acct¶

highwater lowwater frequency

If BSD-style process accounting is enabled these values controlits behaviour. If free space on filesystem where the log livesgoes belowlowwater% accounting suspends. If free space getsabovehighwater% accounting resumes.frequency determineshow often do we check the amount of free space (value is inseconds). Default:

4 2 30

That is, suspend accounting if free space drops below 2%; resume itif it increases to at least 4%; consider information about amount offree space valid for 30 seconds.

acpi_video_flags¶

SeeVideo issues with S3 resume. This allows the video resume mode to be set,in a similar fashion to theacpi_sleep kernel parameter, bycombining the following values:

arch¶

The machine hardware name, the same output asuname-m(e.g.x86_64 oraarch64).

auto_msgmni¶

This variable has no effect and may be removed in future kernelreleases. Reading it always returns 0.Up to Linux 3.17, it enabled/disabled automatic recomputing ofmsgmniupon memory add/remove or upon IPC namespace creation/removal.Echoing “1” into this file enabled msgmni automatic recomputing.Echoing “0” turned it off. The default value was 1.

bootloader_type (x86 only)¶

This gives the bootloader type number as indicated by the bootloader,shifted left by 4, and OR’d with the low four bits of the bootloaderversion. The reason for this encoding is that this used to match thetype_of_loader field in the kernel header; the encoding is kept forbackwards compatibility. That is, if the full bootloader type numberis 0x15 and the full version number is 0x234, this file will containthe value 340 = 0x154.

See thetype_of_loader andext_loader_type fields inThe Linux/x86 Boot Protocol for additional information.

bootloader_version (x86 only)¶

The complete bootloader version number. In the example above, thisfile will contain the value 564 = 0x234.

See thetype_of_loader andext_loader_ver fields inThe Linux/x86 Boot Protocol for additional information.

bpf_stats_enabled¶

Controls whether the kernel should collect statistics on BPF programs(total time spent running, number of times run...). Enablingstatistics causes a slight reduction in performance on each programrun. The statistics can be seen usingbpftool.

cad_pid¶

This is the pid which will be signalled on reboot (notably, byCtrl-Alt-Delete). Writing a value to this file which doesn’tcorrespond to a running process will result in-ESRCH.

See alsoctrl-alt-del.

cap_last_cap¶

Highest valid capability of the running kernel. ExportsCAP_LAST_CAP from the kernel.

core_pattern¶

core_pattern is used to specify a core dumpfile pattern name.

• max length 127 characters; default value is “core”

• core_pattern is used as a pattern template for the outputfilename; certain string patterns (beginning with ‘%’) aresubstituted with their actual values.

• backward compatibility withcore_uses_pid:

  Ifcore_pattern does not include “%p” (default does not)andcore_uses_pid is set, then .PID will be appended tothe filename.

• corename format specifiers

  %<NUL>	‘%’ is dropped
  %%	output one ‘%’
  %p	pid
  %P	global pid (init PID namespace)
  %i	tid
  %I	global tid (init PID namespace)
  %u	uid (in initial user namespace)
  %g	gid (in initial user namespace)
  %d	dump mode, matchesPR_SET_DUMPABLE and/proc/sys/fs/suid_dumpable
  %s	signal number
  %t	UNIX time of dump
  %h	hostname
  %e	executable filename (may be shortened, could be changed by prctl etc)
  %f	executable filename
  %E	executable path
  %c	maximum size of core file by resource limit RLIMIT_CORE
  %C	CPU the task ran on
  %F	pidfd number
  %<OTHER>	both are dropped

• If the first character of the pattern is a ‘|’, the kernel will treatthe rest of the pattern as a command to run. The core dump will bewritten to the standard input of that program instead of to a file.

core_pipe_limit¶

This sysctl is only applicable whencore_pattern is configured topipe core files to a user space helper (when the first character ofcore_pattern is a ‘|’, see above).When collecting cores via a pipe to an application, it is occasionallyuseful for the collecting application to gather data about thecrashing process from its/proc/pid directory.In order to do this safely, the kernel must wait for the collectingprocess to exit, so as not to remove the crashing processes proc filesprematurely.This in turn creates the possibility that a misbehaving userspacecollecting process can block the reaping of a crashed process simplyby never exiting.This sysctl defends against that.It defines how many concurrent crashing processes may be piped to userspace applications in parallel.If this value is exceeded, then those crashing processes above thatvalue are noted via the kernel log and their cores are skipped.0 is a special value, indicating that unlimited processes may becaptured in parallel, but that no waiting will take place (i.e. thecollecting process is not guaranteed access to/proc/<crashingpid>/).This value defaults to 0.

core_sort_vma¶

The default coredump writes VMAs in address order. By settingcore_sort_vma to 1, VMAs will be written from smallest sizeto largest size. This is known to break at least elfutils, butcan be handy when dealing with very large (and truncated)coredumps where the more useful debugging details are includedin the smaller VMAs.

core_uses_pid¶

The default coredump filename is “core”. By settingcore_uses_pid to 1, the coredump filename becomes core.PID.Ifcore_pattern does not include “%p” (default does not)andcore_uses_pid is set, then .PID will be appended tothe filename.

ctrl-alt-del¶

When the value in this file is 0, ctrl-alt-del is trapped andsent to theinit(1) program to handle a graceful restart.When, however, the value is > 0, Linux’s reaction to a VulcanNerve Pinch (tm) will be an immediate reboot, without evensyncing its dirty buffers.

