Chapter 5. Important changes to external kernel parameters

This chapter provides system administrators with a summary of significant changes in the kernel distributed with Red Hat Enterprise Linux 9.5. These changes could include, for example, added or updated proc entries, sysctl, and sysfs default values, boot parameters, kernel configuration options, or any noticeable behavior changes.

New kernel parameters

Sets the size of kernel numa memory area for contiguous memory allocations. It will reserve CMA area for the specified node.

With numa CMA enabled, DMA users on node nid will first try to allocate buffer from the numa area which is located in node nid, if the allocation fails, they will fallback to the global default memory area.

Controls mitigation for Register File Data Sampling (RFDS) vulnerability. RFDS is a CPU vulnerability which may allow userspace to infer kernel data values previously stored in floating point registers, vector registers, or integer registers. RFDS only affects Intel Atom processors.

Values:

This parameter overrides the compile time default set by CONFIG_MITIGATION_RFDS. Mitigation cannot be disabled when other VERW based mitigations (like MDS) are enabled. In order to disable RFDS mitigation all VERW based mitigations need to be disabled.

For details see: Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst

Set the time limit in jiffies for a lock acquisition. Acquisitions exceeding this limit will result in a splat once they do complete.

Specify the list of CPUs to which the readers are to be bound.

Specify the list of CPUs to which the writers are to be bound.

Specify the number of self-propagating call_rcu() chains to set up. These are used to ensure that there is a high probability of an RCU grace period in progress at any given time. Defaults to 0, which disables these call_rcu() chains.

Specify the duration in milliseconds for the occasional long-duration lock hold time. Defaults to 100 milliseconds. Select 0 to disable.

Specify the maximum lock nesting depth that locktorture is to exercise, up to a limit of 8 (MAX_NESTED_LOCKS). Specify zero to disable. Note that this parameter is ineffective on types of locks that do not support nested acquisition.

This can be changed after boot by writing to the matching /sys/module/workqueue/parameters file. All workqueues with the "default" affinity scope will be updated accordignly.

Do periodic testing of real-time lock priority boosting. Select 0 to disable, 1 to boost only rt_mutex, and 2 to boost unconditionally. Defaults to 2, which might seem to be an odd choice, but which should be harmless for non-real-time spinlocks, due to their disabling of preemption. Note that non-realtime mutexes disable boosting.

Run the write-side locktorture kthreads at sched_set_fifo() real-time priority.

Number that determines how often and for how long priority boosting is exercised. This is scaled down by the number of writers, so that the number of boosts per unit time remains roughly constant as the number of writers increases. On the other hand, the duration of each boost increases with the number of writers.

Format: <bool>

Enable or disable the microcode minimal revision enforcement for the runtime microcode loader.

When set to true, modules will use async probing by default. To enable/disable async probing for a specific module, use the module specific control that is documented under <module>.async_probe. When both module.async_probe and <module>.async_probe are specified, <module>.async_probe takes precedence for the specific module.

When CONFIG_MODULE_DEBUG_AUTOLOAD_DUPS is set, this means that duplicate request_module() calls will trigger a WARN_ON() instead of a pr_warn(). Note that if MODULE_DEBUG_AUTOLOAD_DUPS_TRACE is set, WARN_ON() will always be issued and this option does nothing.

Specifies the number of times the NFSv4 client retries the request before returning an EAGAIN error, after a reply of NFS4ERR_DELAY from the server. Only applies if the softerr mount option is enabled, and the specified value is >= 0.

Request a call to rcu_barrier(). This is throttled so that userspace tests can safely hammer on the sysfs variable if they so choose. If triggered before the RCU grace-period machinery is fully active, this will error out with EAGAIN.

Set the minimum test run time in seconds. This does not affect the data-collection interval, but instead allows better measurement of things like CPU consumption.

Additional write-side holdoff between grace periods, but in jiffies. The default of zero says no holdoff.

Provide RCU CPU stall notifiers, but see the warnings in the RCU_CPU_STALL_NOTIFIER Kconfig option’s help text. TL;DR: You almost certainly do not want rcupdate.rcu_cpu_stall_notifiers.

