PVE linux kernel for ThunderX CPU
proxmox-ve | ||
submodules | ||
.gitignore | ||
.gitmodules | ||
0001-block-fix-bio_will_gap-for-first-bvec-with-offset.patch | ||
0001-netfilter-nft_set_rbtree-handle-re-addition-element-.patch | ||
abi-blacklist | ||
abi-check | ||
abi-previous | ||
bridge-patch.diff | ||
ceph-scheduler-fix.patch | ||
cgroup-cpuset-add-cpuset.remap_cpus.patch | ||
changelog.Debian | ||
control.in | ||
control.tools | ||
copyright | ||
CVE-2017-7482-rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch | ||
CVE-2017-10810-drm-virtio-don-t-leak-bo-on-drm_gem_object_init-fail.patch | ||
CVE-2017-1000364-mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-holes-i.patch | ||
CVE-2017-1000364-mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch | ||
CVE-2017-1000365-fs-exec.c-account-for-argv-envp-pointers.patch | ||
e1000e-3.3.5.3.tar.gz | ||
e1000e_4.10_compat.patch | ||
e1000e_4.10_max-mtu.patch | ||
find-firmware.pl | ||
fwlist-previous | ||
headers-control.in | ||
headers-postinst.in | ||
igb-5.3.5.4.tar.gz | ||
igb_4.9_compat.patch | ||
igb_4.10_compat.patch | ||
igb_4.10_max-mtu.patch | ||
intel-module-gcc6-compat.patch | ||
ixgbe-5.0.4.tar.gz | ||
ixgbe_4.10_compat.patch | ||
ixgbe_4.10_max-mtu.patch | ||
kvm-dynamic-halt-polling-disable-default.patch | ||
Makefile | ||
override_for_missing_acs_capabilities.patch | ||
postinst.in | ||
postrm.in | ||
prerm.in | ||
README | ||
uname-version-timestamp.patch |
KERNEL SOURCE: ============== We currently use the Ubuntu kernel sources, available from: http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/ Ubuntu will maintain those kernels till: https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Additional/Updated Modules: --------------------------- - include latest e1000e driver from intel/sourceforge - include latest ixgbe driver from intel/sourceforge - include latest igb driver from intel/sourceforge # Note: hpsa does not compile with kernel 3.19.8 #- include latest HPSA driver (HP Smart Array) # # * http://sourceforge.net/projects/cciss/ - include native OpenZFS filesystem kernel modules for Linux * https://github.com/zfsonlinux/ For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ - include latest DRBD 9 driver, see http://drbd.linbit.com/home/what-is-drbd/ FIRMWARE: ========= We create our own firmware package, which includes the firmware for all proxmox-ve kernels. So far this include pve-kernel-2.6.18 pve-kernel-2.6.24 pve-kernel-2.6.32 pve-kernel-3.10.0 pve-kernel-3.19.0 We use 'find-firmware.pl' to extract lists of required firmeware files. The script 'assemble-firmware.pl' is used to read those lists and copy the files from various source directory into a target directory. We do not include firmeware for some wireless HW when there is a separate debian package for that, for example: zd1211-firmware atmel-firmware bluez-firmware PATCHES: -------- bridge-patch.diff: Avoid bridge problems with changing MAC see also: http://forum.openvz.org/index.php?t=msg&th=5291 Behaviour after 2.6.27 has changed slighly - after setting mac address of bridge device, then address won't change. So we could omit that patch, requiring to set hwaddress in /etc/network/interfaces. Watchdog blacklist ------------------ By default, all watchdog modules are black-listed because it is totally undefined which device is actually used for /dev/watchdog. We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf The user typically edit /etc/modules to enable a specific watchdog device. Additional information ---------------------- We use the default configuration provided by Ubuntu, and apply the following modification: see Makefile (PVE_CONFIG_OPTS) - enable CONFIG_CEPH_FS=m (request from user) - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection problems (udev, undate-initramfs have serious problems without that) CONFIG_BLK_DEV_SD=y CONFIG_BLK_DEV_SR=y CONFIG_BLK_DEV_DM=y - add workaround for Debian bug #807000 (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) CONFIG_BLK_DEV_NVME=y - compile NBD and RBD modules CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_RBD=m - set LOOP_MIN_COUNT to 8 (debian defaults) CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 - disable module signatures (CONFIG_MODULE_SIG) - enable IBM JFS file system This is disabled in RHEL kernel for no real reason, so we enable it as requested by users (bug #64) - enable apple HFS and HFSPLUS This is disabled in RHEL kernel for no real reason, so we enable it as requested by users - enable CONFIG_BCACHE=m (requested by user) - enable CONFIG_BRIDGE=y Else we get warnings on boot, that net.bridge.bridge-nf-call-iptables is an unknown key - enable CONFIG_DEFAULT_SECURITY_APPARMOR We need this for lxc - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y because if not set, it can give some dynamic memory or cpu frequencies change, and vms can crash (mainly windows guest). see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 - use 'deadline' as default scheduler This is the suggested setting for KVM. We also measure bad fsync performance with ext4 and cfq. - disable CONFIG_INPUT_EVBUG Module evbug is not blacklisted on debian, so we simply disable it to avoid key-event logs (which is a big security problem) Testing final kernel with kvm ----------------------------- kvm -kernel data/boot/vmlinuz-3.19.8-1-pve -initrd initrd.img-3.19.8-1-pve -append "vga=791 video=vesafb:ywrap,mtrr" /dev/zero