mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
[Translated] 07 The Linux Kernel--Configuring the Kernel Part 3
This commit is contained in:
parent
5674237a56
commit
4203859e18
@ -1,132 +0,0 @@
|
||||
Translating-------------------geekpi
|
||||
|
||||
07 The Linux Kernel: Configuring the Kernel Part 3
|
||||
================================================================================
|
||||
![](http://www.linux.org/attachments/slide-jpg.388/)
|
||||
|
||||
Here, we are still configuring the kernel. There are many more features to configure.
|
||||
|
||||
The next question (Enable ELF core dumps (ELF_CORE)) asks about enabling the ability for the kernel to generate core dumps. This feature makes the kernel four kilobytes larger. I chose “no”.
|
||||
|
||||
NOTE: A core dump (memory or system dump) is the recorded state of an application before it crashed. Core dumps are used for debugging issues. This core dump file is in the Executable and Linkable Format (ELF) format.
|
||||
|
||||
Next, PC-Speakers can be enabled (Enable PC-Speaker support (PCSPKR_PLATFORM)). Most computers users have and use speakers, so this is enabled.
|
||||
|
||||
Although this next feature increases the kernel size (Enable full-sized data structures for core (BASE_FULL)), performance is increased. I chose “yes”.
|
||||
|
||||
For the kernel to run glibc-based programs, FUTEX must be enabled (Enable futex support (FUTEX)). This feature enables Fast Userspace muTEXes.
|
||||
|
||||
NOTE: glibc (GNU C Library) is the GNU's implementation of the standard C library.
|
||||
|
||||
NOTE: FUTEX (fast userspace mutex) is used for preventing two threads from accessing a shared resource that should not be used by more than one thread at once.
|
||||
|
||||
The epoll system calls can be disabled by answering “no” to this next question (Enable eventpoll support (EPOLL)). However, it helps to have epoll system calls, so I chose “yes”. Epoll is an I/O event notification system.
|
||||
|
||||
To receive signals on file descriptors, enable signalfd system calls (Enable signalfd() system call (SIGNALFD)).
|
||||
|
||||
This feature allows applications to get file descriptors to use with timer events if enabled (Enable timerfd() system call (TIMERFD)).
|
||||
|
||||
The eventfd system call must be enabled with our current configuration (Enable eventfd() system call (EVENTFD)). The ability to use a shmem filesystem is enabled by default (Use full shmem filesystem (SHMEM)). A shmem filesystem is a virtual RAM filesystem.
|
||||
|
||||
The next question that can be answered is “Enable AIO support (AIO)”. This feature enables POSIX asynchronous I/O that threaded application use. This features takes up seven kilobytes of space. I disabled this feature.
|
||||
|
||||
NOTE: Asynchronous I/O is input/output processing that allows other threads to get processed before transmission is complete.
|
||||
|
||||
If embedding a kernel for embedded systems, select “yes” for the question “Embedded system (EMBEDDED)”. Otherwise, choose no as I have done.
|
||||
|
||||
NOTE: Embedded systems are real-time computers that run in a larger electronic system.
|
||||
|
||||
Now, we can configure kernel performance events and counters. The configuration tool enables events and counters without giving the developer a choice (Kernel performance events and counters (PERF_EVENTS)). This is an important feature.
|
||||
|
||||
Next, we can disable another debugging feature (Debug: use vmalloc to back perf mmap() buffers (DEBUG_PERF_USE_VMALLOC)).
|
||||
|
||||
If VM event counters are enabled, then event counts will be shown in the /proc/vmstat (Enable VM event counters for /proc/vmstat (VM_EVENT_COUNTERS)). If disabled, event counts will not be shown and /proc/vmstat will only display page counts.
|
||||
|
||||
For better support for PCI chipsets, answer yes (Enable PCI quirk workarounds (PCI_QUIRKS)). This will enable workarounds for PCI quirks and bugs.
