blob: 83ab25660fc961de2d498b3a56724ecc09f950b2 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001Documentation for /proc/sys/kernel/* kernel version 2.2.10
2 (c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
Shen Feng760df932009-04-02 16:57:20 -07003 (c) 2009, Shen Feng<shen@cn.fujitsu.com>
Linus Torvalds1da177e2005-04-16 15:20:36 -07004
5For general info and legal blurb, please look in README.
6
7==============================================================
8
9This file contains documentation for the sysctl files in
10/proc/sys/kernel/ and is valid for Linux kernel version 2.2.
11
12The files in this directory can be used to tune and monitor
13miscellaneous and general things in the operation of the Linux
14kernel. Since some of the files _can_ be used to screw up your
15system, it is advisable to read both documentation and source
16before actually making adjustments.
17
18Currently, these files might (depending on your configuration)
19show up in /proc/sys/kernel:
Borislav Petkov807094c2011-07-23 10:39:29 -070020
Linus Torvalds1da177e2005-04-16 15:20:36 -070021- acct
Borislav Petkov807094c2011-07-23 10:39:29 -070022- acpi_video_flags
23- auto_msgmni
H. Peter Anvind75757a2009-12-11 14:23:44 -080024- bootloader_type [ X86 only ]
25- bootloader_version [ X86 only ]
Hans-Joachim Pichtc114728a2009-09-11 10:28:47 +020026- callhome [ S390 only ]
Dan Ballard73efc032011-10-31 17:11:20 -070027- cap_last_cap
Linus Torvalds1da177e2005-04-16 15:20:36 -070028- core_pattern
Neil Hormana2939802009-09-23 15:56:56 -070029- core_pipe_limit
Linus Torvalds1da177e2005-04-16 15:20:36 -070030- core_uses_pid
31- ctrl-alt-del
Dan Rosenbergeaf06b22010-11-11 14:05:18 -080032- dmesg_restrict
Linus Torvalds1da177e2005-04-16 15:20:36 -070033- domainname
34- hostname
35- hotplug
Aaron Tomlin270750db2014-01-20 17:34:13 +000036- hung_task_panic
37- hung_task_check_count
38- hung_task_timeout_secs
39- hung_task_warnings
Kees Cook79847542014-01-23 15:55:59 -080040- kexec_load_disabled
Dan Rosenberg455cd5a2011-01-12 16:59:41 -080041- kptr_restrict
Chuck Ebbert0741f4d2006-12-07 02:14:11 +010042- kstack_depth_to_print [ X86 only ]
Linus Torvalds1da177e2005-04-16 15:20:36 -070043- l2cr [ PPC only ]
Michael Opdenackerac76cff2008-02-13 15:03:32 -080044- modprobe ==> Documentation/debugging-modules.txt
Kees Cook3d433212009-04-02 15:49:29 -070045- modules_disabled
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -080046- msg_next_id [ sysv ipc ]
Linus Torvalds1da177e2005-04-16 15:20:36 -070047- msgmax
48- msgmnb
49- msgmni
Shen Feng760df932009-04-02 16:57:20 -070050- nmi_watchdog
Linus Torvalds1da177e2005-04-16 15:20:36 -070051- osrelease
52- ostype
53- overflowgid
54- overflowuid
55- panic
Borislav Petkov807094c2011-07-23 10:39:29 -070056- panic_on_oops
Mitsuo Hayasaka55af7792011-11-29 15:08:36 +090057- panic_on_stackoverflow
Prarit Bhargava9e3961a2014-12-10 15:45:50 -080058- panic_on_unrecovered_nmi
59- panic_on_warn
Linus Torvalds1da177e2005-04-16 15:20:36 -070060- pid_max
61- powersave-nap [ PPC only ]
62- printk
Borislav Petkov807094c2011-07-23 10:39:29 -070063- printk_delay
64- printk_ratelimit
65- printk_ratelimit_burst
Jiri Kosina1ec7fd52008-02-09 23:24:08 +010066- randomize_va_space
Linus Torvalds1da177e2005-04-16 15:20:36 -070067- real-root-dev ==> Documentation/initrd.txt
68- reboot-cmd [ SPARC only ]
69- rtsig-max
70- rtsig-nr
71- sem
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -080072- sem_next_id [ sysv ipc ]
Linus Torvalds1da177e2005-04-16 15:20:36 -070073- sg-big-buff [ generic SCSI device (sg) ]
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -080074- shm_next_id [ sysv ipc ]
Vasiliy Kulikovb34a6b12011-07-26 16:08:48 -070075- shm_rmid_forced
Linus Torvalds1da177e2005-04-16 15:20:36 -070076- shmall
77- shmmax [ sysv ipc ]
78- shmmni
Aaron Tomlined235872014-06-23 13:22:05 -070079- softlockup_all_cpu_backtrace
Linus Torvalds1da177e2005-04-16 15:20:36 -070080- stop-a [ SPARC only ]
81- sysrq ==> Documentation/sysrq.txt
Kees Cookf4aacea2014-06-06 14:37:19 -070082- sysctl_writes_strict
Linus Torvalds1da177e2005-04-16 15:20:36 -070083- tainted
84- threads-max
Shen Feng760df932009-04-02 16:57:20 -070085- unknown_nmi_panic
Li Zefan08825c92013-05-17 10:31:20 +080086- watchdog_thresh
Linus Torvalds1da177e2005-04-16 15:20:36 -070087- version
88
89==============================================================
90
91acct:
92
93highwater lowwater frequency
94
95If BSD-style process accounting is enabled these values control
96its behaviour. If free space on filesystem where the log lives
97goes below <lowwater>% accounting suspends. If free space gets
98above <highwater>% accounting resumes. <Frequency> determines
99how often do we check the amount of free space (value is in
100seconds). Default:
1014 2 30
102That is, suspend accounting if there left <= 2% free; resume it
103if we got >=4%; consider information about amount of free space
104valid for 30 seconds.
