]>
Commit | Line | Data |
---|---|---|
ba2f1a67 FG |
1 | KERNEL SOURCE: |
2 | ============== | |
3 | ||
4 | We currently use the Ubuntu kernel sources, available from: | |
5 | ||
1e99f45b | 6 | http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/ |
ba2f1a67 FG |
7 | |
8 | Ubuntu will maintain those kernels till: | |
9 | ||
10 | https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable | |
11 | ||
12 | ||
13 | Additional/Updated Modules: | |
14 | --------------------------- | |
15 | ||
16 | - include latest e1000e driver from intel/sourceforge | |
17 | ||
18 | - include latest ixgbe driver from intel/sourceforge | |
19 | ||
44403fcc | 20 | - include latest igb driver from intel/sourceforge |
ba2f1a67 FG |
21 | |
22 | - include native OpenZFS filesystem kernel modules for Linux | |
23 | ||
24 | * https://github.com/zfsonlinux/ | |
25 | ||
26 | For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ | |
27 | ||
ba2f1a67 | 28 | |
44403fcc FG |
29 | RELATED PACKAGES: |
30 | ================= | |
31 | ||
32 | proxmox-ve | |
33 | ---------- | |
ba2f1a67 | 34 | |
44403fcc | 35 | top level meta package, depends on current default kernel series meta package. |
ba2f1a67 | 36 | |
44403fcc | 37 | git clone git://git.proxmox.com/git/proxmox-ve.git |
ba2f1a67 | 38 | |
44403fcc FG |
39 | pve-kernel-meta |
40 | --------------- | |
ba2f1a67 | 41 | |
44403fcc | 42 | depends on latest kernel and header package within a certain kernel series, |
1e99f45b | 43 | e.g., pve-kernel-4.15 / pve-headers-4.15 |
ba2f1a67 | 44 | |
44403fcc | 45 | git clone git://git.proxmox.com/git/pve-kernel-meta.git |
ba2f1a67 | 46 | |
44403fcc FG |
47 | pve-firmware |
48 | ------------ | |
ba2f1a67 | 49 | |
44403fcc | 50 | contains the firmware for all released PVE kernels. |
ba2f1a67 | 51 | |
44403fcc | 52 | git clone git://git.proxmox.com/git/pve-firmware.git |
ba2f1a67 | 53 | |
ba2f1a67 | 54 | |
44403fcc FG |
55 | NOTES: |
56 | ====== | |
ba2f1a67 | 57 | |
8b4e1fa9 SI |
58 | ABI versions, package versions and package name: |
59 | ------------------------------------------------ | |
60 | ||
61 | We follow debian's versioning w.r.t ABI changes: | |
62 | ||
63 | https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html | |
64 | https://wiki.debian.org/DebianKernelABIChanges | |
65 | ||
66 | The debian/rules file has a target comparing the build kernel's ABI against the | |
67 | version stored in the repository and indicates when an ABI bump is necessary. | |
68 | An ABI bump within one upstream version consists of incrementing the KREL | |
69 | variable in the Makefile, rebuilding the packages and running 'make abiupdate' | |
70 | (the 'abiupdate' target in 'Makefile' contains the steps for consistently | |
71 | updating the repository). | |
72 | ||
ba2f1a67 FG |
73 | Watchdog blacklist |
74 | ------------------ | |
75 | ||
76 | By default, all watchdog modules are black-listed because it is totally undefined | |
77 | which device is actually used for /dev/watchdog. | |
78 | We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf | |
79 | The user typically edit /etc/modules to enable a specific watchdog device. | |
80 | ||
81 | Additional information | |
82 | ---------------------- | |
83 | ||
84 | We use the default configuration provided by Ubuntu, and apply | |
44403fcc FG |
85 | the following modifications: |
86 | ||
87 | see debian/rules (PVE_CONFIG_OPTS) | |
88 | ||
89 | - enable INTEL_MEI_WDT=m (to allow disabling via patch) | |
ba2f1a67 | 90 | |
44403fcc FG |
91 | - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) |
92 | ||
93 | - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS | |
ba2f1a67 FG |
94 | |
95 | - enable CONFIG_CEPH_FS=m (request from user) | |
96 | ||
97 | - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection | |
0b82622c | 98 | problems (udev, update-initramfs have serious problems without that) |
ba2f1a67 FG |
99 | |
100 | CONFIG_BLK_DEV_SD=y | |
101 | CONFIG_BLK_DEV_SR=y | |
102 | CONFIG_BLK_DEV_DM=y | |
103 | ||
104 | - add workaround for Debian bug #807000 (see | |
105 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) | |
106 | ||
107 | CONFIG_BLK_DEV_NVME=y | |
108 | ||
109 | - compile NBD and RBD modules | |
110 | CONFIG_BLK_DEV_NBD=m | |
111 | CONFIG_BLK_DEV_RBD=m | |
112 | ||
113 | - set LOOP_MIN_COUNT to 8 (debian defaults) | |
114 | CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 | |
115 | ||
116 | - disable module signatures (CONFIG_MODULE_SIG) | |
44403fcc FG |
117 | |
118 | - enable IBM JFS file system | |
ba2f1a67 FG |
119 | |
120 | This is disabled in RHEL kernel for no real reason, so we enable | |
121 | it as requested by users (bug #64) | |
122 | ||
123 | - enable apple HFS and HFSPLUS | |
124 | ||
125 | This is disabled in RHEL kernel for no real reason, so we enable | |
126 | it as requested by users | |
127 | ||
128 | - enable CONFIG_BCACHE=m (requested by user) | |
129 | ||
130 | - enable CONFIG_BRIDGE=y | |
131 | ||
132 | Else we get warnings on boot, that | |
133 | net.bridge.bridge-nf-call-iptables is an unknown key | |
134 | ||
135 | - enable CONFIG_DEFAULT_SECURITY_APPARMOR | |
136 | ||
137 | We need this for lxc | |
44403fcc | 138 | |
ba2f1a67 FG |
139 | - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y |
140 | ||
141 | because if not set, it can give some dynamic memory or cpu frequencies | |
142 | change, and vms can crash (mainly windows guest). | |
143 | ||
144 | see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 | |
145 | ||
146 | - use 'deadline' as default scheduler | |
147 | ||
148 | This is the suggested setting for KVM. We also measure bad fsync | |
149 | performance with ext4 and cfq. | |
150 | ||
151 | - disable CONFIG_INPUT_EVBUG | |
152 | ||
153 | Module evbug is not blacklisted on debian, so we simply disable it | |
154 | to avoid key-event logs (which is a big security problem) | |
155 | ||
44403fcc FG |
156 | - enable CONFIG_MODVERSIONS (needed for ABI tracking) |
157 | ||
158 | - switch default UNWINDER to FRAME_POINTER | |
ba2f1a67 | 159 | |
44403fcc | 160 | the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS |
ba2f1a67 | 161 | |
44403fcc | 162 | - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation) |