1.. SPDX-License-Identifier: GPL-2.0 2 3==================== 4The /proc Filesystem 5==================== 6 7===================== ======================================= ================ 8/proc/sys Terrehon Bowden <terrehon@pacbell.net>, October 7 1999 9 Bodo Bauer <bb@ricochet.net> 102.4.x update Jorge Nerin <comandante@zaralinux.com> November 14 2000 11move /proc/sys Shen Feng <shen@cn.fujitsu.com> April 1 2009 12fixes/update part 1.1 Stefani Seibold <stefani@seibold.net> June 9 2009 13===================== ======================================= ================ 14 15 16 17.. Table of Contents 18 19 0 Preface 20 0.1 Introduction/Credits 21 0.2 Legal Stuff 22 23 1 Collecting System Information 24 1.1 Process-Specific Subdirectories 25 1.2 Kernel data 26 1.3 IDE devices in /proc/ide 27 1.4 Networking info in /proc/net 28 1.5 SCSI info 29 1.6 Parallel port info in /proc/parport 30 1.7 TTY info in /proc/tty 31 1.8 Miscellaneous kernel statistics in /proc/stat 32 1.9 Ext4 file system parameters 33 34 2 Modifying System Parameters 35 36 3 Per-Process Parameters 37 3.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj - Adjust the oom-killer 38 score 39 3.2 /proc/<pid>/oom_score - Display current oom-killer score 40 3.3 /proc/<pid>/io - Display the IO accounting fields 41 3.4 /proc/<pid>/coredump_filter - Core dump filtering settings 42 3.5 /proc/<pid>/mountinfo - Information about mounts 43 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 44 3.7 /proc/<pid>/task/<tid>/children - Information about task children 45 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 46 3.9 /proc/<pid>/map_files - Information about memory mapped files 47 3.10 /proc/<pid>/timerslack_ns - Task timerslack value 48 3.11 /proc/<pid>/patch_state - Livepatch patch operation state 49 3.12 /proc/<pid>/arch_status - Task architecture specific information 50 3.13 /proc/<pid>/fd - List of symlinks to open files 51 3.14 /proc/<pid/ksm_stat - Information about the process's ksm status. 52 53 4 Configuring procfs 54 4.1 Mount options 55 56 5 Filesystem behavior 57 58Preface 59======= 60 610.1 Introduction/Credits 62------------------------ 63 64We'd like to thank Alan Cox, Rik van Riel, and Alexey Kuznetsov and a lot of 65other people for help compiling this documentation. We'd also like to extend a 66special thank you to Andi Kleen for documentation, which we relied on heavily 67to create this document, as well as the additional information he provided. 68Thanks to everybody else who contributed source or docs to the Linux kernel 69and helped create a great piece of software... :) 70 71The latest version of this document is available online at 72https://www.kernel.org/doc/html/latest/filesystems/proc.html 73 740.2 Legal Stuff 75--------------- 76 77We don't guarantee the correctness of this document, and if you come to us 78complaining about how you screwed up your system because of incorrect 79documentation, we won't feel responsible... 80 81Chapter 1: Collecting System Information 82======================================== 83 84In This Chapter 85--------------- 86* Investigating the properties of the pseudo file system /proc and its 87 ability to provide information on the running Linux system 88* Examining /proc's structure 89* Uncovering various information about the kernel and the processes running 90 on the system 91 92------------------------------------------------------------------------------ 93 94The proc file system acts as an interface to internal data structures in the 95kernel. It can be used to obtain information about the system and to change 96certain kernel parameters at runtime (sysctl). 97 98First, we'll take a look at the read-only parts of /proc. In Chapter 2, we 99show you how you can use /proc/sys to change settings. 100 1011.1 Process-Specific Subdirectories 102----------------------------------- 103 104The directory /proc contains (among other things) one subdirectory for each 105process running on the system, which is named after the process ID (PID). 106 107The link 'self' points to the process reading the file system. Each process 108subdirectory has the entries listed in Table 1-1. 109 110A process can read its own information from /proc/PID/* with no extra 111permissions. When reading /proc/PID/* information for other processes, reading 112process is required to have either CAP_SYS_PTRACE capability with 113PTRACE_MODE_READ access permissions, or, alternatively, CAP_PERFMON 114capability. This applies to all read-only information like `maps`, `environ`, 115`pagemap`, etc. The only exception is `mem` file due to its read-write nature, 116which requires CAP_SYS_PTRACE capabilities with more elevated 117PTRACE_MODE_ATTACH permissions; CAP_PERFMON capability does not grant access 118to /proc/PID/mem for other processes. 119 120Note that an open file descriptor to /proc/<pid> or to any of its 121contained files or subdirectories does not prevent <pid> being reused 122for some other process in the event that <pid> exits. Operations on 123open /proc/<pid> file descriptors corresponding to dead processes 124never act on any new process that the kernel may, through chance, have 125also assigned the process ID <pid>. Instead, operations on these FDs 126usually fail with ESRCH. 127 128.. table:: Table 1-1: Process specific entries in /proc 129 130 ============= =============================================================== 131 File Content 132 ============= =============================================================== 133 clear_refs Clears page referenced bits shown in smaps output 134 cmdline Command line arguments 135 cpu Current and last cpu in which it was executed (2.4)(smp) 136 cwd Link to the current working directory 137 environ Values of environment variables 138 exe Link to the executable of this process 139 fd Directory, which contains all file descriptors 140 maps Memory maps to executables and library files (2.4) 141 mem Memory held by this process 142 root Link to the root directory of this process 143 stat Process status 144 statm Process memory status information 145 status Process status in human readable form 146 wchan Present with CONFIG_KALLSYMS=y: it shows the kernel function 147 symbol the task is blocked in - or "0" if not blocked. 148 pagemap Page table 149 stack Report full stack trace, enable via CONFIG_STACKTRACE 150 smaps An extension based on maps, showing the memory consumption of 151 each mapping and flags associated with it 152 smaps_rollup Accumulated smaps stats for all mappings of the process. This 153 can be derived from smaps, but is faster and more convenient 154 numa_maps An extension based on maps, showing the memory locality and 155 binding policy as well as mem usage (in pages) of each mapping. 156 ============= =============================================================== 157 158For example, to get the status information of a process, all you have to do is 159read the file /proc/PID/status:: 160 161 >cat /proc/self/status 162 Name: cat 163 State: R (running) 164 Tgid: 5452 165 Pid: 5452 166 PPid: 743 167 TracerPid: 0 (2.4) 168 Uid: 501 501 501 501 169 Gid: 100 100 100 100 170 FDSize: 256 171 Groups: 100 14 16 172 Kthread: 0 173 VmPeak: 5004 kB 174 VmSize: 5004 kB 175 VmLck: 0 kB 176 VmHWM: 476 kB 177 VmRSS: 476 kB 178 RssAnon: 352 kB 179 RssFile: 120 kB 180 RssShmem: 4 kB 181 VmData: 156 kB 182 VmStk: 88 kB 183 VmExe: 68 kB 184 VmLib: 1412 kB 185 VmPTE: 20 kb 186 VmSwap: 0 kB 187 HugetlbPages: 0 kB 188 CoreDumping: 0 189 THP_enabled: 1 190 Threads: 1 191 SigQ: 0/28578 192 SigPnd: 0000000000000000 193 ShdPnd: 0000000000000000 194 SigBlk: 0000000000000000 195 SigIgn: 0000000000000000 196 SigCgt: 0000000000000000 197 CapInh: 00000000fffffeff 198 CapPrm: 0000000000000000 199 CapEff: 0000000000000000 200 CapBnd: ffffffffffffffff 201 CapAmb: 0000000000000000 202 NoNewPrivs: 0 203 Seccomp: 0 204 Speculation_Store_Bypass: thread vulnerable 205 SpeculationIndirectBranch: conditional enabled 206 voluntary_ctxt_switches: 0 207 nonvoluntary_ctxt_switches: 1 208 209This shows you nearly the same information you would get if you viewed it with 210the ps command. In fact, ps uses the proc file system to obtain its 211information. But you get a more detailed view of the process by reading the 212file /proc/PID/status. It fields are described in table 1-2. 213 214The statm file contains more detailed information about the process 215memory usage. Its seven fields are explained in Table 1-3. The stat file 216contains detailed information about the process itself. Its fields are 217explained in Table 1-4. 218 219(for SMP CONFIG users) 220 221For making accounting scalable, RSS related information are handled in an 222asynchronous manner and the value may not be very precise. To see a precise 223snapshot of a moment, you can see /proc/<pid>/smaps file and scan page table. 224It's slow but very precise. 225 226.. table:: Table 1-2: Contents of the status fields (as of 4.19) 227 228 ========================== =================================================== 229 Field Content 230 ========================== =================================================== 231 Name filename of the executable 232 Umask file mode creation mask 233 State state (R is running, S is sleeping, D is sleeping 234 in an uninterruptible wait, Z is zombie, 235 T is traced or stopped) 236 Tgid thread group ID 237 Ngid NUMA group ID (0 if none) 238 Pid process id 239 PPid process id of the parent process 240 TracerPid PID of process tracing this process (0 if not, or 241 the tracer is outside of the current pid namespace) 242 Uid Real, effective, saved set, and file system UIDs 243 Gid Real, effective, saved set, and file system GIDs 244 FDSize number of file descriptor slots currently allocated 245 Groups supplementary group list 246 NStgid descendant namespace thread group ID hierarchy 247 NSpid descendant namespace process ID hierarchy 248 NSpgid descendant namespace process group ID hierarchy 249 NSsid descendant namespace session ID hierarchy 250 Kthread kernel thread flag, 1 is yes, 0 is no 251 VmPeak peak virtual memory size 252 VmSize total program size 253 VmLck locked memory size 254 VmPin pinned memory size 255 VmHWM peak resident set size ("high water mark") 256 VmRSS size of memory portions. It contains the three 257 following parts 258 (VmRSS = RssAnon + RssFile + RssShmem) 259 RssAnon size of resident anonymous memory 260 RssFile size of resident file mappings 261 RssShmem size of resident shmem memory (includes SysV shm, 262 mapping of tmpfs and shared anonymous mappings) 263 VmData size of private data segments 264 VmStk size of stack segments 265 VmExe size of text segment 266 VmLib size of shared library code 267 VmPTE size of page table entries 268 VmSwap amount of swap used by anonymous private data 269 (shmem swap usage is not included) 270 HugetlbPages size of hugetlb memory portions 271 CoreDumping process's memory is currently being dumped 272 (killing the process may lead to a corrupted core) 273 THP_enabled process is allowed to use THP (returns 0 when 274 PR_SET_THP_DISABLE is set on the process to disable 275 THP completely, not just partially) 276 Threads number of threads 277 SigQ number of signals queued/max. number for queue 278 SigPnd bitmap of pending signals for the thread 279 ShdPnd bitmap of shared pending signals for the process 280 SigBlk bitmap of blocked signals 281 SigIgn bitmap of ignored signals 282 SigCgt bitmap of caught signals 283 CapInh bitmap of inheritable capabilities 284 CapPrm bitmap of permitted capabilities 285 CapEff bitmap of effective capabilities 286 CapBnd bitmap of capabilities bounding set 287 CapAmb bitmap of ambient capabilities 288 NoNewPrivs no_new_privs, like prctl(PR_GET_NO_NEW_PRIV, ...) 289 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...) 