tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / Documentation / sysctl / kernel.txt
at v5.0-rc1 1139 lines 41 kB view raw
1Documentation for /proc/sys/kernel/* kernel version 2.2.10 2 (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> 3 (c) 2009, Shen Feng<shen@cn.fujitsu.com> 4 5For general info and legal blurb, please look in README. 6 7============================================================== 8 9This file contains documentation for the sysctl files in 10/proc/sys/kernel/ and is valid for Linux kernel version 2.2. 11 12The files in this directory can be used to tune and monitor 13miscellaneous and general things in the operation of the Linux 14kernel. Since some of the files _can_ be used to screw up your 15system, it is advisable to read both documentation and source 16before actually making adjustments. 17 18Currently, these files might (depending on your configuration) 19show up in /proc/sys/kernel: 20 21- acct 22- acpi_video_flags 23- auto_msgmni 24- bootloader_type [ X86 only ] 25- bootloader_version [ X86 only ] 26- callhome [ S390 only ] 27- cap_last_cap 28- core_pattern 29- core_pipe_limit 30- core_uses_pid 31- ctrl-alt-del 32- dmesg_restrict 33- domainname 34- hostname 35- hotplug 36- hardlockup_all_cpu_backtrace 37- hardlockup_panic 38- hung_task_panic 39- hung_task_check_count 40- hung_task_timeout_secs 41- hung_task_check_interval_secs 42- hung_task_warnings 43- hyperv_record_panic_msg 44- kexec_load_disabled 45- kptr_restrict 46- l2cr [ PPC only ] 47- modprobe ==> Documentation/debugging-modules.txt 48- modules_disabled 49- msg_next_id [ sysv ipc ] 50- msgmax 51- msgmnb 52- msgmni 53- nmi_watchdog 54- osrelease 55- ostype 56- overflowgid 57- overflowuid 58- panic 59- panic_on_oops 60- panic_on_stackoverflow 61- panic_on_unrecovered_nmi 62- panic_on_warn 63- panic_print 64- panic_on_rcu_stall 65- perf_cpu_time_max_percent 66- perf_event_paranoid 67- perf_event_max_stack 68- perf_event_mlock_kb 69- perf_event_max_contexts_per_stack 70- pid_max 71- powersave-nap [ PPC only ] 72- printk 73- printk_delay 74- printk_ratelimit 75- printk_ratelimit_burst 76- pty ==> Documentation/filesystems/devpts.txt 77- randomize_va_space 78- real-root-dev ==> Documentation/admin-guide/initrd.rst 79- reboot-cmd [ SPARC only ] 80- rtsig-max 81- rtsig-nr 82- seccomp/ ==> Documentation/userspace-api/seccomp_filter.rst 83- sem 84- sem_next_id [ sysv ipc ] 85- sg-big-buff [ generic SCSI device (sg) ] 86- shm_next_id [ sysv ipc ] 87- shm_rmid_forced 88- shmall 89- shmmax [ sysv ipc ] 90- shmmni 91- softlockup_all_cpu_backtrace 92- soft_watchdog 93- stack_erasing 94- stop-a [ SPARC only ] 95- sysrq ==> Documentation/admin-guide/sysrq.rst 96- sysctl_writes_strict 97- tainted 98- threads-max 99- unknown_nmi_panic 100- watchdog 101- watchdog_thresh 102- version 103 104============================================================== 105 106acct: 107 108highwater lowwater frequency 109 110If BSD-style process accounting is enabled these values control 111its behaviour. If free space on filesystem where the log lives 112goes below <lowwater>% accounting suspends. If free space gets 113above <highwater>% accounting resumes. <Frequency> determines 114how often do we check the amount of free space (value is in 115seconds). Default: 1164 2 30 117That is, suspend accounting if there left <= 2% free; resume it 118if we got >=4%; consider information about amount of free space 119valid for 30 seconds. 120 121============================================================== 122 123acpi_video_flags: 124 125flags 126 127See Doc*/kernel/power/video.txt, it allows mode of video boot to be 128set during run time. 129 130============================================================== 131 132auto_msgmni: 133 134This variable has no effect and may be removed in future kernel 135releases. Reading it always returns 0. 136Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni 137upon memory add/remove or upon ipc namespace creation/removal. 138Echoing "1" into this file enabled msgmni automatic recomputing. 139Echoing "0" turned it off. auto_msgmni default value was 1. 140 141 142============================================================== 143 144bootloader_type: 145 146x86 bootloader identification 147 148This gives the bootloader type number as indicated by the bootloader, 149shifted left by 4, and OR'd with the low four bits of the bootloader 150version. The reason for this encoding is that this used to match the 151type_of_loader field in the kernel header; the encoding is kept for 152backwards compatibility. That is, if the full bootloader type number 153is 0x15 and the full version number is 0x234, this file will contain 154the value 340 = 0x154. 155 156See the type_of_loader and ext_loader_type fields in 157Documentation/x86/boot.txt for additional information. 158 159============================================================== 160 161bootloader_version: 162 163x86 bootloader version 164 165The complete bootloader version number. In the example above, this 166file will contain the value 564 = 0x234. 167 168See the type_of_loader and ext_loader_ver fields in 169Documentation/x86/boot.txt for additional information. 170 171============================================================== 172 173callhome: 174 175Controls the kernel's callhome behavior in case of a kernel panic. 176 177The s390 hardware allows an operating system to send a notification 178to a service organization (callhome) in case of an operating system panic. 