Merge pull request #410 from samueldr-wip/feature/configurable-linux

Add kernel configuration to the system evaluations

devices/amazon-austin/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 
 {
   mobile.device.name = "amazon-austin";
@@ -44,4 +44,13 @@
   mobile.usb.idVendor = "18D1";
   # "Nexus 4"
   mobile.usb.idProduct = "D001";
+
+  # The vendor kernel has loads of issues building with USER_NS.
+  # For now disable it. Patching should be possible, but will take time.
+  mobile.kernel.structuredConfig = [
+    (helpers: with helpers; {
+      USER_NS = lib.mkForce no;
+      UIDGID_STRICT_TYPE_CHECKS = lib.mkForce no;
+    })
+  ];
 }

devices/amazon-austin/kernel/config.armv7

@@ -43,7 +43,7 @@ CONFIG_SWAP=y
 CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 CONFIG_AUDIT=y
 CONFIG_AUDITSYSCALL=y
 CONFIG_AUDIT_WATCH=y
@@ -116,7 +116,12 @@ CONFIG_FAIR_GROUP_SCHED=y
 CONFIG_RT_GROUP_SCHED=y
 # CONFIG_BLK_CGROUP is not set
 # CONFIG_CHECKPOINT_RESTORE is not set
-# CONFIG_NAMESPACES is not set
+CONFIG_NAMESPACES=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+# CONFIG_USER_NS is not set
+CONFIG_PID_NS=y
+CONFIG_NET_NS=y
 CONFIG_UIDGID_CONVERTED=y
 # CONFIG_UIDGID_STRICT_TYPE_CHECKS is not set
 # CONFIG_SCHED_AUTOGROUP is not set
@@ -210,7 +215,7 @@ CONFIG_MODULES=y
 CONFIG_STOP_MACHINE=y
 CONFIG_BLOCK=y
 CONFIG_LBDAF=y
-# CONFIG_BLK_DEV_BSG is not set
+CONFIG_BLK_DEV_BSG=y
 # CONFIG_BLK_DEV_BSGLIB is not set
 # CONFIG_BLK_DEV_INTEGRITY is not set
 
@@ -644,7 +649,7 @@ CONFIG_IPV6_MROUTE=y
 CONFIG_IPV6_PIMSM_V2=y
 CONFIG_MTK_DHCPV6C_WIFI=y
 # CONFIG_NETLABEL is not set
-CONFIG_ANDROID_PARANOID_NETWORK=y
+# CONFIG_ANDROID_PARANOID_NETWORK is not set
 CONFIG_NET_ACTIVITY_STATS=y
 CONFIG_NETWORK_SECMARK=y
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
@@ -979,7 +984,7 @@ CONFIG_PREVENT_FIRMWARE_BUILD=y
 CONFIG_FW_LOADER=y
 CONFIG_FIRMWARE_IN_KERNEL=y
 CONFIG_EXTRA_FIRMWARE=""
-CONFIG_FW_LOADER_USER_HELPER=y
+# CONFIG_FW_LOADER_USER_HELPER is not set
 # CONFIG_DEBUG_DRIVER is not set
 # CONFIG_DEBUG_DEVRES is not set
 # CONFIG_SYS_HYPERVISOR is not set
@@ -2927,7 +2932,7 @@ CONFIG_EXT3_FS_POSIX_ACL=y
 # CONFIG_EXT3_FS_SECURITY is not set
 CONFIG_EXT4_FS=y
 # CONFIG_EXT4_USE_FOR_EXT23 is not set
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_DEBUG is not set
 CONFIG_JBD=y
@@ -2943,6 +2948,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
@@ -3345,7 +3351,8 @@ CONFIG_CRYPTO_LZO=y
 # Random Number Generation
 #
 # CONFIG_CRYPTO_ANSI_CPRNG is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_HW is not set
 CONFIG_BINARY_PRINTF=y

devices/asus-dumo/kernel/config.aarch64

@@ -5,7 +5,7 @@
 CONFIG_CC_VERSION_TEXT="aarch64-unknown-linux-gnu-gcc (GCC) 9.3.0"
 CONFIG_CC_IS_GCC=y
 CONFIG_GCC_VERSION=90300
-CONFIG_LD_VERSION=231010000
+CONFIG_LD_VERSION=235010000
 CONFIG_CLANG_VERSION=0
 CONFIG_LLD_VERSION=0
 CONFIG_CC_CAN_LINK=y
@@ -432,9 +432,11 @@ CONFIG_ARM64_CNP=y
 #
 # ARMv8.3 architectural features
 #
+CONFIG_ARM64_PTR_AUTH=y
 CONFIG_CC_HAS_BRANCH_PROT_PAC_RET=y
 CONFIG_CC_HAS_SIGN_RETURN_ADDRESS=y
 CONFIG_AS_HAS_PAC=y
+CONFIG_AS_HAS_CFI_NEGATE_RA_STATE=y
 # end of ARMv8.3 architectural features
 
 #
@@ -452,6 +454,8 @@ CONFIG_ARM64_BTI=y
 CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI=y
 CONFIG_ARM64_E0PD=y
 CONFIG_ARCH_RANDOM=y
+CONFIG_ARM64_AS_HAS_MTE=y
+CONFIG_ARM64_MTE=y
 # end of ARMv8.5 architectural features
 
