -26,6 +26,7 @@ - //! Creating a recursive data structure: - //! - //! ``` -+//! ##[allow(dead_code)] - //! #[derive(Debug)] - //! enum List<T> { - //! Cons(T, Box<List<T>>), -@@ -194,8 +195,7 @@ - #[fundamental] - #[stable(feature = "rust1", since = "1.0.0")] - // The declaration of the `Box` struct must be kept in sync with the --// `alloc::alloc::box_free` function or ICEs will happen. See the comment --// on `box_free` for more details. -+// compiler or ICEs will happen. - pub struct Box< - T: ?Sized, - #[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global, -diff --git a/rust/alloc/lib.rs b/rust/alloc/lib.rs -index 36f79c075593..39afd55ec074 100644 ---- a/rust/alloc/lib.rs -+++ b/rust/alloc/lib.rs -@@ -105,7 +105,6 @@ - #![feature(allocator_api)] - #![feature(array_chunks)] - #![feature(array_into_iter_constructors)] --#![feature(array_methods)] - #![feature(array_windows)] - #![feature(ascii_char)] - #![feature(assert_matches)] -@@ -122,7 +121,6 @@ - #![feature(const_size_of_val)] - #![feature(const_waker)] - #![feature(core_intrinsics)] --#![feature(core_panic)] - #![feature(deprecated_suggestion)] - #![feature(dispatch_from_dyn)] - #![feature(error_generic_member_access)] -@@ -132,6 +130,7 @@ - #![feature(fmt_internals)] - #![feature(fn_traits)] - #![feature(hasher_prefixfree_extras)] -+#![feature(hint_assert_unchecked)] - #![feature(inline_const)] - #![feature(inplace_iteration)] - #![feature(iter_advance_by)] -@@ -141,6 +140,8 @@ - #![feature(maybe_uninit_slice)] - #![feature(maybe_uninit_uninit_array)] - #![feature(maybe_uninit_uninit_array_transpose)] -+#![feature(non_null_convenience)] -+#![feature(panic_internals)] - #![feature(pattern)] - #![feature(ptr_internals)] - #![feature(ptr_metadata)] -@@ -149,7 +150,6 @@ - #![feature(set_ptr_value)] - #![feature(sized_type_properties)] - #![feature(slice_from_ptr_range)] --#![feature(slice_group_by)] - #![feature(slice_ptr_get)] - #![feature(slice_ptr_len)] - #![feature(slice_range)] -@@ -182,6 +182,7 @@ - #![feature(const_ptr_write)] - #![feature(const_trait_impl)] - #![feature(const_try)] -+#![feature(decl_macro)] - #![feature(dropck_eyepatch)] - #![feature(exclusive_range_pattern)] - #![feature(fundamental)] -diff --git a/rust/alloc/raw_vec.rs b/rust/alloc/raw_vec.rs -index 98b6abf30af6..1839d1c8ee7a 100644 ---- a/rust/alloc/raw_vec.rs -+++ b/rust/alloc/raw_vec.rs -@@ -4,7 +4,7 @@ - - use core::alloc::LayoutError; - use core::cmp; --use core::intrinsics; -+use core::hint; - use core::mem::{self, ManuallyDrop, MaybeUninit, SizedTypeProperties}; - use core::ptr::{self, NonNull, Unique}; - use core::slice; -@@ -317,7 +317,7 @@ fn current_memory(&self) -> Option<(NonNull<u8>, Layout)> { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Aborts - /// -@@ -358,7 +358,7 @@ pub fn try_reserve(&mut self, len: usize, additional: usize) -> Result<(), TryRe - } - unsafe { - // Inform the optimizer that the reservation has succeeded or wasn't needed -- core::intrinsics::assume(!self.needs_to_grow(len, additional)); -+ hint::assert_unchecked(!self.needs_to_grow(len, additional)); - } - Ok(()) - } -@@ -381,7 +381,7 @@ pub fn try_reserve_for_push(&mut self, len: usize) -> Result<(), TryReserveError - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Aborts - /// -@@ -402,7 +402,7 @@ pub fn try_reserve_exact( - } - unsafe { - // Inform the optimizer that the reservation has succeeded or wasn't needed -- core::intrinsics::assume(!self.needs_to_grow(len, additional)); -+ hint::assert_unchecked(!self.needs_to_grow(len, additional)); - } - Ok(()) - } -@@ -553,7 +553,7 @@ fn finish_grow<A>( - debug_assert_eq!(old_layout.align(), new_layout.align()); - unsafe { - // The allocator checks for alignment equality -- intrinsics::assume(old_layout.align() == new_layout.align()); -+ hint::assert_unchecked(old_layout.align() == new_layout.align()); - alloc.grow(ptr, old_layout, new_layout) - } - } else { -@@ -591,7 +591,6 @@ fn handle_reserve(result: Result<(), TryReserveError>) { - // `> isize::MAX` bytes will surely fail. On 32-bit and 16-bit we need to add - // an extra guard for this in case we're running on a platform which can use - // all 4GB in user-space, e.g., PAE or x32. -- - #[inline] - fn alloc_guard(alloc_size: usize) -> Result<(), TryReserveError> { - if usize::BITS < 64 && alloc_size > isize::MAX as usize { -diff --git a/rust/alloc/slice.rs b/rust/alloc/slice.rs -index 1181836da5f4..a36b072c9519 100644 ---- a/rust/alloc/slice.rs -+++ b/rust/alloc/slice.rs -@@ -53,14 +53,14 @@ - pub use core::slice::{from_mut_ptr_range, from_ptr_range}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{from_raw_parts, from_raw_parts_mut}; -+#[stable(feature = "slice_group_by", since = "1.77.0")] -+pub use core::slice::{ChunkBy, ChunkByMut}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{Chunks, Windows}; - #[stable(feature = "chunks_exact", since = "1.31.0")] - pub use core::slice::{ChunksExact, ChunksExactMut}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{ChunksMut, Split, SplitMut}; --#[unstable(feature = "slice_group_by", issue = "80552")] --pub use core::slice::{GroupBy, GroupByMut}; - #[stable(feature = "rust1", since = "1.0.0")] - pub use core::slice::{Iter, IterMut}; - #[stable(feature = "rchunks", since = "1.31.0")] -diff --git a/rust/alloc/vec/into_iter.rs b/rust/alloc/vec/into_iter.rs -index 136bfe94af6c..0f11744c44b3 100644 ---- a/rust/alloc/vec/into_iter.rs -+++ b/rust/alloc/vec/into_iter.rs -@@ -20,6 +20,17 @@ - use core::ptr::{self, NonNull}; - use core::slice::{self}; - -+macro non_null { -+ (mut $place:expr, $t:ident) => {{ -+ #![allow(unused_unsafe)] // we're sometimes used within an unsafe block -+ unsafe { &mut *(ptr::addr_of_mut!