|
||||
|
||||
Next is another debugging feature that can be disabled as I did (Enable SLUB debugging support (SLUB_DEBUG)). This feature takes up a lot of space and disables SLB sysfs which is used for debugging the kernel. If this feature is disabled, then /sys/slab will not exist and cache validation support will not exist on the system.
|
||||
|
||||
Heap randomization is a feature that makes heap exploits more difficult (Disable heap randomization (COMPAT_BRK)). However, this should not be enabled because any libc5-based software will not work on the system. Only enable this feature if you have a specific reason for doing so or if you will not use libc5-based software. I disabled this feature. When making a general kernel, developers will want to disable this feature.
|
||||
|
||||
|
||||
Next, a SLAB allocator must be chosen. A SLAB allocator is a memory management system for placing kernel objects in memory in am efficient way without fragmentation. The default is choice “2”.
|
||||
|
||||
Choose SLAB allocator
|
||||
1. SLAB (SLAB)
|
||||
> 2. SLUB (Unqueued Allocator) (SLUB)
|
||||
3. SLOB (Simple Allocator) (SLOB)
|
||||
choice[1-3?]: 2
|
||||
|
||||
To enable extended profiling support, answer “yes” (Profiling support (PROFILING)).
|
||||
|
||||
The next question gives developers the choice of enabling the OProfile system. It can be disabled, enabled, or added as a module to be loaded when needed. I chose to disable this feature.
|
||||
|
||||
Kprobes allows users to trap nearly any kernel address to start a callback function. This is a debugging tool that can be disabled as I did (Kprobes (KPROBES)).
|
||||
|
||||
This optimization feature should be enabled (Optimize very unlikely/likely branches (JUMP_LABEL)). This makes branch prediction easier and reduces overhead.
|
||||
|
||||
The configuration tool enabled an experimental feature (Transparent user-space probes (EXPERIMENTAL) (UPROBES)). Do not worry, the system will be fine. Not all experimental features are unstable or bad.
|
||||
|
||||
Next, we are asked about gcov-based kernel profiling (Enable gcov-based kernel profiling (GCOV_KERNEL)). This can be disabled.
|
||||
|
||||
To allow the kernel to load modules, enable loadable module support (Enable loadable module support (MODULES)).
|
||||
|
||||
The Linux kernel will only load modules with version numbers. To allow the kernel to load modules with missing version numbers, enable this feature (Forced module loading (MODULE_FORCE_LOAD)). It is generally a bad idea to do this, so disable this feature as I have done, unless you have a specific need to such a feature.
|
||||
|
||||
The Linux kernel can also unload modules if that feature is enabled which is best to do (Module unloading (MODULE_UNLOAD)). If the kernel feels that unloading a modules is a bad idea, then the user cannot unload the module. Enabling force-unload is possible, but is a bad idea (Forced module unloading (MODULE_FORCE_UNLOAD)).
|
||||
|
||||
To use modules that did not come with your kernel or are not meant for your kernel version, enable versioning support (Module versioning support (MODVERSIONS)). It is best not to mix versions, so I will disable this feature.
|
||||
|
||||
Modules can have a field in their modinfo (Module Information) section titled “srcversion”. This field allows developers to see what source was used to make the module. Enabling this option will add this field when the modules are compiled. This is not necessary, so I will disable it (Source checksum for all modules (MODULE_SRCVERSION_ALL)). If the previous option was enabled, developers could have the checksums added to the modules (Source checksum for all modules (MODULE_SRCVERSION_ALL)).
|
||||
|
||||
To enable module signature verification (Module signature verification (MODULE_SIG)), answer “yes” for this option. Because it is not needed, I will answer “no”. Otherwise, the kernel will check and verify the signature before loading a module.
|
||||
|
||||
To enable block layer support (Enable the block layer (BLOCK)), choose “yes” as I have done. Disabling this will make block devices unusable and certain file systems will not be enabled
|
||||
|
||||
Next, SG support is enabled by default (Block layer SG support v4 (BLK_DEV_BSG)), and the helper library is also enabled (Block layer SG support v4 helper lib (BLK_DEV_BSGLIB)).
