Based on kernel version 4.16.1. Page generated on 2018-04-09 11:53 EST.
1 Documentation for /proc/sys/kernel/* kernel version 2.2.10 2 (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> 3 (c) 2009, Shen Feng<shen@cn.fujitsu.com> 4 5 For general info and legal blurb, please look in README. 6 7 ============================================================== 8 9 This file contains documentation for the sysctl files in 10 /proc/sys/kernel/ and is valid for Linux kernel version 2.2. 11 12 The files in this directory can be used to tune and monitor 13 miscellaneous and general things in the operation of the Linux 14 kernel. Since some of the files _can_ be used to screw up your 15 system, it is advisable to read both documentation and source 16 before actually making adjustments. 17 18 Currently, these files might (depending on your configuration) 19 show up in /proc/sys/kernel: 20 21 - acct 22 - acpi_video_flags 23 - auto_msgmni 24 - bootloader_type [ X86 only ] 25 - bootloader_version [ X86 only ] 26 - callhome [ S390 only ] 27 - cap_last_cap 28 - core_pattern 29 - core_pipe_limit 30 - core_uses_pid 31 - ctrl-alt-del 32 - dmesg_restrict 33 - domainname 34 - hostname 35 - hotplug 36 - hardlockup_all_cpu_backtrace 37 - hardlockup_panic 38 - hung_task_panic 39 - hung_task_check_count 40 - hung_task_timeout_secs 41 - hung_task_warnings 42 - kexec_load_disabled 43 - kptr_restrict 44 - l2cr [ PPC only ] 45 - modprobe ==> Documentation/debugging-modules.txt 46 - modules_disabled 47 - msg_next_id [ sysv ipc ] 48 - msgmax 49 - msgmnb 50 - msgmni 51 - nmi_watchdog 52 - osrelease 53 - ostype 54 - overflowgid 55 - overflowuid 56 - panic 57 - panic_on_oops 58 - panic_on_stackoverflow 59 - panic_on_unrecovered_nmi 60 - panic_on_warn 61 - panic_on_rcu_stall 62 - perf_cpu_time_max_percent 63 - perf_event_paranoid 64 - perf_event_max_stack 65 - perf_event_mlock_kb 66 - perf_event_max_contexts_per_stack 67 - pid_max 68 - powersave-nap [ PPC only ] 69 - printk 70 - printk_delay 71 - printk_ratelimit 72 - printk_ratelimit_burst 73 - pty ==> Documentation/filesystems/devpts.txt 74 - randomize_va_space 75 - real-root-dev ==> Documentation/admin-guide/initrd.rst 76 - reboot-cmd [ SPARC only ] 77 - rtsig-max 78 - rtsig-nr 79 - seccomp/ ==> Documentation/userspace-api/seccomp_filter.rst 80 - sem 81 - sem_next_id [ sysv ipc ] 82 - sg-big-buff [ generic SCSI device (sg) ] 83 - shm_next_id [ sysv ipc ] 84 - shm_rmid_forced 85 - shmall 86 - shmmax [ sysv ipc ] 87 - shmmni 88 - softlockup_all_cpu_backtrace 89 - soft_watchdog 90 - stop-a [ SPARC only ] 91 - sysrq ==> Documentation/admin-guide/sysrq.rst 92 - sysctl_writes_strict 93 - tainted 94 - threads-max 95 - unknown_nmi_panic 96 - watchdog 97 - watchdog_thresh 98 - version 99 100 ============================================================== 101 102 acct: 103 104 highwater lowwater frequency 105 106 If BSD-style process accounting is enabled these values control 107 its behaviour. If free space on filesystem where the log lives 108 goes below <lowwater>% accounting suspends. If free space gets 109 above <highwater>% accounting resumes. <Frequency> determines 110 how often do we check the amount of free space (value is in 111 seconds). Default: 112 4 2 30 113 That is, suspend accounting if there left <= 2% free; resume it 114 if we got >=4%; consider information about amount of free space 115 valid for 30 seconds. 116 117 ============================================================== 118 119 acpi_video_flags: 120 121 flags 122 123 See Doc*/kernel/power/video.txt, it allows mode of video boot to be 124 set during run time. 125 126 ============================================================== 127 128 auto_msgmni: 129 130 This variable has no effect and may be removed in future kernel 131 releases. Reading it always returns 0. 132 Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni 133 upon memory add/remove or upon ipc namespace creation/removal. 134 Echoing "1" into this file enabled msgmni automatic recomputing. 135 Echoing "0" turned it off. auto_msgmni default value was 1. 136 137 138 ============================================================== 139 140 bootloader_type: 141 142 x86 bootloader identification 143 144 This gives the bootloader type number as indicated by the bootloader, 145 shifted left by 4, and OR'd with the low four bits of the bootloader 146 version. The reason for this encoding is that this used to match the 147 type_of_loader field in the kernel header; the encoding is kept for 148 backwards compatibility. That is, if the full bootloader type number 149 is 0x15 and the full version number is 0x234, this file will contain 150 the value 340 = 0x154. 151 152 See the type_of_loader and ext_loader_type fields in 153 Documentation/x86/boot.txt for additional information. 154 155 ============================================================== 156 157 bootloader_version: 158 159 x86 bootloader version 160 161 The complete bootloader version number. In the example above, this 162 file will contain the value 564 = 0x234. 163 164 See the type_of_loader and ext_loader_ver fields in 165 Documentation/x86/boot.txt for additional information. 166 167 ============================================================== 168 169 callhome: 170 171 Controls the kernel's callhome behavior in case of a kernel panic. 