Note:

when a program (like dosemu) has the keyboard in ‘raw’mode, the ctrl-alt-del is intercepted by the program before itever reaches the kernel tty layer, and it’s up to the programto decide what to do with it.

dmesg_restrict¶

This toggle indicates whether unprivileged users are preventedfrom usingdmesg(8) to view messages from the kernel’s logbuffer.Whendmesg_restrict is set to 0 there are no restrictions.Whendmesg_restrict is set to 1, users must haveCAP_SYSLOG to usedmesg(8).

The kernel config optionCONFIG_SECURITY_DMESG_RESTRICT sets thedefault value ofdmesg_restrict.

domainname & hostname¶

These files can be used to set the NIS/YP domainname and thehostname of your box in exactly the same way as the commandsdomainname and hostname, i.e.:

# echo "darkstar" > /proc/sys/kernel/hostname# echo "mydomain" > /proc/sys/kernel/domainname

has the same effect as:

# hostname "darkstar"# domainname "mydomain"

Note, however, that the classic darkstar.frop.org has thehostname “darkstar” and DNS (Internet Domain Name Server)domainname “frop.org”, not to be confused with the NIS (NetworkInformation Service) or YP (Yellow Pages) domainname. These twodomain names are in general different. For a detailed discussionsee thehostname(1) man page.

firmware_config¶

SeeFallback mechanisms.

The entries in this directory allow the firmware loader helperfallback to be controlled:

• force_sysfs_fallback, when set to 1, forces the use of thefallback;

• ignore_sysfs_fallback, when set to 1, ignores any fallback.

ftrace_dump_on_oops¶

Determines whetherftrace_dump() should be called on an oops (orkernel panic). This will output the contents of the ftrace buffers tothe console. This is very useful for capturing traces that lead tocrashes and outputting them to a serial console.

Multiple instance dump is also supported, and instances are separatedby commas. If global buffer also needs to be dumped, please specifythe dump mode (1/2/orig_cpu) first for global buffer.

So for example to dump “foo” and “bar” instance buffer on all CPUs,user can:

echo "foo,bar" > /proc/sys/kernel/ftrace_dump_on_oops

To dump global buffer and “foo” instance buffer on allCPUs along with the “bar” instance buffer on CPU that triggered theoops, user can:

echo "1,foo,bar=2" > /proc/sys/kernel/ftrace_dump_on_oops

ftrace_enabled, stack_tracer_enabled¶

Seeftrace - Function Tracer.

hardlockup_all_cpu_backtrace¶

This value controls the hard lockup detector behavior when a hardlockup condition is detected as to whether or not to gather furtherdebug information. If enabled, arch-specific all-CPU stack dumpingwill be initiated.

hardlockup_panic¶

This parameter can be used to control whether the kernel panicswhen a hard lockup is detected.

SeeSoftlockup detector and hardlockup detector (aka nmi_watchdog) for more information.This can also be set using the nmi_watchdog kernel parameter.

hotplug¶

Path for the hotplug policy agent.Default value isCONFIG_UEVENT_HELPER_PATH, which in turn defaultsto the empty string.

This file only exists whenCONFIG_UEVENT_HELPER is enabled. Mostmodern systems rely exclusively on the netlink-based uevent source anddon’t need this.

hung_task_all_cpu_backtrace¶

If this option is set, the kernel will send an NMI to all CPUs to dumptheir backtraces when a hung task is detected. This file shows up ifCONFIG_DETECT_HUNG_TASK and CONFIG_SMP are enabled.

0: Won’t show all CPUs backtraces when a hung task is detected.This is the default behavior.

1: Will non-maskably interrupt all CPUs and dump their backtraces whena hung task is detected.

hung_task_panic¶

When set to a non-zero value, a kernel panic will be triggered if thenumber of hung tasks found during a single scan reaches this value.This file shows up ifCONFIG_DETECT_HUNG_TASK is enabled.

hung_task_check_count¶

The upper bound on the number of tasks that are checked.This file shows up ifCONFIG_DETECT_HUNG_TASK is enabled.

hung_task_detect_count¶

Indicates the total number of tasks that have been detected as hung sincethe system boot.

This file shows up ifCONFIG_DETECT_HUNG_TASK is enabled.

hung_task_sys_info¶

A comma separated list of extra system information to be dumped whenhung task is detected, for example, “tasks,mem,timers,locks,...”.Refer ‘panic_sys_info’ section below for more details.

hung_task_timeout_secs¶

When a task in D state did not get scheduledfor more than this value report a warning.This file shows up ifCONFIG_DETECT_HUNG_TASK is enabled.

