mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-09 01:30:10 +08:00
Merge pull request #347 from geekpi/master
[Translated] 09 The Linux Kernel--Configuring the Kernel Part 5
This commit is contained in:
Xingyu.Wang
commit
282f419352
@ -20,7 +20,7 @@
|
||||
- make allyesconfig - 这个选项将会创建一份尽可能多的问题回答都为‘yes’的配置文件。
|
||||
- make allmodconfig - 这个选项将会创建一份将尽可能多的内核部分配置为模块的配置文件。
|
||||
|
||||
> 注意:内核代码可以放进内核自身,也可以成为一个模块。例如,用户可以将蓝牙驱动作为一个模块加入(独立于内核),或者直接放到内核栗,或者完全不加蓝牙驱动。当代码放到内核本身时,内核将会请求更多的内存并且启动会花费更长的时间。然而,内核会执行的更好。如果代码作为模块加入,代码将会一直存在于硬盘上直到被需要时加载。接着模块被加载到内存中。这可以减少内核的内存使用并减少启动的时间。然而,因为内核和模块在内存上相互独立所以会影响内核的性能。另一种选择是不添加一些代码。举例来说,内核开发人员假如知道系统永远都不会使用蓝牙设备,因此这个驱动就可以不加到内核中。这提升了内核的性能。然而,如果用户之后需要蓝牙设备,那么他么需要安装蓝牙模块或者升级内核才行。
|
||||
> 注意:内核代码可以放进内核自身,也可以成为一个模块。例如,用户可以将蓝牙驱动作为一个模块加入(独立于内核),或者直接放到内核里,或者完全不加蓝牙驱动。当代码放到内核本身时,内核将会请求更多的内存并且启动会花费更长的时间。然而,内核会执行的更好。如果代码作为模块加入,代码将会一直存在于硬盘上直到被需要时加载。接着模块被加载到内存中。这可以减少内核的内存使用并减少启动的时间。然而,因为内核和模块在内存上相互独立所以会影响内核的性能。另一种选择是不添加一些代码。举例来说,内核开发人员假如知道系统永远都不会使用蓝牙设备,因此这个驱动就可以不加到内核中。这提升了内核的性能。然而,如果用户之后需要蓝牙设备,那么他么需要安装蓝牙模块或者升级内核才行。
|
||||
|
||||
- make allnoconfig - 这个选项只会生成内核所必要代码的配置文件。它对尽可能多的问题都回答no。这有时会导致内核无法工作在为编译该内核的硬件上。
|
||||
- make randconfig - 这个选项会对内核选项随机选择(译注:这是做什么用途的?!)。
|
||||
|
||||
@ -1,110 +0,0 @@
|
||||
Translating------------------geekpi
|
||||
|
||||
09 The Linux Kernel: Configuring the Kernel Part 5
|
||||
================================================================================
|
||||
|
||||
|
||||
The Linux kernel is large with numerous features that can be configured. There are still many more features that can be configured.
|
||||
|
||||
The next kernel feature that can be configured is a x86 random number generator (x86 architectural random number generator (ARCH_RANDOM)). Remember, we are configuring the kernel source code for an AMD64 system. This number generator uses the x86 RDRAND instructions for Intel processors. It is not necessary for general use, so I will disable this for a more lightweight kernel.
|
||||
|
||||
Next, we can enable or disable "Supervisor Mode Access Prevention (X86_SMAP)". This is a security feature used by some Intel processors. SMAP will only allow the kernel to access user-space in some instances. This helps to protect user-space. There is a performance and size cost if enabled, but the cost is small. Since I am configuring for an AMD system, I will disable this feature.
|
||||
|
||||
|
||||
Developers can enable "EFI runtime service support (EFI)". Only enable this on systems with EFI firmware. With this feature, the kernel can use available EFI services. EFI is a specification of how the operating system interacts with the hardware, so EFI firmware is hardware code that uses this specification. I disabled the support since I do not have a system with EFI firmware.
|
||||
|
||||
This is a useful security method that should be enabled (Enable seccomp to safely compute untrusted bytecode (SECCOMP)). This security feature is used with number crunching applications (software that performs extensive calculations) that use untrusted bytecode. Bytecode (p-code/portable code) is code that is made to be read efficiently by an interpreter. Bytecode is not source code, but it is not assembly or binary code either. Untrusted code is code that may cause system/data damage. The untrusted bytecode that may ruin the system or harm data are isolated in a separate address space via seccomp. This is done by using file descriptors as methods of transport. In general, it is best to enable security features even at the cost of performance unless you are making a kernel that absolutely needs incredible performance abilities.
|
||||
|
||||
Here is another security feature (Enable -fstack-protector buffer overflow detection (CC_STACKPROTECTOR)). A buffer overflow (buffer overrun) is where data is written past its memory boundary and into adjacent memory. This can be a security threat. Some malware uses buffer overruns to exploit systems. Enabling this will use the "-fstack-protector" GCC parameter. GCC is a Linux compiler; this compiler will compile the kernel when you are done configuring the options. This compiler parameter will add a canary value (special security code) on the stack just before the return address. The value is validated before the return. When a buffer overflow occurs, the canary value will get overwritten. When this happens, a kernel panic is initiated. As many know, a kernel panic means the system will crash, but that is better than the system or data being permanently ruined. With a kernel panic, the system can be rebooted, but if a buffer overrun gains a chance to damage the system, a simple reboot will not fix the destruction. You must compile the kernel with GCC version 4.2 or higher to support the parameter.
|
||||
|
||||
NOTE: To figure out what version you have, type “gcc --version” in the command-line.
|
||||
|
||||
After that, we can configure the timer frequency. The configuration tool recommends 250Hz, so we will use that value.
|
||||
|
||||
Timer frequency
|
||||
1. 100 HZ (HZ_100)
|
||||
> 2. 250 HZ (HZ_250)
|
||||
3. 300 HZ (HZ_300)
|
||||
4. 1000 HZ (HZ_1000)
|
||||
choice[1-4?]: 2
|
||||
|
||||
Using 1000HZ is generally considered too fast for many systems. The timer frequency determines how often the timer interrupt is used. This helps the system operate on a timeline. Applications do not just execute a command randomly. Rather, they wait until a timer interrupt has gone off. This keeps process organized and structured. The time between interrupts on a timer frequency of 100HZ is 10ms, 250HZ is 4ms, and 1000HZ is 1ms. Now, many developers will instantly think that 1000HZ is the best. Well, it depends what effects you will be fine with. A large timer frequency means more power consumption and with more energy being utilized, more heat will be produced. More heat means the hardware may wear down faster.
