1 =================================== 1 ===================================
2 Documentation for /proc/sys/kernel/ 2 Documentation for /proc/sys/kernel/
3 =================================== 3 ===================================
4 4
5 .. See scripts/check-sysctl-docs to keep this !! 5 kernel version 2.2.10
6 <<
7 6
8 Copyright (c) 1998, 1999, Rik van Riel <riel@n 7 Copyright (c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
9 8
10 Copyright (c) 2009, Shen Feng<shen@cn.fu 9 Copyright (c) 2009, Shen Feng<shen@cn.fujitsu.com>
11 10
12 For general info and legal blurb, please look !! 11 For general info and legal blurb, please look in index.rst.
13 Documentation/admin-guide/sysctl/index.rst. <<
14 12
15 ---------------------------------------------- 13 ------------------------------------------------------------------------------
16 14
17 This file contains documentation for the sysct 15 This file contains documentation for the sysctl files in
18 ``/proc/sys/kernel/``. !! 16 /proc/sys/kernel/ and is valid for Linux kernel version 2.2.
19 17
20 The files in this directory can be used to tun 18 The files in this directory can be used to tune and monitor
21 miscellaneous and general things in the operat 19 miscellaneous and general things in the operation of the Linux
22 kernel. Since some of the files *can* be used !! 20 kernel. Since some of the files _can_ be used to screw up your
23 system, it is advisable to read both documenta 21 system, it is advisable to read both documentation and source
24 before actually making adjustments. 22 before actually making adjustments.
25 23
26 Currently, these files might (depending on you 24 Currently, these files might (depending on your configuration)
27 show up in ``/proc/sys/kernel``: !! 25 show up in /proc/sys/kernel:
28 <<
29 .. contents:: :local: <<
30 26
>> 27 - acct
>> 28 - acpi_video_flags
>> 29 - auto_msgmni
>> 30 - bootloader_type [ X86 only ]
>> 31 - bootloader_version [ X86 only ]
>> 32 - cap_last_cap
>> 33 - core_pattern
>> 34 - core_pipe_limit
>> 35 - core_uses_pid
>> 36 - ctrl-alt-del
>> 37 - dmesg_restrict
>> 38 - domainname
>> 39 - hostname
>> 40 - hotplug
>> 41 - hardlockup_all_cpu_backtrace
>> 42 - hardlockup_panic
>> 43 - hung_task_panic
>> 44 - hung_task_check_count
>> 45 - hung_task_timeout_secs
>> 46 - hung_task_check_interval_secs
>> 47 - hung_task_warnings
>> 48 - hyperv_record_panic_msg
>> 49 - kexec_load_disabled
>> 50 - kptr_restrict
>> 51 - l2cr [ PPC only ]
>> 52 - modprobe ==> Documentation/debugging-modules.txt
>> 53 - modules_disabled
>> 54 - msg_next_id [ sysv ipc ]
>> 55 - msgmax
>> 56 - msgmnb
>> 57 - msgmni
>> 58 - nmi_watchdog
>> 59 - osrelease
>> 60 - ostype
>> 61 - overflowgid
>> 62 - overflowuid
>> 63 - panic
>> 64 - panic_on_oops
>> 65 - panic_on_stackoverflow
>> 66 - panic_on_unrecovered_nmi
>> 67 - panic_on_warn
>> 68 - panic_print
>> 69 - panic_on_rcu_stall
>> 70 - perf_cpu_time_max_percent
>> 71 - perf_event_paranoid
>> 72 - perf_event_max_stack
>> 73 - perf_event_mlock_kb
>> 74 - perf_event_max_contexts_per_stack
>> 75 - pid_max
>> 76 - powersave-nap [ PPC only ]
>> 77 - printk
>> 78 - printk_delay
>> 79 - printk_ratelimit
>> 80 - printk_ratelimit_burst
>> 81 - pty ==> Documentation/filesystems/devpts.txt
>> 82 - randomize_va_space
>> 83 - real-root-dev ==> Documentation/admin-guide/initrd.rst
>> 84 - reboot-cmd [ SPARC only ]
>> 85 - rtsig-max
>> 86 - rtsig-nr
>> 87 - sched_energy_aware
>> 88 - seccomp/ ==> Documentation/userspace-api/seccomp_filter.rst
>> 89 - sem
>> 90 - sem_next_id [ sysv ipc ]
>> 91 - sg-big-buff [ generic SCSI device (sg) ]
>> 92 - shm_next_id [ sysv ipc ]
>> 93 - shm_rmid_forced
>> 94 - shmall
>> 95 - shmmax [ sysv ipc ]
>> 96 - shmmni
>> 97 - softlockup_all_cpu_backtrace
>> 98 - soft_watchdog
>> 99 - stack_erasing
>> 100 - stop-a [ SPARC only ]
>> 101 - sysrq ==> Documentation/admin-guide/sysrq.rst
>> 102 - sysctl_writes_strict
>> 103 - tainted ==> Documentation/admin-guide/tainted-kernels.rst
>> 104 - threads-max
>> 105 - unknown_nmi_panic
>> 106 - watchdog
>> 107 - watchdog_thresh
>> 108 - version
31 109
32 acct <<
33 ==== <<
34 110
35 :: !! 111 acct:
>> 112 =====
36 113
37 highwater lowwater frequency !! 114 highwater lowwater frequency
38 115
39 If BSD-style process accounting is enabled the 116 If BSD-style process accounting is enabled these values control
40 its behaviour. If free space on filesystem whe 117 its behaviour. If free space on filesystem where the log lives
41 goes below ``lowwater``\ % accounting suspends !! 118 goes below <lowwater>% accounting suspends. If free space gets
42 above ``highwater``\ % accounting resumes. ``f !! 119 above <highwater>% accounting resumes. <Frequency> determines
43 how often do we check the amount of free space 120 how often do we check the amount of free space (value is in
44 seconds). Default: 121 seconds). Default:
>> 122 4 2 30
>> 123 That is, suspend accounting if there left <= 2% free; resume it
>> 124 if we got >=4%; consider information about amount of free space
>> 125 valid for 30 seconds.
45 126
46 :: <<
47 <<
48 4 2 30 <<
49 127
50 That is, suspend accounting if free space drop !! 128 acpi_video_flags:
51 if it increases to at least 4%; consider infor !! 129 =================
52 free space valid for 30 seconds. <<
53 <<
54 <<
55 acpi_video_flags <<
56 ================ <<
57 130
58 See Documentation/power/video.rst. This allows !! 131 flags
59 in a similar fashion to the ``acpi_sleep`` ker <<
60 combining the following values: <<
61 <<
62 = ======= <<
63 1 s3_bios <<
64 2 s3_mode <<
65 4 s3_beep <<
66 = ======= <<
67 132
68 arch !! 133 See Doc*/kernel/power/video.txt, it allows mode of video boot to be
69 ==== !! 134 set during run time.
70 135
71 The machine hardware name, the same output as <<
72 (e.g. ``x86_64`` or ``aarch64``). <<
73 136
74 auto_msgmni !! 137 auto_msgmni:
75 =========== !! 138 ============
76 139
77 This variable has no effect and may be removed 140 This variable has no effect and may be removed in future kernel
78 releases. Reading it always returns 0. 141 releases. Reading it always returns 0.
79 Up to Linux 3.17, it enabled/disabled automati !! 142 Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni
80 `msgmni`_ !! 143 upon memory add/remove or upon ipc namespace creation/removal.
81 upon memory add/remove or upon IPC namespace c <<
82 Echoing "1" into this file enabled msgmni auto 144 Echoing "1" into this file enabled msgmni automatic recomputing.
83 Echoing "0" turned it off. The default value w !! 145 Echoing "0" turned it off. auto_msgmni default value was 1.
84 146
85 147
86 bootloader_type (x86 only) !! 148 bootloader_type:
87 ========================== !! 149 ================
>> 150
>> 151 x86 bootloader identification
88 152
89 This gives the bootloader type number as indic 153 This gives the bootloader type number as indicated by the bootloader,
90 shifted left by 4, and OR'd with the low four 154 shifted left by 4, and OR'd with the low four bits of the bootloader
91 version. The reason for this encoding is that 155 version. The reason for this encoding is that this used to match the
92 ``type_of_loader`` field in the kernel header; !! 156 type_of_loader field in the kernel header; the encoding is kept for
93 backwards compatibility. That is, if the full 157 backwards compatibility. That is, if the full bootloader type number
94 is 0x15 and the full version number is 0x234, 158 is 0x15 and the full version number is 0x234, this file will contain
95 the value 340 = 0x154. 159 the value 340 = 0x154.
96 160
97 See the ``type_of_loader`` and ``ext_loader_ty !! 161 See the type_of_loader and ext_loader_type fields in
98 Documentation/arch/x86/boot.rst for additional !! 162 Documentation/x86/boot.rst for additional information.
99 163
100 164
101 bootloader_version (x86 only) !! 165 bootloader_version:
102 ============================= !! 166 ===================
>> 167
>> 168 x86 bootloader version
103 169
104 The complete bootloader version number. In th 170 The complete bootloader version number. In the example above, this
105 file will contain the value 564 = 0x234. 171 file will contain the value 564 = 0x234.
106 172
107 See the ``type_of_loader`` and ``ext_loader_ve !! 173 See the type_of_loader and ext_loader_ver fields in
108 Documentation/arch/x86/boot.rst for additional !! 174 Documentation/x86/boot.rst for additional information.
109 175
110 176
111 bpf_stats_enabled !! 177 cap_last_cap:
112 ================= !! 178 =============
113 <<
114 Controls whether the kernel should collect sta <<
115 (total time spent running, number of times run <<
116 statistics causes a slight reduction in perfor <<
117 run. The statistics can be seen using ``bpftoo <<
118 <<
119 = =================================== <<
120 0 Don't collect statistics (default). <<
121 1 Collect statistics. <<
122 = =================================== <<
123 <<
124 <<
125 cad_pid <<
126 ======= <<
127 <<
128 This is the pid which will be signalled on reb <<
129 Ctrl-Alt-Delete). Writing a value to this file <<
130 correspond to a running process will result in <<
131 <<
132 See also `ctrl-alt-del`_. <<
133 <<
134 <<
135 cap_last_cap <<
136 ============ <<
137 179
138 Highest valid capability of the running kernel 180 Highest valid capability of the running kernel. Exports
139 ``CAP_LAST_CAP`` from the kernel. !! 181 CAP_LAST_CAP from the kernel.
140 182
141 183
142 .. _core_pattern: !! 184 core_pattern:
143 !! 185 =============
144 core_pattern <<
145 ============ <<
146 186
147 ``core_pattern`` is used to specify a core dum !! 187 core_pattern is used to specify a core dumpfile pattern name.
148 188
149 * max length 127 characters; default value is 189 * max length 127 characters; default value is "core"
150 * ``core_pattern`` is used as a pattern templa !! 190 * core_pattern is used as a pattern template for the output filename;
151 filename; certain string patterns (beginning !! 191 certain string patterns (beginning with '%') are substituted with
152 substituted with their actual values. !! 192 their actual values.
153 * backward compatibility with ``core_uses_pid` !! 193 * backward compatibility with core_uses_pid:
154 194
155 If ``core_pattern`` does not include " !! 195 If core_pattern does not include "%p" (default does not)
156 and ``core_uses_pid`` is set, then .PI !! 196 and core_uses_pid is set, then .PID will be appended to
157 the filename. 197 the filename.
