Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | Documentation for /proc/sys/kernel/* kernel version 2.2.10 |
2 | (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> | |
760df93e | 3 | (c) 2009, Shen Feng<shen@cn.fujitsu.com> |
1da177e4 LT |
4 | |
5 | For general info and legal blurb, please look in README. | |
6 | ||
7 | ============================================================== | |
8 | ||
9 | This file contains documentation for the sysctl files in | |
10 | /proc/sys/kernel/ and is valid for Linux kernel version 2.2. | |
11 | ||
12 | The files in this directory can be used to tune and monitor | |
13 | miscellaneous and general things in the operation of the Linux | |
14 | kernel. Since some of the files _can_ be used to screw up your | |
15 | system, it is advisable to read both documentation and source | |
16 | before actually making adjustments. | |
17 | ||
18 | Currently, these files might (depending on your configuration) | |
19 | show up in /proc/sys/kernel: | |
807094c0 | 20 | |
1da177e4 | 21 | - acct |
807094c0 BP |
22 | - acpi_video_flags |
23 | - auto_msgmni | |
d75757ab PA |
24 | - bootloader_type [ X86 only ] |
25 | - bootloader_version [ X86 only ] | |
c114728a | 26 | - callhome [ S390 only ] |
73efc039 | 27 | - cap_last_cap |
1da177e4 | 28 | - core_pattern |
a293980c | 29 | - core_pipe_limit |
1da177e4 LT |
30 | - core_uses_pid |
31 | - ctrl-alt-del | |
eaf06b24 | 32 | - dmesg_restrict |
1da177e4 LT |
33 | - domainname |
34 | - hostname | |
35 | - hotplug | |
270750db AT |
36 | - hung_task_panic |
37 | - hung_task_check_count | |
38 | - hung_task_timeout_secs | |
39 | - hung_task_warnings | |
7984754b | 40 | - kexec_load_disabled |
455cd5ab | 41 | - kptr_restrict |
0741f4d2 | 42 | - kstack_depth_to_print [ X86 only ] |
1da177e4 | 43 | - l2cr [ PPC only ] |
ac76cff2 | 44 | - modprobe ==> Documentation/debugging-modules.txt |
3d43321b | 45 | - modules_disabled |
03f59566 | 46 | - msg_next_id [ sysv ipc ] |
1da177e4 LT |
47 | - msgmax |
48 | - msgmnb | |
49 | - msgmni | |
760df93e | 50 | - nmi_watchdog |
1da177e4 LT |
51 | - osrelease |
52 | - ostype | |
53 | - overflowgid | |
54 | - overflowuid | |
55 | - panic | |
807094c0 | 56 | - panic_on_oops |
55af7796 | 57 | - panic_on_stackoverflow |
9e3961a0 PB |
58 | - panic_on_unrecovered_nmi |
59 | - panic_on_warn | |
1da177e4 LT |
60 | - pid_max |
61 | - powersave-nap [ PPC only ] | |
62 | - printk | |
807094c0 BP |
63 | - printk_delay |
64 | - printk_ratelimit | |
65 | - printk_ratelimit_burst | |
1ec7fd50 | 66 | - randomize_va_space |
1da177e4 LT |
67 | - real-root-dev ==> Documentation/initrd.txt |
68 | - reboot-cmd [ SPARC only ] | |
69 | - rtsig-max | |
70 | - rtsig-nr | |
71 | - sem | |
03f59566 | 72 | - sem_next_id [ sysv ipc ] |
1da177e4 | 73 | - sg-big-buff [ generic SCSI device (sg) ] |
03f59566 | 74 | - shm_next_id [ sysv ipc ] |
b34a6b1d | 75 | - shm_rmid_forced |
1da177e4 LT |
76 | - shmall |
77 | - shmmax [ sysv ipc ] | |
78 | - shmmni | |
ed235875 | 79 | - softlockup_all_cpu_backtrace |
195daf66 | 80 | - soft_watchdog |
1da177e4 LT |
81 | - stop-a [ SPARC only ] |
82 | - sysrq ==> Documentation/sysrq.txt | |
f4aacea2 | 83 | - sysctl_writes_strict |
1da177e4 LT |
84 | - tainted |
85 | - threads-max | |
760df93e | 86 | - unknown_nmi_panic |
195daf66 | 87 | - watchdog |
08825c90 | 88 | - watchdog_thresh |
1da177e4 LT |
89 | - version |
90 | ||
91 | ============================================================== | |
92 | ||
93 | acct: | |
94 | ||
95 | highwater lowwater frequency | |
96 | ||
97 | If BSD-style process accounting is enabled these values control | |
98 | its behaviour. If free space on filesystem where the log lives | |
99 | goes below <lowwater>% accounting suspends. If free space gets | |
100 | above <highwater>% accounting resumes. <Frequency> determines | |
101 | how often do we check the amount of free space (value is in | |
102 | seconds). Default: | |
103 | 4 2 30 | |
104 | That is, suspend accounting if there left <= 2% free; resume it | |
105 | if we got >=4%; consider information about amount of free space | |
106 | valid for 30 seconds. | |
107 | ||
807094c0 BP |
108 | ============================================================== |
109 | ||
110 | acpi_video_flags: | |
111 | ||
112 | flags | |
113 | ||
114 | See Doc*/kernel/power/video.txt, it allows mode of video boot to be | |
115 | set during run time. | |
116 | ||
117 | ============================================================== | |
118 | ||
119 | auto_msgmni: | |
120 | ||
0050ee05 MS |
121 | This variable has no effect and may be removed in future kernel |
122 | releases. Reading it always returns 0. | |
123 | Up to Linux 3.17, it enabled/disabled automatic recomputing of msgmni | |
124 | upon memory add/remove or upon ipc namespace creation/removal. | |
125 | Echoing "1" into this file enabled msgmni automatic recomputing. | |
126 | Echoing "0" turned it off. auto_msgmni default value was 1. | |
807094c0 BP |
127 | |
128 | ||
1da177e4 LT |
129 | ============================================================== |
130 | ||
d75757ab PA |
131 | bootloader_type: |
132 | ||
133 | x86 bootloader identification | |
134 | ||
135 | This gives the bootloader type number as indicated by the bootloader, | |
136 | shifted left by 4, and OR'd with the low four bits of the bootloader | |
137 | version. The reason for this encoding is that this used to match the | |
138 | type_of_loader field in the kernel header; the encoding is kept for | |
139 | backwards compatibility. That is, if the full bootloader type number | |
140 | is 0x15 and the full version number is 0x234, this file will contain | |
141 | the value 340 = 0x154. | |
142 | ||
143 | See the type_of_loader and ext_loader_type fields in | |
144 | Documentation/x86/boot.txt for additional information. | |
145 | ||
146 | ============================================================== | |
147 | ||
148 | bootloader_version: | |
149 | ||
150 | x86 bootloader version | |
151 | ||
152 | The complete bootloader version number. In the example above, this | |
153 | file will contain the value 564 = 0x234. | |
154 | ||
155 | See the type_of_loader and ext_loader_ver fields in | |
156 | Documentation/x86/boot.txt for additional information. | |
157 | ||
158 | ============================================================== | |
159 | ||
c114728a HJP |
160 | callhome: |
161 | ||
162 | Controls the kernel's callhome behavior in case of a kernel panic. | |
163 | ||
164 | The s390 hardware allows an operating system to send a notification | |
165 | to a service organization (callhome) in case of an operating system panic. | |
166 | ||
167 | When the value in this file is 0 (which is the default behavior) | |
168 | nothing happens in case of a kernel panic. If this value is set to "1" | |
169 | the complete kernel oops message is send to the IBM customer service | |
170 | organization in case the mainframe the Linux operating system is running | |
171 | on has a service contract with IBM. | |
172 | ||
173 | ============================================================== | |
174 | ||
73efc039 DB |
175 | cap_last_cap |
176 | ||
177 | Highest valid capability of the running kernel. Exports | |
178 | CAP_LAST_CAP from the kernel. | |
179 | ||
180 | ============================================================== | |
181 | ||
1da177e4 LT |
182 | core_pattern: |
183 | ||
184 | core_pattern is used to specify a core dumpfile pattern name. | |
cd081041 | 185 | . max length 128 characters; default value is "core" |
1da177e4 LT |
186 | . core_pattern is used as a pattern template for the output filename; |
187 | certain string patterns (beginning with '%') are substituted with | |
188 | their actual values. | |
189 | . backward compatibility with core_uses_pid: | |
190 | If core_pattern does not include "%p" (default does not) | |
191 | and core_uses_pid is set, then .PID will be appended to | |
192 | the filename. | |
193 | . corename format specifiers: | |
194 | %<NUL> '%' is dropped | |
195 | %% output one '%' | |
196 | %p pid | |
65aafb1e | 197 | %P global pid (init PID namespace) |
b03023ec ON |
198 | %i tid |
199 | %I global tid (init PID namespace) | |
5202efe5 NI |
200 | %u uid (in initial user namespace) |
201 | %g gid (in initial user namespace) | |
12a2b4b2 ON |
202 | %d dump mode, matches PR_SET_DUMPABLE and |
203 | /proc/sys/fs/suid_dumpable | |
1da177e4 LT |
204 | %s signal number |
205 | %t UNIX time of dump | |
206 | %h hostname | |
57cc083a JS |
207 | %e executable filename (may be shortened) |
208 | %E executable path | |
1da177e4 | 209 | %<OTHER> both are dropped |
cd081041 MU |
210 | . If the first character of the pattern is a '|', the kernel will treat |
211 | the rest of the pattern as a command to run. The core dump will be | |
212 | written to the standard input of that program instead of to a file. | |
1da177e4 LT |
213 | |
214 | ============================================================== | |
215 | ||
a293980c NH |
216 | core_pipe_limit: |
217 | ||
807094c0 BP |
218 | This sysctl is only applicable when core_pattern is configured to pipe |
219 | core files to a user space helper (when the first character of | |
220 | core_pattern is a '|', see above). When collecting cores via a pipe | |
221 | to an application, it is occasionally useful for the collecting | |
222 | application to gather data about the crashing process from its | |
223 | /proc/pid directory. In order to do this safely, the kernel must wait | |
224 | for the collecting process to exit, so as not to remove the crashing | |
225 | processes proc files prematurely. This in turn creates the | |
226 | possibility that a misbehaving userspace collecting process can block | |
227 | the reaping of a crashed process simply by never exiting. This sysctl | |
228 | defends against that. It defines how many concurrent crashing | |
229 | processes may be piped to user space applications in parallel. If | |
230 | this value is exceeded, then those crashing processes above that value | |
231 | are noted via the kernel log and their cores are skipped. 0 is a | |
232 | special value, indicating that unlimited processes may be captured in | |
233 | parallel, but that no waiting will take place (i.e. the collecting | |
234 | process is not guaranteed access to /proc/<crashing pid>/). This | |
235 | value defaults to 0. | |
a293980c NH |
236 | |
237 | ============================================================== | |
238 | ||
1da177e4 LT |
239 | core_uses_pid: |
240 | ||
241 | The default coredump filename is "core". By setting | |
242 | core_uses_pid to 1, the coredump filename becomes core.PID. | |
243 | If core_pattern does not include "%p" (default does not) | |
244 | and core_uses_pid is set, then .PID will be appended to | |
245 | the filename. | |
246 | ||
247 | ============================================================== | |
248 | ||
249 | ctrl-alt-del: | |
250 | ||
251 | When the value in this file is 0, ctrl-alt-del is trapped and | |
252 | sent to the init(1) program to handle a graceful restart. | |
253 | When, however, the value is > 0, Linux's reaction to a Vulcan | |
254 | Nerve Pinch (tm) will be an immediate reboot, without even | |
255 | syncing its dirty buffers. | |
256 | ||
257 | Note: when a program (like dosemu) has the keyboard in 'raw' | |
258 | mode, the ctrl-alt-del is intercepted by the program before it | |
259 | ever reaches the kernel tty layer, and it's up to the program | |
260 | to decide what to do with it. | |
261 | ||
262 | ============================================================== | |
263 | ||
eaf06b24 DR |
264 | dmesg_restrict: |
265 | ||
807094c0 BP |
266 | This toggle indicates whether unprivileged users are prevented |
267 | from using dmesg(8) to view messages from the kernel's log buffer. | |
268 | When dmesg_restrict is set to (0) there are no restrictions. When | |
38ef4c2e | 269 | dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use |
eaf06b24 DR |
270 | dmesg(8). |
271 | ||
807094c0 BP |
272 | The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the |
273 | default value of dmesg_restrict. | |
eaf06b24 DR |
274 | |
275 | ============================================================== | |
276 | ||
1da177e4 LT |
277 | domainname & hostname: |
278 | ||
279 | These files can be used to set the NIS/YP domainname and the | |
280 | hostname of your box in exactly the same way as the commands | |
281 | domainname and hostname, i.e.: | |
282 | # echo "darkstar" > /proc/sys/kernel/hostname | |
283 | # echo "mydomain" > /proc/sys/kernel/domainname | |
284 | has the same effect as | |
285 | # hostname "darkstar" | |
286 | # domainname "mydomain" | |
287 | ||
288 | Note, however, that the classic darkstar.frop.org has the | |
289 | hostname "darkstar" and DNS (Internet Domain Name Server) | |
290 | domainname "frop.org", not to be confused with the NIS (Network | |
291 | Information Service) or YP (Yellow Pages) domainname. These two | |
292 | domain names are in general different. For a detailed discussion | |
293 | see the hostname(1) man page. | |
294 | ||
295 | ============================================================== | |
296 | ||
297 | hotplug: | |
298 | ||
299 | Path for the hotplug policy agent. | |
300 | Default value is "/sbin/hotplug". | |
301 | ||
302 | ============================================================== | |
303 | ||
270750db AT |
304 | hung_task_panic: |
305 | ||
306 | Controls the kernel's behavior when a hung task is detected. | |
307 | This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. | |
308 | ||
309 | 0: continue operation. This is the default behavior. | |
310 | ||
311 | 1: panic immediately. | |
312 | ||
313 | ============================================================== | |
314 | ||
315 | hung_task_check_count: | |
316 | ||
317 | The upper bound on the number of tasks that are checked. | |
318 | This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. | |
319 | ||
320 | ============================================================== | |
321 | ||
322 | hung_task_timeout_secs: | |
323 | ||
324 | Check interval. When a task in D state did not get scheduled | |
325 | for more than this value report a warning. | |
326 | This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. | |
327 | ||
328 | 0: means infinite timeout - no checking done. | |
80df2847 | 329 | Possible values to set are in range {0..LONG_MAX/HZ}. |
270750db AT |
330 | |
331 | ============================================================== | |
332 | ||
70e0ac5f | 333 | hung_task_warnings: |
270750db AT |
334 | |
335 | The maximum number of warnings to report. During a check interval | |
70e0ac5f AT |
336 | if a hung task is detected, this value is decreased by 1. |
337 | When this value reaches 0, no more warnings will be reported. | |
270750db AT |
338 | This file shows up if CONFIG_DETECT_HUNG_TASK is enabled. |
339 | ||
340 | -1: report an infinite number of warnings. | |
341 | ||
342 | ============================================================== | |
343 | ||
7984754b KC |
344 | kexec_load_disabled: |
345 | ||
346 | A toggle indicating if the kexec_load syscall has been disabled. This | |
347 | value defaults to 0 (false: kexec_load enabled), but can be set to 1 | |
348 | (true: kexec_load disabled). Once true, kexec can no longer be used, and | |
349 | the toggle cannot be set back to false. This allows a kexec image to be | |
350 | loaded before disabling the syscall, allowing a system to set up (and | |
351 | later use) an image without it being altered. Generally used together | |
352 | with the "modules_disabled" sysctl. | |
353 | ||
354 | ============================================================== | |
355 | ||
455cd5ab DR |
356 | kptr_restrict: |
357 | ||
358 | This toggle indicates whether restrictions are placed on | |
312b4e22 RM |
359 | exposing kernel addresses via /proc and other interfaces. |
360 | ||
361 | When kptr_restrict is set to (0), the default, there are no restrictions. | |
362 | ||
363 | When kptr_restrict is set to (1), kernel pointers printed using the %pK | |
364 | format specifier will be replaced with 0's unless the user has CAP_SYSLOG | |
365 | and effective user and group ids are equal to the real ids. This is | |
366 | because %pK checks are done at read() time rather than open() time, so | |
367 | if permissions are elevated between the open() and the read() (e.g via | |
368 | a setuid binary) then %pK will not leak kernel pointers to unprivileged | |
369 | users. Note, this is a temporary solution only. The correct long-term | |
370 | solution is to do the permission checks at open() time. Consider removing | |
371 | world read permissions from files that use %pK, and using dmesg_restrict | |
372 | to protect against uses of %pK in dmesg(8) if leaking kernel pointer | |
373 | values to unprivileged users is a concern. | |
374 | ||
375 | When kptr_restrict is set to (2), kernel pointers printed using | |
376 | %pK will be replaced with 0's regardless of privileges. | |
455cd5ab DR |
377 | |
378 | ============================================================== | |
379 | ||
0741f4d2 CE |
380 | kstack_depth_to_print: (X86 only) |
381 | ||
382 | Controls the number of words to print when dumping the raw | |
383 | kernel stack. | |
384 | ||
385 | ============================================================== | |
386 | ||
807094c0 BP |
387 | l2cr: (PPC only) |
388 | ||
389 | This flag controls the L2 cache of G3 processor boards. If | |
390 | 0, the cache is disabled. Enabled if nonzero. | |
391 | ||
392 | ============================================================== | |
393 | ||
3d43321b KC |
394 | modules_disabled: |
395 | ||
396 | A toggle value indicating if modules are allowed to be loaded | |
397 | in an otherwise modular kernel. This toggle defaults to off | |
398 | (0), but can be set true (1). Once true, modules can be | |
399 | neither loaded nor unloaded, and the toggle cannot be set back | |
7984754b | 400 | to false. Generally used with the "kexec_load_disabled" toggle. |
3d43321b KC |
401 | |
402 | ============================================================== | |
403 | ||
03f59566 SK |
404 | msg_next_id, sem_next_id, and shm_next_id: |
405 | ||
406 | These three toggles allows to specify desired id for next allocated IPC | |
407 | object: message, semaphore or shared memory respectively. | |
408 | ||
409 | By default they are equal to -1, which means generic allocation logic. | |
410 | Possible values to set are in range {0..INT_MAX}. | |
411 | ||
412 | Notes: | |
413 | 1) kernel doesn't guarantee, that new object will have desired id. So, | |
414 | it's up to userspace, how to handle an object with "wrong" id. | |
415 | 2) Toggle with non-default value will be set back to -1 by kernel after | |
416 | successful IPC object allocation. | |
417 | ||
418 | ============================================================== | |
419 | ||
807094c0 BP |
420 | nmi_watchdog: |
421 | ||
195daf66 UO |
422 | This parameter can be used to control the NMI watchdog |
423 | (i.e. the hard lockup detector) on x86 systems. | |
807094c0 | 424 | |
195daf66 UO |
425 | 0 - disable the hard lockup detector |
426 | 1 - enable the hard lockup detector | |
427 | ||
428 | The hard lockup detector monitors each CPU for its ability to respond to | |
429 | timer interrupts. The mechanism utilizes CPU performance counter registers | |
430 | that are programmed to generate Non-Maskable Interrupts (NMIs) periodically | |
431 | while a CPU is busy. Hence, the alternative name 'NMI watchdog'. | |
432 | ||
433 | The NMI watchdog is disabled by default if the kernel is running as a guest | |
434 | in a KVM virtual machine. This default can be overridden by adding | |
435 | ||
436 | nmi_watchdog=1 | |
437 | ||
438 | to the guest kernel command line (see Documentation/kernel-parameters.txt). | |
807094c0 BP |
439 | |
440 | ============================================================== | |
441 | ||
10fc05d0 MG |
442 | numa_balancing |
443 | ||
444 | Enables/disables automatic page fault based NUMA memory | |
445 | balancing. Memory is moved automatically to nodes | |
446 | that access it often. | |
447 | ||
448 | Enables/disables automatic NUMA memory balancing. On NUMA machines, there | |
449 | is a performance penalty if remote memory is accessed by a CPU. When this | |
450 | feature is enabled the kernel samples what task thread is accessing memory | |
451 | by periodically unmapping pages and later trapping a page fault. At the | |
452 | time of the page fault, it is determined if the data being accessed should | |
453 | be migrated to a local memory node. | |
454 | ||
455 | The unmapping of pages and trapping faults incur additional overhead that | |
456 | ideally is offset by improved memory locality but there is no universal | |
457 | guarantee. If the target workload is already bound to NUMA nodes then this | |
458 | feature should be disabled. Otherwise, if the system overhead from the | |
459 | feature is too high then the rate the kernel samples for NUMA hinting | |
460 | faults may be controlled by the numa_balancing_scan_period_min_ms, | |
930aa174 | 461 | numa_balancing_scan_delay_ms, numa_balancing_scan_period_max_ms, |
52bf84aa | 462 | numa_balancing_scan_size_mb, and numa_balancing_settle_count sysctls. |
10fc05d0 MG |
463 | |
464 | ============================================================== | |
465 | ||
466 | numa_balancing_scan_period_min_ms, numa_balancing_scan_delay_ms, | |
930aa174 | 467 | numa_balancing_scan_period_max_ms, numa_balancing_scan_size_mb |
10fc05d0 MG |
468 | |
469 | Automatic NUMA balancing scans tasks address space and unmaps pages to | |
470 | detect if pages are properly placed or if the data should be migrated to a | |
471 | memory node local to where the task is running. Every "scan delay" the task | |
472 | scans the next "scan size" number of pages in its address space. When the | |
473 | end of the address space is reached the scanner restarts from the beginning. | |
474 | ||
475 | In combination, the "scan delay" and "scan size" determine the scan rate. | |
476 | When "scan delay" decreases, the scan rate increases. The scan delay and | |
477 | hence the scan rate of every task is adaptive and depends on historical | |
478 | behaviour. If pages are properly placed then the scan delay increases, | |
479 | otherwise the scan delay decreases. The "scan size" is not adaptive but | |
480 | the higher the "scan size", the higher the scan rate. | |
481 | ||
482 | Higher scan rates incur higher system overhead as page faults must be | |
483 | trapped and potentially data must be migrated. However, the higher the scan | |
484 | rate, the more quickly a tasks memory is migrated to a local node if the | |
485 | workload pattern changes and minimises performance impact due to remote | |
486 | memory accesses. These sysctls control the thresholds for scan delays and | |
487 | the number of pages scanned. | |
488 | ||
598f0ec0 MG |
489 | numa_balancing_scan_period_min_ms is the minimum time in milliseconds to |
490 | scan a tasks virtual memory. It effectively controls the maximum scanning | |
491 | rate for each task. | |
10fc05d0 MG |
492 | |
493 | numa_balancing_scan_delay_ms is the starting "scan delay" used for a task | |
494 | when it initially forks. | |
495 | ||
598f0ec0 MG |
496 | numa_balancing_scan_period_max_ms is the maximum time in milliseconds to |
497 | scan a tasks virtual memory. It effectively controls the minimum scanning | |
498 | rate for each task. | |
10fc05d0 MG |
499 | |
500 | numa_balancing_scan_size_mb is how many megabytes worth of pages are | |
501 | scanned for a given scan. | |
502 | ||
10fc05d0 MG |
503 | ============================================================== |
504 | ||
1da177e4 LT |
505 | osrelease, ostype & version: |
506 | ||
507 | # cat osrelease | |
508 | 2.1.88 | |
509 | # cat ostype | |
510 | Linux | |
511 | # cat version | |
512 | #5 Wed Feb 25 21:49:24 MET 1998 | |
513 | ||
514 | The files osrelease and ostype should be clear enough. Version | |
515 | needs a little more clarification however. The '#5' means that | |
516 | this is the fifth kernel built from this source base and the | |
517 | date behind it indicates the time the kernel was built. | |
518 | The only way to tune these values is to rebuild the kernel :-) | |
519 | ||
520 | ============================================================== | |
521 | ||
522 | overflowgid & overflowuid: | |
523 | ||
807094c0 BP |
524 | if your architecture did not always support 32-bit UIDs (i.e. arm, |
525 | i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to | |
526 | applications that use the old 16-bit UID/GID system calls, if the | |
527 | actual UID or GID would exceed 65535. | |
1da177e4 LT |
528 | |
529 | These sysctls allow you to change the value of the fixed UID and GID. | |
530 | The default is 65534. | |
531 | ||
532 | ============================================================== | |
533 | ||
534 | panic: | |
535 | ||
807094c0 BP |
536 | The value in this file represents the number of seconds the kernel |
537 | waits before rebooting on a panic. When you use the software watchdog, | |
538 | the recommended setting is 60. | |
539 | ||
540 | ============================================================== | |
541 | ||
1da177e4 LT |
542 | panic_on_oops: |
543 | ||
544 | Controls the kernel's behaviour when an oops or BUG is encountered. | |
545 | ||
546 | 0: try to continue operation | |
547 | ||
a982ac06 | 548 | 1: panic immediately. If the `panic' sysctl is also non-zero then the |
8b23d04d | 549 | machine will be rebooted. |
1da177e4 LT |
550 | |
551 | ============================================================== | |
552 | ||
55af7796 MH |
553 | panic_on_stackoverflow: |
554 | ||
555 | Controls the kernel's behavior when detecting the overflows of | |
556 | kernel, IRQ and exception stacks except a user stack. | |
557 | This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled. | |
558 | ||
559 | 0: try to continue operation. | |
560 | ||
561 | 1: panic immediately. | |
562 | ||
563 | ============================================================== | |
564 | ||
9e3961a0 PB |
565 | panic_on_unrecovered_nmi: |
566 | ||
567 | The default Linux behaviour on an NMI of either memory or unknown is | |
568 | to continue operation. For many environments such as scientific | |
569 | computing it is preferable that the box is taken out and the error | |
570 | dealt with than an uncorrected parity/ECC error get propagated. | |
571 | ||
572 | A small number of systems do generate NMI's for bizarre random reasons | |
573 | such as power management so the default is off. That sysctl works like | |
574 | the existing panic controls already in that directory. | |
575 | ||
576 | ============================================================== | |
577 | ||
578 | panic_on_warn: | |
579 | ||
580 | Calls panic() in the WARN() path when set to 1. This is useful to avoid | |
581 | a kernel rebuild when attempting to kdump at the location of a WARN(). | |
582 | ||
583 | 0: only WARN(), default behaviour. | |
584 | ||
585 | 1: call panic() after printing out WARN() location. | |
586 | ||
587 | ============================================================== | |
588 | ||
14c63f17 DH |
589 | perf_cpu_time_max_percent: |
590 | ||
591 | Hints to the kernel how much CPU time it should be allowed to | |
592 | use to handle perf sampling events. If the perf subsystem | |
593 | is informed that its samples are exceeding this limit, it | |
594 | will drop its sampling frequency to attempt to reduce its CPU | |
595 | usage. | |
596 | ||
597 | Some perf sampling happens in NMIs. If these samples | |
598 | unexpectedly take too long to execute, the NMIs can become | |
599 | stacked up next to each other so much that nothing else is | |
600 | allowed to execute. | |
601 | ||
602 | 0: disable the mechanism. Do not monitor or correct perf's | |
603 | sampling rate no matter how CPU time it takes. | |
604 | ||
605 | 1-100: attempt to throttle perf's sample rate to this | |
606 | percentage of CPU. Note: the kernel calculates an | |
607 | "expected" length of each sample event. 100 here means | |
608 | 100% of that expected length. Even if this is set to | |
609 | 100, you may still see sample throttling if this | |
610 | length is exceeded. Set to 0 if you truly do not care | |
611 | how much CPU is consumed. | |
612 | ||
613 | ============================================================== | |
614 | ||
55af7796 | 615 | |
1da177e4 LT |
616 | pid_max: |
617 | ||
beb7dd86 | 618 | PID allocation wrap value. When the kernel's next PID value |
1da177e4 LT |
619 | reaches this value, it wraps back to a minimum PID value. |
620 | PIDs of value pid_max or larger are not allocated. | |
621 | ||
622 | ============================================================== | |
623 | ||
b8f566b0 PE |
624 | ns_last_pid: |
625 | ||
626 | The last pid allocated in the current (the one task using this sysctl | |
627 | lives in) pid namespace. When selecting a pid for a next task on fork | |
628 | kernel tries to allocate a number starting from this one. | |
629 | ||
630 | ============================================================== | |
631 | ||
1da177e4 LT |
632 | powersave-nap: (PPC only) |
633 | ||
634 | If set, Linux-PPC will use the 'nap' mode of powersaving, | |
635 | otherwise the 'doze' mode will be used. | |
636 | ||
637 | ============================================================== | |
638 | ||
639 | printk: | |
640 | ||
641 | The four values in printk denote: console_loglevel, | |
642 | default_message_loglevel, minimum_console_loglevel and | |
643 | default_console_loglevel respectively. | |
644 | ||
645 | These values influence printk() behavior when printing or | |
646 | logging error messages. See 'man 2 syslog' for more info on | |
647 | the different loglevels. | |
648 | ||
649 | - console_loglevel: messages with a higher priority than | |
650 | this will be printed to the console | |
87889e15 | 651 | - default_message_loglevel: messages without an explicit priority |
1da177e4 LT |
652 | will be printed with this priority |
653 | - minimum_console_loglevel: minimum (highest) value to which | |
654 | console_loglevel can be set | |
655 | - default_console_loglevel: default value for console_loglevel | |
656 | ||
657 | ============================================================== | |
658 | ||
807094c0 BP |
659 | printk_delay: |
660 | ||
661 | Delay each printk message in printk_delay milliseconds | |
662 | ||
663 | Value from 0 - 10000 is allowed. | |
664 | ||
665 | ============================================================== | |
666 | ||
1da177e4 LT |
667 | printk_ratelimit: |
668 | ||
669 | Some warning messages are rate limited. printk_ratelimit specifies | |
670 | the minimum length of time between these messages (in jiffies), by | |
671 | default we allow one every 5 seconds. | |
672 | ||
673 | A value of 0 will disable rate limiting. | |
674 | ||
675 | ============================================================== | |
676 | ||
677 | printk_ratelimit_burst: | |
678 | ||
679 | While long term we enforce one message per printk_ratelimit | |
680 | seconds, we do allow a burst of messages to pass through. | |
681 | printk_ratelimit_burst specifies the number of messages we can | |
682 | send before ratelimiting kicks in. | |
683 | ||
684 | ============================================================== | |
685 | ||
807094c0 | 686 | randomize_va_space: |
1ec7fd50 JK |
687 | |
688 | This option can be used to select the type of process address | |
689 | space randomization that is used in the system, for architectures | |
690 | that support this feature. | |
691 | ||
b7f5ab6f HS |
692 | 0 - Turn the process address space randomization off. This is the |
693 | default for architectures that do not support this feature anyways, | |
694 | and kernels that are booted with the "norandmaps" parameter. | |
1ec7fd50 JK |
695 | |
696 | 1 - Make the addresses of mmap base, stack and VDSO page randomized. | |
697 | This, among other things, implies that shared libraries will be | |
b7f5ab6f HS |
698 | loaded to random addresses. Also for PIE-linked binaries, the |
699 | location of code start is randomized. This is the default if the | |
700 | CONFIG_COMPAT_BRK option is enabled. | |
1ec7fd50 | 701 | |
b7f5ab6f HS |
702 | 2 - Additionally enable heap randomization. This is the default if |
703 | CONFIG_COMPAT_BRK is disabled. | |
704 | ||
705 | There are a few legacy applications out there (such as some ancient | |
1ec7fd50 | 706 | versions of libc.so.5 from 1996) that assume that brk area starts |
b7f5ab6f HS |
707 | just after the end of the code+bss. These applications break when |
708 | start of the brk area is randomized. There are however no known | |
1ec7fd50 | 709 | non-legacy applications that would be broken this way, so for most |
b7f5ab6f HS |
710 | systems it is safe to choose full randomization. |
711 | ||
712 | Systems with ancient and/or broken binaries should be configured | |
713 | with CONFIG_COMPAT_BRK enabled, which excludes the heap from process | |
714 | address space randomization. | |
1ec7fd50 JK |
715 | |
716 | ============================================================== | |
717 | ||
1da177e4 LT |
718 | reboot-cmd: (Sparc only) |
719 | ||
720 | ??? This seems to be a way to give an argument to the Sparc | |
721 | ROM/Flash boot loader. Maybe to tell it what to do after | |
722 | rebooting. ??? | |
723 | ||
724 | ============================================================== | |
725 | ||
726 | rtsig-max & rtsig-nr: | |
727 | ||
728 | The file rtsig-max can be used to tune the maximum number | |
729 | of POSIX realtime (queued) signals that can be outstanding | |
730 | in the system. | |
731 | ||
732 | rtsig-nr shows the number of RT signals currently queued. | |
733 | ||
734 | ============================================================== | |
735 | ||
736 | sg-big-buff: | |
737 | ||
738 | This file shows the size of the generic SCSI (sg) buffer. | |
739 | You can't tune it just yet, but you could change it on | |
740 | compile time by editing include/scsi/sg.h and changing | |
741 | the value of SG_BIG_BUFF. | |
742 | ||
743 | There shouldn't be any reason to change this value. If | |
744 | you can come up with one, you probably know what you | |
745 | are doing anyway :) | |
746 | ||
747 | ============================================================== | |
748 | ||
358e419f CALP |
749 | shmall: |
750 | ||
751 | This parameter sets the total amount of shared memory pages that | |
752 | can be used system wide. Hence, SHMALL should always be at least | |
753 | ceil(shmmax/PAGE_SIZE). | |
754 | ||
755 | If you are not sure what the default PAGE_SIZE is on your Linux | |
756 | system, you can run the following command: | |
757 | ||
758 | # getconf PAGE_SIZE | |
759 | ||
760 | ============================================================== | |
761 | ||
807094c0 | 762 | shmmax: |
1da177e4 LT |
763 | |
764 | This value can be used to query and set the run time limit | |
765 | on the maximum shared memory segment size that can be created. | |
807094c0 | 766 | Shared memory segments up to 1Gb are now supported in the |
1da177e4 LT |
767 | kernel. This value defaults to SHMMAX. |
768 | ||
769 | ============================================================== | |
770 | ||
b34a6b1d VK |
771 | shm_rmid_forced: |
772 | ||
773 | Linux lets you set resource limits, including how much memory one | |
774 | process can consume, via setrlimit(2). Unfortunately, shared memory | |
775 | segments are allowed to exist without association with any process, and | |
776 | thus might not be counted against any resource limits. If enabled, | |
777 | shared memory segments are automatically destroyed when their attach | |
778 | count becomes zero after a detach or a process termination. It will | |
779 | also destroy segments that were created, but never attached to, on exit | |
780 | from the process. The only use left for IPC_RMID is to immediately | |
781 | destroy an unattached segment. Of course, this breaks the way things are | |
782 | defined, so some applications might stop working. Note that this | |
783 | feature will do you no good unless you also configure your resource | |
784 | limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't | |
785 | need this. | |
786 | ||
787 | Note that if you change this from 0 to 1, already created segments | |
788 | without users and with a dead originative process will be destroyed. | |
789 | ||
790 | ============================================================== | |
791 | ||
f4aacea2 KC |
792 | sysctl_writes_strict: |
793 | ||
794 | Control how file position affects the behavior of updating sysctl values | |
795 | via the /proc/sys interface: | |
796 | ||
797 | -1 - Legacy per-write sysctl value handling, with no printk warnings. | |
798 | Each write syscall must fully contain the sysctl value to be | |
799 | written, and multiple writes on the same sysctl file descriptor | |
800 | will rewrite the sysctl value, regardless of file position. | |
801 | 0 - (default) Same behavior as above, but warn about processes that | |
802 | perform writes to a sysctl file descriptor when the file position | |
803 | is not 0. | |
804 | 1 - Respect file position when writing sysctl strings. Multiple writes | |
805 | will append to the sysctl value buffer. Anything past the max length | |
806 | of the sysctl value buffer will be ignored. Writes to numeric sysctl | |
807 | entries must always be at file position 0 and the value must be | |
808 | fully contained in the buffer sent in the write syscall. | |
809 | ||
810 | ============================================================== | |
811 | ||
ed235875 AT |
812 | softlockup_all_cpu_backtrace: |
813 | ||
814 | This value controls the soft lockup detector thread's behavior | |
815 | when a soft lockup condition is detected as to whether or not | |
816 | to gather further debug information. If enabled, each cpu will | |
817 | be issued an NMI and instructed to capture stack trace. | |
818 | ||
819 | This feature is only applicable for architectures which support | |
820 | NMI. | |
821 | ||
822 | 0: do nothing. This is the default behavior. | |
823 | ||
824 | 1: on detection capture more debug information. | |
825 | ||
826 | ============================================================== | |
827 | ||
195daf66 UO |
828 | soft_watchdog |
829 | ||
830 | This parameter can be used to control the soft lockup detector. | |
831 | ||
832 | 0 - disable the soft lockup detector | |
833 | 1 - enable the soft lockup detector | |
834 | ||
835 | The soft lockup detector monitors CPUs for threads that are hogging the CPUs | |
836 | without rescheduling voluntarily, and thus prevent the 'watchdog/N' threads | |
837 | from running. The mechanism depends on the CPUs ability to respond to timer | |
838 | interrupts which are needed for the 'watchdog/N' threads to be woken up by | |
839 | the watchdog timer function, otherwise the NMI watchdog - if enabled - can | |
840 | detect a hard lockup condition. | |
841 | ||
842 | ============================================================== | |
843 | ||
807094c0 | 844 | tainted: |
1da177e4 LT |
845 | |
846 | Non-zero if the kernel has been tainted. Numeric values, which | |
847 | can be ORed together: | |
848 | ||
bb20698d GKH |
849 | 1 - A module with a non-GPL license has been loaded, this |
850 | includes modules with no license. | |
851 | Set by modutils >= 2.4.9 and module-init-tools. | |
852 | 2 - A module was force loaded by insmod -f. | |
853 | Set by modutils >= 2.4.9 and module-init-tools. | |
854 | 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP. | |
855 | 8 - A module was forcibly unloaded from the system by rmmod -f. | |
856 | 16 - A hardware machine check error occurred on the system. | |
857 | 32 - A bad page was discovered on the system. | |
858 | 64 - The user has asked that the system be marked "tainted". This | |
859 | could be because they are running software that directly modifies | |
860 | the hardware, or for other reasons. | |
861 | 128 - The system has died. | |
862 | 256 - The ACPI DSDT has been overridden with one supplied by the user | |
863 | instead of using the one provided by the hardware. | |
864 | 512 - A kernel warning has occurred. | |
865 | 1024 - A module from drivers/staging was loaded. | |
f5fe184b LF |
866 | 2048 - The system is working around a severe firmware bug. |
867 | 4096 - An out-of-tree module has been loaded. | |
66cc69e3 MD |
868 | 8192 - An unsigned module has been loaded in a kernel supporting module |
869 | signature. | |
69361eef | 870 | 16384 - A soft lockup has previously occurred on the system. |
c5f45465 | 871 | 32768 - The kernel has been live patched. |
1da177e4 | 872 | |
760df93e SF |
873 | ============================================================== |
874 | ||
0ec62afe HS |
875 | threads-max |
876 | ||
877 | This value controls the maximum number of threads that can be created | |
878 | using fork(). | |
879 | ||
880 | During initialization the kernel sets this value such that even if the | |
881 | maximum number of threads is created, the thread structures occupy only | |
882 | a part (1/8th) of the available RAM pages. | |
883 | ||
884 | The minimum value that can be written to threads-max is 20. | |
885 | The maximum value that can be written to threads-max is given by the | |
886 | constant FUTEX_TID_MASK (0x3fffffff). | |
887 | If a value outside of this range is written to threads-max an error | |
888 | EINVAL occurs. | |
889 | ||
890 | The value written is checked against the available RAM pages. If the | |
891 | thread structures would occupy too much (more than 1/8th) of the | |
892 | available RAM pages threads-max is reduced accordingly. | |
893 | ||
894 | ============================================================== | |
895 | ||
760df93e SF |
896 | unknown_nmi_panic: |
897 | ||
807094c0 BP |
898 | The value in this file affects behavior of handling NMI. When the |
899 | value is non-zero, unknown NMI is trapped and then panic occurs. At | |
900 | that time, kernel debugging information is displayed on console. | |
760df93e | 901 | |
807094c0 BP |
902 | NMI switch that most IA32 servers have fires unknown NMI up, for |
903 | example. If a system hangs up, try pressing the NMI switch. | |
08825c90 LZ |
904 | |
905 | ============================================================== | |
906 | ||
195daf66 UO |
907 | watchdog: |
908 | ||
909 | This parameter can be used to disable or enable the soft lockup detector | |
910 | _and_ the NMI watchdog (i.e. the hard lockup detector) at the same time. | |
911 | ||
912 | 0 - disable both lockup detectors | |
913 | 1 - enable both lockup detectors | |
914 | ||
915 | The soft lockup detector and the NMI watchdog can also be disabled or | |
916 | enabled individually, using the soft_watchdog and nmi_watchdog parameters. | |
917 | If the watchdog parameter is read, for example by executing | |
918 | ||
919 | cat /proc/sys/kernel/watchdog | |
920 | ||
921 | the output of this command (0 or 1) shows the logical OR of soft_watchdog | |
922 | and nmi_watchdog. | |
923 | ||
924 | ============================================================== | |
925 | ||
fe4ba3c3 CM |
926 | watchdog_cpumask: |
927 | ||
928 | This value can be used to control on which cpus the watchdog may run. | |
929 | The default cpumask is all possible cores, but if NO_HZ_FULL is | |
930 | enabled in the kernel config, and cores are specified with the | |
931 | nohz_full= boot argument, those cores are excluded by default. | |
932 | Offline cores can be included in this mask, and if the core is later | |
933 | brought online, the watchdog will be started based on the mask value. | |
934 | ||
935 | Typically this value would only be touched in the nohz_full case | |
936 | to re-enable cores that by default were not running the watchdog, | |
937 | if a kernel lockup was suspected on those cores. | |
938 | ||
939 | The argument value is the standard cpulist format for cpumasks, | |
940 | so for example to enable the watchdog on cores 0, 2, 3, and 4 you | |
941 | might say: | |
942 | ||
943 | echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask | |
944 | ||
945 | ============================================================== | |
946 | ||
08825c90 LZ |
947 | watchdog_thresh: |
948 | ||
949 | This value can be used to control the frequency of hrtimer and NMI | |
950 | events and the soft and hard lockup thresholds. The default threshold | |
951 | is 10 seconds. | |
952 | ||
953 | The softlockup threshold is (2 * watchdog_thresh). Setting this | |
954 | tunable to zero will disable lockup detection altogether. | |
955 | ||
956 | ============================================================== |