The other day I was running the stock fedora kernel on my ip
forwarding setup, to see what the performance was, and the performance
wasn't very good.
system is S5520HC dual socket 2.93GHz Xeon 5570 (Nehalem) with 3 quad
port 82580 adapters (12 ports). Traffic is bidirectional 64 byte
packets being forwarded and received on each port, basically port to
port routing. I am only using 12 flows currently.
The driver is igb, and I am using an affinity script that lines up
each pair of ports that are forwarding traffic into optimal
configurations for cache locality. I am also disabling
remote_node_defrag_ratio to stop cross node traffic.
With the fedora default kernel from F14 it appears that
CONFIG_NETFILTER=y means that I cannot unload all of netfilter even if
I stop iptables service.
perf showed netfilter being prominent, and removing it gives me much
higher throughput. Is there a reason CONFIG_NETFILTER=y ? Isn't it a
good thing to be able to disable netfilter if you want to?
I have a couple of old bugs that still affect me and want to see if I can
do a bisect on a rawhide machine of the older kernels (e.g. 2.6.37, 2.6.35).
So far I have been hitting a problem with a gcc error mentioning
conflicting types in a case where asmregparm is used in one place and not
Am I going to need to use something like mock to do these builds?
Is there any hope that I can run the resulting kernel on rawhide? (I need
to test that X works in one case and motherboard sound combined with
high network traffic works in the other.)
Even if I need to test the kernels on an older Fedora, it would be nice to
do the builds on a rawhide machine so that I can use the rawhide machine
while the builds are being done and only do the tests on an older Fedora.
Why was CONFIG_DELL_RBU disabled? I can't update my BIOS from Linux
config-3.11.1-200.fc19.x86_64:# CONFIG_DELL_RBU is not set
config-3.11.2-201.fc19.x86_64:# CONFIG_DELL_RBU is not set
I need to bisect the Fedora kernel to track down a bug and would some
advice on workflow and tips for speeding up builds.
My current approach is to start by cloning the linus kernel and cloning
the fedora kernel package. I cloned a git0 version of the package. I am
replacing the rc patch by doing a git diff versus the 3.11 kernel and
piping it through xz. I then use fedpkg local to build the test kernel.
There weren't too many Fedora patches in the period of interest, but
potentially I might need to add or remove one of these. The main issue
is that the builds take long enough that I am only going to be able to
do one test a day. I am building on i686 and really only need one of
the PAE or non-PAE kernels and I don't need any of the other rpms
(notably the doc rpm).
Does this workflow seem sane?
Is there any easy way to do the builds faster? (I'm thinking by not
building all of the rpms, but other approaches are welcome.)
Below is a patch report of the various patches Fedora is carrying on
top of the listed upstream kernel, and why we're carrying it. Greg
said he'd like to see such a report, so I plan on sending one a month
or so. Feel free to ping me with any questions you have. Also, if
there's additional info you'd like to see, just let me know.
3.11 based (F19/F20 (this also basically applied to rawhide as well,
which is 3.12 merge window):
net-sctp-fix-ipv6-ipsec-encryption-bug-in-sctp_v6_xmit.patch (rhbz 1007903)
- Backport of upstream commit
95ee62083cb6453e056562d91f597552021e6ae7 for security reasons.
tuntap-correctly-handle-error-in-tun_set_iff.patch (rhbz 1007741)
- Backport of upstream commit
662ca437e714caaab855b12415d6ffd815985bc0 for security reasons.
crypto-fix-race-in-larval-lookup.patch (rhbz 1002351)
- Backport of upstream commit 77dbd7a95e4a4f15264c333a9e9ab97ee27dc2aa
acpi-pcie-hotplug-conflict.patch (rhbz 963991)
- Backport of upstream commit 3dc48af310709b85d07c8b0d3aa8f1ead02829d3
rt2800-rearrange-bbp-rfcsr-initialization.patch (rhbz 1000679)
- This is a backport of all of the HID CVE fixes Kees and Benjamin
did. I believe all of them are now in Jiri's tree and on their way to
Linus and stable.
- Fixes MEI reset issues for a number of machines. Queued for stable.
- Backport of upstream b43ea8068d2090cb1e44632c8a938ab40d2c7419
iwl4965-better-skb-management-in-rx-path.patch (rhbz 977040)
- Backport of commits 45fe142cefa864b685615bcb930159f6749c3667 and
- This is something the Fedora ppc secondary team wanted I think.
cve-2013-2147-ciss-info-leak.patch (rhbz 971249)
- Patch from security people.
fix-child-thread-introspection.patch (rhbz 927469)
- Fixed upstream with commit 73af963f9f3036dffed55c3a2898598186db1045
ath9k_rx_dma_stop_check.patch (rhbz 892811)
- Fixes some DMA issue on specific hardware. Taken from
vt-Drop-K_OFF-for-VC_MUTE.patch (rhbz 859485)
- Fixes to vt K_OFF. This was posted upstream but needs poking.
- Allow e.g. gdb to only ptrace it's children and not random things.
Upstream asked Fedora to carry this for a while. Needs poking.
- We keep seeing soft lockup detector reports on virt guests where
the host was busy and didn't schedule the guest in time. We disable
the detector on guests now.
- I believe this is queued up in Matt Flemming's tree now.
- Bastien added this to fix intermittent hangs on a Macbook Air 1,1.
Should probably poke at it.
- Fedora secure boot support.
- Patches from David Howells to expand keyrings. Can be found in his git tree.
- Patches from David Howells to support KRB usecases with keyrings.
Can be found in his git tree.
- Patches from David Howells to improve x509 cert support, including
introducing a system_trusted_keyring. Can be found in his git tree.
- The patch to add /dev/crash. Dave Anderson keeps making this work (mostly).
- We rebase the kernel often. Virtual Box breaks when we do it. We
don't support Virtual Box, so we taint it with the C flag. We could
likely drop this as it is automatically tainted with O now.
There are a crapton of ARM patches. I'm not going to go over those
because I honestly have no idea what they're for, where a lot of them
come from, or what their upstream status is.
We have a small number of debug or "silence stupid messages" patches
that have been there for years. They're minor.
I am not sure if this is the right place to start, but I am looking for
the source of the following kernel package:
This kernel is installed with RDO in order to enable some
OpenStack functionality (I am using CentOS 6.4). However,
I need to rebuild the kernel in order to enable IMA (integrity
I could only find the .rpm package itself, but not the source.
Any help appreciated, thank you!