Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Problems with my first proper kernel config
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Thu May 02, 2024 10:33 pm    Post subject: Problems with my first proper kernel config Reply with quote

Hi! I recently finished my first kernel config that actually boots, but it has some issues that I don't have with the gentoo-kernel package.
Here are some of the things that caught my attention on dmesg

Code:
Unknown kernel command line parameters "BOOT_IMAGE=/boot/vmlinuz-6.6.21-2-gentoo", will be passed to user space.  I guess this is normal, as this also happens on the stock kernel


Code:
smpboot: 32 Processors exceeds NR_CPUS limit of 16   I only have 8 cores/16 threads, my cpu is a Ryzen 7 5700x
smpboot: Allowing 16 CPUs, 0 hotplug CPUs                 The stock kernel shows Allowing 32 CPUs, 16 hotplug CPUs


Code:
ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored   This also happens with gentoo-kernel


Code:
tpm_crb MSFT0101:00: Disabling hwrng     apparently this is intended behavior, as AMD's ftpm rng could cause some performance issues or something along those lines


Code:
exFAT-fs (nvme0n1p3): invalid boot record signature
exFAT-fs (nvme0n1p3): failed to read boot sector
exFAT-fs (nvme0n1p3): failed to recognize exfat type
ntfs3: nvme0n1p3: Primary boot signature is not NTFS.
ntfs3: nvme0n1p3: try to read out of volume at offset 0x6e30affe00
XFS (nvme0n1p3): Mounting V5 Filesystem 7505b872-f8e8-4306-a75a-338b3c0570ce
XFS (nvme0n1p3): Ending clean mount
VFS: Mounted root (xfs filesystem) readonly on device 259:3.          My root partition is XFS, don't know why it tries to mount with exFAT or ntfs. This is unique to my custom config

When I use os-prober with the custom config, it detects the running system as another one, adding 2 entries for the same thing in grub, this might be related to the previous issue
Code:
Warning: os-prober will be executed to detect other bootable partitions.
Its output will be used to detect bootable binaries on them and create new boot entries.
Found Gentoo Linux on /dev/nvme0n1p3
Found Windows Boot Manager on /dev/sda1@/efi/Microsoft/Boot/bootmgfw.efi


And lastly, when booting up, the stock kernel goes from "Loading Linux" to showing the boot logs way quicker, comparing the dmesg outputs from both kernels, the boot times seem the same, but my config keeps me in black screen for longer.

Here is my kernel config, any help and feedback would be greatly appreciated! :D
Back to top
View user's profile Send private message
grknight
Retired Dev
Retired Dev


Joined: 20 Feb 2015
Posts: 1912

PostPosted: Thu May 02, 2024 11:10 pm    Post subject: Reply with quote

Nothing here is a problem. Just normal operation.

The root partition thing is because the kernel "guesses" the type unless passed rootfstype then it expects to mount once or fail.
The gentoo-kernel build requires an initramfs, namely dracut built. dracut discovers things a bit quicker but not by much.

It wouldn't hurt to increase NR_CPUS to 32 in the kernel config. It may even give a performance boost.
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Thu May 02, 2024 11:16 pm    Post subject: Reply with quote

grknight wrote:
Nothing here is a problem. Just normal operation.

The root partition thing is because the kernel "guesses" the type unless passed rootfstype then it expects to mount once or fail.
The gentoo-kernel build requires an initramfs, namely dracut built. dracut discovers things a bit quicker but not by much.

It wouldn't hurt to increase NR_CPUS to 32 in the kernel config. It may even give a performance boost.


I see, I will increase NR_CPUS then. The only real problem here would be os-prober acting up under the custom kernel and the weird delay for the kernel to give me a image.
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria

PostPosted: Fri May 03, 2024 1:12 am    Post subject: Reply with quote

You almost have a perfect kernel configuration ... I might think you have configured according to my instructions (*) ... I would like to add the following:

