Updating/Upgrading Custom/Patched Kernel

A

Arszilla

New Member
Nov 22, 2022
21
8
3
Hi there,

I'm interested in upgrading my Proxmox 7.4-15 on HP ProLiant DL360p Gen8 to Proxmox 8, however I am facing a "niche" problem. I am using a custom kernel (relax-intel-rmrr) (GitHub) since Proxmox 7.1-2, as I have an OPNsense VM which uses PCI passthrough to be the backbone of my home network. The patched kernel is necessary for this VM to function, and I'd love to move it outside of Proxmox for redundancy reasons, but sadly I can't currently.

Since the VM requires this patched kernel, I've pinned this kernel months ago and I did a decent job (I believe) of keeping my server up to date. Currently, my packages are as follows:

Code: 
proxmox-ve: 7.3-1 (running kernel: 5.13.19-2-pve-relaxablermrr)
pve-manager: 7.4-15 (running version: 7.4-15/a5d2a31e)
pve-kernel-5.15: 7.4-4
pve-kernel-helper: 7.3-1
pve-kernel-5.13: 7.1-5
pve-kernel-5.15.108-1-pve: 5.15.108-1
pve-kernel-5.15.107-2-pve: 5.15.107-2
pve-kernel-5.15.102-1-pve: 5.15.102-1
pve-kernel-5.15.83-1-pve: 5.15.83-1
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.13.19-2-pve-relaxablermrr: 5.13.19-4
ceph-fuse: 15.2.15-pve1
corosync: 3.1.7-pve1
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx4
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve2
libproxmox-acme-perl: 1.4.4
libproxmox-backup-qemu0: 1.3.1-1
libproxmox-rs-perl: 0.2.1
libpve-access-control: 7.4.1
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.4-2
libpve-guest-common-perl: 4.2-4
libpve-http-server-perl: 4.2-3
libpve-rs-perl: 0.7.7
libpve-storage-perl: 7.4-3
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.2-2
lxcfs: 5.0.3-pve1
novnc-pve: 1.4.0-1
proxmox-backup-client: 2.4.2-1
proxmox-backup-file-restore: 2.4.2-1
proxmox-mail-forward: 0.1.1-1
proxmox-mini-journalreader: 1.3-1
proxmox-offline-mirror-helper: 0.5.2
proxmox-widget-toolkit: 3.7.3
pve-cluster: 7.3-3
pve-container: 4.4-6
pve-docs: 7.4-2
pve-edk2-firmware: 3.20230228-4~bpo11+1
pve-firewall: 4.3-4
pve-firmware: 3.6-5
pve-ha-manager: 3.6.1
pve-i18n: 2.12-1
pve-qemu-kvm: 7.2.0-8
pve-xtermjs: 4.16.0-2
qemu-server: 7.4-4
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.8.0~bpo11+3
vncterm: 1.7-1
zfsutils-linux: 2.1.11-pve1

Running pve7to8 --full to see if I can upgrade to Proxmox 8.0 results with this:

Code: 
# pve7to8--full
= CHECKING VERSION INFORMATION FOR PVE PACKAGES =

Checking for package updates..           
WARN: updates for the following packages are available:
  proxmox-ve, proxmox-kernel-helper, pve-kernel-helper
                                                        
Checking proxmox-ve package version..
FAIL: proxmox-ve package is too old, please upgrade to >= 7.4-1!

Checking running kernel version..
PASS: running kernel '5.13.19-2-pve-relaxablermrr' is considered suitable for upgrade.

= CHECKING CLUSTER HEALTH/SETTINGS =

SKIP: standalone node.

= CHECKING HYPER-CONVERGED CEPH STATUS =

SKIP: no hyper-converged ceph setup detected!

= CHECKING CONFIGURED STORAGES =

PASS: storage 'local' enabled and active.
PASS: storage 'raid5-300' enabled and active.
PASS: storage 'raid5-500' enabled and active.
INFO: Checking storage content type configuration..
PASS: no storage content problems found
PASS: no storage re-uses a directory for multiple content types.

