Documentation/admin-guide/sysctl/crypto.rst | 49 +++++++++++++++++++ Documentation/admin-guide/sysctl/debug.rst | 53 +++++++++++++++++++++ Documentation/admin-guide/sysctl/index.rst | 6 ++- 3 files changed, 106 insertions(+), 2 deletions(-) create mode 100644 Documentation/admin-guide/sysctl/crypto.rst create mode 100644 Documentation/admin-guide/sysctl/debug.rst
The /proc/sys/crypto and /proc/sys/debug directories lacked
documentation in the admin-guide. Add RST files covering
fips_enabled, fips_name, fips_version, exception-trace, and
kprobes-optimization sysctls.
Signed-off-by: Shubham Chakraborty <chakrabortyshubham66@gmail.com>
---
Documentation/admin-guide/sysctl/crypto.rst | 49 +++++++++++++++++++
Documentation/admin-guide/sysctl/debug.rst | 53 +++++++++++++++++++++
Documentation/admin-guide/sysctl/index.rst | 6 ++-
3 files changed, 106 insertions(+), 2 deletions(-)
create mode 100644 Documentation/admin-guide/sysctl/crypto.rst
create mode 100644 Documentation/admin-guide/sysctl/debug.rst
diff --git a/Documentation/admin-guide/sysctl/crypto.rst b/Documentation/admin-guide/sysctl/crypto.rst
new file mode 100644
index 000000000..a4c2e5ed4
--- /dev/null
+++ b/Documentation/admin-guide/sysctl/crypto.rst
@@ -0,0 +1,49 @@
+=================
+/proc/sys/crypto/
+=================
+
+Currently, these files might (depending on your configuration)
+show up in ``/proc/sys/crypto/``:
+
+.. contents:: :local:
+
+fips_enabled
+============
+
+This file contains a read-only flag that indicates whether FIPS mode is
+enabled.
+
+- ``0``: FIPS mode is disabled (default).
+- ``1``: FIPS mode is enabled.
+
+This value is set at boot time via the ``fips=1`` kernel command line
+parameter. When enabled, the cryptographic API will restrict the use
+of certain algorithms and perform self-tests to ensure compliance with
+FIPS (Federal Information Processing Standards) requirements, such as
+FIPS 140-2 and the newer FIPS 140-3, depending on the kernel
+configuration and the module in use.
+
+fips_name
+=========
+
+This read-only file contains the name of the FIPS module currently in use.
+The value is typically configured via the ``CONFIG_CRYPTO_FIPS_NAME``
+kernel configuration option.
+
+fips_version
+============
+
+This read-only file contains the version string of the FIPS module.
+If ``CONFIG_CRYPTO_FIPS_CUSTOM_VERSION`` is set, it uses the value from
+``CONFIG_CRYPTO_FIPS_VERSION``. Otherwise, it defaults to the kernel
+release version (``UTS_RELEASE``).
+
+Copyright (c) 2026, Shubham Chakraborty <chakrabortyshubham66@gmail.com>
+
+For general info and legal blurb, please look in
+Documentation/admin-guide/sysctl/index.rst.
+
+.. See scripts/check-sysctl-docs to keep this up to date:
+.. scripts/check-sysctl-docs -vtable="crypto" \
+.. Documentation/admin-guide/sysctl/crypto.rst \
+.. $(git grep -l register_sysctl_)
diff --git a/Documentation/admin-guide/sysctl/debug.rst b/Documentation/admin-guide/sysctl/debug.rst
new file mode 100644
index 000000000..a836c091d
--- /dev/null
+++ b/Documentation/admin-guide/sysctl/debug.rst
@@ -0,0 +1,53 @@
+================
+/proc/sys/debug/
+================
+
+Currently, these files might (depending on your configuration)
+show up in ``/proc/sys/debug/``:
+
+.. contents:: :local:
+
+exception-trace
+===============
+
+This flag controls whether the kernel prints information about unhandled
+signals (like segmentation faults) to the kernel log (``dmesg``).
+
+- ``0``: Unhandled signals are not traced.
+- ``1``: Information about unhandled signals is printed.
+
+The default value is ``1`` on most architectures (like x86, MIPS, RISC-V),
+but it is ``0`` on **arm64**.
+
+The actual information printed and the context provided varies
+significantly depending on the CPU architecture. For example:
+
+- On **x86**, it typically prints the instruction pointer (IP), error
+ code, and address that caused a page fault.
