Commit graph

194 commits

Author SHA1 Message Date
Tuomas Tynkkynen
57c6fac3e9 kernel config: Enable IP_MULTICAST
This is lacking on ARM and causes libuv tests to fail.
2017-03-04 12:49:50 +02:00
Franz Pletz
49bdf9803a
linux: IPV6_FOU_TUNNEL is available since 4.7 2017-03-02 17:19:55 +01:00
Franz Pletz
75e85cae42
linux: enable FOU tunnels and VRF interfaces 2017-03-02 17:19:55 +01:00
Shea Levy
b191ac0d89 Revert "linux 4.10"
Somehow the tarball was actually linux 4.4.10

This reverts commit fea71f84d0.
2017-02-20 07:29:47 -05:00
Shea Levy
fea71f84d0 linux 4.10 2017-02-20 06:47:49 -05:00
Tuomas Tynkkynen
2bfd83ab6d platforms.nix: Add some aarch64-specific kernel config
This makes Raspberry Pi 3 and some Cavium ThunderX server hardware work.
2017-01-25 02:14:46 +02:00
Tuomas Tynkkynen
9fc3ce73d1 kernel config: Enable BONDING and TMPFS_POSIX_ACL
Yet again something that's lacking on other platforms than x86.
2017-01-18 01:21:08 +02:00
Thomas Tuegel
04d11637cb
linux_4_9: enable support for amdgpu on older chipsets
Linux 4.9 includes experimental amdgpu support for AMD Southern Islands
chipsets. (By default, only Sea Islands and newer chipsets are supported.)
Southern Islands chips will still use radeon by default, but daring users may
set `services.xserver.videoDrivers = [ "amdgpu" ];` to try the experimental
driver.
2017-01-15 16:29:50 -06:00
Bjørn Forsman
2077385421 kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13 kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.

Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tuomas Tynkkynen
74ecbbe4e3 kernel config: Ensure SECCOMP_FILTER is enabled
As noted in a97db109a2, SECCOMP_FILTER must be enabled or systemd gets
very unhappy.
2016-11-11 02:10:20 +02:00
Peter Hoeg
cb93b34999 SMB2 support for CIFS
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
Tim Steinbach
70c8de0536 Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
Tuomas Tynkkynen
59f12d9394 kernel config: Add some filesystem options
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".

Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
Tim Steinbach
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1 2016-10-18 11:19:46 -04:00
Aneesh Agrawal
f0602d2d36 kernel: Make SECURITY_YAMA optional
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c linux config: enable the Yama LSM (#14392)
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Alexander Ried
96fbdf8594 kernel: Disable RT_GROUP_SCHED
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Tim Steinbach
77e1be36b9
kernel-common: Add ZBUD, move ZSMALLOC into module space 2016-09-16 15:31:51 +00:00
Tuomas Tynkkynen
0c0188c5d2 kernel config: Explicitly enable some NLS-related things
Doesn't affect x86, but ARM can't mount VFAT filesystems without this on
a 3.18 kernel.
2016-09-13 17:06:13 +03:00
aszlig
42e1ec215e
linux/kernel: Remove MLX4_EN_VXLAN for 4.8
This option is no longer needed and has been removed in upstream commit
torvalds/linux@a831274a13.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
0bce188ec1
linux/kernel: Remove KVM_APIC_ARCHITECTURE for 4.8
The option is no longer needed and has been removed upstream in
torvalds/linux@557abc40d1.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
Joachim Fasting
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
Tuomas Tynkkynen
c004c6e14d kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
List of what to enable taken from https://lwn.net/Articles/672587/.
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
Gabriel Ebner
7b01df18a2 kernel: config: enable DRM_AMD_POWERPLAY 2016-08-26 08:45:49 +02:00
Tuomas Tynkkynen
bd68309643 kernel config: Enable SECCOMP
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Tuomas Tynkkynen
088bcf4ec4 kernel config: Fix 3.10, 3.12, 3.14 builds 2016-08-06 17:06:45 +03:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.

Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Franz Pletz
2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
obadz
927a984de6 kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build
cc @edolstra @dezgeg @domenkozar
2016-07-13 12:49:18 +02:00
Eelco Dolstra
ecc26d7a40 linux: Disable the old IDE subsystem
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
2016-07-11 15:05:21 +02:00
Eelco Dolstra
7b9c493d60 linux: Enable some kernel features
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.

Also removes some configuration conditional on kernel versions that we
no longer support.
2016-07-11 15:04:56 +02:00
Eelco Dolstra
1cd7dbc00b linux: Bump NR_CPUS
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
2016-07-11 14:32:18 +02:00
aszlig
566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0.

Built successfully on my Hydra instance:

https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv

Verified unpacked tarball with GnuPG:

ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886

gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg:                using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-07-04 10:46:48 +02:00
Joachim Fasting
4ae5eb97f1
kernel: set virtualization options regardless of grsec
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.