= MISCELLANEOUS CHECKS =

INFO: Checking common daemon services..
PASS: systemd unit 'pveproxy.service' is in state 'active'
PASS: systemd unit 'pvedaemon.service' is in state 'active'
PASS: systemd unit 'pvescheduler.service' is in state 'active'
PASS: systemd unit 'pvestatd.service' is in state 'active'
INFO: Checking for supported & active NTP service..
PASS: Detected active time synchronisation unit 'chrony.service'
INFO: Checking for running guests..
WARN: 3 running guest(s) detected - consider migrating or stopping them.
INFO: Checking if the local node's hostname 'pve' is resolvable..
INFO: Checking if resolved IP is configured on local node..
PASS: Resolved node IP '10.10.10.5' configured and active on single interface.
INFO: Check node certificate's RSA key size
PASS: Certificate 'pve-root-ca.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048)
PASS: Certificate 'pve-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (2048 >= 2048)
PASS: Certificate 'pveproxy-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048)
INFO: Checking backup retention settings..
PASS: no backup retention problems found.
INFO: checking CIFS credential location..
PASS: no CIFS credentials at outdated location found.
INFO: Checking permission system changes..
INFO: Checking custom role IDs for clashes with new 'PVE' namespace..
PASS: no custom roles defined, so no clash with 'PVE' role ID namespace enforced in Proxmox VE 8
INFO: Checking if LXCFS is running with FUSE3 library, if already upgraded..
SKIP: not yet upgraded, no need to check the FUSE library version LXCFS uses
INFO: Checking node and guest description/note length..
PASS: All node config descriptions fit in the new limit of 64 KiB
PASS: All guest config descriptions fit in the new limit of 8 KiB
INFO: Checking container configs for deprecated lxc.cgroup entries
PASS: No legacy 'lxc.cgroup' keys found.
INFO: Checking if the suite for the Debian security repository is correct..
INFO: Checking for existence of NVIDIA vGPU Manager..
PASS: No NVIDIA vGPU Service found.
INFO: Checking bootloader configuration...
SKIP: not yet upgraded, no need to check the presence of systemd-boot
unknown ID 'kali' in /etc/os-release file, trying fallback detection

= SUMMARY =

TOTAL:    29
PASSED:   22
SKIPPED:  4
WARNINGS: 2
FAILURES: 1

ATTENTION: Please check the output for detailed information!
Try to solve the problems one at a time and then run this checklist tool again.

I believe proxmox-ve is "out-of-date" due to the patched kernel. Thus I am trying to figure out how can I download the kernel I'll be using for Proxmox 8.0 beforehand, patch it, apply it to my server, and then upgrade to Proxmox 8.

Can someone assist me on how I should proceed with achieving this?
 
LnxBil said:
The sources are here and you can then try to patch and build the kernel.
Click to expand...
I am aware of that. I've seen that repository in the [URL='https://github.com/MichaelTrip/relax-intel-rmrr/blob/master/build/proxmox/build.sh']build.sh[/URL] of relax-intel-rmrr. Sadly, that failed:

Code: 
###########################################################
############ STEP 2 - DOWNLOAD CODE TO COMPILE ############
###########################################################
Step 2.0: Creating working directory
Step 2.1: Downloading Proxmox kernel toolchain & patches
Cloning into 'pve-kernel'...
remote: Enumerating objects: 39, done.
remote: Counting objects: 100% (39/39), done.
remote: Compressing objects: 100% (33/33), done.
remote: Total 39 (delta 1), reused 25 (delta 1), pack-reused 0
Receiving objects: 100% (39/39), 446.20 KiB | 2.35 MiB/s, done.
Resolving deltas: 100% (1/1), done.
Cloning into 'relax-intel-rmrr'...
remote: Enumerating objects: 14, done.
remote: Counting objects: 100% (14/14), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 14 (delta 1), reused 6 (delta 1), pack-reused 0
Receiving objects: 100% (14/14), 16.44 KiB | 801.00 KiB/s, done.
Resolving deltas: 100% (1/1), done.
Step 2.2: Downloading base kernel
###########################################################
################# STEP 3 - CREATE KERNEL ##################
###########################################################
Step 3.0: Applying patches
patching file Makefile
Hunk #1 FAILED at 11.
1 out of 1 hunk FAILED -- saving rejects to file Makefile.rej
patching file debian/scripts/find-firmware.pl
Hunk #1 FAILED at 8.
1 out of 1 hunk FAILED -- saving rejects to file debian/scripts/find-firmware.pl.rej
 
Trying the docker option of relax-intel-rmrr build also fails, and the worst part is: it's trying to patch the 5.4.203-1 kernel, instead of the 6.2 kernel:

Code: 
dpkg-source --before-build .
dpkg-checkbuilddeps: error: Unmet build dependencies: dwarves (>= 1.13~)
dpkg-buildpackage: warning: build dependencies/conflicts unsatisfied; aborting
dpkg-buildpackage: warning: (Use -d flag to override.)
make: *** [Makefile:60: pve-kernel-5.4.203-1-pve-relaxablermrr_5.4.203-1_amd64.deb] Error 3
 
According to my knowledge this is the latest version and well maintained (not 8.0):
https://github.com/Aterfax/relax-intel-rmrr
after login you can download the automatically generated version trough GitHub actions, select one "Build kernel debs" and select the zip file (not 8.0):
https://github.com/Aterfax/relax-intel-rmrr/actions
Hope the owner of the repo will release a new verrsion for proxmox 8.0

As of right now there is a request to include this natively to Proxmox:
https://bugzilla.proxmox.com/show_bug.cgi?id=4707

We can only hope they will implement it.
I sorry I could not help you I hope others will find it useful.
 
Last edited:
Krushx0 said:
According to my knowledge this is the latest version and well maintained (not 8.0):
https://github.com/Aterfax/relax-intel-rmrr
after login you can download the automatically generated version trough GitHub actions, select one "Build kernel debs" and select the zip file (not 8.0):
https://github.com/Aterfax/relax-intel-rmrr/actions
Hope the owner of the repo will release a new verrsion for proxmox 8.0

As of right now there is a request to include this natively to Proxmox:
https://bugzilla.proxmox.com/show_bug.cgi?id=4707

We can only hope they will implement it.
I sorry I could not help you I hope others will find it useful.
Click to expand...
That's actually very useful, as I now know/have the 6.2 kernel and its patches for PVE 7.4-3. However, I am a bit unsure how can I change my kernels and patch them. I guess I gotta take my OPNsense VM (which uses the PCI passthrough) down, so I can update the kernel (unpin it and update it to use the latest one, somehow), then apply the patches.

I'll try it later this week and update this thread.
 
Arszilla said:
That's actually very useful, as I now know/have the 6.2 kernel and its patches for PVE 7.4-3. However, I am a bit unsure how can I change my kernels and patch them. I guess I gotta take my OPNsense VM (which uses the PCI passthrough) down, so I can update the kernel (unpin it and update it to use the latest one, somehow), then apply the patches.

I'll try it later this week and update this thread.
Click to expand...
I do not know this might not be the correct answer but this is how I do it with fresh install:
install proxmox
cd /home
download the the previously mentioned zip to /home (I use winscp to move the zip file to the proxmox host)
apt update
apt-get install unzip
unzip <filename>.zip
unzip release.zip
cd build/proxmox/proxmox-kernel/debs/
this will apply the deb files:
dpkg -i *.deb
this will make sure that the updates will not brake your applied modification ofc you will stuck on this version until a new deb patch comes out
(you should check the installed version with 'apt list --installed' and rewrite the the following commands according to those version number):
apt-mark hold 'pve-headers-6.2.16-2-pve-relaxablermrr'
apt-mark hold 'pve-kernel-6.2.16-2-pve-relaxablermrr'
apt-mark hold 'linux-tools-6.2'
apt-mark hold 'linux-tools-6.2-dbgsym'
apt-mark hold 'pve-kernel-libc-dev'
you should pin the kernel:
(you can check your kernel versions with: proxmox-boot-tool kernel list )
proxmox-boot-tool kernel pin 6.2.16-2-pve-relaxablermrr
editing your grub boot or cmdline file
I do not use grub for booting proxmox because i chose zfs during installation
so I edit cmdline file:
nano /etc/kernel/cmdline
add this to the end of the record and !!!do not make a new line for this!!! (I broke my install in the past because of this):
intel_iommu=on relax_rmrr
for the grub version you can find information here: https://github.com/Aterfax/relax-intel-rmrr/blob/master/README.md#configuration
reboot


for updating is simple
stop all VM on the host just be on the safe side
you just unhold the packages (ofc checking the version number with the same method that previously mentioned):
apt-mark unhold 'pve-headers-6.2.16-2-pve-relaxablermrr'
apt-mark unhold 'pve-kernel-6.2.16-2-pve-relaxablermrr'
apt-mark unhold 'linux-tools-6.2'
apt-mark unhold 'linux-tools-6.2-dbgsym'
apt-mark unhold 'pve-kernel-libc-dev'
unpin your kernel (ofc checking the version number with the same method that previously mentioned):
proxmox-boot-tool kernel unpin 6.2.16-2-pve-relaxablermrr
at this point you follow the fresh install steps with the new version numbers (except ofc the proxmox install and grub/cmdline file edit)