|
||||
|
||||
The next answerable question is about data integration support for block devices (Block layer data integrity support (BLK_DEV_INTEGRITY)). This allows better data integrity to help protect data on devices that support such a feature. Many devices do not support this feature, so I will disable it.
|
||||
|
||||
IO device rates can be limited if block layer bio throttling is enabled (Block layer bio throttling support (BLK_DEV_THROTTLING)).
|
||||
|
||||
To enable support for foreign partitioning schemes, answer “yes” to the next question (Advanced partition selection (PARTITION_ADVANCED)). I will disable this feature.
|
||||
|
||||
To enable the CSCAN service and FIFO expiration of requests, enable the deadline IO scheduler (Deadline I/O scheduler (IOSCHED_DEADLINE)).
|
||||
|
||||
The CFQ IO scheduler distributes bandwidth evenly between the processes. It is a good idea to enable this feature (CFQ I/O scheduler (IOSCHED_CFQ)).
|
||||
|
||||
Next, developers can enable or disable CFQ group support (CFQ Group Scheduling support (CFQ_GROUP_IOSCHED)). Then, developers can choose the default IO scheduler. It is best to pick DEFAULT_DEADLINE.
|
||||
|
||||
For devices with less than 32-bit addressing, this next feature allocated the first 16 megabytes of address space (DMA memory allocation support (ZONE_DMA)). If the kernel is not meant for such devices, this can be disabled, so I disabled this feature.
|
||||
|
||||
For systems with more than one CPU, it is best to enable SMP (Symmetric multi-processing support (SMP)). For single processor devices, the kernel will execute faster with this feature disabled. I enabled this feature.
|
||||
|
||||
For CPUs that offer x2apic, enable x2apic support (Support x2apic (X86_X2APIC)). If your system lacks this feature, then disable it as I have done.
|
||||
|
||||
Next, we can enable a MPS table which is for old SMP systems that lack appropriate ACPI support (Enable MPS table (X86_MPPARSE)). Newer systems that have ACPI support, DSDT, and MADT do not need this feature. I disabled the feature.
|
||||
|
||||
The following question allows us to enable support for extended x86 platforms (Support for extended (non-PC) x86 platforms (X86_EXTENDED_PLATFORM)). Only enable this if you need a general kernel or a kernel that will run on certain processors that need extended support. I disabled extended support.
|
||||
|
||||
To support an Intel Low Power Subsystem, enable this feature (Intel Low Power Subsystem Support (X86_INTEL_LPSS)).
|
||||
|
||||
Single-depth WCHAN output (Single-depth WCHAN output (SCHED_OMIT_FRAME_POINTER)) is used to calculate batter /proc/<PID>/wchan values. However, this will cause more overhead.
|
||||
|
||||
Next, we can enable virtual guest system support (Paravirtualized guest support (PARAVIRT_GUEST)). This will allow a guest operating system to run with the main OS. I will disable this feature.
|
||||
|
||||
Memtest is software that checks the RAM when the system starts. Memtest can be configured to run every time the system starts or sometimes. Memtest is not required, so I will disable it.
|
||||
|
||||
Here, we can select the processor family that the kernel should support. I will pick 5 – Generic-x86-64. This is a 64-bit system, a x86 is a 32-bit system,
|
||||
|
||||
Next, we can choose to support x86 processors (32-bit) (Supported processor vendors (PROCESSOR_SELECT)).
|
||||
|
||||
To find the machine's quirks, we can enable DMI scanning (Enable DMI scanning (DMI)). This will detect quirks.
|
||||
|
||||
To enable DMA access of 32bit memory devices with systems with more than 3GB of RAM, answer “yes” to this next question (GART IOMMU support (GART_IOMMU)).