179 180When the value in this file is 0 (which is the default behavior) 181nothing happens in case of a kernel panic. If this value is set to "1" 182the complete kernel oops message is send to the IBM customer service 183organization in case the mainframe the Linux operating system is running 184on has a service contract with IBM. 185 186============================================================== 187 188cap_last_cap 189 190Highest valid capability of the running kernel. Exports 191CAP_LAST_CAP from the kernel. 192 193============================================================== 194 195core_pattern: 196 197core_pattern is used to specify a core dumpfile pattern name. 198. max length 128 characters; default value is "core" 199. core_pattern is used as a pattern template for the output filename; 200 certain string patterns (beginning with '%') are substituted with 201 their actual values. 202. backward compatibility with core_uses_pid: 203 If core_pattern does not include "%p" (default does not) 204 and core_uses_pid is set, then .PID will be appended to 205 the filename. 206. corename format specifiers: 207 %<NUL> '%' is dropped 208 %% output one '%' 209 %p pid 210 %P global pid (init PID namespace) 211 %i tid 212 %I global tid (init PID namespace) 213 %u uid (in initial user namespace) 214 %g gid (in initial user namespace) 215 %d dump mode, matches PR_SET_DUMPABLE and 216 /proc/sys/fs/suid_dumpable 217 %s signal number 218 %t UNIX time of dump 219 %h hostname 220 %e executable filename (may be shortened) 221 %E executable path 222 %<OTHER> both are dropped 223. If the first character of the pattern is a '|', the kernel will treat 224 the rest of the pattern as a command to run. The core dump will be 225 written to the standard input of that program instead of to a file. 226 227============================================================== 228 229core_pipe_limit: 230 231This sysctl is only applicable when core_pattern is configured to pipe 232core files to a user space helper (when the first character of 233core_pattern is a '|', see above). When collecting cores via a pipe 234to an application, it is occasionally useful for the collecting 235application to gather data about the crashing process from its 236/proc/pid directory. In order to do this safely, the kernel must wait 237for the collecting process to exit, so as not to remove the crashing 238processes proc files prematurely. This in turn creates the 239possibility that a misbehaving userspace collecting process can block 240the reaping of a crashed process simply by never exiting. This sysctl 241defends against that. It defines how many concurrent crashing 242processes may be piped to user space applications in parallel. If 243this value is exceeded, then those crashing processes above that value 244are noted via the kernel log and their cores are skipped. 0 is a 245special value, indicating that unlimited processes may be captured in 246parallel, but that no waiting will take place (i.e. the collecting 247process is not guaranteed access to /proc/<crashing pid>/). This 248value defaults to 0. 249 250============================================================== 251 252core_uses_pid: 253 254The default coredump filename is "core". By setting 255core_uses_pid to 1, the coredump filename becomes core.PID. 256If core_pattern does not include "%p" (default does not) 257and core_uses_pid is set, then .PID will be appended to 258the filename. 259 260============================================================== 261 262ctrl-alt-del: 263 264When the value in this file is 0, ctrl-alt-del is trapped and 265sent to the init(1) program to handle a graceful restart. 266When, however, the value is > 0, Linux's reaction to a Vulcan 267Nerve Pinch (tm) will be an immediate reboot, without even 268syncing its dirty buffers. 269 270Note: when a program (like dosemu) has the keyboard in 'raw' 271mode, the ctrl-alt-del is intercepted by the program before it 272ever reaches the kernel tty layer, and it's up to the program 273to decide what to do with it. 274 275============================================================== 276 277dmesg_restrict: 278 279This toggle indicates whether unprivileged users are prevented 280from using dmesg(8) to view messages from the kernel's log buffer. 281When dmesg_restrict is set to (0) there are no restrictions. When 282dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use 283dmesg(8). 284 285The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the 286default value of dmesg_restrict. 287 288============================================================== 289 290domainname & hostname: 291 292These files can be used to set the NIS/YP domainname and the 293hostname of your box in exactly the same way as the commands 294domainname and hostname, i.e.: 295# echo "darkstar" > /proc/sys/kernel/hostname 296# echo "mydomain" > /proc/sys/kernel/domainname 297has the same effect as 298# hostname "darkstar" 299# domainname "mydomain" 300 301Note, however, that the classic darkstar.frop.org has the 302hostname "darkstar" and DNS (Internet Domain Name Server) 303domainname "frop.org", not to be confused with the NIS (Network 304Information Service) or YP (Yellow Pages) domainname. These two 305domain names are in general different. For a detailed discussion 306see the hostname(1) man page. 307 308============================================================== 309hardlockup_all_cpu_backtrace: 310 311This value controls the hard lockup detector behavior when a hard 312lockup condition is detected as to whether or not to gather further 313debug information. If enabled, arch-specific all-CPU stack dumping 314will be initiated. 315 3160: do nothing. This is the default behavior. 317 3181: on detection capture more debug information. 319============================================================== 320 321hardlockup_panic: 322 323This parameter can be used to control whether the kernel panics 324when a hard lockup is detected. 325 326 0 - don't panic on hard lockup 327 1 - panic on hard lockup 328 329See Documentation/lockup-watchdogs.txt for more information. This can 330also be set using the nmi_watchdog kernel parameter. 331 332============================================================== 333 334hotplug: 335 336Path for the hotplug policy agent. 337Default value is "/sbin/hotplug". 338 339============================================================== 340 341hung_task_panic: 342 343Controls the kernel's behavior when a hung task is detected. 344This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 345 3460: continue operation. This is the default behavior. 347 3481: panic immediately. 349 350============================================================== 351 352hung_task_check_count: 353 354The upper bound on the number of tasks that are checked. 355This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 356 357============================================================== 358 359hung_task_timeout_secs: 360 361When a task in D state did not get scheduled 362for more than this value report a warning. 363This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 364 3650: means infinite timeout - no checking done. 366Possible values to set are in range {0..LONG_MAX/HZ}. 367 368============================================================== 369 370hung_task_check_interval_secs: 371 372Hung task check interval. If hung task checking is enabled 373(see hung_task_timeout_secs), the check is done every 374hung_task_check_interval_secs seconds. 375This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 376 3770 (default): means use hung_task_timeout_secs as checking interval. 378Possible values to set are in range {0..LONG_MAX/HZ}. 379 380============================================================== 381 382hung_task_warnings: 383 384The maximum number of warnings to report. During a check interval 385if a hung task is detected, this value is decreased by 1. 386When this value reaches 0, no more warnings will be reported. 387This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 388 389-1: report an infinite number of warnings. 390 391============================================================== 392 393hyperv_record_panic_msg: 394 395Controls whether the panic kmsg data should be reported to Hyper-V. 396 3970: do not report panic kmsg data. 398 3991: report the panic kmsg data. This is the default behavior. 400 401============================================================== 402 403kexec_load_disabled: 404 405A toggle indicating if the kexec_load syscall has been disabled. This 406value defaults to 0 (false: kexec_load enabled), but can be set to 1 407(true: kexec_load disabled). Once true, kexec can no longer be used, and 408the toggle cannot be set back to false. This allows a kexec image to be 409loaded before disabling the syscall, allowing a system to set up (and 410later use) an image without it being altered. Generally used together 411with the "modules_disabled" sysctl. 412 413============================================================== 414 415kptr_restrict: 416 417This toggle indicates whether restrictions are placed on 418exposing kernel addresses via /proc and other interfaces. 419 420When kptr_restrict is set to 0 (the default) the address is hashed before 421printing. (This is the equivalent to %p.) 422 423When kptr_restrict is set to (1), kernel pointers printed using the %pK 424format specifier will be replaced with 0's unless the user has CAP_SYSLOG 425and effective user and group ids are equal to the real ids. This is 426because %pK checks are done at read() time rather than open() time, so 427if permissions are elevated between the open() and the read() (e.g via 428a setuid binary) then %pK will not leak kernel pointers to unprivileged 429users. Note, this is a temporary solution only. The correct long-term 430solution is to do the permission checks at open() time. Consider removing 431world read permissions from files that use %pK, and using dmesg_restrict 432to protect against uses of %pK in dmesg(8) if leaking kernel pointer 433values to unprivileged users is a concern. 434 435When kptr_restrict is set to (2), kernel pointers printed using 436%pK will be replaced with 0's regardless of privileges. 437 438============================================================== 439 440l2cr: (PPC only) 441 442This flag controls the L2 cache of G3 processor boards. If 4430, the cache is disabled. Enabled if nonzero. 444 445============================================================== 446 447modules_disabled: 448 449A toggle value indicating if modules are allowed to be loaded 450in an otherwise modular kernel. This toggle defaults to off 451(0), but can be set true (1). Once true, modules can be 452neither loaded nor unloaded, and the toggle cannot be set back 453to false. Generally used with the "kexec_load_disabled" toggle. 