172 173 The s390 hardware allows an operating system to send a notification 174 to a service organization (callhome) in case of an operating system panic. 175 176 When the value in this file is 0 (which is the default behavior) 177 nothing happens in case of a kernel panic. If this value is set to "1" 178 the complete kernel oops message is send to the IBM customer service 179 organization in case the mainframe the Linux operating system is running 180 on has a service contract with IBM. 181 182 ============================================================== 183 184 cap_last_cap 185 186 Highest valid capability of the running kernel. Exports 187 CAP_LAST_CAP from the kernel. 188 189 ============================================================== 190 191 core_pattern: 192 193 core_pattern is used to specify a core dumpfile pattern name. 194 . max length 128 characters; default value is "core" 195 . core_pattern is used as a pattern template for the output filename; 196 certain string patterns (beginning with '%') are substituted with 197 their actual values. 198 . backward compatibility with core_uses_pid: 199 If core_pattern does not include "%p" (default does not) 200 and core_uses_pid is set, then .PID will be appended to 201 the filename. 202 . corename format specifiers: 203 %<NUL> '%' is dropped 204 %% output one '%' 205 %p pid 206 %P global pid (init PID namespace) 207 %i tid 208 %I global tid (init PID namespace) 209 %u uid (in initial user namespace) 210 %g gid (in initial user namespace) 211 %d dump mode, matches PR_SET_DUMPABLE and 212 /proc/sys/fs/suid_dumpable 213 %s signal number 214 %t UNIX time of dump 215 %h hostname 216 %e executable filename (may be shortened) 217 %E executable path 218 %<OTHER> both are dropped 219 . If the first character of the pattern is a '|', the kernel will treat 220 the rest of the pattern as a command to run. The core dump will be 221 written to the standard input of that program instead of to a file. 222 223 ============================================================== 224 225 core_pipe_limit: 226 227 This sysctl is only applicable when core_pattern is configured to pipe 228 core files to a user space helper (when the first character of 229 core_pattern is a '|', see above). When collecting cores via a pipe 230 to an application, it is occasionally useful for the collecting 231 application to gather data about the crashing process from its 232 /proc/pid directory. In order to do this safely, the kernel must wait 233 for the collecting process to exit, so as not to remove the crashing 234 processes proc files prematurely. This in turn creates the 235 possibility that a misbehaving userspace collecting process can block 236 the reaping of a crashed process simply by never exiting. This sysctl 237 defends against that. It defines how many concurrent crashing 238 processes may be piped to user space applications in parallel. If 239 this value is exceeded, then those crashing processes above that value 240 are noted via the kernel log and their cores are skipped. 0 is a 241 special value, indicating that unlimited processes may be captured in 242 parallel, but that no waiting will take place (i.e. the collecting 243 process is not guaranteed access to /proc/<crashing pid>/). This 244 value defaults to 0. 245 246 ============================================================== 247 248 core_uses_pid: 249 250 The default coredump filename is "core". By setting 251 core_uses_pid to 1, the coredump filename becomes core.PID. 252 If core_pattern does not include "%p" (default does not) 253 and core_uses_pid is set, then .PID will be appended to 254 the filename. 255 256 ============================================================== 257 258 ctrl-alt-del: 259 260 When the value in this file is 0, ctrl-alt-del is trapped and 261 sent to the init(1) program to handle a graceful restart. 262 When, however, the value is > 0, Linux's reaction to a Vulcan 263 Nerve Pinch (tm) will be an immediate reboot, without even 264 syncing its dirty buffers. 265 266 Note: when a program (like dosemu) has the keyboard in 'raw' 267 mode, the ctrl-alt-del is intercepted by the program before it 268 ever reaches the kernel tty layer, and it's up to the program 269 to decide what to do with it. 270 271 ============================================================== 272 273 dmesg_restrict: 274 275 This toggle indicates whether unprivileged users are prevented 276 from using dmesg(8) to view messages from the kernel's log buffer. 277 When dmesg_restrict is set to (0) there are no restrictions. When 278 dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use 279 dmesg(8). 280 281 The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the 282 default value of dmesg_restrict. 