]>
Commit | Line | Data |
---|---|---|
ba2f1a67 FG |
1 | KERNEL SOURCE: |
2 | ============== | |
3 | ||
4 | We currently use the Ubuntu kernel sources, available from: | |
5 | ||
1e99f45b | 6 | http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/ |
ba2f1a67 FG |
7 | |
8 | Ubuntu will maintain those kernels till: | |
9 | ||
10 | https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable | |
11 | ||
12 | ||
13 | Additional/Updated Modules: | |
14 | --------------------------- | |
15 | ||
16 | - include latest e1000e driver from intel/sourceforge | |
17 | ||
44403fcc | 18 | - include latest igb driver from intel/sourceforge |
ba2f1a67 FG |
19 | |
20 | - include native OpenZFS filesystem kernel modules for Linux | |
21 | ||
22 | * https://github.com/zfsonlinux/ | |
23 | ||
24 | For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ | |
25 | ||
ba2f1a67 | 26 | |
fd921db9 TL |
27 | SUBMODULE |
28 | ========= | |
29 | ||
30 | We track the current upstream repository as submodule. Besides obvious | |
31 | advantages over tracking binary tar archives this also has some implications. | |
32 | ||
33 | For building the submodule directory gets copied into build/ and a few patches | |
34 | get applied with the `patch` tool. From a git point-of-view, the copied | |
35 | directory remains clean even with extra patches applied since it does not | |
36 | contain a .git directory, but a reference to the (still pristine) submodule: | |
37 | ||
38 | $ cat build/ubuntu-bionic/.git | |
39 | ||
40 | If you mistakenly cloned the upstream repo as "normal" clone (not via the | |
41 | submodule mechanics) this means that you have a real .git directory with its | |
42 | independent objects and tracking info when copying for building, thus git | |
43 | operates on the copied directory - and "sees" that it was dirtied by `patch`, | |
44 | and thus the kernel buildsystem sees this too and will add a '+' to the version | |
45 | as a result. This changes the output directories for modules and other build | |
46 | artefacts and let's then the build fail on packaging. | |
47 | ||
48 | So always ensure that you really checked it out as submodule, not as full | |
49 | "normal" clone. You can also explicitly set the LOCALVERSION variable to | |
50 | undefined with: `export LOCALVERSION= but that should only be done for test | |
51 | builds. | |
52 | ||
44403fcc FG |
53 | RELATED PACKAGES: |
54 | ================= | |
55 | ||
56 | proxmox-ve | |
57 | ---------- | |
ba2f1a67 | 58 | |
44403fcc | 59 | top level meta package, depends on current default kernel series meta package. |
ba2f1a67 | 60 | |
44403fcc | 61 | git clone git://git.proxmox.com/git/proxmox-ve.git |
ba2f1a67 | 62 | |
44403fcc FG |
63 | pve-kernel-meta |
64 | --------------- | |
ba2f1a67 | 65 | |
44403fcc | 66 | depends on latest kernel and header package within a certain kernel series, |
1e99f45b | 67 | e.g., pve-kernel-4.15 / pve-headers-4.15 |
ba2f1a67 | 68 | |
44403fcc | 69 | git clone git://git.proxmox.com/git/pve-kernel-meta.git |
ba2f1a67 | 70 | |
44403fcc FG |
71 | pve-firmware |
72 | ------------ | |
ba2f1a67 | 73 | |
44403fcc | 74 | contains the firmware for all released PVE kernels. |
ba2f1a67 | 75 | |
44403fcc | 76 | git clone git://git.proxmox.com/git/pve-firmware.git |
ba2f1a67 | 77 | |
ba2f1a67 | 78 | |
44403fcc FG |
79 | NOTES: |
80 | ====== | |
ba2f1a67 | 81 | |
8b4e1fa9 SI |
82 | ABI versions, package versions and package name: |
83 | ------------------------------------------------ | |
84 | ||
85 | We follow debian's versioning w.r.t ABI changes: | |
86 | ||
87 | https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html | |
88 | https://wiki.debian.org/DebianKernelABIChanges | |
89 | ||
