4 We currently use the Ubuntu kernel sources, available from:
6 http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/
8 Ubuntu will maintain those kernels till:
10 https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
13 Additional/Updated Modules:
14 ---------------------------
16 - include latest e1000e driver from intel/sourceforge
18 - include latest ixgbe driver from intel/sourceforge
20 - include latest igb driver from intel/sourceforge
22 - include native OpenZFS filesystem kernel modules for Linux
24 * https://github.com/zfsonlinux/
26 For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
35 top level meta package, depends on current default kernel series meta package.
37 git clone git://git.proxmox.com/git/proxmox-ve.git
42 depends on latest kernel and header package within a certain kernel series,
43 e.g., pve-kernel-4.15 / pve-headers-4.15
45 git clone git://git.proxmox.com/git/pve-kernel-meta.git
50 contains the firmware for all released PVE kernels.
52 git clone git://git.proxmox.com/git/pve-firmware.git
58 ABI versions, package versions and package name:
59 ------------------------------------------------
61 We follow debian's versioning w.r.t ABI changes:
63 https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html
64 https://wiki.debian.org/DebianKernelABIChanges
66 The debian/rules file has a target comparing the build kernel's ABI against the
67 version stored in the repository and indicates when an ABI bump is necessary.
68 An ABI bump within one upstream version consists of incrementing the KREL
69 variable in the Makefile, rebuilding the packages and running 'make abiupdate'
70 (the 'abiupdate' target in 'Makefile' contains the steps for consistently
71 updating the repository).
76 By default, all watchdog modules are black-listed because it is totally undefined
77 which device is actually used for /dev/watchdog.
78 We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
79 The user typically edit /etc/modules to enable a specific watchdog device.
81 Additional information
82 ----------------------
84 We use the default configuration provided by Ubuntu, and apply
85 the following modifications:
87 see debian/rules (PVE_CONFIG_OPTS)
89 - enable INTEL_MEI_WDT=m (to allow disabling via patch)
91 - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed)
93 - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS
95 - enable CONFIG_CEPH_FS=m (request from user)
97 - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
98 problems (udev, update-initramfs have serious problems without that)
104 - add workaround for Debian bug #807000 (see
105 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000)
107 CONFIG_BLK_DEV_NVME=y
109 - compile NBD and RBD modules
113 - set LOOP_MIN_COUNT to 8 (debian defaults)
114 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
116 - disable module signatures (CONFIG_MODULE_SIG)
118 - enable IBM JFS file system
120 This is disabled in RHEL kernel for no real reason, so we enable
121 it as requested by users (bug #64)
123 - enable apple HFS and HFSPLUS
125 This is disabled in RHEL kernel for no real reason, so we enable
126 it as requested by users
128 - enable CONFIG_BCACHE=m (requested by user)
130 - enable CONFIG_BRIDGE=y
132 Else we get warnings on boot, that
133 net.bridge.bridge-nf-call-iptables is an unknown key
135 - enable CONFIG_DEFAULT_SECURITY_APPARMOR
139 - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
141 because if not set, it can give some dynamic memory or cpu frequencies
142 change, and vms can crash (mainly windows guest).
144 see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273
146 - use 'deadline' as default scheduler
148 This is the suggested setting for KVM. We also measure bad fsync
149 performance with ext4 and cfq.
151 - disable CONFIG_INPUT_EVBUG
153 Module evbug is not blacklisted on debian, so we simply disable it
154 to avoid key-event logs (which is a big security problem)
156 - enable CONFIG_MODVERSIONS (needed for ABI tracking)
158 - switch default UNWINDER to FRAME_POINTER
160 the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS
162 - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)