1 =================================== 1 ===================================
2 Documentation for /proc/sys/kernel/ 2 Documentation for /proc/sys/kernel/
3 =================================== 3 ===================================
4 4
5 .. See scripts/check-sysctl-docs to keep this 5 .. See scripts/check-sysctl-docs to keep this up to date
6 6
7 7
8 Copyright (c) 1998, 1999, Rik van Riel <riel@n 8 Copyright (c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
9 9
10 Copyright (c) 2009, Shen Feng<shen@cn.fu 10 Copyright (c) 2009, Shen Feng<shen@cn.fujitsu.com>
11 11
12 For general info and legal blurb, please look !! 12 For general info and legal blurb, please look in :doc:`index`.
13 Documentation/admin-guide/sysctl/index.rst. <<
14 13
15 ---------------------------------------------- 14 ------------------------------------------------------------------------------
16 15
17 This file contains documentation for the sysct 16 This file contains documentation for the sysctl files in
18 ``/proc/sys/kernel/``. !! 17 ``/proc/sys/kernel/`` and is valid for Linux kernel version 2.2.
19 18
20 The files in this directory can be used to tun 19 The files in this directory can be used to tune and monitor
21 miscellaneous and general things in the operat 20 miscellaneous and general things in the operation of the Linux
22 kernel. Since some of the files *can* be used 21 kernel. Since some of the files *can* be used to screw up your
23 system, it is advisable to read both documenta 22 system, it is advisable to read both documentation and source
24 before actually making adjustments. 23 before actually making adjustments.
25 24
26 Currently, these files might (depending on you 25 Currently, these files might (depending on your configuration)
27 show up in ``/proc/sys/kernel``: 26 show up in ``/proc/sys/kernel``:
28 27
29 .. contents:: :local: 28 .. contents:: :local:
30 29
31 30
32 acct 31 acct
33 ==== 32 ====
34 33
35 :: 34 ::
36 35
37 highwater lowwater frequency 36 highwater lowwater frequency
38 37
39 If BSD-style process accounting is enabled the 38 If BSD-style process accounting is enabled these values control
40 its behaviour. If free space on filesystem whe 39 its behaviour. If free space on filesystem where the log lives
41 goes below ``lowwater``\ % accounting suspends !! 40 goes below ``lowwater``% accounting suspends. If free space gets
42 above ``highwater``\ % accounting resumes. ``f !! 41 above ``highwater``% accounting resumes. ``frequency`` determines
43 how often do we check the amount of free space 42 how often do we check the amount of free space (value is in
44 seconds). Default: 43 seconds). Default:
45 44
46 :: 45 ::
47 46
48 4 2 30 47 4 2 30
49 48
50 That is, suspend accounting if free space drop 49 That is, suspend accounting if free space drops below 2%; resume it
51 if it increases to at least 4%; consider infor 50 if it increases to at least 4%; consider information about amount of
52 free space valid for 30 seconds. 51 free space valid for 30 seconds.
53 52
54 53
55 acpi_video_flags 54 acpi_video_flags
56 ================ 55 ================
57 56
58 See Documentation/power/video.rst. This allows !! 57 See :doc:`/power/video`. This allows the video resume mode to be set,
59 in a similar fashion to the ``acpi_sleep`` ker 58 in a similar fashion to the ``acpi_sleep`` kernel parameter, by
60 combining the following values: 59 combining the following values:
61 60
62 = ======= 61 = =======
63 1 s3_bios 62 1 s3_bios
64 2 s3_mode 63 2 s3_mode
65 4 s3_beep 64 4 s3_beep
66 = ======= 65 = =======
67 66
68 arch <<
69 ==== <<
70 <<
71 The machine hardware name, the same output as <<
72 (e.g. ``x86_64`` or ``aarch64``). <<
73 67
74 auto_msgmni 68 auto_msgmni
75 =========== 69 ===========
76 70
77 This variable has no effect and may be removed 71 This variable has no effect and may be removed in future kernel
78 releases. Reading it always returns 0. 72 releases. Reading it always returns 0.
79 Up to Linux 3.17, it enabled/disabled automati 73 Up to Linux 3.17, it enabled/disabled automatic recomputing of
80 `msgmni`_ 74 `msgmni`_
81 upon memory add/remove or upon IPC namespace c 75 upon memory add/remove or upon IPC namespace creation/removal.
82 Echoing "1" into this file enabled msgmni auto 76 Echoing "1" into this file enabled msgmni automatic recomputing.
83 Echoing "0" turned it off. The default value w 77 Echoing "0" turned it off. The default value was 1.
84 78
85 79
86 bootloader_type (x86 only) 80 bootloader_type (x86 only)
87 ========================== 81 ==========================
88 82
89 This gives the bootloader type number as indic 83 This gives the bootloader type number as indicated by the bootloader,
90 shifted left by 4, and OR'd with the low four 84 shifted left by 4, and OR'd with the low four bits of the bootloader
91 version. The reason for this encoding is that 85 version. The reason for this encoding is that this used to match the
92 ``type_of_loader`` field in the kernel header; 86 ``type_of_loader`` field in the kernel header; the encoding is kept for
93 backwards compatibility. That is, if the full 87 backwards compatibility. That is, if the full bootloader type number
94 is 0x15 and the full version number is 0x234, 88 is 0x15 and the full version number is 0x234, this file will contain
95 the value 340 = 0x154. 89 the value 340 = 0x154.
96 90
97 See the ``type_of_loader`` and ``ext_loader_ty 91 See the ``type_of_loader`` and ``ext_loader_type`` fields in
98 Documentation/arch/x86/boot.rst for additional !! 92 :doc:`/x86/boot` for additional information.
99 93
100 94
101 bootloader_version (x86 only) 95 bootloader_version (x86 only)
102 ============================= 96 =============================
103 97
104 The complete bootloader version number. In th 98 The complete bootloader version number. In the example above, this
105 file will contain the value 564 = 0x234. 99 file will contain the value 564 = 0x234.
106 100
107 See the ``type_of_loader`` and ``ext_loader_ve 101 See the ``type_of_loader`` and ``ext_loader_ver`` fields in
108 Documentation/arch/x86/boot.rst for additional !! 102 :doc:`/x86/boot` for additional information.
109 <<
110 <<
111 bpf_stats_enabled <<
112 ================= <<
113 <<
114 Controls whether the kernel should collect sta <<
115 (total time spent running, number of times run <<
116 statistics causes a slight reduction in perfor <<
117 run. The statistics can be seen using ``bpftoo <<
118 <<
119 = =================================== <<
120 0 Don't collect statistics (default). <<
121 1 Collect statistics. <<
122 = =================================== <<
123 <<
124 <<
125 cad_pid <<
126 ======= <<
127 <<
128 This is the pid which will be signalled on reb <<
129 Ctrl-Alt-Delete). Writing a value to this file <<
130 correspond to a running process will result in <<
131 <<
132 See also `ctrl-alt-del`_. <<
133 103
134 104
135 cap_last_cap 105 cap_last_cap
136 ============ 106 ============
137 107
138 Highest valid capability of the running kernel 108 Highest valid capability of the running kernel. Exports
139 ``CAP_LAST_CAP`` from the kernel. 109 ``CAP_LAST_CAP`` from the kernel.
140 110
141 111
142 .. _core_pattern: <<
143 <<
144 core_pattern 112 core_pattern
145 ============ 113 ============
146 114
147 ``core_pattern`` is used to specify a core dum 115 ``core_pattern`` is used to specify a core dumpfile pattern name.
148 116
149 * max length 127 characters; default value is 117 * max length 127 characters; default value is "core"
150 * ``core_pattern`` is used as a pattern templa 118 * ``core_pattern`` is used as a pattern template for the output
151 filename; certain string patterns (beginning 119 filename; certain string patterns (beginning with '%') are
152 substituted with their actual values. 120 substituted with their actual values.
153 * backward compatibility with ``core_uses_pid` 121 * backward compatibility with ``core_uses_pid``:
154 122
155 If ``core_pattern`` does not include " 123 If ``core_pattern`` does not include "%p" (default does not)
156 and ``core_uses_pid`` is set, then .PI 124 and ``core_uses_pid`` is set, then .PID will be appended to
157 the filename. 125 the filename.
158 126
159 * corename format specifiers 127 * corename format specifiers
160 128
161 ======== ====================== 129 ======== ==========================================
162 %<NUL> '%' is dropped 130 %<NUL> '%' is dropped
163 %% output one '%' 131 %% output one '%'
164 %p pid 132 %p pid
165 %P global pid (init PID n 133 %P global pid (init PID namespace)
166 %i tid 134 %i tid
167 %I global tid (init PID n 135 %I global tid (init PID namespace)
168 %u uid (in initial user n 136 %u uid (in initial user namespace)
169 %g gid (in initial user n 137 %g gid (in initial user namespace)
170 %d dump mode, matches ``P 138 %d dump mode, matches ``PR_SET_DUMPABLE`` and
171 ``/proc/sys/fs/suid_du 139 ``/proc/sys/fs/suid_dumpable``
172 %s signal number 140 %s signal number
173 %t UNIX time of dump 141 %t UNIX time of dump
174 %h hostname 142 %h hostname
175 %e executable filename (m !! 143 %e executable filename (may be shortened)
176 %f executable filename <<
177 %E executable path 144 %E executable path
178 %c maximum size of core f 145 %c maximum size of core file by resource limit RLIMIT_CORE
179 %C CPU the task ran on <<
180 %<OTHER> both are dropped 146 %<OTHER> both are dropped
181 ======== ====================== 147 ======== ==========================================
182 148
183 * If the first character of the pattern is a ' 149 * If the first character of the pattern is a '|', the kernel will treat
184 the rest of the pattern as a command to run. 150 the rest of the pattern as a command to run. The core dump will be
185 written to the standard input of that progra 151 written to the standard input of that program instead of to a file.
186 152
187 153
188 core_pipe_limit 154 core_pipe_limit
189 =============== 155 ===============
190 156
191 This sysctl is only applicable when `core_patt 157 This sysctl is only applicable when `core_pattern`_ is configured to
192 pipe core files to a user space helper (when t 158 pipe core files to a user space helper (when the first character of
193 ``core_pattern`` is a '|', see above). 159 ``core_pattern`` is a '|', see above).
194 When collecting cores via a pipe to an applica 160 When collecting cores via a pipe to an application, it is occasionally
195 useful for the collecting application to gathe 161 useful for the collecting application to gather data about the
196 crashing process from its ``/proc/pid`` direct 162 crashing process from its ``/proc/pid`` directory.
197 In order to do this safely, the kernel must wa 163 In order to do this safely, the kernel must wait for the collecting
198 process to exit, so as not to remove the crash 164 process to exit, so as not to remove the crashing processes proc files
199 prematurely. 165 prematurely.
200 This in turn creates the possibility that a mi 166 This in turn creates the possibility that a misbehaving userspace
201 collecting process can block the reaping of a 167 collecting process can block the reaping of a crashed process simply
202 by never exiting. 168 by never exiting.
203 This sysctl defends against that. 169 This sysctl defends against that.
204 It defines how many concurrent crashing proces 170 It defines how many concurrent crashing processes may be piped to user
205 space applications in parallel. 171 space applications in parallel.
206 If this value is exceeded, then those crashing 172 If this value is exceeded, then those crashing processes above that
207 value are noted via the kernel log and their c 173 value are noted via the kernel log and their cores are skipped.
208 0 is a special value, indicating that unlimite 174 0 is a special value, indicating that unlimited processes may be
209 captured in parallel, but that no waiting will 175 captured in parallel, but that no waiting will take place (i.e. the
210 collecting process is not guaranteed access to 176 collecting process is not guaranteed access to ``/proc/<crashing
211 pid>/``). 177 pid>/``).