More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
2016-06-10 19:27:59 +02:00
Joachim Fasting
d8e4432fe2
kernel: unconditionally disable /dev/kmem
This was presumably set for grsecurity compatibility, but now appears
redundant.  Grsecurity does not expect nor require /dev/kmem to be
present and so it makes little sense to continue making its inclusion in
the standard kernel dependent on grsecurity.

More generally, given the large number of possible grsecurity
configurations, it is unclear what `features.grsecurity` even
*means* and its use should be discouraged.
2016-06-10 19:27:41 +02:00
Alexander Kjeldaas
4c99d22f19 kernel: set nx bit on module ro segments
Fixes #4757.
2016-06-03 15:41:47 +02:00
Tuomas Tynkkynen
7276417870 kernel config: Enable BINFMT_MISC
This is enabled in x86 builds but lacking on ARM.
2016-04-28 20:46:34 +03:00
Eelco Dolstra
4907fc9e8d Merge pull request #14509 from ragnard/bpf-tracing-kernel-config
linux: kernel config for extended BPF support
2016-04-07 11:01:34 +02:00
Ragnar Dahlén
961d1e847c linux: kernel config for extended BPF support
- Enable BPF_SYSCALL and BPF_EVENTS
- Build modules for NET_CLS_BPF and NET_ACT_BPF

With these config options we can leverage the full potential of BPF for
tracing and instrumenting Linux systems, for example using
libraries/tools like those provided by the bcc project.
2016-04-07 08:14:41 +01:00
Louis Taylor
695c2e4ee4 kernel-config: do not use NFSD_PNFS on >=4.6 2016-03-27 03:09:30 +01:00
Al Zohali
9d03355bed ChromiumOS kernel option fixup 2016-03-08 01:19:42 +03:00
Marko Poikonen
ede005ad3f Enabling Media PCI adapters (needed for PCI DVB cards) 2016-03-01 20:57:46 +01:00
Tuomas Tynkkynen
0e1319f03f linux-3.10: fixup config by a slightly hacky way
For explanation see:
https://github.com/NixOS/nixpkgs/pull/13405#issuecomment-188357637
2016-02-25 23:07:47 +01:00
Eelco Dolstra
48f51f1185 linux: Compress kernel modules
This reduces the kernel package from 185 to 62 MiB, for a neglible
boot time cost.
2016-02-01 18:19:23 +01:00
Lluís Batlle i Rossell
b2dc647c1e linux: adding PCI Expresscard Hotplug support 2016-02-01 11:07:08 +01:00
Nikolay Amiantov
29785c5b7a Merge pull request #12309 from zohl/chromiumos-kernel
Add ChromiumOS kernels
2016-01-23 13:13:59 +03:00
Al Zohali
ee9e7b7224 linux_chromiumos_3_18: init at 3.18.0
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
2016-01-13 22:43:19 +03:00
Lluís Batlle i Rossell
1792ca5810 Increasing mmc possible partitions from 8 to 32.
In kernel common config. I have a modern tablet with 18 gpt partitions
on eMMC (Android+Win10 dualboot).
2016-01-11 09:27:58 +01:00
Lluís Batlle i Rossell
be9ad574f7 Adding framebuffer console rotation to kernels.
This helps in some weird screens that otherwise show the console 90° turned.
2016-01-07 16:48:46 +01:00
Eelco Dolstra
e4b4e9b986 linux: Make Unix domain sockets builtin
This hopefully fixes intermittent initrd failures where udevd cannot
create a Unix domain socket:

  machine# running udev...
  machine# error getting socket: Address family not supported by protocol
  machine# error initializing udev control socket
  machine# error getting socket: Address family not supported by protocol

The "unix" kernel module is supposed to be loaded automatically, and
clearly that works most of the time, but maybe there is a race
somewhere. In any case, no sane person would run a kernel without Unix
domain sockets, so we may as well make it builtin.

http://hydra.nixos.org/build/30001448
2016-01-07 13:20:53 +01:00
William A. Kennington III
893179e9c1 linux-testing: Bump to 4.4-rc1 2015-11-17 17:21:25 -08:00
Brian McKenna
6668058a62 linux: add config options needed for a Bay Trail Chromebook
Close #10416.
Got /dev/mmcblk0 on a live CD with these options:

    X86_INTEL_LPSS y
    PINCTRL_BAYTRAIL y
2015-11-11 15:33:42 +01:00
Shea Levy
3c14c32975 Really disable the firmware loader user helper fallback 2015-10-30 13:31:51 -04:00
Shea Levy
a7157fa2f0 Remove firmware loader fallback.
Systemd dropped support in 207 (would be nice if configure failed with a bad flag),
so all this does is add an annoying delay if firmware can't be found by the kernel
2015-10-30 10:29:56 -04:00
Eelco Dolstra
d2918797bb linux: Fix i686 build 2015-10-28 11:09:59 +01:00
Eelco Dolstra
52c9e4415b linux: Support x2APIC
Without this, certain servers with lots of CPU cores would show only
one core.
2015-10-26 16:20:02 +01:00
Shea Levy
fc719c2437 Fix kernel config names for BRCMFMAC_* 2015-10-03 15:35:06 -04:00
Shea Levy
e7f0b0297d Linux: Enable PCIe and USB support for brcmfmac 2015-10-03 15:22:52 -04:00
Thomas Strobel
c720f06f7c linux kernel common config: re-enable NFC support
As test, Linux kernels were build successfully with NFC support for 3.18.x and
for 4.1.x.
2015-10-01 17:53:51 +02:00
William A. Kennington III
9fbbbd5b68 linux-testing: Update to 4.3.0-rc2 2015-09-21 14:38:49 -07:00
Eelco Dolstra
3ebe5f802b Remove references to /root/test-firmware
This is no longer supported by systemd.
2015-09-07 22:55:16 +02:00
Jonathan Rudenberg
921055b4a8 kernel: Enable DRM_LOAD_EDID_FIRMWARE
This allows specifying drm_kms_helper.edid_firmware to work around displays
that provide bad EDID data.

Documentation: https://www.osadl.org/Single-View.111+M5ec938a7b3b.0.html
2015-08-04 16:38:38 -04:00
Tuomas Tynkkynen
82d0acaf37 kernel-config: Explicitly enable NAMESPACES
Namespace support is required by the `unshare` tool used in
`nixos-install`. It's enabled by the x86 defconfig, but not by
e.g. multi_v7_defconfig. So enable it here so that `nixos-install`
can work on ARM.
2015-07-22 16:08:17 +03:00
Tuomas Tynkkynen
62b75c64d4 kernel-config: Fix 4.0 build on 32-bit
KVM_COMPAT apparently enables 32-bit compability syscalls for KVM, and
as such can be enabled only on a 64-bit system.

Resolves error http://hydra.nixos.org/build/23014132/nixlog/1/raw:
GOT: #
GOT: # configuration written to .config
GOT: #
GOT: make[1]: Leaving directory '/tmp/nix-build-linux-config-4.0.5.drv-0/build'
GOT: make: Leaving directory '/tmp/nix-build-linux-config-4.0.5.drv-0/linux-4.0.5'
unused option: KVM_COMPAT
builder for ‘/nix/store/7kskdvmzs116f1fm55ghm0crjniw9q0a-linux-config-4.0.5.drv’ failed with exit code 255
2015-06-10 00:28:01 +03:00
Tuomas Tynkkynen
6be70d17c0 kernel-config: Enable IKCONFIG so ARM gets /proc/config.gz
IKCONFIG must be enabled so IKCONFIG_PROC can be set. On x86 IKCONFIG
gets implicitly enabled by kernelAutoModules in platforms.nix. But ARM
doesn't use kernelAutoModules, so IKCONFIG_PROC won't get enabled
without this patch.
2015-06-04 11:28:35 +03:00
Tuomas Tynkkynen
9c2f2bc893 kernel-config: Enable FB_VESA and FRAMEBUFFER_CONSOLE
Commit 159fed47bc (nixos/grub: Fix video display on efi) changed BIOS
systems to start in non-text mode as well. Enable FB_VESA to get a
framebuffer console on BIOS systems. Change FRAMEBUFFER_CONSOLE to 'y'
instead of the default 'm' to so the user doesn't need to manually load
the fbcon module anymore.

Other distros have similar defaults, at least on Arch:
    CONFIG_FB_VESA=y
    CONFIG_FRAMEBUFFER_CONSOLE=y
and on Ubuntu (12.04):
    CONFIG_FB_VESA=m
    CONFIG_FRAMEBUFFER_CONSOLE=y