0 means infinite timeout, no checking is done.

Possible values to set are in range {0:LONG_MAX/HZ}.

hung_task_check_interval_secs¶

Hung task check interval. If hung task checking is enabled(seehung_task_timeout_secs), the check is done everyhung_task_check_interval_secs seconds.This file shows up ifCONFIG_DETECT_HUNG_TASK is enabled.

0 (default) means usehung_task_timeout_secs as checkinginterval.

Possible values to set are in range {0:LONG_MAX/HZ}.

hung_task_warnings¶

The maximum number of warnings to report. During a check intervalif a hung task is detected, this value is decreased by 1.When this value reaches 0, no more warnings will be reported.This file shows up ifCONFIG_DETECT_HUNG_TASK is enabled.

-1: report an infinite number of warnings.

hyperv_record_panic_msg¶

Controls whether the panic kmsg data should be reported to Hyper-V.

ignore-unaligned-usertrap¶

On architectures where unaligned accesses cause traps, and where thisfeature is supported (CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN;currently,arc,parisc andloongarch), controls whether allunaligned traps are logged.

See alsounaligned-trap.

io_uring_disabled¶

Prevents all processes from creating new io_uring instances. Enabling thisshrinks the kernel’s attack surface.

io_uring_group¶

When io_uring_disabled is set to 1, a process must either beprivileged (CAP_SYS_ADMIN) or be in the io_uring_group group in orderto create an io_uring instance. If io_uring_group is set to -1 (thedefault), only processes with the CAP_SYS_ADMIN capability may createio_uring instances.

kernel_sys_info¶

A comma separated list of extra system information to be dumped whensoft/hard lockup is detected, for example, “tasks,mem,timers,locks,...”.Refer ‘panic_sys_info’ section below for more details.

It serves as the default kernel control knob, which will take effectwhen a kernel module callssys_info() with parameter==0.

kexec_load_disabled¶

A toggle indicating if the syscallskexec_load andkexec_file_load have been disabled.This value defaults to 0 (false:kexec_*load enabled), but can beset to 1 (true:kexec_*load disabled).Once true, kexec can no longer be used, and the toggle cannot be setback to false.This allows a kexec image to be loaded before disabling the syscall,allowing a system to set up (and later use) an image without it beingaltered.Generally used together with themodules_disabled sysctl.

kexec_load_limit_panic¶

This parameter specifies a limit to the number of times the syscallskexec_load andkexec_file_load can be called with a crashimage. It can only be set with a more restrictive value than thecurrent one.

kexec_load_limit_reboot¶

Similar functionality askexec_load_limit_panic, but for a normalimage.

kptr_restrict¶

This toggle indicates whether restrictions are placed onexposing kernel addresses via/proc and other interfaces.

Whenkptr_restrict is set to 0 (the default) the address is hashedbefore printing.(This is the equivalent to %p.)

Whenkptr_restrict is set to 1, kernel pointers printed using the%pK format specifier will be replaced with 0s unless the user hasCAP_SYSLOG and effective user and group ids are equal to the realids.This is because %pK checks are done at read() time rather than open()time, so if permissions are elevated between the open() and the read()(e.g via a setuid binary) then %pK will not leak kernel pointers tounprivileged users.Note, this is a temporary solution only.The correct long-term solution is to do the permission checks atopen() time.Consider removing world read permissions from files that use %pK, andusingdmesg_restrict to protect against uses of %pK indmesg(8)if leaking kernel pointer values to unprivileged users is a concern.

Whenkptr_restrict is set to 2, kernel pointers printed using%pK will be replaced with 0s regardless of privileges.

softlockup_sys_info & hardlockup_sys_info¶

A comma separated list of extra system information to be dumped whensoft/hard lockup is detected, for example, “tasks,mem,timers,locks,...”.Refer ‘panic_sys_info’ section below for more details.

modprobe¶

The full path to the usermode helper for autoloading kernel modules,by defaultCONFIG_MODPROBE_PATH, which in turn defaults to“/sbin/modprobe”. This binary is executed when the kernel requests amodule. For example, if userspace passes an unknown filesystem typetomount(), then the kernel will automatically request thecorresponding filesystem module by executing this usermode helper.This usermode helper should insert the needed module into the kernel.

This sysctl only affects module autoloading. It has no effect on theability to explicitly insert modules.

This sysctl can be used to debug module loading requests:

echo '#! /bin/sh' > /tmp/modprobeecho 'echo "$@" >> /tmp/modprobe.log' >> /tmp/modprobeecho 'exec /sbin/modprobe "$@"' >> /tmp/modprobechmod a+x /tmp/modprobeecho /tmp/modprobe > /proc/sys/kernel/modprobe

Alternatively, if this sysctl is set to the empty string, then moduleautoloading is completely disabled. The kernel will not try toexecute a usermode helper at all, nor will it call thekernel_module_request LSM hook.

If CONFIG_STATIC_USERMODEHELPER=y is set in the kernel configuration,then the configured static usermode helper overrides this sysctl,except that the empty string is still accepted to completely disablemodule autoloading as described above.

modules_disabled¶

A toggle value indicating if modules are allowed to be loadedin an otherwise modular kernel. This toggle defaults to off(0), but can be set true (1). Once true, modules can beneither loaded nor unloaded, and the toggle cannot be set backto false. Generally used with thekexec_load_disabled toggle.

msgmax, msgmnb, and msgmni¶

msgmax is the maximum size of an IPC message, in bytes. 8192 bydefault (MSGMAX).

msgmnb is the maximum size of an IPC queue, in bytes. 16384 bydefault (MSGMNB).

msgmni is the maximum number of IPC queues. 32000 by default(MSGMNI).

All of these parameters are set per ipc namespace. The maximum number of bytesin POSIX message queues is limited byRLIMIT_MSGQUEUE. This limit isrespected hierarchically in the each user namespace.

msg_next_id, sem_next_id, and shm_next_id (System V IPC)¶

These three toggles allows to specify desired id for next allocated IPCobject: message, semaphore or shared memory respectively.

By default they are equal to -1, which means generic allocation logic.Possible values to set are in range {0:INT_MAX}.

Notes:

1. kernel doesn’t guarantee, that new object will have desired id. So,it’s up to userspace, how to handle an object with “wrong” id.

2. Toggle with non-default value will be set back to -1 by kernel aftersuccessful IPC object allocation. If an IPC object allocation syscallfails, it is undefined if the value remains unmodified or is reset to -1.

ngroups_max¶

Maximum number of supplementary groups, _i.e._ the maximum size whichsetgroups will accept. ExportsNGROUPS_MAX from the kernel.

nmi_watchdog¶

This parameter can be used to control the NMI watchdog(i.e. the hard lockup detector) on x86 systems.

The hard lockup detector monitors each CPU for its ability to respond totimer interrupts. The mechanism utilizes CPU performance counter registersthat are programmed to generate Non-Maskable Interrupts (NMIs) periodicallywhile a CPU is busy. Hence, the alternative name ‘NMI watchdog’.

The NMI watchdog is disabled by default if the kernel is running as a guestin a KVM virtual machine. This default can be overridden by adding:

nmi_watchdog=1

to the guest kernel command line (seeThe kernel’s command-line parameters).

nmi_wd_lpm_factor (PPC only)¶

Factor to apply to the NMI watchdog timeout (only whennmi_watchdog isset to 1). This factor represents the percentage added towatchdog_thresh when calculating the NMI watchdog timeout during anLPM. The soft lockup timeout is not impacted.

A value of 0 means no change. The default value is 200 meaning the NMIwatchdog is set to 30s (based onwatchdog_thresh equal to 10).

numa_balancing¶

Enables/disables and configures automatic page fault based NUMA memorybalancing. Memory is moved automatically to nodes that access it often.The value to set can be the result of ORing the following:

Or NUMA_BALANCING_NORMAL to optimize page placement among differentNUMA nodes to reduce remote accessing. On NUMA machines, there is aperformance penalty if remote memory is accessed by a CPU. When thisfeature is enabled the kernel samples what task thread is accessingmemory by periodically unmapping pages and later trapping a pagefault. At the time of the page fault, it is determined if the databeing accessed should be migrated to a local memory node.

The unmapping of pages and trapping faults incur additional overhead thatideally is offset by improved memory locality but there is no universalguarantee. If the target workload is already bound to NUMA nodes then thisfeature should be disabled.

Or NUMA_BALANCING_MEMORY_TIERING to optimize page placement amongdifferent types of memory (represented as different NUMA nodes) toplace the hot pages in the fast memory. This is implemented based onunmapping and page fault too.

numa_balancing_promote_rate_limit_MBps¶

Too high promotion/demotion throughput between different memory typesmay hurt application latency. This can be used to rate limit thepromotion throughput. The per-node max promotion throughput in MB/swill be limited to be no more than the set value.

A rule of thumb is to set this to less than 1/10 of the PMEM nodewrite bandwidth.

oops_all_cpu_backtrace¶

If this option is set, the kernel will send an NMI to all CPUs to dumptheir backtraces when an oops event occurs. It should be used as a lastresort in case a panic cannot be triggered (to protect VMs running, forexample) or kdump can’t be collected. This file shows up if CONFIG_SMPis enabled.

0: Won’t show all CPUs backtraces when an oops is detected.This is the default behavior.

