README

   1 KERNEL SOURCE:
   2 ==============
   3
   4 We currently use the Ubuntu kernel sources, available from:
   5
   6  http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/
   7
   8 Ubuntu will maintain those kernels till:
   9
  10  https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
  11
  12
  13 Additional/Updated Modules:
  14 ---------------------------
  15
  16 - include latest e1000e driver from intel/sourceforge
  17
  18 - include latest igb driver from intel/sourceforge
  19
  20 - include native OpenZFS filesystem kernel modules for Linux
  21
  22   * https://github.com/zfsonlinux/
  23
  24   For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
  25
  26
  27 RELATED PACKAGES:
  28 =================
  29
  30 proxmox-ve
  31 ----------
  32
  33 top level meta package, depends on current default kernel series meta package.
  34
  35 git clone git://git.proxmox.com/git/proxmox-ve.git
  36
  37 pve-kernel-meta
  38 ---------------
  39
  40 depends on latest kernel and header package within a certain kernel series,
  41 e.g., pve-kernel-4.15 / pve-headers-4.15
  42
  43 git clone git://git.proxmox.com/git/pve-kernel-meta.git
  44
  45 pve-firmware
  46 ------------
  47
  48 contains the firmware for all released PVE kernels.
  49
  50 git clone git://git.proxmox.com/git/pve-firmware.git
  51
  52
  53 NOTES:
  54 ======
  55
  56 ABI versions, package versions and package name:
  57 ------------------------------------------------
  58
  59 We follow debian's versioning w.r.t ABI changes:
  60
  61 https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html
  62 https://wiki.debian.org/DebianKernelABIChanges
  63
  64 The debian/rules file has a target comparing the build kernel's ABI against the
  65 version stored in the repository and indicates when an ABI bump is necessary.
  66 An ABI bump within one upstream version consists of incrementing the KREL
  67 variable in the Makefile, rebuilding the packages and running 'make abiupdate'
  68 (the 'abiupdate' target in 'Makefile' contains the steps for consistently
  69 updating the repository).
  70
  71 Watchdog blacklist
  72 ------------------
  73
  74 By default, all watchdog modules are black-listed because it is totally undefined
  75 which device is actually used for /dev/watchdog.
  76 We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
  77 The user typically edit /etc/modules to enable a specific watchdog device.
  78
  79 Additional information
  80 ----------------------
  81
  82 We use the default configuration provided by Ubuntu, and apply
  83 the following modifications:
  84
  85 NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS)
  86
  87 - enable INTEL_MEI_WDT=m (to allow disabling via patch)
  88
  89 - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed)
  90
  91 - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS
  92
  93 - enable CONFIG_CEPH_FS=m (request from user)
  94
  95 - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
  96   problems (udev, update-initramfs have serious problems without that)
  97
  98          CONFIG_BLK_DEV_SD=y
  99          CONFIG_BLK_DEV_SR=y
 100          CONFIG_BLK_DEV_DM=y
 101
 102 - add workaround for Debian bug #807000 (see
 103   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000)
 104
 105          CONFIG_BLK_DEV_NVME=y
 106
 107 - compile NBD and RBD modules
 108          CONFIG_BLK_DEV_NBD=m
 109          CONFIG_BLK_DEV_RBD=m
 110
 111 - enable IBM JFS file system as module
 112
 113   enable it as requested by users (bug #64)
 114
 115 - enable apple HFS and HFSPLUS as module
 116
 117   enable it as requested by users
 118
 119 - enable CONFIG_BCACHE=m (requested by user)
 120
 121 - enable CONFIG_BRIDGE=y
 122
 123   Else we get warnings on boot, that
 124   net.bridge.bridge-nf-call-iptables is an unknown key
 125
 126 - enable CONFIG_DEFAULT_SECURITY_APPARMOR
 127
 128   We need this for lxc
 129
 130 - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
 131
 132   because if not set, it can give some dynamic memory or cpu frequencies
 133   change, and vms can crash (mainly windows guest).
 134
 135   see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273
 136
 137 - use 'deadline' as default scheduler
 138
 139   This is the suggested setting for KVM. We also measure bad fsync
 140   performance with ext4 and cfq.
 141
 142 - disable CONFIG_INPUT_EVBUG
 143
 144   Module evbug is not blacklisted on debian, so we simply disable it
 145   to avoid key-event logs (which is a big security problem)
 146
 147 - enable CONFIG_MODVERSIONS (needed for ABI tracking)
 148
 149 - switch default UNWINDER to FRAME_POINTER
 150
 151   the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS
 152
 153 - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)