c/pve-kernel-lowlatency-qoup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: c:master
Branches Tags
c:master
c:pve-kernel-5.15
c:bookworm-6.5
c:bullseye-6.2
c:bookworm-6.2
c:wip-secureboot
c:pve-kernel-5.19
c:pve-kernel-5.4
c:pve-kernel-5.13
c:pve-kernel-5.11
c:buster-pve-kernel-5.11
c:pve-kernel-4.15
c:pve-kernel-5.3
c:pve-kernel-5.0
c:pve-kernel-4.13
c:pve-kernel-4.10
..
compare: c:pve-kernel-4.10
Branches Tags
c:master
c:pve-kernel-5.15
c:bookworm-6.5
c:bullseye-6.2
c:bookworm-6.2
c:wip-secureboot
c:pve-kernel-5.19
c:pve-kernel-5.4
c:pve-kernel-5.13
c:pve-kernel-5.11
c:buster-pve-kernel-5.11
c:pve-kernel-4.15
c:pve-kernel-5.3
c:pve-kernel-5.0
c:pve-kernel-4.13
c:pve-kernel-4.10

6 Commits
master ... pve-kernel

Author SHA1 Message Date
Fabian Grünbichler
feca6913f4 bump version to 4.10.17-25, bump ABI to 4.10.17-5-pve 2017-11-06 13:56:31 +01:00
Fabian Grünbichler
751aa23b36 build ZFS icp module 2017-11-06 13:56:31 +01:00
Fabian Grünbichler
ef94c5ecdc update ZFS/SPL module to 0.7.3 2017-11-06 12:40:05 +01:00
Fabian Grünbichler
79bfa1e66d build: rename submodules target to submodule 
(cherry picked from commit a6dd515e43)
 2017-11-06 12:40:05 +01:00
Fabian Grünbichler
1bc507a7ee bump version to 4.10.17-24 2017-10-10 14:40:06 +02:00
Fabian Grünbichler
522a29d09c update sources to Ubuntu-4.10.0-37.41 2017-10-10 14:11:46 +02:00
87 changed files with 25645 additions and 37736 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,3 +1 @@
ubuntu-zesty
*.prepared
.*/

15
.gitmodules vendored
View File

@ -1,6 +1,9 @@
[submodule "submodules/ubuntu-kernel"]
path = submodules/ubuntu-kernel
url = https://dev.lirent.ru/c/mirror_ubuntu-kernels.git
[submodule "submodules/zfsonlinux"]
path = submodules/zfsonlinux
url = https://dev.lirent.ru/c/zfsonlinux.git
[submodule "submodules/ubuntu-zesty"]
path = submodules/ubuntu-zesty
url = ../mirror_ubuntu-zesty-kernel
[submodule "submodules/zfs-module"]
path = submodules/zfs-module
url = ../mirror_zfs-debian
[submodule "submodules/spl-module"]
path = submodules/spl-module
url = ../mirror_spl-debian

51
0001-Revert-net-reduce-skb_warn_bad_offload-noise.patch Normal file
View File

@ -0,0 +1,51 @@
From b776ff7db868804129b9f364825fd4e949a493ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 19 Sep 2017 09:36:43 +0200
Subject: [PATCH] Revert "net: reduce skb_warn_bad_offload() noise"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit b2504a5dbef3305ef41988ad270b0e8ec289331c.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
net/core/dev.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 73d5644fa834..7c8959936169 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2702,12 +2702,11 @@ static inline bool skb_needs_check(struct sk_buff *skb, bool tx_path)
struct sk_buff *__skb_gso_segment(struct sk_buff *skb,
netdev_features_t features, bool tx_path)
{
- struct sk_buff *segs;
-
if (unlikely(skb_needs_check(skb, tx_path))) {
int err;
- /* We're going to init ->check field in TCP or UDP header */
+ skb_warn_bad_offload(skb);
+
err = skb_cow_head(skb, 0);
if (err < 0)
return ERR_PTR(err);
@@ -2735,12 +2734,7 @@ struct sk_buff *__skb_gso_segment(struct sk_buff *skb,
skb_reset_mac_header(skb);
skb_reset_mac_len(skb);
- segs = skb_mac_gso_segment(skb, features);
-
- if (unlikely(skb_needs_check(skb, tx_path)))
- skb_warn_bad_offload(skb);
-
- return segs;
+ return skb_mac_gso_segment(skb, features);
}
EXPORT_SYMBOL(__skb_gso_segment);
--
2.11.0

54
0001-netfilter-nft_set_rbtree-handle-re-addition-element-.patch Normal file
View File

@ -0,0 +1,54 @@
From 6fa9fc0ce1032710ce017c444b0c66eaf9e77782 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 22 May 2017 00:17:30 +0200
Subject: [PATCH linux] netfilter: nft_set_rbtree: handle re-addition element
after deletion
The existing code selects no next branch to be inspected when
re-inserting an inactive element into the rb-tree, looping endlessly.
This patch restricts the check for active elements to the EEXIST case
only.
Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_set_rbtree.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index f06f55e..51ff879 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -118,17 +118,17 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
else if (d > 0)
p = &parent->rb_right;
else {
- if (nft_set_elem_active(&rbe->ext, genmask)) {
- if (nft_rbtree_interval_end(rbe) &&
- !nft_rbtree_interval_end(new))
- p = &parent->rb_left;
- else if (!nft_rbtree_interval_end(rbe) &&
- nft_rbtree_interval_end(new))
- p = &parent->rb_right;
- else {
- *ext = &rbe->ext;
- return -EEXIST;
- }
+ if (nft_rbtree_interval_end(rbe) &&
+ !nft_rbtree_interval_end(new)) {
+ p = &parent->rb_left;
+ } else if (!nft_rbtree_interval_end(rbe) &&
+ nft_rbtree_interval_end(new)) {
+ p = &parent->rb_right;
+ } else if (nft_set_elem_active(&rbe->ext, genmask)) {
+ *ext = &rbe->ext;
+ return -EEXIST;
+ } else {
+ p = &parent->rb_left;
}
}
}
--
2.1.4

43
0001-tcp-reset-sk_rx_dst-in-tcp_disconnect.patch Normal file
View File

@ -0,0 +1,43 @@
From d747a7a51b00984127a88113cdbbc26f91e9d815 Mon Sep 17 00:00:00 2001
From: WANG Cong <xiyou.wangcong@gmail.com>
Date: Sat, 24 Jun 2017 23:50:30 -0700
Subject: [PATCH] tcp: reset sk_rx_dst in tcp_disconnect()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We have to reset the sk->sk_rx_dst when we disconnect a TCP
connection, because otherwise when we re-connect it this
dst reference is simply overridden in tcp_finish_connect().
This fixes a dst leak which leads to a loopback dev refcnt
leak. It is a long-standing bug, Kevin reported a very similar
(if not same) bug before. Thanks to Andrei for providing such
a reliable reproducer which greatly narrows down the problem.
Fixes: 41063e9dd119 ("ipv4: Early TCP socket demux.")
Reported-by: Andrei Vagin <avagin@gmail.com>
Reported-by: Kevin Xu <kaiwen.xu@hulu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
net/ipv4/tcp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index b5ea036ca781..40aca7803cf2 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2330,6 +2330,8 @@ int tcp_disconnect(struct sock *sk, int flags)
tcp_init_send_head(sk);
memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
__sk_dst_reset(sk);
+ dst_release(sk->sk_rx_dst);
+ sk->sk_rx_dst = NULL;
tcp_saved_syn_free(tp);
/* Clean up fastopen related fields */
--
2.11.0

439
Makefile
View File

@ -1,171 +1,368 @@
include /usr/share/dpkg/pkg-info.mk
RELEASE=5.0
# also bump proxmox-kernel-meta if the default MAJ.MIN version changes!
KERNEL_MAJ=6
KERNEL_MIN=8
KERNEL_PATCHLEVEL=8
# increment KREL for every published package release!
# rebuild packages with new KREL and run 'make abiupdate'
KREL=2
# also update proxmox-ve/changelog if you change KERNEL_VER or KREL
KERNEL_VER=4.10.17
PKGREL=25
# also include firmware of previous version into
# the fw package: fwlist-2.6.32-PREV-pve
KREL=5
KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)
KERNEL_SRC=ubuntu-zesty
KERNEL_SRC_SUBMODULE=submodules/ubuntu-zesty
EXTRAVERSION=-$(KREL)-pve
KVNAME=$(KERNEL_VER)$(EXTRAVERSION)
PACKAGE=proxmox-kernel-$(KVNAME)
HDRPACKAGE=proxmox-headers-$(KVNAME)
EXTRAVERSION=-${KREL}-pve
KVNAME=${KERNEL_VER}${EXTRAVERSION}
PACKAGE=pve-kernel-${KVNAME}
HDRPACKAGE=pve-headers-${KVNAME}
ARCH=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
NPROCS=$(shell nproc)
# amd64/x86_64/x86 share the arch subdirectory in the kernel, 'x86' so we need
# a mapping
KERNEL_ARCH=x86
ifneq ($(ARCH), amd64)
KERNEL_ARCH=$(ARCH)
ifneq (${ARCH}, amd64)
KERNEL_ARCH=${ARCH}
endif
GITVERSION:=$(shell git rev-parse HEAD)
CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate -lchangelog.Debian)
export SOURCE_DATE_EPOCH ?= $(shell dpkg-parsechangelog -STimestamp -lchangelog.Debian)
SKIPABI=0
BUILD_DIR=proxmox-kernel-$(KERNEL_VER)
TOP=$(shell pwd)
KERNEL_SRC=ubuntu-kernel
KERNEL_SRC_SUBMODULE=submodules/$(KERNEL_SRC)
KERNEL_CFG_ORG=config-$(KERNEL_VER).org
KERNEL_CFG_ORG=config-${KERNEL_VER}.org
ZFSONLINUX_SUBMODULE=submodules/zfsonlinux
E1000EDIR=e1000e-3.3.5.3
E1000ESRC=${E1000EDIR}.tar.gz
IGBDIR=igb-5.3.5.4
IGBSRC=${IGBDIR}.tar.gz
IXGBEDIR=ixgbe-5.0.4
IXGBESRC=${IXGBEDIR}.tar.gz
SPLDIR=pkg-spl
SPLSRC=submodules/spl-module
ZFSDIR=pkg-zfs
ZFSSRC=submodules/zfs-module
ZFS_KO=zfs.ko
ZFS_KO_REST=zavl.ko znvpair.ko zunicode.ko zcommon.ko zpios.ko icp.ko
ZFS_MODULES=$(ZFS_KO) $(ZFS_KO_REST)
SPL_KO=spl.ko
SPL_KO_REST=splat.ko
SPL_MODULES=$(SPL_KO) $(SPL_KO_REST)
MODULES=modules
MODULE_DIRS=$(ZFSDIR)
DST_DEB=${PACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
HDR_DEB=${HDRPACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
PVEPKG=proxmox-ve
PVE_DEB=${PVEPKG}_${RELEASE}-${PKGREL}_all.deb
VIRTUALHDRPACKAGE=pve-headers
VIRTUAL_HDR_DEB=${VIRTUALHDRPACKAGE}_${RELEASE}-${PKGREL}_all.deb
# exported to debian/rules via debian/rules.d/dirs.mk
DIRS=KERNEL_SRC ZFSDIR MODULES
LINUX_TOOLS_PKG=linux-tools-4.10
LINUX_TOOLS_DEB=${LINUX_TOOLS_PKG}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
DSC=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL).dsc
DST_DEB=$(PACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
SIGNED_TEMPLATE_DEB=$(PACKAGE)-signed-template_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
META_DEB=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
HDR_DEB=$(HDRPACKAGE)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
META_HDR_DEB=proxmox-headers-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_all.deb
USR_HDR_DEB=proxmox-kernel-libc-dev_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_$(KERNEL_VER)-$(KREL)_$(ARCH).deb
DEBS=${DST_DEB} ${HDR_DEB} ${PVE_DEB} ${VIRTUAL_HDR_DEB} ${LINUX_TOOLS_DEB}
DEBS=$(DST_DEB) $(META_DEB) $(HDR_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB) $(SIGNED_TEMPLATE_DEB) # $(USR_HDR_DEB)
all: check_gcc deb
deb: ${DEBS}
all: deb
deb: $(DEBS)
pve: $(PVE_DEB)
${PVE_DEB}: proxmox-ve/control proxmox-ve/postinst ${PVE_RELEASE_KEYS}
rm -rf proxmox-ve/data
mkdir -p proxmox-ve/data/DEBIAN
mkdir -p proxmox-ve/data/usr/share/doc/${PVEPKG}/
mkdir -p proxmox-ve/data/etc/apt/trusted.gpg.d
install -m 0644 proxmox-ve/proxmox-release-5.x.pubkey proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
sed -e 's/@KVNAME@/${KVNAME}/' -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@RELEASE@/${RELEASE}/' -e 's/@PKGREL@/${PKGREL}/' <proxmox-ve/control >proxmox-ve/data/DEBIAN/control
sed -e 's/@KVNAME@/${KVNAME}/' <proxmox-ve/postinst >proxmox-ve/data/DEBIAN/postinst
chmod 0755 proxmox-ve/data/DEBIAN/postinst
install -m 0755 proxmox-ve/postrm proxmox-ve/data/DEBIAN/postrm
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout ${GITVERSION}" > proxmox-ve/data/usr/share/doc/${PVEPKG}/SOURCE
install -m 0644 proxmox-ve/copyright proxmox-ve/data/usr/share/doc/${PVEPKG}
install -m 0644 proxmox-ve/changelog.Debian proxmox-ve/data/usr/share/doc/${PVEPKG}
gzip -n --best proxmox-ve/data/usr/share/doc/${PVEPKG}/changelog.Debian
dpkg-deb --build proxmox-ve/data ${PVE_DEB}
$(META_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(HDR_DEB): $(DST_DEB)
$(DST_DEB): $(BUILD_DIR).prepared
cd $(BUILD_DIR); dpkg-buildpackage --jobs=auto -b -uc -us
lintian $(DST_DEB)
#lintian $(HDR_DEB)
lintian $(LINUX_TOOLS_DEB)
pve-headers: $(VIRTUAL_HDR_DEB)
${VIRTUAL_HDR_DEB}: proxmox-ve/pve-headers.control
rm -rf pve-headers/data
mkdir -p pve-headers/data/DEBIAN
mkdir -p pve-headers/data/usr/share/doc/${VIRTUALHDRPACKAGE}/
sed -e 's/@KVNAME@/${KVNAME}/' -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@RELEASE@/${RELEASE}/' -e 's/@PKGREL@/${PKGREL}/' <proxmox-ve/pve-headers.control >pve-headers/data/DEBIAN/control
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout ${GITVERSION}" > pve-headers/data/usr/share/doc/${VIRTUALHDRPACKAGE}/SOURCE
install -m 0644 proxmox-ve/copyright pve-headers/data/usr/share/doc/${VIRTUALHDRPACKAGE}
install -m 0644 proxmox-ve/changelog.Debian pve-headers/data/usr/share/doc/${VIRTUALHDRPACKAGE}
gzip -n --best pve-headers/data/usr/share/doc/${VIRTUALHDRPACKAGE}/changelog.Debian
dpkg-deb --build pve-headers/data ${VIRTUAL_HDR_DEB}
dsc:
$(MAKE) $(DSC)
lintian $(DSC)
check_gcc:
ifeq ($(CC), cc)
gcc --version|grep "6\.3" || false
else
$(CC) --version|grep "6\.3" || false
endif
$(DSC): $(BUILD_DIR).prepared
cd $(BUILD_DIR); dpkg-buildpackage -S -uc -us -d
${DST_DEB}: data control.in prerm.in postinst.in postrm.in copyright changelog.Debian | fwcheck abicheck
mkdir -p data/DEBIAN
sed -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@KVNAME@/${KVNAME}/' -e 's/@PKGREL@/${PKGREL}/' -e 's/@ARCH@/${ARCH}/' <control.in >data/DEBIAN/control
sed -e 's/@@KVNAME@@/${KVNAME}/g' <prerm.in >data/DEBIAN/prerm
chmod 0755 data/DEBIAN/prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' <postinst.in >data/DEBIAN/postinst
chmod 0755 data/DEBIAN/postinst
sed -e 's/@@KVNAME@@/${KVNAME}/g' <postrm.in >data/DEBIAN/postrm
chmod 0755 data/DEBIAN/postrm
install -D -m 644 copyright data/usr/share/doc/${PACKAGE}/copyright
install -D -m 644 changelog.Debian data/usr/share/doc/${PACKAGE}/changelog.Debian
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout ${GITVERSION}" > data/usr/share/doc/${PACKAGE}/SOURCE
gzip -n -f --best data/usr/share/doc/${PACKAGE}/changelog.Debian
rm -f data/lib/modules/${KVNAME}/source
rm -f data/lib/modules/${KVNAME}/build
dpkg-deb --build data ${DST_DEB}
lintian ${DST_DEB}
sbuild: $(DSC)
sbuild $(DSC)
LINUX_TOOLS_DH_LIST=strip installchangelogs installdocs compress shlibdeps gencontrol md5sums builddeb
$(BUILD_DIR).prepared: $(addsuffix .prepared,$(KERNEL_SRC) $(MODULES) debian)
cp -a fwlist-previous $(BUILD_DIR)/
cp -a abi-prev-* $(BUILD_DIR)/
cp -a abi-blacklist $(BUILD_DIR)/
${LINUX_TOOLS_DEB}: .compile_mark control.tools changelog.Debian copyright
rm -rf linux-tools ${LINUX_TOOLS_DEB}
mkdir -p linux-tools/debian
cp control.tools linux-tools/debian/control
echo 9 > linux-tools/debian/compat
cp changelog.Debian linux-tools/debian/changelog
cp copyright linux-tools/debian
mkdir -p linux-tools/debian/linux-tools-4.10/usr/bin
install -m 0755 ${KERNEL_SRC}/tools/perf/perf linux-tools/debian/linux-tools-4.10/usr/bin/perf_4.10
cd linux-tools; for i in ${LINUX_TOOLS_DH_LIST}; do dh_$$i; done
lintian ${LINUX_TOOLS_DEB}
fwlist-${KVNAME}: data
./find-firmware.pl data/lib/modules/${KVNAME} >fwlist.tmp
mv fwlist.tmp $@
.PHONY: fwcheck
fwcheck: fwlist-${KVNAME} fwlist-previous
@echo "checking fwlist for changes since last built firmware package.."
@echo "if this check fails, add fwlist-${KVNAME} to the pve-firmware repository and upload a new firmware package together with the ${KVNAME} kernel"
sort fwlist-previous | uniq > fwlist-previous.sorted
sort fwlist-${KVNAME} | uniq > fwlist-${KVNAME}.sorted
diff -up -N fwlist-previous.sorted fwlist-${KVNAME}.sorted > fwlist.diff
rm fwlist.diff fwlist-previous.sorted fwlist-${KVNAME}.sorted
@echo "done, no need to rebuild pve-firmware"
abi-${KVNAME}: .compile_mark
sed -e 's/^\(.\+\)[[:space:]]\+\(.\+\)[[:space:]]\(.\+\)$$/\3 \2 \1/' ${KERNEL_SRC}/Module.symvers | sort > abi-${KVNAME}
.PHONY: abicheck
abicheck: abi-${KVNAME} abi-previous abi-blacklist
./abi-check abi-${KVNAME} abi-previous ${SKIPABI}
data: .compile_mark igb.ko ixgbe.ko e1000e.ko ${SPL_MODULES} ${ZFS_MODULES}
rm -rf data tmp; mkdir -p tmp/lib/modules/${KVNAME}
mkdir tmp/boot
install -m 644 ${KERNEL_SRC}/.config tmp/boot/config-${KVNAME}
install -m 644 ${KERNEL_SRC}/System.map tmp/boot/System.map-${KVNAME}
install -m 644 ${KERNEL_SRC}/arch/${KERNEL_ARCH}/boot/bzImage tmp/boot/vmlinuz-${KVNAME}
cd ${KERNEL_SRC}; make INSTALL_MOD_PATH=../tmp/ modules_install
## install latest ibg driver
install -m 644 igb.ko tmp/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/igb/
# install latest ixgbe driver
install -m 644 ixgbe.ko tmp/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/ixgbe/
# install latest e1000e driver
install -m 644 e1000e.ko tmp/lib/modules/${KVNAME}/kernel/drivers/net/ethernet/intel/e1000e/
# install zfs drivers
install -d -m 0755 tmp/lib/modules/${KVNAME}/zfs
install -m 644 ${SPL_MODULES} ${ZFS_MODULES} tmp/lib/modules/${KVNAME}/zfs
# remove firmware
rm -rf tmp/lib/firmware
# strip debug info
find tmp/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
# finalize
/sbin/depmod -b tmp/ ${KVNAME}
# Autogenerate blacklist for watchdog devices (see README)
install -m 0755 -d tmp/lib/modprobe.d
ls tmp/lib/modules/${KVNAME}/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
echo ipmi_watchdog.ko >> watchdog-blacklist.tmp
cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > tmp/lib/modprobe.d/blacklist_${PACKAGE}.conf
mv tmp data
PVE_CONFIG_OPTS= \
-m INTEL_MEI_WDT \
-d CONFIG_SND_PCM_OSS \
-e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
-d CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS \
-m CONFIG_CEPH_FS \
-m CONFIG_BLK_DEV_NBD \
-m CONFIG_BLK_DEV_RBD \
-m CONFIG_BCACHE \
-m CONFIG_JFS_FS \
-m CONFIG_HFS_FS \
-m CONFIG_HFSPLUS_FS \
-e CONFIG_BRIDGE \
-e CONFIG_BRIDGE_NETFILTER \
-e CONFIG_BLK_DEV_SD \
-e CONFIG_BLK_DEV_SR \
-e CONFIG_BLK_DEV_DM \
-e CONFIG_BLK_DEV_NVME \
-d CONFIG_INPUT_EVBUG \
-d CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND \
-e CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE \
-d CONFIG_MODULE_SIG \
-d CONFIG_MEMCG_DISABLED \
-e CONFIG_MEMCG_SWAP_ENABLED \
-e CONFIG_MEMCG_KMEM \
-d CONFIG_DEFAULT_CFQ \
-e CONFIG_DEFAULT_DEADLINE \
-e CONFIG_MODVERSIONS \
-d CONFIG_DEFAULT_SECURITY_DAC \
-e CONFIG_DEFAULT_SECURITY_APPARMOR \
--set-str CONFIG_DEFAULT_SECURITY apparmor
.compile_mark: ${KERNEL_SRC}/README ${KERNEL_CFG_ORG}
[ ! -e /lib/modules/${KVNAME}/build ] || (echo "please remove /lib/modules/${KVNAME}/build" && false)
cp ${KERNEL_CFG_ORG} ${KERNEL_SRC}/.config
cd ${KERNEL_SRC}; ./scripts/config ${PVE_CONFIG_OPTS}
cd ${KERNEL_SRC}; make oldconfig
cd ${KERNEL_SRC}; make KBUILD_BUILD_VERSION_TIMESTAMP="PVE ${KERNEL_VER}-${PKGREL} (${CHANGELOG_DATE})" -j ${NPROCS}
make -C ${KERNEL_SRC}/tools/perf prefix=/usr HAVE_CPLUS_DEMANGLE=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python2.7
make -C ${KERNEL_SRC}/tools/perf man
touch $@
.PHONY: build-dir-fresh
build-dir-fresh:
$(MAKE) clean
$(MAKE) $(BUILD_DIR).prepared
echo "created build-directory: $(BUILD_DIR).prepared/"
debian.prepared: debian
rm -rf $(BUILD_DIR)/debian
mkdir -p $(BUILD_DIR)
cp -a debian $(BUILD_DIR)/debian
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout $(shell git rev-parse HEAD)" \
>$(BUILD_DIR)/debian/SOURCE
@$(foreach dir, $(DIRS),echo "$(dir)=$($(dir))" >> $(BUILD_DIR)/debian/rules.d/env.mk;)
echo "KVNAME=$(KVNAME)" >> $(BUILD_DIR)/debian/rules.d/env.mk
echo "KERNEL_MAJMIN=$(KERNEL_MAJMIN)" >> $(BUILD_DIR)/debian/rules.d/env.mk
cd $(BUILD_DIR); debian/rules debian/control
${KERNEL_CFG_ORG}: ${KERNEL_SRC}/README
${KERNEL_SRC}/README: ${KERNEL_SRC_SUBMODULE} | submodule
rm -rf ${KERNEL_SRC}
cp -a ${KERNEL_SRC_SUBMODULE} ${KERNEL_SRC}
cat ${KERNEL_SRC}/debian.master/config/config.common.ubuntu ${KERNEL_SRC}/debian.master/config/${ARCH}/config.common.${ARCH} ${KERNEL_SRC}/debian.master/config/${ARCH}/config.flavour.generic > ${KERNEL_CFG_ORG}
cd ${KERNEL_SRC}; patch -p1 < ../uname-version-timestamp.patch
cd ${KERNEL_SRC}; patch -p1 <../bridge-patch.diff
#cd ${KERNEL_SRC}; patch -p1 <../bridge-forward-ipv6-neighbor-solicitation.patch
#cd ${KERNEL_SRC}; patch -p1 <../add-empty-ndo_poll_controller-to-veth.patch
cd ${KERNEL_SRC}; patch -p1 <../override_for_missing_acs_capabilities.patch
#cd ${KERNEL_SRC}; patch -p1 <../vhost-net-extend-device-allocation-to-vmalloc.patch
cd ${KERNEL_SRC}; patch -p1 < ../kvm-dynamic-halt-polling-disable-default.patch
cd ${KERNEL_SRC}; patch -p1 < ../cgroup-cpuset-add-cpuset.remap_cpus.patch
cd ${KERNEL_SRC}; patch -p1 < ../0001-netfilter-nft_set_rbtree-handle-re-addition-element-.patch # DoS from within (unpriv) containers
cd ${KERNEL_SRC}; patch -p1 < ../0001-tcp-reset-sk_rx_dst-in-tcp_disconnect.patch
cd ${KERNEL_SRC}; patch -p1 < ../0001-Revert-net-reduce-skb_warn_bad_offload-noise.patch
sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
touch $@
$(KERNEL_SRC).prepared: $(KERNEL_SRC_SUBMODULE) | submodule
rm -rf $(BUILD_DIR)/$(KERNEL_SRC) $@
mkdir -p $(BUILD_DIR)
cp -a $(KERNEL_SRC_SUBMODULE) $(BUILD_DIR)/$(KERNEL_SRC)
# TODO: split for archs, track and diff in our repository?
cd $(BUILD_DIR)/$(KERNEL_SRC); python3 debian/scripts/misc/annotations --arch amd64 --export >../../$(KERNEL_CFG_ORG)
cp $(KERNEL_CFG_ORG) $(BUILD_DIR)/$(KERNEL_SRC)/.config
sed -i $(BUILD_DIR)/$(KERNEL_SRC)/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=$(EXTRAVERSION)/'
rm -rf $(BUILD_DIR)/$(KERNEL_SRC)/debian $(BUILD_DIR)/$(KERNEL_SRC)/debian.master
set -e; cd $(BUILD_DIR)/$(KERNEL_SRC); \
for patch in ../../patches/kernel/*.patch; do \
echo "applying patch '$$patch'"; \
patch --batch -p1 < "$${patch}"; \
done
touch $@
e1000e.ko e1000e: .compile_mark ${E1000ESRC}
rm -rf ${E1000EDIR}
tar xf ${E1000ESRC}
[ ! -e /lib/modules/${KVNAME}/build ] || (echo "please remove /lib/modules/${KVNAME}/build" && false)
cd ${E1000EDIR}; patch -p1 < ../intel-module-gcc6-compat.patch
cd ${E1000EDIR}; patch -p1 < ../e1000e_4.10_compat.patch
cd ${E1000EDIR}; patch -p1 < ../e1000e_4.10_max-mtu.patch
cd ${E1000EDIR}/src; make BUILD_KERNEL=${KVNAME} KSRC=${TOP}/${KERNEL_SRC}
cp ${E1000EDIR}/src/e1000e.ko e1000e.ko
$(MODULES).prepared: $(addsuffix .prepared,$(MODULE_DIRS))
touch $@
igb.ko igb: .compile_mark ${IGBSRC}
rm -rf ${IGBDIR}
tar xf ${IGBSRC}
[ ! -e /lib/modules/${KVNAME}/build ] || (echo "please remove /lib/modules/${KVNAME}/build" && false)
cd ${IGBDIR}; patch -p1 < ../intel-module-gcc6-compat.patch
cd ${IGBDIR}; patch -p1 < ../igb_4.9_compat.patch
cd ${IGBDIR}; patch -p1 < ../igb_4.10_compat.patch
cd ${IGBDIR}; patch -p1 < ../igb_4.10_max-mtu.patch
cd ${IGBDIR}/src; make BUILD_KERNEL=${KVNAME} KSRC=${TOP}/${KERNEL_SRC}
cp ${IGBDIR}/src/igb.ko igb.ko
$(ZFSDIR).prepared: $(ZFSONLINUX_SUBMODULE)
rm -rf $(BUILD_DIR)/$(MODULES)/$(ZFSDIR) $(BUILD_DIR)/$(MODULES)/tmp $@
mkdir -p $(BUILD_DIR)/$(MODULES)/tmp
cp -a $(ZFSONLINUX_SUBMODULE)/* $(BUILD_DIR)/$(MODULES)/tmp
cd $(BUILD_DIR)/$(MODULES)/tmp; make kernel
rm -rf $(BUILD_DIR)/$(MODULES)/tmp
touch $(ZFSDIR).prepared
ixgbe.ko ixgbe: .compile_mark ${IXGBESRC}
rm -rf ${IXGBEDIR}
tar xf ${IXGBESRC}
[ ! -e /lib/modules/${KVNAME}/build ] || (echo "please remove /lib/modules/${KVNAME}/build" && false)
cd ${IXGBEDIR}; patch -p1 < ../ixgbe_4.10_compat.patch
cd ${IXGBEDIR}; patch -p1 < ../ixgbe_4.10_max-mtu.patch
cd ${IXGBEDIR}/src; make CFLAGS_EXTRA="-DIXGBE_NO_LRO" BUILD_KERNEL=${KVNAME} KSRC=${TOP}/${KERNEL_SRC}
cp ${IXGBEDIR}/src/ixgbe.ko ixgbe.ko
$(SPL_KO_REST): $(SPL_KO)
$(SPL_KO): .compile_mark ${SPLSRC}
rm -rf ${SPLDIR}
rsync -ra ${SPLSRC}/ ${SPLDIR}
[ ! -e /lib/modules/${KVNAME}/build ] || (echo "please remove /lib/modules/${KVNAME}/build" && false)
cd ${SPLDIR}; ./autogen.sh
cd ${SPLDIR}; ./configure --with-config=kernel --with-linux=${TOP}/${KERNEL_SRC} --with-linux-obj=${TOP}/${KERNEL_SRC}
cd ${SPLDIR}; make
cp ${SPLDIR}/module/spl/spl.ko spl.ko
cp ${SPLDIR}/module/splat/splat.ko splat.ko
$(ZFS_KO_REST): $(ZFS_KO)
$(ZFS_KO): .compile_mark ${ZFSSRC}
rm -rf ${ZFSDIR}
rsync -ra ${ZFSSRC}/ ${ZFSDIR}
[ ! -e /lib/modules/${KVNAME}/build ] || (echo "please remove /lib/modules/${KVNAME}/build" && false)
cd ${ZFSDIR}; ./autogen.sh
cd ${ZFSDIR}; ./configure --with-spl=${TOP}/${SPLDIR} --with-spl-obj=${TOP}/${SPLDIR} --with-config=kernel --with-linux=${TOP}/${KERNEL_SRC} --with-linux-obj=${TOP}/${KERNEL_SRC}
cd ${ZFSDIR}; make
cp ${ZFSDIR}/module/zfs/zfs.ko zfs.ko
cp ${ZFSDIR}/module/avl/zavl.ko zavl.ko
cp ${ZFSDIR}/module/nvpair/znvpair.ko znvpair.ko
cp ${ZFSDIR}/module/unicode/zunicode.ko zunicode.ko
cp ${ZFSDIR}/module/zcommon/zcommon.ko zcommon.ko
cp ${ZFSDIR}/module/zpios/zpios.ko zpios.ko
cp ${ZFSDIR}/module/icp/icp.ko icp.ko
headers_tmp := $(CURDIR)/tmp-headers
headers_dir := $(headers_tmp)/usr/src/linux-headers-${KVNAME}
hdr: $(HDR_DEB)
${HDR_DEB}: .compile_mark headers-control.in headers-postinst.in
rm -rf $(headers_tmp)
install -d $(headers_tmp)/DEBIAN $(headers_dir)/include/
sed -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@KVNAME@/${KVNAME}/' -e 's/@PKGREL@/${PKGREL}/' -e 's/@ARCH@/${ARCH}/' <headers-control.in >$(headers_tmp)/DEBIAN/control
sed -e 's/@@KVNAME@@/${KVNAME}/g' <headers-postinst.in >$(headers_tmp)/DEBIAN/postinst
chmod 0755 $(headers_tmp)/DEBIAN/postinst
install -D -m 644 copyright $(headers_tmp)/usr/share/doc/${HDRPACKAGE}/copyright
install -D -m 644 changelog.Debian $(headers_tmp)/usr/share/doc/${HDRPACKAGE}/changelog.Debian
echo "git clone git://git.proxmox.com/git/pve-kernel.git\\ngit checkout ${GITVERSION}" > $(headers_tmp)/usr/share/doc/${HDRPACKAGE}/SOURCE
gzip -n -f --best $(headers_tmp)/usr/share/doc/${HDRPACKAGE}/changelog.Debian
install -m 0644 ${KERNEL_SRC}/.config $(headers_dir)
install -m 0644 ${KERNEL_SRC}/Module.symvers $(headers_dir)
cd ${KERNEL_SRC}; find . -path './debian/*' -prune -o -path './include/*' -prune -o -path './Documentation' -prune \
-o -path './scripts' -prune -o -type f \
\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
-name '*.sh' -o -name '*.pl' \) \
-print | cpio -pd --preserve-modification-time $(headers_dir)
cd ${KERNEL_SRC}; cp -a include scripts $(headers_dir)
cd ${KERNEL_SRC}; (find arch/${KERNEL_ARCH} -name include -type d -print | \
xargs -n1 -i: find : -type f) | \
cpio -pd --preserve-modification-time $(headers_dir)
mkdir -p ${headers_tmp}/lib/modules/${KVNAME}
ln -sf /usr/src/linux-headers-${KVNAME} ${headers_tmp}/lib/modules/${KVNAME}/build
dpkg-deb --build $(headers_tmp) ${HDR_DEB}
#lintian ${HDR_DEB}
.PHONY: upload
upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION)
upload: $(DEBS)
tar cf - $(DEBS)|ssh -X repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist $(UPLOAD_DIST) --arch $(ARCH)
upload: ${DEBS}
tar cf - ${DEBS}|ssh repoman@repo.proxmox.com -- upload --product pve --dist stretch --arch ${ARCH}
.PHONY: distclean
distclean: clean
git submodule deinit --all
rm -rf linux-firmware.git dvb-firmware.git ${KERNEL_SRC}.org
# upgrade to current master
.PHONY: update_modules
update_modules: submodule
git submodule foreach 'git pull --ff-only origin master'
cd $(ZFSONLINUX_SUBMODULE); git pull --ff-only origin master
# make sure submodules were initialized
.PHONY: submodule
submodule:
test -f "$(KERNEL_SRC_SUBMODULE)/README" || git submodule update --init $(KERNEL_SRC_SUBMODULE)
test -f "$(ZFSONLINUX_SUBMODULE)/Makefile" || git submodule update --init --recursive $(ZFSONLINUX_SUBMODULE)
test -f "${KERNEL_SRC_SUBMODULE}/README" || git submodule update --init
test -f "${ZFSSRC}/debian/changelog" || git submodule update --init
test -f "${SPLSRC}/debian/changelog" || git submodule update --init
# call after ABI bump with header deb in working directory
.PHONY: abiupdate
abiupdate: abi-prev-$(KVNAME)
abi-prev-$(KVNAME): abi-tmp-$(KVNAME)
ifneq ($(strip $(shell git status --untracked-files=no --porcelain -z)),)
@echo "working directory unclean, aborting!"
@false
else
git rm "abi-prev-*"
mv $< $@
git add $@
git commit -s -m "update ABI file for $(KVNAME)" -m "(generated with debian/scripts/abi-generate)"
@echo "update abi-prev-$(KVNAME) committed!"
endif
abi-tmp-$(KVNAME):
@ test -e $(HDR_DEB) || (echo "need $(HDR_DEB) to extract ABI data!" && false)
debian/scripts/abi-generate $(HDR_DEB) $@ $(KVNAME) 1
.PHONY: clean
clean:
rm -rf *~ proxmox-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG)
rm -f *.deb *.dsc *.changes *.buildinfo *.build proxmox-kernel*.tar.*
rm -rf *~ .compile_mark watchdog-blacklist.tmp ${KERNEL_CFG_ORG} ${KERNEL_SRC} ${KERNEL_SRC}.tmp ${KERNEL_CFG_ORG} ${KERNEL_SRC}.org orig tmp data proxmox-ve/data *.deb ${headers_tmp} fwdata fwlist.tmp *.ko abi-${KVNAME} fwlist-${KVNAME} ${ZFSDIR} ${SPLDIR} ${SPL_MODULES} ${ZFS_MODULES} hpsa.ko ${HPSADIR} ${DRBDDIR} drbd-9.0 ${IGBDIR} igb.ko ${IXGBEDIR} ixgbe.ko ${E1000EDIR} e1000e.ko linux-tools ${LINUX_TOOLS_DEB}

