1.. SPDX-License-Identifier: GPL-2.0 2 3==================== 4The /proc Filesystem 5==================== 6 7===================== ======================================= ================ 8/proc/sys Terrehon Bowden <terrehon@pacbell.net>, October 7 1999 9 Bodo Bauer <bb@ricochet.net> 102.4.x update Jorge Nerin <comandante@zaralinux.com> November 14 2000 11move /proc/sys Shen Feng <shen@cn.fujitsu.com> April 1 2009 12fixes/update part 1.1 Stefani Seibold <stefani@seibold.net> June 9 2009 13===================== ======================================= ================ 14 15 16 17.. Table of Contents 18 19 0 Preface 20 0.1 Introduction/Credits 21 0.2 Legal Stuff 22 23 1 Collecting System Information 24 1.1 Process-Specific Subdirectories 25 1.2 Kernel data 26 1.3 IDE devices in /proc/ide 27 1.4 Networking info in /proc/net 28 1.5 SCSI info 29 1.6 Parallel port info in /proc/parport 30 1.7 TTY info in /proc/tty 31 1.8 Miscellaneous kernel statistics in /proc/stat 32 1.9 Ext4 file system parameters 33 34 2 Modifying System Parameters 35 36 3 Per-Process Parameters 37 3.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj - Adjust the oom-killer 38 score 39 3.2 /proc/<pid>/oom_score - Display current oom-killer score 40 3.3 /proc/<pid>/io - Display the IO accounting fields 41 3.4 /proc/<pid>/coredump_filter - Core dump filtering settings 42 3.5 /proc/<pid>/mountinfo - Information about mounts 43 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 44 3.7 /proc/<pid>/task/<tid>/children - Information about task children 45 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 46 3.9 /proc/<pid>/map_files - Information about memory mapped files 47 3.10 /proc/<pid>/timerslack_ns - Task timerslack value 48 3.11 /proc/<pid>/patch_state - Livepatch patch operation state 49 3.12 /proc/<pid>/arch_status - Task architecture specific information 50 3.13 /proc/<pid>/fd - List of symlinks to open files 51 3.14 /proc/<pid/ksm_stat - Information about the process's ksm status. 52 53 4 Configuring procfs 54 4.1 Mount options 55 56 5 Filesystem behavior 57 58Preface 59======= 60 610.1 Introduction/Credits 62------------------------ 63 64This documentation is part of a soon (or so we hope) to be released book on 65the SuSE Linux distribution. As there is no complete documentation for the 66/proc file system and we've used many freely available sources to write these 67chapters, it seems only fair to give the work back to the Linux community. 68This work is based on the 2.2.* kernel version and the upcoming 2.4.*. I'm 69afraid it's still far from complete, but we hope it will be useful. As far as 70we know, it is the first 'all-in-one' document about the /proc file system. It 71is focused on the Intel x86 hardware, so if you are looking for PPC, ARM, 72SPARC, AXP, etc., features, you probably won't find what you are looking for. 73It also only covers IPv4 networking, not IPv6 nor other protocols - sorry. But 74additions and patches are welcome and will be added to this document if you 75mail them to Bodo. 76 77We'd like to thank Alan Cox, Rik van Riel, and Alexey Kuznetsov and a lot of 78other people for help compiling this documentation. We'd also like to extend a 79special thank you to Andi Kleen for documentation, which we relied on heavily 80to create this document, as well as the additional information he provided. 81Thanks to everybody else who contributed source or docs to the Linux kernel 82and helped create a great piece of software... :) 83 84If you have any comments, corrections or additions, please don't hesitate to 85contact Bodo Bauer at bb@ricochet.net. We'll be happy to add them to this 86document. 87 88The latest version of this document is available online at 89https://www.kernel.org/doc/html/latest/filesystems/proc.html 90 91If the above direction does not works for you, you could try the kernel 92mailing list at linux-kernel@vger.kernel.org and/or try to reach me at 93comandante@zaralinux.com. 94 950.2 Legal Stuff 96--------------- 97 98We don't guarantee the correctness of this document, and if you come to us 99complaining about how you screwed up your system because of incorrect 100documentation, we won't feel responsible... 101 102Chapter 1: Collecting System Information 103======================================== 104 105In This Chapter 106--------------- 107* Investigating the properties of the pseudo file system /proc and its 108 ability to provide information on the running Linux system 109* Examining /proc's structure 110* Uncovering various information about the kernel and the processes running 111 on the system 112 113------------------------------------------------------------------------------ 114 115The proc file system acts as an interface to internal data structures in the 116kernel. It can be used to obtain information about the system and to change 117certain kernel parameters at runtime (sysctl). 118 119First, we'll take a look at the read-only parts of /proc. In Chapter 2, we 120show you how you can use /proc/sys to change settings. 121 1221.1 Process-Specific Subdirectories 123----------------------------------- 124 125The directory /proc contains (among other things) one subdirectory for each 126process running on the system, which is named after the process ID (PID). 127 128The link 'self' points to the process reading the file system. Each process 129subdirectory has the entries listed in Table 1-1. 130 131A process can read its own information from /proc/PID/* with no extra 132permissions. When reading /proc/PID/* information for other processes, reading 133process is required to have either CAP_SYS_PTRACE capability with 134PTRACE_MODE_READ access permissions, or, alternatively, CAP_PERFMON 135capability. This applies to all read-only information like `maps`, `environ`, 136`pagemap`, etc. The only exception is `mem` file due to its read-write nature, 137which requires CAP_SYS_PTRACE capabilities with more elevated 138PTRACE_MODE_ATTACH permissions; CAP_PERFMON capability does not grant access 139to /proc/PID/mem for other processes. 140 141Note that an open file descriptor to /proc/<pid> or to any of its 142contained files or subdirectories does not prevent <pid> being reused 143for some other process in the event that <pid> exits. Operations on 144open /proc/<pid> file descriptors corresponding to dead processes 145never act on any new process that the kernel may, through chance, have 146also assigned the process ID <pid>. Instead, operations on these FDs 147usually fail with ESRCH. 148 149.. table:: Table 1-1: Process specific entries in /proc 150 151 ============= =============================================================== 152 File Content 153 ============= =============================================================== 154 clear_refs Clears page referenced bits shown in smaps output 155 cmdline Command line arguments 156 cpu Current and last cpu in which it was executed (2.4)(smp) 157 cwd Link to the current working directory 158 environ Values of environment variables 159 exe Link to the executable of this process 160 fd Directory, which contains all file descriptors 161 maps Memory maps to executables and library files (2.4) 162 mem Memory held by this process 163 root Link to the root directory of this process 164 stat Process status 165 statm Process memory status information 166 status Process status in human readable form 167 wchan Present with CONFIG_KALLSYMS=y: it shows the kernel function 168 symbol the task is blocked in - or "0" if not blocked. 169 pagemap Page table 170 stack Report full stack trace, enable via CONFIG_STACKTRACE 171 smaps An extension based on maps, showing the memory consumption of 172 each mapping and flags associated with it 173 smaps_rollup Accumulated smaps stats for all mappings of the process. This 174 can be derived from smaps, but is faster and more convenient 175 numa_maps An extension based on maps, showing the memory locality and 176 binding policy as well as mem usage (in pages) of each mapping. 177 ============= =============================================================== 178 179For example, to get the status information of a process, all you have to do is 180read the file /proc/PID/status:: 181 182 >cat /proc/self/status 183 Name: cat 184 State: R (running) 185 Tgid: 5452 186 Pid: 5452 187 PPid: 743 188 TracerPid: 0 (2.4) 189 Uid: 501 501 501 501 190 Gid: 100 100 100 100 191 FDSize: 256 192 Groups: 100 14 16 193 Kthread: 0 194 VmPeak: 5004 kB 195 VmSize: 5004 kB 196 VmLck: 0 kB 197 VmHWM: 476 kB 198 VmRSS: 476 kB 199 RssAnon: 352 kB 200 RssFile: 120 kB 201 RssShmem: 4 kB 202 VmData: 156 kB 203 VmStk: 88 kB 204 VmExe: 68 kB 205 VmLib: 1412 kB 206 VmPTE: 20 kb 207 VmSwap: 0 kB 208 HugetlbPages: 0 kB 209 CoreDumping: 0 210 THP_enabled: 1 211 Threads: 1 212 SigQ: 0/28578 213 SigPnd: 0000000000000000 214 ShdPnd: 0000000000000000 215 SigBlk: 0000000000000000 216 SigIgn: 0000000000000000 217 SigCgt: 0000000000000000 218 CapInh: 00000000fffffeff 219 CapPrm: 0000000000000000 220 CapEff: 0000000000000000 221 CapBnd: ffffffffffffffff 222 CapAmb: 0000000000000000 223 NoNewPrivs: 0 224 Seccomp: 0 225 Speculation_Store_Bypass: thread vulnerable 226 SpeculationIndirectBranch: conditional enabled 227 voluntary_ctxt_switches: 0 228 nonvoluntary_ctxt_switches: 1 229 230This shows you nearly the same information you would get if you viewed it with 231the ps command. In fact, ps uses the proc file system to obtain its 232information. But you get a more detailed view of the process by reading the 233file /proc/PID/status. It fields are described in table 1-2. 234 235The statm file contains more detailed information about the process 236memory usage. Its seven fields are explained in Table 1-3. The stat file 237contains detailed information about the process itself. Its fields are 238explained in Table 1-4. 239 240(for SMP CONFIG users) 241 242For making accounting scalable, RSS related information are handled in an 243asynchronous manner and the value may not be very precise. To see a precise 244snapshot of a moment, you can see /proc/<pid>/smaps file and scan page table. 245It's slow but very precise. 246 247.. table:: Table 1-2: Contents of the status fields (as of 4.19) 248 249 ========================== =================================================== 250 Field Content 251 ========================== =================================================== 252 Name filename of the executable 253 Umask file mode creation mask 254 State state (R is running, S is sleeping, D is sleeping 255 in an uninterruptible wait, Z is zombie, 256 T is traced or stopped) 257 Tgid thread group ID 258 Ngid NUMA group ID (0 if none) 259 Pid process id 260 PPid process id of the parent process 261 TracerPid PID of process tracing this process (0 if not, or 262 the tracer is outside of the current pid namespace) 263 Uid Real, effective, saved set, and file system UIDs 264 Gid Real, effective, saved set, and file system GIDs 265 FDSize number of file descriptor slots currently allocated 266 Groups supplementary group list 267 NStgid descendant namespace thread group ID hierarchy 268 NSpid descendant namespace process ID hierarchy 269 NSpgid descendant namespace process group ID hierarchy 270 NSsid descendant namespace session ID hierarchy 271 Kthread kernel thread flag, 1 is yes, 0 is no 272 VmPeak peak virtual memory size 273 VmSize total program size 274 VmLck locked memory size 275 VmPin pinned memory size 276 VmHWM peak resident set size ("high water mark") 277 VmRSS size of memory portions. It contains the three 278 following parts 279 (VmRSS = RssAnon + RssFile + RssShmem) 280 RssAnon size of resident anonymous memory 281 RssFile size of resident file mappings 282 RssShmem size of resident shmem memory (includes SysV shm, 283 mapping of tmpfs and shared anonymous mappings) 284 VmData size of private data segments 285 VmStk size of stack segments 286 VmExe size of text segment 287 VmLib size of shared library code 288 VmPTE size of page table entries 289 VmSwap amount of swap used by anonymous private data 290 (shmem swap usage is not included) 291 HugetlbPages size of hugetlb memory portions 292 CoreDumping process's memory is currently being dumped 293 (killing the process may lead to a corrupted core) 294 THP_enabled process is allowed to use THP (returns 0 when 295 PR_SET_THP_DISABLE is set on the process 296 Threads number of threads 297 SigQ number of signals queued/max. number for queue 298 SigPnd bitmap of pending signals for the thread 299 ShdPnd bitmap of shared pending signals for the process 300 SigBlk bitmap of blocked signals 301 SigIgn bitmap of ignored signals 302 SigCgt bitmap of caught signals 303 CapInh bitmap of inheritable capabilities 304 CapPrm bitmap of permitted capabilities 305 CapEff bitmap of effective capabilities 306 CapBnd bitmap of capabilities bounding set 307 CapAmb bitmap of ambient capabilities 308 NoNewPrivs no_new_privs, like prctl(PR_GET_NO_NEW_PRIV, ...) 