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.linux.org/threads/the-linux-kernel-configuring-the-kernel-part-3.4369/
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
@ -0,0 +1,130 @@
|
||||
07 Linux内核: 配置内核(Part 3)
|
||||
================================================================================
|
||||
![](http://www.linux.org/attachments/slide-jpg.388/)
|
||||
|
||||
好了,我们还在继续配置内核。还有更多功能等待着去配置。
|
||||
|
||||
下一个问题(Enable ELF core dumps (ELF_CORE))询问的是内核是否可以生成内核转储文件。这会使内核变大4KB。所以我选择了"no"。
|
||||
|
||||
注意:内核转储文件(内存或者系统的转储)是程序崩溃前已记录的状态。内核转储是用来调试问题的。这个转储文件的格式是ELF(Executable and Linkable Format )。
|
||||
|
||||
下面可以启用PC扬声器(Enable PC-Speaker support (PCSPKR_PLATFORM))。大多数计算机用户拥有并使用扬声器,所以这个启用它。
|
||||
|
||||
虽然下面的特性会增加内核的大小(Enable full-sized data structures for core (BASE_FULL)),但性能也随之增加。所以我选择"yes"。
|
||||
|
||||
为了是内核运行基于glibc的程序,必须启用FUTEX(Enable futex support (FUTEX))。这个特性启用了快速用户空间互斥锁(Fast Userspace muTEXes)。
|
||||
|
||||
注意:glibc(GNU C Library)是由GNU实现的标准C库。
|
||||
|
||||
注意:FUTEX (fast userspace mutex)是用来防止两个线程访问同一个每次不应该被多个线程使用的资源。
|
||||
|
||||
下一个问题(Enable eventpoll support (EPOLL))可以通过回答"no"来禁用epoll系统调用。然而,为了含有epoll系统调用,我选择了"yes"。epoll是一种I/O事件通知系统。
|
||||
|
||||
为了收到来自文件描述符的信号,我们启用signalfd系统调用(Enable signalfd() system call (SIGNALFD)。
|
||||
|
||||
如果启用这个特性(Enable timerfd() system call (TIMERFD)),它允许程序使用定时器事件获取文件描述符。
|
||||
|
||||
我们现在的配置必须启用eventfd系统调用(Enable eventfd() system call (EVENTFD))。它默认启用访问共享内存文件系统(Use full shmem filesystem (SHMEM)。共享内存文件系统是一种虚拟内存文件系统。
|
||||
|
||||
下一个问题是"Enable AIO support (AIO)"。这个特性启用了线程化程序使用的POSIX异步I/O。
|
||||
|
||||
注意:异步I/O用来处理输入/输出,它允许线程在传输完成前就完成处理。
|
||||
|
||||
如果你正在给一个嵌入式系统嵌入一个内核,那么问题“Embedded system (EMBEDDED)”可以选择"yes"。否则就像我一样选择"no"。
|
||||
|
||||
注意:嵌入式系统是运行在一个更大电子系统的实时计算机。
|
||||
|
||||
现在,我们可以配置内核性能事件和计时器了。配置工具没有给开发者选择直接启用了事件和计数器(Kernel performance events and counters (PERF_EVENTS))。这是一个重要特性。
|
||||
|
||||
接下来,我们可以禁用另外一个调试特性(ebug: use vmalloc to back perf mmap() buffers (DEBUG_PERF_USE_VMALLOC))。
|
||||
|
||||
如果启用了VM事件计数器,那么事件计数就会显示在/proc/vmstat(Enable VM event counters for /proc/vmstat (VM_EVENT_COUNTERS))。如果禁用了事件计数就不会显示,/proc/vmstat只会显示页计数。
|
||||
|
||||
为了更好地支持PCI芯片,(Enable PCI quirk workarounds (PCI_QUIRKS))回答yes。这会启用对PCI芯片的怪异行为和bug的临时解决方案。
|
||||
