xref: /linux/Documentation/admin-guide/sysctl/kernel.rst (revision fd7d598270724cc787982ea48bbe17ad383a8b7f)
1===================================
2Documentation for /proc/sys/kernel/
3===================================
4
5.. See scripts/check-sysctl-docs to keep this up to date
6
7
8Copyright (c) 1998, 1999,  Rik van Riel <riel@nl.linux.org>
9
10Copyright (c) 2009,        Shen Feng<shen@cn.fujitsu.com>
11
12For general info and legal blurb, please look in
13Documentation/admin-guide/sysctl/index.rst.
14
15------------------------------------------------------------------------------
16
17This file contains documentation for the sysctl files in
18``/proc/sys/kernel/``.
19
20The files in this directory can be used to tune and monitor
21miscellaneous and general things in the operation of the Linux
22kernel. Since some of the files *can* be used to screw up your
23system, it is advisable to read both documentation and source
24before actually making adjustments.
25
26Currently, these files might (depending on your configuration)
27show up in ``/proc/sys/kernel``:
28
29.. contents:: :local:
30
31
32acct
33====
34
35::
36
37    highwater lowwater frequency
38
39If BSD-style process accounting is enabled these values control
40its behaviour. If free space on filesystem where the log lives
41goes below ``lowwater``\ % accounting suspends. If free space gets
42above ``highwater``\ % accounting resumes. ``frequency`` determines
43how often do we check the amount of free space (value is in
44seconds). Default:
45
46::
47
48    4 2 30
49
50That is, suspend accounting if free space drops below 2%; resume it
51if it increases to at least 4%; consider information about amount of
52free space valid for 30 seconds.
53
54
55acpi_video_flags
56================
57
58See Documentation/power/video.rst. This allows the video resume mode to be set,
59in a similar fashion to the ``acpi_sleep`` kernel parameter, by
60combining the following values:
61
62= =======
631 s3_bios
642 s3_mode
654 s3_beep
66= =======
67
68arch
69====
70
71The machine hardware name, the same output as ``uname -m``
72(e.g. ``x86_64`` or ``aarch64``).
73
74auto_msgmni
75===========
76
77This variable has no effect and may be removed in future kernel
78releases. Reading it always returns 0.
79Up to Linux 3.17, it enabled/disabled automatic recomputing of
80`msgmni`_
81upon memory add/remove or upon IPC namespace creation/removal.
82Echoing "1" into this file enabled msgmni automatic recomputing.
83Echoing "0" turned it off. The default value was 1.
84
85
86bootloader_type (x86 only)
87==========================
88
89This gives the bootloader type number as indicated by the bootloader,
90shifted left by 4, and OR'd with the low four bits of the bootloader
91version.  The reason for this encoding is that this used to match the
92``type_of_loader`` field in the kernel header; the encoding is kept for
93backwards compatibility.  That is, if the full bootloader type number
94is 0x15 and the full version number is 0x234, this file will contain
95the value 340 = 0x154.
96
97See the ``type_of_loader`` and ``ext_loader_type`` fields in
98Documentation/arch/x86/boot.rst for additional information.
99
100
101bootloader_version (x86 only)
102=============================
103
104The complete bootloader version number.  In the example above, this
105file will contain the value 564 = 0x234.
106
107See the ``type_of_loader`` and ``ext_loader_ver`` fields in
108Documentation/arch/x86/boot.rst for additional information.
109
110
111bpf_stats_enabled
112=================
113
114Controls whether the kernel should collect statistics on BPF programs
115(total time spent running, number of times run...). Enabling
116statistics causes a slight reduction in performance on each program
117run. The statistics can be seen using ``bpftool``.
118
119= ===================================
1200 Don't collect statistics (default).
1211 Collect statistics.
122= ===================================
123
124
125cad_pid
126=======
127
128This is the pid which will be signalled on reboot (notably, by
129Ctrl-Alt-Delete). Writing a value to this file which doesn't
130correspond to a running process will result in ``-ESRCH``.
131
132See also `ctrl-alt-del`_.
133
134
135cap_last_cap
136============
137
138Highest valid capability of the running kernel.  Exports
139``CAP_LAST_CAP`` from the kernel.
140
141
142.. _core_pattern:
143
144core_pattern
145============
146
147``core_pattern`` is used to specify a core dumpfile pattern name.
148
149* max length 127 characters; default value is "core"
150* ``core_pattern`` is used as a pattern template for the output
151  filename; certain string patterns (beginning with '%') are
152  substituted with their actual values.
153* backward compatibility with ``core_uses_pid``:
154
155	If ``core_pattern`` does not include "%p" (default does not)
156	and ``core_uses_pid`` is set, then .PID will be appended to
157	the filename.
158
159* corename format specifiers
160
161	========	==========================================
162	%<NUL>		'%' is dropped
163	%%		output one '%'
164	%p		pid
165	%P		global pid (init PID namespace)
166	%i		tid
167	%I		global tid (init PID namespace)
168	%u		uid (in initial user namespace)
169	%g		gid (in initial user namespace)
170	%d		dump mode, matches ``PR_SET_DUMPABLE`` and
171			``/proc/sys/fs/suid_dumpable``
172	%s		signal number
173	%t		UNIX time of dump
174	%h		hostname
175	%e		executable filename (may be shortened, could be changed by prctl etc)
176	%f      	executable filename
177	%E		executable path
178	%c		maximum size of core file by resource limit RLIMIT_CORE
179	%C		CPU the task ran on
180	%<OTHER>	both are dropped
181	========	==========================================
182
183* If the first character of the pattern is a '|', the kernel will treat
184  the rest of the pattern as a command to run.  The core dump will be
185  written to the standard input of that program instead of to a file.
186
187
188core_pipe_limit
189===============
190
191This sysctl is only applicable when `core_pattern`_ is configured to
192pipe core files to a user space helper (when the first character of
193``core_pattern`` is a '|', see above).
194When collecting cores via a pipe to an application, it is occasionally
195useful for the collecting application to gather data about the
196crashing process from its ``/proc/pid`` directory.
197In order to do this safely, the kernel must wait for the collecting
198process to exit, so as not to remove the crashing processes proc files
199prematurely.
200This in turn creates the possibility that a misbehaving userspace
201collecting process can block the reaping of a crashed process simply
202by never exiting.
203This sysctl defends against that.
204It defines how many concurrent crashing processes may be piped to user
205space applications in parallel.
206If this value is exceeded, then those crashing processes above that
207value are noted via the kernel log and their cores are skipped.
2080 is a special value, indicating that unlimited processes may be
209captured in parallel, but that no waiting will take place (i.e. the
210collecting process is not guaranteed access to ``/proc/<crashing
211pid>/``).
212This value defaults to 0.
213
214
215core_uses_pid
216=============
217
218The default coredump filename is "core".  By setting
219``core_uses_pid`` to 1, the coredump filename becomes core.PID.
