pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / kernel / common-config.nix
at 22.05-pre 930 lines 37 kB view raw
1# WARNING/NOTE: whenever you want to add an option here you need to either 2# * mark it as an optional one with `option`, 3# * or make sure it works for all the versions in nixpkgs, 4# * or check for which kernel versions it will work (using kernel 5# changelog, google or whatever) and mark it with `whenOlder` or 6# `whenAtLeast`. 7# Then do test your change by building all the kernels (or at least 8# their configs) in Nixpkgs or else you will guarantee lots and lots 9# of pain to users trying to switch to an older kernel because of some 10# hardware problems with a new one. 11 12# Configuration 13{ lib, stdenv, version 14 15, features ? {} 16}: 17 18with lib; 19with lib.kernel; 20with (lib.kernel.whenHelpers version); 21 22let 23 24 25 # configuration items have to be part of a subattrs 26 flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); 27 28 whenPlatformHasEBPFJit = 29 mkIf (stdenv.hostPlatform.isAarch32 || 30 stdenv.hostPlatform.isAarch64 || 31 stdenv.hostPlatform.isx86_64 || 32 (stdenv.hostPlatform.isPowerPC && stdenv.hostPlatform.is64bit) || 33 (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit)); 34 35 options = { 36 37 debug = { 38 # Necessary for BTF 39 DEBUG_INFO = mkMerge [ 40 (whenOlder "5.2" (if (features.debug or false) then yes else no)) 41 (whenAtLeast "5.2" yes) 42 ]; 43 DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes); 44 DEBUG_KERNEL = yes; 45 DEBUG_DEVRES = no; 46 DYNAMIC_DEBUG = yes; 47 TIMER_STATS = whenOlder "4.11" yes; 48 DEBUG_NX_TEST = whenOlder "4.11" no; 49 DEBUG_STACK_USAGE = no; 50 DEBUG_STACKOVERFLOW = option no; 51 RCU_TORTURE_TEST = no; 52 SCHEDSTATS = no; 53 DETECT_HUNG_TASK = yes; 54 CRASH_DUMP = option no; 55 # Easier debugging of NFS issues. 56 SUNRPC_DEBUG = yes; 57 # Provide access to tunables like sched_migration_cost_ns 58 SCHED_DEBUG = yes; 59 }; 60 61 power-management = { 62 PM_ADVANCED_DEBUG = yes; 63 X86_INTEL_LPSS = yes; 64 X86_INTEL_PSTATE = yes; 65 INTEL_IDLE = yes; 66 CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes; 67 CPU_FREQ_GOV_SCHEDUTIL = whenAtLeast "4.9" yes; 68 PM_WAKELOCKS = yes; 69 # Power-capping framework and support for INTEL RAPL 70 POWERCAP = yes; 71 INTEL_RAPL = whenAtLeast "5.3" module; 72 }; 73 74 external-firmware = { 75 # Support drivers that need external firmware. 76 STANDALONE = no; 77 }; 78 79 proc-config-gz = { 80 # Make /proc/config.gz available 81 IKCONFIG = yes; 82 IKCONFIG_PROC = yes; 83 }; 84 85 optimization = { 86 # Optimize with -O2, not -Os 87 CC_OPTIMIZE_FOR_SIZE = no; 88 }; 89 90 memtest = { 91 MEMTEST = yes; 92 }; 93 94 # Include the CFQ I/O scheduler in the kernel, rather than as a 95 # module, so that the initrd gets a good I/O scheduler. 96 scheduler = { 97 IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 98 BLK_CGROUP = yes; # required by CFQ" 99 BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes; 100 BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes; 101 IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1 102 MQ_IOSCHED_DEADLINE = whenAtLeast "4.11" yes; 103 BFQ_GROUP_IOSCHED = whenAtLeast "4.12" yes; 104 MQ_IOSCHED_KYBER = whenAtLeast "4.12" yes; 105 IOSCHED_BFQ = whenAtLeast "4.12" module; 106 }; 107 108 # Enable NUMA. 109 numa = { 110 NUMA = option yes; 111 }; 112 113 networking = { 114 NET = yes; 115 IP_ADVANCED_ROUTER = yes; 116 IP_PNP = no; 117 IP_VS_PROTO_TCP = yes; 118 IP_VS_PROTO_UDP = yes; 119 IP_VS_PROTO_ESP = yes; 120 IP_VS_PROTO_AH = yes; 121 IP_VS_IPV6 = yes; 122 IP_DCCP_CCID3 = no; # experimental 123 CLS_U32_PERF = yes; 124 CLS_U32_MARK = yes; 125 BPF_JIT = whenPlatformHasEBPFJit yes; 126 BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 127 HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; 128 BPF_STREAM_PARSER = whenAtLeast "4.19" yes; 129 XDP_SOCKETS = whenAtLeast "4.19" yes; 130 XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; 131 WAN = yes; 132 TCP_CONG_ADVANCED = yes; 133 TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 134 # Required by systemd per-cgroup firewalling 135 CGROUP_BPF = option yes; 136 CGROUP_NET_PRIO = yes; # Required by systemd 137 IP_ROUTE_VERBOSE = yes; 138 IP_MROUTE_MULTIPLE_TABLES = yes; 139 IP_MULTICAST = yes; 140 IP_MULTIPLE_TABLES = yes; 141 IPV6 = yes; 142 IPV6_ROUTER_PREF = yes; 143 IPV6_ROUTE_INFO = yes; 144 IPV6_OPTIMISTIC_DAD = yes; 145 IPV6_MULTIPLE_TABLES = yes; 146 IPV6_SUBTREES = yes; 147 IPV6_MROUTE = yes; 148 IPV6_MROUTE_MULTIPLE_TABLES = yes; 149 IPV6_PIMSM_V2 = yes; 150 IPV6_FOU_TUNNEL = whenAtLeast "4.7" module; 151 IPV6_SEG6_LWTUNNEL = whenAtLeast "4.10" yes; 152 IPV6_SEG6_HMAC = whenAtLeast "4.10" yes; 153 IPV6_SEG6_BPF = whenAtLeast "4.18" yes; 154 NET_CLS_BPF = whenAtLeast "4.4" module; 155 NET_ACT_BPF = whenAtLeast "4.4" module; 156 NET_SCHED = yes; 157 L2TP_V3 = yes; 158 L2TP_IP = module; 159 L2TP_ETH = module; 160 BRIDGE_VLAN_FILTERING = yes; 161 BONDING = module; 162 NET_L3_MASTER_DEV = option yes; 163 NET_FOU_IP_TUNNELS = option yes; 164 IP_NF_TARGET_REDIRECT = module; 165 166 PPP_MULTILINK = yes; # PPP multilink support 167 PPP_FILTER = yes; 168 169 # needed for iwd WPS support (wpa_supplicant replacement) 170 KEY_DH_OPERATIONS = whenAtLeast "4.7" yes; 171 172 # needed for nftables 173 # Networking Options 174 NETFILTER = yes; 175 NETFILTER_ADVANCED = yes; 176 # Core Netfilter Configuration 177 NF_CONNTRACK_ZONES = yes; 178 NF_CONNTRACK_EVENTS = yes; 179 NF_CONNTRACK_TIMEOUT = yes; 180 NF_CONNTRACK_TIMESTAMP = yes; 181 NETFILTER_NETLINK_GLUE_CT = yes; 182 NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module) 183 (whenAtLeast "4.17" yes) ]; 184 NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module) 185 (whenAtLeast "4.17" yes) ]; 186 NFT_REJECT_NETDEV = whenAtLeast "5.11" module; 187 188 # IP: Netfilter Configuration 189 NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module) 190 (whenAtLeast "4.17" yes) ]; 191 NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module) 192 (whenAtLeast "4.17" yes) ]; 193 # IPv6: Netfilter Configuration 194 NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module) 195 (whenAtLeast "4.17" yes) ]; 196 # Bridge Netfilter Configuration 197 NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) 198 (whenAtLeast "5.3" module) ]; 199 200 # needed for `dropwatch` 201 # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 202 NET_DROP_MONITOR = yes; 203 204 # needed for ss 205 # Use a lower priority to allow these options to be overridden in hardened/config.nix 206 INET_DIAG = mkDefault module; 207 INET_TCP_DIAG = mkDefault module; 208 INET_UDP_DIAG = mkDefault module; 209 INET_RAW_DIAG = whenAtLeast "4.14" (mkDefault module); 210 INET_DIAG_DESTROY = whenAtLeast "4.9" (mkDefault yes); 211 212 # enable multipath-tcp 213 MPTCP = whenAtLeast "5.6" yes; 214 MPTCP_IPV6 = whenAtLeast "5.6" yes; 215 INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module); 216 217 # Kernel TLS 218 TLS = whenAtLeast "4.13" module; 219 TLS_DEVICE = whenAtLeast "4.18" yes; 220 }; 221 222 wireless = { 223 CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build 224 IPW2100_MONITOR = option yes; # support promiscuous mode 225 IPW2200_MONITOR = option yes; # support promiscuous mode 226 HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver 227 HOSTAP_FIRMWARE_NVRAM = option yes; 228 ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus 229 ATH9K_AHB = option yes; # Ditto, AHB bus 230 B43_PHY_HT = option yes; 231 BCMA_HOST_PCI = option yes; 232 RTW88 = whenAtLeast "5.2" module; 233 RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; 234 RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; 235 }; 236 237 fb = { 238 FB = yes; 239 FB_EFI = yes; 240 FB_NVIDIA_I2C = yes; # Enable DDC Support 241 FB_RIVA_I2C = yes; 242 FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support 243 FB_ATY_GX = yes; # Mach64 GX support 244 FB_SAVAGE_I2C = yes; 245 FB_SAVAGE_ACCEL = yes; 246 FB_SIS_300 = yes; 247 FB_SIS_315 = yes; 248 FB_3DFX_ACCEL = yes; 249 FB_VESA = yes; 250 FRAMEBUFFER_CONSOLE = yes; 251 FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes; 252 FRAMEBUFFER_CONSOLE_ROTATION = yes; 253 FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; 254 # On 5.14 this conflicts with FB_SIMPLE. 