blob: c831001c45f1162334b7a30544853a8baa47c6a5 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001Documentation for /proc/sys/kernel/* kernel version 2.2.10
2 (c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
Shen Feng760df932009-04-02 16:57:20 -07003 (c) 2009, Shen Feng<shen@cn.fujitsu.com>
Linus Torvalds1da177e2005-04-16 15:20:36 -07004
5For general info and legal blurb, please look in README.
6
7==============================================================
8
9This file contains documentation for the sysctl files in
10/proc/sys/kernel/ and is valid for Linux kernel version 2.2.
11
12The files in this directory can be used to tune and monitor
13miscellaneous and general things in the operation of the Linux
14kernel. Since some of the files _can_ be used to screw up your
15system, it is advisable to read both documentation and source
16before actually making adjustments.
17
18Currently, these files might (depending on your configuration)
19show up in /proc/sys/kernel:
Borislav Petkov807094c2011-07-23 10:39:29 -070020
Linus Torvalds1da177e2005-04-16 15:20:36 -070021- acct
Borislav Petkov807094c2011-07-23 10:39:29 -070022- acpi_video_flags
23- auto_msgmni
H. Peter Anvind75757a2009-12-11 14:23:44 -080024- bootloader_type [ X86 only ]
25- bootloader_version [ X86 only ]
Hans-Joachim Pichtc114728a2009-09-11 10:28:47 +020026- callhome [ S390 only ]
Dan Ballard73efc032011-10-31 17:11:20 -070027- cap_last_cap
Linus Torvalds1da177e2005-04-16 15:20:36 -070028- core_pattern
Neil Hormana2939802009-09-23 15:56:56 -070029- core_pipe_limit
Linus Torvalds1da177e2005-04-16 15:20:36 -070030- core_uses_pid
31- ctrl-alt-del
Dan Rosenbergeaf06b22010-11-11 14:05:18 -080032- dmesg_restrict
Linus Torvalds1da177e2005-04-16 15:20:36 -070033- domainname
34- hostname
35- hotplug
Aaron Tomlin270750db2014-01-20 17:34:13 +000036- hung_task_panic
37- hung_task_check_count
38- hung_task_timeout_secs
39- hung_task_warnings
Kees Cook79847542014-01-23 15:55:59 -080040- kexec_load_disabled
Dan Rosenberg455cd5a2011-01-12 16:59:41 -080041- kptr_restrict
Chuck Ebbert0741f4d2006-12-07 02:14:11 +010042- kstack_depth_to_print [ X86 only ]
Linus Torvalds1da177e2005-04-16 15:20:36 -070043- l2cr [ PPC only ]
Michael Opdenackerac76cff2008-02-13 15:03:32 -080044- modprobe ==> Documentation/debugging-modules.txt
Kees Cook3d433212009-04-02 15:49:29 -070045- modules_disabled
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -080046- msg_next_id [ sysv ipc ]
Linus Torvalds1da177e2005-04-16 15:20:36 -070047- msgmax
48- msgmnb
49- msgmni
Shen Feng760df932009-04-02 16:57:20 -070050- nmi_watchdog
Linus Torvalds1da177e2005-04-16 15:20:36 -070051- osrelease
52- ostype
53- overflowgid
54- overflowuid
55- panic
Borislav Petkov807094c2011-07-23 10:39:29 -070056- panic_on_oops
Mitsuo Hayasaka55af7792011-11-29 15:08:36 +090057- panic_on_stackoverflow
Prarit Bhargava9e3961a2014-12-10 15:45:50 -080058- panic_on_unrecovered_nmi
59- panic_on_warn
Linus Torvalds1da177e2005-04-16 15:20:36 -070060- pid_max
61- powersave-nap [ PPC only ]
62- printk
Borislav Petkov807094c2011-07-23 10:39:29 -070063- printk_delay
64- printk_ratelimit
65- printk_ratelimit_burst
Jiri Kosina1ec7fd52008-02-09 23:24:08 +010066- randomize_va_space
Linus Torvalds1da177e2005-04-16 15:20:36 -070067- real-root-dev ==> Documentation/initrd.txt
68- reboot-cmd [ SPARC only ]
69- rtsig-max
70- rtsig-nr
71- sem
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -080072- sem_next_id [ sysv ipc ]
Linus Torvalds1da177e2005-04-16 15:20:36 -070073- sg-big-buff [ generic SCSI device (sg) ]
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -080074- shm_next_id [ sysv ipc ]
Vasiliy Kulikovb34a6b12011-07-26 16:08:48 -070075- shm_rmid_forced
Linus Torvalds1da177e2005-04-16 15:20:36 -070076- shmall
77- shmmax [ sysv ipc ]
78- shmmni
Aaron Tomlined235872014-06-23 13:22:05 -070079- softlockup_all_cpu_backtrace
Ulrich Obergfell195daf62015-04-14 15:44:13 -070080- soft_watchdog
Linus Torvalds1da177e2005-04-16 15:20:36 -070081- stop-a [ SPARC only ]
82- sysrq ==> Documentation/sysrq.txt
Kees Cookf4aacea2014-06-06 14:37:19 -070083- sysctl_writes_strict
Linus Torvalds1da177e2005-04-16 15:20:36 -070084- tainted
85- threads-max
Shen Feng760df932009-04-02 16:57:20 -070086- unknown_nmi_panic
Ulrich Obergfell195daf62015-04-14 15:44:13 -070087- watchdog
Li Zefan08825c92013-05-17 10:31:20 +080088- watchdog_thresh
Linus Torvalds1da177e2005-04-16 15:20:36 -070089- version
90
91==============================================================
92
93acct:
94
95highwater lowwater frequency
96
97If BSD-style process accounting is enabled these values control
98its behaviour. If free space on filesystem where the log lives
99goes below <lowwater>% accounting suspends. If free space gets
100above <highwater>% accounting resumes. <Frequency> determines
101how often do we check the amount of free space (value is in
102seconds). Default:
1034 2 30
104That is, suspend accounting if there left <= 2% free; resume it
105if we got >=4%; consider information about amount of free space
106valid for 30 seconds.
107
108==============================================================
109
Borislav Petkov807094c2011-07-23 10:39:29 -0700110acpi_video_flags:
111
112flags
113
114See Doc*/kernel/power/video.txt, it allows mode of video boot to be
115set during run time.
116
117==============================================================
118
119auto_msgmni:
120
Manfred Spraul0050ee02014-12-12 16:58:17 -0800121This variable has no effect and may be removed in future kernel
122releases. Reading it always returns 0.
123Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni
124upon memory add/remove or upon ipc namespace creation/removal.
125Echoing "1" into this file enabled msgmni automatic recomputing.
126Echoing "0" turned it off. auto_msgmni default value was 1.
Borislav Petkov807094c2011-07-23 10:39:29 -0700127
128
129==============================================================
130
H. Peter Anvind75757a2009-12-11 14:23:44 -0800131bootloader_type:
132
133x86 bootloader identification
134
135This gives the bootloader type number as indicated by the bootloader,
136shifted left by 4, and OR'd with the low four bits of the bootloader
137version. The reason for this encoding is that this used to match the
138type_of_loader field in the kernel header; the encoding is kept for
139backwards compatibility. That is, if the full bootloader type number
140is 0x15 and the full version number is 0x234, this file will contain
141the value 340 = 0x154.
142
143See the type_of_loader and ext_loader_type fields in
144Documentation/x86/boot.txt for additional information.
145
146==============================================================
147
148bootloader_version:
149
150x86 bootloader version
151
152The complete bootloader version number. In the example above, this
153file will contain the value 564 = 0x234.
154
155See the type_of_loader and ext_loader_ver fields in
156Documentation/x86/boot.txt for additional information.
157
158==============================================================
159
Hans-Joachim Pichtc114728a2009-09-11 10:28:47 +0200160callhome:
161
162Controls the kernel's callhome behavior in case of a kernel panic.
163
164The s390 hardware allows an operating system to send a notification
165to a service organization (callhome) in case of an operating system panic.
166
167When the value in this file is 0 (which is the default behavior)
168nothing happens in case of a kernel panic. If this value is set to "1"
169the complete kernel oops message is send to the IBM customer service
170organization in case the mainframe the Linux operating system is running
171on has a service contract with IBM.
172
173==============================================================
174
Dan Ballard73efc032011-10-31 17:11:20 -0700175cap_last_cap
176
177Highest valid capability of the running kernel. Exports
178CAP_LAST_CAP from the kernel.
179
180==============================================================
181
Linus Torvalds1da177e2005-04-16 15:20:36 -0700182core_pattern:
183
184core_pattern is used to specify a core dumpfile pattern name.
Matthias Urlichscd081042006-10-11 01:21:57 -0700185. max length 128 characters; default value is "core"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700186. core_pattern is used as a pattern template for the output filename;
187 certain string patterns (beginning with '%') are substituted with
188 their actual values.
189. backward compatibility with core_uses_pid:
190 If core_pattern does not include "%p" (default does not)
191 and core_uses_pid is set, then .PID will be appended to
192 the filename.