290 Speculation_Store_Bypass speculative store bypass mitigation status 291 SpeculationIndirectBranch indirect branch speculation mode 292 Cpus_allowed mask of CPUs on which this process may run 293 Cpus_allowed_list Same as previous, but in "list format" 294 Mems_allowed mask of memory nodes allowed to this process 295 Mems_allowed_list Same as previous, but in "list format" 296 voluntary_ctxt_switches number of voluntary context switches 297 nonvoluntary_ctxt_switches number of non voluntary context switches 298 ========================== =================================================== 299 300 301.. table:: Table 1-3: Contents of the statm fields (as of 2.6.8-rc3) 302 303 ======== =============================== ============================== 304 Field Content 305 ======== =============================== ============================== 306 size total program size (pages) (same as VmSize in status) 307 resident size of memory portions (pages) (same as VmRSS in status) 308 shared number of pages that are shared (i.e. backed by a file, same 309 as RssFile+RssShmem in status) 310 trs number of pages that are 'code' (not including libs; broken, 311 includes data segment) 312 lrs number of pages of library (always 0 on 2.6) 313 drs number of pages of data/stack (including libs; broken, 314 includes library text) 315 dt number of dirty pages (always 0 on 2.6) 316 ======== =============================== ============================== 317 318 319.. table:: Table 1-4: Contents of the stat fields (as of 2.6.30-rc7) 320 321 ============= =============================================================== 322 Field Content 323 ============= =============================================================== 324 pid process id 325 tcomm filename of the executable 326 state state (R is running, S is sleeping, D is sleeping in an 327 uninterruptible wait, Z is zombie, T is traced or stopped) 328 ppid process id of the parent process 329 pgrp pgrp of the process 330 sid session id 331 tty_nr tty the process uses 332 tty_pgrp pgrp of the tty 333 flags task flags 334 min_flt number of minor faults 335 cmin_flt number of minor faults with child's 336 maj_flt number of major faults 337 cmaj_flt number of major faults with child's 338 utime user mode jiffies 339 stime kernel mode jiffies 340 cutime user mode jiffies with child's 341 cstime kernel mode jiffies with child's 342 priority priority level 343 nice nice level 344 num_threads number of threads 345 it_real_value (obsolete, always 0) 346 start_time time the process started after system boot 347 vsize virtual memory size 348 rss resident set memory size 349 rsslim current limit in bytes on the rss 350 start_code address above which program text can run 351 end_code address below which program text can run 352 start_stack address of the start of the main process stack 353 esp current value of ESP 354 eip current value of EIP 355 pending bitmap of pending signals 356 blocked bitmap of blocked signals 357 sigign bitmap of ignored signals 358 sigcatch bitmap of caught signals 359 0 (place holder, used to be the wchan address, 360 use /proc/PID/wchan instead) 361 0 (place holder) 362 0 (place holder) 363 exit_signal signal to send to parent thread on exit 364 task_cpu which CPU the task is scheduled on 365 rt_priority realtime priority 366 policy scheduling policy (man sched_setscheduler) 367 blkio_ticks time spent waiting for block IO 368 gtime guest time of the task in jiffies 369 cgtime guest time of the task children in jiffies 370 start_data address above which program data+bss is placed 371 end_data address below which program data+bss is placed 372 start_brk address above which program heap can be expanded with brk() 373 arg_start address above which program command line is placed 374 arg_end address below which program command line is placed 375 env_start address above which program environment is placed 376 env_end address below which program environment is placed 377 exit_code the thread's exit_code in the form reported by the waitpid 378 system call 379 ============= =============================================================== 380 381The /proc/PID/maps file contains the currently mapped memory regions and 382their access permissions. 383 384The format is:: 385 386 address perms offset dev inode pathname 387 388 08048000-08049000 r-xp 00000000 03:00 8312 /opt/test 389 08049000-0804a000 rw-p 00001000 03:00 8312 /opt/test 390 0804a000-0806b000 rw-p 00000000 00:00 0 [heap] 391 a7cb1000-a7cb2000 ---p 00000000 00:00 0 392 a7cb2000-a7eb2000 rw-p 00000000 00:00 0 393 a7eb2000-a7eb3000 ---p 00000000 00:00 0 394 a7eb3000-a7ed5000 rw-p 00000000 00:00 0 395 a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 396 a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 397 a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 398 a800b000-a800e000 rw-p 00000000 00:00 0 399 a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 400 a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 401 a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 402 a8024000-a8027000 rw-p 00000000 00:00 0 403 a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 404 a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 405 a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 406 aff35000-aff4a000 rw-p 00000000 00:00 0 [stack] 407 ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] 408 409where "address" is the address space in the process that it occupies, "perms" 410is a set of permissions:: 411 412 r = read 413 w = write 414 x = execute 415 s = shared 416 p = private (copy on write) 417 418"offset" is the offset into the mapping, "dev" is the device (major:minor), and 419"inode" is the inode on that device. 0 indicates that no inode is associated 420with the memory region, as the case would be with BSS (uninitialized data). 421The "pathname" shows the name associated file for this mapping. If the mapping 422is not associated with a file: 423 424 =================== =========================================== 425 [heap] the heap of the program 426 [stack] the stack of the main process 427 [vdso] the "virtual dynamic shared object", 428 the kernel system call handler 429 [anon:<name>] a private anonymous mapping that has been 430 named by userspace 431 [anon_shmem:<name>] an anonymous shared memory mapping that has 432 been named by userspace 433 =================== =========================================== 434 435 or if empty, the mapping is anonymous. 