248
README
View File

@ -1,248 +1,152 @@
KERNEL SOURCE:
==============
We currently use the Ubuntu kernel sources, available from our mirror:
We currently use the Ubuntu kernel sources, available from:
https://git.proxmox.com/?p=mirror_ubuntu-kernels.git;a=summary
http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/
Ubuntu will maintain those kernels till:
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
or
https://pve.proxmox.com/pve-docs/chapter-pve-faq.html#faq-support-table
whatever happens to be earlier.
Additional/Updated Modules:
---------------------------
- include latest e1000e driver from intel/sourceforge
- include latest ixgbe driver from intel/sourceforge
- include latest igb driver from intel/sourceforge
# Note: hpsa does not compile with kernel 3.19.8
#- include latest HPSA driver (HP Smart Array)
#
# * http://sourceforge.net/projects/cciss/
- include native OpenZFS filesystem kernel modules for Linux
* https://github.com/zfsonlinux/
For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
BUILD
=====
As this is packaging for the Linux kernel with some extra integrations, like
ZFS, this repo cannot be handled like a plain Linux kernel git repository.
The actual Linux kernel source lives in a git submodule.
For a build you should init the submodules and then handle it like most our
Debian packaging builds. If unsure you can follow this:
Installing Build-Dependencies
-----------------------------
You can either just check the package metadata template `debian/control.in`
and install the packages listed in the `Build-Depends` section manually
(replace `debhelper-compat` with just `debhelper`) or use a more automated way
described below:
# install base build-dependencies and helpers
apt update
apt install devscripts
# create build-directory so that we got final packaging control files from the
# .in templates generated
make build-dir-fresh
# install build-dependencies (replace BUILD-DIR with actual one)
mk-build-deps -ir BUILD-DIR/debian/control
- include latest DRBD 9 driver, see http://drbd.linbit.com/home/what-is-drbd/
Package Build
-------------
# start the actual build
make deb
For simple KConfig modifications you can adapt the list in `debian/rules` file.
For quick code changes to the actual kernel code you can do them directly in
the submodule/ubuntu-kernels directory, then re-create the build-directory, e.g.:
make clean
# now build again, explicitly creating the build-dir isn't required anymore
# after one has the build-dependencies already installed.
make deb
Modify-Build-Test Cycles
------------------------
Ideally you avoid the need for doing a full package build and just directly
build linux from the ubuntu-kernels or the mainline (stable) repo with copying
over a build-config of a proxmox-kernel to that as .config and then using the
`make olddefconfig` target.
If you need full package builds you can try to make changes inside the
BUILD-DIR directly and then continue build from there, e.g., using
`dpkg-buildpackage -b -uc -us --no-pre-clean`. Depending on what stage you want
to continue build you might need to touch, or remove some *.prepared files.
Just check `debian/rules` for how kernel build progress is tracked by make.
SUBMODULE
FIRMWARE:
=========
We track the current upstream repository as submodule. Besides obvious
advantages over tracking binary tar archives this also has some implications.
We create our own firmware package, which includes the firmware for
all proxmox-ve kernels. So far this include
For building the submodule directory gets copied into build/ and a few patches
get applied with the `patch` tool. From a git point-of-view, the copied
directory remains clean even with extra patches applied since it does not
contain a .git directory, but a reference to the (still pristine) submodule:
pve-kernel-2.6.18
pve-kernel-2.6.24
pve-kernel-2.6.32
pve-kernel-3.10.0
pve-kernel-3.19.0
$ cat build/ubuntu-kernel/.git
We use 'find-firmware.pl' to extract lists of required firmeware
files. The script 'assemble-firmware.pl' is used to read those lists
and copy the files from various source directory into a target
directory.
If you mistakenly cloned the upstream repo as "normal" clone (not via the
submodule mechanics) this means that you have a real .git directory with its
independent objects and tracking info when copying for building, thus git
operates on the copied directory - and "sees" that it was dirtied by `patch`,
and thus the kernel buildsystem sees this too and will add a '+' to the version
as a result. This changes the output directories for modules and other build
artefacts and let's then the build fail on packaging.
We do not include firmeware for some wireless HW when there is a
separate debian package for that, for example:
So always ensure that you really checked it out as submodule, not as full
"normal" clone. You can also explicitly set the LOCALVERSION variable to
undefined with: `export LOCALVERSION= but that should only be done for test
builds.
RELATED PACKAGES:
=================
proxmox-ve
----------
top level meta package, depends on current default kernel series meta package.
git clone git://git.proxmox.com/git/proxmox-ve.git
proxmox-default-kernel
----------------------
Depends on default kernel and header meta package, e.g., proxmox-kernel-6.2 /
proxmox-headers-6.2.
git clone git://git.proxmox.com/git/pve-kernel-meta.git
proxmox-kernel-X.Y
------------------
Depends on the latest kernel (or header, in case of proxmox-headers-X.Y)
package within a certain series.
e.g., proxmox-kernel-6.2 depends on proxmox-kernel-6.2.16-6-pve
NOTE: Since Proxmox VE 8, based on Debian 12 Bookworm, the kernel ABI is bumped
with every version bump due to module signing. Since then the meta package was
pulled into the kernel repo, before that it lived in pve-kernel-meta.git.
pve-firmware
------------
Contains the firmware for all released PVE kernels.
git clone git://git.proxmox.com/git/pve-firmware.git
zd1211-firmware
atmel-firmware
bluez-firmware
NOTES:
======
PATCHES:
--------
ABI versions, package versions and package name:
------------------------------------------------
bridge-patch.diff: Avoid bridge problems with changing MAC
see also: http://forum.openvz.org/index.php?t=msg&th=5291
We follow debian's versioning w.r.t ABI changes:
https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html
https://wiki.debian.org/DebianKernelABIChanges
The debian/rules file has a target comparing the build kernel's ABI against the
version stored in the repository and indicates when an ABI bump is necessary.
An ABI bump within one upstream version consists of incrementing the KREL
variable in the Makefile, rebuilding the packages and running 'make abiupdate'
(the 'abiupdate' target in 'Makefile' contains the steps for consistently
updating the repository).
Behaviour after 2.6.27 has changed slighly - after setting mac address
of bridge device, then address won't change. So we could omit
that patch, requiring to set hwaddress in /etc/network/interfaces.
Watchdog blacklist
------------------
By default, all watchdog modules are black-listed because it is totally undefined
which device is actually used for /dev/watchdog.
We ship this list in /lib/modprobe.d/blacklist_proxmox-kernel-<VERSION>.conf
We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
The user typically edit /etc/modules to enable a specific watchdog device.
Debug kernel and modules
------------------------
In order to build a -dbgsym package containing an unstripped copy of the kernel
image and modules, enable the 'pkg.proxmox-kernel.debug' build profile (e.g. by
exporting DEB_BUILD_PROFILES='pkg.proxmox-kernel.debug'). The resulting package can
be used together with 'crash'/'kdump-tools' to debug kernel crashes.
Note: the -dbgsym package is only valid for the proxmox-kernel packages produced by
the same build. A kernel/module from a different build will likely not match,
even if both builds are of the same kernel and package version.
Additional information
----------------------
We use the default configuration provided by Ubuntu, and apply
the following modifications:
the following modification:
NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS)
- enable INTEL_MEI_WDT=m (to allow disabling via patch)
- disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed)
- switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS
see Makefile (PVE_CONFIG_OPTS)
- enable CONFIG_CEPH_FS=m (request from user)
- enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
problems (udev, update-initramfs have serious problems without that)
problems (udev, undate-initramfs have serious problems without that)
CONFIG_BLK_DEV_SD=y
CONFIG_BLK_DEV_SR=y
CONFIG_BLK_DEV_DM=y
- add workaround for Debian bug #807000 (see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000)
CONFIG_BLK_DEV_NVME=y
- compile NBD and RBD modules
CONFIG_BLK_DEV_NBD=m
CONFIG_BLK_DEV_RBD=m
- enable IBM JFS file system as module
requested by users (bug #64)
- set LOOP_MIN_COUNT to 8 (debian defaults)
CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
- enable apple HFS and HFSPLUS as module
requested by users
- disable module signatures (CONFIG_MODULE_SIG)
- enable IBM JFS file system
This is disabled in RHEL kernel for no real reason, so we enable
it as requested by users (bug #64)
- enable apple HFS and HFSPLUS
This is disabled in RHEL kernel for no real reason, so we enable
it as requested by users
- enable CONFIG_BCACHE=m (requested by user)
- enable CONFIG_BRIDGE=y
to avoid warnings on boot, e.g. that net.bridge.bridge-nf-call-iptables is an unknown key
Else we get warnings on boot, that
net.bridge.bridge-nf-call-iptables is an unknown key
- enable CONFIG_DEFAULT_SECURITY_APPARMOR
We need this for lxc
We need this for lxc
- set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
because if not set, it can give some dynamic memory or cpu frequencies
change, and vms can crash (mainly windows guest).
see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273
- use 'deadline' as default scheduler
This is the suggested setting for KVM. We also measure bad fsync performance with ext4 and cfq.
This is the suggested setting for KVM. We also measure bad fsync
performance with ext4 and cfq.
- disable CONFIG_INPUT_EVBUG
Module evbug is not blacklisted on debian, so we simply disable it to avoid
key-event logs (which is a big security problem)
- enable CONFIG_MODVERSIONS (needed for ABI tracking)
Module evbug is not blacklisted on debian, so we simply disable it
to avoid key-event logs (which is a big security problem)
- switch default UNWINDER to FRAME_POINTER
the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS
Testing final kernel with kvm
-----------------------------
kvm -kernel data/boot/vmlinuz-3.19.8-1-pve -initrd initrd.img-3.19.8-1-pve -append "vga=791 video=vesafb:ywrap,mtrr" /dev/zero
- enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)

