Este conteúdo não está disponível no idioma selecionado.
Chapter 5. Important changes to external kernel parameters
This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 8.6. These changes could include for example added or updated proc
entries, sysctl
, and sysfs
default values, boot parameters, kernel configuration options, or any noticeable behavior changes.
New kernel parameters
- fw_devlink.strict = [KNL]
Format: <bool>
With this parameter you can treat all inferred dependencies as mandatory dependencies. This setting only applies if
fw_devlink=on|rpm
.- no_hash_pointers
-
With this parameter you can force pointers that are printed to the console or buffers to be unhashed. By default, when a pointer is printed using the
%p
format string that pointer’s value is obscured by hashing. This is a security feature that hides actual kernel addresses from unprivileged users. However, it also makes debugging the kernel more difficult since you cannot compare unequal pointers. If this command-line parameter is specified, then all normal pointers will have their true value printed. Pointers that are printed using the%pK
format string can still be hashed. Specifyno_hash_pointers
only when debugging the kernel and do not use it in production. - no_entry_flush = [PPC]
- With this parameter it is possible to avoid flushing the L1-D cache when entering the kernel.
- no_uaccess_flush = [PPC]
- With this parameter it is possible to avoid flushing the L1-D cache after accessing user data.
- rcutorture.nocbs_nthreads = [KNL]
With this parameter you can set the number of Read-copy-update (RCU) callback-offload togglers.
The default value is 0 (zero) and it disables toggling.
- rcutorture.nocbs_toggle = [KNL]
- With this parameter you can set the delay in milliseconds between successive callback-offload toggling attempts.
- refscale.verbose_batched = [KNL]
With this parameter you can batch the additional
printk()
statements.You can print everything, by specifying zero (the default) or a negative value. Otherwise, print every Nth verbose statement, where N is the value specified.
- strict_sas_size = [X86]
Format: <bool>
With this parameter you can enable or disable strict
sigaltstack
size checks against the required signal frame size which depends on the supported floating-point unit (FPU) features. You can use this parameter to filter out binaries, which have not yet been made aware of theAT_MINSIGSTKSZ
auxiliary vector.- torture.verbose_sleep_frequency = [KNL]
This parameter specifies how many verbose
printk()
statements should be emitted between each sleep.The default value of 0 (zero) disables the verbose-printk() sleeping.
- torture.verbose_sleep_duration = [KNL]
- This parameter specifies the duration of each verbose-printk() sleep in jiffies.
- tsc_early_khz = [X86]
Format: <unsigned int>
This parameter enables to skip the early Time Stamp Counter (TSC) calibration and use the given value instead. The parameter proves useful when the early TSC frequency discovery procedure is not reliable. Such as on overclocked systems with CPUID.16h support and partial CPUID.15h support.
Updated kernel parameters
- amd_iommu = [HW,X86-64]
You can pass parameters to the AMD IOMMU driver in the system.
Possible values are:
-
fullflush
- Enable flushing of IO/TLB entries when they are unmapped. Otherwise they are flushed before they will be reused, which is a lot of faster. -
off
- Do not initialize any AMD IOMMU found in the system. -
force_isolation
- Force device isolation for all devices. The IOMMU driver is not allowed anymore to lift isolation requirements as needed. This option does not overrideiommu=pt
. -
force_enable
- Force enable the IOMMU on platforms known to be buggy with IOMMU enabled. Use this option with care.
-
- acpi.debug_level = [HW,ACPI,ACPI_DEBUG]
Format: <int>
CONFIG_ACPI_DEBUG
must be enabled to produce any Advanced Configuration and Power Interface (ACPI) debug output. Bits indebug_layer
correspond to a_COMPONENT
in an ACPI source file. For example#define _COMPONENT ACPI_EVENTS
Bits in debug_level correspond to a level inACPI_DEBUG_PRINT
statements. For exampleACPI_DEBUG_PRINT((ACPI_DB_INFO, …
The debug_level mask defaults to "info". See
Documentation/acpi/debug.txt
for more information about debug layers and levels.Enable processor driver info messages:
acpi.debug_layer=0x20000000
Enable AML "Debug" output, for example, stores to the Debug object while interpreting AML:
acpi.debug_layer=0xffffffff
,acpi.debug_level=0x2
Enable all messages related to ACPI hardware:acpi.debug_layer=0x2
,acpi.debug_level=0xffffffff
Some values produce so much output that the system is unusable. The
log_buf_len
parameter is useful if you need to capture more output.- acpi_mask_gpe = [HW,ACPI]
Format: <byte> or <bitmap-list>
Due to the existence of
_Lxx/_Exx
, some general purpose events (GPEs) triggered by unsupported hardware or firmware features can result in GPE floodings that cannot be automatically disabled by the GPE dispatcher. You can use this facility to prevent such uncontrolled GPE floodings.- cgroup_disable = [KNL]
Format: <name of the controller(s) or feature(s) to disable>
With this parameter you can disable a particular controller or optional feature.
