From 989dc486820772b348072c26c77ad64f88221460 Mon Sep 17 00:00:00 2001
From: PedroHLC <root@pedrohlc.com>
Date: Mon, 15 Jul 2024 20:08:01 -0300
Subject: [PATCH] linux_cachyos-hardened: null -> 6.9.9

---
 .../cachyos-hardened.x86_64-linux.nix         | 42 ++++++-------------
 pkgs/linux-cachyos/versions-hardened.json     | 19 ++++++++-
 2 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/pkgs/linux-cachyos/config-nix/cachyos-hardened.x86_64-linux.nix b/pkgs/linux-cachyos/config-nix/cachyos-hardened.x86_64-linux.nix
index f146d53f0..0ba1dabd6 100644
--- a/pkgs/linux-cachyos/config-nix/cachyos-hardened.x86_64-linux.nix
+++ b/pkgs/linux-cachyos/config-nix/cachyos-hardened.x86_64-linux.nix
@@ -18,7 +18,6 @@
   "CONFIG_IRQ_WORK" = "y";
   "CONFIG_BUILDTIME_TABLE_SORT" = "y";
   "CONFIG_THREAD_INFO_IN_TASK" = "y";
-  "CONFIG_CACHY" = "y";
   "CONFIG_INIT_ENV_ARG_LIMIT" = "32";
   "CONFIG_LOCALVERSION" = "";
   "CONFIG_LOCALVERSION_AUTO" = "y";
@@ -173,7 +172,6 @@
   "CONFIG_USER_NS" = "y";
   "CONFIG_PID_NS" = "y";
   "CONFIG_NET_NS" = "y";
-  "CONFIG_SCHED_BORE" = "y";
   "CONFIG_SCHED_AUTOGROUP" = "y";
   "CONFIG_RELAY" = "y";
   "CONFIG_BLK_DEV_INITRD" = "y";
@@ -187,15 +185,16 @@
   "CONFIG_RD_ZSTD" = "y";
   "CONFIG_BOOT_CONFIG" = "y";
   "CONFIG_INITRAMFS_PRESERVE_MTIME" = "y";
-  "CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3" = "y";
   "CONFIG_LD_ORPHAN_WARN" = "y";
   "CONFIG_LD_ORPHAN_WARN_LEVEL" = "warn";
   "CONFIG_SYSCTL" = "y";
   "CONFIG_HAVE_UID16" = "y";
   "CONFIG_SYSCTL_EXCEPTION_TRACE" = "y";
   "CONFIG_HAVE_PCSPKR_PLATFORM" = "y";
+  "CONFIG_UID16" = "y";
   "CONFIG_MULTIUSER" = "y";
   "CONFIG_SGETMASK_SYSCALL" = "y";
+  "CONFIG_SYSFS_SYSCALL" = "y";
   "CONFIG_FHANDLE" = "y";
   "CONFIG_POSIX_TIMERS" = "y";
   "CONFIG_PRINTK" = "y";
@@ -333,6 +332,8 @@
   "CONFIG_PERF_EVENTS_AMD_POWER" = "m";
   "CONFIG_PERF_EVENTS_AMD_UNCORE" = "m";
   "CONFIG_PERF_EVENTS_AMD_BRS" = "y";
+  "CONFIG_X86_16BIT" = "y";
+  "CONFIG_X86_ESPFIX64" = "y";
   "CONFIG_X86_VSYSCALL_EMULATION" = "y";
   "CONFIG_X86_IOPL_IOPERM" = "y";
   "CONFIG_MICROCODE" = "y";
@@ -371,10 +372,8 @@
   "CONFIG_EFI_STUB" = "y";
   "CONFIG_EFI_HANDOVER_PROTOCOL" = "y";
   "CONFIG_EFI_MIXED" = "y";
-  "CONFIG_HZ_500" = "y";
   "CONFIG_HZ_1000" = "y";
   "CONFIG_HZ" = "500";
-  "CONFIG_MIN_BASE_SLICE_NS" = "2000000";