|
||||
|
||||
NOTE: If a particular feature does not matter to you specifically or you are not sure what to choose, use the default value chosen by the configuration tool. For example, for the kernel that I am making, it does not matter to me which timer value to use. In summary, if you do not have a specific reason to select any of the choices, the default is fine.
|
||||
|
||||
This interesting system call may be useful to some users (kexec system call (KEXEC)). The kexec call shuts down the current kernel to start another or restart the current. The hardware is not powered-off and this call works without help from the firmware. The bootloader is not executed. (The bootloader is the software that starts the operating system) This restart takes place at the level of the operating system not the hardware. Using this system call is faster than performing a standard power-off or restart. This keeps the hardware on. This system call will not work on all systems. For maximum performance, enable hotplugging.
|
||||
|
||||
To use kexec, use the command below replacing “<kernel-image>” with the kernel that will be used after reboot. Also, replace “<command-line-options>” with some of those kernel parameters we had discussed previously. (I will go into greater depth in a later article.)
|
||||
|
||||
kexec -l <kernel-image> --append="<command-line-options>”
|
||||
|
||||
Specifically, I would type “kexec -l /boot/vmlinuz-3.8.0-27-generic –append="root=/dev/sda1””
|
||||
|
||||
NOTE: The hardware does need to be reset sometimes, so do not depend on kexec entirely.
|
||||
|
||||
Next, we have a debugging feature that works with kexec (kernel crash dumps (CRASH_DUMP)). When kexec is called, a crash dump is generated. Unless you need to debug kexec, this is not needed. I disabled this feature.
|
||||
|
||||
Again, we have another kexec feature (kexec jump (KEXEC_JUMP)). kexec jump allows users to switch between the original kernel and the one started by kexec.
|
||||
|
||||
It is best to use the default value for the address the kernel starts (Physical address where the kernel is loaded (PHYSICAL_START) [0x1000000]).
|
||||
|
||||
This next kernel option (Build a relocatable kernel (RELOCATABLE)) allows the kernel to be placed somewhere else in the memory. The kernel file will be 10% larger, but this excess is removed from memory on execution. Many may wonder why this is important. Before kernel 2.6.20, rescue kernel had to be configured and compiled differently to be able to run on a different memory address. After this feature was invented, developers no longer needed to make two kernels. A rescue kernel will not load where the first kernel is/was loaded because that portion of memory is occupied or corrupted. (If you are using a rescue kernel then obviously the first kernel had errors)
|
||||
|
||||
This feature should be enabled on systems where CPUs can be added unless there is a specific reason for not doing so (Support for hot-pluggable CPUs (HOTPLUG_CPU)). The configuration tool may auto-enable this ability. With this feature, you can active/deactivate a CPU on a system that has many processors. This does not mean adding a new CPU to a system. All CPUs must already be in the system.
|
||||
|
||||
The next option will allow us to set whether the above ability is enabled by default (Set default setting of cpu0_hotpluggable (BOOTPARAM_HOTPLUG_CPU0)). It is better to have this feature inactive for performance purposes until it is needed.
|
||||
|
||||
This debugging feature allows developers to debug the CPU hotplug abilities (Debug CPU0 hotplug (DEBUG_HOTPLUG_CPU0)). I disabled this feature.
|
||||
|
||||
To support older versions of glibc (<2.3.3), enable this feature (Compat VDSO support (COMPAT_VDSO)). This will apply the old-style address via map on the 32-bit VDSO. Glibc is Gnu C LIBrary; this is the GNU Project's implementation of the C standard library.
|
||||
|
||||
If the system the kernel is intended for lacks a fully functional boot-loader, then enable this feature (Built-in kernel command line (CMDLINE_BOOL)). This will allow users to use a command-line on the kernel itself so administrators can fix kernel issues. If the bootloader has a command-line (like Grub), then this feature is not needed.
|
||||
|
||||
Now, we can configure ACPI and power. First, we are given the choice to allow the system to suspend to RAM (Suspend to RAM and standby (SUSPEND)). Advanced Configuration and Power Interface (ACPI) is an open standard for device configuration and power management. Suspending a system places data on RAM and the hardware goes into a low-power state. The system is not shutdown entirely. This is useful if a user needs to put the computer in a low-power state but wants to retain the currently open applications. Shutting-down a system completely powers off a system and clears the memory.
|
||||
|
||||
Next, we can enable hibernation (Hibernation (aka 'suspend to disk') (HIBERNATION)). Hibernation is like suspend mode, but all data in the memory is saved to the hard-drive and the device is completely powered-off. This allows the user to continue using their open applications when the system is powered back on.
|
||||
|
||||
Here, we can set the default resume partition (Default resume partition (PM_STD_PARTITION)). Very few developers and administrators will need this feature. When a system returns from hibernation, it will load off of the default resume partition.
|
||||
|
||||
After that, we can enable "Opportunistic sleep (PM_AUTOSLEEP)". This lets the kernel to initiate suspend or sleep mode when no active wakeup calls are called. This means that an idling system will initiate suspend mode to save energy. I enabled this feature.
|
||||
Next, we are asked about "User space wakeup sources interface (PM_WAKELOCKS)". Enabling this will allow wakeup source objects to be activated, deactivated, and created by the user space via a sysfs-based interface. Wakeup source objects track the source of wakeup events.
|
||||
|
||||
Sysfs is a virtual filesystem located /sys/. This virtual filesystem contains information about devices. When going to /sys/, it appears to be part of the hard-drive, but this is really a mount point. The files are actually found in the memory. This is the same concept for /proc/.
|
||||
|
||||
NOTE: “/sysfs/” is a folder while “/sysfs” would be a file on the root named “sysfs”. Many Linux users mix up the two naming conventions.