309 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...) 310 Speculation_Store_Bypass speculative store bypass mitigation status 311 SpeculationIndirectBranch indirect branch speculation mode 312 Cpus_allowed mask of CPUs on which this process may run 313 Cpus_allowed_list Same as previous, but in "list format" 314 Mems_allowed mask of memory nodes allowed to this process 315 Mems_allowed_list Same as previous, but in "list format" 316 voluntary_ctxt_switches number of voluntary context switches 317 nonvoluntary_ctxt_switches number of non voluntary context switches 318 ========================== =================================================== 319 320 321.. table:: Table 1-3: Contents of the statm fields (as of 2.6.8-rc3) 322 323 ======== =============================== ============================== 324 Field Content 325 ======== =============================== ============================== 326 size total program size (pages) (same as VmSize in status) 327 resident size of memory portions (pages) (same as VmRSS in status) 328 shared number of pages that are shared (i.e. backed by a file, same 329 as RssFile+RssShmem in status) 330 trs number of pages that are 'code' (not including libs; broken, 331 includes data segment) 332 lrs number of pages of library (always 0 on 2.6) 333 drs number of pages of data/stack (including libs; broken, 334 includes library text) 335 dt number of dirty pages (always 0 on 2.6) 336 ======== =============================== ============================== 337 338 339.. table:: Table 1-4: Contents of the stat fields (as of 2.6.30-rc7) 340 341 ============= =============================================================== 342 Field Content 343 ============= =============================================================== 344 pid process id 345 tcomm filename of the executable 346 state state (R is running, S is sleeping, D is sleeping in an 347 uninterruptible wait, Z is zombie, T is traced or stopped) 348 ppid process id of the parent process 349 pgrp pgrp of the process 350 sid session id 351 tty_nr tty the process uses 352 tty_pgrp pgrp of the tty 353 flags task flags 354 min_flt number of minor faults 355 cmin_flt number of minor faults with child's 356 maj_flt number of major faults 357 cmaj_flt number of major faults with child's 358 utime user mode jiffies 359 stime kernel mode jiffies 360 cutime user mode jiffies with child's 361 cstime kernel mode jiffies with child's 362 priority priority level 363 nice nice level 364 num_threads number of threads 365 it_real_value (obsolete, always 0) 366 start_time time the process started after system boot 367 vsize virtual memory size 368 rss resident set memory size 369 rsslim current limit in bytes on the rss 370 start_code address above which program text can run 371 end_code address below which program text can run 372 start_stack address of the start of the main process stack 373 esp current value of ESP 374 eip current value of EIP 375 pending bitmap of pending signals 376 blocked bitmap of blocked signals 377 sigign bitmap of ignored signals 378 sigcatch bitmap of caught signals 379 0 (place holder, used to be the wchan address, 380 use /proc/PID/wchan instead) 381 0 (place holder) 382 0 (place holder) 383 exit_signal signal to send to parent thread on exit 384 task_cpu which CPU the task is scheduled on 385 rt_priority realtime priority 386 policy scheduling policy (man sched_setscheduler) 387 blkio_ticks time spent waiting for block IO 388 gtime guest time of the task in jiffies 389 cgtime guest time of the task children in jiffies 390 start_data address above which program data+bss is placed 391 end_data address below which program data+bss is placed 392 start_brk address above which program heap can be expanded with brk() 393 arg_start address above which program command line is placed 394 arg_end address below which program command line is placed 395 env_start address above which program environment is placed 396 env_end address below which program environment is placed 397 exit_code the thread's exit_code in the form reported by the waitpid 398 system call 399 ============= =============================================================== 400 401The /proc/PID/maps file contains the currently mapped memory regions and 402their access permissions. 403 404The format is:: 405 406 address perms offset dev inode pathname 407 408 08048000-08049000 r-xp 00000000 03:00 8312 /opt/test 409 08049000-0804a000 rw-p 00001000 03:00 8312 /opt/test 410 0804a000-0806b000 rw-p 00000000 00:00 0 [heap] 411 a7cb1000-a7cb2000 ---p 00000000 00:00 0 412 a7cb2000-a7eb2000 rw-p 00000000 00:00 0 413 a7eb2000-a7eb3000 ---p 00000000 00:00 0 414 a7eb3000-a7ed5000 rw-p 00000000 00:00 0 415 a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 416 a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 417 a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 418 a800b000-a800e000 rw-p 00000000 00:00 0 419 a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 420 a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 421 a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 422 a8024000-a8027000 rw-p 00000000 00:00 0 423 a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 424 a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 425 a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 426 aff35000-aff4a000 rw-p 00000000 00:00 0 [stack] 427 ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] 428 429where "address" is the address space in the process that it occupies, "perms" 430is a set of permissions:: 431 432 r = read 433 w = write 434 x = execute 435 s = shared 436 p = private (copy on write) 437 438"offset" is the offset into the mapping, "dev" is the device (major:minor), and 439"inode" is the inode on that device. 0 indicates that no inode is associated 440with the memory region, as the case would be with BSS (uninitialized data). 441The "pathname" shows the name associated file for this mapping. If the mapping 442is not associated with a file: 443 444 =================== =========================================== 445 [heap] the heap of the program 446 [stack] the stack of the main process 447 [vdso] the "virtual dynamic shared object", 448 the kernel system call handler 449 [anon:<name>] a private anonymous mapping that has been 450 named by userspace 451 [anon_shmem:<name>] an anonymous shared memory mapping that has 452 been named by userspace 453 =================== =========================================== 454 455 or if empty, the mapping is anonymous. 456 457Starting with 6.11 kernel, /proc/PID/maps provides an alternative 458ioctl()-based API that gives ability to flexibly and efficiently query and 459filter individual VMAs. This interface is binary and is meant for more 460efficient and easy programmatic use. `struct procmap_query`, defined in 461linux/fs.h UAPI header, serves as an input/output argument to the 462`PROCMAP_QUERY` ioctl() command. See comments in linus/fs.h UAPI header for 463details on query semantics, supported flags, data returned, and general API 464usage information. 465 466The /proc/PID/smaps is an extension based on maps, showing the memory 467consumption for each of the process's mappings. For each mapping (aka Virtual 468Memory Area, or VMA) there is a series of lines such as the following:: 469 470 08048000-080bc000 r-xp 00000000 03:02 13130 /bin/bash 471 472 Size: 1084 kB 473 KernelPageSize: 4 kB 474 MMUPageSize: 4 kB 475 Rss: 892 kB 476 Pss: 374 kB 477 Pss_Dirty: 0 kB 478 Shared_Clean: 892 kB 479 Shared_Dirty: 0 kB 480 Private_Clean: 0 kB 481 Private_Dirty: 0 kB 482 Referenced: 892 kB 483 Anonymous: 0 kB 484 KSM: 0 kB 485 LazyFree: 0 kB 486 AnonHugePages: 0 kB 487 ShmemPmdMapped: 0 kB 488 Shared_Hugetlb: 0 kB 489 Private_Hugetlb: 0 kB 490 Swap: 0 kB 491 SwapPss: 0 kB 492 KernelPageSize: 4 kB 493 MMUPageSize: 4 kB 494 Locked: 0 kB 495 THPeligible: 0 496 VmFlags: rd ex mr mw me dw 497 498The first of these lines shows the same information as is displayed for 499the mapping in /proc/PID/maps. Following lines show the size of the 500mapping (size); the size of each page allocated when backing a VMA 501(KernelPageSize), which is usually the same as the size in the page table 502entries; the page size used by the MMU when backing a VMA (in most cases, 503the same as KernelPageSize); the amount of the mapping that is currently 504resident in RAM (RSS); the process's proportional share of this mapping 505(PSS); and the number of clean and dirty shared and private pages in the 506mapping. 507 508The "proportional set size" (PSS) of a process is the count of pages it has 509in memory, where each page is divided by the number of processes sharing it. 510So if a process has 1000 pages all to itself, and 1000 shared with one other 511process, its PSS will be 1500. "Pss_Dirty" is the portion of PSS which 512consists of dirty pages. ("Pss_Clean" is not included, but it can be 513calculated by subtracting "Pss_Dirty" from "Pss".) 514 515Traditionally, a page is accounted as "private" if it is mapped exactly once, 516and a page is accounted as "shared" when mapped multiple times, even when 517mapped in the same process multiple times. Note that this accounting is 518independent of MAP_SHARED. 519 520In some kernel configurations, the semantics of pages part of a larger 521allocation (e.g., THP) can differ: a page is accounted as "private" if all 522pages part of the corresponding large allocation are *certainly* mapped in the 523same process, even if the page is mapped multiple times in that process. A 524page is accounted as "shared" if any page page of the larger allocation 525is *maybe* mapped in a different process. In some cases, a large allocation 526might be treated as "maybe mapped by multiple processes" even though this 527is no longer the case. 528 529Some kernel configurations do not track the precise number of times a page part 530of a larger allocation is mapped. In this case, when calculating the PSS, the 531average number of mappings per page in this larger allocation might be used 532as an approximation for the number of mappings of a page. The PSS calculation 533will be imprecise in this case. 534 535"Referenced" indicates the amount of memory currently marked as referenced or 536accessed. 537 538"Anonymous" shows the amount of memory that does not belong to any file. Even 539a mapping associated with a file may contain anonymous pages: when MAP_PRIVATE 540and a page is modified, the file page is replaced by a private anonymous copy. 541 542"KSM" reports how many of the pages are KSM pages. Note that KSM-placed zeropages 543are not included, only actual KSM pages. 544 545"LazyFree" shows the amount of memory which is marked by madvise(MADV_FREE). 546The memory isn't freed immediately with madvise(). It's freed in memory 547pressure if the memory is clean. Please note that the printed value might 548be lower than the real value due to optimizations used in the current 549implementation. If this is not desirable please file a bug report. 550 551"AnonHugePages" shows the amount of memory backed by transparent hugepage. 552 553"ShmemPmdMapped" shows the amount of shared (shmem/tmpfs) memory backed by 554huge pages. 555 556"Shared_Hugetlb" and "Private_Hugetlb" show the amounts of memory backed by 557hugetlbfs page which is *not* counted in "RSS" or "PSS" field for historical 558reasons. And these are not included in {Shared,Private}_{Clean,Dirty} field. 559 560"Swap" shows how much would-be-anonymous memory is also used, but out on swap. 561 562For shmem mappings, "Swap" includes also the size of the mapped (and not 563replaced by copy-on-write) part of the underlying shmem object out on swap. 564"SwapPss" shows proportional swap share of this mapping. Unlike "Swap", this 565does not take into account swapped out page of underlying shmem objects. 566"Locked" indicates whether the mapping is locked in memory or not. 567 568"THPeligible" indicates whether the mapping is eligible for allocating 569naturally aligned THP pages of any currently enabled size. 1 if true, 0 570otherwise. 