436 437Starting with 6.11 kernel, /proc/PID/maps provides an alternative 438ioctl()-based API that gives ability to flexibly and efficiently query and 439filter individual VMAs. This interface is binary and is meant for more 440efficient and easy programmatic use. `struct procmap_query`, defined in 441linux/fs.h UAPI header, serves as an input/output argument to the 442`PROCMAP_QUERY` ioctl() command. See comments in linus/fs.h UAPI header for 443details on query semantics, supported flags, data returned, and general API 444usage information. 445 446The /proc/PID/smaps is an extension based on maps, showing the memory 447consumption for each of the process's mappings. For each mapping (aka Virtual 448Memory Area, or VMA) there is a series of lines such as the following:: 449 450 08048000-080bc000 r-xp 00000000 03:02 13130 /bin/bash 451 452 Size: 1084 kB 453 KernelPageSize: 4 kB 454 MMUPageSize: 4 kB 455 Rss: 892 kB 456 Pss: 374 kB 457 Pss_Dirty: 0 kB 458 Shared_Clean: 892 kB 459 Shared_Dirty: 0 kB 460 Private_Clean: 0 kB 461 Private_Dirty: 0 kB 462 Referenced: 892 kB 463 Anonymous: 0 kB 464 KSM: 0 kB 465 LazyFree: 0 kB 466 AnonHugePages: 0 kB 467 ShmemPmdMapped: 0 kB 468 Shared_Hugetlb: 0 kB 469 Private_Hugetlb: 0 kB 470 Swap: 0 kB 471 SwapPss: 0 kB 472 KernelPageSize: 4 kB 473 MMUPageSize: 4 kB 474 Locked: 0 kB 475 THPeligible: 0 476 VmFlags: rd ex mr mw me dw 477 478The first of these lines shows the same information as is displayed for 479the mapping in /proc/PID/maps. Following lines show the size of the 480mapping (size); the size of each page allocated when backing a VMA 481(KernelPageSize), which is usually the same as the size in the page table 482entries; the page size used by the MMU when backing a VMA (in most cases, 483the same as KernelPageSize); the amount of the mapping that is currently 484resident in RAM (RSS); the process's proportional share of this mapping 485(PSS); and the number of clean and dirty shared and private pages in the 486mapping. 487 488The "proportional set size" (PSS) of a process is the count of pages it has 489in memory, where each page is divided by the number of processes sharing it. 490So if a process has 1000 pages all to itself, and 1000 shared with one other 491process, its PSS will be 1500. "Pss_Dirty" is the portion of PSS which 492consists of dirty pages. ("Pss_Clean" is not included, but it can be 493calculated by subtracting "Pss_Dirty" from "Pss".) 494 495Traditionally, a page is accounted as "private" if it is mapped exactly once, 496and a page is accounted as "shared" when mapped multiple times, even when 497mapped in the same process multiple times. Note that this accounting is 498independent of MAP_SHARED. 499 500In some kernel configurations, the semantics of pages part of a larger 501allocation (e.g., THP) can differ: a page is accounted as "private" if all 502pages part of the corresponding large allocation are *certainly* mapped in the 503same process, even if the page is mapped multiple times in that process. A 504page is accounted as "shared" if any page page of the larger allocation 505is *maybe* mapped in a different process. In some cases, a large allocation 506might be treated as "maybe mapped by multiple processes" even though this 507is no longer the case. 508 509Some kernel configurations do not track the precise number of times a page part 510of a larger allocation is mapped. In this case, when calculating the PSS, the 511average number of mappings per page in this larger allocation might be used 512as an approximation for the number of mappings of a page. The PSS calculation 513will be imprecise in this case. 514 515"Referenced" indicates the amount of memory currently marked as referenced or 516accessed. 517 518"Anonymous" shows the amount of memory that does not belong to any file. Even 519a mapping associated with a file may contain anonymous pages: when MAP_PRIVATE 520and a page is modified, the file page is replaced by a private anonymous copy. 521 522"KSM" reports how many of the pages are KSM pages. Note that KSM-placed zeropages 523are not included, only actual KSM pages. 524 525"LazyFree" shows the amount of memory which is marked by madvise(MADV_FREE). 526The memory isn't freed immediately with madvise(). It's freed in memory 527pressure if the memory is clean. Please note that the printed value might 528be lower than the real value due to optimizations used in the current 529implementation. If this is not desirable please file a bug report. 530 531"AnonHugePages" shows the amount of memory backed by transparent hugepage. 532 533"ShmemPmdMapped" shows the amount of shared (shmem/tmpfs) memory backed by 534huge pages. 535 536"Shared_Hugetlb" and "Private_Hugetlb" show the amounts of memory backed by 537hugetlbfs page which is *not* counted in "RSS" or "PSS" field for historical 538reasons. And these are not included in {Shared,Private}_{Clean,Dirty} field. 539 540"Swap" shows how much would-be-anonymous memory is also used, but out on swap. 541 542For shmem mappings, "Swap" includes also the size of the mapped (and not 543replaced by copy-on-write) part of the underlying shmem object out on swap. 544"SwapPss" shows proportional swap share of this mapping. Unlike "Swap", this 545does not take into account swapped out page of underlying shmem objects. 546"Locked" indicates whether the mapping is locked in memory or not. 547 548"THPeligible" indicates whether the mapping is eligible for allocating 549naturally aligned THP pages of any currently enabled size. 1 if true, 0 550otherwise. 