255 DRM_SIMPLEDRM = whenAtLeast "5.14" no; 256 }; 257 258 video = { 259 # Allow specifying custom EDID on the kernel command line 260 DRM_LOAD_EDID_FIRMWARE = yes; 261 VGA_SWITCHEROO = yes; # Hybrid graphics support 262 DRM_GMA500 = whenAtLeast "5.12" module; 263 DRM_GMA600 = whenOlder "5.13" yes; 264 DRM_GMA3600 = whenOlder "5.12" yes; 265 DRM_VMWGFX_FBCON = yes; 266 # necessary for amdgpu polaris support 267 DRM_AMD_POWERPLAY = whenBetween "4.5" "4.9" yes; 268 # (experimental) amdgpu support for verde and newer chipsets 269 DRM_AMDGPU_SI = whenAtLeast "4.9" yes; 270 # (stable) amdgpu support for bonaire and newer chipsets 271 DRM_AMDGPU_CIK = whenAtLeast "4.9" yes; 272 # Allow device firmware updates 273 DRM_DP_AUX_CHARDEV = whenAtLeast "4.6" yes; 274 # amdgpu display core (DC) support 275 DRM_AMD_DC_DCN1_0 = whenBetween "4.15" "5.6" yes; 276 DRM_AMD_DC_PRE_VEGA = whenBetween "4.15" "4.18" yes; 277 DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes; 278 DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes; 279 DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes; 280 DRM_AMD_DC_DCN = whenAtLeast "5.11" yes; 281 DRM_AMD_DC_HDCP = whenAtLeast "5.5" yes; 282 DRM_AMD_DC_SI = whenAtLeast "5.10" yes; 283 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { 284 # Intel GVT-g graphics virtualization supports 64-bit only 285 DRM_I915_GVT = whenAtLeast "4.16" yes; 286 DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module; 287 }; 288 289 sound = { 290 SND_DYNAMIC_MINORS = yes; 291 SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode 292 SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer 293 SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions 294 # Support configuring jack functions via fw mechanism at boot 295 SND_HDA_PATCH_LOADER = yes; 296 SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon 297 SND_OSSEMUL = yes; 298 SND_USB_CAIAQ_INPUT = yes; 299 # Enable PSS mixer (Beethoven ADSP-16 and other compatible) 300 PSS_MIXER = whenOlder "4.12" yes; 301 # Enable Sound Open Firmware support 302 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && 303 versionAtLeast version "5.5") { 304 SND_SOC_SOF_TOPLEVEL = yes; 305 SND_SOC_SOF_ACPI = module; 306 SND_SOC_SOF_PCI = module; 307 SND_SOC_SOF_APOLLOLAKE = whenAtLeast "5.12" module; 308 SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder "5.12" yes; 309 SND_SOC_SOF_CANNONLAKE = whenAtLeast "5.12" module; 310 SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder "5.12" yes; 311 SND_SOC_SOF_COFFEELAKE = whenAtLeast "5.12" module; 312 SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder "5.12" yes; 313 SND_SOC_SOF_COMETLAKE = whenAtLeast "5.12" module; 314 SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder "5.8" yes; 315 SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder "5.12" yes; 316 SND_SOC_SOF_ELKHARTLAKE = whenAtLeast "5.12" module; 317 SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder "5.12" yes; 318 SND_SOC_SOF_GEMINILAKE = whenAtLeast "5.12" module; 319 SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder "5.12" yes; 320 SND_SOC_SOF_HDA_AUDIO_CODEC = yes; 321 SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes; 322 SND_SOC_SOF_HDA_LINK = yes; 323 SND_SOC_SOF_ICELAKE = whenAtLeast "5.12" module; 324 SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder "5.12" yes; 325 SND_SOC_SOF_INTEL_TOPLEVEL = yes; 326 SND_SOC_SOF_JASPERLAKE = whenAtLeast "5.12" module; 327 SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder "5.12" yes; 328 SND_SOC_SOF_MERRIFIELD = whenAtLeast "5.12" module; 329 SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder "5.12" yes; 330 SND_SOC_SOF_TIGERLAKE = whenAtLeast "5.12" module; 331 SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes; 332 }; 333 334 usb-serial = { 335 USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver 336 } // optionalAttrs (versionOlder version "4.16") { 337 # Include firmware for various USB serial devices. 