209
abi-check Executable file
View File

@ -0,0 +1,209 @@
#!/usr/bin/perl -w
my $abinew = shift;
my $abiold = shift;
my $skipabi = shift;
$abinew =~ /abi-(.*)/;
my $abinum = $1;
my $fail_exit = 1;
my $EE = "EE:";
my $errors = 0;
my $abiskip = 0;
my $count;
print "II: Checking ABI...\n";
if ($skipabi) {
print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
$fail_exit = 0;
$abiskip = 1;
$EE = "WW:";
}
#if ($prev_abinum != $abinum) {
# print "II: Different ABI's, running in no-fail mode\n";
# $fail_exit = 0;
# $EE = "WW:";
#}
#
if (not -f "$abinew" or not -f "$abiold") {
print "EE: Previous or current ABI file missing!\n";
print " $abinew\n" if not -f "$abinew";
print " $abiold\n" if not -f "$abiold";
# Exit if the ABI files are missing, but return status based on whether
# skip ABI was indicated.
if ("$abiskip" eq "1") {
exit(0);
} else {
exit(1);
}
}
my %symbols;
my %symbols_ignore;
my %modules_ignore;
my %module_syms;
# See if we have any ignores
my $ignore = 0;
print " Reading symbols/modules to ignore...";
for $file ("abi-blacklist") {
if (-f $file) {
open(IGNORE, "< $file") or
die "Could not open $file";
while (<IGNORE>) {
chomp;
if ($_ =~ m/M: (.*)/) {
$modules_ignore{$1} = 1;
} else {
$symbols_ignore{$_} = 1;
}
$ignore++;
}
close(IGNORE);
}
}
print "read $ignore symbols/modules.\n";
sub is_ignored($$) {
my ($mod, $sym) = @_;
die "Missing module name in is_ignored()" if not defined($mod);
die "Missing symbol name in is_ignored()" if not defined($sym);
if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
return 1;
}
return 0;
}
# Read new syms first
print " Reading new symbols ($abinum)...";
$count = 0;
open(NEW, "< $abinew") or
die "Could not open $abinew";
while (<NEW>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'type'} = $1;
$symbols{$4}{'loc'} = $2;
$symbols{$4}{'hash'} = $3;
$module_syms{$2} = 0;
$count++;
}
close(NEW);
print "read $count symbols.\n";
# Now the old symbols, checking for missing ones
print " Reading old symbols...";
$count = 0;
open(OLD, "< $abiold") or
die "Could not open $abiold";
while (<OLD>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'old_type'} = $1;
$symbols{$4}{'old_loc'} = $2;
$symbols{$4}{'old_hash'} = $3;
$count++;
}
close(OLD);
print "read $count symbols.\n";
print "II: Checking for missing symbols in new ABI...";
$count = 0;
foreach $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'type'})) {
print "\n" if not $count;
printf(" MISS : %s%s\n", $sym,
is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
}
}
print " " if $count;
print "found $count missing symbols\n";
if ($count) {
print "$EE Symbols gone missing (what did you do!?!)\n";
$errors++;
}
print "II: Checking for new symbols in new ABI...";
$count = 0;
foreach $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'})) {
print "\n" if not $count;
print " NEW : $sym\n";
$count++;
}
}
print " " if $count;
print "found $count new symbols\n";
if ($count) {
print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
}
print "II: Checking for changes to ABI...\n";
$count = 0;
my $moved = 0;
my $changed_type = 0;
my $changed_hash = 0;
foreach $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'}) or
!defined($symbols{$sym}{'type'})) {
next;
}
# Changes in location don't hurt us, but log it anyway
if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
printf(" MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'},
$symbols{$sym}{'loc'});
$moved++;
}
# Changes to export type are only bad if new type isn't
# EXPORT_SYMBOL. Changing things to GPL are bad.
if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
printf(" TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
$symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL"
and !is_ignored($symbols{$sym}{'loc'}, $sym);
}
# Changes to the hash are always bad
if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
printf(" HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
$symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
$module_syms{$symbols{$sym}{'loc'}}++;
}
}
print "WW: $moved symbols changed location\n" if $moved;
print "$EE $changed_type symbols changed export type and weren't ignored\n" if $changed_type;
print "$EE $changed_hash symbols changed hash and weren't ignored\n" if $changed_hash;
$errors++ if $changed_hash or $changed_type;
if ($changed_hash) {
print "II: Module hash change summary...\n";
foreach $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
next if ! $module_syms{$mod};
printf(" %-40s: %d\n", $mod, $module_syms{$mod});
}
}
print "II: Done\n";
if ($errors) {
exit($fail_exit);
} else {
exit(0);
}

28965
abi-prev-6.8.8-2-pve
View File

File diff suppressed because it is too large Load Diff

21375
abi-previous Normal file
View File

File diff suppressed because it is too large Load Diff

14
bridge-patch.diff Normal file
View File

@ -0,0 +1,14 @@
--- linux-2.6-3.10.0/net/bridge/br_stp_if.c.orig 2013-11-26 22:20:20.000000000 +0100
+++ linux-2.6-3.10.0/net/bridge/br_stp_if.c 2013-12-17 08:42:10.004428223 +0100
@@ -228,10 +228,7 @@
return false;
list_for_each_entry(p, &br->port_list, list) {
- if (addr == br_mac_zero ||
- memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0)
- addr = p->dev->dev_addr;
-
+ addr = p->dev->dev_addr;
}
if (ether_addr_equal(br->bridge_id.addr, addr))

137
ceph-scheduler-fix.patch Normal file
View File

@ -0,0 +1,137 @@
commit 8974189222159154c55f24ddad33e3613960521a
Author: Peter Zijlstra <peterz@infradead.org>
Date: Thu Jun 16 10:50:40 2016 +0200
sched/fair: Fix cfs_rq avg tracking underflow
As per commit:
b7fa30c9cc48 ("sched/fair: Fix post_init_entity_util_avg() serialization")
> the code generated from update_cfs_rq_load_avg():
>
> if (atomic_long_read(&cfs_rq->removed_load_avg)) {
> s64 r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0);
> sa->load_avg = max_t(long, sa->load_avg - r, 0);
> sa->load_sum = max_t(s64, sa->load_sum - r * LOAD_AVG_MAX, 0);
> removed_load = 1;
> }
>
> turns into:
>
> ffffffff81087064: 49 8b 85 98 00 00 00 mov 0x98(%r13),%rax
> ffffffff8108706b: 48 85 c0 test %rax,%rax
> ffffffff8108706e: 74 40 je ffffffff810870b0 <update_blocked_averages+0xc0>
> ffffffff81087070: 4c 89 f8 mov %r15,%rax
> ffffffff81087073: 49 87 85 98 00 00 00 xchg %rax,0x98(%r13)
> ffffffff8108707a: 49 29 45 70 sub %rax,0x70(%r13)
> ffffffff8108707e: 4c 89 f9 mov %r15,%rcx
> ffffffff81087081: bb 01 00 00 00 mov $0x1,%ebx
> ffffffff81087086: 49 83 7d 70 00 cmpq $0x0,0x70(%r13)
> ffffffff8108708b: 49 0f 49 4d 70 cmovns 0x70(%r13),%rcx
>
> Which you'll note ends up with sa->load_avg -= r in memory at
> ffffffff8108707a.
So I _should_ have looked at other unserialized users of ->load_avg,
but alas. Luckily nikbor reported a similar /0 from task_h_load() which
instantly triggered recollection of this here problem.
Aside from the intermediate value hitting memory and causing problems,
there's another problem: the underflow detection relies on the signed
bit. This reduces the effective width of the variables, IOW its
effectively the same as having these variables be of signed type.
This patch changes to a different means of unsigned underflow
detection to not rely on the signed bit. This allows the variables to
use the 'full' unsigned range. And it does so with explicit LOAD -
STORE to ensure any intermediate value will never be visible in
memory, allowing these unserialized loads.
Note: GCC generates crap code for this, might warrant a look later.
Note2: I say 'full' above, if we end up at U*_MAX we'll still explode;
maybe we should do clamping on add too.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yuyang Du <yuyang.du@intel.com>
Cc: bsegall@google.com
Cc: kernel@kyup.com
Cc: morten.rasmussen@arm.com
Cc: pjt@google.com
Cc: steve.muckle@linaro.org
Fixes: 9d89c257dfb9 ("sched/fair: Rewrite runnable load and utilization average tracking")
Link: http://lkml.kernel.org/r/20160617091948.GJ30927@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
kernel/sched/fair.c | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -2682,6 +2682,23 @@ static inline void update_tg_load_avg(st
static inline u64 cfs_rq_clock_task(struct cfs_rq *cfs_rq);
+/*
+ * Unsigned subtract and clamp on underflow.
+ *
+ * Explicitly do a load-store to ensure the intermediate value never hits
+ * memory. This allows lockless observations without ever seeing the negative
+ * values.
+ */
+#define sub_positive(_ptr, _val) do { \
+ typeof(_ptr) ptr = (_ptr); \
+ typeof(*ptr) val = (_val); \
+ typeof(*ptr) res, var = READ_ONCE(*ptr); \
+ res = var - val; \
+ if (res > var) \
+ res = 0; \
+ WRITE_ONCE(*ptr, res); \
+} while (0)
+
/* Group cfs_rq's load_avg is used for task_h_load and update_cfs_share */
static inline int update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq)
{
@@ -2690,15 +2707,15 @@ static inline int update_cfs_rq_load_avg
if (atomic_long_read(&cfs_rq->removed_load_avg)) {
s64 r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0);
- sa->load_avg = max_t(long, sa->load_avg - r, 0);
- sa->load_sum = max_t(s64, sa->load_sum - r * LOAD_AVG_MAX, 0);
+ sub_positive(&sa->load_avg, r);
+ sub_positive(&sa->load_sum, r * LOAD_AVG_MAX);
removed = 1;
}
if (atomic_long_read(&cfs_rq->removed_util_avg)) {
long r = atomic_long_xchg(&cfs_rq->removed_util_avg, 0);
- sa->util_avg = max_t(long, sa->util_avg - r, 0);
- sa->util_sum = max_t(s32, sa->util_sum - r * LOAD_AVG_MAX, 0);
+ sub_positive(&sa->util_avg, r);
+ sub_positive(&sa->util_sum, r * LOAD_AVG_MAX);
}
decayed = __update_load_avg(now, cpu_of(rq_of(cfs_rq)), sa,
@@ -2764,10 +2781,10 @@ static void detach_entity_load_avg(struc
&se->avg, se->on_rq * scale_load_down(se->load.weight),
cfs_rq->curr == se, NULL);
- cfs_rq->avg.load_avg = max_t(long, cfs_rq->avg.load_avg - se->avg.load_avg, 0);
- cfs_rq->avg.load_sum = max_t(s64, cfs_rq->avg.load_sum - se->avg.load_sum, 0);
- cfs_rq->avg.util_avg = max_t(long, cfs_rq->avg.util_avg - se->avg.util_avg, 0);
- cfs_rq->avg.util_sum = max_t(s32, cfs_rq->avg.util_sum - se->avg.util_sum, 0);
+ sub_positive(&cfs_rq->avg.load_avg, se->avg.load_avg);
+ sub_positive(&cfs_rq->avg.load_sum, se->avg.load_sum);
+ sub_positive(&cfs_rq->avg.util_avg, se->avg.util_avg);
+ sub_positive(&cfs_rq->avg.util_sum, se->avg.util_sum);
}
/* Add the load generated by se into cfs_rq's load average */

178
cgroup-cpuset-add-cpuset.remap_cpus.patch Normal file
View File

@ -0,0 +1,178 @@
From 40d641241a5399afc93d4eb75d8794f72fe3c0fb Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 21 Dec 2016 15:37:20 +0100
Subject: [PATCH] cgroup, cpuset: add cpuset.remap_cpus
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Changes a cpuset, recursively remapping all its descendants
to the new range.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
include/linux/cpumask.h | 17 ++++++++++++++++
kernel/cpuset.c | 54 +++++++++++++++++++++++++++++++++++++++----------
2 files changed, 60 insertions(+), 11 deletions(-)
diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
index 59915ea..f5487c8 100644
--- a/include/linux/cpumask.h
+++ b/include/linux/cpumask.h
@@ -514,6 +514,23 @@ static inline void cpumask_copy(struct cpumask *dstp,
}
/**
+ * cpumask_remap - *dstp = map(old, new)(*srcp)
+ * @dstp: the result
+ * @srcp: the input cpumask
+ * @oldp: the old mask
+ * @newp: the new mask
+ */
+static inline void cpumask_remap(struct cpumask *dstp,
+ const struct cpumask *srcp,
+ const struct cpumask *oldp,
+ const struct cpumask *newp)
+{
+ bitmap_remap(cpumask_bits(dstp), cpumask_bits(srcp),
+ cpumask_bits(oldp), cpumask_bits(newp),
+ nr_cpumask_bits);
+}
+
+/**
* cpumask_any - pick a "random" cpu from *srcp
* @srcp: the input cpumask
*
diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 7e78cfe..ff5ff3a 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -462,7 +462,8 @@ static void free_trial_cpuset(struct cpuset *trial)
* Return 0 if valid, -errno if not.
*/
-static int validate_change(struct cpuset *cur, struct cpuset *trial)
+static int validate_change(struct cpuset *cur, struct cpuset *trial,
+ int remap)
{
struct cgroup_subsys_state *css;
struct cpuset *c, *par;
@@ -470,11 +471,13 @@ static int validate_change(struct cpuset *cur, struct cpuset *trial)
rcu_read_lock();
- /* Each of our child cpusets must be a subset of us */
- ret = -EBUSY;
- cpuset_for_each_child(c, css, cur)
- if (!is_cpuset_subset(c, trial))
- goto out;
+ if (!remap) {
+ /* Each of our child cpusets must be a subset of us */
+ ret = -EBUSY;
+ cpuset_for_each_child(c, css, cur)
+ if (!is_cpuset_subset(c, trial))
+ goto out;
+ }
/* Remaining checks don't apply to root cpuset */
ret = 0;
@@ -937,11 +940,15 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus)
* @cs: the cpuset to consider
* @trialcs: trial cpuset
* @buf: buffer of cpu numbers written to this cpuset
+ * @remap: recursively remap all child nodes
*/
static int update_cpumask(struct cpuset *cs, struct cpuset *trialcs,
- const char *buf)
+ const char *buf, int remap)
{
int retval;
+ struct cpuset *cp;
+ struct cgroup_subsys_state *pos_css;
+ struct cpumask tempmask;
/* top_cpuset.cpus_allowed tracks cpu_online_mask; it's read-only */
if (cs == &top_cpuset)
@@ -969,11 +976,25 @@ static int update_cpumask(struct cpuset *cs, struct cpuset *trialcs,
if (cpumask_equal(cs->cpus_allowed, trialcs->cpus_allowed))
return 0;
- retval = validate_change(cs, trialcs);
+ retval = validate_change(cs, trialcs, remap);
if (retval < 0)
return retval;
spin_lock_irq(&callback_lock);
+ if (remap) {
+ rcu_read_lock();
+ cpuset_for_each_descendant_pre(cp, pos_css, cs) {
+ /* skip empty subtrees */
+ if (cpumask_empty(cp->cpus_allowed)) {
+ pos_css = css_rightmost_descendant(pos_css);
+ continue;
+ }
+ cpumask_copy(&tempmask, cp->cpus_allowed);
+ cpumask_remap(cp->cpus_allowed, &tempmask,
+ cs->cpus_allowed, trialcs->cpus_allowed);
+ }
+ rcu_read_unlock();
+ }
cpumask_copy(cs->cpus_allowed, trialcs->cpus_allowed);
spin_unlock_irq(&callback_lock);
@@ -1250,7 +1271,7 @@ static int update_nodemask(struct cpuset *cs, struct cpuset *trialcs,
retval = 0; /* Too easy - nothing to do */
goto done;
}
- retval = validate_change(cs, trialcs);
+ retval = validate_change(cs, trialcs, 0);
if (retval < 0)
goto done;
@@ -1337,7 +1358,7 @@ static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs,
else
clear_bit(bit, &trialcs->flags);
- err = validate_change(cs, trialcs);
+ err = validate_change(cs, trialcs, 0);
if (err < 0)
goto out;
@@ -1596,6 +1617,7 @@ static void cpuset_attach(struct cgroup_taskset *tset)
typedef enum {
FILE_MEMORY_MIGRATE,
FILE_CPULIST,
+ FILE_REMAP_CPULIST,
FILE_MEMLIST,
FILE_EFFECTIVE_CPULIST,
FILE_EFFECTIVE_MEMLIST,
@@ -1728,7 +1750,10 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of,
switch (of_cft(of)->private) {
case FILE_CPULIST:
- retval = update_cpumask(cs, trialcs, buf);
+ retval = update_cpumask(cs, trialcs, buf, 0);
+ break;
+ case FILE_REMAP_CPULIST:
+ retval = update_cpumask(cs, trialcs, buf, 1);
break;
case FILE_MEMLIST:
retval = update_nodemask(cs, trialcs, buf);
@@ -1845,6 +1870,13 @@ static struct cftype files[] = {
},
{
+ .name = "remap_cpus",
+ .write = cpuset_write_resmask,
+ .max_write_len = (100U + 6 * NR_CPUS),
+ .private = FILE_REMAP_CPULIST,
+ },
+
+ {
.name = "mems",
.seq_show = cpuset_common_seq_show,
.write = cpuset_write_resmask,
--
2.1.4

1107
changelog.Debian Normal file
View File

File diff suppressed because it is too large Load Diff

11
control.in Normal file
View File

@ -0,0 +1,11 @@
Package: pve-kernel-@KVNAME@
Version: @KERNEL_VER@-@PKGREL@
Section: admin
Priority: optional
Architecture: @ARCH@
Provides: linux-image, linux-image-2.6
Suggests: pve-firmware
Depends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64, initramfs-tools, busybox
Maintainer: Proxmox Support Team <support@proxmox.com>
Description: The Proxmox PVE Kernel Image
This package contains the linux kernel and initial ramdisk used for booting

12
control.tools Normal file
View File

@ -0,0 +1,12 @@
Source: pve-kernel
Maintainer: Proxmox Support Team <support@proxmox.com>
Package: linux-tools-4.10
Architecture: any
Section: devel
Priority: optional
Depends: ${misc:Depends}, ${shlibs:Depends}, linux-base
Description: Linux kernel version specific tools for version 4.10
This package provides the architecture dependent parts for kernel
version locked tools (such as perf and x86_energy_perf_policy)

12
debian/copyright → copyright
View File

@ -1,8 +1,11 @@
This is a prepackaged version of the Linux kernel binary image.
For the packaging and all files in the debian/ folder consider:
Copyright (C) 2007-2022 Proxmox Server Solutions GmbH
Licensed under the AGPL-3.0-or-later
This package was put together by Proxmox Server
Solutions GmbH <support@proxmox.com>.
We use the RHEL7 kernel sources, available from:
ftp://ftp.redhat.com/redhat/rhel/
Linux is copyrighted by Linus Torvalds and others.
@ -23,5 +26,6 @@ The complete text of the GNU General Public License can be found in
`/usr/share/common-licenses/GPL-2'.
ZFS module is licensed under the Common Development and Distribution
ZFS module is licensed under the Common Development and Distribution
License (CDDL).