571 572"VmFlags" field deserves a separate description. This member represents the 573kernel flags associated with the particular virtual memory area in two letter 574encoded manner. The codes are the following: 575 576 == ======================================= 577 rd readable 578 wr writeable 579 ex executable 580 sh shared 581 mr may read 582 mw may write 583 me may execute 584 ms may share 585 gd stack segment growns down 586 pf pure PFN range 587 lo pages are locked in memory 588 io memory mapped I/O area 589 sr sequential read advise provided 590 rr random read advise provided 591 dc do not copy area on fork 592 de do not expand area on remapping 593 ac area is accountable 594 nr swap space is not reserved for the area 595 ht area uses huge tlb pages 596 sf synchronous page fault 597 ar architecture specific flag 598 wf wipe on fork 599 dd do not include area into core dump 600 sd soft dirty flag 601 mm mixed map area 602 hg huge page advise flag 603 nh no huge page advise flag 604 mg mergeable advise flag 605 bt arm64 BTI guarded page 606 mt arm64 MTE allocation tags are enabled 607 um userfaultfd missing tracking 608 uw userfaultfd wr-protect tracking 609 ui userfaultfd minor fault 610 ss shadow/guarded control stack page 611 sl sealed 612 lf lock on fault pages 613 dp always lazily freeable mapping 614 == ======================================= 615 616Note that there is no guarantee that every flag and associated mnemonic will 617be present in all further kernel releases. Things get changed, the flags may 618be vanished or the reverse -- new added. Interpretation of their meaning 619might change in future as well. So each consumer of these flags has to 620follow each specific kernel version for the exact semantic. 621 622This file is only present if the CONFIG_MMU kernel configuration option is 623enabled. 624 625Note: reading /proc/PID/maps or /proc/PID/smaps is inherently racy (consistent 626output can be achieved only in the single read call). 627 628This typically manifests when doing partial reads of these files while the 629memory map is being modified. Despite the races, we do provide the following 630guarantees: 631 6321) The mapped addresses never go backwards, which implies no two 633 regions will ever overlap. 6342) If there is something at a given vaddr during the entirety of the 635 life of the smaps/maps walk, there will be some output for it. 636 637The /proc/PID/smaps_rollup file includes the same fields as /proc/PID/smaps, 638but their values are the sums of the corresponding values for all mappings of 639the process. Additionally, it contains these fields: 640 641- Pss_Anon 642- Pss_File 643- Pss_Shmem 644 645They represent the proportional shares of anonymous, file, and shmem pages, as 646described for smaps above. These fields are omitted in smaps since each 647mapping identifies the type (anon, file, or shmem) of all pages it contains. 648Thus all information in smaps_rollup can be derived from smaps, but at a 649significantly higher cost. 650 651The /proc/PID/clear_refs is used to reset the PG_Referenced and ACCESSED/YOUNG 652bits on both physical and virtual pages associated with a process, and the 653soft-dirty bit on pte (see Documentation/admin-guide/mm/soft-dirty.rst 654for details). 655To clear the bits for all the pages associated with the process:: 656 657 > echo 1 > /proc/PID/clear_refs 658 659To clear the bits for the anonymous pages associated with the process:: 660 661 > echo 2 > /proc/PID/clear_refs 662 663To clear the bits for the file mapped pages associated with the process:: 664 665 > echo 3 > /proc/PID/clear_refs 666 667To clear the soft-dirty bit:: 668 669 > echo 4 > /proc/PID/clear_refs 670 671To reset the peak resident set size ("high water mark") to the process's 672current value:: 673 674 > echo 5 > /proc/PID/clear_refs 675 676Any other value written to /proc/PID/clear_refs will have no effect. 677 678The /proc/pid/pagemap gives the PFN, which can be used to find the pageflags 679using /proc/kpageflags and number of times a page is mapped using 680/proc/kpagecount. For detailed explanation, see 681Documentation/admin-guide/mm/pagemap.rst. 682 683The /proc/pid/numa_maps is an extension based on maps, showing the memory 684locality and binding policy, as well as the memory usage (in pages) of 685each mapping. The output follows a general format where mapping details get 686summarized separated by blank spaces, one mapping per each file line:: 687 688 address policy mapping details 689 690 00400000 default file=/usr/local/bin/app mapped=1 active=0 N3=1 kernelpagesize_kB=4 691 00600000 default file=/usr/local/bin/app anon=1 dirty=1 N3=1 kernelpagesize_kB=4 692 3206000000 default file=/lib64/ld-2.12.so mapped=26 mapmax=6 N0=24 N3=2 kernelpagesize_kB=4 693 320621f000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 694 3206220000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 695 3206221000 default anon=1 dirty=1 N3=1 kernelpagesize_kB=4 696 3206800000 default file=/lib64/libc-2.12.so mapped=59 mapmax=21 active=55 N0=41 N3=18 kernelpagesize_kB=4 697 320698b000 default file=/lib64/libc-2.12.so 698 3206b8a000 default file=/lib64/libc-2.12.so anon=2 dirty=2 N3=2 kernelpagesize_kB=4 699 3206b8e000 default file=/lib64/libc-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 700 3206b8f000 default anon=3 dirty=3 active=1 N3=3 kernelpagesize_kB=4 701 7f4dc10a2000 default anon=3 dirty=3 N3=3 kernelpagesize_kB=4 702 7f4dc10b4000 default anon=2 dirty=2 active=1 N3=2 kernelpagesize_kB=4 703 7f4dc1200000 default file=/anon_hugepage\040(deleted) huge anon=1 dirty=1 N3=1 kernelpagesize_kB=2048 704 7fff335f0000 default stack anon=3 dirty=3 N3=3 kernelpagesize_kB=4 705 7fff3369d000 default mapped=1 mapmax=35 active=0 N3=1 kernelpagesize_kB=4 706 707Where: 708 709"address" is the starting address for the mapping; 710 711"policy" reports the NUMA memory policy set for the mapping (see Documentation/admin-guide/mm/numa_memory_policy.rst); 712 713"mapping details" summarizes mapping data such as mapping type, page usage counters, 714node locality page counters (N0 == node0, N1 == node1, ...) and the kernel page 715size, in KB, that is backing the mapping up. 716 717Note that some kernel configurations do not track the precise number of times 718a page part of a larger allocation (e.g., THP) is mapped. In these 719configurations, "mapmax" might corresponds to the average number of mappings 720per page in such a larger allocation instead. 721 7221.2 Kernel data 723--------------- 724 725Similar to the process entries, the kernel data files give information about 726the running kernel. The files used to obtain this information are contained in 727/proc and are listed in Table 1-5. Not all of these will be present in your 728system. It depends on the kernel configuration and the loaded modules, which 729files are there, and which are missing. 730 731.. table:: Table 1-5: Kernel info in /proc 732 733 ============ =============================================================== 734 File Content 735 ============ =============================================================== 736 allocinfo Memory allocations profiling information 737 apm Advanced power management info 738 bootconfig Kernel command line obtained from boot config, 739 and, if there were kernel parameters from the 740 boot loader, a "# Parameters from bootloader:" 741 line followed by a line containing those 742 parameters prefixed by "# ". (5.5) 743 buddyinfo Kernel memory allocator information (see text) (2.5) 744 bus Directory containing bus specific information 745 cmdline Kernel command line, both from bootloader and embedded 746 in the kernel image 747 cpuinfo Info about the CPU 748 devices Available devices (block and character) 749 dma Used DMS channels 750 filesystems Supported filesystems 751 driver Various drivers grouped here, currently rtc (2.4) 752 execdomains Execdomains, related to security (2.4) 753 fb Frame Buffer devices (2.4) 754 fs File system parameters, currently nfs/exports (2.4) 755 ide Directory containing info about the IDE subsystem 756 interrupts Interrupt usage 757 iomem Memory map (2.4) 758 ioports I/O port usage 759 irq Masks for irq to cpu affinity (2.4)(smp?) 760 isapnp ISA PnP (Plug&Play) Info (2.4) 761 kcore Kernel core image (can be ELF or A.OUT(deprecated in 2.4)) 762 kmsg Kernel messages 763 ksyms Kernel symbol table 764 loadavg Load average of last 1, 5 & 15 minutes; 765 number of processes currently runnable (running or on ready queue); 766 total number of processes in system; 767 last pid created. 768 All fields are separated by one space except "number of 769 processes currently runnable" and "total number of processes 770 in system", which are separated by a slash ('/'). Example: 771 0.61 0.61 0.55 3/828 22084 772 locks Kernel locks 773 meminfo Memory info 774 misc Miscellaneous 775 modules List of loaded modules 776 mounts Mounted filesystems 777 net Networking info (see text) 778 pagetypeinfo Additional page allocator information (see text) (2.5) 779 partitions Table of partitions known to the system 780 pci Deprecated info of PCI bus (new way -> /proc/bus/pci/, 781 decoupled by lspci (2.4) 782 rtc Real time clock 783 scsi SCSI info (see text) 784 slabinfo Slab pool info 785 softirqs softirq usage 786 stat Overall statistics 787 swaps Swap space utilization 788 sys See chapter 2 789 sysvipc Info of SysVIPC Resources (msg, sem, shm) (2.4) 790 tty Info of tty drivers 791 uptime Wall clock since boot, combined idle time of all cpus 792 version Kernel version 793 video bttv info of video resources (2.4) 794 vmallocinfo Show vmalloced areas 795 ============ =============================================================== 796 797You can, for example, check which interrupts are currently in use and what 798they are used for by looking in the file /proc/interrupts:: 799 800 > cat /proc/interrupts 801 CPU0 802 0: 8728810 XT-PIC timer 803 1: 895 XT-PIC keyboard 804 2: 0 XT-PIC cascade 805 3: 531695 XT-PIC aha152x 806 4: 2014133 XT-PIC serial 807 5: 44401 XT-PIC pcnet_cs 808 8: 2 XT-PIC rtc 809 11: 8 XT-PIC i82365 810 12: 182918 XT-PIC PS/2 Mouse 811 13: 1 XT-PIC fpu 812 14: 1232265 XT-PIC ide0 813 15: 7 XT-PIC ide1 814 NMI: 0 815 816In 2.4.* a couple of lines where added to this file LOC & ERR (this time is the 817output of a SMP machine):: 818 819 > cat /proc/interrupts 820 821 CPU0 CPU1 822 0: 1243498 1214548 IO-APIC-edge timer 823 1: 8949 8958 IO-APIC-edge keyboard 824 2: 0 0 XT-PIC cascade 825 5: 11286 10161 IO-APIC-edge soundblaster 826 8: 1 0 IO-APIC-edge rtc 827 9: 27422 27407 IO-APIC-edge 3c503 828 12: 113645 113873 IO-APIC-edge PS/2 Mouse 829 13: 0 0 XT-PIC fpu 830 14: 22491 24012 IO-APIC-edge ide0 831 15: 2183 2415 IO-APIC-edge ide1 832 17: 30564 30414 IO-APIC-level eth0 833 18: 177 164 IO-APIC-level bttv 834 NMI: 2457961 2457959 835 LOC: 2457882 2457881 836 ERR: 2155 837 838NMI is incremented in this case because every timer interrupt generates a NMI 839(Non Maskable Interrupt) which is used by the NMI Watchdog to detect lockups. 840 841LOC is the local interrupt counter of the internal APIC of every CPU. 842 843ERR is incremented in the case of errors in the IO-APIC bus (the bus that 844connects the CPUs in a SMP system. This means that an error has been detected, 845the IO-APIC automatically retry the transmission, so it should not be a big 846problem, but you should read the SMP-FAQ. 847 848In 2.6.2* /proc/interrupts was expanded again. This time the goal was for 849/proc/interrupts to display every IRQ vector in use by the system, not 850just those considered 'most important'. The new vectors are: 851 852THR 853 interrupt raised when a machine check threshold counter 854 (typically counting ECC corrected errors of memory or cache) exceeds 855 a configurable threshold. Only available on some systems. 856 857TRM 858 a thermal event interrupt occurs when a temperature threshold 859 has been exceeded for the CPU. This interrupt may also be generated 860 when the temperature drops back to normal. 861 862SPU 863 a spurious interrupt is some interrupt that was raised then lowered 864 by some IO device before it could be fully processed by the APIC. Hence 865 the APIC sees the interrupt but does not know what device it came from. 866 For this case the APIC will generate the interrupt with a IRQ vector 867 of 0xff. This might also be generated by chipset bugs. 868 869RES, CAL, TLB 870 rescheduling, call and TLB flush interrupts are 871 sent from one CPU to another per the needs of the OS. Typically, 872 their statistics are used by kernel developers and interested users to 873 determine the occurrence of interrupts of the given type. 874 875The above IRQ vectors are displayed only when relevant. For example, 876the threshold vector does not exist on x86_64 platforms. Others are 877suppressed when the system is a uniprocessor. As of this writing, only 878i386 and x86_64 platforms support the new IRQ vector displays. 879 880Of some interest is the introduction of the /proc/irq directory to 2.4. 