158 198
159 * corename format specifiers !! 199 * corename format specifiers::
160 200
161 ======== ====================== !! 201 %<NUL> '%' is dropped
162 %<NUL> '%' is dropped !! 202 %% output one '%'
163 %% output one '%' !! 203 %p pid
164 %p pid !! 204 %P global pid (init PID namespace)
165 %P global pid (init PID n !! 205 %i tid
166 %i tid !! 206 %I global tid (init PID namespace)
167 %I global tid (init PID n !! 207 %u uid (in initial user namespace)
168 %u uid (in initial user n !! 208 %g gid (in initial user namespace)
169 %g gid (in initial user n !! 209 %d dump mode, matches PR_SET_DUMPABLE and
170 %d dump mode, matches ``P !! 210 /proc/sys/fs/suid_dumpable
171 ``/proc/sys/fs/suid_du !! 211 %s signal number
172 %s signal number !! 212 %t UNIX time of dump
173 %t UNIX time of dump !! 213 %h hostname
174 %h hostname !! 214 %e executable filename (may be shortened)
175 %e executable filename (m !! 215 %E executable path
176 %f executable filename !! 216 %<OTHER> both are dropped
177 %E executable path <<
178 %c maximum size of core f <<
179 %C CPU the task ran on <<
180 %<OTHER> both are dropped <<
181 ======== ====================== <<
182 217
183 * If the first character of the pattern is a ' 218 * If the first character of the pattern is a '|', the kernel will treat
184 the rest of the pattern as a command to run. 219 the rest of the pattern as a command to run. The core dump will be
185 written to the standard input of that progra 220 written to the standard input of that program instead of to a file.
186 221
187 222
188 core_pipe_limit !! 223 core_pipe_limit:
189 =============== !! 224 ================
190 225
191 This sysctl is only applicable when `core_patt !! 226 This sysctl is only applicable when core_pattern is configured to pipe
192 pipe core files to a user space helper (when t !! 227 core files to a user space helper (when the first character of
193 ``core_pattern`` is a '|', see above). !! 228 core_pattern is a '|', see above). When collecting cores via a pipe
194 When collecting cores via a pipe to an applica !! 229 to an application, it is occasionally useful for the collecting
195 useful for the collecting application to gathe !! 230 application to gather data about the crashing process from its
196 crashing process from its ``/proc/pid`` direct !! 231 /proc/pid directory. In order to do this safely, the kernel must wait
197 In order to do this safely, the kernel must wa !! 232 for the collecting process to exit, so as not to remove the crashing
198 process to exit, so as not to remove the crash !! 233 processes proc files prematurely. This in turn creates the
199 prematurely. !! 234 possibility that a misbehaving userspace collecting process can block
200 This in turn creates the possibility that a mi !! 235 the reaping of a crashed process simply by never exiting. This sysctl
201 collecting process can block the reaping of a !! 236 defends against that. It defines how many concurrent crashing
202 by never exiting. !! 237 processes may be piped to user space applications in parallel. If
203 This sysctl defends against that. !! 238 this value is exceeded, then those crashing processes above that value
204 It defines how many concurrent crashing proces !! 239 are noted via the kernel log and their cores are skipped. 0 is a
205 space applications in parallel. !! 240 special value, indicating that unlimited processes may be captured in
206 If this value is exceeded, then those crashing !! 241 parallel, but that no waiting will take place (i.e. the collecting
207 value are noted via the kernel log and their c !! 242 process is not guaranteed access to /proc/<crashing pid>/). This
208 0 is a special value, indicating that unlimite !! 243 value defaults to 0.
209 captured in parallel, but that no waiting will <<
210 collecting process is not guaranteed access to <<
211 pid>/``). <<
212 This value defaults to 0. <<
213 244
214 245
215 core_uses_pid !! 246 core_uses_pid:
216 ============= !! 247 ==============
217 248
218 The default coredump filename is "core". By s 249 The default coredump filename is "core". By setting
219 ``core_uses_pid`` to 1, the coredump filename !! 250 core_uses_pid to 1, the coredump filename becomes core.PID.
220 If `core_pattern`_ does not include "%p" (defa !! 251 If core_pattern does not include "%p" (default does not)
221 and ``core_uses_pid`` is set, then .PID will b !! 252 and core_uses_pid is set, then .PID will be appended to
222 the filename. 253 the filename.
223 254
224 255
225 ctrl-alt-del !! 256 ctrl-alt-del:
226 ============ !! 257 =============
227 258
228 When the value in this file is 0, ctrl-alt-del 259 When the value in this file is 0, ctrl-alt-del is trapped and
229 sent to the ``init(1)`` program to handle a gr !! 260 sent to the init(1) program to handle a graceful restart.
230 When, however, the value is > 0, Linux's react 261 When, however, the value is > 0, Linux's reaction to a Vulcan
231 Nerve Pinch (tm) will be an immediate reboot, 262 Nerve Pinch (tm) will be an immediate reboot, without even
232 syncing its dirty buffers. 263 syncing its dirty buffers.
233 264
234 Note: 265 Note:
235 when a program (like dosemu) has the keyboar 266 when a program (like dosemu) has the keyboard in 'raw'
236 mode, the ctrl-alt-del is intercepted by the 267 mode, the ctrl-alt-del is intercepted by the program before it
237 ever reaches the kernel tty layer, and it's 268 ever reaches the kernel tty layer, and it's up to the program
238 to decide what to do with it. 269 to decide what to do with it.
239 270
240 271
241 dmesg_restrict !! 272 dmesg_restrict:
242 ============== !! 273 ===============
243 274
244 This toggle indicates whether unprivileged use 275 This toggle indicates whether unprivileged users are prevented
245 from using ``dmesg(8)`` to view messages from !! 276 from using dmesg(8) to view messages from the kernel's log buffer.
246 buffer. !! 277 When dmesg_restrict is set to (0) there are no restrictions. When
247 When ``dmesg_restrict`` is set to 0 there are !! 278 dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
248 When ``dmesg_restrict`` is set to 1, users mus !! 279 dmesg(8).
249 ``CAP_SYSLOG`` to use ``dmesg(8)``. <<
250 280
251 The kernel config option ``CONFIG_SECURITY_DME !! 281 The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the
252 default value of ``dmesg_restrict``. !! 282 default value of dmesg_restrict.
253 283
254 284
255 domainname & hostname !! 285 domainname & hostname:
256 ===================== !! 286 ======================
257 287
258 These files can be used to set the NIS/YP doma 288 These files can be used to set the NIS/YP domainname and the
259 hostname of your box in exactly the same way a 289 hostname of your box in exactly the same way as the commands
260 domainname and hostname, i.e.:: 290 domainname and hostname, i.e.::
261 291
262 # echo "darkstar" > /proc/sys/kernel/h 292 # echo "darkstar" > /proc/sys/kernel/hostname
263 # echo "mydomain" > /proc/sys/kernel/d 293 # echo "mydomain" > /proc/sys/kernel/domainname
264 294
265 has the same effect as:: 295 has the same effect as::
266 296
267 # hostname "darkstar" 297 # hostname "darkstar"
268 # domainname "mydomain" 298 # domainname "mydomain"
269 299
270 Note, however, that the classic darkstar.frop. 300 Note, however, that the classic darkstar.frop.org has the
271 hostname "darkstar" and DNS (Internet Domain N 301 hostname "darkstar" and DNS (Internet Domain Name Server)
272 domainname "frop.org", not to be confused with 302 domainname "frop.org", not to be confused with the NIS (Network
273 Information Service) or YP (Yellow Pages) doma 303 Information Service) or YP (Yellow Pages) domainname. These two
274 domain names are in general different. For a d 304 domain names are in general different. For a detailed discussion
275 see the ``hostname(1)`` man page. !! 305 see the hostname(1) man page.
276 <<
277 <<
278 firmware_config <<
279 =============== <<
280 <<
281 See Documentation/driver-api/firmware/fallback <<
282 <<
283 The entries in this directory allow the firmwa <<
284 fallback to be controlled: <<
285 <<
286 * ``force_sysfs_fallback``, when set to 1, for <<
287 fallback; <<
288 * ``ignore_sysfs_fallback``, when set to 1, ig <<
289 <<
290 <<
291 ftrace_dump_on_oops <<
292 =================== <<
293 <<
294 Determines whether ``ftrace_dump()`` should be <<
295 kernel panic). This will output the contents o <<
296 the console. This is very useful for capturin <<
297 crashes and outputting them to a serial consol <<
298 <<
299 ======================= ====================== <<
300 0 Disabled (default). <<
301 1 Dump buffers of all CP <<
302 2(orig_cpu) Dump the buffer of the <<
303 oops. <<
304 <instance> Dump the specific inst <<
305 <instance>=2(orig_cpu) Dump the specific inst <<
306 that triggered the oop <<
307 ======================= ====================== <<
308 <<
309 Multiple instance dump is also supported, and <<
310 by commas. If global buffer also needs to be d <<
311 the dump mode (1/2/orig_cpu) first for global <<
312 <<
313 So for example to dump "foo" and "bar" instanc <<
314 user can:: <<
315 306
316 echo "foo,bar" > /proc/sys/kernel/ftrace_dum <<
317 307
318 To dump global buffer and "foo" instance buffe !! 308 hardlockup_all_cpu_backtrace:
319 CPUs along with the "bar" instance buffer on C !! 309 =============================
320 oops, user can:: <<
321 <<
322 echo "1,foo,bar=2" > /proc/sys/kernel/ftrace <<
323 <<
324 ftrace_enabled, stack_tracer_enabled <<
325 ==================================== <<
326 <<
327 See Documentation/trace/ftrace.rst. <<
328 <<
329 <<
330 hardlockup_all_cpu_backtrace <<
331 ============================ <<
332 310
333 This value controls the hard lockup detector b 311 This value controls the hard lockup detector behavior when a hard
334 lockup condition is detected as to whether or 312 lockup condition is detected as to whether or not to gather further
335 debug information. If enabled, arch-specific a 313 debug information. If enabled, arch-specific all-CPU stack dumping
336 will be initiated. 314 will be initiated.
337 315
338 = ============================================ !! 316 0: do nothing. This is the default behavior.
339 0 Do nothing. This is the default behavior. <<
340 1 On detection capture more debug information. <<
341 = ============================================ <<
342 317
>> 318 1: on detection capture more debug information.
343 319
344 hardlockup_panic !! 320
345 ================ !! 321 hardlockup_panic:
>> 322 =================
346 323
347 This parameter can be used to control whether 324 This parameter can be used to control whether the kernel panics
348 when a hard lockup is detected. 325 when a hard lockup is detected.
349 326
350 = =========================== !! 327 0 - don't panic on hard lockup
351 0 Don't panic on hard lockup. !! 328 1 - panic on hard lockup
352 1 Panic on hard lockup. <<
353 = =========================== <<
354 329
355 See Documentation/admin-guide/lockup-watchdogs !! 330 See Documentation/admin-guide/lockup-watchdogs.rst for more information. This can
356 This can also be set using the nmi_watchdog ke !! 331 also be set using the nmi_watchdog kernel parameter.
357 332
358 333
359 hotplug !! 334 hotplug:
360 ======= !! 335 ========
361 336
362 Path for the hotplug policy agent. 337 Path for the hotplug policy agent.
363 Default value is ``CONFIG_UEVENT_HELPER_PATH`` !! 338 Default value is "/sbin/hotplug".
364 to the empty string. <<
365 <<
366 This file only exists when ``CONFIG_UEVENT_HEL <<
367 modern systems rely exclusively on the netlink <<
368 don't need this. <<
369 <<
370 <<
371 hung_task_all_cpu_backtrace <<
372 =========================== <<
373 <<
374 If this option is set, the kernel will send an <<
375 their backtraces when a hung task is detected. <<
376 CONFIG_DETECT_HUNG_TASK and CONFIG_SMP are ena <<
377 <<
378 0: Won't show all CPUs backtraces when a hung <<
379 This is the default behavior. <<
380 339
381 1: Will non-maskably interrupt all CPUs and du <<
382 a hung task is detected. <<
383 340
384 !! 341 hung_task_panic:
385 hung_task_panic !! 342 ================
386 =============== <<
387 343
388 Controls the kernel's behavior when a hung tas 344 Controls the kernel's behavior when a hung task is detected.
389 This file shows up if ``CONFIG_DETECT_HUNG_TAS !! 345 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
390 346
391 = ============================================ !! 347 0: continue operation. This is the default behavior.
392 0 Continue operation. This is the default beha <<
393 1 Panic immediately. <<
394 = ============================================ <<
395 348
>> 349 1: panic immediately.
396 350
397 hung_task_check_count !! 351
398 ===================== !! 352 hung_task_check_count:
>> 353 ======================
399 354
400 The upper bound on the number of tasks that ar 355 The upper bound on the number of tasks that are checked.
401 This file shows up if ``CONFIG_DETECT_HUNG_TAS !! 356 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
402 357
403 358
404 hung_task_timeout_secs !! 359 hung_task_timeout_secs:
405 ====================== !! 360 =======================
406 361
407 When a task in D state did not get scheduled 362 When a task in D state did not get scheduled
408 for more than this value report a warning. 363 for more than this value report a warning.
409 This file shows up if ``CONFIG_DETECT_HUNG_TAS !! 364 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
410 365
411 0 means infinite timeout, no checking is done. !! 366 0: means infinite timeout - no checking done.
412 367
413 Possible values to set are in range {0:``LONG_ !! 368 Possible values to set are in range {0..LONG_MAX/HZ}.
414 369
415 370
416 hung_task_check_interval_secs !! 371 hung_task_check_interval_secs:
417 ============================= !! 372 ==============================
418 373
419 Hung task check interval. If hung task checkin 374 Hung task check interval. If hung task checking is enabled
420 (see `hung_task_timeout_secs`_), the check is !! 375 (see hung_task_timeout_secs), the check is done every
421 ``hung_task_check_interval_secs`` seconds. !! 376 hung_task_check_interval_secs seconds.
422 This file shows up if ``CONFIG_DETECT_HUNG_TAS !! 377 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
423 378
424 0 (default) means use ``hung_task_timeout_secs !! 379 0 (default): means use hung_task_timeout_secs as checking interval.
425 interval. !! 380 Possible values to set are in range {0..LONG_MAX/HZ}.
426 381
427 Possible values to set are in range {0:``LONG_ <<
428 382
429 !! 383 hung_task_warnings:
430 hung_task_warnings !! 384 ===================
431 ================== <<
432 385
433 The maximum number of warnings to report. Duri 386 The maximum number of warnings to report. During a check interval
434 if a hung task is detected, this value is decr 387 if a hung task is detected, this value is decreased by 1.
435 When this value reaches 0, no more warnings wi 388 When this value reaches 0, no more warnings will be reported.
436 This file shows up if ``CONFIG_DETECT_HUNG_TAS !! 389 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
437 390
438 -1: report an infinite number of warnings. 391 -1: report an infinite number of warnings.
439 392
440 393
441 hyperv_record_panic_msg !! 394 hyperv_record_panic_msg:
442 ======================= !! 395 ========================
443 396
444 Controls whether the panic kmsg data should be 397 Controls whether the panic kmsg data should be reported to Hyper-V.
445 398
446 = ============================================ !! 399 0: do not report panic kmsg data.
447 0 Do not report panic kmsg data. <<
448 1 Report the panic kmsg data. This is the defa <<
449 = ============================================ <<
450 400
>> 401 1: report the panic kmsg data. This is the default behavior.
451 402
452 ignore-unaligned-usertrap <<
453 ========================= <<
454 <<
455 On architectures where unaligned accesses caus <<
456 feature is supported (``CONFIG_SYSCTL_ARCH_UNA <<
457 currently, ``arc``, ``parisc`` and ``loongarch <<
458 unaligned traps are logged. <<
459 <<
460 = ============================================ <<
461 0 Log all unaligned accesses. <<
462 1 Only warn the first time a process traps. Th <<
463 setting. <<
464 = ============================================ <<
465 <<
466 See also `unaligned-trap`_. <<
467 403
468 io_uring_disabled !! 404 kexec_load_disabled:
469 ================= !! 405 ====================
470 <<
471 Prevents all processes from creating new io_ur <<
472 shrinks the kernel's attack surface. <<
473 406
474 = ============================================ !! 407 A toggle indicating if the kexec_load syscall has been disabled. This
475 0 All processes can create io_uring instances !! 408 value defaults to 0 (false: kexec_load enabled), but can be set to 1
476 default setting. !! 409 (true: kexec_load disabled). Once true, kexec can no longer be used, and
477 1 io_uring creation is disabled (io_uring_setu !! 410 the toggle cannot be set back to false. This allows a kexec image to be
478 -EPERM) for unprivileged processes not in th !! 411 loaded before disabling the syscall, allowing a system to set up (and
479 Existing io_uring instances can still be use !! 412 later use) an image without it being altered. Generally used together
480 documentation for io_uring_group for more in !! 413 with the "modules_disabled" sysctl.
481 2 io_uring creation is disabled for all proces <<
482 always fails with -EPERM. Existing io_uring <<
483 used. <<
484 = ============================================ <<
485 414
486 415
487 io_uring_group !! 416 kptr_restrict:
488 ============== 417 ==============
489 418
490 When io_uring_disabled is set to 1, a process !! 419 This toggle indicates whether restrictions are placed on
491 privileged (CAP_SYS_ADMIN) or be in the io_uri !! 420 exposing kernel addresses via /proc and other interfaces.
492 to create an io_uring instance. If io_uring_g <<
493 default), only processes with the CAP_SYS_ADMI <<
494 io_uring instances. <<
495 <<
496 <<
497 kexec_load_disabled <<
498 =================== <<
499 <<
500 A toggle indicating if the syscalls ``kexec_lo <<
501 ``kexec_file_load`` have been disabled. <<
502 This value defaults to 0 (false: ``kexec_*load <<
503 set to 1 (true: ``kexec_*load`` disabled). <<
504 Once true, kexec can no longer be used, and th <<
505 back to false. <<
506 This allows a kexec image to be loaded before <<
507 allowing a system to set up (and later use) an <<
508 altered. <<
509 Generally used together with the `modules_disa <<
510 <<
511 kexec_load_limit_panic <<
512 ====================== <<
513 <<
514 This parameter specifies a limit to the number <<
515 ``kexec_load`` and ``kexec_file_load`` can be <<
516 image. It can only be set with a more restrict <<
517 current one. <<
518 <<
519 == =========================================== <<
520 -1 Unlimited calls to kexec. This is the defau <<
521 N Number of calls left. <<
522 == =========================================== <<
523 421
524 kexec_load_limit_reboot !! 422 When kptr_restrict is set to 0 (the default) the address is hashed before
525 ======================= !! 423 printing. (This is the equivalent to %p.)
526 424
527 Similar functionality as ``kexec_load_limit_pa !! 425 When kptr_restrict is set to (1), kernel pointers printed using the %pK
528 image. !! 426 format specifier will be replaced with 0's unless the user has CAP_SYSLOG
>> 427 and effective user and group ids are equal to the real ids. This is
>> 428 because %pK checks are done at read() time rather than open() time, so
>> 429 if permissions are elevated between the open() and the read() (e.g via
>> 430 a setuid binary) then %pK will not leak kernel pointers to unprivileged
>> 431 users. Note, this is a temporary solution only. The correct long-term
>> 432 solution is to do the permission checks at open() time. Consider removing
>> 433 world read permissions from files that use %pK, and using dmesg_restrict
>> 434 to protect against uses of %pK in dmesg(8) if leaking kernel pointer
>> 435 values to unprivileged users is a concern.
529 436
530 kptr_restrict !! 437 When kptr_restrict is set to (2), kernel pointers printed using
531 ============= !! 438 %pK will be replaced with 0's regardless of privileges.
532 439
533 This toggle indicates whether restrictions are <<
534 exposing kernel addresses via ``/proc`` and ot <<
535 440
536 When ``kptr_restrict`` is set to 0 (the defaul !! 441 l2cr: (PPC only)
537 before printing. !! 442 ================
538 (This is the equivalent to %p.) <<
539 <<
540 When ``kptr_restrict`` is set to 1, kernel poi <<
541 %pK format specifier will be replaced with 0s <<
542 ``CAP_SYSLOG`` and effective user and group id <<
543 ids. <<
544 This is because %pK checks are done at read() <<
545 time, so if permissions are elevated between t <<
546 (e.g via a setuid binary) then %pK will not le <<
547 unprivileged users. <<
548 Note, this is a temporary solution only. <<
549 The correct long-term solution is to do the pe <<
550 open() time. <<
551 Consider removing world read permissions from <<
552 using `dmesg_restrict`_ to protect against use <<
553 if leaking kernel pointer values to unprivileg <<
554 <<
555 When ``kptr_restrict`` is set to 2, kernel poi <<
556 %pK will be replaced with 0s regardless of pri <<
557 443
>> 444 This flag controls the L2 cache of G3 processor boards. If
>> 445 0, the cache is disabled. Enabled if nonzero.
558 446
559 modprobe <<
560 ======== <<
561 447
562 The full path to the usermode helper for autol !! 448 modules_disabled:
563 by default ``CONFIG_MODPROBE_PATH``, which in !! 449 =================
564 "/sbin/modprobe". This binary is executed whe <<
565 module. For example, if userspace passes an u <<
566 to mount(), then the kernel will automatically <<
567 corresponding filesystem module by executing t <<
568 This usermode helper should insert the needed <<
569 <<
570 This sysctl only affects module autoloading. <<
571 ability to explicitly insert modules. <<
572 <<
573 This sysctl can be used to debug module loadin <<
574 <<
575 echo '#! /bin/sh' > /tmp/modprobe <<
576 echo 'echo "$@" >> /tmp/modprobe.log' >> / <<
577 echo 'exec /sbin/modprobe "$@"' >> /tmp/mo <<
578 chmod a+x /tmp/modprobe <<
579 echo /tmp/modprobe > /proc/sys/kernel/modp <<
580 <<
581 Alternatively, if this sysctl is set to the em <<
582 autoloading is completely disabled. The kerne <<
583 execute a usermode helper at all, nor will it <<
584 kernel_module_request LSM hook. <<
585 <<
586 If CONFIG_STATIC_USERMODEHELPER=y is set in th <<
587 then the configured static usermode helper ove <<
588 except that the empty string is still accepted <<
589 module autoloading as described above. <<
590 <<
591 modules_disabled <<
592 ================ <<
593 450
594 A toggle value indicating if modules are allow 451 A toggle value indicating if modules are allowed to be loaded
595 in an otherwise modular kernel. This toggle d 452 in an otherwise modular kernel. This toggle defaults to off
596 (0), but can be set true (1). Once true, modu 453 (0), but can be set true (1). Once true, modules can be
597 neither loaded nor unloaded, and the toggle ca 454 neither loaded nor unloaded, and the toggle cannot be set back
598 to false. Generally used with the `kexec_load !! 455 to false. Generally used with the "kexec_load_disabled" toggle.