1: Will non-maskably interrupt all CPUs and dump their backtraces whenan oops event is detected.

oops_limit¶

Number of kernel oopses after which the kernel should panic whenpanic_on_oops is not set. Setting this to 0 disables checkingthe count. Setting this to 1 has the same effect as settingpanic_on_oops=1. The default value is 10000.

osrelease, ostype & version¶

# cat osrelease2.1.88# cat ostypeLinux# cat version#5 Wed Feb 25 21:49:24 MET 1998

The filesosrelease andostype should be clear enough.versionneeds a little more clarification however. The ‘#5’ means thatthis is the fifth kernel built from this source base and thedate behind it indicates the time the kernel was built.The only way to tune these values is to rebuild the kernel :-)

overflowgid & overflowuid¶

if your architecture did not always support 32-bit UIDs (i.e. arm,i386, m68k, sh, and sparc32), a fixed UID and GID will be returned toapplications that use the old 16-bit UID/GID system calls, if theactual UID or GID would exceed 65535.

These sysctls allow you to change the value of the fixed UID and GID.The default is 65534.

panic¶

The value in this file determines the behaviour of the kernel on apanic:

• if zero, the kernel will loop forever;

• if negative, the kernel will reboot immediately;

• if positive, the kernel will reboot after the corresponding numberof seconds.

When you use the software watchdog, the recommended setting is 60.

panic_on_io_nmi¶

Controls the kernel’s behavior when a CPU receives an NMI caused byan IO error.

panic_on_oops¶

Controls the kernel’s behaviour when an oops or BUG is encountered.

panic_on_stackoverflow¶

Controls the kernel’s behavior when detecting the overflows ofkernel, IRQ and exception stacks except a user stack.This file shows up ifCONFIG_DEBUG_STACKOVERFLOW is enabled.

panic_on_unrecovered_nmi¶

The default Linux behaviour on an NMI of either memory or unknown isto continue operation. For many environments such as scientificcomputing it is preferable that the box is taken out and the errordealt with than an uncorrected parity/ECC error get propagated.

A small number of systems do generate NMIs for bizarre random reasonssuch as power management so the default is off. That sysctl works likethe existing panic controls already in that directory.

panic_on_warn¶

Callspanic() in theWARN() path when set to 1. This is useful to avoida kernel rebuild when attempting to kdump at the location of aWARN().

panic_print¶

Bitmask for printing system info when panic happens. User can chosecombination of the following bits:

So for example to print tasks and memory info on panic, user can:

echo 3 > /proc/sys/kernel/panic_print

panic_sys_info¶

A comma separated list of extra information to be dumped on panic,for example, “tasks,mem,timers,...”. It is a human readable alternativeto ‘panic_print’. Possible values are:

panic_on_rcu_stall¶

When set to 1, callspanic() after RCU stall detection messages. Thisis useful to define the root cause of RCU stalls using a vmcore.

max_rcu_stall_to_panic¶

Whenpanic_on_rcu_stall is set to 1, this value determines thenumber of times that RCU can stall beforepanic() is called.

Whenpanic_on_rcu_stall is set to 0, this value is has no effect.

perf_cpu_time_max_percent¶

Hints to the kernel how much CPU time it should be allowed touse to handle perf sampling events. If the perf subsystemis informed that its samples are exceeding this limit, itwill drop its sampling frequency to attempt to reduce its CPUusage.

Some perf sampling happens in NMIs. If these samplesunexpectedly take too long to execute, the NMIs can becomestacked up next to each other so much that nothing else isallowed to execute.

perf_event_paranoid¶

Controls use of the performance events system by unprivilegedusers (without CAP_PERFMON). The default value is 2.

For backward compatibility reasons access to system performancemonitoring and observability remains open for CAP_SYS_ADMINprivileged processes but CAP_SYS_ADMIN usage for secure systemperformance monitoring and observability operations is discouragedwith respect to CAP_PERFMON use cases.

perf_event_max_stack¶

Controls maximum number of stack frames to copy for (attr.sample_type&PERF_SAMPLE_CALLCHAIN) configured events, for instance, when using‘perfrecord-g’ or ‘perftrace--call-graphfp’.

This can only be done when no events are in use that have callchainsenabled, otherwise writing to this file will return-EBUSY.

The default value is 127.

perf_event_mlock_kb¶

Control size of per-cpu ring buffer not counted against mlock limit.

The default value is 512 + 1 page

perf_event_max_contexts_per_stack¶

Controls maximum number of stack frame context entries for(attr.sample_type&PERF_SAMPLE_CALLCHAIN) configured events, forinstance, when using ‘perfrecord-g’ or ‘perftrace--call-graphfp’.

This can only be done when no events are in use that have callchainsenabled, otherwise writing to this file will return-EBUSY.

The default value is 8.

perf_user_access (arm64 and riscv only)¶

Controls user space access for reading perf event counters.

• for arm64The default value is 0 (access disabled).

  When set to 1, user space can read performance monitor counter registersdirectly.

  SeePerf for more information.

• for riscvWhen set to 0, user space access is disabled.