37
debian/certs/proxmox-uefi-ca.pem vendored
View File

@ -1,37 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIGbjCCBFagAwIBAgIUTVo8veNlt0qzt14J+H2mhEB2SNUwDQYJKoZIhvcNAQEL
BQAwgZMxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDzANBgNVBAcMBlZp
ZW5uYTEmMCQGA1UECgwdUHJveG1veCBTZXJ2ZXIgU29sdXRpb25zIEdtYkgxFzAV
BgNVBAMMDlNlY3VyZSBCb290IENBMSEwHwYJKoZIhvcNAQkBFhJvZmZpY2VAcHJv
eG1veC5jb20wHhcNMjMwMzA2MTM1MTM0WhcNMzMwMzAzMTM1MTM0WjCBkzELMAkG
A1UEBhMCQVQxDzANBgNVBAgMBlZpZW5uYTEPMA0GA1UEBwwGVmllbm5hMSYwJAYD
VQQKDB1Qcm94bW94IFNlcnZlciBTb2x1dGlvbnMgR21iSDEXMBUGA1UEAwwOU2Vj
dXJlIEJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEm9mZmljZUBwcm94bW94LmNvbTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ59mP8gRLqsA6P53ejy0wMk
0qLlICtDkPXsJoi4QRHjlPErxXv5zsZ4WqSG2bQ8EW95FAf8EOF6ge+G17neYt1w
DmlvHzLBfqTJj5EBRgVjdWOjX3AkS/elOyzHdq4rKOteUSpQlMP4ub2cAUdy/8rp
ouTbduttNv8mymAO89/kbXCEmKFiRS+av+hykFFyXH/KTRa2QnvLVadMEkmtA+vm
+yQhYWCTD8hdisa1o3dKM0Z2l8LyzfIOsVXcwHHB7AhtR4tbLR9Tz2p/m9Gz//vj
82dBaChh6kxIMZ8kACP28dA561R2P6ZcjzLSJ0Tq5e4tiW9SNEzuTYKTRvFeQoQh
4usDdSF3ifXDuimShpv8Yaf4fntyIaUfnm6H5tvNr9b9Rw6ZL200LV5VugQ1EpfE
F0+c3LQfurwT7svISgXSY62Fe/TiHFANOVXM5j3/Dr2ktKyce7BUGN4ewpWPvP99
io+rdd4bTReuDh8j0nhsSdYKfvuOmvQpgL8Smzno54/hdpuO6cv+slCr1ApDexl8
gAPPwCZRsH7aPc92g+YPzDm3k77RqkCXPA19KKQLYKvL7a+H3rnqgO81CdGFPHOz
I5UruKLLeDGAWR0bo0JqDMEL8/oPh9IvGo8lFcTros0NEof6A7p8SGmxM2NodTo9
spDVs84xDPlp4yX4u8A9AgMBAAGjgbcwgbQwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFLXxsR5I
LbWGkynLl1qjUgX4cs16MB8GA1UdIwQYMBaAFLXxsR5ILbWGkynLl1qjUgX4cs16
MB0GA1UdEQQWMBSBEm9mZmljZUBwcm94bW94LmNvbTAdBgNVHRIEFjAUgRJvZmZp
Y2VAcHJveG1veC5jb20wDQYJKoZIhvcNAQELBQADggIBAAUGWTt792ibVtE9yKgq
9YtmybKGWjDHdMKl5AcnxLD60z7cEgcUBpEXaUbTzic5rz7fYhUM29LZkF8NIA2a
rzrF0w+J1zZZKG2VvTWmdgynNNKQ/iTRbhgSZ94hEWOwumlEW4O6HwUN+VYFx8wf
jvyWc1K6cdCc70IeC5POjYTlXKPoDq8ysPMLhxm7dsk7DDWcR0siMbYqGLLK5cJB
lZE+9Q3Nj/q4m3odjK1ILrDGKqWWJgxopE21e903Ej+TNw+TduXygHqwVloEXUi4
clmMMwCfhEBI9Vuy0+QSLxvrHKbwYpWd59RBQEsUubi8sT8Oh7njgmEd/Pf9uD7U
1Rd9I+1MkNOZXyoyvaJQl9NZ9RpyG+ZbeQoFcL2CeCy0jJQQSilI5k4RtiDrGn6R
GxlRL/FTvGWBkQGNwvoeFwD6i7zYainf1Z7f1Dh83MxKarxpAwX61K+rHpvAvjN/
Hd4dslj5C+p188FnGaqiFlFAgVcF//F+yZFGYu1sTIQJ5f0C3LiFLeQYi3SPTf0L
wk78eHgo6x1cIOM3/Ct4mflHBxnrfOJ9YdEAn2MklpDT5dif+9+zpN1myCQn4HoW
OgoWIacSuvuFczHTQf2IX4ZEEE5SZwE31f7E0cqjgXmwbz1a81UMZHzvr71rDeWi
oRgE3Pe1htzpOmw5Ygvjtn8k
-----END CERTIFICATE-----

37
debian/certs/proxmox-uefi-signer-2023.pem vendored
View File

@ -1,37 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIGbzCCBFegAwIBAgIUakjebPHbd0vTEj9dEa3OF+gioGMwDQYJKoZIhvcNAQEL
BQAwgZMxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDzANBgNVBAcMBlZp
ZW5uYTEmMCQGA1UECgwdUHJveG1veCBTZXJ2ZXIgU29sdXRpb25zIEdtYkgxFzAV
BgNVBAMMDlNlY3VyZSBCb290IENBMSEwHwYJKoZIhvcNAQkBFhJvZmZpY2VAcHJv
eG1veC5jb20wHhcNMjMwMzA2MTQwNTI1WhcNMjcwNDE0MTQwNTI1WjCBmjELMAkG
A1UEBhMCQVQxDzANBgNVBAgMBlZpZW5uYTEPMA0GA1UEBwwGVmllbm5hMSYwJAYD
VQQKDB1Qcm94bW94IFNlcnZlciBTb2x1dGlvbnMgR21iSDEeMBwGA1UEAwwVU2Vj
dXJlIEJvb3QgU2lnbiAyMDIzMSEwHwYJKoZIhvcNAQkBFhJvZmZpY2VAcHJveG1v
eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJGReH5i3aihb/
frdbzzNueHBt7DC9W2/GXYf0wfl8izCXz2SYM/UIZavbpzF2uhgxli3Dj4M0FyR2
oTKRseWyy+YMiwuhQcqCw0KRS6uOUiGjOtPHsEqDFO6DP8d1gNjYkF0jzY/CNf0N
5Sc+w8jknQJgZ9G1RGcC2ihZATx2pgG9nYA30Op8qHyhcF2KrUmh8wpXky21u0Ja
0/whsNFNSfQrvosgUroxLd2TvBdcBJu3SXt0B15jfY4Qssjmwgfs/oU8YGaAYnIp
PLJRqzho/kpDA3PH2lsgxv5BJHQgDuODLj3Q3dx09C71Qdb3FlQ6z9hIdFUoPrvC
kUpZ5lEwGUyvFZtJJQvGm/1BpDj1G7P8lqODyfkJ4c77XoH7M9z945HmxrfAyjP7
9Jk8NXA9bSy+ygPHPHlTLEc10HKvk/SRg/sGGUveTr9C6rObfP8EmvXogpS46xSn
W9s2vFSVFyOBvLpdIhU91McBFinvQaqY0r2XTNrsU3Zp5YG3z6hh6BOLCpD/pixc
BQyfT8wGeI59dobVSSrWqt+1vNxO02I5t7Mlam687Ix1e3C/nk7+i44WMcmB8n+x
Dq/v/L+UJlQ75u2dsaAiYUrGcsHQWAZ34oIAfec9qCgG+OLTwobwXXiOlaWiO51n
0xCQ4ePK+vZuDxRHaXL7hOxFCe3iKwIDAQABo4GxMIGuMB0GA1UdDgQWBBRr/2t+
Hu0KTVTbNhd31p7aJH15IjAfBgNVHSMEGDAWgBS18bEeSC21hpMpy5dao1IF+HLN
ejAdBgNVHREEFjAUgRJvZmZpY2VAcHJveG1veC5jb20wHQYDVR0SBBYwFIESb2Zm
aWNlQHByb3htb3guY29tMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH
AwMwCwYDVR0PBAQDAgbAMA0GCSqGSIb3DQEBCwUAA4ICAQBYmLgWPJSK/pP/CkZE
iYttW1Vd0Wm4DeZVSyUh2c9AI+A+IT5otEXjCflU8sYU4vm0eEtNwhmGdVf8oZe4
tS/2eFawDAqEQ8xMsinbMJoqvcYx9uEZPiOOo3GS2YjfUy03Q3BAOV3rMFOjP4y+
dfYF3IWnKQxvUV0wapRyDbT62plKt4UCtBagUPcm838YRD6ax+4yK/5sojMQM1IW
2yGgEz8jeCyPI19Ots2RBZTJU2BZ1QqRPLybvLfsENtKgKqOE14BEp6WqtYBaj89
QZD4tbP9Mqcmnj8AfG89pb1Fj6tq0MLZsboF6i0J7uuQ6CKkb5ksQhLODLMwAZi1
1EAgWk5btwj6ZvoOHFOjAXGJ13tmUeYt/Zipyy/ie+5LSEdFevQ+zmZzsglfX3QK
6skoBpHs3kLcuPsoe8uhCvn/b22lHkFdYYkIwIUQFPJgdvBzD8LYHnD8P60UdsQO
vSSt9qzsq04DCEjwhmNJUeddL9ESGNL8vgpB9GvNjFEq6QMncELkdXDoAeqGFolE
/dj+8sVq+34plRsvD1GDDx70UWk0ZtQlvhqDJ0kxeT+yYASrwLoujK44SLq8cMJr
JYxDoxFOy5MSw+EzEXTP9LLkYNdPv/nzPbEz3lEctczyOgBWr22272Kdv3QCHBdP
v4+vFbHnrXmu8cC9T45r2aX3rQ==
-----END CERTIFICATE-----

2714
debian/changelog vendored
View File

File diff suppressed because it is too large Load Diff

124
debian/control.in vendored
View File

@ -1,124 +0,0 @@
Source: proxmox-kernel-@KVMAJMIN@
Section: devel
Priority: optional
Maintainer: Proxmox Support Team <support@proxmox.com>
Build-Depends: asciidoc-base,
automake,
bc,
bison,
cpio,
debhelper-compat (= 13),
dh-python,
dwarves,
file,
flex,
gcc (>= 8.3.0-6),
git,
kmod,
libdw-dev,
libelf-dev,
libiberty-dev,
libnuma-dev,
libpve-common-perl,
libslang2-dev,
libssl-dev,
libtool,
lintian,
lz4,
python3-dev,
python3-minimal,
rsync,
sphinx-common,
xmlto,
zlib1g-dev,
zstd,
Build-Conflicts: proxmox-headers-@KVNAME@,
Standards-Version: 4.6.2
Vcs-Git: git://git.proxmox.com/git/pve-kernel
Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
Package: linux-tools-@KVMAJMIN@
Architecture: any
Section: devel
Priority: optional
Depends: linux-base, ${misc:Depends}, ${shlibs:Depends},
Description: Linux kernel version specific tools for version @KVMAJMIN@
This package provides the architecture dependent parts for kernel
version locked tools (such as perf and x86_energy_perf_policy)
Package: proxmox-headers-@KVNAME@
Section: devel
Priority: optional
Architecture: any
Provides: linux-headers-@KVNAME@-amd64, pve-headers-@KVNAME@
Depends: ${misc:Depends},
Description: Proxmox Kernel Headers
This package contains the linux kernel headers
Package: proxmox-kernel-@KVNAME@
Section: admin
Priority: optional
Architecture: any
Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@
Suggests: pve-firmware,
Depends: busybox, initramfs-tools | linux-initramfs-tool, ${misc:Depends},
Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64,
Description: Proxmox Kernel Image
This package contains the linux kernel and initial ramdisk used for booting
Package: proxmox-kernel-@KVNAME@-dbgsym
Architecture: any
Provides: linux-debug, pve-kernel-@KVNAME@-dbgsym
Section: devel
Priority: optional
Build-Profiles: <pkg.proxmox-kernel.debug>
Depends: ${misc:Depends},
Description: Proxmox Kernel debug image
This package provides the kernel debug image for version @KVNAME@. The debug
kernel image contained in this package is NOT meant to boot from - it is
uncompressed, and unstripped, and suitable for use with crash/kdump-tools/..
to analyze kernel crashes. This package also contains the proxmox-kernel modules
in their unstripped version.
Package: proxmox-kernel-@KVNAME@-signed-template
Architecture: amd64
Depends: ${shlibs:Depends}, ${misc:Depends}, make | build-essential | dpkg-dev
Description: Template for signed kernel package
This package is used to control code signing by the Proxmox signing
service.
Package: proxmox-kernel-libc-dev
Section: devel
Priority: optional
Architecture: any
Provides: linux-libc-dev (=${binary:Version}), pve-kernel-libc-dev
Conflicts: linux-libc-dev,
Replaces: linux-libc-dev, pve-kernel-libc-dev
Breaks: pve-kernel-libc-dev
Depends: ${misc:Depends},
Description: Linux support headers for userspace development
This package provides userspaces headers from the Linux kernel. These headers
are used by the installed headers for GNU libc and other system libraries.
Package: proxmox-headers-@KVMAJMIN@
Architecture: all
Section: admin
Provides: linux-headers-amd64, linux-headers-generic, pve-headers-@KVMAJMIN@
Replaces: pve-headers-@KVMAJMIN@
Priority: optional
Depends: proxmox-headers-@KVNAME@, ${misc:Depends},
Description: Latest Proxmox Kernel Headers
This is a metapackage which will install the kernel headers
for the latest available proxmox kernel from the @KVMAJMIN@
series.
Package: proxmox-kernel-@KVMAJMIN@
Architecture: all
Section: admin
Provides: linux-image-amd64, linux-image-generic, wireguard-modules (=1.0.0), pve-kernel-@KVMAJMIN@
Replaces: pve-kernel-@KVMAJMIN@
Priority: optional
Depends: pve-firmware, proxmox-kernel-@KVNAME@-signed | proxmox-kernel-@KVNAME@, ${misc:Depends},
Description: Latest Proxmox Kernel Image
This is a metapackage which will install the latest available
proxmox kernel from the @KVMAJMIN@ series.

17
debian/proxmox-kernel-meta.postinst.in vendored
View File

@ -1,17 +0,0 @@
#! /bin/sh
# Abort if any command returns an error value
set -e
case "$1" in
configure)
# setup kernel links for installation CD (rescue boot)
mkdir -p /boot/pve
ln -sf /boot/vmlinuz-@@KVNAME@@ /boot/pve/vmlinuz-@@KVMAJMIN@@
ln -sf /boot/initrd.img-@@KVNAME@@ /boot/pve/initrd.img-@@KVMAJMIN@@
;;
esac
#DEBHELPER#
exit 0

46
debian/proxmox-kernel.postrm.in vendored
View File

@ -1,46 +0,0 @@
#!/usr/bin/perl
use strict;
use warnings;
# Ignore all 'upgrade' invocations .
exit 0 if $ARGV[0] =~ /upgrade/;
my $imagedir = "/boot";
my $version = "@@KVNAME@@";
if (-d "/etc/kernel/postrm.d") {
print STDERR "Examining /etc/kernel/postrm.d.\n";
system (
"run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postrm.d"
) && die "Failed to process /etc/kernel/postrm.d";
}
unlink "$imagedir/initrd.img-$version";
unlink "$imagedir/initrd.img-$version.bak";
unlink "/var/lib/initramfs-tools/$version";
# Ignore all invocations except when called on to purge.
exit 0 unless $ARGV[0] =~ /purge/;
my @files_to_remove = qw{
modules.dep modules.isapnpmap modules.pcimap
modules.usbmap modules.parportmap
modules.generic_string modules.ieee1394map
modules.ieee1394map modules.pnpbiosmap
modules.alias modules.ccwmap modules.inputmap
modules.symbols modules.ofmap
modules.seriomap modules.*.bin
modules.softdep modules.devname
};
foreach my $extra_file (@files_to_remove) {
for (glob("/lib/modules/$version/$extra_file")) {
unlink;
}
}
system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
exit 0

342
debian/rules vendored
View File

@ -1,342 +0,0 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# TODO: check for headers not being installed
BUILD_DIR=$(shell pwd)
include /usr/share/dpkg/default.mk
include debian/rules.d/env.mk
include debian/rules.d/$(DEB_BUILD_ARCH).mk
MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate)
CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ)
PMX_KERNEL_PKG=proxmox-kernel-$(KVNAME)
PMX_KERNEL_SERIES_PKG=proxmox-kernel-$(KERNEL_MAJMIN)
PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym
PMX_HEADER_PKG=proxmox-headers-$(KVNAME)
PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev
PMX_KERNEL_SIGNING_TEMPLATE_PKG=proxmox-kernel-${KVNAME}-signed-template
PMX_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN)
KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp
# TODO: split for archs, move to files?
PMX_CONFIG_OPTS= \
-m INTEL_MEI_WDT \
-d CONFIG_SND_PCM_OSS \
-e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
-d CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS \
-m CONFIG_CEPH_FS \
-m CONFIG_BLK_DEV_NBD \
-m CONFIG_BLK_DEV_RBD \
-m CONFIG_BLK_DEV_UBLK \
-d CONFIG_SND_PCSP \
-m CONFIG_BCACHE \
-m CONFIG_JFS_FS \
-m CONFIG_HFS_FS \
-m CONFIG_HFSPLUS_FS \
-e CIFS_SMB_DIRECT \
-e CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU \
-e CONFIG_BRIDGE \
-e CONFIG_BRIDGE_NETFILTER \
-e CONFIG_BLK_DEV_SD \
-e CONFIG_BLK_DEV_SR \
-e CONFIG_BLK_DEV_DM \
-m CONFIG_BLK_DEV_NVME \
-e CONFIG_NLS_ISO8859_1 \
-d CONFIG_INPUT_EVBUG \
-d CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND \
-d CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL \
-e CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE \
-e CONFIG_SYSFB_SIMPLEFB \
-e CONFIG_DRM_SIMPLEDRM \
-e CONFIG_MODULE_SIG \
-e CONFIG_MODULE_SIG_ALL \
-e CONFIG_MODULE_SIG_FORMAT \
--set-str CONFIG_MODULE_SIG_HASH sha512 \
--set-str CONFIG_MODULE_SIG_KEY certs/signing_key.pem \
-e CONFIG_MODULE_SIG_KEY_TYPE_RSA \
-e CONFIG_MODULE_SIG_SHA512 \
-d CONFIG_MEMCG_DISABLED \
-e CONFIG_MEMCG_SWAP_ENABLED \
-e CONFIG_HYPERV \
-m CONFIG_VFIO_IOMMU_TYPE1 \
-e CONFIG_VFIO_VIRQFD \
-m CONFIG_VFIO \
-m CONFIG_VFIO_PCI \
-m CONFIG_USB_XHCI_HCD \
-m CONFIG_USB_XHCI_PCI \
-m CONFIG_USB_EHCI_HCD \
-m CONFIG_USB_EHCI_PCI \
-m CONFIG_USB_EHCI_HCD_PLATFORM \
-m CONFIG_USB_OHCI_HCD \
-m CONFIG_USB_OHCI_HCD_PCI \
-m CONFIG_USB_OHCI_HCD_PLATFORM \
-d CONFIG_USB_OHCI_HCD_SSB \
-m CONFIG_USB_UHCI_HCD \
-d CONFIG_USB_SL811_HCD_ISO \
-e CONFIG_MEMCG_KMEM \
-d CONFIG_DEFAULT_CFQ \
-e CONFIG_DEFAULT_DEADLINE \
-e CONFIG_MODVERSIONS \
-e CONFIG_ZSTD_COMPRESS \
-d CONFIG_DEFAULT_SECURITY_DAC \
-e CONFIG_DEFAULT_SECURITY_APPARMOR \
--set-str CONFIG_DEFAULT_SECURITY apparmor \
-e CONFIG_MODULE_ALLOW_BTF_MISMATCH \
-d CONFIG_UNWINDER_ORC \
-d CONFIG_UNWINDER_GUESS \
-e CONFIG_UNWINDER_FRAME_POINTER \
--set-str CONFIG_SYSTEM_TRUSTED_KEYS ""\
--set-str CONFIG_SYSTEM_REVOCATION_KEYS ""\
-e CONFIG_SECURITY_LOCKDOWN_LSM \
-e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
--set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION \
-e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
-d CONFIG_GDS_FORCE_MITIGATION \
-d CONFIG_WQ_CPU_INTENSIVE_REPORT \
-d CONFIG_N_GSM \
-d UBSAN_BOUNDS \
debian/control: $(wildcard debian/*.in)
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PMX_KERNEL_PKG).postrm
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PMX_KERNEL_PKG).postinst
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PMX_KERNEL_SERIES_PKG).postrm
sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PMX_KERNEL_SERIES_PKG).postinst
chmod +x debian/$(PMX_KERNEL_PKG).prerm
chmod +x debian/$(PMX_KERNEL_PKG).postrm
chmod +x debian/$(PMX_KERNEL_PKG).postinst
chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postrm
chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postinst
chmod +x debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control
# signing-template
sed -e '1 s/proxmox-kernel/proxmox-kernel-signed/' -e '1 s/${DEB_VERSION}/${PMX_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
sed -e 's/@KVNAME@/${KVNAME}/g' < debian/signing-template/files.json.in > debian/signing-template/files.json
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@PKG_VERSION@/${DEB_VERSION}/' < debian/signing-template/rules.in > debian/signing-template/rules
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.prerm.in > debian/signing-template/prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postrm.in > debian/signing-template/postrm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postinst.in > debian/signing-template/postinst
rm debian/signing-template/*.in
cp debian/SOURCE debian/signing-template/
build: .compile_mark .tools_compile_mark .modules_compile_mark
install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_install_mark
dh_installdocs -A debian/copyright debian/SOURCE
dh_installchangelogs
dh_installman
dh_strip_nondeterminism
dh_compress
dh_fixperms
binary: install
debian/rules fwcheck abicheck
dh_strip -N$(PMX_HEADER_PKG) -N$(PMX_USR_HEADER_PKG)
dh_makeshlibs
dh_shlibdeps
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
.config_mark:
cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS)
$(MAKE) -C $(KERNEL_SRC) olddefconfig
# copy to allow building in parallel to kernel/module compilation without interference
rm -rf $(KERNEL_SRC_COPY)
cp -ar $(KERNEL_SRC) $(KERNEL_SRC_COPY)
touch $@
.compile_mark: .config_mark
$(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PMX $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))"
touch $@
.install_mark: .compile_mark .modules_compile_mark
rm -rf debian/$(PMX_KERNEL_PKG)
mkdir -p debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)
mkdir debian/$(PMX_KERNEL_PKG)/boot
install -m 644 $(KERNEL_SRC)/.config debian/$(PMX_KERNEL_PKG)/boot/config-$(KVNAME)
install -m 644 $(KERNEL_SRC)/System.map debian/$(PMX_KERNEL_PKG)/boot/System.map-$(KVNAME)
install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PMX_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME)
$(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PMX_KERNEL_PKG)/ modules_install
# install zfs drivers
install -d -m 0755 debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
install -m 644 $(MODULES)/zfs.ko $(MODULES)/spl.ko debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
# remove firmware
rm -rf debian/$(PMX_KERNEL_PKG)/lib/firmware
ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),)
echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation"
else
echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents"
mkdir -p debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)
mkdir debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot
install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME)
cp -r debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.*
endif
# strip debug info
find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
# sign modules using ephemeral, embedded key
if grep -q CONFIG_MODULE_SIG=y ubuntu-kernel/.config ; then \
find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do \
./ubuntu-kernel/scripts/sign-file sha512 ./ubuntu-kernel/certs/signing_key.pem ubuntu-kernel/certs/signing_key.x509 "$$f" ; \
done; \
rm ./ubuntu-kernel/certs/signing_key.pem ; \
fi
# finalize
/sbin/depmod -b debian/$(PMX_KERNEL_PKG)/ $(KVNAME)
# Autogenerate blacklist for watchdog devices (see README)
install -m 0755 -d debian/$(PMX_KERNEL_PKG)/lib/modprobe.d
ls debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
echo ipmi_watchdog.ko >> watchdog-blacklist.tmp
cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build
# copy signing template contents
rm -rf debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}
mkdir -p debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp -R debian/copyright \
debian/signing-template/rules \
debian/signing-template/control \
debian/signing-template/source \
debian/signing-template/changelog \
debian/signing-template/prerm \
debian/signing-template/postrm \
debian/signing-template/postinst \
debian/signing-template/SOURCE \
debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp debian/signing-template/files.json debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/
touch $@
.tools_compile_mark: .compile_mark
$(MAKE) -C $(KERNEL_SRC)/tools/perf prefix=/usr NO_LIBTRACEEVENT=1 HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3
echo "checking GPL-2 only perf binary for library linkage with incompatible licenses.."
! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibbfd'
! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibcrypto'
$(MAKE) -C $(KERNEL_SRC)/tools/perf NO_LIBTRACEEVENT=1 man
touch $@
.tools_install_mark: .tools_compile_mark
rm -rf debian/$(LINUX_TOOLS_PKG)
mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/bin
mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1
install -m 755 $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/perf debian/$(LINUX_TOOLS_PKG)/usr/bin/perf_$(KERNEL_MAJMIN)
for i in $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/Documentation/*.1; do \
fname="$${i##*/}"; manname="$${fname%.1}"; \
install -m644 "$$i" "debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \
done
touch $@
.headers_prepare_mark: .config_mark
rm -rf debian/$(PMX_HEADER_PKG)
mkdir -p debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
install -m 0644 $(KERNEL_SRC)/.config debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
make -C $(KERNEL_SRC_COPY) mrproper
cd $(KERNEL_SRC_COPY); find . -path './debian/*' -prune \
-o -path './include/*' -prune \
-o -path './Documentation' -prune \
-o -path './scripts' -prune \
-o -type f \
\( \
-name 'Makefile*' \
-o -name 'Kconfig*' \
-o -name 'Kbuild*' \
-o -name '*.sh' \
-o -name '*.pl' \
\) \
-print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
cd $(KERNEL_SRC_COPY); \
( \
find arch/$(KERNEL_HEADER_ARCH) -name include -type d -print | \
xargs -n1 -i: find : -type f \
) | \
cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
touch $@
.headers_compile_mark: .headers_prepare_mark
# set output to subdir of source to reduce number of hardcoded paths in output files
rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/.config
$(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts
cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/
rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)
touch $@
.headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark
cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h
install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
mkdir -p debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)
ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)/build
touch $@
.usr_headers_install_mark: PKG_DIR = debian/$(PMX_USR_HEADER_PKG)
.usr_headers_install_mark: OUT_DIR = $(PKG_DIR)/usr
.usr_headers_install_mark: .config_mark
rm -rf '$(PKG_DIR)'
mkdir -p '$(PKG_DIR)'
$(MAKE) -C $(KERNEL_SRC) headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
rm -rf $(OUT_DIR)/include/drm $(OUT_DIR)/include/scsi
find $(OUT_DIR)/include \( -name .install -o -name ..install.cmd \) -execdir rm {} +
# Move include/asm to arch-specific directory
mkdir -p $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)
mv $(OUT_DIR)/include/asm $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/
test ! -d $(OUT_DIR)/include/arch || \
mv $(OUT_DIR)/include/arch $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/
touch $@
.modules_compile_mark: $(MODULES)/zfs.ko
touch $@
$(MODULES)/zfs.ko: .compile_mark
cd $(MODULES)/$(ZFSDIR); ./autogen.sh
cd $(MODULES)/$(ZFSDIR); ./configure --with-config=kernel --with-linux=$(BUILD_DIR)/$(KERNEL_SRC) --with-linux-obj=$(BUILD_DIR)/$(KERNEL_SRC)
$(MAKE) -C $(MODULES)/$(ZFSDIR)
cp $(MODULES)/$(ZFSDIR)/module/zfs.ko $(MODULES)/
cp $(MODULES)/$(ZFSDIR)/module/spl.ko $(MODULES)/
fwlist-$(KVNAME): .compile_mark .modules_compile_mark
debian/scripts/find-firmware.pl debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp
mv fwlist.tmp $@
.PHONY: fwcheck
fwcheck: fwlist-$(KVNAME) fwlist-previous
@echo "checking fwlist for changes since last built firmware package.."
@echo "if this check fails, add fwlist-$(KVNAME) to the pve-firmware repository and upload a new firmware package together with the $(KVNAME) kernel"
sort fwlist-previous | uniq > fwlist-previous.sorted
sort fwlist-$(KVNAME) | uniq > fwlist-$(KVNAME).sorted
diff -up -N fwlist-previous.sorted fwlist-$(KVNAME).sorted > fwlist.diff
rm fwlist.diff fwlist-previous.sorted fwlist-$(KVNAME).sorted
@echo "done, no need to rebuild pve-firmware"
abi-$(KVNAME): .compile_mark
debian/scripts/abi-generate debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME)
.PHONY: abicheck
abicheck: debian/scripts/abi-check abi-$(KVNAME) abi-prev-* abi-blacklist
debian/scripts/abi-check abi-$(KVNAME) abi-prev-* $(SKIPABI)
.PHONY: clean

