site
contact
newsKernel 5.15.76 compiled with enhanced KVM and QEMU support
November 03, 2022 —
BarryK
A few days ago, compiled the 5.15.76 kernel:
https://bkhome.org/news/202211/linux-kernel-51576-compiled.html
Then the next day recompiled it without user-namespace enabled.
Yesterday compiled QEMU 7.1.0 and tested it:
https://bkhome.org/news/202211/qemu-710-compiled.html
Some research indicated possible kernel configuration changes to enhance KVM and QEMU, so today have again recompiled the kernel. Here are notes about configuration changes...
#########################################################
based on advice here:
https://wiki.gentoo.org/wiki/QEMU
> Virtualization ───────────────────────────────────────────────────────────────────────────
┌─────────────────────────────────── Virtualization ────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- Virtualization │ │
│ │ <M> Kernel-based Virtual Machine (KVM) support CONFIG_KVM kvm
│ │ <M> KVM for Intel (and compatible) processors support CONFIG_KVM_INTEL kvm-intel
│ │ <M> KVM for AMD processors support CONFIG_KVM_AMD kvm-amd
│ │ [ ] Support for Xen hypercall interface │ │
│ │
...left this same as before. Recommendation is for CONFIG_KVM
builtin, but left it as a module.
> Device Drivers > VHOST drivers ───────────────────────────────────────────────────────────
┌──────────────────────────────────── VHOST drivers ────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- VHOST drivers │ │
│ │ <M> Host kernel accelerator for virtio net CONFIG_VHOST_NET vhost_net
│ │ [ ] Cross-endian support for vhost (NEW) │ │
│ │
...enabled "VHOST drivers", and CONFIG_VHOST_NET as a module.
> Device Drivers > Android ─────────────────────────────────────────────────────────────────
┌─────────────────────────────────────── Android ───────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ [ ] Android Drivers │ │
│ │
...removed android drivers, as decided not to bother with Anbox
or Waydroid. Could instead run Android-x86 in a VM.
> Device Drivers > Network device support ──────────────────────────────────────────────────
┌─────────────────────────────── Network device support ────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ < > Bare UDP Encapsulation │ │
│ │ < > GPRS Tunneling Protocol datapath (GTP-U) │ │
│ │ < > IEEE 802.1AE MAC-level encryption (MACsec) │ │
│ │ < > Network console logging support │ │
│ │ <M> Universal TUN/TAP device driver support CONFIG_TUN tun
....left CONFIG_TUN as a module. It was recommended to be builtin.
> Networking support > Networking options ──────────────────────────────────────────────────
┌───────────────────────────────── Networking options ──────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ [ ] TCP: MD5 Signature Option support (RFC2385) │ │
│ │ <*> The IPv6 protocol ---> │ │
│ │ [ ] NetLabel subsystem support │ │
│ │ [ ] MPTCP: Multipath TCP │ │
│ │ [ ] Security Marking │ │
│ │ [ ] Timestamping in PHY devices │ │
│ │ [*] Network packet filtering framework (Netfilter) ---> │ │
│ │ [ ] BPF based packet filtering framework (BPFILTER) ---- │ │
│ │ < > The DCCP Protocol ---- │ │
│ │ < > The SCTP Protocol ---- │ │
│ │ < > The Reliable Datagram Sockets Protocol │ │
│ │ < > The TIPC Protocol ---- │ │
│ │ < > Asynchronous Transfer Mode (ATM) │ │
│ │ < > Layer Two Tunneling Protocol (L2TP) ---- │ │
│ │ <*> 802.1d Ethernet Bridging │ │
│
...left "The IPv6 protocol" and "802.1d Ethernet Bridging"
enabled builtin.
