How to customize config/kernel/kernel.config.x86_64-ipfire

vincentmli · 14 February 2024 22:11

Hi,

I am trying to build ipfire2 myself, and I want to enable some kernel features in config/kernel/kernel.config.x86_64-ipfire, but that file has

# Automatically generated file; DO NOT EDIT.
# Linux/x86 6.6.15-ipfire Kernel Configuration

so I wonder where I should make changes to have customized config/kernel/kernel.config.x86_64-ipfire

arne_f · 15 February 2024 07:40

This message is not from us, it is from the kernel developers because many of the options depend on others so you have to use “make (menu)config” of the linux kernel.

To edit the kernel config you have run a full build of ipfire to have the build environment.

add ENABLE_RAMDISK=off to .config (without the source will go to a ramdisk that will erased at break.)

erase the log file for the kernel to trigger a fresh compile (rm log/linux-6.6.15-ipfire)
run “./make.sh build” and let the buildsystem unpack the sources. Open a second shell and run “tail -f log/_build.ipfire.log” to see when the real compile has started. If it is compiling run press CTRL+C to break the build and go into the build shell

./make.sh shell

in the new shell go to /usr/src/linux and run “make menuconfig” to edit the kernel configureation and after this copy the config to the correct place for ipfire buildscripts.

cp .config …/config/kernel/kernel.config.x86_64-ipfire

arne_f · 15 February 2024 07:52

which option did you want to change?

vincentmli · 15 February 2024 16:14

I want to enable BPF/BTF related kernel config like below so I could run BPF program for packet filtering at XDP/TC layer before netfilter, I already finished a full build of ipfire which took about 7 hours :). could I copy config/kernel/kernel.config.x86_64-ipfire to my local upstream kernel git repo, then run a merge bash script to create a kernel config file that includes both config/kernel/kernel.config.x86_64-ipfire and BPF/BTF related kernel config, then copy the new created kernel config file back to config/kernel/kernel.config.x86_64-ipfire, remove log/linux-6.6.15-ipfire, and run ./make.sh build ? would that work?

CONFIG_DEBUG_INFO_BTF=y
CONFIG_PAHOLE_HAS_SPLIT_BTF=y
CONFIG_DEBUG_INFO_BTF_MODULES=y
# CONFIG_MODULE_ALLOW_BTF_MISMATCH is not set

CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT_DEFAULT_ON=y
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_LSM=y
# end of BPF subsystem
CONFIG_CGROUP_BPF=y
CONFIG_IPV6_SEG6_BPF=y
CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_BPFILTER=y
CONFIG_BPFILTER_UMH=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_ACT_BPF=m
CONFIG_BPF_STREAM_PARSER=y
CONFIG_LWTUNNEL_BPF=y
CONFIG_BPF_EVENTS=y
CONFIG_BPF_KPROBE_OVERRIDE=y
CONFIG_TEST_BPF=m

vincentmli · 15 February 2024 19:52

I could enable CONFIG_DEBUG_INFO_BTF=y in config/kernel/kernel.config.x86_64-ipfire with the above method, but now I ran into another error while building the kernel

BTF: .tmp_vmlinux.btf: pahole (pahole) is not available
Failed to generate BTF for vmlinux
Try to disable CONFIG_DEBUG_INFO_BTF

the build says pahole is not available, but I do have pahole installed in my system, fyi, pahole is used to generate BTF type info for kernel image when building kernel image when CONFIG_DEBUG_INFO_BTF is enabled

# which pahole
/usr/bin/pahole

the kernel source has scripts/link-vmlinux.sh with

# generate .BTF typeinfo from DWARF debuginfo
# ${1} - vmlinux image
# ${2} - file to dump raw BTF data into
gen_btf()
{
        local pahole_ver

        if ! [ -x "$(command -v ${PAHOLE})" ]; then
                echo >&2 "BTF: ${1}: pahole (${PAHOLE}) is not available"
                return 1
        fi

it appears ipfire build system could not locate pahole installed in my system, I tried to run