5
debian/rules.d/amd64.mk vendored
View File

@ -1,5 +0,0 @@
KERNEL_BUILD_ARCH = x86
KERNEL_HEADER_ARCH = $(KERNEL_BUILD_ARCH)
KERNEL_BUILD_IMAGE = bzImage
KERNEL_IMAGE_PATH = arch/$(KERNEL_BUILD_ARCH)/boot/${KERNEL_BUILD_IMAGE}
KERNEL_INSTALL_FILE = vmlinuz

210
debian/scripts/abi-check vendored
View File

@ -1,210 +0,0 @@
#!/usr/bin/perl
use strict;
use warnings;
my $abinew = shift;
my $abiold = shift;
my $skipabi = shift;
# to catch multiple abi-prev-* files being passed in
die "invalid value '$skipabi' for skipabi parameter\n" if defined($skipabi) && $skipabi !~ /^[01]$/;
$abinew =~ /abi-(.*)/;
my $abistr = $1;
$abiold =~ /abi-prev-(.*)/;
my $prev_abistr = $1;
my $fail_exit = 1;
my $EE = "EE:";
my $errors = 0;
my $abiskip = 0;
my $count;
print "II: Checking ABI...\n";
if ($skipabi) {
print "WW: Explicitly asked to ignore ABI, running in no-fail mode\n";
$fail_exit = 0;
$abiskip = 1;
$EE = "WW:";
}
if ($prev_abistr ne $abistr) {
print "II: Different ABI's, running in no-fail mode\n";
$fail_exit = 0;
$EE = "WW:";
}
if (not -f "$abinew" or not -f "$abiold") {
print "EE: Previous or current ABI file missing!\n";
print " $abinew\n" if not -f "$abinew";
print " $abiold\n" if not -f "$abiold";
# Exit if the ABI files are missing, but return status based on whether
# skip ABI was indicated.
if ("$abiskip" eq "1") {
exit(0);
} else {
exit(1);
}
}
my %symbols;
my %symbols_ignore;
my %modules_ignore;
my %module_syms;
# See if we have any ignores
my $ignore = 0;
print " Reading symbols/modules to ignore...";
for my $file ("abi-blacklist") {
next if !-f $file;
open(my $IGNORE_FH, '<', $file) or die "Could not open $file - $!";
while (<$IGNORE_FH>) {
chomp;
if ($_ =~ m/M: (.*)/) {
$modules_ignore{$1} = 1;
} else {
$symbols_ignore{$_} = 1;
}
$ignore++;
}
close($IGNORE_FH);
}
print "read $ignore symbols/modules.\n";
sub is_ignored($$) {
my ($mod, $sym) = @_;
die "Missing module name in is_ignored()" if not defined($mod);
die "Missing symbol name in is_ignored()" if not defined($sym);
if (defined($symbols_ignore{$sym}) or defined($modules_ignore{$mod})) {
return 1;
}
return 0;
}
# Read new syms first
print " Reading new symbols ($abistr)...";
$count = 0;
open(my $NEW_FH, '<', $abinew) or die "Could not open $abinew - $!";
while (<$NEW_FH>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'type'} = $1;
$symbols{$4}{'loc'} = $2;
$symbols{$4}{'hash'} = $3;
$module_syms{$2} = 0;
$count++;
}
close($NEW_FH);
print "read $count symbols.\n";
# Now the old symbols, checking for missing ones
print " Reading old symbols...";
$count = 0;
open(my $OLD_FH, '<', $abiold) or die "Could not open $abiold - $!";
while (<$OLD_FH>) {
chomp;
m/^(\S+)\s(.+)\s(0x[0-9a-f]+)\s(.+)$/;
$symbols{$4}{'old_type'} = $1;
$symbols{$4}{'old_loc'} = $2;
$symbols{$4}{'old_hash'} = $3;
$count++;
}
close($OLD_FH);
print "read $count symbols.\n";
print "II: Checking for missing symbols in new ABI...";
$count = 0;
for my $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'type'})) {
print "\n" if not $count;
printf(" MISS : %s%s\n", $sym, is_ignored($symbols{$sym}{'old_loc'}, $sym) ? " (ignored)" : "");
$count++ if !is_ignored($symbols{$sym}{'old_loc'}, $sym);
}
}
print " " if $count;
print "found $count missing symbols\n";
if ($count) {
print "$EE Symbols gone missing (what did you do!?!)\n";
$errors++;
}
print "II: Checking for new symbols in new ABI...";
$count = 0;
for my $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'})) {
print "\n" if not $count;
print " NEW : $sym\n";
$count++;
}
}
print " " if $count;
print "found $count new symbols\n";
if ($count) {
print "WW: Found new symbols. Not recommended unless ABI was bumped\n";
}
print "II: Checking for changes to ABI...\n";
$count = 0;
my $moved = 0;
my $changed_type = 0;
my $changed_hash = 0;
for my $sym (keys(%symbols)) {
if (!defined($symbols{$sym}{'old_type'}) or !defined($symbols{$sym}{'type'})) {
next;
}
# Changes in location don't hurt us, but log it anyway
if ($symbols{$sym}{'loc'} ne $symbols{$sym}{'old_loc'}) {
printf(" MOVE : %-40s : %s => %s\n", $sym, $symbols{$sym}{'old_loc'}, $symbols{$sym}{'loc'});
$moved++;
}
# Changes to export type are only bad if new type isn't
# EXPORT_SYMBOL. Changing things to GPL are bad.
if ($symbols{$sym}{'type'} ne $symbols{$sym}{'old_type'}) {
printf(" TYPE : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_type'}.
$symbols{$sym}{'type'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_type++ if $symbols{$sym}{'type'} ne "EXPORT_SYMBOL" and !is_ignored($symbols{$sym}{'loc'}, $sym);
}
# Changes to the hash are always bad
if ($symbols{$sym}{'hash'} ne $symbols{$sym}{'old_hash'}) {
printf(" HASH : %-40s : %s => %s%s\n", $sym, $symbols{$sym}{'old_hash'},
$symbols{$sym}{'hash'}, is_ignored($symbols{$sym}{'loc'}, $sym)
? " (ignored)" : "");
$changed_hash++ if !is_ignored($symbols{$sym}{'loc'}, $sym);
$module_syms{$symbols{$sym}{'loc'}}++;
}
}
print "WW: $moved symbols changed location\n" if $moved;
print "$EE $changed_type symbols changed export type and weren't ignored\n" if $changed_type;
print "$EE $changed_hash symbols changed hash and weren't ignored\n" if $changed_hash;
$errors++ if $changed_hash or $changed_type;
if ($changed_hash) {
print "II: Module hash change summary...\n";
for my $mod (sort { $module_syms{$b} <=> $module_syms{$a} } keys %module_syms) {
next if ! $module_syms{$mod};
printf(" %-40s: %d\n", $mod, $module_syms{$mod});
}
}
print "II: Done\n";
if ($errors) {
exit($fail_exit);
} else {
exit(0);
}

45
debian/scripts/abi-generate vendored
View File

@ -1,45 +0,0 @@
#!/usr/bin/perl
use strict;
use warnings;
use PVE::Tools ();
use IO::File ();
sub usage {
die "USAGE: $0 INFILE OUTFILE [ABI INFILE-IS-DEB]\n";
}
my $input_file = shift // usage();
my $output_file = shift // usage();
my $abi = shift;
my $extract_deb = shift;
die "input file '$input_file' does not exist\n" if ! -e $input_file;
my $modules_symver_fh;
if ($extract_deb) {
usage() if !defined($abi);
my $cmd = [];
push @$cmd, ['dpkg', '--fsys-tarfile', $input_file];
push @$cmd, ['tar', '-xOf', '-', "./usr/src/linux-headers-${abi}/Module.symvers"];
$modules_symver_fh = IO::File->new_tmpfile();
PVE::Tools::run_command($cmd, output => '>&'.fileno($modules_symver_fh));
seek($modules_symver_fh, 0, 0);
} else {
open($modules_symver_fh, '<', $input_file) or die "can't open '$input_file' - $!\n";
}
my $lines = [];
while(my $line = <$modules_symver_fh>) {
if ($line =~ /^(.+)\s+(.+)\s+(.+)$/) {
push @$lines, "$3 $2 $1";
} else {
warn "malformed symvers line: '$line'\n";
}
}
close($modules_symver_fh);
PVE::Tools::file_set_contents($output_file, join("\n", sort @$lines));

34
debian/scripts/export-patchqueue vendored
View File

@ -1,34 +0,0 @@
#!/bin/bash
set -e
top=$(pwd)
if [ "$#" -ne 3 ]; then
echo "USAGE: $0 repo patchdir ref"
printf "\t exports patches from 'repo' to 'patchdir' based on 'ref'\n"
exit 1
fi
# parameters
kernel_submodule=$1
kernel_patchdir=$2
base_ref=$3
cd "${kernel_submodule}"
echo "clearing old exported patchqueue"
rm -f "${top}/${kernel_patchdir}"/*.patch
echo "exporting patchqueue using 'git format-patch [...] ${base_ref}.."
git format-patch \
--quiet \
--no-numbered \
--no-cover-letter \
--zero-commit \
--no-signature \
--diff-algorithm=myers \
--output-directory="${top}/${kernel_patchdir}" \
"${base_ref}.."
git checkout "${base_ref}"
cd "${top}"

33
debian/scripts/find-firmware.pl vendored
View File

@ -1,33 +0,0 @@
#!/usr/bin/perl
use strict;
use warnings;
my $dir = shift;
die "no directory to scan" if !$dir;
die "no such directory" if ! -d $dir;
warn "\n\nNOTE: strange directory name: $dir\n\n" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve)(/+)?$|;
my $apiver = $2;
open(my $FIND_KO_FH, "find '$dir' -name '*.ko'|");
while (defined(my $fn = <$FIND_KO_FH>)) {
chomp $fn;
my $relfn = $fn;
$relfn =~ s|^$dir/*||;
my $cmd = "/sbin/modinfo -F firmware '$fn'";
open(my $MOD_FH, "$cmd|");
while (defined(my $fw = <$MOD_FH>)) {
chomp $fw;
print "$fw $relfn\n";
}
close($MOD_FH);
}
close($FIND_KO_FH);
exit 0;

29
debian/scripts/import-patchqueue vendored
View File

@ -1,29 +0,0 @@
#!/bin/bash
set -e
top=$(pwd)
if [[ "$#" -lt 2 || "$#" -gt 3 ]]; then
echo "USAGE: $0 repo patchdir [branch]"
echo "\t imports patches from 'patchdir' into patchqueue branch 'branch' in 'repo'"
exit 1
fi
# parameters
kernel_submodule=$1
kernel_patchdir=$2
if [[ -z "$3" ]]; then
pq_branch='pq'
else
pq_branch=$3
fi
cd "${kernel_submodule}"
echo "creating patchqeueue branch '${pq_branch}'"
git checkout -b "${pq_branch}"
echo "importing patches from '${kernel_patchdir}'"
git am "${top}/${kernel_patchdir}"/*.patch
cd "${top}"

119
debian/scripts/import-upstream-tag vendored
View File

@ -1,119 +0,0 @@
#!/bin/bash
set -e
top=$(pwd)
# parameters
kernel_submodule=
kernel_patchdir=
new_tag=
rebase=
# generated based on new_tag
pq_branch=
# previously checked out in submodule
old_ref=
function cleanup_pq_branch {
if [[ -n $pq_branch ]]; then
echo "cleaning up PQ branch '$pq_branch'"
cd "${top}/${kernel_submodule}"
git checkout --quiet $old_ref
git reset --hard
git branch -D "$pq_branch"
fi
}
function error_exit {
echo "$1"
set +e
cleanup_pq_branch
cd "${top}"
exit 1
}
if [[ "$#" -lt 3 || "$#" -gt 4 ]]; then
echo "USAGE: $0 submodule patchdir tag [rebase]"
echo "\t fetches and checks out 'tag' in 'submodule'"
echo "\t if 'rebase' is given, imports, rebases and exports patchqueue from 'patchdir' as well"
exit 1
fi
kernel_submodule=$1
if [ ! -d "${kernel_submodule}" ]; then
error_exit "'${kernel_submodule}' must be a directory!"
fi
kernel_patchdir=$2
if [ ! -d "${kernel_patchdir}" ]; then
error_exit "'${kernel_patchdir}' must be a directory!"
fi
new_tag=$3
rebase=$4
if [[ -n $(git status --untracked-files=no --porcelain) ]]; then
error_exit "working directory unclean, aborting"
fi
cd "${kernel_submodule}"
## check for tag and fetch if needed
echo "checking for tag '${new_tag}'"
if [[ -z $(git tag -l "${new_tag}") ]]; then
echo "tag not found, fetching and retrying"
git fetch --tags
fi
if [[ -z $(git tag -l "${new_tag}") ]]; then
error_exit "tag not found, aborting"
fi
echo "tag found"
cd "${top}"
if [[ -n "$rebase" ]]; then
echo ""
echo "automatic patchqueue rebase enabled"
cd "${kernel_submodule}"
## preparing patch queue branch
old_ref=$(git rev-parse HEAD)
pq_branch="auto_pq/${new_tag}"
cd "${top}"
echo "previous HEAD: ${old_ref}"
echo ""
"${top}/debian/scripts/import-patchqueue" "${kernel_submodule}" "${kernel_patchdir}" "${pq_branch}" || error_exit "failed to import patchqueue"
cd "${kernel_submodule}"
## rebase patches
echo ""
echo "rebasing patchqueue on top of '${new_tag}'"
git rebase "${new_tag}"
cd "${top}"
## regenerate exported patch queue
echo ""
"${top}/debian/scripts/export-patchqueue" "${kernel_submodule}" "${kernel_patchdir}" "${new_tag}" || error_exit "failed to export patchqueue"
cleanup_pq_branch
cd "${top}"
pq_branch=
fi
cd "${kernel_submodule}"
echo ""
echo "checking out '${new_tag}' in submodule"
git checkout --quiet "${new_tag}"
cd "${top}"
echo ""
echo "committing results"
git commit --verbose -s -m "update sources to ${new_tag}" -m "(generated with debian/scripts/import-upstream-tag)" "${kernel_submodule}"
if [[ -n "$rebase" ]]; then
git add "${kernel_patchdir}"
git commit --verbose -s -m "rebase patches on top of ${new_tag}" -m "(generated with debian/scripts/import-upstream-tag)" "${kernel_patchdir}"
fi

25
debian/signing-template/control.in vendored
View File

@ -1,25 +0,0 @@
Source: proxmox-kernel-signed-@KVMAJMIN@
Section: kernel
Priority: optional
Maintainer: Proxmox Support Team <support@proxmox.com>
Standards-Version: 4.2.0
Build-Depends: debhelper-compat (= 12), dh-exec, python3:any, rsync, sbsigntool, proxmox-kernel-@KVNAME@ (= @UNSIGNED_VERSION@)
Rules-Requires-Root: no
Vcs-Git: git://git.proxmox.com/git/pve-kernel
Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git
Package: proxmox-kernel-@KVNAME@-signed
Section: admin
Priority: optional
Architecture: any
Provides: linux-image-@KVNAME@-amd64, proxmox-kernel-@KVNAME@
Depends: ${unsigned:Depends}, ${misc:Depends}
Recommends: ${unsigned:Recommends}
Suggests: ${unsigned:Suggests}
Breaks: ${unsigned:Breaks}
Conflicts: proxmox-kernel-@KVNAME@
Replaces: proxmox-kernel-@KVNAME@
Description: ${unsigned:DescriptionShort} (signed)
${unsigned:DescriptionLong}
.
This package contains the kernel image signed by the Proxmox Secure Boot CA.

13
debian/signing-template/files.json.in vendored
View File

@ -1,13 +0,0 @@
{
"packages": {
"proxmox-kernel-@KVNAME@": {
"trusted_certs": [],
"files": [
{
"sig_type": "efi",
"file": "boot/vmlinuz-@KVNAME@"
}
]
}
}
}

58
debian/signing-template/rules.in vendored
View File

@ -1,58 +0,0 @@
#!/usr/bin/make -f
SHELL := bash -e
export DH_OPTIONS
include /usr/share/dpkg/architecture.mk
KERNEL_VERSION=@KVNAME@
IMAGE_PACKAGE_NAME=proxmox-kernel-$(KERNEL_VERSION)
PACKAGE_NAME=$(IMAGE_PACKAGE_NAME)-signed
PACKAGE_VERSION=@PKG_VERSION@
PACKAGE_DIR=debian/$(PACKAGE_NAME)
SIGNATURE_DIR=debian/signatures/${IMAGE_PACKAGE_NAME}
build: build-arch build-indep
build-arch:
build-indep:
clean:
dh_testdir
dh_clean
binary: binary-arch binary-indep
binary-arch:
dh_testdir
mkdir -p $(PACKAGE_DIR)/boot
rsync -a $(patsubst %,/boot/%-$(KERNEL_VERSION),config System.map vmlinuz) $(PACKAGE_DIR)/boot/
if [ -f $(SIGNATURE_DIR)/boot/vmlinuz-$(KERNEL_VERSION).sig ]; then \
sbattach --attach $(SIGNATURE_DIR)/boot/vmlinuz-$(KERNEL_VERSION).sig \
$(PACKAGE_DIR)/boot/vmlinuz-$(KERNEL_VERSION); \
else \
echo "No signature for image 'vmlinuz-$(KERNEL_VERSION)' found in '$(SIGNATURE_DIR)'"; \
false; \
fi
mkdir -p $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)
rsync -ar /lib/modules/$(KERNEL_VERSION)/ $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)/
mkdir -p $(PACKAGE_DIR)/lib/modprobe.d/
cp /lib/modprobe.d/blacklist_$(IMAGE_PACKAGE_NAME).conf $(PACKAGE_DIR)/lib/modprobe.d/
dh_install
dh_installchangelogs
dh_installdocs -A debian/copyright debian/SOURCE
dh_lintian
dh_compress
dh_fixperms
dh_installdeb
# Copy most package relations and description from unsigned package
for field in Depends Suggests Recommends Breaks; do \
echo >> debian/$(PACKAGE_NAME).substvars "unsigned:$$field=$$(dpkg-query -f '$${'$$field'}' -W $(IMAGE_PACKAGE_NAME))"; \
done
echo >> debian/$(PACKAGE_NAME).substvars "unsigned:DescriptionShort=$$(dpkg-query -f '$${Description}' -W $(IMAGE_PACKAGE_NAME) | head -n 1)"
echo >> debian/$(PACKAGE_NAME).substvars "unsigned:DescriptionLong=$$(dpkg-query -f '$${Description}' -W $(IMAGE_PACKAGE_NAME) | tail -n +2 | sed -rz 's/\$$/$${}/g; s/^ //; s/\n \.?/$${Newline}/g')"
dh_gencontrol -- -v$(PACKAGE_VERSION)
dh_md5sums
dh_builddeb
binary-indep:
.PHONY: build build-arch build-indep clean binary binary-arch binary-indep

1
debian/signing-template/source/format vendored
View File

@ -1 +0,0 @@
3.0 (native)

2
debian/source/lintian-overrides vendored
View File

@ -1,2 +0,0 @@
debian-control-has-dbgsym-package (in section for proxmox-kernel-*-pve-dbgsym) Package [debian/control:*]
license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections <fdl-invariant>` being list their titles, with the :ref:`front-cover texts <fdl-cover-texts>` being list, and with the :ref:`back-cover texts <fdl-cover-texts>` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst]

BIN
e1000e-3.3.5.3.tar.gz Normal file
View File

Binary file not shown.

