Index: share/man/man4/sysctl_machdep.4 =================================================================== --- /dev/null +++ share/man/man4/sysctl_machdep.4 @@ -0,0 +1,609 @@ +.\"- +.\" Copyright (c) 2021 Felix Johnson +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd October 24, 2021 +.Dt sysctl_machdep 4 +.Os +.Sh NAME +.Nm sysctl_machdep +.Nd sysctl(8) variables in the machdep namespace +.Sh DESCRIPTION +Some +.Xr sysctl 8 +variables are available on every architecture, while others +are available on a limited number of architectures. +.Sh SYSCTL VARIABLES +The kernel provides a number of sysctl variables to monitor or manage +the machine-dependent behaviors. +.Bl -tag -width 3 +.It Va machdep.acpi_root +Unsigned long, read-only. +The physical address of the Root System Description Pointer +.Pq RDSP +used in the Advanced Configuration and Power Interface +.Pq ACPI . +Supported on arm64, x86, amd64. +.It Va machdep.acpi_timer_freq +Integer, read-only. +Returns the Advanced Configuration and Power Interface (ACPI) +timer frequency, in hertz. +Supported on systems that implement +.Xr acpi 4 . +.It Va machdep.adjkerntz +Integer, read-only. +Returns the local offset from Coordinated Universal Time +.Pq UTC +in seconds. +.It Va machdep.allow_dic +Integer, read-write. +Allow optimizations based on the Data to Instruction Coherence +.Pq DIC +cache bit. +Possible values are 0 for disable or 1 for enable. +The default is 1 for enable. +Supported on arm64 only. +.It Va machdep.allow_idc +Integer, read-write. +Allow optimizations based on the Instruction to Data Coherence +.Pq IDC +cache bit. +Possible values are 0 for disable or 1 for enable. +The default is 1 for enable. +Supported on arm64 only. +.It Va machdep.bootinfo +Structure, read-only. +Display the bootinfo structure, including kernel filename and +BIOS harddisk geometry. +Supported on mips only. +.It Va machdep.bootmethod +String, read-only. +The system firmware boot method. +Supported on x86 and amd64. +.It Va machdep.cacheline_size +Integer, read-only. +The size, in bytes, of a cache line. +The default is 32 bytes for 32-bit powerpc, +and 128 for 64-bit powerpc. +Supported on powerpc only. +.It Va machdep.counter_freq +Unsigned 64-bit integer, read-write. +Get or set the timecounter frequency, in hertz. +Supported on mips only. +.It Va machdep.disable_bp_hardening +Integer, read-write. +Disable branch prediction +.Pq BP +hardening, a technique used to mitigate some aliasing attacks. +Set to 0 to enable BP hardening, or 1 to disable BP hardening. +Note: Not all processors support BP hardening. +Supported on arm and arm64. +.It Va machdep.disable_msix_migration +Integer, read-only, tunable. +Some earlier versions of the Xen hypervisor did not properly +handle migration of extended message-signaled interrupts +.Pq MSI-X +between processors. +Possible values are -1 for automatic detection by +.Fx , +0 to enable migration, and 1 to disable migration. +The default is -1 for automatic detection. +This sysctl has no effect on systems with only one processing core. +Supported on x86 and amd64. +.It Va machdep.disable_mtrrs +Integer, read-only, tunable. +Disable memory type range registers +.Pq MTRRs , +a mechanism to allow or disallow caching to be specified in +system memory for selected physical address ranges. +Possible values are 0 for enable MTRR and 1 for disable MTRR. +Supported on x86 and amd64. +.It Va machdep.disable_rtc_set +Integer, read-write. +Disallow adjusting the realtime clock +.Pq RTC . +Possible values are 0 to enable adjusting the RTC, +or 1 to disable adjustment. +Supported on all architectures. +.It Va machdep.disable_tsc +Integer, read-only, tunable. +Disable the time stamp counter +.Pq TSC , +a 64-bit register that counts the number of CPU cycles since reset. +Possible values are 0 for enable TSC or 1 to disable TSC. +Supported on x86 and amd64. +.It Va machdep.disable_tsc_calibration +Integer, read-only, tunable. +Disable