 CONFIG_ARM64_SVE=y
@@ -826,6 +830,7 @@ CONFIG_GENERIC_EARLY_IOREMAP=y
 # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
 # CONFIG_IDLE_PAGE_TRACKING is not set
 CONFIG_ARCH_HAS_PTE_DEVMAP=y
+CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
 # CONFIG_PERCPU_STATS is not set
 # CONFIG_GUP_BENCHMARK is not set
 # CONFIG_READ_ONLY_THP_FOR_FS is not set
@@ -1355,7 +1360,7 @@ CONFIG_PCIE_KIRIN=y
 # Generic Driver Options
 #
 CONFIG_UEVENT_HELPER=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_UEVENT_HELPER_PATH=""
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_STANDALONE=y
@@ -5381,8 +5386,8 @@ CONFIG_PROC_PAGE_MONITOR=y
 CONFIG_KERNFS=y
 CONFIG_SYSFS=y
 CONFIG_TMPFS=y
-# CONFIG_TMPFS_POSIX_ACL is not set
-# CONFIG_TMPFS_XATTR is not set
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_TMPFS_XATTR=y
 # CONFIG_TMPFS_INODE64 is not set
 CONFIG_HUGETLBFS=y
 CONFIG_HUGETLB_PAGE=y
@@ -5698,16 +5703,21 @@ CONFIG_CRYPTO_SM3=y
 #
 CONFIG_CRYPTO_AES=y
 # CONFIG_CRYPTO_AES_TI is not set
+# CONFIG_CRYPTO_ANUBIS is not set
+# CONFIG_CRYPTO_ARC4 is not set
 # CONFIG_CRYPTO_BLOWFISH is not set
 # CONFIG_CRYPTO_CAMELLIA is not set
 # CONFIG_CRYPTO_CAST5 is not set
 # CONFIG_CRYPTO_CAST6 is not set
 CONFIG_CRYPTO_DES=y
 # CONFIG_CRYPTO_FCRYPT is not set
+# CONFIG_CRYPTO_KHAZAD is not set
 # CONFIG_CRYPTO_SALSA20 is not set
 CONFIG_CRYPTO_CHACHA20=y
+# CONFIG_CRYPTO_SEED is not set
 # CONFIG_CRYPTO_SERPENT is not set
 # CONFIG_CRYPTO_SM4 is not set
+# CONFIG_CRYPTO_TEA is not set
 # CONFIG_CRYPTO_TWOFISH is not set
 
 #
@@ -5730,10 +5740,12 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
 CONFIG_CRYPTO_HASH_INFO=y
 
 #

devices/asus-flo/default.nix

@@ -47,4 +47,11 @@
   ];
 
   mobile.system.type = "android";
+
+  mobile.kernel.structuredConfig = [
+    (helpers: with helpers; {
+      # The vendor kernel requires this to be enabled to build.
+      FW_LOADER_USER_HELPER = lib.mkForce yes;
+    })
+  ];
 }

devices/asus-flo/kernel/0001-Fix-misc.-broken-backports-for-PID_NS-and-USER_NS.patch

@@ -0,0 +1,52 @@
+From 4c6464835e63c331a0000b284246416fa931a96a Mon Sep 17 00:00:00 2001
+From: Samuel Dionne-Riel <samuel@dionne-riel.com>
+Date: Tue, 31 Aug 2021 02:01:29 -0400
+Subject: [PATCH] Fix misc. broken backports for PID_NS and USER_NS
+
+---
+ fs/proc/namespaces.c    | 3 ---
+ include/linux/proc_fs.h | 1 -
+ kernel/user_namespace.c | 1 +
+ 3 files changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
+index 94aea23f6adc1..2e251077238ba 100644
+--- a/fs/proc/namespaces.c
++++ b/fs/proc/namespaces.c
+@@ -23,9 +23,6 @@ static const struct proc_ns_operations *ns_entries[] = {
+ #endif
+ #ifdef CONFIG_IPC_NS
+ 	&ipcns_operations,
+-#endif
+-#ifdef CONFIG_PID_NS
+-	&pidns_operations,
+ #endif
+ 	&mntns_operations,
+ };
+diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
+index 6c890170af83a..d9625050b0c92 100644
+--- a/include/linux/proc_fs.h
++++ b/include/linux/proc_fs.h
+@@ -272,7 +272,6 @@ struct proc_ns_operations {
+ extern const struct proc_ns_operations netns_operations;
+ extern const struct proc_ns_operations utsns_operations;
+ extern const struct proc_ns_operations ipcns_operations;
+-extern const struct proc_ns_operations pidns_operations;
+ extern const struct proc_ns_operations mntns_operations;
+ 
+ union proc_op {
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index c14b7b9fe4190..dfc14055966f4 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -9,6 +9,7 @@
+ #include <linux/nsproxy.h>
+ #include <linux/slab.h>
+ #include <linux/user_namespace.h>
++#include <linux/proc_fs.h>
+ #include <linux/highuid.h>
+ #include <linux/cred.h>
+ 
+-- 
+2.32.0
+

devices/asus-flo/kernel/0001-mm-shmem-Fix-incomplete-backport-with-TMPFS_POSIX_AC.patch

@@ -0,0 +1,25 @@
+From 6eb5ae25558b2e9bb79158ca39a52071dceabbe0 Mon Sep 17 00:00:00 2001
+From: Samuel Dionne-Riel <samuel@dionne-riel.com>
+Date: Tue, 31 Aug 2021 02:00:51 -0400
+Subject: [PATCH] mm/shmem: Fix incomplete backport with TMPFS_POSIX_ACL
+
+---
+ mm/shmem.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mm/shmem.c b/mm/shmem.c
+index 8e0b54348275f..b70bca22719b9 100644
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -2345,7 +2345,7 @@ shmem_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
+ 			}
+ 		}
+ #ifdef CONFIG_TMPFS_POSIX_ACL
+-		error = generic_acl_init(inode, dir);
++		error = simple_acl_create(dir, inode);
+ 		if (error) {
+ 			iput(inode);
+ 			return error;
+-- 
+2.32.0
+

devices/asus-flo/kernel/config.armv7

@@ -104,8 +104,8 @@ CONFIG_RT_GROUP_SCHED=y
 CONFIG_NAMESPACES=y
 # CONFIG_UTS_NS is not set
 CONFIG_IPC_NS=y
-# CONFIG_USER_NS is not set
-# CONFIG_PID_NS is not set
+CONFIG_USER_NS=y
+CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 # CONFIG_SCHED_AUTOGROUP is not set
 # CONFIG_SYSFS_DEPRECATED is not set
@@ -891,6 +891,7 @@ CONFIG_NETFILTER_NETLINK_LOG=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_CONNTRACK_MARK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 # CONFIG_NF_CONNTRACK_TIMEOUT is not set
@@ -912,6 +913,7 @@ CONFIG_NF_CONNTRACK_SANE=y
 CONFIG_NF_CONNTRACK_TFTP=y
 CONFIG_NF_CT_NETLINK=y
 # CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
 CONFIG_NETFILTER_TPROXY=y
 CONFIG_NETFILTER_XTABLES=y
 
@@ -929,9 +931,10 @@ CONFIG_NETFILTER_XT_CONNMARK=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
-# CONFIG_NETFILTER_XT_TARGET_CT is not set
+CONFIG_NETFILTER_XT_TARGET_CT=y
 # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
 # CONFIG_NETFILTER_XT_TARGET_HL is not set
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
 CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
 # CONFIG_NETFILTER_XT_TARGET_LED is not set
 CONFIG_NETFILTER_XT_TARGET_LOG=y
@@ -954,6 +957,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
 # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
 # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
 CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
 CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
 CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
@@ -1002,7 +1006,6 @@ CONFIG_NETFILTER_XT_MATCH_U32=y
 CONFIG_NF_DEFRAG_IPV4=y
 CONFIG_NF_CONNTRACK_IPV4=y
 CONFIG_NF_CONNTRACK_PROC_COMPAT=y
-# CONFIG_IP_NF_QUEUE is not set
 CONFIG_IP_NF_IPTABLES=y
 CONFIG_IP_NF_MATCH_AH=y
 CONFIG_IP_NF_MATCH_ECN=y
@@ -1010,24 +1013,8 @@ CONFIG_IP_NF_MATCH_RPFILTER=y
 CONFIG_IP_NF_MATCH_TTL=y
 CONFIG_IP_NF_FILTER=y
 CONFIG_IP_NF_TARGET_REJECT=y
-# CONFIG_IP_NF_TARGET_REJECT_SKERR is not set
 # CONFIG_IP_NF_TARGET_ULOG is not set
-CONFIG_NF_NAT=y
-CONFIG_NF_NAT_NEEDED=y
-CONFIG_IP_NF_TARGET_MASQUERADE=y
-CONFIG_IP_NF_TARGET_NETMAP=y
-CONFIG_IP_NF_TARGET_REDIRECT=y
-CONFIG_NF_NAT_PROTO_DCCP=y
-CONFIG_NF_NAT_PROTO_GRE=y
-CONFIG_NF_NAT_PROTO_UDPLITE=y
-CONFIG_NF_NAT_PROTO_SCTP=y
-CONFIG_NF_NAT_FTP=y
-CONFIG_NF_NAT_IRC=y
-CONFIG_NF_NAT_TFTP=y
-CONFIG_NF_NAT_AMANDA=y
-CONFIG_NF_NAT_PPTP=y
-CONFIG_NF_NAT_H323=y
-# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_IPV4 is not set
 CONFIG_IP_NF_MANGLE=y
 # CONFIG_IP_NF_TARGET_CLUSTERIP is not set
 # CONFIG_IP_NF_TARGET_ECN is not set
@@ -1043,7 +1030,7 @@ CONFIG_IP_NF_ARP_MANGLE=y
 #
 CONFIG_NF_DEFRAG_IPV6=y
 CONFIG_NF_CONNTRACK_IPV6=y
-# CONFIG_IP6_NF_QUEUE is not set
+# CONFIG_NF_NAT_IPV6 is not set
 CONFIG_IP6_NF_IPTABLES=y
 # CONFIG_IP6_NF_MATCH_AH is not set
 # CONFIG_IP6_NF_MATCH_EUI64 is not set
@@ -1055,9 +1042,9 @@ CONFIG_IP6_NF_IPTABLES=y
 CONFIG_IP6_NF_MATCH_RPFILTER=y
 # CONFIG_IP6_NF_MATCH_RT is not set
 # CONFIG_IP6_NF_TARGET_HL is not set
+# CONFIG_IP6_NF_TARGET_NPT is not set
 CONFIG_IP6_NF_FILTER=y
 CONFIG_IP6_NF_TARGET_REJECT=y
-# CONFIG_IP6_NF_TARGET_REJECT_SKERR is not set
 CONFIG_IP6_NF_MANGLE=y
 CONFIG_IP6_NF_RAW=y
 # CONFIG_IP6_NF_SECURITY is not set
@@ -3448,7 +3435,7 @@ CONFIG_EXT3_FS_XATTR=y
 # CONFIG_EXT3_FS_SECURITY is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_FS_XATTR=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_DEBUG is not set
 CONFIG_JBD=y
@@ -3483,7 +3470,6 @@ CONFIG_INOTIFY_USER=y
 CONFIG_AUTOFS4_FS=y
 CONFIG_FUSE_FS=y
 # CONFIG_CUSE is not set
-CONFIG_GENERIC_ACL=y
 
