diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
20 files changed, 178 insertions, 1086 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 038a3105a18..2954ee8f78b 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -146,7 +146,7 @@ let scheduler = { IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 BLK_CGROUP = yes; # required by CFQ" - BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes; + BLK_CGROUP_IOLATENCY = yes; BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes; IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1 MQ_IOSCHED_DEADLINE = yes; @@ -183,8 +183,8 @@ let BPF_JIT = whenPlatformHasEBPFJit yes; BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; - BPF_STREAM_PARSER = whenAtLeast "4.19" yes; - XDP_SOCKETS = whenAtLeast "4.19" yes; + BPF_STREAM_PARSER = yes; + XDP_SOCKETS = yes; XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; WAN = yes; TCP_CONG_ADVANCED = yes; @@ -208,7 +208,7 @@ let IPV6_FOU_TUNNEL = module; IPV6_SEG6_LWTUNNEL = yes; IPV6_SEG6_HMAC = yes; - IPV6_SEG6_BPF = whenAtLeast "4.18" yes; + IPV6_SEG6_BPF = yes; NET_CLS_BPF = module; NET_ACT_BPF = module; NET_SCHED = yes; @@ -237,22 +237,17 @@ let NF_CONNTRACK_TIMEOUT = yes; NF_CONNTRACK_TIMESTAMP = yes; NETFILTER_NETLINK_GLUE_CT = yes; - NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; - NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; + NF_TABLES_INET = yes; + NF_TABLES_NETDEV = yes; NFT_REJECT_NETDEV = whenAtLeast "5.11" module; # IP: Netfilter Configuration - NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; - NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; + NF_TABLES_IPV4 = yes; + NF_TABLES_ARP = yes; # IPv6: Netfilter Configuration - NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; + NF_TABLES_IPV6 = yes; # Bridge Netfilter Configuration - NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) + NF_TABLES_BRIDGE = mkMerge [ (whenOlder "5.3" yes) (whenAtLeast "5.3" module) ]; # needed for `dropwatch` @@ -274,7 +269,7 @@ let # Kernel TLS TLS = module; - TLS_DEVICE = whenAtLeast "4.18" yes; + TLS_DEVICE = yes; # infiniband INFINIBAND = module; @@ -323,11 +318,13 @@ let FB_3DFX_ACCEL = yes; FB_VESA = yes; FRAMEBUFFER_CONSOLE = yes; - FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes; + FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes; FRAMEBUFFER_CONSOLE_ROTATION = yes; + FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes; FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; # On 5.14 this conflicts with FB_SIMPLE. DRM_SIMPLEDRM = whenAtLeast "5.14" no; + DRM_FBDEV_EMULATION = yes; }; fonts = { @@ -357,8 +354,7 @@ let # Allow device firmware updates DRM_DP_AUX_CHARDEV = yes; # amdgpu display core (DC) support - DRM_AMD_DC_DCN1_0 = whenBetween "4.15" "5.6" yes; - DRM_AMD_DC_PRE_VEGA = whenBetween "4.15" "4.18" yes; + DRM_AMD_DC_DCN1_0 = whenOlder "5.6" yes; DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes; DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes; DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes; @@ -368,8 +364,8 @@ let DRM_AMD_DC_SI = whenAtLeast "5.10" yes; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { # Intel GVT-g graphics virtualization supports 64-bit only - DRM_I915_GVT = whenAtLeast "4.16" yes; - DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module; + DRM_I915_GVT = yes; + DRM_I915_GVT_KVMGT = module; # Enable Hyper-V Synthetic DRM Driver DRM_HYPERV = whenAtLeast "5.14" module; } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { @@ -425,25 +421,9 @@ let usb-serial = { USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver - } // optionalAttrs (versionOlder version "4.16") { - # Include firmware for various USB serial devices. - # Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree. - USB_SERIAL_KEYSPAN_MPR = yes; - USB_SERIAL_KEYSPAN_USA28 = yes; - USB_SERIAL_KEYSPAN_USA28X = yes; - USB_SERIAL_KEYSPAN_USA28XA = yes; - USB_SERIAL_KEYSPAN_USA28XB = yes; - USB_SERIAL_KEYSPAN_USA19 = yes; - USB_SERIAL_KEYSPAN_USA18X = yes; - USB_SERIAL_KEYSPAN_USA19W = yes; - USB_SERIAL_KEYSPAN_USA19QW = yes; - USB_SERIAL_KEYSPAN_USA19QI = yes; - USB_SERIAL_KEYSPAN_USA49W = yes; - USB_SERIAL_KEYSPAN_USA49WLC = yes; }; usb = { - USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";}; USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) @@ -514,7 +494,6 @@ let CIFS_XATTR = yes; CIFS_POSIX = option yes; CIFS_FSCACHE = yes; - CIFS_STATS = whenOlder "4.19" yes; CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; CIFS_UPCALL = yes; CIFS_ACL = whenOlder "5.3" yes; @@ -569,7 +548,7 @@ let SECURITY_APPARMOR = yes; DEFAULT_SECURITY_APPARMOR = yes; - RANDOM_TRUST_CPU = whenOlder "6.2" (whenAtLeast "4.19" yes); # allow RDRAND to seed the RNG + RANDOM_TRUST_CPU = whenOlder "6.2" yes; # allow RDRAND to seed the RNG RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG MODULE_SIG = no; # r13y, generates a random key during build and bakes it in @@ -581,10 +560,15 @@ let PERSISTENT_KEYRINGS = yes; # enable temporary caching of the last request_key() result KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; - } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { + # randomized slab caches + RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; + + # NIST SP800-90A DRBG modes - enabled by most distributions + # and required by some out-of-tree modules (ShuffleCake) + # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. + CRYPTO_DRBG_HASH = yes; + CRYPTO_DRBG_CTR = yes; - # Detect buffer overflows on the stack - CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; @@ -596,9 +580,11 @@ let # AMD SME AMD_MEM_ENCRYPT = yes; # AMD SEV and AMD SEV-SE - KVM_AMD_SEV = whenAtLeast "4.16" yes; + KVM_AMD_SEV = yes; # AMD SEV-SNP SEV_GUEST = whenAtLeast "5.19" module; + # Shadow stacks + X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes; }; microcode = { @@ -702,7 +688,6 @@ let XEN_PVH = option yes; XEN_PVHVM = option yes; XEN_SAVE_RESTORE = option yes; - XEN_SCRUB_PAGES = whenOlder "4.19" yes; XEN_SELFBALLOONING = whenOlder "5.3" yes; # Enable device detection on virtio-mmio hypervisors @@ -737,7 +722,6 @@ let ZSWAP = option yes; ZPOOL = yes; ZBUD = option yes; - ZSMALLOC = module; }; brcmfmac = { @@ -756,40 +740,11 @@ let tests = { # This menu disables all/most of them on >= 4.16 RUNTIME_TESTING_MENU = option no; - } // optionalAttrs (versionOlder version "4.16") { - # For older kernels, painstakingly disable each symbol. - ARM_KPROBES_TEST = option no; - ASYNC_RAID6_TEST = option no; - ATOMIC64_SELFTEST = option no; - BACKTRACE_SELF_TEST = option no; - INTERVAL_TREE_TEST = option no; - PERCPU_TEST = option no; - RBTREE_TEST = option no; - TEST_BITMAP = option no; - TEST_BPF = option no; - TEST_FIRMWARE = option no; - TEST_HASH = option no; - TEST_HEXDUMP = option no; - TEST_KMOD = option no; - TEST_KSTRTOX = option no; - TEST_LIST_SORT = option no; - TEST_LKM = option no; - TEST_PARMAN = option no; - TEST_PRINTF = option no; - TEST_RHASHTABLE = option no; - TEST_SORT = option no; - TEST_STATIC_KEYS = option no; - TEST_STRING_HELPERS = option no; - TEST_UDELAY = option no; - TEST_USER_COPY = option no; - TEST_UUID = option no; } // { CRC32_SELFTEST = option no; CRYPTO_TEST = option no; EFI_TEST = option no; GLOB_SELFTEST = option no; - DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; - LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; LOCK_TORTURE_TEST = option no; MTD_TESTS = option no; NOTIFIER_ERROR_INJECTION = option no; @@ -801,23 +756,11 @@ let XZ_DEC_TEST = option no; }; - criu = if (versionAtLeast version "4.19") then { + criu = { # Unconditionally enabled, because it is required for CRIU and # it provides the kcmp() system call that Mesa depends on. CHECKPOINT_RESTORE = yes; - } else optionalAttrs (features.criu or false) ({ - # For