From b9495de12eb949fd9d0ca3ebb9c9b862f2f6f786 Mon Sep 17 00:00:00 2001 From: Nicholas Sielicki Date: Sun, 17 Sep 2023 23:14:09 -0500 Subject: kernel/common-config: arm: configure alignment traps under armv7l, config.gz already had CONFIG_ALIGNMENT_TRAP=y, but explicitly enable it and provide some context for the option. under aarch64, on kernels that are new enough to support it, specify CONFIG_COMPAT_ALIGNMENT_FIXUPS=y to attempt to resolve alignment faults identically to how they are handled under 32-bit kernels. This minimizes the potential for aarch32 userspace to behave differently under an aarch64 kernel. --- pkgs/os-specific/linux/kernel/common-config.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2e558267736..b4d4d11772f 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -1071,6 +1071,28 @@ let # Keeping it a built-in ensures it will be used if possible. FB_SIMPLE = yes; + # https://docs.kernel.org/arch/arm/mem_alignment.html + # tldr: + # when buggy userspace code emits illegal misaligned LDM, STM, + # LDRD and STRDs, the instructions trap, are caught, and then + # are emulated by the kernel. + # + # This is the default on armv7l, anyway, but it is explicitly + # enabled here for the sake of providing context for the + # aarch64 compat option which follows. + ALIGNMENT_TRAP = mkIf (stdenv.hostPlatform.system == "armv7l-linux") yes; + + # https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220701135322.3025321-1-ardb@kernel.org/ + # tldr: + # when encountering alignment faults under aarch64, this option + # makes the kernel attempt to handle the fault by doing the + # same style of misaligned emulation that is performed under + # armv7l (see above option). + # + # This minimizes the potential for aarch32 userspace to behave + # differently when run under aarch64 kernels compared to when + # it is run under an aarch32 kernel. + COMPAT_ALIGNMENT_FIXUPS = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "6.1" yes); } // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) { # Required for various hardware features on Chrome OS devices CHROME_PLATFORMS = yes; -- cgit 1.4.1 From cedb1ed6a0c2958fc5d2d55d1d9184dd70393ad1 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 2 Nov 2023 06:15:47 +0000 Subject: conky: 1.19.5 -> 1.19.6 --- pkgs/os-specific/linux/conky/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/conky/default.nix b/pkgs/os-specific/linux/conky/default.nix index 0cd37f262cd..ab55839c340 100644 --- a/pkgs/os-specific/linux/conky/default.nix +++ b/pkgs/os-specific/linux/conky/default.nix @@ -67,13 +67,13 @@ with lib; stdenv.mkDerivation rec { pname = "conky"; - version = "1.19.5"; + version = "1.19.6"; src = fetchFromGitHub { owner = "brndnmtthws"; repo = "conky"; rev = "v${version}"; - hash = "sha256-m8tI68PUEkO+tWbcq8CF5TAiKqFU9kcXMbi6NszS7NE="; + hash = "sha256-L8YSbdk+qQl17L4IRajFD/AEWRXb2w7xH9sM9qPGrQo="; }; postPatch = '' -- cgit 1.4.1 From 69e722d34ac116e788fc8ebb9bf9508275f71fab Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:31:40 +0100 Subject: linux_6_5: 6.5.9 -> 6.5.10 --- pkgs/os-specific/linux/kernel/kernels-org.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index ab2775ab922..4a8a6e427bd 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -4,8 +4,8 @@ "hash": "sha256:1zzd32ya4hldfywicgpnc2cyd412s7q9c31qvxx2nl9nkx11xsxv" }, "6.5": { - "version": "6.5.9", - "hash": "sha256:1mcg0lpxr832mwyqlbn0s5gssvsk2nn2xhq9w0qbymizf5j2yrn6" + "version": "6.5.10", + "hash": "sha256:12sswml8jvabv6bqx35lg3jj6gq8jjk365rghjngdy5d0j34jpx1" }, "6.4": { "version": "6.4.16", -- cgit 1.4.1 From e24dff3751a05e4500b1d63965173de9bd9702f3 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:31:49 +0100 Subject: linux_6_1: 6.1.60 -> 6.1.61 --- pkgs/os-specific/linux/kernel/kernels-org.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 4a8a6e427bd..08222392499 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -12,8 +12,8 @@ "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" }, "6.1": { - "version": "6.1.60", - "hash": "sha256:02pvymr1dgd36mp7yikxqqv0sfrpwi1grnvxvx6jbbx6wmx0wljq" + "version": "6.1.61", + "hash": "sha256:1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d" }, "5.15": { "version": "5.15.137", -- cgit 1.4.1 From bc4f21aa64a945123da1f73c4e5d6ef48c972c6c Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:32:02 +0100 Subject: linux-rt_5_15: 5.15.133-rt70 -> 5.15.137-rt71 --- pkgs/os-specific/linux/kernel/linux-rt-5.15.