454 455============================================================== 456 457msg_next_id, sem_next_id, and shm_next_id: 458 459These three toggles allows to specify desired id for next allocated IPC 460object: message, semaphore or shared memory respectively. 461 462By default they are equal to -1, which means generic allocation logic. 463Possible values to set are in range {0..INT_MAX}. 464 465Notes: 4661) kernel doesn't guarantee, that new object will have desired id. So, 467it's up to userspace, how to handle an object with "wrong" id. 4682) Toggle with non-default value will be set back to -1 by kernel after 469successful IPC object allocation. If an IPC object allocation syscall 470fails, it is undefined if the value remains unmodified or is reset to -1. 471 472============================================================== 473 474nmi_watchdog: 475 476This parameter can be used to control the NMI watchdog 477(i.e. the hard lockup detector) on x86 systems. 478 479 0 - disable the hard lockup detector 480 1 - enable the hard lockup detector 481 482The hard lockup detector monitors each CPU for its ability to respond to 483timer interrupts. The mechanism utilizes CPU performance counter registers 484that are programmed to generate Non-Maskable Interrupts (NMIs) periodically 485while a CPU is busy. Hence, the alternative name 'NMI watchdog'. 486 487The NMI watchdog is disabled by default if the kernel is running as a guest 488in a KVM virtual machine. This default can be overridden by adding 489 490 nmi_watchdog=1 491 492to the guest kernel command line (see Documentation/admin-guide/kernel-parameters.rst). 493 494============================================================== 495 496numa_balancing 497 498Enables/disables automatic page fault based NUMA memory 499balancing. Memory is moved automatically to nodes 500that access it often. 501 502Enables/disables automatic NUMA memory balancing. On NUMA machines, there 503is a performance penalty if remote memory is accessed by a CPU. When this 504feature is enabled the kernel samples what task thread is accessing memory 505by periodically unmapping pages and later trapping a page fault. At the 506time of the page fault, it is determined if the data being accessed should 507be migrated to a local memory node. 508 509The unmapping of pages and trapping faults incur additional overhead that 510ideally is offset by improved memory locality but there is no universal 511guarantee. If the target workload is already bound to NUMA nodes then this 512feature should be disabled. Otherwise, if the system overhead from the 513feature is too high then the rate the kernel samples for NUMA hinting 514faults may be controlled by the numa_balancing_scan_period_min_ms, 515numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms, 516numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls. 517 518============================================================== 519 520numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms, 521numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb 522 523Automatic NUMA balancing scans tasks address space and unmaps pages to 524detect if pages are properly placed or if the data should be migrated to a 525memory node local to where the task is running. Every "scan delay" the task 526scans the next "scan size" number of pages in its address space. When the 527end of the address space is reached the scanner restarts from the beginning. 528 529In combination, the "scan delay" and "scan size" determine the scan rate. 530When "scan delay" decreases, the scan rate increases. The scan delay and 531hence the scan rate of every task is adaptive and depends on historical 532behaviour. If pages are properly placed then the scan delay increases, 533otherwise the scan delay decreases. The "scan size" is not adaptive but 534the higher the "scan size", the higher the scan rate. 535 536Higher scan rates incur higher system overhead as page faults must be 537trapped and potentially data must be migrated. However, the higher the scan 538rate, the more quickly a tasks memory is migrated to a local node if the 539workload pattern changes and minimises performance impact due to remote 540memory accesses. These sysctls control the thresholds for scan delays and 541the number of pages scanned. 542 543numa_balancing_scan_period_min_ms is the minimum time in milliseconds to 544scan a tasks virtual memory. It effectively controls the maximum scanning 545rate for each task. 546 547numa_balancing_scan_delay_ms is the starting "scan delay" used for a task 548when it initially forks. 549 550numa_balancing_scan_period_max_ms is the maximum time in milliseconds to 551scan a tasks virtual memory. It effectively controls the minimum scanning 552rate for each task. 553 554numa_balancing_scan_size_mb is how many megabytes worth of pages are 555scanned for a given scan. 556 557============================================================== 558 559osrelease, ostype & version: 560 561# cat osrelease 5622.1.88 563# cat ostype 564Linux 565# cat version 566#5 Wed Feb 25 21:49:24 MET 1998 567 568The files osrelease and ostype should be clear enough. Version 569needs a little more clarification however. The '#5' means that 570this is the fifth kernel built from this source base and the 571date behind it indicates the time the kernel was built. 572The only way to tune these values is to rebuild the kernel :-) 573 574============================================================== 575 576overflowgid & overflowuid: 577 578if your architecture did not always support 32-bit UIDs (i.e. arm, 579i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to 580applications that use the old 16-bit UID/GID system calls, if the 581actual UID or GID would exceed 65535. 