1Documentation for /proc/sys/kernel/* kernel version 2.2.10 2 (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> 3 (c) 2009, Shen Feng<shen@cn.fujitsu.com> 4 5For general info and legal blurb, please look in README. 6 7============================================================== 8 9This file contains documentation for the sysctl files in 10/proc/sys/kernel/ and is valid for Linux kernel version 2.2. 11 12The files in this directory can be used to tune and monitor 13miscellaneous and general things in the operation of the Linux 14kernel. Since some of the files _can_ be used to screw up your 15system, it is advisable to read both documentation and source 16before actually making adjustments. 17 18Currently, these files might (depending on your configuration) 19show up in /proc/sys/kernel: 20 21- acct 22- acpi_video_flags 23- auto_msgmni 24- bootloader_type [ X86 only ] 25- bootloader_version [ X86 only ] 26- callhome [ S390 only ] 27- cap_last_cap 28- core_pattern 29- core_pipe_limit 30- core_uses_pid 31- ctrl-alt-del 32- dmesg_restrict 33- domainname 34- hostname 35- hotplug 36- kptr_restrict 37- kstack_depth_to_print [ X86 only ] 38- l2cr [ PPC only ] 39- modprobe ==> Documentation/debugging-modules.txt 40- modules_disabled 41- msgmax 42- msgmnb 43- msgmni 44- nmi_watchdog 45- osrelease 46- ostype 47- overflowgid 48- overflowuid 49- panic 50- panic_on_oops 51- panic_on_stackoverflow 52- panic_on_unrecovered_nmi 53- perf_event_paranoid 54- pid_max 55- powersave-nap [ PPC only ] 56- printk 57- printk_delay 58- printk_ratelimit 59- printk_ratelimit_burst 60- randomize_va_space 61- real-root-dev ==> Documentation/initrd.txt 62- reboot-cmd [ SPARC only ] 63- rtsig-max 64- rtsig-nr 65- sem 66- sg-big-buff [ generic SCSI device (sg) ] 67- shm_rmid_forced 68- shmall 69- shmmax [ sysv ipc ] 70- shmmni 71- softlockup_thresh 72- stop-a [ SPARC only ] 73- sysrq ==> Documentation/sysrq.txt 74- tainted 75- threads-max 76- unknown_nmi_panic 77- version 78 79============================================================== 80 81acct: 82 83highwater lowwater frequency 84 85If BSD-style process accounting is enabled these values control 86its behaviour. If free space on filesystem where the log lives 87goes below <lowwater>% accounting suspends. If free space gets 88above <highwater>% accounting resumes. <Frequency> determines 89how often do we check the amount of free space (value is in 90seconds). Default: 914 2 30 92That is, suspend accounting if there left <= 2% free; resume it 93if we got >=4%; consider information about amount of free space 94valid for 30 seconds. 95 96============================================================== 97 98acpi_video_flags: 99 100flags 101 102See Doc*/kernel/power/video.txt, it allows mode of video boot to be 103set during run time. 104 105============================================================== 106 107auto_msgmni: 108 109Enables/Disables automatic recomputing of msgmni upon memory add/remove 110or upon ipc namespace creation/removal (see the msgmni description 111above). Echoing "1" into this file enables msgmni automatic recomputing. 112Echoing "0" turns it off. auto_msgmni default value is 1. 113 114 115============================================================== 116 117bootloader_type: 118 119x86 bootloader identification 120 121This gives the bootloader type number as indicated by the bootloader, 122shifted left by 4, and OR'd with the low four bits of the bootloader 123version. The reason for this encoding is that this used to match the 124type_of_loader field in the kernel header; the encoding is kept for 125backwards compatibility. That is, if the full bootloader type number 126is 0x15 and the full version number is 0x234, this file will contain 127the value 340 = 0x154. 128 129See the type_of_loader and ext_loader_type fields in 130Documentation/x86/boot.txt for additional information. 131 132============================================================== 133 134bootloader_version: 135 136x86 bootloader version 137 138The complete bootloader version number. In the example above, this 139file will contain the value 564 = 0x234. 140 141See the type_of_loader and ext_loader_ver fields in 142Documentation/x86/boot.txt for additional information. 143 144============================================================== 145 146callhome: 147 148Controls the kernel's callhome behavior in case of a kernel panic. 149 150The s390 hardware allows an operating system to send a notification 151to a service organization (callhome) in case of an operating system panic. 