($place) as *mut NonNull<$t>) } -+ }}, -+ ($place:expr, $t:ident) => {{ -+ #![allow(unused_unsafe)] // we're sometimes used within an unsafe block -+ unsafe { *(ptr::addr_of!($place) as *const NonNull<$t>) } -+ }}, -+} -+ - /// An iterator that moves out of a vector. - /// - /// This `struct` is created by the `into_iter` method on [`Vec`](super::Vec) -@@ -43,10 +54,12 @@ pub struct IntoIter< - // the drop impl reconstructs a RawVec from buf, cap and alloc - // to avoid dropping the allocator twice we need to wrap it into ManuallyDrop - pub(super) alloc: ManuallyDrop<A>, -- pub(super) ptr: *const T, -- pub(super) end: *const T, // If T is a ZST, this is actually ptr+len. This encoding is picked so that -- // ptr == end is a quick test for the Iterator being empty, that works -- // for both ZST and non-ZST. -+ pub(super) ptr: NonNull<T>, -+ /// If T is a ZST, this is actually ptr+len. This encoding is picked so that -+ /// ptr == end is a quick test for the Iterator being empty, that works -+ /// for both ZST and non-ZST. -+ /// For non-ZSTs the pointer is treated as `NonNull<T>` -+ pub(super) end: *const T, - } - - #[stable(feature = "vec_intoiter_debug", since = "1.13.0")] -@@ -70,7 +83,7 @@ impl<T, A: Allocator> IntoIter<T, A> { - /// ``` - #[stable(feature = "vec_into_iter_as_slice", since = "1.15.0")] - pub fn as_slice(&self) -> &[T] { -- unsafe { slice::from_raw_parts(self.ptr, self.len()) } -+ unsafe { slice::from_raw_parts(self.ptr.as_ptr(), self.len()) } - } - - /// Returns the remaining items of this iterator as a mutable slice. -@@ -99,7 +112,7 @@ pub fn allocator(&self) -> &A { - } - - fn as_raw_mut_slice(&mut self) -> *mut [T] { -- ptr::slice_from_raw_parts_mut(self.ptr as *mut T, self.len()) -+ ptr::slice_from_raw_parts_mut(self.ptr.as_ptr(), self.len()) - } - - /// Drops remaining elements and relinquishes the backing allocation. -@@ -126,7 +139,7 @@ pub(super) fn forget_allocation_drop_remaining(&mut self) { - // this creates less assembly - self.cap = 0; - self.buf = unsafe { NonNull::new_unchecked(RawVec::NEW.ptr()) }; -- self.ptr = self.buf.as_ptr(); -+ self.ptr = self.buf; - self.end = self.buf.as_ptr(); - - // Dropping the remaining elements can panic, so this needs to be -@@ -138,9 +151,9 @@ pub(super) fn forget_allocation_drop_remaining(&mut self) { - - /// Forgets to Drop the remaining elements while still allowing the backing allocation to be freed. - pub(crate) fn forget_remaining_elements(&mut self) { -- // For th ZST case, it is crucial that we mutate `end` here, not `ptr`. -+ // For the ZST case, it is crucial that we mutate `end` here, not `ptr`. - // `ptr` must stay aligned, while `end` may be unaligned. -- self.end = self.ptr; -+ self.end = self.ptr.as_ptr(); - } - - #[cfg(not(no_global_oom_handling))] -@@ -162,7 +175,7 @@ pub(crate) fn into_vecdeque(self) -> VecDeque<T, A> { - // say that they're all at the beginning of the "allocation". - 0..this.len() - } else { -- this.ptr.sub_ptr(buf)..this.end.sub_ptr(buf) -+ this.ptr.sub_ptr(this.buf)..this.end.sub_ptr(buf) - }; - let cap = this.cap; - let alloc = ManuallyDrop::take(&mut this.alloc); -@@ -189,29 +202,35 @@ impl<T, A: Allocator> Iterator for IntoIter<T, A> { - - #[inline] - fn next(&mut self) -> Option<T> { -- if self.ptr == self.end { -- None -- } else if T::IS_ZST { -- // `ptr` has to stay where it is to remain aligned, so we reduce the length by 1 by -- // reducing the `end`. -- self.end = self.end.wrapping_byte_sub(1); -+ if T::IS_ZST { -+ if self.ptr.as_ptr() == self.end as *mut _ { -+ None -+ } else { -+ // `ptr` has to stay where it is to remain aligned, so we reduce the length by 1 by -+ // reducing the `end`. -+ self.end = self.end.wrapping_byte_sub(1); - -- // Make up a value of this ZST. -- Some(unsafe { mem::zeroed() }) -+ // Make up a value of this ZST. -+ Some(unsafe { mem::zeroed() }) -+ } - } else { -- let old = self.ptr; -- self.ptr = unsafe { self.ptr.add(1) }; -+ if self.ptr == non_null!(self.end, T) { -+ None -+ } else { -+ let old = self.ptr; -+ self.ptr = unsafe { old.add(1) }; - -- Some(unsafe { ptr::read(old) }) -+ Some(unsafe { ptr::read(old.as_ptr()) }) -+ } - } - } - - #[inline] - fn size_hint(&self) -> (usize, Option<usize>) { - let exact = if T::IS_ZST { -- self.end.addr().wrapping_sub(self.ptr.addr()) -+ self.end.addr().wrapping_sub(self.ptr.as_ptr().addr()) - } else { -- unsafe { self.end.sub_ptr(self.ptr) } -+ unsafe { non_null!