81
e1000e_4.10_compat.patch Normal file
View File

@ -0,0 +1,81 @@
src/{netdev.c.orig => netdev.c} | 18 +++++++++---------
src/{ptp.c.orig => ptp.c} | 4 ++--
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/netdev.c.orig b/src/netdev.c
index 73b0f9a..480265b 100644
--- a/src/netdev.c.orig
+++ b/src/netdev.c
@@ -4833,24 +4833,24 @@ void e1000e_reinit_locked(struct e1000_adapter *adapter)
/**
* e1000e_sanitize_systim - sanitize raw cycle counter reads
* @hw: pointer to the HW structure
- * @systim: cycle_t value read, sanitized and returned
+ * @systim: u64 value read, sanitized and returned
*
* Errata for 82574/82583 possible bad bits read from SYSTIMH/L:
* check to see that the time is incrementing at a reasonable
* rate and is a multiple of incvalue.
**/
-static cycle_t e1000e_sanitize_systim(struct e1000_hw *hw, cycle_t systim)
+static u64 e1000e_sanitize_systim(struct e1000_hw *hw, u64 systim)
{
u64 time_delta, rem, temp;
- cycle_t systim_next;
+ u64 systim_next;
u32 incvalue;
int i;
incvalue = er32(TIMINCA) & E1000_TIMINCA_INCVALUE_MASK;
for (i = 0; i < E1000_MAX_82574_SYSTIM_REREADS; i++) {
/* latch SYSTIMH on read of SYSTIML */
- systim_next = (cycle_t)er32(SYSTIML);
- systim_next |= (cycle_t)er32(SYSTIMH) << 32;
+ systim_next = (u64)er32(SYSTIML);
+ systim_next |= (u64)er32(SYSTIMH) << 32;
time_delta = systim_next - systim;
temp = time_delta;
@@ -4872,13 +4872,13 @@ static cycle_t e1000e_sanitize_systim(struct e1000_hw *hw, cycle_t systim)
* e1000e_cyclecounter_read - read raw cycle counter (used by time counter)
* @cc: cyclecounter structure
**/
-static cycle_t e1000e_cyclecounter_read(const struct cyclecounter *cc)
+static u64 e1000e_cyclecounter_read(const struct cyclecounter *cc)
{
struct e1000_adapter *adapter = container_of(cc, struct e1000_adapter,
cc);
struct e1000_hw *hw = &adapter->hw;
u32 systimel, systimeh;
- cycle_t systim;
+ u64 systim;
/* SYSTIMH latching upon SYSTIML read does not work well.
* This means that if SYSTIML overflows after we read it but before
* we read SYSTIMH, the value of SYSTIMH has been incremented and we
@@ -4899,8 +4899,8 @@ static cycle_t e1000e_cyclecounter_read(const struct cyclecounter *cc)
systimel = systimel_2;
}
}
- systim = (cycle_t)systimel;
- systim |= (cycle_t)systimeh << 32;
+ systim = (u64)systimel;
+ systim |= (u64)systimeh << 32;
if (adapter->flags2 & FLAG2_CHECK_SYSTIM_OVERFLOW)
systim = e1000e_sanitize_systim(hw, systim);
diff --git a/src/ptp.c.orig b/src/ptp.c
index 00c419f..228adce 100644
--- a/src/ptp.c.orig
+++ b/src/ptp.c
@@ -136,8 +136,8 @@ static int e1000e_phc_get_syncdevicetime(ktime_t * device,
unsigned long flags;
int i;
u32 tsync_ctrl;
- cycle_t dev_cycles;
- cycle_t sys_cycles;
+ u64 dev_cycles;
+ u64 sys_cycles;
tsync_ctrl = er32(TSYNCTXCTL);
tsync_ctrl |= E1000_TSYNCTXCTL_START_SYNC |

37
e1000e_4.10_max-mtu.patch Normal file
View File

@ -0,0 +1,37 @@
diff --git a/src/netdev.c b/src/netdev.c
index 73b0f9a..aef1bc2 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -6724,19 +6724,12 @@ static int e1000_change_mtu(struct net_device *netdev, int new_mtu)
int max_frame = new_mtu + VLAN_ETH_HLEN + ETH_FCS_LEN;
/* Jumbo frame support */
- if ((max_frame > (VLAN_ETH_FRAME_LEN + ETH_FCS_LEN)) &&
+ if ((new_mtu > ETH_DATA_LEN) &&
!(adapter->flags & FLAG_HAS_JUMBO_FRAMES)) {
e_err("Jumbo Frames not supported.\n");
return -EINVAL;
}
- /* Supported frame sizes */
- if ((new_mtu < (VLAN_ETH_ZLEN + ETH_FCS_LEN)) ||
- (max_frame > adapter->max_hw_frame_size)) {
- e_err("Unsupported MTU setting\n");
- return -EINVAL;
- }
-
/* Jumbo frame workaround on 82579 and newer requires CRC be stripped */
if ((adapter->hw.mac.type >= e1000_pch2lan) &&
!(adapter->flags2 & FLAG2_CRC_STRIPPING) &&
@@ -8262,6 +8255,11 @@ static int e1000_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
#endif /* HAVE_NETDEV_VLAN_FEATURES */
}
+ /* MTU range: 68 - max_hw_frame_size */
+ netdev->min_mtu = ETH_MIN_MTU;
+ netdev->max_mtu = adapter->max_hw_frame_size -
+ (VLAN_ETH_HLEN + ETH_FCS_LEN);
+
if (e1000e_enable_mng_pass_thru(&adapter->hw))
adapter->flags |= FLAG_MNG_PT_ENABLED;

32
find-firmware.pl Executable file
View File

@ -0,0 +1,32 @@
#!/usr/bin/perl -w
use strict;
my $dir = shift;
die "no directory to scan" if !$dir;
die "no such directory" if ! -d $dir;
die "strange directory name" if $dir !~ m|^(.*/)?(4.10.\d+\-\d+\-pve)(/+)?$|;
my $apiver = $2;
open(TMP, "find '$dir' -name '*.ko'|");
while (defined(my $fn = <TMP>)) {
chomp $fn;
my $relfn = $fn;
$relfn =~ s|^$dir/*||;
my $cmd = "/sbin/modinfo -F firmware '$fn'";
open(MOD, "$cmd|");
while (defined(my $fw = <MOD>)) {
chomp $fw;
print "$fw $relfn\n";
}
close(MOD);
}
close TMP;
exit 0;

3407
fwlist-previous
View File

File diff suppressed because it is too large Load Diff

10
headers-control.in Normal file
View File

@ -0,0 +1,10 @@
Package: pve-headers-@KVNAME@
Version: @KERNEL_VER@-@PKGREL@
Section: devel
Priority: optional
Architecture: @ARCH@
Provides: linux-headers, linux-headers-2.6
Depends: coreutils | fileutils (>= 4.0)
Maintainer: Proxmox Support Team <support@proxmox.com>
Description: The Proxmox PVE Kernel Headers
This package contains the linux kernel headers

0
debian/proxmox-headers.postinst.in → headers-postinst.in
View File

BIN
igb-5.3.5.4.tar.gz Normal file
View File

Binary file not shown.

25
igb_4.10_compat.patch Normal file
View File

@ -0,0 +1,25 @@
src/{igb_ptp.c.orig => igb_ptp.c} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/igb_ptp.c.orig b/src/igb_ptp.c
index 744fa65..f334ac7 100644
--- a/src/igb_ptp.c.orig
+++ b/src/igb_ptp.c
@@ -93,7 +93,7 @@
* SYSTIM read access for the 82576
*/
-static cycle_t igb_ptp_read_82576(const struct cyclecounter *cc)
+static u64 igb_ptp_read_82576(const struct cyclecounter *cc)
{
struct igb_adapter *igb = container_of(cc, struct igb_adapter, cc);
struct e1000_hw *hw = &igb->hw;
@@ -113,7 +113,7 @@ static cycle_t igb_ptp_read_82576(const struct cyclecounter *cc)
* SYSTIM read access for the 82580
*/
-static cycle_t igb_ptp_read_82580(const struct cyclecounter *cc)
+static u64 igb_ptp_read_82580(const struct cyclecounter *cc)
{
struct igb_adapter *igb = container_of(cc, struct igb_adapter, cc);
struct e1000_hw *hw = &igb->hw;

47
igb_4.10_max-mtu.patch Normal file
View File

@ -0,0 +1,47 @@
diff --git a/src/e1000_defines.h b/src/e1000_defines.h
index 6de3988..d58e12f 100644
--- a/src/e1000_defines.h
+++ b/src/e1000_defines.h
@@ -423,7 +423,8 @@
#define ETHERNET_IEEE_VLAN_TYPE 0x8100 /* 802.3ac packet */
#define ETHERNET_FCS_SIZE 4
-#define MAX_JUMBO_FRAME_SIZE 0x3F00
+#define MAX_JUMBO_FRAME_SIZE 0x2600
+#define MAX_STD_JUMBO_FRAME_SIZE 9216
/* The datasheet maximum supported RX size is 9.5KB (9728 bytes) */
#define MAX_RX_JUMBO_FRAME_SIZE 0x2600
#define E1000_TX_PTR_GAP 0x1F
diff --git a/src/igb_main.c b/src/igb_main.c
index 2dff0f4..bbfe87e 100644
--- a/src/igb_main.c
+++ b/src/igb_main.c
@@ -2852,6 +2852,10 @@ static int igb_probe(struct pci_dev *pdev,
if (pci_using_dac)
netdev->features |= NETIF_F_HIGHDMA;
+ /* MTU range: 68 - 9216 */
+ netdev->min_mtu = ETH_MIN_MTU;
+ netdev->max_mtu = MAX_STD_JUMBO_FRAME_SIZE;
+
adapter->en_mng_pt = e1000_enable_mng_pass_thru(hw);
#ifdef DEBUG
if (adapter->dmac != IGB_DMAC_DISABLE)
@@ -5832,17 +5836,6 @@ static int igb_change_mtu(struct net_device *netdev, int new_mtu)
struct pci_dev *pdev = adapter->pdev;
int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN + VLAN_HLEN;
- if ((new_mtu < 68) || (max_frame > MAX_JUMBO_FRAME_SIZE)) {
- dev_err(pci_dev_to_dev(pdev), "Invalid MTU setting\n");
- return -EINVAL;
- }
-
-#define MAX_STD_JUMBO_FRAME_SIZE 9238
- if (max_frame > MAX_STD_JUMBO_FRAME_SIZE) {
- dev_err(pci_dev_to_dev(pdev), "MTU > 9216 not supported.\n");
- return -EINVAL;
- }
-
/* adjust max frame to be at least the size of a standard frame */
if (max_frame < (ETH_FRAME_LEN + ETH_FCS_LEN))
max_frame = ETH_FRAME_LEN + ETH_FCS_LEN;

95
igb_4.9_compat.patch Normal file
View File

@ -0,0 +1,95 @@
From 6445198f802d993c73f4b246353b2ceb2dfafc32 Mon Sep 17 00:00:00 2001
From: Ferruh Yigit <ferruh.yigit@intel.com>
Date: Mon, 17 Oct 2016 11:23:14 +0100
Subject: kni: fix build with kernel 4.9
compile error:
CC [M] .../lib/librte_eal/linuxapp/kni/igb_main.o
.../lib/librte_eal/linuxapp/kni/igb_main.c:2317:21:
error: initialization from incompatible pointer type
[-Werror=incompatible-pointer-types]
.ndo_set_vf_vlan = igb_ndo_set_vf_vlan,
^~~~~~~~~~~~~~~~~~~
Linux kernel 4.9 updates API for ndo_set_vf_vlan:
Linux: 79aab093a0b5 ("net: Update API for VF vlan protocol 802.1ad support")
Use new API for Linux kernels >= 4.9
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Tested-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
src/igb_main.c | 19 +++++++++++++++++++
src/kcompat.h | 4 ++++
2 files changed, 23 insertions(+)
diff --git a/src/igb_main.c b/src/igb_main.c
index 23e2d64..f4dca5a 100644
--- a/src/igb_main.c
+++ b/src/igb_main.c
@@ -195,7 +195,11 @@ static void igb_process_mdd_event(struct igb_adapter *);
#ifdef IFLA_VF_MAX
static int igb_ndo_set_vf_mac( struct net_device *netdev, int vf, u8 *mac);
static int igb_ndo_set_vf_vlan(struct net_device *netdev,
+#ifdef HAVE_VF_VLAN_PROTO
+ int vf, u16 vlan, u8 qos, __be16 vlan_proto);
+#else
int vf, u16 vlan, u8 qos);
+#endif
#ifdef HAVE_VF_SPOOFCHK_CONFIGURE
static int igb_ndo_set_vf_spoofchk(struct net_device *netdev, int vf,
bool setting);
@@ -6412,7 +6416,11 @@ static void igb_set_vmvir(struct igb_adapter *adapter, u32 vid, u32 vf)
}
static int igb_ndo_set_vf_vlan(struct net_device *netdev,
+#ifdef HAVE_VF_VLAN_PROTO
+ int vf, u16 vlan, u8 qos, __be16 vlan_proto)
+#else
int vf, u16 vlan, u8 qos)
+#endif
{
int err = 0;
struct igb_adapter *adapter = netdev_priv(netdev);
@@ -6420,6 +6428,12 @@ static int igb_ndo_set_vf_vlan(struct net_device *netdev,
/* VLAN IDs accepted range 0-4094 */
if ((vf >= adapter->vfs_allocated_count) || (vlan > VLAN_VID_MASK-1) || (qos > 7))
return -EINVAL;
+
+#ifdef HAVE_VF_VLAN_PROTO
+ if (vlan_proto != htons(ETH_P_8021Q))
+ return -EPROTONOSUPPORT;
+#endif
+
if (vlan || qos) {
err = igb_vlvf_set(adapter, vlan, !!vlan, vf);
if (err)
@@ -6580,7 +6594,12 @@ static inline void igb_vf_reset(struct igb_adapter *adapter, u32 vf)
if (adapter->vf_data[vf].pf_vlan)
igb_ndo_set_vf_vlan(adapter->netdev, vf,
adapter->vf_data[vf].pf_vlan,
+#ifdef HAVE_VF_VLAN_PROTO
+ adapter->vf_data[vf].pf_qos,
+ htons(ETH_P_8021Q));
+#else
adapter->vf_data[vf].pf_qos);
+#endif
else
igb_clear_vf_vfta(adapter, vf);
#endif
diff --git a/src/kcompat.h b/src/kcompat.h
index 69e0e7a..84826b2 100644
--- a/src/kcompat.h
+++ b/src/kcompat.h
@@ -3929,4 +3929,8 @@ skb_set_hash(struct sk_buff *skb, __u32 hash, __always_unused int type)
#define vlan_tx_tag_present skb_vlan_tag_present
#endif
+#if ( LINUX_VERSION_CODE >= KERNEL_VERSION(4,9,0) )
+#define HAVE_VF_VLAN_PROTO
+#endif /* >= 4.9.0 */
+
#endif /* _KCOMPAT_H_ */
--
cgit v1.0

18
intel-module-gcc6-compat.patch Normal file
View File

@ -0,0 +1,18 @@
diff --git a/src/Makefile.orig b/src/Makefile
index 8e962f7..50bcdcc 100644
--- a/src/Makefile.orig
+++ b/src/Makefile
@@ -123,6 +123,13 @@ ifeq (,$(CC))
$(error Compiler not found)
endif
+# workaround for GCC6's default PIE
+ifeq ($(CC),gcc)
+ PIE_TEST = [ -z "`$(CC) -fno-PIE -no-pie -x c -c /dev/null -o /dev/null 2>&1`" ]
+ PIE_FLAGS := $(shell $(PIE_TEST) && echo '-fno-PIE -no-pie')
+ EXTRA_CFLAGS += $(PIE_FLAGS)
+endif
+
# we need to know what platform the driver is being built on
# some additional features are only built on Intel platforms
ARCH := $(shell uname -m | sed 's/i.86/i386/')

BIN
ixgbe-5.0.4.tar.gz Normal file
View File

Binary file not shown.

25
ixgbe_4.10_compat.patch Normal file
View File

@ -0,0 +1,25 @@
src/{ixgbe_ptp.c.orig => ixgbe_ptp.c} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/ixgbe_ptp.c.orig b/src/ixgbe_ptp.c
index fb832f0..b868c68 100644
--- a/src/ixgbe_ptp.c.orig
+++ b/src/ixgbe_ptp.c
@@ -244,7 +244,7 @@ static void ixgbe_ptp_setup_sdp_X540(struct ixgbe_adapter *adapter)
* result of SYSTIME is 32bits of "billions of cycles" and 32 bits of
* "cycles", rather than seconds and nanoseconds.
*/
-static cycle_t ixgbe_ptp_read_X550(const struct cyclecounter *hw_cc) {
+static u64 ixgbe_ptp_read_X550(const struct cyclecounter *hw_cc) {
struct ixgbe_adapter *adapter =
container_of(hw_cc, struct ixgbe_adapter, hw_cc);
struct ixgbe_hw *hw = &adapter->hw;
@@ -280,7 +280,7 @@ static cycle_t ixgbe_ptp_read_X550(const struct cyclecounter *hw_cc) {
* cyclecounter structure used to construct a ns counter from the
* arbitrary fixed point registers
*/
-static cycle_t ixgbe_ptp_read_82599(const struct cyclecounter *hw_cc)
+static u64 ixgbe_ptp_read_82599(const struct cyclecounter *hw_cc)
{
struct ixgbe_adapter *adapter =
container_of(hw_cc, struct ixgbe_adapter, hw_cc);

37
ixgbe_4.10_max-mtu.patch Normal file
View File

@ -0,0 +1,37 @@
diff --git a/src/ixgbe_main.c b/src/ixgbe_main.c
index 83c6250..fe226cd 100644
--- a/src/ixgbe_main.c
+++ b/src/ixgbe_main.c
@@ -6379,11 +6379,6 @@ static void ixgbe_free_all_rx_resources(struct ixgbe_adapter *adapter)
static int ixgbe_change_mtu(struct net_device *netdev, int new_mtu)
{
struct ixgbe_adapter *adapter = netdev_priv(netdev);
- int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN;
-
- /* MTU < 68 is an error and causes problems on some kernels */
- if ((new_mtu < 68) || (max_frame > IXGBE_MAX_JUMBO_FRAME_SIZE))
- return -EINVAL;
/*
* For 82599EB we cannot allow legacy VFs to enable their receive
@@ -6392,7 +6387,7 @@ static int ixgbe_change_mtu(struct net_device *netdev, int new_mtu)
*/
if ((adapter->flags & IXGBE_FLAG_SRIOV_ENABLED) &&
(adapter->hw.mac.type == ixgbe_mac_82599EB) &&
- (max_frame > (ETH_FRAME_LEN + ETH_FCS_LEN)))
+ (new_mtu > ETH_DATA_LEN))
e_warn(probe, "Setting MTU > 1500 will disable legacy VFs\n");
e_info(probe, "changing MTU from %d to %d\n", netdev->mtu, new_mtu);
@@ -10134,6 +10129,11 @@ static int __devinit ixgbe_probe(struct pci_dev *pdev,
#ifdef IFF_SUPP_NOFCS
netdev->priv_flags |= IFF_SUPP_NOFCS;
#endif
+
+ /* MTU range: 68 - 9710 */
+ netdev->min_mtu = ETH_MIN_MTU;
+ netdev->max_mtu = IXGBE_MAX_JUMBO_FRAME_SIZE - (ETH_HLEN + ETH_FCS_LEN);
+
#if IS_ENABLED(CONFIG_DCB)
if (adapter->flags & IXGBE_FLAG_DCB_CAPABLE)
netdev->dcbnl_ops = &dcbnl_ops;

12
kvm-dynamic-halt-polling-disable-default.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
--- a/virt/kvm/kvm_main.c 2016-05-12 10:39:37.540387127 +0200
+++ b/virt/kvm/kvm_main.c 2016-05-04 10:43:38.063996221 +0200
@@ -75,7 +75,7 @@ static unsigned int halt_poll_ns = KVM_H
EXPORT_SYMBOL_GPL(halt_poll_ns);
/* Default doubles per-vcpu halt_poll_ns. */
-unsigned int halt_poll_ns_grow = 2;
+unsigned int halt_poll_ns_grow = 0;
module_param(halt_poll_ns_grow, uint, S_IRUGO | S_IWUSR);
EXPORT_SYMBOL_GPL(halt_poll_ns_grow);

89
patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch → override_for_missing_acs_capabilities.patch
View File