193. corename format specifiers:
194 %<NUL> '%' is dropped
195 %% output one '%'
196 %p pid
Stéphane Graber65aafb12013-09-11 14:24:32 -0700197 %P global pid (init PID namespace)
Oleg Nesterovb03023e2014-10-13 15:53:35 -0700198 %i tid
199 %I global tid (init PID namespace)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700200 %u uid
201 %g gid
Oleg Nesterov12a2b4b2012-10-04 17:15:25 -0700202 %d dump mode, matches PR_SET_DUMPABLE and
203 /proc/sys/fs/suid_dumpable
Linus Torvalds1da177e2005-04-16 15:20:36 -0700204 %s signal number
205 %t UNIX time of dump
206 %h hostname
Jiri Slaby57cc0832011-05-26 16:25:46 -0700207 %e executable filename (may be shortened)
208 %E executable path
Linus Torvalds1da177e2005-04-16 15:20:36 -0700209 %<OTHER> both are dropped
Matthias Urlichscd081042006-10-11 01:21:57 -0700210. If the first character of the pattern is a '|', the kernel will treat
211 the rest of the pattern as a command to run. The core dump will be
212 written to the standard input of that program instead of to a file.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700213
214==============================================================
215
Neil Hormana2939802009-09-23 15:56:56 -0700216core_pipe_limit:
217
Borislav Petkov807094c2011-07-23 10:39:29 -0700218This sysctl is only applicable when core_pattern is configured to pipe
219core files to a user space helper (when the first character of
220core_pattern is a '|', see above). When collecting cores via a pipe
221to an application, it is occasionally useful for the collecting
222application to gather data about the crashing process from its
223/proc/pid directory. In order to do this safely, the kernel must wait
224for the collecting process to exit, so as not to remove the crashing
225processes proc files prematurely. This in turn creates the
226possibility that a misbehaving userspace collecting process can block
227the reaping of a crashed process simply by never exiting. This sysctl
228defends against that. It defines how many concurrent crashing
229processes may be piped to user space applications in parallel. If
230this value is exceeded, then those crashing processes above that value
231are noted via the kernel log and their cores are skipped. 0 is a
232special value, indicating that unlimited processes may be captured in
233parallel, but that no waiting will take place (i.e. the collecting
234process is not guaranteed access to /proc/<crashing pid>/). This
235value defaults to 0.
Neil Hormana2939802009-09-23 15:56:56 -0700236
237==============================================================
238
Linus Torvalds1da177e2005-04-16 15:20:36 -0700239core_uses_pid:
240
241The default coredump filename is "core". By setting
242core_uses_pid to 1, the coredump filename becomes core.PID.
243If core_pattern does not include "%p" (default does not)
244and core_uses_pid is set, then .PID will be appended to
245the filename.
246
247==============================================================
248
249ctrl-alt-del:
250
251When the value in this file is 0, ctrl-alt-del is trapped and
252sent to the init(1) program to handle a graceful restart.
253When, however, the value is > 0, Linux's reaction to a Vulcan
254Nerve Pinch (tm) will be an immediate reboot, without even
255syncing its dirty buffers.
256
257Note: when a program (like dosemu) has the keyboard in 'raw'
258mode, the ctrl-alt-del is intercepted by the program before it
259ever reaches the kernel tty layer, and it's up to the program
260to decide what to do with it.
261
262==============================================================
263
Dan Rosenbergeaf06b22010-11-11 14:05:18 -0800264dmesg_restrict:
265
Borislav Petkov807094c2011-07-23 10:39:29 -0700266This toggle indicates whether unprivileged users are prevented
267from using dmesg(8) to view messages from the kernel's log buffer.
268When dmesg_restrict is set to (0) there are no restrictions. When
Serge E. Hallyn38ef4c22010-12-08 15:19:01 +0000269dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
Dan Rosenbergeaf06b22010-11-11 14:05:18 -0800270dmesg(8).
271
Borislav Petkov807094c2011-07-23 10:39:29 -0700272The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the
273default value of dmesg_restrict.
Dan Rosenbergeaf06b22010-11-11 14:05:18 -0800274
275==============================================================
276
Linus Torvalds1da177e2005-04-16 15:20:36 -0700277domainname & hostname:
278
279These files can be used to set the NIS/YP domainname and the
280hostname of your box in exactly the same way as the commands
281domainname and hostname, i.e.:
282# echo "darkstar" > /proc/sys/kernel/hostname
283# echo "mydomain" > /proc/sys/kernel/domainname
284has the same effect as
285# hostname "darkstar"
286# domainname "mydomain"
287
288Note, however, that the classic darkstar.frop.org has the
289hostname "darkstar" and DNS (Internet Domain Name Server)
290domainname "frop.org", not to be confused with the NIS (Network
291Information Service) or YP (Yellow Pages) domainname. These two
292domain names are in general different. For a detailed discussion
293see the hostname(1) man page.
294
295==============================================================
296
297hotplug:
298
299Path for the hotplug policy agent.
300Default value is "/sbin/hotplug".
301
302==============================================================
303
Aaron Tomlin270750db2014-01-20 17:34:13 +0000304hung_task_panic:
305
306Controls the kernel's behavior when a hung task is detected.
307This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
308
3090: continue operation. This is the default behavior.
310
3111: panic immediately.
312
313==============================================================
314
315hung_task_check_count:
316
317The upper bound on the number of tasks that are checked.
318This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
319
320==============================================================
321
322hung_task_timeout_secs:
323
324Check interval. When a task in D state did not get scheduled
325for more than this value report a warning.
326This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
327
3280: means infinite timeout - no checking done.
Liu Hua80df2842014-04-07 15:38:57 -0700329Possible values to set are in range {0..LONG_MAX/HZ}.