(self.end, T).sub_ptr(self.ptr) } - }; - (exact, Some(exact)) - } -@@ -219,7 +238,7 @@ fn size_hint(&self) -> (usize, Option<usize>) { - #[inline] - fn advance_by(&mut self, n: usize) -> Result<(), NonZeroUsize> { - let step_size = self.len().min(n); -- let to_drop = ptr::slice_from_raw_parts_mut(self.ptr as *mut T, step_size); -+ let to_drop = ptr::slice_from_raw_parts_mut(self.ptr.as_ptr(), step_size); - if T::IS_ZST { - // See `next` for why we sub `end` here. - self.end = self.end.wrapping_byte_sub(step_size); -@@ -261,7 +280,7 @@ fn count(self) -> usize { - // Safety: `len` indicates that this many elements are available and we just checked that - // it fits into the array. - unsafe { -- ptr::copy_nonoverlapping(self.ptr, raw_ary.as_mut_ptr() as *mut T, len); -+ ptr::copy_nonoverlapping(self.ptr.as_ptr(), raw_ary.as_mut_ptr() as *mut T, len); - self.forget_remaining_elements(); - return Err(array::IntoIter::new_unchecked(raw_ary, 0..len)); - } -@@ -270,7 +289,7 @@ fn count(self) -> usize { - // Safety: `len` is larger than the array size. Copy a fixed amount here to fully initialize - // the array. - return unsafe { -- ptr::copy_nonoverlapping(self.ptr, raw_ary.as_mut_ptr() as *mut T, N); -+ ptr::copy_nonoverlapping(self.ptr.as_ptr(), raw_ary.as_mut_ptr() as *mut T, N); - self.ptr = self.ptr.add(N); - Ok(raw_ary.transpose().assume_init()) - }; -@@ -288,7 +307,7 @@ unsafe fn __iterator_get_unchecked(&mut self, i: usize) -> Self::Item - // Also note the implementation of `Self: TrustedRandomAccess` requires - // that `T: Copy` so reading elements from the buffer doesn't invalidate - // them for `Drop`. -- unsafe { if T::IS_ZST { mem::zeroed() } else { ptr::read(self.ptr.add(i)) } } -+ unsafe { if T::IS_ZST { mem::zeroed() } else { self.ptr.add(i).read() } } - } - } - -@@ -296,18 +315,25 @@ unsafe fn __iterator_get_unchecked(&mut self, i: usize) -> Self::Item - impl<T, A: Allocator> DoubleEndedIterator for IntoIter<T, A> { - #[inline] - fn next_back(&mut self) -> Option<T> { -- if self.end == self.ptr { -- None -- } else if T::IS_ZST { -- // See above for why 'ptr.offset' isn't used -- self.end = self.end.wrapping_byte_sub(1); -+ if T::IS_ZST { -+ if self.end as *mut _ == self.ptr.as_ptr() { -+ None -+ } else { -+ // See above for why 'ptr.offset' isn't used -+ self.end = self.end.wrapping_byte_sub(1); - -- // Make up a value of this ZST. -- Some(unsafe { mem::zeroed() }) -+ // Make up a value of this ZST. -+ Some(unsafe { mem::zeroed() }) -+ } - } else { -- self.end = unsafe { self.end.sub(1) }; -+ if non_null!(self.end, T) == self.ptr { -+ None -+ } else { -+ let new_end = unsafe { non_null!(self.end, T).sub(1) }; -+ *non_null!(mut self.end, T) = new_end; - -- Some(unsafe { ptr::read(self.end) }) -+ Some(unsafe { ptr::read(new_end.as_ptr()) }) -+ } - } - } - -@@ -333,7 +359,11 @@ fn advance_back_by(&mut self, n: usize) -> Result<(), NonZeroUsize> { - #[stable(feature = "rust1", since = "1.0.0")] - impl<T, A: Allocator> ExactSizeIterator for IntoIter<T, A> { - fn is_empty(&self) -> bool { -- self.ptr == self.end -+ if T::IS_ZST { -+ self.ptr.as_ptr() == self.end as *mut _ -+ } else { -+ self.ptr == non_null!(self.end, T) -+ } - } - } - -diff --git a/rust/alloc/vec/mod.rs b/rust/alloc/vec/mod.rs -index 220fb9d6f45b..0be27fff4554 100644 ---- a/rust/alloc/vec/mod.rs -+++ b/rust/alloc/vec/mod.rs -@@ -360,7 +360,7 @@ - /// - /// `vec![x; n]`, `vec![a, b, c, d]`, and - /// [`Vec::with_capacity(n)`][`Vec::with_capacity`], will all produce a `Vec` --/// with exactly the requested capacity. If <code>[len] == [capacity]</code>, -+/// with at least the requested capacity. If <code>[len] == [capacity]</code>, - /// (as is the case for the [`vec!`] macro), then a `Vec<T>` can be converted to - /// and from a [`Box<[T]>`][owned slice] without reallocating or moving the elements. - /// -@@ -447,7 +447,7 @@ pub const fn new() -> Self { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -690,7 +690,7 @@ pub const fn new_in(alloc: A) -> Self { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -1013,7 +1013,7 @@ pub fn capacity(&self) -> usize { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -1043,7 +1043,7 @@ pub fn reserve(&mut self, additional: usize) { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -1140,8 +1140,11 @@ pub fn try_reserve_exact(&mut self, additional: usize) -> Result<(), TryReserveE - - /// Shrinks the capacity of the vector as much as possible. - /// -- /// It will drop down as close as possible to the length but the allocator -- /// may still inform the vector that there is space for a few more elements. -+ /// The behavior of this method depends on the allocator, which may either shrink the vector -+ /// in-place or reallocate. The resulting vector might still have some excess capacity, just as -+ /// is the case for [`with_capacity`]. See [`Allocator::shrink`] for more details. -+ /// -+ /// [`with_capacity`]: Vec::with_capacity - /// - /// # Examples - /// -@@ -1191,10 +1194,10 @@ pub fn shrink_to(&mut self, min_capacity: usize) { - - /// Converts the vector into [`Box<[T]>`][owned slice]. - /// -- /// If the vector has excess capacity, its items will be moved into a -- /// newly-allocated buffer with exactly the right capacity. -+ /// Before doing the conversion, this method discards excess capacity like [`shrink_to_fit`]. - /// - /// [owned slice]: Box -+ /// [`shrink_to_fit`]: Vec::shrink_to_fit - /// - /// # Examples - /// -@@ -2017,7 +2020,7 @@ fn drop(&mut self) { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -2133,7 +2136,7 @@ pub fn pop(&mut self) -> Option<T> { - } else { - unsafe { - self.len -= 1; -- core::intrinsics::assume(self.len < self.capacity()); -+ core::hint::assert_unchecked(self.len < self.capacity()); - Some(ptr::read(self.as_ptr().add(self.len()))) - } - } -@@ -2143,7 +2146,7 @@ pub fn pop(&mut self) -> Option<T> { - /// - /// # Panics - /// -- /// Panics if the new capacity exceeds `isize::MAX` bytes. -+ /// Panics if the new capacity exceeds `isize::MAX` _bytes_. - /// - /// # Examples - /// -@@ -2315,6 +2318,12 @@ pub fn is_empty(&self) -> bool { - /// `[at, len)`. After the call, the original vector will be left containing - /// the elements `[0, at)` with its previous capacity unchanged. - /// -+ /// - If you want to take ownership of the entire contents and capacity of -+ /// the vector, see [`mem::take`] or [`mem::replace`]. -+ /// - If you don't need the returned vector at all, see [`Vec::truncate`]. -+ /// - If you want to take ownership of an arbitrary subslice, or you don't -+ /// necessarily want to store the removed items in a vector, see [`Vec::drain`]. -+ /// - /// # Panics - /// - /// Panics if `at > len`. -@@ -2346,14 +2355,6 @@ fn assert_failed(at: usize, len: usize) -> ! { - assert_failed(at, self.len()); - } - -- if at == 0 { -- // the new vector can take over the original buffer and avoid the copy -- return mem::replace( -- self, -- Vec::with_capacity_in(self.capacity(), self.allocator().clone()), -- ); -- } -- - let other_len = self.len - at; - let mut other = Vec::with_capacity_in(other_len, self.allocator().clone()); - -@@ -3027,6 +3028,50 @@ fn index_mut(&mut self, index: I) -> &mut Self::Output { - } - } - -+/// Collects an iterator into a Vec, commonly called via [`Iterator::collect()`] -+/// -+/// # Allocation behavior -+/// -+/// In general `Vec` does not guarantee any particular growth or allocation strategy. -+/// That also applies to this trait impl. -+/// -+/// **Note:** This section covers implementation details and is therefore exempt from -+/// stability guarantees. -+/// -+/// Vec may use any or none of the following strategies, -+/// depending on the supplied iterator: -+/// -+/// * preallocate based on [`Iterator::size_hint()`] -+/// * and panic if the number of items is outside the provided lower/upper bounds -+/// * use an amortized growth strategy similar to `pushing` one item at a time -+/// * perform the iteration in-place on the original allocation backing the iterator -+/// -+/// The last case warrants some attention. It is an optimization that in many cases reduces peak memory -+/// consumption and improves cache locality. But when big, short-lived allocations are created, -+/// only a small fraction of their items get collected, no further use is made of the spare capacity -+/// and the resulting `Vec` is moved into a longer-lived structure, then this can lead to the large -+/// allocations having their lifetimes unnecessarily extended which can result in increased memory -+/// footprint. -+/// -+/// In cases where this is an issue, the excess capacity can be discarded with [`Vec::shrink_to()`], -+/// [`Vec::shrink_to_fit()`] or by collecting into [`Box<[T]>`][owned slice] instead, which additionally reduces -+/// the size of the long-lived struct. -+/// -+/// [owned slice]: Box -+/// -+/// ```rust -+/// # use std::sync::Mutex; -+/// static LONG_LIVED: Mutex<Vec<Vec<u16>>> = Mutex::new(Vec::new()); -+/// -+/// for i in 0..10 { -+/// let big_temporary: Vec<u16> = (0..1024).collect(); -+/// // discard most items -+/// let mut result: Vec<_> = big_temporary.into_iter().filter(|i| i % 100 == 0).collect(); -+/// // without this a lot of unused capacity might be moved into the global -+/// result.shrink_to_fit(); -+/// LONG_LIVED.lock().unwrap().push(result); -+/// } -+/// ``` - #[cfg(not(no_global_oom_handling))] - #[stable(feature = "rust1", since = "1.0.0")] - impl<T> FromIterator<T> for Vec<T> { -@@ -3069,14 +3114,8 @@ fn into_iter(self) -> Self::IntoIter { - begin.add(me.len()) as *const T - }; - let cap = me.buf.capacity(); -- IntoIter { -- buf: NonNull::new_unchecked(begin), -- phantom: PhantomData, -- cap, -- alloc, -- ptr: begin, -- end, -- } -+ let buf = NonNull::new_unchecked(begin); -+ IntoIter { buf, phantom: PhantomData, cap, alloc, ptr: buf, end } - } - } - } -@@ -3598,8 +3637,10 @@ fn from(s: Box<[T], A>) -> Self { - impl<T, A: Allocator> From<Vec<T, A>> for Box<[T], A> { - /// Convert a vector into a boxed slice. - /// -- /// If `v` has excess capacity, its items will be moved into a -- /// newly-allocated buffer with exactly the right capacity. -+ /// Before doing the conversion, this method discards excess capacity like [`Vec::shrink_to_fit`]. -+ /// -+ /// [owned slice]: Box -+ /// [`Vec::shrink_to_fit`]: Vec::shrink_to_fit - /// - /// # Examples - /// -diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs -index 6858e2f8a3ed..9e9b245ebab5 100644 ---- a/rust/kernel/lib.rs -+++ b/rust/kernel/lib.rs -@@ -16,7 +16,6 @@ - #![feature(coerce_unsized)] - #![feature(dispatch_from_dyn)] - #![feature(new_uninit)] --#![feature(offset_of)] - #![feature(receiver_trait)] - #![feature(unsize)] - -diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index 533a7799fdfe..5a6ab6d965bc 100644 ---- a/scripts/Makefile.build -+++ b/scripts/Makefile.build -@@ -263,7 +263,7 @@ $(obj)/%.lst: $(src)/%.c FORCE - # Compile Rust sources (.rs) - # --------------------------------------------------------------------------- - --rust_allowed_features := new_uninit,offset_of -+rust_allowed_features := new_uninit - - # `--out-dir` is required to avoid temporaries being created by `rustc` in the - # current working directory, which may be not accessible in the out-of-tree -diff --git a/scripts/min-tool-version.sh b/scripts/min-tool-version.sh -index 5927cc6b7de3..6086e00e640e 100755 ---- a/scripts/min-tool-version.sh -+++ b/scripts/min-tool-version.sh -@@ -33,7 +33,7 @@ llvm) - fi - ;; - rustc) -- echo 1.76.0 -+ echo 1.77.1 - ;; - bindgen) - echo 0.65.1 --- -2.44.0 - diff --git a/pkgs/os-specific/linux/kernel/update-libre.sh b/pkgs/os-specific/linux/kernel/update-libre.sh deleted file mode 100755 index aea12df55cc5..000000000000 --- a/pkgs/os-specific/linux/kernel/update-libre.sh +++ /dev/null @@ -1,33 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i bash -p nix-prefetch-svn git curl -set -euo pipefail - -nixpkgs="$(git rev-parse --show-toplevel)" -path="$nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix" - -old_rev="$(grep -o 'rev = ".*"' "$path" | awk -F'"' '{print $2}')" -old_sha256="$(grep -o 'sha256 = ".*"' "$path" | awk -F'"' '{print $2}')" - -svn_url=https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/ -rev="$(curl -s "$svn_url" | grep -Em 1 -o 'Revision [0-9]+' | awk '{print $2}')" - -if [ "$old_rev" = "$rev" ]; then - echo "No updates for linux-libre" - exit 0 -fi - -sha256="$(QUIET=1 nix-prefetch-svn "$svn_url" "$rev" | tail -1)" - -if [ "$old_sha256" = "$sha256" ]; then - echo "No updates for linux-libre" - exit 0 -fi - -sed -i -e "s/rev = \".*\"/rev = \"$rev\"/" \ - -e "s/sha256 = \".*\"/sha256 = \"$sha256\"/" "$path" - -if [ -n "${COMMIT-}" ]; then - git commit -qm "linux_latest-libre: $old_rev -> $rev" "$path" \ - $nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix - echo "Updated linux_latest-libre $old_rev -> $rev" -fi diff --git a/pkgs/os-specific/linux/kernel/update-mainline.py b/pkgs/os-specific/linux/kernel/update-mainline.py deleted file mode 100755 index bf5001ee378a..000000000000 --- a/pkgs/os-specific/linux/kernel/update-mainline.py +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.beautifulsoup4 ps.lxml ps.packaging ])" -import json -import os -import pathlib -import subprocess -import sys -import urllib.request -from dataclasses import dataclass -from enum import Enum - -from bs4 import BeautifulSoup, NavigableString, Tag -from packaging.version import parse as parse_version, Version -from typing import List - -HERE = pathlib.Path(__file__).parent -ROOT = HERE.parent.parent.parent.parent -VERSIONS_FILE = HERE / "kernels-org.json" - - -class KernelNature(Enum): - MAINLINE = 1 - STABLE = 2 - LONGTERM = 3 - - -@dataclass -class KernelRelease: - nature: KernelNature - version: str - branch: str - date: str - link: str - eol: bool = False - - -def parse_release(release: Tag) -> KernelRelease | None: - columns: list[Tag] = list(release.find_all("td")) - try: - nature = KernelNature[columns[0].get_text().rstrip(":").upper()] - except KeyError: - return None - - version = columns[1].get_text().rstrip(" [EOL]") - date = columns[2].get_text() - link = columns[3].find("a") - if link is not None and isinstance(link, Tag): - link = link.attrs.get("href") - assert link is not None, f"link for kernel {version} is non-existent" - eol = bool(release.find(class_="eolkernel")) - - return KernelRelease( - nature=nature, - branch=get_branch(version), - version=version, - date=date, - link=link, - eol=eol, - ) - - -def get_branch(version: str): - # This is a testing kernel. - if "rc" in version: - return "testing" - else: - major, minor, *_ = version.split(".") - return f"{major}.