220If `core_pattern`_ does not include "%p" (default does not)
221and ``core_uses_pid`` is set, then .PID will be appended to
222the filename.
223
224
225ctrl-alt-del
226============
227
228When the value in this file is 0, ctrl-alt-del is trapped and
229sent to the ``init(1)`` program to handle a graceful restart.
230When, however, the value is > 0, Linux's reaction to a Vulcan
231Nerve Pinch (tm) will be an immediate reboot, without even
232syncing its dirty buffers.
233
234Note:
235  when a program (like dosemu) has the keyboard in 'raw'
236  mode, the ctrl-alt-del is intercepted by the program before it
237  ever reaches the kernel tty layer, and it's up to the program
238  to decide what to do with it.
239
240
241dmesg_restrict
242==============
243
244This toggle indicates whether unprivileged users are prevented
245from using ``dmesg(8)`` to view messages from the kernel's log
246buffer.
247When ``dmesg_restrict`` is set to 0 there are no restrictions.
248When ``dmesg_restrict`` is set to 1, users must have
249``CAP_SYSLOG`` to use ``dmesg(8)``.
250
251The kernel config option ``CONFIG_SECURITY_DMESG_RESTRICT`` sets the
252default value of ``dmesg_restrict``.
253
254
255domainname & hostname
256=====================
257
258These files can be used to set the NIS/YP domainname and the
259hostname of your box in exactly the same way as the commands
260domainname and hostname, i.e.::
261
262	# echo "darkstar" > /proc/sys/kernel/hostname
263	# echo "mydomain" > /proc/sys/kernel/domainname
264
265has the same effect as::
266
267	# hostname "darkstar"
268	# domainname "mydomain"
269
270Note, however, that the classic darkstar.frop.org has the
271hostname "darkstar" and DNS (Internet Domain Name Server)
272domainname "frop.org", not to be confused with the NIS (Network
273Information Service) or YP (Yellow Pages) domainname. These two
274domain names are in general different. For a detailed discussion
275see the ``hostname(1)`` man page.
276
277
278firmware_config
279===============
280
281See Documentation/driver-api/firmware/fallback-mechanisms.rst.
282
283The entries in this directory allow the firmware loader helper
284fallback to be controlled:
285
286* ``force_sysfs_fallback``, when set to 1, forces the use of the
287  fallback;
288* ``ignore_sysfs_fallback``, when set to 1, ignores any fallback.
289
290
291ftrace_dump_on_oops
292===================
293
294Determines whether ``ftrace_dump()`` should be called on an oops (or
295kernel panic). This will output the contents of the ftrace buffers to
296the console.  This is very useful for capturing traces that lead to
297crashes and outputting them to a serial console.
298
299= ===================================================
3000 Disabled (default).
3011 Dump buffers of all CPUs.
3022 Dump the buffer of the CPU that triggered the oops.
303= ===================================================
304
305
306ftrace_enabled, stack_tracer_enabled
307====================================
308
309See Documentation/trace/ftrace.rst.
310
311
312hardlockup_all_cpu_backtrace
313============================
314
315This value controls the hard lockup detector behavior when a hard
316lockup condition is detected as to whether or not to gather further
317debug information. If enabled, arch-specific all-CPU stack dumping
318will be initiated.
319
320= ============================================
3210 Do nothing. This is the default behavior.
3221 On detection capture more debug information.
323= ============================================
324
325
326hardlockup_panic
327================
328
329This parameter can be used to control whether the kernel panics
330when a hard lockup is detected.
331
332= ===========================
3330 Don't panic on hard lockup.
3341 Panic on hard lockup.
335= ===========================
336
337See Documentation/admin-guide/lockup-watchdogs.rst for more information.
338This can also be set using the nmi_watchdog kernel parameter.
339
340
341hotplug
342=======
343
344Path for the hotplug policy agent.
345Default value is ``CONFIG_UEVENT_HELPER_PATH``, which in turn defaults
346to the empty string.
347
348This file only exists when ``CONFIG_UEVENT_HELPER`` is enabled. Most
349modern systems rely exclusively on the netlink-based uevent source and
350don't need this.
351
352
353hung_task_all_cpu_backtrace
354===========================
355
356If this option is set, the kernel will send an NMI to all CPUs to dump
357their backtraces when a hung task is detected. This file shows up if
358CONFIG_DETECT_HUNG_TASK and CONFIG_SMP are enabled.
359
3600: Won't show all CPUs backtraces when a hung task is detected.
361This is the default behavior.
362
3631: Will non-maskably interrupt all CPUs and dump their backtraces when
364a hung task is detected.
365
366
367hung_task_panic
368===============
369
370Controls the kernel's behavior when a hung task is detected.
371This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
372
373= =================================================
3740 Continue operation. This is the default behavior.
3751 Panic immediately.
376= =================================================
377
378
379hung_task_check_count
380=====================
381
382The upper bound on the number of tasks that are checked.
383This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
384
385
386hung_task_timeout_secs
387======================
388
389When a task in D state did not get scheduled
390for more than this value report a warning.
391This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
392
3930 means infinite timeout, no checking is done.
394
395Possible values to set are in range {0:``LONG_MAX``/``HZ``}.
396
397
398hung_task_check_interval_secs
399=============================
400
401Hung task check interval. If hung task checking is enabled
402(see `hung_task_timeout_secs`_), the check is done every
403``hung_task_check_interval_secs`` seconds.
404This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
405
4060 (default) means use ``hung_task_timeout_secs`` as checking
407interval.
408
409Possible values to set are in range {0:``LONG_MAX``/``HZ``}.
410
411
412hung_task_warnings
413==================
414
415The maximum number of warnings to report. During a check interval
416if a hung task is detected, this value is decreased by 1.
417When this value reaches 0, no more warnings will be reported.
418This file shows up if ``CONFIG_DETECT_HUNG_TASK`` is enabled.
419
420-1: report an infinite number of warnings.
421
422
423hyperv_record_panic_msg
424=======================
425
426Controls whether the panic kmsg data should be reported to Hyper-V.
427
428= =========================================================
4290 Do not report panic kmsg data.
4301 Report the panic kmsg data. This is the default behavior.
431= =========================================================
432
433
434ignore-unaligned-usertrap
435=========================
436
437On architectures where unaligned accesses cause traps, and where this
438feature is supported (``CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN``;
439currently, ``arc``, ``ia64`` and ``loongarch``), controls whether all
440unaligned traps are logged.
441
442= =============================================================
4430 Log all unaligned accesses.
4441 Only warn the first time a process traps. This is the default
445  setting.
446= =============================================================
447
448See also `unaligned-trap`_ and `unaligned-dump-stack`_. On ``ia64``,
449this allows system administrators to override the
450``IA64_THREAD_UAC_NOPRINT`` ``prctl`` and avoid logs being flooded.
