Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 5. Important changes to external kernel parameters

This chapter provides system administrators with a summary of significant changes in the kernel distributed with Red Hat Enterprise Linux 9.8. These changes could include, for example, added or updated proc entries, sysctl, and sysfs default values, boot parameters, kernel configuration options, or any noticeable behavior changes.

New kernel parameters

arm64.nompam=

[ARM64]

Disable Memory Partitioning and Monitoring (MPAM) support on systems that support MPAM but do not enable it in firmware.

cgroup_v1_proc=

[KNL]

Show missing controllers in /proc/cgroups.

Format: { "true" | "false" }

By default, /proc/cgroups lists only cgroup v1 controllers. This compatibility option also lists v2 controllers (whose v1 code is not compiled) so that semi-legacy software can use this file to decide whether to use v2 controllers.

initramfs_options=

[KNL]

Specify mount options for the initramfs mount.

nvme.quirks=

[NVME]

Extend the built-in NVMe quirk list.

Format: VendorID:ProductID:quirk_names[-VendorID:ProductID:quirk_names…​]

The IDs are 4-digit hexadecimal numbers. The quirk_names field is a comma-separated list of quirk names. Prefix a quirk name with ^ to disable the specified quirk.

For example:

nvme.quirks=7710:2267:bogus_nid,^identify_cns-9900:7711:broken_msi

rh_waived=

[KNL]

Control waived items in Red Hat Enterprise Linux.

Some features or security mitigations can be waived and toggled on or off on demand. Waive these items only when necessary, because this can make the system insecure or out of support scope.

Format: <item-1>,<item-2>…​<item-n>

Use rh_waived to enable all waived features that Documentation/admin-guide/rh-waived-features.rst lists.

vmscape=

[X86]

Control mitigation for VMscape attacks.

VMscape attacks can leak information from a user space hypervisor to a guest by using speculative side channels.

Possible values:

off
Disable the mitigation.
ibpb
Use the Indirect Branch Prediction Barrier (IBPB) mitigation (default).
force
Force vulnerability detection even on processors that are not otherwise affected.

Changed kernel parameters

microcode=

[X86]

Control the behavior of the microcode loader.

You can specify the following options as a comma-separated list:

base_rev=X
Set the base microcode revision of each thread in debug mode, where <X> is a 32-bit unsigned integer.
dis_ucode_ldr
Disable the microcode loader.
force_minrev
Control minimal microcode revision enforcement for the runtime microcode loader.

mitigations=

[X86,PPC,S390,ARM64]

Control optional mitigations for CPU vulnerabilities.

This kernel parameter is a set of curated, architecture-independent options. Each option aggregates architecture-specific parameters.

Note

The mitigations parameter is available only if the kernel is built with CPU_MITIGATIONS=y.

Possible values:

off

Disable all optional CPU mitigations. This setting can improve system performance but can expose users to several CPU vulnerabilities. This setting is equivalent to the following:

If nokaslr is set:

  • kpti=0 on ARM64

The following settings always apply:

  • gather_data_sampling=off on x86
  • indirect_target_selection=off on x86
  • kvm.nx_huge_pages=off on x86
  • l1tf=off on x86
  • mds=off on x86
  • mmio_stale_data=off on x86
  • no_entry_flush on PowerPC
  • no_uaccess_flush on PowerPC
  • nobp=0 on IBM Z
  • nopti on x86 and PowerPC
  • nospectre_bhb on ARM64
  • nospectre_v1 on x86 and PowerPC
  • nospectre_v2 on x86, PowerPC, IBM Z, and ARM64
  • reg_file_data_sampling=off on x86
  • retbleed=off on x86
  • spec_rstack_overflow=off on x86
  • spec_store_bypass_disable=off on x86 and PowerPC
  • spectre_bhi=off on x86
  • spectre_v2_user=off on x86
  • srbds=off on x86 and Intel
  • ssbd=force-off on ARM64
  • tsx_async_abort=off on x86
  • vmscape=off on x86
Exceptions
This setting does not affect kvm.nx_huge_pages when kvm.nx_huge_pages=force.
auto (default)
Mitigate all CPU vulnerabilities and keep simultaneous multithreading (SMT) enabled, even if it is vulnerable. Use this option if you do not want SMT to be disabled across kernel updates or you rely on other methods to avoid attacks that target SMT. This setting is the default behavior.
auto,nosmt

Mitigate all CPU vulnerabilities and disable SMT if needed. Use this option if you always want full mitigation, even if this requires disabling SMT. On x86, this setting is equivalent to the following:

  • l1tf=flush,nosmt
  • mds=full,nosmt
  • tsx_async_abort=full,nosmt
  • mmio_stale_data=full,nosmt
  • retbleed=auto,nosmt

On x86, after you specify one of the preceding options, you can also use attack-vector-based controls as described in Documentation/admin-guide/hw-vuln/attack_vector_controls.rst.

Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Legal Notice

Theme

© 2026 Red HatNach oben