105
106==============================================================
107
Borislav Petkov807094c2011-07-23 10:39:29 -0700108acpi_video_flags:
109
110flags
111
112See Doc*/kernel/power/video.txt, it allows mode of video boot to be
113set during run time.
114
115==============================================================
116
117auto_msgmni:
118
Manfred Spraul0050ee02014-12-12 16:58:17 -0800119This variable has no effect and may be removed in future kernel
120releases. Reading it always returns 0.
121Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni
122upon memory add/remove or upon ipc namespace creation/removal.
123Echoing "1" into this file enabled msgmni automatic recomputing.
124Echoing "0" turned it off. auto_msgmni default value was 1.
Borislav Petkov807094c2011-07-23 10:39:29 -0700125
126
127==============================================================
128
H. Peter Anvind75757a2009-12-11 14:23:44 -0800129bootloader_type:
130
131x86 bootloader identification
132
133This gives the bootloader type number as indicated by the bootloader,
134shifted left by 4, and OR'd with the low four bits of the bootloader
135version. The reason for this encoding is that this used to match the
136type_of_loader field in the kernel header; the encoding is kept for
137backwards compatibility. That is, if the full bootloader type number
138is 0x15 and the full version number is 0x234, this file will contain
139the value 340 = 0x154.
140
141See the type_of_loader and ext_loader_type fields in
142Documentation/x86/boot.txt for additional information.
143
144==============================================================
145
146bootloader_version:
147
148x86 bootloader version
149
150The complete bootloader version number. In the example above, this
151file will contain the value 564 = 0x234.
152
153See the type_of_loader and ext_loader_ver fields in
154Documentation/x86/boot.txt for additional information.
155
156==============================================================
157
Hans-Joachim Pichtc114728a2009-09-11 10:28:47 +0200158callhome:
159
160Controls the kernel's callhome behavior in case of a kernel panic.
161
162The s390 hardware allows an operating system to send a notification
163to a service organization (callhome) in case of an operating system panic.
164
165When the value in this file is 0 (which is the default behavior)
166nothing happens in case of a kernel panic. If this value is set to "1"
167the complete kernel oops message is send to the IBM customer service
168organization in case the mainframe the Linux operating system is running
169on has a service contract with IBM.
170
171==============================================================
172
Dan Ballard73efc032011-10-31 17:11:20 -0700173cap_last_cap
174
175Highest valid capability of the running kernel. Exports
176CAP_LAST_CAP from the kernel.
177
178==============================================================
179
Linus Torvalds1da177e2005-04-16 15:20:36 -0700180core_pattern:
181
182core_pattern is used to specify a core dumpfile pattern name.
Matthias Urlichscd081042006-10-11 01:21:57 -0700183. max length 128 characters; default value is "core"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700184. core_pattern is used as a pattern template for the output filename;
185 certain string patterns (beginning with '%') are substituted with
186 their actual values.
187. backward compatibility with core_uses_pid:
188 If core_pattern does not include "%p" (default does not)
189 and core_uses_pid is set, then .PID will be appended to
190 the filename.