Number of callbacks on a given CPU that will cancel laziness on that CPU. Use -1 to disable cancellation of laziness, but be advised that doing so increases the danger of OOM due to callback flooding.

Set timeout in milliseconds RCU Tasks asynchronous callback batching for call_rcu_tasks(). A negative value will take the default. A value of zero will disable batching. Batching is always disabled for synchronize_rcu_tasks().

Set timeout in milliseconds RCU Tasks Rude asynchronous callback batching for call_rcu_tasks_rude(). A negative value will take the default. A value of zero will disable batching. Batching is always disabled for synchronize_rcu_tasks_rude().

Set timeout in milliseconds RCU Tasks Trace asynchronous callback batching for call_rcu_tasks_trace(). A negative value will take the default. A value of zero will disable batching. Batching is always disabled for synchronize_rcu_tasks_trace().

Control mitigation of Branch History Injection (BHI) vulnerability. This setting affects the deployment of the HW BHI control and the SW BHB clearing sequence.

Values:

Enable unwinder debug output. This can be useful for debugging certain unwinder error conditions, including corrupt stacks and bad/missing unwinder metadata.

If CONFIG_WQ_CPU_INTENSIVE_REPORT is set, the kernel will report the work functions which violate this threshold repeatedly. They are likely good candidates for using WQ_UNBOUND workqueues instead.

workqueue.cpu_intensive_warning_thresh=<uint> If CONFIG_WQ_CPU_INTENSIVE_REPORT is set, the kernel will report the work functions which violate the intensive_threshold_us repeatedly. In order to prevent spurious warnings, start printing only after a work function has violated this threshold number of times.

The default is 4 times. 0 disables the warning.

This can be changed after boot by writing to the matching /sys/module/workqueue/parameters file. All workqueues with the "default" affinity scope will be updated accordignly.

Format: <bool>

Select whether to always use non-faulting (safe) MSR access functions when running as Xen PV guest. The default value is controlled by CONFIG_XEN_PV_MSR_SAFE.

Updated kernel parameters

Disable CPUID feature X for the kernel. See numbers X.

Note the Linux-specific bits are not necessarily stable over kernel options, but the vendor-specific ones should be. X can also be a string as appearing in the flags: line in /proc/cpuinfo which does not have the above instability issue. However, not all features have names in /proc/cpuinfo. Note that using this option will taint your kernel.

Also note that user programs calling CPUID directly or using the feature without checking anything will still see it. This just prevents it from being used by the kernel or shown in /proc/cpuinfo. Also note the kernel might malfunction if you disable some critical bits.

Sets the size of kernel per-numa memory area for contiguous memory allocations. A value of 0 disables per-numa CMA altogether. And If this option is not specified, the default value is 0. With per-numa CMA enabled, DMA users on node nid will first try to allocate buffer from the pernuma area which is located in node nid, if the allocation fails, they will fallback to the global default memory area.

Enable debug add-ons of cross-CPU function call handling. When switched on, additional debug data is printed to the console in case a hanging CPU is detected, and that CPU is pinged again in order to try to resolve the hang situation. The default value of this option depends on the CSD_LOCK_WAIT_DEBUG_DEFAULT Kconfig option.

If no <bool> value is specified or if the value specified is not a valid <bool>, enable asynchronous probe on this module. Otherwise, enable/disable asynchronous probe on this module as indicated by the <bool> value. See also: module.async_probe

Output early console device and options.

When used with no options, the early console is determined by stdout-path property in device tree’s chosen node or the ACPI SPCR table if supported by the platform.

cdns,<addr>[,options] Start an early, polled-mode console on a Cadence (xuartps) serial port at the specified address. Only supported option is baud rate. If baud rate is not specified, the serial port must already be setup and configured.

uart[8250],io,<addr>[,options[,uartclk]]uart[8250],mmio,<addr>[,options[,uartclk]]uart[8250],mmio32,<addr>[,options[,uartclk]]uart[8250],mmio32be,<addr>[,options[,uartclk]]uart[8250],0x<addr>[,options]

