Kernel

From ArchWiki

According to Wikipedia:

The Linux kernel is an open-source monolithic Unix-like computer operating system kernel.

Arch Linux is based on the Linux kernel. There are various alternative Linux kernels available for Arch Linux in addition to the latest stable kernel. This article lists some of the options available in the repositories with a brief description of each. There is also a description of patches that can be applied to the system's kernel. The article ends with an overview of custom kernel compilation with links to various methods.

Kernel packages are installed under the /usr/lib/modules/ path and subsequently used to generate executable images which are stored in /boot/.[1] To be able to boot into kernels, the boot loader has to be configured appropriately.

Officially supported kernels

Community support on forum and bug reporting is available for officially supported kernels.

  • Stable — Vanilla Linux kernel and modules, with a few patches applied.
https://www.kernel.org/ || linux
  • Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than linux.
https://github.com/anthraxx/linux-hardened || linux-hardened
  • Longterm — Long-term support (LTS) Linux kernel and modules.
https://www.kernel.org/ || linux-lts
  • Zen Kernel — Result of a collaborative effort of kernel hackers to provide the best Linux kernel possible for everyday systems. Some more details can be found on https://liquorix.net (which provides kernel binaries based on Zen for Debian).
https://github.com/zen-kernel/zen-kernel || linux-zen

Compilation

Following methods can be used to compile your own kernel:

/Arch Build System
Takes advantage of the high quality of existing linux PKGBUILD and the benefits of package management.
/Traditional compilation
Involves manually downloading a source tarball, and compiling in your home directory as a normal user.
Warning:
  • Using custom kernels may cause all kinds of stability and reliability issues, including data loss. Having backups is strongly advised.
  • Arch Linux only has official support for #Officially supported kernels. When using a different kernel, please mention so in support requests.
Tip:
  • Best way to increase the speed of your system is to first tailor your kernel configuration to your architecture and processor type.
  • You can reduce the size of your kernel (and therefore build time) by not including support for things you do not have or use. For example support for things like Bluetooth, video4linux, 1000Mbit Ethernet, etc.
The config files for the Arch kernel packages are in the Arch package source files (for example, [2] linked from linux). The config file of your currently running kernel may also be available in your file system at /proc/config.gz if the CONFIG_IKCONFIG_PROC kernel option is enabled.

Some of the listed packages may also be available as binary packages via Unofficial user repositories.

kernel.org kernels

  • Git — Linux kernel and modules built using sources from Linus Torvalds' Git repository
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git || linux-gitAUR
  • Mainline — Kernels where all new features are introduced, released every 2-3 months.
https://www.kernel.org/ || linux-mainlineAUR
  • Next — Bleeding edge kernels with features pending to be merged into next mainline release.
https://www.kernel.org/doc/man-pages/linux-next.html || linux-next-gitAUR
  • Longterm 4.9 — Long-term support (LTS) Linux 4.9 kernel and modules.
https://www.kernel.org/ || linux-lts49AUR
  • Longterm 4.14 — Long-term support (LTS) Linux 4.14 kernel and modules.
https://www.kernel.org/ || linux-lts414AUR
  • Longterm 4.19 — Long-term support (LTS) Linux 4.19 kernel and modules.
https://www.kernel.org/ || linux-lts419AUR
  • Longterm 5.4 — Long-term support (LTS) Linux 5.4 kernel and modules.
https://www.kernel.org/ || linux-lts54AUR
  • Longterm 5.10 — Long-term support (LTS) Linux 5.10 kernel and modules.
https://www.kernel.org/ || linux-lts510AUR