> Device Drivers ───────────────────────────────────────────────────────────────────────────
┌─────────────────────────────────── Device Drivers ────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ < > Parallel port LCD/Keypad Panel support (OLD OPTION) │ │
│ │ {M} Userspace I/O drivers ---> │ │
│ │ <*> VFIO Non-Privileged userspace driver framework ---> CONFIG_VFIO │ │
│
...enabled "VFIO Non-Privileged userspace driver framework",
builtin.
> Device Drivers > VFIO Non-Privileged userspace driver framework ──────────────────────────
┌─────────────────── VFIO Non-Privileged userspace driver framework ────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- VFIO Non-Privileged userspace driver framework │ │
│ │ [ ] VFIO No-IOMMU support (NEW) │ │
│ │ < > Generic VFIO support for any PCI device (NEW) │ │
│ │ <*> Mediated device driver framework CONFIG_VFIO_MDEV │ │
...added CONFIG_VFIO_MDEV builtin.
##################################################
based on advice here:
https://wiki.gentoo.org/wiki/Libvirt
[*] Networking support
Networking Options --->
[*] Network packet filtering framework (Netfilter) --->
[*] Advanced netfilter configuration
Core Netfilter Configuration --->
<M> "conntrack" connection tracking match support CONFIG_NETFILTER_XT_MATCH_CONNTRACK xt_conntrack
<M> CHECKSUM target support CONFIG_NETFILTER_XT_TARGET_CHECKSUM xt_CHECKSUM
IPv6: Netfilter Configuration --->
<M> ip6tables NAT support CONFIG_IP6_NF_NAT ip6table_nat
<M> Ethernet Bridge tables (ebtables) support ---> CONFIG_BRIDGE_NF_EBTABLES ebtables
<M> ebt: nat table support CONFIG_BRIDGE_EBT_T_NAT ebtable_nat
<M> ebt: mark filter support CONFIG_BRIDGE_EBT_MARK ebt_mark_m
[*] QoS and/or fair queueing --->
<*> Hierarchical Token Bucket (HTB)
<*> Stochastic Fairness Queueing (SFQ)
<*> Ingress/classifier-action Qdisc
<*> Netfilter mark (FW)
<*> Universal 32bit comparisons w/ hashing (U32)
[*] Actions
<*> Traffic Policing
...CONFIG_NETFILTER_XT_MATCH_CONNTRACK recommended builtin i left
it as a module
...CONFIG_NETFILTER_XT_TARGET_CHECKSUM ditto
...CONFIG_IP6_NF_NAT ditto
...CONFIG_BRIDGE_NF_EBTABLES, CONFIG_BRIDGE_EBT_T_NAT,
CONFIG_BRIDGE_EBT_MARK ditto
...left "QoS and/or fair queueing" disabled.
###############################################################
based on advice here:
https://wiki.gentoo.org/wiki/GPU_passthrough_with_libvirt_qemu_kvm
Device Drivers --->
[*] IOMMU Hardware Support --->
Generic IOMMU Pagetable Support ----
[*] AMD IOMMU support
<*> AMD IOMMU Version 2 driver
[*] Support for Intel IOMMU using DMA Remapping Devices
[*] Support for Shared Virtual Memory with Intel IOMMU
[*] Enable Intel DMA Remapping Devices by default CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON
[*] Support for Interrupt Remapping
...enabled CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON
##############################################################
based on advice here:
https://wiki.gentoo.org/wiki/QEMU/Linux_guest
and:
https://www.linux-kvm.org/page/Virtio
"The QEMU guest agent is a daemon that runs on the virtual machine
and passes information to the host about the virtual machine,
users, file systems, and secondary networks."
> Processor type and features ──────────────────────────────────────────────────────────────
┌───────────────────────────── Processor type and features ─────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ [ ] Enable IOSF sideband access through debugfs │ │
│ │ [*] Single-depth WCHAN output │ │
│ │ [*] Linux guest support ---> CONFIG_HYPERVISOR_GUEST │ │
│ │ Processor family (Generic-x86-64) ---> │ │
│
...enabled CONFIG_HYPERVISOR_GUEST. No, see below...