551 552"VmFlags" field deserves a separate description. This member represents the 553kernel flags associated with the particular virtual memory area in two letter 554encoded manner. The codes are the following: 555 556 == ============================================================= 557 rd readable 558 wr writeable 559 ex executable 560 sh shared 561 mr may read 562 mw may write 563 me may execute 564 ms may share 565 gd stack segment growns down 566 pf pure PFN range 567 lo pages are locked in memory 568 io memory mapped I/O area 569 sr sequential read advise provided 570 rr random read advise provided 571 dc do not copy area on fork 572 de do not expand area on remapping 573 ac area is accountable 574 nr swap space is not reserved for the area 575 ht area uses huge tlb pages 576 sf synchronous page fault 577 ar architecture specific flag 578 wf wipe on fork 579 dd do not include area into core dump 580 sd soft dirty flag 581 mm mixed map area 582 hg huge page advise flag 583 nh no huge page advise flag 584 mg mergeable advise flag 585 bt arm64 BTI guarded page 586 mt arm64 MTE allocation tags are enabled 587 um userfaultfd missing tracking 588 uw userfaultfd wr-protect tracking 589 ui userfaultfd minor fault 590 ss shadow/guarded control stack page 591 sl sealed 592 lf lock on fault pages 593 dp always lazily freeable mapping 594 gu maybe contains guard regions (if not set, definitely doesn't) 595 == ============================================================= 596 597Note that there is no guarantee that every flag and associated mnemonic will 598be present in all further kernel releases. Things get changed, the flags may 599be vanished or the reverse -- new added. Interpretation of their meaning 600might change in future as well. So each consumer of these flags has to 601follow each specific kernel version for the exact semantic. 602 603This file is only present if the CONFIG_MMU kernel configuration option is 604enabled. 605 606Note: reading /proc/PID/maps or /proc/PID/smaps is inherently racy (consistent 607output can be achieved only in the single read call). 608 609This typically manifests when doing partial reads of these files while the 610memory map is being modified. Despite the races, we do provide the following 611guarantees: 612 6131) The mapped addresses never go backwards, which implies no two 614 regions will ever overlap. 6152) If there is something at a given vaddr during the entirety of the 616 life of the smaps/maps walk, there will be some output for it. 617 618The /proc/PID/smaps_rollup file includes the same fields as /proc/PID/smaps, 619but their values are the sums of the corresponding values for all mappings of 620the process. Additionally, it contains these fields: 621 622- Pss_Anon 623- Pss_File 624- Pss_Shmem 625 626They represent the proportional shares of anonymous, file, and shmem pages, as 627described for smaps above. These fields are omitted in smaps since each 628mapping identifies the type (anon, file, or shmem) of all pages it contains. 629Thus all information in smaps_rollup can be derived from smaps, but at a 630significantly higher cost. 631 632The /proc/PID/clear_refs is used to reset the PG_Referenced and ACCESSED/YOUNG 633bits on both physical and virtual pages associated with a process, and the 634soft-dirty bit on pte (see Documentation/admin-guide/mm/soft-dirty.rst 635for details). 636To clear the bits for all the pages associated with the process:: 637 638 > echo 1 > /proc/PID/clear_refs 639 640To clear the bits for the anonymous pages associated with the process:: 641 642 > echo 2 > /proc/PID/clear_refs 643 644To clear the bits for the file mapped pages associated with the process:: 645 646 > echo 3 > /proc/PID/clear_refs 647 648To clear the soft-dirty bit:: 649 650 > echo 4 > /proc/PID/clear_refs 651 652To reset the peak resident set size ("high water mark") to the process's 653current value:: 654 655 > echo 5 > /proc/PID/clear_refs 656 657Any other value written to /proc/PID/clear_refs will have no effect. 658 659The /proc/pid/pagemap gives the PFN, which can be used to find the pageflags 660using /proc/kpageflags and number of times a page is mapped using 661/proc/kpagecount. For detailed explanation, see 662Documentation/admin-guide/mm/pagemap.rst. 663 664The /proc/pid/numa_maps is an extension based on maps, showing the memory 665locality and binding policy, as well as the memory usage (in pages) of 666each mapping. The output follows a general format where mapping details get 667summarized separated by blank spaces, one mapping per each file line:: 668 669 address policy mapping details 670 671 00400000 default file=/usr/local/bin/app mapped=1 active=0 N3=1 kernelpagesize_kB=4 672 00600000 default file=/usr/local/bin/app anon=1 dirty=1 N3=1 kernelpagesize_kB=4 673 3206000000 default file=/lib64/ld-2.12.so mapped=26 mapmax=6 N0=24 N3=2 kernelpagesize_kB=4 674 320621f000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 675 3206220000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 676 3206221000 default anon=1 dirty=1 N3=1 kernelpagesize_kB=4 677 3206800000 default file=/lib64/libc-2.12.so mapped=59 mapmax=21 active=55 N0=41 N3=18 kernelpagesize_kB=4 678 320698b000 default file=/lib64/libc-2.12.so 679 3206b8a000 default file=/lib64/libc-2.12.so anon=2 dirty=2 N3=2 kernelpagesize_kB=4 680 3206b8e000 default file=/lib64/libc-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 681 3206b8f000 default anon=3 dirty=3 active=1 N3=3 kernelpagesize_kB=4 682 7f4dc10a2000 default anon=3 dirty=3 N3=3 kernelpagesize_kB=4 683 7f4dc10b4000 default anon=2 dirty=2 active=1 N3=2 kernelpagesize_kB=4 684 7f4dc1200000 default file=/anon_hugepage\040(deleted) huge anon=1 dirty=1 N3=1 kernelpagesize_kB=2048 685 7fff335f0000 default stack anon=3 dirty=3 N3=3 kernelpagesize_kB=4 686 7fff3369d000 default mapped=1 mapmax=35 active=0 N3=1 kernelpagesize_kB=4 687 688Where: 689 690"address" is the starting address for the mapping; 691 692"policy" reports the NUMA memory policy set for the mapping (see Documentation/admin-guide/mm/numa_memory_policy.rst); 693 694"mapping details" summarizes mapping data such as mapping type, page usage counters, 695node locality page counters (N0 == node0, N1 == node1, ...) and the kernel page 696size, in KB, that is backing the mapping up. 697 698Note that some kernel configurations do not track the precise number of times 699a page part of a larger allocation (e.g., THP) is mapped. In these 700configurations, "mapmax" might corresponds to the average number of mappings 701per page in such a larger allocation instead. 702 7031.2 Kernel data 704--------------- 705 706Similar to the process entries, the kernel data files give information about 707the running kernel. The files used to obtain this information are contained in 708/proc and are listed in Table 1-5. Not all of these will be present in your 709system. It depends on the kernel configuration and the loaded modules, which 710files are there, and which are missing. 711 712.. table:: Table 1-5: Kernel info in /proc 713 714 ============ =============================================================== 715 File Content 716 ============ =============================================================== 717 allocinfo Memory allocations profiling information 718 apm Advanced power management info 719 bootconfig Kernel command line obtained from boot config, 720 and, if there were kernel parameters from the 721 boot loader, a "# Parameters from bootloader:" 722 line followed by a line containing those 723 parameters prefixed by "# ". (5.5) 724 buddyinfo Kernel memory allocator information (see text) (2.5) 725 bus Directory containing bus specific information 726 cmdline Kernel command line, both from bootloader and embedded 727 in the kernel image 728 cpuinfo Info about the CPU 729 devices Available devices (block and character) 730 dma Used DMS channels 731 filesystems Supported filesystems 732 driver Various drivers grouped here, currently rtc (2.4) 733 execdomains Execdomains, related to security (2.4) 734 fb Frame Buffer devices (2.4) 735 fs File system parameters, currently nfs/exports (2.4) 736 ide Directory containing info about the IDE subsystem 737 interrupts Interrupt usage 738 iomem Memory map (2.4) 739 ioports I/O port usage 740 irq Masks for irq to cpu affinity (2.4)(smp?) 741 isapnp ISA PnP (Plug&Play) Info (2.4) 742 kcore Kernel core image (can be ELF or A.OUT(deprecated in 2.4)) 743 kmsg Kernel messages 744 ksyms Kernel symbol table 745 loadavg Load average of last 1, 5 & 15 minutes; 746 number of processes currently runnable (running or on ready queue); 747 total number of processes in system; 748 last pid created. 749 All fields are separated by one space except "number of 750 processes currently runnable" and "total number of processes 751 in system", which are separated by a slash ('/'). Example: 752 0.61 0.61 0.55 3/828 22084 753 locks Kernel locks 754 meminfo Memory info 755 misc Miscellaneous 756 modules List of loaded modules 757 mounts Mounted filesystems 758 net Networking info (see text) 759 pagetypeinfo Additional page allocator information (see text) (2.5) 760 partitions Table of partitions known to the system 761 pci Deprecated info of PCI bus (new way -> /proc/bus/pci/, 762 decoupled by lspci (2.4) 763 rtc Real time clock 764 scsi SCSI info (see text) 765 slabinfo Slab pool info 766 softirqs softirq usage 767 stat Overall statistics 768 swaps Swap space utilization 769 sys See chapter 2 770 sysvipc Info of SysVIPC Resources (msg, sem, shm) (2.4) 771 tty Info of tty drivers 772 uptime Wall clock since boot, combined idle time of all cpus 773 version Kernel version 774 video bttv info of video resources (2.4) 775 vmallocinfo Show vmalloced areas 776 ============ =============================================================== 777 778You can, for example, check which interrupts are currently in use and what 779they are used for by looking in the file /proc/interrupts:: 780 781 > cat /proc/interrupts 782 CPU0 783 0: 8728810 XT-PIC timer 784 1: 895 XT-PIC keyboard 785 2: 0 XT-PIC cascade 786 3: 531695 XT-PIC aha152x 787 4: 2014133 XT-PIC serial 788 5: 44401 XT-PIC pcnet_cs 789 8: 2 XT-PIC rtc 790 11: 8 XT-PIC i82365 791 12: 182918 XT-PIC PS/2 Mouse 792 13: 1 XT-PIC fpu 793 14: 1232265 XT-PIC ide0 794 15: 7 XT-PIC ide1 795 NMI: 0 796 797In 2.4.* a couple of lines where added to this file LOC & ERR (this time is the 798output of a SMP machine):: 799 800 > cat /proc/interrupts 801 802 CPU0 CPU1 803 0: 1243498 1214548 IO-APIC-edge timer 804 1: 8949 8958 IO-APIC-edge keyboard 805 2: 0 0 XT-PIC cascade 806 5: 11286 10161 IO-APIC-edge soundblaster 807 8: 1 0 IO-APIC-edge rtc 808 9: 27422 27407 IO-APIC-edge 3c503 809 12: 113645 113873 IO-APIC-edge PS/2 Mouse 810 13: 0 0 XT-PIC fpu 811 14: 22491 24012 IO-APIC-edge ide0 812 15: 2183 2415 IO-APIC-edge ide1 813 17: 30564 30414 IO-APIC-level eth0 814 18: 177 164 IO-APIC-level bttv 815 NMI: 2457961 2457959 816 LOC: 2457882 2457881 817 ERR: 2155 818 819NMI is incremented in this case because every timer interrupt generates a NMI 820(Non Maskable Interrupt) which is used by the NMI Watchdog to detect lockups. 821 822LOC is the local interrupt counter of the internal APIC of every CPU. 823 824ERR is incremented in the case of errors in the IO-APIC bus (the bus that 825connects the CPUs in a SMP system. This means that an error has been detected, 826the IO-APIC automatically retry the transmission, so it should not be a big 827problem, but you should read the SMP-FAQ. 828 829In 2.6.2* /proc/interrupts was expanded again. This time the goal was for 830/proc/interrupts to display every IRQ vector in use by the system, not 831just those considered 'most important'. The new vectors are: 832 833THR 834 interrupt raised when a machine check threshold counter 835 (typically counting ECC corrected errors of memory or cache) exceeds 836 a configurable threshold. Only available on some systems. 837 838TRM 839 a thermal event interrupt occurs when a temperature threshold 840 has been exceeded for the CPU. This interrupt may also be generated 841 when the temperature drops back to normal. 842 843SPU 844 a spurious interrupt is some interrupt that was raised then lowered 845 by some IO device before it could be fully processed by the APIC. Hence 846 the APIC sees the interrupt but does not know what device it came from. 847 For this case the APIC will generate the interrupt with a IRQ vector 848 of 0xff. This might also be generated by chipset bugs. 849 850RES, CAL, TLB 851 rescheduling, call and TLB flush interrupts are 852 sent from one CPU to another per the needs of the OS. Typically, 853 their statistics are used by kernel developers and interested users to 854 determine the occurrence of interrupts of the given type. 855 856The above IRQ vectors are displayed only when relevant. For example, 857the threshold vector does not exist on x86_64 platforms. Others are 858suppressed when the system is a uniprocessor. As of this writing, only 859i386 and x86_64 platforms support the new IRQ vector displays. 860 861Of some interest is the introduction of the /proc/irq directory to 2.4. 862It could be used to set IRQ to CPU affinity. This means that you can "hook" an 863IRQ to only one CPU, or to exclude a CPU of handling IRQs. The contents of the 864irq subdir is one subdir for each IRQ, and two files; default_smp_affinity and 865prof_cpu_mask. 866 867For example:: 868 869 > ls /proc/irq/ 870 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask 871 1 11 13 15 17 19 3 5 7 9 default_smp_affinity 872 > ls /proc/irq/0/ 873 smp_affinity 874 875smp_affinity is a bitmask, in which you can specify which CPUs can handle the 876IRQ. You can set it by doing:: 877 878 > echo 1 > /proc/irq/10/smp_affinity 879 880This means that only the first CPU will handle the IRQ, but you can also echo 8815 which means that only the first and third CPU can handle the IRQ. 882 883The contents of each smp_affinity file is the same by default:: 884 885 > cat /proc/irq/0/smp_affinity 886 ffffffff 887 888There is an alternate interface, smp_affinity_list which allows specifying 889a CPU range instead of a bitmask:: 890 891 > cat /proc/irq/0/smp_affinity_list 892 1024-1031 893 894The default_smp_affinity mask applies to all non-active IRQs, which are the 895IRQs which have not yet been allocated/activated, and hence which lack a 896/proc/irq/[0-9]* directory. 897 898The node file on an SMP system shows the node to which the device using the IRQ 899reports itself as being attached. This hardware locality information does not 900include information about any possible driver locality preference. 901 902prof_cpu_mask specifies which CPUs are to be profiled by the system wide 903profiler. Default value is ffffffff (all CPUs if there are only 32 of them). 904 905The way IRQs are routed is handled by the IO-APIC, and it's Round Robin 906between all the CPUs which are allowed to handle it. As usual the kernel has 907more info than you and does a better job than you, so the defaults are the 908best choice for almost everyone. [Note this applies only to those IO-APIC's 909that support "Round Robin" interrupt distribution.] 910 911There are three more important subdirectories in /proc: net, scsi, and sys. 912The general rule is that the contents, or even the existence of these 913directories, depend on your kernel configuration. If SCSI is not enabled, the 914directory scsi may not exist. The same is true with the net, which is there 915only when networking support is present in the running kernel. 916 917The slabinfo file gives information about memory usage at the slab level. 918Linux uses slab pools for memory management above page level in version 2.2. 919Commonly used objects have their own slab pool (such as network buffers, 920directory cache, and so on). 921 922:: 923 924 > cat /proc/buddyinfo 925 926 Node 0, zone DMA 0 4 5 4 4 3 ... 927 Node 0, zone Normal 1 0 0 1 101 8 ... 928 Node 0, zone HighMem 2 0 0 1 1 0 ... 929 930External fragmentation is a problem under some workloads, and buddyinfo is a 931useful tool for helping diagnose these problems. Buddyinfo will give you a 932clue as to how big an area you can safely allocate, or why a previous 933allocation failed. 934 935Each column represents the number of pages of a certain order which are 936available. In this case, there are 0 chunks of 2^0*PAGE_SIZE available in 937ZONE_DMA, 4 chunks of 2^1*PAGE_SIZE in ZONE_DMA, 101 chunks of 2^4*PAGE_SIZE 938available in ZONE_NORMAL, etc... 939 940More information relevant to external fragmentation can be found in 941pagetypeinfo:: 942 943 > cat /proc/pagetypeinfo 944 Page block order: 9 945 Pages per block: 512 946 947 Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 948 Node 0, zone DMA, type Unmovable 0 0 0 1 1 1 1 1 1 1 0 949 Node 0, zone DMA, type Reclaimable 0 0 0 0 0 0 0 0 0 0 0 950 Node 0, zone DMA, type Movable 1 1 2 1 2 1 1 0 1 0 2 951 Node 0, zone DMA, type Reserve 0 0 0 0 0 0 0 0 0 1 0 952 Node 0, zone DMA, type Isolate 0 0 0 0 0 0 0 0 0 0 0 953 Node 0, zone DMA32, type Unmovable 103 54 77 1 1 1 11 8 7 1 9 954 Node 0, zone DMA32, type Reclaimable 0 0 2 1 0 0 0 0 1 0 0 955 Node 0, zone DMA32, type Movable 169 152 113 91 77 54 39 13 6 1 452 956 Node 0, zone DMA32, type Reserve 1 2 2 2 2 0 1 1 1 1 0 957 Node 0, zone DMA32, type Isolate 0 0 0 0 0 0 0 0 0 0 0 958 959 Number of blocks type Unmovable Reclaimable Movable Reserve Isolate 960 Node 0, zone DMA 2 0 5 1 0 961 Node 0, zone DMA32 41 6 967 2 0 962 963Fragmentation avoidance in the kernel works by grouping pages of different 964migrate types into the same contiguous regions of memory called page blocks. 965A page block is typically the size of the default hugepage size, e.g. 2MB on 966X86-64. By keeping pages grouped based on their ability to move, the kernel 967can reclaim pages within a page block to satisfy a high-order allocation. 968 969The pagetypinfo begins with information on the size of a page block. It 970then gives the same type of information as buddyinfo except broken down 971by migrate-type and finishes with details on how many page blocks of each 972type exist. 973 974If min_free_kbytes has been tuned correctly (recommendations made by hugeadm 975from libhugetlbfs https://github.com/libhugetlbfs/libhugetlbfs/), one can 976make an estimate of the likely number of huge pages that can be allocated 977at a given point in time. All the "Movable" blocks should be allocatable 978unless memory has been mlock()'d. Some of the Reclaimable blocks should 979also be allocatable although a lot of filesystem metadata may have to be 980reclaimed to achieve this. 981 982 983allocinfo 984~~~~~~~~~ 985 986Provides information about memory allocations at all locations in the code 987base. Each allocation in the code is identified by its source file, line 988number, module (if originates from a loadable module) and the function calling 989the allocation. The number of bytes allocated and number of calls at each 990location are reported. The first line indicates the version of the file, the 991second line is the header listing fields in the file. 992If file version is 2.0 or higher then each line may contain additional 993<key>:<value> pairs representing extra information about the call site. 994For example if the counters are not accurate, the line will be appended with 995"accurate:no" pair. 996 997Supported markers in v2: 998accurate:no 999 1000 Absolute values of the counters in this line are not accurate 1001 because of the failure to allocate memory to track some of the 1002 allocations made at this location. Deltas in these counters are 1003 accurate, therefore counters can be used to track allocation size 1004 and count changes. 