Table of Contents
Understanding Kernel Parameters
Kernel parameters are settings that influence how the Linux kernel behaves at boot time and, in many cases, at runtime. They are typically used to:
- Enable/disable features (e.g., IOMMU, KASLR)
- Work around hardware quirks
- Adjust performance or debugging options
- Control security-related features
You usually encounter kernel parameters in:
- The bootloader configuration (
GRUB,systemd-boot, etc.) - The
/proc/cmdlineinterface (what was passed at boot) sysctl//proc/sys(runtime tunables exposed as “sysctl parameters”)
Categories of Kernel Parameters
Kernel parameters are not all the same type. You’ll typically see:
- Command-line boot parameters: passed to the kernel by the bootloader.
- Module parameters: passed to specific kernel modules (e.g.,
i915.enable_fbc=1). - Sysctl parameters: runtime tunables exposed under
/proc/sys(e.g.,net.ipv4.ip_forward).
Boot-time Command-Line Parameters
These are passed in by the bootloader via a linux / kernel line. For example, a GRUB linux line might contain:
linux /boot/vmlinuz-6.8.0 root=/dev/sda2 ro quiet splash mitigations=auto
Common examples:
root=/dev/sdX— which device to mount as/ro/rw— mount the root filesystem read-only or read-writequiet— suppress most boot-time messagessplash— enable graphical splash screen (initramfs/user-space usually handles it)singleorsystemd.unit=rescue.target— boot into single-user / rescue modeinit=/bin/bash— override the default init process (useful in recovery/debug)mitigations=— control CPU vulnerability mitigations
Module Parameters on the Command Line
Parameters can also be passed to specific built-in or early-loaded drivers. Syntax:
driver_name.parameter=value
Examples:
i915.enable_psr=1— affect Intel GPU driver behaviornouveau.modeset=0— disable kernel mode-setting for the Nouveau driversnd_hda_intel.power_save=1— power saving behavior for certain sound hardware
For built-in drivers, these go on the kernel command line. For loadable modules, they can also be set via files in /etc/modprobe.d/ (covered in the Kernel modules chapter).
Viewing Active Kernel Parameters
What Was Passed at Boot: `/proc/cmdline`
The kernel’s boot arguments are visible in /proc/cmdline:
cat /proc/cmdlineYou’ll see a single line, for example:
BOOT_IMAGE=/boot/vmlinuz-6.8.0 root=UUID=... ro quiet splash mitigations=autoThis is read-only and shows what the kernel actually received from the bootloader.
Sysctl Parameters: `/proc/sys` and `sysctl`
Many kernel tunables are exposed as sysctl parameters. They live as files under /proc/sys, and you work with them via:
- Direct file reads/writes
- The
sysctlcommand
Examples:
# Show current value
cat /proc/sys/net/ipv4/ip_forward
sysctl net.ipv4.ip_forward
# Change at runtime (not persistent)
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo sysctl net.ipv4.ip_forward=1
sysctl supports:
sysctl -a— list all parameterssysctl -w name=value— set a parametersysctl -p— reload from configuration files (see below)
Configuring Boot-Time Kernel Parameters (GRUB)
Details of the bootloader itself are covered elsewhere; here we focus on where to place parameters.
On most GRUB-based distributions (Debian/Ubuntu/RHEL/Fedora-style):
- Edit
/etc/default/grubas root. - Look for the line:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"or
GRUB_CMDLINE_LINUX="..."- Append your parameters inside the quotes, e.g.:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"- Update the GRUB configuration:
- Debian/Ubuntu/etc.:
sudo update-grub- RHEL/Fedora/others (BIOS example):
sudo grub2-mkconfig -o /boot/grub2/grub.cfg- Reboot.
To test temporarily, many bootloaders allow you to edit the boot entry at boot time (e.g., press e in GRUB, edit the linux line, then boot). That change is not persistent.
Persisting Sysctl Parameters
Runtime sysctl changes are lost on reboot unless you store them in config files.