451
452
453io_uring_disabled
454=================
455
456Prevents all processes from creating new io_uring instances. Enabling this
457shrinks the kernel's attack surface.
458
459= ======================================================================
4600 All processes can create io_uring instances as normal. This is the
461  default setting.
4621 io_uring creation is disabled (io_uring_setup() will fail with
463  -EPERM) for unprivileged processes not in the io_uring_group group.
464  Existing io_uring instances can still be used.  See the
465  documentation for io_uring_group for more information.
4662 io_uring creation is disabled for all processes. io_uring_setup()
467  always fails with -EPERM. Existing io_uring instances can still be
468  used.
469= ======================================================================
470
471
472io_uring_group
473==============
474
475When io_uring_disabled is set to 1, a process must either be
476privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
477to create an io_uring instance.  If io_uring_group is set to -1 (the
478default), only processes with the CAP_SYS_ADMIN capability may create
479io_uring instances.
480
481
482kexec_load_disabled
483===================
484
485A toggle indicating if the syscalls ``kexec_load`` and
486``kexec_file_load`` have been disabled.
487This value defaults to 0 (false: ``kexec_*load`` enabled), but can be
488set to 1 (true: ``kexec_*load`` disabled).
489Once true, kexec can no longer be used, and the toggle cannot be set
490back to false.
491This allows a kexec image to be loaded before disabling the syscall,
492allowing a system to set up (and later use) an image without it being
493altered.
494Generally used together with the `modules_disabled`_ sysctl.
495
496kexec_load_limit_panic
497======================
498
499This parameter specifies a limit to the number of times the syscalls
500``kexec_load`` and ``kexec_file_load`` can be called with a crash
501image. It can only be set with a more restrictive value than the
502current one.
503
504== ======================================================
505-1 Unlimited calls to kexec. This is the default setting.
506N  Number of calls left.
507== ======================================================
508
509kexec_load_limit_reboot
510=======================
511
512Similar functionality as ``kexec_load_limit_panic``, but for a normal
513image.
514
515kptr_restrict
516=============
517
518This toggle indicates whether restrictions are placed on
519exposing kernel addresses via ``/proc`` and other interfaces.
520
521When ``kptr_restrict`` is set to 0 (the default) the address is hashed
522before printing.
523(This is the equivalent to %p.)
524
525When ``kptr_restrict`` is set to 1, kernel pointers printed using the
526%pK format specifier will be replaced with 0s unless the user has
527``CAP_SYSLOG`` and effective user and group ids are equal to the real
528ids.
529This is because %pK checks are done at read() time rather than open()
530time, so if permissions are elevated between the open() and the read()
531(e.g via a setuid binary) then %pK will not leak kernel pointers to
532unprivileged users.
533Note, this is a temporary solution only.
534The correct long-term solution is to do the permission checks at
535open() time.
536Consider removing world read permissions from files that use %pK, and
537using `dmesg_restrict`_ to protect against uses of %pK in ``dmesg(8)``
538if leaking kernel pointer values to unprivileged users is a concern.
539
540When ``kptr_restrict`` is set to 2, kernel pointers printed using
541%pK will be replaced with 0s regardless of privileges.
542
543
544modprobe
545========
546
547The full path to the usermode helper for autoloading kernel modules,
548by default ``CONFIG_MODPROBE_PATH``, which in turn defaults to
549"/sbin/modprobe".  This binary is executed when the kernel requests a
550module.  For example, if userspace passes an unknown filesystem type
551to mount(), then the kernel will automatically request the
552corresponding filesystem module by executing this usermode helper.
553This usermode helper should insert the needed module into the kernel.
554
555This sysctl only affects module autoloading.  It has no effect on the
556ability to explicitly insert modules.
557
558This sysctl can be used to debug module loading requests::
559
560    echo '#! /bin/sh' > /tmp/modprobe
561    echo 'echo "$@" >> /tmp/modprobe.log' >> /tmp/modprobe
562    echo 'exec /sbin/modprobe "$@"' >> /tmp/modprobe
563    chmod a+x /tmp/modprobe
564    echo /tmp/modprobe > /proc/sys/kernel/modprobe
565
566Alternatively, if this sysctl is set to the empty string, then module
567autoloading is completely disabled.  The kernel will not try to
568execute a usermode helper at all, nor will it call the
569kernel_module_request LSM hook.
570
571If CONFIG_STATIC_USERMODEHELPER=y is set in the kernel configuration,
572then the configured static usermode helper overrides this sysctl,
573except that the empty string is still accepted to completely disable
574module autoloading as described above.
575
576modules_disabled
577================
578
579A toggle value indicating if modules are allowed to be loaded
580in an otherwise modular kernel.  This toggle defaults to off
581(0), but can be set true (1).  Once true, modules can be
582neither loaded nor unloaded, and the toggle cannot be set back
583to false.  Generally used with the `kexec_load_disabled`_ toggle.
584
585
586.. _msgmni:
587
588msgmax, msgmnb, and msgmni
589==========================
590
591``msgmax`` is the maximum size of an IPC message, in bytes. 8192 by
592default (``MSGMAX``).
593
594``msgmnb`` is the maximum size of an IPC queue, in bytes. 16384 by
595default (``MSGMNB``).
596
597``msgmni`` is the maximum number of IPC queues. 32000 by default
598(``MSGMNI``).
599
600
601msg_next_id, sem_next_id, and shm_next_id (System V IPC)
602========================================================
603
604These three toggles allows to specify desired id for next allocated IPC
605object: message, semaphore or shared memory respectively.
606
607By default they are equal to -1, which means generic allocation logic.
608Possible values to set are in range {0:``INT_MAX``}.
609
610Notes:
611  1) kernel doesn't guarantee, that new object will have desired id. So,
612     it's up to userspace, how to handle an object with "wrong" id.
613  2) Toggle with non-default value will be set back to -1 by kernel after
614     successful IPC object allocation. If an IPC object allocation syscall
615     fails, it is undefined if the value remains unmodified or is reset to -1.
616
617
618ngroups_max
619===========
620
621Maximum number of supplementary groups, _i.e._ the maximum size which
622``setgroups`` will accept. Exports ``NGROUPS_MAX`` from the kernel.
623
624
625
626nmi_watchdog
627============
628
629This parameter can be used to control the NMI watchdog
630(i.e. the hard lockup detector) on x86 systems.
631
632= =================================
6330 Disable the hard lockup detector.
6341 Enable the hard lockup detector.
635= =================================
636
637The hard lockup detector monitors each CPU for its ability to respond to
638timer interrupts. The mechanism utilizes CPU performance counter registers
639that are programmed to generate Non-Maskable Interrupts (NMIs) periodically
640while a CPU is busy. Hence, the alternative name 'NMI watchdog'.
641
642The NMI watchdog is disabled by default if the kernel is running as a guest
643in a KVM virtual machine. This default can be overridden by adding::
644
645   nmi_watchdog=1
646
647to the guest kernel command line (see
648Documentation/admin-guide/kernel-parameters.rst).
649
650
651nmi_wd_lpm_factor (PPC only)
652============================
653
654Factor to apply to the NMI watchdog timeout (only when ``nmi_watchdog`` is
655set to 1). This factor represents the percentage added to
656``watchdog_thresh`` when calculating the NMI watchdog timeout during an
657LPM. The soft lockup timeout is not impacted.
658
659A value of 0 means no change. The default value is 200 meaning the NMI
660watchdog is set to 30s (based on ``watchdog_thresh`` equal to 10).
661
662
663numa_balancing
664==============
665
666Enables/disables and configures automatic page fault based NUMA memory
667balancing.  Memory is moved automatically to nodes that access it often.
668The value to set can be the result of ORing the following:
669
670= =================================
6710 NUMA_BALANCING_DISABLED
6721 NUMA_BALANCING_NORMAL
6732 NUMA_BALANCING_MEMORY_TIERING
674= =================================
675
676Or NUMA_BALANCING_NORMAL to optimize page placement among different
677NUMA nodes to reduce remote accessing.  On NUMA machines, there is a
678performance penalty if remote memory is accessed by a CPU. When this
679feature is enabled the kernel samples what task thread is accessing
680memory by periodically unmapping pages and later trapping a page
681fault. At the time of the page fault, it is determined if the data
682being accessed should be migrated to a local memory node.
683
684The unmapping of pages and trapping faults incur additional overhead that
685ideally is offset by improved memory locality but there is no universal
686guarantee. If the target workload is already bound to NUMA nodes then this
687feature should be disabled.
688
689Or NUMA_BALANCING_MEMORY_TIERING to optimize page placement among
690different types of memory (represented as different NUMA nodes) to
691place the hot pages in the fast memory.  This is implemented based on
692unmapping and page fault too.
693
694numa_balancing_promote_rate_limit_MBps
695======================================
696
697Too high promotion/demotion throughput between different memory types
698may hurt application latency.  This can be used to rate limit the
699promotion throughput.  The per-node max promotion throughput in MB/s
700will be limited to be no more than the set value.
701
702A rule of thumb is to set this to less than 1/10 of the PMEM node
703write bandwidth.
704
705oops_all_cpu_backtrace
706======================
707
708If this option is set, the kernel will send an NMI to all CPUs to dump
709their backtraces when an oops event occurs. It should be used as a last
710resort in case a panic cannot be triggered (to protect VMs running, for
711example) or kdump can't be collected. This file shows up if CONFIG_SMP
712is enabled.
713
7140: Won't show all CPUs backtraces when an oops is detected.
715This is the default behavior.
716
7171: Will non-maskably interrupt all CPUs and dump their backtraces when
718an oops event is detected.
719
720
721oops_limit
722==========
723
724Number of kernel oopses after which the kernel should panic when
725``panic_on_oops`` is not set. Setting this to 0 disables checking
726the count. Setting this to  1 has the same effect as setting
727``panic_on_oops=1``. The default value is 10000.
728
729
730osrelease, ostype & version
731===========================
732
733::
734
735  # cat osrelease
736  2.1.88
737  # cat ostype
738  Linux
739  # cat version
740  #5 Wed Feb 25 21:49:24 MET 1998
741
742The files ``osrelease`` and ``ostype`` should be clear enough.
743``version``
744needs a little more clarification however. The '#5' means that
745this is the fifth kernel built from this source base and the
746date behind it indicates the time the kernel was built.
747The only way to tune these values is to rebuild the kernel :-)
748
749
750overflowgid & overflowuid
751=========================
752
753if your architecture did not always support 32-bit UIDs (i.e. arm,
754i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to
755applications that use the old 16-bit UID/GID system calls, if the
756actual UID or GID would exceed 65535.
757
758These sysctls allow you to change the value of the fixed UID and GID.
759The default is 65534.
760
761
762panic
763=====
764
765The value in this file determines the behaviour of the kernel on a
766panic:
767
768* if zero, the kernel will loop forever;
769* if negative, the kernel will reboot immediately;
770* if positive, the kernel will reboot after the corresponding number
771  of seconds.
772
773When you use the software watchdog, the recommended setting is 60.
774
775
776panic_on_io_nmi
777===============
778
779Controls the kernel's behavior when a CPU receives an NMI caused by
780an IO error.
781
782= ==================================================================
7830 Try to continue operation (default).
7841 Panic immediately. The IO error triggered an NMI. This indicates a
785  serious system condition which could result in IO data corruption.
786  Rather than continuing, panicking might be a better choice. Some
787  servers issue this sort of NMI when the dump button is pushed,
788  and you can use this option to take a crash dump.
789= ==================================================================
790
791
792panic_on_oops
793=============
794
795Controls the kernel's behaviour when an oops or BUG is encountered.
796
797= ===================================================================
7980 Try to continue operation.
7991 Panic immediately.  If the `panic` sysctl is also non-zero then the
800  machine will be rebooted.
801= ===================================================================
802
803
804panic_on_stackoverflow
805======================
806
807Controls the kernel's behavior when detecting the overflows of
808kernel, IRQ and exception stacks except a user stack.
809This file shows up if ``CONFIG_DEBUG_STACKOVERFLOW`` is enabled.
810
811= ==========================
8120 Try to continue operation.
8131 Panic immediately.
814= ==========================
815
816
817panic_on_unrecovered_nmi
818========================
819
820The default Linux behaviour on an NMI of either memory or unknown is
821to continue operation. For many environments such as scientific
822computing it is preferable that the box is taken out and the error
823dealt with than an uncorrected parity/ECC error get propagated.
824
825A small number of systems do generate NMIs for bizarre random reasons
826such as power management so the default is off. That sysctl works like
827the existing panic controls already in that directory.
828
829
830panic_on_warn
831=============
832
833Calls panic() in the WARN() path when set to 1.  This is useful to avoid
834a kernel rebuild when attempting to kdump at the location of a WARN().
835
836= ================================================
8370 Only WARN(), default behaviour.
8381 Call panic() after printing out WARN() location.
839= ================================================
840
841
842panic_print
843===========
844
845Bitmask for printing system info when panic happens. User can chose
846combination of the following bits:
847
848=====  ============================================
849bit 0  print all tasks info
850bit 1  print system memory info
851bit 2  print timer info
852bit 3  print locks info if ``CONFIG_LOCKDEP`` is on
853bit 4  print ftrace buffer
854bit 5  print all printk messages in buffer
855bit 6  print all CPUs backtrace (if available in the arch)
856=====  ============================================
857
858So for example to print tasks and memory info on panic, user can::
859
860  echo 3 > /proc/sys/kernel/panic_print
861
862
863panic_on_rcu_stall
864==================
865
866When set to 1, calls panic() after RCU stall detection messages. This
867is useful to define the root cause of RCU stalls using a vmcore.
868
869= ============================================================
8700 Do not panic() when RCU stall takes place, default behavior.
8711 panic() after printing RCU stall messages.
872= ============================================================
873
874max_rcu_stall_to_panic
875======================
876
877When ``panic_on_rcu_stall`` is set to 1, this value determines the
878number of times that RCU can stall before panic() is called.
879
880When ``panic_on_rcu_stall`` is set to 0, this value is has no effect.
881
882perf_cpu_time_max_percent
883=========================
884
885Hints to the kernel how much CPU time it should be allowed to
886use to handle perf sampling events.  If the perf subsystem
887is informed that its samples are exceeding this limit, it
888will drop its sampling frequency to attempt to reduce its CPU
889usage.
890
891Some perf sampling happens in NMIs.  If these samples
892unexpectedly take too long to execute, the NMIs can become
893stacked up next to each other so much that nothing else is
894allowed to execute.
895
896===== ========================================================
8970     Disable the mechanism.  Do not monitor or correct perf's
898      sampling rate no matter how CPU time it takes.
899
9001-100 Attempt to throttle perf's sample rate to this
901      percentage of CPU.  Note: the kernel calculates an
902      "expected" length of each sample event.  100 here means
903      100% of that expected length.  Even if this is set to
904      100, you may still see sample throttling if this
905      length is exceeded.  Set to 0 if you truly do not care
906      how much CPU is consumed.
907===== ========================================================
908
909
910perf_event_paranoid
911===================
912
913Controls use of the performance events system by unprivileged
914users (without CAP_PERFMON).  The default value is 2.
915
916For backward compatibility reasons access to system performance
917monitoring and observability remains open for CAP_SYS_ADMIN
918privileged processes but CAP_SYS_ADMIN usage for secure system
919performance monitoring and observability operations is discouraged
920with respect to CAP_PERFMON use cases.
921
922===  ==================================================================
923 -1  Allow use of (almost) all events by all users.
924
925     Ignore mlock limit after perf_event_mlock_kb without
926     ``CAP_IPC_LOCK``.
927
928>=0  Disallow ftrace function tracepoint by users without
929     ``CAP_PERFMON``.
930
931     Disallow raw tracepoint access by users without ``CAP_PERFMON``.
932
933>=1  Disallow CPU event access by users without ``CAP_PERFMON``.
934
935>=2  Disallow kernel profiling by users without ``CAP_PERFMON``.
936===  ==================================================================
937
938
939perf_event_max_stack
940====================
941
942Controls maximum number of stack frames to copy for (``attr.sample_type &
943PERF_SAMPLE_CALLCHAIN``) configured events, for instance, when using
944'``perf record -g``' or '``perf trace --call-graph fp``'.
945
946This can only be done when no events are in use that have callchains
947enabled, otherwise writing to this file will return ``-EBUSY``.
948
949The default value is 127.
950
951
952perf_event_mlock_kb
953===================
954
955Control size of per-cpu ring buffer not counted against mlock limit.
956
957The default value is 512 + 1 page
958
959
960perf_event_max_contexts_per_stack
961=================================
962
963Controls maximum number of stack frame context entries for
964(``attr.sample_type & PERF_SAMPLE_CALLCHAIN``) configured events, for
965instance, when using '``perf record -g``' or '``perf trace --call-graph fp``'.
966
967This can only be done when no events are in use that have callchains
968enabled, otherwise writing to this file will return ``-EBUSY``.
969
970The default value is 8.
971
972
973perf_user_access (arm64 and riscv only)
974=======================================
975
976Controls user space access for reading perf event counters.
977
978arm64
979=====
980
981The default value is 0 (access disabled).
982
983When set to 1, user space can read performance monitor counter registers
984directly.
985
986See Documentation/arch/arm64/perf.rst for more information.
987
988riscv
989=====
990
991When set to 0, user space access is disabled.
992
993The default value is 1, user space can read performance monitor counter
994registers through perf, any direct access without perf intervention will trigger
995an illegal instruction.
996
997When set to 2, which enables legacy mode (user space has direct access to cycle
998and insret CSRs only). Note that this legacy value is deprecated and will be
999removed once all user space applications are fixed.
1000
1001Note that the time CSR is always directly accessible to all modes.
1002
1003pid_max
1004=======
1005
1006PID allocation wrap value.  When the kernel's next PID value
1007reaches this value, it wraps back to a minimum PID value.
1008PIDs of value ``pid_max`` or larger are not allocated.
1009
1010
1011ns_last_pid
1012===========
1013
1014The last pid allocated in the current (the one task using this sysctl
1015lives in) pid namespace. When selecting a pid for a next task on fork
1016kernel tries to allocate a number starting from this one.
1017
1018
1019powersave-nap (PPC only)
1020========================
1021
1022If set, Linux-PPC will use the 'nap' mode of powersaving,
1023otherwise the 'doze' mode will be used.
1024
1025
1026==============================================================
1027
1028printk
1029======
1030
1031The four values in printk denote: ``console_loglevel``,
1032``default_message_loglevel``, ``minimum_console_loglevel`` and
1033``default_console_loglevel`` respectively.
1034
1035These values influence printk() behavior when printing or
1036logging error messages. See '``man 2 syslog``' for more info on
1037the different loglevels.
1038
1039======================== =====================================
1040console_loglevel         messages with a higher priority than
1041                         this will be printed to the console
1042default_message_loglevel messages without an explicit priority
1043                         will be printed with this priority
1044minimum_console_loglevel minimum (highest) value to which
1045                         console_loglevel can be set
1046default_console_loglevel default value for console_loglevel
1047======================== =====================================
1048
1049
1050printk_delay
1051============
1052
1053Delay each printk message in ``printk_delay`` milliseconds
1054
1055Value from 0 - 10000 is allowed.
1056
1057
1058printk_ratelimit
1059================
1060
1061Some warning messages are rate limited. ``printk_ratelimit`` specifies
1062the minimum length of time between these messages (in seconds).
1063The default value is 5 seconds.
1064
1065A value of 0 will disable rate limiting.
1066
1067
1068printk_ratelimit_burst
1069======================
1070
1071While long term we enforce one message per `printk_ratelimit`_
1072seconds, we do allow a burst of messages to pass through.
1073``printk_ratelimit_burst`` specifies the number of messages we can
1074send before ratelimiting kicks in.
1075
1076The default value is 10 messages.
1077
1078
1079printk_devkmsg
1080==============
1081
1082Control the logging to ``/dev/kmsg`` from userspace:
1083
1084========= =============================================
1085ratelimit default, ratelimited
1086on        unlimited logging to /dev/kmsg from userspace
1087off       logging to /dev/kmsg disabled
1088========= =============================================
1089
1090The kernel command line parameter ``printk.devkmsg=`` overrides this and is
1091a one-time setting until next reboot: once set, it cannot be changed by
1092this sysctl interface anymore.
1093
1094==============================================================
1095
1096
1097pty
1098===
1099
1100See Documentation/filesystems/devpts.rst.
1101
1102
1103random
1104======
1105
1106This is a directory, with the following entries:
1107
1108* ``boot_id``: a UUID generated the first time this is retrieved, and
1109  unvarying after that;
1110
1111* ``uuid``: a UUID generated every time this is retrieved (this can
1112  thus be used to generate UUIDs at will);
1113
1114* ``entropy_avail``: the pool's entropy count, in bits;
1115
1116* ``poolsize``: the entropy pool size, in bits;
1117
1118* ``urandom_min_reseed_secs``: obsolete (used to determine the minimum
1119  number of seconds between urandom pool reseeding). This file is
1120  writable for compatibility purposes, but writing to it has no effect
1121  on any RNG behavior;
1122
1123* ``write_wakeup_threshold``: when the entropy count drops below this
1124  (as a number of bits), processes waiting to write to ``/dev/random``
1125  are woken up. This file is writable for compatibility purposes, but
1126  writing to it has no effect on any RNG behavior.
1127
1128
1129randomize_va_space
1130==================
1131
1132This option can be used to select the type of process address
1133space randomization that is used in the system, for architectures
1134that support this feature.
1135
1136==  ===========================================================================
11370   Turn the process address space randomization off.  This is the
1138    default for architectures that do not support this feature anyways,
1139    and kernels that are booted with the "norandmaps" parameter.
1140
11411   Make the addresses of mmap base, stack and VDSO page randomized.
1142    This, among other things, implies that shared libraries will be
1143    loaded to random addresses.  Also for PIE-linked binaries, the
1144    location of code start is randomized.  This is the default if the
1145    ``CONFIG_COMPAT_BRK`` option is enabled.
1146
11472   Additionally enable heap randomization.  This is the default if
1148    ``CONFIG_COMPAT_BRK`` is disabled.
1149
1150    There are a few legacy applications out there (such as some ancient
1151    versions of libc.so.5 from 1996) that assume that brk area starts
1152    just after the end of the code+bss.  These applications break when
1153    start of the brk area is randomized.  There are however no known
1154    non-legacy applications that would be broken this way, so for most
1155    systems it is safe to choose full randomization.
1156
1157    Systems with ancient and/or broken binaries should be configured
1158    with ``CONFIG_COMPAT_BRK`` enabled, which excludes the heap from process
1159    address space randomization.
1160==  ===========================================================================
1161
1162
1163real-root-dev
1164=============
1165
1166See Documentation/admin-guide/initrd.rst.
1167
1168
1169reboot-cmd (SPARC only)
1170=======================
1171
1172??? This seems to be a way to give an argument to the Sparc
1173ROM/Flash boot loader. Maybe to tell it what to do after
1174rebooting. ???
1175
1176
1177sched_energy_aware
1178==================
1179
1180Enables/disables Energy Aware Scheduling (EAS). EAS starts
1181automatically on platforms where it can run (that is,
1182platforms with asymmetric CPU topologies and having an Energy
1183Model available). If your platform happens to meet the
1184requirements for EAS but you do not want to use it, change
1185this value to 0.
1186
1187task_delayacct
1188===============
1189
1190Enables/disables task delay accounting (see
1191Documentation/accounting/delay-accounting.rst. Enabling this feature incurs
1192a small amount of overhead in the scheduler but is useful for debugging
1193and performance tuning. It is required by some tools such as iotop.
1194
1195sched_schedstats
1196================
1197
1198Enables/disables scheduler statistics. Enabling this feature
1199incurs a small amount of overhead in the scheduler but is
1200useful for debugging and performance tuning.
1201
1202sched_util_clamp_min
1203====================
1204
1205Max allowed *minimum* utilization.
1206
1207Default value is 1024, which is the maximum possible value.
1208
1209It means that any requested uclamp.min value cannot be greater than
1210sched_util_clamp_min, i.e., it is restricted to the range
1211[0:sched_util_clamp_min].
1212
1213sched_util_clamp_max
1214====================
1215
1216Max allowed *maximum* utilization.
1217
1218Default value is 1024, which is the maximum possible value.
1219
1220It means that any requested uclamp.max value cannot be greater than
1221sched_util_clamp_max, i.e., it is restricted to the range
1222[0:sched_util_clamp_max].
1223
1224sched_util_clamp_min_rt_default
1225===============================
1226
1227By default Linux is tuned for performance. Which means that RT tasks always run
1228at the highest frequency and most capable (highest capacity) CPU (in
1229heterogeneous systems).
1230
1231Uclamp achieves this by setting the requested uclamp.min of all RT tasks to
12321024 by default, which effectively boosts the tasks to run at the highest
1233frequency and biases them to run on the biggest CPU.
1234
1235This knob allows admins to change the default behavior when uclamp is being
1236used. In battery powered devices particularly, running at the maximum
1237capacity and frequency will increase energy consumption and shorten the battery
1238life.
1239
1240This knob is only effective for RT tasks which the user hasn't modified their
1241requested uclamp.min value via sched_setattr() syscall.
1242
1243This knob will not escape the range constraint imposed by sched_util_clamp_min
1244defined above.
1245
1246For example if
1247
1248	sched_util_clamp_min_rt_default = 800
1249	sched_util_clamp_min = 600
1250
1251Then the boost will be clamped to 600 because 800 is outside of the permissible
1252range of [0:600]. This could happen for instance if a powersave mode will
1253restrict all boosts temporarily by modifying sched_util_clamp_min. As soon as
1254this restriction is lifted, the requested sched_util_clamp_min_rt_default
1255will take effect.
1256
1257seccomp
1258=======
1259
1260See Documentation/userspace-api/seccomp_filter.rst.
1261
1262
1263sg-big-buff
1264===========
1265
1266This file shows the size of the generic SCSI (sg) buffer.
1267You can't tune it just yet, but you could change it on
1268compile time by editing ``include/scsi/sg.h`` and changing
1269the value of ``SG_BIG_BUFF``.
1270
1271There shouldn't be any reason to change this value. If
1272you can come up with one, you probably know what you
1273are doing anyway :)
1274
1275
1276shmall
1277======
1278
1279This parameter sets the total amount of shared memory pages that
1280can be used system wide. Hence, ``shmall`` should always be at least
1281``ceil(shmmax/PAGE_SIZE)``.
1282
1283If you are not sure what the default ``PAGE_SIZE`` is on your Linux
1284system, you can run the following command::
1285
1286	# getconf PAGE_SIZE
1287
1288
1289shmmax
1290======
1291
1292This value can be used to query and set the run time limit
1293on the maximum shared memory segment size that can be created.
1294Shared memory segments up to 1Gb are now supported in the
1295kernel.  This value defaults to ``SHMMAX``.
1296
1297
1298shmmni
1299======
1300
1301This value determines the maximum number of shared memory segments.
13024096 by default (``SHMMNI``).
1303
1304
1305shm_rmid_forced
1306===============
1307
1308Linux lets you set resource limits, including how much memory one
1309process can consume, via ``setrlimit(2)``.  Unfortunately, shared memory
1310segments are allowed to exist without association with any process, and
1311thus might not be counted against any resource limits.  If enabled,
1312shared memory segments are automatically destroyed when their attach
1313count becomes zero after a detach or a process termination.  It will
1314also destroy segments that were created, but never attached to, on exit
1315from the process.  The only use left for ``IPC_RMID`` is to immediately
1316destroy an unattached segment.  Of course, this breaks the way things are
1317defined, so some applications might stop working.  Note that this
1318feature will do you no good unless you also configure your resource
1319limits (in particular, ``RLIMIT_AS`` and ``RLIMIT_NPROC``).  Most systems don't
1320need this.
1321
1322Note that if you change this from 0 to 1, already created segments
1323without users and with a dead originative process will be destroyed.
1324
1325
1326sysctl_writes_strict
1327====================
1328
1329Control how file position affects the behavior of updating sysctl values
1330via the ``/proc/sys`` interface:
1331
1332  ==   ======================================================================
1333  -1   Legacy per-write sysctl value handling, with no printk warnings.
1334       Each write syscall must fully contain the sysctl value to be
1335       written, and multiple writes on the same sysctl file descriptor
1336       will rewrite the sysctl value, regardless of file position.
1337   0   Same behavior as above, but warn about processes that perform writes
1338       to a sysctl file descriptor when the file position is not 0.
1339   1   (default) Respect file position when writing sysctl strings. Multiple
1340       writes will append to the sysctl value buffer. Anything past the max
1341       length of the sysctl value buffer will be ignored. Writes to numeric
1342       sysctl entries must always be at file position 0 and the value must
1343       be fully contained in the buffer sent in the write syscall.
1344  ==   ======================================================================
1345
1346
1347softlockup_all_cpu_backtrace
1348============================
1349
1350This value controls the soft lockup detector thread's behavior
1351when a soft lockup condition is detected as to whether or not
1352to gather further debug information. If enabled, each cpu will
1353be issued an NMI and instructed to capture stack trace.
1354
1355This feature is only applicable for architectures which support
1356NMI.
1357
1358= ============================================
13590 Do nothing. This is the default behavior.
13601 On detection capture more debug information.
1361= ============================================
1362
1363
1364softlockup_panic
1365=================
1366
1367This parameter can be used to control whether the kernel panics
1368when a soft lockup is detected.
1369
1370= ============================================
13710 Don't panic on soft lockup.
13721 Panic on soft lockup.
1373= ============================================
1374
1375This can also be set using the softlockup_panic kernel parameter.
1376
1377
1378soft_watchdog
1379=============
1380
1381This parameter can be used to control the soft lockup detector.
1382
1383= =================================
13840 Disable the soft lockup detector.
13851 Enable the soft lockup detector.
1386= =================================
1387
1388The soft lockup detector monitors CPUs for threads that are hogging the CPUs
1389without rescheduling voluntarily, and thus prevent the 'migration/N' threads
1390from running, causing the watchdog work fail to execute. The mechanism depends
1391on the CPUs ability to respond to timer interrupts which are needed for the
1392watchdog work to be queued by the watchdog timer function, otherwise the NMI
1393watchdog — if enabled — can detect a hard lockup condition.
1394
1395
1396split_lock_mitigate (x86 only)
1397==============================
1398
1399On x86, each "split lock" imposes a system-wide performance penalty. On larger
1400systems, large numbers of split locks from unprivileged users can result in
1401denials of service to well-behaved and potentially more important users.
1402
1403The kernel mitigates these bad users by detecting split locks and imposing
1404penalties: forcing them to wait and only allowing one core to execute split
1405locks at a time.
1406
1407These mitigations can make those bad applications unbearably slow. Setting
1408split_lock_mitigate=0 may restore some application performance, but will also
1409increase system exposure to denial of service attacks from split lock users.
1410
1411= ===================================================================
14120 Disable the mitigation mode - just warns the split lock on kernel log
1413  and exposes the system to denials of service from the split lockers.
14141 Enable the mitigation mode (this is the default) - penalizes the split
1415  lockers with intentional performance degradation.
1416= ===================================================================
1417
1418
1419stack_erasing
1420=============
1421
1422This parameter can be used to control kernel stack erasing at the end
1423of syscalls for kernels built with ``CONFIG_GCC_PLUGIN_STACKLEAK``.
1424
1425That erasing reduces the information which kernel stack leak bugs
1426can reveal and blocks some uninitialized stack variable attacks.
1427The tradeoff is the performance impact: on a single CPU system kernel
1428compilation sees a 1% slowdown, other systems and workloads may vary.
1429
1430= ====================================================================
14310 Kernel stack erasing is disabled, STACKLEAK_METRICS are not updated.
14321 Kernel stack erasing is enabled (default), it is performed before
1433  returning to the userspace at the end of syscalls.
1434= ====================================================================
1435
1436
1437stop-a (SPARC only)
1438===================
1439
1440Controls Stop-A:
1441
1442= ====================================
14430 Stop-A has no effect.
14441 Stop-A breaks to the PROM (default).
1445= ====================================
1446
1447Stop-A is always enabled on a panic, so that the user can return to
1448the boot PROM.
1449
1450
1451sysrq
1452=====
1453
1454See Documentation/admin-guide/sysrq.rst.
1455
1456
1457tainted
1458=======
1459
1460Non-zero if the kernel has been tainted. Numeric values, which can be
1461ORed together. The letters are seen in "Tainted" line of Oops reports.
1462
1463======  =====  ==============================================================
1464     1  `(P)`  proprietary module was loaded
1465     2  `(F)`  module was force loaded
1466     4  `(S)`  kernel running on an out of specification system
1467     8  `(R)`  module was force unloaded
1468    16  `(M)`  processor reported a Machine Check Exception (MCE)
1469    32  `(B)`  bad page referenced or some unexpected page flags
1470    64  `(U)`  taint requested by userspace application
1471   128  `(D)`  kernel died recently, i.e. there was an OOPS or BUG
1472   256  `(A)`  an ACPI table was overridden by user
1473   512  `(W)`  kernel issued warning
1474  1024  `(C)`  staging driver was loaded
1475  2048  `(I)`  workaround for bug in platform firmware applied
1476  4096  `(O)`  externally-built ("out-of-tree") module was loaded
1477  8192  `(E)`  unsigned module was loaded
1478 16384  `(L)`  soft lockup occurred
1479 32768  `(K)`  kernel has been live patched
1480 65536  `(X)`  Auxiliary taint, defined and used by for distros
1481131072  `(T)`  The kernel was built with the struct randomization plugin
1482======  =====  ==============================================================
1483
1484See Documentation/admin-guide/tainted-kernels.rst for more information.
1485
1486Note:
1487  writes to this sysctl interface will fail with ``EINVAL`` if the kernel is
1488  booted with the command line option ``panic_on_taint=<bitmask>,nousertaint``
1489  and any of the ORed together values being written to ``tainted`` match with
1490  the bitmask declared on panic_on_taint.
1491  See Documentation/admin-guide/kernel-parameters.rst for more details on
1492  that particular kernel command line option and its optional
1493  ``nousertaint`` switch.
1494
1495threads-max
1496===========
1497
1498This value controls the maximum number of threads that can be created
1499using ``fork()``.
1500
1501During initialization the kernel sets this value such that even if the
1502maximum number of threads is created, the thread structures occupy only
1503a part (1/8th) of the available RAM pages.
1504
1505The minimum value that can be written to ``threads-max`` is 1.
1506
1507The maximum value that can be written to ``threads-max`` is given by the
1508constant ``FUTEX_TID_MASK`` (0x3fffffff).
1509
1510If a value outside of this range is written to ``threads-max`` an
1511``EINVAL`` error occurs.
1512
1513
1514traceoff_on_warning
1515===================
1516
1517When set, disables tracing (see Documentation/trace/ftrace.rst) when a
1518``WARN()`` is hit.
1519
1520
1521tracepoint_printk
1522=================
1523
1524When tracepoints are sent to printk() (enabled by the ``tp_printk``
1525boot parameter), this entry provides runtime control::
1526
1527    echo 0 > /proc/sys/kernel/tracepoint_printk
1528
1529will stop tracepoints from being sent to printk(), and::
1530
1531    echo 1 > /proc/sys/kernel/tracepoint_printk
1532
1533will send them to printk() again.
1534
1535This only works if the kernel was booted with ``tp_printk`` enabled.
1536
1537See Documentation/admin-guide/kernel-parameters.rst and
1538Documentation/trace/boottime-trace.rst.
1539
1540
1541.. _unaligned-dump-stack:
1542
1543unaligned-dump-stack (ia64)
1544===========================
1545
1546When logging unaligned accesses, controls whether the stack is
1547dumped.
1548
1549= ===================================================
15500 Do not dump the stack. This is the default setting.
15511 Dump the stack.
1552= ===================================================
1553
1554See also `ignore-unaligned-usertrap`_.
1555
1556
1557unaligned-trap
1558==============
1559
1560On architectures where unaligned accesses cause traps, and where this
1561feature is supported (``CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW``; currently,
1562``arc``, ``parisc`` and ``loongarch``), controls whether unaligned traps
1563are caught and emulated (instead of failing).
1564
1565= ========================================================
15660 Do not emulate unaligned accesses.
15671 Emulate unaligned accesses. This is the default setting.
1568= ========================================================
1569
1570See also `ignore-unaligned-usertrap`_.
1571
1572
1573unknown_nmi_panic
1574=================
1575
1576The value in this file affects behavior of handling NMI. When the
1577value is non-zero, unknown NMI is trapped and then panic occurs. At
1578that time, kernel debugging information is displayed on console.
1579
1580NMI switch that most IA32 servers have fires unknown NMI up, for
1581example.  If a system hangs up, try pressing the NMI switch.
1582
1583
1584unprivileged_bpf_disabled
1585=========================
1586
1587Writing 1 to this entry will disable unprivileged calls to ``bpf()``;
1588once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` or ``CAP_BPF``
1589will return ``-EPERM``. Once set to 1, this can't be cleared from the
1590running kernel anymore.
1591
1592Writing 2 to this entry will also disable unprivileged calls to ``bpf()``,
1593however, an admin can still change this setting later on, if needed, by
1594writing 0 or 1 to this entry.
1595
1596If ``BPF_UNPRIV_DEFAULT_OFF`` is enabled in the kernel config, then this
1597entry will default to 2 instead of 0.
1598
1599= =============================================================
16000 Unprivileged calls to ``bpf()`` are enabled
16011 Unprivileged calls to ``bpf()`` are disabled without recovery
16022 Unprivileged calls to ``bpf()`` are disabled
1603= =============================================================
1604
1605
1606warn_limit
1607==========
1608
1609Number of kernel warnings after which the kernel should panic when
1610``panic_on_warn`` is not set. Setting this to 0 disables checking
1611the warning count. Setting this to 1 has the same effect as setting
1612``panic_on_warn=1``. The default value is 0.
1613
1614
1615watchdog
1616========
1617
1618This parameter can be used to disable or enable the soft lockup detector
1619*and* the NMI watchdog (i.e. the hard lockup detector) at the same time.
1620
1621= ==============================
16220 Disable both lockup detectors.
16231 Enable both lockup detectors.
1624= ==============================
1625
1626The soft lockup detector and the NMI watchdog can also be disabled or
1627enabled individually, using the ``soft_watchdog`` and ``nmi_watchdog``
1628parameters.
1629If the ``watchdog`` parameter is read, for example by executing::
1630
1631   cat /proc/sys/kernel/watchdog
1632
1633the output of this command (0 or 1) shows the logical OR of
1634``soft_watchdog`` and ``nmi_watchdog``.
1635
1636
1637watchdog_cpumask
1638================
1639
1640This value can be used to control on which cpus the watchdog may run.
1641The default cpumask is all possible cores, but if ``NO_HZ_FULL`` is
1642enabled in the kernel config, and cores are specified with the
1643``nohz_full=`` boot argument, those cores are excluded by default.
1644Offline cores can be included in this mask, and if the core is later
1645brought online, the watchdog will be started based on the mask value.
1646
1647Typically this value would only be touched in the ``nohz_full`` case
1648to re-enable cores that by default were not running the watchdog,
1649if a kernel lockup was suspected on those cores.
1650
1651The argument value is the standard cpulist format for cpumasks,
1652so for example to enable the watchdog on cores 0, 2, 3, and 4 you
1653might say::
1654
1655  echo 0,2-4 > /proc/sys/kernel/watchdog_cpumask
1656
1657
1658watchdog_thresh
1659===============
1660
1661This value can be used to control the frequency of hrtimer and NMI
1662events and the soft and hard lockup thresholds. The default threshold
1663is 10 seconds.
1664
1665The softlockup threshold is (``2 * watchdog_thresh``). Setting this
1666tunable to zero will disable lockup detection altogether.
1667