338 # Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree. 339 USB_SERIAL_KEYSPAN_MPR = yes; 340 USB_SERIAL_KEYSPAN_USA28 = yes; 341 USB_SERIAL_KEYSPAN_USA28X = yes; 342 USB_SERIAL_KEYSPAN_USA28XA = yes; 343 USB_SERIAL_KEYSPAN_USA28XB = yes; 344 USB_SERIAL_KEYSPAN_USA19 = yes; 345 USB_SERIAL_KEYSPAN_USA18X = yes; 346 USB_SERIAL_KEYSPAN_USA19W = yes; 347 USB_SERIAL_KEYSPAN_USA19QW = yes; 348 USB_SERIAL_KEYSPAN_USA19QI = yes; 349 USB_SERIAL_KEYSPAN_USA49W = yes; 350 USB_SERIAL_KEYSPAN_USA49WLC = yes; 351 }; 352 353 usb = { 354 USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";}; 355 USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators 356 USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling 357 USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) 358 }; 359 360 # Filesystem options - in particular, enable extended attributes and 361 # ACLs for all filesystems that support them. 362 filesystem = { 363 FANOTIFY = yes; 364 TMPFS = yes; 365 TMPFS_POSIX_ACL = yes; 366 FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else whenAtLeast "4.9" (option module); 367 368 EXT2_FS_XATTR = yes; 369 EXT2_FS_POSIX_ACL = yes; 370 EXT2_FS_SECURITY = yes; 371 372 EXT3_FS_POSIX_ACL = yes; 373 EXT3_FS_SECURITY = yes; 374 375 EXT4_FS_POSIX_ACL = yes; 376 EXT4_FS_SECURITY = yes; 377 EXT4_ENCRYPTION = { optional = true; tristate = if (versionOlder version "4.8") then "m" else "y"; }; 378 379 REISERFS_FS_XATTR = option yes; 380 REISERFS_FS_POSIX_ACL = option yes; 381 REISERFS_FS_SECURITY = option yes; 382 383 JFS_POSIX_ACL = option yes; 384 JFS_SECURITY = option yes; 385 386 XFS_QUOTA = option yes; 387 XFS_POSIX_ACL = option yes; 388 XFS_RT = option yes; # XFS Realtime subvolume support 389 390 OCFS2_DEBUG_MASKLOG = option no; 391 392 BTRFS_FS_POSIX_ACL = yes; 393 394 UBIFS_FS_ADVANCED_COMPR = option yes; 395 396 F2FS_FS = module; 397 F2FS_FS_SECURITY = option yes; 398 F2FS_FS_ENCRYPTION = option yes; 399 F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes; 400 UDF_FS = module; 401 402 NFSD_PNFS = whenBetween "4.0" "4.6" yes; 403 NFSD_V2_ACL = yes; 404 NFSD_V3 = yes; 405 NFSD_V3_ACL = yes; 406 NFSD_V4 = yes; 407 NFSD_V4_SECURITY_LABEL = yes; 408 409 NFS_FSCACHE = yes; 410 NFS_SWAP = yes; 411 NFS_V3_ACL = yes; 412 NFS_V4_1 = yes; # NFSv4.1 client support 413 NFS_V4_2 = yes; 414 NFS_V4_SECURITY_LABEL = yes; 415 416 CIFS_XATTR = yes; 417 CIFS_POSIX = option yes; 418 CIFS_FSCACHE = yes; 419 CIFS_STATS = whenOlder "4.19" yes; 420 CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; 421 CIFS_UPCALL = yes; 422 CIFS_ACL = whenOlder "5.3" yes; 423 CIFS_DFS_UPCALL = yes; 424 CIFS_SMB2 = whenOlder "4.13" yes; 425 426 CEPH_FSCACHE = yes; 427 CEPH_FS_POSIX_ACL = yes; 428 429 SQUASHFS_FILE_DIRECT = yes; 430 SQUASHFS_DECOMP_MULTI_PERCPU = yes; 431 SQUASHFS_XATTR = yes; 432 SQUASHFS_ZLIB = yes; 433 SQUASHFS_LZO = yes; 434 SQUASHFS_XZ = yes; 435 SQUASHFS_LZ4 = yes; 436 SQUASHFS_ZSTD = whenAtLeast "4.14" yes; 437 438 # Native Language Support modules, needed by some filesystems 439 NLS = yes; 440 NLS_DEFAULT = freeform "utf8"; 441 NLS_UTF8 = module; 442 NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option 443 NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option 444 445 DEVTMPFS = yes; 446 447 UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems 448 }; 449 450 security = { 451 # Detect writes to read-only module pages 452 DEBUG_SET_MODULE_RONX = { optional = true; tristate = whenOlder "4.11" "y"; }; 453 RANDOMIZE_BASE = option yes; 454 STRICT_DEVMEM = option yes; # Filter access to /dev/mem 455 SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default 456 # Prevent processes from ptracing non-children processes 457 SECURITY_YAMA = option yes; 458 DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem 459 460 USER_NS = yes; # Support for user namespaces 461 462 SECURITY_APPARMOR = yes; 463 DEFAULT_SECURITY_APPARMOR = yes; 464 465 RANDOM_TRUST_CPU = whenAtLeast "4.19" yes; # allow RDRAND to seed the RNG 466 467 MODULE_SIG = no; # r13y, generates a random key during build and bakes it in 468 # Depends on MODULE_SIG and only really helps when you sign your modules 469 # and enforce signatures which we don't do by default. 470 SECURITY_LOCKDOWN_LSM = option no; 471 } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { 472 473 # Detect buffer overflows on the stack 474 CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; 475 }; 476 477 microcode = { 478 MICROCODE = yes; 479 MICROCODE_INTEL = yes; 480 MICROCODE_AMD = yes; 481 } // optionalAttrs (versionAtLeast version "4.10") { 482 # Write Back Throttling 483 # https://lwn.net/Articles/682582/ 484 # https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655 485 BLK_WBT = yes; 486 BLK_WBT_SQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 487 BLK_WBT_MQ = yes; 488 }; 489 490 container = { 491 NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install' 492 RT_GROUP_SCHED = no; 493 CGROUP_DEVICE = yes; 494 CGROUP_HUGETLB = yes; 495 CGROUP_PERF = yes; 496 CGROUP_RDMA = whenAtLeast "4.11" yes; 497 498 MEMCG = yes; 499 MEMCG_SWAP = yes; 500 501 DEVPTS_MULTIPLE_INSTANCES = whenOlder "4.7" yes; 502 BLK_DEV_THROTTLING = yes; 503 CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1 504 CGROUP_PIDS = whenAtLeast "4.3" yes; 505 }; 506 507 staging = { 508 # Enable staging drivers. These are somewhat experimental, but 509 # they generally don't hurt. 510 STAGING = yes; 511 }; 512 513 proc-events = { 514 # PROC_EVENTS requires that the netlink connector is not built 515 # as a module. This is required by libcgroup's cgrulesengd. 516 CONNECTOR = yes; 517 PROC_EVENTS = yes; 518 }; 519 520 tracing = { 521 FTRACE = yes; 522 KPROBES = yes; 523 FUNCTION_TRACER = yes; 524 FTRACE_SYSCALLS = yes; 525 SCHED_TRACER = yes; 526 STACK_TRACER = yes; 527 UPROBE_EVENT = { optional = true; tristate = whenOlder "4.11" "y";}; 528 UPROBE_EVENTS = { optional = true; tristate = whenAtLeast "4.11" "y";}; 529 BPF_SYSCALL = whenAtLeast "4.4" yes; 530 BPF_EVENTS = whenAtLeast "4.4" yes; 531 FUNCTION_PROFILER = yes; 532 RING_BUFFER_BENCHMARK = no; 533 }; 534 535 virtualisation = { 536 PARAVIRT = option yes; 537 538 HYPERVISOR_GUEST = yes; 539 PARAVIRT_SPINLOCKS = option yes; 540 541 KVM_APIC_ARCHITECTURE = whenOlder "4.8" yes; 542 KVM_ASYNC_PF = yes; 543 KVM_COMPAT = { optional = true; tristate = whenBetween "4.0" "4.12" "y"; }; 544 KVM_DEVICE_ASSIGNMENT = { optional = true; tristate = whenBetween "3.10" "4.12" "y"; }; 545 KVM_GENERIC_DIRTYLOG_READ_PROTECT = whenAtLeast "4.0" yes; 546 KVM_GUEST = yes; 547 KVM_MMIO = yes; 548 KVM_VFIO = yes; 549 KSM = yes; 550 VIRT_DRIVERS = yes; 551 # We need 64 GB (PAE) support for Xen guest support 552 HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";}; 553 554 VFIO_PCI_VGA = mkIf stdenv.is64bit yes; 555 556 # VirtualBox guest drivers in the kernel conflict with the ones in the 557 # official additions package and prevent the vboxsf module from loading, 558 # so disable them for now. 559 VBOXGUEST = option no; 560 DRM_VBOXVIDEO = option no; 561 562 XEN = option yes; 563 XEN_DOM0 = option yes; 564 PCI_XEN = option yes; 565 HVC_XEN = option yes; 566 HVC_XEN_FRONTEND = option yes; 567 XEN_SYS_HYPERVISOR = option yes; 568 SWIOTLB_XEN = option yes; 569 XEN_BACKEND = option yes; 570 XEN_BALLOON = option yes; 571 XEN_BALLOON_MEMORY_HOTPLUG = option yes; 572 XEN_EFI = option yes; 573 XEN_HAVE_PVMMU = option yes; 574 XEN_MCE_LOG = option yes; 575 XEN_PVH = option yes; 576 XEN_PVHVM = option yes; 577 XEN_SAVE_RESTORE = option yes; 578 XEN_SCRUB_PAGES = option yes; 579 XEN_SELFBALLOONING = option yes; 580 XEN_STUB = option yes; 581 XEN_TMEM = option yes; 582 }; 583 584 media = { 585 MEDIA_DIGITAL_TV_SUPPORT = yes; 586 MEDIA_CAMERA_SUPPORT = yes; 587 MEDIA_RC_SUPPORT = whenOlder "4.14" yes; 588 MEDIA_CONTROLLER = yes; 589 MEDIA_PCI_SUPPORT = yes; 590 MEDIA_USB_SUPPORT = yes; 591 MEDIA_ANALOG_TV_SUPPORT = yes; 592 VIDEO_STK1160_COMMON = module; 593 VIDEO_STK1160_AC97 = whenOlder "4.11" yes; 594 }; 595 596 "9p" = { 597 # Enable the 9P cache to speed up NixOS VM tests. 598 "9P_FSCACHE" = option yes; 599 "9P_FS_POSIX_ACL" = option yes; 600 }; 601 602 huge-page = { 603 TRANSPARENT_HUGEPAGE = option yes; 604 TRANSPARENT_HUGEPAGE_ALWAYS = option no; 605 TRANSPARENT_HUGEPAGE_MADVISE = option yes; 606 }; 607 608 zram = { 609 ZRAM = module; 610 ZSWAP = option yes; 611 ZBUD = option yes; 612 ZSMALLOC = module; 613 }; 614 615 brcmfmac = { 616 # Enable PCIe and USB for the brcmfmac driver 617 BRCMFMAC_USB = option yes; 618 BRCMFMAC_PCIE = option yes; 619 }; 620 621 # Support x2APIC (which requires IRQ remapping) 622 x2apic = optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { 623 X86_X2APIC = yes; 624 IRQ_REMAP = yes; 625 }; 626 627 # Disable various self-test modules that have no use in a production system 628 tests = { 629 # This menu disables all/most of them on >= 4.16 630 RUNTIME_TESTING_MENU = option no; 631 } // optionalAttrs (versionOlder version "4.16") { 632 # For older kernels, painstakingly disable each symbol. 633 ARM_KPROBES_TEST = option no; 634 ASYNC_RAID6_TEST = option no; 635 ATOMIC64_SELFTEST = option no; 636 BACKTRACE_SELF_TEST = option no; 637 INTERVAL_TREE_TEST = option no; 638 PERCPU_TEST = option no; 639 RBTREE_TEST = option no; 640 TEST_BITMAP = option no; 641 TEST_BPF = option no; 642 TEST_FIRMWARE = option no; 643 TEST_HASH = option no; 644 TEST_HEXDUMP = option no; 645 TEST_KMOD = option no; 646 TEST_KSTRTOX = option no; 647 TEST_LIST_SORT = option no; 648 TEST_LKM = option no; 649 TEST_PARMAN = option no; 650 TEST_PRINTF = option no; 651 TEST_RHASHTABLE = option no; 652 TEST_SORT = option no; 653 TEST_STATIC_KEYS = option no; 654 TEST_STRING_HELPERS = option no; 655 TEST_UDELAY = option no; 656 TEST_USER_COPY = option no; 657 TEST_UUID = option no; 658 } // { 659 CRC32_SELFTEST = option no; 660 CRYPTO_TEST = option no; 661 EFI_TEST = option no; 662 GLOB_SELFTEST = option no; 663 DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; 664 LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; 665 LOCK_TORTURE_TEST = option no; 666 MTD_TESTS = option no; 667 NOTIFIER_ERROR_INJECTION = option no; 668 RCU_PERF_TEST = option no; 669 RCU_TORTURE_TEST = option no; 670 TEST_ASYNC_DRIVER_PROBE = option no; 671 WW_MUTEX_SELFTEST = option no; 672 XZ_DEC_TEST = option no; 673 }; 674 675 criu = if (versionAtLeast version "4.19") then { 676 # Unconditionally enabled, because it is required for CRIU and 677 # it provides the kcmp() system call that Mesa depends on. 678 CHECKPOINT_RESTORE = yes; 679 } else optionalAttrs (features.criu or false) ({ 680 # For older kernels, CHECKPOINT_RESTORE is hidden behind EXPERT. 681 EXPERT = yes; 682 CHECKPOINT_RESTORE = yes; 683 } // optionalAttrs (features.criu_revert_expert or true) { 684 RFKILL_INPUT = option yes; 685 HID_PICOLCD_FB = option yes; 686 HID_PICOLCD_BACKLIGHT = option yes; 687 HID_PICOLCD_LCD = option yes; 688 HID_PICOLCD_LEDS = option yes; 689 HID_PICOLCD_CIR = option yes; 690 DEBUG_MEMORY_INIT = option yes; 691 }); 692 693 misc = let 694 # Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz. 695 # i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375 696 useZstd = stdenv.buildPlatform.is64bit && versionAtLeast version "5.9"; 697 in { 698 KERNEL_XZ = mkIf (!useZstd) yes; 699 KERNEL_ZSTD = mkIf useZstd yes; 700 701 HID_BATTERY_STRENGTH = yes; 702 # enabled by default in x86_64 but not arm64, so we do that here 703 HIDRAW = yes; 704 705 HID_ACRUX_FF = yes; 706 DRAGONRISE_FF = yes; 707 HOLTEK_FF = yes; 708 SONY_FF = yes; 709 SMARTJOYPLUS_FF = yes; 710 THRUSTMASTER_FF = yes; 711 ZEROPLUS_FF = yes; 712 713 MODULE_COMPRESS = whenOlder "5.13" yes; 714 MODULE_COMPRESS_XZ = yes; 715 716 SYSVIPC = yes; # System-V IPC 717 718 AIO = yes; # POSIX asynchronous I/O 719 720 UNIX = yes; # Unix domain sockets. 