283 284 ============================================================== 285 286 domainname & hostname: 287 288 These files can be used to set the NIS/YP domainname and the 289 hostname of your box in exactly the same way as the commands 290 domainname and hostname, i.e.: 291 # echo "darkstar" > /proc/sys/kernel/hostname 292 # echo "mydomain" > /proc/sys/kernel/domainname 293 has the same effect as 294 # hostname "darkstar" 295 # domainname "mydomain" 296 297 Note, however, that the classic darkstar.frop.org has the 298 hostname "darkstar" and DNS (Internet Domain Name Server) 299 domainname "frop.org", not to be confused with the NIS (Network 300 Information Service) or YP (Yellow Pages) domainname. These two 301 domain names are in general different. For a detailed discussion 302 see the hostname(1) man page. 303 304 ============================================================== 305 hardlockup_all_cpu_backtrace: 306 307 This value controls the hard lockup detector behavior when a hard 308 lockup condition is detected as to whether or not to gather further 309 debug information. If enabled, arch-specific all-CPU stack dumping 310 will be initiated. 311 312 0: do nothing. This is the default behavior. 313 314 1: on detection capture more debug information. 315 ============================================================== 316 317 hardlockup_panic: 318 319 This parameter can be used to control whether the kernel panics 320 when a hard lockup is detected. 321 322 0 - don't panic on hard lockup 323 1 - panic on hard lockup 324 325 See Documentation/lockup-watchdogs.txt for more information. This can 326 also be set using the nmi_watchdog kernel parameter. 327 328 ============================================================== 329 330 hotplug: 331 332 Path for the hotplug policy agent. 333 Default value is "/sbin/hotplug". 334 335 ============================================================== 336 337 hung_task_panic: 338 339 Controls the kernel's behavior when a hung task is detected. 340 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 341 342 0: continue operation. This is the default behavior. 343 344 1: panic immediately. 345 346 ============================================================== 347 348 hung_task_check_count: 349 350 The upper bound on the number of tasks that are checked. 351 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 352 353 ============================================================== 354 355 hung_task_timeout_secs: 356 357 Check interval. When a task in D state did not get scheduled 358 for more than this value report a warning. 359 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 360 361 0: means infinite timeout - no checking done. 362 Possible values to set are in range {0..LONG_MAX/HZ}. 363 364 ============================================================== 365 366 hung_task_warnings: 367 368 The maximum number of warnings to report. During a check interval 369 if a hung task is detected, this value is decreased by 1. 370 When this value reaches 0, no more warnings will be reported. 371 This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. 372 373 -1: report an infinite number of warnings. 374 375 ============================================================== 376 377 kexec_load_disabled: 378 379 A toggle indicating if the kexec_load syscall has been disabled. This 380 value defaults to 0 (false: kexec_load enabled), but can be set to 1 381 (true: kexec_load disabled). Once true, kexec can no longer be used, and 382 the toggle cannot be set back to false. This allows a kexec image to be 383 loaded before disabling the syscall, allowing a system to set up (and 384 later use) an image without it being altered. Generally used together 385 with the "modules_disabled" sysctl. 386 387 ============================================================== 388 389 kptr_restrict: 390 391 This toggle indicates whether restrictions are placed on 392 exposing kernel addresses via /proc and other interfaces. 393 394 When kptr_restrict is set to 0 (the default) the address is hashed before 395 printing. (This is the equivalent to %p.) 396 397 When kptr_restrict is set to (1), kernel pointers printed using the %pK 398 format specifier will be replaced with 0's unless the user has CAP_SYSLOG 399 and effective user and group ids are equal to the real ids. This is 400 because %pK checks are done at read() time rather than open() time, so 401 if permissions are elevated between the open() and the read() (e.g via 402 a setuid binary) then %pK will not leak kernel pointers to unprivileged 403 users. Note, this is a temporary solution only. The correct long-term 404 solution is to do the permission checks at open() time. Consider removing 405 world read permissions from files that use %pK, and using dmesg_restrict 406 to protect against uses of %pK in dmesg(8) if leaking kernel pointer 407 values to unprivileged users is a concern. 408 409 When kptr_restrict is set to (2), kernel pointers printed using 410 %pK will be replaced with 0's regardless of privileges. 411 412 ============================================================== 413 414 l2cr: (PPC only) 415 416 This flag controls the L2 cache of G3 processor boards. If 417 0, the cache is disabled. Enabled if nonzero. 418 419 ============================================================== 420 421 modules_disabled: 422 423 A toggle value indicating if modules are allowed to be loaded 424 in an otherwise modular kernel. This toggle defaults to off 425 (0), but can be set true (1). Once true, modules can be 426 neither loaded nor unloaded, and the toggle cannot be set back 427 to false. Generally used with the "kexec_load_disabled" toggle. 