@ -1,15 +1,13 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 866f4c5de45ae13aa590de0d40819a0c38f3f682 Mon Sep 17 00:00:00 2001
From: Mark Weiman <mark.weiman@markzz.com>
Date: Wed, 7 Feb 2018 16:04:03 -0500
Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Date: Sun, 23 Oct 2016 12:57:37 -0400
Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.8+)
This an updated version of Alex Williamson's patch from:
https://lkml.org/lkml/2013/5/30/513
Original commit message follows:
---
PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
allows us to control whether transactions are allowed to be redirected
in various subnodes of a PCIe topology. For instance, if two
@ -47,39 +45,38 @@ specific devices which enforce isolation but not provide an ACS
capability. Please contact me to have your devices added and save
your customers the hassle of this boot option.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
---
.../admin-guide/kernel-parameters.txt | 9 ++
drivers/pci/quirks.c | 102 ++++++++++++++++++
2 files changed, 111 insertions(+)
Documentation/admin-guide/kernel-parameters.txt | 9 ++++
drivers/pci/quirks.c | 101 ++++++++++++++++++++++++++++++++++++
2 files changed, 110 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 4272acb3d047..d18cc2c1f9c3 100644
index a4f4d69..d68cfab 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4400,6 +4400,15 @@
Also, it enforces the PCI Local Bus spec
rule that those bits should be 0 in system reset
events (useful for kexec/kdump cases).
@@ -2928,6 +2928,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
nomsi [MSI] If the PCI_MSI kernel config parameter is
enabled, this kernel boot option can be used to
disable the use of MSI interrupts system-wide.
+ pci_acs_override =
+ [PCIE] Override missing PCIe ACS support for:
+ [PCIE] Override missing PCIe ACS support for:
+ downstream
+ All downstream ports - full ACS capabilities
+ multifunction
+ Add multifunction devices - multifunction ACS subset
+ multfunction
+ All multifunction devices - multifunction ACS subset
+ id:nnnn:nnnn
+ Specific device - full ACS capabilities
+ Specfic device - full ACS capabilities
+ Specified as vid:did (vendor/device ID) in hex
noioapicquirk [APIC] Disable all boot interrupt quirks.
Safety option to keep boot IRQs enabled. This
should never be necessary.
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index ce469d84ebae..4f163ef55e7b 100644
index 44e0ff3..32016cb 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -287,6 +287,106 @@ static int __init pci_apply_final_quirks(void)
}
@@ -3487,6 +3487,106 @@ static int __init pci_apply_final_quirks(void)
fs_initcall_sync(pci_apply_final_quirks);
+static bool acs_on_downstream;
@ -122,6 +119,7 @@ index ce469d84ebae..4f163ef55e7b 100644
+ goto next;
+ }
+ acs_on_ids[max_acs_id].vendor = val;
+
+ p += strcspn(p, ":");
+ if (*p != ':') {
+ pr_warn("PCIe ACS invalid ID\n");
@ -166,31 +164,32 @@ index ce469d84ebae..4f163ef55e7b 100644
+ return 1;
+
+ switch (pci_pcie_type(dev)) {
+ case PCI_EXP_TYPE_DOWNSTREAM:
+ case PCI_EXP_TYPE_ROOT_PORT:
+ if (acs_on_downstream)
+ return 1;
+ break;
+ case PCI_EXP_TYPE_ENDPOINT:
+ case PCI_EXP_TYPE_UPSTREAM:
+ case PCI_EXP_TYPE_LEG_END:
+ case PCI_EXP_TYPE_RC_END:
+ if (acs_on_multifunction && dev->multifunction)
+ return 1;
+ case PCI_EXP_TYPE_DOWNSTREAM:
+ case PCI_EXP_TYPE_ROOT_PORT:
+ if (acs_on_downstream)
+ return 1;
+ break;
+ case PCI_EXP_TYPE_ENDPOINT:
+ case PCI_EXP_TYPE_UPSTREAM:
+ case PCI_EXP_TYPE_LEG_END:
+ case PCI_EXP_TYPE_RC_END:
+ if (acs_on_multifunction && dev->multifunction)
+ return 1;
+ }
+
+ return -ENOTTY;
+}
+
/*
* Decoding should be disabled for a PCI device during BAR sizing to avoid
* conflict. But doing so may cause problems on host bridge and perhaps other
@@ -5100,6 +5200,8 @@ static const struct pci_dev_acs_enabled {
{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
/* APM X-Gene */
{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
+ /* Enable overrides for missing ACS capabilities */
* Followings are device-specific reset methods which can be used to
* reset a single function if other methods (e.g. FLR, PM D0->D3) are
@@ -4160,6 +4260,7 @@ static const struct pci_dev_acs_enabled {
{ 0x10df, 0x720, pci_quirk_mf_endpoint_acs }, /* Emulex Skyhawk-R */
/* Cavium ThunderX */
{ PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
/* Ampere Computing */
{ PCI_VENDOR_ID_AMPERE, 0xE005, pci_quirk_xgene_acs },
{ PCI_VENDOR_ID_AMPERE, 0xE006, pci_quirk_xgene_acs },
{ 0 }
};
--
2.10.1

35
patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch
View File

@ -1,35 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 12 May 2015 19:29:22 +0100
Subject: [PATCH] Make mkcompile_h accept an alternate timestamp string
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.
Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
init/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init/Makefile b/init/Makefile
index cbac576c57d6..479b1253fcbe 100644
--- a/init/Makefile
+++ b/init/Makefile
@@ -29,7 +29,7 @@ preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC
preempt-flag-$(CONFIG_PREEMPT_RT) := PREEMPT_RT
build-version = $(or $(KBUILD_BUILD_VERSION), $(build-version-auto))
-build-timestamp = $(or $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
+build-timestamp = $(or $(KBUILD_BUILD_VERSION_TIMESTAMP), $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
# Maximum length of UTS_VERSION is 64 chars
filechk_uts_version = \

1451
patches/kernel/0002-wireless-Add-Debian-wireless-regdb-certificates.patch
View File

File diff suppressed because it is too large Load Diff

36
patches/kernel/0003-bridge-keep-MAC-of-first-assigned-port.patch
View File

@ -1,36 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Thu, 14 Sep 2017 11:02:18 +0200
Subject: [PATCH] bridge: keep MAC of first assigned port
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
original commit message:
Default bridge changes MAC dynamically using smallest MAC of all
connected ports (for no real reason). To avoid problems with ARP
we simply use the MAC of the first connected port.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
net/bridge/br_stp_if.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 75204d36d7f9..1fb5ff73ec1e 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -265,10 +265,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
return false;
list_for_each_entry(p, &br->port_list, list) {
- if (addr == br_mac_zero ||
- memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0)
- addr = p->dev->dev_addr;
-
+ addr = p->dev->dev_addr;
}
if (ether_addr_equal(br->bridge_id.addr, addr))

27
patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch
View File

@ -1,27 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Thu, 14 Sep 2017 11:09:58 +0200
Subject: [PATCH] kvm: disable default dynamic halt polling growth
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
virt/kvm/kvm_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 0f50960b0e3a..37f840f57f32 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);
EXPORT_SYMBOL_GPL(halt_poll_ns);
/* Default doubles per-vcpu halt_poll_ns. */
-unsigned int halt_poll_ns_grow = 2;
+unsigned int halt_poll_ns_grow = 0;
module_param(halt_poll_ns_grow, uint, 0644);
EXPORT_SYMBOL_GPL(halt_poll_ns_grow);

28
patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch
View File

@ -1,28 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Wed, 7 Oct 2020 17:18:28 +0200
Subject: [PATCH] net: core: downgrade unregister_netdevice refcount leak from
emergency to error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
net/core/dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index c365aa06f886..c9066a7aa4c5 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10470,7 +10470,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
if (time_after(jiffies, warning_time +
READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
list_for_each_entry(dev, list, todo_list) {
- pr_emerg("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
+ pr_err("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
dev->name, netdev_refcnt_read(dev));
ref_tracker_dir_print(&dev->refcnt_tracker, 10);
}

30
patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch
View File

@ -1,30 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 10 Jan 2023 08:52:40 +0100
Subject: [PATCH] Revert "fortify: Do not cast to "unsigned char""
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 106b7a61c488d2022f44e3531ce33461c7c0685f.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
include/linux/fortify-string.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index 89a6888f2f9e..66e0b60dcabb 100644
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
#define __compiletime_strlen(p) \
({ \
- char *__p = (char *)(p); \
+ unsigned char *__p = (unsigned char *)(p); \
size_t __ret = SIZE_MAX; \
const size_t __p_size = __member_size(p); \
if (__p_size != SIZE_MAX && \

133
patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch
View File

@ -1,133 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 14 Jul 2023 18:10:32 +0200
Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no
support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes live-migrations & snapshot-rollback of VMs with a restricted
CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox
VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0.
Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to
supported bits of XCR0") the PKRU bit of the host could leak into the
state from the guest, which caused trouble when migrating between
hosts with different CPUs, i.e., where the source supported it but
the target did not, causing a general protection fault when the guest
tried to use a pkru related instruction after the migration.
But the fix, while welcome, caused a temporary out-of-sync state when
migrating such a VM from a kernel without the fix to a kernel with
the fix, as it threw of KVM when the CPUID of the guest and most of
the state doesn't report XSAVE and thus any xfeatures, but PKRU and
the related state is set as enabled, causing the vCPU to spin at 100%
without any progress forever.
The fix could be at two sites, either in QEMU or in the kernel, I
choose the kernel as we have all the info there for a targeted
heuristic so that we don't have to adapt QEMU and qemu-server, the
latter even on both sides.
Still, a short summary of the possible fixes and short drawbacks:
* on QEMU-side either
- clear the PKRU state in the migration saved state would be rather
complicated to implement as the vCPU is initialised way before we
have the saved xfeature state available to check what we'd need
to do, plus the user-space only gets a memory blob from ioctl
KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are
no ABI guarantees, and while the struct seem stable for 5.15 to
6.5-rc1, that doesn't has to be for future kernels, so off the
table.
- enforce that the CPUID reports PKU support even if it normally
wouldn't. While this works (tested by hard-coding it as POC) it
is a) not really nice and b) needs some interaction from
qemu-server to enable this flag as otherwise we have no good info
to decide when it's OK to do this, which means we need to adapt
both PVE 7 and 8's qemu-server and also pve-qemu, workable but
not optimal
* on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to
the KVM subsystem, which already reduces chance of regression for
all other places. There we have access to the union/struct
definitions of the saved state and thus can savely cast to that.
We also got access to the vCPU's CPUID capabilities, meaning we can
check if the XCR0 (first XSAVE Control Register) reports
that it support the PKRU feature, and if it does *NOT* but the
saved xfeatures register from XSAVE *DOES* report it, we can safely
assume that this combination is due to an migration from an older,
leaky kernel and clear the bit in the xfeature register before
restoring it to the guest vCPU KVM state, avoiding the confusing
situation that made the vCPU spin at 100%.
This should be safe to do, as the guest vCPU CPUID never reported
support for the PKRU feature, and it's also a relatively niche and
newish feature.
If it gains us something we can drop this patch a bit in the future
Proxmox VE 9 major release, but we should ensure that VMs that where
started before PVE 8 cannot be directly live-migrated to the release
that includes that change; so we should rather only drop it if the
maintenance burden is high.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
arch/x86/kvm/cpuid.c | 6 ++++++
arch/x86/kvm/cpuid.h | 2 ++
arch/x86/kvm/x86.c | 13 +++++++++++++
3 files changed, 21 insertions(+)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 3a02276899db..e07a6089ba4b 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
}
+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) {
+ u64 guest_supported_xcr0 = cpuid_get_supported_xcr0(
+ vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent);
+ return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0;
+}
+
static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries,
int nent)
{
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index 23dbb9eb277c..07da153802e4 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
u32 *ecx, u32 *edx, bool exact_only);
+bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu);
+
u32 xstate_required_size(u64 xstate_bv, bool compacted);
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c84927216fad..880e2b87777e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
return 0;
+ if (!vcpu_supports_xsave_pkru(vcpu)) {
+ void *buf = guest_xsave->region;
+ union fpregs_state *ustate = buf;
+ if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
+ printk(
+ KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d"
+ " reports no PKRU support - migration from fpu-leaky kernel?",
+ current->pid
+ );
+ ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU;
+ }
+ }
+
return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu,
guest_xsave->region,
kvm_caps.supported_xcr0,

43
patches/kernel/0009-allow-opt-in-to-allow-pass-through-on-broken-hardwar.patch
View File

@ -1,43 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: kiler129 <grzegorz@noflash.pl>
Date: Mon, 18 Sep 2023 15:19:26 +0200
Subject: [PATCH] allow opt-in to allow pass-through on broken hardware..
adapted from https://github.com/kiler129/relax-intel-rmrr , licensed under MIT or GPL 2.0+
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
drivers/iommu/intel/iommu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index c4c6240d14f9..5e037a9ea6a6 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -234,6 +234,7 @@ static int dmar_map_gfx = 1;
static int dmar_map_ipu = 1;
static int intel_iommu_superpage = 1;
static int iommu_identity_mapping;
+static int intel_relaxable_rmrr = 0;
static int iommu_skip_te_disable;
#define IDENTMAP_GFX 2
@@ -296,6 +297,9 @@ static int __init intel_iommu_setup(char *str)
} else if (!strncmp(str, "tboot_noforce", 13)) {
pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
intel_iommu_tboot_noforce = 1;
+ } else if (!strncmp(str, "relax_rmrr", 10)) {
+ pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
+ intel_relaxable_rmrr = 1;
} else {
pr_notice("Unknown option - '%s'\n", str);
}
@@ -2470,7 +2474,7 @@ static bool device_rmrr_is_relaxable(struct device *dev)
return false;
pdev = to_pci_dev(dev);
- if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
+ if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
return true;
else
return false;

37
patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
View File

@ -1,37 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@google.com>
Date: Wed, 18 Oct 2023 12:41:04 -0700
Subject: [PATCH] KVM: nSVM: Advertise support for flush-by-ASID
Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
with a new, fresh ASID in vmcb02. Some modern hypervisors, e.g. VMWare
Workstation 17, require FLUSHBYASID support and will refuse to run if it's
not present.
Punt on proper support, as "Honor L1's request to flush an ASID on nested
VMRUN" is one of the TODO items in the (incomplete) list of issues that
need to be addressed in order for KVM to NOT do a full TLB flush on every
nested SVM transition (see nested_svm_transition_tlb_flush()).
Reported-by: Stefan Sterz <s.sterz@proxmox.com>
Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
arch/x86/kvm/svm/svm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index e90b429c84f1..5c7faf7c447f 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5085,6 +5085,7 @@ static __init void svm_set_cpu_caps(void)
if (nested) {
kvm_cpu_cap_set(X86_FEATURE_SVM);
kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
+ kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
/*
* KVM currently flushes TLBs on *every* nested SVM transition,

44
patches/kernel/0011-revert-memfd-improve-userspace-warnings-for-missing-.patch
View File

@ -1,44 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Mon, 6 Nov 2023 10:17:02 +0100
Subject: [PATCH] revert "memfd: improve userspace warnings for missing
exec-related flags".
This warning is telling userspace developers to pass MFD_EXEC and
MFD_NOEXEC_SEAL to memfd_create(). Commit 434ed3350f57 ("memfd: improve
userspace warnings for missing exec-related flags") made the warning more
frequent and visible in the hope that this would accelerate the fixing of
errant userspace.
But the overall effect is to generate far too much dmesg noise.
Fixes: 434ed3350f57 ("memfd: improve userspace warnings for missing exec-related flags")
Reported-by: Damian Tometzki <dtometzki@fedoraproject.org>
Closes: https://lkml.kernel.org/r/ZPFzCSIgZ4QuHsSC@fedora.fritz.box
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Daniel Verkamp <dverkamp@chromium.org>
Cc: Jeff Xu <jeffxu@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 2562d67b1bdf91c7395b0225d60fdeb26b4bc5a0)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
mm/memfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/memfd.c b/mm/memfd.c
index d3a1ba4208c9..6a9de5d9105e 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -282,7 +282,7 @@ static int check_sysctl_memfd_noexec(unsigned int *flags)
}
if (!(*flags & MFD_NOEXEC_SEAL) && sysctl >= MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED) {
- pr_err_ratelimited(
+ pr_warn_once(
"%s[%d]: memfd_create() requires MFD_NOEXEC_SEAL with vm.memfd_noexec=%d\n",
current->comm, task_pid_nr(current), sysctl);
return -EACCES;

31
patches/kernel/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
View File

@ -1,31 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 10 Apr 2024 13:21:59 +0200
Subject: [PATCH] apparmor: expect msg_namelen=0 for recvmsg calls
When coming from sys_recvmsg, msg->msg_namelen is explicitly set to
zero early on. (see ____sys_recvmsg in net/socket.c)
We still end up in 'map_addr' where the assumption is that addr !=
NULL means addrlen has a valid size.
This is likely not a final fix, it was suggested by jjohansen on irc
to get things going until this is resolved properly.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
security/apparmor/af_inet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c
index 57b710054a76..35f905d9b960 100644
--- a/security/apparmor/af_inet.c
+++ b/security/apparmor/af_inet.c
@@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock,
/* do we need early bailout for !family ... */
return sk_has_perm2(sock->sk, op, request, profile, ad,
map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad),
- map_addr(msg->msg_name, msg->msg_namelen, 0,
+ map_addr(msg->msg_namelen == 0 ? NULL : msg->msg_name, msg->msg_namelen, 0,
ADDR_REMOTE, &raddr, &ad),
profile_remote_perm(profile, sock->sk, request,
&raddr, &laddr.maddr, &ad));

79
patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
View File

@ -1,79 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Borislav Petkov (AMD)" <bp@alien8.de>
Date: Sun, 24 Mar 2024 20:51:35 +0100
Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
Disable XSAVES only on machines which haven't loaded the microcode
revision containing the erratum fix.
This will come in handy when running archaic OSes as guests. OSes whose
brilliant programmers thought that CPUID is overrated and one should not
query it but use features directly, ala shoot first, ask questions
later... but only if you're alive after the shooting.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
---
arch/x86/include/asm/cpu_device_id.h | 8 ++++++++
arch/x86/kernel/cpu/amd.c | 12 ++++++++++++
2 files changed, 20 insertions(+)
diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
index eb8fcede9e3b..bf4e065cf1e2 100644
--- a/arch/x86/include/asm/cpu_device_id.h
+++ b/arch/x86/include/asm/cpu_device_id.h
@@ -190,6 +190,14 @@ struct x86_cpu_desc {
.x86_microcode_rev = (revision), \
}
+#define AMD_CPU_DESC(fam, model, stepping, revision) { \
+ .x86_family = (fam), \
+ .x86_vendor = X86_VENDOR_AMD, \
+ .x86_model = (model), \
+ .x86_stepping = (stepping), \
+ .x86_microcode_rev = (revision), \
+}
+
extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index dfa8d0cf5e18..22a263b1a884 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -13,6 +13,7 @@
#include <asm/apic.h>
#include <asm/cacheinfo.h>
#include <asm/cpu.h>
+#include <asm/cpu_device_id.h>
#include <asm/spec-ctrl.h>
#include <asm/smp.h>
#include <asm/numa.h>
@@ -926,6 +927,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
clear_rdrand_cpuid_bit(c);
}
+static const struct x86_cpu_desc erratum_1386_microcode[] = {
+ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
+ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
+};
+
static void fix_erratum_1386(struct cpuinfo_x86 *c)
{
/*
@@ -935,7 +941,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
*
* Affected parts all have no supervisor XSAVE states, meaning that
* the XSAVEC instruction (which works fine) is equivalent.
+ *
+ * Clear the feature flag only on microcode revisions which
+ * don't have the fix.
*/
+ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
+ return;
+
clear_cpu_cap(c, X86_FEATURE_XSAVES);
}

64
patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch
View File

@ -1,64 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Chengming Zhou <chengming.zhou@linux.dev>
Date: Sat, 8 Jun 2024 22:31:15 +0800
Subject: [PATCH] block: fix request.queuelist usage in flush
Friedrich Weber reported a kernel crash problem and bisected to commit
81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine").
The root cause is that we use "list_move_tail(&rq->queuelist, pending)"
in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since
it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch().
We don't initialize its queuelist just for this first request, although
the queuelist of all later popped requests will be initialized.
Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so
rq->queuelist doesn't need to be initialized. It should be ok since rq
can't be on any list when PREFLUSH or POSTFLUSH, has no move actually.
Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in
flush state machine") also has another requirement that no drivers would
touch rq->queuelist after blk_mq_end_request() since we will reuse it to
add rq to the post-flush pending list in POSTFLUSH. If this is not true,
we will have to revert that commit IMHO.
This updated version adds "list_del_init(&rq->queuelist)" in flush rq
callback since the dm layer may submit request of a weird invalid format
(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add
if without this "list_del_init(&rq->queuelist)". The weird invalid format
problem should be fixed in dm layer.
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Closes: https://lore.kernel.org/lkml/14b89dfb-505c-49f7-aebb-01c54451db40@proxmox.com/
Closes: https://lore.kernel.org/lkml/c9d03ff7-27c5-4ebd-b3f6-5a90d96f35ba@proxmox.com/
Fixes: 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine")
Cc: Christoph Hellwig <hch@lst.de>
Cc: ming.lei@redhat.com
Cc: bvanassche@acm.org
Tested-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
---
block/blk-flush.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/blk-flush.c b/block/blk-flush.c
index 3f4d41952ef2..d72b57898b23 100644
--- a/block/blk-flush.c
+++ b/block/blk-flush.c
@@ -183,7 +183,7 @@ static void blk_flush_complete_seq(struct request *rq,
/* queue for flush */
if (list_empty(pending))
fq->flush_pending_since = jiffies;
- list_move_tail(&rq->queuelist, pending);
+ list_add_tail(&rq->queuelist, pending);
break;
case REQ_FSEQ_DATA:
@@ -261,6 +261,7 @@ static enum rq_end_io_ret flush_end_io(struct request *flush_rq,
unsigned int seq = blk_flush_cur_seq(rq);
BUG_ON(seq != REQ_FSEQ_PREFLUSH && seq != REQ_FSEQ_POSTFLUSH);
+ list_del_init(&rq->queuelist);
blk_flush_complete_seq(rq, fq, seq, error);
}

49
patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch
View File

@ -1,49 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Martin K. Petersen" <martin.petersen@oracle.com>
Date: Mon, 20 May 2024 22:30:40 -0400
Subject: [PATCH] scsi: core: Handle devices which return an unusually large
VPD page count
Peter Schneider reported that a system would no longer boot after
updating to 6.8.4. Peter bisected the issue and identified commit
b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to
fetching page") as being the culprit.
Turns out the enclosure device in Peter's system reports a byteswapped
page length for VPD page 0. It reports "02 00" as page length instead
of "00 02". This causes us to attempt to access 516 bytes (page length
+ header) of information despite only 2 pages being present.
Limit the page search scope to the size of our VPD buffer to guard
against devices returning a larger page count than requested.
Link: https://lore.kernel.org/r/20240521023040.2703884-1-martin.petersen@oracle.com
Fixes: b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to fetching page")
Cc: stable@vger.kernel.org
Reported-by: Peter Schneider <pschneider1968@googlemail.com>
Closes: https://lore.kernel.org/all/eec6ebbf-061b-4a7b-96dc-ea748aa4d035@googlemail.com/
Tested-by: Peter Schneider <pschneider1968@googlemail.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---
drivers/scsi/scsi.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index 8cad9792a562..b3ff3a633a1e 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -350,6 +350,13 @@ static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page)
if (result < SCSI_VPD_HEADER_SIZE)
return 0;
+ if (result > sizeof(vpd)) {
+ dev_warn_once(&sdev->sdev_gendev,
+ "%s: long VPD page 0 length: %d bytes\n",
+ __func__, result);
+ result = sizeof(vpd);
+ }
+
result -= SCSI_VPD_HEADER_SIZE;
if (!memchr(&vpd[SCSI_VPD_HEADER_SIZE], page, result))
return 0;