881It could be used to set IRQ to CPU affinity. This means that you can "hook" an 882IRQ to only one CPU, or to exclude a CPU of handling IRQs. The contents of the 883irq subdir is one subdir for each IRQ, and two files; default_smp_affinity and 884prof_cpu_mask. 885 886For example:: 887 888 > ls /proc/irq/ 889 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask 890 1 11 13 15 17 19 3 5 7 9 default_smp_affinity 891 > ls /proc/irq/0/ 892 smp_affinity 893 894smp_affinity is a bitmask, in which you can specify which CPUs can handle the 895IRQ. You can set it by doing:: 896 897 > echo 1 > /proc/irq/10/smp_affinity 898 899This means that only the first CPU will handle the IRQ, but you can also echo 9005 which means that only the first and third CPU can handle the IRQ. 901 902The contents of each smp_affinity file is the same by default:: 903 904 > cat /proc/irq/0/smp_affinity 905 ffffffff 906 907There is an alternate interface, smp_affinity_list which allows specifying 908a CPU range instead of a bitmask:: 909 910 > cat /proc/irq/0/smp_affinity_list 911 1024-1031 912 913The default_smp_affinity mask applies to all non-active IRQs, which are the 914IRQs which have not yet been allocated/activated, and hence which lack a 915/proc/irq/[0-9]* directory. 916 917The node file on an SMP system shows the node to which the device using the IRQ 918reports itself as being attached. This hardware locality information does not 919include information about any possible driver locality preference. 920 921prof_cpu_mask specifies which CPUs are to be profiled by the system wide 922profiler. Default value is ffffffff (all CPUs if there are only 32 of them). 923 924The way IRQs are routed is handled by the IO-APIC, and it's Round Robin 925between all the CPUs which are allowed to handle it. As usual the kernel has 926more info than you and does a better job than you, so the defaults are the 927best choice for almost everyone. [Note this applies only to those IO-APIC's 928that support "Round Robin" interrupt distribution.] 929 930There are three more important subdirectories in /proc: net, scsi, and sys. 931The general rule is that the contents, or even the existence of these 932directories, depend on your kernel configuration. If SCSI is not enabled, the 933directory scsi may not exist. The same is true with the net, which is there 934only when networking support is present in the running kernel. 935 936The slabinfo file gives information about memory usage at the slab level. 937Linux uses slab pools for memory management above page level in version 2.2. 938Commonly used objects have their own slab pool (such as network buffers, 939directory cache, and so on). 940 941:: 942 943 > cat /proc/buddyinfo 944 945 Node 0, zone DMA 0 4 5 4 4 3 ... 946 Node 0, zone Normal 1 0 0 1 101 8 ... 947 Node 0, zone HighMem 2 0 0 1 1 0 ... 948 949External fragmentation is a problem under some workloads, and buddyinfo is a 950useful tool for helping diagnose these problems. Buddyinfo will give you a 951clue as to how big an area you can safely allocate, or why a previous 952allocation failed. 953 954Each column represents the number of pages of a certain order which are 955available. In this case, there are 0 chunks of 2^0*PAGE_SIZE available in 956ZONE_DMA, 4 chunks of 2^1*PAGE_SIZE in ZONE_DMA, 101 chunks of 2^4*PAGE_SIZE 957available in ZONE_NORMAL, etc... 958 959More information relevant to external fragmentation can be found in 960pagetypeinfo:: 961 962 > cat /proc/pagetypeinfo 963 Page block order: 9 964 Pages per block: 512 965 966 Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 967 Node 0, zone DMA, type Unmovable 0 0 0 1 1 1 1 1 1 1 0 968 Node 0, zone DMA, type Reclaimable 0 0 0 0 0 0 0 0 0 0 0 969 Node 0, zone DMA, type Movable 1 1 2 1 2 1 1 0 1 0 2 970 Node 0, zone DMA, type Reserve 0 0 0 0 0 0 0 0 0 1 0 971 Node 0, zone DMA, type Isolate 0 0 0 0 0 0 0 0 0 0 0 972 Node 0, zone DMA32, type Unmovable 103 54 77 1 1 1 11 8 7 1 9 973 Node 0, zone DMA32, type Reclaimable 0 0 2 1 0 0 0 0 1 0 0 974 Node 0, zone DMA32, type Movable 169 152 113 91 77 54 39 13 6 1 452 975 Node 0, zone DMA32, type Reserve 1 2 2 2 2 0 1 1 1 1 0 976 Node 0, zone DMA32, type Isolate 0 0 0 0 0 0 0 0 0 0 0 977 978 Number of blocks type Unmovable Reclaimable Movable Reserve Isolate 979 Node 0, zone DMA 2 0 5 1 0 980 Node 0, zone DMA32 41 6 967 2 0 981 982Fragmentation avoidance in the kernel works by grouping pages of different 983migrate types into the same contiguous regions of memory called page blocks. 984A page block is typically the size of the default hugepage size, e.g. 2MB on 985X86-64. By keeping pages grouped based on their ability to move, the kernel 986can reclaim pages within a page block to satisfy a high-order allocation. 987 988The pagetypinfo begins with information on the size of a page block. It 989then gives the same type of information as buddyinfo except broken down 990by migrate-type and finishes with details on how many page blocks of each 991type exist. 992 993If min_free_kbytes has been tuned correctly (recommendations made by hugeadm 994from libhugetlbfs https://github.com/libhugetlbfs/libhugetlbfs/), one can 995make an estimate of the likely number of huge pages that can be allocated 996at a given point in time. All the "Movable" blocks should be allocatable 997unless memory has been mlock()'d. Some of the Reclaimable blocks should 998also be allocatable although a lot of filesystem metadata may have to be 999reclaimed to achieve this. 1000 1001 1002allocinfo 1003~~~~~~~~~ 1004 1005Provides information about memory allocations at all locations in the code 1006base. Each allocation in the code is identified by its source file, line 1007number, module (if originates from a loadable module) and the function calling 1008the allocation. The number of bytes allocated and number of calls at each 1009location are reported. The first line indicates the version of the file, the 1010second line is the header listing fields in the file. 1011 1012Example output. 1013 1014:: 1015 1016 > tail -n +3 /proc/allocinfo | sort -rn 1017 127664128 31168 mm/page_ext.c:270 func:alloc_page_ext 1018 56373248 4737 mm/slub.c:2259 func:alloc_slab_page 1019 14880768 3633 mm/readahead.c:247 func:page_cache_ra_unbounded 1020 14417920 3520 mm/mm_init.c:2530 func:alloc_large_system_hash 1021 13377536 234 block/blk-mq.c:3421 func:blk_mq_alloc_rqs 1022 11718656 2861 mm/filemap.c:1919 func:__filemap_get_folio 1023 9192960 2800 kernel/fork.c:307 func:alloc_thread_stack_node 1024 4206592 4 net/netfilter/nf_conntrack_core.c:2567 func:nf_ct_alloc_hashtable 1025 4136960 1010 drivers/staging/ctagmod/ctagmod.c:20 [ctagmod] func:ctagmod_start 1026 3940352 962 mm/memory.c:4214 func:alloc_anon_folio 1027 2894464 22613 fs/kernfs/dir.c:615 func:__kernfs_new_node 1028 ... 1029 1030 1031meminfo 1032~~~~~~~ 1033 1034Provides information about distribution and utilization of memory. This 1035varies by architecture and compile options. Some of the counters reported 1036here overlap. The memory reported by the non overlapping counters may not 1037add up to the overall memory usage and the difference for some workloads 1038can be substantial. In many cases there are other means to find out 1039additional memory using subsystem specific interfaces, for instance 1040/proc/net/sockstat for TCP memory allocations. 1041 1042Example output. You may not have all of these fields. 1043 1044:: 1045 1046 > cat /proc/meminfo 1047 1048 MemTotal: 32858820 kB 1049 MemFree: 21001236 kB 1050 MemAvailable: 27214312 kB 1051 Buffers: 581092 kB 1052 Cached: 5587612 kB 1053 SwapCached: 0 kB 1054 Active: 3237152 kB 1055 Inactive: 7586256 kB 1056 Active(anon): 94064 kB 1057 Inactive(anon): 4570616 kB 1058 Active(file): 3143088 kB 1059 Inactive(file): 3015640 kB 1060 Unevictable: 0 kB 1061 Mlocked: 0 kB 1062 SwapTotal: 0 kB 1063 SwapFree: 0 kB 1064 Zswap: 1904 kB 1065 Zswapped: 7792 kB 1066 Dirty: 12 kB 1067 Writeback: 0 kB 1068 AnonPages: 4654780 kB 1069 Mapped: 266244 kB 1070 Shmem: 9976 kB 1071 KReclaimable: 517708 kB 1072 Slab: 660044 kB 1073 SReclaimable: 517708 kB 1074 SUnreclaim: 142336 kB 1075 KernelStack: 11168 kB 1076 PageTables: 20540 kB 1077 SecPageTables: 0 kB 1078 NFS_Unstable: 0 kB 1079 Bounce: 0 kB 1080 WritebackTmp: 0 kB 1081 CommitLimit: 16429408 kB 1082 Committed_AS: 7715148 kB 1083 VmallocTotal: 34359738367 kB 1084 VmallocUsed: 40444 kB 1085 VmallocChunk: 0 kB 1086 Percpu: 29312 kB 1087 EarlyMemtestBad: 0 kB 1088 HardwareCorrupted: 0 kB 1089 AnonHugePages: 4149248 kB 1090 ShmemHugePages: 0 kB 1091 ShmemPmdMapped: 0 kB 1092 FileHugePages: 0 kB 1093 FilePmdMapped: 0 kB 1094 CmaTotal: 0 kB 1095 CmaFree: 0 kB 1096 Unaccepted: 0 kB 1097 Balloon: 0 kB 1098 HugePages_Total: 0 1099 HugePages_Free: 0 1100 HugePages_Rsvd: 0 1101 HugePages_Surp: 0 1102 Hugepagesize: 2048 kB 1103 Hugetlb: 0 kB 1104 DirectMap4k: 401152 kB 1105 DirectMap2M: 10008576 kB 1106 DirectMap1G: 24117248 kB 1107 1108MemTotal 1109 Total usable RAM (i.e. physical RAM minus a few reserved 1110 bits and the kernel binary code) 1111MemFree 1112 Total free RAM. On highmem systems, the sum of LowFree+HighFree 1113MemAvailable 1114 An estimate of how much memory is available for starting new 1115 applications, without swapping. Calculated from MemFree, 1116 SReclaimable, the size of the file LRU lists, and the low 1117 watermarks in each zone. 1118 The estimate takes into account that the system needs some 1119 page cache to function well, and that not all reclaimable 1120 slab will be reclaimable, due to items being in use. The 1121 impact of those factors will vary from system to system. 1122Buffers 1123 Relatively temporary storage for raw disk blocks 1124 shouldn't get tremendously large (20MB or so) 1125Cached 1126 In-memory cache for files read from the disk (the 1127 pagecache) as well as tmpfs & shmem. 1128 Doesn't include SwapCached. 1129SwapCached 1130 Memory that once was swapped out, is swapped back in but 1131 still also is in the swapfile (if memory is needed it 1132 doesn't need to be swapped out AGAIN because it is already 1133 in the swapfile. This saves I/O) 1134Active 1135 Memory that has been used more recently and usually not 1136 reclaimed unless absolutely necessary. 1137Inactive 1138 Memory which has been less recently used. It is more 1139 eligible to be reclaimed for other purposes 1140Unevictable 1141 Memory allocated for userspace which cannot be reclaimed, such 1142 as mlocked pages, ramfs backing pages, secret memfd pages etc. 1143Mlocked 1144 Memory locked with mlock(). 1145HighTotal, HighFree 1146 Highmem is all memory above ~860MB of physical memory. 1147 Highmem areas are for use by userspace programs, or 1148 for the pagecache. The kernel must use tricks to access 1149 this memory, making it slower to access than lowmem. 1150LowTotal, LowFree 1151 Lowmem is memory which can be used for everything that 1152 highmem can be used for, but it is also available for the 1153 kernel's use for its own data structures. Among many 1154 other things, it is where everything from the Slab is 1155 allocated. Bad things happen when you're out of lowmem. 1156SwapTotal 1157 total amount of swap space available 1158SwapFree 1159 Memory which has been evicted from RAM, and is temporarily 1160 on the disk 1161Zswap 1162 Memory consumed by the zswap backend (compressed size) 1163Zswapped 1164 Amount of anonymous memory stored in zswap (original size) 1165Dirty 1166 Memory which is waiting to get written back to the disk 1167Writeback 1168 Memory which is actively being written back to the disk 1169AnonPages 1170 Non-file backed pages mapped into userspace page tables. Note that 1171 some kernel configurations might consider all pages part of a 1172 larger allocation (e.g., THP) as "mapped", as soon as a single 1173 page is mapped. 1174Mapped 1175 files which have been mmapped, such as libraries. Note that some 1176 kernel configurations might consider all pages part of a larger 1177 allocation (e.g., THP) as "mapped", as soon as a single page is 1178 mapped. 1179Shmem 1180 Total memory used by shared memory (shmem) and tmpfs 1181KReclaimable 1182 Kernel allocations that the kernel will attempt to reclaim 1183 under memory pressure. Includes SReclaimable (below), and other 1184 direct allocations with a shrinker. 1185Slab 1186 in-kernel data structures cache 1187SReclaimable 1188 Part of Slab, that might be reclaimed, such as caches 1189SUnreclaim 1190 Part of Slab, that cannot be reclaimed on memory pressure 1191KernelStack 1192 Memory consumed by the kernel stacks of all tasks 1193PageTables 1194 Memory consumed by userspace page tables 1195SecPageTables 1196 Memory consumed by secondary page tables, this currently includes 1197 KVM mmu and IOMMU allocations on x86 and arm64. 1198NFS_Unstable 1199 Always zero. Previous counted pages which had been written to 1200 the server, but has not been committed to stable storage. 1201Bounce 1202 Memory used for block device "bounce buffers" 1203WritebackTmp 1204 Memory used by FUSE for temporary writeback buffers 1205CommitLimit 1206 Based on the overcommit ratio ('vm.overcommit_ratio'), 1207 this is the total amount of memory currently available to 1208 be allocated on the system. This limit is only adhered to 1209 if strict overcommit accounting is enabled (mode 2 in 1210 'vm.overcommit_memory'). 