> Processor type and features > Linux guest support ────────────────────────────────────────
┌───────────────────────────────── Linux guest support ─────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- Linux guest support │ │
│ │ [*] Enable paravirtualization code CONFIG_PARAVIRT │ │
│ │ [ ] Paravirtualization layer for spinlocks (NEW) │ │
│ │ [ ] Xen guest support (NEW) │ │
│ │ [*] KVM Guest support (including kvmclock) (NEW) │ │
│ │ -*- Disable host haltpoll when loading haltpoll driver │ │
│ │ [ ] Support for running PVH guests (NEW) │ │
│ │ [ ] Paravirtual steal time accounting (NEW) │ │
│ │ [ ] Jailhouse non-root cell support (NEW) │ │
│ │ [ ] ACRN Guest support (NEW) │ │
│ │
...that is the recommended, however:
CONFIG_PARAVIRT: │
│ │
│ This changes the kernel so it can modify itself when it is run │
│ under a hypervisor, potentially improving performance significantly │
│ over full virtualization. However, when run without a hypervisor │
│ the kernel is theoretically slower and slightly larger.
Hmmm, decided to leave it disabled:
> Processor type and features > Linux guest support ────────────────────────────────────────
┌───────────────────────────────── Linux guest support ─────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- Linux guest support │ │
│ │ [ ] Enable paravirtualization code │ │
│ │ [ ] Disable host haltpoll when loading haltpoll driver (NEW) │ │
│ │ [ ] Support for running PVH guests (NEW) │ │
│ │ [ ] Jailhouse non-root cell support (NEW) │ │
│ │ [ ] ACRN Guest support (NEW) │ │
│ │
Hmmm, not sure, have disabled "Linux guest support":
> Processor type and features ──────────────────────────────────────────────────────────────
┌───────────────────────────── Processor type and features ─────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ [*] Single-depth WCHAN output │ │
│ │ [ ] Linux guest support ---- │ │
Virtio drivers:
> Device Drivers > Virtio drivers ──────────────────────────────────────────────────────────
┌─────────────────────────────────── Virtio drivers ────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- Virtio drivers │ │
│ │ <*> PCI driver for virtio devices CONFIG_VIRTIO_PCI │ │
│ │ [*] Support for legacy virtio draft 0.9.X and older devices CONFIG_VIRTIO_PCI_LEGACY
│ │ <*> Support for virtio pmem driver CONFIG_VIRTIO_PMEM │ │
│ │ <*> Virtio balloon driver CONFIG_VIRTIO_BALLOON │ │
│ │ <*> Virtio input driver CONFIG_VIRTIO_INPUT │ │
│ │ <*> Platform bus driver for memory mapped virtio devices CONFIG_VIRTIO_MMIO
│ │ [ ] Memory mapped virtio devices parameter parsing (NEW) │ │
...enabled all of these.