73
patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch
View File

@ -1,73 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Vitaly Lifshits <vitaly.lifshits@intel.com>
Date: Mon, 29 Apr 2024 10:10:40 -0700
Subject: [PATCH] e1000e: change usleep_range to udelay in PHY mdic access
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
for sporadic MDI error on Meteor Lake systems"). The referenced commit
used usleep_range inside the PHY access routines, which are sometimes
called from an atomic context. This can lead to a kernel panic in some
scenarios, such as cable disconnection and reconnection on vPro systems.
Solve this by changing the usleep_range calls back to udelay.
Fixes: 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems")
Cc: stable@vger.kernel.org
Reported-by: Jérôme Carretero <cJ@zougloub.eu>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218740
Closes: https://lore.kernel.org/lkml/a7eb665c74b5efb5140e6979759ed243072cb24a.camel@zougloub.eu/
Co-developed-by: Sasha Neftin <sasha.neftin@intel.com>
Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
Signed-off-by: Vitaly Lifshits <vitaly.lifshits@intel.com>
Tested-by: Dima Ruinskiy <dima.ruinskiy@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240429171040.1152516-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
drivers/net/ethernet/intel/e1000e/phy.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c
index 93544f1cc2a5..f7ae0e0aa4a4 100644
--- a/drivers/net/ethernet/intel/e1000e/phy.c
+++ b/drivers/net/ethernet/intel/e1000e/phy.c
@@ -157,7 +157,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
* the lower time out
*/
for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
- usleep_range(50, 60);
+ udelay(50);
mdic = er32(MDIC);
if (mdic & E1000_MDIC_READY)
break;
@@ -181,7 +181,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
* reading duplicate data in the next MDIC transaction.
*/
if (hw->mac.type == e1000_pch2lan)
- usleep_range(100, 150);
+ udelay(100);
if (success) {
*data = (u16)mdic;
@@ -237,7 +237,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
* the lower time out
*/
for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
- usleep_range(50, 60);
+ udelay(50);
mdic = er32(MDIC);
if (mdic & E1000_MDIC_READY)
break;
@@ -261,7 +261,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
* reading duplicate data in the next MDIC transaction.
*/
if (hw->mac.type == e1000_pch2lan)
- usleep_range(100, 150);
+ udelay(100);
if (success)
return 0;

48
patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch
View File

@ -1,48 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Li Zhang <zhanglikernel@gmail.com>
Date: Tue, 18 Jun 2024 07:28:00 +0200
Subject: [PATCH] virtio-pci: Check if is_avq is NULL
BugLink: https://bugs.launchpad.net/bugs/2067862
[bug]
In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved
to determine whether it is admin virtqueue, but this function vp_dev->is_avq
may be empty. For installations, virtio_pci_legacy does not assign a value
to vp_dev->is_avq.
[fix]
Check whether it is vp_dev->is_avq before use.
[test]
Test with virsh Attach device
Before this patch, the following command would crash the guest system
After applying the patch, everything seems to be working fine.
Signed-off-by: Li Zhang <zhanglikernel@gmail.com>
Message-Id: <1710566754-3532-1-git-send-email-zhanglikernel@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit c8fae27d141a32a1624d0d0d5419d94252824498)
Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com>
Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
drivers/virtio/virtio_pci_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
index b655fccaf773..3c18fc14cd66 100644
--- a/drivers/virtio/virtio_pci_common.c
+++ b/drivers/virtio/virtio_pci_common.c
@@ -236,7 +236,7 @@ void vp_del_vqs(struct virtio_device *vdev)
int i;
list_for_each_entry_safe(vq, n, &vdev->vqs, list) {
- if (vp_dev->is_avq(vdev, vq->index))
+ if (vp_dev->is_avq && vp_dev->is_avq(vdev, vq->index))
continue;
if (vp_dev->per_vq_vectors) {

14
patches/kernel/9998-rdtsc-spoof-hook-0.patch
View File

@ -1,14 +0,0 @@
diff -Naur --no-dereference a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
--- a/arch/x86/kvm/vmx/vmx.c 2024-07-01 21:03:34.000000000 +0300
+++ b/arch/x86/kvm/vmx/vmx.c 2024-07-01 20:24:05.000000000 +0300
@@ -6137,6 +6137,10 @@
[EXIT_REASON_ENCLS] = handle_encls,
[EXIT_REASON_BUS_LOCK] = handle_bus_lock_vmexit,
[EXIT_REASON_NOTIFY] = handle_notify,
+ [EXIT_REASON_RDTSC] = handle_rdtsc,
+ [EXIT_REASON_RDTSCP] = handle_rdtscp,
+ [EXIT_REASON_UMWAIT] = handle_umwait,
+ [EXIT_REASON_TPAUSE] = handle_tpause,
};
static const int kvm_vmx_max_exit_handlers =

40
patches/kernel/9999-rdtsc-spoof-hook-1.patch
View File

@ -1,40 +0,0 @@
diff -Naur --no-dereference a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
--- a/arch/x86/kvm/vmx/vmx.c 2024-07-01 21:03:34.000000000 +0300
+++ b/arch/x86/kvm/vmx/vmx.c 2024-07-01 20:24:05.000000000 +0300
@@ -6079,6 +6079,36 @@
return 1;
}
+static int handle_rdtsc(struct kvm_vcpu *vcpu)
+{
+ u64 _rdtsc = rdtsc();
+ printk_once("[HookEntry] hook entry function handle_rdtsc is working, return the rdtsc() if no hook , you can hook here!\n");
+ vcpu->arch.regs[VCPU_REGS_RAX] = _rdtsc & -1u;
+ vcpu->arch.regs[VCPU_REGS_RDX] = (_rdtsc >> 32) & -1u;
+ return kvm_skip_emulated_instruction(vcpu);
+}
+
+static int handle_rdtscp(struct kvm_vcpu *vcpu)
+{
+ u64 _rdtsc = rdtsc();
+ printk_once("[HookEntry] hook entry function handle_rdtscp is working, return the rdtsc() if no hook , you can hook here!\n");
+ vcpu->arch.regs[VCPU_REGS_RAX] = _rdtsc & -1u;
+ vcpu->arch.regs[VCPU_REGS_RDX] = (_rdtsc >> 32) & -1u;
+ return kvm_skip_emulated_instruction(vcpu);
+}
+
+static int handle_umwait(struct kvm_vcpu *vcpu)
+{
+ kvm_skip_emulated_instruction(vcpu);
+ return 1;
+}
+
+static int handle_tpause(struct kvm_vcpu *vcpu)
+{
+ kvm_skip_emulated_instruction(vcpu);
+ return 1;
+}
+
/*
* The exit handlers return 1 if the exit was handled fully and guest execution
* may resume. Otherwise they set the kvm_run parameter to indicate what needs

10
debian/proxmox-kernel.postinst.in → postinst.in
View File

@ -1,7 +1,6 @@
#!/usr/bin/perl
#!/usr/bin/perl -w
use strict;
use warnings;
# Ignore all invocations except when called on to configure.
exit 0 unless $ARGV[0] =~ /configure/;
@ -17,9 +16,10 @@ system("depmod $version");
if (-d "/etc/kernel/postinst.d") {
print STDERR "Examining /etc/kernel/postinst.d.\n";
system(
"run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/postinst.d"
) && die "Failed to process /etc/kernel/postinst.d";
system ("run-parts --verbose --exit-on-error --arg=$version " .
"--arg=$imagedir/vmlinuz-$version " .
"/etc/kernel/postinst.d") &&
die "Failed to process /etc/kernel/postinst.d";
}
exit 0

46
postrm.in Normal file
View File

@ -0,0 +1,46 @@
#!/usr/bin/perl -w
use strict;
# Ignore all 'upgrade' invocations .
exit 0 if $ARGV[0] =~ /upgrade/;
my $imagedir = "/boot";
my $version = "@@KVNAME@@";
if (-d "/etc/kernel/postrm.d") {
print STDERR "Examining /etc/kernel/postrm.d.\n";
system ("run-parts --verbose --exit-on-error --arg=$version " .
"--arg=$imagedir/vmlinuz-$version " .
"/etc/kernel/postrm.d") &&
die "Failed to process /etc/kernel/postrm.d";
}
unlink "$imagedir/initrd.img-$version";
unlink "$imagedir/initrd.img-$version.bak";
unlink "/var/lib/initramfs-tools/$version";
# Ignore all invocations except when called on to purge.
exit 0 unless $ARGV[0] =~ /purge/;
my @files_to_remove = qw{
modules.dep modules.isapnpmap modules.pcimap
modules.usbmap modules.parportmap
modules.generic_string modules.ieee1394map
modules.ieee1394map modules.pnpbiosmap
modules.alias modules.ccwmap modules.inputmap
modules.symbols modules.ofmap
modules.seriomap modules.*.bin
modules.softdep modules.devname
};
foreach my $extra_file (@files_to_remove) {
for (glob("/lib/modules/$version/$extra_file")) {
unlink;
}
}
system ("rmdir", "/lib/modules/$version") if -d "/lib/modules/$version";
exit 0

10
debian/proxmox-kernel.prerm.in → prerm.in
View File

@ -1,7 +1,6 @@
#!/usr/bin/perl
#!/usr/bin/perl -w
use strict;
use warnings;
# Ignore all invocations uxcept when called on to remove
exit 0 unless ($ARGV[0] && $ARGV[0] =~ /remove/) ;
@ -15,9 +14,10 @@ my $version = "@@KVNAME@@";
if (-d "/etc/kernel/prerm.d") {
print STDERR "Examining /etc/kernel/prerm.d.\n";
system(
"run-parts --verbose --exit-on-error --arg=$version --arg=$imagedir/vmlinuz-$version /etc/kernel/prerm.d"
) && die "Failed to process /etc/kernel/prerm.d";
system ("run-parts --verbose --exit-on-error --arg=$version " .
"--arg=$imagedir/vmlinuz-$version " .
"/etc/kernel/prerm.d") &&
die "Failed to process /etc/kernel/prerm.d";
}
exit 0

200
proxmox-ve/changelog.Debian Normal file
View File

@ -0,0 +1,200 @@
proxmox-ve (5.0-24) unstable; urgency=medium
* depend on newest 4.10.17-4-pve kernel
-- Proxmox Support Team <support@proxmox.com> Tue, 10 Oct 2017 14:39:55 +0200
proxmox-ve (5.0-21) unstable; urgency=medium
* depend on newest 4.10.17-3-pve kernel
-- Proxmox Support Team <support@proxmox.com> Thu, 31 Aug 2017 14:57:17 +0200
proxmox-ve (5.0-16) unstable; urgency=medium
* depend on newest 4.10.17-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Tue, 11 Jul 2017 11:11:35 +0200
proxmox-ve (5.0-10) unstable; urgency=medium
* depend on newest 4.10.15-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 7 Jun 2017 10:36:33 +0200
proxmox-ve (5.0-8) unstable; urgency=medium
* depend on newest 4.10.11-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Thu, 18 May 2017 09:14:18 +0200
proxmox-ve (5.0-6) unstable; urgency=medium
* depend on newest 4.10.8-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Thu, 13 Apr 2017 11:24:12 +0200
proxmox-ve (5.0-5) unstable; urgency=medium
* depend on newest 4.10.5-1-pve kernel
* remove old 4.x release key
-- Proxmox Support Team <support@proxmox.com> Tue, 28 Mar 2017 10:14:00 +0200
proxmox-ve (5.0-3) unstable; urgency=medium
* depend on newest 4.10.3-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Fri, 24 Mar 2017 13:44:18 +0100
proxmox-ve (5.0-2) unstable; urgency=medium
* depend on newest 4.10.1-2-pve kernel
-- Proxmox Support Team <support@proxmox.com> Fri, 10 Mar 2017 10:20:14 +0100
proxmox-ve (5.0-1) unstable; urgency=medium
* Proxmox VE package for Debian Stretch
-- Proxmox Support Team <support@proxmox.com> Fri, 3 Mar 2017 15:56:11 +0100
proxmox-ve (4.4-83) unstable; urgency=medium
* depend on newest 4.4.44-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 1 Mar 2017 09:22:26 +0100
proxmox-ve (4.4-82) unstable; urgency=medium
* install PVE release keys in a Debian Stretch compatible way
-- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2017 15:14:06 +0100
proxmox-ve (4.4-80) unstable; urgency=medium
* depend on newest 4.4.40-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 8 Feb 2017 13:10:57 +0100
proxmox-ve (4.4-76) unstable; urgency=medium
* update version for 4.4 release
-- Proxmox Support Team <support@proxmox.com> Wed, 8 Feb 2017 10:38:33 +0100
proxmox-ve (4.3-74) unstable; urgency=medium
* depend on newest 4.4.35-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Mon, 5 Dec 2016 10:20:03 +0100
proxmox-ve (4.3-73) unstable; urgency=medium
* depend on newest 4.4.30-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 30 Nov 2016 09:43:29 +0100
proxmox-ve (4.3-72) unstable; urgency=medium
* depend on newest 4.4.24-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Mon, 14 Nov 2016 12:17:16 +0100
proxmox-ve (4.3-67) unstable; urgency=medium
* depend on newest 4.4.21-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Mon, 10 Oct 2016 13:58:20 +0200
proxmox-ve (4.3-66) unstable; urgency=medium
* depend on newest 4.4.19-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 14 Sep 2016 13:23:43 +0200
proxmox-ve (4.2-63) unstable; urgency=medium
* use /etc/apt/trusted.gpg.d/ mechanism to install trusted apt keys
-- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2016 12:08:43 +0200
proxmox-ve (4.2-61) unstable; urgency=medium
* depend on newest 4.4.16-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 24 Aug 2016 15:11:08 +0200
proxmox-ve (4.2-58) unstable; urgency=medium
* depend on newest 4.4.13-2-pve kernel
-- Proxmox Support Team <support@proxmox.com> Fri, 15 Jul 2016 06:03:16 +0200
proxmox-ve (4.2-55) unstable; urgency=medium
* depend on newest 4.4.13-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Sat, 25 Jun 2016 11:52:14 +0200
proxmox-ve (4.2-54) unstable; urgency=medium
* depend on newest 4.4.10-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Fri, 10 Jun 2016 20:56:08 +0200
proxmox-ve (4.0-49) unstable; urgency=medium
* depend on newest 4.4.8-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:29:57 +0200
proxmox-ve (4.0-43) unstable; urgency=medium
* depend on newest 4.4.6-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Mon, 11 Apr 2016 09:35:06 +0200
proxmox-ve (4.0-32) unstable; urgency=medium
* depend on newest 4.2.8-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Wed, 03 Feb 2016 16:15:41 +0100
proxmox-ve (4.0-31) unstable; urgency=medium
* setup kernel links for installation CD (rescue boot)
-- Proxmox Support Team <support@proxmox.com> Sun, 10 Jan 2016 10:10:37 +0100
proxmox-ve (4.0-29) unstable; urgency=medium
* depend on newest 4.2.6-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Thu, 31 Dec 2015 12:46:00 +0100
proxmox-ve (4.0-8) unstable; urgency=medium
* depend on newest 4.2.3-2-pve kernel
-- Proxmox Support Team <support@proxmox.com> Tue, 03 Nov 2015 10:40:01 +0100
proxmox-ve (4.0-7) unstable; urgency=medium
* depend on newest 4.2.3-1-pve kernel
-- Proxmox Support Team <support@proxmox.com> Sun, 18 Oct 2015 10:58:21 +0200
proxmox-ve (4.0-6) unstable; urgency=medium
* depend on newest 4.1.3 kernel
-- Proxmox Support Team <support@proxmox.com> Thu, 30 Jul 2015 09:17:30 +0200
proxmox-ve (4.0-1) unstable; urgency=medium
* Proxmox VE package for Debian Jessie
-- Proxmox Support Team <support@proxmox.com> Sat, 28 Feb 2015 17:25:14 +0100

16
proxmox-ve/control Normal file
View File

@ -0,0 +1,16 @@
Package: proxmox-ve
Version: @RELEASE@-@PKGREL@
Architecture: all
Section: admin
Priority: optional
Provides: proxmox-virtual-environment
Conflicts: pve-kernel, proxmox-virtual-environment, proxmox-ve-3.10.0
Replaces: pve-kernel, proxmox-virtual-environment, proxmox-ve-3.10.0
Depends: libc6 (>= 2.7-18), pve-kernel-@KVNAME@, pve-firmware, pve-manager, qemu-server, pve-qemu-kvm, openssh-client, openssh-server, apt, vncterm, spiceterm
Maintainer: Proxmox Support Team <support@proxmox.com>
Description: The Proxmox Virtual Environment
The Proxmox Virtual Environment is an easy to use Open Source
virtualization platform for running Virtual Appliances and Virtual
Machines. This is a meta package which will install everything
needed. This package also depends on the latest available Proxmox
kernel from the @KERNEL_VER@ series.

21
proxmox-ve/copyright Normal file
View File

@ -0,0 +1,21 @@
Copyright (C) 2016 Proxmox Server Solutions GmbH
This software is written by Proxmox Server Solutions GmbH <support@proxmox.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 dated June, 1991.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301 USA
The complete text of the GNU General
Public License can be found in `/usr/share/common-licenses/GPL-2'.

81
proxmox-ve/postinst Executable file
View File

@ -0,0 +1,81 @@
#! /bin/sh
# Abort if any command returns an error value
set -e
# This script is called as the last step of the installation of the
# package. All the package's files are in place, dpkg has already
# done its automatic conffile handling, and all the packages we depend
# of are already fully installed and configured.
# The following idempotent stuff doesn't generally need protecting
# against being run in the abort-* cases.
case "$1" in
configure)
# Configure this package. If the package must prompt the user for
# information, do it here.
# cleanup - remove Proxmox Release Key key from /etc/apt/trusted.gpg
/usr/bin/apt-key --keyring /etc/apt/trusted.gpg del 9887F95A >/dev/null 2>&1 || /bin/true
# cleanup - remove old stretch-incompatible variant of installing release key
rm -f /etc/apt/trusted.gpg.d/proxmox-ve.gpg /etc/apt/trusted.gpg.d/proxmox-ve.gpg~
# setup kernel links for installation CD (rescue boot)
mkdir -p /boot/pve
ln -sf /boot/vmlinuz-@KVNAME@ /boot/pve/vmlinuz
ln -sf /boot/initrd.img-@KVNAME@ /boot/pve/initrd.img
# There are three sub-cases:
if test "${2+set}" != set; then
# We're being installed by an ancient dpkg which doesn't remember
# which version was most recently configured, or even whether
# there is a most recently configured version.
:
elif test -z "$2" -o "$2" = "<unknown>"; then
# The package has not ever been configured on this system, or was
# purged since it was last configured.
:
else
# Version $2 is the most recently configured version of this
# package.
:
fi ;;
abort-upgrade)
# Back out of an attempt to upgrade this package FROM THIS VERSION
# to version $2. Undo the effects of "prerm upgrade $2".
:
;;
abort-remove)
if test "$2" != in-favour; then
echo "$0: undocumented call to \`postinst $*'" 1>&2
exit 0
fi
# Back out of an attempt to remove this package, which was due to
# a conflict with package $3 (version $4). Undo the effects of
# "prerm remove in-favour $3 $4".
:
;;
abort-deconfigure)
if test "$2" != in-favour -o "$5" != removing; then
echo "$0: undocumented call to \`postinst $*'" 1>&2
exit 0
fi
# Back out of an attempt to deconfigure this package, which was
# due to package $6 (version $7) which we depend on being removed
# to make way for package $3 (version $4). Undo the effects of
# "prerm deconfigure in-favour $3 $4 removing $6 $7".
:
;;
*) echo "$0: didn't understand being called with \`$1'" 1>&2
exit 0;;
esac
exit 0

8
debian/proxmox-kernel-meta.postrm.in → proxmox-ve/postrm
View File

@ -5,9 +5,10 @@ set -e
case "$1" in
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
# remove kernel symlinks
rm -f /boot/pve/vmlinuz-@@KVNAME@@
rm -f /boot/pve/initrd.img-@@KVNAME@@
# remove kernel symlinks
rm -f /boot/pve/vmlinuz
rm -f /boot/pve/initrd.img
rmdir --ignore-fail-on-non-empty /boot/pve/ || true
;;
*)
@ -16,4 +17,3 @@ case "$1" in
;;
esac
#DEBHELPER#

BIN
proxmox-ve/proxmox-release-5.x.pubkey Normal file
View File

Binary file not shown.

11
proxmox-ve/pve-headers.control Normal file
View File

@ -0,0 +1,11 @@
Package: pve-headers
Version: @RELEASE@-@PKGREL@
Architecture: all
Section: admin
Priority: optional
Depends: pve-headers-@KVNAME@
Maintainer: Proxmox Support Team <support@proxmox.com>
Description: Latest Proxmox VE Kernel Headers
This is a virtual package which will install the kernel headers
for the latest available proxmox kernel from the @KERNEL_VER@
series.

1
submodules/spl-module Submodule

@ -0,0 +1 @@
Subproject commit 785f8eda81c22b7fdf35a078bfe2e7533d4727b7

1
submodules/ubuntu-kernel

@ -1 +0,0 @@
Subproject commit 52a389ffcb4a5a544790d46c53f79c845364692e

1
submodules/ubuntu-zesty Submodule

@ -0,0 +1 @@
Subproject commit cc8f26e2f0c5a81b1ea15a7aaeab9fdd4c7e4520

1
submodules/zfs-module Submodule

@ -0,0 +1 @@
Subproject commit ab6f41b56c05388cb7147340f0f9cd21b7389b4a

1
submodules/zfsonlinux

@ -1 +0,0 @@
Subproject commit f5c9e3a9a85e73ef96f02375a745b10115a319b3

33
uname-version-timestamp.patch Normal file
View File

@ -0,0 +1,33 @@
From: Ben Hutchings <ben@decadent.org.uk>
Subject: Make mkcompile_h accept an alternate timestamp string
Date: Tue, 12 May 2015 19:29:22 +0100
Forwarded: not-needed
We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.
Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.
--- a/scripts/mkcompile_h
+++ b/scripts/mkcompile_h
@@ -37,10 +37,14 @@ else
VERSION=$KBUILD_BUILD_VERSION
fi
-if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then
- TIMESTAMP=`date`
+if [ -z "$KBUILD_BUILD_VERSION_TIMESTAMP" ]; then
+ if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then
+ TIMESTAMP=`date`
+ else
+ TIMESTAMP=$KBUILD_BUILD_TIMESTAMP
+ fi
else
- TIMESTAMP=$KBUILD_BUILD_TIMESTAMP
+ TIMESTAMP=$KBUILD_BUILD_VERSION_TIMESTAMP
fi
if test -z "$KBUILD_BUILD_USER"; then
LINUX_COMPILE_BY=$(whoami | sed 's/\\/\\\\/')