+- On **PowerPC**, it may print the next instruction pointer (NIP),
+ link register (LR), and other relevant registers.
+
+When enabled, this feature is often rate-limited to prevent the kernel
+log from being flooded during a crash loop.
+
+kprobes-optimization
+====================
+
+This flag enables or disables the optimization of Kprobes on certain
+architectures (like x86).
+
+- ``0``: Kprobes optimization is turned off.
+- ``1``: Kprobes optimization is turned on (default).
+
+For more details on Kprobes and its optimization, please refer to
+Documentation/trace/kprobes.rst.
+
+Copyright (c) 2026, Shubham Chakraborty <chakrabortyshubham66@gmail.com>
+
+For general info and legal blurb, please look in
+Documentation/admin-guide/sysctl/index.rst.
+
+.. See scripts/check-sysctl-docs to keep this up to date:
+.. scripts/check-sysctl-docs -vtable="debug" \
+.. Documentation/admin-guide/sysctl/debug.rst \
+.. $(git grep -l register_sysctl_)
diff --git a/Documentation/admin-guide/sysctl/index.rst b/Documentation/admin-guide/sysctl/index.rst
index 4dd2c9b5d..e153c9611 100644
--- a/Documentation/admin-guide/sysctl/index.rst
+++ b/Documentation/admin-guide/sysctl/index.rst
@@ -67,8 +67,8 @@ This documentation is about:
=============== ===============================================================
abi/ execution domains & personalities
<$ARCH> tuning controls for various CPU architecture (e.g. csky, s390)
-crypto/ <undocumented>
-debug/ <undocumented>
+crypto/ cryptographic subsystem
+debug/ debugging features
dev/ device specific information (e.g. dev/cdrom/info)
fs/ specific filesystems
filehandle, inode, dentry and quota tuning
@@ -96,6 +96,8 @@ it :-)
:maxdepth: 1
abi
+ crypto
+ debug
fs
kernel
net
--
2.53.0On 2/23/26 9:02 AM, Shubham Chakraborty wrote: > The /proc/sys/crypto and /proc/sys/debug directories lacked > documentation in the admin-guide. Add RST files covering > fips_enabled, fips_name, fips_version, exception-trace, and > kprobes-optimization sysctls. > > Signed-off-by: Shubham Chakraborty <chakrabortyshubham66@gmail.com> Tested-by: Randy Dunlap <rdunlap@infradead.org> I would change a couple of things below, but it's not worth doing another version just for this. > --- > Documentation/admin-guide/sysctl/crypto.rst | 49 +++++++++++++++++++ > Documentation/admin-guide/sysctl/debug.rst | 53 +++++++++++++++++++++ > Documentation/admin-guide/sysctl/index.rst | 6 ++- > 3 files changed, 106 insertions(+), 2 deletions(-) > create mode 100644 Documentation/admin-guide/sysctl/crypto.rst > create mode 100644 Documentation/admin-guide/sysctl/debug.rst > > diff --git a/Documentation/admin-guide/sysctl/crypto.rst b/Documentation/admin-guide/sysctl/crypto.rst > new file mode 100644 > index 000000000..a4c2e5ed4 > --- /dev/null > +++ b/Documentation/admin-guide/sysctl/crypto.rst > @@ -0,0 +1,49 @@ > +================= > +/proc/sys/crypto/ > +================= > + > +Currently, these files might (depending on your configuration) Drop "Currently,". That's what we try to document (even though files get of out date easily and quickly). Besides, having 3 (what are they? conditionals; caveats; exceptions?) qualifiers in one sentence could be too much. (I'm referring to: Currently, might, depending). > +show up in ``/proc/sys/crypto/``: > + > +.. contents:: :local: > + > +fips_enabled > +============ > diff --git a/Documentation/admin-guide/sysctl/debug.rst b/Documentation/admin-guide/sysctl/debug.rst > new file mode 100644 > index 000000000..a836c091d > --- /dev/null > +++ b/Documentation/admin-guide/sysctl/debug.rst > @@ -0,0 +1,53 @@ > +================ > +/proc/sys/debug/ > +================ > + > +Currently, these files might (depending on your configuration) > +show up in ``/proc/sys/debug/``: Same comment for "Currently," here. > + > +.. contents:: :local: > + > +exception-trace > +=============== -- ~Randy
© 2016 - 2026 Red Hat, Inc.