Fixes #8139
2015-06-04 11:26:20 +03:00
Shea Levy
8dbd385e1c kernel config: Fix grsecurity-specific config
Refs 13a38440c6
2015-05-18 14:32:29 -04:00
William A. Kennington III
ec1a281f0a kernel-config: Fix for i686 2015-05-17 03:02:44 -07:00
William A. Kennington III
13a38440c6 kernel-config: Grsecurity fixes 2015-05-15 18:38:15 -07:00
William A. Kennington III
bca69399a8 kernel-config: kvm changes 2015-05-15 18:38:15 -07:00
William A. Kennington III
7aae0f3115 kernel-config: mlx4-en enable vxlan offloading 2015-05-15 18:38:15 -07:00
William A. Kennington III
19d5b1e37a kernel-config: nfs changes 2015-05-15 18:38:14 -07:00
Tobias Geerinckx-Rice
8a2deb7abe linux: disable UEVENT_HELPER by default on versions >= 3.15 2015-04-06 14:00:03 +02:00
Domen Kožar
c31f1d99a5 fix linux 3.2/3.4 builds 2015-03-29 21:41:05 +02:00
Arseniy Seroka
a639c710ae Merge pull request #6968 from oxij/unquestionably-good
Easy to check to be unquestionably good changes
2015-03-28 13:16:13 +03:00
Jan Malakhovski
89bfacdf90 kernel: add a warning/note at the top of common-config so that people would hopefully stop breaking the older kernels 2015-03-26 12:43:42 +00:00
William A. Kennington III
4d47c0dd24 kernel-config: Add microcode support + early loading on new kernels 2015-03-25 11:30:03 -07:00
Mathijs Kwik
5cac50b3bf kernel: add support for experimental Realtek2800 models
tested with AVM Fritz wlan Stick N
2015-03-22 13:49:29 +01:00
William A. Kennington III
6437ad00f0 kernel/common-config: More fixes 2015-03-20 15:05:43 -07:00
William A. Kennington III
9dc8335294 kernel/common-config: Fix older kernels 2015-03-20 14:41:03 -07:00
Eelco Dolstra
ebef573641 Merge pull request #6476 from ts468/squashfs
Change kernel config: improve squashfs support of kernel
2015-03-12 21:41:53 +01:00
Eelco Dolstra
798e613e16 kernel: Enable kprobes and other tracing features
All of these should have minimal performance impact unless enabled at
runtime.
2015-03-11 17:14:37 +01:00
Thomas Strobel
0d1c39443b Change kernel config: improve squashfs support of kernel 2015-03-08 13:58:00 +01:00
Eelco Dolstra
3b9b620656 Revert "linux: disable UEVENT_HELPER*"
This reverts commit 9f87f3ccb0 because
it causes /proc/sys/kernel/hotplug to not be cleared on Linux <= 3.14.
2015-03-06 15:59:06 +01:00
Eelco Dolstra
c502efc72a linux: Enable Intel idle driver
Also build the performance governor into the kernel so there is a sane
default. Note that cpufreq.service will still load "ondemand" on
non-pstate systems.
2015-03-04 17:11:41 +01:00
Eelco Dolstra
26da67ff73 Kernel config: Separate power management and debugging 2015-03-04 17:10:47 +01:00
aszlig
791b970c6e
linux/kernel: Remove EXT2_FS_XIP for version 4.0.
The option has been removed in torvalds/linux@6cd176a and thus we
shouldn't try to set it for kernel version 4.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-03-04 15:42:44 +01:00
Eelco Dolstra
584ca36462 linux: Disable CONFIG_DEBUG_STACKOVERFLOW
This got enabled accidentally in
e64e3ad88a.
2015-03-02 23:36:05 +01:00
Tobias Geerinckx-Rice
9f87f3ccb0 linux: disable UEVENT_HELPER*
Deprecated since 2006: http://lwn.net/Articles/166954/
2015-03-01 03:31:59 +01:00
Thomas Strobel
eb97dc0013 Add kernel config for dom0 of Xen 2015-02-16 20:52:06 +01:00
Tobias Geerinckx-Rice
a43db5fa20 kernel: common-config.nix: enable FANOTIFY 2015-02-12 19:39:44 +01:00
Tobias Geerinckx-Rice
a5c072a610 kernel: common-config.nix: remove useless 'FTRACE n' before 'y' 2015-02-11 05:29:48 +01:00
aszlig
8ac1765e28
linux-testing: Update to version 3.19-rc5.
Using linux-testing for a bunch of machines, I'd actually expect it to
be more recent than the latest stable, but until now it actually was
behind.

Since torvalds/linux@464ed18ebd, the option
PM_RUNTIME doesn't exist anymore, so we need to remove it from our
common config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-22 09:56:37 +01:00
William A. Kennington III
e0098e8408 Revert "linux kernel: set VFIO_PCI_VGA to y for versions > 3.9"
This reverts commit 774486a149.
2015-01-07 10:55:06 -08:00
Jan Malakhovski
774486a149 linux kernel: set VFIO_PCI_VGA to y for versions > 3.9
This allows to passthrough PCI video adapters to KVM virtual machines.
VFIO_PCI is set to `m` by default, which means this will not affect
non-users.
2015-01-07 11:08:58 +00:00
Nikolay Amiantov
e9d868de63 kernel: enable intel_pstate 2015-01-06 03:07:32 +03:00
William A. Kennington III
557a3c92e3 kernel: Don't enable the iommu by default as this breaks for some hardware 2014-11-13 16:23:49 -08:00