|
||||
|
||||
If the above option is enabled, then you can set the "Maximum number of user space wakeup sources (0 = no limit) (PM_WAKELOCKS_LIMIT)". It may be best to select the default. Then, you can enable the garbage collector (Garbage collector for user space wakeup sources (PM_WAKELOCKS_GC)). Garbage collection is a memory management method.
|
||||
|
||||
NOTE: On systems that need more memory, it is usually best in most cases to enable as many garbage collectors as possible. Otherwise, the memory will fill up faster and be disorganized.
|
||||
|
||||
The next power option concerns IO devices (Run-time PM core functionality (PM_RUNTIME)). This option will permit IO hardware to go into low power states on run time. The hardware must allow this feature; not all hardware will do this.
|
||||
|
||||
As with many other components of the kernel, the power-management code also has debugging support, if enabled (Power Management Debug Support). I will disable this option.
|
||||
|
||||
NOTE: Notice that the options/questions from the configuration tool that I quote/display are no longer showing the option code (the letters in all caps between the parenthesis). This is because I am no using the ncurses-based configuration tool (make menuconfig) instead of the default tool to get the options/settings/questions. Remember, “make config” lacks the ability to save the current progress.
|
||||
|
||||
After that, the configuration tool will enable "ACPI (Advanced Configuration and Power Interface) Support". It is best to allow this power management specification. Usually, the configuration file will enable this feature.
|
||||
|
||||
To allow backwards compatibility, enable "Deprecated /proc/acpi files". The new implementation uses the newer functions in /sys/. I disabled this option. A similar question asks about "Deprecated power /proc/acpi directories". Usually, if you disable the files, you will not need the folders, so I disabled them. Some older applications may use these files and folders. If you are compiling a new kernel for an old Linux system, it may be best to enable this option.
|
||||
|
||||
Next, we have another file interface that can be enabled/disabled (EC read/write access through). This will create an embedded controller interface in /sys/kernel/debug/ec/. Embedded controllers usually are found in laptops to read the sensors. The Linux kernel accesses the embedded controllers through ACPI code given by the BIOS tables of the system.
|
||||
|
||||
Here is another old feature that can be enabled for backwards compatibility (Deprecated /proc/acpi/event support). The acpid daemon may read /proc/acpi/event to manage ACPI-generated events. Instead of this interface, the daemon uses netlink events or input layer to get these events to the user-space. The acpid daemon manages ACPI events.
|
||||
|
||||
The next option allows developers to enable a feature that will inform the kernel whether it is using AC or battery (AC adapter). The next option provides battery information from /proc/acpi/battery/ (Battery).
|
||||
|
||||
To allow the kernel to behave differently when the power/sleep button is pressed or when the lid is closed, enable this option (Button). These events are controlled in /proc/acpi/event/. For instance, this will make the system suspend when the laptop lid is closed if in the user account power options such a behavior is enabled. On many Linux distros, users can go to the system settings to make the laptop stop suspending when the lid is closed.
|
||||
|
||||
The next ACPI extension to be enable/disabled is for video adapters (Video).
|
||||
|
||||
ACPI fans can be enabled/disabled (Fan). It is best to enable ACPI fans management. This will help to conserve energy.
|
||||
|
||||
We are getting further in configuring the kernel, but there is still more to do in the next articles.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.linux.org/threads/the-linux-kernel-configuring-the-kernel-part-5.4424/
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
@ -1,97 +0,0 @@
|
||||
10 The Linux Kernel: Configuring the Kernel Part 6
|
||||
================================================================================
|
||||
|
||||
|
||||
Welcome to the next article on configuring the Linux kernel! There are still numerous options to configure. This particular article will mainly discuss configuring PCI and ACPI.
|
||||
|
||||
Here, we can enable support for ACPI-controlled docking stations and removable drive bays (Dock). Remember, ACPI (Advanced Configuration and Power Management Interface) is a power management system. A docking station is a device that allows extra devices to be plugged in through extra ports. A docking station may contain many various ports and connectors. So, an ACPI-controlled docking station is a docking station that has its power managed by ACPI. A drive bay is a set of hardware for adding hard-drives. This too can be managed by ACPI.
|
||||
|
||||
Next, we can allow ACPI to be used as the idle manager for the CPU (Processor). This will cause the processor to enter the ACPI C2 and C3 states when idle. This will save power and reduce the temperature of the CPU chip. Processors only idle when they are 100% free. No application must request CPU resources for a set period of time.
|
||||
|
||||
There are four CPU power states – C0, C1, C2, and C3. C0 is the active operating state. C1 (Halt) is an active state that is not executing instructions, but can do so instantly. C2 (Stop-Clock) is a powered down state. C3 (Sleep) is more powered down than C2. In C3, the cache is now longer synchronized or managed until the CPU leaves this state. There is a fifth state called C1E (Enhanced Halt State) that has lower power consumption.
|
||||
|
||||
If the IPMI driver is enabled, then ACPI can access the BMC controller (IPMI). A Baseboard Management Controller is a microcontroller that manages the connection between the software and hardware. The Intelligent Platform Management Interface (IPMI) is a framework for managing the computer through a direct network at the hardware level rather than going through a login shell or the operating system.
|
||||
|
||||
The ACPI v4.0 process aggregator allows the kernel to apply a CPU configuration to all processors on the system (Processor Aggregator). As of ACPI v4.0, only idling can be configured with this method.
|
||||
|
||||
After that, the ACPI thermal zone can be enabled (Thermal Zone). Most hardware supports this feature. This allows the fan's power to be managed by ACPI.
|
||||
|
||||
A custom DSDT can be linked to the kernel if this option is enabled (Custom DSDT Table file to include). In this setting, the developer must include the full path name to the file. The Differentiated System Description Table is a file that contains the system's information for supported power events. It is not required to enter a path name. These tables exist on the firmware. The kernel will handle this for you. The main purpose for this is if a developer need to use tables that are different from ones that are built-in to a device.
|
||||
|
||||
Arbitrary ACPI tables can be overridden using initrd (ACPI tables override via initrd). ACPI tables are basically rules and instructions on how to control and interact with the hardware.
|
||||
|
||||
Like all other parts of the kernel, the ACPI system can also generate debugging messages (Debug Statements). Like other debugging features, you may want to disable this and save about fifty kilobytes.
|
||||
|
||||
Enabling this next feature will create files (/sys/bus/pci/slots/) for each PCI slot detected on the system (PCI slot detection driver). A PCI slot is a port on a PCI motherboard that allows users to attach other PC devices. PCI is a type of motherboard. PCI refers to the way the components communicate with one another. Some applications may need these files.
|
||||
|
||||
The power management timer is another power-managing system (Power Management Timer Support). This is one of many system timers for keeping track of time. This one requires less power. The processor idling, voltage/frequency scaling, and throttling do not effect this timer. Numerous systems require this feature to be enabled.
|
||||
|
||||
Next, ACPI module and container device drivers can be enabled (Container and Module Devices). This enables hotplug support for processors, memory, and nodes. This is needed for NUMA systems.
|
||||
|
||||
This following driver offers support for ACPI memory hotplugging (Memory Hotplug). Some devices will not support hotpluggable memory even with this driver enabled. If this driver is added as a module, the module will be called acpi_memhotplug.
|
||||
|
||||
NOTE: For the kernel to have a particular feature, the hardware, BIOS, and firmware must support the feature in question. Some systems have a BIOS that does not control the hardware much. This type of BIOS will not restrict features often. If the kernel does have a particular feature, the hardware must have the ability to complete such a task.
|
||||
|
||||
The Smart Battery System driver offers access to the battery's status and information (Smart Battery System).
|
||||
|
||||
Next, we have a driver for a "Hardware Error Device". This device reports hardware errors through SCI. Usually, most of the reports will be on corrected errors.
|
||||
|
||||
Here is another ACPI debugging feature (Allow ACPI methods to be inserted/replaced at run time). This permits ACPI AML methods to be managed without rebooting the system. AML stands for ACPI Machine Language. With this debugging feature, the AML code can be changed and tested with requiring a reboot.
|
||||
|
||||
APEI is the ACPI error interface (ACPI Platform Error Interface (APEI)). APEI reports errors from the chipset to the operating system. This error interface also offers error injection abilities.
|
||||
|
||||
The hardware's firmware can send messages to the operating system when "SFI (Simple Firmware Interface) Support" is enabled. The firmware communicates with the operating system through static tables in memory. SFI-only computers will require this feature for the kernel to work.
|
||||
|
||||
To be able to change the processor's clock speed on runtime, enable this feature (CPU Frequency scaling). CPU frequency scaling means changing the processor's clock speed. This driver can be used to lower the clock speed to conserve power.
|
||||
|
||||
Next, is another power management subsystem (CPU idle PM support). When the processor is not active, it is best that it idles in an efficient way to reduce power consumption and reduce wear-and-tear on the CPU. Reduced power consumption will also lower the heat production from the the internal components.
|
||||
|
||||
The Linux kernel offers many CPU idle drivers. On systems with multiple processors, some users may have a reason to use a different driver on each CPU (Support multiple cpuidle drivers). Enabling this driver will allow users to set a different driver to each processor.
|
||||
|
||||
For Intel processors, the kernel has a driver specific for managing the idleness of such CPU chips (Cpuidle Driver for Intel Processors).
|
||||
|
||||
When the memory chips are idle, those can also use reduced power (Intel chipset idle memory power saving driver). This driver is specific for Intel devices with IO AT support.
|
||||
|
||||
Different computers use different types of motherboards (PCI support). One type is PCI. This driver will allow the kernel to run on PCI motherboards.
|
||||
|
||||
Next, we can enable/disable "Support mmconfig PCI config space access".
|
||||
|
||||
After that, we have an option of enabling/disabling a driver for host bridge windows (Support mmconfig PCI config space access). WARNING: This driver is incomplete (at least in kernel version 3.9.4)
|
||||
|
||||
As mentioned above, there are other types of motherboards. This next option offers a driver for "PCI Express (PCIe) support". PCIe is an improved and faster version of PCI.
|
||||
|
||||
After that, this following driver should be enabled to allow hotplugging on PCIe motherboards (PCI Express Hotplug driver).
|
||||
|
||||
Next, we can enable/disable error reporting for PCIe motherboards (Root Port Advanced Error Reporting). This is the PCI Express AER driver.
|
||||
|
||||
This next feature can allow users to override BIOS and firmware settings for PCIe ECRC (PCI Express ECRC settings control). In the next option, there is an error injector for PCIe (PCIe AER error injector support).
|
||||
|
||||
The following setting offers the operating system control over PCIe active state and clock power management (PCI Express ASPM control). Normally, the firmware would control the ASPM, but this feature allows the operating system to take control.
|
||||
|
||||
Again, like so many components of the kernel, there is debugging support for ASPM (Debug PCI Express ASPM).
|
||||
|
||||
Next, in this menu, select the "Default ASPM policy".
|
||||
|
||||
After that choice, the next one is about allowing device drivers to enable Message Signaled Interrupts (MSI). It is usually best to allow devices to send the CPU interrupts.
|
||||
|
||||
To add numerous debugging messages to the system log, enable "PCI Debugging".
|
||||
|
||||
This next setting allows the PCI core to detect if it needs to enable PCI resource re-allocation (Enable PCI resource re-allocation detection).
|
||||
|
||||
When hosting a virtual operating system on Linux, it can sometimes help to reserve a PCI device for the virtual OS (PCI Stub driver). With operating system virtualization, one OS is running inside or beside another operating system. Sometimes they can compete for resources. Being able to reserve a device for the guest system (the virtual OS) can reduce competition and increase performance.
|
||||
|
||||
The next driver offered allows hypertransport devices to use interrupts (Interrupts on hypertransport devices). Hypertransport is a bus system/protocol for high-speed communication between processors.
|
||||
|
||||
This next driver for PCI virtualization allows virtual devices to be made that share their owned physical resources (PCI IOV support).
|
||||
|
||||
The PCI Page Request Interface (PRI) gives PCI devices that are behind an IOMMU (input/output memory management unit) to recover from page faults (PCI PRI support). A page fault is not an error; it refers to the event of software trying to access data not on physical memory.