  The default value is 1, user space can read performance monitor counterregisters through perf, any direct access without perf intervention will triggeran illegal instruction.

  When set to 2, which enables legacy mode (user space has direct access to cycleand insret CSRs only). Note that this legacy value is deprecated and will beremoved once all user space applications are fixed.

  Note that the time CSR is always directly accessible to all modes.

pid_max¶

PID allocation wrap value. When the kernel’s next PID valuereaches this value, it wraps back to a minimum PID value.PIDs of valuepid_max or larger are not allocated.

ns_last_pid¶

The last pid allocated in the current (the one task using this sysctllives in) pid namespace. When selecting a pid for a next task on forkkernel tries to allocate a number starting from this one.

powersave-nap (PPC only)¶

If set, Linux-PPC will use the ‘nap’ mode of powersaving,otherwise the ‘doze’ mode will be used.

printk¶

The four values in printk denote:console_loglevel,default_message_loglevel,minimum_console_loglevel anddefault_console_loglevel respectively.

These values influenceprintk() behavior when printing orlogging error messages. See ‘man2syslog’ for more info onthe different loglevels.

printk_delay¶

Delay each printk message inprintk_delay milliseconds

Value from 0 - 10000 is allowed.

printk_ratelimit¶

Some warning messages are rate limited.printk_ratelimit specifiesthe minimum length of time between these messages (in seconds).The default value is 5 seconds.

A value of 0 will disable rate limiting.

printk_ratelimit_burst¶

While long term we enforce one message perprintk_ratelimitseconds, we do allow a burst of messages to pass through.printk_ratelimit_burst specifies the number of messages we cansend before ratelimiting kicks in. Afterprintk_ratelimit secondshave elapsed, another burst of messages may be sent.

The default value is 10 messages.

printk_devkmsg¶

Control the logging to/dev/kmsg from userspace:

The kernel command line parameterprintk.devkmsg= overrides this and isa one-time setting until next reboot: once set, it cannot be changed bythis sysctl interface anymore.

pty¶

SeeThe Devpts Filesystem.

random¶

This is a directory, with the following entries:

• boot_id: a UUID generated the first time this is retrieved, andunvarying after that;

• uuid: a UUID generated every time this is retrieved (this canthus be used to generate UUIDs at will);

• entropy_avail: the pool’s entropy count, in bits;

• poolsize: the entropy pool size, in bits;

• urandom_min_reseed_secs: obsolete (used to determine the minimumnumber of seconds between urandom pool reseeding). This file iswritable for compatibility purposes, but writing to it has no effecton any RNG behavior;

• write_wakeup_threshold: when the entropy count drops below this(as a number of bits), processes waiting to write to/dev/randomare woken up. This file is writable for compatibility purposes, butwriting to it has no effect on any RNG behavior.

randomize_va_space¶

This option can be used to select the type of process addressspace randomization that is used in the system, for architecturesthat support this feature.

real-root-dev¶

SeeUsing the initial RAM disk (initrd).

reboot-cmd (SPARC only)¶

??? This seems to be a way to give an argument to the SparcROM/Flash boot loader. Maybe to tell it what to do afterrebooting. ???

sched_energy_aware¶

Enables/disables Energy Aware Scheduling (EAS). EAS startsautomatically on platforms where it can run (that is,platforms with asymmetric CPU topologies and having an EnergyModel available). If your platform happens to meet therequirements for EAS but you do not want to use it, changethis value to 0. On Non-EAS platforms, write operation fails andread doesn’t return anything.

task_delayacct¶

Enables/disables task delay accounting (seeDelay accounting. Enabling this feature incursa small amount of overhead in the scheduler but is useful for debuggingand performance tuning. It is required by some tools such as iotop.

sched_schedstats¶

Enables/disables scheduler statistics. Enabling this featureincurs a small amount of overhead in the scheduler but isuseful for debugging and performance tuning.

sched_util_clamp_min¶

Max allowedminimum utilization.

Default value is 1024, which is the maximum possible value.

It means that any requested uclamp.min value cannot be greater thansched_util_clamp_min, i.e., it is restricted to the range[0:sched_util_clamp_min].

sched_util_clamp_max¶

Max allowedmaximum utilization.

Default value is 1024, which is the maximum possible value.

It means that any requested uclamp.max value cannot be greater thansched_util_clamp_max, i.e., it is restricted to the range[0:sched_util_clamp_max].

sched_util_clamp_min_rt_default¶

By default Linux is tuned for performance. Which means that RT tasks always runat the highest frequency and most capable (highest capacity) CPU (inheterogeneous systems).

Uclamp achieves this by setting the requested uclamp.min of all RT tasks to1024 by default, which effectively boosts the tasks to run at the highestfrequency and biases them to run on the biggest CPU.

This knob allows admins to change the default behavior when uclamp is beingused. In battery powered devices particularly, running at the maximumcapacity and frequency will increase energy consumption and shorten the batterylife.

