| View previous topic :: View next topic |
| Author |
Message |
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
 Posted: Thu May 02, 2024 10:33 pm Post subject: Problems with my first proper kernel config |
 |
|
Hi! I recently finished my first kernel config that actually boots, but it has some issues that I don't have with the gentoo-kernel package.
Here are some of the things that caught my attention on dmesg
| Code: | | Unknown kernel command line parameters "BOOT_IMAGE=/boot/vmlinuz-6.6.21-2-gentoo", will be passed to user space. I guess this is normal, as this also happens on the stock kernel |
| Code: | smpboot: 32 Processors exceeds NR_CPUS limit of 16 I only have 8 cores/16 threads, my cpu is a Ryzen 7 5700x
smpboot: Allowing 16 CPUs, 0 hotplug CPUs The stock kernel shows Allowing 32 CPUs, 16 hotplug CPUs |
| Code: | | ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored This also happens with gentoo-kernel |
| Code: | | tpm_crb MSFT0101:00: Disabling hwrng apparently this is intended behavior, as AMD's ftpm rng could cause some performance issues or something along those lines |
| Code: | exFAT-fs (nvme0n1p3): invalid boot record signature
exFAT-fs (nvme0n1p3): failed to read boot sector
exFAT-fs (nvme0n1p3): failed to recognize exfat type
ntfs3: nvme0n1p3: Primary boot signature is not NTFS.
ntfs3: nvme0n1p3: try to read out of volume at offset 0x6e30affe00
XFS (nvme0n1p3): Mounting V5 Filesystem 7505b872-f8e8-4306-a75a-338b3c0570ce
XFS (nvme0n1p3): Ending clean mount
VFS: Mounted root (xfs filesystem) readonly on device 259:3. My root partition is XFS, don't know why it tries to mount with exFAT or ntfs. This is unique to my custom config
|
When I use os-prober with the custom config, it detects the running system as another one, adding 2 entries for the same thing in grub, this might be related to the previous issue
| Code: | Warning: os-prober will be executed to detect other bootable partitions.
Its output will be used to detect bootable binaries on them and create new boot entries.
Found Gentoo Linux on /dev/nvme0n1p3
Found Windows Boot Manager on /dev/sda1@/efi/Microsoft/Boot/bootmgfw.efi |
And lastly, when booting up, the stock kernel goes from "Loading Linux" to showing the boot logs way quicker, comparing the dmesg outputs from both kernels, the boot times seem the same, but my config keeps me in black screen for longer.
Here is my kernel config, any help and feedback would be greatly appreciated!  |
|
| Back to top |
|
 |
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1912
|
| Posted: Thu May 02, 2024 11:10 pm Post subject: |
|
|
Nothing here is a problem. Just normal operation.
The root partition thing is because the kernel "guesses" the type unless passed rootfstype then it expects to mount once or fail.
The gentoo-kernel build requires an initramfs, namely dracut built. dracut discovers things a bit quicker but not by much.
It wouldn't hurt to increase NR_CPUS to 32 in the kernel config. It may even give a performance boost. |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Thu May 02, 2024 11:16 pm Post subject: |
|
|
| grknight wrote: | Nothing here is a problem. Just normal operation.
The root partition thing is because the kernel "guesses" the type unless passed rootfstype then it expects to mount once or fail.
The gentoo-kernel build requires an initramfs, namely dracut built. dracut discovers things a bit quicker but not by much.
It wouldn't hurt to increase NR_CPUS to 32 in the kernel config. It may even give a performance boost. |
I see, I will increase NR_CPUS then. The only real problem here would be os-prober acting up under the custom kernel and the weird delay for the kernel to give me a image. |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria
|
| Posted: Fri May 03, 2024 1:12 am Post subject: |
|
|
You almost have a perfect kernel configuration ... I might think you have configured according to my instructions (*) ... I would like to add the following:
| Code: | 1.
CONFIG_EXPERT=y
2.
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
3.
CONFIG_HZ_1000=y
# CONFIG_HZ_300 is not set
4.
# CONFIG_X86_AMD_PSTATE is not set
# CONFIG_X86_AMD_PSTATE_UT is not set
5.
# CONFIG_MODULES is not set
6.
CONFIG_BLK_DEBUG_FS=y
7.