|
||||
|
||||
Again, there are still more features to configure in the Linux kernel as you will see in the following articles.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.linux.org/threads/the-linux-kernel-configuring-the-kernel-part-6.4457/
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
2
sources/The Linux Kernel/11 The Linux Kernel--Configuring the Kernel Part 7.md
Normal file → Executable file
2
sources/The Linux Kernel/11 The Linux Kernel--Configuring the Kernel Part 7.md
Normal file → Executable file
@ -1,3 +1,5 @@
|
||||
Translaing------------------geekpi
|
||||
|
||||
11 The Linux Kernel: Configuring the Kernel Part 7
|
||||
================================================================================
|
||||
|
||||
|
||||
@ -0,0 +1,110 @@
|
||||
09 Linux内核: 配置内核 (Part 5)
|
||||
================================================================================
|
||||
|
||||
|
||||
Linux内核拥有许多特性可以被配置。还有许多的特性要配置。
|
||||
|
||||
下一个可以配置的特性是x86的随机数生成器(x86 architectural random number generator (ARCH_RANDOM))。记住,我们现在配置的是AMD64系统的内核代码。这个随机数生成器使用Intel x86的RDRAND指令。这并不通用,所以为了一个更轻量的内核我禁用了它。
|
||||
|
||||
接着,我们可以启用或者禁用"Supervisor Mode Access Prevention (X86_SMAP)"。这是Intel处理器使用的安全特性。SWAP在一些实例中只会允许内核访问用户空间。这个有助于保护用户空间。如果启用,这里有一点性能和大小的开销,但是开销很小。由于我是用的是AMD系统,所以我禁用了这个特性。
|
||||
|
||||
开发者可以启用"EFI runtime service support (EFI)"。只有在有EFI固件的系统上启用它。拥有这个特性,内核可以使用可用的EFI服务。EFI是一个操作系统和硬件如何交流的规范,所以EFI固件是使用这个规范的硬件代码。因为我没有EFI固件,所以我禁用了它。
|
||||
|
||||
这是一个应该被启用的有用的安全方式(Enable seccomp to safely compute untrusted bytecode (SECCOMP))。这个安全特性在使用不受信任的字节码的数值计算(执行大量计算的软件)中使用。字节码(可移植代码)是一种被解释器有效读取的代码。字节码不是源代码,但它也不是汇编或者二进制代码。不受信任的代码是一种可能导致系统/数据损坏的代码。可能会破坏系统或者毁坏数据的不受信任的代码通过seccomp被隔离在独立的地址空间中。这是通过文件描述符传输的方法。通常上,最好启用这个安全特性即使会有一些性能开销,除非你在制作一个需要惊人性能的内核。
|
||||
|
||||
这里是另外一个安全特性(Enable -fstack-protector buffer overflow detection (CC_STACKPROTECTOR))。缓冲溢出是数据被写超出了它的内存界限并且进入了邻近的内存中。这是一个安全威胁。一些恶意软件使用缓冲区溢出来利用系统。启用这个会使用GCC选项 "-fstack-protector"。GCC是一个Linux编译器。这个编译器会在你配置完成后编译内核。这个编译器参数会在返回地址前在栈上加入一个canary值(特殊的安全代码)。这个值会在返回前被验证。当内存溢出发生时,canary值会得到覆盖消息。当这个发生时,会触发一个内存错误(kernel panic)。如许多人知道的那样,内核错误意味着系统将要崩溃,但是这比系统或者数据永久损害的好。发生内核错误,系统会重启,但是如果缓冲移除得到了一个损坏系统的机会,一个简单的重启无法修复破坏。你必须用GCC 4.2或者更高版本支持这个参数的GCC来编译内核。
|
||||
|
||||
注意:为了得到你使用的版本号,在命令行内键入"gcc --version"。
|
||||
|
||||
在这之后,我们可以配置定时器频率。配置工具建议使用250Hz,所以我们使用这个值。
|
||||
|
||||
Timer frequency
|
||||
1. 100 HZ (HZ_100)
|
||||
> 2. 250 HZ (HZ_250)
|
||||
3. 300 HZ (HZ_300)
|
||||
4. 1000 HZ (HZ_1000)
|
||||
choice[1-4?]: 2
|
||||
|
||||
使用1000Hz通常来讲对许多系统而言太快了。定时器频率决定着定时器中断被使用的频率。这有助于在时间线上的系统操作。程序并不是随机地执行一条命令。相反它们会等到定时器中断结束。这保持着有组织和结构的处理。频率为100Hz的定时器中断之间的时间是10ms,250Hz是4ms,1000Hz是1ms。现在许多开发者会马上想到1000Hz是最好的。好吧,这取决于你对开销的要求。一个大的定时器频率意味着更多的能源消耗和更多的能源被利用(在定时器上),产生更多的热量。更多的热量意味着硬件损耗的更快。
|
||||
|
||||
注意:如果某个特定的特性对你并不重要或者你不确定该选择什么,就使用配置工具选择的默认值。比如,就我现在正在配置的内核而言,使用哪个定时器对我并不重要。总的来说,如果你没有特别的原因去选择任何一个选项时,就使用默认值。
|
||||
|
||||
这个有趣的系统调用可能会对一些用户有用(kexec system call (KEXEC))。kexec调用会关闭当前内核去启动另外一个或者重启当前内核。硬件并不会关闭并且这个调用可以无需固件的帮助工作。bootloader没有被执行。(bootloader是启动操作系统的软件) 这个重启发生在操作系统级别上而不是硬件上。使用这个系统调用会快于执行一个标准的关机或者重启。这保持硬件在开启状态。这个系统调用并不能工作在所有系统上。为了高性能,启用热插拔。
|
||||
|
||||
To use kexec, use the command below replacing “<kernel-image>” with the kernel that will be used after reboot. Also, replace “<command-line-options>” with some of those kernel parameters we had discussed previously. (I will go into greater depth in a later article.)
