tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / Documentation / sysctl / kernel.txt
at v4.20-rc7 1122 lines 41 kB view raw
1Documentation for /proc/sys/kernel/* kernel version 2.2.10 2 (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> 3 (c) 2009, Shen Feng<shen@cn.fujitsu.com> 4 5For general info and legal blurb, please look in README. 6 7============================================================== 8 9This file contains documentation for the sysctl files in 10/proc/sys/kernel/ and is valid for Linux kernel version 2.2. 11 12The files in this directory can be used to tune and monitor 13miscellaneous and general things in the operation of the Linux 14kernel. Since some of the files _can_ be used to screw up your 15system, it is advisable to read both documentation and source 16before actually making adjustments. 17 18Currently, these files might (depending on your configuration) 19show up in /proc/sys/kernel: 20 21- acct 22- acpi_video_flags 23- auto_msgmni 24- bootloader_type [ X86 only ] 25- bootloader_version [ X86 only ] 26- callhome [ S390 only ] 27- cap_last_cap 28- core_pattern 29- core_pipe_limit 30- core_uses_pid 31- ctrl-alt-del 32- dmesg_restrict 33- domainname 34- hostname 35- hotplug 36- hardlockup_all_cpu_backtrace 37- hardlockup_panic 38- hung_task_panic 39- hung_task_check_count 40- hung_task_timeout_secs 41- hung_task_check_interval_secs 42- hung_task_warnings 43- hyperv_record_panic_msg 44- kexec_load_disabled 45- kptr_restrict 46- l2cr [ PPC only ] 47- modprobe ==> Documentation/debugging-modules.txt 48- modules_disabled 49- msg_next_id [ sysv ipc ] 50- msgmax 51- msgmnb 52- msgmni 53- nmi_watchdog 54- osrelease 55- ostype 56- overflowgid 57- overflowuid 58- panic 59- panic_on_oops 60- panic_on_stackoverflow 61- panic_on_unrecovered_nmi 62- panic_on_warn 63- panic_on_rcu_stall 64- perf_cpu_time_max_percent 65- perf_event_paranoid 66- perf_event_max_stack 67- perf_event_mlock_kb 68- perf_event_max_contexts_per_stack 69- pid_max 70- powersave-nap [ PPC only ] 71- printk 72- printk_delay 73- printk_ratelimit 74- printk_ratelimit_burst 75- pty ==> Documentation/filesystems/devpts.txt 76- randomize_va_space 77- real-root-dev ==> Documentation/admin-guide/initrd.rst 78- reboot-cmd [ SPARC only ] 79- rtsig-max 80- rtsig-nr 81- seccomp/ ==> Documentation/userspace-api/seccomp_filter.rst 82- sem 83- sem_next_id [ sysv ipc ] 84- sg-big-buff [ generic SCSI device (sg) ] 85- shm_next_id [ sysv ipc ] 86- shm_rmid_forced 87- shmall 88- shmmax [ sysv ipc ] 89- shmmni 90- softlockup_all_cpu_backtrace 91- soft_watchdog 92- stack_erasing 93- stop-a [ SPARC only ] 94- sysrq ==> Documentation/admin-guide/sysrq.rst 95- sysctl_writes_strict 96- tainted 97- threads-max 98- unknown_nmi_panic 99- watchdog 100- watchdog_thresh 101- version 102 103============================================================== 104 105acct: 106 107highwater lowwater frequency 108 109If BSD-style process accounting is enabled these values control 110its behaviour. If free space on filesystem where the log lives 111goes below <lowwater>% accounting suspends. If free space gets 112above <highwater>% accounting resumes. <Frequency> determines 113how often do we check the amount of free space (value is in 114seconds). Default: 1154 2 30 116That is, suspend accounting if there left <= 2% free; resume it 117if we got >=4%; consider information about amount of free space 118valid for 30 seconds. 119 120============================================================== 121 122acpi_video_flags: 123 124flags 125 126See Doc*/kernel/power/video.txt, it allows mode of video boot to be 127set during run time. 128 129============================================================== 130 131auto_msgmni: 132 133This variable has no effect and may be removed in future kernel 134releases. Reading it always returns 0. 135Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni 136upon memory add/remove or upon ipc namespace creation/removal. 137Echoing "1" into this file enabled msgmni automatic recomputing. 138Echoing "0" turned it off. auto_msgmni default value was 1. 139 140 141============================================================== 142 143bootloader_type: 144 145x86 bootloader identification 146 147This gives the bootloader type number as indicated by the bootloader, 148shifted left by 4, and OR'd with the low four bits of the bootloader 149version. The reason for this encoding is that this used to match the 150type_of_loader field in the kernel header; the encoding is kept for 151backwards compatibility. That is, if the full bootloader type number 152is 0x15 and the full version number is 0x234, this file will contain 153the value 340 = 0x154. 154 155See the type_of_loader and ext_loader_type fields in 156Documentation/x86/boot.txt for additional information. 157 158============================================================== 159 160bootloader_version: 161 162x86 bootloader version 163 164The complete bootloader version number. In the example above, this 165file will contain the value 564 = 0x234. 166 167See the type_of_loader and ext_loader_ver fields in 168Documentation/x86/boot.txt for additional information. 169 170============================================================== 171 172callhome: 173 174Controls the kernel's callhome behavior in case of a kernel panic. 175 176The s390 hardware allows an operating system to send a notification 177to a service organization (callhome) in case of an operating system panic. 178 179When the value in this file is 0 (which is the default behavior) 180nothing happens in case of a kernel panic. If this value is set to "1" 181the complete kernel oops message is send to the IBM customer service 182organization in case the mainframe the Linux operating system is running 183on has a service contract with IBM. 184 185============================================================== 186 187cap_last_cap 188 189Highest valid capability of the running kernel. Exports 190CAP_LAST_CAP from the kernel. 191 192============================================================== 193 194core_pattern: 195 196core_pattern is used to specify a core dumpfile pattern name. 197. max length 128 characters; default value is "core" 198. core_pattern is used as a pattern template for the output filename; 199 certain string patterns (beginning with '%') are substituted with 200 their actual values. 201. backward compatibility with core_uses_pid: 202 If core_pattern does not include "%p" (default does not) 203 and core_uses_pid is set, then .PID will be appended to 204 the filename. 205. corename format specifiers: 206 %<NUL> '%' is dropped 207 %% output one '%' 208 %p pid 209 %P global pid (init PID namespace) 210 %i tid 211 %I global tid (init PID namespace) 212 %u uid (in initial user namespace) 213 %g gid (in initial user namespace) 214 %d dump mode, matches PR_SET_DUMPABLE and 215 /proc/sys/fs/suid_dumpable 216 %s signal number 217 %t UNIX time of dump 218 %h hostname 219 %e executable filename (may be shortened) 220 %E executable path 221 %<OTHER> both are dropped 222. If the first character of the pattern is a '|', the kernel will treat 223 the rest of the pattern as a command to run. The core dump will be 224 written to the standard input of that program instead of to a file. 225 226============================================================== 227 228core_pipe_limit: 229 230This sysctl is only applicable when core_pattern is configured to pipe 231core files to a user space helper (when the first character of 232core_pattern is a '|', see above). When collecting cores via a pipe 233to an application, it is occasionally useful for the collecting 234application to gather data about the crashing process from its 235/proc/pid directory. In order to do this safely, the kernel must wait 236for the collecting process to exit, so as not to remove the crashing 237processes proc files prematurely. This in turn creates the 238possibility that a misbehaving userspace collecting process can block 239the reaping of a crashed process simply by never exiting. This sysctl 240defends against that. It defines how many concurrent crashing 241processes may be piped to user space applications in parallel. If 242this value is exceeded, then those crashing processes above that value 243are noted via the kernel log and their cores are skipped. 0 is a 244special value, indicating that unlimited processes may be captured in 245parallel, but that no waiting will take place (i.e. the collecting 246process is not guaranteed access to /proc/<crashing pid>/). This 247value defaults to 0. 248 249============================================================== 250 251core_uses_pid: 252 253The default coredump filename is "core". By setting 254core_uses_pid to 1, the coredump filename becomes core.PID. 255If core_pattern does not include "%p" (default does not) 256and core_uses_pid is set, then .PID will be appended to 257the filename. 258 259============================================================== 260 261ctrl-alt-del: 262 263When the value in this file is 0, ctrl-alt-del is trapped and 264sent to the init(1) program to handle a graceful restart. 265When, however, the value is > 0, Linux's reaction to a Vulcan 266Nerve Pinch (tm) will be an immediate reboot, without even 267syncing its dirty buffers. 268 269Note: when a program (like dosemu) has the keyboard in 'raw' 270mode, the ctrl-alt-del is intercepted by the program before it 271ever reaches the kernel tty layer, and it's up to the program 272to decide what to do with it. 273 274============================================================== 275 276dmesg_restrict: 277 278This toggle indicates whether unprivileged users are prevented 279from using dmesg(8) to view messages from the kernel's log buffer. 280When dmesg_restrict is set to (0) there are no restrictions. When 281dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use 282dmesg(8). 283 284The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the 285default value of dmesg_restrict. 286 287============================================================== 288 289domainname & hostname: 290 291These files can be used to set the NIS/YP domainname and the 292hostname of your box in exactly the same way as the commands 293domainname and hostname, i.e.: 294# echo "darkstar" > /proc/sys/kernel/hostname 295# echo "mydomain" > /proc/sys/kernel/domainname 296has the same effect as 297# hostname "darkstar" 298# domainname "mydomain" 299 300Note, however, that the classic darkstar.frop.org has the 301hostname "darkstar" and DNS (Internet Domain Name Server) 302domainname "frop.org", not to be confused with the NIS (Network 303Information Service) or YP (Yellow Pages) domainname. These two 304domain names are in general different. For a detailed discussion 305see the hostname(1) man page. 306 307============================================================== 308hardlockup_all_cpu_backtrace: 309 310This value controls the hard lockup detector behavior when a hard 311lockup condition is detected as to whether or not to gather further 312debug information. If enabled, arch-specific all-CPU stack dumping 313will be initiated. 314 3150: do nothing. This is the default behavior. 316 3171: on detection capture more debug information. 318============================================================== 319 320hardlockup_panic: 321 322This parameter can be used to control whether the kernel panics 323when a hard lockup is detected. 324 325 0 - don't panic on hard lockup 326 1 - panic on hard lockup 327 328See Documentation/lockup-watchdogs.txt for more information. This can 329also be set using the nmi_watchdog kernel parameter. 330 331============================================================== 332 333hotplug: 334 335Path for the hotplug policy agent. 336Default value is "/sbin/hotplug". 337 338============================================================== 339 340hung_task_panic: 341 342Controls the kernel's behavior when a hung task is detected. 343This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 344 3450: continue operation. This is the default behavior. 346 3471: panic immediately. 348 349============================================================== 350 351hung_task_check_count: 352 353The upper bound on the number of tasks that are checked. 354This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 355 356============================================================== 357 358hung_task_timeout_secs: 359 360When a task in D state did not get scheduled 361for more than this value report a warning. 362This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 363 3640: means infinite timeout - no checking done. 365Possible values to set are in range {0..LONG_MAX/HZ}. 366 367============================================================== 368 369hung_task_check_interval_secs: 370 371Hung task check interval. If hung task checking is enabled 372(see hung_task_timeout_secs), the check is done every 373hung_task_check_interval_secs seconds. 374This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 375 3760 (default): means use hung_task_timeout_secs as checking interval. 377Possible values to set are in range {0..LONG_MAX/HZ}. 378 379============================================================== 380 381hung_task_warnings: 382 383The maximum number of warnings to report. During a check interval 384if a hung task is detected, this value is decreased by 1. 385When this value reaches 0, no more warnings will be reported. 386This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 387 388-1: report an infinite number of warnings. 389 390============================================================== 391 392hyperv_record_panic_msg: 393 394Controls whether the panic kmsg data should be reported to Hyper-V. 395 3960: do not report panic kmsg data. 397 3981: report the panic kmsg data. This is the default behavior. 399 400============================================================== 401 402kexec_load_disabled: 403 404A toggle indicating if the kexec_load syscall has been disabled. This 405value defaults to 0 (false: kexec_load enabled), but can be set to 1 406(true: kexec_load disabled). Once true, kexec can no longer be used, and 407the toggle cannot be set back to false. This allows a kexec image to be 408loaded before disabling the syscall, allowing a system to set up (and 409later use) an image without it being altered. Generally used together 410with the "modules_disabled" sysctl. 411 412============================================================== 413 414kptr_restrict: 415 416This toggle indicates whether restrictions are placed on 417exposing kernel addresses via /proc and other interfaces. 418 419When kptr_restrict is set to 0 (the default) the address is hashed before 420printing. (This is the equivalent to %p.) 421 422When kptr_restrict is set to (1), kernel pointers printed using the %pK 423format specifier will be replaced with 0's unless the user has CAP_SYSLOG 424and effective user and group ids are equal to the real ids. This is 425because %pK checks are done at read() time rather than open() time, so 426if permissions are elevated between the open() and the read() (e.g via 427a setuid binary) then %pK will not leak kernel pointers to unprivileged 428users. Note, this is a temporary solution only. The correct long-term 429solution is to do the permission checks at open() time. Consider removing 430world read permissions from files that use %pK, and using dmesg_restrict 431to protect against uses of %pK in dmesg(8) if leaking kernel pointer 432values to unprivileged users is a concern. 433 434When kptr_restrict is set to (2), kernel pointers printed using 435%pK will be replaced with 0's regardless of privileges. 436 437============================================================== 438 439l2cr: (PPC only) 440 441This flag controls the L2 cache of G3 processor boards. If 4420, the cache is disabled. Enabled if nonzero. 443 444============================================================== 445 446modules_disabled: 447 448A toggle value indicating if modules are allowed to be loaded 449in an otherwise modular kernel. This toggle defaults to off 450(0), but can be set true (1). Once true, modules can be 451neither loaded nor unloaded, and the toggle cannot be set back 452to false. Generally used with the "kexec_load_disabled" toggle. 453 454============================================================== 455 456msg_next_id, sem_next_id, and shm_next_id: 457 458These three toggles allows to specify desired id for next allocated IPC 459object: message, semaphore or shared memory respectively. 460 461By default they are equal to -1, which means generic allocation logic. 462Possible values to set are in range {0..INT_MAX}. 463 464Notes: 4651) kernel doesn't guarantee, that new object will have desired id. So, 466it's up to userspace, how to handle an object with "wrong" id. 4672) Toggle with non-default value will be set back to -1 by kernel after 468successful IPC object allocation. If an IPC object allocation syscall 469fails, it is undefined if the value remains unmodified or is reset to -1. 470 471============================================================== 472 473nmi_watchdog: 474 475This parameter can be used to control the NMI watchdog 476(i.e. the hard lockup detector) on x86 systems. 477 478 0 - disable the hard lockup detector 479 1 - enable the hard lockup detector 480 481The hard lockup detector monitors each CPU for its ability to respond to 482timer interrupts. The mechanism utilizes CPU performance counter registers 483that are programmed to generate Non-Maskable Interrupts (NMIs) periodically 484while a CPU is busy. Hence, the alternative name 'NMI watchdog'. 485 486The NMI watchdog is disabled by default if the kernel is running as a guest 487in a KVM virtual machine. This default can be overridden by adding 488 489 nmi_watchdog=1 490 491to the guest kernel command line (see Documentation/admin-guide/kernel-parameters.rst). 492 493============================================================== 494 495numa_balancing 496 497Enables/disables automatic page fault based NUMA memory 498balancing. Memory is moved automatically to nodes 499that access it often. 500 501Enables/disables automatic NUMA memory balancing. On NUMA machines, there 502is a performance penalty if remote memory is accessed by a CPU. When this 503feature is enabled the kernel samples what task thread is accessing memory 504by periodically unmapping pages and later trapping a page fault. At the 505time of the page fault, it is determined if the data being accessed should 506be migrated to a local memory node. 507 508The unmapping of pages and trapping faults incur additional overhead that 509ideally is offset by improved memory locality but there is no universal 510guarantee. If the target workload is already bound to NUMA nodes then this 511feature should be disabled. Otherwise, if the system overhead from the 512feature is too high then the rate the kernel samples for NUMA hinting 513faults may be controlled by the numa_balancing_scan_period_min_ms, 514numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms, 515numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls. 516 517============================================================== 518 519numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms, 520numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb 521 522Automatic NUMA balancing scans tasks address space and unmaps pages to 523detect if pages are properly placed or if the data should be migrated to a 524memory node local to where the task is running. Every "scan delay" the task 525scans the next "scan size" number of pages in its address space. When the 526end of the address space is reached the scanner restarts from the beginning. 527 528In combination, the "scan delay" and "scan size" determine the scan rate. 529When "scan delay" decreases, the scan rate increases. The scan delay and 530hence the scan rate of every task is adaptive and depends on historical 531behaviour. If pages are properly placed then the scan delay increases, 532otherwise the scan delay decreases. The "scan size" is not adaptive but 533the higher the "scan size", the higher the scan rate. 534 535Higher scan rates incur higher system overhead as page faults must be 536trapped and potentially data must be migrated. However, the higher the scan 537rate, the more quickly a tasks memory is migrated to a local node if the 538workload pattern changes and minimises performance impact due to remote 539memory accesses. These sysctls control the thresholds for scan delays and 540the number of pages scanned. 541 542numa_balancing_scan_period_min_ms is the minimum time in milliseconds to 543scan a tasks virtual memory. It effectively controls the maximum scanning 544rate for each task. 545 546numa_balancing_scan_delay_ms is the starting "scan delay" used for a task 547when it initially forks. 548 549numa_balancing_scan_period_max_ms is the maximum time in milliseconds to 550scan a tasks virtual memory. It effectively controls the minimum scanning 551rate for each task. 552 553numa_balancing_scan_size_mb is how many megabytes worth of pages are 554scanned for a given scan. 555 556============================================================== 557 558osrelease, ostype & version: 559 560# cat osrelease 5612.1.88 562# cat ostype 563Linux 564# cat version 565#5 Wed Feb 25 21:49:24 MET 1998 566 567The files osrelease and ostype should be clear enough. Version 568needs a little more clarification however. The '#5' means that 569this is the fifth kernel built from this source base and the 570date behind it indicates the time the kernel was built. 571The only way to tune these values is to rebuild the kernel :-) 572 573============================================================== 574 575overflowgid & overflowuid: 576 577if your architecture did not always support 32-bit UIDs (i.e. arm, 578i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to 579applications that use the old 16-bit UID/GID system calls, if the 580actual UID or GID would exceed 65535. 581 582These sysctls allow you to change the value of the fixed UID and GID. 583The default is 65534. 584 585============================================================== 586 587panic: 588 589The value in this file represents the number of seconds the kernel 590waits before rebooting on a panic. When you use the software watchdog, 591the recommended setting is 60. 592 593============================================================== 594 595panic_on_io_nmi: 596 597Controls the kernel's behavior when a CPU receives an NMI caused by 598an IO error. 599 6000: try to continue operation (default) 601 6021: panic immediately. The IO error triggered an NMI. This indicates a 603 serious system condition which could result in IO data corruption. 604 Rather than continuing, panicking might be a better choice. Some 605 servers issue this sort of NMI when the dump button is pushed, 606 and you can use this option to take a crash dump. 607 608============================================================== 609 610panic_on_oops: 611 612Controls the kernel's behaviour when an oops or BUG is encountered. 613 6140: try to continue operation 615 6161: panic immediately. If the `panic' sysctl is also non-zero then the 617 machine will be rebooted. 618 619============================================================== 620 621panic_on_stackoverflow: 622 623Controls the kernel's behavior when detecting the overflows of 624kernel, IRQ and exception stacks except a user stack. 625This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled. 626 6270: try to continue operation. 628 6291: panic immediately. 630 631============================================================== 632 633panic_on_unrecovered_nmi: 634 635The default Linux behaviour on an NMI of either memory or unknown is 636to continue operation. For many environments such as scientific 637computing it is preferable that the box is taken out and the error 638dealt with than an uncorrected parity/ECC error get propagated. 639 640A small number of systems do generate NMI's for bizarre random reasons 641such as power management so the default is off. That sysctl works like 642the existing panic controls already in that directory. 643 644============================================================== 645 646panic_on_warn: 647 648Calls panic() in the WARN() path when set to 1. This is useful to avoid 649a kernel rebuild when attempting to kdump at the location of a WARN(). 650 6510: only WARN(), default behaviour. 652 6531: call panic() after printing out WARN() location. 654 655============================================================== 656 657panic_on_rcu_stall: 658 659When set to 1, calls panic() after RCU stall detection messages. This 660is useful to define the root cause of RCU stalls using a vmcore. 661 6620: do not panic() when RCU stall takes place, default behavior. 663 6641: panic() after printing RCU stall messages. 665 666============================================================== 667 668perf_cpu_time_max_percent: 669 670Hints to the kernel how much CPU time it should be allowed to 671use to handle perf sampling events. If the perf subsystem 672is informed that its samples are exceeding this limit, it 673will drop its sampling frequency to attempt to reduce its CPU 674usage. 675 676Some perf sampling happens in NMIs. If these samples 677unexpectedly take too long to execute, the NMIs can become 678stacked up next to each other so much that nothing else is 679allowed to execute. 680 6810: disable the mechanism. Do not monitor or correct perf's 682 sampling rate no matter how CPU time it takes. 683 6841-100: attempt to throttle perf's sample rate to this 685 percentage of CPU. Note: the kernel calculates an 686 "expected" length of each sample event. 100 here means 687 100% of that expected length. Even if this is set to 688 100, you may still see sample throttling if this 689 length is exceeded. Set to 0 if you truly do not care 690 how much CPU is consumed. 691 692============================================================== 693 694perf_event_paranoid: 695 696Controls use of the performance events system by unprivileged 697users (without CAP_SYS_ADMIN). The default value is 2. 698 699 -1: Allow use of (almost) all events by all users 700 Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK 701>=0: Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN 702 Disallow raw tracepoint access by users without CAP_SYS_ADMIN 703>=1: Disallow CPU event access by users without CAP_SYS_ADMIN 704>=2: Disallow kernel profiling by users without CAP_SYS_ADMIN 705 706============================================================== 707 708perf_event_max_stack: 709 710Controls maximum number of stack frames to copy for (attr.sample_type & 711PERF_SAMPLE_CALLCHAIN) configured events, for instance, when using 712'perf record -g' or 'perf trace --call-graph fp'. 713 714This can only be done when no events are in use that have callchains 715enabled, otherwise writing to this file will return -EBUSY. 716 717The default value is 127. 718 719============================================================== 720 721perf_event_mlock_kb: 722 723Control size of per-cpu ring buffer not counted agains mlock limit. 724 725The default value is 512 + 1 page 726 727============================================================== 728 729perf_event_max_contexts_per_stack: 730 731Controls maximum number of stack frame context entries for 732(attr.sample_type & PERF_SAMPLE_CALLCHAIN) configured events, for 733instance, when using 'perf record -g' or 'perf trace --call-graph fp'. 734 735This can only be done when no events are in use that have callchains 736enabled, otherwise writing to this file will return -EBUSY. 737 738The default value is 8. 739 740============================================================== 741 742pid_max: 743 744PID allocation wrap value. When the kernel's next PID value 745reaches this value, it wraps back to a minimum PID value. 746PIDs of value pid_max or larger are not allocated. 747 748============================================================== 749 750ns_last_pid: 751 752The last pid allocated in the current (the one task using this sysctl 753lives in) pid namespace. When selecting a pid for a next task on fork 754kernel tries to allocate a number starting from this one. 755 756============================================================== 757 758powersave-nap: (PPC only) 759 760If set, Linux-PPC will use the 'nap' mode of powersaving, 761otherwise the 'doze' mode will be used. 762 763============================================================== 764 765printk: 766 767The four values in printk denote: console_loglevel, 768default_message_loglevel, minimum_console_loglevel and 769default_console_loglevel respectively. 770 771These values influence printk() behavior when printing or 772logging error messages. See 'man 2 syslog' for more info on 773the different loglevels. 774 775- console_loglevel: messages with a higher priority than 776 this will be printed to the console 777- default_message_loglevel: messages without an explicit priority 778 will be printed with this priority 779- minimum_console_loglevel: minimum (highest) value to which 780 console_loglevel can be set 781- default_console_loglevel: default value for console_loglevel 782 783============================================================== 784 785printk_delay: 786 787Delay each printk message in printk_delay milliseconds 788 789Value from 0 - 10000 is allowed. 790 791============================================================== 792 793printk_ratelimit: 794 795Some warning messages are rate limited. printk_ratelimit specifies 796the minimum length of time between these messages (in jiffies), by 797default we allow one every 5 seconds. 798 799A value of 0 will disable rate limiting. 800 801============================================================== 802 803printk_ratelimit_burst: 804 805While long term we enforce one message per printk_ratelimit 806seconds, we do allow a burst of messages to pass through. 807printk_ratelimit_burst specifies the number of messages we can 808send before ratelimiting kicks in. 809 810============================================================== 811 812printk_devkmsg: 813 814Control the logging to /dev/kmsg from userspace: 815 816ratelimit: default, ratelimited 817on: unlimited logging to /dev/kmsg from userspace 818off: logging to /dev/kmsg disabled 819 820The kernel command line parameter printk.devkmsg= overrides this and is 821a one-time setting until next reboot: once set, it cannot be changed by 822this sysctl interface anymore. 823 824============================================================== 825 826randomize_va_space: 827 828This option can be used to select the type of process address 829space randomization that is used in the system, for architectures 830that support this feature. 831 8320 - Turn the process address space randomization off. This is the 833 default for architectures that do not support this feature anyways, 834 and kernels that are booted with the "norandmaps" parameter. 835 8361 - Make the addresses of mmap base, stack and VDSO page randomized. 837 This, among other things, implies that shared libraries will be 838 loaded to random addresses. Also for PIE-linked binaries, the 839 location of code start is randomized. This is the default if the 840 CONFIG_COMPAT_BRK option is enabled. 841 8422 - Additionally enable heap randomization. This is the default if 843 CONFIG_COMPAT_BRK is disabled. 844 845 There are a few legacy applications out there (such as some ancient 846 versions of libc.so.5 from 1996) that assume that brk area starts 847 just after the end of the code+bss. These applications break when 848 start of the brk area is randomized. There are however no known 849 non-legacy applications that would be broken this way, so for most 850 systems it is safe to choose full randomization. 851 852 Systems with ancient and/or broken binaries should be configured 853 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process 854 address space randomization. 855 856============================================================== 857 858reboot-cmd: (Sparc only) 859 860??? This seems to be a way to give an argument to the Sparc 861ROM/Flash boot loader. Maybe to tell it what to do after 862rebooting. ??? 863 864============================================================== 865 866rtsig-max & rtsig-nr: 867 868The file rtsig-max can be used to tune the maximum number 869of POSIX realtime (queued) signals that can be outstanding 870in the system. 871 872rtsig-nr shows the number of RT signals currently queued. 873 874============================================================== 875 876sched_schedstats: 877 878Enables/disables scheduler statistics. Enabling this feature 879incurs a small amount of overhead in the scheduler but is 880useful for debugging and performance tuning. 881 882============================================================== 883 884sg-big-buff: 885 886This file shows the size of the generic SCSI (sg) buffer. 887You can't tune it just yet, but you could change it on 888compile time by editing include/scsi/sg.h and changing 889the value of SG_BIG_BUFF. 890 891There shouldn't be any reason to change this value. If 892you can come up with one, you probably know what you 893are doing anyway :) 894 895============================================================== 896 897shmall: 898 899This parameter sets the total amount of shared memory pages that 900can be used system wide. Hence, SHMALL should always be at least 901ceil(shmmax/PAGE_SIZE). 902 903If you are not sure what the default PAGE_SIZE is on your Linux 904system, you can run the following command: 905 906# getconf PAGE_SIZE 907 908============================================================== 909 910shmmax: 911 912This value can be used to query and set the run time limit 913on the maximum shared memory segment size that can be created. 914Shared memory segments up to 1Gb are now supported in the 915kernel. This value defaults to SHMMAX. 916 917============================================================== 918 919shm_rmid_forced: 920 921Linux lets you set resource limits, including how much memory one 922process can consume, via setrlimit(2). Unfortunately, shared memory 923segments are allowed to exist without association with any process, and 924thus might not be counted against any resource limits. If enabled, 925shared memory segments are automatically destroyed when their attach 926count becomes zero after a detach or a process termination. It will 927also destroy segments that were created, but never attached to, on exit 928from the process. The only use left for IPC_RMID is to immediately 929destroy an unattached segment. Of course, this breaks the way things are 930defined, so some applications might stop working. Note that this 931feature will do you no good unless you also configure your resource 932limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't 933need this. 934 935Note that if you change this from 0 to 1, already created segments 936without users and with a dead originative process will be destroyed. 937 938============================================================== 939 940sysctl_writes_strict: 941 942Control how file position affects the behavior of updating sysctl values 943via the /proc/sys interface: 944 945 -1 - Legacy per-write sysctl value handling, with no printk warnings. 946 Each write syscall must fully contain the sysctl value to be 947 written, and multiple writes on the same sysctl file descriptor 948 will rewrite the sysctl value, regardless of file position. 949 0 - Same behavior as above, but warn about processes that perform writes 950 to a sysctl file descriptor when the file position is not 0. 951 1 - (default) Respect file position when writing sysctl strings. Multiple 952 writes will append to the sysctl value buffer. Anything past the max 953 length of the sysctl value buffer will be ignored. Writes to numeric 954 sysctl entries must always be at file position 0 and the value must 955 be fully contained in the buffer sent in the write syscall. 956 957============================================================== 958 959softlockup_all_cpu_backtrace: 960 961This value controls the soft lockup detector thread's behavior 962when a soft lockup condition is detected as to whether or not 963to gather further debug information. If enabled, each cpu will 964be issued an NMI and instructed to capture stack trace. 965 966This feature is only applicable for architectures which support 967NMI. 968 9690: do nothing. This is the default behavior. 970 9711: on detection capture more debug information. 972 973============================================================== 974 975soft_watchdog 976 977This parameter can be used to control the soft lockup detector. 978 979 0 - disable the soft lockup detector 980 1 - enable the soft lockup detector 981 982The soft lockup detector monitors CPUs for threads that are hogging the CPUs 983without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads 984from running. The mechanism depends on the CPUs ability to respond to timer 985interrupts which are needed for the 'watchdog/N' threads to be woken up by 986the watchdog timer function, otherwise the NMI watchdog - if enabled - can 987detect a hard lockup condition. 988 989============================================================== 990 991stack_erasing 992 993This parameter can be used to control kernel stack erasing at the end 994of syscalls for kernels built with CONFIG_GCC_PLUGIN_STACKLEAK. 995 996That erasing reduces the information which kernel stack leak bugs 997can reveal and blocks some uninitialized stack variable attacks. 998The tradeoff is the performance impact: on a single CPU system kernel 999compilation sees a 1% slowdown, other systems and workloads may vary. 1000 1001 0: kernel stack erasing is disabled, STACKLEAK_METRICS are not updated. 1002 1003 1: kernel stack erasing is enabled (default), it is performed before 1004 returning to the userspace at the end of syscalls. 1005 1006============================================================== 1007 1008tainted: 1009 1010Non-zero if the kernel has been tainted. Numeric values, which can be 1011ORed together. The letters are seen in "Tainted" line of Oops reports. 1012 1013 1 (P): A module with a non-GPL license has been loaded, this 1014 includes modules with no license. 1015 Set by modutils >= 2.4.9 and module-init-tools. 1016 2 (F): A module was force loaded by insmod -f. 1017 Set by modutils >= 2.4.9 and module-init-tools. 1018 4 (S): Unsafe SMP processors: SMP with CPUs not designed for SMP. 1019 8 (R): A module was forcibly unloaded from the system by rmmod -f. 1020 16 (M): A hardware machine check error occurred on the system. 1021 32 (B): A bad page was discovered on the system. 1022 64 (U): The user has asked that the system be marked "tainted". This 1023 could be because they are running software that directly modifies 1024 the hardware, or for other reasons. 1025 128 (D): The system has died. 1026 256 (A): The ACPI DSDT has been overridden with one supplied by the user 1027 instead of using the one provided by the hardware. 1028 512 (W): A kernel warning has occurred. 1029 1024 (C): A module from drivers/staging was loaded. 1030 2048 (I): The system is working around a severe firmware bug. 1031 4096 (O): An out-of-tree module has been loaded. 1032 8192 (E): An unsigned module has been loaded in a kernel supporting module 1033 signature. 1034 16384 (L): A soft lockup has previously occurred on the system. 1035 32768 (K): The kernel has been live patched. 1036 65536 (X): Auxiliary taint, defined and used by for distros. 1037131072 (T): The kernel was built with the struct randomization plugin. 1038 1039============================================================== 1040 1041threads-max 1042 1043This value controls the maximum number of threads that can be created 1044using fork(). 1045 1046During initialization the kernel sets this value such that even if the 1047maximum number of threads is created, the thread structures occupy only 1048a part (1/8th) of the available RAM pages. 1049 1050The minimum value that can be written to threads-max is 20. 1051The maximum value that can be written to threads-max is given by the 1052constant FUTEX_TID_MASK (0x3fffffff). 1053If a value outside of this range is written to threads-max an error 1054EINVAL occurs. 1055 1056The value written is checked against the available RAM pages. If the 1057thread structures would occupy too much (more than 1/8th) of the 1058available RAM pages threads-max is reduced accordingly. 1059 1060============================================================== 1061 1062unknown_nmi_panic: 1063 1064The value in this file affects behavior of handling NMI. When the 1065value is non-zero, unknown NMI is trapped and then panic occurs. At 1066that time, kernel debugging information is displayed on console. 1067 1068NMI switch that most IA32 servers have fires unknown NMI up, for 1069example. If a system hangs up, try pressing the NMI switch. 1070 1071============================================================== 1072 1073watchdog: 1074 1075This parameter can be used to disable or enable the soft lockup detector 1076_and_ the NMI watchdog (i.e. the hard lockup detector) at the same time. 1077 1078 0 - disable both lockup detectors 1079 1 - enable both lockup detectors 1080 1081The soft lockup detector and the NMI watchdog can also be disabled or 1082enabled individually, using the soft_watchdog and nmi_watchdog parameters. 1083If the watchdog parameter is read, for example by executing 1084 1085 cat /proc/sys/kernel/watchdog 1086 1087the output of this command (0 or 1) shows the logical OR of soft_watchdog 1088and nmi_watchdog. 1089 1090============================================================== 1091 1092watchdog_cpumask: 1093 1094This value can be used to control on which cpus the watchdog may run. 1095The default cpumask is all possible cores, but if NO_HZ_FULL is 1096enabled in the kernel config, and cores are specified with the 1097nohz_full= boot argument, those cores are excluded by default. 1098Offline cores can be included in this mask, and if the core is later 1099brought online, the watchdog will be started based on the mask value. 1100 1101Typically this value would only be touched in the nohz_full case 1102to re-enable cores that by default were not running the watchdog, 1103if a kernel lockup was suspected on those cores. 1104 1105The argument value is the standard cpulist format for cpumasks, 1106so for example to enable the watchdog on cores 0, 2, 3, and 4 you 1107might say: 1108 1109 echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask 1110 1111============================================================== 1112 1113watchdog_thresh: 1114 1115This value can be used to control the frequency of hrtimer and NMI 1116events and the soft and hard lockup thresholds. The default threshold 1117is 10 seconds. 1118 1119The softlockup threshold is (2 * watchdog_thresh). Setting this 1120tunable to zero will disable lockup detection altogether. 1121 1122==============================================================