This knob is only effective for RT tasks which the user hasn’t modified theirrequested uclamp.min value viasched_setattr() syscall.

This knob will not escape the range constraint imposed by sched_util_clamp_mindefined above.

For example if

sched_util_clamp_min_rt_default = 800sched_util_clamp_min = 600

Then the boost will be clamped to 600 because 800 is outside of the permissiblerange of [0:600]. This could happen for instance if a powersave mode willrestrict all boosts temporarily by modifying sched_util_clamp_min. As soon asthis restriction is lifted, the requested sched_util_clamp_min_rt_defaultwill take effect.

seccomp¶

SeeSeccomp BPF (SECure COMPuting with filters).

sg-big-buff¶

This file shows the size of the generic SCSI (sg) buffer.You can’t tune it just yet, but you could change it oncompile time by editinginclude/scsi/sg.h and changingthe value ofSG_BIG_BUFF.

There shouldn’t be any reason to change this value. Ifyou can come up with one, you probably know what youare doing anyway :)

shmall¶

This parameter sets the total amount of shared memory pages that can be usedinside ipc namespace. The shared memory pages counting occurs for each ipcnamespace separately and is not inherited. Hence,shmall should always be atleastceil(shmmax/PAGE_SIZE).

If you are not sure what the defaultPAGE_SIZE is on your Linuxsystem, you can run the following command:

# getconf PAGE_SIZE

To reduce or disable the ability to allocate shared memory, you must create anew ipc namespace, set this parameter to the required value and prohibit thecreation of a new ipc namespace in the current user namespace or cgroups canbe used.

shmmax¶

This value can be used to query and set the run time limiton the maximum shared memory segment size that can be created.Shared memory segments up to 1Gb are now supported in thekernel. This value defaults toSHMMAX.

shmmni¶

This value determines the maximum number of shared memory segments.4096 by default (SHMMNI).

shm_rmid_forced¶

Linux lets you set resource limits, including how much memory oneprocess can consume, viasetrlimit(2). Unfortunately, shared memorysegments are allowed to exist without association with any process, andthus might not be counted against any resource limits. If enabled,shared memory segments are automatically destroyed when their attachcount becomes zero after a detach or a process termination. It willalso destroy segments that were created, but never attached to, on exitfrom the process. The only use left forIPC_RMID is to immediatelydestroy an unattached segment. Of course, this breaks the way things aredefined, so some applications might stop working. Note that thisfeature will do you no good unless you also configure your resourcelimits (in particular,RLIMIT_AS andRLIMIT_NPROC). Most systems don’tneed this.

Note that if you change this from 0 to 1, already created segmentswithout users and with a dead originative process will be destroyed.

sysctl_writes_strict¶

Control how file position affects the behavior of updating sysctl valuesvia the/proc/sys interface:

-1	Legacy per-write sysctl value handling, with no printk warnings.Each write syscall must fully contain the sysctl value to bewritten, and multiple writes on the same sysctl file descriptorwill rewrite the sysctl value, regardless of file position.
0	Same behavior as above, but warn about processes that perform writesto a sysctl file descriptor when the file position is not 0.
1	(default) Respect file position when writing sysctl strings. Multiplewrites will append to the sysctl value buffer. Anything past the maxlength of the sysctl value buffer will be ignored. Writes to numericsysctl entries must always be at file position 0 and the value mustbe fully contained in the buffer sent in the write syscall.

softlockup_all_cpu_backtrace¶

This value controls the soft lockup detector thread’s behaviorwhen a soft lockup condition is detected as to whether or notto gather further debug information. If enabled, each cpu willbe issued an NMI and instructed to capture stack trace.

This feature is only applicable for architectures which supportNMI.

softlockup_panic¶

This parameter can be used to control whether the kernel panicswhen a soft lockup is detected.

This can also be set using the softlockup_panic kernel parameter.

soft_watchdog¶

This parameter can be used to control the soft lockup detector.

The soft lockup detector monitors CPUs for threads that are hogging the CPUswithout rescheduling voluntarily, and thus prevent the ‘migration/N’ threadsfrom running, causing the watchdog work fail to execute. The mechanism dependson the CPUs ability to respond to timer interrupts which are needed for thewatchdog work to be queued by the watchdog timer function, otherwise the NMIwatchdog — if enabled — can detect a hard lockup condition.

split_lock_mitigate (x86 only)¶

On x86, each “split lock” imposes a system-wide performance penalty. On largersystems, large numbers of split locks from unprivileged users can result indenials of service to well-behaved and potentially more important users.

The kernel mitigates these bad users by detecting split locks and imposingpenalties: forcing them to wait and only allowing one core to execute splitlocks at a time.

These mitigations can make those bad applications unbearably slow. Settingsplit_lock_mitigate=0 may restore some application performance, but will alsoincrease system exposure to denial of service attacks from split lock users.

stack_erasing¶

This parameter can be used to control kernel stack erasing at the endof syscalls for kernels built withCONFIG_KSTACK_ERASE.