1211 1212 The CommitLimit is calculated with the following formula:: 1213 1214 CommitLimit = ([total RAM pages] - [total huge TLB pages]) * 1215 overcommit_ratio / 100 + [total swap pages] 1216 1217 For example, on a system with 1G of physical RAM and 7G 1218 of swap with a `vm.overcommit_ratio` of 30 it would 1219 yield a CommitLimit of 7.3G. 1220 1221 For more details, see the memory overcommit documentation 1222 in mm/overcommit-accounting. 1223Committed_AS 1224 The amount of memory presently allocated on the system. 1225 The committed memory is a sum of all of the memory which 1226 has been allocated by processes, even if it has not been 1227 "used" by them as of yet. A process which malloc()'s 1G 1228 of memory, but only touches 300M of it will show up as 1229 using 1G. This 1G is memory which has been "committed" to 1230 by the VM and can be used at any time by the allocating 1231 application. With strict overcommit enabled on the system 1232 (mode 2 in 'vm.overcommit_memory'), allocations which would 1233 exceed the CommitLimit (detailed above) will not be permitted. 1234 This is useful if one needs to guarantee that processes will 1235 not fail due to lack of memory once that memory has been 1236 successfully allocated. 1237VmallocTotal 1238 total size of vmalloc virtual address space 1239VmallocUsed 1240 amount of vmalloc area which is used 1241VmallocChunk 1242 largest contiguous block of vmalloc area which is free 1243Percpu 1244 Memory allocated to the percpu allocator used to back percpu 1245 allocations. This stat excludes the cost of metadata. 1246EarlyMemtestBad 1247 The amount of RAM/memory in kB, that was identified as corrupted 1248 by early memtest. If memtest was not run, this field will not 1249 be displayed at all. Size is never rounded down to 0 kB. 1250 That means if 0 kB is reported, you can safely assume 1251 there was at least one pass of memtest and none of the passes 1252 found a single faulty byte of RAM. 1253HardwareCorrupted 1254 The amount of RAM/memory in KB, the kernel identifies as 1255 corrupted. 1256AnonHugePages 1257 Non-file backed huge pages mapped into userspace page tables 1258ShmemHugePages 1259 Memory used by shared memory (shmem) and tmpfs allocated 1260 with huge pages 1261ShmemPmdMapped 1262 Shared memory mapped into userspace with huge pages 1263FileHugePages 1264 Memory used for filesystem data (page cache) allocated 1265 with huge pages 1266FilePmdMapped 1267 Page cache mapped into userspace with huge pages 1268CmaTotal 1269 Memory reserved for the Contiguous Memory Allocator (CMA) 1270CmaFree 1271 Free remaining memory in the CMA reserves 1272Unaccepted 1273 Memory that has not been accepted by the guest 1274Balloon 1275 Memory returned to Host by VM Balloon Drivers 1276HugePages_Total, HugePages_Free, HugePages_Rsvd, HugePages_Surp, Hugepagesize, Hugetlb 1277 See Documentation/admin-guide/mm/hugetlbpage.rst. 1278DirectMap4k, DirectMap2M, DirectMap1G 1279 Breakdown of page table sizes used in the kernel's 1280 identity mapping of RAM 1281 1282vmallocinfo 1283~~~~~~~~~~~ 1284 1285Provides information about vmalloced/vmaped areas. One line per area, 1286containing the virtual address range of the area, size in bytes, 1287caller information of the creator, and optional information depending 1288on the kind of area: 1289 1290 ========== =================================================== 1291 pages=nr number of pages 1292 phys=addr if a physical address was specified 1293 ioremap I/O mapping (ioremap() and friends) 1294 vmalloc vmalloc() area 1295 vmap vmap()ed pages 1296 user VM_USERMAP area 1297 vpages buffer for pages pointers was vmalloced (huge area) 1298 N<node>=nr (Only on NUMA kernels) 1299 Number of pages allocated on memory node <node> 1300 ========== =================================================== 1301 1302:: 1303 1304 > cat /proc/vmallocinfo 1305 0xffffc20000000000-0xffffc20000201000 2101248 alloc_large_system_hash+0x204 ... 1306 /0x2c0 pages=512 vmalloc N0=128 N1=128 N2=128 N3=128 1307 0xffffc20000201000-0xffffc20000302000 1052672 alloc_large_system_hash+0x204 ... 1308 /0x2c0 pages=256 vmalloc N0=64 N1=64 N2=64 N3=64 1309 0xffffc20000302000-0xffffc20000304000 8192 acpi_tb_verify_table+0x21/0x4f... 1310 phys=7fee8000 ioremap 1311 0xffffc20000304000-0xffffc20000307000 12288 acpi_tb_verify_table+0x21/0x4f... 1312 phys=7fee7000 ioremap 1313 0xffffc2000031d000-0xffffc2000031f000 8192 init_vdso_vars+0x112/0x210 1314 0xffffc2000031f000-0xffffc2000032b000 49152 cramfs_uncompress_init+0x2e ... 1315 /0x80 pages=11 vmalloc N0=3 N1=3 N2=2 N3=3 1316 0xffffc2000033a000-0xffffc2000033d000 12288 sys_swapon+0x640/0xac0 ... 1317 pages=2 vmalloc N1=2 1318 0xffffc20000347000-0xffffc2000034c000 20480 xt_alloc_table_info+0xfe ... 1319 /0x130 [x_tables] pages=4 vmalloc N0=4 1320 0xffffffffa0000000-0xffffffffa000f000 61440 sys_init_module+0xc27/0x1d00 ... 1321 pages=14 vmalloc N2=14 1322 0xffffffffa000f000-0xffffffffa0014000 20480 sys_init_module+0xc27/0x1d00 ... 1323 pages=4 vmalloc N1=4 1324 0xffffffffa0014000-0xffffffffa0017000 12288 sys_init_module+0xc27/0x1d00 ... 1325 pages=2 vmalloc N1=2 1326 0xffffffffa0017000-0xffffffffa0022000 45056 sys_init_module+0xc27/0x1d00 ... 1327 pages=10 vmalloc N0=10 1328 1329 1330softirqs 1331~~~~~~~~ 1332 1333Provides counts of softirq handlers serviced since boot time, for each CPU. 1334 1335:: 1336 1337 > cat /proc/softirqs 1338 CPU0 CPU1 CPU2 CPU3 1339 HI: 0 0 0 0 1340 TIMER: 27166 27120 27097 27034 1341 NET_TX: 0 0 0 17 1342 NET_RX: 42 0 0 39 1343 BLOCK: 0 0 107 1121 1344 TASKLET: 0 0 0 290 1345 SCHED: 27035 26983 26971 26746 1346 HRTIMER: 0 0 0 0 1347 RCU: 1678 1769 2178 2250 1348 13491.3 Networking info in /proc/net 1350-------------------------------- 1351 1352The subdirectory /proc/net follows the usual pattern. Table 1-8 shows the 1353additional values you get for IP version 6 if you configure the kernel to 1354support this. Table 1-9 lists the files and their meaning. 1355 1356 1357.. table:: Table 1-8: IPv6 info in /proc/net 1358 1359 ========== ===================================================== 1360 File Content 1361 ========== ===================================================== 1362 udp6 UDP sockets (IPv6) 1363 tcp6 TCP sockets (IPv6) 1364 raw6 Raw device statistics (IPv6) 1365 igmp6 IP multicast addresses, which this host joined (IPv6) 1366 if_inet6 List of IPv6 interface addresses 1367 ipv6_route Kernel routing table for IPv6 1368 rt6_stats Global IPv6 routing tables statistics 1369 sockstat6 Socket statistics (IPv6) 1370 snmp6 Snmp data (IPv6) 1371 ========== ===================================================== 1372 1373.. table:: Table 1-9: Network info in /proc/net 1374 1375 ============= ================================================================ 1376 File Content 1377 ============= ================================================================ 1378 arp Kernel ARP table 1379 dev network devices with statistics 1380 dev_mcast the Layer2 multicast groups a device is listening too 1381 (interface index, label, number of references, number of bound 1382 addresses). 1383 dev_stat network device status 1384 ip_fwchains Firewall chain linkage 1385 ip_fwnames Firewall chain names 1386 ip_masq Directory containing the masquerading tables 1387 ip_masquerade Major masquerading table 1388 netstat Network statistics 1389 raw raw device statistics 1390 route Kernel routing table 1391 rpc Directory containing rpc info 1392 rt_cache Routing cache 1393 snmp SNMP data 1394 sockstat Socket statistics 1395 softnet_stat Per-CPU incoming packets queues statistics of online CPUs 1396 tcp TCP sockets 1397 udp UDP sockets 1398 unix UNIX domain sockets 1399 wireless Wireless interface data (Wavelan etc) 1400 igmp IP multicast addresses, which this host joined 1401 psched Global packet scheduler parameters. 1402 netlink List of PF_NETLINK sockets 1403 ip_mr_vifs List of multicast virtual interfaces 1404 ip_mr_cache List of multicast routing cache 1405 ============= ================================================================ 1406 1407You can use this information to see which network devices are available in 1408your system and how much traffic was routed over those devices:: 1409 1410 > cat /proc/net/dev 1411 Inter-|Receive |[... 1412 face |bytes packets errs drop fifo frame compressed multicast|[... 1413 lo: 908188 5596 0 0 0 0 0 0 [... 1414 ppp0:15475140 20721 410 0 0 410 0 0 [... 1415 eth0: 614530 7085 0 0 0 0 0 1 [... 1416 1417 ...] Transmit 1418 ...] bytes packets errs drop fifo colls carrier compressed 1419 ...] 908188 5596 0 0 0 0 0 0 1420 ...] 1375103 17405 0 0 0 0 0 0 1421 ...] 1703981 5535 0 0 0 3 0 0 1422 1423In addition, each Channel Bond interface has its own directory. For 1424example, the bond0 device will have a directory called /proc/net/bond0/. 1425It will contain information that is specific to that bond, such as the 1426current slaves of the bond, the link status of the slaves, and how 1427many times the slaves link has failed. 1428 14291.4 SCSI info 1430------------- 1431 1432If you have a SCSI or ATA host adapter in your system, you'll find a 1433subdirectory named after the driver for this adapter in /proc/scsi. 1434You'll also see a list of all recognized SCSI devices in /proc/scsi:: 1435 1436 >cat /proc/scsi/scsi 1437 Attached devices: 1438 Host: scsi0 Channel: 00 Id: 00 Lun: 00 1439 Vendor: IBM Model: DGHS09U Rev: 03E0 1440 Type: Direct-Access ANSI SCSI revision: 03 1441 Host: scsi0 Channel: 00 Id: 06 Lun: 00 1442 Vendor: PIONEER Model: CD-ROM DR-U06S Rev: 1.04 1443 Type: CD-ROM ANSI SCSI revision: 02 1444 1445 1446The directory named after the driver has one file for each adapter found in 1447the system. These files contain information about the controller, including 1448the used IRQ and the IO address range. The amount of information shown is 1449dependent on the adapter you use. The example shows the output for an Adaptec 1450AHA-2940 SCSI adapter:: 1451 1452 > cat /proc/scsi/aic7xxx/0 1453 1454 Adaptec AIC7xxx driver version: 5.1.19/3.2.4 1455 Compile Options: 1456 TCQ Enabled By Default : Disabled 1457 AIC7XXX_PROC_STATS : Disabled 1458 AIC7XXX_RESET_DELAY : 5 1459 Adapter Configuration: 1460 SCSI Adapter: Adaptec AHA-294X Ultra SCSI host adapter 1461 Ultra Wide Controller 1462 PCI MMAPed I/O Base: 0xeb001000 1463 Adapter SEEPROM Config: SEEPROM found and used. 1464 Adaptec SCSI BIOS: Enabled 1465 IRQ: 10 1466 SCBs: Active 0, Max Active 2, 1467 Allocated 15, HW 16, Page 255 1468 Interrupts: 160328 1469 BIOS Control Word: 0x18b6 1470 Adapter Control Word: 0x005b 1471 Extended Translation: Enabled 1472 Disconnect Enable Flags: 0xffff 1473 Ultra Enable Flags: 0x0001 1474 Tag Queue Enable Flags: 0x0000 1475 Ordered Queue Tag Flags: 0x0000 1476 Default Tag Queue Depth: 8 1477 Tagged Queue By Device array for aic7xxx host instance 0: 1478 {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255} 1479 Actual queue depth per device for aic7xxx host instance 0: 1480 {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1} 1481 Statistics: 1482 (scsi0:0:0:0) 1483 Device using Wide/Sync transfers at 40.0 MByte/sec, offset 8 1484 Transinfo settings: current(12/8/1/0), goal(12/8/1/0), user(12/15/1/0) 1485 Total transfers 160151 (74577 reads and 85574 writes) 1486 (scsi0:0:6:0) 1487 Device using Narrow/Sync transfers at 5.0 MByte/sec, offset 15 1488 Transinfo settings: current(50/15/0/0), goal(50/15/0/0), user(50/15/0/0) 1489 Total transfers 0 (0 reads and 0 writes) 1490 1491 14921.5 Parallel port info in /proc/parport 1493--------------------------------------- 1494 1495The directory /proc/parport contains information about the parallel ports of 1496your system. It has one subdirectory for each port, named after the port 1497number (0,1,2,...). 1498 1499These directories contain the four files shown in Table 1-10. 1500 1501 1502.. table:: Table 1-10: Files in /proc/parport 1503 1504 ========= ==================================================================== 1505 File Content 1506 ========= ==================================================================== 1507 autoprobe Any IEEE-1284 device ID information that has been acquired. 1508 devices list of the device drivers using that port. A + will appear by the 1509 name of the device currently using the port (it might not appear 1510 against any). 1511 hardware Parallel port's base address, IRQ line and DMA channel. 1512 irq IRQ that parport is using for that port. This is in a separate 1513 file to allow you to alter it by writing a new value in (IRQ 1514 number or none). 