 #
 # Caches
@@ -3816,6 +3802,7 @@ CONFIG_CRYPTO_SHA1=y
 CONFIG_CRYPTO_SHA1_ARM=y
 CONFIG_CRYPTO_SHA1_ARM_NEON=y
 CONFIG_CRYPTO_SHA256=y
+# CONFIG_CRYPTO_SHA256_ARM is not set
 CONFIG_CRYPTO_SHA512=y
 CONFIG_CRYPTO_SHA512_ARM_NEON=y
 # CONFIG_CRYPTO_TGR192 is not set

devices/asus-flo/kernel/default.nix

@@ -11,8 +11,8 @@ mobile-nixos.kernel-builder-gcc6 {
   src = fetchFromGitHub {
     owner = "LineageOS";
     repo = "android_kernel_google_msm";
-    rev = "a4b9cf707b9acf6e5f6089d1121ae973efe399b0";
-    sha256 = "0q88sqmcd09m0wq27rvzvq588gbk3daji1zp36qpyzl1d66b37v6";
+    rev = "5c4b88269caf1a439440cb98b11c6239f49fc67c";
+    sha256 = "1iwhllfpb788hmjivddarg9waqarn7x3kf6glh5qm5brqbyy3vml";
   };
 
   patches = [
@@ -23,11 +23,14 @@ mobile-nixos.kernel-builder-gcc6 {
     ./patch_lifebook_detect.patch
     ./90_dtbs-install.patch
     ./99_framebuffer.patch
+    ./0001-Fix-misc.-broken-backports-for-PID_NS-and-USER_NS.patch   
+    ./0001-mm-shmem-Fix-incomplete-backport-with-TMPFS_POSIX_AC.patch
   ];
 
   enableCompilerGcc6Quirk = true;
   isModular = false;
 
+  enableCombiningBuildAndInstallQuirk = true;
   # mv: cannot stat 'arch/arm/boot/compressed/.misc.o.tmp': No such file or directory
-  enableCombiningBuildAndInstallQuirk = false;
+  enableParallelBuilding = false;
 }

devices/asus-x018d/default.nix

@@ -48,4 +48,12 @@
   mobile.usb.idProduct = "D001";
 
   mobile.system.type = "android";
+
+  mobile.kernel.structuredConfig = [
+    (helpers: with helpers; {
+      # Vendor kernel fails to build with
+      # `POSIX_ACL not supported in 3.18 backport`
+      EXT4_FS_POSIX_ACL = lib.mkForce no;
+    })
+  ];
 }

devices/asus-x018d/kernel/0001-Fix-crypto-algif_hash-Require-setkey-before-accept-2.patch

@@ -0,0 +1,46 @@
+From b3a65e4a6cedf0041165e76c708eacc77d8c3c5e Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Thu, 2 Feb 2017 22:54:08 +0100
+Subject: [PATCH] Fix "crypto: algif_hash - Require setkey before accept(2)"
+
+Fix up commit cec8983e6d2cf52e60cd59583ae30f81f923f563 which was commit
+6de62f15b581f920ade22d758f4c338311c2f0d4 upstream.
+
+The function prototypes were wrong.  Someone was ignoring compiler
+warnings :(
+
+Cc: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/algif_hash.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
+index 434af81b9e338..df99445a899a7 100644
+--- a/crypto/algif_hash.c
++++ b/crypto/algif_hash.c
+@@ -283,8 +283,8 @@ unlock_child:
+ 	return err;
+ }
+ 
+-static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
+-			      size_t size)
++static int hash_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
++			      struct msghdr *msg, size_t size)
+ {
+ 	int err;
+ 
+@@ -307,8 +307,8 @@ static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
+ 	return hash_sendpage(sock, page, offset, size, flags);
+ }
+ 
+-static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
+-			      size_t ignored, int flags)
++static int hash_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
++			      struct msghdr *msg, size_t ignored, int flags)
+ {
+ 	int err;
+ 
+-- 
+2.32.0
+

devices/asus-x018d/kernel/config.aarch64

@@ -55,7 +55,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 CONFIG_USELIB=y
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -139,7 +139,7 @@ CONFIG_NAMESPACES=y
 # CONFIG_UTS_NS is not set
 CONFIG_IPC_NS=y
 CONFIG_USER_NS=y
-# CONFIG_PID_NS is not set
+CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 # CONFIG_SCHED_AUTOGROUP is not set
 # CONFIG_SYSFS_DEPRECATED is not set
@@ -247,7 +247,7 @@ CONFIG_MODULES=y
 # CONFIG_MODULE_COMPRESS is not set
 CONFIG_STOP_MACHINE=y
 CONFIG_BLOCK=y
-# CONFIG_BLK_DEV_BSG is not set
+CONFIG_BLK_DEV_BSG=y
 # CONFIG_BLK_DEV_BSGLIB is not set
 # CONFIG_BLK_DEV_INTEGRITY is not set
 # CONFIG_BLK_CMDLINE_PARSER is not set
@@ -3339,7 +3339,8 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_OCFS2_FS is not set
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
-# CONFIG_FS_POSIX_ACL is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
@@ -3386,8 +3387,8 @@ CONFIG_PROC_PAGE_MONITOR=y
 CONFIG_KERNFS=y
 CONFIG_SYSFS=y
 CONFIG_TMPFS=y
-# CONFIG_TMPFS_POSIX_ACL is not set
-# CONFIG_TMPFS_XATTR is not set
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_TMPFS_XATTR=y
 # CONFIG_HUGETLBFS is not set
 # CONFIG_HUGETLB_PAGE is not set
 CONFIG_CONFIGFS_FS=y
@@ -3789,7 +3790,8 @@ CONFIG_CRYPTO_LZO=y
 #
 # CONFIG_CRYPTO_ANSI_CPRNG is not set
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_HW is not set
 CONFIG_ARM64_CRYPTO=y

devices/asus-x018d/kernel/default.nix

@@ -23,6 +23,7 @@ mobile-nixos.kernel-builder-gcc49 {
     ./0001-mobile-nixos-Add-identifier-nodes-to-root-node.patch
     ./0001-center-logo.patch
     ./0001-mediatek-leds-Implement-default-trigger.patch
+    ./0001-Fix-crypto-algif_hash-Require-setkey-before-accept-2.patch
     ./0002-E262L-Green-LED-now-defaults-to-on.patch
   ];
 

devices/asus-z00t/default.nix

@@ -53,4 +53,11 @@
   mobile.system.type = "android";
 
   mobile.quirks.qualcomm.wcnss-wlan.enable = true;
+
+  # With the vendor kernel, setting to =n fails the build
+  mobile.kernel.structuredConfig = [
+    (helpers: with helpers; {
+      FW_LOADER_USER_HELPER = lib.mkForce yes;
+    })
+  ];
 }

devices/asus-z00t/kernel/config.aarch64

@@ -45,7 +45,7 @@ CONFIG_SWAP=y
 CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 CONFIG_AUDIT=y
 # CONFIG_AUDIT_LOGINUID_IMMUTABLE is not set
 
@@ -3736,6 +3736,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -4159,7 +4160,8 @@ CONFIG_CRYPTO_DEFLATE=y
 # Random Number Generation
 #
 CONFIG_CRYPTO_ANSI_CPRNG=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_QCE50=y

devices/google-marlin/kernel/config.aarch64

@@ -55,7 +55,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -4156,7 +4156,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT23=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_FS_ENCRYPTION=y
 # CONFIG_EXT4_DEBUG is not set
@@ -4171,6 +4171,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
@@ -4633,7 +4634,8 @@ CONFIG_CRYPTO_DEFLATE=y
 #
 CONFIG_CRYPTO_ANSI_CPRNG=y
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HW=y

devices/google-walleye/kernel/config.aarch64

@@ -56,7 +56,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -152,7 +152,7 @@ CONFIG_RT_GROUP_SCHED=y
 CONFIG_NAMESPACES=y
 # CONFIG_UTS_NS is not set
 CONFIG_IPC_NS=y
-# CONFIG_USER_NS is not set
+CONFIG_USER_NS=y
 CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 CONFIG_SCHED_AUTOGROUP=y
@@ -4288,7 +4288,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS_ENCRYPTION=y
@@ -4307,6 +4307,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_F2FS_FS is not set
 # CONFIG_FS_DAX is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
@@ -4823,7 +4824,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/motorola-addison/kernel/config.aarch64

@@ -51,7 +51,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -151,8 +151,8 @@ CONFIG_SCHED_HMP=y
 CONFIG_NAMESPACES=y
 # CONFIG_UTS_NS is not set
 CONFIG_IPC_NS=y
-# CONFIG_USER_NS is not set
-# CONFIG_PID_NS is not set
+CONFIG_USER_NS=y
+CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 # CONFIG_SCHED_AUTOGROUP is not set
 # CONFIG_SCHED_TUNE is not set
@@ -4526,7 +4526,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT23=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
@@ -4541,6 +4541,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -5011,7 +5012,8 @@ CONFIG_CRYPTO_LZO=y
 #
 CONFIG_CRYPTO_ANSI_CPRNG=m
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_QCE50=y

devices/motorola-potter/kernel/config.aarch64

@@ -51,7 +51,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 # CONFIG_AUDIT is not set
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -149,7 +149,7 @@ CONFIG_NAMESPACES=y
 # CONFIG_UTS_NS is not set
 CONFIG_IPC_NS=y
 CONFIG_USER_NS=y
-# CONFIG_PID_NS is not set
+CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 # CONFIG_SCHED_AUTOGROUP is not set
 # CONFIG_SCHED_TUNE is not set
@@ -4304,7 +4304,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT23=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 # CONFIG_EXT4_FS_SECURITY is not set
 # CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
@@ -4319,6 +4319,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -4801,7 +4802,8 @@ CONFIG_CRYPTO_LZO=y
 #
 CONFIG_CRYPTO_ANSI_CPRNG=m
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HW=y

devices/motorola-rav/kernel/config.aarch64

@@ -55,7 +55,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -320,7 +320,7 @@ CONFIG_BASE_SMALL=0
 CONFIG_MODULES_TREE_LOOKUP=y
 CONFIG_BLOCK=y
 CONFIG_BLK_SCSI_REQUEST=y
-# CONFIG_BLK_DEV_BSG is not set
+CONFIG_BLK_DEV_BSG=y
 # CONFIG_BLK_DEV_BSGLIB is not set
 # CONFIG_BLK_DEV_INTEGRITY is not set
 # CONFIG_BLK_DEV_ZONED is not set
@@ -5727,7 +5727,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/motorola-surfna/kernel/config.aarch64

@@ -54,7 +54,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -299,7 +299,7 @@ CONFIG_MODULE_SRCVERSION_ALL=y
 # CONFIG_MODULE_EXTRA_COPY is not set
 CONFIG_MODULES_TREE_LOOKUP=y
 CONFIG_BLOCK=y
-# CONFIG_BLK_DEV_BSG is not set
+CONFIG_BLK_DEV_BSG=y
 # CONFIG_BLK_DEV_BSGLIB is not set
 # CONFIG_BLK_DEV_INTEGRITY is not set
 # CONFIG_BLK_CMDLINE_PARSER is not set
@@ -4308,7 +4308,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS_ENCRYPTION=y
@@ -4327,6 +4327,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_F2FS_FS is not set
 # CONFIG_FS_DAX is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 # CONFIG_EXPORTFS_BLOCK_OPS is not set
 CONFIG_FILE_LOCKING=y
 CONFIG_MANDATORY_FILE_LOCKING=y
@@ -4863,7 +4864,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/oneplus-oneplus3/kernel/config.aarch64

@@ -51,7 +51,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -3998,7 +3998,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT23=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
@@ -4013,6 +4013,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -4489,7 +4490,8 @@ CONFIG_CRYPTO_DEFLATE=y
 #
 CONFIG_CRYPTO_ANSI_CPRNG=y
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_QCE50=y

devices/pine64-pinephone/kernel/config.aarch64

@@ -2,7 +2,7 @@
 # Automatically generated file; DO NOT EDIT.
 # Linux/arm64 5.13.7 Kernel Configuration
 #
-CONFIG_CC_VERSION_TEXT="gcc (GCC) 9.3.0"
+CONFIG_CC_VERSION_TEXT="aarch64-unknown-linux-gnu-gcc (GCC) 9.3.0"
 CONFIG_CC_IS_GCC=y
 CONFIG_GCC_VERSION=90300
 CONFIG_CLANG_VERSION=0
@@ -1519,7 +1519,7 @@ CONFIG_PCIE_KIRIN=y
 # Generic Driver Options
 #
 CONFIG_UEVENT_HELPER=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_UEVENT_HELPER_PATH=""
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_STANDALONE=y