|
||||
下面一个调试特性可以像我一样禁用掉(Enable SLUB debugging support (SLUB_DEBUG))。这个特性会耗费很多空间并且会禁用用于调试内核的SLB sysfs。如果这个特性被禁用,那么/sys/slab就不会存在并且系统上也不再支持缓冲验证。
|
||||
|
||||
堆随机化是一个使利用堆漏洞更加困难的特性(Disable heap randomization (COMPAT_BRK))。然而我们不应该去启用它,因为任何基于libc5的软件都无法工作在这个系统上。只有我们有特别的理由这么做或者如果你不会使用基于libc5的软件时才去启用它。我禁用了这个特性。当编译一个通用的内核时,开发这会希望禁用这个特性。
|
||||
|
||||
接下来必须选择一个SLAB分配器。SLAB分配器是一个没有碎片且有效率地放置内核对象在内存中的内存管理系统。默认选择是"2"。
|
||||
|
||||
Choose SLAB allocator
|
||||
1. SLAB (SLAB)
|
||||
> 2. SLUB (Unqueued Allocator) (SLUB)
|
||||
3. SLOB (Simple Allocator) (SLOB)
|
||||
choice[1-3?]: 2
|
||||
|
||||
为了支持扩展性能支持,(Profiling support (PROFILING))回答"yes"。
|
||||
|
||||
下一个问题让开发者选择是否启用OProfile系统。它可以禁用、启用或者添加为一个模块在需要时载入。我选择禁用这个特性。
|
||||
|
||||
Kprobes允许用户捕捉几乎所有的内核地址去开始一个回调函数。这是一个可以像我一样禁用的调试工具(Kprobes (KPROBES))。
|
||||
|
||||
这个优化特性可以启用(Optimize very unlikely/likely branches (JUMP_LABEL))。这使分支预判更加简单并可以减小开销。
|
||||
|
||||
配置工具启用了一个实验性特性"透明用户空间探针"(Transparent user-space probes (EXPERIMENTAL) (UPROBES))。不要担心,系统可以很好工作。并不是所有的实验性特性是不稳定或者坏的。
|
||||
|
||||
接下来,我们会被询问基于gcov的内核分析(Enable gcov-based kernel profiling (GCOV_KERNEL))。这可以被禁用。
|
||||
|
||||
为了允许内核加载模块,需要启用可加载模块支持(Enable loadable module support (MODULES))。
|
||||
|
||||
内核接下来只能加载有版本号的模块。为了允许内核加载没有版本号的模块,就启用这个特性(Forced module loading (MODULE_FORCE_LOAD))。这么做是一个很糟糕的注意,所以我已经禁用了它,除非你有特定的需求需要这个特性。
|
||||
|
||||
Linux内核也能卸载模块如果启用了这个最好启用的特性(Module unloading (MODULE_UNLOAD))。如果内核感到卸载模块是一个坏主意那么用户则无法卸载模块。启用强制卸载是有可能的,但是这是一个坏主意(Forced module unloading (MODULE_FORCE_UNLOAD)。
|
||||
|
||||
为了使用不为你的内核开发或者并不适用你的版本号的模块,可以启用版本支持support (Module versioning support (MODVERSIONS))。最好不要混合版本号,所以我禁用了这个特性。
|
||||
|
||||
模块在它们的modeinfo(Module Information)里有一个字段名为"srcverion"。这个字段允许开发者看见使用什么源码版本来编译模块。启用这个选项可以在编译模块的时候加入这个字段。这个并不必要,所以我禁用了它(Source checksum for all modules (MODULE_SRCVERSION_ALL))。如果启用了先前的选项,开发者可以将校验和加入到模块中(Source checksum for all modules (MODULE_SRCVERSION_ALL))。
|
||||
|
||||
为了启用模块签名验证(Module signature verification (MODULE_SIG)),这个选项回答"yes"。因为这个并不必要,我选择了"no",不然内核在加载模块前会检查并验证签名。
|
||||
|
||||
为了启用块层支持(Enable the block layer (BLOCK)),像我一样选择"yes"。禁用这个将会使块设备无法使用并且无法启用某些文件系统。
|
||||
|
||||
下面,SG支持已经默认启用(Block layer SG support v4 (BLK_DEV_BSG)),并且辅助库也启用了enabled (Block layer SG support v4 helper lib (BLK_DEV_BSGLIB))。
