How to enable 'devices' and 'freezer' in Kconfig file

Ask Fedora
, ,
1

Hello,

I am trying to set up kvm and qemu by following this tutorial: How Do I Properly Install KVM on Linux (2024)

However, I am stuck at step 6 " Validate Host Virtualization Setup" because I am getting to following output:

user@fedora ~> virt-host-validate
  QEMU: Checking for hardware virtualization                                 : PASS
  QEMU: Checking if device /dev/kvm exists                                   : PASS
  QEMU: Checking if device /dev/kvm is accessible                            : PASS
  QEMU: Checking if device /dev/vhost-net exists                             : PASS
  QEMU: Checking if device /dev/net/tun exists                               : PASS
  QEMU: Checking for cgroup 'cpu' controller support                         : PASS
  QEMU: Checking for cgroup 'cpuacct' controller support                     : PASS
  QEMU: Checking for cgroup 'cpuset' controller support                      : PASS
  QEMU: Checking for cgroup 'memory' controller support                      : PASS
  QEMU: Checking for cgroup 'devices' controller support                     : WARN (Enable 'devices' in kernel Kconfig file or mount/enable cgroup controller in your system)
  QEMU: Checking for cgroup 'blkio' controller support                       : PASS
  QEMU: Checking for device assignment IOMMU support                         : PASS
  QEMU: Checking if IOMMU is enabled by kernel                               : PASS
  QEMU: Checking for secure guest support                                    : WARN (Unknown if this platform has Secure Guest support)
   LXC: Checking for Linux >= 2.6.26                                         : PASS
   LXC: Checking for namespace ipc                                           : PASS
   LXC: Checking for namespace mnt                                           : PASS
   LXC: Checking for namespace pid                                           : PASS
   LXC: Checking for namespace uts                                           : PASS
   LXC: Checking for namespace net                                           : PASS
   LXC: Checking for namespace user                                          : PASS
   LXC: Checking for cgroup 'cpu' controller support                         : PASS
   LXC: Checking for cgroup 'cpuacct' controller support                     : PASS
   LXC: Checking for cgroup 'cpuset' controller support                      : PASS
   LXC: Checking for cgroup 'memory' controller support                      : PASS
   LXC: Checking for cgroup 'devices' controller support                     : FAIL (Enable 'devices' in kernel Kconfig file or mount/enable cgroup controller in your system)
   LXC: Checking for cgroup 'freezer' controller support                     : FAIL (Enable 'freezer' in kernel Kconfig file or mount/enable cgroup controller in your system)
   LXC: Checking for cgroup 'blkio' controller support                       : PASS
   LXC: Checking if device /sys/fs/fuse/connections exists                   : PASS

Also, SEV does not seem to be enabled because:

user@fedora ~> lscpu |grep sev
user@fedora ~> cat /sys/module/kvm_amd/parameters/sev
N

Unfortunately, adding the following parameters to the variable “GRUB_CMDLINE_LINUX” in /etc/sysconfig/grub:

GRUB_CMDLINE_LINUX="mem_encrypt=on kvm_amd.sev=1 cgroup_enable=devices cgroup_enable=freezer"

and running

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

followed by a reboot did not have any effect.

I am running Fedora 40 on a quite recent Lenovo ThinkPad with an AMD Ryzen 7 PRO 7840U w/ Radeon 780M Graphics.

Any ideas how to solve this issue?

Thank you very much for your support!

2

Hello,
adding

intel_iommu=on systemd.unified_cgroup_hierarchy=0

to the variable GRUB_CMDLINE_LINUX in /etc/sysconfig/grub and running

grub2-mkconfig -o /boot/grub2/grub.cfg

seems to have solved the problem:

user@fedora ~> virt-host-validate
  QEMU: Checking for hardware virtualization                                 : PASS
  QEMU: Checking if device /dev/kvm exists                                   : PASS
  QEMU: Checking if device /dev/kvm is accessible                            : PASS
  QEMU: Checking if device /dev/vhost-net exists                             : PASS
  QEMU: Checking if device /dev/net/tun exists                               : PASS
  QEMU: Checking for cgroup 'cpu' controller support                         : PASS
  QEMU: Checking for cgroup 'cpuacct' controller support                     : PASS
  QEMU: Checking for cgroup 'cpuset' controller support                      : PASS
  QEMU: Checking for cgroup 'memory' controller support                      : PASS
  QEMU: Checking for cgroup 'devices' controller support                     : PASS
  QEMU: Checking for cgroup 'blkio' controller support                       : PASS
  QEMU: Checking for device assignment IOMMU support                         : PASS
  QEMU: Checking if IOMMU is enabled by kernel                               : PASS
  QEMU: Checking for secure guest support                                    : WARN (Unknown if this platform has Secure Guest support)
   LXC: Checking for Linux >= 2.6.26                                         : PASS
   LXC: Checking for namespace ipc                                           : PASS
   LXC: Checking for namespace mnt                                           : PASS
   LXC: Checking for namespace pid                                           : PASS
   LXC: Checking for namespace uts                                           : PASS
   LXC: Checking for namespace net                                           : PASS
   LXC: Checking for namespace user                                          : PASS
   LXC: Checking for cgroup 'cpu' controller support                         : PASS
   LXC: Checking for cgroup 'cpuacct' controller support                     : PASS
   LXC: Checking for cgroup 'cpuset' controller support                      : PASS
   LXC: Checking for cgroup 'memory' controller support                      : PASS
   LXC: Checking for cgroup 'devices' controller support                     : PASS
   LXC: Checking for cgroup 'freezer' controller support                     : PASS
   LXC: Checking for cgroup 'blkio' controller support                       : PASS
   LXC: Checking if device /sys/fs/fuse/connections exists                   : PASS
3

I encountered the same error, and after researching the need to use freezer, I found out that it is not needed when using cgroup2. If systemd.unified_cgroup_hierarchy=0 is added in the GRUB’s command line, it is forcing your system to use cgroups1 which is being deprecated.

I noticed that when I tried to run podman, and I got a warning advising that I was using cgroup1. Once I removed the line, the message disappeared.

As I understand, the FAIL message from virt-host-validate is irrelevant for a system using cgroup2, because cgroup_freezer should be disabled. Info here

The other parameters enhance the performance for an hypervisor. Enabling I/O Memory Management Unit (IOMMU) will allow devices with SR-IO capabilities to expose Virtual Functions (VF’s) to the VM, and they also will expose Host devices directly to the VM.
They are usually identified as passtrough devices (i.e CPUs).

Intel CPU’s (VT-d and VT-x) will need iommu=pt intel_iommu=on
AMD CPU’s (VT-Vi) will need iommu=pt

In case of AMD, the IOMMU is enabled by default. PT=passthrough

Great documentation HERE