599 <<
600 <<
601 .. _msgmni: <<
602 <<
603 msgmax, msgmnb, and msgmni <<
604 ========================== <<
605 <<
606 ``msgmax`` is the maximum size of an IPC messa <<
607 default (``MSGMAX``). <<
608 456
609 ``msgmnb`` is the maximum size of an IPC queue <<
610 default (``MSGMNB``). <<
611 457
612 ``msgmni`` is the maximum number of IPC queues !! 458 msg_next_id, sem_next_id, and shm_next_id:
613 (``MSGMNI``). !! 459 ==========================================
614 <<
615 All of these parameters are set per ipc namesp <<
616 in POSIX message queues is limited by ``RLIMIT <<
617 respected hierarchically in the each user name <<
618 <<
619 msg_next_id, sem_next_id, and shm_next_id (Sys <<
620 ============================================== <<
621 460
622 These three toggles allows to specify desired 461 These three toggles allows to specify desired id for next allocated IPC
623 object: message, semaphore or shared memory re 462 object: message, semaphore or shared memory respectively.
624 463
625 By default they are equal to -1, which means g 464 By default they are equal to -1, which means generic allocation logic.
626 Possible values to set are in range {0:``INT_M !! 465 Possible values to set are in range {0..INT_MAX}.
627 466
628 Notes: 467 Notes:
629 1) kernel doesn't guarantee, that new object 468 1) kernel doesn't guarantee, that new object will have desired id. So,
630 it's up to userspace, how to handle an ob 469 it's up to userspace, how to handle an object with "wrong" id.
631 2) Toggle with non-default value will be set 470 2) Toggle with non-default value will be set back to -1 by kernel after
632 successful IPC object allocation. If an I 471 successful IPC object allocation. If an IPC object allocation syscall
633 fails, it is undefined if the value remai 472 fails, it is undefined if the value remains unmodified or is reset to -1.
634 473
635 474
636 ngroups_max !! 475 nmi_watchdog:
637 =========== !! 476 =============
638 <<
639 Maximum number of supplementary groups, _i.e._ <<
640 ``setgroups`` will accept. Exports ``NGROUPS_M <<
641 <<
642 <<
643 <<
644 nmi_watchdog <<
645 ============ <<
646 477
647 This parameter can be used to control the NMI 478 This parameter can be used to control the NMI watchdog
648 (i.e. the hard lockup detector) on x86 systems 479 (i.e. the hard lockup detector) on x86 systems.
649 480
650 = ================================= !! 481 0 - disable the hard lockup detector
651 0 Disable the hard lockup detector. !! 482
652 1 Enable the hard lockup detector. !! 483 1 - enable the hard lockup detector
653 = ================================= <<
654 484
655 The hard lockup detector monitors each CPU for 485 The hard lockup detector monitors each CPU for its ability to respond to
656 timer interrupts. The mechanism utilizes CPU p 486 timer interrupts. The mechanism utilizes CPU performance counter registers
657 that are programmed to generate Non-Maskable I 487 that are programmed to generate Non-Maskable Interrupts (NMIs) periodically
658 while a CPU is busy. Hence, the alternative na 488 while a CPU is busy. Hence, the alternative name 'NMI watchdog'.
659 489
660 The NMI watchdog is disabled by default if the 490 The NMI watchdog is disabled by default if the kernel is running as a guest
661 in a KVM virtual machine. This default can be 491 in a KVM virtual machine. This default can be overridden by adding::
662 492
663 nmi_watchdog=1 493 nmi_watchdog=1
664 494
665 to the guest kernel command line (see !! 495 to the guest kernel command line (see Documentation/admin-guide/kernel-parameters.rst).
666 Documentation/admin-guide/kernel-parameters.rs <<
667 <<
668 496
669 nmi_wd_lpm_factor (PPC only) <<
670 ============================ <<
671 <<
672 Factor to apply to the NMI watchdog timeout (o <<
673 set to 1). This factor represents the percenta <<
674 ``watchdog_thresh`` when calculating the NMI w <<
675 LPM. The soft lockup timeout is not impacted. <<
676 <<
677 A value of 0 means no change. The default valu <<
678 watchdog is set to 30s (based on ``watchdog_th <<
679 497
>> 498 numa_balancing:
>> 499 ===============
680 500
681 numa_balancing !! 501 Enables/disables automatic page fault based NUMA memory
682 ============== !! 502 balancing. Memory is moved automatically to nodes
683 !! 503 that access it often.
684 Enables/disables and configures automatic page !! 504
685 balancing. Memory is moved automatically to n !! 505 Enables/disables automatic NUMA memory balancing. On NUMA machines, there
686 The value to set can be the result of ORing th !! 506 is a performance penalty if remote memory is accessed by a CPU. When this
687 !! 507 feature is enabled the kernel samples what task thread is accessing memory
688 = ================================= !! 508 by periodically unmapping pages and later trapping a page fault. At the
689 0 NUMA_BALANCING_DISABLED !! 509 time of the page fault, it is determined if the data being accessed should
690 1 NUMA_BALANCING_NORMAL !! 510 be migrated to a local memory node.
691 2 NUMA_BALANCING_MEMORY_TIERING <<
692 = ================================= <<
693 <<
694 Or NUMA_BALANCING_NORMAL to optimize page plac <<
695 NUMA nodes to reduce remote accessing. On NUM <<
696 performance penalty if remote memory is access <<
697 feature is enabled the kernel samples what tas <<
698 memory by periodically unmapping pages and lat <<
699 fault. At the time of the page fault, it is de <<
700 being accessed should be migrated to a local m <<
701 511
702 The unmapping of pages and trapping faults inc 512 The unmapping of pages and trapping faults incur additional overhead that
703 ideally is offset by improved memory locality 513 ideally is offset by improved memory locality but there is no universal
704 guarantee. If the target workload is already b 514 guarantee. If the target workload is already bound to NUMA nodes then this
705 feature should be disabled. !! 515 feature should be disabled. Otherwise, if the system overhead from the
706 !! 516 feature is too high then the rate the kernel samples for NUMA hinting
707 Or NUMA_BALANCING_MEMORY_TIERING to optimize p !! 517 faults may be controlled by the numa_balancing_scan_period_min_ms,
708 different types of memory (represented as diff !! 518 numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms,
709 place the hot pages in the fast memory. This !! 519 numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls.
710 unmapping and page fault too. !! 520
711 !! 521 numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb
712 numa_balancing_promote_rate_limit_MBps !! 522 ===============================================================================================================================
713 ====================================== !! 523
714 !! 524
715 Too high promotion/demotion throughput between !! 525 Automatic NUMA balancing scans tasks address space and unmaps pages to
716 may hurt application latency. This can be use !! 526 detect if pages are properly placed or if the data should be migrated to a
717 promotion throughput. The per-node max promot !! 527 memory node local to where the task is running. Every "scan delay" the task
718 will be limited to be no more than the set val !! 528 scans the next "scan size" number of pages in its address space. When the
719 !! 529 end of the address space is reached the scanner restarts from the beginning.
720 A rule of thumb is to set this to less than 1/ !! 530
721 write bandwidth. !! 531 In combination, the "scan delay" and "scan size" determine the scan rate.
722 !! 532 When "scan delay" decreases, the scan rate increases. The scan delay and
723 oops_all_cpu_backtrace !! 533 hence the scan rate of every task is adaptive and depends on historical
724 ====================== !! 534 behaviour. If pages are properly placed then the scan delay increases,
725 !! 535 otherwise the scan delay decreases. The "scan size" is not adaptive but
726 If this option is set, the kernel will send an !! 536 the higher the "scan size", the higher the scan rate.
727 their backtraces when an oops event occurs. It !! 537
728 resort in case a panic cannot be triggered (to !! 538 Higher scan rates incur higher system overhead as page faults must be
729 example) or kdump can't be collected. This fil !! 539 trapped and potentially data must be migrated. However, the higher the scan
730 is enabled. !! 540 rate, the more quickly a tasks memory is migrated to a local node if the
731 !! 541 workload pattern changes and minimises performance impact due to remote
732 0: Won't show all CPUs backtraces when an oops !! 542 memory accesses. These sysctls control the thresholds for scan delays and
733 This is the default behavior. !! 543 the number of pages scanned.
734 !! 544
735 1: Will non-maskably interrupt all CPUs and du !! 545 numa_balancing_scan_period_min_ms is the minimum time in milliseconds to
736 an oops event is detected. !! 546 scan a tasks virtual memory. It effectively controls the maximum scanning
737 !! 547 rate for each task.
>> 548
>> 549 numa_balancing_scan_delay_ms is the starting "scan delay" used for a task
>> 550 when it initially forks.
>> 551
>> 552 numa_balancing_scan_period_max_ms is the maximum time in milliseconds to
>> 553 scan a tasks virtual memory. It effectively controls the minimum scanning
>> 554 rate for each task.
738 555
739 oops_limit !! 556 numa_balancing_scan_size_mb is how many megabytes worth of pages are
740 ========== !! 557 scanned for a given scan.
741 558
742 Number of kernel oopses after which the kernel <<
743 ``panic_on_oops`` is not set. Setting this to <<
744 the count. Setting this to 1 has the same eff <<
745 ``panic_on_oops=1``. The default value is 1000 <<
746 559
747 !! 560 osrelease, ostype & version:
748 osrelease, ostype & version !! 561 ============================
749 =========================== <<
750 562
751 :: 563 ::
752 564
753 # cat osrelease 565 # cat osrelease
754 2.1.88 566 2.1.88
755 # cat ostype 567 # cat ostype
756 Linux 568 Linux
757 # cat version 569 # cat version
758 #5 Wed Feb 25 21:49:24 MET 1998 570 #5 Wed Feb 25 21:49:24 MET 1998
759 571
760 The files ``osrelease`` and ``ostype`` should !! 572 The files osrelease and ostype should be clear enough. Version
761 ``version`` <<
762 needs a little more clarification however. The 573 needs a little more clarification however. The '#5' means that
763 this is the fifth kernel built from this sourc 574 this is the fifth kernel built from this source base and the
764 date behind it indicates the time the kernel w 575 date behind it indicates the time the kernel was built.
765 The only way to tune these values is to rebuil 576 The only way to tune these values is to rebuild the kernel :-)
766 577
767 578
768 overflowgid & overflowuid !! 579 overflowgid & overflowuid:
769 ========================= !! 580 ==========================
770 581
771 if your architecture did not always support 32 582 if your architecture did not always support 32-bit UIDs (i.e. arm,
772 i386, m68k, sh, and sparc32), a fixed UID and 583 i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to
773 applications that use the old 16-bit UID/GID s 584 applications that use the old 16-bit UID/GID system calls, if the
774 actual UID or GID would exceed 65535. 585 actual UID or GID would exceed 65535.
775 586
776 These sysctls allow you to change the value of 587 These sysctls allow you to change the value of the fixed UID and GID.
777 The default is 65534. 588 The default is 65534.
778 589
779 590
780 panic <<
781 ===== <<
782 <<
783 The value in this file determines the behaviou <<
784 panic: 591 panic:
>> 592 ======
785 593
786 * if zero, the kernel will loop forever; !! 594 The value in this file represents the number of seconds the kernel
787 * if negative, the kernel will reboot immediat !! 595 waits before rebooting on a panic. When you use the software watchdog,
788 * if positive, the kernel will reboot after th !! 596 the recommended setting is 60.
789 of seconds. <<
790 <<
791 When you use the software watchdog, the recomm <<
792 597
793 598
794 panic_on_io_nmi !! 599 panic_on_io_nmi:
795 =============== !! 600 ================
796 601
797 Controls the kernel's behavior when a CPU rece 602 Controls the kernel's behavior when a CPU receives an NMI caused by
798 an IO error. 603 an IO error.
799 604
800 = ============================================ !! 605 0: try to continue operation (default)
801 0 Try to continue operation (default). <<
802 1 Panic immediately. The IO error triggered an <<
803 serious system condition which could result <<
804 Rather than continuing, panicking might be a <<
805 servers issue this sort of NMI when the dump <<
806 and you can use this option to take a crash <<
807 = ============================================ <<
808 606
>> 607 1: panic immediately. The IO error triggered an NMI. This indicates a
>> 608 serious system condition which could result in IO data corruption.