Typical approach:
- Global custom settings:
/etc/sysctl.conf - Drop-in files:
/etc/sysctl.d/*.conf
Example file /etc/sysctl.d/99-custom.conf:
net.ipv4.ip_forward = 1
vm.swappiness = 10Apply immediately without reboot:
sudo sysctl -p /etc/sysctl.d/99-custom.confOr:
sudo sysctl --systemThis loads all standard sysctl configuration paths.
Common Kernel Parameters (Practical Examples)
These examples focus on parameters people often need in real-world scenarios. Always review your distribution’s documentation before using them in production.
Boot and Init-Related
systemd.unit=multi-user.target
Boot directly into a multi-user (non-graphical) environment.systemd.unit=rescue.targetorsingle
Rescue / single-user mode with minimal services.init=/bin/bash
Boot kernel and launch/bin/bashas PID 1 (used for recovery, very minimal).
Debugging and Logging
debug
Enable additional kernel debug output.loglevel=N(0–7)
Change default console verbosity. Lower numbers = less noise.ignore_loglevel
Ignore dynamic log level changes and print everything to console.
Debug-heavy parameters can flood the console; use cautiously and usually only temporarily.
Hardware / Boot Workarounds
These are highly hardware-specific. Examples:
acpi=off
Disable ACPI. Sometimes used to diagnose boot issues, but breaks power management and other features; not for regular use.nomodeset
Disable kernel mode-setting; handy for troubleshooting graphics problems, often allows you to get to a text login when graphics drivers fail.noapic,nolapic,irqpoll
Interrupt handling workarounds for some problematic systems.
Always treat such options as diagnostic unless recommended by a vendor or distro.
CPU and Security Mitigations
mitigations=off/mitigations=auto/mitigations=auto,nosmt
Control hardware vulnerability mitigations (Spectre/Meltdown etc.).offcan increase performance but reduces security.autois usually the distribution default.nosmt
Disable Simultaneous Multi-Threading (e.g., Hyper-Threading). Sometimes recommended for specific security requirements.
Use security-impacting parameters only with a clear understanding of the tradeoffs.
Memory and VM-Related Tunables (sysctl)
These are set via sysctl, not generally via the bootline.
Examples:
vm.swappiness
Tendency to swap. Common values:- Desktop:
10–20 - Server (large memory): often lower than default (60).
vm.dirty_ratio,vm.dirty_background_ratio
Control how much memory can be filled with dirty (unflushed) data before being written to disk.vm.overcommit_memory,vm.overcommit_ratio
Control how aggressively the kernel allows virtual memory allocation beyond physical RAM + swap.
Networking Sysctls
Examples:
net.ipv4.ip_forward
IP forwarding for routing/NAT.net.ipv4.conf.all.rp_filter
Reverse path filtering (anti-spoofing; 1 or 2).net.ipv4.tcp_syncookies
Protection against SYN flood attacks.
These are typically placed in /etc/sysctl.d for servers with specific networking roles.
Discovering Available Parameters
Documentation
Much official documentation resides under /usr/share/doc/ and the kernel documentation tree (on systems with kernel-doc installed). Relevant places:
/usr/share/doc/linux-doc/or similar package paths (varies by distro)- Online: the kernel’s
Documentation/admin-guide/kernel-parameters.txt(or equivalent for your kernel version)
Search within that file for parameter names you see in /proc/cmdline or distribution guides.
Listing Sysctl Parameters
To explore what is tunable via sysctl:
sysctl -a | less
Use grep to narrow down:
sysctl -a | grep net.ipv4
sysctl -a | grep vm.Safety and Best Practices
- Understand before changing: Many kernel parameters can seriously affect stability, performance, or security.
- Test temporarily first:
- For boot parameters: edit at the bootloader prompt for a single boot.
- For sysctl: use
sysctl name=valueand revert if needed. - Document changes: Especially on servers, track what was changed, where, and why.
- Change one thing at a time: Makes troubleshooting much easier.
- Have a recovery plan:
- Know how to edit your bootloader at boot time.
- Know how to drop into rescue mode or use a live USB to revert a broken configuration.
Taken together, these practices let you use kernel parameters as a powerful tuning and troubleshooting tool without making your system unbootable or insecure.