frequency calibration for the time stamp counter +.Pq TSC . +Possible values are 0 to enable calibration or 1 to disable calibration. +Supported on x86 and amd64. +.It Va machdep.dump_retry_count +Integer, read-write, tunable. +The number of times a crash dump will try to write out its contents. +The default value is 5. +Supported on amd64 and powerpc. +.It Va machdep.efi_map +Opaque, read-only. +The raw extensible firmware interface +.Pq EFI +memory map. +Supported on x86 and amd64. +.It Va machdep.efi_rt_handle_faults +Integer, read-write, tunable. +Call extensible firmware interface runtime +.Pq EFI RT +methods wrapped by a fault handler. +The default value depends on processor architecture. +Possible values are 0 for call runtime methods without a fault handler, +or 1 to call with a fault handler. +Supported on systems that implement +.Xr efidev 4 . +.It Va machdep.elan_freq +Unsigned integer, read-write. +Returns the current clock frequency for the Elan CPU, in hertz. +The default is 33.3 MHz. +Supported on x86 only. +.It Va machdep.elan_gpio_config +String, read-write. +Get or set the current general purpose input output +.Pq GPIO +pin configuration for the Elan CPU. +Supported on x86 only. +.It Va machdep.enable_panic_key +Integer, read-write. +Enable system panic via a keypress specified in +.Xr keybdmap 5 . +Possible values are 0 disable system panic via keypress, +or 1 to enable system panic. +The default is 0 to disable system panic. +Supported on systems that implement +.Xr syscons 4 . +.It Va machdep.fast_copyout +Integer, read-write, tunable. +For +.Xr copyout 9 +and +.Xr copyin 9 , +enable or disable the fast copying mechanism. +Possible values are 0 to disable or 1 to enable. +The default is 1 to enable. +Supported on x86 only. +.It Va machdep.first_msi_irq +Unsigned integer, read-only. +The number of the first interrupt request +.Pq IRQ +reserved for message-signaled interrupts +.Pq MSI +and extended message-signaled interrupts +.Pq MSI-X . +Supported on x86 and amd64. +.It Va machdep.flush_rsb_ctxsw +Integer, read-write. +Flush the Return Stack Buffer +.Pq RSB +on context switch. +This is a mitigation for SpectreRSB +.Pq CVE-2018-15572 . +For processors that support Supervisor Mode Execution Protection +.Pq SMEP , +this is automatically enabled if +.Va hw.ibrs_disable +is set. +Possible values are 0 for disable, 1 for enable. +Note: the tunable value for this is +.Va machdep.mitigations.cpu_flush_rsb_ctxsw . +Supported on x86 and amd64. +.It Va machdep.guessed_bootdev +Unsigned long, read-only. +Returns the boot device as unsigned long. +The value that is guessed depends on the method used to +load and start the kernel. +Supported on x86 only. +.It Va machdep.hwpstate_pkg_ctrl +Boolean, read-only, tunable. +CPU P-states represent performance states in the Advanced +Configuration and Power Interface +.Pq ACPI +specification. +Select between package-level control and per-core control +of performance states. +Possible values are +.Dv false for core-level control or +.Dv true +for package-level control. +The default is +.Dv true +for package-level control. +Supported by systems that implement +.Xr hwpstate_intel 4 . +.It Va machdep.hyperthreading_allowed +Integer, read-only, tunable. +For processors that support hyper-threading technology +.Pq HTT , +enable or disable this processor feature. +Hyper-threading enables multiple threads to run on each core. +Possible values are 0 for disable or 1 for enable. +The default is 1 for enable. +Supported on x86 and amd64. +.It Va machdep.hyperthreading_intr_allowed +Integer, read-only, tunable. +Enable or disable interrupts on hyperthreading logical CPUs. +Possible values are 0 for disable or 1 for enable. +The default is 0 for disable. +Supported on x86 and amd64. +.It Va machdep.i8254_freq +Integer, read-write. +Get or set the current frequency of the i8254 programmable +interrupt timer, in hertz. +Supported on x86 and amd64 systems that implement +.Xr attimer 4 . +.It Va machdep.idle +String, read-write, tunable. +The currently selected idle function. +Possible values can be determined from +.Va machdep.idle_available . +Supported on x86 and amd64. +.It Va machdep.idle_apl31 +Integer, read-write, tunable. +Enable or disable the workaround for the Apollo Lake MWAIT bug +.Pq See Intel Errata, Dq APL30: A Store Instruction May Not Wake up MWAIT . +Set to 0 to disable the workaround and allow the processor to rely on +MONITOR/MWAIT instructions to wake from sleep, or set to 1 to enable the +workaround and wake the sleeping processor using interrupts instead. +Supported on x86 and amd64. +.It Va machdep.idle_available +String, read-only. +Retrieve a comma-separated list of idle functions available for this processor. +Supported on x86 and amd64. +.It Va machdep.idle_mwait +Integer, read-write, tunable. +Enable or disable using the MONITOR/MWAIT processor instructions +when idling for a short period of time. +Set to 0 to disable or 1 to enable. +The default is 1 for enable. +Supported on x86 and amd64. +.It Va machdep.led_display +String, write-only. +Set this sysctl value to display a string on the LED display. +The maximum length of the string is four characters for revision 1.x +of the EBT3000, and eight characters for others. +Supported on mips only. +.It Va machdep.manage_fans +Integer, read-write, tunable. +Enable or disable automatic fan management. +Possible values are 0 for disable automatic management, +or 1 for enable automatic management. +The default is 1 for automatic management. +Supported on powerpc only. +.It Va machdep.max_ldt_segment +Integer, read-only, tunable. +The maximum number of local descriptor table +.Pq LDT +segments in the single address space. +The default is 512. +Supported on x86 and amd64. +.It Va machdep.mitigations.ibrs.active +Integer, read-only. +Whether Indirect Branch Restricted Speculation +.Pq IBRS +is active. +Possible values are 0 for not active or 1 for active. +See +.Va machdep.mitigations.ibrs.disable +for more information on IBRS. +Supported on amd64 for processors with the IBRS feature. +.It Va machdep.mitigations.ibrs.disable +Integer, read-write, tunable. +Disable Indirect Branch Restricted Speculation +.Pq IBRS , +an indirect branch control mechanism that restricts speculation of +indirect branches. +IBRS can help mitigate Branch Target Injection +.Pq CVE-2017-5715 +and Speculative Store Bypass +.Pq CVE-2018-3639 . +Possible values are 0 to enable IBRS, or 1 to disable IBRS. +The default is 1 to disable IBRS. +Supported on amd64. +.It Va machdep.mitigations.mds.disable +Integer, read-write, tunable. +Configure Microarchiteture Data Sampling +.Pq MDS +mitigation. +Possible values are 0 for no mitigation, 1 to use Verify Segment for Writing +.Pq VERW +instruction for mitigation, +2 for software mitigation, +or 3 for autoconfiguration of MDS mitigation. +Supported on x86 and amd64. +.It Va machdep.mitigations.mds.state +String, read-only. +Microarchitecture Data Sampling +.Pq MDS +is a set of vulnerabilities in Intel x86 and amd64 processors that use +hyper-threading, potentially leading to data leaks across protection +boundaries. +.Fx +uses processor-specific strategies to mitigate these vulnerabilities. +This sysctl returns the current MDS mitigation state. +Supported on x86 and amd64. +.It Va machdep.mitigations.rngds.enable +Integer, read-write, tunable. +Enable or disable the RDSEED instruction for hardware-generated random numbers. +On some processors, a vulnerability known as special register buffer +data sampling +.Pq SRBDS +may potentially allow malicious code to infer the data values returned +from this instruction. +For more information on this vulnerability, see CVE-2020-0543. +Possible values are 0 to disable SRBDS mitigation and enable the +optimized version of RDSEED, or 1 to enable mitigation. +Supported on x86 and amd64. +.It Va