Merge tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/power...
[sfrench/cifs-2.6.git] / Documentation / admin-guide / kernel-parameters.txt
index c45a19d654f32ca83d081dd47bad32b6978d5c43..08df588057036e2eba4c4fcc38281ddc98a8711f 100644 (file)
                        upon panic. This parameter reserves the physical
                        memory region [offset, offset + size] for that kernel
                        image. If '@offset' is omitted, then a suitable offset
-                       is selected automatically. Check
-                       Documentation/kdump/kdump.txt for further details.
+                       is selected automatically.
+                       [KNL, x86_64] select a region under 4G first, and
+                       fall back to reserve region above 4G when '@offset'
+                       hasn't been specified.
+                       See Documentation/kdump/kdump.txt for further details.
 
        crashkernel=range1:size1[,range2:size2,...][@offset]
                        [KNL] Same as above, but depends on the memory
                        Format: { "off" | "enforce" | "fix" | "log" }
                        default: "enforce"
 
-       ima_appraise_tcb [IMA]
+       ima_appraise_tcb [IMA] Deprecated.  Use ima_policy= instead.
                        The builtin appraise policy appraises all files
                        owned by uid=0.
 
                        uid=0.
 
                        The "appraise_tcb" policy appraises the integrity of
-                       all files owned by root. (This is the equivalent
-                       of ima_appraise_tcb.)
+                       all files owned by root.
 
                        The "secure_boot" policy appraises the integrity
                        of files (eg. kexec kernel image, kernel modules,
                        in the "bleeding edge" mini2440 support kernel at
                        http://repo.or.cz/w/linux-2.6/mini2440.git
 
+       mitigations=
+                       [X86,PPC,S390,ARM64] Control optional mitigations for
+                       CPU vulnerabilities.  This is a set of curated,
+                       arch-independent options, each of which is an
+                       aggregation of existing arch-specific options.
+
+                       off
+                               Disable all optional CPU mitigations.  This
+                               improves system performance, but it may also
+                               expose users to several CPU vulnerabilities.
+                               Equivalent to: nopti [X86,PPC]
+                                              kpti=0 [ARM64]
+                                              nospectre_v1 [PPC]
+                                              nobp=0 [S390]
+                                              nospectre_v2 [X86,PPC,S390,ARM64]
+                                              spectre_v2_user=off [X86]
+                                              spec_store_bypass_disable=off [X86,PPC]
+                                              ssbd=force-off [ARM64]
+                                              l1tf=off [X86]
+
+                       auto (default)
+                               Mitigate all CPU vulnerabilities, but leave SMT
+                               enabled, even if it's vulnerable.  This is for
+                               users who don't want to be surprised by SMT
+                               getting disabled across kernel upgrades, or who
+                               have other ways of avoiding SMT-based attacks.
+                               Equivalent to: (default behavior)
+
+                       auto,nosmt
+                               Mitigate all CPU vulnerabilities, disabling SMT
+                               if needed.  This is for users who always want to
+                               be fully mitigated, even if it means losing SMT.
+                               Equivalent to: l1tf=flush,nosmt [X86]
+
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
                        parameter allows control of the logging verbosity for
                        check bypass). With this option data leaks are possible
                        in the system.
 
-       nospectre_v2    [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2
-                       (indirect branch prediction) vulnerability. System may
-                       allow data leaks with this option, which is equivalent
-                       to spectre_v2=off.
+       nospectre_v2    [X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for
+                       the Spectre variant 2 (indirect branch prediction)
+                       vulnerability. System may allow data leaks with this
+                       option.
 
        nospec_store_bypass_disable
                        [HW] Disable all mitigations for the Speculative Store Bypass vulnerability
                                bridges without forcing it upstream. Note:
                                this removes isolation between devices and
                                may put more devices in an IOMMU group.
+               force_floating  [S390] Force usage of floating interrupts.
+               nomio           [S390] Do not use MIO instructions.
 
        pcie_aspm=      [PCIE] Forcibly enable or disable PCIe Active State Power
                        Management.
                                see CONFIG_RAS_CEC help text.
 
        rcu_nocbs=      [KNL]
-                       The argument is a cpu list, as described above.
+                       The argument is a cpu list, as described above,
+                       except that the string "all" can be used to
+                       specify every CPU on the system.
 
                        In kernels built with CONFIG_RCU_NOCB_CPU=y, set
                        the specified list of CPUs to be no-callback CPUs.
                        [x86] unstable: mark the TSC clocksource as unstable, this
                        marks the TSC unconditionally unstable at bootup and
                        avoids any further wobbles once the TSC watchdog notices.
+                       [x86] nowatchdog: disable clocksource watchdog. Used
+                       in situations with strict latency requirements (where
+                       interruptions from clocksource watchdog are not
+                       acceptable).
 
        turbografx.map[2|3]=    [HW,JOY]
                        TurboGraFX parallel port interface