devices/pine64-pinetab/kernel/config.aarch64

@@ -1486,7 +1486,7 @@ CONFIG_PCIE_KIRIN=y
 # Generic Driver Options
 #
 CONFIG_UEVENT_HELPER=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_UEVENT_HELPER_PATH=""
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_STANDALONE=y

devices/razer-cheryl2/kernel/config.aarch64

@@ -53,7 +53,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -4812,7 +4812,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS_ENCRYPTION=y
@@ -4831,6 +4831,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_F2FS_FS is not set
 # CONFIG_FS_DAX is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 # CONFIG_EXPORTFS_BLOCK_OPS is not set
 CONFIG_FILE_LOCKING=y
 CONFIG_MANDATORY_FILE_LOCKING=y
@@ -5369,7 +5370,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/samsung-a5y17lte/kernel/config.aarch64

@@ -49,7 +49,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 CONFIG_USELIB=y
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -249,7 +249,7 @@ CONFIG_MODULES=y
 # CONFIG_MODULE_COMPRESS is not set
 CONFIG_STOP_MACHINE=y
 CONFIG_BLOCK=y
-# CONFIG_BLK_DEV_BSG is not set
+CONFIG_BLK_DEV_BSG=y
 # CONFIG_BLK_DEV_BSGLIB is not set
 # CONFIG_BLK_DEV_INTEGRITY is not set
 # CONFIG_BLK_CMDLINE_PARSER is not set
@@ -3914,7 +3914,7 @@ CONFIG_EXT3_FS_XATTR=y
 # CONFIG_EXT3_FS_POSIX_ACL is not set
 # CONFIG_EXT3_FS_SECURITY is not set
 CONFIG_EXT4_FS=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
@@ -3931,7 +3931,8 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_OCFS2_FS is not set
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
-# CONFIG_FS_POSIX_ACL is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -3997,8 +3998,8 @@ CONFIG_PROC_DLOG=y
 CONFIG_KERNFS=y
 CONFIG_SYSFS=y
 CONFIG_TMPFS=y
-# CONFIG_TMPFS_POSIX_ACL is not set
-# CONFIG_TMPFS_XATTR is not set
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_TMPFS_XATTR=y
 # CONFIG_HUGETLBFS is not set
 # CONFIG_HUGETLB_PAGE is not set
 CONFIG_CONFIGFS_FS=y
@@ -4411,7 +4412,8 @@ CONFIG_CRYPTO_LZ4=y
 #
 CONFIG_CRYPTO_ANSI_CPRNG=y
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HW=y
 # CONFIG_CRYPTO_DEV_S5P is not set

devices/sony-pioneer/kernel/config.aarch64

@@ -55,7 +55,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -4733,7 +4733,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS_ENCRYPTION=y
@@ -4752,6 +4752,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_F2FS_FS is not set
 # CONFIG_FS_DAX is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -5271,7 +5272,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/xiaomi-begonia/kernel/config.aarch64

@@ -56,7 +56,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -332,7 +332,7 @@ CONFIG_MODULE_SRCVERSION_ALL=y
 CONFIG_MODULES_TREE_LOOKUP=y
 CONFIG_BLOCK=y
 CONFIG_BLK_SCSI_REQUEST=y
-# CONFIG_BLK_DEV_BSG is not set
+CONFIG_BLK_DEV_BSG=y
 # CONFIG_BLK_DEV_BSGLIB is not set
 # CONFIG_BLK_DEV_INTEGRITY is not set
 # CONFIG_BLK_DEV_ZONED is not set
@@ -802,7 +802,7 @@ CONFIG_IPV6_PIMSM_V2=y
 # CONFIG_IPV6_SEG6_LWTUNNEL is not set
 # CONFIG_IPV6_SEG6_HMAC is not set
 # CONFIG_NETLABEL is not set
-CONFIG_ANDROID_PARANOID_NETWORK=y
+# CONFIG_ANDROID_PARANOID_NETWORK is not set
 CONFIG_NETWORK_SECMARK=y
 # CONFIG_NET_PTP_CLASSIFY is not set
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
@@ -4504,7 +4504,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS_ENCRYPTION=y
@@ -5098,7 +5098,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/xiaomi-lavender/kernel/config.aarch64

@@ -59,7 +59,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -4666,7 +4666,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS_ENCRYPTION=y
@@ -4685,6 +4685,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_F2FS_FS is not set
 # CONFIG_FS_DAX is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -5209,7 +5210,8 @@ CONFIG_CRYPTO_DRBG_HMAC=y
 # CONFIG_CRYPTO_DRBG_CTR is not set
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set

devices/xiaomi-tissot/kernel/config.aarch64

@@ -51,7 +51,7 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_POSIX_MQUEUE is not set
 CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -3958,7 +3958,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT23=y
-# CONFIG_EXT4_FS_POSIX_ACL is not set
+CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
@@ -3973,6 +3973,7 @@ CONFIG_FS_MBCACHE=y
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set
 CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
 CONFIG_FILE_LOCKING=y
 # CONFIG_FS_ENCRYPTION is not set
 CONFIG_FSNOTIFY=y
@@ -4442,7 +4443,8 @@ CONFIG_CRYPTO_LZO=y
 #
 CONFIG_CRYPTO_ANSI_CPRNG=y
 # CONFIG_CRYPTO_DRBG_MENU is not set
-# CONFIG_CRYPTO_USER_API_HASH is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
 # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
 CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HW=y