Aaron Tomlin270750db2014-01-20 17:34:13 +0000330
331==============================================================
332
Aaron Tomlin70e0ac52014-01-27 09:00:57 +0000333hung_task_warnings:
Aaron Tomlin270750db2014-01-20 17:34:13 +0000334
335The maximum number of warnings to report. During a check interval
Aaron Tomlin70e0ac52014-01-27 09:00:57 +0000336if a hung task is detected, this value is decreased by 1.
337When this value reaches 0, no more warnings will be reported.
Aaron Tomlin270750db2014-01-20 17:34:13 +0000338This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
339
340-1: report an infinite number of warnings.
341
342==============================================================
343
Kees Cook79847542014-01-23 15:55:59 -0800344kexec_load_disabled:
345
346A toggle indicating if the kexec_load syscall has been disabled. This
347value defaults to 0 (false: kexec_load enabled), but can be set to 1
348(true: kexec_load disabled). Once true, kexec can no longer be used, and
349the toggle cannot be set back to false. This allows a kexec image to be
350loaded before disabling the syscall, allowing a system to set up (and
351later use) an image without it being altered. Generally used together
352with the "modules_disabled" sysctl.
353
354==============================================================
355
Dan Rosenberg455cd5a2011-01-12 16:59:41 -0800356kptr_restrict:
357
358This toggle indicates whether restrictions are placed on
Ryan Mallon312b4e22013-11-12 15:08:51 -0800359exposing kernel addresses via /proc and other interfaces.
360
361When kptr_restrict is set to (0), the default, there are no restrictions.
362
363When kptr_restrict is set to (1), kernel pointers printed using the %pK
364format specifier will be replaced with 0's unless the user has CAP_SYSLOG
365and effective user and group ids are equal to the real ids. This is
366because %pK checks are done at read() time rather than open() time, so
367if permissions are elevated between the open() and the read() (e.g via
368a setuid binary) then %pK will not leak kernel pointers to unprivileged
369users. Note, this is a temporary solution only. The correct long-term
370solution is to do the permission checks at open() time. Consider removing
371world read permissions from files that use %pK, and using dmesg_restrict
372to protect against uses of %pK in dmesg(8) if leaking kernel pointer
373values to unprivileged users is a concern.
374
375When kptr_restrict is set to (2), kernel pointers printed using
376%pK will be replaced with 0's regardless of privileges.
Dan Rosenberg455cd5a2011-01-12 16:59:41 -0800377
378==============================================================
379
Chuck Ebbert0741f4d2006-12-07 02:14:11 +0100380kstack_depth_to_print: (X86 only)
381
382Controls the number of words to print when dumping the raw
383kernel stack.
384
385==============================================================
386
Borislav Petkov807094c2011-07-23 10:39:29 -0700387l2cr: (PPC only)
388
389This flag controls the L2 cache of G3 processor boards. If
3900, the cache is disabled. Enabled if nonzero.
391
392==============================================================
393
Kees Cook3d433212009-04-02 15:49:29 -0700394modules_disabled:
395
396A toggle value indicating if modules are allowed to be loaded
397in an otherwise modular kernel. This toggle defaults to off
398(0), but can be set true (1). Once true, modules can be
399neither loaded nor unloaded, and the toggle cannot be set back
Kees Cook79847542014-01-23 15:55:59 -0800400to false. Generally used with the "kexec_load_disabled" toggle.
Kees Cook3d433212009-04-02 15:49:29 -0700401
402==============================================================
403
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -0800404msg_next_id, sem_next_id, and shm_next_id:
405
406These three toggles allows to specify desired id for next allocated IPC
407object: message, semaphore or shared memory respectively.
408
409By default they are equal to -1, which means generic allocation logic.
410Possible values to set are in range {0..INT_MAX}.
411
412Notes:
4131) kernel doesn't guarantee, that new object will have desired id. So,
414it's up to userspace, how to handle an object with "wrong" id.
4152) Toggle with non-default value will be set back to -1 by kernel after
416successful IPC object allocation.
417
418==============================================================
419
Borislav Petkov807094c2011-07-23 10:39:29 -0700420nmi_watchdog:
421
Ulrich Obergfell195daf62015-04-14 15:44:13 -0700422This parameter can be used to control the NMI watchdog
423(i.e. the hard lockup detector) on x86 systems.
Borislav Petkov807094c2011-07-23 10:39:29 -0700424
Ulrich Obergfell195daf62015-04-14 15:44:13 -0700425 0 - disable the hard lockup detector
426 1 - enable the hard lockup detector
427
428The hard lockup detector monitors each CPU for its ability to respond to
429timer interrupts. The mechanism utilizes CPU performance counter registers
430that are programmed to generate Non-Maskable Interrupts (NMIs) periodically
431while a CPU is busy. Hence, the alternative name 'NMI watchdog'.
432
433The NMI watchdog is disabled by default if the kernel is running as a guest
434in a KVM virtual machine. This default can be overridden by adding
435
436 nmi_watchdog=1
437
438to the guest kernel command line (see Documentation/kernel-parameters.txt).