1515 ========= ==================================================================== 1516 15171.6 TTY info in /proc/tty 1518------------------------- 1519 1520Information about the available and actually used tty's can be found in the 1521directory /proc/tty. You'll find entries for drivers and line disciplines in 1522this directory, as shown in Table 1-11. 1523 1524 1525.. table:: Table 1-11: Files in /proc/tty 1526 1527 ============= ============================================== 1528 File Content 1529 ============= ============================================== 1530 drivers list of drivers and their usage 1531 ldiscs registered line disciplines 1532 driver/serial usage statistic and status of single tty lines 1533 ============= ============================================== 1534 1535To see which tty's are currently in use, you can simply look into the file 1536/proc/tty/drivers:: 1537 1538 > cat /proc/tty/drivers 1539 pty_slave /dev/pts 136 0-255 pty:slave 1540 pty_master /dev/ptm 128 0-255 pty:master 1541 pty_slave /dev/ttyp 3 0-255 pty:slave 1542 pty_master /dev/pty 2 0-255 pty:master 1543 serial /dev/cua 5 64-67 serial:callout 1544 serial /dev/ttyS 4 64-67 serial 1545 /dev/tty0 /dev/tty0 4 0 system:vtmaster 1546 /dev/ptmx /dev/ptmx 5 2 system 1547 /dev/console /dev/console 5 1 system:console 1548 /dev/tty /dev/tty 5 0 system:/dev/tty 1549 unknown /dev/tty 4 1-63 console 1550 1551 15521.7 Miscellaneous kernel statistics in /proc/stat 1553------------------------------------------------- 1554 1555Various pieces of information about kernel activity are available in the 1556/proc/stat file. All of the numbers reported in this file are aggregates 1557since the system first booted. For a quick look, simply cat the file:: 1558 1559 > cat /proc/stat 1560 cpu 237902850 368826709 106375398 1873517540 1135548 0 14507935 0 0 0 1561 cpu0 60045249 91891769 26331539 468411416 495718 0 5739640 0 0 0 1562 cpu1 59746288 91759249 26609887 468860630 312281 0 4384817 0 0 0 1563 cpu2 59489247 92985423 26904446 467808813 171668 0 2268998 0 0 0 1564 cpu3 58622065 92190267 26529524 468436680 155879 0 2114478 0 0 0 1565 intr 8688370575 8 3373 0 0 0 0 0 0 1 40791 0 0 353317 0 0 0 0 224789828 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 190974333 41958554 123983334 43 0 224593 0 0 0 <more 0's deleted> 1566 ctxt 22848221062 1567 btime 1605316999 1568 processes 746787147 1569 procs_running 2 1570 procs_blocked 0 1571 softirq 12121874454 100099120 3938138295 127375644 2795979 187870761 0 173808342 3072582055 52608 224184354 1572 1573The very first "cpu" line aggregates the numbers in all of the other "cpuN" 1574lines. These numbers identify the amount of time the CPU has spent performing 1575different kinds of work. Time units are in USER_HZ (typically hundredths of a 1576second). The meanings of the columns are as follows, from left to right: 1577 1578- user: normal processes executing in user mode 1579- nice: niced processes executing in user mode 1580- system: processes executing in kernel mode 1581- idle: twiddling thumbs 1582- iowait: In a word, iowait stands for waiting for I/O to complete. But there 1583 are several problems: 1584 1585 1. CPU will not wait for I/O to complete, iowait is the time that a task is 1586 waiting for I/O to complete. When CPU goes into idle state for 1587 outstanding task I/O, another task will be scheduled on this CPU. 1588 2. In a multi-core CPU, the task waiting for I/O to complete is not running 1589 on any CPU, so the iowait of each CPU is difficult to calculate. 1590 3. The value of iowait field in /proc/stat will decrease in certain 1591 conditions. 1592 1593 So, the iowait is not reliable by reading from /proc/stat. 1594- irq: servicing interrupts 1595- softirq: servicing softirqs 1596- steal: involuntary wait 1597- guest: running a normal guest 1598- guest_nice: running a niced guest 1599 1600The "intr" line gives counts of interrupts serviced since boot time, for each 1601of the possible system interrupts. The first column is the total of all 1602interrupts serviced including unnumbered architecture specific interrupts; 1603each subsequent column is the total for that particular numbered interrupt. 1604Unnumbered interrupts are not shown, only summed into the total. 1605 1606The "ctxt" line gives the total number of context switches across all CPUs. 1607 1608The "btime" line gives the time at which the system booted, in seconds since 1609the Unix epoch. 1610 1611The "processes" line gives the number of processes and threads created, which 1612includes (but is not limited to) those created by calls to the fork() and 1613clone() system calls. 1614 1615The "procs_running" line gives the total number of threads that are 1616running or ready to run (i.e., the total number of runnable threads). 1617 1618The "procs_blocked" line gives the number of processes currently blocked, 1619waiting for I/O to complete. 1620 1621The "softirq" line gives counts of softirqs serviced since boot time, for each 1622of the possible system softirqs. The first column is the total of all 1623softirqs serviced; each subsequent column is the total for that particular 1624softirq. 1625 1626 16271.8 Ext4 file system parameters 1628------------------------------- 1629 1630Information about mounted ext4 file systems can be found in 1631/proc/fs/ext4. Each mounted filesystem will have a directory in 1632/proc/fs/ext4 based on its device name (i.e., /proc/fs/ext4/hdc or 1633/proc/fs/ext4/sda9 or /proc/fs/ext4/dm-0). The files in each per-device 1634directory are shown in Table 1-12, below. 1635 1636.. table:: Table 1-12: Files in /proc/fs/ext4/<devname> 1637 1638 ============== ========================================================== 1639 File Content 1640 mb_groups details of multiblock allocator buddy cache of free blocks 1641 ============== ========================================================== 1642 16431.9 /proc/consoles 1644------------------- 1645Shows registered system console lines. 1646 1647To see which character device lines are currently used for the system console 1648/dev/console, you may simply look into the file /proc/consoles:: 1649 1650 > cat /proc/consoles 1651 tty0 -WU (ECp) 4:7 1652 ttyS0 -W- (Ep) 4:64 1653 1654The columns are: 1655 1656+--------------------+-------------------------------------------------------+ 1657| device | name of the device | 1658+====================+=======================================================+ 1659| operations | * R = can do read operations | 1660| | * W = can do write operations | 1661| | * U = can do unblank | 1662+--------------------+-------------------------------------------------------+ 1663| flags | * E = it is enabled | 1664| | * C = it is preferred console | 1665| | * B = it is primary boot console | 1666| | * p = it is used for printk buffer | 1667| | * b = it is not a TTY but a Braille device | 1668| | * a = it is safe to use when cpu is offline | 1669+--------------------+-------------------------------------------------------+ 1670| major:minor | major and minor number of the device separated by a | 1671| | colon | 1672+--------------------+-------------------------------------------------------+ 1673 1674Summary 1675------- 1676 1677The /proc file system serves information about the running system. It not only 1678allows access to process data but also allows you to request the kernel status 1679by reading files in the hierarchy. 1680 1681The directory structure of /proc reflects the types of information and makes 1682it easy, if not obvious, where to look for specific data. 1683 1684Chapter 2: Modifying System Parameters 1685====================================== 1686 1687In This Chapter 1688--------------- 1689 1690* Modifying kernel parameters by writing into files found in /proc/sys 1691* Exploring the files which modify certain parameters 1692* Review of the /proc/sys file tree 1693 1694------------------------------------------------------------------------------ 1695 1696A very interesting part of /proc is the directory /proc/sys. This is not only 1697a source of information, it also allows you to change parameters within the 1698kernel. Be very careful when attempting this. You can optimize your system, 1699but you can also cause it to crash. Never alter kernel parameters on a 1700production system. Set up a development machine and test to make sure that 1701everything works the way you want it to. You may have no alternative but to 1702reboot the machine once an error has been made. 1703 1704To change a value, simply echo the new value into the file. 1705You need to be root to do this. You can create your own boot script 1706to perform this every time your system boots. 1707 1708The files in /proc/sys can be used to fine tune and monitor miscellaneous and 1709general things in the operation of the Linux kernel. Since some of the files 1710can inadvertently disrupt your system, it is advisable to read both 1711documentation and source before actually making adjustments. In any case, be 1712very careful when writing to any of these files. The entries in /proc may 1713change slightly between the 2.1.* and the 2.2 kernel, so if there is any doubt 1714review the kernel documentation in the directory linux/Documentation. 1715This chapter is heavily based on the documentation included in the pre 2.2 1716kernels, and became part of it in version 2.2.1 of the Linux kernel. 1717 1718Please see: Documentation/admin-guide/sysctl/ directory for descriptions of 1719these entries. 1720 1721Summary 1722------- 1723 1724Certain aspects of kernel behavior can be modified at runtime, without the 1725need to recompile the kernel, or even to reboot the system. The files in the 1726/proc/sys tree can not only be read, but also modified. You can use the echo 1727command to write value into these files, thereby changing the default settings 1728of the kernel. 1729 1730 1731Chapter 3: Per-process Parameters 1732================================= 1733 17343.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj- Adjust the oom-killer score 1735-------------------------------------------------------------------------------- 1736 1737These files can be used to adjust the badness heuristic used to select which 1738process gets killed in out of memory (oom) conditions. 1739 1740The badness heuristic assigns a value to each candidate task ranging from 0 1741(never kill) to 1000 (always kill) to determine which process is targeted. The 1742units are roughly a proportion along that range of allowed memory the process 1743may allocate from based on an estimation of its current memory and swap use. 1744For example, if a task is using all allowed memory, its badness score will be 17451000. If it is using half of its allowed memory, its score will be 500. 1746 1747The amount of "allowed" memory depends on the context in which the oom killer 1748was called. If it is due to the memory assigned to the allocating task's cpuset 1749being exhausted, the allowed memory represents the set of mems assigned to that 1750cpuset. If it is due to a mempolicy's node(s) being exhausted, the allowed 1751memory represents the set of mempolicy nodes. If it is due to a memory 1752limit (or swap limit) being reached, the allowed memory is that configured 1753limit. Finally, if it is due to the entire system being out of memory, the 1754allowed memory represents all allocatable resources. 1755 1756The value of /proc/<pid>/oom_score_adj is added to the badness score before it 1757is used to determine which task to kill. Acceptable values range from -1000 1758(OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows userspace to 1759polarize the preference for oom killing either by always preferring a certain 1760task or completely disabling it. The lowest possible value, -1000, is 1761equivalent to disabling oom killing entirely for that task since it will always 1762report a badness score of 0. 1763 1764Consequently, it is very simple for userspace to define the amount of memory to 1765consider for each task. Setting a /proc/<pid>/oom_score_adj value of +500, for 1766example, is roughly equivalent to allowing the remainder of tasks sharing the 1767same system, cpuset, mempolicy, or memory controller resources to use at least 176850% more memory. A value of -500, on the other hand, would be roughly 1769equivalent to discounting 50% of the task's allowed memory from being considered 1770as scoring against the task. 1771 1772For backwards compatibility with previous kernels, /proc/<pid>/oom_adj may also 1773be used to tune the badness score. Its acceptable values range from -16 1774(OOM_ADJUST_MIN) to +15 (OOM_ADJUST_MAX) and a special value of -17 1775(OOM_DISABLE) to disable oom killing entirely for that task. Its value is 1776scaled linearly with /proc/<pid>/oom_score_adj. 1777 1778The value of /proc/<pid>/oom_score_adj may be reduced no lower than the last 1779value set by a CAP_SYS_RESOURCE process. To reduce the value any lower 1780requires CAP_SYS_RESOURCE. 