X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=README;h=6c426c0f5013d0dc86ce04b9744efc2fb99728c0;hb=2c3b526416be2bf34f214c82a0c68213670251f5;hp=2098c51f63e7553eb92ab9b7c6acbf1a34119291;hpb=ba2f1a676e5a2901a9d0108440bcf1516cbcdbb8;p=pve-kernel.git diff --git a/README b/README index 2098c51..6c426c0 100644 --- a/README +++ b/README @@ -3,7 +3,7 @@ KERNEL SOURCE: We currently use the Ubuntu kernel sources, available from: - http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/ + http://kernel.ubuntu.com/git/ubuntu/ubuntu-hirsute.git/ Ubuntu will maintain those kernels till: @@ -13,60 +13,82 @@ Ubuntu will maintain those kernels till: Additional/Updated Modules: --------------------------- -- include latest e1000e driver from intel/sourceforge +- include native OpenZFS filesystem kernel modules for Linux -- include latest ixgbe driver from intel/sourceforge + * https://github.com/zfsonlinux/ - - include latest igb driver from intel/sourceforge + For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ -# Note: hpsa does not compile with kernel 3.19.8 -#- include latest HPSA driver (HP Smart Array) -# -# * http://sourceforge.net/projects/cciss/ -- include native OpenZFS filesystem kernel modules for Linux +SUBMODULE +========= - * https://github.com/zfsonlinux/ +We track the current upstream repository as submodule. Besides obvious +advantages over tracking binary tar archives this also has some implications. - For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ +For building the submodule directory gets copied into build/ and a few patches +get applied with the `patch` tool. From a git point-of-view, the copied +directory remains clean even with extra patches applied since it does not +contain a .git directory, but a reference to the (still pristine) submodule: -- include latest DRBD 9 driver, see http://drbd.linbit.com/home/what-is-drbd/ +$ cat build/ubuntu-hirsute/.git +If you mistakenly cloned the upstream repo as "normal" clone (not via the +submodule mechanics) this means that you have a real .git directory with its +independent objects and tracking info when copying for building, thus git +operates on the copied directory - and "sees" that it was dirtied by `patch`, +and thus the kernel buildsystem sees this too and will add a '+' to the version +as a result. This changes the output directories for modules and other build +artefacts and let's then the build fail on packaging. -FIRMWARE: -========= +So always ensure that you really checked it out as submodule, not as full +"normal" clone. You can also explicitly set the LOCALVERSION variable to +undefined with: `export LOCALVERSION= but that should only be done for test +builds. + +RELATED PACKAGES: +================= + +proxmox-ve +---------- + +top level meta package, depends on current default kernel series meta package. + +git clone git://git.proxmox.com/git/proxmox-ve.git -We create our own firmware package, which includes the firmware for -all proxmox-ve kernels. So far this include +pve-kernel-meta +--------------- -pve-kernel-2.6.18 -pve-kernel-2.6.24 -pve-kernel-2.6.32 -pve-kernel-3.10.0 -pve-kernel-3.19.0 +depends on latest kernel and header package within a certain kernel series, +e.g., pve-kernel-4.15 / pve-headers-4.15 -We use 'find-firmware.pl' to extract lists of required firmeware -files. The script 'assemble-firmware.pl' is used to read those lists -and copy the files from various source directory into a target -directory. +git clone git://git.proxmox.com/git/pve-kernel-meta.git -We do not include firmeware for some wireless HW when there is a -separate debian package for that, for example: +pve-firmware +------------ -zd1211-firmware -atmel-firmware -bluez-firmware +contains the firmware for all released PVE kernels. +git clone git://git.proxmox.com/git/pve-firmware.git -PATCHES: --------- - bridge-patch.diff: Avoid bridge problems with changing MAC - see also: http://forum.openvz.org/index.php?t=msg&th=5291 +NOTES: +====== - Behaviour after 2.6.27 has changed slighly - after setting mac address - of bridge device, then address won't change. So we could omit - that patch, requiring to set hwaddress in /etc/network/interfaces. +ABI versions, package versions and package name: +------------------------------------------------ + +We follow debian's versioning w.r.t ABI changes: + +https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html +https://wiki.debian.org/DebianKernelABIChanges + +The debian/rules file has a target comparing the build kernel's ABI against the +version stored in the repository and indicates when an ABI bump is necessary. +An ABI bump within one upstream version consists of incrementing the KREL +variable in the Makefile, rebuilding the packages and running 'make abiupdate' +(the 'abiupdate' target in 'Makefile' contains the steps for consistently +updating the repository). Watchdog blacklist ------------------ @@ -76,18 +98,36 @@ which device is actually used for /dev/watchdog. We ship this list in /lib/modprobe.d/blacklist_pve-kernel-.conf The user typically edit /etc/modules to enable a specific watchdog device. +Debug kernel and modules +------------------------ + +In order to build a -dbgsym package containing an unstripped copy of the kernel +image and modules, enable the 'pkg.pve-kernel.debug' build profile (e.g. by +exporting DEB_BUILD_PROFILES='pkg.pve-kernel.debug'). The resulting package can +be used together with 'crash'/'kdump-tools' to debug kernel crashes. + +Note: the -dbgsym package is only valid for the pve-kernel packages produced by +the same build. A kernel/module from a different build will likely not match, +even if both builds are of the same kernel and package version. + Additional information ---------------------- We use the default configuration provided by Ubuntu, and apply -the following modification: +the following modifications: -see Makefile (PVE_CONFIG_OPTS) +NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS) + +- enable INTEL_MEI_WDT=m (to allow disabling via patch) + +- disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) + +- switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS - enable CONFIG_CEPH_FS=m (request from user) - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection - problems (udev, undate-initramfs have serious problems without that) + problems (udev, update-initramfs have serious problems without that) CONFIG_BLK_DEV_SD=y CONFIG_BLK_DEV_SR=y @@ -102,20 +142,13 @@ see Makefile (PVE_CONFIG_OPTS) CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_RBD=m -- set LOOP_MIN_COUNT to 8 (debian defaults) - CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +- enable IBM JFS file system as module -- disable module signatures (CONFIG_MODULE_SIG) - -- enable IBM JFS file system + enable it as requested by users (bug #64) - This is disabled in RHEL kernel for no real reason, so we enable - it as requested by users (bug #64) +- enable apple HFS and HFSPLUS as module -- enable apple HFS and HFSPLUS - - This is disabled in RHEL kernel for no real reason, so we enable - it as requested by users + enable it as requested by users - enable CONFIG_BCACHE=m (requested by user) @@ -127,7 +160,7 @@ see Makefile (PVE_CONFIG_OPTS) - enable CONFIG_DEFAULT_SECURITY_APPARMOR We need this for lxc - + - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y because if not set, it can give some dynamic memory or cpu frequencies @@ -145,8 +178,10 @@ see Makefile (PVE_CONFIG_OPTS) Module evbug is not blacklisted on debian, so we simply disable it to avoid key-event logs (which is a big security problem) -Testing final kernel with kvm ------------------------------ +- enable CONFIG_MODVERSIONS (needed for ABI tracking) + +- switch default UNWINDER to FRAME_POINTER -kvm -kernel data/boot/vmlinuz-3.19.8-1-pve -initrd initrd.img-3.19.8-1-pve -append "vga=791 video=vesafb:ywrap,mtrr" /dev/zero + the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS +- enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)