CONFIG_EXTRA_FIRMWARE="amdgpu/dimgrey_cavefish_sos.bin amdgpu/dimgrey_cavefish_ta.bin amdgpu/dimgrey_cavefish_smc.bin amdgpu/dimgrey_cavefish_dmcub.bin amdgpu/dimgrey_cavefish_pfp.bin amdgpu/dimgrey_cavefish_me.bin amdgpu/dimgrey_cavefish_ce.bin amdgpu/dimgrey_cavefish_rlc.bin amdgpu/dimgrey_cavefish_mec.bin amdgpu/dimgrey_cavefish_mec2.bin amdgpu/dimgrey_cavefish_vcn.bin amdgpu/dimgrey_cavefish_sdma.bin rtl_nic/rtl8125b-2.fw"
8.
CONFIG_DEBUG_DEVRES=y
9.
# CONFIG_USB_UAS is not set
10.
CONFIG_AMD_PTDMA
11.
CONFIG_AMD_IOMMU_V2=y |
1. Yes 
2. Some AMD machines need this (even it is not a notebook; enabling it doesnt hurt)
3. You know you will have 1000 interrupts in a second for EVERY cpu core ... = 16.000 (or 32.000). Because you have hires timers, I dont think you will need it; 300 is sufficient - maybe also only 100 (you can check it with watching a 4k video; if there is no problem then everything is allright)
4. Doesn't these work for your AMD CPU ?
5. Yes (I have also a monolithic kernel) With modules support you would be able to enable XFS static into your kernel and all other filesystems as module. Without module support you should set the kernel command line parameter "rootfstype=" (as @grknight already said). See here: https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
6. I am not an fan of debugs. Okay it cost nearly no performance but it is a security problem. Of course it is your decision.
7. I am missing the CPU microcode. https://wiki.gentoo.org/wiki/AMD_microcode
8. This one is even worse than (6.)
9. Enable it
10. Are you sure your machine doesnt have it ?
11. Yes, this is correct. Please don't be surprised if it no longer exists with the next major kernel version (because it was dropped with 6.7).
*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.6
.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Fri May 03, 2024 1:20 am Post subject: |
|
|
| pietinger wrote: | You almost have a perfect kernel configuration ... I might think you have configured according to my instructions (*) ... I would like to add the following:
| Code: | 1.
CONFIG_EXPERT=y
2.
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
3.
CONFIG_HZ_1000=y
# CONFIG_HZ_300 is not set
4.
# CONFIG_X86_AMD_PSTATE is not set
# CONFIG_X86_AMD_PSTATE_UT is not set
5.
# CONFIG_MODULES is not set
6.
CONFIG_BLK_DEBUG_FS=y
7.
CONFIG_EXTRA_FIRMWARE="amdgpu/dimgrey_cavefish_sos.bin amdgpu/dimgrey_cavefish_ta.bin amdgpu/dimgrey_cavefish_smc.bin amdgpu/dimgrey_cavefish_dmcub.bin amdgpu/dimgrey_cavefish_pfp.bin amdgpu/dimgrey_cavefish_me.bin amdgpu/dimgrey_cavefish_ce.bin amdgpu/dimgrey_cavefish_rlc.bin amdgpu/dimgrey_cavefish_mec.bin amdgpu/dimgrey_cavefish_mec2.bin amdgpu/dimgrey_cavefish_vcn.bin amdgpu/dimgrey_cavefish_sdma.bin rtl_nic/rtl8125b-2.fw"
8.
CONFIG_DEBUG_DEVRES=y
9.
# CONFIG_USB_UAS is not set
10.
CONFIG_AMD_PTDMA
11.
CONFIG_AMD_IOMMU_V2=y |
1. Yes
2. Some AMD machines need this (even it is not a notebook; enabling it doesnt hurt)
3. You know you will have 1000 interrupts in a second for EVERY cpu core ... = 16.000 (or 32.000). Because you have hires timers, I dont think you will need it; 300 is sufficient - maybe also only 100 (you can check it with watching a 4k video; if there is no problem then everything is allright)
4. Doesn't these work for your AMD CPU ?
5. Yes (I have also a monolithic kernel) With modules support you would be able to enable XFS static into your kernel and all other filesystems as module. Without module support you should set the kernel command line parameter "rootfstype=" (as @grknight already said). See here: https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
6. I am not an fan of debugs. Okay it cost nearly no performance but it is a security problem. Of course it is your decision.
7. I am missing the CPU microcode. https://wiki.gentoo.org/wiki/AMD_microcode
8. This one is even worse than (6.)
9. Enable it
10. Are you sure your machine doesnt have it ?
11. Yes, this is correct. Please don't be surprised if it no longer exists with the next major kernel version (because it was dropped with 6.7).
*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.6
. |
Thanks for the reply! Right now I can't look into everything, but as for points 4 and 7, I tried enabling amd pstate, it didn't work out of the box, it was asking for some kernel parameters and I didn't really want to look into that, and for 7, I forgot to add it! Thanks for pointing that out. I will check the other points whenever i can. Thanks for the suggestions! |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Fri May 03, 2024 1:22 am Post subject: |
|
|
| pietinger wrote: | You almost have a perfect kernel configuration ... I might think you have configured according to my instructions (*) ... I would like to add the following:
| Code: | 1.
CONFIG_EXPERT=y
2.
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
3.
CONFIG_HZ_1000=y
# CONFIG_HZ_300 is not set
4.
# CONFIG_X86_AMD_PSTATE is not set
# CONFIG_X86_AMD_PSTATE_UT is not set
5.
# CONFIG_MODULES is not set
6.
CONFIG_BLK_DEBUG_FS=y
7.
CONFIG_EXTRA_FIRMWARE="amdgpu/dimgrey_cavefish_sos.bin amdgpu/dimgrey_cavefish_ta.bin amdgpu/dimgrey_cavefish_smc.bin amdgpu/dimgrey_cavefish_dmcub.bin amdgpu/dimgrey_cavefish_pfp.bin amdgpu/dimgrey_cavefish_me.bin amdgpu/dimgrey_cavefish_ce.bin amdgpu/dimgrey_cavefish_rlc.bin amdgpu/dimgrey_cavefish_mec.bin amdgpu/dimgrey_cavefish_mec2.bin amdgpu/dimgrey_cavefish_vcn.bin amdgpu/dimgrey_cavefish_sdma.bin rtl_nic/rtl8125b-2.fw"
8.
CONFIG_DEBUG_DEVRES=y
9.
# CONFIG_USB_UAS is not set
10.
CONFIG_AMD_PTDMA
11.
CONFIG_AMD_IOMMU_V2=y |
1. Yes
2. Some AMD machines need this (even it is not a notebook; enabling it doesnt hurt)
3. You know you will have 1000 interrupts in a second for EVERY cpu core ... = 16.000 (or 32.000). Because you have hires timers, I dont think you will need it; 300 is sufficient - maybe also only 100 (you can check it with watching a 4k video; if there is no problem then everything is allright)
4. Doesn't these work for your AMD CPU ?
5. Yes (I have also a monolithic kernel) With modules support you would be able to enable XFS static into your kernel and all other filesystems as module. Without module support you should set the kernel command line parameter "rootfstype=" (as @grknight already said). See here: https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
6. I am not an fan of debugs. Okay it cost nearly no performance but it is a security problem. Of course it is your decision.
7. I am missing the CPU microcode. https://wiki.gentoo.org/wiki/AMD_microcode
8. This one is even worse than (6.)
9. Enable it
10. Are you sure your machine doesnt have it ?
11. Yes, this is correct. Please don't be surprised if it no longer exists with the next major kernel version (because it was dropped with 6.7).
*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.6
. |
And you're correct! I followed your tutorial! Thank you for that, it was really helpful! |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria
|
| Posted: Fri May 03, 2024 1:27 am Post subject: |
|
|
| GBember wrote: | | And you're correct! I followed your tutorial! Thank you for that, it was really helpful! |
You are very Welcome !
Have fun with Gentoo ! 
