JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
370,960 Commits 2 Branches 0 Tags 12 GiB
052ec23eac
Commit Graph

416 Commits

Author SHA1 Message Date
github-actions[bot]
c6dd9fd65d
Merge master into staging-next 2022-03-25 18:01:14 +00:00
Kevin Cox
974af50601
Merge pull request #165547 from LibreCybernetics/kernel-options 
Kernel options cleanup
 2022-03-25 11:01:29 -04:00
Vladimír Čunát
0a8b4eddd2
Merge branch 'master' into staging-next 2022-03-25 10:16:56 +01:00
Fabián Heredia Montiel
1b0e116b14 linux: condition CLEANCACHE to before 5.17 when it was removed 2022-03-23 21:23:14 -06:00
Fabián Heredia Montiel
11e697c3d7 linux: common-config cleanup older options 2022-03-23 21:23:14 -06:00
Fabián Heredia Montiel
cc8456effe linux: common-config condition power-management to required platform 2022-03-23 16:24:32 -06:00
Graham Christensen
a5c28278f9 kernel: enable RANDOM_TRUST_BOOTLOADER on >= 5.4 
> Some bootloaders can provide entropy to increase the kernel's initial device randomness.

This allows, for example, EFI to provide 64 bytes. In general my opinion is an attacker
who can manipulate the random seed sufficiently to cause problems likely has other,
more direct approaches at their disposal as well.
 2022-03-22 22:05:10 -04:00
github-actions[bot]
6ae26bb3c8
Merge staging-next into staging 2022-03-21 18:07:51 +00:00
Robin Townsend
3132fcfec3 linux: Enable BPF_UNPRIV_DEFAULT_OFF in 5.15 2022-03-20 21:19:07 -04:00
Sandro
c377a6f7f5
Merge pull request #164566 from jian-lin/linux-enable-TASKSTATS-and-TASK_DELAY_ACCT 2022-03-18 15:53:27 +01:00
linj
8d7d5fdbdc linux: enable TASKSTATS, TASK_XACCT, TASK_DELAY_ACCT and TASK_IO_ACCOUNTING 
iotop needs TASKSTATS, TASK_DELAY_ACCT, TASK_XACCT and
TASK_IO_ACCOUNTING to work. For x86_64, all these options are enabled
by upstream[1]. For aarch64, however, only TASK_XACCT and
TASK_IO_ACCOUNTING are enabled by upstream[2].

This patch enables all these four options for aarch64, which have been
enabled by many other distributions, e.g. debian[3], fedora[4],
rhel[5] and gentoo[6].

I tried to only enable TASKSTATS and TASK_DELAY_ACCT since the other
two options are enabled by upstream, but it turns out that it's
necessary to explicitly enable all four options. I do not figure out
the reason though.

Additionally, given that debian enables these four options for all
arch[3], I think it's safe for us to do the same thing.

[1]: 56e337f2cf/arch/x86/configs/x86_64_defconfig (L8-L11)
[2]: 56e337f2cf/arch/arm64/configs/defconfig (L10-L11)
[3]: da6ddc7d8f/debian/config/config (L6356-6359)
[4]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-fedora.config#_7398
[5]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-rhel.config#_5885
[6]: b839fccce2/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.29.ebuild (L27)
 2022-03-17 21:45:56 +08:00
github-actions[bot]
137a689db1
Merge staging-next into staging 2022-03-07 00:02:59 +00:00
github-actions[bot]
b4b1ce4d4f
Merge master into staging-next 2022-03-07 00:02:12 +00:00
Artturi
ef67e135e9
Merge pull request #160539 from danielfullmer/kernel-iso9660 
linux: enable ISO9660_FS module
 2022-03-06 11:13:45 +02:00
Vladimír Čunát
f57be3c72a
linux: restrict option JOYSTICK_PSXPAD_SPI_FF 
This broke older kernels in PR #155613 (commit 8aae7afa3e).
I only checked the kernel versions that we maintain,
so (>= 4.14) might be an imprecise condition.
 2022-02-24 07:53:06 +01:00
Bernardo Meurer
c05bf8a9ce
Merge pull request #130615 from zhaofengli/ipoib-cm 
kernel: Enable IPoIB Connected Mode
 2022-02-21 10:55:24 -08:00
ajs124
5177d2aeef kernel/common-config: clean up after 4.4 removal 2022-02-21 17:32:05 +01:00
Daniel Fullmer
21babd5d52 linux: enable ISO9660_FS module 2022-02-17 17:26:55 -08:00
Sandro
f61999ec62
Merge pull request #155613 from SuperSamus/hid_ff 2022-02-16 17:16:28 +01:00
Bernardo Meurer
4c13b31801
linux/kernel/common-config.nix: mark FORTIFY_SOURCE as optional 
You cannot use it on clang-built kernels due to some LLVM bugs, namely:

* https://bugs.llvm.org/show_bug.cgi?id=50322
* https://bugs.llvm.org/show_bug.cgi?id=41459

so Kconfig forces it off, causing generate-config.pl to explode since it
is not marked optional.
 2022-02-01 09:18:17 -08:00
Maximilian Bosch
f74a2e4840
Merge pull request #154370 from brandonweeks/kspp 
linux: enable FORTIFY_SOURCE
 2022-01-30 23:34:45 +01:00
Martino Fontana
8aae7afa3e linux: enable FF for many gamepads 2022-01-24 11:46:57 +01:00
nullrequest
eff260aaf2
linux config: enable Landlock LSM 2022-01-19 12:12:03 +01:00
Martin Weinelt
3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
 2022-01-15 23:44:19 +01:00
Brandon Weeks
fbad6464be linux: enable FORTIFY_SOURCE 2022-01-10 17:00:08 -08:00
Bernardo Meurer
5f36161ae1
linuxKernel.kernels: mark {IO_,}STRICT_DEVMEM optional to unbreak hardened kernels 2022-01-10 17:49:30 -03:00
Bernardo Meurer
c1376aedd7
linuxKernel.kernels: also enable SND_SOC_SOF_INTEL_SOUNDWIRE_LINK between 5.10-5.11 2022-01-10 11:15:24 -03:00
Brandon Weeks
8f200e0e38 linux: enable IO_STRICT_DEVMEM 2022-01-09 21:34:42 -08:00
Bernardo Meurer
501a2c13cc
Merge pull request #154181 from brandonweeks/debug_list 2022-01-10 04:48:21 +00:00
Nelson Jeppesen
935303fd36 linux config: SND_SOC_INTEL_SOUNDWIRE_SOF_MACH >= 5.10 
Enable for SND_SOC_INTEL_SOUNDWIRE_SOF_MACH kernel module. This is used
on some 10/11th gen Intel laptops such as the XPS 17 97[00|10]

Enable SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES as well - this is required dep
 2022-01-09 19:28:24 -08:00
Brandon Weeks
b39c01b69c linux: enable DEBUG_LIST 2022-01-09 11:46:32 -08:00
github-actions[bot]
0d3fe41724
Merge master into staging-next 2022-01-05 18:01:06 +00:00
Vincent Haupert
8bedcacaf1 linux: enable X86_SGX{_KVM} on x86_64 only 
The config option X86_SGX is available on x86_64-linux only; i686-linux
is not supported.

https://github.com/torvalds/linux/blob/55a677b/arch/x86/Kconfig#L1914
 2022-01-05 00:36:55 +01:00
Dmitry Kalinkin
2ddda43924
Merge branch 'staging' into staging-next 
Conflicts:
	pkgs/os-specific/linux/kernel/common-config.nix
 2021-12-25 17:16:26 -05:00
github-actions[bot]
b7f2d2da61
Merge master into staging-next 2021-12-24 00:01:44 +00:00
Linus Heckemann
588db2a720 linux: enable FSL_MC_UAPI_SUPPORT 2021-12-18 00:05:49 +01:00
Maciej Krüger
0c287b011e
Merge pull request #145768 from mkg20001/anbox-waydroid-modules 2021-12-03 13:00:58 +01:00
Zhaofeng Li
5f3b85f618 kernel: Enable IPoIB Connected Mode 
`INFINIBAND` and `INFINIBAND_IPOIB` are here for clarity - They along
with other required flags are enabled already in the default config.
 2021-12-01 10:20:10 -08:00
Vincent Haupert
1f65b4c416 linux: enable X86_SGX and X86_SGX_KVM on x86 
Enable Intel Software Guard eXtensions (SGX) on x86 when using Linux
5.11.0 or later. Also enable KVM guests to create SGX enclaves if
running Linux 5.13.0 or later.
 2021-11-29 08:03:26 +01:00
Jonathan Ringer
4b73049ccc
Merge remote-tracking branch 'origin/staging' into staging-next 
Conflicts:
	nixos/tests/custom-ca.nix
 2021-11-22 21:33:23 -08:00
Izorkin
8bcc413092 linux: enable kTLS 2021-11-22 21:01:01 +00:00
Artturi
f57a2a6cf1
Merge pull request #144227 from humancalico/bpf-lsm 2021-11-18 03:00:28 +02:00
Matt Votava
c2e142d8ae
linux: CONFIG_ASHMEM=y, CONFIG_ANDROID=y 
This enables ashmem, binder so waydroid/anbox works with
the provided linux kernel

Cherry-picked from https://github.com/NixOS/nixpkgs/pull/102341
 2021-11-17 23:00:13 +01:00
Maximilian Bosch
61870bd811
Merge pull request #144409 from mitchmindtree/xps-9310-kernel-config 
linux: Add kernel config required for QCA6390 bluetooth (XPS 9310)
 2021-11-17 18:30:35 +01:00
github-actions[bot]
bc35dc4f3b
Merge master into staging-next 2021-11-14 12:01:23 +00:00
Jörg Thalheim
13dc25bd67
Merge branch 'master' into xps-9310-kernel-config 2021-11-14 11:33:38 +00:00
Jörg Thalheim
2a909594f1
Merge pull request #145827 from ncfavier/mediatek-bluetooth 
linux: add BT_HCIBTUSB_MTK to common kernel config
 2021-11-14 11:31:33 +00:00
Naïm Favier
3c2c3df181
linux: add BT_HCIBTUSB_MTK to common kernel config 
> The MediaTek protocol support enables firmware download support and chip initialization for MediaTek Bluetooth USB controllers.

Necessary to make Bluetooth work on some MediaTek controllers.
 2021-11-14 01:13:34 +01:00
github-actions[bot]
9b5a105856
Merge master into staging-next 2021-11-14 00:01:47 +00:00
Austin Seipp
3df74bdd3f kernel: enable core scheduling on 5.14+ kernels 
Core scheduling is a recent innovation in newer kernels to help run
certain untrusted compute workloads more safely in the face of
vulnerabilities like Spectre. In short: it lets processes assign a
unique "cookie" to some group of processes to indicate they are allowed
to be scheduled together on the same SMT-capable core. This helps
mitigate attacks that rely on observing usage of CPU execution units by
cohabitated threads.

Some extra details are available via Linux Weekly News:

  "Core scheduling lands in 5.14", https://lwn.net/Articles/861251/

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2021-11-13 17:02:34 -06:00