721 722 MD = yes; # Device mapper (RAID, LVM, etc.) 723 724 # Enable initrd support. 725 BLK_DEV_INITRD = yes; 726 727 PM_TRACE_RTC = no; # Disable some expensive (?) features. 728 ACCESSIBILITY = yes; # Accessibility support 729 AUXDISPLAY = yes; # Auxiliary Display support 730 DONGLE = whenOlder "4.17" yes; # Serial dongle support 731 HIPPI = yes; 732 MTD_COMPLEX_MAPPINGS = yes; # needed for many devices 733 734 SCSI_LOWLEVEL = yes; # enable lots of SCSI devices 735 SCSI_LOWLEVEL_PCMCIA = yes; 736 SCSI_SAS_ATA = yes; # added to enable detection of hard drive 737 738 SPI = yes; # needed for many devices 739 SPI_MASTER = yes; 740 741 "8139TOO_8129" = yes; 742 "8139TOO_PIO" = no; # PIO is slower 743 744 AIC79XX_DEBUG_ENABLE = no; 745 AIC7XXX_DEBUG_ENABLE = no; 746 AIC94XX_DEBUG = no; 747 B43_PCMCIA = { optional=true; tristate = whenOlder "4.4" "y";}; 748 749 BLK_DEV_INTEGRITY = yes; 750 751 BLK_SED_OPAL = whenAtLeast "4.14" yes; 752 753 BSD_PROCESS_ACCT_V3 = yes; 754 755 SERIAL_DEV_BUS = whenAtLeast "4.11" yes; # enables support for serial devices 756 SERIAL_DEV_CTRL_TTYPORT = whenAtLeast "4.11" yes; # enables support for TTY serial devices 757 758 BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support 759 BT_HCIUART_QCA = whenAtLeast "4.3" yes; # Qualcomm Atheros protocol support 760 BT_HCIUART_SERDEV = whenAtLeast "4.12" yes; # required by BT_HCIUART_QCA 761 BT_HCIUART = whenAtLeast "2.5.45" module; # required for BT devices with serial port interface (QCA6390) 762 BT_HCIUART_BCSP = option yes; 763 BT_HCIUART_H4 = option yes; # UART (H4) protocol support 764 BT_HCIUART_LL = option yes; 765 BT_RFCOMM_TTY = option yes; # RFCOMM TTY support 766 BT_QCA = whenAtLeast "4.3" module; # enables QCA6390 bluetooth 767 768 CLEANCACHE = option yes; 769 CRASH_DUMP = option no; 770 771 DVB_DYNAMIC_MINORS = option yes; # we use udev 772 773 EFI_STUB = yes; # EFI bootloader in the bzImage itself 774 EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER = 775 whenAtLeast "5.8" yes; # initrd kernel parameter for EFI 776 CGROUPS = yes; # used by systemd 777 FHANDLE = yes; # used by systemd 778 SECCOMP = yes; # used by systemd >= 231 779 SECCOMP_FILTER = yes; # ditto 780 POSIX_MQUEUE = yes; 781 FRONTSWAP = yes; 782 FUSION = yes; # Fusion MPT device support 783 IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14 784 IDLE_PAGE_TRACKING = yes; 785 IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol 786 787 JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels 788 JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels 789 JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support 790 JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED 791 792 KEYBOARD_APPLESPI = whenAtLeast "5.3" module; 793 794 KEXEC_FILE = option yes; 795 KEXEC_JUMP = option yes; 796 797 PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION 798 # Windows Logical Disk Manager (Dynamic Disk) support 799 LDM_PARTITION = yes; 800 LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback 801 LOGO = no; # not needed 802 MEDIA_ATTACH = yes; 803 MEGARAID_NEWGEN = yes; 804 805 MLX4_EN_VXLAN = whenOlder "4.8" yes; 806 MLX5_CORE_EN = option yes; 807 808 NVME_MULTIPATH = whenAtLeast "4.15" yes; 809 810 PSI = whenAtLeast "4.20" yes; 811 812 MODVERSIONS = whenOlder "4.9" yes; 813 MOUSE_ELAN_I2C_SMBUS = yes; 814 MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension 815 MOUSE_PS2_VMMOUSE = yes; 816 MTRR_SANITIZER = yes; 817 NET_FC = yes; # Fibre Channel driver support 818 # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks 819 PINCTRL_BAYTRAIL = yes; 820 # GPIO for Braswell and Cherryview devices 821 # Needs to be built-in to for integrated keyboards to function properly 822 PINCTRL_CHERRYVIEW = yes; 823 # 8 is default. Modern gpt tables on eMMC may go far beyond 8. 824 MMC_BLOCK_MINORS = freeform "32"; 825 826 REGULATOR = yes; # Voltage and Current Regulator Support 827 RC_DEVICES = option yes; # Enable IR devices 828 829 RT2800USB_RT53XX = yes; 830 RT2800USB_RT55XX = yes; 831 832 SCHED_AUTOGROUP = yes; 833 CFS_BANDWIDTH = yes; 834 835 SCSI_LOGGING = yes; # SCSI logging facility 836 SERIAL_8250 = yes; # 8250/16550 and compatible serial support 837 838 SLIP_COMPRESSED = yes; # CSLIP compressed headers 839 SLIP_SMART = yes; 840 841 HWMON = yes; 842 THERMAL_HWMON = yes; # Hardware monitoring support 843 NVME_HWMON = whenAtLeast "5.5" yes; # NVMe drives temperature reporting 844 UEVENT_HELPER = no; 845 846 USERFAULTFD = yes; 847 X86_CHECK_BIOS_CORRUPTION = yes; 848 X86_MCE = yes; 849 850 RAS = yes; # Needed for EDAC support 851 852 # Our initrd init uses shebang scripts, so can't be modular. 853 BINFMT_SCRIPT = yes; 854 # For systemd-binfmt 855 BINFMT_MISC = option yes; 856 857 # Disable the firmware helper fallback, udev doesn't implement it any more 858 FW_LOADER_USER_HELPER_FALLBACK = option no; 859 860 HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI 861 HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support 862 863 # Enable AMD's ROCm GPU compute stack 864 HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes); 865 ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes); 866 HMM_MIRROR = whenAtLeast "5.3" yes; 867 DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes; 868 869 PREEMPT = no; 870 PREEMPT_VOLUNTARY = yes; 871 872 X86_AMD_PLATFORM_DEVICE = yes; 873 X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes; 874 875 LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ]; 876 877 SCHED_CORE = whenAtLeast "5.14" yes; 878 879 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { 880 # Enable CPU/memory hotplug support 881 # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot 882 ACPI_HOTPLUG_CPU = yes; 883 ACPI_HOTPLUG_MEMORY = yes; 884 MEMORY_HOTPLUG = yes; 885 MEMORY_HOTREMOVE = yes; 886 HOTPLUG_CPU = yes; 887 MIGRATION = yes; 888 SPARSEMEM = yes; 889 890 # Bump the maximum number of CPUs to support systems like EC2 x1.* 891 # instances and Xeon Phi. 892 NR_CPUS = freeform "384"; 893 } // optionalAttrs (stdenv.hostPlatform.system == "armv7l-linux" || stdenv.hostPlatform.system == "aarch64-linux") { 894 # Enables support for the Allwinner Display Engine 2.0 895 SUN8I_DE2_CCU = whenAtLeast "4.13" yes; 896 897 # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 898 CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no; 899 900 # Distros should configure the default as a kernel option. 901 # We previously defined it on the kernel command line as cma= 902 # The kernel command line will override a platform-specific configuration from its device tree. 903 # https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44 904 CMA_SIZE_MBYTES = freeform "32"; 905 906 # Many ARM SBCs hand off a pre-configured framebuffer. 907 # This always can can be replaced by the actual native driver. 908 # Keeping it a built-in ensures it will be used if possible. 909 FB_SIMPLE = yes; 910 911 } // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) { 912 # Required for various hardware features on Chrome OS devices 913 CHROME_PLATFORMS = yes; 914 CHROMEOS_TBMC = module; 915 916 CROS_EC = module; 917 918 CROS_EC_I2C = module; 919 CROS_EC_SPI = module; 920 CROS_EC_LPC = module; 921 CROS_EC_ISHTP = module; 922 923 CROS_KBD_LED_BACKLIGHT = module; 924 } // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") { 925 CHROMEOS_LAPTOP = module; 926 CHROMEOS_PSTORE = module; 927 }; 928 }; 929in 930 flattenKConf options