582 583These sysctls allow you to change the value of the fixed UID and GID. 584The default is 65534. 585 586============================================================== 587 588panic: 589 590The value in this file represents the number of seconds the kernel 591waits before rebooting on a panic. When you use the software watchdog, 592the recommended setting is 60. 593 594============================================================== 595 596panic_on_io_nmi: 597 598Controls the kernel's behavior when a CPU receives an NMI caused by 599an IO error. 600 6010: try to continue operation (default) 602 6031: panic immediately. The IO error triggered an NMI. This indicates a 604 serious system condition which could result in IO data corruption. 605 Rather than continuing, panicking might be a better choice. Some 606 servers issue this sort of NMI when the dump button is pushed, 607 and you can use this option to take a crash dump. 608 609============================================================== 610 611panic_on_oops: 612 613Controls the kernel's behaviour when an oops or BUG is encountered. 614 6150: try to continue operation 616 6171: panic immediately. If the `panic' sysctl is also non-zero then the 618 machine will be rebooted. 619 620============================================================== 621 622panic_on_stackoverflow: 623 624Controls the kernel's behavior when detecting the overflows of 625kernel, IRQ and exception stacks except a user stack. 626This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled. 627 6280: try to continue operation. 629 6301: panic immediately. 631 632============================================================== 633 634panic_on_unrecovered_nmi: 635 636The default Linux behaviour on an NMI of either memory or unknown is 637to continue operation. For many environments such as scientific 638computing it is preferable that the box is taken out and the error 639dealt with than an uncorrected parity/ECC error get propagated. 640 641A small number of systems do generate NMI's for bizarre random reasons 642such as power management so the default is off. That sysctl works like 643the existing panic controls already in that directory. 644 645============================================================== 646 647panic_on_warn: 648 649Calls panic() in the WARN() path when set to 1. This is useful to avoid 650a kernel rebuild when attempting to kdump at the location of a WARN(). 651 6520: only WARN(), default behaviour. 653 6541: call panic() after printing out WARN() location. 655 656============================================================== 657 658panic_print: 659 660Bitmask for printing system info when panic happens. User can chose 661combination of the following bits: 662 663bit 0: print all tasks info 664bit 1: print system memory info 665bit 2: print timer info 666bit 3: print locks info if CONFIG_LOCKDEP is on 667bit 4: print ftrace buffer 668 669So for example to print tasks and memory info on panic, user can: 670 echo 3 > /proc/sys/kernel/panic_print 671 672============================================================== 673 674panic_on_rcu_stall: 675 676When set to 1, calls panic() after RCU stall detection messages. This 677is useful to define the root cause of RCU stalls using a vmcore. 678 6790: do not panic() when RCU stall takes place, default behavior. 680 6811: panic() after printing RCU stall messages. 682 683============================================================== 684 685perf_cpu_time_max_percent: 686 687Hints to the kernel how much CPU time it should be allowed to 688use to handle perf sampling events. If the perf subsystem 689is informed that its samples are exceeding this limit, it 690will drop its sampling frequency to attempt to reduce its CPU 691usage. 692 693Some perf sampling happens in NMIs. If these samples 694unexpectedly take too long to execute, the NMIs can become 695stacked up next to each other so much that nothing else is 696allowed to execute. 697 6980: disable the mechanism. Do not monitor or correct perf's 699 sampling rate no matter how CPU time it takes. 700 7011-100: attempt to throttle perf's sample rate to this 702 percentage of CPU. Note: the kernel calculates an 703 "expected" length of each sample event. 100 here means 704 100% of that expected length. Even if this is set to 705 100, you may still see sample throttling if this 706 length is exceeded. Set to 0 if you truly do not care 707 how much CPU is consumed. 708 709============================================================== 710 711perf_event_paranoid: 712 713Controls use of the performance events system by unprivileged 714users (without CAP_SYS_ADMIN). The default value is 2. 715 716 -1: Allow use of (almost) all events by all users 717 Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK 718>=0: Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN 719 Disallow raw tracepoint access by users without CAP_SYS_ADMIN 720>=1: Disallow CPU event access by users without CAP_SYS_ADMIN 721>=2: Disallow kernel profiling by users without CAP_SYS_ADMIN 722 723============================================================== 724 725perf_event_max_stack: 726 727Controls maximum number of stack frames to copy for (attr.sample_type & 728PERF_SAMPLE_CALLCHAIN) configured events, for instance, when using 729'perf record -g' or 'perf trace --call-graph fp'. 730 731This can only be done when no events are in use that have callchains 732enabled, otherwise writing to this file will return -EBUSY. 733 734The default value is 127. 735 736============================================================== 737 738perf_event_mlock_kb: 739 740Control size of per-cpu ring buffer not counted agains mlock limit. 741 742The default value is 512 + 1 page 743 744============================================================== 745 746perf_event_max_contexts_per_stack: 747 748Controls maximum number of stack frame context entries for 749(attr.sample_type & PERF_SAMPLE_CALLCHAIN) configured events, for 750instance, when using 'perf record -g' or 'perf trace --call-graph fp'. 751 752This can only be done when no events are in use that have callchains 753enabled, otherwise writing to this file will return -EBUSY. 754 755The default value is 8. 756 757============================================================== 758 759pid_max: 760 761PID allocation wrap value. When the kernel's next PID value 762reaches this value, it wraps back to a minimum PID value. 763PIDs of value pid_max or larger are not allocated. 764 765============================================================== 766 767ns_last_pid: 768 769The last pid allocated in the current (the one task using this sysctl 770lives in) pid namespace. When selecting a pid for a next task on fork 771kernel tries to allocate a number starting from this one. 772 773============================================================== 774 775powersave-nap: (PPC only) 776 777If set, Linux-PPC will use the 'nap' mode of powersaving, 778otherwise the 'doze' mode will be used. 779 780============================================================== 781 782printk: 783 784The four values in printk denote: console_loglevel, 785default_message_loglevel, minimum_console_loglevel and 786default_console_loglevel respectively. 787 788These values influence printk() behavior when printing or 789logging error messages. See 'man 2 syslog' for more info on 790the different loglevels. 791 792- console_loglevel: messages with a higher priority than 793 this will be printed to the console 794- default_message_loglevel: messages without an explicit priority 795 will be printed with this priority 796- minimum_console_loglevel: minimum (highest) value to which 797 console_loglevel can be set 798- default_console_loglevel: default value for console_loglevel 799 800============================================================== 801 802printk_delay: 803 804Delay each printk message in printk_delay milliseconds 805 806Value from 0 - 10000 is allowed. 807 808============================================================== 809 810printk_ratelimit: 811 812Some warning messages are rate limited. printk_ratelimit specifies 813the minimum length of time between these messages (in jiffies), by 814default we allow one every 5 seconds. 815 816A value of 0 will disable rate limiting. 817 818============================================================== 819 820printk_ratelimit_burst: 821 822While long term we enforce one message per printk_ratelimit 823seconds, we do allow a burst of messages to pass through. 824printk_ratelimit_burst specifies the number of messages we can 825send before ratelimiting kicks in. 826 827============================================================== 828 829printk_devkmsg: 830 831Control the logging to /dev/kmsg from userspace: 832 833ratelimit: default, ratelimited 834on: unlimited logging to /dev/kmsg from userspace 835off: logging to /dev/kmsg disabled 836 837The kernel command line parameter printk.devkmsg= overrides this and is 838a one-time setting until next reboot: once set, it cannot be changed by 839this sysctl interface anymore. 840 841============================================================== 842 843randomize_va_space: 844 845This option can be used to select the type of process address 846space randomization that is used in the system, for architectures 847that support this feature. 848 8490 - Turn the process address space randomization off. This is the 850 default for architectures that do not support this feature anyways, 851 and kernels that are booted with the "norandmaps" parameter. 852 8531 - Make the addresses of mmap base, stack and VDSO page randomized. 854 This, among other things, implies that shared libraries will be 855 loaded to random addresses. Also for PIE-linked binaries, the 856 location of code start is randomized. This is the default if the 857 CONFIG_COMPAT_BRK option is enabled. 858 8592 - Additionally enable heap randomization. This is the default if 860 CONFIG_COMPAT_BRK is disabled. 861 862 There are a few legacy applications out there (such as some ancient 863 versions of libc.so.5 from 1996) that assume that brk area starts 864 just after the end of the code+bss. These applications break when 865 start of the brk area is randomized. There are however no known 866 non-legacy applications that would be broken this way, so for most 867 systems it is safe to choose full randomization. 868 869 Systems with ancient and/or broken binaries should be configured 870 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process 871 address space randomization. 872 873============================================================== 874 875reboot-cmd: (Sparc only) 876 877??? This seems to be a way to give an argument to the Sparc 878ROM/Flash boot loader. Maybe to tell it what to do after 879rebooting. ??? 