>> 609 Rather than continuing, panicking might be a better choice. Some
>> 610 servers issue this sort of NMI when the dump button is pushed,
>> 611 and you can use this option to take a crash dump.
809 612
810 panic_on_oops !! 613
811 ============= !! 614 panic_on_oops:
>> 615 ==============
812 616
813 Controls the kernel's behaviour when an oops o 617 Controls the kernel's behaviour when an oops or BUG is encountered.
814 618
815 = ============================================ !! 619 0: try to continue operation
816 0 Try to continue operation. <<
817 1 Panic immediately. If the `panic` sysctl is <<
818 machine will be rebooted. <<
819 = ============================================ <<
820 620
>> 621 1: panic immediately. If the `panic` sysctl is also non-zero then the
>> 622 machine will be rebooted.
821 623
822 panic_on_stackoverflow !! 624
823 ====================== !! 625 panic_on_stackoverflow:
>> 626 =======================
824 627
825 Controls the kernel's behavior when detecting 628 Controls the kernel's behavior when detecting the overflows of
826 kernel, IRQ and exception stacks except a user 629 kernel, IRQ and exception stacks except a user stack.
827 This file shows up if ``CONFIG_DEBUG_STACKOVER !! 630 This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled.
828 631
829 = ========================== !! 632 0: try to continue operation.
830 0 Try to continue operation. <<
831 1 Panic immediately. <<
832 = ========================== <<
833 633
>> 634 1: panic immediately.
834 635
835 panic_on_unrecovered_nmi !! 636
836 ======================== !! 637 panic_on_unrecovered_nmi:
>> 638 =========================
837 639
838 The default Linux behaviour on an NMI of eithe 640 The default Linux behaviour on an NMI of either memory or unknown is
839 to continue operation. For many environments s 641 to continue operation. For many environments such as scientific
840 computing it is preferable that the box is tak 642 computing it is preferable that the box is taken out and the error
841 dealt with than an uncorrected parity/ECC erro 643 dealt with than an uncorrected parity/ECC error get propagated.
842 644
843 A small number of systems do generate NMIs for !! 645 A small number of systems do generate NMI's for bizarre random reasons
844 such as power management so the default is off 646 such as power management so the default is off. That sysctl works like
845 the existing panic controls already in that di 647 the existing panic controls already in that directory.
846 648
847 649
848 panic_on_warn !! 650 panic_on_warn:
849 ============= !! 651 ==============
850 652
851 Calls panic() in the WARN() path when set to 1 653 Calls panic() in the WARN() path when set to 1. This is useful to avoid
852 a kernel rebuild when attempting to kdump at t 654 a kernel rebuild when attempting to kdump at the location of a WARN().
853 655
854 = ============================================ !! 656 0: only WARN(), default behaviour.
855 0 Only WARN(), default behaviour. <<
856 1 Call panic() after printing out WARN() locat <<
857 = ============================================ <<
858 657
>> 658 1: call panic() after printing out WARN() location.
859 659
860 panic_print !! 660
861 =========== !! 661 panic_print:
>> 662 ============
862 663
863 Bitmask for printing system info when panic ha 664 Bitmask for printing system info when panic happens. User can chose
864 combination of the following bits: 665 combination of the following bits:
865 666
866 ===== ======================================= !! 667 ===== ========================================
867 bit 0 print all tasks info 668 bit 0 print all tasks info
868 bit 1 print system memory info 669 bit 1 print system memory info
869 bit 2 print timer info 670 bit 2 print timer info
870 bit 3 print locks info if ``CONFIG_LOCKDEP`` !! 671 bit 3 print locks info if CONFIG_LOCKDEP is on
871 bit 4 print ftrace buffer 672 bit 4 print ftrace buffer
872 bit 5 print all printk messages in buffer !! 673 ===== ========================================
873 bit 6 print all CPUs backtrace (if available <<
874 bit 7 print only tasks in uninterruptible (bl <<
875 ===== ======================================= <<
876 674
877 So for example to print tasks and memory info 675 So for example to print tasks and memory info on panic, user can::
878 676
879 echo 3 > /proc/sys/kernel/panic_print 677 echo 3 > /proc/sys/kernel/panic_print
880 678
881 679
882 panic_on_rcu_stall !! 680 panic_on_rcu_stall:
883 ================== !! 681 ===================
884 682
885 When set to 1, calls panic() after RCU stall d 683 When set to 1, calls panic() after RCU stall detection messages. This
886 is useful to define the root cause of RCU stal 684 is useful to define the root cause of RCU stalls using a vmcore.
887 685
888 = ============================================ !! 686 0: do not panic() when RCU stall takes place, default behavior.
889 0 Do not panic() when RCU stall takes place, d <<
890 1 panic() after printing RCU stall messages. <<
891 = ============================================ <<
892 <<
893 max_rcu_stall_to_panic <<
894 ====================== <<
895 687
896 When ``panic_on_rcu_stall`` is set to 1, this !! 688 1: panic() after printing RCU stall messages.
897 number of times that RCU can stall before pani <<
898 689
899 When ``panic_on_rcu_stall`` is set to 0, this <<
900 690
901 perf_cpu_time_max_percent !! 691 perf_cpu_time_max_percent:
902 ========================= !! 692 ==========================
903 693
904 Hints to the kernel how much CPU time it shoul 694 Hints to the kernel how much CPU time it should be allowed to
905 use to handle perf sampling events. If the pe 695 use to handle perf sampling events. If the perf subsystem
906 is informed that its samples are exceeding thi 696 is informed that its samples are exceeding this limit, it
907 will drop its sampling frequency to attempt to 697 will drop its sampling frequency to attempt to reduce its CPU
908 usage. 698 usage.
909 699
910 Some perf sampling happens in NMIs. If these 700 Some perf sampling happens in NMIs. If these samples
911 unexpectedly take too long to execute, the NMI 701 unexpectedly take too long to execute, the NMIs can become
912 stacked up next to each other so much that not 702 stacked up next to each other so much that nothing else is
913 allowed to execute. 703 allowed to execute.
914 704
915 ===== ======================================== !! 705 0:
916 0 Disable the mechanism. Do not monitor o !! 706 disable the mechanism. Do not monitor or correct perf's
917 sampling rate no matter how CPU time it !! 707 sampling rate no matter how CPU time it takes.
918 !! 708
919 1-100 Attempt to throttle perf's sample rate t !! 709 1-100:
920 percentage of CPU. Note: the kernel cal !! 710 attempt to throttle perf's sample rate to this
921 "expected" length of each sample event. !! 711 percentage of CPU. Note: the kernel calculates an
922 100% of that expected length. Even if t !! 712 "expected" length of each sample event. 100 here means
923 100, you may still see sample throttling !! 713 100% of that expected length. Even if this is set to
924 length is exceeded. Set to 0 if you tru !! 714 100, you may still see sample throttling if this
925 how much CPU is consumed. !! 715 length is exceeded. Set to 0 if you truly do not care
926 ===== ======================================== !! 716 how much CPU is consumed.
927 717
928 718
929 perf_event_paranoid !! 719 perf_event_paranoid:
930 =================== !! 720 ====================
931 721
932 Controls use of the performance events system 722 Controls use of the performance events system by unprivileged
933 users (without CAP_PERFMON). The default valu !! 723 users (without CAP_SYS_ADMIN). The default value is 2.
934 <<
935 For backward compatibility reasons access to s <<
936 monitoring and observability remains open for <<
937 privileged processes but CAP_SYS_ADMIN usage f <<
938 performance monitoring and observability opera <<
939 with respect to CAP_PERFMON use cases. <<
940 724
941 === ========================================= 725 === ==================================================================
942 -1 Allow use of (almost) all events by all u !! 726 -1 Allow use of (almost) all events by all users
943 727
944 Ignore mlock limit after perf_event_mlock !! 728 Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
945 ``CAP_IPC_LOCK``. <<
946 729
947 >=0 Disallow ftrace function tracepoint by us !! 730 >=0 Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN
948 ``CAP_PERFMON``. <<
949 731
950 Disallow raw tracepoint access by users w !! 732 Disallow raw tracepoint access by users without CAP_SYS_ADMIN
951 733
952 >=1 Disallow CPU event access by users withou !! 734 >=1 Disallow CPU event access by users without CAP_SYS_ADMIN
953 735
954 >=2 Disallow kernel profiling by users withou !! 736 >=2 Disallow kernel profiling by users without CAP_SYS_ADMIN
955 === ========================================= 737 === ==================================================================
956 738
957 739
958 perf_event_max_stack !! 740 perf_event_max_stack:
959 ==================== !! 741 =====================
960 742
961 Controls maximum number of stack frames to cop !! 743 Controls maximum number of stack frames to copy for (attr.sample_type &
962 PERF_SAMPLE_CALLCHAIN``) configured events, fo !! 744 PERF_SAMPLE_CALLCHAIN) configured events, for instance, when using
963 '``perf record -g``' or '``perf trace --call-g !! 745 'perf record -g' or 'perf trace --call-graph fp'.
964 746
965 This can only be done when no events are in us 747 This can only be done when no events are in use that have callchains
966 enabled, otherwise writing to this file will r !! 748 enabled, otherwise writing to this file will return -EBUSY.
967 749
968 The default value is 127. 750 The default value is 127.
969 751
970 752
971 perf_event_mlock_kb !! 753 perf_event_mlock_kb:
972 =================== !! 754 ====================
973 755
974 Control size of per-cpu ring buffer not counte !! 756 Control size of per-cpu ring buffer not counted agains mlock limit.
975 757
976 The default value is 512 + 1 page 758 The default value is 512 + 1 page
977 759
978 760
979 perf_event_max_contexts_per_stack !! 761 perf_event_max_contexts_per_stack:
980 ================================= !! 762 ==================================
981 763
982 Controls maximum number of stack frame context 764 Controls maximum number of stack frame context entries for
983 (``attr.sample_type & PERF_SAMPLE_CALLCHAIN``) !! 765 (attr.sample_type & PERF_SAMPLE_CALLCHAIN) configured events, for
984 instance, when using '``perf record -g``' or ' !! 766 instance, when using 'perf record -g' or 'perf trace --call-graph fp'.
985 767
986 This can only be done when no events are in us 768 This can only be done when no events are in use that have callchains
987 enabled, otherwise writing to this file will r !! 769 enabled, otherwise writing to this file will return -EBUSY.
988 770
989 The default value is 8. 771 The default value is 8.
990 772
991 773
992 perf_user_access (arm64 and riscv only) !! 774 pid_max:
993 ======================================= !! 775 ========
994 <<
995 Controls user space access for reading perf ev <<
996 <<
997 arm64 <<
998 ===== <<
999 <<
1000 The default value is 0 (access disabled). <<
1001 <<
1002 When set to 1, user space can read performanc <<
1003 directly. <<
1004 <<
1005 See Documentation/arch/arm64/perf.rst for mor <<
1006 <<
1007 riscv <<
1008 ===== <<
1009 <<
1010 When set to 0, user space access is disabled. <<
1011 <<
1012 The default value is 1, user space can read p <<
1013 registers through perf, any direct access wit <<
1014 an illegal instruction. <<
1015 <<
1016 When set to 2, which enables legacy mode (use <<
1017 and insret CSRs only). Note that this legacy <<
1018 removed once all user space applications are <<
1019 <<
1020 Note that the time CSR is always directly acc <<
1021 <<
1022 pid_max <<
1023 ======= <<
1024 776
1025 PID allocation wrap value. When the kernel's 777 PID allocation wrap value. When the kernel's next PID value
1026 reaches this value, it wraps back to a minimu 778 reaches this value, it wraps back to a minimum PID value.