{minor}" - - -def get_hash(kernel: KernelRelease): - if kernel.branch == "testing": - args = ["--unpack"] - else: - args = [] - - hash = ( - subprocess.check_output(["nix-prefetch-url", kernel.link] + args) - .decode() - .strip() - ) - return f"sha256:{hash}" - - -def get_oldest_branch() -> Version: - with open(VERSIONS_FILE) as f: - return parse_version(sorted(json.load(f).keys())[0]) - - -def predates_oldest_branch(oldest: Version, to_compare: str) -> bool: - if to_compare == "testing": - return False - - return parse_version(to_compare) < oldest - - -def commit(message): - return subprocess.check_call(["git", "commit", "-m", message, VERSIONS_FILE]) - - -def main(): - kernel_org = urllib.request.urlopen("https://kernel.org/") - soup = BeautifulSoup(kernel_org.read().decode(), "lxml") - release_table = soup.find(id="releases") - if not release_table or isinstance(release_table, NavigableString): - print(release_table, file=sys.stderr) - print("Failed to find the release table on https://kernel.org", file=sys.stderr) - sys.exit(1) - - releases = release_table.find_all("tr") - parsed_releases = filter(None, [parse_release(release) for release in releases]) - all_kernels = json.load(VERSIONS_FILE.open()) - - oldest_branch = get_oldest_branch() - - for kernel in parsed_releases: - branch = get_branch(kernel.version) - nixpkgs_branch = branch.replace(".", "_") - - old_version = all_kernels.get(branch, {}).get("version") - if old_version == kernel.version: - print(f"linux_{nixpkgs_branch}: {kernel.version} is latest, skipping...") - continue - - if predates_oldest_branch(oldest_branch, kernel.branch): - print( - f"{kernel.branch} is too old and not supported anymore, skipping...", - file=sys.stderr - ) - continue - - if old_version is None: - if kernel.eol: - print( - f"{kernel.branch} is EOL, not adding...", - file=sys.stderr - ) - continue - - message = f"linux_{nixpkgs_branch}: init at {kernel.version}" - else: - message = f"linux_{nixpkgs_branch}: {old_version} -> {kernel.version}" - - print(message, file=sys.stderr) - - all_kernels[branch] = { - "version": kernel.version, - "hash": get_hash(kernel), - } - - with VERSIONS_FILE.open("w") as fd: - json.dump(all_kernels, fd, indent=4) - fd.write("\n") # makes editorconfig happy - - if os.environ.get("COMMIT") == "1": - commit(message) - - -if __name__ == "__main__": - main() diff --git a/pkgs/os-specific/linux/kernel/update-rt.sh b/pkgs/os-specific/linux/kernel/update-rt.sh deleted file mode 100755 index a9e0577fae92..000000000000 --- a/pkgs/os-specific/linux/kernel/update-rt.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -# To update all rt kernels run: ./update-rt.sh - -# To update just one ./linux-rt-5.X.nix run: ./update-rt.sh ./linux-rt-5.X.nix - -# To add a new kernel branch 5.Y run: ./update-rt.sh ./linux-rt-5.Y.nix -# (with nonexistent .nix file) and update all-packages.nix. - -# To commit run with: env COMMIT=1 - -mirror=https://kernel.org/pub/linux/kernel - -main() { - if [ $# -ge 1 ]; then - update-if-needed "$1" - else - update-all-if-needed - fi -} - -update-all-if-needed() { - for f in "$(dirname "$0")"/linux-rt-*.nix; do - update-if-needed "$f" - done -} - -file-version() { - file="$1" # e.g. ./linux-rt-5.4.nix - if [ -e "$file" ]; then - grep ' version = ' "$file" | grep -o '[0-9].[^"]*' - fi -} - -latest-rt-version() { - branch="$1" # e.g. 5.4 - curl -sL "$mirror/projects/rt/$branch/sha256sums.asc" | - sed -ne '/.patch.xz/ { s/.*patch-\(.*\).patch.xz/\1/p}' | - grep -v '\-rc' | - sort --version-sort | - tail -n 1 -} - -update-if-needed() { - file="$1" # e.g. ./linux-rt-5.4.nix (created if does not exist) - branch=$(basename "$file" .nix) # e.g. linux-rt-5.4 - branch=${branch#linux-rt-} # e.g. 5.4 - cur=$(file-version "$file") # e.g. 5.4.59-rt36 or empty - new=$(latest-rt-version "$branch") # e.g. 5.4.61-rt37 - kversion=${new%-*} # e.g. 5.4.61 - major=${branch%.*} # e.g 5 - nixattr="linux-rt_${branch/./_}" - if [ "$new" = "$cur" ]; then - echo "$nixattr: $cur (up-to-date)" - return - fi - khash=$(nix-prefetch-url "$mirror/v${major}.x/linux-${kversion}.tar.xz") - phash=$(nix-prefetch-url "$mirror/projects/rt/${branch}/older/patch-${new}.patch.xz") - if [ "$cur" ]; then - msg="$nixattr: $cur -> $new" - else - msg="$nixattr: init at $new" - prev=$(ls -v "$(dirname "$0")"/linux-rt-*.nix | tail -1) - cp "$prev" "$file" - cur=$(file-version "$file") - fi - echo "$msg" - sed -i "$file" \ - -e "s/$cur/$new/" \ - -e "s|kernel/v[0-9]*|kernel/v$major|" \ - -e "1,/.patch.xz/ s/sha256 = .*/sha256 = \"$khash\";/" \ - -e "1,/.patch.xz/! s/sha256 = .*/sha256 = \"$phash\";/" - if [ "${COMMIT:-}" ]; then - git add "$file" - git commit -m "$msg" - fi -} - -return 2>/dev/null || main "$@" diff --git a/pkgs/os-specific/linux/kernel/update-zen.py b/pkgs/os-specific/linux/kernel/update-zen.py deleted file mode 100755 index 3c51f806d8f8..000000000000 --- a/pkgs/os-specific/linux/kernel/update-zen.py +++ /dev/null @@ -1,122 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python3 -p python3 nix nix-prefetch-git - -import fileinput -import json -import os -import sys -import re -import subprocess - -from datetime import datetime -from urllib.request import urlopen, Request - - -def panic(exc): - raise Exception(exc) - - -DIR = os.path.dirname(os.path.abspath(__file__)) -HEADERS = {'Accept': 'application/vnd.github.v3+json'} - - -def github_api_request(endpoint): - base_url = 'https://api.github.com/' - request = Request(base_url + endpoint, headers=HEADERS) - with urlopen(request) as http_response: - return json.loads(http_response.read().decode('utf-8')) - - -def get_commit_date(repo, sha): - url = f'https://api.github.com/repos/{repo}/commits/{sha}' - request = Request(url, headers=HEADERS) - with urlopen(request) as http_response: - commit = json.loads(http_response.read().decode()) - date = commit['commit']['committer']['date'].rstrip('Z') - date = datetime.fromisoformat(date).date().isoformat() - return 'unstable-' + date - - -def nix_prefetch_git(url, rev): - """Prefetches the requested Git revision (incl. submodules) of the given repository URL.""" - print(f'nix-prefetch-git {url} {rev}') - out = subprocess.check_output([ - 'nix-prefetch-git', '--quiet', - '--url', url, - '--rev', rev, - '--fetch-submodules']) - return json.loads(out)['sha256'] - - -def nix_prefetch_url(url, unpack=False): - """Prefetches the content of the given URL.""" - print(f'nix-prefetch-url {url}') - options = ['--type', 'sha256'] - if unpack: - options += ['--unpack'] - out = subprocess.check_output(['nix-prefetch-url'] + options + [url]) - return out.decode('utf-8').rstrip() - - -def update_file(relpath, variant, version, suffix, sha256): - file_path = os.path.join(DIR, relpath) - with fileinput.FileInput(file_path, inplace=True) as f: - for line in f: - result = line - result = re.sub( - fr'^ version = ".+"; #{variant}', - f' version = "{version}"; #{variant}', - result) - result = re.sub( - fr'^ suffix = ".+"; #{variant}', - f' suffix = "{suffix}"; #{variant}', - result) - result = re.sub( - fr'^ sha256 = ".+"; #{variant}', - f' sha256 = "{sha256}"; #{variant}', - result) - print(result, end='') - - -def read_file(relpath, variant): - file_path = os.path.join(DIR, relpath) - re_version = re.compile(fr'^\s*version = "(.+)"; #{variant}') - re_suffix = re.compile(fr'^\s*suffix = "(.+)"; #{variant}') - version = None - suffix = None - with fileinput.FileInput(file_path, mode='r') as f: - for line in f: - version_match = re_version.match(line) - if version_match: - version = version_match.group(1) - continue - - suffix_match = re_suffix.match(line) - if suffix_match: - suffix = suffix_match.group(1) - continue - - if version and suffix: - break - return version, suffix - - -if __name__ == "__main__": - if len(sys.argv) == 1: - panic("Update variant expected") - variant = sys.argv[1] - if variant not in ("zen", "lqx"): - panic(f"Unexepected variant instead of 'zen' or 'lqx': {sys.argv[1]}") - pattern = re.compile(fr"v(\d+\.\d+\.?\d*)-({variant}\d+)") - zen_tags = github_api_request('repos/zen-kernel/zen-kernel/releases') - for tag in zen_tags: - zen_match = pattern.match(tag['tag_name']) - if zen_match: - zen_tag = zen_match.group(0) - zen_version = zen_match.group(1) - zen_suffix = zen_match.group(2) - break - old_version, old_suffix = read_file('zen-kernels.nix', variant) - if old_version != zen_version or old_suffix != zen_suffix: - zen_hash = nix_prefetch_git('https://github.com/zen-kernel/zen-kernel.git', zen_tag) - update_file('zen-kernels.nix', variant, zen_version, zen_suffix, zen_hash) diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh deleted file mode 100755 index 37e1cc1a5cd4..000000000000 --- a/pkgs/os-specific/linux/kernel/update.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash -cd "$(dirname "$(readlink -f "$0")")" || exit - -echo "Update linux (mainline)" -COMMIT=1 ./update-mainline.py || echo "update-mainline failed with exit code $?" - -echo "Update linux-rt" -COMMIT=1 ./update-rt.sh || echo "update-rt failed with exit code $?" - -echo "Update linux-libre" -COMMIT=1 ./update-libre.sh || echo "update-libre failed with exit code $?" - -echo "Update linux-hardened" -COMMIT=1 ./hardened/update.py || echo "update-hardened failed with exit code $?" diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix deleted file mode 100644 index b2c4d0a6a669..000000000000 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, buildLinux, ... } @ args: - -let - # These names are how they are designated in https://xanmod.org. - - # NOTE: When updating these, please also take a look at the changes done to - # kernel config in the xanmod version commit - ltsVariant = { - version = "6.6.33"; - hash = "sha256-3qGxIYNVm2f69rym0Ya1X497G7yRNj3lLCtVgyEZ9yw="; - variant = "lts"; - }; - - mainVariant = { - version = "6.9.4"; - hash = "sha256-gY0t77aPWOuRZFESNp0OLIsjLAv+rf0NHbab9WF2VtA="; - variant = "main"; - }; - - xanmodKernelFor = { version, suffix ? "xanmod1", hash, variant }: buildLinux (args // rec { - inherit version; - pname = "linux-xanmod"; - modDirVersion = lib.versions.pad 3 "${version}-${suffix}"; - - src = fetchFromGitHub { - owner = "xanmod"; - repo = "linux"; - rev = modDirVersion; - inherit