Chapter 4. Important changes to external kernel parameters

[X86] Control the behavior of the microcode loader.

Options:

[NVME] Provide a list of quirk entries to augment the built-in NVMe quirk list.

Format: nvme.quirks=<VendorID>:<ProductID>:<quirk_names>-…​

The vendor ID and product ID are 4-digit hexadecimal numbers. The quirk_names field is a comma-separated list of quirk names. You can prefix a quirk name with ^ to disable that quirk explicitly.

Example: nvme.quirks=7710:2267:bogus_nid,^identify_cns-9900:7711:broken_msi

[KNL] Set the nominal wait interval for normal conditional grace periods, in microseconds. The kernel randomly selects the actual wait interval up to this value with nanosecond granularity.

This parameter controls the wait interval for conditional grace periods that you specify through the rcutorture.gp_cond and rcutorture.gp_cond_full module parameters.

Defaults to 16 jiffies; for example, 16,000 microseconds on a system with HZ=1000.

[KNL] Set the nominal wait interval for expedited conditional grace periods, in microseconds. The kernel randomly selects the actual wait interval up to this value with nanosecond granularity.

This parameter controls the wait interval for expedited conditional grace periods that you specify through the rcutorture.gp_cond_exp and rcutorture.gp_cond_exp_full module parameters.

Defaults to 128 microseconds.

[KNL] Set the nominal wait interval for normal conditional grace periods when using polled update-side primitives, in microseconds. The kernel randomly selects the actual wait interval up to this value with nanosecond granularity.

This parameter controls the wait interval for conditional grace periods that you specify through the rcutorture.gp_poll and rcutorture.gp_poll_full module parameters.

Defaults to 16 jiffies; for example, 16,000 microseconds on a system with HZ=1000.

[KNL] Set the nominal wait interval for expedited conditional grace periods when using polled update-side primitives, in microseconds. The kernel randomly selects the actual wait interval up to this value with nanosecond granularity.

This parameter controls the wait interval for expedited conditional grace periods that you specify through the rcutorture.gp_poll_exp and rcutorture.gp_poll_exp_full module parameters.

Defaults to 128 microseconds.

[KNL] Enable grace-period wrap lag testing in rcutorture. Set this parameter to false to prevent the gpwrap lag test from running.

The default value is true.

[KNL] Set the number of grace periods to tolerate between the per-CPU RCU data structure (rdp) and the RCU node (rnp) gp_seq values before setting the overflow flag during active wrap-lag testing.

The default value is 8.

[KNL] Set the total cycle duration for gpwrap lag testing, in minutes. The cycle includes both active and inactive testing periods.

The default value is 30 minutes.

[KNL] Set the duration, in minutes, during which gpwrap lag is active in each testing cycle. During the active period, the grace-period wrap lag is controlled by the value of rcutorture.gpwrap_lag_gps.

The default value is 5 minutes.

[KNL] Set the duration, in milliseconds, of preemptions by a high-priority FIFO real-time task.

Set this parameter to 0 (the default) to disable the preemption test. The kernel selects CPUs to preempt randomly from the set of CPUs that are online at that moment. Races with CPUs going offline are ignored; in such cases, that preemption attempt is skipped.

[KNL] Set the interval, in milliseconds, between preemptions by a high-priority FIFO real-time task. The interval defaults to 1 second.

This delay is driven by an hrtimer and is fuzzed to avoid unintended synchronizations between preemptions.

[KNL] Set a bit mask that indicates which RCU readers to use in rcutorture.

If more than one bit is set, rcutorture enters readers in order from the lowest-order bit to the highest-order bit and exits readers in the reverse order. For SRCU, the bits have the following meanings:

[KNL] Set the holdoff time, in seconds, from the start of a rcutorture test to the start of RCU priority-boost testing.

The default value is 0, which disables any holdoff period.

[X86] Control mitigation for transient scheduler attacks on AMD CPUs.

For additional technical background, search for the document titled "Technical guidance for mitigating transient scheduler attacks".

Values:

[X86] Control mitigation for VMscape attacks.

VMscape attacks can leak information from a userspace hypervisor to a guest through speculative side-channel techniques.

Values:

[X86, PPC, S390, ARM64, EARLY] Control optional mitigations for CPU vulnerabilities through curated, architecture-independent options.

The off option now also disables the vmscape mitigation on x86:

The off setting is equivalent to the following per-architecture options, if supported:

On x86, after you specify one of the main mitigation modes (such as off, auto, or auto,nosmt), you can additionally use attack-vector based controls as described in Documentation/admin-guide/hw-vuln/attack_vector_controls.rst.

[KNL] Reduce the latency of synchronize_rcu() calls by maintaining an independent list of callers. This mechanism does not interact with regular RCU callbacks because it does not rely on the call_rcu() or call_rcu_hurry() paths and applies to normal grace periods only.

You can enable the behavior by writing 1 to /sys/module/rcutree/parameters/rcu_normal_wake_from_gp or by passing rcutree.rcu_normal_wake_from_gp=1 on the kernel command line.

By default, this behavior is now enabled when num_possible_cpus() ⇐ 16, unless you explicitly disable it by passing rcutree.rcu_normal_wake_from_gp=0 on the kernel command line.

[KNL] Use conditional or asynchronous update-side normal-grace-period primitives, if available.

Previously, this option was documented as using conditional or asynchronous update-side primitives without explicitly clarifying that they apply to normal grace periods.

Enable waived items in RHEL.

Some specific features or security mitigations can be waived, that is, toggled on or off on demand, in RHEL. However, you should use waivers cautiously, because waiving a mitigation or feature can render a system insecure or even out of scope for support.

Format: <item-1>,<item-2>,…​,<item-n>

Use the rh_waived parameter to enable all waived items that are listed in Documentation/admin-guide/rh-waived-features.rst.

[X86] This dedicated parameter for controlling microcode minimal revision enforcement has been removed.

You can now use the microcode= parameter with the force_minrev option to enable or disable minimal revision enforcement for the runtime microcode loader.

The core dump facility now supports sorting virtual memory areas (VMAs) by size in the generated core file.

By default, the kernel writes VMAs in address order. When you set core_sort_vma to 1, the kernel writes VMAs from the smallest size to the largest size. This behavior is known to break at least elfutils, but it can be useful when you work with very large or truncated core dumps where the most useful debugging information resides in smaller VMAs.

Control how AF_VSOCK sockets in a network namespace participate in CID allocation and cross-namespace communication.

This setting is read-only. It reports the current namespace’s mode, which is determined when the namespace is created and cannot be changed afterwards.

Values:

The init_net namespace always operates in the global mode.

Control the default ns_mode value for newly created child network namespaces that use AF_VSOCK.

At namespace creation, the kernel initializes ns_mode in the child namespace from the parent namespace’s child_ns_mode. Initially, a namespace’s child_ns_mode matches its own ns_mode.

Values:

The first write to child_ns_mode locks its value. Later writes that set the same value succeed, but writes that attempt to change the value return -EBUSY.

Changing child_ns_mode affects only namespaces that the kernel creates after the change. Existing namespaces and their children are not modified.

If a namespace runs with ns_mode=local, it cannot change child_ns_mode to global. Attempts to do so fail with -EPERM.

The core_pattern parameter now supports the %F specifier to record the pidfd number in core file names.

The following additional format specifier is available: