webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,100 Commits 2 Branches 1 Tag
037dc6b9bc5bbc1138ea5075d14d61ba19aaada9
Commit Graph

186 Commits

Author SHA1 Message Date
Arne Fitzenreiter
037dc6b9bc kernel: update to 5.10.67 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 23:45:56 +02:00
Michael Tremer
cbbed5bc14 kernel: Enable all cgroups on all architectures 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:04:36 +00:00
Michael Tremer
b7ed5dc817 kernel: Enable support for TPM hardware 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:04:14 +00:00
Michael Tremer
340f155649 kernel: Enable frontswap 
"Frontswap provides a “transcendent memory” interface for swap pages. In
some environments, dramatic performance savings may be obtained because
swapped pages are saved in RAM (or a RAM-like device) instead of a swap
disk."

https://www.kernel.org/doc/html/latest/vm/frontswap.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:00:52 +00:00
Michael Tremer
15f53912a1 kernel: Disable network security hooks 
This is a feature we do not use and it should therefore be disabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:00:41 +00:00
Michael Tremer
c913c9862c kernel: Disable OpenvSwitch 
We do not use this and so we should not build it to save space.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:00:31 +00:00
Michael Tremer
fef9a33846 kernel: Disable any runtime testing 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:00:21 +00:00
Michael Tremer
828d3d2525 kernel: Disable SLUB debugging 
This is not necessary on our systems and according to the documentation
will reduce code size of the allocator which will result in better
performance.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 14:00:10 +00:00
Michael Tremer
034a2402fc kernel: Enable Pressure Stall Information 
This is a new type of metric to find out what resource is currently a
bottleneck for the whole system. We might use this for graphs.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 13:59:51 +00:00
Michael Tremer
f58a8cb16f kernel: Disable IRQ time accounting 
This feature is now disabled (was disabled on ARM before) as we do not
need it:

"Select this option to enable fine granularity task irq time accounting.
This is done by reading a timestamp on each transitions between softirq
and hardirq state, so there can be a small performance impact."

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 13:59:19 +00:00
Michael Tremer
c0932f8fbe kernel: Disable suspending systems to RAM 
We do not make any use of this functionality

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 13:59:06 +00:00
Michael Tremer
0e83b0d03c kernel: Change timer tick to 1000Hz 
This change is required to make the system respond faster to any
realtime events (sending or receiving data packets).

It will wake up at least one core 1000 times a second which will result
in finer timer granularity and make scheduling smoother. HTB for
example sends large packet bursts on each timer even to keep up data
rates which is not helpful for most applications.

The change might increase resource consumption and overhead slightly on
some systems, but since we are running in an idle-dyntick configuration,
we should not keep awake any cores that have not been awake before.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 13:58:57 +00:00
Arne Fitzenreiter
52758d52c3 kernel: update to 5.10.55 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-08-01 11:50:25 +02:00
Arne Fitzenreiter
bcea571211 kernel: update to 5.10.53 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-25 23:48:58 +02:00
Arne Fitzenreiter
ec13fae9d4 kernel: update to 5.10.52 
Signen-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-21 18:09:59 +02:00
Arne Fitzenreiter
93f83a3f0d kernel: update to 5.10.50 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-15 22:41:51 +02:00
Arne Fitzenreiter
f696f419ad kernel: update to 5.10.46 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:40 +02:00
Arne Fitzenreiter
97500acdb8 kernel: update to 5.10.44 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:39 +02:00
Arne Fitzenreiter
663ab267ba kernel: update to 5.10.42 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
e9692dd548 kernel: update to 5.10.41 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
adea4dde18 kernel: update to 5.10.40 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
b358af5bfe kernel: update to 5.10.39 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
5235ab4817 kernel: update to 5.10.38 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
5a27051fc2 kernel: update to 5.10.37 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
b75dd327fd kernel: update to 5.10.32 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
dda381ce2d kernel: update to 5.10.28 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
b9475fe009 kernel: update to 5.10.24 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
82b0e0f13d kernel: x86* disable alg modules 
the application layer gateway modules can used to bypass the nat
via nat slipstreaming. I had disabled all of them. If one is really needed
we can reenable it later.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
0966058161 kernel: fix leds on geos and alix 
the platform driver cannot register the leds if GPIO_CS5535 is compiled as module