modules/kernel-config.nix

@@ -0,0 +1,95 @@
+{ config, lib, options, pkgs, ... }:
+
+let
+  inherit (lib)
+    mkOption
+    types
+  ;
+in
+{
+  options = {
+    mobile = {
+      kernel = {
+        structuredConfig = mkOption {
+          type = with types; listOf (functionTo attrs);
+          description = ''
+            Functions returning kernel structured config.
+
+            The functions take one argument, an attrset of helpers.
+            These helpers are expected to be used with `with`, they
+            provide the `yes`, `no`, `whenOlder` and similar helpers
+            from `lib.kernel`.
+
+            The `whenHelpers` are configured with the appropriate
+            version already.
+          '';
+        };
+      };
+    };
+  };
+
+  config = {
+    mobile.kernel.structuredConfig = [
+      # Basic universal options
+      (helpers: with helpers; {
+        # POSIX_ACL and XATTR are generally needed.
+        TMPFS_POSIX_ACL = yes;
+        TMPFS_XATTR = yes;
+
+        # Executive decision that EXT4 is required.
+        EXT4_FS = yes;
+        EXT4_FS_POSIX_ACL = yes;
+
+        # Required config for Nix
+        NAMESPACES = yes;
+        USER_NS = yes;
+        PID_NS = yes;
+
+        # Additional options
+        SYSVIPC = yes;
+
+        # Options from Android kernels that break stuff
+        # While not *universally available*, it's universally required to
+        # be turned off.
+        ANDROID_PARANOID_NETWORK = no;
+      })
+      # Needed for systemd
+      (helpers: with helpers; {
+        # Kernel configuration as required by systemd
+        # As of https://github.com/systemd/systemd/blob/4917c15af7c2dfe553b8e0dbf22b4fb7cec958de/README#L35
+        DEVTMPFS = yes;
+        CGROUPS = yes;
+        INOTIFY_USER = yes;
+        SIGNALFD = yes;
+        TIMERFD = yes;
+        EPOLL = yes;
+        NET = yes;
+        UNIX = yes;
+        SYSFS = yes;
+        PROC_FS = yes;
+        FHANDLE = yes;
+        CRYPTO_USER_API_HASH = yes;
+        CRYPTO_HMAC = yes;
+        CRYPTO_SHA256 = yes;
+        SYSFS_DEPRECATED = no;
+        UEVENT_HELPER_PATH = freeform ''""'';
+        FW_LOADER_USER_HELPER = option no;
+        BLK_DEV_BSG = yes;
+        DEVPTS_MULTIPLE_INSTANCES = whenOlder "4.7" yes;
+      })
+    ];
+
+    nixpkgs.overlays = [(final: super: {
+      systemBuild-structuredConfig = version:
+        let
+          helpers = lib.kernel // (lib.kernel.whenHelpers version);
+          structuredConfig = 
+            lib.mkMerge
+              (map (fn: fn helpers) config.mobile.kernel.structuredConfig)
+          ;
+        in
+          structuredConfig
+      ;
+    })];
+  };
+}

modules/module-list.nix

@@ -32,6 +32,7 @@
   ./initrd-vendor.nix
   ./initrd.nix
   ./internal.nix
+  ./kernel-config.nix
   ./lib.nix
   ./luks.nix
   ./mobile-device.nix

overlay/mobile-nixos/kernel/builder.nix

@@ -47,6 +47,16 @@
 , ncurses
 , pkgconfig
 , runtimeShell
+
+# A structured Linux configuration option attrset.
+# When present, it will be used to validate the configuration.
+# The kernel is not configured with it *directly*. It is assumed that any
+# configuration scheme can be used, but validation always happens with the
+# structured configuration. Thus allowing fully normalized kernel configuration
+# file to be used if desired.
+# It is expected this will have been added to the Nixpkgs overlay by the
+# system build.
+, systemBuild-structuredConfig ? {}
 }:
 
 let
@@ -130,6 +140,11 @@ in
 } @ inputArgs:
 
 let
+  evaluatedStructuredConfig = import ./eval-config.nix {
+    inherit lib path version;
+    structuredConfig = (systemBuild-structuredConfig version);
+  };
+
   # Path within <nixpkgs> to refer to the kernel build system's file.
   nixosKernelPath = path + "/pkgs/os-specific/linux/kernel";
 
@@ -173,6 +188,9 @@ stdenv.mkDerivation (inputArgs // {
   # Set to false when normalizing the kernel config.
   forceNormalizedConfig = true;
 
+  # Allows updating the kernel config to conform to the structured config.
+  updateConfigFromStructuredConfig = false;
+
   depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr ]
     ++ optional (platform.linux-kernel.target == "uImage") buildPackages.ubootTools
@@ -283,10 +301,29 @@ stdenv.mkDerivation (inputArgs // {
     echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD"
 
     if [ -f "$buildRoot/.config" ]; then
-      echo "Could not link $buildRoot/.config : file exists"
+      echo "ERROR: $buildRoot/.config : file exists."
+      echo "       The kernel source tree must not contain a .config file."
+      echo "       Remove the .config file and provide it as an input for the derivation."
       exit 1
     fi
-    ln -sv ${configfile} $buildRoot/.config
+
+    # Catting so we can write to the config file
+    cat ${configfile} > $buildRoot/.config
+
+    if [ -n "$updateConfigFromStructuredConfig" ]; then
+      cat <<EOF >> $buildRoot/.config
+    #
+    # From structured config
+    #
+    ${evaluatedStructuredConfig.config.configfile}
+    EOF
+      echo
+      echo ":: Updating config to conform to structured config"
+      echo
+      make $makeFlags "''${makeFlagsArray[@]}" oldconfig
+      rm $buildRoot/.config.old
+      echo
+    fi
 
     # reads the existing .config file and prompts the user for options in
     # the current kernel source that are not found in the file.
@@ -334,6 +371,14 @@ stdenv.mkDerivation (inputArgs // {
     fi
     runHook postConfigure
 