older kernels, CHECKPOINT_RESTORE is hidden behind EXPERT. - EXPERT = yes; - CHECKPOINT_RESTORE = yes; - } // optionalAttrs (features.criu_revert_expert or true) { - RFKILL_INPUT = option yes; - HID_PICOLCD_FB = option yes; - HID_PICOLCD_BACKLIGHT = option yes; - HID_PICOLCD_LCD = option yes; - HID_PICOLCD_LEDS = option yes; - HID_PICOLCD_CIR = option yes; - DEBUG_MEMORY_INIT = option yes; - }); + }; misc = let # Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz. @@ -861,7 +804,6 @@ let PM_TRACE_RTC = no; # Disable some expensive (?) features. ACCESSIBILITY = yes; # Accessibility support AUXDISPLAY = yes; # Auxiliary Display support - DONGLE = whenOlder "4.17" yes; # Serial dongle support HIPPI = yes; MTD_COMPLEX_MAPPINGS = yes; # needed for many devices @@ -903,6 +845,8 @@ let CLEANCACHE = whenOlder "5.17" (option yes); CRASH_DUMP = option no; + FSCACHE_STATS = yes; + DVB_DYNAMIC_MINORS = option yes; # we use udev EFI_STUB = yes; # EFI bootloader in the bzImage itself @@ -917,7 +861,6 @@ let FUSION = yes; # Fusion MPT device support IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14 IDLE_PAGE_TRACKING = yes; - IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels @@ -939,7 +882,7 @@ let MLX5_CORE_EN = option yes; - NVME_MULTIPATH = whenAtLeast "4.15" yes; + NVME_MULTIPATH = yes; PSI = whenAtLeast "4.20" yes; @@ -1014,7 +957,7 @@ let X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes; X86_PLATFORM_DRIVERS_HP = whenAtLeast "6.1" yes; - LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ]; + LIRC = yes; SCHED_CORE = whenAtLeast "5.14" yes; @@ -1072,6 +1015,28 @@ let # Keeping it a built-in ensures it will be used if possible. FB_SIMPLE = yes; + # https://docs.kernel.org/arch/arm/mem_alignment.html + # tldr: + # when buggy userspace code emits illegal misaligned LDM, STM, + # LDRD and STRDs, the instructions trap, are caught, and then + # are emulated by the kernel. + # + # This is the default on armv7l, anyway, but it is explicitly + # enabled here for the sake of providing context for the + # aarch64 compat option which follows. + ALIGNMENT_TRAP = mkIf (stdenv.hostPlatform.system == "armv7l-linux") yes; + + # https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220701135322.3025321-1-ardb@kernel.org/ + # tldr: + # when encountering alignment faults under aarch64, this option + # makes the kernel attempt to handle the fault by doing the + # same style of misaligned emulation that is performed under + # armv7l (see above option). + # + # This minimizes the potential for aarch32 userspace to behave + # differently when run under aarch64 kernels compared to when + # it is run under an aarch32 kernel. + COMPAT_ALIGNMENT_FIXUPS = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "6.1" yes); } // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) { # Required for various hardware features on Chrome OS devices CHROME_PLATFORMS = yes; diff --git a/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/4.11.patch b/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/4.11.patch deleted file mode 100644 index 4e247e43289..00000000000 --- a/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/4.11.patch +++ /dev/null @@ -1,784 +0,0 @@ -commit 827b86ad1dd21feed4c0b99faf6059f245f7dadb -Author: Tejun Heo <tj@kernel.org> -Date: Fri Mar 11 07:31:23 2016 -0500 - - sched: Misc preps for cgroup unified hierarchy interface - - Make the following changes in preparation for the cpu controller - interface implementation for the unified hierarchy. This patch - doesn't cause any functional differences. - - * s/cpu_stats_show()/cpu_cfs_stats_show()/ - - * s/cpu_files/cpu_legacy_files/ - - * Separate out cpuacct_stats_read() from cpuacct_stats_show(). While - at it, make the @val array u64 for consistency. - - Signed-off-by: Tejun Heo <tj@kernel.org> - Cc: Ingo Molnar <mingo@redhat.com> - Cc: Peter Zijlstra <peterz@infradead.org> - Cc: Li Zefan <lizefan@huawei.com> - Cc: Johannes Weiner <hannes@cmpxchg.org> - -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 3b31fc05a0f1..a1b95e83fa87 100644 ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -7174,7 +7174,7 @@ static int __cfs_schedulable(struct task_group *tg, u64 period, u64 quota) - return ret; - } - --static int cpu_stats_show(struct seq_file *sf, void *v) -+static int cpu_cfs_stats_show(struct seq_file *sf, void *v) - { - struct task_group *tg = css_tg(seq_css(sf)); - struct cfs_bandwidth *cfs_b = &tg->cfs_bandwidth; -@@ -7214,7 +7214,7 @@ static u64 cpu_rt_period_read_uint(struct cgroup_subsys_state *css, - } - #endif /* CONFIG_RT_GROUP_SCHED */ - --static struct cftype cpu_files[] = { -+static struct cftype cpu_legacy_files[] = { - #ifdef CONFIG_FAIR_GROUP_SCHED - { - .name = "shares", -@@ -7235,7 +7235,7 @@ static struct cftype cpu_files[] = { - }, - { - .name = "stat", -- .seq_show = cpu_stats_show, -+ .seq_show = cpu_cfs_stats_show, - }, - #endif - #ifdef CONFIG_RT_GROUP_SCHED -@@ -7261,7 +7261,7 @@ struct cgroup_subsys cpu_cgrp_subsys = { - .fork = cpu_cgroup_fork, - .can_attach = cpu_cgroup_can_attach, - .attach = cpu_cgroup_attach, -- .legacy_cftypes = cpu_files, -+ .legacy_cftypes = cpu_legacy_files, - .early_init = true, - }; - -diff --git a/kernel/sched/cpuacct.c b/kernel/sched/cpuacct.c -index f95ab29a45d0..6151c23f722f 100644 ---- a/kernel/sched/cpuacct.c -+++ b/kernel/sched/cpuacct.c -@@ -276,26 +276,33 @@ static int cpuacct_all_seq_show(struct seq_file *m, void *V) - return 0; - } - --static int cpuacct_stats_show(struct seq_file *sf, void *v) -+static void cpuacct_stats_read(struct cpuacct *ca, -+ u64 (*val)[CPUACCT_STAT_NSTATS]) - { -- struct cpuacct *ca = css_ca(seq_css(sf)); -- s64 val[CPUACCT_STAT_NSTATS]; - int cpu; -- int stat; - -- memset(val, 0, sizeof(val)); -+ memset(val, 0, sizeof(*val)); -+ - for_each_possible_cpu(cpu) { - u64 *cpustat = per_cpu_ptr(ca->cpustat, cpu)->cpustat; - -- val[CPUACCT_STAT_USER] += cpustat[CPUTIME_USER]; -- val[CPUACCT_STAT_USER] += cpustat[CPUTIME_NICE]; -- val[CPUACCT_STAT_SYSTEM] += cpustat[CPUTIME_SYSTEM]; -- val[CPUACCT_STAT_SYSTEM] += cpustat[CPUTIME_IRQ]; -- val[CPUACCT_STAT_SYSTEM] += cpustat[CPUTIME_SOFTIRQ]; -+ (*val)[CPUACCT_STAT_USER] += cpustat[CPUTIME_USER]; -+ (*val)[CPUACCT_STAT_USER] += cpustat[CPUTIME_NICE]; -+ (*val)[CPUACCT_STAT_SYSTEM] += cpustat[CPUTIME_SYSTEM]; -+ (*val)[CPUACCT_STAT_SYSTEM] += cpustat[CPUTIME_IRQ]; -+ (*val)[CPUACCT_STAT_SYSTEM] += cpustat[CPUTIME_SOFTIRQ]; - } -+} -+ -+static int cpuacct_stats_show(struct seq_file *sf, void *v) -+{ -+ u64 val[CPUACCT_STAT_NSTATS]; -+ int stat; -+ -+ cpuacct_stats_read(css_ca(seq_css(sf)), &val); - - for (stat = 0; stat < CPUACCT_STAT_NSTATS; stat++) { -- seq_printf(sf, "%s %lld\n", -+ seq_printf(sf, "%s %llu\n", - cpuacct_stat_desc[stat], - (long long)nsec_to_clock_t(val[stat])); - } - -commit fdb64d002b3a223ce4bb11aa4448a42050470052 -Author: Tejun Heo <tj@kernel.org> -Date: Fri Mar 11 07:31:23 2016 -0500 - - sched: Implement interface for cgroup unified hierarchy - - While the cpu controller doesn't have any functional problems, there - are a couple interface issues which can be addressed in the v2 - interface. - - * cpuacct being a separate controller. This separation is artificial - and rather pointless as demonstrated by most use cases co-mounting - the two controllers. It also forces certain information to be - accounted twice. - - * Use of different time units. Writable control knobs use - microseconds, some stat fields use nanoseconds while other cpuacct - stat fields use centiseconds. - - * Control knobs which can't be used in the root cgroup still show up - in the root. - - * Control knob names and semantics aren't consistent with other - controllers. - - This patchset implements cpu controller's interface on the unified - hierarchy which adheres to the controller file conventions described - in Documentation/cgroups/unified-hierarchy.txt. Overall, the - following changes are made. - - * cpuacct is implictly enabled and disabled by cpu and its information - is reported through "cpu.stat" which now uses microseconds for all - time durations. All time duration fields now have "_usec" appended - to them for clarity. While this doesn't solve the double accounting - immediately, once majority of users switch to v2, cpu can directly - account and report the relevant stats and cpuacct can be disabled on - the unified hierarchy. - - Note that cpuacct.usage_percpu is currently not included in - "cpu.stat". If this information is actually called for, it can be - added later. - - * "cpu.shares" is replaced with "cpu.weight" and operates on the - standard scale defined by CGROUP_WEIGHT_MIN/DFL/MAX (1, 100, 10000). - The weight is scaled to scheduler weight so that 100 maps to 1024 - and the ratio relationship is preserved - if weight is W and its - scaled value is S, W / 100 == S / 1024. While the mapped range is a - bit smaller than the orignal scheduler weight range, the dead zones - on both sides are relatively small and covers wider range than the - nice value mappings. This file doesn't make sense in the root - cgroup and isn't create on root. - - * "cpu.cfs_quota_us" and "cpu.cfs_period_us" are replaced by "cpu.max" - which contains both quota and period. - - * "cpu.rt_runtime_us" and "cpu.rt_period_us" are replaced by - "cpu.rt.max" which contains both runtime and period. - - v2: cpu_stats_show() was incorrectly using CONFIG_FAIR_GROUP_SCHED for - CFS bandwidth stats and also using raw division for u64. Use - CONFIG_CFS_BANDWITH and do_div() instead. - - The semantics of "cpu.rt.max" is not fully decided yet. Dropped - for now. - - Signed-off-by: Tejun Heo <tj@kernel.org> - Cc: Ingo Molnar <mingo@redhat.com> - Cc: Peter Zijlstra <peterz@infradead.org> - Cc: Li Zefan <lizefan@huawei.com> - Cc: Johannes Weiner <hannes@cmpxchg.org> - -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index a1b95e83fa87..f01d56e58a1b 100644 ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -7253,6 +7253,139 @@ static struct cftype cpu_legacy_files[] = { - { } /* Terminate */ - }; - -+static int cpu_stats_show(struct seq_file *sf, void *v) -+{ -+ cpuacct_cpu_stats_show(sf); -+ -+#ifdef CONFIG_CFS_BANDWIDTH -+ { -+ struct task_group *tg = css_tg(seq_css(sf)); -+ struct cfs_bandwidth *cfs_b = &tg->cfs_bandwidth; -+ u64 throttled_usec; -+ -+ throttled_usec = cfs_b->throttled_time; -+ do_div(throttled_usec, NSEC_PER_USEC); -+ -+ seq_printf(sf, "nr_periods %d\n" -+ "nr_throttled %d\n" -+ "throttled_usec %llu\n", -+ cfs_b->nr_periods, cfs_b->nr_throttled, -+ throttled_usec); -+ } -+#endif -+ return 0; -+} -+ -+#ifdef CONFIG_FAIR_GROUP_SCHED -+static u64 cpu_weight_read_u64(struct cgroup_subsys_state *css, -+ struct cftype *cft) -+{ -+ struct task_group *tg = css_tg(css); -+ u64 weight = scale_load_down(tg->shares); -+ -+ return DIV_ROUND_CLOSEST_ULL(weight * CGROUP_WEIGHT_DFL, 1024); -+} -+ -+static int cpu_weight_write_u64(struct cgroup_subsys_state *css, -+ struct cftype *cftype, u64 weight) -+{ -+ /* -+ * cgroup weight knobs should use the common MIN, DFL and MAX -+ * values which are 1, 100 and 10000 respectively. While it loses -+ * a bit of range on both ends, it maps pretty well onto the shares -+ * value used by scheduler and the round-trip conversions preserve -+ * the original value over the entire range. -+ */ -+ if (weight < CGROUP_WEIGHT_MIN || weight > CGROUP_WEIGHT_MAX) -+ return -ERANGE; -+ -+ weight = DIV_ROUND_CLOSEST_ULL(weight * 1024, CGROUP_WEIGHT_DFL); -+ -+ return sched_group_set_shares(css_tg(css), scale_load(weight)); -+} -+#endif -+ -+static void __maybe_unused cpu_period_quota_print(struct seq_file *sf, -+ long period, long quota) -+{ -+ if (quota < 0) -+ seq_puts(sf, "max"); -+ else -+ seq_printf(sf, "%ld", quota); -+ -+ seq_printf(sf, " %ld\n", period); -+} -+ -+/* caller should put the current value in *@periodp before calling */ -+static int __maybe_unused cpu_period_quota_parse(char *buf, -+ u64 *periodp, u64 *quotap) -+{ -+ char tok[21]; /* U64_MAX */ -+ -+ if (!sscanf(buf, "%s %llu", tok, periodp)) -+ return -EINVAL; -+ -+ *periodp *= NSEC_PER_USEC; -+ -+ if (sscanf(tok, "%llu", quotap)) -+ *quotap *= NSEC_PER_USEC; -+ else if (!strcmp(tok, "max")) -+ *quotap = RUNTIME_INF; -+ else -+ return -EINVAL; -+ -+ return 0; -+} -+ -+#ifdef CONFIG_CFS_BANDWIDTH -+static int cpu_max_show(struct seq_file *sf, void *v) -+{ -+ struct task_group *tg = css_tg(seq_css(sf)); -+ -+ cpu_period_quota_print(sf, tg_get_cfs_period(tg), tg_get_cfs_quota(tg)); -+ return 0; -+} -+ -+static ssize_t cpu_max_write(struct kernfs_open_file *of, -+ char *buf, size_t nbytes, loff_t off) -+{ -+ struct task_group *tg = css_tg(of_css(of)); -+ u64 period = tg_get_cfs_period(tg); -+ u64 quota; -+ int ret; -+ -+ ret = cpu_period_quota_parse(buf, &period, "a); -+ if (!ret) -+ ret = tg_set_cfs_bandwidth(tg, period, quota); -+ return ret ?: nbytes; -+} -+#endif -+ -+static struct cftype cpu_files[] = { -+ { -+ .name = "stat", -+ .flags = CFTYPE_NOT_ON_ROOT, -+ .seq_show = cpu_stats_show, -+ }, -+#ifdef CONFIG_FAIR_GROUP_SCHED -+ { -+ .name = "weight", -+ .flags = CFTYPE_NOT_ON_ROOT, -+ .read_u64 = cpu_weight_read_u64, -+ .write_u64 = cpu_weight_write_u64, -+ }, -+#endif -+#ifdef CONFIG_CFS_BANDWIDTH -+ { -+ .name = "max", -+ .flags = CFTYPE_NOT_ON_ROOT, -+ .seq_show = cpu_max_show, -+ .write = cpu_max_write, -+ }, -+#endif -+ { } /* terminate */ -+}; -+ - struct cgroup_subsys cpu_cgrp_subsys = { - .css_alloc = cpu_cgroup_css_alloc, - .css_online = cpu_cgroup_css_online, -@@ -7262,7 +7395,15 @@ struct cgroup_subsys cpu_cgrp_subsys = { - .can_attach = cpu_cgroup_can_attach, - .attach = cpu_cgroup_attach, - .legacy_cftypes = cpu_legacy_files, -+ .dfl_cftypes = cpu_files, - .early_init = true, -+#ifdef CONFIG_CGROUP_CPUACCT -+ /* -+ * cpuacct is enabled together with cpu on the unified hierarchy -+ * and its stats are reported through "cpu.stat". -+ */ -+ .depends_on = 1 << cpuacct_cgrp_id, -+#endif - }; - - #endif /* CONFIG_CGROUP_SCHED */ -diff --git a/kernel/sched/cpuacct.c b/kernel/sched/cpuacct.c -index 6151c23f722f..fc1cf13c3af1 100644 ---- a/kernel/sched/cpuacct.c -+++ b/kernel/sched/cpuacct.c -@@ -347,6 +347,31 @@ static struct cftype files[] = { - { } /* terminate */ - }; - -+/* used to print cpuacct stats in cpu.stat on the unified hierarchy */ -+void cpuacct_cpu_stats_show(struct seq_file *sf) -+{ -+ struct cgroup_subsys_state *css; -+ u64 usage, val[CPUACCT_STAT_NSTATS]; -+ -+ css = cgroup_get_e_css(seq_css(sf)->cgroup, &cpuacct_cgrp_subsys); -+ -+ usage = cpuusage_read(css, seq_cft(sf)); -+ cpuacct_stats_read(css_ca(css), &val); -+ -+ val[CPUACCT_STAT_USER] *= TICK_NSEC; -+ val[CPUACCT_STAT_SYSTEM] *= TICK_NSEC; -+ do_div(usage, NSEC_PER_USEC); -+ do_div(val[CPUACCT_STAT_USER], NSEC_PER_USEC); -+ do_div(val[CPUACCT_STAT_SYSTEM], NSEC_PER_USEC); -+ -+ seq_printf(sf, "usage_usec %llu\n" -+ "user_usec %llu\n" -+ "system_usec %llu\n", -+ usage, val[CPUACCT_STAT_USER], val[CPUACCT_STAT_SYSTEM]); -+ -+ css_put(css); -+} -+ - /* - * charge this task's execution time to its accounting group. - * -diff --git a/kernel/sched/cpuacct.h b/kernel/sched/cpuacct.h -index ba72807c73d4..ddf7af466d35 100644 ---- a/kernel/sched/cpuacct.h -+++ b/kernel/sched/cpuacct.h -@@ -2,6 +2,7 @@ - - extern void cpuacct_charge(struct task_struct *tsk, u64 cputime); - extern void cpuacct_account_field(struct task_struct *tsk, int index, u64 val); -+extern void cpuacct_cpu_stats_show(struct seq_file *sf); - - #else - -@@ -14,4 +15,8 @@ cpuacct_account_field(struct task_struct *tsk, int index, u64 val) - { - } - -+static inline void cpuacct_cpu_stats_show(struct seq_file *sf) -+{ -+} -+ - #endif - -commit 8dde150866b8c433216105c50b7e889d5242d583 -Author: Tejun Heo <tj@kernel.org> -Date: Fri Aug 5 12:41:01 2016 -0400 - - cgroup: add documentation regarding CPU controller cgroup v2 support - - Signed-off-by: Tejun Heo <tj@kernel.org> - -diff --git a/Documentation/cgroup-v2-cpu.txt b/Documentation/cgroup-v2-cpu.txt -new file mode 100644 -index 000000000000..1ed7032d4472 ---- /dev/null -+++ b/Documentation/cgroup-v2-cpu.txt -@@ -0,0 +1,368 @@ -+ -+ -+CPU Controller on Control Group v2 -+ -+August, 2016 Tejun Heo <tj@kernel.org> -+ -+ -+While most controllers have support for cgroup v2 now, the CPU -+controller support is not upstream yet due to objections from the -+scheduler maintainers on the basic designs of cgroup v2. This -+document explains the current situation as well as an interim -+solution, and details the disagreements and arguments. The latest -+version of this document can be found at the following URL. -+ -+ https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu -+ -+This document was posted to the linux-kernel and cgroup mailing lists. -+Unfortunately, no consensus was reached as of Oct, 2016. The thread -+can be found at the following URL. -+ -+ http://lkml.kernel.org/r/20160805170752.GK2542@mtj.duckdns.org -+ -+ -+CONTENTS -+ -+1. Current Situation and Interim Solution -+2. Disagreements and Arguments -+ 2-1. Contentious Restrictions -+ 2-1-1. Process Granularity -+ 2-1-2. No Internal Process Constraint -+ 2-2. Impact on CPU Controller -+ 2-2-1. Impact of Process Granularity -+ 2-2-2. Impact of No Internal Process Constraint -+ 2-3. Arguments for cgroup v2 -+3. Way Forward -+4. References -+ -+ -+1. Current Situation and Interim Solution -+ -+All objections from the scheduler maintainers apply to cgroup v2 core -+design, and there are no known objections to the specifics of the CPU -+controller cgroup v2 interface. The only blocked part is changes to -+expose the CPU controller interface on cgroup v2, which comprises the -+following two patches: -+ -+ [1] sched: Misc preps for cgroup unified hierarchy interface -+ [2] sched: Implement interface for cgroup unified hierarchy -+ -+The necessary changes are superficial and implement the interface -+files on cgroup v2. The combined diffstat is as follows. -+ -+ kernel/sched/core.c | 149 +++++++++++++++++++++++++++++++++++++++++++++++-- -+ kernel/sched/cpuacct.c | 57 ++++++++++++------ -+ kernel/sched/cpuacct.h | 5 + -+ 3 files changed, 189 insertions(+), 22 deletions(-) -+ -+The patches are easy to apply and forward-port. The following git -+branch will always carry the two patches on top of the latest release -+of the upstream kernel. -+ -+ git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/cgroup-v2-cpu -+ -+There also are versioned branches going back to v4.4. -+ -+ git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/cgroup-v2-cpu-$KERNEL_VER -+ -+While it's difficult to tell whether the CPU controller support will -+be merged, there are crucial resource control features in cgroup v2 -+that are only possible due to the design choices that are being -+objected to, and every effort will be made to ease enabling the CPU -+controller cgroup v2 support out-of-tree for parties which choose to. -+ -+ -+2. Disagreements and Arguments -+ -+There have been several lengthy discussion threads [3][4] on LKML -+around the structural constraints of cgroup v2. The two that affect -+the CPU controller are process granularity and no internal process -+constraint. Both arise primarily from the need for common resource -+domain definition across different resources. -+ -+The common resource domain is a powerful concept in cgroup v2 that -+allows controllers to make basic assumptions about the structural -+organization of processes and controllers inside the cgroup hierarchy, -+and thus solve problems spanning multiple types of resources. The -+prime example for this is page cache writeback: dirty page cache is -+regulated through throttling buffered writers based on memory -+availability, and initiating batched write outs to the disk based on -+IO capacity. Tracking and controlling writeback inside a cgroup thus -+requires the direct cooperation of the memory and the IO controller. -+ -+This easily extends to other areas, such as CPU cycles consumed while -+performing memory reclaim or IO encryption. -+ -+ -+2-1. Contentious Restrictions -+ -+For controllers of different resources to work together, they must -+agree on a common organization. This uniform model across controllers -+imposes two contentious restrictions on the CPU controller: process -+granularity and the no-internal-process constraint. -+ -+ -+ 2-1-1. Process Granularity -+ -+ For memory, because an address space is shared between all threads -+ of a process, the terminal consumer is a process, not a thread. -+ Separating the threads of a single process into different memory -+ control domains doesn't make semantical sense. cgroup v2 ensures -+ that all controller can agree on the same organization by requiring -+ that threads of the same process belong to the same cgroup. -+ -+ There are other reasons to enforce process granularity. One -+ important one is isolating system-level management operations from -+ in-process application operations. The cgroup interface, being a -+ virtual filesystem, is very unfit for multiple independent -+ operations taking place at the same time as most operations have to -+ be multi-step and there is no way to synchronize multiple accessors. -+ See also [5] Documentation/cgroup-v2.txt, "R-2. Thread Granularity" -+ -+ -+ 2-1-2. No Internal Process Constraint -+ -+ cgroup v2 does not allow processes to belong to any cgroup which has -+ child cgroups when resource controllers are enabled on it (the -+ notable exception being the root cgroup itself). This is because, -+ for some resources, a resource domain (cgroup) is not directly -+ comparable to the terminal consumer (process/task) of said resource, -+ and so putting the two into a sibling relationship isn't meaningful. -+ -+ - Differing Control Parameters and Capabilities -+ -+ A cgroup controller has different resource control parameters and -+ capabilities from a terminal consumer, be that a task or process. -+ There are a couple cases where a cgroup control knob can be mapped -+ to a per-task or per-process API but they are exceptions and the -+ mappings aren't obvious even in those cases. -+ -+ For example, task priorities (also known as nice values) set -+ through setpriority(2) are mapped to the CPU controller -+ "cpu.shares" values. However, how exactly the two ranges map and -+ even the fact that they map to each other at all are not obvious. -+ -+ The situation gets further muddled when considering other resource -+ types and control knobs. IO priorities set through ioprio_set(2) -+ cannot be mapped to IO controller weights and most cgroup resource -+ control knobs including the bandwidth control knobs of the CPU -+ controller don't have counterparts in the terminal consumers. -+ -+ - Anonymous Resource Consumption -+ -+ For CPU, every time slice consumed from inside a cgroup, which -+ comprises most but not all of consumed CPU time for the cgroup, -+ can be clearly attributed to a specific task or process. Because -+ these two types of entities are directly comparable as consumers -+ of CPU time, it's theoretically possible to mix tasks and cgroups -+ on the same tree levels and let them directly compete for the time -+ quota available to their common ancestor. -+ -+ However, the same can't be said for resource types like memory or -+ IO: the memory consumed by the page cache, for example, can be -+ tracked on a per-cgroup level, but due to mismatches in lifetimes -+ of involved objects (page cache can persist long after processes -+ are gone), shared usages and the implementation overhead of -+ tracking persistent state, it can no longer be attributed to -+ individual processes after instantiation. Consequently, any IO -+ incurred by page cache writeback can be attributed to a cgroup, -+ but not to the individual consumers inside the cgroup. -+ -+ For memory and IO, this makes a resource domain (cgroup) an object -+ of a fundamentally different type than a terminal consumer -+ (process). A process can't be a first class object in the resource -+ distribution graph as its total resource consumption can't be -+ described without the containing resource domain. -+ -+ Disallowing processes in internal cgroups avoids competition between -+ cgroups and processes which cannot be meaningfully defined for these -+ resources. All resource control takes place among cgroups and a -+ terminal consumer interacts with the containing cgroup the same way -+ it would with the system without cgroup. -+ -+ Root cgroup is exempt from this constraint, which is in line with -+ how root cgroup is handled in general - it's excluded from cgroup -+ resource accounting and control. -+ -+ -+Enforcing process granularity and no internal process constraint -+allows all controllers to be on the same footing in terms of resource -+distribution hierarchy. -+ -+ -+2-2. Impact on CPU Controller -+ -+As indicated earlier, the CPU controller's resource distribution graph -+is the simplest. Every schedulable resource consumption can be -+attributed to a specific task. In addition, for weight based control, -+the per-task priority set through setpriority(2) can be translated to -+and from a per-cgroup weight. As such, the CPU controller can treat a -+task and a cgroup symmetrically, allowing support for any tree layout -+of cgroups and tasks. Both process granularity and the no internal -+process constraint restrict how the CPU controller can be used. -+ -+ -+ 2-2-1. Impact of Process Granularity -+ -+ Process granularity prevents tasks belonging to the same process to -+ be assigned to different cgroups. It was pointed out [6] that this -+ excludes the valid use case of hierarchical CPU distribution within -+ processes. -+ -+ To address this issue, the rgroup (resource group) [7][8][9] -+ interface, an extension of the existing setpriority(2) API, was -+ proposed, which is in line with other programmable priority -+ mechanisms and eliminates the risk of in-application configuration -+ and system configuration stepping on each other's toes. -+ Unfortunately, the proposal quickly turned into discussions around -+ cgroup v2 design decisions [4] and no consensus could be reached. -+ -+ -+ 2-2-2. Impact of No Internal Process Constraint -+ -+ The no internal process constraint disallows tasks from competing -+ directly against cgroups. Here is an excerpt from Peter Zijlstra -+ pointing out the issue [10] - R, L and A are cgroups; t1, t2, t3 and -+ t4 are tasks: -+ -+ -+ R -+ / | \ -+ t1 t2 A -+ / \ -+ t3 t4 -+ -+ -+ Is fundamentally different from: -+ -+ -+ R -+ / \ -+ L A -+ / \ / \ -+ t1 t2 t3 t4 -+ -+ -+ Because if in the first hierarchy you add a task (t5) to R, all of -+ its A will run at 1/4th of total bandwidth where before it had -+ 1/3rd, whereas with the second example, if you add our t5 to L, A -+ doesn't get any less bandwidth. -+ -+ -+ It is true that the trees are semantically different from each other -+ and the symmetric handling of tasks and cgroups is aesthetically -+ pleasing. However, it isn't clear what the practical usefulness of -+ a layout with direct competition between tasks and cgroups would be, -+ considering that number and behavior of tasks are controlled by each -+ application, and cgroups primarily deal with system level resource -+ distribution; changes in the number of active threads would directly -+ impact resource distribution. Real world use cases of such layouts -+ could not be established during the discussions. -+ -+ -+2-3. Arguments for cgroup v2 -+ -+There are strong demands for comprehensive hierarchical resource -+control across all major resources, and establishing a common resource -+hierarchy is an essential step. As with most engineering decisions, -+common resource hierarchy definition comes with its trade-offs. With -+cgroup v2, the trade-offs are in the form of structural constraints -+which, among others, restrict the CPU controller's space of possible -+configurations. -+ -+However, even with the restrictions, cgroup v2, in combination with -+rgroup, covers most of identified real world use cases while enabling -+new important use cases of resource control across multiple resource -+types that were fundamentally broken previously. -+ -+Furthermore, for resource control, treating resource domains as -+objects of a different type from terminal consumers has important -+advantages - it can account for resource consumptions which are not -+tied to any specific terminal consumer, be that a task or process, and -+allows decoupling resource distribution controls from in-application -+APIs. Even the CPU controller may benefit from it as the kernel can -+consume significant amount of CPU cycles in interrupt context or tasks -+shared across multiple resource domains (e.g. softirq). -+ -+Finally, it's important to note that enabling cgroup v2 support for -+the CPU controller doesn't block use cases which require the features -+which are not available on cgroup v2. Unlikely, but should anybody -+actually rely on the CPU controller's symmetric handling of tasks and -+cgroups, backward compatibility is and will be maintained by being -+able to disconnect the controller from the cgroup v2 hierarchy and use -+it standalone. This also holds for cpuset which is often used in -+highly customized configurations which might be a poor fit for common -+resource domains. -+ -+The required changes are minimal, the benefits for the target use -+cases are critical and obvious, and use cases which have to use v1 can -+continue to do so. -+ -+ -+3. Way Forward -+ -+cgroup v2 primarily aims to solve the problem of comprehensive -+hierarchical resource control across all major computing resources, -+which is one of the core problems of modern server infrastructure -+engineering. The trade-offs that cgroup v2 took are results of -+pursuing that goal and gaining a better understanding of the nature of -+resource control in the process. -+ -+I believe that real world usages will prove cgroup v2's model right, -+considering the crucial pieces of comprehensive resource control that -+cannot be implemented without common resource domains. This is not to -+say that cgroup v2 is fixed in stone and can't be updated; if there is -+an approach which better serves both comprehensive resource control -+and the CPU controller's flexibility, we will surely move towards -+that. It goes without saying that discussions around such approach -+should consider practical aspects of resource control as a whole -+rather than absolutely focusing on a particular controller. -+ -+Until such consensus can be reached, the CPU controller cgroup v2 -+support will be maintained out of the mainline kernel in an easily -+accessible form. If there is anything cgroup developers can do to -+ease the pain, please feel free to contact us on the cgroup mailing -+list at cgroups@vger.kernel.org. -+ -+ -+4. References -+ -+[1] http://lkml.kernel.org/r/20160105164834.GE5995@mtj.duckdns.org -+ [PATCH 1/2] sched: Misc preps for cgroup unified hierarchy interface -+ Tejun Heo <tj@kernel.org> -+ -+[2] http://lkml.kernel.org/r/20160105164852.GF5995@mtj.duckdns.org -+ [PATCH 2/2] sched: Implement interface for cgroup unified hierarchy -+ Tejun Heo <tj@kernel.org> -+ -+[3] http://lkml.kernel.org/r/1438641689-14655-4-git-send-email-tj@kernel.org -+ [PATCH 3/3] sched: Implement interface for cgroup unified hierarchy -+ Tejun Heo <tj@kernel.org> -+ -+[4] http://lkml.kernel.org/r/20160407064549.GH3430@twins.programming.kicks-ass.net -+ Re: [PATCHSET RFC cgroup/for-4.6] cgroup, sched: implement resource group and PRIO_RGRP -+ Peter Zijlstra <peterz@infradead.org> -+ -+[5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/cgroup-v2.txt -+ Control Group v2 -+ Tejun Heo <tj@kernel.org> -+ -+[6] http://lkml.kernel.org/r/CAPM31RJNy3jgG=DYe6GO=wyL4BPPxwUm1f2S6YXacQmo7viFZA@mail.gmail.com -+ Re: [PATCH 3/3] sched: Implement interface for cgroup unified hierarchy -+ Paul Turner <pjt@google.com> -+ -+[7] http://lkml.kernel.org/r/20160105154503.GC5995@mtj.duckdns.org -+ [RFD] cgroup: thread granularity support for cpu controller -+ Tejun Heo <tj@kernel.org> -+ -+[8] http://lkml.kernel.org/r/1457710888-31182-1-git-send-email-tj@kernel.org -+ [PATCHSET RFC cgroup/for-4.6] cgroup, sched: implement resource group and PRIO_RGRP -+ Tejun Heo <tj@kernel.org> -+ -+[9] http://lkml.kernel.org/r/20160311160522.GA24046@htj.duckdns.org -+ Example program for PRIO_RGRP -+ Tejun Heo <tj@kernel.org> -+ -+[10] http://lkml.kernel.org/r/20160407082810.GN3430@twins.programming.kicks-ass.net -+ Re: [PATCHSET RFC cgroup/for-4.6] cgroup, sched: implement resource -+ Peter Zijlstra <peterz@infradead.org> diff --git a/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/README.md b/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/README.md deleted file mode 100644 index b454e14801d..00000000000 --- a/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/README.md +++ /dev/null @@ -1,21 +0,0 @@ -Patches for CPU Controller on Control Group v2 -=============================================== - -See Tejun Heo's [explanation][1] for why these patches are currently -out-of-tree. - -Generating the patches ------------------------ - -In a linux checkout, with remote tc-cgroup pointing to -git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git, your -nixpkgs checkout in the same directory as your linux checkout (or -modify the command accordingly), and setting `ver` to the appropriate -version: - -```shell -$ ver=4.7 -$ git log --reverse --patch v$ver..remotes/tc-cgroup/cgroup-v2-cpu-v$ver > ../nixpkgs/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/$ver.patch -``` - -[1]: https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu diff --git a/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/default.nix b/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/default.nix deleted file mode 100644 index 5bef5633aa0..00000000000 --- a/pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -let - ents = builtins.readDir ./.; -in builtins.listToAttrs (builtins.filter (x: x != null) (map (name: let - match = builtins.match "(.*)\\.patch" name; -in if match == null then null else { - name = builtins.head match; - value = { - name = "cpu-cgroup-v2-${name}"; - patch = ./. + "/${name}"; - }; -}) (builtins.attrNames ents))) diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index a21890a38ca..df67005dd81 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -25,6 +25,10 @@ # Additional make flags passed to kbuild , extraMakeFlags ? [] +, # enables the options in ./common-config.nix; if `false` then only + # `structuredExtraConfig` is used + enableCommonConfig ? true + , # kernel intermediate config overrides, as a set structuredExtraConfig ? {} @@ -131,8 +135,6 @@ let platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; - # e.g. "bzImage" - kernelTarget = stdenv.hostPlatform.linux-kernel.target; makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; @@ -183,7 +185,9 @@ let moduleStructuredConfig = (lib.evalModules { modules = [ module + ] ++ lib.optionals enableCommonConfig [ { settings = commonStructuredConfig; _file = "pkgs/os-specific/linux/kernel/common-config.nix"; } + ] ++ [ { settings = structuredExtraConfig; _file = "structuredExtraConfig"; } ] ++ structuredConfigFromPatches diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index c7893abad21..d8f8bb2fa73 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,62 +2,62 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.325-hardened1.patch", - "sha256": "1mc1pyjjksg2f4189wyas55ax8czzhai2i3jc6n7l9jmfwj7xr9q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.325-hardened1/linux-hardened-4.14.325-hardened1.patch" + "name": "linux-hardened-4.14.328-hardened1.patch", + "sha256": "1qq2l4nwhxgl4drx6isc1ly892kffjq4hqb4zadqs6sxvsdm7x57", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.328-hardened1/linux-hardened-4.14.328-hardened1.patch" }, - "sha256": "117p1mdha57f6d3kdwac9jrbmib7g77q4xhir8ghl6fmrs1f2sav", - "version": "4.14.325" + "sha256": "1igcpvnhwwrczfdsafmszvi0456k7f6j4cgpfw6v6afw09p95d8x", + "version": "4.14.328" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.294-hardened1.patch", - "sha256": "1s70vz8rai1z440rmwzipwpq7wa7p2bvri43zmkbisrfggm1lz2r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.294-hardened1/linux-hardened-4.19.294-hardened1.patch" + "name": "linux-hardened-4.19.297-hardened1.patch", + "sha256": "1qj09bynl7ml880xpc2956jn0b1gmm77yf3jc45v3jq3610jhna4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.297-hardened1/linux-hardened-4.19.297-hardened1.patch" }, - "sha256": "03x0xsb8a369zdr81hg6xdl5n5v48k6iwnhj6r29725777lvvbfc", - "version": "4.19.294" + "sha256": "0c9xxqgv2i36hrr06dwz7f3idc04xpv0a5pxg08xdh03cnyf12cx", + "version": "4.19.297" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.195-hardened1.patch", - "sha256": "15liin3i9wh7hwr97pyc8rl79ri7frsprssl50si9z810zvc9chb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.195-hardened1/linux-hardened-5.10.195-hardened1.patch" + "name": "linux-hardened-5.10.199-hardened1.patch", + "sha256": "10vwd5wygfnxpbz15bq56pjygba3vqqal0d7xry2bch4p444pp5f", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.199-hardened1/linux-hardened-5.10.199-hardened1.patch" }, - "sha256": "0n4vg2i9sq89wnz85arlyvwysh9s83cgzs5bk2wh98bivi5fwfs1", - "version": "5.10.195" + "sha256": "1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0", + "version": "5.10.199" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.132-hardened1.patch", - "sha256": "06wkcbhkdm8vnk1cqwngy9gdknqm4pb4za9lbh2q5j1f2nkcn7pq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.132-hardened1/linux-hardened-5.15.132-hardened1.patch" + "name": "linux-hardened-5.15.137-hardened1.patch", + "sha256": "19gs1w380qgvazwjwhxypizpfx71faa7hsji0x5cgyw6vxhi6l1b", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.137-hardened1/linux-hardened-5.15.137-hardened1.patch" }, - "sha256": "1b0qjsaqjw2rk86shmmrj2aasblkn27acjmc761vnjg7sv2baxs1", - "version": "5.15.132" + "sha256": "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp", + "version": "5.15.137" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.256-hardened1.patch", - "sha256": "1rsp30g5xry5y95mz0i6walkcxj6abyrsaq3fwhz0ka6nq6g7w82", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.256-hardened1/linux-hardened-5.4.256-hardened1.patch" + "name": "linux-hardened-5.4.259-hardened1.patch", + "sha256": "1w8ipflgisd127gmx6wyz8p5qfi8cfd2a5j2xgibspkf45nzfwi8", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.259-hardened1/linux-hardened-5.4.259-hardened1.patch" }, - "sha256": "0fim5q9xakwnjfg48bpsic9r2r8dvrjlalqqkm9vh1rml9mhi967", - "version": "5.4.256" + "sha256": "195v4fidavzm637glj6580006mrcaygnbj4za874imb62bxf9rpz", + "version": "5.4.259" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.54-hardened1.patch", - "sha256": "0c8dmgciwc02pzhnx2mj5xlhds7mmicm8r6668di2zfw772rjgr4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.54-hardened1/linux-hardened-6.1.54-hardened1.patch" + "name": "linux-hardened-6.1.61-hardened1.patch", + "sha256": "0d9zhh32dx1q828q50kmznmsa6yinppbklhgg8ix7b7k23857ha6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.61-hardened1/linux-hardened-6.1.61-hardened1.patch" }, - "sha256": "09sfrq2l8f777mx2n9mhb6bgz1064bl04921byqnmk87si31w653", - "version": "6.1.54" + "sha256": "1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d", + "version": "6.1.61" }, "6.4": { "patch": { @@ -72,11 +72,11 @@ "6.5": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.5.4-hardened1.patch", - "sha256": "0r411dgp17am2bnfpk8lbzmymp6w9d5raz7hni0mw0kpcq6z996n", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.4-hardened1/linux-hardened-6.5.4-hardened1.patch" + "name": "linux-hardened-6.5.10-hardened1.patch", + "sha256": "0p2lj7ryiizr1sxvm2kgds3l8sg9fns35y2fcyqq61lg7ymzj1fi", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.10-hardened1/linux-hardened-6.5.10-hardened1.patch" }, - "sha256": "0s8nzd8yaq06bq8byk7aakbk95gh0rhlif26h1biw94v48anrxxx", - "version": "6.5.4" + "sha256": "12sswml8jvabv6bqx35lg3jj6gq8jjk365rghjngdy5d0j34jpx1", + "version": "6.5.10" } } diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 5d6a2eba966..ce54c298075 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -193,21 +193,14 @@ with open(HARDENED_PATCHES_PATH) as patches_file: # Get the set of currently packaged kernel versions. kernel_versions = {} -for filename in os.listdir(NIXPKGS_KERNEL_PATH): - filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) - if filename_match: - nix_version_expr = f""" - with import {NIXPKGS_PATH} {{}}; - (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version - """ - kernel_version_json = run( - "nix-instantiate", "--eval", "--system", "x86_64-linux", "--json", "--expr", nix_version_expr, - ).stdout - kernel_version = parse_version(json.loads(kernel_version_json)) - if kernel_version < MIN_KERNEL_VERSION: - continue - kernel_key = major_kernel_version_key(kernel_version) - kernel_versions[kernel_key] = kernel_version +with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as kernel_versions_json: + kernel_versions = json.load(kernel_versions_json) + for kernel_branch_str in kernel_versions: + if kernel_branch_str == "testing": continue + kernel_branch = [int(i) for i in kernel_branch_str.split(".")] + if kernel_branch < MIN_KERNEL_VERSION: continue + kernel_version = [int(i) for i in kernel_versions[kernel_branch_str]["version"].split(".")] + kernel_versions[kernel_branch_str] = kernel_version # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()): diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index ea31ad62891..94ab60aa67b 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -1,38 +1,38 @@ { "testing": { - "version": "6.6-rc3", - "hash": "sha256:1i0fii5lq8ij1y1pfypw08j4f7kv1nvj264x77mfcj1cjm1jx1zx" + "version": "6.7-rc1", + "hash": "sha256:1a071vvmm08sp48d0arqzcmqnz5xdb1vflfhxcqwmpzaabjrgadk" }, "6.5": { - "version": "6.5.5", - "hash": "sha256:15gg8sb6cfgk1afwj7fl7mj4nkj14w43vzwvw0qsg3nzyxwh7wcc" - }, - "6.4": { - "version": "6.4.16", - "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" + "version": "6.5.11", + "hash": "sha256:06dmb4hbwrms0lp4axphwgj8wbnzsym70sx55lxr501b53wlmqif" }, "6.1": { - "version": "6.1.55", - "hash": "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8" + "version": "6.1.62", + "hash": "sha256:1v453q4sf0j8708ivs1zmdf645hgimqvxfc8xz7czgnnmipn3zdr" }, "5.15": { - "version": "5.15.133", - "hash": "sha256:1paxzzcagc7s8i491zjny43rxhfamafyly438kj8hyw96iwmx17g" + "version": "5.15.138", + "hash": "sha256:1ajaxy97gx0c9cdxiyxa49ykfsykir22i9abfrcizh71ci0yb15g" }, "5.10": { - "version": "5.10.197", - "hash": "sha256:1awkm7lln5gf6kld9z5h4mg39bd778jsdswwlwb7iv7bn03lafhq" + "version": "5.10.200", + "hash": "sha256:012i41bj8rcqn0vhfxrwq3gg82nb6pp2cwq8n146wj47pwgrcbcx" }, "5.4": { - "version": "5.4.257", - "hash": "sha256:1w1x91slzg9ggakqhyxnmvz77v2cwfk8bz0knrpgz9qya9q5jxrf" + "version": "5.4.260", + "hash": "sha256:1zpbaipd2j3idj8h9iznlj0ywcq5nkhwj707a1f9ixf82h3q4c4q" }, "4.19": { - "version": "4.19.295", - "hash": "sha256:1b1qslpk1kka7nxam48s22xsqd9qmp716hmibgfsjxl5y3jc4cmp" + "version": "4.19.298", + "hash": "sha256:0mhgq6hdcls1af7nj999x1mds5b37s7vwin8nsb4q0lnx2y1da4x" }, "4.14": { - "version": "4.14.326", - "hash": "sha256:0y0lvzidw775mgx211wnc1c6223iqv8amz5y9jkz9h7l3l7y8p2m" + "version": "4.14.329", + "hash": "sha256:1dvb4xf0b7snabznl7bg7gga7ffdmywy8vr8q65pzl9yf6fnhdny" + }, + "6.6": { + "version": "6.6.1", + "hash": "sha256:0d42b1hbvv9w3y3q4wydr6il0g5a823n54a06p4p5vcpgkadf7ns" } } diff --git a/pkgs/os-specific/linux/kernel/linux-hardkernel-4.14.nix b/pkgs/os-specific/linux/kernel/linux-hardkernel-4.14.nix deleted file mode 100644 index 69bbdf648d2..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-hardkernel-4.14.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ buildPackages, fetchFromGitHub, fetchurl, perl, buildLinux, libelf, util-linux, kernelPatches ? [], ... } @ args: - -buildLinux (args // rec { - version = "4.14.180-176"; - - # modDirVersion needs to be x.y.z. - modDirVersion = "4.14.180"; - - # branchVersion needs to be x.y. - extraMeta.branch = "4.14"; - - src = fetchFromGitHub { - owner = "hardkernel"; - repo = "linux"; - rev = version; - sha256 = "0n7i7a2bkrm9p1wfr20h54cqm32fbjvwyn703r6zm1f6ivqhk43v"; - }; - - kernelPatches = args.kernelPatches ++ [{ - name = "usbip-tools-fno-common"; - patch = fetchurl { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5efc2e6b98fe661dbd8dd0d5d5bfb961728e57a"; - hash = "sha256-1CXYCV5zMLA4YdbCr8cO2N4CHEDzQChS9qbKYHPm3U4="; - }; - }]; - - defconfig = "odroidxu4_defconfig"; - - # This extraConfig is (only) required because the gator module fails to build as-is. - extraConfig = '' - - GATOR n - - # This attempted fix applies correctly but does not fix the build. - #GATOR_MALI_MIDGARD_PATH ${src}/drivers/gpu/arm/midgard - - '' + (args.extraConfig or ""); - - extraMeta.platforms = [ "armv7l-linux" ]; - -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index ef020b7eb56..9cf5f46cfb8 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19408"; - sha256 = "1bfpzdfd7k859ids5d5ixzn36c7f62gh2lw6gv4szwakw032gh9i"; + rev = "19441"; + sha256 = "1z0x8cw9nr7qf5qh3xjf6rg20q0i79bg71lik847sabyb6vcrk0z"; } , ... }: diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index eb2031b129d..65ca352b53b 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.180-rt89"; # updated by ./update-rt.sh + version = "5.10.199-rt97"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -17,14 +17,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0a8cicvcyl5w4vi7gxhgd59ny44gj9cbv4z5pnwn9jgny55rm0ys"; + sha256 = "1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "00m6psnjam26x70f8wpssvjp6v49dyllp356fpfbhjqmj7y142bm"; + sha256 = "13k7md0a63q4r5vqqvbszmg3kzp5np0hdaj1siyl4yvs9j78d03s"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix index 6d3955f2012..bc45a86905c 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.15.129-rt67"; # updated by ./update-rt.sh + version = "5.15.137-rt71"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0ribh1jalbnapfrjzjk5kqg6nypalkn5ayin5cwkwiziwiycj3km"; + sha256 = "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1qh2v8i2sa334mkfwx9k8jjvqpp21bj2wmvvdib8wfxbnjnj3vzy"; + sha256 = "11zk02ni3b0l1wwrfvyc1q92bd9as61hwgbwlj42xv5gbpd39jlw"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix index cd1249605ec..22e07bfd0f5 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.4.254-rt85"; # updated by ./update-rt.sh + version = "5.4.257-rt87"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -14,14 +14,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1iyrm2xql15ifhy2b939ywrrc44yd41b79sjjim4vqxmc6lqsq2i"; + sha256 = "1w1x91slzg9ggakqhyxnmvz77v2cwfk8bz0knrpgz9qya9q5jxrf"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0vq5lrqqy7yspznbbkla2cjakz7w1n8qvg31a856qs6abynwrw6x"; + sha256 = "0rgkk5ibagsyz9in12clzn7szsw1i3m96s8wy5yxwa26aaa2wki7"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix b/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix index f45926020b5..85c8a8b8a10 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "6.1.54-rt15"; # updated by ./update-rt.sh + version = "6.1.59-rt16"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "09sfrq2l8f777mx2n9mhb6bgz1064bl04921byqnmk87si31w653"; + sha256 = "1860r1aan258yi2jq68bp1kdbcyy7ygc7d8g54wnc0vmqqj7fzv2"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0ihdid1ihg26kjini66j87vh4220gl8xm9dai7zignha2zh238kh"; + sha256 = "1cmgw6a8zlj89172mp85lxaksz1pvc155mj2fq59l1ry35gwb5q7"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix index 0763ffda26b..c58c4e67e4d 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix @@ -6,27 +6,32 @@ # bcachefs-tools stores the expected-revision in: # https://evilpiepirate.org/git/bcachefs-tools.git/tree/.bcachefs_revision # but this does not means that it'll be the latest-compatible revision -, currentCommit ? "84f132d5696138bb038d2dc8f1162d2fab5ac832" -, diffHash ? "sha256-RaBWBU7rXjJFb1euFAFBHWCBQAG7npaCodjp/vMYpyw=" +, currentCommit ? "4d2faeb4fb58c389dc9f76b8d5ae991ef4497e04" +, diffHash ? "sha256-DtMc8P4lTRzvS6PVvD7WtWEPsfnxIXSpqMsKKWs+edI=" , kernelPatches # must always be defined in bcachefs' all-packages.nix entry because it's also a top-level attribute supplied by callPackage , argsOverride ? {} , ... } @ args: - # NOTE: bcachefs-tools should be updated simultaneously to preserve compatibility (kernel.override ( args // { - version = "${kernel.version}-bcachefs-unstable-${commitDate}"; - extraMeta = { - branch = "master"; - broken = stdenv.isAarch64; - maintainers = with lib.maintainers; [ davidak Madouura pedrohlc raitobezarius ]; - }; + argsOverride = { + version = "${kernel.version}-bcachefs-unstable-${commitDate}"; + modDirVersion = kernel.modDirVersion; + + extraMeta = { + homepage = "https://bcachefs.org/"; + branch = "master"; + maintainers = with lib.maintainers; [ davidak Madouura pedrohlc raitobezarius YellowOnion ]; + }; + } // argsOverride; structuredExtraConfig = with lib.kernel; { BCACHEFS_FS = module; BCACHEFS_QUOTA = option yes; BCACHEFS_POSIX_ACL = option yes; + # useful for bug reports + FTRACE = option yes; }; kernelPatches = [ { diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 7c3084d7ebd..2ba31fbc978 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod +, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod, ubootTools , fetchpatch }: @@ -117,11 +117,8 @@ let }); postPatch = '' - sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' - - # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern - # FIXME: remove when no longer needed - substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd + # Ensure that depmod gets resolved through PATH + sed -i Makefile -e 's|= /sbin/depmod|= depmod|' # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. # This way kernels can be bit-by-bit reproducible depending on settings @@ -332,9 +329,6 @@ let # Delete empty directories find -empty -type d -delete - - # Remove reference to kmod - sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' ''; requiredSystemFeatures = [ "big-parallel" ]; @@ -370,13 +364,11 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPat enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal ] - ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ubootTools ] ++ optional (lib.versionOlder version "5.8") libelf ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] ++ optional (lib.versionAtLeast version "5.8") elfutils - ++ optional (lib.versionAtLeast version "6.6") kmod ; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index ab3b4e56066..5d4ebc214dc 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -44,8 +44,6 @@ patch = ./modinst-arg-list-too-long.patch; }; - cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches; - hardened = let mkPatch = kernelVersion: { version, sha256, patch }: let src = patch; in { name = lib.removeSuffix ".patch" src.name; diff --git a/pkgs/os-specific/linux/kernel/update-mainline.py b/pkgs/os-specific/linux/kernel/update-mainline.py index df8257fa0ef..30b9ebec984 100755 --- a/pkgs/os-specific/linux/kernel/update-mainline.py +++ b/pkgs/os-specific/linux/kernel/update-mainline.py @@ -89,8 +89,8 @@ def main(): soup = BeautifulSoup(kernel_org.read().decode(), "lxml") release_table = soup.find(id="releases") if not release_table or isinstance(release_table, NavigableString): - print(release_table) - print("Failed to find the release table on https://kernel.org") + print(release_table, file=sys.stderr) + print("Failed to find the release table on https://kernel.org", file=sys.stderr) sys.exit(1) releases = release_table.find_all("tr") @@ -111,7 +111,7 @@ def main(): else: message = f"linux_{nixpkgs_branch}: {old_version} -> {kernel.version}" - print(message) + print(message, file=sys.stderr) all_kernels[branch] = { "version": kernel.version, diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index c3fd01670a2..4f967734d5e 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -2,15 +2,18 @@ let # These names are how they are designated in https://xanmod.org. + + # NOTE: When updating these, please also take a look at the changes done to + # kernel config in the xanmod version commit ltsVariant = { - version = "6.1.53"; - hash = "sha256-+70dp+zVOvfKJv9hEy3FpEs2ldrxHiWbokaUnXrNj5o="; + version = "6.1.62"; + hash = "sha256-fo5OQ/MZ+QVdCmLzX0OgFUBedfqrkqp+Ev081RVdtWw="; variant = "lts"; }; mainVariant = { - version = "6.5.3"; - hash = "sha256-2giaFyN3kWzQ9cl1mTM9ecSlwoQS+dm3/LvbTAHjZ/A="; + version = "6.5.11"; + hash = "sha256-1bb5LG6JvqX5eNSe2Xyu86HxaqkUVkKUf1H3T7bFkGE="; variant = "main"; }; @@ -26,33 +29,22 @@ let }; structuredExtraConfig = with lib.kernel; { - # AMD P-state driver - X86_AMD_PSTATE = lib.mkOverride 60 yes; - # Google's BBRv3 TCP congestion Control TCP_CONG_BBR = yes; DEFAULT_BBR = yes; - # FQ-PIE Packet Scheduling - NET_SCH_DEFAULT = yes; - DEFAULT_FQ_PIE = yes; - - # Futex WAIT_MULTIPLE implementation for Wine / Proton Fsync. - FUTEX = yes; - FUTEX_PI = yes; - # WineSync driver for fast kernel-backed Wine WINESYNC = module; - # Preemptive Full Tickless Kernel at 500Hz - HZ = freeform "500"; - HZ_500 = yes; + # Preemptive Full Tickless Kernel at 250Hz + HZ = freeform "250"; + HZ_250 = yes; HZ_1000 = no; }; extraMeta = { branch = lib.versions.majorMinor version; - maintainers = with lib.maintainers; [ fortuneteller2k lovesegfault atemu shawn8901 ]; + maintainers = with lib.maintainers; [ moni lovesegfault atemu shawn8901 zzzsy ]; description = "Built with custom settings and new features built to provide a stable, responsive and smooth desktop experience"; broken = stdenv.isAarch64; }; diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 13c8ca22c4e..456a6c7c27d 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.5.5"; #zen + version = "6.6.1"; #zen suffix = "zen1"; #zen - sha256 = "069hxkww14dpz7k5hd93qnv6clc0dkpd3ncf1wzr5k84a0i9syj8"; #zen + sha256 = "13m820wggf6pkp351w06mdn2lfcwbn08ydwksyxilqb88vmr0lpq"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.5.5"; #lqx - suffix = "lqx1"; #lqx - sha256 = "1sr23yjwl7sh58s5f9yy9ld163c5lm0qbn0gqg8bnkshx08r39h8"; #lqx + version = "6.5.11"; #lqx + suffix = "lqx2"; #lqx + sha256 = "0rak2ald95bwb5qlp8pf2g93a0gkv8rypiv5s8dpds3cilwmxrg9"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { @@ -102,7 +102,7 @@ let extraMeta = { branch = lib.versions.majorMinor version + "/master"; - maintainers = with lib.maintainers; [ thiagokokada ]; + maintainers = with lib.maintainers; [ thiagokokada jerrysm64 ]; description = "Built using the best configuration and kernel sources for desktop, multimedia, and gaming workloads." + lib.optionalString isLqx " (Same as linux_zen, but less aggressive release schedule and additional extra config)"; broken = stdenv.isAarch64; |