Code:
1.
CONFIG_EXPERT=y
2.
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
3.
CONFIG_HZ_1000=y
# CONFIG_HZ_300 is not set
4.
# CONFIG_X86_AMD_PSTATE is not set
# CONFIG_X86_AMD_PSTATE_UT is not set
5.
# CONFIG_MODULES is not set
6.
CONFIG_BLK_DEBUG_FS=y
7.
CONFIG_EXTRA_FIRMWARE="amdgpu/dimgrey_cavefish_sos.bin amdgpu/dimgrey_cavefish_ta.bin amdgpu/dimgrey_cavefish_smc.bin amdgpu/dimgrey_cavefish_dmcub.bin amdgpu/dimgrey_cavefish_pfp.bin amdgpu/dimgrey_cavefish_me.bin amdgpu/dimgrey_cavefish_ce.bin amdgpu/dimgrey_cavefish_rlc.bin amdgpu/dimgrey_cavefish_mec.bin amdgpu/dimgrey_cavefish_mec2.bin amdgpu/dimgrey_cavefish_vcn.bin amdgpu/dimgrey_cavefish_sdma.bin rtl_nic/rtl8125b-2.fw"
8.
CONFIG_DEBUG_DEVRES=y
9.
# CONFIG_USB_UAS is not set
10.
CONFIG_AMD_PTDMA
11.
CONFIG_AMD_IOMMU_V2=y

1. Yes ;-)
2. Some AMD machines need this (even it is not a notebook; enabling it doesnt hurt)
3. You know you will have 1000 interrupts in a second for EVERY cpu core ... = 16.000 (or 32.000). Because you have hires timers, I dont think you will need it; 300 is sufficient - maybe also only 100 (you can check it with watching a 4k video; if there is no problem then everything is allright)
4. Doesn't these work for your AMD CPU ?
5. Yes ;-) (I have also a monolithic kernel) With modules support you would be able to enable XFS static into your kernel and all other filesystems as module. Without module support you should set the kernel command line parameter "rootfstype=" (as @grknight already said). See here: https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
6. I am not an fan of debugs. Okay it cost nearly no performance but it is a security problem. Of course it is your decision.
7. I am missing the CPU microcode. https://wiki.gentoo.org/wiki/AMD_microcode
8. This one is even worse than (6.)
9. Enable it
10. Are you sure your machine doesnt have it ?
11. Yes, this is correct. Please don't be surprised if it no longer exists with the next major kernel version (because it was dropped with 6.7).


*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.6

.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Fri May 03, 2024 1:20 am    Post subject: Reply with quote

pietinger wrote:
You almost have a perfect kernel configuration ... I might think you have configured according to my instructions (*) ... I would like to add the following:

Code:
1.
CONFIG_EXPERT=y
2.
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
3.
CONFIG_HZ_1000=y
# CONFIG_HZ_300 is not set
4.
# CONFIG_X86_AMD_PSTATE is not set
# CONFIG_X86_AMD_PSTATE_UT is not set
5.
# CONFIG_MODULES is not set
6.
CONFIG_BLK_DEBUG_FS=y
7.
CONFIG_EXTRA_FIRMWARE="amdgpu/dimgrey_cavefish_sos.bin amdgpu/dimgrey_cavefish_ta.bin amdgpu/dimgrey_cavefish_smc.bin amdgpu/dimgrey_cavefish_dmcub.bin amdgpu/dimgrey_cavefish_pfp.bin amdgpu/dimgrey_cavefish_me.bin amdgpu/dimgrey_cavefish_ce.bin amdgpu/dimgrey_cavefish_rlc.bin amdgpu/dimgrey_cavefish_mec.bin amdgpu/dimgrey_cavefish_mec2.bin amdgpu/dimgrey_cavefish_vcn.bin amdgpu/dimgrey_cavefish_sdma.bin rtl_nic/rtl8125b-2.fw"
8.
CONFIG_DEBUG_DEVRES=y
9.
# CONFIG_USB_UAS is not set
10.
CONFIG_AMD_PTDMA
11.
CONFIG_AMD_IOMMU_V2=y

1. Yes ;-)
2. Some AMD machines need this (even it is not a notebook; enabling it doesnt hurt)
3. You know you will have 1000 interrupts in a second for EVERY cpu core ... = 16.000 (or 32.000). Because you have hires timers, I dont think you will need it; 300 is sufficient - maybe also only 100 (you can check it with watching a 4k video; if there is no problem then everything is allright)
4. Doesn't these work for your AMD CPU ?
5. Yes ;-) (I have also a monolithic kernel) With modules support you would be able to enable XFS static into your kernel and all other filesystems as module. Without module support you should set the kernel command line parameter "rootfstype=" (as @grknight already said). See here: https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
6. I am not an fan of debugs. Okay it cost nearly no performance but it is a security problem. Of course it is your decision.
7. I am missing the CPU microcode. https://wiki.gentoo.org/wiki/AMD_microcode
8. This one is even worse than (6.)
9. Enable it
10. Are you sure your machine doesnt have it ?
11. Yes, this is correct. Please don't be surprised if it no longer exists with the next major kernel version (because it was dropped with 6.7).


*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.6

.


