]>
Commit | Line | Data |
---|---|---|
ba2f1a67 FG |
1 | KERNEL SOURCE: |
2 | ============== | |
3 | ||
d53796d6 | 4 | We currently use the Ubuntu kernel sources, available from our mirror: |
ba2f1a67 | 5 | |
d53796d6 | 6 | https://git.proxmox.com/?p=mirror_ubuntu-kernels.git;a=summary |
ba2f1a67 FG |
7 | |
8 | Ubuntu will maintain those kernels till: | |
9 | ||
10 | https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable | |
5d602710 TL |
11 | or |
12 | https://pve.proxmox.com/pve-docs/chapter-pve-faq.html#faq-support-table | |
13 | ||
14 | whatever happens to be earlier. | |
ba2f1a67 FG |
15 | |
16 | ||
17 | Additional/Updated Modules: | |
18 | --------------------------- | |
19 | ||
ba2f1a67 FG |
20 | - include native OpenZFS filesystem kernel modules for Linux |
21 | ||
22 | * https://github.com/zfsonlinux/ | |
23 | ||
24 | For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ | |
25 | ||
ba2f1a67 | 26 | |
fd921db9 TL |
27 | SUBMODULE |
28 | ========= | |
29 | ||
30 | We track the current upstream repository as submodule. Besides obvious | |
31 | advantages over tracking binary tar archives this also has some implications. | |
32 | ||
33 | For building the submodule directory gets copied into build/ and a few patches | |
34 | get applied with the `patch` tool. From a git point-of-view, the copied | |
35 | directory remains clean even with extra patches applied since it does not | |
36 | contain a .git directory, but a reference to the (still pristine) submodule: | |
37 | ||
d53796d6 | 38 | $ cat build/ubuntu-kernel/.git |
fd921db9 TL |
39 | |
40 | If you mistakenly cloned the upstream repo as "normal" clone (not via the | |
41 | submodule mechanics) this means that you have a real .git directory with its | |
42 | independent objects and tracking info when copying for building, thus git | |
43 | operates on the copied directory - and "sees" that it was dirtied by `patch`, | |
44 | and thus the kernel buildsystem sees this too and will add a '+' to the version | |
45 | as a result. This changes the output directories for modules and other build | |
46 | artefacts and let's then the build fail on packaging. | |
47 | ||
48 | So always ensure that you really checked it out as submodule, not as full | |
49 | "normal" clone. You can also explicitly set the LOCALVERSION variable to | |
50 | undefined with: `export LOCALVERSION= but that should only be done for test | |
51 | builds. | |
52 | ||
44403fcc FG |
53 | RELATED PACKAGES: |
54 | ================= | |
55 | ||
56 | proxmox-ve | |
57 | ---------- | |
ba2f1a67 | 58 | |
44403fcc | 59 | top level meta package, depends on current default kernel series meta package. |
ba2f1a67 | 60 | |
44403fcc | 61 | git clone git://git.proxmox.com/git/proxmox-ve.git |
ba2f1a67 | 62 | |
25b7be41 FG |
63 | proxmox-default-kernel |
64 | ---------------------- | |
ba2f1a67 | 65 | |
25b7be41 FG |
66 | Depends on default kernel and header meta package, e.g., proxmox-kernel-6.2 / |
67 | proxmox-headers-6.2. | |
ba2f1a67 | 68 | |
44403fcc | 69 | git clone git://git.proxmox.com/git/pve-kernel-meta.git |
ba2f1a67 | 70 | |
25b7be41 FG |
71 | proxmox-kernel-X.Y |
72 | ------------------ | |
73 | ||
74 | Depends on the latest kernel (or header, in case of proxmox-headers-X.Y) | |
75 | package within a certain series. | |
76 | ||
77 | e.g., proxmox-kernel-6.2 depends on proxmox-kernel-6.2.16-6-pve | |
78 | ||
44403fcc FG |
79 | pve-firmware |
80 | ------------ | |
ba2f1a67 | 81 | |
d53796d6 | 82 | Contains the firmware for all released PVE kernels. |
ba2f1a67 | 83 | |
44403fcc | 84 | git clone git://git.proxmox.com/git/pve-firmware.git |
ba2f1a67 | 85 | |
ba2f1a67 | 86 | |
44403fcc FG |
87 | NOTES: |
88 | ====== | |
ba2f1a67 | 89 | |
8b4e1fa9 SI |
90 | ABI versions, package versions and package name: |
91 | ------------------------------------------------ | |
92 | ||
93 | We follow debian's versioning w.r.t ABI changes: | |
94 | ||
95 | https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html | |
96 | https://wiki.debian.org/DebianKernelABIChanges | |
97 | ||
98 | The debian/rules file has a target comparing the build kernel's ABI against the | |
99 | version stored in the repository and indicates when an ABI bump is necessary. | |