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix index eadd57c1e3b..bc45a86905c 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.15.133-rt70"; # updated by ./update-rt.sh + version = "5.15.137-rt71"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1paxzzcagc7s8i491zjny43rxhfamafyly438kj8hyw96iwmx17g"; + sha256 = "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0n066vd63wm08dzpr0c79k2b454vslgwcjjhp8kh672j5acxii9p"; + sha256 = "11zk02ni3b0l1wwrfvyc1q92bd9as61hwgbwlj42xv5gbpd39jlw"; }; }; in [ rt-patch ] ++ kernelPatches; -- cgit 1.4.1 From fa5a4679344fc09bfb328701eae1082c58e303a5 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:32:26 +0100 Subject: linux_latest-libre: 19417 -> 19438 --- pkgs/os-specific/linux/kernel/linux-libre.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index b99a19bf9d0..e9af8a2be35 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19417"; - sha256 = "1m7zbc5hjjcckr271cg2vgpxmy9ih4hf54fsvmpz75j45lcqvqik"; + rev = "19438"; + sha256 = "14bdnxw23d0pl53b1rn7g69wn9a7hr6c0q8zd5p6j2aap0i7c4a4"; } , ... }: -- cgit 1.4.1 From 2f4c8347d0fce82100bff24969f47c22058779de Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:32:50 +0100 Subject: linux/hardened/patches/4.14: 4.14.327-hardened1 -> 4.14.328-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index a5ee8344b32..002ca79a797 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,12 +2,12 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.327-hardened1.patch", - "sha256": "0183jgdvp20mk6vmmn62mdmy75xp816lm3gg5dlpvg4aw9n5hiz9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.327-hardened1/linux-hardened-4.14.327-hardened1.patch" + "name": "linux-hardened-4.14.328-hardened1.patch", + "sha256": "1qq2l4nwhxgl4drx6isc1ly892kffjq4hqb4zadqs6sxvsdm7x57", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.328-hardened1/linux-hardened-4.14.328-hardened1.patch" }, - "sha256": "0nharfyxlr17yan86zrhlbq7idm0g3zvvvmy2zbw7m9dhgc8bw5z", - "version": "4.14.327" + "sha256": "1igcpvnhwwrczfdsafmszvi0456k7f6j4cgpfw6v6afw09p95d8x", + "version": "4.14.328" }, "4.19": { "patch": { -- cgit 1.4.1 From 3592931d285a8d67b5ea0ed7b2f251837eece58e Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:32:59 +0100 Subject: linux/hardened/patches/4.19: 4.19.296-hardened1 -> 4.19.297-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 002ca79a797..1ada6b757bb 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -12,12 +12,12 @@ "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.296-hardened1.patch", - "sha256": "0yzxnh2gdrbz9dspw3xbsrqhcdsk0pl938w229kccps9klg9s7lb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.296-hardened1/linux-hardened-4.19.296-hardened1.patch" + "name": "linux-hardened-4.19.297-hardened1.patch", + "sha256": "1qj09bynl7ml880xpc2956jn0b1gmm77yf3jc45v3jq3610jhna4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.297-hardened1/linux-hardened-4.19.297-hardened1.patch" }, - "sha256": "1bk051canr4fb00j6x9ff2wam2f20whw4h4z767x2cn2kmv6cqb3", - "version": "4.19.296" + "sha256": "0c9xxqgv2i36hrr06dwz7f3idc04xpv0a5pxg08xdh03cnyf12cx", + "version": "4.19.297" }, "5.10": { "patch": { -- cgit 1.4.1 From 9d0b5b695887e71198ec3f7ce6fa06212814e33e Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:33:09 +0100 Subject: linux/hardened/patches/5.10: 5.10.198-hardened1 -> 5.10.199-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 1ada6b757bb..dd7179e619c 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -22,12 +22,12 @@ "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.198-hardened1.patch", - "sha256": "0xvpq41nslrdz7w39glswibj6aywny06rvxwqks2sgcbwbggldi6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.198-hardened1/linux-hardened-5.10.198-hardened1.patch" + "name": "linux-hardened-5.10.199-hardened1.patch", + "sha256": "10vwd5wygfnxpbz15bq56pjygba3vqqal0d7xry2bch4p444pp5f", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.199-hardened1/linux-hardened-5.10.199-hardened1.patch" }, - "sha256": "01gsw96anw44nh8ii3zipp6vh61m1n8yf0bv2fzznr23k771y51b", - "version": "5.10.198" + "sha256": "1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0", + "version": "5.10.199" }, "5.15": { "patch": { -- cgit 