212 This value defaults to 0. 178 This value defaults to 0.
213 179
214 180
215 core_uses_pid 181 core_uses_pid
216 ============= 182 =============
217 183
218 The default coredump filename is "core". By s 184 The default coredump filename is "core". By setting
219 ``core_uses_pid`` to 1, the coredump filename 185 ``core_uses_pid`` to 1, the coredump filename becomes core.PID.
220 If `core_pattern`_ does not include "%p" (defa 186 If `core_pattern`_ does not include "%p" (default does not)
221 and ``core_uses_pid`` is set, then .PID will b 187 and ``core_uses_pid`` is set, then .PID will be appended to
222 the filename. 188 the filename.
223 189
224 190
225 ctrl-alt-del 191 ctrl-alt-del
226 ============ 192 ============
227 193
228 When the value in this file is 0, ctrl-alt-del 194 When the value in this file is 0, ctrl-alt-del is trapped and
229 sent to the ``init(1)`` program to handle a gr 195 sent to the ``init(1)`` program to handle a graceful restart.
230 When, however, the value is > 0, Linux's react 196 When, however, the value is > 0, Linux's reaction to a Vulcan
231 Nerve Pinch (tm) will be an immediate reboot, 197 Nerve Pinch (tm) will be an immediate reboot, without even
232 syncing its dirty buffers. 198 syncing its dirty buffers.
233 199
234 Note: 200 Note:
235 when a program (like dosemu) has the keyboar 201 when a program (like dosemu) has the keyboard in 'raw'
236 mode, the ctrl-alt-del is intercepted by the 202 mode, the ctrl-alt-del is intercepted by the program before it
237 ever reaches the kernel tty layer, and it's 203 ever reaches the kernel tty layer, and it's up to the program
238 to decide what to do with it. 204 to decide what to do with it.
239 205
240 206
241 dmesg_restrict 207 dmesg_restrict
242 ============== 208 ==============
243 209
244 This toggle indicates whether unprivileged use 210 This toggle indicates whether unprivileged users are prevented
245 from using ``dmesg(8)`` to view messages from 211 from using ``dmesg(8)`` to view messages from the kernel's log
246 buffer. 212 buffer.
247 When ``dmesg_restrict`` is set to 0 there are 213 When ``dmesg_restrict`` is set to 0 there are no restrictions.
248 When ``dmesg_restrict`` is set to 1, users mus !! 214 When ``dmesg_restrict`` is set set to 1, users must have
249 ``CAP_SYSLOG`` to use ``dmesg(8)``. 215 ``CAP_SYSLOG`` to use ``dmesg(8)``.
250 216
251 The kernel config option ``CONFIG_SECURITY_DME 217 The kernel config option ``CONFIG_SECURITY_DMESG_RESTRICT`` sets the
252 default value of ``dmesg_restrict``. 218 default value of ``dmesg_restrict``.
253 219
254 220
255 domainname & hostname 221 domainname & hostname
256 ===================== 222 =====================
257 223
258 These files can be used to set the NIS/YP doma 224 These files can be used to set the NIS/YP domainname and the
259 hostname of your box in exactly the same way a 225 hostname of your box in exactly the same way as the commands
260 domainname and hostname, i.e.:: 226 domainname and hostname, i.e.::
261 227
262 # echo "darkstar" > /proc/sys/kernel/h 228 # echo "darkstar" > /proc/sys/kernel/hostname
263 # echo "mydomain" > /proc/sys/kernel/d 229 # echo "mydomain" > /proc/sys/kernel/domainname
264 230
265 has the same effect as:: 231 has the same effect as::
266 232
267 # hostname "darkstar" 233 # hostname "darkstar"
268 # domainname "mydomain" 234 # domainname "mydomain"
269 235
270 Note, however, that the classic darkstar.frop. 236 Note, however, that the classic darkstar.frop.org has the
271 hostname "darkstar" and DNS (Internet Domain N 237 hostname "darkstar" and DNS (Internet Domain Name Server)
272 domainname "frop.org", not to be confused with 238 domainname "frop.org", not to be confused with the NIS (Network
273 Information Service) or YP (Yellow Pages) doma 239 Information Service) or YP (Yellow Pages) domainname. These two
274 domain names are in general different. For a d 240 domain names are in general different. For a detailed discussion
275 see the ``hostname(1)`` man page. 241 see the ``hostname(1)`` man page.
276 242
277 243
278 firmware_config <<
279 =============== <<
280 <<
281 See Documentation/driver-api/firmware/fallback <<
282 <<
283 The entries in this directory allow the firmwa <<
284 fallback to be controlled: <<
285 <<
286 * ``force_sysfs_fallback``, when set to 1, for <<
287 fallback; <<
288 * ``ignore_sysfs_fallback``, when set to 1, ig <<
289 <<
290 <<
291 ftrace_dump_on_oops <<
292 =================== <<
293 <<
294 Determines whether ``ftrace_dump()`` should be <<
295 kernel panic). This will output the contents o <<
296 the console. This is very useful for capturin <<
297 crashes and outputting them to a serial consol <<
298 <<
299 ======================= ====================== <<
300 0 Disabled (default). <<
301 1 Dump buffers of all CP <<
302 2(orig_cpu) Dump the buffer of the <<
303 oops. <<
304 <instance> Dump the specific inst <<
305 <instance>=2(orig_cpu) Dump the specific inst <<
306 that triggered the oop <<
307 ======================= ====================== <<
308 <<
309 Multiple instance dump is also supported, and <<
310 by commas. If global buffer also needs to be d <<
311 the dump mode (1/2/orig_cpu) first for global <<
312 <<
313 So for example to dump "foo" and "bar" instanc <<
314 user can:: <<
315 <<
316 echo "foo,bar" > /proc/sys/kernel/ftrace_dum <<
317 <<
318 To dump global buffer and "foo" instance buffe <<
319 CPUs along with the "bar" instance buffer on C <<
320 oops, user can:: <<
321 <<
322 echo "1,foo,bar=2" > /proc/sys/kernel/ftrace <<
323 <<
324 ftrace_enabled, stack_tracer_enabled <<
325 ==================================== <<
326 <<
327 See Documentation/trace/ftrace.rst. <<
328 <<
329 <<
330 hardlockup_all_cpu_backtrace 244 hardlockup_all_cpu_backtrace
331 ============================ 245 ============================
332 246
333 This value controls the hard lockup detector b 247 This value controls the hard lockup detector behavior when a hard
334 lockup condition is detected as to whether or 248 lockup condition is detected as to whether or not to gather further
335 debug information. If enabled, arch-specific a 249 debug information. If enabled, arch-specific all-CPU stack dumping
336 will be initiated. 250 will be initiated.
337 251
338 = ============================================ 252 = ============================================
339 0 Do nothing. This is the default behavior. 253 0 Do nothing. This is the default behavior.
340 1 On detection capture more debug information. 254 1 On detection capture more debug information.
341 = ============================================ 255 = ============================================
342 256
343 257
344 hardlockup_panic 258 hardlockup_panic
345 ================ 259 ================
346 260
347 This parameter can be used to control whether 261 This parameter can be used to control whether the kernel panics
348 when a hard lockup is detected. 262 when a hard lockup is detected.
349 263
350 = =========================== 264 = ===========================
351 0 Don't panic on hard lockup. 265 0 Don't panic on hard lockup.
352 1 Panic on hard lockup. 266 1 Panic on hard lockup.
353 = =========================== 267 = ===========================
354 268
355 See Documentation/admin-guide/lockup-watchdogs !! 269 See :doc:`/admin-guide/lockup-watchdogs` for more information.
356 This can also be set using the nmi_watchdog ke 270 This can also be set using the nmi_watchdog kernel parameter.
357 271
358 272
359 hotplug 273 hotplug
360 ======= 274 =======
361 275
362 Path for the hotplug policy agent. 276 Path for the hotplug policy agent.
363 Default value is ``CONFIG_UEVENT_HELPER_PATH`` !! 277 Default value is "``/sbin/hotplug``".
364 to the empty string. <<
365 <<
366 This file only exists when ``CONFIG_UEVENT_HEL <<
367 modern systems rely exclusively on the netlink <<
368 don't need this. <<
369 <<
370 <<
371 hung_task_all_cpu_backtrace <<
372 =========================== <<
373 <<
374 If this option is set, the kernel will send an <<
375 their backtraces when a hung task is detected. <<
376 CONFIG_DETECT_HUNG_TASK and CONFIG_SMP are ena <<
377 <<
378 0: Won't show all CPUs backtraces when a hung <<
379 This is the default behavior. <<
380 <<
381 1: Will non-maskably interrupt all CPUs and du <<
382 a hung task is detected. <<
383 278
384 279
385 hung_task_panic 280 hung_task_panic
386 =============== 281 ===============
387 282
388 Controls the kernel's behavior when a hung tas 283 Controls the kernel's behavior when a hung task is detected.
389 This file shows up if ``CONFIG_DETECT_HUNG_TAS 284 This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
390 285
391 = ============================================ 286 = =================================================
392 0 Continue operation. This is the default beha 287 0 Continue operation. This is the default behavior.
393 1 Panic immediately. 288 1 Panic immediately.
394 = ============================================ 289 = =================================================
395 290
396 291
397 hung_task_check_count 292 hung_task_check_count
398 ===================== 293 =====================
399 294
400 The upper bound on the number of tasks that ar 295 The upper bound on the number of tasks that are checked.
401 This file shows up if ``CONFIG_DETECT_HUNG_TAS 296 This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
402 297
403 298
404 hung_task_timeout_secs 299 hung_task_timeout_secs
405 ====================== 300 ======================
406 301
407 When a task in D state did not get scheduled 302 When a task in D state did not get scheduled
408 for more than this value report a warning. 303 for more than this value report a warning.
409 This file shows up if ``CONFIG_DETECT_HUNG_TAS 304 This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
410 305
411 0 means infinite timeout, no checking is done. 306 0 means infinite timeout, no checking is done.
412 307
413 Possible values to set are in range {0:``LONG_ 308 Possible values to set are in range {0:``LONG_MAX``/``HZ``}.
414 309
415 310
416 hung_task_check_interval_secs 311 hung_task_check_interval_secs
417 ============================= 312 =============================
418 313
419 Hung task check interval. If hung task checkin 314 Hung task check interval. If hung task checking is enabled
420 (see `hung_task_timeout_secs`_), the check is 315 (see `hung_task_timeout_secs`_), the check is done every
421 ``hung_task_check_interval_secs`` seconds. 316 ``hung_task_check_interval_secs`` seconds.
422 This file shows up if ``CONFIG_DETECT_HUNG_TAS 317 This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
423 318
424 0 (default) means use ``hung_task_timeout_secs 319 0 (default) means use ``hung_task_timeout_secs`` as checking
425 interval. 320 interval.
426 321
427 Possible values to set are in range {0:``LONG_ 322 Possible values to set are in range {0:``LONG_MAX``/``HZ``}.
428 323
429 324
430 hung_task_warnings 325 hung_task_warnings
431 ================== 326 ==================
432 327
433 The maximum number of warnings to report. Duri 328 The maximum number of warnings to report. During a check interval
434 if a hung task is detected, this value is decr 329 if a hung task is detected, this value is decreased by 1.
435 When this value reaches 0, no more warnings wi 330 When this value reaches 0, no more warnings will be reported.
436 This file shows up if ``CONFIG_DETECT_HUNG_TAS 331 This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
437 332
438 -1: report an infinite number of warnings. 333 -1: report an infinite number of warnings.
