Chapter 5. Important changes to external kernel parameters
This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 8.6. These changes could include for example added or updated
sysfs default values, boot parameters, kernel configuration options, or any noticeable behavior changes.
New kernel parameters
- fw_devlink.strict = [KNL]
With this parameter you can treat all inferred dependencies as mandatory dependencies. This setting only applies if
With this parameter you can force pointers that are printed to the console or buffers to be unhashed. By default, when a pointer is printed using the
%pformat string that pointer’s value is obscured by hashing. This is a security feature that hides actual kernel addresses from unprivileged users. However, it also makes debugging the kernel more difficult since you cannot compare unequal pointers. If this command-line parameter is specified, then all normal pointers will have their true value printed. Pointers that are printed using the
%pKformat string can still be hashed. Specify
no_hash_pointersonly when debugging the kernel and do not use it in production.
- no_entry_flush = [PPC]
- With this parameter it is possible to avoid flushing the L1-D cache when entering the kernel.
- no_uaccess_flush = [PPC]
- With this parameter it is possible to avoid flushing the L1-D cache after accessing user data.
- rcutorture.nocbs_nthreads = [KNL]
With this parameter you can set the number of Read-copy-update (RCU) callback-offload togglers.
The default value is 0 (zero) and it disables toggling.
- rcutorture.nocbs_toggle = [KNL]
- With this parameter you can set the delay in milliseconds between successive callback-offload toggling attempts.
- refscale.verbose_batched = [KNL]
With this parameter you can batch the additional
You can print everything, by specifying zero (the default) or a negative value. Otherwise, print every Nth verbose statement, where N is the value specified.
- strict_sas_size = [X86]
With this parameter you can enable or disable strict
sigaltstacksize checks against the required signal frame size which depends on the supported floating-point unit (FPU) features. You can use this parameter to filter out binaries, which have not yet been made aware of the
- torture.verbose_sleep_frequency = [KNL]
This parameter specifies how many verbose
printk()statements should be emitted between each sleep.
The default value of 0 (zero) disables the verbose-printk() sleeping.
- torture.verbose_sleep_duration = [KNL]
- This parameter specifies the duration of each verbose-printk() sleep in jiffies.
- tsc_early_khz = [X86]
Format: <unsigned int>
This parameter enables to skip the early Time Stamp Counter (TSC) calibration and use the given value instead. The parameter proves useful when the early TSC frequency discovery procedure is not reliable. Such as on overclocked systems with CPUID.16h support and partial CPUID.15h support.
Updated kernel parameters
- amd_iommu = [HW,X86-64]
You can pass parameters to the AMD IOMMU driver in the system.
Possible values are:
fullflush- Enable flushing of IO/TLB entries when they are unmapped. Otherwise they are flushed before they will be reused, which is a lot of faster.
off- Do not initialize any AMD IOMMU found in the system.
force_isolation- Force device isolation for all devices. The IOMMU driver is not allowed anymore to lift isolation requirements as needed. This option does not override
force_enable- Force enable the IOMMU on platforms known to be buggy with IOMMU enabled. Use this option with care.
- acpi.debug_level = [HW,ACPI,ACPI_DEBUG]
CONFIG_ACPI_DEBUGmust be enabled to produce any Advanced Configuration and Power Interface (ACPI) debug output. Bits in
debug_layercorrespond to a
_COMPONENTin an ACPI source file. For example
#define _COMPONENT ACPI_EVENTSBits in debug_level correspond to a level in
ACPI_DEBUG_PRINTstatements. For example
The debug_level mask defaults to "info". See
Documentation/acpi/debug.txtfor more information about debug layers and levels.
Enable processor driver info messages:
Enable AML "Debug" output, for example, stores to the Debug object while interpreting AML:
acpi.debug_level=0x2Enable all messages related to ACPI hardware:
Some values produce so much output that the system is unusable. The
log_buf_lenparameter is useful if you need to capture more output.