Start an early, polled-mode console on the 8250/16550 UART at the specified I/O port or MMIO address. MMIO inter-register address stride is either 8-bit (mmio) or 32-bit (mmio32 or mmio32be). If none of [io|mmio|mmio32|mmio32be], <addr> is assumed to be equivalent to 'mmio'. 'options' are specified in the same format described for "console=ttyS<n>"; if unspecified, the h/w is not initialized. 'uartclk' is the uart clock frequency; if unspecified, it is set to 'BASE_BAUD' * 16.

earlyprintk=vga earlyprintk=sclp earlyprintk=xen earlyprintk=serial[,ttySn[,baudrate]] earlyprintk=serial[,0x…​[,baudrate]] earlyprintk=ttySn[,baudrate] earlyprintk=dbgp[debugController#] earlyprintk=pciserial[,force],bus:device.function[,baudrate] earlyprintk=xdbc[xhciController#]

earlyprintk is useful when the kernel crashes before the normal console is initialized. It is not enabled by default because it has some cosmetic problems.

Append ",keep" to not disable it when the real console takes over.

Only one of vga, efi, serial, or usb debug port can be used at a time.

Currently only ttyS0 and ttyS1 may be specified by name. Other I/O ports may be explicitly specified on some architectures (x86 and arm at least) by replacing ttySn with an I/O port address, like this: earlyprintk=serial,0x1008,115200 You can find the port for a given device in /proc/tty/driver/serial: 2: uart:ST16650V2 port:00001008 irq:18.

Interaction with the standard serial driver is not very good.

The VGA and EFI output is eventually overwritten by the real console.

The xen option can only be used in Xen domains.

The sclp output can only be used on s390.

The optional "force" to "pciserial" enables use of a PCI device even when its classcode is not of the UART class.

Configure TLB invalidation behaviour.

Format: { "0" | "1" }

AMD Secure Memory Encryption (SME) control.

Valid arguments: on, off

Default: off

mem_encrypt=on: Activate SME mem_encrypt=off: Do not activate SME

Control optional mitigations for CPU vulnerabilities. This is a set of curated, arch-independent options, each of which is an aggregation of existing arch-specific options.

Value: off

Disable all optional CPU mitigations. This improves system performance, but it may also expose users to several CPU vulnerabilities. Equivalent to: if nokaslr then kpti=0 [ARM64] gather_data_sampling=off [X86] kvm.nx_huge_pages=off [X86] l1tf=off [X86] mds=off [X86] mmio_stale_data=off [X86] no_entry_flush [PPC] no_uaccess_flush [PPC] nobp=0 [S390] nopti [X86,PPC] nospectre_bhb [ARM64] nospectre_v1 [X86,PPC] nospectre_v2 [X86,PPC,S390,ARM64] reg_file_data_sampling=off [X86] retbleed=off [X86] spec_rstack_overflow=off [X86] spec_store_bypass_disable=off [X86,PPC] spectre_bhi=off [X86] spectre_v2_user=off [X86] srbds=off [X86,INTEL] ssbd=force-off [ARM64] tsx_async_abort=off [X86]

Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor.

Disable SMEP (Supervisor Mode Execution Prevention) even if it is supported by processor.

Do not enable x2APIC mode.

Forcibly enable or ignore PCIe Active State Power Management.

Value:

Set s390 IOTLB flushing mode.

Value:

Control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability. The default operation protects the kernel from user space attacks.

Value:

Selecting 'on' will, and 'auto' may, choose a mitigation method at run time according to the CPU, the available microcode, the setting of the CONFIG_MITIGATION_RETPOLINE configuration option, and the compiler with which the kernel was built.

A list of quirk entries to augment the built-in usb core quirk list. List entries are separated by commas. Each entry has the form VendorID:ProductID:Flags. The IDs are 4-digit hex numbers and Flags is a set of letters. Each letter will change the built-in quirk; setting it if it is clear and clearing it if it is set. The letters have the following meanings:

Example: quirks=0781:5580:bk,0a5c:5834:gij

Removed kernel parameters

New sysctl parameters

Value:

A rule of thumb is to set this to less than 1/10 of the PMEM node write bandwidth.

Updated sysctl parameters

Once true, kexec can no longer be used, and the toggle cannot be set back to false. This allows a kexec image to be loaded before disabling the syscall allowing a system to set up (and later use) an image without it being altered. Generally used together with the `modules_disabled`_ sysctl.