1027 PIDs of value ``pid_max`` or larger are not a !! 779 PIDs of value pid_max or larger are not allocated.
1028 780
1029 781
1030 ns_last_pid !! 782 ns_last_pid:
1031 =========== !! 783 ============
1032 784
1033 The last pid allocated in the current (the on 785 The last pid allocated in the current (the one task using this sysctl
1034 lives in) pid namespace. When selecting a pid 786 lives in) pid namespace. When selecting a pid for a next task on fork
1035 kernel tries to allocate a number starting fr 787 kernel tries to allocate a number starting from this one.
1036 788
1037 789
1038 powersave-nap (PPC only) !! 790 powersave-nap: (PPC only)
1039 ======================== !! 791 =========================
1040 792
1041 If set, Linux-PPC will use the 'nap' mode of 793 If set, Linux-PPC will use the 'nap' mode of powersaving,
1042 otherwise the 'doze' mode will be used. 794 otherwise the 'doze' mode will be used.
1043 795
1044 <<
1045 ============================================= 796 ==============================================================
1046 797
1047 printk !! 798 printk:
1048 ====== !! 799 =======
1049 800
1050 The four values in printk denote: ``console_l !! 801 The four values in printk denote: console_loglevel,
1051 ``default_message_loglevel``, ``minimum_conso !! 802 default_message_loglevel, minimum_console_loglevel and
1052 ``default_console_loglevel`` respectively. !! 803 default_console_loglevel respectively.
1053 804
1054 These values influence printk() behavior when 805 These values influence printk() behavior when printing or
1055 logging error messages. See '``man 2 syslog`` !! 806 logging error messages. See 'man 2 syslog' for more info on
1056 the different loglevels. 807 the different loglevels.
1057 808
1058 ======================== ==================== !! 809 - console_loglevel:
1059 console_loglevel messages with a high !! 810 messages with a higher priority than
1060 this will be printed !! 811 this will be printed to the console
1061 default_message_loglevel messages without an !! 812 - default_message_loglevel:
1062 will be printed with !! 813 messages without an explicit priority
1063 minimum_console_loglevel minimum (highest) va !! 814 will be printed with this priority
1064 console_loglevel can !! 815 - minimum_console_loglevel:
1065 default_console_loglevel default value for co !! 816 minimum (highest) value to which
1066 ======================== ==================== !! 817 console_loglevel can be set
>> 818 - default_console_loglevel:
>> 819 default value for console_loglevel
1067 820
1068 821
1069 printk_delay !! 822 printk_delay:
1070 ============ !! 823 =============
1071 824
1072 Delay each printk message in ``printk_delay`` !! 825 Delay each printk message in printk_delay milliseconds
1073 826
1074 Value from 0 - 10000 is allowed. 827 Value from 0 - 10000 is allowed.
1075 828
1076 829
1077 printk_ratelimit !! 830 printk_ratelimit:
1078 ================ !! 831 =================
1079 832
1080 Some warning messages are rate limited. ``pri !! 833 Some warning messages are rate limited. printk_ratelimit specifies
1081 the minimum length of time between these mess 834 the minimum length of time between these messages (in seconds).
1082 The default value is 5 seconds. 835 The default value is 5 seconds.
1083 836
1084 A value of 0 will disable rate limiting. 837 A value of 0 will disable rate limiting.
1085 838
1086 839
1087 printk_ratelimit_burst !! 840 printk_ratelimit_burst:
1088 ====================== !! 841 =======================
1089 842
1090 While long term we enforce one message per `p !! 843 While long term we enforce one message per printk_ratelimit
1091 seconds, we do allow a burst of messages to p 844 seconds, we do allow a burst of messages to pass through.
1092 ``printk_ratelimit_burst`` specifies the numb !! 845 printk_ratelimit_burst specifies the number of messages we can
1093 send before ratelimiting kicks in. 846 send before ratelimiting kicks in.
1094 847
1095 The default value is 10 messages. 848 The default value is 10 messages.
1096 849
1097 850
1098 printk_devkmsg !! 851 printk_devkmsg:
1099 ============== !! 852 ===============
1100 <<
1101 Control the logging to ``/dev/kmsg`` from use <<
1102 <<
1103 ========= =================================== <<
1104 ratelimit default, ratelimited <<
1105 on unlimited logging to /dev/kmsg from <<
1106 off logging to /dev/kmsg disabled <<
1107 ========= =================================== <<
1108 <<
1109 The kernel command line parameter ``printk.de <<
1110 a one-time setting until next reboot: once se <<
1111 this sysctl interface anymore. <<
1112 <<
1113 ============================================= <<
1114 <<
1115 <<
1116 pty <<
1117 === <<
1118 <<
1119 See Documentation/filesystems/devpts.rst. <<
1120 <<
1121 <<
1122 random <<
1123 ====== <<
1124 <<
1125 This is a directory, with the following entri <<
1126 <<
1127 * ``boot_id``: a UUID generated the first tim <<
1128 unvarying after that; <<
1129 853
1130 * ``uuid``: a UUID generated every time this !! 854 Control the logging to /dev/kmsg from userspace:
1131 thus be used to generate UUIDs at will); <<
1132 855
1133 * ``entropy_avail``: the pool's entropy count !! 856 ratelimit:
>> 857 default, ratelimited
1134 858
1135 * ``poolsize``: the entropy pool size, in bit !! 859 on: unlimited logging to /dev/kmsg from userspace
1136 860
1137 * ``urandom_min_reseed_secs``: obsolete (used !! 861 off: logging to /dev/kmsg disabled
1138 number of seconds between urandom pool rese <<
1139 writable for compatibility purposes, but wr <<
1140 on any RNG behavior; <<
1141 862
1142 * ``write_wakeup_threshold``: when the entrop !! 863 The kernel command line parameter printk.devkmsg= overrides this and is
1143 (as a number of bits), processes waiting to !! 864 a one-time setting until next reboot: once set, it cannot be changed by
1144 are woken up. This file is writable for com !! 865 this sysctl interface anymore.
1145 writing to it has no effect on any RNG beha <<
1146 866
1147 867
1148 randomize_va_space !! 868 randomize_va_space:
1149 ================== !! 869 ===================
1150 870
1151 This option can be used to select the type of 871 This option can be used to select the type of process address
1152 space randomization that is used in the syste 872 space randomization that is used in the system, for architectures
1153 that support this feature. 873 that support this feature.
1154 874
1155 == ========================================= 875 == ===========================================================================
1156 0 Turn the process address space randomizat 876 0 Turn the process address space randomization off. This is the
1157 default for architectures that do not sup 877 default for architectures that do not support this feature anyways,
1158 and kernels that are booted with the "nor 878 and kernels that are booted with the "norandmaps" parameter.
1159 879
1160 1 Make the addresses of mmap base, stack an 880 1 Make the addresses of mmap base, stack and VDSO page randomized.
1161 This, among other things, implies that sh 881 This, among other things, implies that shared libraries will be
1162 loaded to random addresses. Also for PIE 882 loaded to random addresses. Also for PIE-linked binaries, the
1163 location of code start is randomized. Th 883 location of code start is randomized. This is the default if the
1164 ``CONFIG_COMPAT_BRK`` option is enabled. !! 884 CONFIG_COMPAT_BRK option is enabled.
1165 885
1166 2 Additionally enable heap randomization. 886 2 Additionally enable heap randomization. This is the default if
1167 ``CONFIG_COMPAT_BRK`` is disabled. !! 887 CONFIG_COMPAT_BRK is disabled.
1168 888
1169 There are a few legacy applications out t 889 There are a few legacy applications out there (such as some ancient
1170 versions of libc.so.5 from 1996) that ass 890 versions of libc.so.5 from 1996) that assume that brk area starts
1171 just after the end of the code+bss. Thes 891 just after the end of the code+bss. These applications break when
1172 start of the brk area is randomized. The 892 start of the brk area is randomized. There are however no known
1173 non-legacy applications that would be bro 893 non-legacy applications that would be broken this way, so for most
1174 systems it is safe to choose full randomi 894 systems it is safe to choose full randomization.
1175 895
1176 Systems with ancient and/or broken binari 896 Systems with ancient and/or broken binaries should be configured
1177 with ``CONFIG_COMPAT_BRK`` enabled, which !! 897 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process
1178 address space randomization. 898 address space randomization.
1179 == ========================================= 899 == ===========================================================================
1180 900
1181 901
1182 real-root-dev !! 902 reboot-cmd: (Sparc only)
1183 ============= !! 903 ========================
1184 <<
1185 See Documentation/admin-guide/initrd.rst. <<
1186 <<
1187 <<
1188 reboot-cmd (SPARC only) <<
1189 ======================= <<
1190 904
1191 ??? This seems to be a way to give an argumen 905 ??? This seems to be a way to give an argument to the Sparc
1192 ROM/Flash boot loader. Maybe to tell it what 906 ROM/Flash boot loader. Maybe to tell it what to do after
1193 rebooting. ??? 907 rebooting. ???
1194 908
1195 909
1196 sched_energy_aware !! 910 rtsig-max & rtsig-nr:
1197 ================== !! 911 =====================
>> 912
>> 913 The file rtsig-max can be used to tune the maximum number
>> 914 of POSIX realtime (queued) signals that can be outstanding
>> 915 in the system.
>> 916
>> 917 rtsig-nr shows the number of RT signals currently queued.
>> 918
>> 919
>> 920 sched_energy_aware:
>> 921 ===================
1198 922
1199 Enables/disables Energy Aware Scheduling (EAS 923 Enables/disables Energy Aware Scheduling (EAS). EAS starts
1200 automatically on platforms where it can run ( 924 automatically on platforms where it can run (that is,
1201 platforms with asymmetric CPU topologies and 925 platforms with asymmetric CPU topologies and having an Energy
1202 Model available). If your platform happens to 926 Model available). If your platform happens to meet the
1203 requirements for EAS but you do not want to u 927 requirements for EAS but you do not want to use it, change
1204 this value to 0. On Non-EAS platforms, write !! 928 this value to 0.
1205 read doesn't return anything. <<
1206 <<
1207 task_delayacct <<
1208 =============== <<
1209 929
1210 Enables/disables task delay accounting (see <<
1211 Documentation/accounting/delay-accounting.rst <<
1212 a small amount of overhead in the scheduler b <<
1213 and performance tuning. It is required by som <<
1214 930
1215 sched_schedstats !! 931 sched_schedstats:
1216 ================ !! 932 =================
1217 933
1218 Enables/disables scheduler statistics. Enabli 934 Enables/disables scheduler statistics. Enabling this feature
1219 incurs a small amount of overhead in the sche 935 incurs a small amount of overhead in the scheduler but is
1220 useful for debugging and performance tuning. 936 useful for debugging and performance tuning.
