Upstream: https://github.com/proxmox/pve-kernel
6ac09c547c
Else everyone booting the 5.0 based kernel will have nesting activated by default[0], and this break live migration for all VMs with CPU type host, even if they do not host KVM (nested) guests themself and never made a VMX call, at least with newer QEMU versions >= 3.1 [1] While the kernel now may had good reasons to change the default to true for this[0], i.e., it can now handle nested guest migrations in a nice and sane way, the user space side of this in QEMU is not yet ready, and may only become so with or even after 4.1. After we have a working qemu which can also live migrate arbitrary nested guest we may well enable this as default, but until then it brings just pain but no advantage. So let's protect people which did not manually enabled nesting for a live-migration breakage. All those who enabled nesting manually them self knew that it was still experimental and thus will have to live with their decision and have a live migration breakage (for those VMs with CPU type 'host') [0]: https://git.kernel.org/torvalds/c/1e58e5e59148916fa43444a406335a990783fb78 [1]: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=d98f26073bebddcd3da0ba1b86c3a34e840c0fb8 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> |
||
|---|---|---|
| debian | ||
| patches | ||
| submodules | ||
| .gitignore | ||
| .gitmodules | ||
| abi-blacklist | ||
| abi-prev-5.0.8-2-pve | ||
| fwlist-previous | ||
| Makefile | ||
| README | ||
KERNEL SOURCE: ============== We currently use the Ubuntu kernel sources, available from: http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/ Ubuntu will maintain those kernels till: https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Additional/Updated Modules: --------------------------- - include latest e1000e driver from intel/sourceforge - include latest igb driver from intel/sourceforge - include native OpenZFS filesystem kernel modules for Linux * https://github.com/zfsonlinux/ For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ SUBMODULE ========= We track the current upstream repository as submodule. Besides obvious advantages over tracking binary tar archives this also has some implications. For building the submodule directory gets copied into build/ and a few patches get applied with the `patch` tool. From a git point-of-view, the copied directory remains clean even with extra patches applied since it does not contain a .git directory, but a reference to the (still pristine) submodule: $ cat build/ubuntu-bionic/.git If you mistakenly cloned the upstream repo as "normal" clone (not via the submodule mechanics) this means that you have a real .git directory with its independent objects and tracking info when copying for building, thus git operates on the copied directory - and "sees" that it was dirtied by `patch`, and thus the kernel buildsystem sees this too and will add a '+' to the version as a result. This changes the output directories for modules and other build artefacts and let's then the build fail on packaging. So always ensure that you really checked it out as submodule, not as full "normal" clone. You can also explicitly set the LOCALVERSION variable to undefined with: `export LOCALVERSION= but that should only be done for test builds. RELATED PACKAGES: ================= proxmox-ve ---------- top level meta package, depends on current default kernel series meta package. git clone git://git.proxmox.com/git/proxmox-ve.git pve-kernel-meta --------------- depends on latest kernel and header package within a certain kernel series, e.g., pve-kernel-4.15 / pve-headers-4.15 git clone git://git.proxmox.com/git/pve-kernel-meta.git pve-firmware ------------ contains the firmware for all released PVE kernels. git clone git://git.proxmox.com/git/pve-firmware.git NOTES: ====== ABI versions, package versions and package name: ------------------------------------------------ We follow debian's versioning w.r.t ABI changes: https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html https://wiki.debian.org/DebianKernelABIChanges The debian/rules file has a target comparing the build kernel's ABI against the version stored in the repository and indicates when an ABI bump is necessary. An ABI bump within one upstream version consists of incrementing the KREL variable in the Makefile, rebuilding the packages and running 'make abiupdate' (the 'abiupdate' target in 'Makefile' contains the steps for consistently updating the repository). Watchdog blacklist ------------------ By default, all watchdog modules are black-listed because it is totally undefined which device is actually used for /dev/watchdog. We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf The user typically edit /etc/modules to enable a specific watchdog device. Additional information ---------------------- We use the default configuration provided by Ubuntu, and apply the following modifications: NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS) - enable INTEL_MEI_WDT=m (to allow disabling via patch) - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS - enable CONFIG_CEPH_FS=m (request from user) - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection problems (udev, update-initramfs have serious problems without that) CONFIG_BLK_DEV_SD=y CONFIG_BLK_DEV_SR=y CONFIG_BLK_DEV_DM=y - add workaround for Debian bug #807000 (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) CONFIG_BLK_DEV_NVME=y - compile NBD and RBD modules CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_RBD=m - enable IBM JFS file system as module enable it as requested by users (bug #64) - enable apple HFS and HFSPLUS as module enable it as requested by users - enable CONFIG_BCACHE=m (requested by user) - enable CONFIG_BRIDGE=y Else we get warnings on boot, that net.bridge.bridge-nf-call-iptables is an unknown key - enable CONFIG_DEFAULT_SECURITY_APPARMOR We need this for lxc - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y because if not set, it can give some dynamic memory or cpu frequencies change, and vms can crash (mainly windows guest). see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 - use 'deadline' as default scheduler This is the suggested setting for KVM. We also measure bad fsync performance with ext4 and cfq. - disable CONFIG_INPUT_EVBUG Module evbug is not blacklisted on debian, so we simply disable it to avoid key-event logs (which is a big security problem) - enable CONFIG_MODVERSIONS (needed for ABI tracking) - switch default UNWINDER to FRAME_POINTER the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)