Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 3. Important Changes to External Kernel Parameters
This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 7.5. These changes include added or updated
proc
entries, sysctl
, and sysfs
default values, boot parameters, kernel configuration options, or any noticeable behavior changes.
Kernel parameters
- amd_iommu_intr = [HW,X86-64]
- Specifies one of the following
AMD IOMMU
interrupt remapping modes.legacy - Use legacy interrupt remapping mode.vapic - Use virtual APIC mode, which allowsIOMMU
to inject interrupts directly into guest. This mode requireskvm-amd.avic=1
, which is default whenIOMMU HW
support is present. - debug_pagealloc = [KNL]
- When
CONFIG_DEBUG_PAGEALLOC
is set, this parameter enables the feature at boot time. It is disabled by default. To avoid allocating huge chunk of memory fordebug pagealloc
do not enable it at boot time, and the operating system will work similarly as with the kernel built withoutCONFIG_DEBUG_PAGEALLOC
.Usedebug_pagealloc = on
to enable the feature. - ftrace_graph_max_depth = uint[FTRACE]
- This parameter is used with the function graph tracer. It defines the maximum depth it will trace into a function. Its value can be changed at run time by the
max_graph_depth file
file in thetracefs
tracing directory.The default values is 0, which means that no limit is set. - init_pkru = [x86]
- Specifies the default memory protection keys rights register contents for all processes.The default value is 0x55555554, which disallows access to all but pkey 0. You can override the value in the debugfs file system after boot.
- nopku = [x86]
- Disables the Memory Protection Keys CPU feature found in some Intel CPUs.
- mem_encrypt = [X86-64]
- Provides AMD Secure Memory Encryption (SME) control. The valid arguments are: on, off.The default setting depends on kernel configuration option:on : CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=yoff : CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=nmem_encrypt=on: Activate SMEmem_encrypt=off: Do not activate SME
Kernel parameters to mitigate Spectre and Meltdown issues
- kpti = [X86-64]
- Enables kernel page table isolation.
- nopti = [X86-64]
- Disables kernel page table isolation.
- nospectre_v2 = [X86]
- Disables all mitigations for the Spectre variant 2 (indirect branch speculation) vulnerability. The operating system may allow data leaks with this option, which is equivalent to spectre_v2=off.
- spectre_v2 = [X86]
- Controls mitigation of Spectre variant 2 (indirect branch speculation) vulnerability.The valid arguments are: on, off, auto.on: unconditionally enableoff: unconditionally disableauto: kernel detects whether your CPU model is vulnerableSelecting
on
will, andauto
may, choose a mitigation method at run time according to the CPU, the available microcode, the setting of the CONFIG_RETPOLINE configuration option, and the compiler with which the kernel was built.You can also select specific mitigations manually:retpoline: replaces indirect branchesibrs: Intel: Indirect Branch Restricted Speculation (kernel)ibrs_always: Intel: Indirect Branch Restricted Speculation (kernel and user space)Not specifying this option is equivalent to spectre_v2=auto.
Updated /proc/sys/net/core entries
- dev_weight_rx_bias
- The
RPS
processing, for exampleRFS
andaRFS
, is competing with the registeredNAPI
poll function of the driver for the per softirq cyclenetdev_budget
.This parameter influences the proportion of the configurednetdev_budget
that is spent onRPS
based packet processing during RX softirq cycles. It also makes currentdev_weight
adaptable for asymmetric CPU needs on receiving on transmitting side of the network stack.This parameter is effective on a per CPU basis. Determination is based ondev_weight
, and it is calculated in multiplicative way (dev_weight * dev_weight_rx_bias). The default value is 1. - dev_weight_tx_bias
- This parameter scales the maximum number of packets that can be processed during a TX softirq cycle.It is effective on a per CPU basis, and allows scaling of current
dev_weight
for asymmetric net stack processing needs. Make sure to avoid making TX softirq processing a CPU hog.Determination is based ondev_weight
, and it is calculated in multiplicative way (dev_weight * dev_weight_rx_bias). The default value is 1.