> Device Drivers > Block devices ───────────────────────────────────────────────────────────
┌──────────────────────────────────── Block devices ────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ Default zram compressor (lz4hc) ---> │ │
│ │ [ ] Write back incompressible or idle page to backing device │ │
│ │ [ ] Track zRam block status │ │
│ │ <*> Loopback device support │ │
│ │ (8) Number of loop devices to pre-create at init time │ │
│ │ <M> Cryptoloop Support (DEPRECATED) │ │
│ │ < > DRBD Distributed Replicated Block Device support │ │
│ │ <M> Network block device support │ │
│ │ <M> Promise SATA SX8 support │ │
│ │ <*> RAM block device support │ │
│ │ (16) Default number of RAM disks │ │
│ │ (32768) Default RAM disk size (kbytes) │ │
│ │ < > Packet writing on CD/DVD media (DEPRECATED) │ │
│ │ <M> ATA over Ethernet support │ │
│ │ <*> Virtio block driver CONFIG_VIRTIO_BLK │ │
...enabled CONFIG_VIRTIO_BLK, builtin
> Device Drivers > SCSI device support > SCSI low-level drivers ────────────────────────────
┌─────────────────────────────── SCSI low-level drivers ────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ <M> IBM Power Linux RAID adapter support │ │
│ │ [*] enable driver internal trace │ │
│ │ [ ] enable adapter dump support │ │
│ │ <M> Qlogic QLA 1240/1x80/1x160 SCSI support │ │
│ │ <M> QLogic QLA2XXX Fibre Channel Support │ │
│ │ <M> QLogic ISP4XXX and ISP82XX host adapter family support │ │
│ │ <M> Emulex LightPulse Fibre Channel Support │ │
│ │ [ ] Emulex LightPulse Fibre Channel debugfs Support │ │
│ │ <M> Tekram DC395(U/UW/F) and DC315(U) SCSI support │ │
│ │ <M> Tekram DC390(T) and Am53/79C974 SCSI support (new driver) │ │
│ │ <M> Western Digital WD7193/7197/7296 support │ │
│ │ <M> SCSI debugging host and device simulator │ │
│ │ <M> PMC SIERRA Linux MaxRAID adapter support │ │
│ │ <M> PMC-Sierra SPC 8001 SAS/SATA Based Host Adapter driver │ │
│ │ <M> Brocade BFA Fibre Channel Support │ │
│ │ <*> virtio-scsi support CONFIG_SCSI_VIRTIO │ │
│ │
...enabled CONFIG_SCSI_VIRTIO, builtin.
> Device Drivers > Network device support ──────────────────────────────────────────────────
┌─────────────────────────────── Network device support ────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ <M> Universal TUN/TAP device driver support │ │
│ │ [ ] Support for cross-endian vnet headers on little-endian kernels │ │
│ │ <*> Virtual ethernet pair device │ │
│ │ <*> Virtio network driver CONFIG_VIRTIO_NET │ │
...enabled CONFIG_VIRTIO_NET, builtin.
> Device Drivers > Graphics support ────────────────────────────────────────────────────────
┌────────────────────────────────── Graphics support ───────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌──────^(-)─────────────────────────────────────────────────────────────────────────┐ │
│ │ < > AST server chips │ │
│ │ < > Matrox G200 │ │
│ │ < > QXL virtual GPU │ │
│ │ <M> Virtio GPU driver CONFIG_DRM_VIRTIO_GPU virtio-gpu
...recommended CONFIG_DRM_VIRTIO_GPU builtin, but enabled it as a
module.
wouldn't allow builtin. Depends:
HAS_IOMEM [=y] && DRM [=m] && VIRTIO_MENU [=y]
&& MMU [=y]
...one of these must be a module.
> Device Drivers > Character devices > Hardware Random Number Generator Core support ───────
┌──────────────────── Hardware Random Number Generator Core support ────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty submenus │
│ ----). Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, <M> │
│ modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> for Search. │
│ Legend: [*] built-in [ ] excluded <M> module < > module capable │
│ ┌───────────────────────────────────────────────────────────────────────────────────┐ │
│ │ --- Hardware Random Number Generator Core support │ │
│ │ <M> Timer IOMEM HW Random Number Generator support │ │
│ │ <*> Intel HW Random Number Generator support │ │
│ │ <*> AMD HW Random Number Generator support │ │
│ │ < > Silex Insight BA431 Random Number Generator support │ │
│ │ <*> VIA HW Random Number Generator support │ │
│ │ <*> VirtIO Random Number Generator support CONFIG_HW_RANDOM_VIRTIO │ │
│ │ < > Xiphera FPGA based True Random Number Generator support │ │
...enabled CONFIG_HW_RANDOM_VIRTIO, builtin.
As I have selected some as modules, not builtin, I have listed the module names, in purple text. If they don't automatically load if needed, they can be manually loaded.
Tags: easy