880 881============================================================== 882 883rtsig-max & rtsig-nr: 884 885The file rtsig-max can be used to tune the maximum number 886of POSIX realtime (queued) signals that can be outstanding 887in the system. 888 889rtsig-nr shows the number of RT signals currently queued. 890 891============================================================== 892 893sched_schedstats: 894 895Enables/disables scheduler statistics. Enabling this feature 896incurs a small amount of overhead in the scheduler but is 897useful for debugging and performance tuning. 898 899============================================================== 900 901sg-big-buff: 902 903This file shows the size of the generic SCSI (sg) buffer. 904You can't tune it just yet, but you could change it on 905compile time by editing include/scsi/sg.h and changing 906the value of SG_BIG_BUFF. 907 908There shouldn't be any reason to change this value. If 909you can come up with one, you probably know what you 910are doing anyway :) 911 912============================================================== 913 914shmall: 915 916This parameter sets the total amount of shared memory pages that 917can be used system wide. Hence, SHMALL should always be at least 918ceil(shmmax/PAGE_SIZE). 919 920If you are not sure what the default PAGE_SIZE is on your Linux 921system, you can run the following command: 922 923# getconf PAGE_SIZE 924 925============================================================== 926 927shmmax: 928 929This value can be used to query and set the run time limit 930on the maximum shared memory segment size that can be created. 931Shared memory segments up to 1Gb are now supported in the 932kernel. This value defaults to SHMMAX. 933 934============================================================== 935 936shm_rmid_forced: 937 938Linux lets you set resource limits, including how much memory one 939process can consume, via setrlimit(2). Unfortunately, shared memory 940segments are allowed to exist without association with any process, and 941thus might not be counted against any resource limits. If enabled, 942shared memory segments are automatically destroyed when their attach 943count becomes zero after a detach or a process termination. It will 944also destroy segments that were created, but never attached to, on exit 945from the process. The only use left for IPC_RMID is to immediately 946destroy an unattached segment. Of course, this breaks the way things are 947defined, so some applications might stop working. Note that this 948feature will do you no good unless you also configure your resource 949limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't 950need this. 951 952Note that if you change this from 0 to 1, already created segments 953without users and with a dead originative process will be destroyed. 954 955============================================================== 956 957sysctl_writes_strict: 958 959Control how file position affects the behavior of updating sysctl values 960via the /proc/sys interface: 961 962 -1 - Legacy per-write sysctl value handling, with no printk warnings. 963 Each write syscall must fully contain the sysctl value to be 964 written, and multiple writes on the same sysctl file descriptor 965 will rewrite the sysctl value, regardless of file position. 966 0 - Same behavior as above, but warn about processes that perform writes 967 to a sysctl file descriptor when the file position is not 0. 968 1 - (default) Respect file position when writing sysctl strings. Multiple 969 writes will append to the sysctl value buffer. Anything past the max 970 length of the sysctl value buffer will be ignored. Writes to numeric 971 sysctl entries must always be at file position 0 and the value must 972 be fully contained in the buffer sent in the write syscall. 973 974============================================================== 975 976softlockup_all_cpu_backtrace: 977 978This value controls the soft lockup detector thread's behavior 979when a soft lockup condition is detected as to whether or not 980to gather further debug information. If enabled, each cpu will 981be issued an NMI and instructed to capture stack trace. 982 983This feature is only applicable for architectures which support 984NMI. 985 9860: do nothing. This is the default behavior. 987 9881: on detection capture more debug information. 989 990============================================================== 991 992soft_watchdog 993 994This parameter can be used to control the soft lockup detector. 995 996 0 - disable the soft lockup detector 997 1 - enable the soft lockup detector 998 999The soft lockup detector monitors CPUs for threads that are hogging the CPUs 1000without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads 1001from running. The mechanism depends on the CPUs ability to respond to timer 1002interrupts which are needed for the 'watchdog/N' threads to be woken up by 1003the watchdog timer function, otherwise the NMI watchdog - if enabled - can 1004detect a hard lockup condition. 1005 1006============================================================== 1007 1008stack_erasing 1009 1010This parameter can be used to control kernel stack erasing at the end 1011of syscalls for kernels built with CONFIG_GCC_PLUGIN_STACKLEAK. 1012 1013That erasing reduces the information which kernel stack leak bugs 1014can reveal and blocks some uninitialized stack variable attacks. 