439 334
440 335
441 hyperv_record_panic_msg 336 hyperv_record_panic_msg
442 ======================= 337 =======================
443 338
444 Controls whether the panic kmsg data should be 339 Controls whether the panic kmsg data should be reported to Hyper-V.
445 340
446 = ============================================ 341 = =========================================================
447 0 Do not report panic kmsg data. 342 0 Do not report panic kmsg data.
448 1 Report the panic kmsg data. This is the defa 343 1 Report the panic kmsg data. This is the default behavior.
449 = ============================================ 344 = =========================================================
450 345
451 346
452 ignore-unaligned-usertrap <<
453 ========================= <<
454 <<
455 On architectures where unaligned accesses caus <<
456 feature is supported (``CONFIG_SYSCTL_ARCH_UNA <<
457 currently, ``arc``, ``parisc`` and ``loongarch <<
458 unaligned traps are logged. <<
459 <<
460 = ============================================ <<
461 0 Log all unaligned accesses. <<
462 1 Only warn the first time a process traps. Th <<
463 setting. <<
464 = ============================================ <<
465 <<
466 See also `unaligned-trap`_. <<
467 <<
468 io_uring_disabled <<
469 ================= <<
470 <<
471 Prevents all processes from creating new io_ur <<
472 shrinks the kernel's attack surface. <<
473 <<
474 = ============================================ <<
475 0 All processes can create io_uring instances <<
476 default setting. <<
477 1 io_uring creation is disabled (io_uring_setu <<
478 -EPERM) for unprivileged processes not in th <<
479 Existing io_uring instances can still be use <<
480 documentation for io_uring_group for more in <<
481 2 io_uring creation is disabled for all proces <<
482 always fails with -EPERM. Existing io_uring <<
483 used. <<
484 = ============================================ <<
485 <<
486 <<
487 io_uring_group <<
488 ============== <<
489 <<
490 When io_uring_disabled is set to 1, a process <<
491 privileged (CAP_SYS_ADMIN) or be in the io_uri <<
492 to create an io_uring instance. If io_uring_g <<
493 default), only processes with the CAP_SYS_ADMI <<
494 io_uring instances. <<
495 <<
496 <<
497 kexec_load_disabled 347 kexec_load_disabled
498 =================== 348 ===================
499 349
500 A toggle indicating if the syscalls ``kexec_lo !! 350 A toggle indicating if the ``kexec_load`` syscall has been disabled.
501 ``kexec_file_load`` have been disabled. !! 351 This value defaults to 0 (false: ``kexec_load`` enabled), but can be
502 This value defaults to 0 (false: ``kexec_*load !! 352 set to 1 (true: ``kexec_load`` disabled).
503 set to 1 (true: ``kexec_*load`` disabled). <<
504 Once true, kexec can no longer be used, and th 353 Once true, kexec can no longer be used, and the toggle cannot be set
505 back to false. 354 back to false.
506 This allows a kexec image to be loaded before 355 This allows a kexec image to be loaded before disabling the syscall,
507 allowing a system to set up (and later use) an 356 allowing a system to set up (and later use) an image without it being
508 altered. 357 altered.
509 Generally used together with the `modules_disa 358 Generally used together with the `modules_disabled`_ sysctl.
510 359
511 kexec_load_limit_panic <<
512 ====================== <<
513 <<
514 This parameter specifies a limit to the number <<
515 ``kexec_load`` and ``kexec_file_load`` can be <<
516 image. It can only be set with a more restrict <<
517 current one. <<
518 <<
519 == =========================================== <<
520 -1 Unlimited calls to kexec. This is the defau <<
521 N Number of calls left. <<
522 == =========================================== <<
523 <<
524 kexec_load_limit_reboot <<
525 ======================= <<
526 <<
527 Similar functionality as ``kexec_load_limit_pa <<
528 image. <<
529 360
530 kptr_restrict 361 kptr_restrict
531 ============= 362 =============
532 363
533 This toggle indicates whether restrictions are 364 This toggle indicates whether restrictions are placed on
534 exposing kernel addresses via ``/proc`` and ot 365 exposing kernel addresses via ``/proc`` and other interfaces.
535 366
536 When ``kptr_restrict`` is set to 0 (the defaul 367 When ``kptr_restrict`` is set to 0 (the default) the address is hashed
537 before printing. 368 before printing.
538 (This is the equivalent to %p.) 369 (This is the equivalent to %p.)
539 370
540 When ``kptr_restrict`` is set to 1, kernel poi 371 When ``kptr_restrict`` is set to 1, kernel pointers printed using the
541 %pK format specifier will be replaced with 0s 372 %pK format specifier will be replaced with 0s unless the user has
542 ``CAP_SYSLOG`` and effective user and group id 373 ``CAP_SYSLOG`` and effective user and group ids are equal to the real
543 ids. 374 ids.
544 This is because %pK checks are done at read() 375 This is because %pK checks are done at read() time rather than open()
545 time, so if permissions are elevated between t 376 time, so if permissions are elevated between the open() and the read()
546 (e.g via a setuid binary) then %pK will not le 377 (e.g via a setuid binary) then %pK will not leak kernel pointers to
547 unprivileged users. 378 unprivileged users.
548 Note, this is a temporary solution only. 379 Note, this is a temporary solution only.
549 The correct long-term solution is to do the pe 380 The correct long-term solution is to do the permission checks at
550 open() time. 381 open() time.
551 Consider removing world read permissions from 382 Consider removing world read permissions from files that use %pK, and
552 using `dmesg_restrict`_ to protect against use 383 using `dmesg_restrict`_ to protect against uses of %pK in ``dmesg(8)``
553 if leaking kernel pointer values to unprivileg 384 if leaking kernel pointer values to unprivileged users is a concern.
554 385
555 When ``kptr_restrict`` is set to 2, kernel poi 386 When ``kptr_restrict`` is set to 2, kernel pointers printed using
556 %pK will be replaced with 0s regardless of pri 387 %pK will be replaced with 0s regardless of privileges.
557 388
558 389
559 modprobe 390 modprobe
560 ======== 391 ========
561 392
562 The full path to the usermode helper for autol 393 The full path to the usermode helper for autoloading kernel modules,
563 by default ``CONFIG_MODPROBE_PATH``, which in !! 394 by default "/sbin/modprobe". This binary is executed when the kernel
564 "/sbin/modprobe". This binary is executed whe !! 395 requests a module. For example, if userspace passes an unknown
565 module. For example, if userspace passes an u !! 396 filesystem type to mount(), then the kernel will automatically request
566 to mount(), then the kernel will automatically !! 397 the corresponding filesystem module by executing this usermode helper.
567 corresponding filesystem module by executing t <<
568 This usermode helper should insert the needed 398 This usermode helper should insert the needed module into the kernel.
569 399
570 This sysctl only affects module autoloading. 400 This sysctl only affects module autoloading. It has no effect on the
571 ability to explicitly insert modules. 401 ability to explicitly insert modules.
572 402
573 This sysctl can be used to debug module loadin 403 This sysctl can be used to debug module loading requests::
574 404
575 echo '#! /bin/sh' > /tmp/modprobe 405 echo '#! /bin/sh' > /tmp/modprobe
576 echo 'echo "$@" >> /tmp/modprobe.log' >> / 406 echo 'echo "$@" >> /tmp/modprobe.log' >> /tmp/modprobe
577 echo 'exec /sbin/modprobe "$@"' >> /tmp/mo 407 echo 'exec /sbin/modprobe "$@"' >> /tmp/modprobe
578 chmod a+x /tmp/modprobe 408 chmod a+x /tmp/modprobe
579 echo /tmp/modprobe > /proc/sys/kernel/modp 409 echo /tmp/modprobe > /proc/sys/kernel/modprobe
580 410
581 Alternatively, if this sysctl is set to the em 411 Alternatively, if this sysctl is set to the empty string, then module
582 autoloading is completely disabled. The kerne 412 autoloading is completely disabled. The kernel will not try to
583 execute a usermode helper at all, nor will it 413 execute a usermode helper at all, nor will it call the
584 kernel_module_request LSM hook. 414 kernel_module_request LSM hook.
585 415
586 If CONFIG_STATIC_USERMODEHELPER=y is set in th 416 If CONFIG_STATIC_USERMODEHELPER=y is set in the kernel configuration,
587 then the configured static usermode helper ove 417 then the configured static usermode helper overrides this sysctl,
588 except that the empty string is still accepted 418 except that the empty string is still accepted to completely disable
589 module autoloading as described above. 419 module autoloading as described above.
590 420
591 modules_disabled 421 modules_disabled
592 ================ 422 ================
593 423
594 A toggle value indicating if modules are allow 424 A toggle value indicating if modules are allowed to be loaded
595 in an otherwise modular kernel. This toggle d 425 in an otherwise modular kernel. This toggle defaults to off
596 (0), but can be set true (1). Once true, modu 426 (0), but can be set true (1). Once true, modules can be
597 neither loaded nor unloaded, and the toggle ca 427 neither loaded nor unloaded, and the toggle cannot be set back
598 to false. Generally used with the `kexec_load 428 to false. Generally used with the `kexec_load_disabled`_ toggle.
599 429
600 430
601 .. _msgmni: 431 .. _msgmni:
602 432
603 msgmax, msgmnb, and msgmni 433 msgmax, msgmnb, and msgmni
604 ========================== 434 ==========================
605 435
606 ``msgmax`` is the maximum size of an IPC messa 436 ``msgmax`` is the maximum size of an IPC message, in bytes. 8192 by
607 default (``MSGMAX``). 437 default (``MSGMAX``).
608 438
609 ``msgmnb`` is the maximum size of an IPC queue 439 ``msgmnb`` is the maximum size of an IPC queue, in bytes. 16384 by
610 default (``MSGMNB``). 440 default (``MSGMNB``).
611 441
612 ``msgmni`` is the maximum number of IPC queues 442 ``msgmni`` is the maximum number of IPC queues. 32000 by default
613 (``MSGMNI``). 443 (``MSGMNI``).
614 444
615 All of these parameters are set per ipc namesp <<
616 in POSIX message queues is limited by ``RLIMIT <<
617 respected hierarchically in the each user name <<
618 445
619 msg_next_id, sem_next_id, and shm_next_id (Sys 446 msg_next_id, sem_next_id, and shm_next_id (System V IPC)
620 ============================================== 447 ========================================================
621 448
622 These three toggles allows to specify desired 449 These three toggles allows to specify desired id for next allocated IPC
623 object: message, semaphore or shared memory re 450 object: message, semaphore or shared memory respectively.
624 451
625 By default they are equal to -1, which means g 452 By default they are equal to -1, which means generic allocation logic.
626 Possible values to set are in range {0:``INT_M 453 Possible values to set are in range {0:``INT_MAX``}.
627 454
628 Notes: 455 Notes:
629 1) kernel doesn't guarantee, that new object 456 1) kernel doesn't guarantee, that new object will have desired id. So,
630 it's up to userspace, how to handle an ob 457 it's up to userspace, how to handle an object with "wrong" id.
631 2) Toggle with non-default value will be set 458 2) Toggle with non-default value will be set back to -1 by kernel after
632 successful IPC object allocation. If an I 459 successful IPC object allocation. If an IPC object allocation syscall
633 fails, it is undefined if the value remai 460 fails, it is undefined if the value remains unmodified or is reset to -1.