|
||||
为了使用kexec,对重启后要使用的内核使用如下命令替换"<kernel-image>"。同样,使用之前我们讲过的内核参数替换"<command-line-options>" (我会在以后的文章中更深入的讨论。)
|
||||
|
||||
kexec -l <kernel-image> --append="<command-line-options>”
|
||||
|
||||
Specifically, I would type “kexec -l /boot/vmlinuz-3.8.0-27-generic –append="root=/dev/sda1””
|
||||
特别地,我这里输入"kexec -l /boot/vmlinuz-3.8.0-27-generic –append="root=/dev/sda1""
|
||||
|
||||
注意:硬件有时不必重启,所以这不依赖于kexec。
|
||||
|
||||
下面,我们有一个适用于kexec的调试特性(kernel crash dumps (CRASH_DUMP))。当kexec被调用时,一个崩溃信息(crash dump)会生成。除非你有必要调试kexec,否则这个并不必要。我禁用了这个特性。
|
||||
|
||||
再者,我们有另外一个kexec特性(kexec jump (KEXEC_JUMP))。kexec跳允许用户在原始内核和kexec启动的内核之间切换。
|
||||
|
||||
最好对内核启动地址使用默认值(Physical address where the kernel is loaded (PHYSICAL_START) [0x1000000])。
|
||||
|
||||
下一个内核选项(Build a relocatable kernel (RELOCATABLE))允许内核可以放在内存的任何地方。内核文件会增大10%,但是超出部分会在执行时从内存移除。许多人也许想知道这为什么很重要。在2.6.20内核前,救援内核(rescue kernel)不得不被配置和编译运行在不同的内存地址上。当这个特性发明后,开发者不必再编译两个内核。救援内核不会在第一个已加载的内核地地方加载因为内存部分已被占用或者损坏。(如果你正在使用救援内核,那么明显第一个内核发生了错误)
|
||||
|
||||
这个特性应该在可以增加CPU的系统中启用,除非你有特别的理由不去这么做(Support for hot-pluggable CPUs (HOTPLUG_CPU))。配置工具会自动启用这个特性。在这个特性下,你可以在一个拥有很多处理器的系统上激活/停用一个CPU。这并不意味着在系统中加入新的CPU。所有的CPU必须已经在系统中。
|
||||
|
||||
下面的选项会让我们选择设置上面的特性是否默认启用(Set default setting of cpu0_hotpluggable (BOOTPARAM_HOTPLUG_CPU0))。为了性能最好禁用这个特性直到需要的时候。
|
||||
|
||||
这个调试特性允许开发者调试CPU热插拔特性(Debug CPU0 hotplug (DEBUG_HOTPLUG_CPU0))。我禁用了它。
|
||||
|
||||
为了兼容旧版本的glibc(<2.3.3),启用这个特性(Compat VDSO support (COMPAT_VDSO))。这适用于通过映射32位在VDSO(虚拟动态链接共享对象)的旧式地址。Glibc是GNC C库;这是GNU工程实现的C标准库。
|
||||
|
||||
如果系统内核被用于一个缺乏完整功能的bootloader上,那么启用这个特性(Built-in kernel command line (CMDLINE_BOOL))。这允许用户在内核自身上使用一条命令行,那么管理员可以修复内核问题。如果bootloader已经有了一条命令行(像grub),那么这个特性不必启用。
|
||||
|
||||
现在我们可以配置ACPI和电源了。首先,我们被要求选择系统是否可以挂起内存(Suspend to RAM and standby (SUSPEND))。高级配置和电源接口(ACPI)是一种对于设备配置和电源管理的开放标准。挂起系统会将数据放在内存上同时硬件进入一种低功耗的状态。系统不会完全关机。如果用户需要计算机进入一个低功耗的状态但是希望保留当前已打开程序时是非常有用的。关闭一个系统会完全关闭系统电源并且清理内存。
|
||||
|
||||
下面,我们可以启用睡眠(Hibernation (aka 'suspend to disk') (HIBERNATION))。睡眠就像挂起模式,但是内存中所有数据被保存到硬盘上并且设备完全关闭。这允许用户在电源恢复后继续使用他们已打开的程序。
|
||||
|
||||
这里,我们可以设置默认的恢复分区(Default resume partition (PM_STD_PARTITION))。非常少的开发者和管理员需要这个特性。当系统从睡眠中恢复时,他会加载默认的恢复分区。
|
||||
|
||||
在这之后,我们可以启用"Opportunistic sleep (PM_AUTOSLEEP)"。这会让内核在没有活跃的唤醒调用被调用时进入挂起或者睡眠状态。这意味着空闲系统将会进入挂起模式以节省电源。我启用了这个特性。
|
||||
|
||||
接下来,我们被询问关于"User space wakeup sources interface (PM_WAKELOCKS)"。启用这个特性将会允许激活源对象被激活,停用,并通过基于sysfs接口由用户空间创建。激活源对象会追踪唤醒事件源。
|
||||
|
||||
sysfs是位于/sys的虚拟文件系统。这个虚拟文件系统包含了关于设备的信息。当进入/sys时,它似乎是硬盘的一部分,但是这个并不是一个真正的挂载点。这些文件实际存在于内存中。这与/proc是同一个概念。
|
||||
|
||||
注意:"/sysfs"是一个文件夹而"/sysfs"或许是一个根目录下名为"sysfs"的文件。许多Linux用户会混淆这两种命名约定。
|
||||
|
||||
如果启用了上面的选项,那么你可以设置Maximum number of user space wakeup sources (0 = no limit) (PM_WAKELOCKS_LIMIT)"。最好选择默认。那么你就可以启用垃圾收集器(Garbage collector for user space wakeup sources (PM_WAKELOCKS_GC))。垃圾收集是一种内存管理方式。
|
||||
|
||||
注意: 在需要更多内存的系统中,通常最好在大多数情况下尽可能启用垃圾收集。不然内存会消耗得更快且杂乱。
|
||||
|
||||
下一个电源选项关于IO设备(Run-time PM core functionality (PM_RUNTIME))。这个选项允许IO硬件在运行时进入低功耗状态。硬件必须支持这个才行,不是所有硬件都会这么做。
|
||||
|
||||
与其他许多内核组件一样,如果启用了(Power Management Debug Support),电源管理代码同样有调试支持。我禁用了这个选项。
|
||||
|
||||
注意: 注意这些我引用/显示的配置工具上的选项/问题不再显示选项代码(括号间所有的大写字母)。这是因为我没有使用基于ncurses的配置工具(make menuconfig)而是使用默认工具去得到选项/设置/问题。记住,"make config"缺乏保存当前进度的能力。