90 | The debian/rules file has a target comparing the build kernel's ABI against the | |
91 | version stored in the repository and indicates when an ABI bump is necessary. | |
92 | An ABI bump within one upstream version consists of incrementing the KREL | |
93 | variable in the Makefile, rebuilding the packages and running 'make abiupdate' | |
94 | (the 'abiupdate' target in 'Makefile' contains the steps for consistently | |
95 | updating the repository). | |
96 | ||
ba2f1a67 FG |
97 | Watchdog blacklist |
98 | ------------------ | |
99 | ||
100 | By default, all watchdog modules are black-listed because it is totally undefined | |
101 | which device is actually used for /dev/watchdog. | |
102 | We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf | |
103 | The user typically edit /etc/modules to enable a specific watchdog device. | |
104 | ||
105 | Additional information | |
106 | ---------------------- | |
107 | ||
108 | We use the default configuration provided by Ubuntu, and apply | |
44403fcc FG |
109 | the following modifications: |
110 | ||
043808ec | 111 | NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS) |
44403fcc FG |
112 | |
113 | - enable INTEL_MEI_WDT=m (to allow disabling via patch) | |
ba2f1a67 | 114 | |
44403fcc FG |
115 | - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) |
116 | ||
117 | - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS | |
ba2f1a67 FG |
118 | |
119 | - enable CONFIG_CEPH_FS=m (request from user) | |
120 | ||
121 | - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection | |
0b82622c | 122 | problems (udev, update-initramfs have serious problems without that) |
ba2f1a67 FG |
123 | |
124 | CONFIG_BLK_DEV_SD=y | |
125 | CONFIG_BLK_DEV_SR=y | |
126 | CONFIG_BLK_DEV_DM=y | |
127 | ||
128 | - add workaround for Debian bug #807000 (see | |
129 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) | |
130 | ||
131 | CONFIG_BLK_DEV_NVME=y | |
132 | ||
133 | - compile NBD and RBD modules | |
134 | CONFIG_BLK_DEV_NBD=m | |
135 | CONFIG_BLK_DEV_RBD=m | |
136 | ||
043808ec | 137 | - enable IBM JFS file system as module |
ba2f1a67 | 138 | |
043808ec | 139 | enable it as requested by users (bug #64) |
ba2f1a67 | 140 | |
043808ec | 141 | - enable apple HFS and HFSPLUS as module |
ba2f1a67 | 142 | |
043808ec | 143 | enable it as requested by users |
ba2f1a67 FG |
144 | |
145 | - enable CONFIG_BCACHE=m (requested by user) | |
146 | ||
147 | - enable CONFIG_BRIDGE=y | |
148 | ||
149 | Else we get warnings on boot, that | |
150 | net.bridge.bridge-nf-call-iptables is an unknown key | |
151 | ||
152 | - enable CONFIG_DEFAULT_SECURITY_APPARMOR | |
153 | ||
154 | We need this for lxc | |
44403fcc | 155 | |
ba2f1a67 FG |
156 | - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y |
157 | ||
158 | because if not set, it can give some dynamic memory or cpu frequencies | |
159 | change, and vms can crash (mainly windows guest). | |
160 | ||
161 | see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 | |
162 | ||
163 | - use 'deadline' as default scheduler | |
164 | ||
165 | This is the suggested setting for KVM. We also measure bad fsync | |
166 | performance with ext4 and cfq. | |
167 | ||
168 | - disable CONFIG_INPUT_EVBUG | |
169 | ||
170 | Module evbug is not blacklisted on debian, so we simply disable it | |
171 | to avoid key-event logs (which is a big security problem) | |
172 | ||
44403fcc FG |
173 | - enable CONFIG_MODVERSIONS (needed for ABI tracking) |
174 | ||
175 | - switch default UNWINDER to FRAME_POINTER | |
ba2f1a67 | 176 | |
44403fcc | 177 | the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS |
ba2f1a67 | 178 | |
44403fcc | 179 | - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation) |