Borislav Petkov807094c2011-07-23 10:39:29 -0700439
440==============================================================
441
Mel Gorman10fc05d2013-10-07 11:28:40 +0100442numa_balancing
443
444Enables/disables automatic page fault based NUMA memory
445balancing. Memory is moved automatically to nodes
446that access it often.
447
448Enables/disables automatic NUMA memory balancing. On NUMA machines, there
449is a performance penalty if remote memory is accessed by a CPU. When this
450feature is enabled the kernel samples what task thread is accessing memory
451by periodically unmapping pages and later trapping a page fault. At the
452time of the page fault, it is determined if the data being accessed should
453be migrated to a local memory node.
454
455The unmapping of pages and trapping faults incur additional overhead that
456ideally is offset by improved memory locality but there is no universal
457guarantee. If the target workload is already bound to NUMA nodes then this
458feature should be disabled. Otherwise, if the system overhead from the
459feature is too high then the rate the kernel samples for NUMA hinting
460faults may be controlled by the numa_balancing_scan_period_min_ms,
Mel Gorman930aa172013-10-07 11:29:37 +0100461numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms,
Rik van Riel52bf84a2014-01-27 17:03:40 -0500462numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls.
Mel Gorman10fc05d2013-10-07 11:28:40 +0100463
464==============================================================
465
466numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms,
Mel Gorman930aa172013-10-07 11:29:37 +0100467numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb
Mel Gorman10fc05d2013-10-07 11:28:40 +0100468
469Automatic NUMA balancing scans tasks address space and unmaps pages to
470detect if pages are properly placed or if the data should be migrated to a
471memory node local to where the task is running. Every "scan delay" the task
472scans the next "scan size" number of pages in its address space. When the
473end of the address space is reached the scanner restarts from the beginning.
474
475In combination, the "scan delay" and "scan size" determine the scan rate.
476When "scan delay" decreases, the scan rate increases. The scan delay and
477hence the scan rate of every task is adaptive and depends on historical
478behaviour. If pages are properly placed then the scan delay increases,
479otherwise the scan delay decreases. The "scan size" is not adaptive but
480the higher the "scan size", the higher the scan rate.
481
482Higher scan rates incur higher system overhead as page faults must be
483trapped and potentially data must be migrated. However, the higher the scan
484rate, the more quickly a tasks memory is migrated to a local node if the
485workload pattern changes and minimises performance impact due to remote
486memory accesses. These sysctls control the thresholds for scan delays and
487the number of pages scanned.
488
Mel Gorman598f0ec2013-10-07 11:28:55 +0100489numa_balancing_scan_period_min_ms is the minimum time in milliseconds to
490scan a tasks virtual memory. It effectively controls the maximum scanning
491rate for each task.
Mel Gorman10fc05d2013-10-07 11:28:40 +0100492
493numa_balancing_scan_delay_ms is the starting "scan delay" used for a task
494when it initially forks.
495
Mel Gorman598f0ec2013-10-07 11:28:55 +0100496numa_balancing_scan_period_max_ms is the maximum time in milliseconds to
497scan a tasks virtual memory. It effectively controls the minimum scanning
498rate for each task.
Mel Gorman10fc05d2013-10-07 11:28:40 +0100499
500numa_balancing_scan_size_mb is how many megabytes worth of pages are
501scanned for a given scan.
502
Mel Gorman10fc05d2013-10-07 11:28:40 +0100503==============================================================
504
Linus Torvalds1da177e2005-04-16 15:20:36 -0700505osrelease, ostype & version:
506
507# cat osrelease
5082.1.88
509# cat ostype
510Linux
511# cat version
512#5 Wed Feb 25 21:49:24 MET 1998
513
514The files osrelease and ostype should be clear enough. Version
515needs a little more clarification however. The '#5' means that
516this is the fifth kernel built from this source base and the
517date behind it indicates the time the kernel was built.
518The only way to tune these values is to rebuild the kernel :-)
519
520==============================================================
521
522overflowgid & overflowuid:
523
Borislav Petkov807094c2011-07-23 10:39:29 -0700524if your architecture did not always support 32-bit UIDs (i.e. arm,
525i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to
526applications that use the old 16-bit UID/GID system calls, if the
527actual UID or GID would exceed 65535.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700528
529These sysctls allow you to change the value of the fixed UID and GID.
530The default is 65534.
531
532==============================================================
533
534panic:
535
Borislav Petkov807094c2011-07-23 10:39:29 -0700536The value in this file represents the number of seconds the kernel
537waits before rebooting on a panic. When you use the software watchdog,
538the recommended setting is 60.
539
540==============================================================
541
Linus Torvalds1da177e2005-04-16 15:20:36 -0700542panic_on_oops:
543
544Controls the kernel's behaviour when an oops or BUG is encountered.
