Chapter 5. Important changes to external kernel parameters

This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 8.6. These changes could include for example added or updated proc entries, sysctl, and sysfs default values, boot parameters, kernel configuration options, or any noticeable behavior changes.

New kernel parameters

fw_devlink.strict = [KNL]

Format: <bool>

With this parameter you can treat all inferred dependencies as mandatory dependencies. This setting only applies if fw_devlink=on|rpm.

no_hash_pointers
With this parameter you can force pointers that are printed to the console or buffers to be unhashed. By default, when a pointer is printed using the %p format string that pointer’s value is obscured by hashing. This is a security feature that hides actual kernel addresses from unprivileged users. However, it also makes debugging the kernel more difficult since you cannot compare unequal pointers. If this command-line parameter is specified, then all normal pointers will have their true value printed. Pointers that are printed using the %pK format string can still be hashed. Specify no_hash_pointers only when debugging the kernel and do not use it in production.
no_entry_flush = [PPC]
With this parameter it is possible to avoid flushing the L1-D cache when entering the kernel.
no_uaccess_flush = [PPC]
With this parameter it is possible to avoid flushing the L1-D cache after accessing user data.
rcutorture.nocbs_nthreads = [KNL]

With this parameter you can set the number of Read-copy-update (RCU) callback-offload togglers.

The default value is 0 (zero) and it disables toggling.

rcutorture.nocbs_toggle = [KNL]
With this parameter you can set the delay in milliseconds between successive callback-offload toggling attempts.
refscale.verbose_batched = [KNL]

With this parameter you can batch the additional printk() statements.

You can print everything, by specifying zero (the default) or a negative value. Otherwise, print every Nth verbose statement, where N is the value specified.

strict_sas_size = [X86]

Format: <bool>

With this parameter you can enable or disable strict sigaltstack size checks against the required signal frame size which depends on the supported floating-point unit (FPU) features. You can use this parameter to filter out binaries, which have not yet been made aware of the AT_MINSIGSTKSZ auxiliary vector.

torture.verbose_sleep_frequency = [KNL]

This parameter specifies how many verbose printk() statements should be emitted between each sleep.

The default value of 0 (zero) disables the verbose-printk() sleeping.

torture.verbose_sleep_duration = [KNL]
This parameter specifies the duration of each verbose-printk() sleep in jiffies.
tsc_early_khz = [X86]

Format: <unsigned int>

This parameter enables to skip the early Time Stamp Counter (TSC) calibration and use the given value instead. The parameter proves useful when the early TSC frequency discovery procedure is not reliable. Such as on overclocked systems with CPUID.16h support and partial CPUID.15h support.

Updated kernel parameters

amd_iommu = [HW,X86-64]

You can pass parameters to the AMD IOMMU driver in the system.

Possible values are:

  • fullflush - Enable flushing of IO/TLB entries when they are unmapped. Otherwise they are flushed before they will be reused, which is a lot of faster.
  • off - Do not initialize any AMD IOMMU found in the system.
  • force_isolation - Force device isolation for all devices. The IOMMU driver is not allowed anymore to lift isolation requirements as needed. This option does not override iommu=pt.
  • force_enable - Force enable the IOMMU on platforms known to be buggy with IOMMU enabled. Use this option with care.
acpi.debug_level = [HW,ACPI,ACPI_DEBUG]

Format: <int>

CONFIG_ACPI_DEBUG must be enabled to produce any Advanced Configuration and Power Interface (ACPI) debug output. Bits in debug_layer correspond to a _COMPONENT in an ACPI source file. For example #define _COMPONENT ACPI_EVENTS Bits in debug_level correspond to a level in ACPI_DEBUG_PRINT statements. For example ACPI_DEBUG_PRINT((ACPI_DB_INFO, …

The debug_level mask defaults to "info". See Documentation/acpi/debug.txt for more information about debug layers and levels.