191. corename format specifiers:
192 %<NUL> '%' is dropped
193 %% output one '%'
194 %p pid
Stéphane Graber65aafb12013-09-11 14:24:32 -0700195 %P global pid (init PID namespace)
Oleg Nesterovb03023e2014-10-13 15:53:35 -0700196 %i tid
197 %I global tid (init PID namespace)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700198 %u uid
199 %g gid
Oleg Nesterov12a2b4b2012-10-04 17:15:25 -0700200 %d dump mode, matches PR_SET_DUMPABLE and
201 /proc/sys/fs/suid_dumpable
Linus Torvalds1da177e2005-04-16 15:20:36 -0700202 %s signal number
203 %t UNIX time of dump
204 %h hostname
Jiri Slaby57cc0832011-05-26 16:25:46 -0700205 %e executable filename (may be shortened)
206 %E executable path
Linus Torvalds1da177e2005-04-16 15:20:36 -0700207 %<OTHER> both are dropped
Matthias Urlichscd081042006-10-11 01:21:57 -0700208. If the first character of the pattern is a '|', the kernel will treat
209 the rest of the pattern as a command to run. The core dump will be
210 written to the standard input of that program instead of to a file.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700211
212==============================================================
213
Neil Hormana2939802009-09-23 15:56:56 -0700214core_pipe_limit:
215
Borislav Petkov807094c2011-07-23 10:39:29 -0700216This sysctl is only applicable when core_pattern is configured to pipe
217core files to a user space helper (when the first character of
218core_pattern is a '|', see above). When collecting cores via a pipe
219to an application, it is occasionally useful for the collecting
220application to gather data about the crashing process from its
221/proc/pid directory. In order to do this safely, the kernel must wait
222for the collecting process to exit, so as not to remove the crashing
223processes proc files prematurely. This in turn creates the
224possibility that a misbehaving userspace collecting process can block
225the reaping of a crashed process simply by never exiting. This sysctl
226defends against that. It defines how many concurrent crashing
227processes may be piped to user space applications in parallel. If
228this value is exceeded, then those crashing processes above that value
229are noted via the kernel log and their cores are skipped. 0 is a
230special value, indicating that unlimited processes may be captured in
231parallel, but that no waiting will take place (i.e. the collecting
232process is not guaranteed access to /proc/<crashing pid>/). This
233value defaults to 0.
Neil Hormana2939802009-09-23 15:56:56 -0700234
235==============================================================
236
Linus Torvalds1da177e2005-04-16 15:20:36 -0700237core_uses_pid:
238
239The default coredump filename is "core". By setting
240core_uses_pid to 1, the coredump filename becomes core.PID.
241If core_pattern does not include "%p" (default does not)
242and core_uses_pid is set, then .PID will be appended to
243the filename.
244
245==============================================================
246
247ctrl-alt-del:
248
249When the value in this file is 0, ctrl-alt-del is trapped and
250sent to the init(1) program to handle a graceful restart.
251When, however, the value is > 0, Linux's reaction to a Vulcan
252Nerve Pinch (tm) will be an immediate reboot, without even
253syncing its dirty buffers.
254
255Note: when a program (like dosemu) has the keyboard in 'raw'
256mode, the ctrl-alt-del is intercepted by the program before it
257ever reaches the kernel tty layer, and it's up to the program
258to decide what to do with it.
259
260==============================================================
261
Dan Rosenbergeaf06b22010-11-11 14:05:18 -0800262dmesg_restrict:
263
Borislav Petkov807094c2011-07-23 10:39:29 -0700264This toggle indicates whether unprivileged users are prevented
265from using dmesg(8) to view messages from the kernel's log buffer.
266When dmesg_restrict is set to (0) there are no restrictions. When
Serge E. Hallyn38ef4c22010-12-08 15:19:01 +0000267dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
Dan Rosenbergeaf06b22010-11-11 14:05:18 -0800268dmesg(8).
269
Borislav Petkov807094c2011-07-23 10:39:29 -0700270The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the
271default value of dmesg_restrict.
Dan Rosenbergeaf06b22010-11-11 14:05:18 -0800272
273==============================================================
274
Linus Torvalds1da177e2005-04-16 15:20:36 -0700275domainname & hostname:
276
277These files can be used to set the NIS/YP domainname and the
278hostname of your box in exactly the same way as the commands
279domainname and hostname, i.e.:
280# echo "darkstar" > /proc/sys/kernel/hostname
281# echo "mydomain" > /proc/sys/kernel/domainname
282has the same effect as
283# hostname "darkstar"
284# domainname "mydomain"
285
286Note, however, that the classic darkstar.frop.org has the
287hostname "darkstar" and DNS (Internet Domain Name Server)
288domainname "frop.org", not to be confused with the NIS (Network
289Information Service) or YP (Yellow Pages) domainname. These two
290domain names are in general different. For a detailed discussion
291see the hostname(1) man page.
292
293==============================================================
294
295hotplug:
296
297Path for the hotplug policy agent.
298Default value is "/sbin/hotplug".
299
300==============================================================
301
Aaron Tomlin270750db2014-01-20 17:34:13 +0000302hung_task_panic:
303
304Controls the kernel's behavior when a hung task is detected.
305This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
306
3070: continue operation. This is the default behavior.
308
3091: panic immediately.
310
311==============================================================
312
313hung_task_check_count:
314
315The upper bound on the number of tasks that are checked.
316This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
317
318==============================================================
319
320hung_task_timeout_secs:
321
322Check interval. When a task in D state did not get scheduled
323for more than this value report a warning.
324This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
325
3260: means infinite timeout - no checking done.
Liu Hua80df2842014-04-07 15:38:57 -0700327Possible values to set are in range {0..LONG_MAX/HZ}.
Aaron Tomlin270750db2014-01-20 17:34:13 +0000328
329==============================================================
330
Aaron Tomlin70e0ac52014-01-27 09:00:57 +0000331hung_task_warnings:
Aaron Tomlin270750db2014-01-20 17:34:13 +0000332
333The maximum number of warnings to report. During a check interval
Aaron Tomlin70e0ac52014-01-27 09:00:57 +0000334if a hung task is detected, this value is decreased by 1.
335When this value reaches 0, no more warnings will be reported.
Aaron Tomlin270750db2014-01-20 17:34:13 +0000336This file shows up if CONFIG_DETECT_HUNG_TASK is enabled.
337
338-1: report an infinite number of warnings.
339
340==============================================================
341
Kees Cook79847542014-01-23 15:55:59 -0800342kexec_load_disabled:
343
344A toggle indicating if the kexec_load syscall has been disabled. This
345value defaults to 0 (false: kexec_load enabled), but can be set to 1
346(true: kexec_load disabled). Once true, kexec can no longer be used, and
347the toggle cannot be set back to false. This allows a kexec image to be
348loaded before disabling the syscall, allowing a system to set up (and
349later use) an image without it being altered. Generally used together
350with the "modules_disabled" sysctl.
351
352==============================================================
353
Dan Rosenberg455cd5a2011-01-12 16:59:41 -0800354kptr_restrict:
355
356This toggle indicates whether restrictions are placed on
Ryan Mallon312b4e22013-11-12 15:08:51 -0800357exposing kernel addresses via /proc and other interfaces.
358
359When kptr_restrict is set to (0), the default, there are no restrictions.
360
361When kptr_restrict is set to (1), kernel pointers printed using the %pK
362format specifier will be replaced with 0's unless the user has CAP_SYSLOG
363and effective user and group ids are equal to the real ids. This is
364because %pK checks are done at read() time rather than open() time, so
365if permissions are elevated between the open() and the read() (e.g via
366a setuid binary) then %pK will not leak kernel pointers to unprivileged
367users. Note, this is a temporary solution only. The correct long-term
368solution is to do the permission checks at open() time. Consider removing
369world read permissions from files that use %pK, and using dmesg_restrict
370to protect against uses of %pK in dmesg(8) if leaking kernel pointer
371values to unprivileged users is a concern.
372
373When kptr_restrict is set to (2), kernel pointers printed using
374%pK will be replaced with 0's regardless of privileges.
Dan Rosenberg455cd5a2011-01-12 16:59:41 -0800375
376==============================================================
377
Chuck Ebbert0741f4d2006-12-07 02:14:11 +0100378kstack_depth_to_print: (X86 only)
379
380Controls the number of words to print when dumping the raw
381kernel stack.
382
383==============================================================
384
Borislav Petkov807094c2011-07-23 10:39:29 -0700385l2cr: (PPC only)
386
387This flag controls the L2 cache of G3 processor boards. If
3880, the cache is disabled. Enabled if nonzero.
389
390==============================================================
391
Kees Cook3d433212009-04-02 15:49:29 -0700392modules_disabled:
393
394A toggle value indicating if modules are allowed to be loaded
395in an otherwise modular kernel. This toggle defaults to off
396(0), but can be set true (1). Once true, modules can be
397neither loaded nor unloaded, and the toggle cannot be set back
Kees Cook79847542014-01-23 15:55:59 -0800398to false. Generally used with the "kexec_load_disabled" toggle.
Kees Cook3d433212009-04-02 15:49:29 -0700399
400==============================================================
401
Stanislav Kinsbursky03f59562013-01-04 15:34:50 -0800402msg_next_id, sem_next_id, and shm_next_id:
403
404These three toggles allows to specify desired id for next allocated IPC
405object: message, semaphore or shared memory respectively.
406
407By default they are equal to -1, which means generic allocation logic.
408Possible values to set are in range {0..INT_MAX}.
409
410Notes:
4111) kernel doesn't guarantee, that new object will have desired id. So,
412it's up to userspace, how to handle an object with "wrong" id.
4132) Toggle with non-default value will be set back to -1 by kernel after
414successful IPC object allocation.
415
416==============================================================
417
Borislav Petkov807094c2011-07-23 10:39:29 -0700418nmi_watchdog:
419
420Enables/Disables the NMI watchdog on x86 systems. When the value is
421non-zero the NMI watchdog is enabled and will continuously test all
422online cpus to determine whether or not they are still functioning
423properly. Currently, passing "nmi_watchdog=" parameter at boot time is
424required for this function to work.
425
426If LAPIC NMI watchdog method is in use (nmi_watchdog=2 kernel
427parameter), the NMI watchdog shares registers with oprofile. By
428disabling the NMI watchdog, oprofile may have more registers to
429utilize.
430
431==============================================================
432
Mel Gorman10fc05d2013-10-07 11:28:40 +0100433numa_balancing
434
435Enables/disables automatic page fault based NUMA memory
436balancing. Memory is moved automatically to nodes
437that access it often.
438
439Enables/disables automatic NUMA memory balancing. On NUMA machines, there
440is a performance penalty if remote memory is accessed by a CPU. When this
441feature is enabled the kernel samples what task thread is accessing memory
442by periodically unmapping pages and later trapping a page fault. At the
443time of the page fault, it is determined if the data being accessed should
444be migrated to a local memory node.
445
446The unmapping of pages and trapping faults incur additional overhead that
447ideally is offset by improved memory locality but there is no universal
448guarantee. If the target workload is already bound to NUMA nodes then this
449feature should be disabled. Otherwise, if the system overhead from the
450feature is too high then the rate the kernel samples for NUMA hinting
451faults may be controlled by the numa_balancing_scan_period_min_ms,
Mel Gorman930aa172013-10-07 11:29:37 +0100452numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms,
Rik van Riel52bf84a2014-01-27 17:03:40 -0500453numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls.
Mel Gorman10fc05d2013-10-07 11:28:40 +0100454
455==============================================================
456
457numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms,
Mel Gorman930aa172013-10-07 11:29:37 +0100458numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb
Mel Gorman10fc05d2013-10-07 11:28:40 +0100459
460Automatic NUMA balancing scans tasks address space and unmaps pages to
461detect if pages are properly placed or if the data should be migrated to a
462memory node local to where the task is running. Every "scan delay" the task
463scans the next "scan size" number of pages in its address space. When the
464end of the address space is reached the scanner restarts from the beginning.
465
466In combination, the "scan delay" and "scan size" determine the scan rate.
467When "scan delay" decreases, the scan rate increases. The scan delay and
468hence the scan rate of every task is adaptive and depends on historical
469behaviour. If pages are properly placed then the scan delay increases,
470otherwise the scan delay decreases. The "scan size" is not adaptive but
471the higher the "scan size", the higher the scan rate.
472
473Higher scan rates incur higher system overhead as page faults must be
474trapped and potentially data must be migrated. However, the higher the scan
475rate, the more quickly a tasks memory is migrated to a local node if the
476workload pattern changes and minimises performance impact due to remote
477memory accesses. These sysctls control the thresholds for scan delays and
478the number of pages scanned.
479
Mel Gorman598f0ec2013-10-07 11:28:55 +0100480numa_balancing_scan_period_min_ms is the minimum time in milliseconds to
481scan a tasks virtual memory. It effectively controls the maximum scanning
482rate for each task.
Mel Gorman10fc05d2013-10-07 11:28:40 +0100483
484numa_balancing_scan_delay_ms is the starting "scan delay" used for a task
485when it initially forks.
486
Mel Gorman598f0ec2013-10-07 11:28:55 +0100487numa_balancing_scan_period_max_ms is the maximum time in milliseconds to
488scan a tasks virtual memory. It effectively controls the minimum scanning
489rate for each task.
Mel Gorman10fc05d2013-10-07 11:28:40 +0100490
491numa_balancing_scan_size_mb is how many megabytes worth of pages are
492scanned for a given scan.
493
Mel Gorman10fc05d2013-10-07 11:28:40 +0100494==============================================================
495
Linus Torvalds1da177e2005-04-16 15:20:36 -0700496osrelease, ostype & version:
497
498# cat osrelease
4992.1.88
500# cat ostype
501Linux
502# cat version
503#5 Wed Feb 25 21:49:24 MET 1998
504
505The files osrelease and ostype should be clear enough. Version
506needs a little more clarification however. The '#5' means that
507this is the fifth kernel built from this source base and the
508date behind it indicates the time the kernel was built.
509The only way to tune these values is to rebuild the kernel :-)
510
511==============================================================
512
513overflowgid & overflowuid:
514
Borislav Petkov807094c2011-07-23 10:39:29 -0700515if your architecture did not always support 32-bit UIDs (i.e. arm,
516i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to
517applications that use the old 16-bit UID/GID system calls, if the
518actual UID or GID would exceed 65535.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700519
520These sysctls allow you to change the value of the fixed UID and GID.
521The default is 65534.
522
523==============================================================
524
525panic:
526
Borislav Petkov807094c2011-07-23 10:39:29 -0700527The value in this file represents the number of seconds the kernel
528waits before rebooting on a panic. When you use the software watchdog,
529the recommended setting is 60.
530
531==============================================================
532
Linus Torvalds1da177e2005-04-16 15:20:36 -0700533panic_on_oops:
534
535Controls the kernel's behaviour when an oops or BUG is encountered.
536
5370: try to continue operation
538
Matt LaPlantea982ac02007-05-09 07:35:06 +02005391: panic immediately. If the `panic' sysctl is also non-zero then the
Maxime Bizon8b23d04d2006-08-05 12:14:32 -0700540 machine will be rebooted.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700541
542==============================================================
543
Mitsuo Hayasaka55af7792011-11-29 15:08:36 +0900544panic_on_stackoverflow:
545
546Controls the kernel's behavior when detecting the overflows of
547kernel, IRQ and exception stacks except a user stack.
548This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled.
549
5500: try to continue operation.
551
5521: panic immediately.
553
554==============================================================
555
Prarit Bhargava9e3961a2014-12-10 15:45:50 -0800556panic_on_unrecovered_nmi:
557
558The default Linux behaviour on an NMI of either memory or unknown is
559to continue operation. For many environments such as scientific
560computing it is preferable that the box is taken out and the error
561dealt with than an uncorrected parity/ECC error get propagated.
562
563A small number of systems do generate NMI's for bizarre random reasons
564such as power management so the default is off. That sysctl works like
565the existing panic controls already in that directory.
566
567==============================================================
568
569panic_on_warn:
570
571Calls panic() in the WARN() path when set to 1. This is useful to avoid
572a kernel rebuild when attempting to kdump at the location of a WARN().
573
5740: only WARN(), default behaviour.
575
5761: call panic() after printing out WARN() location.
577
578==============================================================
579
Dave Hansen14c63f12013-06-21 08:51:36 -0700580perf_cpu_time_max_percent:
581
582Hints to the kernel how much CPU time it should be allowed to
583use to handle perf sampling events. If the perf subsystem
584is informed that its samples are exceeding this limit, it
585will drop its sampling frequency to attempt to reduce its CPU
586usage.
587
588Some perf sampling happens in NMIs. If these samples
589unexpectedly take too long to execute, the NMIs can become
590stacked up next to each other so much that nothing else is
591allowed to execute.
592
5930: disable the mechanism. Do not monitor or correct perf's
594 sampling rate no matter how CPU time it takes.
595
5961-100: attempt to throttle perf's sample rate to this
597 percentage of CPU. Note: the kernel calculates an
598 "expected" length of each sample event. 100 here means
599 100% of that expected length. Even if this is set to
600 100, you may still see sample throttling if this
601 length is exceeded. Set to 0 if you truly do not care
602 how much CPU is consumed.
603
604==============================================================
605
Mitsuo Hayasaka55af7792011-11-29 15:08:36 +0900606
Linus Torvalds1da177e2005-04-16 15:20:36 -0700607pid_max:
608
Robert P. J. Daybeb7dd82007-05-09 07:14:03 +0200609PID allocation wrap value. When the kernel's next PID value
Linus Torvalds1da177e2005-04-16 15:20:36 -0700610reaches this value, it wraps back to a minimum PID value.
611PIDs of value pid_max or larger are not allocated.
612
613==============================================================
614
Pavel Emelyanovb8f566b2012-01-12 17:20:27 -0800615ns_last_pid:
616
617The last pid allocated in the current (the one task using this sysctl
618lives in) pid namespace. When selecting a pid for a next task on fork
619kernel tries to allocate a number starting from this one.
620
621==============================================================
622
Linus Torvalds1da177e2005-04-16 15:20:36 -0700623powersave-nap: (PPC only)
624
625If set, Linux-PPC will use the 'nap' mode of powersaving,
626otherwise the 'doze' mode will be used.
627
628==============================================================
629
630printk:
631
632The four values in printk denote: console_loglevel,
633default_message_loglevel, minimum_console_loglevel and
634default_console_loglevel respectively.
635
636These values influence printk() behavior when printing or
637logging error messages. See 'man 2 syslog' for more info on
638the different loglevels.
639
640- console_loglevel: messages with a higher priority than
641 this will be printed to the console
Paul Bolle87889e12011-02-06 21:00:41 +0100642- default_message_loglevel: messages without an explicit priority
Linus Torvalds1da177e2005-04-16 15:20:36 -0700643 will be printed with this priority
644- minimum_console_loglevel: minimum (highest) value to which
645 console_loglevel can be set
646- default_console_loglevel: default value for console_loglevel
647
648==============================================================
649
Borislav Petkov807094c2011-07-23 10:39:29 -0700650printk_delay:
651
652Delay each printk message in printk_delay milliseconds
653
654Value from 0 - 10000 is allowed.
655
656==============================================================
657
Linus Torvalds1da177e2005-04-16 15:20:36 -0700658printk_ratelimit:
659
660Some warning messages are rate limited. printk_ratelimit specifies
661the minimum length of time between these messages (in jiffies), by
662default we allow one every 5 seconds.
663
664A value of 0 will disable rate limiting.
665
666==============================================================
667
668printk_ratelimit_burst:
669
670While long term we enforce one message per printk_ratelimit
671seconds, we do allow a burst of messages to pass through.
672printk_ratelimit_burst specifies the number of messages we can
673send before ratelimiting kicks in.
674
675==============================================================
676
Borislav Petkov807094c2011-07-23 10:39:29 -0700677randomize_va_space:
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100678
679This option can be used to select the type of process address
680space randomization that is used in the system, for architectures
681that support this feature.
682
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +02006830 - Turn the process address space randomization off. This is the
684 default for architectures that do not support this feature anyways,
685 and kernels that are booted with the "norandmaps" parameter.
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100686
6871 - Make the addresses of mmap base, stack and VDSO page randomized.
688 This, among other things, implies that shared libraries will be
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +0200689 loaded to random addresses. Also for PIE-linked binaries, the
690 location of code start is randomized. This is the default if the
691 CONFIG_COMPAT_BRK option is enabled.
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100692
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +02006932 - Additionally enable heap randomization. This is the default if
694 CONFIG_COMPAT_BRK is disabled.
695
696 There are a few legacy applications out there (such as some ancient
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100697 versions of libc.so.5 from 1996) that assume that brk area starts
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +0200698 just after the end of the code+bss. These applications break when
699 start of the brk area is randomized. There are however no known
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100700 non-legacy applications that would be broken this way, so for most
Horst Schirmeierb7f5ab62009-07-03 14:20:17 +0200701 systems it is safe to choose full randomization.
702
703 Systems with ancient and/or broken binaries should be configured
704 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process
705 address space randomization.
Jiri Kosina1ec7fd52008-02-09 23:24:08 +0100706
707==============================================================
708
Linus Torvalds1da177e2005-04-16 15:20:36 -0700709reboot-cmd: (Sparc only)
710
711??? This seems to be a way to give an argument to the Sparc
712ROM/Flash boot loader. Maybe to tell it what to do after
713rebooting. ???
714
715==============================================================
716
717rtsig-max & rtsig-nr:
718
719The file rtsig-max can be used to tune the maximum number
720of POSIX realtime (queued) signals that can be outstanding
721in the system.
722
723rtsig-nr shows the number of RT signals currently queued.
724
725==============================================================
726
727sg-big-buff:
728
729This file shows the size of the generic SCSI (sg) buffer.
730You can't tune it just yet, but you could change it on
731compile time by editing include/scsi/sg.h and changing
732the value of SG_BIG_BUFF.
733
734There shouldn't be any reason to change this value. If
735you can come up with one, you probably know what you
736are doing anyway :)
737
738==============================================================
739
Carlos Alberto Lopez Perez358e4192013-01-04 15:35:05 -0800740shmall:
741
742This parameter sets the total amount of shared memory pages that
743can be used system wide. Hence, SHMALL should always be at least
744ceil(shmmax/PAGE_SIZE).
745
746If you are not sure what the default PAGE_SIZE is on your Linux
747system, you can run the following command:
748
749# getconf PAGE_SIZE
750
751==============================================================
752
Borislav Petkov807094c2011-07-23 10:39:29 -0700753shmmax:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700754
755This value can be used to query and set the run time limit
756on the maximum shared memory segment size that can be created.
Borislav Petkov807094c2011-07-23 10:39:29 -0700757Shared memory segments up to 1Gb are now supported in the
Linus Torvalds1da177e2005-04-16 15:20:36 -0700758kernel. This value defaults to SHMMAX.