machdep.mitigations.rngds.state +String, read-only. +Returns the current microcontroller RDSEED mitigation control. +Supported on x86 and amd64. +.It Va machdep.mitigations.ssb.active +Integer, read-only. +Whether Speculative Store Bypass Disable +.Pq SSBD +is active. +Possible values are 1 for SSBD is active, or 0 for SSBD is not active. +SSBD is a mitigation for CVE-2018-3639. +Supported on amd64 for processors with SSBD feature. +.It Va machdep.mitigations.ssb.disable +Integer, read-write, tunable. +Whether Speculative Store Bypass Disable +.Pq SSBD +is enabled. +Possible values are 0 for disable, 1 for enable, +or 2 for automatic configuration. +Supported on amd64 for processors with SSBD feature. +.It Va machdep.mitigations.taa.enable +Integer, read-write, tunable. +Transactional Asynchronous Abort +.Pq TAA +is a member of the Microarchitecture Data Sampling +.Pq MDS +family of vulnerabilities. +To learn more about this vulnerability, see CVE-2019-11135. +Possible values are 0 for no mitigation enabled, +1 for disable transactional synchronization extensions +.Pq TSX +using the TSX Model Specific Register, +2 for use Verify Segment for Writing +.Pq VERW +instruction for mitigation, +or 3 to automatically select the mitigation. +Supported on x86 and amd64. +.It Va machdep.mitigations.taa.state +String, read-only. +The current TAA mitigation being used. +Supported in x86 and amd64. +.It Va machdep.moea_pte_overflow +Integer, read-only. +Returns the number of page table entry +.Pq PTE +overflow events in the operating environment architecture +.Pq OEA . +Supported on powerpc only. +.It Va machdep.moea_pte_replacements +Integer, read-only. +Returns the number of page table entry +.Pq PTE +replacement events in the operating environment architecture +.Pq OEA . +Supported on powerpc only. +.It Va machdep.moea_pte_spills +Integer, read-only. +Returns the number of page table entry +.Pq PTE +spill events in the operating environment architecture +.Pq OEA . +Supported on powerpc only. +.It Va machdep.moea_pte_valid +Integer, read-only. +Returns the number of page table entry +.Pq PTE +valid events in the operating environment architecture +.Pq OEA . +Supported on powerpc only. +.It Va machdep.moea_pvo_enter_calls +Integer, read-only. +Returns the number of page virtual object +.Pq PVO +enter calls. +Supported on powerpc only. +.It Va machdep.moea_pvo_entries +Integer, read-only. +Returns the current number of page virtual object +.Pq PVO +entries. +Supported on powerpc only. +.It Va machdep.moea_pvo_remove_calls +Integer, read-only. +Returns the number of page virtual object +.Pq PVO +remove calls. +Supported on powerpc only. +.It Va machdep.mwait_cpustop_broken +Boolean, read-only, tunable. +Indicate whether a processor can reliably wake from an optimized state +using the MONITOR/MWAIT instructions, or whether the processor must be +woken from sleep using interrupts. +Possible values are +.Dv true +if the CPU cannot wake without interrupts, or +.Dv false +if the CPU can wake without interrupts. +The default value is selected during CPU initialization, but can be +set as a tunable through +.Xr loader.conf 5 . +Supported on x86 and amd64. +.It Va machdep.nirq +Integer, readonly, tunable. +The number of interrupt request +.Pq IRQ +lines available. +.It Va machdep.nkpt +Integer, read-only. +The number of kernel page tables allocated during system start. +Supported on amd64 and powerpc. +.It Va machdep.nmi_flush_l1d_sw +Integer, read-write, tunable. +Enable or disable flushing the level 1 memory cache when returning +from a non-maskable interrupt +.Pq NMI . +This is a mitigation for the level 1 terminal fault vulnerability +described in CVE-2018-3620 and CVE-2018-3646. +Possible values are 0 for only enable flush on return from NMI if +required by vmm.ko or > 1 for always flush on return from NMI. +The default is 0, only enable flush on return from NMI if required. +Supported on amd64. +.It Va machdep.nmi_is_broadcast +Integer, read-write, tunable. +Configure whether the chipset non-maskable interrupt +.Pq NMI +is broadcast to all processors or to a single processor. +This variable only has an effect if the system has more than one +processing core. +Possible values are 0 to disable broadcast mode, +or 1 to enable broadcast mode. +The default is 1 to enable broadcast mode. +Supported on x86 and amd64. +.It Va machdep.num_msi_irq +Unsigned integer, read-only, tunable. +The number of interrupt requests +.Pq IRQs +reserved for message-signaled interrupts +.Pq MSI +and extended message-signaled interrupts +.Pq MSI-X . +Supported on x86 and amd64. +.It Va machdep.panic_on_nmi +Integer, read-write, tunable. +Configure when to panic on a non-maskable interrupt +.Pq NMI . +Possible values are 1 for panic on hardware failure, +2 for panic on unknown non-maskable interrupts, +or 255 to panic on all non-maskable interrupts. +The default is 255 to panic on all non-maskable interrupts. +Supported on x86 and amd64. +.It Va machdep.piix_freq +Integer, read-write. +The frequency, in hertz, of the PCI IDE ISA Xcelerator +.Pq PIIX . +Supported on x86 only. +.It Va machdep.prot_fault_translation +Integer, read-write, tunable. +The control signal to deliver on a kernel protection fault. +Possible values are 0 for autodetect, +1 for compatibility mode, or +2 for +.Dv SIGSEGV . +.It Va machdep.rtc_save_period +Integer, read-write, tunable. +Get or set the number of seconds between saving the system +time to the realtime clock +.Pq RTC . +.It Va machdep.smap +Opaque, read-only. +Some CPU implementations support supervisor access mode prevention +.Pq SMAP . +This is a feature that allows optional user-space memory mappings +so that access to those mappings from supervisor mode will cause +a trap. +This makes it harder to trick the kernel into using instructions +or data from user space programs. +This sysctl displays the raw BIOS SMAP data. +Supported on x86 and amd64 for processors with this feature. +.It Va machdep.spectre_v2_safe +Integer, read-only. +Returns whether the system is safe from Spectre Version 2 attacks. +Supported on arm and arm64 only. +.It Va machdep.stop_mwait +Boolean, read-write, tunable. +Use the MONITOR/MWAIT instructions to stop the CPU, +if the processor supports it. +Possible values are +.Dv false +for do not use MONITOR/MWAIT, and +.Dv true +for use MONITOR/MWAIT instructions to stop the CPU. +The default is +.Dv false , +do not use MONITOR/MWAIT. +Supported on x86 and amd64. +.It Va machdep.syscall_ret_flush_l1d +Integer, read-write, tunable. +Configure flushing the level 1 data cache when a system call +returns with an error. +Possible values are 0 for disable, 1 for enable, +2 for use hardware only, or 3 for use software only. +Supported on amd64 only. +.It Va machdep.tsc_freq +Unsigned 64-bit integer, read-write. +The time stamp counter +.Pq TSC +frequency, in hertz. +Supported on x86 and amd64. +.It Va machdep.uprintf_signal +Integer, read-write, tunable. +When trapping a signal, enable or disable printing debugging +information to the controlling tty. +Possible values are 0 for disable printing or 1 to enable printing. +The default is 0, disable printing. +Supported on amd64. +.It Va machdep.vga_aspect_scale +Integer, read-write. +Get or set the video graphics array +.Pq VGA +aspect scale ratio. +The value scales the video output by a factor, determined by +this value divided by 100. +A value of 100 would mean a scale ratio of 1. +Supported on systems that implement +.Xr syscons 4 . +.It Va machdep.wall_cmos_clock +Integer. +Enable application of +.Va machdep.adjkerntz . +Possible values are 0 for disable or non-zero for enable. +.El +.Sh SEE ALSO +.Xr sysctl 3 , +.Xr cpufreq 4 , +.Xr efidev 4 , +.Xr sysctl 8 , +.Xr copyout 9 +.Sh HISTORY +The sysctl variables mentioned here have been added over the history of +.Fx . +.Sh AUTHORS +The +.Nm +manual was written by +.An Felix Johnson .