Enable processor driver info messages:

acpi.debug_layer=0x20000000

Enable AML "Debug" output, for example, stores to the Debug object while interpreting AML:

acpi.debug_layer=0xffffffff, acpi.debug_level=0x2 Enable all messages related to ACPI hardware: acpi.debug_layer=0x2, acpi.debug_level=0xffffffff

Some values produce so much output that the system is unusable. The log_buf_len parameter is useful if you need to capture more output.

acpi_mask_gpe = [HW,ACPI]

Format: <byte> or <bitmap-list>

Due to the existence of _Lxx/_Exx, some general purpose events (GPEs) triggered by unsupported hardware or firmware features can result in GPE floodings that cannot be automatically disabled by the GPE dispatcher. You can use this facility to prevent such uncontrolled GPE floodings.

cgroup_disable = [KNL]

Format: <name of the controller(s) or feature(s) to disable>

With this parameter you can disable a particular controller or optional feature.

The effects of cgroup_disable = <controller/feature> are:

  • controller/feature is not auto-mounted if you mount all cgroups in a single hierarchy
  • controller/feature is not visible as an individually mountable subsystem
  • if controller/feature is an optional feature then the feature is disabled and corresponding cgroups files are not created

    Currently only memory controller deals with this and cut the overhead, others just disable the usage. So only cgroup_disable=memory is actually worthy.

    Specifying "pressure" disables per-cgroup pressure stall information accounting feature.

clearcpuid = BITNUM[,BITNUM…​] [X86]
With this parameter you can disable CPUID feature X for the kernel. See arch/x86/include/asm/cpufeatures.h for the valid bit numbers. Linux specific bits are not necessarily stable over kernel options, but the vendor specific ones should be. User programs calling CPUID directly or using the feature without checking anything will still see it. This just prevents it from being used by the kernel or shown in /proc/cpuinfo. Also note the kernel could malfunction if you disable some critical bits.
iommu.strict = [ARM64, X86]

Format: <"0" | "1">

With this parameter you can configure translation look-aside buffer (TLB) invalidation behavior.

Possible values are:

  • 0 - lazy mode, requests that use of Direct Memory Access (DMA) unmap operations is deferred
  • 1 - strict mode (default), DMA unmap operations invalidate IOMMU hardware TLBs synchronously.

    On AMD64 and Intel 64, the default behavior depends on the equivalent driver-specific parameters. However, a strict mode explicitly specified by either method takes precedence.

rcutree.use_softirq = [KNL]

If this parameter is set to zero, it moves all RCU_SOFTIRQ processing to per-CPU rcuc kthreads. The default is a non-zero value. It means that RCU_SOFTIRQ is used by default.

Specify rcutree.use_softirq = 0 to use rcuc kthreads. But note that CONFIG_PREEMPT_RT=y kernels disable this kernel boot parameter (forcibly setting it to zero).

rcupdate.rcu_normal_after_boot = [KNL]

This parameter enables to use only normal grace-period primitives once boot has completed. That is after the rcu_end_inkernel_boot() call has been invoked. There is no effect on CONFIG_TINY_RCU kernels.

The kernels with the CONFIG_PREEMPT_RT=y setting, enable this kernel boot parameter and forcibly they set it to the value one. That is, converting any post-boot attempt at an expedited Read-copy-update (RCU) grace period to instead use normal non-expedited grace-period processing.

spectre_v2 = [X86]

With this parameter you can control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability.

The default operation protects the kernel from user space attacks.

Possible values are:

  • on - unconditionally enable, implies spectre_v2_user=on
  • off - unconditionally disable, implies spectre_v2_user=off
  • auto - the kernel detects whether your CPU model is vulnerable

    Selecting 'on' will, and 'auto' may, choose a mitigation method at run time according to the CPU. The available microcode, the setting of the CONFIG_RETPOLINE configuration option, and the compiler with which the kernel was built.

    Selecting 'on' will also enable the mitigation against user space to user space task attacks.

    Selecting 'off' will disable both the kernel and the user space protections.

    You can also select specific mitigations manually:

  • retpoline - replace indirect branches
  • retpoline,generic - Retpolines
  • retpoline,lfence - LFENCE; indirect branch
  • retpoline,amd - alias for retpoline,lfence
  • eibrs - enhanced indirect branch restricted speculation (IBRS)
  • eibrs,retpoline - enhanced IBRS + Retpolines
  • eibrs,lfence - enhanced IBRS + LFENCE
  • ibrs - use IBRS to protect kernel
  • ibrs_always - use IBRS to protect both kernel and userland
  • retpoline,ibrs_user - replace indirect branches with retpolines and use IBRS to protect userland

Not specifying this option is equivalent to spectre_v2=auto.