That erasing reduces the information which kernel stack leak bugscan reveal and blocks some uninitialized stack variable attacks.The tradeoff is the performance impact: on a single CPU system kernelcompilation sees a 1% slowdown, other systems and workloads may vary.

stop-a (SPARC only)¶

Controls Stop-A:

Stop-A is always enabled on a panic, so that the user can return tothe boot PROM.

sysrq¶

SeeLinux Magic System Request Key Hacks.

tainted¶

Non-zero if the kernel has been tainted. Numeric values, which can beORed together. The letters are seen in “Tainted” line of Oops reports.

SeeTainted kernels for more information.

Note:

writes to this sysctl interface will fail withEINVAL if the kernel isbooted with the command line optionpanic_on_taint=<bitmask>,nousertaintand any of the ORed together values being written totainted match withthe bitmask declared on panic_on_taint.SeeThe kernel’s command-line parameters for more details onthat particular kernel command line option and its optionalnousertaint switch.

threads-max¶

This value controls the maximum number of threads that can be createdusingfork().

During initialization the kernel sets this value such that even if themaximum number of threads is created, the thread structures occupy onlya part (1/8th) of the available RAM pages.

The minimum value that can be written tothreads-max is 1.

The maximum value that can be written tothreads-max is given by theconstantFUTEX_TID_MASK (0x3fffffff).

If a value outside of this range is written tothreads-max anEINVAL error occurs.

timer_migration¶

When set to a non-zero value, attempt to migrate timers away from idle cpus toallow them to remain in low power states longer.

Default is set (1).

traceoff_on_warning¶

When set, disables tracing (seeftrace - Function Tracer) when aWARN() is hit.

tracepoint_printk¶

When tracepoints are sent toprintk() (enabled by thetp_printkboot parameter), this entry provides runtime control:

echo 0 > /proc/sys/kernel/tracepoint_printk

will stop tracepoints from being sent toprintk(), and:

echo 1 > /proc/sys/kernel/tracepoint_printk

will send them toprintk() again.

This only works if the kernel was booted withtp_printk enabled.

SeeThe kernel’s command-line parameters andBoot-time tracing.

unaligned-trap¶

On architectures where unaligned accesses cause traps, and where thisfeature is supported (CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW; currently,arc,parisc andloongarch), controls whether unaligned trapsare caught and emulated (instead of failing).

See alsoignore-unaligned-usertrap.

unknown_nmi_panic¶

The value in this file affects behavior of handling NMI. When thevalue is non-zero, unknown NMI is trapped and then panic occurs. Atthat time, kernel debugging information is displayed on console.

NMI switch that most IA32 servers have fires unknown NMI up, forexample. If a system hangs up, try pressing the NMI switch.

unprivileged_bpf_disabled¶

Writing 1 to this entry will disable unprivileged calls tobpf();once disabled, callingbpf() withoutCAP_SYS_ADMIN orCAP_BPFwill return-EPERM. Once set to 1, this can’t be cleared from therunning kernel anymore.

Writing 2 to this entry will also disable unprivileged calls tobpf(),however, an admin can still change this setting later on, if needed, bywriting 0 or 1 to this entry.

IfBPF_UNPRIV_DEFAULT_OFF is enabled in the kernel config, then thisentry will default to 2 instead of 0.

warn_limit¶

Number of kernel warnings after which the kernel should panic whenpanic_on_warn is not set. Setting this to 0 disables checkingthe warning count. Setting this to 1 has the same effect as settingpanic_on_warn=1. The default value is 0.

watchdog¶

This parameter can be used to disable or enable the soft lockup detectorand the NMI watchdog (i.e. the hard lockup detector) at the same time.

The soft lockup detector and the NMI watchdog can also be disabled orenabled individually, using thesoft_watchdog andnmi_watchdogparameters.If thewatchdog parameter is read, for example by executing:

cat /proc/sys/kernel/watchdog

the output of this command (0 or 1) shows the logical OR ofsoft_watchdog andnmi_watchdog.

watchdog_cpumask¶

This value can be used to control on which cpus the watchdog may run.The default cpumask is all possible cores, but ifNO_HZ_FULL isenabled in the kernel config, and cores are specified with thenohz_full= boot argument, those cores are excluded by default.Offline cores can be included in this mask, and if the core is laterbrought online, the watchdog will be started based on the mask value.

Typically this value would only be touched in thenohz_full caseto re-enable cores that by default were not running the watchdog,if a kernel lockup was suspected on those cores.

The argument value is the standard cpulist format for cpumasks,so for example to enable the watchdog on cores 0, 2, 3, and 4 youmight say:

echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask

watchdog_thresh¶

This value can be used to control the frequency of hrtimer and NMIevents and the soft and hard lockup thresholds. The default thresholdis 10 seconds.

The softlockup threshold is (2*watchdog_thresh). Setting thistunable to zero will disable lockup detection altogether.