]>
Commit | Line | Data |
---|---|---|
1 | KERNEL SOURCE: | |
2 | ============== | |
3 | ||
4 | We currently use the Ubuntu kernel sources, available from: | |
5 | ||
6 | http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/ | |
7 | ||
8 | Ubuntu will maintain those kernels till: | |
9 | ||
10 | https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable | |
11 | ||
12 | ||
13 | Additional/Updated Modules: | |
14 | --------------------------- | |
15 | ||
16 | - include latest e1000e driver from intel/sourceforge | |
17 | ||
18 | - include latest igb driver from intel/sourceforge | |
19 | ||
20 | - include native OpenZFS filesystem kernel modules for Linux | |
21 | ||
22 | * https://github.com/zfsonlinux/ | |
23 | ||
24 | For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ | |
25 | ||
26 | ||
27 | SUBMODULE | |
28 | ========= | |
29 | ||
30 | We track the current upstream repository as submodule. Besides obvious | |
31 | advantages over tracking binary tar archives this also has some implications. | |
32 | ||
33 | For building the submodule directory gets copied into build/ and a few patches | |
34 | get applied with the `patch` tool. From a git point-of-view, the copied | |
35 | directory remains clean even with extra patches applied since it does not | |
36 | contain a .git directory, but a reference to the (still pristine) submodule: | |
37 | ||
38 | $ cat build/ubuntu-bionic/.git | |
39 | ||
40 | If you mistakenly cloned the upstream repo as "normal" clone (not via the | |
41 | submodule mechanics) this means that you have a real .git directory with its | |
42 | independent objects and tracking info when copying for building, thus git | |
43 | operates on the copied directory - and "sees" that it was dirtied by `patch`, | |
44 | and thus the kernel buildsystem sees this too and will add a '+' to the version | |
45 | as a result. This changes the output directories for modules and other build | |
46 | artefacts and let's then the build fail on packaging. | |
47 | ||
48 | So always ensure that you really checked it out as submodule, not as full | |
49 | "normal" clone. You can also explicitly set the LOCALVERSION variable to | |
50 | undefined with: `export LOCALVERSION= but that should only be done for test | |
51 | builds. | |
52 | ||
53 | RELATED PACKAGES: | |
54 | ================= | |
55 | ||
56 | proxmox-ve | |
57 | ---------- | |
58 | ||
59 | top level meta package, depends on current default kernel series meta package. | |
60 | ||
61 | git clone git://git.proxmox.com/git/proxmox-ve.git | |
62 | ||
63 | pve-kernel-meta | |
64 | --------------- | |
65 | ||
66 | depends on latest kernel and header package within a certain kernel series, | |
67 | e.g., pve-kernel-4.15 / pve-headers-4.15 | |
68 | ||
69 | git clone git://git.proxmox.com/git/pve-kernel-meta.git | |
70 | ||
71 | pve-firmware | |
72 | ------------ | |
73 | ||
74 | contains the firmware for all released PVE kernels. | |
75 | ||
76 | git clone git://git.proxmox.com/git/pve-firmware.git | |
77 | ||
78 | ||
79 | NOTES: | |
80 | ====== | |
81 | ||
82 | ABI versions, package versions and package name: | |
83 | ------------------------------------------------ | |
84 | ||
85 | We follow debian's versioning w.r.t ABI changes: | |
86 | ||
87 | https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html | |
88 | https://wiki.debian.org/DebianKernelABIChanges | |
89 | ||
90 | The debian/rules file has a target comparing the build kernel's ABI against the | |
91 | version stored in the repository and indicates when an ABI bump is necessary. | |
92 | An ABI bump within one upstream version consists of incrementing the KREL | |
93 | variable in the Makefile, rebuilding the packages and running 'make abiupdate' | |
94 | (the 'abiupdate' target in 'Makefile' contains the steps for consistently | |
95 | updating the repository). | |
96 | ||
97 | Watchdog blacklist | |
98 | ------------------ | |
99 | ||
100 | By default, all watchdog modules are black-listed because it is totally undefined | |
101 | which device is actually used for /dev/watchdog. | |
102 | We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf | |
103 | The user typically edit /etc/modules to enable a specific watchdog device. | |
104 | ||
105 | Additional information | |
106 | ---------------------- | |
107 | ||
108 | We use the default configuration provided by Ubuntu, and apply | |
109 | the following modifications: | |
110 | ||
111 | NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS) | |
112 | ||
113 | - enable INTEL_MEI_WDT=m (to allow disabling via patch) | |
114 | ||
115 | - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) | |
116 | ||
117 | - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS | |
118 | ||
119 | - enable CONFIG_CEPH_FS=m (request from user) | |
120 | ||
121 | - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection | |
122 | problems (udev, update-initramfs have serious problems without that) | |
123 | ||
124 | CONFIG_BLK_DEV_SD=y | |
125 | CONFIG_BLK_DEV_SR=y | |
126 | CONFIG_BLK_DEV_DM=y | |
127 | ||
128 | - add workaround for Debian bug #807000 (see | |
129 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) | |
130 | ||
131 | CONFIG_BLK_DEV_NVME=y | |
132 | ||
133 | - compile NBD and RBD modules | |
134 | CONFIG_BLK_DEV_NBD=m | |
135 | CONFIG_BLK_DEV_RBD=m | |
136 | ||
137 | - enable IBM JFS file system as module | |
138 | ||
139 | enable it as requested by users (bug #64) | |
140 | ||
141 | - enable apple HFS and HFSPLUS as module | |
142 | ||
143 | enable it as requested by users | |
144 | ||
145 | - enable CONFIG_BCACHE=m (requested by user) | |
146 | ||
147 | - enable CONFIG_BRIDGE=y | |
148 | ||
149 | Else we get warnings on boot, that | |
150 | net.bridge.bridge-nf-call-iptables is an unknown key | |
151 | ||
152 | - enable CONFIG_DEFAULT_SECURITY_APPARMOR | |
153 | ||
154 | We need this for lxc | |
155 | ||
156 | - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y | |
157 | ||
158 | because if not set, it can give some dynamic memory or cpu frequencies | |
159 | change, and vms can crash (mainly windows guest). | |
160 | ||
161 | see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 | |
162 | ||
163 | - use 'deadline' as default scheduler | |
164 | ||
165 | This is the suggested setting for KVM. We also measure bad fsync | |
166 | performance with ext4 and cfq. | |
167 | ||
168 | - disable CONFIG_INPUT_EVBUG | |
169 | ||
170 | Module evbug is not blacklisted on debian, so we simply disable it | |
171 | to avoid key-event logs (which is a big security problem) | |
172 | ||
173 | - enable CONFIG_MODVERSIONS (needed for ABI tracking) | |
174 | ||
175 | - switch default UNWINDER to FRAME_POINTER | |
176 | ||
177 | the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS | |
178 | ||
179 | - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation) |