Chapter 3. Important Changes to External Kernel Parameters

This parameter provides a list of quirk entries to augment the built-in usb core quirk list.

The entries are separated by commas. Each entry has the form VendorID:ProductID:Flags.

The IDs are 4-digit hex numbers and Flags is a set of letters. Each letter will change the built-in quirk; setting it if it is clear and clearing it if it is set. The letters have the following meanings:

Disables Hardware Transactional Memory.

Format: {"off"}

Passes options to the cgroup memory controller.

Format: <string>

nokmem — This option disables kernel memory accounting.

Controls mitigation for the Micro-architectural Data Sampling (MDS) vulnerability.

Certain CPUs are vulnerable to an exploit against CPU internal buffers which can forward information to a disclosure gadget under certain conditions.

In vulnerable processors, the speculatively forwarded data can be used in a cache side channel attack, to access data to which the attacker does not have direct access.

The options are:

Controls optional mitigations for CPU vulnerabilities. This is a set of curated, arch-independent options, each of which is an aggregation of existing arch-specific options.

The options are:

Sets the hard lockup detector stall duration threshold in seconds.

The soft lockup detector threshold is set to twice the value.

A value of 0 disables both lockup detectors. Default is 10 seconds.

Disables device dump. The device dump allows drivers to append dump data to vmcore so you can collect driver specified debug info.

Drivers can append the data without any limit and this data is stored in memory, so this may cause significant memory stress.

Disabling device dump can help save memory but the driver debug data will be no longer available.

This parameter is only available when CONFIG_PROC_VMCORE_DEVICE_DUMP is set.

Specifies alignment and device to reassign aligned memory resources.

Format:

Sets the default irq affinity mask.

Format:

If Berkeley Packet Filter Just in Time compiler is enabled, the compiled images are unknown addresses to the kernel. It means they neither show up in traces nor in the /proc/kallsyms file. This enables export of these addresses, which can be used for debugging/tracing. If the bpf_jit_harden parameter is enabled, this feature is disabled.

Possible values are:

0 – Disable Just in Time (JIT) kallsyms export (default value).

1 – Enable Just in Time (JIT) kallsyms export for privileged users only.

Dentries are dynamically allocated and deallocated.

From linux/include/linux/dcache.h:

struct dentry_stat_t dentry_stat {
        int nr_dentry;
        int nr_unused;
        int age_limit;         (age in seconds)
        int want_pages;        (pages requested by system)
        int nr_negative;       (# of unused negative dentries)
        int dummy;             (Reserved for future use)
};

struct dentry_stat_t dentry_stat {
        int nr_dentry;
        int nr_unused;
        int age_limit;         (age in seconds)
        int want_pages;        (pages requested by system)
        int nr_negative;       (# of unused negative dentries)
        int dummy;             (Reserved for future use)
};

The nr_dentry number shows the total number of dentries allocated (active + unused).

The nr_unused number shows the number of dentries that are not actively used, but are saved in the least recently used (LRU) list for future reuse.

The age_limit number is the age in seconds after which dcache entries can be reclaimed when memory is short and the want_pages number is nonzero when the shrink_dcache_pages() function has been called and the dcache is not pruned yet.

The nr_negative number shows the number of unused dentries that are also negative dentries which do not map to any files. Instead, they help speeding up rejection of non-existing files provided by the users.