`swapfs_minfree`

Description	Amount of physical memory that is desired be kept free for the rest of the system. Attempts to reserve memory for use as swap space by any process that causes the system's perception of available memory to fall below this value are rejected. Pages reserved in this manner can only be used for locked-down allocations by the kernel or by user-level processes.
Data Type	Unsigned long
Default	The larger of 2 Mbytes and 1/8th of physical memory
Range	1 to amount of physical memory
Units	Pages
Dynamic?	No
Validation	None
When to Change	When processes are failing because of an inability to obtain swap space, yet the system has memory available.
Commitment Level	Unstable

General Kernel Variables

`noexec_user_stack`

Description	Enables the stack to be marked as non-executable. This helps in making buffer-overflow attacks more difficult. A Solaris system running a 64-bit kernel makes the stacks of all 64-bit applications non-executable by default. Setting this variable is necessary to make 32-bit applications non-executable on systems running 64-bit or 32-bit kernels. Note - This variable exists on all systems running the Solaris 2.6, 7, 8, or 9 releases, but it is only effective on sun4u and sun4m architectures.
Data Type	Signed integer
Default	0 (disabled)
Range	0 (disabled), 1 (enabled)
Units	Toggle (on/off)
Dynamic?	Yes. Does not affect currently running processes--only those created after the value is set.
Validation	None
When to Change	Should be enabled at all times unless applications are deliberately placing executable code on the stack without using `mprotect`(2) to make the stack executable.
Commitment Level	Unstable
Change History	For information, see "`noexec_user_stack` (Solaris 2.6, 7, and 8 Releases)".

Kernel Memory Allocator

The Solaris kernel memory allocator distributes chunks of memory for use by entities inside the kernel. The allocator creates a number of caches of varying size for use by its clients. Clients can also request the allocator to create a cache for use by that client (for example, to allocate structures of a particular size). Statistics about each of the caches that the allocator manages can be seen with the kstat -c kmem_cache command.

Occasionally, systems might panic because of memory corruption. The kernel memory allocator supports a debugging interface that performs various integrity checks on the buffers as well as collecting information on the allocators. The integrity checks provide the opportunity to detect errors closer to where they actually occurred, and the collected information provides additional data for support people when they try to ascertain the reason for the panic.

Use of the flags incurs additional overhead and memory usage during system operations. The flags should only be used when a memory corruption problem is suspected.

`kmem_flags`

Description

The Solaris kernel memory allocator has various debugging and test options that were extensively used during the internal development cycle of the Solaris environment. Prior to the Solaris 2.5 release, these options were not usable in released Solaris versions. Starting with the Solaris 2.5 release, a subset of these options are available and they are controlled by the kmem_flags variable, which was set by booting kadb, and then setting the variable before starting the kernel. Because of issues with the timing of the instantiation of the kernel memory allocator and the parsing of the /etc/system file, it was not possible to set these flags in the /etc/system file until the Solaris 8 release.

Five supported flag settings are described here.

Table 2-1 kmem_flags Settings

Flag	Setting	Description
`AUDIT`	`0x1`	The allocator maintains a log that contains recent history of its activity. The number of items logged depends on whether `CONTENTS` is also set. The log is a fixed size and when space is exhausted, earlier records are reclaimed.
`TEST`	`0x2`	The allocator writes a pattern into freed memory and checks that the pattern is unchanged when the buffer is next allocated. If some portion of the buffer is changed, this indicates that the memory was probably used by an entity that had previously allocated and freed the buffer. If an overwrite is seen, the system panics.
`REDZONE`	`0x4`	The allocator provides extra memory at the end of the requested buffer and inserts a special pattern into that memory. When the buffer is freed, the pattern is checked to see if data was written past the end of the buffer. If an overwrite is seen, the kernel panics.
`CONTENTS`	`0x8`	The allocator logs up to 256 bytes of buffer contents when the buffer is freed. Requires that `AUDIT` also be set. The numeric value of these flags can be logically added (OR'ed) together and set by the `/etc/system` file in the Solaris 8 release, or for previous releases, by booting `kadb` and setting the flags before starting the kernel.
`LITE`	`0x100`	Does minimal sanity checking when a buffer is allocated and freed. When enabled, the allocator checks that the redzone has not been written into, that a freed buffer is not being freed again, and that the buffer being freed is the size that was allocated. This flag is available as of the Solaris 7 3/99 release. Do not combine this flag with any other flags.

Data Type

Signed integer

Default

0 (disabled)

Range

0 (disabled) or 1 - 15 or 256 (0x100)

Dynamic?

Yes. Changes made during runtime only affect new kernel memory caches. After system initialization, the creation of new caches is rare.

Validation

None

When to Change

When memory corruption is suspected.

Commitment Level

Unstable

General Driver

`moddebug`

Description

Variable that you can set to values that cause messages about various steps in the module loading process to be displayed.

Data Type

Signed integer

Default

0 (messages off)

Range

The most useful values are:

0x80000000 - Prints [un] loading... message. For every module loaded, messages such as the following would appear on the console and in the /var/adm/messages file:

Nov 5 16:12:28 sys genunix: [ID 943528 kern.notice] 
load 'sched/TS_DPTBL' id 9 loaded @ 0x10126438/
0x10438dd8 size 132/2064 
Nov 5 16:12:28 sys genunix: [ID 131579 kern.notice] 
installing TS_DPTBL, module id 9.

0x40000000 - Prints detailed error messages. For every module loaded, messages such as the following would appear on the console and in the /var/adm/messages file:

Nov 5 16:16:50 sys krtld: [ID 284770 kern.notice] 
kobj_open: can't open /platform/SUNW,Ultra-1/kernel/
sched/TS_DPTBL
Nov 5 16:16:50 sys krtld: [ID 284770 kern.notice] 
kobj_open: can't open /platform/sun4u/kernel/sched/
TS_DPTBL
Nov 5 16:16:50 sys krtld: [ID 797908 kern.notice] 
kobj_open: '/kernel/sch...
Nov 5 16:16:50 sys krtld: [ID 605504 kern.notice] 
descr = 0x2a
Nov 5 16:16:50 sys krtld: [ID 642728 kern.notice] 
kobj_read_file: size=34,
Nov 5 16:16:50 sys krtld: [ID 217760 kern.notice] 
offset=0
Nov 5 16:16:50 sys krtld: [ID 136382 kern.notice] 
kobj_read: req 8192 bytes,
Nov 5 16:16:50 sys krtld: [ID 295989 kern.notice] 
got 4224
Nov 5 16:16:50 sys krtld: [ID 426732 kern.notice] 
read 1080 bytes
Nov 5 16:16:50 sys krtld: [ID 720464 kern.notice] 
copying 34 bytes
Nov 5 16:16:50 sys krtld: [ID 234587 kern.notice] 
count = 34
[33 lines elided]
Nov 5 16:16:50 sys genunix: [ID 943528 kern.notice] 
load 'sched/TS_DPTBL' id 9 loaded @ 0x10126438/
0x10438dd8 size 132/2064
Nov 5 16:16:50 sys genunix: [ID 131579 kern.notice] 
installing TS_DPTBL, module id 9.
Nov 5 16:16:50 sys genunix: [ID 324367 kern.notice] 
init 'sched/TS_DPTBL' id 9 loaded @ 0x10126438/
0x10438dd8 size 132/2064

0x20000000 - Prints even more detailed messages. This doesn't print any additional information beyond what the detailed error message flag does during system boot, but it does print additional information about releasing the module when the module is unloaded.

These values can be added together to set the final value.