The effects of
cgroup_disable = <controller/feature>
are:-
controller/feature
is not auto-mounted if you mount allcgroups
in a single hierarchy -
controller/feature
is not visible as an individually mountable subsystem if
controller/feature
is an optional feature then the feature is disabled and correspondingcgroups
files are not createdCurrently only memory controller deals with this and cut the overhead, others just disable the usage. So only
cgroup_disable=memory
is actually worthy.Specifying "pressure" disables per-cgroup pressure stall information accounting feature.
-
- clearcpuid = BITNUM[,BITNUM…] [X86]
-
With this parameter you can disable CPUID feature X for the kernel. See
arch/x86/include/asm/cpufeatures.h
for the valid bit numbers. Linux specific bits are not necessarily stable over kernel options, but the vendor specific ones should be. User programs calling CPUID directly or using the feature without checking anything will still see it. This just prevents it from being used by the kernel or shown in/proc/cpuinfo
. Also note the kernel could malfunction if you disable some critical bits. - iommu.strict = [ARM64, X86]
Format: <"0" | "1">
With this parameter you can configure translation look-aside buffer (TLB) invalidation behavior.
Possible values are:
- 0 - lazy mode, requests that use of Direct Memory Access (DMA) unmap operations is deferred
1 - strict mode (default), DMA unmap operations invalidate IOMMU hardware TLBs synchronously.
On AMD64 and Intel 64, the default behavior depends on the equivalent driver-specific parameters. However, a strict mode explicitly specified by either method takes precedence.
- rcutree.use_softirq = [KNL]
If this parameter is set to zero, it moves all
RCU_SOFTIRQ
processing to per-CPU rcuc kthreads. The default is a non-zero value. It means thatRCU_SOFTIRQ
is used by default.Specify
rcutree.use_softirq = 0
to use rcuc kthreads. But note thatCONFIG_PREEMPT_RT=y
kernels disable this kernel boot parameter (forcibly setting it to zero).- rcupdate.rcu_normal_after_boot = [KNL]
This parameter enables to use only normal grace-period primitives once boot has completed. That is after the
rcu_end_inkernel_boot()
call has been invoked. There is no effect onCONFIG_TINY_RCU
kernels.The kernels with the
CONFIG_PREEMPT_RT=y
setting, enable this kernel boot parameter and forcibly they set it to the value one. That is, converting any post-boot attempt at an expedited Read-copy-update (RCU) grace period to instead use normal non-expedited grace-period processing.- spectre_v2 = [X86]
With this parameter you can control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability.
The default operation protects the kernel from user space attacks.
Possible values are:
-
on - unconditionally enable, implies
spectre_v2_user=on
-
off - unconditionally disable, implies
spectre_v2_user=off
auto - the kernel detects whether your CPU model is vulnerable
Selecting 'on' will, and 'auto' may, choose a mitigation method at run time according to the CPU. The available microcode, the setting of the
CONFIG_RETPOLINE
configuration option, and the compiler with which the kernel was built.Selecting 'on' will also enable the mitigation against user space to user space task attacks.
Selecting 'off' will disable both the kernel and the user space protections.
You can also select specific mitigations manually:
- retpoline - replace indirect branches
- retpoline,generic - Retpolines
- retpoline,lfence - LFENCE; indirect branch
- retpoline,amd - alias for retpoline,lfence
- eibrs - enhanced indirect branch restricted speculation (IBRS)
- eibrs,retpoline - enhanced IBRS + Retpolines
- eibrs,lfence - enhanced IBRS + LFENCE
- ibrs - use IBRS to protect kernel
- ibrs_always - use IBRS to protect both kernel and userland
- retpoline,ibrs_user - replace indirect branches with retpolines and use IBRS to protect userland
-
on - unconditionally enable, implies
Not specifying this option is equivalent to spectre_v2=auto
.