|
||||
|
||||
在这之后,配置工具会启用"ACPI (Advanced Configuration and Power Interface) Support"。最好允许这个电源管理规范。通常上,配置工具会启用这个特性。
|
||||
|
||||
为了允许向后兼容,启用"Deprecated /proc/acpi files"。新的实现使用更新的在/sys下的实现。我禁用了这个选项.一个相似的问题询问关于"Deprecated power /proc/acpi directories"。通常上,如果你禁用了这些文件,你不再需要这些文件夹,所以我禁用了他们。一些旧的程序可能会使用这些文件和文件夹。如果你在给旧的的Linux系统上编译一个新的内核,最好启用这个选项。
|
||||
|
||||
下面,我们有另外一个文件接口可以启用或者禁用(EC read/write access through)。这会创建一个嵌入式控制器接口在/sys/kernek/debug/ec下。嵌入式控制器通常在笔记本中读取传感器。内核代码通过系统的BIOS表提供的ACPI代码访问嵌入式控制器。
|
||||
|
||||
这里有另外一个可以启用或者禁用的向后兼容特性 (Deprecated /proc/acpi/event support)。acpi守护进程可能会读取/proc/api/event来管理ACPI生成的驱动。不同于这个接口,守护进程使用netlink事件或者输入层来得到送给用户空间的事件。acpi守护进程管理ACPI事件。
|
||||
|
||||
下一个选项允许开发者启用一个特性,它会通知内核现在使用的是AC(AC Adapter)还是电池。下一个选项从/proc/acpi/battery/ (Battery)中提供电池信息。
|
||||
|
||||
为了内核在电源/睡眠按钮按下或者盖子合上时表现不同,启用这个选项(Button)。这些事件在/proc/acpi/event/中控制。比如,这样的行为如果在用户账户电源选项启用时,当笔记本电脑的盖子关闭后系统将会挂起。
|
||||
|
||||
下一个ACPI扩展是对视频适配器的(Video)。
|
||||
|
||||
ACPI风扇可以被启用/禁用(Fan)。最好启用ACPI风扇管理。这有助于保存能源。
|
||||
|
||||
我们正在进一步配置内核中,但在接下来的文章中还有更多要做。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.linux.org/threads/the-linux-kernel-configuring-the-kernel-part-5.4424/
|
||||
|
||||
译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
@ -0,0 +1,98 @@
|
||||
10 Linux 内核: 配置内核 (Part 6)
|
||||
================================================================================
|
||||
|
||||
|
||||
欢迎来到下一篇关于内核配置文章!还有大量的选项需要配置。这篇文章将主要讨论PCI和ACPI。
|
||||
|
||||
这里我们可以启用由ACPI控制的扩展坞和可移动驱动器槽的支持(Dock)。记住,ACPI(Advanced Configuration and Power Management Interface)是一个电源管理系统。扩展坞是一种其他的设备通过额外的接口插入的设备。扩展坞可能可以容纳许多不同的端口和连接器。所以一个基于ACPI控制的扩展坞是一个自身由ACPI控制的扩展坞。驱动器槽是一套可以增加硬盘的设备,这也可以由ACPI管理。
|
||||
|
||||
下面,我们允许ACPI用来管理空闲的CPU(Processor)。这会让处理器在空闲时进入ACPI C2或者C3状态。这可以节省电源并降低CPU芯片的温度。处理器只在100%没有占用时才进入空闲状态。没有程序可以请求一段时间的CPU资源。
|
||||
|
||||
CPU电源有四个状态 - C0、C1、C2和C3。C0是操作激活状态。C1(Halt)是一个不执行指令激活状态,但是可以立刻执行指令。C2(Stop-Clock)是一种断电状态。C3(Sleep)是一种比C2更彻底的断电状态。在C3状态中,缓存现在不再同步或者管理知道CPU离开这个状态。第五个状态称作C1E(Enhanced Halt State),他拥有低功耗。
|
||||
|
||||
如果启用了IPMI驱动,那么ACPI可以访问BMC控制器(IPMI)。基板管理控制器(BMC)是一种管理软件和硬件间连接的微控制器。智能平台管理接口(IPMI)是一种框架,通过直接的硬件层面而不是硬件层面或者操作系统层面来管理计算机。
|
||||
|
||||
ACPi v4.0过程聚合器允许内核应用一个CPU配置到所有系统中的处理器中(Processor Aggregator)。截止到ACPI v4.0,只有idle状态可以用这个方式配置。
|
||||
|
||||
接下来,可以启用ACPI热区(Thermal Zone)。多数硬件支持这个特性。这允许风扇的电源由ACPI管理。
|
||||
|
||||
如果启用这个选项,自定义DSDT可以链接到内核。在这个设置中,开发者必须在文件中包含完整的路径名。系统差异表(DSDT)是一个包含了系统支持的电源事件信息的文件。它不需要输入路径名这些表存在于固件中。内核会帮你处理这些。这个主要的目的是用于如果开发者需要使用不同于设备内置的表时用到。
|
||||
|
||||
任意ACPI表都可以通过initrd来覆盖(ACPI tables override via initrd)。ACPI表是指示如何控制并与硬件交互的基础规则和指令。
|
||||
|
||||
像内核的其他部分一样,ACPI系统也可以生成调试信息(Debug Statements)。像其他调试特性一样,或许希望禁用它并省下50KB。
|
||||
|
||||
启用下面的特性会为受系统检测每个PCI插槽(PCI slot detection driver)创建文件(/sys/bus/pci/slots/)。一个PCI插槽是在PCI主板上的一个端口,它允许用户接上其他的PC设备。PCI是主板的一种类型。PCI是指组件互相通信的方式。有些应用程序可能需要这些文件。
|
||||
|
||||
电源管理定时器是另外一种电源管理系统(Power Management Timer Support)。这是许多系统追踪时间的方式。这个需要更少的电源。处理器的空闲、电压/频率调节和节流都不会影响这个定时器。大量的系统需要使用这个特性。
|
||||
|
||||
下面,可以启用ACPI模块和容器设备驱动(Container and Module Devices)。这会启用处理器、内存和节点的热插拔支持。它需要NUMA系统。
|
||||
|
||||
下面的驱动提供对ACPI内存的热插拔支持(Memory Hotplug)。有些设备甚至启用这个驱动也不支持热插拔。如果驱动以模块形式加入,那么模块将会被acpi_memhotplug调用。
|
||||
|
||||