545
5460: try to continue operation
547
Matt LaPlantea982ac02007-05-09 07:35:06 +02005481: panic immediately. If the `panic' sysctl is also non-zero then the
Maxime Bizon8b23d04d2006-08-05 12:14:32 -0700549 machine will be rebooted.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700550
551==============================================================
552
Mitsuo Hayasaka55af7792011-11-29 15:08:36 +0900553panic_on_stackoverflow:
554
555Controls the kernel's behavior when detecting the overflows of
556kernel, IRQ and exception stacks except a user stack.
557This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled.
558
5590: try to continue operation.
560
5611: panic immediately.
562
563==============================================================
564
Prarit Bhargava9e3961a2014-12-10 15:45:50 -0800565panic_on_unrecovered_nmi:
566
567The default Linux behaviour on an NMI of either memory or unknown is
568to continue operation. For many environments such as scientific
569computing it is preferable that the box is taken out and the error
570dealt with than an uncorrected parity/ECC error get propagated.
571
572A small number of systems do generate NMI's for bizarre random reasons
573such as power management so the default is off. That sysctl works like
574the existing panic controls already in that directory.
575
576==============================================================
577
578panic_on_warn:
579
580Calls panic() in the WARN() path when set to 1. This is useful to avoid
581a kernel rebuild when attempting to kdump at the location of a WARN().
582
5830: only WARN(), default behaviour.
584
5851: call panic() after printing out WARN() location.
586
587==============================================================
588
Dave Hansen14c63f12013-06-21 08:51:36 -0700589perf_cpu_time_max_percent:
590
591Hints to the kernel how much CPU time it should be allowed to
592use to handle perf sampling events. If the perf subsystem
593is informed that its samples are exceeding this limit, it
594will drop its sampling frequency to attempt to reduce its CPU
595usage.
596
597Some perf sampling happens in NMIs. If these samples
598unexpectedly take too long to execute, the NMIs can become
599stacked up next to each other so much that nothing else is
600allowed to execute.
601
6020: disable the mechanism. Do not monitor or correct perf's
603 sampling rate no matter how CPU time it takes.
604
6051-100: attempt to throttle perf's sample rate to this
606 percentage of CPU. Note: the kernel calculates an
607 "expected" length of each sample event. 100 here means
608 100% of that expected length. Even if this is set to
609 100, you may still see sample throttling if this
610 length is exceeded. Set to 0 if you truly do not care
611 how much CPU is consumed.
612
613==============================================================
614
Mitsuo Hayasaka55af7792011-11-29 15:08:36 +0900615
Linus Torvalds1da177e2005-04-16 15:20:36 -0700616pid_max:
617
Robert P. J. Daybeb7dd82007-05-09 07:14:03 +0200618PID allocation wrap value. When the kernel's next PID value
Linus Torvalds1da177e2005-04-16 15:20:36 -0700619reaches this value, it wraps back to a minimum PID value.
620PIDs of value pid_max or larger are not allocated.
621
622==============================================================
623
Pavel Emelyanovb8f566b2012-01-12 17:20:27 -0800624ns_last_pid:
625
626The last pid allocated in the current (the one task using this sysctl
627lives in) pid namespace. When selecting a pid for a next task on fork
628kernel tries to allocate a number starting from this one.
629
630==============================================================
631
Linus Torvalds1da177e2005-04-16 15:20:36 -0700632powersave-nap: (PPC only)
633
634If set, Linux-PPC will use the 'nap' mode of powersaving,
635otherwise the 'doze' mode will be used.
636
637==============================================================
638
639printk:
640
641The four values in printk denote: console_loglevel,
642default_message_loglevel, minimum_console_loglevel and
643default_console_loglevel respectively.
644
645These values influence printk() behavior when printing or
646logging error messages. See 'man 2 syslog' for more info on
647the different loglevels.
648
649- console_loglevel: messages with a higher priority than
650 this will be printed to the console
Paul Bolle87889e12011-02-06 21:00:41 +0100651- default_message_loglevel: messages without an explicit priority
Linus Torvalds1da177e2005-04-16 15:20:36 -0700652 will be printed with this priority
653- minimum_console_loglevel: minimum (highest) value to which
654 console_loglevel can be set
655- default_console_loglevel: default value for console_loglevel
656
657==============================================================
658
Borislav Petkov807094c2011-07-23 10:39:29 -0700659printk_delay:
660
661Delay each printk message in printk_delay milliseconds
662
663Value from 0 - 10000 is allowed.
664
665==============================================================
666
Linus Torvalds1da177e2005-04-16 15:20:36 -0700667printk_ratelimit:
668
669Some warning messages are rate limited. printk_ratelimit specifies
670the minimum length of time between these messages (in jiffies), by
671default we allow one every 5 seconds.
672
673A value of 0 will disable rate limiting.
674
675==============================================================
676
677printk_ratelimit_burst:
678
679While long term we enforce one message per printk_ratelimit
680seconds, we do allow a burst of messages to pass through.
681printk_ratelimit_burst specifies the number of messages we can
682send before ratelimiting kicks in.
683
684==============================================================
685
Borislav Petkov807094c2011-07-23 10:39:29 -0700686randomize_va_space:
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100687
688This option can be used to select the type of process address
689space randomization that is used in the system, for architectures
690that support this feature.