   "CONFIG_SCHED_HRTICK" = "y";
   "CONFIG_ARCH_SUPPORTS_KEXEC" = "y";
   "CONFIG_ARCH_SUPPORTS_KEXEC_FILE" = "y";
@@ -397,6 +396,7 @@
   "CONFIG_LEGACY_VSYSCALL_NONE" = "y";
   "CONFIG_CMDLINE_BOOL" = "y";
   "CONFIG_CMDLINE" = "pti=on page_alloc.shuffle=1";
+  "CONFIG_MODIFY_LDT_SYSCALL" = "y";
   "CONFIG_HAVE_LIVEPATCH" = "y";
   "CONFIG_CC_HAS_NAMED_AS" = "y";
   "CONFIG_USE_X86_SEG_SUPPORT" = "y";
@@ -585,8 +585,6 @@
   "CONFIG_AS_SHA256_NI" = "y";
   "CONFIG_AS_TPAUSE" = "y";
   "CONFIG_AS_GFNI" = "y";
-  "CONFIG_AS_VAES" = "y";
-  "CONFIG_AS_VPCLMULQDQ" = "y";
   "CONFIG_AS_WRUSS" = "y";
   "CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS" = "y";
   "CONFIG_HOTPLUG_SMT" = "y";
@@ -686,9 +684,9 @@
   "CONFIG_ARCH_HAS_ELF_RANDOMIZE" = "y";
   "CONFIG_HAVE_ARCH_MMAP_RND_BITS" = "y";
   "CONFIG_HAVE_EXIT_THREAD" = "y";
-  "CONFIG_ARCH_MMAP_RND_BITS" = "32";
+  "CONFIG_ARCH_MMAP_RND_BITS" = "28";
   "CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS" = "y";
-  "CONFIG_ARCH_MMAP_RND_COMPAT_BITS" = "16";
+  "CONFIG_ARCH_MMAP_RND_COMPAT_BITS" = "8";
   "CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES" = "y";
   "CONFIG_HAVE_PAGE_SIZE_4KB" = "y";
   "CONFIG_PAGE_SIZE_4KB" = "y";
@@ -844,7 +842,6 @@
   "CONFIG_SLUB" = "y";
   "CONFIG_SLAB_FREELIST_RANDOM" = "y";
   "CONFIG_SLAB_FREELIST_HARDENED" = "y";
-  "CONFIG_SLAB_CANARY" = "y";
   "CONFIG_SLUB_CPU_PARTIAL" = "y";
   "CONFIG_RANDOM_KMALLOC_CACHES" = "y";
   "CONFIG_SHUFFLE_PAGE_ALLOCATOR" = "y";
@@ -871,7 +868,7 @@
   "CONFIG_MEMORY_BALLOON" = "y";
   "CONFIG_BALLOON_COMPACTION" = "y";
   "CONFIG_COMPACTION" = "y";
-  "CONFIG_COMPACT_UNEVICTABLE_DEFAULT" = "0";
+  "CONFIG_COMPACT_UNEVICTABLE_DEFAULT" = "1";
   "CONFIG_PAGE_REPORTING" = "y";
   "CONFIG_MIGRATION" = "y";
   "CONFIG_DEVICE_MIGRATION" = "y";
@@ -2025,7 +2022,6 @@
   "CONFIG_PCI_ENDPOINT_TEST" = "m";
   "CONFIG_XILINX_SDFEC" = "m";
   "CONFIG_MISC_RTSX" = "m";
-  "CONFIG_NTSYNC" = "y";
   "CONFIG_TPS6594_ESM" = "m";
   "CONFIG_TPS6594_PFSM" = "m";
   "CONFIG_NSM" = "m";
@@ -3782,7 +3778,6 @@
   "CONFIG_I2C_ISMT" = "m";
   "CONFIG_I2C_PIIX4" = "m";
   "CONFIG_I2C_CHT_WC" = "m";
-  "CONFIG_I2C_NCT6775" = "m";
   "CONFIG_I2C_NFORCE2" = "m";
   "CONFIG_I2C_NFORCE2_S4985" = "m";
   "CONFIG_I2C_NVIDIA_GPU" = "m";
@@ -4331,7 +4326,6 @@
   "CONFIG_SENSORS_SCH56XX_COMMON" = "m";