634 461
635 <<
636 ngroups_max <<
637 =========== <<
638 <<
639 Maximum number of supplementary groups, _i.e._ <<
640 ``setgroups`` will accept. Exports ``NGROUPS_M <<
641 <<
642 <<
643 <<
644 nmi_watchdog 462 nmi_watchdog
645 ============ 463 ============
646 464
647 This parameter can be used to control the NMI 465 This parameter can be used to control the NMI watchdog
648 (i.e. the hard lockup detector) on x86 systems 466 (i.e. the hard lockup detector) on x86 systems.
649 467
650 = ================================= 468 = =================================
651 0 Disable the hard lockup detector. 469 0 Disable the hard lockup detector.
652 1 Enable the hard lockup detector. 470 1 Enable the hard lockup detector.
653 = ================================= 471 = =================================
654 472
655 The hard lockup detector monitors each CPU for 473 The hard lockup detector monitors each CPU for its ability to respond to
656 timer interrupts. The mechanism utilizes CPU p 474 timer interrupts. The mechanism utilizes CPU performance counter registers
657 that are programmed to generate Non-Maskable I 475 that are programmed to generate Non-Maskable Interrupts (NMIs) periodically
658 while a CPU is busy. Hence, the alternative na 476 while a CPU is busy. Hence, the alternative name 'NMI watchdog'.
659 477
660 The NMI watchdog is disabled by default if the 478 The NMI watchdog is disabled by default if the kernel is running as a guest
661 in a KVM virtual machine. This default can be 479 in a KVM virtual machine. This default can be overridden by adding::
662 480
663 nmi_watchdog=1 481 nmi_watchdog=1
664 482
665 to the guest kernel command line (see !! 483 to the guest kernel command line (see :doc:`/admin-guide/kernel-parameters`).
666 Documentation/admin-guide/kernel-parameters.rs <<
667 <<
668 <<
669 nmi_wd_lpm_factor (PPC only) <<
670 ============================ <<
671 <<
672 Factor to apply to the NMI watchdog timeout (o <<
673 set to 1). This factor represents the percenta <<
674 ``watchdog_thresh`` when calculating the NMI w <<
675 LPM. The soft lockup timeout is not impacted. <<
676 <<
677 A value of 0 means no change. The default valu <<
678 watchdog is set to 30s (based on ``watchdog_th <<
679 484
680 485
681 numa_balancing 486 numa_balancing
682 ============== 487 ==============
683 488
684 Enables/disables and configures automatic page !! 489 Enables/disables automatic page fault based NUMA memory
685 balancing. Memory is moved automatically to n !! 490 balancing. Memory is moved automatically to nodes
686 The value to set can be the result of ORing th !! 491 that access it often.
687 !! 492
688 = ================================= !! 493 Enables/disables automatic NUMA memory balancing. On NUMA machines, there
689 0 NUMA_BALANCING_DISABLED !! 494 is a performance penalty if remote memory is accessed by a CPU. When this
690 1 NUMA_BALANCING_NORMAL !! 495 feature is enabled the kernel samples what task thread is accessing memory
691 2 NUMA_BALANCING_MEMORY_TIERING !! 496 by periodically unmapping pages and later trapping a page fault. At the
692 = ================================= !! 497 time of the page fault, it is determined if the data being accessed should
693 !! 498 be migrated to a local memory node.
694 Or NUMA_BALANCING_NORMAL to optimize page plac <<
695 NUMA nodes to reduce remote accessing. On NUM <<
696 performance penalty if remote memory is access <<
697 feature is enabled the kernel samples what tas <<
698 memory by periodically unmapping pages and lat <<
699 fault. At the time of the page fault, it is de <<
700 being accessed should be migrated to a local m <<
701 499
702 The unmapping of pages and trapping faults inc 500 The unmapping of pages and trapping faults incur additional overhead that
703 ideally is offset by improved memory locality 501 ideally is offset by improved memory locality but there is no universal
704 guarantee. If the target workload is already b 502 guarantee. If the target workload is already bound to NUMA nodes then this
705 feature should be disabled. !! 503 feature should be disabled. Otherwise, if the system overhead from the
706 !! 504 feature is too high then the rate the kernel samples for NUMA hinting
707 Or NUMA_BALANCING_MEMORY_TIERING to optimize p !! 505 faults may be controlled by the `numa_balancing_scan_period_min_ms,
708 different types of memory (represented as diff !! 506 numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms,
709 place the hot pages in the fast memory. This !! 507 numa_balancing_scan_size_mb`_, and numa_balancing_settle_count sysctls.
710 unmapping and page fault too. !! 508
711 !! 509
712 numa_balancing_promote_rate_limit_MBps !! 510 numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb
713 ====================================== !! 511 ===============================================================================================================================
>> 512
>> 513
>> 514 Automatic NUMA balancing scans tasks address space and unmaps pages to
>> 515 detect if pages are properly placed or if the data should be migrated to a
>> 516 memory node local to where the task is running. Every "scan delay" the task
>> 517 scans the next "scan size" number of pages in its address space. When the
>> 518 end of the address space is reached the scanner restarts from the beginning.
>> 519
>> 520 In combination, the "scan delay" and "scan size" determine the scan rate.
>> 521 When "scan delay" decreases, the scan rate increases. The scan delay and
>> 522 hence the scan rate of every task is adaptive and depends on historical
>> 523 behaviour. If pages are properly placed then the scan delay increases,
>> 524 otherwise the scan delay decreases. The "scan size" is not adaptive but
>> 525 the higher the "scan size", the higher the scan rate.
>> 526
>> 527 Higher scan rates incur higher system overhead as page faults must be
>> 528 trapped and potentially data must be migrated. However, the higher the scan
>> 529 rate, the more quickly a tasks memory is migrated to a local node if the
>> 530 workload pattern changes and minimises performance impact due to remote
>> 531 memory accesses. These sysctls control the thresholds for scan delays and
>> 532 the number of pages scanned.
>> 533
>> 534 ``numa_balancing_scan_period_min_ms`` is the minimum time in milliseconds to
>> 535 scan a tasks virtual memory. It effectively controls the maximum scanning
>> 536 rate for each task.
>> 537
>> 538 ``numa_balancing_scan_delay_ms`` is the starting "scan delay" used for a task
>> 539 when it initially forks.
>> 540
>> 541 ``numa_balancing_scan_period_max_ms`` is the maximum time in milliseconds to
>> 542 scan a tasks virtual memory. It effectively controls the minimum scanning
>> 543 rate for each task.
714 544
715 Too high promotion/demotion throughput between !! 545 ``numa_balancing_scan_size_mb`` is how many megabytes worth of pages are
716 may hurt application latency. This can be use !! 546 scanned for a given scan.
717 promotion throughput. The per-node max promot <<
718 will be limited to be no more than the set val <<
719 <<
720 A rule of thumb is to set this to less than 1/ <<
721 write bandwidth. <<
722 <<
723 oops_all_cpu_backtrace <<
724 ====================== <<
725 <<
726 If this option is set, the kernel will send an <<
727 their backtraces when an oops event occurs. It <<
728 resort in case a panic cannot be triggered (to <<
729 example) or kdump can't be collected. This fil <<
730 is enabled. <<
731 <<
732 0: Won't show all CPUs backtraces when an oops <<
733 This is the default behavior. <<
734 <<
735 1: Will non-maskably interrupt all CPUs and du <<
736 an oops event is detected. <<
737 <<
738 <<
739 oops_limit <<
740 ========== <<
741 <<
742 Number of kernel oopses after which the kernel <<
743 ``panic_on_oops`` is not set. Setting this to <<
744 the count. Setting this to 1 has the same eff <<
745 ``panic_on_oops=1``. The default value is 1000 <<
746 547
747 548
748 osrelease, ostype & version 549 osrelease, ostype & version
749 =========================== 550 ===========================
750 551
751 :: 552 ::
752 553
753 # cat osrelease 554 # cat osrelease
754 2.1.88 555 2.1.88
755 # cat ostype 556 # cat ostype
756 Linux 557 Linux
757 # cat version 558 # cat version
758 #5 Wed Feb 25 21:49:24 MET 1998 559 #5 Wed Feb 25 21:49:24 MET 1998
759 560
760 The files ``osrelease`` and ``ostype`` should 561 The files ``osrelease`` and ``ostype`` should be clear enough.
761 ``version`` 562 ``version``
762 needs a little more clarification however. The 563 needs a little more clarification however. The '#5' means that
763 this is the fifth kernel built from this sourc 564 this is the fifth kernel built from this source base and the
764 date behind it indicates the time the kernel w 565 date behind it indicates the time the kernel was built.
765 The only way to tune these values is to rebuil 566 The only way to tune these values is to rebuild the kernel :-)
766 567
767 568
768 overflowgid & overflowuid 569 overflowgid & overflowuid
769 ========================= 570 =========================
770 571
771 if your architecture did not always support 32 572 if your architecture did not always support 32-bit UIDs (i.e. arm,
772 i386, m68k, sh, and sparc32), a fixed UID and 573 i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to
773 applications that use the old 16-bit UID/GID s 574 applications that use the old 16-bit UID/GID system calls, if the
774 actual UID or GID would exceed 65535. 575 actual UID or GID would exceed 65535.
775 576
776 These sysctls allow you to change the value of 577 These sysctls allow you to change the value of the fixed UID and GID.
777 The default is 65534. 578 The default is 65534.
778 579
779 580
780 panic 581 panic
781 ===== 582 =====
782 583
783 The value in this file determines the behaviou 584 The value in this file determines the behaviour of the kernel on a
784 panic: 585 panic:
785 586
786 * if zero, the kernel will loop forever; 587 * if zero, the kernel will loop forever;
787 * if negative, the kernel will reboot immediat 588 * if negative, the kernel will reboot immediately;
788 * if positive, the kernel will reboot after th 589 * if positive, the kernel will reboot after the corresponding number
789 of seconds. 590 of seconds.
790 591
791 When you use the software watchdog, the recomm 592 When you use the software watchdog, the recommended setting is 60.
792 593
793 594
794 panic_on_io_nmi 595 panic_on_io_nmi
795 =============== 596 ===============
796 597
797 Controls the kernel's behavior when a CPU rece 598 Controls the kernel's behavior when a CPU receives an NMI caused by
798 an IO error. 599 an IO error.
799 600
800 = ============================================ 601 = ==================================================================
801 0 Try to continue operation (default). 602 0 Try to continue operation (default).
802 1 Panic immediately. The IO error triggered an 603 1 Panic immediately. The IO error triggered an NMI. This indicates a
803 serious system condition which could result 604 serious system condition which could result in IO data corruption.
804 Rather than continuing, panicking might be a 605 Rather than continuing, panicking might be a better choice. Some
805 servers issue this sort of NMI when the dump 606 servers issue this sort of NMI when the dump button is pushed,
806 and you can use this option to take a crash 607 and you can use this option to take a crash dump.
807 = ============================================ 608 = ==================================================================
808 609
809 610
810 panic_on_oops 611 panic_on_oops
811 ============= 612 =============
812 613
813 Controls the kernel's behaviour when an oops o 614 Controls the kernel's behaviour when an oops or BUG is encountered.
814 615
815 = ============================================ 616 = ===================================================================
816 0 Try to continue operation. 617 0 Try to continue operation.
817 1 Panic immediately. If the `panic` sysctl is 618 1 Panic immediately. If the `panic` sysctl is also non-zero then the
818 machine will be rebooted. 619 machine will be rebooted.
819 = ============================================ 620 = ===================================================================
820 621
821 622
822 panic_on_stackoverflow 623 panic_on_stackoverflow
823 ====================== 624 ======================
824 625
825 Controls the kernel's behavior when detecting 626 Controls the kernel's behavior when detecting the overflows of
826 kernel, IRQ and exception stacks except a user 627 kernel, IRQ and exception stacks except a user stack.
827 This file shows up if ``CONFIG_DEBUG_STACKOVER 628 This file shows up if ``CONFIG_DEBUG_STACKOVERFLOW`` is enabled.
828 629
829 = ========================== 630 = ==========================
830 0 Try to continue operation. 631 0 Try to continue operation.
831 1 Panic immediately. 632 1 Panic immediately.
832 = ========================== 633 = ==========================
833 634
834 635
835 panic_on_unrecovered_nmi 636 panic_on_unrecovered_nmi
836 ======================== 637 ========================
837 638
838 The default Linux behaviour on an NMI of eithe 639 The default Linux behaviour on an NMI of either memory or unknown is
839 to continue operation. For many environments s 640 to continue operation. For many environments such as scientific
840 computing it is preferable that the box is tak 641 computing it is preferable that the box is taken out and the error
841 dealt with than an uncorrected parity/ECC erro 642 dealt with than an uncorrected parity/ECC error get propagated.
842 643
843 A small number of systems do generate NMIs for 644 A small number of systems do generate NMIs for bizarre random reasons
844 such as power management so the default is off 645 such as power management so the default is off. That sysctl works like
845 the existing panic controls already in that di 646 the existing panic controls already in that directory.
846 647
847 648
848 panic_on_warn 649 panic_on_warn
849 ============= 650 =============
850 651
851 Calls panic() in the WARN() path when set to 1 652 Calls panic() in the WARN() path when set to 1. This is useful to avoid
852 a kernel rebuild when attempting to kdump at t 653 a kernel rebuild when attempting to kdump at the location of a WARN().
853 654
854 = ============================================ 655 = ================================================
855 0 Only WARN(), default behaviour. 656 0 Only WARN(), default behaviour.
856 1 Call panic() after printing out WARN() locat 657 1 Call panic() after printing out WARN() location.
857 = ============================================ 658 = ================================================
858 659
859 660
860 panic_print 661 panic_print
861 =========== 662 ===========
862 663
863 Bitmask for printing system info when panic ha 664 Bitmask for printing system info when panic happens. User can chose
864 combination of the following bits: 665 combination of the following bits:
865 666
866 ===== ======================================= 667 ===== ============================================
867 bit 0 print all tasks info 668 bit 0 print all tasks info
868 bit 1 print system memory info 669 bit 1 print system memory info
869 bit 2 print timer info 670 bit 2 print timer info
870 bit 3 print locks info if ``CONFIG_LOCKDEP`` 671 bit 3 print locks info if ``CONFIG_LOCKDEP`` is on
871 bit 4 print ftrace buffer 672 bit 4 print ftrace buffer
872 bit 5 print all printk messages in buffer <<
873 bit 6 print all CPUs backtrace (if available <<
874 bit 7 print only tasks in uninterruptible (bl <<
875 ===== ======================================= 673 ===== ============================================
876 674
877 So for example to print tasks and memory info 675 So for example to print tasks and memory info on panic, user can::
878 676
879 echo 3 > /proc/sys/kernel/panic_print 677 echo 3 > /proc/sys/kernel/panic_print
880 678
881 679
882 panic_on_rcu_stall 680 panic_on_rcu_stall
883 ================== 681 ==================
884 682
885 When set to 1, calls panic() after RCU stall d 683 When set to 1, calls panic() after RCU stall detection messages. This
886 is useful to define the root cause of RCU stal 684 is useful to define the root cause of RCU stalls using a vmcore.
887 685
888 = ============================================ 686 = ============================================================
889 0 Do not panic() when RCU stall takes place, d 687 0 Do not panic() when RCU stall takes place, default behavior.
890 1 panic() after printing RCU stall messages. 688 1 panic() after printing RCU stall messages.
891 = ============================================ 689 = ============================================================
892 690
893 max_rcu_stall_to_panic <<
894 ====================== <<
895 <<
896 When ``panic_on_rcu_stall`` is set to 1, this <<
897 number of times that RCU can stall before pani <<
898 <<
899 When ``panic_on_rcu_stall`` is set to 0, this <<
900 691
901 perf_cpu_time_max_percent 692 perf_cpu_time_max_percent
902 ========================= 693 =========================
903 694
904 Hints to the kernel how much CPU time it shoul 695 Hints to the kernel how much CPU time it should be allowed to
905 use to handle perf sampling events. If the pe 696 use to handle perf sampling events. If the perf subsystem
906 is informed that its samples are exceeding thi 697 is informed that its samples are exceeding this limit, it
907 will drop its sampling frequency to attempt to 698 will drop its sampling frequency to attempt to reduce its CPU
908 usage. 699 usage.
909 700
910 Some perf sampling happens in NMIs. If these 701 Some perf sampling happens in NMIs. If these samples
911 unexpectedly take too long to execute, the NMI 702 unexpectedly take too long to execute, the NMIs can become
912 stacked up next to each other so much that not 703 stacked up next to each other so much that nothing else is
913 allowed to execute. 704 allowed to execute.
914 705
915 ===== ======================================== 706 ===== ========================================================
916 0 Disable the mechanism. Do not monitor o 707 0 Disable the mechanism. Do not monitor or correct perf's
917 sampling rate no matter how CPU time it 708 sampling rate no matter how CPU time it takes.
918 709
919 1-100 Attempt to throttle perf's sample rate t 710 1-100 Attempt to throttle perf's sample rate to this
920 percentage of CPU. Note: the kernel cal 711 percentage of CPU. Note: the kernel calculates an
921 "expected" length of each sample event. 712 "expected" length of each sample event. 100 here means
922 100% of that expected length. Even if t 713 100% of that expected length. Even if this is set to
923 100, you may still see sample throttling 714 100, you may still see sample throttling if this
924 length is exceeded. Set to 0 if you tru 715 length is exceeded. Set to 0 if you truly do not care
925 how much CPU is consumed. 716 how much CPU is consumed.
926 ===== ======================================== 717 ===== ========================================================
927 718
928 719
929 perf_event_paranoid 720 perf_event_paranoid
930 =================== 721 ===================
931 722
932 Controls use of the performance events system 723 Controls use of the performance events system by unprivileged
933 users (without CAP_PERFMON). The default valu !! 724 users (without CAP_SYS_ADMIN). The default value is 2.
934 <<
935 For backward compatibility reasons access to s <<
936 monitoring and observability remains open for <<
937 privileged processes but CAP_SYS_ADMIN usage f <<
938 performance monitoring and observability opera <<
939 with respect to CAP_PERFMON use cases. <<
940 725
941 === ========================================= 726 === ==================================================================
942 -1 Allow use of (almost) all events by all u 727 -1 Allow use of (almost) all events by all users.
943 728
944 Ignore mlock limit after perf_event_mlock 729 Ignore mlock limit after perf_event_mlock_kb without
945 ``CAP_IPC_LOCK``. 730 ``CAP_IPC_LOCK``.
946 731
947 >=0 Disallow ftrace function tracepoint by us 732 >=0 Disallow ftrace function tracepoint by users without
948 ``CAP_PERFMON``. !! 733 ``CAP_SYS_ADMIN``.
949 734
950 Disallow raw tracepoint access by users w !! 735 Disallow raw tracepoint access by users without ``CAP_SYS_ADMIN``.
951 736
952 >=1 Disallow CPU event access by users withou !! 737 >=1 Disallow CPU event access by users without ``CAP_SYS_ADMIN``.
953 738
954 >=2 Disallow kernel profiling by users withou !! 739 >=2 Disallow kernel profiling by users without ``CAP_SYS_ADMIN``.
955 === ========================================= 740 === ==================================================================
956 741
957 742
958 perf_event_max_stack 743 perf_event_max_stack
959 ==================== 744 ====================
960 745
961 Controls maximum number of stack frames to cop 746 Controls maximum number of stack frames to copy for (``attr.sample_type &
962 PERF_SAMPLE_CALLCHAIN``) configured events, fo 747 PERF_SAMPLE_CALLCHAIN``) configured events, for instance, when using
963 '``perf record -g``' or '``perf trace --call-g 748 '``perf record -g``' or '``perf trace --call-graph fp``'.
964 749
965 This can only be done when no events are in us 750 This can only be done when no events are in use that have callchains
966 enabled, otherwise writing to this file will r 751 enabled, otherwise writing to this file will return ``-EBUSY``.
967 752
968 The default value is 127. 753 The default value is 127.
969 754
970 755
971 perf_event_mlock_kb 756 perf_event_mlock_kb
972 =================== 757 ===================
973 758
974 Control size of per-cpu ring buffer not counte !! 759 Control size of per-cpu ring buffer not counted agains mlock limit.
975 760
976 The default value is 512 + 1 page 761 The default value is 512 + 1 page
977 762
978 763
979 perf_event_max_contexts_per_stack 764 perf_event_max_contexts_per_stack
980 ================================= 765 =================================
981 766
982 Controls maximum number of stack frame context 767 Controls maximum number of stack frame context entries for
983 (``attr.sample_type & PERF_SAMPLE_CALLCHAIN``) 768 (``attr.sample_type & PERF_SAMPLE_CALLCHAIN``) configured events, for
984 instance, when using '``perf record -g``' or ' 769 instance, when using '``perf record -g``' or '``perf trace --call-graph fp``'.
985 770
986 This can only be done when no events are in us 771 This can only be done when no events are in use that have callchains
987 enabled, otherwise writing to this file will r 772 enabled, otherwise writing to this file will return ``-EBUSY``.
988 773
989 The default value is 8. 774 The default value is 8.
990 775
991 776
992 perf_user_access (arm64 and riscv only) <<
993 ======================================= <<
994 <<
995 Controls user space access for reading perf ev <<
996 <<
997 arm64 <<
998 ===== <<
999 <<
1000 The default value is 0 (access disabled). <<
1001 <<
1002 When set to 1, user space can read performanc <<
1003 directly. <<
1004 <<
1005 See Documentation/arch/arm64/perf.rst for mor <<
1006 <<
1007 riscv <<
1008 ===== <<
1009 <<
1010 When set to 0, user space access is disabled. <<
1011 <<
1012 The default value is 1, user space can read p <<
1013 registers through perf, any direct access wit <<
1014 an illegal instruction. <<
1015 <<
1016 When set to 2, which enables legacy mode (use <<
1017 and insret CSRs only). Note that this legacy <<
1018 removed once all user space applications are <<
1019 <<
1020 Note that the time CSR is always directly acc <<
1021 <<
1022 pid_max 777 pid_max
1023 ======= 778 =======
1024 779
1025 PID allocation wrap value. When the kernel's 780 PID allocation wrap value. When the kernel's next PID value
1026 reaches this value, it wraps back to a minimu 781 reaches this value, it wraps back to a minimum PID value.
1027 PIDs of value ``pid_max`` or larger are not a 782 PIDs of value ``pid_max`` or larger are not allocated.
1028 783
1029 784
1030 ns_last_pid 785 ns_last_pid
1031 =========== 786 ===========
1032 787
1033 The last pid allocated in the current (the on 788 The last pid allocated in the current (the one task using this sysctl
1034 lives in) pid namespace. When selecting a pid 789 lives in) pid namespace. When selecting a pid for a next task on fork
1035 kernel tries to allocate a number starting fr 790 kernel tries to allocate a number starting from this one.
1036 791
1037 792
1038 powersave-nap (PPC only) 793 powersave-nap (PPC only)
1039 ======================== 794 ========================
1040 795
1041 If set, Linux-PPC will use the 'nap' mode of 796 If set, Linux-PPC will use the 'nap' mode of powersaving,
1042 otherwise the 'doze' mode will be used. 797 otherwise the 'doze' mode will be used.
1043 798
1044 799
1045 ============================================= 800 ==============================================================
1046 801
1047 printk 802 printk
1048 ====== 803 ======
1049 804
1050 The four values in printk denote: ``console_l 805 The four values in printk denote: ``console_loglevel``,
1051 ``default_message_loglevel``, ``minimum_conso 806 ``default_message_loglevel``, ``minimum_console_loglevel`` and
1052 ``default_console_loglevel`` respectively. 807 ``default_console_loglevel`` respectively.
1053 808
1054 These values influence printk() behavior when 809 These values influence printk() behavior when printing or
1055 logging error messages. See '``man 2 syslog`` 810 logging error messages. See '``man 2 syslog``' for more info on
1056 the different loglevels. 811 the different loglevels.
1057 812
1058 ======================== ==================== 813 ======================== =====================================
1059 console_loglevel messages with a high 814 console_loglevel messages with a higher priority than
1060 this will be printed 815 this will be printed to the console
1061 default_message_loglevel messages without an 816 default_message_loglevel messages without an explicit priority
1062 will be printed with 817 will be printed with this priority
1063 minimum_console_loglevel minimum (highest) va 818 minimum_console_loglevel minimum (highest) value to which
1064 console_loglevel can 819 console_loglevel can be set
1065 default_console_loglevel default value for co 820 default_console_loglevel default value for console_loglevel
1066 ======================== ==================== 821 ======================== =====================================
1067 822
1068 823
1069 printk_delay 824 printk_delay
1070 ============ 825 ============
1071 826
1072 Delay each printk message in ``printk_delay`` 827 Delay each printk message in ``printk_delay`` milliseconds
1073 828
1074 Value from 0 - 10000 is allowed. 829 Value from 0 - 10000 is allowed.
1075 830
1076 831
1077 printk_ratelimit 832 printk_ratelimit
1078 ================ 833 ================
1079 834
1080 Some warning messages are rate limited. ``pri 835 Some warning messages are rate limited. ``printk_ratelimit`` specifies
1081 the minimum length of time between these mess 836 the minimum length of time between these messages (in seconds).
1082 The default value is 5 seconds. 837 The default value is 5 seconds.
1083 838
1084 A value of 0 will disable rate limiting. 839 A value of 0 will disable rate limiting.
1085 840
1086 841
1087 printk_ratelimit_burst 842 printk_ratelimit_burst
1088 ====================== 843 ======================
1089 844
1090 While long term we enforce one message per `p 845 While long term we enforce one message per `printk_ratelimit`_
1091 seconds, we do allow a burst of messages to p 846 seconds, we do allow a burst of messages to pass through.
1092 ``printk_ratelimit_burst`` specifies the numb 847 ``printk_ratelimit_burst`` specifies the number of messages we can
1093 send before ratelimiting kicks in. 848 send before ratelimiting kicks in.
1094 849
1095 The default value is 10 messages. 850 The default value is 10 messages.
1096 851
1097 852
1098 printk_devkmsg 853 printk_devkmsg
1099 ============== 854 ==============
1100 855
1101 Control the logging to ``/dev/kmsg`` from use 856 Control the logging to ``/dev/kmsg`` from userspace:
1102 857
1103 ========= =================================== 858 ========= =============================================
1104 ratelimit default, ratelimited 859 ratelimit default, ratelimited
1105 on unlimited logging to /dev/kmsg from 860 on unlimited logging to /dev/kmsg from userspace
1106 off logging to /dev/kmsg disabled 861 off logging to /dev/kmsg disabled
1107 ========= =================================== 862 ========= =============================================
1108 863
1109 The kernel command line parameter ``printk.de 864 The kernel command line parameter ``printk.devkmsg=`` overrides this and is
1110 a one-time setting until next reboot: once se 865 a one-time setting until next reboot: once set, it cannot be changed by
1111 this sysctl interface anymore. 866 this sysctl interface anymore.
1112 867
1113 ============================================= 868 ==============================================================
1114 869
1115 870
1116 pty 871 pty
1117 === 872 ===
1118 873
1119 See Documentation/filesystems/devpts.rst. !! 874 See Documentation/filesystems/devpts.txt.
1120 <<
1121 <<
1122 random <<
1123 ====== <<
1124 <<
1125 This is a directory, with the following entri <<
1126 <<
1127 * ``boot_id``: a UUID generated the first tim <<
1128 unvarying after that; <<
1129 <<
1130 * ``uuid``: a UUID generated every time this <<
1131 thus be used to generate UUIDs at will); <<
1132 <<
1133 * ``entropy_avail``: the pool's entropy count <<
1134 <<
1135 * ``poolsize``: the entropy pool size, in bit <<
1136 <<
1137 * ``urandom_min_reseed_secs``: obsolete (used <<
1138 number of seconds between urandom pool rese <<
1139 writable for compatibility purposes, but wr <<
1140 on any RNG behavior; <<
1141 <<
1142 * ``write_wakeup_threshold``: when the entrop <<
1143 (as a number of bits), processes waiting to <<
1144 are woken up. This file is writable for com <<
1145 writing to it has no effect on any RNG beha <<
1146 875
1147 876
1148 randomize_va_space 877 randomize_va_space
1149 ================== 878 ==================
1150 879
1151 This option can be used to select the type of 880 This option can be used to select the type of process address
1152 space randomization that is used in the syste 881 space randomization that is used in the system, for architectures
1153 that support this feature. 882 that support this feature.
1154 883
1155 == ========================================= 884 == ===========================================================================
1156 0 Turn the process address space randomizat 885 0 Turn the process address space randomization off. This is the
1157 default for architectures that do not sup 886 default for architectures that do not support this feature anyways,
1158 and kernels that are booted with the "nor 887 and kernels that are booted with the "norandmaps" parameter.
1159 888
1160 1 Make the addresses of mmap base, stack an 889 1 Make the addresses of mmap base, stack and VDSO page randomized.
1161 This, among other things, implies that sh 890 This, among other things, implies that shared libraries will be
1162 loaded to random addresses. Also for PIE 891 loaded to random addresses. Also for PIE-linked binaries, the
1163 location of code start is randomized. Th 892 location of code start is randomized. This is the default if the
1164 ``CONFIG_COMPAT_BRK`` option is enabled. 893 ``CONFIG_COMPAT_BRK`` option is enabled.
1165 894
1166 2 Additionally enable heap randomization. 895 2 Additionally enable heap randomization. This is the default if
1167 ``CONFIG_COMPAT_BRK`` is disabled. 896 ``CONFIG_COMPAT_BRK`` is disabled.
1168 897
1169 There are a few legacy applications out t 898 There are a few legacy applications out there (such as some ancient
1170 versions of libc.so.5 from 1996) that ass 899 versions of libc.so.5 from 1996) that assume that brk area starts
1171 just after the end of the code+bss. Thes 900 just after the end of the code+bss. These applications break when
1172 start of the brk area is randomized. The 901 start of the brk area is randomized. There are however no known
1173 non-legacy applications that would be bro 902 non-legacy applications that would be broken this way, so for most
1174 systems it is safe to choose full randomi 903 systems it is safe to choose full randomization.
1175 904
1176 Systems with ancient and/or broken binari 905 Systems with ancient and/or broken binaries should be configured
1177 with ``CONFIG_COMPAT_BRK`` enabled, which 906 with ``CONFIG_COMPAT_BRK`` enabled, which excludes the heap from process
1178 address space randomization. 907 address space randomization.
1179 == ========================================= 908 == ===========================================================================
1180 909
1181 910
1182 real-root-dev 911 real-root-dev
1183 ============= 912 =============
1184 913
1185 See Documentation/admin-guide/initrd.rst. !! 914 See :doc:`/admin-guide/initrd`.
1186 915
1187 916
1188 reboot-cmd (SPARC only) 917 reboot-cmd (SPARC only)
1189 ======================= 918 =======================
1190 919
1191 ??? This seems to be a way to give an argumen 920 ??? This seems to be a way to give an argument to the Sparc
1192 ROM/Flash boot loader. Maybe to tell it what 921 ROM/Flash boot loader. Maybe to tell it what to do after
1193 rebooting. ??? 922 rebooting. ???
1194 923
1195 924
1196 sched_energy_aware 925 sched_energy_aware
1197 ================== 926 ==================
1198 927
1199 Enables/disables Energy Aware Scheduling (EAS 928 Enables/disables Energy Aware Scheduling (EAS). EAS starts
1200 automatically on platforms where it can run ( 929 automatically on platforms where it can run (that is,
1201 platforms with asymmetric CPU topologies and 930 platforms with asymmetric CPU topologies and having an Energy
1202 Model available). If your platform happens to 931 Model available). If your platform happens to meet the
1203 requirements for EAS but you do not want to u 932 requirements for EAS but you do not want to use it, change
1204 this value to 0. On Non-EAS platforms, write !! 933 this value to 0.
1205 read doesn't return anything. <<
1206 <<
1207 task_delayacct <<
1208 =============== <<
1209 934
1210 Enables/disables task delay accounting (see <<
1211 Documentation/accounting/delay-accounting.rst <<
1212 a small amount of overhead in the scheduler b <<
1213 and performance tuning. It is required by som <<
1214 935
1215 sched_schedstats 936 sched_schedstats
1216 ================ 937 ================
1217 938
1218 Enables/disables scheduler statistics. Enabli 939 Enables/disables scheduler statistics. Enabling this feature
1219 incurs a small amount of overhead in the sche 940 incurs a small amount of overhead in the scheduler but is
1220 useful for debugging and performance tuning. 941 useful for debugging and performance tuning.
1221 942
1222 sched_util_clamp_min <<
1223 ==================== <<
1224 <<
1225 Max allowed *minimum* utilization. <<
1226 <<
1227 Default value is 1024, which is the maximum p <<
1228 <<
1229 It means that any requested uclamp.min value <<
1230 sched_util_clamp_min, i.e., it is restricted <<
1231 [0:sched_util_clamp_min]. <<
1232 <<
1233 sched_util_clamp_max <<
1234 ==================== <<
1235 <<
1236 Max allowed *maximum* utilization. <<
1237 <<
1238 Default value is 1024, which is the maximum p <<
1239 <<
1240 It means that any requested uclamp.max value <<
1241 sched_util_clamp_max, i.e., it is restricted <<
1242 [0:sched_util_clamp_max]. <<
1243 <<
1244 sched_util_clamp_min_rt_default <<
1245 =============================== <<
1246 <<
1247 By default Linux is tuned for performance. Wh <<
1248 at the highest frequency and most capable (hi <<
1249 heterogeneous systems). <<
1250 <<
1251 Uclamp achieves this by setting the requested <<
1252 1024 by default, which effectively boosts the <<
1253 frequency and biases them to run on the bigge <<
1254 <<
1255 This knob allows admins to change the default <<
1256 used. In battery powered devices particularly <<
1257 capacity and frequency will increase energy c <<
1258 life. <<
1259 <<
1260 This knob is only effective for RT tasks whic <<
1261 requested uclamp.min value via sched_setattr( <<
1262 <<
1263 This knob will not escape the range constrain <<
1264 defined above. <<
1265 <<
1266 For example if <<
1267 <<
1268 sched_util_clamp_min_rt_default = 800 <<
1269 sched_util_clamp_min = 600 <<
1270 <<
1271 Then the boost will be clamped to 600 because <<
1272 range of [0:600]. This could happen for insta <<
1273 restrict all boosts temporarily by modifying <<
1274 this restriction is lifted, the requested sch <<
1275 will take effect. <<
1276 943
1277 seccomp 944 seccomp
1278 ======= 945 =======
1279 946
1280 See Documentation/userspace-api/seccomp_filte !! 947 See :doc:`/userspace-api/seccomp_filter`.
1281 948
1282 949
1283 sg-big-buff 950 sg-big-buff
1284 =========== 951 ===========
1285 952
1286 This file shows the size of the generic SCSI 953 This file shows the size of the generic SCSI (sg) buffer.
1287 You can't tune it just yet, but you could cha 954 You can't tune it just yet, but you could change it on
1288 compile time by editing ``include/scsi/sg.h`` 955 compile time by editing ``include/scsi/sg.h`` and changing
1289 the value of ``SG_BIG_BUFF``. 956 the value of ``SG_BIG_BUFF``.
1290 957
1291 There shouldn't be any reason to change this 958 There shouldn't be any reason to change this value. If
1292 you can come up with one, you probably know w 959 you can come up with one, you probably know what you
1293 are doing anyway :) 960 are doing anyway :)
1294 961
1295 962
1296 shmall 963 shmall
1297 ====== 964 ======
1298 965
1299 This parameter sets the total amount of share !! 966 This parameter sets the total amount of shared memory pages that
1300 inside ipc namespace. The shared memory pages !! 967 can be used system wide. Hence, ``shmall`` should always be at least
1301 namespace separately and is not inherited. He !! 968 ``ceil(shmmax/PAGE_SIZE)``.
1302 least ``ceil(shmmax/PAGE_SIZE)``. <<
1303 969
1304 If you are not sure what the default ``PAGE_S 970 If you are not sure what the default ``PAGE_SIZE`` is on your Linux
1305 system, you can run the following command:: 971 system, you can run the following command::
1306 972
1307 # getconf PAGE_SIZE 973 # getconf PAGE_SIZE
1308 974
1309 To reduce or disable the ability to allocate <<
1310 new ipc namespace, set this parameter to the <<
1311 creation of a new ipc namespace in the curren <<
1312 be used. <<
1313 975
1314 shmmax 976 shmmax
1315 ====== 977 ======
1316 978
1317 This value can be used to query and set the r 979 This value can be used to query and set the run time limit
1318 on the maximum shared memory segment size tha 980 on the maximum shared memory segment size that can be created.
1319 Shared memory segments up to 1Gb are now supp 981 Shared memory segments up to 1Gb are now supported in the
1320 kernel. This value defaults to ``SHMMAX``. 982 kernel. This value defaults to ``SHMMAX``.
1321 983
1322 984
1323 shmmni 985 shmmni
1324 ====== 986 ======
1325 987
1326 This value determines the maximum number of s 988 This value determines the maximum number of shared memory segments.
1327 4096 by default (``SHMMNI``). 989 4096 by default (``SHMMNI``).
1328 990
1329 991
1330 shm_rmid_forced 992 shm_rmid_forced
1331 =============== 993 ===============
1332 994
1333 Linux lets you set resource limits, including 995 Linux lets you set resource limits, including how much memory one
1334 process can consume, via ``setrlimit(2)``. U 996 process can consume, via ``setrlimit(2)``. Unfortunately, shared memory
1335 segments are allowed to exist without associa 997 segments are allowed to exist without association with any process, and
1336 thus might not be counted against any resourc 998 thus might not be counted against any resource limits. If enabled,
1337 shared memory segments are automatically dest 999 shared memory segments are automatically destroyed when their attach
1338 count becomes zero after a detach or a proces 1000 count becomes zero after a detach or a process termination. It will
1339 also destroy segments that were created, but 1001 also destroy segments that were created, but never attached to, on exit
1340 from the process. The only use left for ``IP 1002 from the process. The only use left for ``IPC_RMID`` is to immediately
1341 destroy an unattached segment. Of course, th 1003 destroy an unattached segment. Of course, this breaks the way things are
1342 defined, so some applications might stop work 1004 defined, so some applications might stop working. Note that this
1343 feature will do you no good unless you also c 1005 feature will do you no good unless you also configure your resource
1344 limits (in particular, ``RLIMIT_AS`` and ``RL 1006 limits (in particular, ``RLIMIT_AS`` and ``RLIMIT_NPROC``). Most systems don't
1345 need this. 1007 need this.
1346 1008
1347 Note that if you change this from 0 to 1, alr 1009 Note that if you change this from 0 to 1, already created segments
1348 without users and with a dead originative pro 1010 without users and with a dead originative process will be destroyed.
1349 1011
1350 1012
1351 sysctl_writes_strict 1013 sysctl_writes_strict
1352 ==================== 1014 ====================
1353 1015
1354 Control how file position affects the behavio 1016 Control how file position affects the behavior of updating sysctl values
1355 via the ``/proc/sys`` interface: 1017 via the ``/proc/sys`` interface:
1356 1018
1357 == ====================================== 1019 == ======================================================================
1358 -1 Legacy per-write sysctl value handling 1020 -1 Legacy per-write sysctl value handling, with no printk warnings.
1359 Each write syscall must fully contain 1021 Each write syscall must fully contain the sysctl value to be
1360 written, and multiple writes on the sa 1022 written, and multiple writes on the same sysctl file descriptor
1361 will rewrite the sysctl value, regardl 1023 will rewrite the sysctl value, regardless of file position.
1362 0 Same behavior as above, but warn about 1024 0 Same behavior as above, but warn about processes that perform writes
1363 to a sysctl file descriptor when the f 1025 to a sysctl file descriptor when the file position is not 0.
1364 1 (default) Respect file position when w 1026 1 (default) Respect file position when writing sysctl strings. Multiple
1365 writes will append to the sysctl value 1027 writes will append to the sysctl value buffer. Anything past the max
1366 length of the sysctl value buffer will 1028 length of the sysctl value buffer will be ignored. Writes to numeric
1367 sysctl entries must always be at file 1029 sysctl entries must always be at file position 0 and the value must
1368 be fully contained in the buffer sent 1030 be fully contained in the buffer sent in the write syscall.
1369 == ====================================== 1031 == ======================================================================
1370 1032
1371 1033
1372 softlockup_all_cpu_backtrace 1034 softlockup_all_cpu_backtrace
1373 ============================ 1035 ============================
1374 1036
1375 This value controls the soft lockup detector 1037 This value controls the soft lockup detector thread's behavior
1376 when a soft lockup condition is detected as t 1038 when a soft lockup condition is detected as to whether or not
1377 to gather further debug information. If enabl 1039 to gather further debug information. If enabled, each cpu will
1378 be issued an NMI and instructed to capture st 1040 be issued an NMI and instructed to capture stack trace.
1379 1041
1380 This feature is only applicable for architect 1042 This feature is only applicable for architectures which support
1381 NMI. 1043 NMI.
1382 1044
1383 = =========================================== 1045 = ============================================
1384 0 Do nothing. This is the default behavior. 1046 0 Do nothing. This is the default behavior.
1385 1 On detection capture more debug information 1047 1 On detection capture more debug information.
1386 = =========================================== 1048 = ============================================
1387 1049
1388 1050
1389 softlockup_panic 1051 softlockup_panic
1390 ================= 1052 =================
1391 1053
1392 This parameter can be used to control whether 1054 This parameter can be used to control whether the kernel panics
1393 when a soft lockup is detected. 1055 when a soft lockup is detected.
1394 1056
1395 = =========================================== 1057 = ============================================
1396 0 Don't panic on soft lockup. 1058 0 Don't panic on soft lockup.
1397 1 Panic on soft lockup. 1059 1 Panic on soft lockup.
1398 = =========================================== 1060 = ============================================
1399 1061
1400 This can also be set using the softlockup_pan 1062 This can also be set using the softlockup_panic kernel parameter.
1401 1063
1402 1064
1403 soft_watchdog 1065 soft_watchdog
1404 ============= 1066 =============
1405 1067
1406 This parameter can be used to control the sof 1068 This parameter can be used to control the soft lockup detector.
1407 1069
1408 = ================================= 1070 = =================================
1409 0 Disable the soft lockup detector. 1071 0 Disable the soft lockup detector.
1410 1 Enable the soft lockup detector. 1072 1 Enable the soft lockup detector.
1411 = ================================= 1073 = =================================
1412 1074
1413 The soft lockup detector monitors CPUs for th 1075 The soft lockup detector monitors CPUs for threads that are hogging the CPUs
1414 without rescheduling voluntarily, and thus pr !! 1076 without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads
1415 from running, causing the watchdog work fail !! 1077 from running. The mechanism depends on the CPUs ability to respond to timer
1416 on the CPUs ability to respond to timer inter !! 1078 interrupts which are needed for the 'watchdog/N' threads to be woken up by
1417 watchdog work to be queued by the watchdog ti !! 1079 the watchdog timer function, otherwise the NMI watchdog — if enabled — can
1418 watchdog — if enabled — can detect a hard !! 1080 detect a hard lockup condition.
1419 <<
1420 <<
1421 split_lock_mitigate (x86 only) <<
1422 ============================== <<
1423 <<
1424 On x86, each "split lock" imposes a system-wi <<
1425 systems, large numbers of split locks from un <<
1426 denials of service to well-behaved and potent <<
1427 <<
1428 The kernel mitigates these bad users by detec <<
1429 penalties: forcing them to wait and only allo <<
1430 locks at a time. <<
1431 <<
1432 These mitigations can make those bad applicat <<
1433 split_lock_mitigate=0 may restore some applic <<
1434 increase system exposure to denial of service <<
1435 <<
1436 = =========================================== <<
1437 0 Disable the mitigation mode - just warns th <<
1438 and exposes the system to denials of servic <<
1439 1 Enable the mitigation mode (this is the def <<
1440 lockers with intentional performance degrad <<
1441 = =========================================== <<
1442 1081
1443 1082
1444 stack_erasing 1083 stack_erasing
1445 ============= 1084 =============
1446 1085
1447 This parameter can be used to control kernel 1086 This parameter can be used to control kernel stack erasing at the end
1448 of syscalls for kernels built with ``CONFIG_G 1087 of syscalls for kernels built with ``CONFIG_GCC_PLUGIN_STACKLEAK``.
1449 1088
1450 That erasing reduces the information which ke 1089 That erasing reduces the information which kernel stack leak bugs
1451 can reveal and blocks some uninitialized stac 1090 can reveal and blocks some uninitialized stack variable attacks.
1452 The tradeoff is the performance impact: on a 1091 The tradeoff is the performance impact: on a single CPU system kernel
1453 compilation sees a 1% slowdown, other systems 1092 compilation sees a 1% slowdown, other systems and workloads may vary.
1454 1093
1455 = =========================================== 1094 = ====================================================================
1456 0 Kernel stack erasing is disabled, STACKLEAK 1095 0 Kernel stack erasing is disabled, STACKLEAK_METRICS are not updated.
1457 1 Kernel stack erasing is enabled (default), 1096 1 Kernel stack erasing is enabled (default), it is performed before
1458 returning to the userspace at the end of sy 1097 returning to the userspace at the end of syscalls.
1459 = =========================================== 1098 = ====================================================================
1460 1099
1461 1100
1462 stop-a (SPARC only) 1101 stop-a (SPARC only)
1463 =================== 1102 ===================
1464 1103
1465 Controls Stop-A: 1104 Controls Stop-A:
1466 1105
1467 = ==================================== 1106 = ====================================
1468 0 Stop-A has no effect. 1107 0 Stop-A has no effect.
1469 1 Stop-A breaks to the PROM (default). 1108 1 Stop-A breaks to the PROM (default).