152 153When the value in this file is 0 (which is the default behavior) 154nothing happens in case of a kernel panic. If this value is set to "1" 155the complete kernel oops message is send to the IBM customer service 156organization in case the mainframe the Linux operating system is running 157on has a service contract with IBM. 158 159============================================================== 160 161cap_last_cap 162 163Highest valid capability of the running kernel. Exports 164CAP_LAST_CAP from the kernel. 165 166============================================================== 167 168core_pattern: 169 170core_pattern is used to specify a core dumpfile pattern name. 171. max length 128 characters; default value is "core" 172. core_pattern is used as a pattern template for the output filename; 173 certain string patterns (beginning with '%') are substituted with 174 their actual values. 175. backward compatibility with core_uses_pid: 176 If core_pattern does not include "%p" (default does not) 177 and core_uses_pid is set, then .PID will be appended to 178 the filename. 179. corename format specifiers: 180 %<NUL> '%' is dropped 181 %% output one '%' 182 %p pid 183 %u uid 184 %g gid 185 %s signal number 186 %t UNIX time of dump 187 %h hostname 188 %e executable filename (may be shortened) 189 %E executable path 190 %<OTHER> both are dropped 191. If the first character of the pattern is a '|', the kernel will treat 192 the rest of the pattern as a command to run. The core dump will be 193 written to the standard input of that program instead of to a file. 194 195============================================================== 196 197core_pipe_limit: 198 199This sysctl is only applicable when core_pattern is configured to pipe 200core files to a user space helper (when the first character of 201core_pattern is a '|', see above). When collecting cores via a pipe 202to an application, it is occasionally useful for the collecting 203application to gather data about the crashing process from its 204/proc/pid directory. In order to do this safely, the kernel must wait 205for the collecting process to exit, so as not to remove the crashing 206processes proc files prematurely. This in turn creates the 207possibility that a misbehaving userspace collecting process can block 208the reaping of a crashed process simply by never exiting. This sysctl 209defends against that. It defines how many concurrent crashing 210processes may be piped to user space applications in parallel. If 211this value is exceeded, then those crashing processes above that value 212are noted via the kernel log and their cores are skipped. 0 is a 213special value, indicating that unlimited processes may be captured in 214parallel, but that no waiting will take place (i.e. the collecting 215process is not guaranteed access to /proc/<crashing pid>/). This 216value defaults to 0. 217 218============================================================== 219 220core_uses_pid: 221 222The default coredump filename is "core". By setting 223core_uses_pid to 1, the coredump filename becomes core.PID. 224If core_pattern does not include "%p" (default does not) 225and core_uses_pid is set, then .PID will be appended to 226the filename. 227 228============================================================== 229 230ctrl-alt-del: 231 232When the value in this file is 0, ctrl-alt-del is trapped and 233sent to the init(1) program to handle a graceful restart. 234When, however, the value is > 0, Linux's reaction to a Vulcan 235Nerve Pinch (tm) will be an immediate reboot, without even 236syncing its dirty buffers. 237 238Note: when a program (like dosemu) has the keyboard in 'raw' 239mode, the ctrl-alt-del is intercepted by the program before it 240ever reaches the kernel tty layer, and it's up to the program 241to decide what to do with it. 242 243============================================================== 244 245dmesg_restrict: 246 247This toggle indicates whether unprivileged users are prevented 248from using dmesg(8) to view messages from the kernel's log buffer. 249When dmesg_restrict is set to (0) there are no restrictions. When 250dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use 251dmesg(8). 252 253The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the 254default value of dmesg_restrict. 255 256============================================================== 257 258domainname & hostname: 259 260These files can be used to set the NIS/YP domainname and the 261hostname of your box in exactly the same way as the commands 262domainname and hostname, i.e.: 263# echo "darkstar" > /proc/sys/kernel/hostname 264# echo "mydomain" > /proc/sys/kernel/domainname 265has the same effect as 266# hostname "darkstar" 267# domainname "mydomain" 268 269Note, however, that the classic darkstar.frop.org has the 270hostname "darkstar" and DNS (Internet Domain Name Server) 271domainname "frop.org", not to be confused with the NIS (Network 272Information Service) or YP (Yellow Pages) domainname. These two 273domain names are in general different. For a detailed discussion 274see the hostname(1) man page. 275 276============================================================== 277 278hotplug: 279 280Path for the hotplug policy agent. 281Default value is "/sbin/hotplug". 282 283============================================================== 284 285kptr_restrict: 286 287This toggle indicates whether restrictions are placed on 288exposing kernel addresses via /proc and other interfaces. When 289kptr_restrict is set to (0), there are no restrictions. When 290kptr_restrict is set to (1), the default, kernel pointers 291printed using the %pK format specifier will be replaced with 0's 292unless the user has CAP_SYSLOG. When kptr_restrict is set to 293(2), kernel pointers printed using %pK will be replaced with 0's 294regardless of privileges. 295 296============================================================== 297 298kstack_depth_to_print: (X86 only) 299 300Controls the number of words to print when dumping the raw 301kernel stack. 302 303============================================================== 304 305l2cr: (PPC only) 306 307This flag controls the L2 cache of G3 processor boards. If 3080, the cache is disabled. Enabled if nonzero. 309 310============================================================== 311 312modules_disabled: 313 314A toggle value indicating if modules are allowed to be loaded 315in an otherwise modular kernel. This toggle defaults to off 316(0), but can be set true (1). Once true, modules can be 317neither loaded nor unloaded, and the toggle cannot be set back 318to false. 319 320============================================================== 321 322nmi_watchdog: 323 324Enables/Disables the NMI watchdog on x86 systems. When the value is 325non-zero the NMI watchdog is enabled and will continuously test all 326online cpus to determine whether or not they are still functioning 327properly. Currently, passing "nmi_watchdog=" parameter at boot time is 328required for this function to work. 329 330If LAPIC NMI watchdog method is in use (nmi_watchdog=2 kernel 331parameter), the NMI watchdog shares registers with oprofile. By 332disabling the NMI watchdog, oprofile may have more registers to 333utilize. 334 335============================================================== 336 337osrelease, ostype & version: 338 339# cat osrelease 3402.1.88 341# cat ostype 342Linux 343# cat version 344#5 Wed Feb 25 21:49:24 MET 1998 345 346The files osrelease and ostype should be clear enough. Version 347needs a little more clarification however. The '#5' means that 348this is the fifth kernel built from this source base and the 349date behind it indicates the time the kernel was built. 350The only way to tune these values is to rebuild the kernel :-) 351 352============================================================== 353 354overflowgid & overflowuid: 355 356if your architecture did not always support 32-bit UIDs (i.e. arm, 357i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to 358applications that use the old 16-bit UID/GID system calls, if the 359actual UID or GID would exceed 65535. 360 361These sysctls allow you to change the value of the fixed UID and GID. 362The default is 65534. 363 364============================================================== 365 366panic: 367 368The value in this file represents the number of seconds the kernel 369waits before rebooting on a panic. When you use the software watchdog, 370the recommended setting is 60. 371 372============================================================== 373 374panic_on_oops: 375 376Controls the kernel's behaviour when an oops or BUG is encountered. 377 3780: try to continue operation 379 3801: panic immediately. If the `panic' sysctl is also non-zero then the 381 machine will be rebooted. 382 383============================================================== 384 385panic_on_stackoverflow: 386 387Controls the kernel's behavior when detecting the overflows of 388kernel, IRQ and exception stacks except a user stack. 389This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled. 390 3910: try to continue operation. 392 3931: panic immediately. 394 395============================================================== 396 397panic_on_unrecovered_nmi: 398 399The default Linux behaviour on an NMI of either memory or unknown is 400to continue operation. For many environments such as scientific 401computing it is preferable that the box is taken out and the error 402dealt with than an uncorrected parity/ECC error get propagated. 