428 429 ============================================================== 430 431 msg_next_id, sem_next_id, and shm_next_id: 432 433 These three toggles allows to specify desired id for next allocated IPC 434 object: message, semaphore or shared memory respectively. 435 436 By default they are equal to -1, which means generic allocation logic. 437 Possible values to set are in range {0..INT_MAX}. 438 439 Notes: 440 1) kernel doesn't guarantee, that new object will have desired id. So, 441 it's up to userspace, how to handle an object with "wrong" id. 442 2) Toggle with non-default value will be set back to -1 by kernel after 443 successful IPC object allocation. 444 445 ============================================================== 446 447 nmi_watchdog: 448 449 This parameter can be used to control the NMI watchdog 450 (i.e. the hard lockup detector) on x86 systems. 451 452 0 - disable the hard lockup detector 453 1 - enable the hard lockup detector 454 455 The hard lockup detector monitors each CPU for its ability to respond to 456 timer interrupts. The mechanism utilizes CPU performance counter registers 457 that are programmed to generate Non-Maskable Interrupts (NMIs) periodically 458 while a CPU is busy. Hence, the alternative name 'NMI watchdog'. 459 460 The NMI watchdog is disabled by default if the kernel is running as a guest 461 in a KVM virtual machine. This default can be overridden by adding 462 463 nmi_watchdog=1 464 465 to the guest kernel command line (see Documentation/admin-guide/kernel-parameters.rst). 466 467 ============================================================== 468 469 numa_balancing 470 471 Enables/disables automatic page fault based NUMA memory 472 balancing. Memory is moved automatically to nodes 473 that access it often. 474 475 Enables/disables automatic NUMA memory balancing. On NUMA machines, there 476 is a performance penalty if remote memory is accessed by a CPU. When this 477 feature is enabled the kernel samples what task thread is accessing memory 478 by periodically unmapping pages and later trapping a page fault. At the 479 time of the page fault, it is determined if the data being accessed should 480 be migrated to a local memory node. 481 482 The unmapping of pages and trapping faults incur additional overhead that 483 ideally is offset by improved memory locality but there is no universal 484 guarantee. If the target workload is already bound to NUMA nodes then this 485 feature should be disabled. Otherwise, if the system overhead from the 486 feature is too high then the rate the kernel samples for NUMA hinting 487 faults may be controlled by the numa_balancing_scan_period_min_ms, 488 numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms, 489 numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls. 490 491 ============================================================== 492 493 numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms, 494 numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb 495 496 Automatic NUMA balancing scans tasks address space and unmaps pages to 497 detect if pages are properly placed or if the data should be migrated to a 498 memory node local to where the task is running. Every "scan delay" the task 499 scans the next "scan size" number of pages in its address space. When the 500 end of the address space is reached the scanner restarts from the beginning. 501 502 In combination, the "scan delay" and "scan size" determine the scan rate. 503 When "scan delay" decreases, the scan rate increases. The scan delay and 504 hence the scan rate of every task is adaptive and depends on historical 505 behaviour. If pages are properly placed then the scan delay increases, 506 otherwise the scan delay decreases. The "scan size" is not adaptive but 507 the higher the "scan size", the higher the scan rate. 508 509 Higher scan rates incur higher system overhead as page faults must be 510 trapped and potentially data must be migrated. However, the higher the scan 511 rate, the more quickly a tasks memory is migrated to a local node if the 512 workload pattern changes and minimises performance impact due to remote 513 memory accesses. These sysctls control the thresholds for scan delays and 514 the number of pages scanned. 515 516 numa_balancing_scan_period_min_ms is the minimum time in milliseconds to 517 scan a tasks virtual memory. It effectively controls the maximum scanning 518 rate for each task. 519 520 numa_balancing_scan_delay_ms is the starting "scan delay" used for a task 521 when it initially forks. 522 523 numa_balancing_scan_period_max_ms is the maximum time in milliseconds to 524 scan a tasks virtual memory. It effectively controls the minimum scanning 525 rate for each task. 526 527 numa_balancing_scan_size_mb is how many megabytes worth of pages are 528 scanned for a given scan. 529 530 ============================================================== 531 532 osrelease, ostype & version: 533 534 # cat osrelease 535 2.1.88 536 # cat ostype 537 Linux 538 # cat version 539 #5 Wed Feb 25 21:49:24 MET 1998 540 541 The files osrelease and ostype should be clear enough. Version 542 needs a little more clarification however. The '#5' means that 543 this is the fifth kernel built from this source base and the 544 date behind it indicates the time the kernel was built. 