100 | An ABI bump within one upstream version consists of incrementing the KREL | |
101 | variable in the Makefile, rebuilding the packages and running 'make abiupdate' | |
102 | (the 'abiupdate' target in 'Makefile' contains the steps for consistently | |
103 | updating the repository). | |
104 | ||
ba2f1a67 FG |
105 | Watchdog blacklist |
106 | ------------------ | |
107 | ||
108 | By default, all watchdog modules are black-listed because it is totally undefined | |
109 | which device is actually used for /dev/watchdog. | |
25b7be41 | 110 | We ship this list in /lib/modprobe.d/blacklist_proxmox-kernel-<VERSION>.conf |
ba2f1a67 FG |
111 | The user typically edit /etc/modules to enable a specific watchdog device. |
112 | ||
1a9e23ff FG |
113 | Debug kernel and modules |
114 | ------------------------ | |
115 | ||
116 | In order to build a -dbgsym package containing an unstripped copy of the kernel | |
25b7be41 FG |
117 | image and modules, enable the 'pkg.proxmox-kernel.debug' build profile (e.g. by |
118 | exporting DEB_BUILD_PROFILES='pkg.proxmox-kernel.debug'). The resulting package can | |
1a9e23ff FG |
119 | be used together with 'crash'/'kdump-tools' to debug kernel crashes. |
120 | ||
25b7be41 | 121 | Note: the -dbgsym package is only valid for the proxmox-kernel packages produced by |
1a9e23ff FG |
122 | the same build. A kernel/module from a different build will likely not match, |
123 | even if both builds are of the same kernel and package version. | |
124 | ||
ba2f1a67 FG |
125 | Additional information |
126 | ---------------------- | |
127 | ||
128 | We use the default configuration provided by Ubuntu, and apply | |
44403fcc FG |
129 | the following modifications: |
130 | ||
043808ec | 131 | NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS) |
44403fcc FG |
132 | |
133 | - enable INTEL_MEI_WDT=m (to allow disabling via patch) | |
ba2f1a67 | 134 | |
44403fcc FG |
135 | - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) |
136 | ||
137 | - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS | |
ba2f1a67 FG |
138 | |
139 | - enable CONFIG_CEPH_FS=m (request from user) | |
140 | ||
141 | - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection | |
0b82622c | 142 | problems (udev, update-initramfs have serious problems without that) |
ba2f1a67 FG |
143 | |
144 | CONFIG_BLK_DEV_SD=y | |
145 | CONFIG_BLK_DEV_SR=y | |
146 | CONFIG_BLK_DEV_DM=y | |
147 | ||
ba2f1a67 FG |
148 | - compile NBD and RBD modules |
149 | CONFIG_BLK_DEV_NBD=m | |
150 | CONFIG_BLK_DEV_RBD=m | |
151 | ||
043808ec | 152 | - enable IBM JFS file system as module |
5d602710 | 153 | requested by users (bug #64) |
ba2f1a67 | 154 | |
043808ec | 155 | - enable apple HFS and HFSPLUS as module |
5d602710 | 156 | requested by users |
ba2f1a67 FG |
157 | |
158 | - enable CONFIG_BCACHE=m (requested by user) | |
159 | ||
160 | - enable CONFIG_BRIDGE=y | |
5d602710 | 161 | to avoid warnings on boot, e.g. that net.bridge.bridge-nf-call-iptables is an unknown key |
ba2f1a67 FG |
162 | |
163 | - enable CONFIG_DEFAULT_SECURITY_APPARMOR | |
ba2f1a67 | 164 | We need this for lxc |
44403fcc | 165 | |
ba2f1a67 | 166 | - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y |
ba2f1a67 FG |
167 | because if not set, it can give some dynamic memory or cpu frequencies |
168 | change, and vms can crash (mainly windows guest). | |
ba2f1a67 FG |
169 | see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 |
170 | ||
171 | - use 'deadline' as default scheduler | |
5d602710 | 172 | This is the suggested setting for KVM. We also measure bad fsync performance with ext4 and cfq. |
ba2f1a67 FG |
173 | |
174 | - disable CONFIG_INPUT_EVBUG | |
5d602710 TL |
175 | Module evbug is not blacklisted on debian, so we simply disable it to avoid |
176 | key-event logs (which is a big security problem) | |
ba2f1a67 | 177 | |
44403fcc FG |
178 | - enable CONFIG_MODVERSIONS (needed for ABI tracking) |
179 | ||
180 | - switch default UNWINDER to FRAME_POINTER | |
44403fcc | 181 | the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS |
ba2f1a67 | 182 | |
44403fcc | 183 | - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation) |