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Fri May 03, 2024 2:06 am Post subject: |
|
|
I applied the fixes suggested here
Apparently all my concerns from dmesg are gone, like the smpboot and FS mount errors
But os-prober still acts weirdly under the custom kernel
| Code: | lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 447.1G 0 disk
├─sda1 8:1 0 100M 0 part
├─sda2 8:2 0 16M 0 part
├─sda3 8:3 0 446.3G 0 part
└─sda4 8:4 0 768M 0 part
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part /hdd
nvme0n1 259:0 0 465.8G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /efi
├─nvme0n1p2 259:2 0 24G 0 part [SWAP]
└─nvme0n1p3 259:3 0 440.8G 0 part / |
| Code: | sudo os-prober
Password:
/dev/nvme0n1p3:Gentoo Linux:Gentoo:linux
/dev/sda1@/efi/Microsoft/Boot/bootmgfw.efi:Windows Boot Manager:Windows:efi |
And the delay between "Loading Linux" and any log appearing on screen still remains. |
|
| Back to top |
|
|
xgivolari
Tux's lil' helper
Joined: 26 Jul 2021
Posts: 102
|
| Posted: Fri May 03, 2024 6:00 am Post subject: |
|
|
On AMD Zen Platforms, these kernel config options are usually a safe bet:
| Code: | CONFIG_CRYPTO_DEV_CCP #enables support for the AMD cryptographic co-processor
CONFIG_GPIO_AMDPT support #support for AMD Promontory GPIO |
If you have a Zen 3 or newer CPU, you can enable these:
| Code: | CONFIG_X86_KERNEL_IBT
CONFIG_X86_USER_SHADOW_STACK |
This message:
| Code: | | ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored |
means everything is working as intended. Some BIOSes query if they are booting Linux to decide which features to expose. This is extremely unreliable and should only be honored if something is not working correctly without it. By default, the Linux kernel pretends to be all Windows versions at once, for maximum compatibility. |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Fri May 03, 2024 9:30 am Post subject: |
|
|
| xgivolari wrote: | On AMD Zen Platforms, these kernel config options are usually a safe bet:
| Code: | CONFIG_CRYPTO_DEV_CCP #enables support for the AMD cryptographic co-processor
CONFIG_GPIO_AMDPT support #support for AMD Promontory GPIO |
If you have a Zen 3 or newer CPU, you can enable these:
| Code: | CONFIG_X86_KERNEL_IBT
CONFIG_X86_USER_SHADOW_STACK |
This message:
| Code: | | ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored |
means everything is working as intended. Some BIOSes query if they are booting Linux to decide which features to expose. This is extremely unreliable and should only be honored if something is not working correctly without it. By default, the Linux kernel pretends to be all Windows versions at once, for maximum compatibility. |
Thanks for the reply! I enabled the first 2 options, but the other ones I don't think I actually need them, according to Pietinger's tutorial, I only need to enable IBT when IBRS/IBPB: indirect branch restrictions returns true on cpuid, but it returns false on my system, my CPU is a Ryzen 7 5700x, do you know if it should have returned true? And what about Shadow Stack, is there any way to verify my CPU actually supports it? |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria
|
| Posted: Fri May 03, 2024 12:35 pm Post subject: |
|
|
| GBember wrote: | | And the delay between "Loading Linux" and any log appearing on screen still remains. |
If you compare the dmesg of your kernel with the dmesg of our dist-kernel you will see that some modules are now loaded BEFORE console (because you have enabled them static) ... in dist-kernel many modules are configured as <M>odule and then these will be loaded after console.
| GBember wrote: | | [...] And what about Shadow Stack, is there any way to verify my CPU actually supports it? |
Have a look into this chapter: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Kernel_Hardening_with_KSPP#KSPP_2024-04-26
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Fri May 03, 2024 12:48 pm Post subject: |
|
|
| pietinger wrote: | | GBember wrote: | | And the delay between "Loading Linux" and any log appearing on screen still remains. |
If you compare the dmesg of your kernel with the dmesg of our dist-kernel you will see that some modules are now loaded BEFORE console (because you have enabled them static) ... in dist-kernel many modules are configured as <M>odule and then these will be loaded after console.
| GBember wrote: | | [...] And what about Shadow Stack, is there any way to verify my CPU actually supports it? |
Have a look into this chapter: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Kernel_Hardening_with_KSPP#KSPP_2024-04-26 |
I see, if it even is possible the kernel loading order, should I change it? |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria
|
| Posted: Fri May 03, 2024 12:57 pm Post subject: |
|
|
| GBember wrote: | | I see, if it even is possible the kernel loading order, should I change it? |
No. The only way to change the order kernel is loading modules is: Changing from statically configured to <M>odule ... which is not possible with a monolithic kernel. (So, yes, you have no influence in which order kernel initalise its modules).
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria
|
| Posted: Fri May 03, 2024 1:00 pm Post subject: |
|
|
P.S.: You could enable some option (earlycon) to see some output sooner ... but do you really need it ? I am even using the kernel command line paramter "quiet" to have a more clean screen when booting ... If I really want check something I can see every message in "dmesg" later.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
GBember
n00b
Joined: 04 Apr 2024
Posts: 20
|
| Posted: Fri May 03, 2024 1:16 pm Post subject: |
|
|
| pietinger wrote: | | P.S.: You could enable some option (earlycon) to see some output sooner ... but do you really need it ? I am even using the kernel command line paramter "quiet" to have a more clean screen when booting ... If I really want check something I can see every message in "dmesg" later. |
Maybe I'm worrying too much because the kernel is behaving slightly different from gentoo-kernel. Thanks for all the help! |
|
| Back to top |
|
|
|
Kernel & Hardware