759
760==============================================================
761
Vasiliy Kulikovb34a6b12011-07-26 16:08:48 -0700762shm_rmid_forced:
763
764Linux lets you set resource limits, including how much memory one
765process can consume, via setrlimit(2). Unfortunately, shared memory
766segments are allowed to exist without association with any process, and
767thus might not be counted against any resource limits. If enabled,
768shared memory segments are automatically destroyed when their attach
769count becomes zero after a detach or a process termination. It will
770also destroy segments that were created, but never attached to, on exit
771from the process. The only use left for IPC_RMID is to immediately
772destroy an unattached segment. Of course, this breaks the way things are
773defined, so some applications might stop working. Note that this
774feature will do you no good unless you also configure your resource
775limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't
776need this.
777
778Note that if you change this from 0 to 1, already created segments
779without users and with a dead originative process will be destroyed.
780
781==============================================================
782
Kees Cookf4aacea2014-06-06 14:37:19 -0700783sysctl_writes_strict:
784
785Control how file position affects the behavior of updating sysctl values
786via the /proc/sys interface:
787
788 -1 - Legacy per-write sysctl value handling, with no printk warnings.
789 Each write syscall must fully contain the sysctl value to be
790 written, and multiple writes on the same sysctl file descriptor
791 will rewrite the sysctl value, regardless of file position.
792 0 - (default) Same behavior as above, but warn about processes that
793 perform writes to a sysctl file descriptor when the file position
794 is not 0.
795 1 - Respect file position when writing sysctl strings. Multiple writes
796 will append to the sysctl value buffer. Anything past the max length
797 of the sysctl value buffer will be ignored. Writes to numeric sysctl
798 entries must always be at file position 0 and the value must be
799 fully contained in the buffer sent in the write syscall.
800
801==============================================================
802
Aaron Tomlined235872014-06-23 13:22:05 -0700803softlockup_all_cpu_backtrace:
804
805This value controls the soft lockup detector thread's behavior
806when a soft lockup condition is detected as to whether or not
807to gather further debug information. If enabled, each cpu will
808be issued an NMI and instructed to capture stack trace.
809
810This feature is only applicable for architectures which support
811NMI.
812
8130: do nothing. This is the default behavior.
814
8151: on detection capture more debug information.
816
817==============================================================
818
Borislav Petkov807094c2011-07-23 10:39:29 -0700819tainted:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700820
821Non-zero if the kernel has been tainted. Numeric values, which
822can be ORed together:
823
Greg Kroah-Hartmanbb206982008-10-17 15:01:07 -0700824 1 - A module with a non-GPL license has been loaded, this
825 includes modules with no license.
826 Set by modutils >= 2.4.9 and module-init-tools.
827 2 - A module was force loaded by insmod -f.
828 Set by modutils >= 2.4.9 and module-init-tools.
829 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
830 8 - A module was forcibly unloaded from the system by rmmod -f.
831 16 - A hardware machine check error occurred on the system.
832 32 - A bad page was discovered on the system.
833 64 - The user has asked that the system be marked "tainted". This
834 could be because they are running software that directly modifies
835 the hardware, or for other reasons.
836 128 - The system has died.
837 256 - The ACPI DSDT has been overridden with one supplied by the user
838 instead of using the one provided by the hardware.
839 512 - A kernel warning has occurred.
8401024 - A module from drivers/staging was loaded.
Larry Fingerf5fe1842012-02-06 09:49:50 -08008412048 - The system is working around a severe firmware bug.
8424096 - An out-of-tree module has been loaded.
Mathieu Desnoyers66cc69e2014-03-13 12:11:30 +10308438192 - An unsigned module has been loaded in a kernel supporting module
844 signature.
Josh Hunt69361ee2014-08-08 14:22:31 -070084516384 - A soft lockup has previously occurred on the system.
Seth Jenningsc5f45462014-12-16 11:58:18 -060084632768 - The kernel has been live patched.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700847
Shen Feng760df932009-04-02 16:57:20 -0700848==============================================================
849
Shen Feng760df932009-04-02 16:57:20 -0700850unknown_nmi_panic:
851
Borislav Petkov807094c2011-07-23 10:39:29 -0700852The value in this file affects behavior of handling NMI. When the
853value is non-zero, unknown NMI is trapped and then panic occurs. At
854that time, kernel debugging information is displayed on console.
Shen Feng760df932009-04-02 16:57:20 -0700855
Borislav Petkov807094c2011-07-23 10:39:29 -0700856NMI switch that most IA32 servers have fires unknown NMI up, for
857example. If a system hangs up, try pressing the NMI switch.
Li Zefan08825c92013-05-17 10:31:20 +0800858
859==============================================================
860
861watchdog_thresh:
862
863This value can be used to control the frequency of hrtimer and NMI
864events and the soft and hard lockup thresholds. The default threshold
865is 10 seconds.
866
867The softlockup threshold is (2 * watchdog_thresh). Setting this
868tunable to zero will disable lockup detection altogether.
869
870==============================================================