403 404A small number of systems do generate NMI's for bizarre random reasons 405such as power management so the default is off. That sysctl works like 406the existing panic controls already in that directory. 407 408============================================================== 409 410perf_event_paranoid: 411 412Controls use of the performance events system by unprivileged 413users (without CAP_SYS_ADMIN). The default value is 3 if 414CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set, or 1 otherwise. 415 416 -1: Allow use of (almost) all events by all users 417>=0: Disallow raw tracepoint access by users without CAP_IOC_LOCK 418>=1: Disallow CPU event access by users without CAP_SYS_ADMIN 419>=2: Disallow kernel profiling by users without CAP_SYS_ADMIN 420>=3: Disallow all event access by users without CAP_SYS_ADMIN 421 422============================================================== 423 424pid_max: 425 426PID allocation wrap value. When the kernel's next PID value 427reaches this value, it wraps back to a minimum PID value. 428PIDs of value pid_max or larger are not allocated. 429 430============================================================== 431 432ns_last_pid: 433 434The last pid allocated in the current (the one task using this sysctl 435lives in) pid namespace. When selecting a pid for a next task on fork 436kernel tries to allocate a number starting from this one. 437 438============================================================== 439 440powersave-nap: (PPC only) 441 442If set, Linux-PPC will use the 'nap' mode of powersaving, 443otherwise the 'doze' mode will be used. 444 445============================================================== 446 447printk: 448 449The four values in printk denote: console_loglevel, 450default_message_loglevel, minimum_console_loglevel and 451default_console_loglevel respectively. 452 453These values influence printk() behavior when printing or 454logging error messages. See 'man 2 syslog' for more info on 455the different loglevels. 456 457- console_loglevel: messages with a higher priority than 458 this will be printed to the console 459- default_message_loglevel: messages without an explicit priority 460 will be printed with this priority 461- minimum_console_loglevel: minimum (highest) value to which 462 console_loglevel can be set 463- default_console_loglevel: default value for console_loglevel 464 465============================================================== 466 467printk_delay: 468 469Delay each printk message in printk_delay milliseconds 470 471Value from 0 - 10000 is allowed. 472 473============================================================== 474 475printk_ratelimit: 476 477Some warning messages are rate limited. printk_ratelimit specifies 478the minimum length of time between these messages (in jiffies), by 479default we allow one every 5 seconds. 480 481A value of 0 will disable rate limiting. 482 483============================================================== 484 485printk_ratelimit_burst: 486 487While long term we enforce one message per printk_ratelimit 488seconds, we do allow a burst of messages to pass through. 489printk_ratelimit_burst specifies the number of messages we can 490send before ratelimiting kicks in. 491 492============================================================== 493 494randomize_va_space: 495 496This option can be used to select the type of process address 497space randomization that is used in the system, for architectures 498that support this feature. 499 5000 - Turn the process address space randomization off. This is the 501 default for architectures that do not support this feature anyways, 502 and kernels that are booted with the "norandmaps" parameter. 503 5041 - Make the addresses of mmap base, stack and VDSO page randomized. 505 This, among other things, implies that shared libraries will be 506 loaded to random addresses. Also for PIE-linked binaries, the 507 location of code start is randomized. This is the default if the 508 CONFIG_COMPAT_BRK option is enabled. 509 5102 - Additionally enable heap randomization. This is the default if 511 CONFIG_COMPAT_BRK is disabled. 512 513 There are a few legacy applications out there (such as some ancient 514 versions of libc.so.5 from 1996) that assume that brk area starts 515 just after the end of the code+bss. These applications break when 516 start of the brk area is randomized. There are however no known 517 non-legacy applications that would be broken this way, so for most 518 systems it is safe to choose full randomization. 