Unofficial kernels

  • Aufs — The aufs-compatible linux kernel and modules, useful when using docker.
http://aufs.sourceforge.net/ || linux-aufsAUR
  • Ck — Contains patches by Con Kolivas (including the MuQSS scheduler) designed to improve system responsiveness with specific emphasis on the desktop, but they are suitable to any workload.
http://ck.kolivas.org/ || linux-ckAUR
  • Clear — Patches from Intel's Clear Linux project. Provides performance and security optimizations.
https://github.com/clearlinux-pkgs/linux || linux-clearAUR
  • GalliumOS — The Linux kernel and modules with GalliumOS patches for Chromebooks.
https://github.com/GalliumOS/linux || linux-galliumosAUR
https://www.fsfla.org/ikiwiki/selibre/linux-libre/ || linux-libreAUR
  • Liquorix — Kernel replacement built using Debian-targeted configuration and the Zen kernel sources. Designed for desktop, multimedia, and gaming workloads, it is often used as a Debian Linux performance replacement kernel. Damentz, the maintainer of the Liquorix patchset, is a developer for the Zen patchset as well.
https://liquorix.net || linux-lqxAUR
  • MultiPath TCP — The Linux Kernel and modules with Multipath TCP support.
https://multipath-tcp.org/ || linux-mptcpAUR
  • pf-kernel — Provides a handful of awesome features which are not merged into a kernel mainline. Maintained by a kernel engineer. If the port for the included patch for new kernels was not released officially, the patchset provides and supports patch ports to new kernels. The current most prominent patches of linux-pf are PDS CPU scheduler and UKSM.
https://gitlab.com/post-factum/pf-kernel/wikis/README || Packages:
  • Realtime kernel — Maintained by a small group of core developers led by Ingo Molnar. This patch allows nearly all of the kernel to be preempted, with the exception of a few very small regions of code ("raw_spinlock critical regions"). This is done by replacing most kernel spinlocks with mutexes that support priority inheritance, as well as moving all interrupt and software interrupts to kernel threads.
https://wiki.linuxfoundation.org/realtime/start || linux-rtAUR, linux-rt-ltsAUR
  • tkg — A highly customizable kernel build system that provides a selection of patches and tweaks aiming for better desktop and gaming performance. It is maintained by Etienne Juvigny. Amongst other patches, it offers various CPU schedulers: CFS, Project C PDS, Project C BMQ, MuQSS and CacULE.
https://github.com/Frogging-Family/linux-tkg || not packaged? search in AUR
  • VFIO — The Linux kernel and a few patches written by Alex Williamson (acs override and i915) to enable the ability to do PCI Passthrough with KVM on some machines.
https://lwn.net/Articles/499240/ || linux-vfioAUR, linux-vfio-ltsAUR
  • XanMod — Aiming to take full advantage in high-performance workstations, gaming desktops, media centers and others and built to provide a more rock-solid, responsive and smooth desktop experience. This kernel uses the MuQSS or Task Type scheduler, BFQ I/O scheduler, UKSM realtime memory data deduplication, TCP BBR congestion control, x86_64 advanced instruction set support, and other default changes.
https://xanmod.org/ || linux-xanmodAUR, linux-xanmod-ttAUR

Troubleshooting

Kernel panics

A kernel panic occurs when the Linux kernel enters an unrecoverable failure state. The state typically originates from buggy hardware drivers resulting in the machine being deadlocked, non-responsive, and requiring a reboot. Just prior to deadlock, a diagnostic message is generated, consisting of: the machine state when the failure occurred, a call trace leading to the kernel function that recognized the failure, and a listing of currently loaded modules. Thankfully, kernel panics do not happen very often using mainline versions of the kernel--such as those supplied by the official repositories--but when they do happen, you need to know how to deal with them.

Note: Kernel panics are sometimes referred to as oops or kernel oops. While both panics and oops occur as the result of a failure state, an oops is more general in that it does not necessarily result in a deadlocked machine: sometimes the kernel can recover from an oops by killing the offending task and carrying on.
Tip: Pass the kernel parameter oops=panic at boot or write 1 to /proc/sys/kernel/panic_on_oops to force a recoverable oops to issue a panic instead. This is advisable if you are concerned about the small chance of system instability resulting from an oops recovery which may make future errors difficult to diagnose.

Examine panic message

If a kernel panic occurs very early in the boot process, you may see a message on the console containing "Kernel panic - not syncing:", but once Systemd is running, kernel messages will typically be captured and written to the system log. However, when a panic occurs, the diagnostic message output by the kernel is almost never written to the log file on disk because the machine deadlocks before system-journald gets the chance. Therefore, the only way to examine the panic message is to view it on the console as it happens (without resorting to setting up a kdump crashkernel). You can do this by booting with the following kernel parameters and attempting to reproduce the panic on tty1:

systemd.journald.forward_to_console=1 console=tty1
Tip: In the event that the panic message scrolls away too quickly to examine, try passing the kernel parameter pause_on_oops=seconds at boot.
Example scenario: bad module

It is possible to make a best guess as to what subsystem or module is causing the panic using the information in the diagnostic message. In this scenario, we have a panic on some imaginary machine during boot. Pay attention to the lines highlighted in bold:

kernel: BUG: unable to handle kernel NULL pointer dereference at (null) 1
kernel: IP: fw_core_init+0x18/0x1000 [firewire_core] 2
kernel: PGD 718d00067
kernel: P4D 718d00067
kernel: PUD 7b3611067
kernel: PMD 0
kernel:
kernel: Oops: 0002 [#1] PREEMPT SMP
kernel: Modules linked in: firewire_core(+) crc_itu_t cfg80211 rfkill ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG nf_conntrack_ipv4 ... 3
kernel: CPU: 6 PID: 1438 Comm: modprobe Tainted: P           O    4.13.3-1-ARCH #1
kernel: Hardware name: Gigabyte Technology Co., Ltd. H97-D3H/H97-D3H-CF, BIOS F5 06/26/2014
kernel: task: ffff9c667abd9e00 task.stack: ffffb53b8db34000
kernel: RIP: 0010:fw_core_init+0x18/0x1000 [firewire_core]
kernel: RSP: 0018:ffffb53b8db37c68 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
kernel: RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffffc16d3af4
kernel: RBP: ffffb53b8db37c70 R08: 0000000000000000 R09: ffffffffae113e95
kernel: R10: ffffe93edfdb9680 R11: 0000000000000000 R12: ffffffffc16d9000
kernel: R13: ffff9c6729bf8f60 R14: ffffffffc16d5710 R15: ffff9c6736e55840
kernel: FS:  00007f301fc80b80(0000) GS:ffff9c675dd80000(0000) knlGS:0000000000000000
kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000000 CR3: 00000007c6456000 CR4: 00000000001406e0
kernel: Call Trace:
kernel:  do_one_initcall+0x50/0x190 4
kernel:  ? do_init_module+0x27/0x1f2
kernel:  do_init_module+0x5f/0x1f2
kernel:  load_module+0x23f3/0x2be0
kernel:  SYSC_init_module+0x16b/0x1a0
kernel:  ? SYSC_init_module+0x16b/0x1a0
kernel:  SyS_init_module+0xe/0x10
kernel:  entry_SYSCALL_64_fastpath+0x1a/0xa5
kernel: RIP: 0033:0x7f301f3a2a0a
kernel: RSP: 002b:00007ffcabbd1998 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
kernel: RAX: ffffffffffffffda RBX: 0000000000c85a48 RCX: 00007f301f3a2a0a
kernel: RDX: 000000000041aada RSI: 000000000001a738 RDI: 00007f301e7eb010
kernel: RBP: 0000000000c8a520 R08: 0000000000000001 R09: 0000000000000085
kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000c79208
kernel: R13: 0000000000c8b4d8 R14: 00007f301e7fffff R15: 0000000000000030
kernel: Code: <c7> 04 25 00 00 00 00 01 00 00 00 bb f4 ff ff ff e8 73 43 9c ec 48
kernel: RIP: fw_core_init+0x18/0x1000 [firewire_core] RSP: ffffb53b8db37c68
kernel: CR2: 0000000000000000
kernel: ---[ end trace 71f4306ea1238f17 ]---
kernel: Kernel panic - not syncing: Fatal exception 5
kernel: Kernel Offset: 0x80000000 from 0xffffffff810000000 (relocation range: 0xffffffff800000000-0xfffffffffbffffffff
kernel: ---[ end Kernel panic - not syncing: Fatal exception
  1. Indicates the type of error that caused the panic. In this case it was a programmer bug.
  2. Indicates that the panic happened in a function called fw_core_init in module firewire_core.
  3. Indicates that firewire_core was the latest module to be loaded.
  4. Indicates that the function that called function fw_core_init was do_one_initcall.
  5. Indicates that this oops message is, in fact, a kernel panic and the system is now deadlocked.

We can surmise then, that the panic occurred during the initialization routine of module firewire_core as it was loaded. (We might assume then, that the machine's firewire hardware is incompatible with this version of the firewire driver module due to a programmer error, and will have to wait for a new release.) In the meantime, the easiest way to get the machine running again is to prevent the module from being loaded. We can do this in one of two ways:

  • If the module is being loaded during the execution of the initramfs, reboot with the kernel parameter rd.blacklist=firewire_core.
  • Otherwise reboot with the kernel parameter module_blacklist=firewire_core.

Reboot into root shell and fix problem

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: rd.rescue and rd.emergency will not work since the root account in the initrmafs is locked. (Discuss in Talk:Kernel)

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: The keyboard does not work in rd.emergency so it cannot be used. (Discuss in Talk:Kernel)

You will need a root shell to make changes to the system so the panic no longer occurs. If the panic occurs on boot, there are several strategies to obtain a root shell before the machine deadlocks:

  • Reboot with the kernel parameter emergency, rd.emergency, or -b to receive a prompt to login just after the root filesystem is mounted and systemd is started.
Note: At this point, the root filesystem will be mounted read-only. Execute mount -o remount,rw / as the root user to make changes.
  • Reboot with the kernel parameter rescue, rd.rescue, single, s, S, or 1 to receive a prompt to login just after local filesystems are mounted.
  • Reboot with the kernel parameter systemd.debug_shell to obtain a very early root shell on tty9. Switch to it with by pressing Ctrl+Alt+F9.
  • Experiment by rebooting with different sets of kernel parameters to possibly disable the kernel feature that is causing the panic. Try the "old standbys" acpi=off and nolapic.
Tip: See kernel-parameters.html for all kernel parameters.
  • As a last resort, boot with an Arch Linux installation medium and mount the root filesystem on /mnt then execute arch-chroot /mnt as the root user.
  • Disable the service or program that is causing the panic, roll-back a faulty update, or fix a configuration problem.
Tip: It may be necessary to generate a new initial ramdisk image if the original became corrupted. This can occur when a kernel update is interrupted. For creating a new one, see mkinitcpio.

Debugging regressions

See General troubleshooting#Debugging regressions.

Try linux-mainlineAUR to check if the issue is already fixed upstream. The stickied comment also mentions a repository which contains already built kernels, so it may not be necessary to build it manually, which can take some time.

It may also be worth considering trying the LTS kernel (linux-lts) to debug issues which did not appear recently. Older versions of the LTS kernel can be found in the Arch Linux Archive.

If the issue still persists, bisect linux-gitAUR and report the bug on the kernel bugzilla. It is important to try the "vanilla" version without any patches to make sure it is not related to them. If a patch causes the issue, report it to the author of the patch.

Note: Bisecting the kernel can take a lot of time since it may need to be rebuilt many times.

See also