Open nijek opened 2 years ago
@nijek Do you have a custom kernel installed?
Kind of looks like what happened here as well https://github.com/igo95862/cfs-zen-tweaks/issues/1#issuecomment-974662838 .
Try running cat /proc/version
or cat /proc/version_signature
and posting output.
I tried Ubuntu 21.10 in a VM and everything worked fine.
I'm using the default ubuntu kernel. It worked after I disabled secure boot.
nikolai@nikolai:debs$ cat /proc/version Linux version 5.13.0-21-generic (buildd@lgw01-amd64-052) (gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0, GNU ld (GNU Binutils for Ubuntu) 2.37) #21-Ubuntu SMP Tue Oct 19 08:59:28 UTC 2021
nikolai@nikolai:debs$ cat /proc/version_signature Ubuntu 5.13.0-21.21-generic 5.13.18
If I run the script directally I get this:
nikolai@nikolai:cfs-zen-tweaks-1.2.0$ ./set-cfs-zen-tweaks.bash Targeted preemption latency for CPU-bound tasks: 4ms Minimal preemption granularity for CPU-bound tasks: 0.4ms Wake-up granularity: 0.5ms Task migration cost: 0.25ms Amount of runtime to allocate from global to local pool: 3ms Detected kernel <5.13. Using legacy locations. ./set-cfs-zen-tweaks.bash: line 57: /proc/sys/kernel/sched_latency_ns: No such file or directory
If I run the script directally I get this:
You need to run it with sudo, when running manually.
Can confirm that the latency_ns issue is related to secure boot, disabling it on my system made the script work fine, but whenever I re-enable it it stops working again.
Can confirm that the latency_ns issue is related to secure boot, disabling it on my system made the script work fine, but whenever I re-enable it it stops working again.
Good to know. I will add a warning to README and investigate if it can be fixed.
@nijek @not-a-dev-stein I might have found the solution.
Would you mind running zcat /proc/config.gz | grep CONFIG_LSM
and posting output?
This is what I have:
CONFIG_LSM="landlock,lockdown,yama,bpf"
(you can also do cat /sys/kernel/security/lsm
)
The important part here is the lockdown part. When a Secure Boot is enabled it disables all access to /sys/kernel/debug
.
To disable lockdown try modifying boot settings a lsm=
kernel parameter with the list of lsm modules without lockdown. For example, in my case it will be lsm=landlock,yama,bpf
Tried it and got the same error as before.
Tried it and got the same error as before.
If you run cat /sys/kernel/security/lsm
does lockdown still show up?
It didn't, what I got was: capability,yama,selinux,bpf,landlock
Ok I will look in to that more.
People say that using Alt+Sysrq+X might disable lockdown mode: https://unix.stackexchange.com/questions/652867/disable-kernel-lockdown-in-runtime
Also try cat /sys/kernel/security/lockdown
@nijek @not-a-dev-stein I tested on my laptop with Secure Boot enabled and I don't have any issues reading or writing in to debugfs. I believe that both Fedora and Ubuntu ships some tighter security lockdown (because they shipped it before it was included in kernel upstream) but Arch Linux uses the upstream kernel one.
When I do cat /sys/kernel/security/lockdown
on my Secure Boot system I get [none] integrity confidentiality
.
I believe there is a lockdown=
kernel boot parameter that controls the level of lockdown. Maybe setting it to none
will allow reading/ writing to debugfs.
Hello, I'm using ubuntu 21.10 When I try to "systemctl enable --now set-cfs-tweaks.service" even with sudo I get an error.
when I run systemctl status set-cfs-tweaks.service I get this:
× set-cfs-tweaks.service - Set CFS tweaks Loaded: loaded (/lib/systemd/system/set-cfs-tweaks.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2021-11-24 18:18:45 -03; 10s ago Process: 5499 ExecStart=/usr/sbin/set-cfs-zen-tweaks.bash (code=exited, status=1/FAILURE) Main PID: 5499 (code=exited, status=1/FAILURE) CPU: 13ms
nov 24 18:18:45 nikolai systemd[1]: Starting Set CFS tweaks... nov 24 18:18:45 nikolai set-cfs-zen-tweaks.bash[5499]: Targeted preemption latency for CPU-bound tasks: 4ms nov 24 18:18:45 nikolai set-cfs-zen-tweaks.bash[5499]: Minimal preemption granularity for CPU-bound tasks: 0.4ms nov 24 18:18:45 nikolai set-cfs-zen-tweaks.bash[5499]: Wake-up granularity: 0.5ms nov 24 18:18:45 nikolai set-cfs-zen-tweaks.bash[5499]: Task migration cost: 0.25ms nov 24 18:18:45 nikolai set-cfs-zen-tweaks.bash[5499]: Amount of runtime to allocate from global to local pool: 3ms nov 24 18:18:45 nikolai set-cfs-zen-tweaks.bash[5499]: /usr/sbin/set-cfs-zen-tweaks.bash: line 57: /sys/kernel/debug/sched/latency_ns: Operation not permitted nov 24 18:18:45 nikolai systemd[1]: set-cfs-tweaks.service: Main process exited, code=exited, status=1/FAILURE nov 24 18:18:45 nikolai systemd[1]: set-cfs-tweaks.service: Failed with result 'exit-code'. nov 24 18:18:45 nikolai systemd[1]: Failed to start Set CFS tweaks.