1221 937
1222 sched_util_clamp_min <<
1223 ==================== <<
1224 <<
1225 Max allowed *minimum* utilization. <<
1226 <<
1227 Default value is 1024, which is the maximum p <<
1228 <<
1229 It means that any requested uclamp.min value <<
1230 sched_util_clamp_min, i.e., it is restricted <<
1231 [0:sched_util_clamp_min]. <<
1232 <<
1233 sched_util_clamp_max <<
1234 ==================== <<
1235 <<
1236 Max allowed *maximum* utilization. <<
1237 <<
1238 Default value is 1024, which is the maximum p <<
1239 <<
1240 It means that any requested uclamp.max value <<
1241 sched_util_clamp_max, i.e., it is restricted <<
1242 [0:sched_util_clamp_max]. <<
1243 <<
1244 sched_util_clamp_min_rt_default <<
1245 =============================== <<
1246 <<
1247 By default Linux is tuned for performance. Wh <<
1248 at the highest frequency and most capable (hi <<
1249 heterogeneous systems). <<
1250 <<
1251 Uclamp achieves this by setting the requested <<
1252 1024 by default, which effectively boosts the <<
1253 frequency and biases them to run on the bigge <<
1254 <<
1255 This knob allows admins to change the default <<
1256 used. In battery powered devices particularly <<
1257 capacity and frequency will increase energy c <<
1258 life. <<
1259 <<
1260 This knob is only effective for RT tasks whic <<
1261 requested uclamp.min value via sched_setattr( <<
1262 <<
1263 This knob will not escape the range constrain <<
1264 defined above. <<
1265 <<
1266 For example if <<
1267 938
1268 sched_util_clamp_min_rt_default = 800 !! 939 sg-big-buff:
1269 sched_util_clamp_min = 600 !! 940 ============
1270 <<
1271 Then the boost will be clamped to 600 because <<
1272 range of [0:600]. This could happen for insta <<
1273 restrict all boosts temporarily by modifying <<
1274 this restriction is lifted, the requested sch <<
1275 will take effect. <<
1276 <<
1277 seccomp <<
1278 ======= <<
1279 <<
1280 See Documentation/userspace-api/seccomp_filte <<
1281 <<
1282 <<
1283 sg-big-buff <<
1284 =========== <<
1285 941
1286 This file shows the size of the generic SCSI 942 This file shows the size of the generic SCSI (sg) buffer.
1287 You can't tune it just yet, but you could cha 943 You can't tune it just yet, but you could change it on
1288 compile time by editing ``include/scsi/sg.h`` !! 944 compile time by editing include/scsi/sg.h and changing
1289 the value of ``SG_BIG_BUFF``. !! 945 the value of SG_BIG_BUFF.
1290 946
1291 There shouldn't be any reason to change this 947 There shouldn't be any reason to change this value. If
1292 you can come up with one, you probably know w 948 you can come up with one, you probably know what you
1293 are doing anyway :) 949 are doing anyway :)
1294 950
1295 951
1296 shmall !! 952 shmall:
1297 ====== !! 953 =======
1298 954
1299 This parameter sets the total amount of share !! 955 This parameter sets the total amount of shared memory pages that
1300 inside ipc namespace. The shared memory pages !! 956 can be used system wide. Hence, SHMALL should always be at least
1301 namespace separately and is not inherited. He !! 957 ceil(shmmax/PAGE_SIZE).
1302 least ``ceil(shmmax/PAGE_SIZE)``. <<
1303 958
1304 If you are not sure what the default ``PAGE_S !! 959 If you are not sure what the default PAGE_SIZE is on your Linux
1305 system, you can run the following command:: !! 960 system, you can run the following command:
1306 961
1307 # getconf PAGE_SIZE 962 # getconf PAGE_SIZE
1308 963
1309 To reduce or disable the ability to allocate <<
1310 new ipc namespace, set this parameter to the <<
1311 creation of a new ipc namespace in the curren <<
1312 be used. <<
1313 964
1314 shmmax !! 965 shmmax:
1315 ====== !! 966 =======
1316 967
1317 This value can be used to query and set the r 968 This value can be used to query and set the run time limit
1318 on the maximum shared memory segment size tha 969 on the maximum shared memory segment size that can be created.
1319 Shared memory segments up to 1Gb are now supp 970 Shared memory segments up to 1Gb are now supported in the
1320 kernel. This value defaults to ``SHMMAX``. !! 971 kernel. This value defaults to SHMMAX.
1321 972
1322 973
1323 shmmni !! 974 shm_rmid_forced:
1324 ====== !! 975 ================
1325 <<
1326 This value determines the maximum number of s <<
1327 4096 by default (``SHMMNI``). <<
1328 <<
1329 <<
1330 shm_rmid_forced <<
1331 =============== <<
1332 976
1333 Linux lets you set resource limits, including 977 Linux lets you set resource limits, including how much memory one
1334 process can consume, via ``setrlimit(2)``. U !! 978 process can consume, via setrlimit(2). Unfortunately, shared memory
1335 segments are allowed to exist without associa 979 segments are allowed to exist without association with any process, and
1336 thus might not be counted against any resourc 980 thus might not be counted against any resource limits. If enabled,
1337 shared memory segments are automatically dest 981 shared memory segments are automatically destroyed when their attach
1338 count becomes zero after a detach or a proces 982 count becomes zero after a detach or a process termination. It will
1339 also destroy segments that were created, but 983 also destroy segments that were created, but never attached to, on exit
1340 from the process. The only use left for ``IP !! 984 from the process. The only use left for IPC_RMID is to immediately
1341 destroy an unattached segment. Of course, th 985 destroy an unattached segment. Of course, this breaks the way things are
1342 defined, so some applications might stop work 986 defined, so some applications might stop working. Note that this
1343 feature will do you no good unless you also c 987 feature will do you no good unless you also configure your resource
1344 limits (in particular, ``RLIMIT_AS`` and ``RL !! 988 limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't
1345 need this. 989 need this.
1346 990
1347 Note that if you change this from 0 to 1, alr 991 Note that if you change this from 0 to 1, already created segments
1348 without users and with a dead originative pro 992 without users and with a dead originative process will be destroyed.
1349 993
1350 994
1351 sysctl_writes_strict !! 995 sysctl_writes_strict:
1352 ==================== !! 996 =====================
1353 997
1354 Control how file position affects the behavio 998 Control how file position affects the behavior of updating sysctl values
1355 via the ``/proc/sys`` interface: !! 999 via the /proc/sys interface:
1356 1000
1357 == ====================================== 1001 == ======================================================================
1358 -1 Legacy per-write sysctl value handling 1002 -1 Legacy per-write sysctl value handling, with no printk warnings.
1359 Each write syscall must fully contain 1003 Each write syscall must fully contain the sysctl value to be
1360 written, and multiple writes on the sa 1004 written, and multiple writes on the same sysctl file descriptor
1361 will rewrite the sysctl value, regardl 1005 will rewrite the sysctl value, regardless of file position.
1362 0 Same behavior as above, but warn about 1006 0 Same behavior as above, but warn about processes that perform writes
1363 to a sysctl file descriptor when the f 1007 to a sysctl file descriptor when the file position is not 0.
1364 1 (default) Respect file position when w 1008 1 (default) Respect file position when writing sysctl strings. Multiple
1365 writes will append to the sysctl value 1009 writes will append to the sysctl value buffer. Anything past the max
1366 length of the sysctl value buffer will 1010 length of the sysctl value buffer will be ignored. Writes to numeric
1367 sysctl entries must always be at file 1011 sysctl entries must always be at file position 0 and the value must
1368 be fully contained in the buffer sent 1012 be fully contained in the buffer sent in the write syscall.
1369 == ====================================== 1013 == ======================================================================
1370 1014
1371 1015
1372 softlockup_all_cpu_backtrace !! 1016 softlockup_all_cpu_backtrace:
1373 ============================ !! 1017 =============================
1374 1018
1375 This value controls the soft lockup detector 1019 This value controls the soft lockup detector thread's behavior
1376 when a soft lockup condition is detected as t 1020 when a soft lockup condition is detected as to whether or not
1377 to gather further debug information. If enabl 1021 to gather further debug information. If enabled, each cpu will
1378 be issued an NMI and instructed to capture st 1022 be issued an NMI and instructed to capture stack trace.
1379 1023
1380 This feature is only applicable for architect 1024 This feature is only applicable for architectures which support
1381 NMI. 1025 NMI.
1382 1026
1383 = =========================================== !! 1027 0: do nothing. This is the default behavior.
1384 0 Do nothing. This is the default behavior. <<
1385 1 On detection capture more debug information <<
1386 = =========================================== <<
1387 1028
>> 1029 1: on detection capture more debug information.
1388 1030
1389 softlockup_panic <<
1390 ================= <<
1391 1031
1392 This parameter can be used to control whether !! 1032 soft_watchdog:
1393 when a soft lockup is detected. !! 1033 ==============
1394 <<
1395 = =========================================== <<
1396 0 Don't panic on soft lockup. <<
1397 1 Panic on soft lockup. <<
1398 = =========================================== <<
1399 <<
1400 This can also be set using the softlockup_pan <<
1401 <<
1402 <<
1403 soft_watchdog <<
1404 ============= <<
1405 1034
1406 This parameter can be used to control the sof 1035 This parameter can be used to control the soft lockup detector.
1407 1036
1408 = ================================= !! 1037 0 - disable the soft lockup detector
1409 0 Disable the soft lockup detector. <<
1410 1 Enable the soft lockup detector. <<
1411 = ================================= <<
1412 <<
1413 The soft lockup detector monitors CPUs for th <<
1414 without rescheduling voluntarily, and thus pr <<
1415 from running, causing the watchdog work fail <<
1416 on the CPUs ability to respond to timer inter <<
1417 watchdog work to be queued by the watchdog ti <<
1418 watchdog — if enabled — can detect a hard <<
1419 1038
>> 1039 1 - enable the soft lockup detector
1420 1040
1421 split_lock_mitigate (x86 only) !! 1041 The soft lockup detector monitors CPUs for threads that are hogging the CPUs
1422 ============================== !! 1042 without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads
1423 !! 1043 from running. The mechanism depends on the CPUs ability to respond to timer
1424 On x86, each "split lock" imposes a system-wi !! 1044 interrupts which are needed for the 'watchdog/N' threads to be woken up by
1425 systems, large numbers of split locks from un !! 1045 the watchdog timer function, otherwise the NMI watchdog - if enabled - can
1426 denials of service to well-behaved and potent !! 1046 detect a hard lockup condition.
1427 <<
1428 The kernel mitigates these bad users by detec <<
1429 penalties: forcing them to wait and only allo <<
1430 locks at a time. <<
1431 <<
1432 These mitigations can make those bad applicat <<
1433 split_lock_mitigate=0 may restore some applic <<
1434 increase system exposure to denial of service <<
1435 <<
1436 = =========================================== <<
1437 0 Disable the mitigation mode - just warns th <<
1438 and exposes the system to denials of servic <<
1439 1 Enable the mitigation mode (this is the def <<
1440 lockers with intentional performance degrad <<
1441 = =========================================== <<
1442 1047
1443 1048
1444 stack_erasing !! 1049 stack_erasing:
1445 ============= !! 1050 ==============
1446 1051
1447 This parameter can be used to control kernel 1052 This parameter can be used to control kernel stack erasing at the end
1448 of syscalls for kernels built with ``CONFIG_G !! 1053 of syscalls for kernels built with CONFIG_GCC_PLUGIN_STACKLEAK.
1449 1054
1450 That erasing reduces the information which ke 1055 That erasing reduces the information which kernel stack leak bugs
1451 can reveal and blocks some uninitialized stac 1056 can reveal and blocks some uninitialized stack variable attacks.
1452 The tradeoff is the performance impact: on a 1057 The tradeoff is the performance impact: on a single CPU system kernel
1453 compilation sees a 1% slowdown, other systems 1058 compilation sees a 1% slowdown, other systems and workloads may vary.
1454 1059
1455 = =========================================== !! 1060 0: kernel stack erasing is disabled, STACKLEAK_METRICS are not updated.
1456 0 Kernel stack erasing is disabled, STACKLEAK <<
1457 1 Kernel stack erasing is enabled (default), <<
1458 returning to the userspace at the end of sy <<
1459 = =========================================== <<
1460 <<
1461 <<
1462 stop-a (SPARC only) <<
1463 =================== <<
1464 <<
1465 Controls Stop-A: <<
1466 <<
1467 = ==================================== <<
1468 0 Stop-A has no effect. <<
1469 1 Stop-A breaks to the PROM (default). <<
1470 = ==================================== <<
1471 1061
1472 Stop-A is always enabled on a panic, so that !! 1062 1: kernel stack erasing is enabled (default), it is performed before
1473 the boot PROM. !! 1063 returning to the userspace at the end of syscalls.