   "CONFIG_SENSORS_SCH5627" = "m";
   "CONFIG_SENSORS_SCH5636" = "m";
-  "CONFIG_SENSORS_STEAMDECK" = "m";
   "CONFIG_SENSORS_STTS751" = "m";
   "CONFIG_SENSORS_SURFACE_FAN" = "m";
   "CONFIG_SENSORS_ADC128D818" = "m";
@@ -4628,7 +4622,6 @@
   "CONFIG_MFD_INTEL_M10_BMC_CORE" = "m";
   "CONFIG_MFD_INTEL_M10_BMC_SPI" = "m";
   "CONFIG_MFD_INTEL_M10_BMC_PMCI" = "m";
-  "CONFIG_MFD_STEAMDECK" = "m";
   "CONFIG_REGULATOR" = "y";
   "CONFIG_REGULATOR_FIXED_VOLTAGE" = "m";
   "CONFIG_REGULATOR_VIRTUAL_CONSUMER" = "m";
@@ -4804,7 +4797,6 @@
   "CONFIG_VIDEO_V4L2_I2C" = "y";
   "CONFIG_VIDEO_V4L2_SUBDEV_API" = "y";
   "CONFIG_VIDEO_TUNER" = "m";
-  "CONFIG_V4L2_LOOPBACK" = "m";
   "CONFIG_V4L2_MEM2MEM_DEV" = "m";
   "CONFIG_V4L2_FLASH_LED_CLASS" = "m";
   "CONFIG_V4L2_FWNODE" = "m";
@@ -5349,7 +5341,6 @@
   "CONFIG_DRM_AMD_DC_FP" = "y";
   "CONFIG_DRM_AMD_DC_SI" = "y";
   "CONFIG_DRM_AMD_SECURE_DISPLAY" = "y";
-  "CONFIG_AMD_PRIVATE_COLOR" = "y";
   "CONFIG_HSA_AMD" = "y";
   "CONFIG_HSA_AMD_SVM" = "y";
   "CONFIG_DRM_NOUVEAU" = "m";
@@ -5408,7 +5399,6 @@
   "CONFIG_DRM_PANEL_BRIDGE" = "y";
   "CONFIG_DRM_ANALOGIX_ANX78XX" = "m";
   "CONFIG_DRM_ANALOGIX_DP" = "m";
-  "CONFIG_DRM_APPLETBDRM" = "m";
   "CONFIG_DRM_BOCHS" = "m";
   "CONFIG_DRM_CIRRUS_QEMU" = "m";
   "CONFIG_DRM_GM12U320" = "m";
@@ -6231,9 +6221,6 @@
   "CONFIG_HID_ACRUX_FF" = "y";
   "CONFIG_HID_APPLE" = "m";
   "CONFIG_HID_APPLEIR" = "m";
-  "CONFIG_HID_APPLETB_BL" = "m";
-  "CONFIG_HID_APPLETB_KBD" = "m";
-  "CONFIG_HID_APPLE_MAGIC_BACKLIGHT" = "m";
   "CONFIG_HID_ASUS" = "m";
   "CONFIG_HID_AUREAL" = "m";
   "CONFIG_HID_BELKIN" = "m";
@@ -6669,7 +6656,6 @@
   "CONFIG_LEDS_TI_LMU_COMMON" = "m";
   "CONFIG_LEDS_LM36274" = "m";
   "CONFIG_LEDS_TPS6105X" = "m";
-  "CONFIG_LEDS_STEAMDECK" = "m";
   "CONFIG_LEDS_AS3645A" = "m";
   "CONFIG_LEDS_LM3601X" = "m";
   "CONFIG_LEDS_MT6370_FLASH" = "m";
@@ -7062,7 +7048,6 @@
   "CONFIG_KS7010" = "m";
   "CONFIG_PI433" = "m";
   "CONFIG_FIELDBUS_DEV" = "m";
-  "CONFIG_APPLE_BCE" = "m";
   "CONFIG_CHROME_PLATFORMS" = "y";
   "CONFIG_CHROMEOS_ACPI" = "m";
   "CONFIG_CHROMEOS_LAPTOP" = "m";
@@ -7336,7 +7321,6 @@
   "CONFIG_EXTCON_USB_GPIO" = "m";
   "CONFIG_EXTCON_USBC_CROS_EC" = "m";
   "CONFIG_EXTCON_USBC_TUSB320" = "m";
-  "CONFIG_EXTCON_STEAMDECK" = "m";
   "CONFIG_MEMORY" = "y";
   "CONFIG_FPGA_DFL_EMIF" = "m";