691
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +02006920 - Turn the process address space randomization off. This is the
693 default for architectures that do not support this feature anyways,
694 and kernels that are booted with the "norandmaps" parameter.
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100695
6961 - Make the addresses of mmap base, stack and VDSO page randomized.
697 This, among other things, implies that shared libraries will be
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +0200698 loaded to random addresses. Also for PIE-linked binaries, the
699 location of code start is randomized. This is the default if the
700 CONFIG_COMPAT_BRK option is enabled.
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100701
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +02007022 - Additionally enable heap randomization. This is the default if
703 CONFIG_COMPAT_BRK is disabled.
704
705 There are a few legacy applications out there (such as some ancient
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100706 versions of libc.so.5 from 1996) that assume that brk area starts
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +0200707 just after the end of the code+bss. These applications break when
708 start of the brk area is randomized. There are however no known
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100709 non-legacy applications that would be broken this way, so for most
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +0200710 systems it is safe to choose full randomization.
711
712 Systems with ancient and/or broken binaries should be configured
713 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process
714 address space randomization.
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100715
716==============================================================
717
Linus Torvalds1da177e2005-04-16 15:20:36 -0700718reboot-cmd: (Sparc only)
719
720??? This seems to be a way to give an argument to the Sparc
721ROM/Flash boot loader. Maybe to tell it what to do after
722rebooting. ???
723
724==============================================================
725
726rtsig-max & rtsig-nr:
727
728The file rtsig-max can be used to tune the maximum number
729of POSIX realtime (queued) signals that can be outstanding
730in the system.
731
732rtsig-nr shows the number of RT signals currently queued.
733
734==============================================================
735
736sg-big-buff:
737
738This file shows the size of the generic SCSI (sg) buffer.
739You can't tune it just yet, but you could change it on
740compile time by editing include/scsi/sg.h and changing
741the value of SG_BIG_BUFF.
742
743There shouldn't be any reason to change this value. If
744you can come up with one, you probably know what you
745are doing anyway :)
746
747==============================================================
748
Carlos Alberto Lopez Perez358e4192013-01-04 15:35:05 -0800749shmall:
750
751This parameter sets the total amount of shared memory pages that
752can be used system wide. Hence, SHMALL should always be at least
753ceil(shmmax/PAGE_SIZE).
754
755If you are not sure what the default PAGE_SIZE is on your Linux
756system, you can run the following command:
757
758# getconf PAGE_SIZE
759
760==============================================================
761
Borislav Petkov807094c2011-07-23 10:39:29 -0700762shmmax:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700763
764This value can be used to query and set the run time limit
765on the maximum shared memory segment size that can be created.
Borislav Petkov807094c2011-07-23 10:39:29 -0700766Shared memory segments up to 1Gb are now supported in the
Linus Torvalds1da177e2005-04-16 15:20:36 -0700767kernel. This value defaults to SHMMAX.
768
769==============================================================
770
Vasiliy Kulikovb34a6b12011-07-26 16:08:48 -0700771shm_rmid_forced:
772
773Linux lets you set resource limits, including how much memory one
774process can consume, via setrlimit(2). Unfortunately, shared memory
775segments are allowed to exist without association with any process, and
776thus might not be counted against any resource limits. If enabled,
777shared memory segments are automatically destroyed when their attach
778count becomes zero after a detach or a process termination. It will
779also destroy segments that were created, but never attached to, on exit
780from the process. The only use left for IPC_RMID is to immediately
781destroy an unattached segment. Of course, this breaks the way things are
782defined, so some applications might stop working. Note that this
783feature will do you no good unless you also configure your resource
784limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't
785need this.
786
787Note that if you change this from 0 to 1, already created segments
788without users and with a dead originative process will be destroyed.
789
790==============================================================
791
Kees Cookf4aacea2014-06-06 14:37:19 -0700792sysctl_writes_strict:
793
794Control how file position affects the behavior of updating sysctl values
795via the /proc/sys interface:
796
797 -1 - Legacy per-write sysctl value handling, with no printk warnings.
798 Each write syscall must fully contain the sysctl value to be
799 written, and multiple writes on the same sysctl file descriptor
800 will rewrite the sysctl value, regardless of file position.
801 0 - (default) Same behavior as above, but warn about processes that
802 perform writes to a sysctl file descriptor when the file position
803 is not 0.
804 1 - Respect file position when writing sysctl strings. Multiple writes
805 will append to the sysctl value buffer. Anything past the max length
806 of the sysctl value buffer will be ignored. Writes to numeric sysctl
807 entries must always be at file position 0 and the value must be
808 fully contained in the buffer sent in the write syscall.
809
810==============================================================
811
Aaron Tomlined235872014-06-23 13:22:05 -0700812softlockup_all_cpu_backtrace:
813
814This value controls the soft lockup detector thread's behavior
815when a soft lockup condition is detected as to whether or not
816to gather further debug information. If enabled, each cpu will
817be issued an NMI and instructed to capture stack trace.