- acpi_mask_gpe = [HW,ACPI]
Format: <byte> or <bitmap-list>
Due to the existence of
_Lxx/_Exx, some general purpose events (GPEs) triggered by unsupported hardware or firmware features can result in GPE floodings that cannot be automatically disabled by the GPE dispatcher. You can use this facility to prevent such uncontrolled GPE floodings.
- cgroup_disable = [KNL]
Format: <name of the controller(s) or feature(s) to disable>
With this parameter you can disable a particular controller or optional feature.
The effects of
cgroup_disable = <controller/feature>are:
controller/featureis not auto-mounted if you mount all
cgroupsin a single hierarchy
controller/featureis not visible as an individually mountable subsystem
controller/featureis an optional feature then the feature is disabled and corresponding
cgroupsfiles are not created
Currently only memory controller deals with this and cut the overhead, others just disable the usage. So only
cgroup_disable=memoryis actually worthy.
Specifying "pressure" disables per-cgroup pressure stall information accounting feature.
- clearcpuid = BITNUM[,BITNUM…] [X86]
With this parameter you can disable CPUID feature X for the kernel. See
arch/x86/include/asm/cpufeatures.hfor the valid bit numbers. Linux specific bits are not necessarily stable over kernel options, but the vendor specific ones should be. User programs calling CPUID directly or using the feature without checking anything will still see it. This just prevents it from being used by the kernel or shown in
/proc/cpuinfo. Also note the kernel could malfunction if you disable some critical bits.
- iommu.strict = [ARM64, X86]
Format: <"0" | "1">
With this parameter you can configure translation look-aside buffer (TLB) invalidation behavior.
Possible values are:
- 0 - lazy mode, requests that use of Direct Memory Access (DMA) unmap operations is deferred
1 - strict mode (default), DMA unmap operations invalidate IOMMU hardware TLBs synchronously.
On AMD64 and Intel 64, the default behavior depends on the equivalent driver-specific parameters. However, a strict mode explicitly specified by either method takes precedence.
- rcutree.use_softirq = [KNL]
If this parameter is set to zero, it moves all
RCU_SOFTIRQprocessing to per-CPU rcuc kthreads. The default is a non-zero value. It means that
RCU_SOFTIRQis used by default.
rcutree.use_softirq = 0to use rcuc kthreads. But note that
CONFIG_PREEMPT_RT=ykernels disable this kernel boot parameter (forcibly setting it to zero).
- rcupdate.rcu_normal_after_boot = [KNL]
This parameter enables to use only normal grace-period primitives once boot has completed. That is after the
rcu_end_inkernel_boot()call has been invoked. There is no effect on
The kernels with the
CONFIG_PREEMPT_RT=ysetting, enable this kernel boot parameter and forcibly they set it to the value one. That is, converting any post-boot attempt at an expedited Read-copy-update (RCU) grace period to instead use normal non-expedited grace-period processing.
- spectre_v2 = [X86]
With this parameter you can control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability.
The default operation protects the kernel from user space attacks.
Possible values are:
on - unconditionally enable, implies
off - unconditionally disable, implies
auto - the kernel detects whether your CPU model is vulnerable
Selecting 'on' will, and 'auto' may, choose a mitigation method at run time according to the CPU. The available microcode, the setting of the
CONFIG_RETPOLINEconfiguration option, and the compiler with which the kernel was built.
Selecting 'on' will also enable the mitigation against user space to user space task attacks.
Selecting 'off' will disable both the kernel and the user space protections.
You can also select specific mitigations manually:
- retpoline - replace indirect branches
- retpoline,generic - Retpolines
- retpoline,lfence - LFENCE; indirect branch
- retpoline,amd - alias for retpoline,lfence
- eibrs - enhanced indirect branch restricted speculation (IBRS)
- eibrs,retpoline - enhanced IBRS + Retpolines
- eibrs,lfence - enhanced IBRS + LFENCE
- ibrs - use IBRS to protect kernel
- ibrs_always - use IBRS to protect both kernel and userland
- retpoline,ibrs_user - replace indirect branches with retpolines and use IBRS to protect userland
- on - unconditionally enable, implies
Not specifying this option is equivalent to