545 The only way to tune these values is to rebuild the kernel :-) 546 547 ============================================================== 548 549 overflowgid & overflowuid: 550 551 if your architecture did not always support 32-bit UIDs (i.e. arm, 552 i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to 553 applications that use the old 16-bit UID/GID system calls, if the 554 actual UID or GID would exceed 65535. 555 556 These sysctls allow you to change the value of the fixed UID and GID. 557 The default is 65534. 558 559 ============================================================== 560 561 panic: 562 563 The value in this file represents the number of seconds the kernel 564 waits before rebooting on a panic. When you use the software watchdog, 565 the recommended setting is 60. 566 567 ============================================================== 568 569 panic_on_io_nmi: 570 571 Controls the kernel's behavior when a CPU receives an NMI caused by 572 an IO error. 573 574 0: try to continue operation (default) 575 576 1: panic immediately. The IO error triggered an NMI. This indicates a 577 serious system condition which could result in IO data corruption. 578 Rather than continuing, panicking might be a better choice. Some 579 servers issue this sort of NMI when the dump button is pushed, 580 and you can use this option to take a crash dump. 581 582 ============================================================== 583 584 panic_on_oops: 585 586 Controls the kernel's behaviour when an oops or BUG is encountered. 587 588 0: try to continue operation 589 590 1: panic immediately. If the `panic' sysctl is also non-zero then the 591 machine will be rebooted. 592 593 ============================================================== 594 595 panic_on_stackoverflow: 596 597 Controls the kernel's behavior when detecting the overflows of 598 kernel, IRQ and exception stacks except a user stack. 599 This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled. 600 601 0: try to continue operation. 602 603 1: panic immediately. 604 605 ============================================================== 606 607 panic_on_unrecovered_nmi: 608 609 The default Linux behaviour on an NMI of either memory or unknown is 610 to continue operation. For many environments such as scientific 611 computing it is preferable that the box is taken out and the error 612 dealt with than an uncorrected parity/ECC error get propagated. 613 614 A small number of systems do generate NMI's for bizarre random reasons 615 such as power management so the default is off. That sysctl works like 616 the existing panic controls already in that directory. 617 618 ============================================================== 619 620 panic_on_warn: 621 622 Calls panic() in the WARN() path when set to 1. This is useful to avoid 623 a kernel rebuild when attempting to kdump at the location of a WARN(). 624 625 0: only WARN(), default behaviour. 626 627 1: call panic() after printing out WARN() location. 628 629 ============================================================== 630 631 panic_on_rcu_stall: 632 633 When set to 1, calls panic() after RCU stall detection messages. This 634 is useful to define the root cause of RCU stalls using a vmcore. 635 636 0: do not panic() when RCU stall takes place, default behavior. 637 638 1: panic() after printing RCU stall messages. 639 640 ============================================================== 641 642 perf_cpu_time_max_percent: 643 644 Hints to the kernel how much CPU time it should be allowed to 645 use to handle perf sampling events. If the perf subsystem 646 is informed that its samples are exceeding this limit, it 647 will drop its sampling frequency to attempt to reduce its CPU 648 usage. 649 650 Some perf sampling happens in NMIs. If these samples 651 unexpectedly take too long to execute, the NMIs can become 652 stacked up next to each other so much that nothing else is 653 allowed to execute. 654 655 0: disable the mechanism. Do not monitor or correct perf's 656 sampling rate no matter how CPU time it takes. 657 658 1-100: attempt to throttle perf's sample rate to this 659 percentage of CPU. Note: the kernel calculates an 660 "expected" length of each sample event. 100 here means 661 100% of that expected length. Even if this is set to 662 100, you may still see sample throttling if this 663 length is exceeded. Set to 0 if you truly do not care 664 how much CPU is consumed. 665 666 ============================================================== 667 668 perf_event_paranoid: 669 670 Controls use of the performance events system by unprivileged 671 users (without CAP_SYS_ADMIN). The default value is 2. 672 673 -1: Allow use of (almost) all events by all users 674 Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK 675 >=0: Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN 676 Disallow raw tracepoint access by users without CAP_SYS_ADMIN 677 >=1: Disallow CPU event access by users without CAP_SYS_ADMIN 678 >=2: Disallow kernel profiling by users without CAP_SYS_ADMIN 679 680 ============================================================== 681 682 perf_event_max_stack: 683 684 Controls maximum number of stack frames to copy for (attr.sample_type & 685 PERF_SAMPLE_CALLCHAIN) configured events, for instance, when using 686 'perf record -g' or 'perf trace --call-graph fp'. 