projects / pve-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| ba2f1a67 FG |
1 | KERNEL SOURCE: |
| 2 | ============== | |
| 3 | ||
| 4 | We currently use the Ubuntu kernel sources, available from: | |
| 5 | ||
| 1e99f45b | 6 | http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/ |
| ba2f1a67 FG |
7 | |
| 8 | Ubuntu will maintain those kernels till: | |
| 9 | ||
| 10 | https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable | |
| 11 | ||
| 12 | ||
| 13 | Additional/Updated Modules: | |
| 14 | --------------------------- | |
| 15 | ||
| 16 | - include latest e1000e driver from intel/sourceforge | |
| 17 | ||
| 18 | - include latest ixgbe driver from intel/sourceforge | |
| 19 | ||
| 44403fcc | 20 | - include latest igb driver from intel/sourceforge |
| ba2f1a67 FG |
21 | |
| 22 | - include native OpenZFS filesystem kernel modules for Linux | |
| 23 | ||
| 24 | * https://github.com/zfsonlinux/ | |
| 25 | ||
| 26 | For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ | |
| 27 | ||
| ba2f1a67 | 28 | |
| 44403fcc FG |
29 | RELATED PACKAGES: |
| 30 | ================= | |
| 31 | ||
| 32 | proxmox-ve | |
| 33 | ---------- | |
| ba2f1a67 | 34 | |
| 44403fcc | 35 | top level meta package, depends on current default kernel series meta package. |
| ba2f1a67 | 36 | |
| 44403fcc | 37 | git clone git://git.proxmox.com/git/proxmox-ve.git |
| ba2f1a67 | 38 | |
| 44403fcc FG |
39 | pve-kernel-meta |
| 40 | --------------- | |
| ba2f1a67 | 41 | |
| 44403fcc | 42 | depends on latest kernel and header package within a certain kernel series, |
| 1e99f45b | 43 | e.g., pve-kernel-4.15 / pve-headers-4.15 |
| ba2f1a67 | 44 | |
| 44403fcc | 45 | git clone git://git.proxmox.com/git/pve-kernel-meta.git |
| ba2f1a67 | 46 | |
| 44403fcc FG |
47 | pve-firmware |
| 48 | ------------ | |
| ba2f1a67 | 49 | |
| 44403fcc | 50 | contains the firmware for all released PVE kernels. |
| ba2f1a67 | 51 | |
| 44403fcc | 52 | git clone git://git.proxmox.com/git/pve-firmware.git |
| ba2f1a67 | 53 | |
| ba2f1a67 | 54 | |
| 44403fcc FG |
55 | NOTES: |
| 56 | ====== | |
| ba2f1a67 FG |
57 | |
| 58 | Watchdog blacklist | |
| 59 | ------------------ | |
| 60 | ||
| 61 | By default, all watchdog modules are black-listed because it is totally undefined | |
| 62 | which device is actually used for /dev/watchdog. | |
| 63 | We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf | |
| 64 | The user typically edit /etc/modules to enable a specific watchdog device. | |
| 65 | ||
| 66 | Additional information | |
| 67 | ---------------------- | |
| 68 | ||
| 69 | We use the default configuration provided by Ubuntu, and apply | |
| 44403fcc FG |
70 | the following modifications: |
| 71 | ||
| 72 | see debian/rules (PVE_CONFIG_OPTS) | |
| 73 | ||
| 74 | - enable INTEL_MEI_WDT=m (to allow disabling via patch) | |
| ba2f1a67 | 75 | |
| 44403fcc FG |
76 | - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) |
| 77 | ||
| 78 | - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS | |
| ba2f1a67 FG |
79 | |
| 80 | - enable CONFIG_CEPH_FS=m (request from user) | |
| 81 | ||
| 82 | - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection | |
| 83 | problems (udev, undate-initramfs have serious problems without that) | |
| 84 | ||
| 85 | CONFIG_BLK_DEV_SD=y | |
| 86 | CONFIG_BLK_DEV_SR=y | |
| 87 | CONFIG_BLK_DEV_DM=y | |
| 88 | ||
| 89 | - add workaround for Debian bug #807000 (see | |
| 90 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) | |
| 91 | ||
| 92 | CONFIG_BLK_DEV_NVME=y | |
| 93 | ||
| 94 | - compile NBD and RBD modules | |
| 95 | CONFIG_BLK_DEV_NBD=m | |
| 96 | CONFIG_BLK_DEV_RBD=m | |
| 97 | ||
| 98 | - set LOOP_MIN_COUNT to 8 (debian defaults) | |
| 99 | CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 | |
| 100 | ||
| 101 | - disable module signatures (CONFIG_MODULE_SIG) | |
| 44403fcc FG |
102 | |
| 103 | - enable IBM JFS file system | |
| ba2f1a67 FG |
104 | |
| 105 | This is disabled in RHEL kernel for no real reason, so we enable | |
| 106 | it as requested by users (bug #64) | |
| 107 | ||
| 108 | - enable apple HFS and HFSPLUS | |
| 109 | ||
| 110 | This is disabled in RHEL kernel for no real reason, so we enable | |
| 111 | it as requested by users | |
| 112 | ||
| 113 | - enable CONFIG_BCACHE=m (requested by user) | |
| 114 | ||
| 115 | - enable CONFIG_BRIDGE=y | |
| 116 | ||
| 117 | Else we get warnings on boot, that | |
| 118 | net.bridge.bridge-nf-call-iptables is an unknown key | |
| 119 | ||
| 120 | - enable CONFIG_DEFAULT_SECURITY_APPARMOR | |
| 121 | ||
| 122 | We need this for lxc | |
| 44403fcc | 123 | |
| ba2f1a67 FG |
124 | - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y |
| 125 | ||
| 126 | because if not set, it can give some dynamic memory or cpu frequencies | |
| 127 | change, and vms can crash (mainly windows guest). | |
| 128 | ||
| 129 | see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 | |
| 130 | ||
| 131 | - use 'deadline' as default scheduler | |
| 132 | ||
| 133 | This is the suggested setting for KVM. We also measure bad fsync | |
| 134 | performance with ext4 and cfq. | |
| 135 | ||
| 136 | - disable CONFIG_INPUT_EVBUG | |
| 137 | ||
| 138 | Module evbug is not blacklisted on debian, so we simply disable it | |
| 139 | to avoid key-event logs (which is a big security problem) | |
| 140 | ||
| 44403fcc FG |
141 | - enable CONFIG_MODVERSIONS (needed for ABI tracking) |
| 142 | ||
| 143 | - switch default UNWINDER to FRAME_POINTER | |
| ba2f1a67 | 144 | |
| 44403fcc | 145 | the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS |
| ba2f1a67 | 146 | |
| 44403fcc | 147 | - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation) |