I also do this I do not know if this is necessary anymore but i do it anyway:
nano /etc/modules
Add the following lines:

vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd

update-initramfs -u -k all
reboot

I hope this will help one way or another those who have the same problem and bought hp server -.-
 
Last edited:
  • Like
Reactions: XRedShark
Have a look at: https://github.com/Aterfax/relax-intel-rmrr/discussions/38

There's no need to stop or pause the VMs while installing the debs (changes can only take effect after a reboot into the new kernel) and the installation of the debs should automatically run update-initramfs. I've never needed to use apt-mark hold and unhold but this is a good idea! At this point you should pin the kernel you want to run (I would assume the new kernel you just installed) and reboot.

If it's your first install of that patched kernel you should follow: https://github.com/Aterfax/relax-intel-rmrr/blob/master/README.md#proxmox---premade-packages-easy so you set the correct GRUB options.

For the record I am running Proxmox 8.0.3 with Linux 6.2.11-1-pve-relaxablermrr no issues.

I'll take a look at releasing a newer kernel more aligned with 8.0.3 at some point this month.
 
Last edited:
  • Like
Reactions: asherman_07 and XRedShark
Aterfax said:
Have a look at: https://github.com/Aterfax/relax-intel-rmrr/discussions/38

There's no need to stop or pause the VMs while installing the debs (changes can only take effect after a reboot into the new kernel) and the installation of the debs should automatically run update-initramfs. I've never needed to use apt-mark hold and unhold but this is a good idea! At this point you should pin the kernel you want to run (I would assume the new kernel you just installed) and reboot.

If it's your first install of that patched kernel you should follow: https://github.com/Aterfax/relax-intel-rmrr/blob/master/README.md#proxmox---premade-packages-easy so you set the correct GRUB options.

For the record I am running Proxmox 8.0.3 with Linux 6.2.11-1-pve-relaxablermrr no issues.

I'll take a look at releasing a newer kernel more aligned with 8.0.3 at some point this month.
Click to expand...
Hi,

Since i have update Proxmox to version 7 and Kernel 5.15.108 on my HP dl380p Gen8 i have a problem with virtualization :

[fimware bug] : the bios has corrupted hw-PMU ressources (MSR 38d is 330) x86/cpu: VMX (outside TXT) disabled by bios

I've open threads here :
https://forum.proxmox.com/threads/p...ility-with-hp-dl380p-gen8.132427/#post-582854
https://forum.proxmox.com/threads/kvm-virtualisation-broken-with-kernel-5-15.132137/
https://community.hpe.com/t5/operat...oxmox-7-hp-dl380p/m-p/7194488/highlight/false

And i didn't found any solution.

Does the patch mentioned here : https://github.com/Aterfax/relax-intel-rmrr/releases/tag/v6.2.16-4 is the solution for me ?

actually i have these versions : proxmox-ve: 7.4-1 (running kernel: 6.2.16-4-bpo11-pve) - pve-manager: 7.4-16 (running version: 7.4-16/0f39f621)
 
FYI, as of Proxmox kernel release 6.2.16-13-pve, the relax-intel-rmrr patch is now part of the kernel, so you don't need to patch it anymore (see details in Proxmox bug 4707). The functionality is disabled by default though, so you still need to enable it the same way you've done in the past. Configuration instructions can be found here.

For folks still on Proxmox 7.4, patched kernel series 5.15 are available here.
 
Last edited:
  • Like
Reactions: djkay2637 and limehawk
brunokc said:
FYI, as of Proxmox kernel release 6.2.16-13-pve, the relax-intel-rmrr patch is now part of the kernel, so you don't need to patch it anymore (see details in Proxmox bug 4707). The functionality is disabled by default though, so you still need to enable it the same way you've done in the past. Configuration instructions can be found here.

For folks still on Proxmox 7.4, patched kernel series 5.15 are available here.
Click to expand...
This worked for me.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back