1015The tradeoff is the performance impact: on a single CPU system kernel 1016compilation sees a 1% slowdown, other systems and workloads may vary. 1017 1018 0: kernel stack erasing is disabled, STACKLEAK_METRICS are not updated. 1019 1020 1: kernel stack erasing is enabled (default), it is performed before 1021 returning to the userspace at the end of syscalls. 1022 1023============================================================== 1024 1025tainted: 1026 1027Non-zero if the kernel has been tainted. Numeric values, which can be 1028ORed together. The letters are seen in "Tainted" line of Oops reports. 1029 1030 1 (P): A module with a non-GPL license has been loaded, this 1031 includes modules with no license. 1032 Set by modutils >= 2.4.9 and module-init-tools. 1033 2 (F): A module was force loaded by insmod -f. 1034 Set by modutils >= 2.4.9 and module-init-tools. 1035 4 (S): Unsafe SMP processors: SMP with CPUs not designed for SMP. 1036 8 (R): A module was forcibly unloaded from the system by rmmod -f. 1037 16 (M): A hardware machine check error occurred on the system. 1038 32 (B): A bad page was discovered on the system. 1039 64 (U): The user has asked that the system be marked "tainted". This 1040 could be because they are running software that directly modifies 1041 the hardware, or for other reasons. 1042 128 (D): The system has died. 1043 256 (A): The ACPI DSDT has been overridden with one supplied by the user 1044 instead of using the one provided by the hardware. 1045 512 (W): A kernel warning has occurred. 1046 1024 (C): A module from drivers/staging was loaded. 1047 2048 (I): The system is working around a severe firmware bug. 1048 4096 (O): An out-of-tree module has been loaded. 1049 8192 (E): An unsigned module has been loaded in a kernel supporting module 1050 signature. 1051 16384 (L): A soft lockup has previously occurred on the system. 1052 32768 (K): The kernel has been live patched. 1053 65536 (X): Auxiliary taint, defined and used by for distros. 1054131072 (T): The kernel was built with the struct randomization plugin. 1055 1056============================================================== 1057 1058threads-max 1059 1060This value controls the maximum number of threads that can be created 1061using fork(). 1062 1063During initialization the kernel sets this value such that even if the 1064maximum number of threads is created, the thread structures occupy only 1065a part (1/8th) of the available RAM pages. 1066 1067The minimum value that can be written to threads-max is 20. 1068The maximum value that can be written to threads-max is given by the 1069constant FUTEX_TID_MASK (0x3fffffff). 1070If a value outside of this range is written to threads-max an error 1071EINVAL occurs. 1072 1073The value written is checked against the available RAM pages. If the 1074thread structures would occupy too much (more than 1/8th) of the 1075available RAM pages threads-max is reduced accordingly. 1076 1077============================================================== 1078 1079unknown_nmi_panic: 1080 1081The value in this file affects behavior of handling NMI. When the 1082value is non-zero, unknown NMI is trapped and then panic occurs. At 1083that time, kernel debugging information is displayed on console. 1084 1085NMI switch that most IA32 servers have fires unknown NMI up, for 1086example. If a system hangs up, try pressing the NMI switch. 1087 1088============================================================== 1089 1090watchdog: 1091 1092This parameter can be used to disable or enable the soft lockup detector 1093_and_ the NMI watchdog (i.e. the hard lockup detector) at the same time. 1094 1095 0 - disable both lockup detectors 1096 1 - enable both lockup detectors 1097 1098The soft lockup detector and the NMI watchdog can also be disabled or 1099enabled individually, using the soft_watchdog and nmi_watchdog parameters. 1100If the watchdog parameter is read, for example by executing 1101 1102 cat /proc/sys/kernel/watchdog 1103 1104the output of this command (0 or 1) shows the logical OR of soft_watchdog 1105and nmi_watchdog. 1106 1107============================================================== 1108 1109watchdog_cpumask: 1110 1111This value can be used to control on which cpus the watchdog may run. 1112The default cpumask is all possible cores, but if NO_HZ_FULL is 1113enabled in the kernel config, and cores are specified with the 1114nohz_full= boot argument, those cores are excluded by default. 1115Offline cores can be included in this mask, and if the core is later 1116brought online, the watchdog will be started based on the mask value. 1117 1118Typically this value would only be touched in the nohz_full case 1119to re-enable cores that by default were not running the watchdog, 1120if a kernel lockup was suspected on those cores. 1121 1122The argument value is the standard cpulist format for cpumasks, 1123so for example to enable the watchdog on cores 0, 2, 3, and 4 you 1124might say: 1125 1126 echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask 1127 1128============================================================== 1129 1130watchdog_thresh: 1131 1132This value can be used to control the frequency of hrtimer and NMI 1133events and the soft and hard lockup thresholds. The default threshold 1134is 10 seconds. 1135 1136The softlockup threshold is (2 * watchdog_thresh). Setting this 1137tunable to zero will disable lockup detection altogether. 1138 1139==============================================================