818
819This feature is only applicable for architectures which support
820NMI.
821
8220: do nothing. This is the default behavior.
823
8241: on detection capture more debug information.
825
826==============================================================
827
Ulrich Obergfell195daf62015-04-14 15:44:13 -0700828soft_watchdog
829
830This parameter can be used to control the soft lockup detector.
831
832 0 - disable the soft lockup detector
833 1 - enable the soft lockup detector
834
835The soft lockup detector monitors CPUs for threads that are hogging the CPUs
836without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads
837from running. The mechanism depends on the CPUs ability to respond to timer
838interrupts which are needed for the 'watchdog/N' threads to be woken up by
839the watchdog timer function, otherwise the NMI watchdog - if enabled - can
840detect a hard lockup condition.
841
842==============================================================
843
Borislav Petkov807094c2011-07-23 10:39:29 -0700844tainted:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700845
846Non-zero if the kernel has been tainted. Numeric values, which
847can be ORed together:
848
Greg Kroah-Hartmanbb206982008-10-17 15:01:07 -0700849 1 - A module with a non-GPL license has been loaded, this
850 includes modules with no license.
851 Set by modutils >= 2.4.9 and module-init-tools.
852 2 - A module was force loaded by insmod -f.
853 Set by modutils >= 2.4.9 and module-init-tools.
854 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
855 8 - A module was forcibly unloaded from the system by rmmod -f.
856 16 - A hardware machine check error occurred on the system.
857 32 - A bad page was discovered on the system.
858 64 - The user has asked that the system be marked "tainted". This
859 could be because they are running software that directly modifies
860 the hardware, or for other reasons.
861 128 - The system has died.
862 256 - The ACPI DSDT has been overridden with one supplied by the user
863 instead of using the one provided by the hardware.
864 512 - A kernel warning has occurred.
8651024 - A module from drivers/staging was loaded.
Larry Fingerf5fe1842012-02-06 09:49:50 -08008662048 - The system is working around a severe firmware bug.
8674096 - An out-of-tree module has been loaded.
Mathieu Desnoyers66cc69e2014-03-13 12:11:30 +10308688192 - An unsigned module has been loaded in a kernel supporting module
869 signature.
Josh Hunt69361ee2014-08-08 14:22:31 -070087016384 - A soft lockup has previously occurred on the system.
Seth Jenningsc5f45462014-12-16 11:58:18 -060087132768 - The kernel has been live patched.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700872
Shen Feng760df932009-04-02 16:57:20 -0700873==============================================================
874
Heinrich Schuchardt0ec62af2015-04-16 12:47:53 -0700875threads-max
876
877This value controls the maximum number of threads that can be created
878using fork().
879
880During initialization the kernel sets this value such that even if the
881maximum number of threads is created, the thread structures occupy only
882a part (1/8th) of the available RAM pages.
883
884The minimum value that can be written to threads-max is 20.
885The maximum value that can be written to threads-max is given by the
886constant FUTEX_TID_MASK (0x3fffffff).
887If a value outside of this range is written to threads-max an error
888EINVAL occurs.
889
890The value written is checked against the available RAM pages. If the
891thread structures would occupy too much (more than 1/8th) of the
892available RAM pages threads-max is reduced accordingly.
893
894==============================================================
895
Shen Feng760df932009-04-02 16:57:20 -0700896unknown_nmi_panic:
897
Borislav Petkov807094c2011-07-23 10:39:29 -0700898The value in this file affects behavior of handling NMI. When the
899value is non-zero, unknown NMI is trapped and then panic occurs. At
900that time, kernel debugging information is displayed on console.
Shen Feng760df932009-04-02 16:57:20 -0700901
Borislav Petkov807094c2011-07-23 10:39:29 -0700902NMI switch that most IA32 servers have fires unknown NMI up, for
903example. If a system hangs up, try pressing the NMI switch.
Li Zefan08825c92013-05-17 10:31:20 +0800904
905==============================================================
906
Ulrich Obergfell195daf62015-04-14 15:44:13 -0700907watchdog:
908
909This parameter can be used to disable or enable the soft lockup detector
910_and_ the NMI watchdog (i.e. the hard lockup detector) at the same time.
911
912 0 - disable both lockup detectors
913 1 - enable both lockup detectors
914
915The soft lockup detector and the NMI watchdog can also be disabled or
916enabled individually, using the soft_watchdog and nmi_watchdog parameters.
917If the watchdog parameter is read, for example by executing
918
919 cat /proc/sys/kernel/watchdog
920
921the output of this command (0 or 1) shows the logical OR of soft_watchdog
922and nmi_watchdog.
923
924==============================================================
925
Li Zefan08825c92013-05-17 10:31:20 +0800926watchdog_thresh:
927
928This value can be used to control the frequency of hrtimer and NMI
929events and the soft and hard lockup thresholds. The default threshold
930is 10 seconds.
931
932The softlockup threshold is (2 * watchdog_thresh). Setting this
933tunable to zero will disable lockup detection altogether.
934
935==============================================================