687 688 This can only be done when no events are in use that have callchains 689 enabled, otherwise writing to this file will return -EBUSY. 690 691 The default value is 127. 692 693 ============================================================== 694 695 perf_event_mlock_kb: 696 697 Control size of per-cpu ring buffer not counted agains mlock limit. 698 699 The default value is 512 + 1 page 700 701 ============================================================== 702 703 perf_event_max_contexts_per_stack: 704 705 Controls maximum number of stack frame context entries for 706 (attr.sample_type & PERF_SAMPLE_CALLCHAIN) configured events, for 707 instance, when using 'perf record -g' or 'perf trace --call-graph fp'. 708 709 This can only be done when no events are in use that have callchains 710 enabled, otherwise writing to this file will return -EBUSY. 711 712 The default value is 8. 713 714 ============================================================== 715 716 pid_max: 717 718 PID allocation wrap value. When the kernel's next PID value 719 reaches this value, it wraps back to a minimum PID value. 720 PIDs of value pid_max or larger are not allocated. 721 722 ============================================================== 723 724 ns_last_pid: 725 726 The last pid allocated in the current (the one task using this sysctl 727 lives in) pid namespace. When selecting a pid for a next task on fork 728 kernel tries to allocate a number starting from this one. 729 730 ============================================================== 731 732 powersave-nap: (PPC only) 733 734 If set, Linux-PPC will use the 'nap' mode of powersaving, 735 otherwise the 'doze' mode will be used. 736 737 ============================================================== 738 739 printk: 740 741 The four values in printk denote: console_loglevel, 742 default_message_loglevel, minimum_console_loglevel and 743 default_console_loglevel respectively. 744 745 These values influence printk() behavior when printing or 746 logging error messages. See 'man 2 syslog' for more info on 747 the different loglevels. 748 749 - console_loglevel: messages with a higher priority than 750 this will be printed to the console 751 - default_message_loglevel: messages without an explicit priority 752 will be printed with this priority 753 - minimum_console_loglevel: minimum (highest) value to which 754 console_loglevel can be set 755 - default_console_loglevel: default value for console_loglevel 756 757 ============================================================== 758 759 printk_delay: 760 761 Delay each printk message in printk_delay milliseconds 762 763 Value from 0 - 10000 is allowed. 764 765 ============================================================== 766 767 printk_ratelimit: 768 769 Some warning messages are rate limited. printk_ratelimit specifies 770 the minimum length of time between these messages (in jiffies), by 771 default we allow one every 5 seconds. 772 773 A value of 0 will disable rate limiting. 774 775 ============================================================== 776 777 printk_ratelimit_burst: 778 779 While long term we enforce one message per printk_ratelimit 780 seconds, we do allow a burst of messages to pass through. 781 printk_ratelimit_burst specifies the number of messages we can 782 send before ratelimiting kicks in. 783 784 ============================================================== 785 786 printk_devkmsg: 787 788 Control the logging to /dev/kmsg from userspace: 789 790 ratelimit: default, ratelimited 791 on: unlimited logging to /dev/kmsg from userspace 792 off: logging to /dev/kmsg disabled 793 794 The kernel command line parameter printk.devkmsg= overrides this and is 795 a one-time setting until next reboot: once set, it cannot be changed by 796 this sysctl interface anymore. 797 798 ============================================================== 799 800 randomize_va_space: 801 802 This option can be used to select the type of process address 803 space randomization that is used in the system, for architectures 804 that support this feature. 805 806 0 - Turn the process address space randomization off. This is the 807 default for architectures that do not support this feature anyways, 808 and kernels that are booted with the "norandmaps" parameter. 809 810 1 - Make the addresses of mmap base, stack and VDSO page randomized. 811 This, among other things, implies that shared libraries will be 812 loaded to random addresses. Also for PIE-linked binaries, the 813 location of code start is randomized. This is the default if the 814 CONFIG_COMPAT_BRK option is enabled. 815 816 2 - Additionally enable heap randomization. This is the default if 817 CONFIG_COMPAT_BRK is disabled. 818 819 There are a few legacy applications out there (such as some ancient 820 versions of libc.so.5 from 1996) that assume that brk area starts 821 just after the end of the code+bss. These applications break when 822 start of the brk area is randomized. There are however no known 823 non-legacy applications that would be broken this way, so for most 824 systems it is safe to choose full randomization. 