519 520 Systems with ancient and/or broken binaries should be configured 521 with CONFIG_COMPAT_BRK enabled, which excludes the heap from process 522 address space randomization. 523 524============================================================== 525 526reboot-cmd: (Sparc only) 527 528??? This seems to be a way to give an argument to the Sparc 529ROM/Flash boot loader. Maybe to tell it what to do after 530rebooting. ??? 531 532============================================================== 533 534rtsig-max & rtsig-nr: 535 536The file rtsig-max can be used to tune the maximum number 537of POSIX realtime (queued) signals that can be outstanding 538in the system. 539 540rtsig-nr shows the number of RT signals currently queued. 541 542============================================================== 543 544sg-big-buff: 545 546This file shows the size of the generic SCSI (sg) buffer. 547You can't tune it just yet, but you could change it on 548compile time by editing include/scsi/sg.h and changing 549the value of SG_BIG_BUFF. 550 551There shouldn't be any reason to change this value. If 552you can come up with one, you probably know what you 553are doing anyway :) 554 555============================================================== 556 557shmmax: 558 559This value can be used to query and set the run time limit 560on the maximum shared memory segment size that can be created. 561Shared memory segments up to 1Gb are now supported in the 562kernel. This value defaults to SHMMAX. 563 564============================================================== 565 566shm_rmid_forced: 567 568Linux lets you set resource limits, including how much memory one 569process can consume, via setrlimit(2). Unfortunately, shared memory 570segments are allowed to exist without association with any process, and 571thus might not be counted against any resource limits. If enabled, 572shared memory segments are automatically destroyed when their attach 573count becomes zero after a detach or a process termination. It will 574also destroy segments that were created, but never attached to, on exit 575from the process. The only use left for IPC_RMID is to immediately 576destroy an unattached segment. Of course, this breaks the way things are 577defined, so some applications might stop working. Note that this 578feature will do you no good unless you also configure your resource 579limits (in particular, RLIMIT_AS and RLIMIT_NPROC). Most systems don't 580need this. 581 582Note that if you change this from 0 to 1, already created segments 583without users and with a dead originative process will be destroyed. 584 585============================================================== 586 587softlockup_thresh: 588 589This value can be used to lower the softlockup tolerance threshold. The 590default threshold is 60 seconds. If a cpu is locked up for 60 seconds, 591the kernel complains. Valid values are 1-60 seconds. Setting this 592tunable to zero will disable the softlockup detection altogether. 593 594============================================================== 595 596tainted: 597 598Non-zero if the kernel has been tainted. Numeric values, which 599can be ORed together: 600 601 1 - A module with a non-GPL license has been loaded, this 602 includes modules with no license. 603 Set by modutils >= 2.4.9 and module-init-tools. 604 2 - A module was force loaded by insmod -f. 605 Set by modutils >= 2.4.9 and module-init-tools. 606 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP. 607 8 - A module was forcibly unloaded from the system by rmmod -f. 608 16 - A hardware machine check error occurred on the system. 609 32 - A bad page was discovered on the system. 610 64 - The user has asked that the system be marked "tainted". This 611 could be because they are running software that directly modifies 612 the hardware, or for other reasons. 613 128 - The system has died. 614 256 - The ACPI DSDT has been overridden with one supplied by the user 615 instead of using the one provided by the hardware. 616 512 - A kernel warning has occurred. 6171024 - A module from drivers/staging was loaded. 6182048 - The system is working around a severe firmware bug. 6194096 - An out-of-tree module has been loaded. 620 621============================================================== 622 623unknown_nmi_panic: 624 625The value in this file affects behavior of handling NMI. When the 626value is non-zero, unknown NMI is trapped and then panic occurs. At 627that time, kernel debugging information is displayed on console. 628 629NMI switch that most IA32 servers have fires unknown NMI up, for 630example. If a system hangs up, try pressing the NMI switch. 631