注意:对于内核某个特定的功能,硬件、BIOS和固件在必须支持时会有问题。有些系统的BIOS是不控制硬件的。这种类型的BIOS通常不会限制特性。如果内核确实有一个特定的功能,硬件必须有能力完成这样的任务。
|
||||
|
||||
智能电源管理驱动提供访问电池的状态和信息(Smart Battery System)。
|
||||
|
||||
下面,我们有一个"Hardware Error Device"驱动。设备通过SCI报告硬件错误。通常上,大多数的错误会是已纠正的错误。
|
||||
|
||||
下面的是ACPI调试特性(Allow ACPI methods to be inserted/replaced at run time)。这允许ACPI AML方式不通过重启系统管理。 AML代表的是ACPI机器语言(ACPI Machine Language)。AML代码可以通过请求重启来改变和测试。
|
||||
|
||||
APEI是ACPI的错误接口(ACPI Platform Error Interface (APEI))。APEI从芯片给操作系统报告错误。这个错误接口同样提供错误注射的能力。
|
||||
|
||||
当"SFI (Simple Firmware Interface) Support" 启用后,硬件固件可以发送消息给操作系统。固件与操作系统间的通信通过内存中的静态表。SFI-only的计算机的内核工作需要这个特性。
|
||||
|
||||
想要改变处理器的时钟速度和运行时,就启用这个特性(CPU Frequency scaling)。CPU频率调整意味着改变处理器的时钟速度。这个驱动可以用于降低时钟频率以保留电源。
|
||||
|
||||
下面是另外一个电源管理子系统(CPU idle PM support)。当处理器不在活跃状态时,它最好处在有效的空闲方式来减少电源消耗和减少CPU损耗。减少电源消耗同样可以降低内部元件的产热。
|
||||
|
||||
Linux内核提供了很多CPU空闲驱动。在多处理器系统上,一些用户可能有一个理由在每个CPU上使用不同的驱动(Support multiple cpuidle drivers)。启用这个驱动可以允许用户给每个处理器设置不同的驱动。
|
||||
|
||||
对于Intel处理器,内核有一个特别为管理这类CPU芯片空闲的驱动(Cpuidle Driver for Intel Processors)。
|
||||
|
||||
当内存芯片空闲时,这些同样可以低功耗(Intel chipset idle memory power saving driver)。这个驱动是特别为支持IO AT的Intel设备。
|
||||
|
||||
不同的计算机使用不同类型的主板(PCI support)。其中一种类型是PCI。这个驱动允许内核运行在PCI主板上。
|
||||
|
||||
下面,我们可以启用/禁用 "Support mmconfig PCI config space access"。
|
||||
|
||||
接下来,我们有一个选择启用/禁用主桥窗口驱动(Support mmconfig PCI config space access)。警告:这个驱动还不完全(至少在3.9.4中是这样)。
|
||||
|
||||
像上面提到的主板,还有另一种类型的主板。写一个选项是提供"PCI Express (PCIe) support"的驱动。PCIe是一种改进并且更快速的PCI。
|
||||
|
||||
在这之后,下面的驱动应该被启用以支持PCIe主板上的热插拔(PCI Express Hotplug driver)。
|
||||
|
||||
接着,我们可以启用/禁用PCIe主板报错(Root Port Advanced Error Reporting)。这就是PCIe AER驱动。
|
||||
|
||||
下一个特性允许用户使用PCIe EREC(PCI Express ECRC settings control)覆盖BIOS和固件设置。下一个选项,这是对PCIe的错误注射(PCIe AER error injector support)。
|
||||
|
||||
下面的设置提供了操作系统控制PCI的活跃状态和时钟电源管理(PCI Express ASPM control)。通常上,固件会控制ASPM,但是这个特性允许操作系统采取控制。
|
||||
|
||||
再说一次,像内核的许多组件一样,这里提供了ASPM的调试支持(Debug PCI Express ASPM)。
|
||||
|
||||
下面,在这个菜单选择"Default ASPM policy"。
|
||||
|
||||
在这选项之后,下一个是关于允许设备驱动启消息信号中断(Message Signaled Interrupts (MSI))。通常上最好允许设备给CPU发送中断。
|
||||
|
||||
为了在系统日志中加入大量的调试信息,启用"PCI Debugging"。
|
||||
|
||||
下一个选项允许PCI核心检测是否有必要启用PCI资源重分配(Enable PCI resource re-allocation detection)。
|
||||
|
||||
当在Linux上托管一个虚拟操作系统时,它有时可以帮助为虚拟系统保留PCI设备(PCI Stub driver)。在系统虚拟化下,一个操作系统可能在另一个系统的内部或者旁边运行。有时它们会竞争资源。可以为客户机保留设备可以减小竞争和增加性能。
|
||||
|
||||
下面的驱动允许超传输设备(hypertransport devices)使用中断(Interrupts on hypertransport devices)。HyperTransport是一种系统/协议总线用于处理器之间的高速通信。
|
||||
|
||||
下一个驱动用于PCI虚拟化,它允许虚拟设备间共享它们的物理资源(PCI IOV support)。
|
||||
|
||||
The PCI Page Request Interface (PRI) gives PCI devices that are behind an IOMMU (input/output memory management unit) to recover from page faults (PCI PRI support). A page fault is not an error; it refers to the event of software trying to access data not on physical memory.
|
||||
PCI页面请求接口(PRI)使在IOMMU(输入/输出内存管理单元)之后的PCI设备能够从页错误中恢复(PCI PRI support)。页错误不是一种错误;它指的是软件尝试访问不在物理内存上的数据的事件
|
||||
|
||||
再次说明,你会在之后的文章中看到更多的需要配置Linux内核特性。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.linux.org/threads/the-linux-kernel-configuring-the-kernel-part-6.4457/
|
||||
|
||||
译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
Loading…
Reference in New Issue
Block a user