3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

302 commits

Author SHA1 Message Date
Tim Steinbach d91f1b0f47
linux: Optional SECURITY_LOCKDOWN_LSM
The option has been removed in the most recent dot releases
2021-01-11 11:09:02 -05:00
github-actions[bot] a6f7ba3752
Merge staging-next into staging 2020-12-31 18:42:44 +00:00
Samuel Dionne-Riel 4e75a31e98 linux: configure aarch64 contiguous memory allocator via kernel config
As per the in-line comment, this is where distros should configure it.
Not via kernel command line parameters.

As found by looking at the implementation, while exploring the cause of
a bug on the Raspberry Pi 4, it was found that `cma=` on the command
line parameters will overwrite the values a device tree will have
configured for a given platform.

With this, the more recent 5.4 vendor kernel boots just fine on the
Raspberry Pi 4 using our common configuration.
2020-12-31 18:20:49 +01:00
Michael Raskin a95d8f160a
Merge pull request #107625 from Atemu/r13y/kernel-disable-module-signing
kernel: disable module signing
2020-12-30 17:47:49 +00:00
Blaž Hrastnik 9461f0a734 kernel: use zstd compression on 5.9+. 2020-12-28 14:25:17 +01:00
Atemu 2c19ef2209 linux: disable module signing
Without this, the kernel would generate a random one for us which obviously
isn't reproducible.

`nix-build -A linux --check` succeeds now!
(Tested at different times with different kernel)
2020-12-26 13:15:04 +01:00
Gaute Ravndal 5183864d18 linux: explicitly enable RAS
This is needed for EDAC support.
2020-11-26 10:08:51 +01:00
Florian Klink 13be37662d kernel config: explicitly enable CONFIG_IPV6
We currently build CONFIG_IPV6=m.

This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u

Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).

By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.

People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
2020-11-16 13:07:49 +01:00
edef a6a6659e56
Merge pull request #33283 from fahadsadah/dpauxchardev
kernel config: CONFIG_DRM_DP_AUX_CHARDEV
2020-09-06 16:34:11 +00:00
Symphorien Gibol 8c56afb042 linux: enable io cost and io latency block group controller
They are enabled by default on Arch.
2020-07-18 12:00:00 +00:00
Tim Steinbach 0416089dc6
linux: 5.8-rc2 -> 5.8-rc4 2020-07-10 10:23:46 -04:00
Frederik Rietdijk e4cd7a48f3 Merge staging-next into staging 2020-06-19 10:49:25 +02:00
Linus Heckemann 5d58db7a47
Merge pull request #90135 from lheckemann/linux-force-feedback
linux: enable force feedback support in HID drivers
2020-06-18 17:18:11 +02:00
Frederik Rietdijk 32e827b848 Merge staging-next into staging 2020-06-18 09:02:05 +02:00
Jörg Thalheim df54fe60ba
Merge pull request #87554 from emilazy/add-aio-to-kconfig
linux: explicitly enable AIO
2020-06-17 08:46:30 +01:00
Frederik Rietdijk 52de5f2430 Merge staging-next into staging 2020-06-16 18:17:05 +02:00
Tim Steinbach 5953625fa5
linux: 5.7-rc6 -> 5.8-rc1 2020-06-15 11:10:17 -04:00
Rouven Czerwinski 407a3d4c5e linux config: SND_HDA_CODEC_CA0132_DSP for <5.7
The default enable for SND_HDA_CODEC_CA0132_DSP was already merged into
5.7-rc1 [1], which means we can adjust the whenOlder to 5.7.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=652bb5d8df4b3a79ed350db35cda12637e63efa7
2020-06-15 10:14:59 +02:00
Frederik Rietdijk 1523382160 Merge master into staging-next 2020-06-13 11:02:21 +02:00
Vladimír Čunát b23c1abe93
linux: fix kernel config options for i686
Even the default pkgsi686Linux.linux was broken.
2020-06-12 08:52:09 +02:00
Linus Heckemann 9181f79289 linux: enable force feedback support in HID drivers 2020-06-11 12:41:59 +02:00
Vladimír Čunát 34d58cb839
Merge branch 'staging' into staging-next
This commit has already been partially rebuilt in
https://hydra.nixos.org/eval/1592635
In particular, the severe security fix for gnutls is contained.
2020-06-10 16:18:40 +02:00
Vladimír Čunát bbe71613b6
linux: fix kernel config options for 5.7 2020-06-10 14:07:15 +02:00
Ricardo M. Correia 9dd9bc7bcc linux: fix kernel config options
Some of the options didn't have correct kernel version constraints,
others had been removed or made optional unnecessarily in #84032.
2020-06-10 13:17:17 +02:00
Anders Kaseorg 0f2e569505 linux: CONFIG_MOUSE_ELAN_I2C_SMBUS=y
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-04 18:22:23 +02:00
Florian Klink cfb4d0dfe3
Merge pull request #84032 from teto/fix_kernel_merge
Fix kernel configuration merge
2020-05-22 13:32:22 +02:00
Puck Meerburg 2b5d59cbdc linux: Enable fbcon deferred takeover when possible
This config value ensures that when booting through e.g. UEFI, the
existing framebuffer contents stay put until the first character is
printed. As the default NixOS stage-1 immediately outputs a welcome
message on init, this does not impact it, but it will allow for a cleaner boot when
configured as such.
2020-05-17 17:43:34 +00:00
Emily 4688ec0eb2 linux: explicitly enable AIO
This is disabled by default in the linux-hardened patchset, but is
required by e.g. LVM.

Fixes #87260.
2020-05-10 23:23:38 +01:00
Frederik Rietdijk 9875bbae75 Merge master into staging-next 2020-05-05 19:51:09 +02:00
Vincent Breitmoser bdd2d3ccb2 linux: CONFIG_HIDRAW=y 2020-05-02 17:43:43 +02:00
Luka Blaskovic 6fc9fd53db linux config: enable Sound Open Firmware support 2020-04-29 07:31:49 +00:00
Frederik Rietdijk 803b3d296c Merge staging-next into staging 2020-04-21 08:29:51 +02:00
Yegor Timoshenko 6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Emily 3d01e802bd linux: explicitly enable SYSVIPC
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
2020-04-17 16:12:29 +01:00
Niklas Hambüchen f16ae2da3e linux: Enable CONFIG_NET_DROP_MONITOR by default.
Needed for subscribing to dropped packets (e.g. via `dropwatch`).
2020-04-14 20:07:51 +02:00
Matthieu Coudron bc6b37e967 fixup! kernel: fix errors in configuration 2020-04-11 14:04:25 +02:00
Eelco Dolstra 50913242ab
Merge pull request #81500 from primeos/tcp-cong-switch-to-cubic
linux config: Set TCP_CONG_CUBIC=yes to restore the default
2020-04-06 17:11:31 +02:00
Matthieu Coudron 121b17e1ac kernel: fix errors in configuration
With the fix in kernel configuration merging, some kernel configuration items
marked as mandatory now correctly trigger an error when unused (while they
previously were unused).
2020-04-01 22:28:53 +02:00
Rouven Czerwinski 62cdbd678c linux config: enable SND CA0132 DSP loading
Since we select everything as a module, snd_hda_codec_ca0132 is built as
well. DSP loading is not enabled by default, but without it the
soundcard produces timeouts within ALSA and does not emit sound.
Explicitly enable the firmware loading to ensure Soundblaster
Z/Zx/ZxR/Recon devices can be used with NixOS.
The patch to enable this by default in the kernel is staged for 5.8.
2020-03-29 21:11:17 +02:00
Silvan Mosberger eff447b321
Merge pull request #70157 from teto/lib_kernel
Add lib.kernel
2020-03-12 23:53:42 +01:00
Michael Weiss 60f4345e37
linux config: Set TCP_CONG_CUBIC=yes to restore the default
This will switch the default TCP congestion control algorithm from
new Reno to CUBIC. CUBIC is the default since Linux kernel 2.6.19
(see 597811ec167fa) and most (all?) distributions keep this default
(e.g. Debian and Ubuntu). On NixOS the default was still new Reno
because generate-config.pl changes TCP_CONG_CUBIC from y to m (since we
try to build everything as a module by default).

To check the active and available algorithms:
$ sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = cubic
$ sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = cubic reno

Note: E.g. x86_64_defconfig sets TCP_CONG_CUBIC=y indirectly via
CONFIG_TCP_CONG_ADVANCED=y (but CUBIC is also the default if set to no,
see net/ipv4/Kconfig).
2020-03-02 10:57:47 +01:00
Félix Baylac-Jacqué 6896b1cb1d
linux: add policy routing config flag for aarch64
CONFIG_IP_MULTIPLE_TABLES is part of the default x86 kernel config but
absent from the Aarch64 one. Adding explicitely this flag together
with its dependency IP_ADVANCED_ROUTER.

Both of these config flags are needed to use the routing policy
facilities.
2020-03-01 20:25:44 +01:00
Vladimír Čunát 8130f3c1c2
linux config: revert BPF_JIT_ALWAYS_ON=yes
This reverts a small bit of af808bd82 from PR #73328.  Fixes #79304:
tests.installer.simpleUefiSystemdBoot.x86_64-linux

I still don't know why the regression happened, but this feature doesn't
seem important enough to block channel now, though it reportedly helps
to mitigate spectre 2 attack CVE-2017-5715.
2020-02-09 08:22:00 +01:00
misuzu 149737a2a4 linux: Enable NVME_HWMON
This is available for 5.5+ and enables support for
NVMe drives temperature reporting
2020-02-03 19:08:45 +02:00
Lassulus bc4921a584
Merge pull request #73328 from magenbluten/af_xdp
linux config: add support for xdp sockets and ebpf jit
2020-01-13 05:54:57 +01:00
Anthony Cowley 8a4603f9c4 linux: fix amdgpu memory mapping with kernel >= 5.3
These configuration options are needed for the ROCm GPU compute stack
on kernels >= 5.3.
2019-12-08 18:52:43 +01:00
Izorkin 928fdab4a1 linux: add in kernel 5.4 lockdown feature 2019-12-07 12:06:23 +01:00
Tim Steinbach 0e670a2e67
linux: Add CRYPTO_AEGIS128_SIMD for aarch64
See comments: 9b67ea9106
2019-11-28 09:21:06 -05:00
magenbluten af808bd826 linux config: add support for xdp sockets and ebpf jit
xdp socket support (AF_XDP) is the new way of implementing high
performance networking on linux. on arch linux and debian this is
already enabled (checked via the links from the nixos manual).

moreover, these flags are suggested by the bpf documentation at cilium:

https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel

additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help
spectre attack mitigations:

290af86629
2019-11-17 17:20:23 +01:00
Tim Steinbach 0973f67fd0
linux: Enable KEYBOARD_APPLESPI
This is available for 5.3+ and enables support for
Apple trackpads and keyboards

Closes #71552
2019-10-23 09:03:16 -04:00