1474 <<
1475 <<
1476 sysrq <<
1477 ===== <<
1478 <<
1479 See Documentation/admin-guide/sysrq.rst. <<
1480 1064
1481 1065
1482 tainted 1066 tainted
1483 ======= 1067 =======
1484 1068
1485 Non-zero if the kernel has been tainted. Nume 1069 Non-zero if the kernel has been tainted. Numeric values, which can be
1486 ORed together. The letters are seen in "Taint 1070 ORed together. The letters are seen in "Tainted" line of Oops reports.
1487 1071
1488 ====== ===== ============================== 1072 ====== ===== ==============================================================
1489 1 `(P)` proprietary module was loaded 1073 1 `(P)` proprietary module was loaded
1490 2 `(F)` module was force loaded 1074 2 `(F)` module was force loaded
1491 4 `(S)` kernel running on an out of sp !! 1075 4 `(S)` SMP kernel oops on an officially SMP incapable processor
1492 8 `(R)` module was force unloaded 1076 8 `(R)` module was force unloaded
1493 16 `(M)` processor reported a Machine C 1077 16 `(M)` processor reported a Machine Check Exception (MCE)
1494 32 `(B)` bad page referenced or some un 1078 32 `(B)` bad page referenced or some unexpected page flags
1495 64 `(U)` taint requested by userspace a 1079 64 `(U)` taint requested by userspace application
1496 128 `(D)` kernel died recently, i.e. the 1080 128 `(D)` kernel died recently, i.e. there was an OOPS or BUG
1497 256 `(A)` an ACPI table was overridden b 1081 256 `(A)` an ACPI table was overridden by user
1498 512 `(W)` kernel issued warning 1082 512 `(W)` kernel issued warning
1499 1024 `(C)` staging driver was loaded 1083 1024 `(C)` staging driver was loaded
1500 2048 `(I)` workaround for bug in platform 1084 2048 `(I)` workaround for bug in platform firmware applied
1501 4096 `(O)` externally-built ("out-of-tree 1085 4096 `(O)` externally-built ("out-of-tree") module was loaded
1502 8192 `(E)` unsigned module was loaded 1086 8192 `(E)` unsigned module was loaded
1503 16384 `(L)` soft lockup occurred 1087 16384 `(L)` soft lockup occurred
1504 32768 `(K)` kernel has been live patched 1088 32768 `(K)` kernel has been live patched
1505 65536 `(X)` Auxiliary taint, defined and u 1089 65536 `(X)` Auxiliary taint, defined and used by for distros
1506 131072 `(T)` The kernel was built with the 1090 131072 `(T)` The kernel was built with the struct randomization plugin
1507 ====== ===== ============================== 1091 ====== ===== ==============================================================
1508 1092
1509 See Documentation/admin-guide/tainted-kernels 1093 See Documentation/admin-guide/tainted-kernels.rst for more information.
1510 1094
1511 Note: <<
1512 writes to this sysctl interface will fail w <<
1513 booted with the command line option ``panic <<
1514 and any of the ORed together values being w <<
1515 the bitmask declared on panic_on_taint. <<
1516 See Documentation/admin-guide/kernel-parame <<
1517 that particular kernel command line option <<
1518 ``nousertaint`` switch. <<
1519 1095
1520 threads-max !! 1096 threads-max:
1521 =========== !! 1097 ============
1522 1098
1523 This value controls the maximum number of thr 1099 This value controls the maximum number of threads that can be created
1524 using ``fork()``. !! 1100 using fork().
1525 1101
1526 During initialization the kernel sets this va 1102 During initialization the kernel sets this value such that even if the
1527 maximum number of threads is created, the thr 1103 maximum number of threads is created, the thread structures occupy only
1528 a part (1/8th) of the available RAM pages. 1104 a part (1/8th) of the available RAM pages.
1529 1105
1530 The minimum value that can be written to ``th !! 1106 The minimum value that can be written to threads-max is 1.
1531 <<
1532 The maximum value that can be written to ``th <<
1533 constant ``FUTEX_TID_MASK`` (0x3fffffff). <<
1534 <<
1535 If a value outside of this range is written t <<
1536 ``EINVAL`` error occurs. <<
1537 <<
1538 <<
1539 traceoff_on_warning <<
1540 =================== <<
1541 <<
1542 When set, disables tracing (see Documentation <<
1543 ``WARN()`` is hit. <<
1544 <<
1545 <<
1546 tracepoint_printk <<
1547 ================= <<
1548 <<
1549 When tracepoints are sent to printk() (enable <<
1550 boot parameter), this entry provides runtime <<
1551 <<
1552 echo 0 > /proc/sys/kernel/tracepoint_prin <<
1553 <<
1554 will stop tracepoints from being sent to prin <<
1555 <<
1556 echo 1 > /proc/sys/kernel/tracepoint_prin <<
1557 <<
1558 will send them to printk() again. <<
1559 <<
1560 This only works if the kernel was booted with <<
1561 <<
1562 See Documentation/admin-guide/kernel-paramete <<
1563 Documentation/trace/boottime-trace.rst. <<
1564 <<
1565 1107
1566 unaligned-trap !! 1108 The maximum value that can be written to threads-max is given by the
1567 ============== !! 1109 constant FUTEX_TID_MASK (0x3fffffff).
1568 <<
1569 On architectures where unaligned accesses cau <<
1570 feature is supported (``CONFIG_SYSCTL_ARCH_UN <<
1571 ``arc``, ``parisc`` and ``loongarch``), contr <<
1572 are caught and emulated (instead of failing). <<
1573 <<
1574 = =========================================== <<
1575 0 Do not emulate unaligned accesses. <<
1576 1 Emulate unaligned accesses. This is the def <<
1577 = =========================================== <<
1578 1110
1579 See also `ignore-unaligned-usertrap`_. !! 1111 If a value outside of this range is written to threads-max an error
>> 1112 EINVAL occurs.
1580 1113
1581 1114
1582 unknown_nmi_panic !! 1115 unknown_nmi_panic:
1583 ================= !! 1116 ==================
1584 1117
1585 The value in this file affects behavior of ha 1118 The value in this file affects behavior of handling NMI. When the
1586 value is non-zero, unknown NMI is trapped and 1119 value is non-zero, unknown NMI is trapped and then panic occurs. At
1587 that time, kernel debugging information is di 1120 that time, kernel debugging information is displayed on console.
1588 1121
1589 NMI switch that most IA32 servers have fires 1122 NMI switch that most IA32 servers have fires unknown NMI up, for
1590 example. If a system hangs up, try pressing 1123 example. If a system hangs up, try pressing the NMI switch.
1591 1124
1592 1125
1593 unprivileged_bpf_disabled !! 1126 watchdog:
1594 ========================= !! 1127 =========
1595 <<
1596 Writing 1 to this entry will disable unprivil <<
1597 once disabled, calling ``bpf()`` without ``CA <<
1598 will return ``-EPERM``. Once set to 1, this c <<
1599 running kernel anymore. <<
1600 <<
1601 Writing 2 to this entry will also disable unp <<
1602 however, an admin can still change this setti <<
1603 writing 0 or 1 to this entry. <<
1604 <<
1605 If ``BPF_UNPRIV_DEFAULT_OFF`` is enabled in t <<
1606 entry will default to 2 instead of 0. <<
1607 <<
1608 = =========================================== <<
1609 0 Unprivileged calls to ``bpf()`` are enabled <<
1610 1 Unprivileged calls to ``bpf()`` are disable <<
1611 2 Unprivileged calls to ``bpf()`` are disable <<
1612 = =========================================== <<
1613 <<
1614 <<
1615 warn_limit <<
1616 ========== <<
1617 <<
1618 Number of kernel warnings after which the ker <<
1619 ``panic_on_warn`` is not set. Setting this to <<
1620 the warning count. Setting this to 1 has the <<
1621 ``panic_on_warn=1``. The default value is 0. <<
1622 <<
1623 <<
1624 watchdog <<
1625 ======== <<
1626 1128
1627 This parameter can be used to disable or enab 1129 This parameter can be used to disable or enable the soft lockup detector
1628 *and* the NMI watchdog (i.e. the hard lockup !! 1130 _and_ the NMI watchdog (i.e. the hard lockup detector) at the same time.
1629 1131
1630 = ============================== !! 1132 0 - disable both lockup detectors
1631 0 Disable both lockup detectors. !! 1133
1632 1 Enable both lockup detectors. !! 1134 1 - enable both lockup detectors
1633 = ============================== <<
1634 1135
1635 The soft lockup detector and the NMI watchdog 1136 The soft lockup detector and the NMI watchdog can also be disabled or
1636 enabled individually, using the ``soft_watchd !! 1137 enabled individually, using the soft_watchdog and nmi_watchdog parameters.
1637 parameters. !! 1138 If the watchdog parameter is read, for example by executing::
1638 If the ``watchdog`` parameter is read, for ex <<
1639 1139
1640 cat /proc/sys/kernel/watchdog 1140 cat /proc/sys/kernel/watchdog
1641 1141
1642 the output of this command (0 or 1) shows the !! 1142 the output of this command (0 or 1) shows the logical OR of soft_watchdog
1643 ``soft_watchdog`` and ``nmi_watchdog``. !! 1143 and nmi_watchdog.
1644 1144
1645 1145
1646 watchdog_cpumask !! 1146 watchdog_cpumask:
1647 ================ !! 1147 =================
1648 1148
1649 This value can be used to control on which cp 1149 This value can be used to control on which cpus the watchdog may run.
1650 The default cpumask is all possible cores, bu !! 1150 The default cpumask is all possible cores, but if NO_HZ_FULL is
1651 enabled in the kernel config, and cores are s 1151 enabled in the kernel config, and cores are specified with the
1652 ``nohz_full=`` boot argument, those cores are !! 1152 nohz_full= boot argument, those cores are excluded by default.
1653 Offline cores can be included in this mask, a 1153 Offline cores can be included in this mask, and if the core is later
1654 brought online, the watchdog will be started 1154 brought online, the watchdog will be started based on the mask value.
1655 1155
1656 Typically this value would only be touched in !! 1156 Typically this value would only be touched in the nohz_full case
1657 to re-enable cores that by default were not r 1157 to re-enable cores that by default were not running the watchdog,
1658 if a kernel lockup was suspected on those cor 1158 if a kernel lockup was suspected on those cores.
1659 1159
1660 The argument value is the standard cpulist fo 1160 The argument value is the standard cpulist format for cpumasks,
1661 so for example to enable the watchdog on core 1161 so for example to enable the watchdog on cores 0, 2, 3, and 4 you
1662 might say:: 1162 might say::
1663 1163
1664 echo 0,2-4 > /proc/sys/kernel/watchdog_cpum 1164 echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask
1665 1165
1666 1166
1667 watchdog_thresh !! 1167 watchdog_thresh:
1668 =============== !! 1168 ================
1669 1169
1670 This value can be used to control the frequen 1170 This value can be used to control the frequency of hrtimer and NMI
1671 events and the soft and hard lockup threshold 1171 events and the soft and hard lockup thresholds. The default threshold
1672 is 10 seconds. 1172 is 10 seconds.
1673 1173
1674 The softlockup threshold is (``2 * watchdog_t !! 1174 The softlockup threshold is (2 * watchdog_thresh). Setting this
1675 tunable to zero will disable lockup detection 1175 tunable to zero will disable lockup detection altogether.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.