825 826 Systems with ancient and/or broken binaries should be configured 827 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process 828 address space randomization. 829 830 ============================================================== 831 832 reboot-cmd: (Sparc only) 833 834 ??? This seems to be a way to give an argument to the Sparc 835 ROM/Flash boot loader. Maybe to tell it what to do after 836 rebooting. ??? 837 838 ============================================================== 839 840 rtsig-max & rtsig-nr: 841 842 The file rtsig-max can be used to tune the maximum number 843 of POSIX realtime (queued) signals that can be outstanding 844 in the system. 845 846 rtsig-nr shows the number of RT signals currently queued. 847 848 ============================================================== 849 850 sched_schedstats: 851 852 Enables/disables scheduler statistics. Enabling this feature 853 incurs a small amount of overhead in the scheduler but is 854 useful for debugging and performance tuning. 855 856 ============================================================== 857 858 sg-big-buff: 859 860 This file shows the size of the generic SCSI (sg) buffer. 861 You can't tune it just yet, but you could change it on 862 compile time by editing include/scsi/sg.h and changing 863 the value of SG_BIG_BUFF. 864 865 There shouldn't be any reason to change this value. If 866 you can come up with one, you probably know what you 867 are doing anyway :) 868 869 ============================================================== 870 871 shmall: 872 873 This parameter sets the total amount of shared memory pages that 874 can be used system wide. Hence, SHMALL should always be at least 875 ceil(shmmax/PAGE_SIZE). 876 877 If you are not sure what the default PAGE_SIZE is on your Linux 878 system, you can run the following command: 879 880 # getconf PAGE_SIZE 881 882 ============================================================== 883 884 shmmax: 885 886 This value can be used to query and set the run time limit 887 on the maximum shared memory segment size that can be created. 888 Shared memory segments up to 1Gb are now supported in the 889 kernel. This value defaults to SHMMAX. 890 891 ============================================================== 892 893 shm_rmid_forced: 894 895 Linux lets you set resource limits, including how much memory one 896 process can consume, via setrlimit(2). Unfortunately, shared memory 897 segments are allowed to exist without association with any process, and 898 thus might not be counted against any resource limits. If enabled, 899 shared memory segments are automatically destroyed when their attach 900 count becomes zero after a detach or a process termination. It will 901 also destroy segments that were created, but never attached to, on exit 902 from the process. The only use left for IPC_RMID is to immediately 903 destroy an unattached segment. Of course, this breaks the way things are 904 defined, so some applications might stop working. Note that this 905 feature will do you no good unless you also configure your resource 906 limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't 907 need this. 908 909 Note that if you change this from 0 to 1, already created segments 910 without users and with a dead originative process will be destroyed. 911 912 ============================================================== 913 914 sysctl_writes_strict: 915 916 Control how file position affects the behavior of updating sysctl values 917 via the /proc/sys interface: 918 919 -1 - Legacy per-write sysctl value handling, with no printk warnings. 920 Each write syscall must fully contain the sysctl value to be 921 written, and multiple writes on the same sysctl file descriptor 922 will rewrite the sysctl value, regardless of file position. 923 0 - Same behavior as above, but warn about processes that perform writes 924 to a sysctl file descriptor when the file position is not 0. 925 1 - (default) Respect file position when writing sysctl strings. Multiple 926 writes will append to the sysctl value buffer. Anything past the max 927 length of the sysctl value buffer will be ignored. Writes to numeric 928 sysctl entries must always be at file position 0 and the value must 929 be fully contained in the buffer sent in the write syscall. 930 931 ============================================================== 932 933 softlockup_all_cpu_backtrace: 934 935 This value controls the soft lockup detector thread's behavior 936 when a soft lockup condition is detected as to whether or not 937 to gather further debug information. If enabled, each cpu will 938 be issued an NMI and instructed to capture stack trace. 939 940 This feature is only applicable for architectures which support 941 NMI. 942 943 0: do nothing. This is the default behavior. 944 945 1: on detection capture more debug information. 946 947 ============================================================== 948 949 soft_watchdog 950 951 This parameter can be used to control the soft lockup detector. 