+    (
+    cd $buildRoot/
+    echo
+    echo ":: Validating required and suggested kernel config options"
+    echo
+    ${evaluatedStructuredConfig.config.validatorSnippet}
+    )
+
     make $makeFlags "''${makeFlagsArray[@]}" prepare
     actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)"
     if [ "$actualModDirVersion" != "${modDirVersion}" ]; then
@@ -460,6 +505,7 @@ stdenv.mkDerivation (inputArgs // {
     # Derivation with the as-built normalized kernel config
     normalizedConfig = kernelDerivation.overrideAttrs({ ... }: {
       forceNormalizedConfig = false;
+      updateConfigFromStructuredConfig = true;
       buildPhase = "echo Skipping build phase...";
       installPhase = ''
         cp .config $out

overlay/mobile-nixos/kernel/eval-config.nix

@@ -0,0 +1,167 @@
+# This file includes fragments of <nixpkgs/nixos/modules/system/boot/kernel_config.nix>
+{ lib
+, path
+, modules ? []
+, structuredConfig
+, version
+}: rec {
+  module = import (path + "/nixos/modules/system/boot/kernel_config.nix");
+  config = (lib.evalModules {
+    modules = [
+      module
+      (
+        #
+        # This module adds kernel config file generation from the structured attributes.
+        #
+        { config, lib, ... }:
+
+        let
+          mkValue = with lib; val:
+          let
+            isNumber = c: elem c ["0" "1" "2" "3" "4" "5" "6" "7" "8" "9"];
+          in
+          if (val == "") then "\"\""
+            else if val == "y" || val == "m" || val == "n" then val
+            else if all isNumber (stringToCharacters val) then val
+            else if substring 0 2 val == "0x" then val
+            else val # FIXME: fix quoting one day
+          ;
+
+          mkConfigLine = key: item:
+            let
+              val = if item.freeform != null then item.freeform else item.tristate;
+            in
+            if val == null then "# CONFIG_${key} is not set" else
+            # TODO: Handle optional here??
+            # This could only work if we are given the kernel version to work from.
+            if (item.optional)
+            then "CONFIG_${key}=${mkValue val}"
+            else "CONFIG_${key}=${mkValue val}"
+          ;
+
+          mkConf = cfg: lib.concatStringsSep "\n" (lib.mapAttrsToList mkConfigLine cfg);
+          configfile = mkConf config.settings;
+
+          validatorSnippet = ''
+            (
+            echo
+            echo ":: Validating kernel configuration"
+            echo
+            error=0
+            warn=0
+
+            if [ ! -e .config ]; then
+              echo ".config is not present in \$PWD ($PWD)"
+              echo "Aborting..."
+              exit 2
+            fi
+
+            ${lib.concatMapStringsSep "\n" ({key, item}:
+            let
+              line = mkConfigLine key item;
+              val = if item.freeform != null then item.freeform else item.tristate;
+              lineNotSet = "# CONFIG_${key} is not set";
+              linePattern = "^CONFIG_${key}=";
+              presencePattern = "CONFIG_${key}[ =]";
+            in
+            ''
+              if [[ "${line}" == *" is not set" ]]; then
+                # An absent unset value is *totally fine*.
+                if (
+                  # Present
+                  (grep '${presencePattern}' .config) &&
+                  # And not unset
+                  ! (grep '^${lineNotSet}$' .config)
+                ) > /dev/null; then
+                  ${if item.optional then ''
+                    ((++warn))
+                    echo -n "Warning: "
+                  '' else ''
+                    ((++error))
+                    echo -n "ERROR: "
+                  ''}
+                  value=$(grep 'CONFIG_${key}[= ]' .config || :)
+                  echo "CONFIG_${key} should be left «is not set»... set to: «$value»."
+                fi
+              elif [[ "${line}" == *=n ]]; then
+                # An absent `=n` value is *totally fine*.
+                if (
+                  # Present
+                  (grep '${presencePattern}' .config) &&
+                  # And neither unset or set to the value
+                  ! (grep '^${line}$' .config || grep '^${lineNotSet}$' .config)
+                ) > /dev/null; then
+                  ${if item.optional then ''
+                    ((++warn))
+                    echo -n "Warning: "
+                  '' else ''
+                    ((++error))
+                    echo -n "ERROR: "
+                  ''}
+                  value=$(grep 'CONFIG_${key}[= ]' .config || :)
+                  echo "CONFIG_${key} not set to «${line}»... set to: «$value»."
+                fi
+              else
+                if ! grep '^${line}$' .config > /dev/null; then
+                  ${if item.optional then ''
+                    ((++warn))
+                    echo -n "Warning: "
+                  '' else ''
+                    ((++error))
+                    echo -n "ERROR: "
+                  ''}
+                  value=$(grep 'CONFIG_${key}[= ]' .config || :)
+                  if [[ -z "$value" ]]; then
+                    echo "CONFIG_${key} is expected to be set to «${line}», but is not present in config file."
+                    else
+                    echo "CONFIG_${key} not set to «${line}»... set to: «$value»."
+                  fi
+                fi
+              fi
+
+            '') (lib.mapAttrsToList (key: item: { inherit key item; }) config.settings)}
+
+            echo
+            echo "Finished validating..."
+            echo "   Errors: $error"
+            echo "   Warnings: $warn"
+            echo
+            if ((error)); then
+              echo "=> Kernel configuration validation failed..."
+              echo "... aborting."
+              false
+            fi
+
+            if ((warn)); then
+              echo "=> Kernel configuration passed with warnings..."
+              echo "... continuing."
+            fi
+            )
+          '';
+        in
+        {
+          options = {
+            configfile = lib.mkOption {
+              readOnly = true;
+              type = lib.types.str;
+              description = ''
+                String that can directly be used as a kernel config file contents.
+              '';
+            };
+            validatorSnippet = lib.mkOption {
+              readOnly = true;
+              type = lib.types.str;
+              description = ''
+                String that can directly be used as a kernel config file contents.
+              '';
+            };
+          };
+          config = {
+            inherit configfile validatorSnippet;
+          };
+        }
+      )
+      { settings = structuredConfig; _file = "(structuredConfig argument)"; }
+    ] ++ modules;
+  }).config;
+}