Go to file
2017-08-02 14:46:11 +02:00
proxmox-ve bump version to 4.10.17-16, bump ABI to 4.10.17-1-pve 2017-07-13 09:07:40 +02:00
submodules update kernel source to Ubuntu-4.10.0-28.32 2017-07-28 14:02:26 +02:00
.gitignore buildsys: convert to submodules 2017-03-24 13:03:07 +01:00
.gitmodules buildsys: convert to submodules 2017-03-24 13:03:07 +01:00
0001-netfilter-nft_set_rbtree-handle-re-addition-element-.patch add fix for DoS via nftables 2017-05-22 09:59:35 +02:00
abi-blacklist buildsys: simplify abi-check 2017-03-24 14:14:10 +01:00
abi-check buildsys: simplify abi-check 2017-03-24 14:14:10 +01:00
abi-previous update abi-previous after ABI bump 2017-07-13 06:04:17 +02:00
bridge-patch.diff initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
ceph-scheduler-fix.patch initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
cgroup-cpuset-add-cpuset.remap_cpus.patch initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
changelog.Debian bump version to 4.10.17-18 2017-07-28 14:09:06 +02:00
control.in allow also grub-efi-arm64 as an grub dependency 2017-05-11 08:50:39 +02:00
control.tools build-sys: replace fixed architecture use where possible 2017-05-11 08:50:39 +02:00
copyright initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
CVE-2017-7482-rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch add CVE fixes 2017-07-19 09:46:19 +02:00
CVE-2017-10810-drm-virtio-don-t-leak-bo-on-drm_gem_object_init-fail.patch add CVE fixes 2017-07-19 09:46:19 +02:00
CVE-2017-1000364-mm-mmap.c-do-not-blow-on-PROT_NONE-MAP_FIXED-holes-i.patch add CVE fixes 2017-07-19 09:46:19 +02:00
CVE-2017-1000364-mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch add CVE fixes 2017-07-19 09:46:19 +02:00
CVE-2017-1000365-fs-exec.c-account-for-argv-envp-pointers.patch add CVE fixes 2017-07-19 09:46:19 +02:00
e1000e_4.10_compat.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
e1000e_4.10_max-mtu.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
e1000e-3.3.5.3.tar.gz Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
find-firmware.pl initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
fwlist-previous bump version 4.10.5-4, bump ABI to 4.10.5-1-pve 2017-03-28 11:30:43 +02:00
headers-control.in build-sys: replace fixed architecture use where possible 2017-05-11 08:50:39 +02:00
headers-postinst.in initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
igb_4.9_compat.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
igb_4.10_compat.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
igb_4.10_max-mtu.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
igb-5.3.5.4.tar.gz Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
intel-module-gcc6-compat.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
ixgbe_4.10_compat.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
ixgbe_4.10_max-mtu.patch Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
ixgbe-5.0.4.tar.gz Revert "remove outdated intel nic drivers" 2017-07-28 14:02:26 +02:00
kvm-dynamic-halt-polling-disable-default.patch initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
Makefile build: drop bash from fwcheck target 2017-08-02 14:46:11 +02:00
override_for_missing_acs_capabilities.patch initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
postinst.in initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
postrm.in initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
prerm.in initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
README initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00
uname-version-timestamp.patch initial import from https://git.proxmox.com/?p=pve-kernel.git;a=tree 2017-03-15 14:43:14 +01:00

KERNEL SOURCE:
==============

We currently use the Ubuntu kernel sources, available from:

 http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/

Ubuntu will maintain those kernels till:

 https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable


Additional/Updated Modules:
---------------------------

- include latest e1000e driver from intel/sourceforge

- include latest ixgbe driver from intel/sourceforge

 - include latest igb driver from intel/sourceforge

# Note: hpsa does not compile with kernel 3.19.8
#- include latest HPSA driver (HP Smart Array)
#
#  * http://sourceforge.net/projects/cciss/

- include native OpenZFS filesystem kernel modules for Linux

  * https://github.com/zfsonlinux/

  For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ

- include latest DRBD 9 driver, see http://drbd.linbit.com/home/what-is-drbd/


FIRMWARE:
=========

We create our own firmware package, which includes the firmware for
all proxmox-ve kernels. So far this include

pve-kernel-2.6.18
pve-kernel-2.6.24
pve-kernel-2.6.32
pve-kernel-3.10.0
pve-kernel-3.19.0

We use 'find-firmware.pl' to extract lists of required firmeware
files.  The script 'assemble-firmware.pl' is used to read those lists
and copy the files from various source directory into a target
directory.

We do not include firmeware for some wireless HW when there is a
separate debian package for that, for example:

zd1211-firmware
atmel-firmware
bluez-firmware 


PATCHES:
--------

 bridge-patch.diff: Avoid bridge problems with changing MAC
  see also: http://forum.openvz.org/index.php?t=msg&th=5291

  Behaviour after 2.6.27 has changed slighly - after setting mac address
  of bridge device, then address won't change. So we could omit
  that patch, requiring to set hwaddress in /etc/network/interfaces.

Watchdog blacklist
------------------

By default, all watchdog modules are black-listed because it is totally undefined
which device is actually used for /dev/watchdog.
We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
The user typically edit /etc/modules to enable a specific watchdog device.

Additional information
----------------------

We use the default configuration provided by Ubuntu, and apply
the following modification:

see Makefile (PVE_CONFIG_OPTS)

- enable CONFIG_CEPH_FS=m (request from user)

- enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
  problems (udev, undate-initramfs have serious problems without that)

  	 CONFIG_BLK_DEV_SD=y
  	 CONFIG_BLK_DEV_SR=y
  	 CONFIG_BLK_DEV_DM=y

- add workaround for Debian bug #807000 (see
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000)

  	 CONFIG_BLK_DEV_NVME=y

- compile NBD and RBD modules
	 CONFIG_BLK_DEV_NBD=m
	 CONFIG_BLK_DEV_RBD=m

- set LOOP_MIN_COUNT to 8 (debian defaults)
	 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8

- disable module signatures (CONFIG_MODULE_SIG)
 
- enable IBM JFS file system 

  This is disabled in RHEL kernel for no real reason, so we enable
  it as requested by users (bug #64)

- enable apple HFS and HFSPLUS

  This is disabled in RHEL kernel for no real reason, so we enable
  it as requested by users

- enable CONFIG_BCACHE=m (requested by user)

- enable CONFIG_BRIDGE=y

  Else we get warnings on boot, that
  net.bridge.bridge-nf-call-iptables is an unknown key

- enable CONFIG_DEFAULT_SECURITY_APPARMOR

  We need this for lxc
  
- set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y

  because if not set, it can give some dynamic memory or cpu frequencies 
  change, and vms can crash (mainly windows guest).

  see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273

- use 'deadline' as default scheduler

  This is the suggested setting for KVM. We also measure bad fsync
  performance with ext4 and cfq.

- disable CONFIG_INPUT_EVBUG

  Module evbug is not blacklisted on debian, so we simply disable it
  to avoid key-event logs (which is a big security problem)

Testing final kernel with kvm
-----------------------------

kvm -kernel data/boot/vmlinuz-3.19.8-1-pve -initrd initrd.img-3.19.8-1-pve -append "vga=791 video=vesafb:ywrap,mtrr" /dev/zero