Thanks for the reply! Right now I can't look into everything, but as for points 4 and 7, I tried enabling amd pstate, it didn't work out of the box, it was asking for some kernel parameters and I didn't really want to look into that, and for 7, I forgot to add it! Thanks for pointing that out. I will check the other points whenever i can. Thanks for the suggestions!
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Fri May 03, 2024 1:22 am    Post subject: Reply with quote

pietinger wrote:
You almost have a perfect kernel configuration ... I might think you have configured according to my instructions (*) ... I would like to add the following:

Code:
1.
CONFIG_EXPERT=y
2.
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
3.
CONFIG_HZ_1000=y
# CONFIG_HZ_300 is not set
4.
# CONFIG_X86_AMD_PSTATE is not set
# CONFIG_X86_AMD_PSTATE_UT is not set
5.
# CONFIG_MODULES is not set
6.
CONFIG_BLK_DEBUG_FS=y
7.
CONFIG_EXTRA_FIRMWARE="amdgpu/dimgrey_cavefish_sos.bin amdgpu/dimgrey_cavefish_ta.bin amdgpu/dimgrey_cavefish_smc.bin amdgpu/dimgrey_cavefish_dmcub.bin amdgpu/dimgrey_cavefish_pfp.bin amdgpu/dimgrey_cavefish_me.bin amdgpu/dimgrey_cavefish_ce.bin amdgpu/dimgrey_cavefish_rlc.bin amdgpu/dimgrey_cavefish_mec.bin amdgpu/dimgrey_cavefish_mec2.bin amdgpu/dimgrey_cavefish_vcn.bin amdgpu/dimgrey_cavefish_sdma.bin rtl_nic/rtl8125b-2.fw"
8.
CONFIG_DEBUG_DEVRES=y
9.
# CONFIG_USB_UAS is not set
10.
CONFIG_AMD_PTDMA
11.
CONFIG_AMD_IOMMU_V2=y

1. Yes ;-)
2. Some AMD machines need this (even it is not a notebook; enabling it doesnt hurt)
3. You know you will have 1000 interrupts in a second for EVERY cpu core ... = 16.000 (or 32.000). Because you have hires timers, I dont think you will need it; 300 is sufficient - maybe also only 100 (you can check it with watching a 4k video; if there is no problem then everything is allright)
4. Doesn't these work for your AMD CPU ?
5. Yes ;-) (I have also a monolithic kernel) With modules support you would be able to enable XFS static into your kernel and all other filesystems as module. Without module support you should set the kernel command line parameter "rootfstype=" (as @grknight already said). See here: https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
6. I am not an fan of debugs. Okay it cost nearly no performance but it is a security problem. Of course it is your decision.
7. I am missing the CPU microcode. https://wiki.gentoo.org/wiki/AMD_microcode
8. This one is even worse than (6.)
9. Enable it
10. Are you sure your machine doesnt have it ?
11. Yes, this is correct. Please don't be surprised if it no longer exists with the next major kernel version (because it was dropped with 6.7).


*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.6

.


And you're correct! I followed your tutorial! Thank you for that, it was really helpful!
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria

PostPosted: Fri May 03, 2024 1:27 am    Post subject: Reply with quote

GBember wrote:
And you're correct! I followed your tutorial! Thank you for that, it was really helpful!

You are very Welcome ! :D

Have fun with Gentoo ! 8)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Fri May 03, 2024 2:06 am    Post subject: Reply with quote

I applied the fixes suggested here

Apparently all my concerns from dmesg are gone, like the smpboot and FS mount errors

But os-prober still acts weirdly under the custom kernel
Code:
lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda           8:0    0 447.1G  0 disk
├─sda1        8:1    0   100M  0 part
├─sda2        8:2    0    16M  0 part
├─sda3        8:3    0 446.3G  0 part
└─sda4        8:4    0   768M  0 part
sdb           8:16   0   1.8T  0 disk
└─sdb1        8:17   0   1.8T  0 part /hdd
nvme0n1     259:0    0 465.8G  0 disk
├─nvme0n1p1 259:1    0     1G  0 part /efi
├─nvme0n1p2 259:2    0    24G  0 part [SWAP]
└─nvme0n1p3 259:3    0 440.8G  0 part /


Code:
sudo os-prober
Password:
/dev/nvme0n1p3:Gentoo Linux:Gentoo:linux
/dev/sda1@/efi/Microsoft/Boot/bootmgfw.efi:Windows Boot Manager:Windows:efi


And the delay between "Loading Linux" and any log appearing on screen still remains.
Back to top
View user's profile Send private message
xgivolari
Tux's lil' helper
Tux's lil' helper