hash; - }; - - structuredExtraConfig = with lib.kernel; { - # CPUFreq governor Performance - CPU_FREQ_DEFAULT_GOV_PERFORMANCE = lib.mkOverride 60 yes; - CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = lib.mkOverride 60 no; - - # Full preemption - PREEMPT = lib.mkOverride 60 yes; - PREEMPT_VOLUNTARY = lib.mkOverride 60 no; - - # Google's BBRv3 TCP congestion Control - TCP_CONG_BBR = yes; - DEFAULT_BBR = yes; - - # Preemptive Full Tickless Kernel at 250Hz - HZ = freeform "250"; - HZ_250 = yes; - HZ_1000 = no; - - # RCU_BOOST and RCU_EXP_KTHREAD - RCU_EXPERT = yes; - RCU_FANOUT = freeform "64"; - RCU_FANOUT_LEAF = freeform "16"; - RCU_BOOST = yes; - RCU_BOOST_DELAY = freeform "0"; - RCU_EXP_KTHREAD = yes; - }; - - extraMeta = { - branch = lib.versions.majorMinor version; - maintainers = with lib.maintainers; [ moni lovesegfault atemu shawn8901 zzzsy ]; - description = "Built with custom settings and new features built to provide a stable, responsive and smooth desktop experience"; - broken = stdenv.isAarch64; - }; - } // (args.argsOverride or { })); -in -{ - lts = xanmodKernelFor ltsVariant; - main = xanmodKernelFor mainVariant; -} diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix deleted file mode 100644 index 270a608c84cd..000000000000 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, buildLinux, ... } @ args: - -let - # comments with variant added for update script - # ./update-zen.py zen - zenVariant = { - version = "6.9.5"; #zen - suffix = "zen1"; #zen - sha256 = "16dm07xd5x5kbn3yk8q2kqwby67953p40ja0akrg31hycz8sgbqq"; #zen - isLqx = false; - }; - # ./update-zen.py lqx - lqxVariant = { - version = "6.9.5"; #lqx - suffix = "lqx1"; #lqx - sha256 = "0r3pgjfyza3vkvp7kw1s7sn1gf4hxq6r6qs5wvv76gmff7s399yz"; #lqx - isLqx = true; - }; - zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { - inherit version; - pname = "linux-${if isLqx then "lqx" else "zen"}"; - modDirVersion = lib.versions.pad 3 "${version}-${suffix}"; - isZen = true; - - src = fetchFromGitHub { - owner = "zen-kernel"; - repo = "zen-kernel"; - rev = "v${version}-${suffix}"; - inherit sha256; - }; - - # This is based on the following sources: - # - zen: https://gitlab.archlinux.org/archlinux/packaging/packages/linux-zen/-/blob/main/config - # - lqx: https://github.com/damentz/liquorix-package/blob/6.4/master/linux-liquorix/debian/config/kernelarch-x86/config-arch-64 - # - Liquorix features: https://liquorix.net/ - # The list below is not exhaustive, so the kernels probably doesn't match - # the upstream, but should bring most of the improvements that will be - # expected by users - structuredExtraConfig = with lib.kernel; { - # Zen Interactive tuning - ZEN_INTERACTIVE = yes; - - # FQ-Codel Packet Scheduling - NET_SCH_DEFAULT = yes; - DEFAULT_FQ_CODEL = yes; - DEFAULT_NET_SCH = freeform "fq_codel"; - - # Preempt (low-latency) - PREEMPT = lib.mkOverride 60 yes; - PREEMPT_VOLUNTARY = lib.mkOverride 60 no; - - # Preemptible tree-based hierarchical RCU - TREE_RCU = yes; - PREEMPT_RCU = yes; - RCU_EXPERT = yes; - TREE_SRCU = yes; - TASKS_RCU_GENERIC = yes; - TASKS_RCU = yes; - TASKS_RUDE_RCU = yes; - TASKS_TRACE_RCU = yes; - RCU_STALL_COMMON = yes; - RCU_NEED_SEGCBLIST = yes; - RCU_FANOUT = freeform "64"; - RCU_FANOUT_LEAF = freeform "16"; - RCU_BOOST = yes; - RCU_BOOST_DELAY = freeform "500"; - RCU_NOCB_CPU = yes; - RCU_LAZY = yes; - - # Futex WAIT_MULTIPLE implementation for Wine / Proton Fsync. - FUTEX = yes; - FUTEX_PI = yes; - - # Preemptive Full Tickless Kernel at 1000Hz - HZ = freeform "1000"; - HZ_1000 = yes; - } // lib.optionalAttrs (isLqx) { - # Google's BBRv3 TCP congestion Control - TCP_CONG_BBR = yes; - DEFAULT_BBR = yes; - DEFAULT_TCP_CONG = freeform "bbr"; - - # PDS Process Scheduler - SCHED_ALT = yes; - SCHED_PDS = yes; - - # Swap storage is compressed with LZ4 using zswap - ZSWAP_COMPRESSOR_DEFAULT_LZ4 = lib.mkOptionDefault yes; - ZSWAP_COMPRESSOR_DEFAULT_ZSTD = lib.mkDefault no; - - # Fix error: unused option: XXX. - CFS_BANDWIDTH = lib.mkForce (option no); - PSI = lib.mkForce (option no); - RT_GROUP_SCHED = lib.mkForce (option no); - SCHED_AUTOGROUP = lib.mkForce (option no); - SCHED_CORE = lib.mkForce (option no); - UCLAMP_TASK = lib.mkForce (option no); - UCLAMP_TASK_GROUP = lib.mkForce (option no); - - # ERROR: modpost: "sched_numa_hop_mask" [drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko] undefined! - MLX5_CORE = no; - }; - - passthru.updateScript = [ ./update-zen.py (if isLqx then "lqx" else "zen") ]; - - extraMeta = { - branch = lib.versions.majorMinor version + "/master"; - maintainers = with lib.maintainers; [ thiagokokada jerrysm64 ]; - description = "Built using the best configuration and kernel sources for desktop, multimedia, and gaming workloads." + - lib.optionalString isLqx " (Same as linux_zen, but less aggressive release schedule and additional extra config)"; - broken = stdenv.isAarch64; - }; - - } // (args.argsOverride or { })); -in -{ - zen = zenKernelsFor zenVariant; - lqx = zenKernelsFor lqxVariant; -} |