|
||||
|
||||
下面可回答的问题是关于对块设备的数据整合(Block layer data integrity support (BLK_DEV_INTEGRITY))。这个特性允许拥有根号的数据完整性来支持像设备数据保护这样的特性。许多设备不再支持这个特性,所以我禁用了它。
|
||||
|
||||
如果启用了块层bio带宽限制(Block layer bio throttling support (BLK_DEV_THROTTLING))那就可以限制设备的IO速率。
|
||||
|
||||
为了启用外部分区方案的支持,这个问题就回答"yes"(Advanced partition selection (PARTITION_ADVANCED))。我禁用了这个特性。
|
||||
|
||||
为了启用CSCAN(译注:循环扫描)和FIFO过期请求,那就启用最后期限IO调度器(Deadline I/O scheduler (IOSCHED_DEADLINE))。
|
||||
|
||||
CFQ IO调度器在处理器之间平均地分配带宽。因此启用这个特性feature (CFQ I/O scheduler (IOSCHED_CFQ))是个好主意。
|
||||
|
||||
下面,开发者可以启用或禁用CFQ组支持(CFQ Group Scheduling support (CFQ_GROUP_IOSCHED))。接下来,开发者可以选择默认的IO调度器。最好选择DEFAULT_DEADLINE
|
||||
|
||||
对于小于32位寻址的设备,下面的特性会分配16MB的寻址空间(DMA memory allocation support (ZONE_DMA))。如果内核不在意这些设备,那么这个是可以禁用的,所以我禁用了它。
|
||||
|
||||
对于有多个CPU的系统,最好启用SMP(Symmetric multi-processing support (SMP))。对于只有单个处理器的设备,内核会在禁用这个特性后执行得更快。我启用了这个特性。
|
||||
|
||||
对于支持x2apic的CPU,启用x2apic支持support (Support x2apic (X86_X2APIC))。如果你的系统缺乏这个特性就像我一样禁用它。
|
||||
|
||||
接下来我们可以启用对那些缺乏合适的ACPI支持的旧式SMP系统的MPS表(Enable MPS table (X86_MPPARSE))。一些拥有ACPI、DSDT、MADT支持的更新的系统不需要这个特性。我禁用了它。
|
||||
|
||||
下面的问题允许我们启用扩展x86平台的支持(Support for extended (non-PC) x86 platforms (X86_EXTENDED_PLATFORM))。只有在你需要一个通用内核或者内核运行在某个特定的需要扩展支持的处理器上时才启用它。我竟用了这个特性。
|
||||
|
||||
为了支持Intel低功耗子系统,就启用这个特性(Intel Low Power Subsystem Support (X86_INTEL_LPSS))。
|
||||
|
||||
单一深度WCHAN输出(Single-depth WCHAN output (SCHED_OMIT_FRAME_POINTER))是用来计算电量(/proc/<PID>/wchan)。然而这会导致更多的功耗。
|
||||
|
||||
下面,我们启用虚拟客户系统支持(Paravirtualized guest support (PARAVIRT_GUEST))。这允许一个客户操作系统与主操作系统一起运行。我会禁用这个特性。
|
||||
|
||||
Memtest是一个在系统启动时检测内存的软件。Memtest可以配置为每次或者有时开机运行。Memtest并不必要,所以我禁用了它。
|
||||
|
||||
这里我们可以选择一个内核应该支持的处理器家族。我选择了5 – Generic-x86-64。这是一个64位的系统,x86是32系统。
|
||||
|
||||
下面我们选择支持x86(32位)处理器 (Supported processor vendors (PROCESSOR_SELECT))。
|
||||
|
||||
为了发现机器异常,我们可以启用DMI扫描(Enable DMI scanning (DMI))。这可以检测异常。
|
||||
|
||||
要启用DMA访问系统上32位内存设备3GB以上的内存,下一个问题(GART IOMMU support (GART_IOMMU))我们回答"yes"。
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.linux.org/threads/the-linux-kernel-configuring-the-kernel-part-3.4369/
|
||||
|
||||
译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
Loading…
Reference in New Issue
Block a user