1.4.1 From eda6a1156835af5833335cab131155fe73f2c838 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:33:19 +0100 Subject: linux/hardened/patches/5.15: 5.15.136-hardened1 -> 5.15.137-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index dd7179e619c..8b0f9461431 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -32,12 +32,12 @@ "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.136-hardened1.patch", - "sha256": "11cw8pqcjqbmxgkqh42p58q1pi6m684qjyjf7fcw2bip8jdbvqk7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.136-hardened1/linux-hardened-5.15.136-hardened1.patch" + "name": "linux-hardened-5.15.137-hardened1.patch", + "sha256": "19gs1w380qgvazwjwhxypizpfx71faa7hsji0x5cgyw6vxhi6l1b", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.137-hardened1/linux-hardened-5.15.137-hardened1.patch" }, - "sha256": "1f5cxrair8qycjcc931kcdsarbrph32ypdyhrws8sw74gvzbj966", - "version": "5.15.136" + "sha256": "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp", + "version": "5.15.137" }, "5.4": { "patch": { -- cgit 1.4.1 From 5ec6ea53c51dd593caf97d0a74fb49d7142ca2e8 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:33:29 +0100 Subject: linux/hardened/patches/5.4: 5.4.258-hardened1 -> 5.4.259-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 8b0f9461431..144ff1e8c7b 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -42,12 +42,12 @@ "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.258-hardened1.patch", - "sha256": "1c6m65m3cjx1nbaqilkiqhwb143rd2zwy8mkxxdrm1916cs5hvbk", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.258-hardened1/linux-hardened-5.4.258-hardened1.patch" + "name": "linux-hardened-5.4.259-hardened1.patch", + "sha256": "1w8ipflgisd127gmx6wyz8p5qfi8cfd2a5j2xgibspkf45nzfwi8", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.259-hardened1/linux-hardened-5.4.259-hardened1.patch" }, - "sha256": "0gk2xav1ng565l1qsqlr8ja6m4j5g8rfj66vad1fmdd1lwaihw1r", - "version": "5.4.258" + "sha256": "195v4fidavzm637glj6580006mrcaygnbj4za874imb62bxf9rpz", + "version": "5.4.259" }, "6.1": { "patch": { -- cgit 1.4.1 From 95acdf3422940b563dfeb979cef444979abfd4b9 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 2 Nov 2023 11:33:39 +0100 Subject: linux/hardened/patches/6.1: 6.1.59-hardened1 -> 6.1.60-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 144ff1e8c7b..33b7f88493d 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -52,12 +52,12 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.59-hardened1.patch", - "sha256": "19x0hc3h80r5i3lm09pky5i4hzapd8p53hr9hqk3g6yaj4k24h9q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.59-hardened1/linux-hardened-6.1.59-hardened1.patch" + "name": "linux-hardened-6.1.60-hardened1.patch", + "sha256": "1k0807jpjljf2fcjxnmvd9rb8y8xqj21x2qn4yd72c58jkii52qq", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.60-hardened1/linux-hardened-6.1.60-hardened1.patch" }, - "sha256": "1860r1aan258yi2jq68bp1kdbcyy7ygc7d8g54wnc0vmqqj7fzv2", - "version": "6.1.59" + "sha256": "02pvymr1dgd36mp7yikxqqv0sfrpwi1grnvxvx6jbbx6wmx0wljq", + "version": "6.1.60" }, "6.5": { "patch": { -- cgit 1.4.1 From e00c606455cef66797d48b3a145e913b509a4077 Mon Sep 17 00:00:00 2001 From: André Vitor de Lima Matos Date: Wed, 1 Nov 2023 11:58:54 -0300 Subject: kernel: fix framebuffer console after 6.6 These options were already enabled in previous versions, but Kconfig changes in 6.6 made NixOS kernel disable them. Therefore, we enable unconditionally, to be explicit that they're needed. Without them, the fbcon/console on systems with DRM devices freeze/blank on early boot, even though the system boots normally. --- pkgs/os-specific/linux/kernel/common-config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 0f59d3ac7aa..4e366a87d09 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -320,9 +320,11 @@ let FRAMEBUFFER_CONSOLE = yes; FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes; FRAMEBUFFER_CONSOLE_ROTATION = yes; + FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes; FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; # On 5.14 this conflicts with FB_SIMPLE. DRM_SIMPLEDRM = whenAtLeast "5.14" no; + DRM_FBDEV_EMULATION = yes; }; fonts = { -- cgit 1.4.1