PAHOLE=/usr/bin/pahole ENABLE_RAMDISK=off ./make.sh build

still same pahole not available error, I wonder how to pass the pahole to ipfire build environment?

vincentmli · 15 February 2024 20:04

by the way, here is my methods to customize config/kernel/kernel.config.x86_64-ipfire

1, manually copy ipfire-2.x/cache/linux-6.6.15.tar.xz** to /usr/src/ and untar the package
2, copy ipfire-2.x/config/kernel/kernel.config.x86_64-ipfire to /usr/src/linux-6.6.15
3, merge kernel.config.x86_64-ipfire and BPF/BTF related config in /usr/src/linux-6.6.15

scripts/kconfig/merge_config.sh -m kernel.config.x86_64-ipfire tools/testing/selftests/bpf/config

the merge_config.sh creates new .config under /usr/src/linux-6.6.15, copy .config back to ipfire-2.x/config/kernel/kernel.config.x86_64-ipfire

vincentmli · 15 February 2024 22:03

make.sh buildipfire() has following which I assume is where the kernel get built

  # Kernelbuild ... current we have no platform that need
  # multi kernel builds so KCFG is empty
  lfsmake2 linux                KCFG=""
  lfsmake2 rtl8812au            KCFG=""
  lfsmake2 linux-initrd         KCFG=""

lfsmake2() calls enterchroot

        enterchroot \
                bash -x -c "cd /usr/src/lfs && \
                        make -f $* \
                        LFS_BASEDIR=/usr/src install" \
                >> ${LOGFILE} 2>&1 &

enterchroot() has

enterchroot() {
        # Install QEMU helper, if needed
        qemu_install_helper

        local PATH="${TOOLS_DIR}/ccache/bin:/bin:/usr/bin:/sbin:/usr/sbin:${TOOLS_DIR}/sbin:${TOOLS_DIR}/bin"

        # Prepend any custom changes to PATH
        if [ -n "${CUSTOM_PATH}" ]; then
                PATH="${CUSTOM_PATH}:${PATH}"
        fi

        PATH="${PATH}" chroot ${LFS} env -i \
                HOME="/root" \
                TERM="${TERM}" \
                PS1="${PS1}" \
                PATH="${PATH}" \
                SYSTEM_RELEASE="${SYSTEM_RELEASE}" \
                PAKFIRE_TREE="${PAKFIRE_TREE}" \
                NAME="${NAME}" \

it looks /usr/bin path is passed to chroot, why the kernel build in chroot could not locate /usr/bin/pahole? I am not familiar how chroot works, any suggestion to workaround this would be great

vincentmli · 16 February 2024 16:26

after reading Creating a Chrooted Environment - DEV Community, I realized the ipfire-2.x/build is the chroot environment root directory, the system /usr/bin/pahole would have been ipfire-2.x/build/usr/bin/pahole, and ipfire-2.x/build/usr/bin/pahole is missing apparently, so I copied /usr/bin/pahole to ipfire-2.x/build/usr/bin/pahole, also since /usr/bin/pahole is linked to

ldd /usr/bin/pahole
	linux-vdso.so.1 (0x00007fff86bc4000)
	libdw.so.1 => /lib/x86_64-linux-gnu/libdw.so.1 (0x00007f91f1831000)
	libelf.so.1 => /lib/x86_64-linux-gnu/libelf.so.1 (0x00007f91f1813000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f91f17f7000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f91f1400000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f91f17cc000)
	libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f91f17b7000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f91f196e000)

so I also made a symbolic link

root@r210:/home/vincent/go/src/github.com/vincentmli# ls -l ipfire-2.x/build/lib/x86_64-linux-gnu
lrwxrwxrwx 1 root root 21 Feb 16 15:24 ipfire-2.x/build/lib/x86_64-linux-gnu -> /lib/x86_64-linux-gnu

this resolved the pahole not available issue in chroot environment. this is hack, I wonder if ipfire could consider support kernel BTF config officially.