   "CONFIG_IIO" = "m";
@@ -8187,6 +8171,7 @@
   "CONFIG_NFS_V4_SECURITY_LABEL" = "y";
   "CONFIG_NFS_FSCACHE" = "y";
   "CONFIG_NFS_USE_KERNEL_DNS" = "y";
+  "CONFIG_NFS_DEBUG" = "y";
   "CONFIG_NFSD" = "m";
   "CONFIG_NFSD_V3_ACL" = "y";
   "CONFIG_NFSD_V4" = "y";
@@ -8299,8 +8284,6 @@
   "CONFIG_KEY_DH_OPERATIONS" = "y";
   "CONFIG_KEY_NOTIFICATIONS" = "y";
   "CONFIG_SECURITY_DMESG_RESTRICT" = "y";
-  "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" = "y";
-  "CONFIG_SECURITY_TIOCSTI_RESTRICT" = "y";
   "CONFIG_SECURITY" = "y";
   "CONFIG_SECURITYFS" = "y";
   "CONFIG_SECURITY_NETWORK" = "y";
@@ -8357,8 +8340,6 @@
   "CONFIG_INIT_ON_ALLOC_DEFAULT_ON" = "y";
   "CONFIG_INIT_ON_FREE_DEFAULT_ON" = "y";
   "CONFIG_CC_HAS_ZERO_CALL_USED_REGS" = "y";
-  "CONFIG_PAGE_SANITIZE_VERIFY" = "y";
-  "CONFIG_SLAB_SANITIZE_VERIFY" = "y";
   "CONFIG_LIST_HARDENED" = "y";
   "CONFIG_BUG_ON_DATA_CORRUPTION" = "y";
   "CONFIG_RANDSTRUCT_FULL" = "y";
@@ -8770,7 +8751,6 @@
   "CONFIG_KFENCE_NUM_OBJECTS" = "255";
   "CONFIG_KFENCE_DEFERRABLE" = "y";
   "CONFIG_KFENCE_STRESS_TEST_FAULTS" = "0";
-  "CONFIG_KFENCE_BUG_ON_DATA_CORRUPTION" = "y";
   "CONFIG_HAVE_ARCH_KMSAN" = "y";
   "CONFIG_DEBUG_SHIRQ" = "y";
   "CONFIG_PANIC_ON_OOPS" = "y";
@@ -8874,5 +8854,9 @@
   "CONFIG_TEST_KSTRTOX" = "y";
   "CONFIG_ARCH_USE_MEMTEST" = "y";
   "CONFIG_MEMTEST" = "y";
+  "CONFIG_CACHY" = "y";
+  "CONFIG_SCHED_BORE" = "y";
+  "CONFIG_HZ_500" = "y";
   "CONFIG_NO_HZ_FULL_NODEF" = "y";
+  "CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3" = "y";
 }
diff --git a/pkgs/linux-cachyos/versions-hardened.json b/pkgs/linux-cachyos/versions-hardened.json
index ffcd4415b..a822cb468 100644
--- a/pkgs/linux-cachyos/versions-hardened.json
+++ b/pkgs/linux-cachyos/versions-hardened.json
@@ -1 +1,18 @@
-{ }
+{
+  "linux": {
+    "version": "6.9.9",
+    "hash": "sha256-K+BbSH6yOaO/aH1iio8QQXfQnDEPALzCpeUPFzNCHrk="
+  },
+  "config": {
+    "rev": "a3523291c7c28615b7d6567933d9d8727a479758",
+    "hash": "sha256-DfvQcON++Xe0k9ZsEf27HhJq+wRAqwyT0MTtlK9GuLI="
+  },
+  "patches": {
+    "rev": "165922494315b1807cce71202bb3d83c070f9a3e",
+    "hash": "sha256-9ULOFXJpEbf2hxtm73HPJfupWPadAhCE9Rt4462YnwY="
+  },
+  "zfs": {
+    "rev": "228ff3867f53d31dab403a3b6b3b555eaf8bdc04",
+    "hash": "sha256-WTPac+X1AuMJFwLY6id3ntIiBBu2VBzHPEOvoAwnWkg="
+  }
+}