1781 1782 17833.2 /proc/<pid>/oom_score - Display current oom-killer score 1784------------------------------------------------------------- 1785 1786This file can be used to check the current score used by the oom-killer for 1787any given <pid>. Use it together with /proc/<pid>/oom_score_adj to tune which 1788process should be killed in an out-of-memory situation. 1789 1790Please note that the exported value includes oom_score_adj so it is 1791effectively in range [0,2000]. 1792 1793 17943.3 /proc/<pid>/io - Display the IO accounting fields 1795------------------------------------------------------- 1796 1797This file contains IO statistics for each running process. 1798 1799Example 1800~~~~~~~ 1801 1802:: 1803 1804 test:/tmp # dd if=/dev/zero of=/tmp/test.dat & 1805 [1] 3828 1806 1807 test:/tmp # cat /proc/3828/io 1808 rchar: 323934931 1809 wchar: 323929600 1810 syscr: 632687 1811 syscw: 632675 1812 read_bytes: 0 1813 write_bytes: 323932160 1814 cancelled_write_bytes: 0 1815 1816 1817Description 1818~~~~~~~~~~~ 1819 1820rchar 1821^^^^^ 1822 1823I/O counter: chars read 1824The number of bytes which this task has caused to be read from storage. This 1825is simply the sum of bytes which this process passed to read() and pread(). 1826It includes things like tty IO and it is unaffected by whether or not actual 1827physical disk IO was required (the read might have been satisfied from 1828pagecache). 1829 1830 1831wchar 1832^^^^^ 1833 1834I/O counter: chars written 1835The number of bytes which this task has caused, or shall cause to be written 1836to disk. Similar caveats apply here as with rchar. 1837 1838 1839syscr 1840^^^^^ 1841 1842I/O counter: read syscalls 1843Attempt to count the number of read I/O operations, i.e. syscalls like read() 1844and pread(). 1845 1846 1847syscw 1848^^^^^ 1849 1850I/O counter: write syscalls 1851Attempt to count the number of write I/O operations, i.e. syscalls like 1852write() and pwrite(). 1853 1854 1855read_bytes 1856^^^^^^^^^^ 1857 1858I/O counter: bytes read 1859Attempt to count the number of bytes which this process really did cause to 1860be fetched from the storage layer. Done at the submit_bio() level, so it is 1861accurate for block-backed filesystems. <please add status regarding NFS and 1862CIFS at a later time> 1863 1864 1865write_bytes 1866^^^^^^^^^^^ 1867 1868I/O counter: bytes written 1869Attempt to count the number of bytes which this process caused to be sent to 1870the storage layer. This is done at page-dirtying time. 1871 1872 1873cancelled_write_bytes 1874^^^^^^^^^^^^^^^^^^^^^ 1875 1876The big inaccuracy here is truncate. If a process writes 1MB to a file and 1877then deletes the file, it will in fact perform no writeout. But it will have 1878been accounted as having caused 1MB of write. 1879In other words: The number of bytes which this process caused to not happen, 1880by truncating pagecache. A task can cause "negative" IO too. If this task 1881truncates some dirty pagecache, some IO which another task has been accounted 1882for (in its write_bytes) will not be happening. We _could_ just subtract that 1883from the truncating task's write_bytes, but there is information loss in doing 1884that. 1885 1886 1887.. Note:: 1888 1889 At its current implementation state, this is a bit racy on 32-bit machines: 1890 if process A reads process B's /proc/pid/io while process B is updating one 1891 of those 64-bit counters, process A could see an intermediate result. 1892 1893 1894More information about this can be found within the taskstats documentation in 1895Documentation/accounting. 1896 18973.4 /proc/<pid>/coredump_filter - Core dump filtering settings 1898--------------------------------------------------------------- 1899When a process is dumped, all anonymous memory is written to a core file as 1900long as the size of the core file isn't limited. But sometimes we don't want 1901to dump some memory segments, for example, huge shared memory or DAX. 1902Conversely, sometimes we want to save file-backed memory segments into a core 1903file, not only the individual files. 1904 1905/proc/<pid>/coredump_filter allows you to customize which memory segments 1906will be dumped when the <pid> process is dumped. coredump_filter is a bitmask 1907of memory types. If a bit of the bitmask is set, memory segments of the 1908corresponding memory type are dumped, otherwise they are not dumped. 1909 1910The following 9 memory types are supported: 1911 1912 - (bit 0) anonymous private memory 1913 - (bit 1) anonymous shared memory 1914 - (bit 2) file-backed private memory 1915 - (bit 3) file-backed shared memory 1916 - (bit 4) ELF header pages in file-backed private memory areas (it is 1917 effective only if the bit 2 is cleared) 1918 - (bit 5) hugetlb private memory 1919 - (bit 6) hugetlb shared memory 1920 - (bit 7) DAX private memory 1921 - (bit 8) DAX shared memory 1922 1923 Note that MMIO pages such as frame buffer are never dumped and vDSO pages 1924 are always dumped regardless of the bitmask status. 1925 1926 Note that bits 0-4 don't affect hugetlb or DAX memory. hugetlb memory is 1927 only affected by bit 5-6, and DAX is only affected by bits 7-8. 1928 1929The default value of coredump_filter is 0x33; this means all anonymous memory 1930segments, ELF header pages and hugetlb private memory are dumped. 1931 1932If you don't want to dump all shared memory segments attached to pid 1234, 1933write 0x31 to the process's proc file:: 1934 1935 $ echo 0x31 > /proc/1234/coredump_filter 1936 1937When a new process is created, the process inherits the bitmask status from its 1938parent. It is useful to set up coredump_filter before the program runs. 1939For example:: 1940 1941 $ echo 0x7 > /proc/self/coredump_filter 1942 $ ./some_program 1943 19443.5 /proc/<pid>/mountinfo - Information about mounts 1945-------------------------------------------------------- 1946 1947This file contains lines of the form:: 1948 1949 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue 1950 (1)(2)(3) (4) (5) (6) (n…m) (m+1)(m+2) (m+3) (m+4) 1951 1952 (1) mount ID: unique identifier of the mount (may be reused after umount) 1953 (2) parent ID: ID of parent (or of self for the top of the mount tree) 1954 (3) major:minor: value of st_dev for files on filesystem 1955 (4) root: root of the mount within the filesystem 1956 (5) mount point: mount point relative to the process's root 1957 (6) mount options: per mount options 1958 (n…m) optional fields: zero or more fields of the form "tag[:value]" 1959 (m+1) separator: marks the end of the optional fields 1960 (m+2) filesystem type: name of filesystem of the form "type[.subtype]" 1961 (m+3) mount source: filesystem specific information or "none" 1962 (m+4) super options: per super block options 1963 1964Parsers should ignore all unrecognised optional fields. Currently the 1965possible optional fields are: 1966 1967================ ============================================================== 1968shared:X mount is shared in peer group X 1969master:X mount is slave to peer group X 1970propagate_from:X mount is slave and receives propagation from peer group X [#]_ 1971unbindable mount is unbindable 1972================ ============================================================== 1973 1974.. [#] X is the closest dominant peer group under the process's root. If 1975 X is the immediate master of the mount, or if there's no dominant peer 1976 group under the same root, then only the "master:X" field is present 1977 and not the "propagate_from:X" field. 1978 1979For more information on mount propagation see: 1980 1981 Documentation/filesystems/sharedsubtree.rst 1982 1983 19843.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 1985-------------------------------------------------------- 1986These files provide a method to access a task's comm value. It also allows for 1987a task to set its own or one of its thread siblings comm value. The comm value 1988is limited in size compared to the cmdline value, so writing anything longer 1989then the kernel's TASK_COMM_LEN (currently 16 chars, including the NUL 1990terminator) will result in a truncated comm value. 1991 1992 19933.7 /proc/<pid>/task/<tid>/children - Information about task children 1994------------------------------------------------------------------------- 1995This file provides a fast way to retrieve first level children pids 1996of a task pointed by <pid>/<tid> pair. The format is a space separated 1997stream of pids. 1998 1999Note the "first level" here -- if a child has its own children they will 2000not be listed here; one needs to read /proc/<children-pid>/task/<tid>/children 2001to obtain the descendants. 2002 2003Since this interface is intended to be fast and cheap it doesn't 2004guarantee to provide precise results and some children might be 2005skipped, especially if they've exited right after we printed their 2006pids, so one needs to either stop or freeze processes being inspected 2007if precise results are needed. 2008 2009 20103.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 2011--------------------------------------------------------------- 2012This file provides information associated with an opened file. The regular 2013files have at least four fields -- 'pos', 'flags', 'mnt_id' and 'ino'. 2014The 'pos' represents the current offset of the opened file in decimal 2015form [see lseek(2) for details], 'flags' denotes the octal O_xxx mask the 2016file has been created with [see open(2) for details] and 'mnt_id' represents 2017mount ID of the file system containing the opened file [see 3.5 2018/proc/<pid>/mountinfo for details]. 'ino' represents the inode number of 2019the file. 2020 2021A typical output is:: 2022 2023 pos: 0 2024 flags: 0100002 2025 mnt_id: 19 2026 ino: 63107 2027 2028All locks associated with a file descriptor are shown in its fdinfo too:: 2029 2030 lock: 1: FLOCK ADVISORY WRITE 359 00:13:11691 0 EOF 2031 2032The files such as eventfd, fsnotify, signalfd, epoll among the regular pos/flags 2033pair provide additional information particular to the objects they represent. 2034 2035Eventfd files 2036~~~~~~~~~~~~~ 2037 2038:: 2039 2040 pos: 0 2041 flags: 04002 2042 mnt_id: 9 2043 ino: 63107 2044 eventfd-count: 5a 2045 2046where 'eventfd-count' is hex value of a counter. 2047 2048Signalfd files 2049~~~~~~~~~~~~~~ 2050 2051:: 2052 2053 pos: 0 2054 flags: 04002 2055 mnt_id: 9 2056 ino: 63107 2057 sigmask: 0000000000000200 2058 2059where 'sigmask' is hex value of the signal mask associated 2060with a file. 2061 2062Epoll files 2063~~~~~~~~~~~ 2064 2065:: 2066 2067 pos: 0 2068 flags: 02 2069 mnt_id: 9 2070 ino: 63107 2071 tfd: 5 events: 1d data: ffffffffffffffff pos:0 ino:61af sdev:7 2072 2073where 'tfd' is a target file descriptor number in decimal form, 2074'events' is events mask being watched and the 'data' is data 2075associated with a target [see epoll(7) for more details]. 2076 2077The 'pos' is current offset of the target file in decimal form 2078[see lseek(2)], 'ino' and 'sdev' are inode and device numbers 2079where target file resides, all in hex format. 2080 2081Fsnotify files 2082~~~~~~~~~~~~~~ 2083For inotify files the format is the following:: 2084 2085 pos: 0 2086 flags: 02000000 2087 mnt_id: 9 2088 ino: 63107 2089 inotify wd:3 ino:9e7e sdev:800013 mask:800afce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:7e9e0000640d1b6d 2090 2091where 'wd' is a watch descriptor in decimal form, i.e. a target file 2092descriptor number, 'ino' and 'sdev' are inode and device where the 2093target file resides and the 'mask' is the mask of events, all in hex 2094form [see inotify(7) for more details]. 2095 2096If the kernel was built with exportfs support, the path to the target 2097file is encoded as a file handle. The file handle is provided by three 2098fields 'fhandle-bytes', 'fhandle-type' and 'f_handle', all in hex 2099format. 2100 2101If the kernel is built without exportfs support the file handle won't be 2102printed out. 2103 2104If there is no inotify mark attached yet the 'inotify' line will be omitted. 2105 2106For fanotify files the format is:: 2107 2108 pos: 0 2109 flags: 02 2110 mnt_id: 9 2111 ino: 63107 2112 fanotify flags:10 event-flags:0 2113 fanotify mnt_id:12 mflags:40 mask:38 ignored_mask:40000003 2114 fanotify ino:4f969 sdev:800013 mflags:0 mask:3b ignored_mask:40000000 fhandle-bytes:8 fhandle-type:1 f_handle:69f90400c275b5b4 2115 2116where fanotify 'flags' and 'event-flags' are values used in fanotify_init 2117call, 'mnt_id' is the mount point identifier, 'mflags' is the value of 2118flags associated with mark which are tracked separately from events 2119mask. 'ino' and 'sdev' are target inode and device, 'mask' is the events 2120mask and 'ignored_mask' is the mask of events which are to be ignored. 2121All are in hex format. Incorporation of 'mflags', 'mask' and 'ignored_mask' 2122provide information about flags and mask used in fanotify_mark 2123call [see fsnotify manpage for details]. 2124 2125While the first three lines are mandatory and always printed, the rest is 2126optional and may be omitted if no marks created yet. 2127 2128Timerfd files 2129~~~~~~~~~~~~~ 2130 2131:: 2132 2133 pos: 0 2134 flags: 02 2135 mnt_id: 9 2136 ino: 63107 2137 clockid: 0 2138 ticks: 0 2139 settime flags: 01 2140 it_value: (0, 49406829) 2141 it_interval: (1, 0) 2142 2143where 'clockid' is the clock type and 'ticks' is the number of the timer expirations 2144that have occurred [see timerfd_create(2) for details]. 'settime flags' are 2145flags in octal form been used to setup the timer [see timerfd_settime(2) for 2146details]. 'it_value' is remaining time until the timer expiration. 2147'it_interval' is the interval for the timer. Note the timer might be set up 2148with TIMER_ABSTIME option which will be shown in 'settime flags', but 'it_value' 2149still exhibits timer's remaining time. 2150 2151DMA Buffer files 2152~~~~~~~~~~~~~~~~ 2153 2154:: 2155 2156 pos: 0 2157 flags: 04002 2158 mnt_id: 9 2159 ino: 63107 2160 size: 32768 2161 count: 2 2162 exp_name: system-heap 2163 2164where 'size' is the size of the DMA buffer in bytes. 'count' is the file count of 2165the DMA buffer file. 'exp_name' is the name of the DMA buffer exporter. 2166 21673.9 /proc/<pid>/map_files - Information about memory mapped files 2168--------------------------------------------------------------------- 2169This directory contains symbolic links which represent memory mapped files 2170the process is maintaining. Example output:: 2171 2172 | lr-------- 1 root root 64 Jan 27 11:24 333c600000-333c620000 -> /usr/lib64/ld-2.18.so 2173 | lr-------- 1 root root 64 Jan 27 11:24 333c81f000-333c820000 -> /usr/lib64/ld-2.18.so 2174 | lr-------- 1 root root 64 Jan 27 11:24 333c820000-333c821000 -> /usr/lib64/ld-2.18.so 2175 | ... 2176 | lr-------- 1 root root 64 Jan 27 11:24 35d0421000-35d0422000 -> /usr/lib64/libselinux.so.1 2177 | lr-------- 1 root root 64 Jan 27 11:24 400000-41a000 -> /usr/bin/ls 2178 2179The name of a link represents the virtual memory bounds of a mapping, i.e. 2180vm_area_struct::vm_start-vm_area_struct::vm_end. 2181 2182The main purpose of the map_files is to retrieve a set of memory mapped 2183files in a fast way instead of parsing /proc/<pid>/maps or 2184/proc/<pid>/smaps, both of which contain many more records. At the same 2185time one can open(2) mappings from the listings of two processes and 2186comparing their inode numbers to figure out which anonymous memory areas 2187are actually shared. 2188 21893.10 /proc/<pid>/timerslack_ns - Task timerslack value 2190--------------------------------------------------------- 2191This file provides the value of the task's timerslack value in nanoseconds. 2192This value specifies an amount of time that normal timers may be deferred 2193in order to coalesce timers and avoid unnecessary wakeups. 2194 2195This allows a task's interactivity vs power consumption tradeoff to be 2196adjusted. 2197 2198Writing 0 to the file will set the task's timerslack to the default value. 2199 2200Valid values are from 0 - ULLONG_MAX 2201 2202An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level 2203permissions on the task specified to change its timerslack_ns value. 2204 22053.11 /proc/<pid>/patch_state - Livepatch patch operation state 2206----------------------------------------------------------------- 2207When CONFIG_LIVEPATCH is enabled, this file displays the value of the 2208patch state for the task. 2209 2210A value of '-1' indicates that no patch is in transition. 2211 2212A value of '0' indicates that a patch is in transition and the task is 2213unpatched. If the patch is being enabled, then the task hasn't been 2214patched yet. If the patch is being disabled, then the task has already 2215been unpatched. 2216 2217A value of '1' indicates that a patch is in transition and the task is 2218patched. If the patch is being enabled, then the task has already been 2219patched. If the patch is being disabled, then the task hasn't been 2220unpatched yet. 2221 22223.12 /proc/<pid>/arch_status - task architecture specific status 2223------------------------------------------------------------------- 2224When CONFIG_PROC_PID_ARCH_STATUS is enabled, this file displays the 2225architecture specific status of the task. 2226 2227Example 2228~~~~~~~ 2229 2230:: 2231 2232 $ cat /proc/6753/arch_status 2233 AVX512_elapsed_ms: 8 2234 2235Description 2236~~~~~~~~~~~ 2237 2238x86 specific entries 2239~~~~~~~~~~~~~~~~~~~~~ 2240 2241AVX512_elapsed_ms 2242^^^^^^^^^^^^^^^^^^ 2243 2244 If AVX512 is supported on the machine, this entry shows the milliseconds 2245 elapsed since the last time AVX512 usage was recorded. The recording 2246 happens on a best effort basis when a task is scheduled out. This means 2247 that the value depends on two factors: 2248 2249 1) The time which the task spent on the CPU without being scheduled 2250 out. With CPU isolation and a single runnable task this can take 2251 several seconds. 2252 2253 2) The time since the task was scheduled out last. Depending on the 2254 reason for being scheduled out (time slice exhausted, syscall ...) 2255 this can be arbitrary long time. 2256 2257 As a consequence the value cannot be considered precise and authoritative 2258 information. The application which uses this information has to be aware 2259 of the overall scenario on the system in order to determine whether a 2260 task is a real AVX512 user or not. Precise information can be obtained 2261 with performance counters. 2262 2263 A special value of '-1' indicates that no AVX512 usage was recorded, thus 2264 the task is unlikely an AVX512 user, but depends on the workload and the 2265 scheduling scenario, it also could be a false negative mentioned above. 2266 22673.13 /proc/<pid>/fd - List of symlinks to open files 2268------------------------------------------------------- 2269This directory contains symbolic links which represent open files 2270the process is maintaining. Example output:: 2271 2272 lr-x------ 1 root root 64 Sep 20 17:53 0 -> /dev/null 2273 l-wx------ 1 root root 64 Sep 20 17:53 1 -> /dev/null 2274 lrwx------ 1 root root 64 Sep 20 17:53 10 -> 'socket:[12539]' 2275 lrwx------ 1 root root 64 Sep 20 17:53 11 -> 'socket:[12540]' 2276 lrwx------ 1 root root 64 Sep 20 17:53 12 -> 'socket:[12542]' 2277 2278The number of open files for the process is stored in 'size' member 2279of stat() output for /proc/<pid>/fd for fast access. 2280------------------------------------------------------- 2281 22823.14 /proc/<pid/ksm_stat - Information about the process's ksm status 2283--------------------------------------------------------------------- 2284When CONFIG_KSM is enabled, each process has this file which displays 2285the information of ksm merging status. 2286 2287Example 2288~~~~~~~ 2289 2290:: 2291 2292 / # cat /proc/self/ksm_stat 2293 ksm_rmap_items 0 2294 ksm_zero_pages 0 2295 ksm_merging_pages 0 2296 ksm_process_profit 0 2297 ksm_merge_any: no 2298 ksm_mergeable: no 2299 2300Description 2301~~~~~~~~~~~ 2302 2303ksm_rmap_items 2304^^^^^^^^^^^^^^ 2305 2306The number of ksm_rmap_item structures in use. The structure 2307ksm_rmap_item stores the reverse mapping information for virtual 2308addresses. KSM will generate a ksm_rmap_item for each ksm-scanned page of 2309the process. 2310 2311ksm_zero_pages 2312^^^^^^^^^^^^^^ 2313 2314When /sys/kernel/mm/ksm/use_zero_pages is enabled, it represent how many 2315empty pages are merged with kernel zero pages by KSM. 2316 2317ksm_merging_pages 2318^^^^^^^^^^^^^^^^^ 2319 2320It represents how many pages of this process are involved in KSM merging 2321(not including ksm_zero_pages). It is the same with what 2322/proc/<pid>/ksm_merging_pages shows. 2323 2324ksm_process_profit 2325^^^^^^^^^^^^^^^^^^ 2326 2327The profit that KSM brings (Saved bytes). KSM can save memory by merging 2328identical pages, but also can consume additional memory, because it needs 2329to generate a number of rmap_items to save each scanned page's brief rmap 2330information. Some of these pages may be merged, but some may not be abled 2331to be merged after being checked several times, which are unprofitable 2332memory consumed. 2333 2334ksm_merge_any 2335^^^^^^^^^^^^^ 2336 2337It specifies whether the process's 'mm is added by prctl() into the 2338candidate list of KSM or not, and if KSM scanning is fully enabled at 2339process level. 2340 2341ksm_mergeable 2342^^^^^^^^^^^^^ 2343 2344It specifies whether any VMAs of the process''s mms are currently 2345applicable to KSM. 2346 2347More information about KSM can be found in 2348Documentation/admin-guide/mm/ksm.rst. 2349 2350 2351Chapter 4: Configuring procfs 2352============================= 2353 23544.1 Mount options 2355--------------------- 2356 2357The following mount options are supported: 2358 2359 ========= ======================================================== 2360 hidepid= Set /proc/<pid>/ access mode. 2361 gid= Set the group authorized to learn processes information. 2362 subset= Show only the specified subset of procfs. 2363 ========= ======================================================== 2364 2365hidepid=off or hidepid=0 means classic mode - everybody may access all 2366/proc/<pid>/ directories (default). 2367 2368hidepid=noaccess or hidepid=1 means users may not access any /proc/<pid>/ 2369directories but their own. Sensitive files like cmdline, sched*, status are now 2370protected against other users. This makes it impossible to learn whether any 2371user runs specific program (given the program doesn't reveal itself by its 2372behaviour). As an additional bonus, as /proc/<pid>/cmdline is unaccessible for 2373other users, poorly written programs passing sensitive information via program 2374arguments are now protected against local eavesdroppers. 2375 2376hidepid=invisible or hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be 2377fully invisible to other users. It doesn't mean that it hides a fact whether a 2378process with a specific pid value exists (it can be learned by other means, e.g. 2379by "kill -0 $PID"), but it hides process's uid and gid, which may be learned by 2380stat()'ing /proc/<pid>/ otherwise. It greatly complicates an intruder's task of 2381gathering information about running processes, whether some daemon runs with 2382elevated privileges, whether other user runs some sensitive program, whether 2383other users run any program at all, etc. 2384 2385hidepid=ptraceable or hidepid=4 means that procfs should only contain 2386/proc/<pid>/ directories that the caller can ptrace. 2387 2388gid= defines a group authorized to learn processes information otherwise 2389prohibited by hidepid=. If you use some daemon like identd which needs to learn 2390information about processes information, just add identd to this group. 2391 2392subset=pid hides all top level files and directories in the procfs that 2393are not related to tasks. 2394 2395Chapter 5: Filesystem behavior 2396============================== 2397 2398Originally, before the advent of pid namespace, procfs was a global file 2399system. It means that there was only one procfs instance in the system. 2400 2401When pid namespace was added, a separate procfs instance was mounted in 2402each pid namespace. So, procfs mount options are global among all 2403mountpoints within the same namespace:: 2404 2405 # grep ^proc /proc/mounts 2406 proc /proc proc rw,relatime,hidepid=2 0 0 2407 2408 # strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc 2409 mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 2410 +++ exited with 0 +++ 2411 2412 # grep ^proc /proc/mounts 2413 proc /proc proc rw,relatime,hidepid=2 0 0 2414 proc /tmp/proc proc rw,relatime,hidepid=2 0 0 2415 2416and only after remounting procfs mount options will change at all 2417mountpoints:: 2418 2419 # mount -o remount,hidepid=1 -t proc proc /tmp/proc 2420 2421 # grep ^proc /proc/mounts 2422 proc /proc proc rw,relatime,hidepid=1 0 0 2423 proc /tmp/proc proc rw,relatime,hidepid=1 0 0 2424 2425This behavior is different from the behavior of other filesystems. 2426 2427The new procfs behavior is more like other filesystems. Each procfs mount 2428creates a new procfs instance. Mount options affect own procfs instance. 2429It means that it became possible to have several procfs instances 2430displaying tasks with different filtering options in one pid namespace:: 2431 2432 # mount -o hidepid=invisible -t proc proc /proc 2433 # mount -o hidepid=noaccess -t proc proc /tmp/proc 2434 # grep ^proc /proc/mounts 2435 proc /proc proc rw,relatime,hidepid=invisible 0 0 2436 proc /tmp/proc proc rw,relatime,hidepid=noaccess 0 0 2437