952 953 0 - disable the soft lockup detector 954 1 - enable the soft lockup detector 955 956 The soft lockup detector monitors CPUs for threads that are hogging the CPUs 957 without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads 958 from running. The mechanism depends on the CPUs ability to respond to timer 959 interrupts which are needed for the 'watchdog/N' threads to be woken up by 960 the watchdog timer function, otherwise the NMI watchdog - if enabled - can 961 detect a hard lockup condition. 962 963 ============================================================== 964 965 tainted: 966 967 Non-zero if the kernel has been tainted. Numeric values, which 968 can be ORed together: 969 970 1 - A module with a non-GPL license has been loaded, this 971 includes modules with no license. 972 Set by modutils >= 2.4.9 and module-init-tools. 973 2 - A module was force loaded by insmod -f. 974 Set by modutils >= 2.4.9 and module-init-tools. 975 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP. 976 8 - A module was forcibly unloaded from the system by rmmod -f. 977 16 - A hardware machine check error occurred on the system. 978 32 - A bad page was discovered on the system. 979 64 - The user has asked that the system be marked "tainted". This 980 could be because they are running software that directly modifies 981 the hardware, or for other reasons. 982 128 - The system has died. 983 256 - The ACPI DSDT has been overridden with one supplied by the user 984 instead of using the one provided by the hardware. 985 512 - A kernel warning has occurred. 986 1024 - A module from drivers/staging was loaded. 987 2048 - The system is working around a severe firmware bug. 988 4096 - An out-of-tree module has been loaded. 989 8192 - An unsigned module has been loaded in a kernel supporting module 990 signature. 991 16384 - A soft lockup has previously occurred on the system. 992 32768 - The kernel has been live patched. 993 994 ============================================================== 995 996 threads-max 997 998 This value controls the maximum number of threads that can be created 999 using fork(). 1000 1001 During initialization the kernel sets this value such that even if the 1002 maximum number of threads is created, the thread structures occupy only 1003 a part (1/8th) of the available RAM pages. 1004 1005 The minimum value that can be written to threads-max is 20. 1006 The maximum value that can be written to threads-max is given by the 1007 constant FUTEX_TID_MASK (0x3fffffff). 1008 If a value outside of this range is written to threads-max an error 1009 EINVAL occurs. 1010 1011 The value written is checked against the available RAM pages. If the 1012 thread structures would occupy too much (more than 1/8th) of the 1013 available RAM pages threads-max is reduced accordingly. 1014 1015 ============================================================== 1016 1017 unknown_nmi_panic: 1018 1019 The value in this file affects behavior of handling NMI. When the 1020 value is non-zero, unknown NMI is trapped and then panic occurs. At 1021 that time, kernel debugging information is displayed on console. 1022 1023 NMI switch that most IA32 servers have fires unknown NMI up, for 1024 example. If a system hangs up, try pressing the NMI switch. 1025 1026 ============================================================== 1027 1028 watchdog: 1029 1030 This parameter can be used to disable or enable the soft lockup detector 1031 _and_ the NMI watchdog (i.e. the hard lockup detector) at the same time. 1032 1033 0 - disable both lockup detectors 1034 1 - enable both lockup detectors 1035 1036 The soft lockup detector and the NMI watchdog can also be disabled or 1037 enabled individually, using the soft_watchdog and nmi_watchdog parameters. 1038 If the watchdog parameter is read, for example by executing 1039 1040 cat /proc/sys/kernel/watchdog 1041 1042 the output of this command (0 or 1) shows the logical OR of soft_watchdog 1043 and nmi_watchdog. 1044 1045 ============================================================== 1046 1047 watchdog_cpumask: 1048 1049 This value can be used to control on which cpus the watchdog may run. 1050 The default cpumask is all possible cores, but if NO_HZ_FULL is 1051 enabled in the kernel config, and cores are specified with the 1052 nohz_full= boot argument, those cores are excluded by default. 1053 Offline cores can be included in this mask, and if the core is later 1054 brought online, the watchdog will be started based on the mask value. 1055 1056 Typically this value would only be touched in the nohz_full case 1057 to re-enable cores that by default were not running the watchdog, 1058 if a kernel lockup was suspected on those cores. 1059 1060 The argument value is the standard cpulist format for cpumasks, 1061 so for example to enable the watchdog on cores 0, 2, 3, and 4 you 1062 might say: 1063 1064 echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask 1065 1066 ============================================================== 1067 1068 watchdog_thresh: 1069 1070 This value can be used to control the frequency of hrtimer and NMI 1071 events and the soft and hard lockup thresholds. The default threshold 1072 is 10 seconds. 1073 1074 The softlockup threshold is (2 * watchdog_thresh). Setting this 1075 tunable to zero will disable lockup detection altogether. 1076 1077 ==============================================================