Joined: 26 Jul 2021
Posts: 102

PostPosted: Fri May 03, 2024 6:00 am    Post subject: Reply with quote

On AMD Zen Platforms, these kernel config options are usually a safe bet:
Code:
CONFIG_CRYPTO_DEV_CCP #enables support for the AMD cryptographic co-processor
CONFIG_GPIO_AMDPT support #support for AMD Promontory GPIO

If you have a Zen 3 or newer CPU, you can enable these:
Code:
CONFIG_X86_KERNEL_IBT
CONFIG_X86_USER_SHADOW_STACK

This message:
Code:
ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored

means everything is working as intended. Some BIOSes query if they are booting Linux to decide which features to expose. This is extremely unreliable and should only be honored if something is not working correctly without it. By default, the Linux kernel pretends to be all Windows versions at once, for maximum compatibility.
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Fri May 03, 2024 9:30 am    Post subject: Reply with quote

xgivolari wrote:
On AMD Zen Platforms, these kernel config options are usually a safe bet:
Code:
CONFIG_CRYPTO_DEV_CCP #enables support for the AMD cryptographic co-processor
CONFIG_GPIO_AMDPT support #support for AMD Promontory GPIO

If you have a Zen 3 or newer CPU, you can enable these:
Code:
CONFIG_X86_KERNEL_IBT
CONFIG_X86_USER_SHADOW_STACK

This message:
Code:
ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored

means everything is working as intended. Some BIOSes query if they are booting Linux to decide which features to expose. This is extremely unreliable and should only be honored if something is not working correctly without it. By default, the Linux kernel pretends to be all Windows versions at once, for maximum compatibility.


Thanks for the reply! I enabled the first 2 options, but the other ones I don't think I actually need them, according to Pietinger's tutorial, I only need to enable IBT when IBRS/IBPB: indirect branch restrictions returns true on cpuid, but it returns false on my system, my CPU is a Ryzen 7 5700x, do you know if it should have returned true? And what about Shadow Stack, is there any way to verify my CPU actually supports it?
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria

PostPosted: Fri May 03, 2024 12:35 pm    Post subject: Reply with quote

GBember wrote:
And the delay between "Loading Linux" and any log appearing on screen still remains.

If you compare the dmesg of your kernel with the dmesg of our dist-kernel you will see that some modules are now loaded BEFORE console (because you have enabled them static) ... in dist-kernel many modules are configured as <M>odule and then these will be loaded after console.

GBember wrote:
[...] And what about Shadow Stack, is there any way to verify my CPU actually supports it?

Have a look into this chapter: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Kernel_Hardening_with_KSPP#KSPP_2024-04-26 ;-)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Fri May 03, 2024 12:48 pm    Post subject: Reply with quote

pietinger wrote:
GBember wrote:
And the delay between "Loading Linux" and any log appearing on screen still remains.

If you compare the dmesg of your kernel with the dmesg of our dist-kernel you will see that some modules are now loaded BEFORE console (because you have enabled them static) ... in dist-kernel many modules are configured as <M>odule and then these will be loaded after console.

GBember wrote:
[...] And what about Shadow Stack, is there any way to verify my CPU actually supports it?

Have a look into this chapter: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Kernel_Hardening_with_KSPP#KSPP_2024-04-26 ;-)


I see, if it even is possible the kernel loading order, should I change it?
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria

PostPosted: Fri May 03, 2024 12:57 pm    Post subject: Reply with quote

GBember wrote:
I see, if it even is possible the kernel loading order, should I change it?

No. The only way to change the order kernel is loading modules is: Changing from statically configured to <M>odule ... which is not possible with a monolithic kernel. (So, yes, you have no influence in which order kernel initalise its modules).
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5095
Location: Bavaria

PostPosted: Fri May 03, 2024 1:00 pm    Post subject: Reply with quote

P.S.: You could enable some option (earlycon) to see some output sooner ... but do you really need it ? I am even using the kernel command line paramter "quiet" to have a more clean screen when booting ... If I really want check something I can see every message in "dmesg" later.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
GBember
n00b
n00b


Joined: 04 Apr 2024
Posts: 20

PostPosted: Fri May 03, 2024 1:16 pm    Post subject: Reply with quote

pietinger wrote:
P.S.: You could enable some option (earlycon) to see some output sooner ... but do you really need it ? I am even using the kernel command line paramter "quiet" to have a more clean screen when booting ... If I really want check something I can see every message in "dmesg" later.


Maybe I'm worrying too much because the kernel is behaving slightly different from gentoo-kernel. Thanks for all the help!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum