Chapter 5. Important changes to external kernel parameters


This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 8.8. These changes could include for example added or updated proc entries, sysctl, and sysfs default values, boot parameters, kernel configuration options, or any noticeable behavior changes.

New kernel parameters

nomodeset

With this kernel parameter, you can disable kernel mode setting. DRM drivers will not perform display-mode changes or accelerated rendering. Only the system frame buffer will be available for use if this was set-up by the firmware or boot loader.

nomodeset is useful as fallback, or for testing and debugging.

sev=option[,option…​] [X86-64]
For more information, see Documentation/x86/x86_64/boot-options.rst.
amd_pstate=[X86]
  • disable: Do not enable amd_pstate as the default scaling driver for the supported processors.
  • passive: Use amd_pstate as a scaling driver. The driver requests a desired performance on this abstract scale and the power management firmware translates the requests into actual hardware states, such as core frequency, data fabric and memory clocks and so on.
retbleed=ibpb,nosmt
This parameter is similar to ibpb and is an alternative for systems which do not have STIBP. With this parameter you can disable SMT when STIBP is not available.

Updated kernel parameters

amd_iommu=[HW,X86-64]

With this kernel parameter, you can pass parameters to the AMD IOMMU driver in the system. Possible values are:

  • fullflush: Deprecated, equivalent to iommu.strict=1.
  • off: do not initialize any AMD IOMMU found in the system.
  • force_isolation: Force device isolation for all devices. The IOMMU driver is not allowed anymore to lift isolation requirements as needed.

    • This option does not override iommu=pt.
  • force_enable: Force enable the IOMMU on platforms known to be buggy with IOMMU enabled.

    • Use this option with care.
crashkernel=size[KMG][@offset[KMG]]

[KNL] Using kexec, Linux can switch to a crash kernel upon panic. This parameter reserves the physical memory region [offset, offset + size] for that kernel image. If @offset is omitted, then a suitable offset is selected automatically.

[KNL, X86-64, ARM64] Select a region under 4G first, and fall back to reserve region above 4G when @offset has not been specified.

For more details, see Documentation/admin-guide/kdump/kdump.rst.

crashkernel=size[KMG],low
  • [KNL, X86-64, ARM64] With this parameter, you can specify low range under 4G for the second kernel. When crashkernel=X,high is passed, that require some amount of low memory, for example swiotlb requires at least 64M+32K low memory, also enough extra low memory is needed to make sure DMA buffers for 32-bit devices will not run out. Kernel would try to allocate default size of memory below 4G automatically. The default size is platform dependent.

    • x86: max(swiotlb_size_or_default() + 8MiB, 256MiB)
    • arm64: 128MiB

      0: to disable low allocation.

      This parameter will be ignored when crashkernel=X,high is not used or memory reserved is below 4G.

  • [KNL, ARM64] With this parameter, you can specify a low range in the DMA zone for the crash dump kernel.

    This paramete will be ignored when crashkernel=X,high is not used.

intel_iommu=[DMAR]

The kernel parameter for setting the Intel IOMMU driver (DMAR) option.

  • on: Enable intel iommu driver.
  • off: Disable intel iommu driver.
  • igfx_off [Default Off]: By default, gfx is mapped as normal device. If a gfx device has a dedicated DMAR unit, the DMAR unit is bypassed by not enabling DMAR with this option. In this case, the gfx device will use physical address for DMA.
  • strict [Default Off]: Deprecated, equivalent to iommu.strict=1.
  • sp_off [Default Off]: By default, super page will be supported if Intel IOMMU has the capability. With this option, super page will not be supported.
  • sm_on [Default Off]: By default, scalable mode will be disabled even if the hardware advertises that it has support for the scalable mode translation. With this option set, scalable mode will be used on hardware which claims to support it.
  • tboot_noforce [Default Off]: Do not force the Intel IOMMU enabled under tboot. By default, tboot will force Intel IOMMU on, which could harm performance of some high-throughput devices like 40GBit network cards, even if identity mapping is enabled.

    Note

    Using this option lowers the security provided by tboot because it makes the system vulnerable to DMA attacks.

iommu.strict=[ARM64,X86]

With this kernel parameter, you can configure TLB invalidation behavior.

Format: { "0" | "1" }

  • 0 - Lazy mode. Request that DMA unmap operations use deferred invalidation of hardware TLBs, for increased throughput at the cost of reduced device isolation. Will fall back to strict mode if not supported by the relevant IOMMU driver.
  • 1 - Strict mode. DMA unmap operations invalidate IOMMU hardware TLBs synchronously.
  • unset - Use value of CONFIG_IOMMU_DEFAULT_DMA_{LAZY,STRICT}.

    Note

    On x86, strict mode specified via one of the legacy driver-specific options takes precedence.

mem_encrypt=[X86-64]

The kernel parameter for setting the AMD Secure Memory Encryption (SME) control.

Valid arguments: on, off

Default depends on the kernel configuration option:

  • on (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y)
  • off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n)
  • mem_encrypt=on: Activate SME
  • mem_encrypt=off: Do not activate SME

    Refer to Documentation/virt/kvm/x86/amd-memory-encryption.rst for details on when memory encryption can be activated.

retbleed=[X86]

With this kernel parameter, you can control mitigation of RETBleed (Arbitrary Speculative Code Execution with Return Instructions) vulnerability.

AMD-based UNRET and IBPB mitigations alone do not stop sibling threads from influencing the predictions of other sibling threads. For that reason, STIBP is used on processors that support it, and mitigate SMT on processors that do not.

  • off - no mitigation
  • auto - automatically select a migitation
  • auto,nosmt - automatically select a mitigation, disabling SMT if necessary for the full mitigation (only on Zen1 and older without STIBP).
  • ibpb - On AMD, mitigate short speculation windows on basic block boundaries too. Safe, highest performance impact. It also enables STIBP if present. Not suitable on Intel.
  • unret - Force enable untrained return thunks, only effective on AMD f15h-f17h based systems.
  • unret,nosmt - Like unret, but will disable SMT when STIBP is not available. This is the alternative for systems which do not have STIBP.
swiotlb=[ARM,IA-64,PPC,MIPS,X86]

With this kernel parameter, you can configure the behavior of I/O TLB slabs.

Format: { <int> [,<int>] | force | noforce }

  • <int> - Number of I/O TLB slabs
  • <int> - Second integer after comma. Number of swiotlb areas with their own lock. Must be power of 2.
  • force - force using of bounce buffers even if they would not be automatically used by the kernel
  • noforce - Never use bounce buffers (for debugging)

New sysctl parameters

page_lock_unfairness
This value determines the number of times that the page lock can be stolen from under a waiter. After the lock is stolen the number of times specified in this file (the default is 5), the fair lock handoff semantics will apply, and the waiter will only be awakened if the lock can be taken.
rps_default_mask
The default RPS CPU mask used on newly created network devices. An empty mask means RPS disabled by default.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.