1470 = ==================================== 1109 = ====================================
1471 1110
1472 Stop-A is always enabled on a panic, so that 1111 Stop-A is always enabled on a panic, so that the user can return to
1473 the boot PROM. 1112 the boot PROM.
1474 1113
1475 1114
1476 sysrq 1115 sysrq
1477 ===== 1116 =====
1478 1117
1479 See Documentation/admin-guide/sysrq.rst. !! 1118 See :doc:`/admin-guide/sysrq`.
1480 1119
1481 1120
1482 tainted 1121 tainted
1483 ======= 1122 =======
1484 1123
1485 Non-zero if the kernel has been tainted. Nume 1124 Non-zero if the kernel has been tainted. Numeric values, which can be
1486 ORed together. The letters are seen in "Taint 1125 ORed together. The letters are seen in "Tainted" line of Oops reports.
1487 1126
1488 ====== ===== ============================== 1127 ====== ===== ==============================================================
1489 1 `(P)` proprietary module was loaded 1128 1 `(P)` proprietary module was loaded
1490 2 `(F)` module was force loaded 1129 2 `(F)` module was force loaded
1491 4 `(S)` kernel running on an out of sp !! 1130 4 `(S)` SMP kernel oops on an officially SMP incapable processor
1492 8 `(R)` module was force unloaded 1131 8 `(R)` module was force unloaded
1493 16 `(M)` processor reported a Machine C 1132 16 `(M)` processor reported a Machine Check Exception (MCE)
1494 32 `(B)` bad page referenced or some un 1133 32 `(B)` bad page referenced or some unexpected page flags
1495 64 `(U)` taint requested by userspace a 1134 64 `(U)` taint requested by userspace application
1496 128 `(D)` kernel died recently, i.e. the 1135 128 `(D)` kernel died recently, i.e. there was an OOPS or BUG
1497 256 `(A)` an ACPI table was overridden b 1136 256 `(A)` an ACPI table was overridden by user
1498 512 `(W)` kernel issued warning 1137 512 `(W)` kernel issued warning
1499 1024 `(C)` staging driver was loaded 1138 1024 `(C)` staging driver was loaded
1500 2048 `(I)` workaround for bug in platform 1139 2048 `(I)` workaround for bug in platform firmware applied
1501 4096 `(O)` externally-built ("out-of-tree 1140 4096 `(O)` externally-built ("out-of-tree") module was loaded
1502 8192 `(E)` unsigned module was loaded 1141 8192 `(E)` unsigned module was loaded
1503 16384 `(L)` soft lockup occurred 1142 16384 `(L)` soft lockup occurred
1504 32768 `(K)` kernel has been live patched 1143 32768 `(K)` kernel has been live patched
1505 65536 `(X)` Auxiliary taint, defined and u 1144 65536 `(X)` Auxiliary taint, defined and used by for distros
1506 131072 `(T)` The kernel was built with the 1145 131072 `(T)` The kernel was built with the struct randomization plugin
1507 ====== ===== ============================== 1146 ====== ===== ==============================================================
1508 1147
1509 See Documentation/admin-guide/tainted-kernels !! 1148 See :doc:`/admin-guide/tainted-kernels` for more information.
1510 1149
1511 Note: <<
1512 writes to this sysctl interface will fail w <<
1513 booted with the command line option ``panic <<
1514 and any of the ORed together values being w <<
1515 the bitmask declared on panic_on_taint. <<
1516 See Documentation/admin-guide/kernel-parame <<
1517 that particular kernel command line option <<
1518 ``nousertaint`` switch. <<
1519 1150
1520 threads-max 1151 threads-max
1521 =========== 1152 ===========
1522 1153
1523 This value controls the maximum number of thr 1154 This value controls the maximum number of threads that can be created
1524 using ``fork()``. 1155 using ``fork()``.
1525 1156
1526 During initialization the kernel sets this va 1157 During initialization the kernel sets this value such that even if the
1527 maximum number of threads is created, the thr 1158 maximum number of threads is created, the thread structures occupy only
1528 a part (1/8th) of the available RAM pages. 1159 a part (1/8th) of the available RAM pages.
1529 1160
1530 The minimum value that can be written to ``th 1161 The minimum value that can be written to ``threads-max`` is 1.
1531 1162
1532 The maximum value that can be written to ``th 1163 The maximum value that can be written to ``threads-max`` is given by the
1533 constant ``FUTEX_TID_MASK`` (0x3fffffff). 1164 constant ``FUTEX_TID_MASK`` (0x3fffffff).
1534 1165
1535 If a value outside of this range is written t 1166 If a value outside of this range is written to ``threads-max`` an
1536 ``EINVAL`` error occurs. 1167 ``EINVAL`` error occurs.
1537 1168
1538 1169
1539 traceoff_on_warning <<
1540 =================== <<
1541 <<
1542 When set, disables tracing (see Documentation <<
1543 ``WARN()`` is hit. <<
1544 <<
1545 <<
1546 tracepoint_printk <<
1547 ================= <<
1548 <<
1549 When tracepoints are sent to printk() (enable <<
1550 boot parameter), this entry provides runtime <<
1551 <<
1552 echo 0 > /proc/sys/kernel/tracepoint_prin <<
1553 <<
1554 will stop tracepoints from being sent to prin <<
1555 <<
1556 echo 1 > /proc/sys/kernel/tracepoint_prin <<
1557 <<
1558 will send them to printk() again. <<
1559 <<
1560 This only works if the kernel was booted with <<
1561 <<
1562 See Documentation/admin-guide/kernel-paramete <<
1563 Documentation/trace/boottime-trace.rst. <<
1564 <<
1565 <<
1566 unaligned-trap <<
1567 ============== <<
1568 <<
1569 On architectures where unaligned accesses cau <<
1570 feature is supported (``CONFIG_SYSCTL_ARCH_UN <<
1571 ``arc``, ``parisc`` and ``loongarch``), contr <<
1572 are caught and emulated (instead of failing). <<
1573 <<
1574 = =========================================== <<
1575 0 Do not emulate unaligned accesses. <<
1576 1 Emulate unaligned accesses. This is the def <<
1577 = =========================================== <<
1578 <<
1579 See also `ignore-unaligned-usertrap`_. <<
1580 <<
1581 <<
1582 unknown_nmi_panic 1170 unknown_nmi_panic
1583 ================= 1171 =================
1584 1172
1585 The value in this file affects behavior of ha 1173 The value in this file affects behavior of handling NMI. When the
1586 value is non-zero, unknown NMI is trapped and 1174 value is non-zero, unknown NMI is trapped and then panic occurs. At
1587 that time, kernel debugging information is di 1175 that time, kernel debugging information is displayed on console.
1588 1176
1589 NMI switch that most IA32 servers have fires 1177 NMI switch that most IA32 servers have fires unknown NMI up, for
1590 example. If a system hangs up, try pressing 1178 example. If a system hangs up, try pressing the NMI switch.
1591 <<
1592 <<
1593 unprivileged_bpf_disabled <<
1594 ========================= <<
1595 <<
1596 Writing 1 to this entry will disable unprivil <<
1597 once disabled, calling ``bpf()`` without ``CA <<
1598 will return ``-EPERM``. Once set to 1, this c <<
1599 running kernel anymore. <<
1600 <<
1601 Writing 2 to this entry will also disable unp <<
1602 however, an admin can still change this setti <<
1603 writing 0 or 1 to this entry. <<
1604 <<
1605 If ``BPF_UNPRIV_DEFAULT_OFF`` is enabled in t <<
1606 entry will default to 2 instead of 0. <<
1607 <<
1608 = =========================================== <<
1609 0 Unprivileged calls to ``bpf()`` are enabled <<
1610 1 Unprivileged calls to ``bpf()`` are disable <<
1611 2 Unprivileged calls to ``bpf()`` are disable <<
1612 = =========================================== <<
1613 <<
1614 <<
1615 warn_limit <<
1616 ========== <<
1617 <<
1618 Number of kernel warnings after which the ker <<
1619 ``panic_on_warn`` is not set. Setting this to <<
1620 the warning count. Setting this to 1 has the <<
1621 ``panic_on_warn=1``. The default value is 0. <<
1622 1179
1623 1180
1624 watchdog 1181 watchdog
1625 ======== 1182 ========
1626 1183
1627 This parameter can be used to disable or enab 1184 This parameter can be used to disable or enable the soft lockup detector
1628 *and* the NMI watchdog (i.e. the hard lockup 1185 *and* the NMI watchdog (i.e. the hard lockup detector) at the same time.
1629 1186
1630 = ============================== 1187 = ==============================
1631 0 Disable both lockup detectors. 1188 0 Disable both lockup detectors.
1632 1 Enable both lockup detectors. 1189 1 Enable both lockup detectors.
1633 = ============================== 1190 = ==============================
1634 1191
1635 The soft lockup detector and the NMI watchdog 1192 The soft lockup detector and the NMI watchdog can also be disabled or
1636 enabled individually, using the ``soft_watchd 1193 enabled individually, using the ``soft_watchdog`` and ``nmi_watchdog``
1637 parameters. 1194 parameters.
1638 If the ``watchdog`` parameter is read, for ex 1195 If the ``watchdog`` parameter is read, for example by executing::
1639 1196
1640 cat /proc/sys/kernel/watchdog 1197 cat /proc/sys/kernel/watchdog
1641 1198
1642 the output of this command (0 or 1) shows the 1199 the output of this command (0 or 1) shows the logical OR of
1643 ``soft_watchdog`` and ``nmi_watchdog``. 1200 ``soft_watchdog`` and ``nmi_watchdog``.
1644 1201
1645 1202
1646 watchdog_cpumask 1203 watchdog_cpumask
1647 ================ 1204 ================
1648 1205
1649 This value can be used to control on which cp 1206 This value can be used to control on which cpus the watchdog may run.
1650 The default cpumask is all possible cores, bu 1207 The default cpumask is all possible cores, but if ``NO_HZ_FULL`` is
1651 enabled in the kernel config, and cores are s 1208 enabled in the kernel config, and cores are specified with the
1652 ``nohz_full=`` boot argument, those cores are 1209 ``nohz_full=`` boot argument, those cores are excluded by default.
1653 Offline cores can be included in this mask, a 1210 Offline cores can be included in this mask, and if the core is later
1654 brought online, the watchdog will be started 1211 brought online, the watchdog will be started based on the mask value.
1655 1212
1656 Typically this value would only be touched in 1213 Typically this value would only be touched in the ``nohz_full`` case
1657 to re-enable cores that by default were not r 1214 to re-enable cores that by default were not running the watchdog,
1658 if a kernel lockup was suspected on those cor 1215 if a kernel lockup was suspected on those cores.
1659 1216
1660 The argument value is the standard cpulist fo 1217 The argument value is the standard cpulist format for cpumasks,
1661 so for example to enable the watchdog on core 1218 so for example to enable the watchdog on cores 0, 2, 3, and 4 you
1662 might say:: 1219 might say::
1663 1220
1664 echo 0,2-4 > /proc/sys/kernel/watchdog_cpum 1221 echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask
1665 1222
1666 1223
1667 watchdog_thresh 1224 watchdog_thresh
1668 =============== 1225 ===============
1669 1226
1670 This value can be used to control the frequen 1227 This value can be used to control the frequency of hrtimer and NMI
1671 events and the soft and hard lockup threshold 1228 events and the soft and hard lockup thresholds. The default threshold
1672 is 10 seconds. 1229 is 10 seconds.
1673 1230
1674 The softlockup threshold is (``2 * watchdog_t 1231 The softlockup threshold is (``2 * watchdog_thresh``). Setting this
1675 tunable to zero will disable lockup detection 1232 tunable to zero will disable lockup detection altogether.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.