nixpkgs/pkgs/os-specific/linux/kernel/patches.nix

{ lib, fetchpatch, fetchurl }:

{
  bridge_stp_helper =
    { name = "bridge-stp-helper";
      patch = ./bridge-stp-helper.patch;
    };

  request_key_helper =
    { name = "request-key-helper";
      patch = ./request-key-helper.patch;
    };

  request_key_helper_updated =
    { name = "request-key-helper-updated";
      patch = ./request-key-helper-updated.patch;
    };

  p9_fixes =
    { name = "p9-fixes";
      patch = ./p9-fixes.patch;
    };

  modinst_arg_list_too_long =
    { name = "modinst-arglist-too-long";
      patch = ./modinst-arg-list-too-long.patch;
    };

  genksyms_fix_segfault =
    { name = "genksyms-fix-segfault";
      patch = ./genksyms-fix-segfault.patch;
    };

  cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;

  tag_hardened = {
    name = "tag-hardened";
    patch = ./tag-hardened.patch;
  };

  hardened = let
    mkPatch = kernelVersion: patch: let
      fullVersion = "${kernelVersion}.${patch.version_suffix}";
      name = "linux-hardened-${fullVersion}";
    in {
      inherit name;
      patch = fetchurl {
        name = "${name}.patch";
        inherit (patch) url sha256;
        meta.maintainers = with lib.maintainers; [ emily ];
      };
    };
    patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json);
  in lib.mapAttrs mkPatch patches;

  # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6
  iwlwifi_mvm_support_version_7_scan_req_umac_fw_command = rec {
    name = "iwlwifi_mvm_support_version_7_scan_req_umac_fw_command";
    patch = fetchpatch {
      name = name + ".patch";
      url = "https://bugzilla.kernel.org/attachment.cgi?id=260597";
      sha256 = "09096npxpgvlwdz3pb3m9brvxh7vy0xc9z9p8hh85xyczyzcsjhr";
    };
  };

  # https://github.com/NixOS/nixpkgs/issues/42755
  xen-netfront_fix_mismatched_rtnl_unlock = rec {
    name = "xen-netfront_fix_mismatched_rtnl_unlock";
    patch = fetchpatch {
      name = name + ".patch";
      url = "https://github.com/torvalds/linux/commit/cb257783c2927b73614b20f915a91ff78aa6f3e8.patch";
      sha256 = "0xhblx2j8wi3kpnfpgjjwlcwdry97ji2aaq54r3zirk5g5p72zs8";
    };
  };

  # https://github.com/NixOS/nixpkgs/issues/42755
  xen-netfront_update_features_after_registering_netdev = rec {
    name = "xen-netfront_update_features_after_registering_netdev";
    patch = fetchpatch {
      name = name + ".patch";
      url = "https://github.com/torvalds/linux/commit/45c8184c1bed1ca8a7f02918552063a00b909bf5.patch";
      sha256 = "1l8xq02rd7vakxg52xm9g4zng0ald866rpgm8kjlh88mwwyjkrwv";
    };
  };

  export_kernel_fpu_functions = {
    "4.14" = {
      name = "export_kernel_fpu_functions";
      patch = ./export_kernel_fpu_functions_4_14.patch;
    };
    "5.3" = {
      name = "export_kernel_fpu_functions";
      patch = ./export_kernel_fpu_functions_5_3.patch;
    };
  };

  # patches from https://lkml.org/lkml/2019/7/15/1748
  mac_nvme_t2 = rec {
    name = "mac_nvme_t2";
    patch = ./mac-nvme-t2.patch;
  };
}