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
18a43dc673 kernel: enable PREEMPT_VOLUNTARY and set timer to 100HZ 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:36 +02:00
Michael Tremer
5c8b5c3923 kernel: Enable BBR as default TCP congestion algorithm 
This will increase throughput since BBR is more modern and adjusted to
the nowadays version of the Internet whereas Cubic is more conservative
and might not always fully saturate the downlink.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-07-05 07:42:36 +02:00
Michael Tremer
13eab1060d kernel: Trust the randomness from the CPU 
This will allow the kernel to seed its CRNG using RDSEED or RDRAND.

During the boot process, it is required that the CRNG is being
initialised, but it may take some long time on systems that do not have
a random number generator.

This is the default for various other distributions like Debian.

Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-07-05 07:42:36 +02:00
Michael Tremer
904386624c kernel: Compile RNG drivers into the kernel 
The kernel will try to gather entropy really early in the boot process
where those device drivers might not have been loaded yet. They are
small and can therefore be compiled into the kernel like we already do
on ARM.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-07-05 07:42:36 +02:00
Arne Fitzenreiter
c062c7700f kernel: update to 5.10.5 
todo: add armv5tel and aarch64 config and rootfiles.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:36 +02:00
Arne Fitzenreiter
10ce44b0c6 kernel: update to 4.14.232 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-05-16 11:58:42 +00:00
Arne Fitzenreiter
7e27f7cdc1 kernel: update to 4.14.229 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-04-10 13:40:01 +00:00
Arne Fitzenreiter
2e1bf458e2 kernel: update to 4.14.206 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-11-12 09:02:02 +01:00
Arne Fitzenreiter
ce9f979c01 kernel: update to 4.14.195 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-31 06:58:32 +02:00
Arne Fitzenreiter
f3a59d63e2 kernel: update to 4.14.184 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 16:04:48 +02:00
Peter Müller
92e828b3b0 kernel: disable CONFIG_UPROBES 
Quoted from #12433:
> Uprobes is the user-space counterpart to kprobes: they enable instrumentation
> applications (such as 'perf probe') to establish unintrusive probes in
> user-space binaries and libraries, by executing handler functions when the
> probes are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints, managed by the
> kernel and kept transparent to the probed application. )

IMHO this can be safely disabled, as there is little if any need to debug
userspace programs _that_ deeply on an IPFire machine.

Fixes: #12433

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:18:36 +00:00
Arne Fitzenreiter
325a2680c8 kernel: fix diabling CONFIG_MODFIFY_LDT_SYSCALL 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 16:21:49 +02:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Peter Müller
e6514b3af8 kernel: disable CONFIG_DEBUG_LIST on i586(-pae) 
Fixes: #12378

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:51 +00:00
Peter Müller
c2749c1bed kernel: disable CONFIG_USELIB on x86_64 and i586(-pae) 
> This option enables the uselib syscall a system call used in the dynamic
> linker from libc5 and earlier. glibc does not use this system call. If you
> intend to run programs built on libc5 or earlier you may need to enable this
> syscall. Current systems running glibc can safely disable this.

In my point of view, the last sentence matches our situation.

Fixes: #12379

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:13 +00:00
Peter Müller
442a7f5ea2 Kernel: drop Memstick support 
These are not needed anymore since Sony announced EOL in 2010 and there
is no legitimate use case for such hardware on a firewall system.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:13:14 +00:00
Peter Müller
90ecad4f66 Kernel: drop bluetooth support 
The bluetooth addon was recently removed by commit
592be1d206, which is why we do not need to
carry the corresponding kernel modules around anymore.

The second version of this patch correctly updates kernel configuration
files via "make oldconfig" as requested by Arne.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:12:58 +00:00
Arne Fitzenreiter
831ff05d89 kernel: enable and enforce signed kernel modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-06 15:09:52 +01:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:23:08 +00:00