1005 1006Example output. 1007 1008:: 1009 1010 > tail -n +3 /proc/allocinfo | sort -rn 1011 127664128 31168 mm/page_ext.c:270 func:alloc_page_ext 1012 56373248 4737 mm/slub.c:2259 func:alloc_slab_page 1013 14880768 3633 mm/readahead.c:247 func:page_cache_ra_unbounded 1014 14417920 3520 mm/mm_init.c:2530 func:alloc_large_system_hash 1015 13377536 234 block/blk-mq.c:3421 func:blk_mq_alloc_rqs 1016 11718656 2861 mm/filemap.c:1919 func:__filemap_get_folio 1017 9192960 2800 kernel/fork.c:307 func:alloc_thread_stack_node 1018 4206592 4 net/netfilter/nf_conntrack_core.c:2567 func:nf_ct_alloc_hashtable 1019 4136960 1010 drivers/staging/ctagmod/ctagmod.c:20 [ctagmod] func:ctagmod_start 1020 3940352 962 mm/memory.c:4214 func:alloc_anon_folio 1021 2894464 22613 fs/kernfs/dir.c:615 func:__kernfs_new_node 1022 ... 1023 1024 1025meminfo 1026~~~~~~~ 1027 1028Provides information about distribution and utilization of memory. This 1029varies by architecture and compile options. Some of the counters reported 1030here overlap. The memory reported by the non overlapping counters may not 1031add up to the overall memory usage and the difference for some workloads 1032can be substantial. In many cases there are other means to find out 1033additional memory using subsystem specific interfaces, for instance 1034/proc/net/sockstat for TCP memory allocations. 1035 1036Example output. You may not have all of these fields. 1037 1038:: 1039 1040 > cat /proc/meminfo 1041 1042 MemTotal: 32858820 kB 1043 MemFree: 21001236 kB 1044 MemAvailable: 27214312 kB 1045 Buffers: 581092 kB 1046 Cached: 5587612 kB 1047 SwapCached: 0 kB 1048 Active: 3237152 kB 1049 Inactive: 7586256 kB 1050 Active(anon): 94064 kB 1051 Inactive(anon): 4570616 kB 1052 Active(file): 3143088 kB 1053 Inactive(file): 3015640 kB 1054 Unevictable: 0 kB 1055 Mlocked: 0 kB 1056 SwapTotal: 0 kB 1057 SwapFree: 0 kB 1058 Zswap: 1904 kB 1059 Zswapped: 7792 kB 1060 Dirty: 12 kB 1061 Writeback: 0 kB 1062 AnonPages: 4654780 kB 1063 Mapped: 266244 kB 1064 Shmem: 9976 kB 1065 KReclaimable: 517708 kB 1066 Slab: 660044 kB 1067 SReclaimable: 517708 kB 1068 SUnreclaim: 142336 kB 1069 KernelStack: 11168 kB 1070 PageTables: 20540 kB 1071 SecPageTables: 0 kB 1072 NFS_Unstable: 0 kB 1073 Bounce: 0 kB 1074 WritebackTmp: 0 kB 1075 CommitLimit: 16429408 kB 1076 Committed_AS: 7715148 kB 1077 VmallocTotal: 34359738367 kB 1078 VmallocUsed: 40444 kB 1079 VmallocChunk: 0 kB 1080 Percpu: 29312 kB 1081 EarlyMemtestBad: 0 kB 1082 HardwareCorrupted: 0 kB 1083 AnonHugePages: 4149248 kB 1084 ShmemHugePages: 0 kB 1085 ShmemPmdMapped: 0 kB 1086 FileHugePages: 0 kB 1087 FilePmdMapped: 0 kB 1088 CmaTotal: 0 kB 1089 CmaFree: 0 kB 1090 Unaccepted: 0 kB 1091 Balloon: 0 kB 1092 HugePages_Total: 0 1093 HugePages_Free: 0 1094 HugePages_Rsvd: 0 1095 HugePages_Surp: 0 1096 Hugepagesize: 2048 kB 1097 Hugetlb: 0 kB 1098 DirectMap4k: 401152 kB 1099 DirectMap2M: 10008576 kB 1100 DirectMap1G: 24117248 kB 1101 1102MemTotal 1103 Total usable RAM (i.e. physical RAM minus a few reserved 1104 bits and the kernel binary code) 1105MemFree 1106 Total free RAM. On highmem systems, the sum of LowFree+HighFree 1107MemAvailable 1108 An estimate of how much memory is available for starting new 1109 applications, without swapping. Calculated from MemFree, 1110 SReclaimable, the size of the file LRU lists, and the low 1111 watermarks in each zone. 1112 The estimate takes into account that the system needs some 1113 page cache to function well, and that not all reclaimable 1114 slab will be reclaimable, due to items being in use. The 1115 impact of those factors will vary from system to system. 1116Buffers 1117 Relatively temporary storage for raw disk blocks 1118 shouldn't get tremendously large (20MB or so) 1119Cached 1120 In-memory cache for files read from the disk (the 1121 pagecache) as well as tmpfs & shmem. 1122 Doesn't include SwapCached. 1123SwapCached 1124 Memory that once was swapped out, is swapped back in but 1125 still also is in the swapfile (if memory is needed it 1126 doesn't need to be swapped out AGAIN because it is already 1127 in the swapfile. This saves I/O) 1128Active 1129 Memory that has been used more recently and usually not 1130 reclaimed unless absolutely necessary. 1131Inactive 1132 Memory which has been less recently used. It is more 1133 eligible to be reclaimed for other purposes 1134Unevictable 1135 Memory allocated for userspace which cannot be reclaimed, such 1136 as mlocked pages, ramfs backing pages, secret memfd pages etc. 1137Mlocked 1138 Memory locked with mlock(). 1139HighTotal, HighFree 1140 Highmem is all memory above ~860MB of physical memory. 1141 Highmem areas are for use by userspace programs, or 1142 for the pagecache. The kernel must use tricks to access 1143 this memory, making it slower to access than lowmem. 1144LowTotal, LowFree 1145 Lowmem is memory which can be used for everything that 1146 highmem can be used for, but it is also available for the 1147 kernel's use for its own data structures. Among many 1148 other things, it is where everything from the Slab is 1149 allocated. Bad things happen when you're out of lowmem. 1150SwapTotal 1151 total amount of swap space available 1152SwapFree 1153 Memory which has been evicted from RAM, and is temporarily 1154 on the disk 1155Zswap 1156 Memory consumed by the zswap backend (compressed size) 1157Zswapped 1158 Amount of anonymous memory stored in zswap (original size) 1159Dirty 1160 Memory which is waiting to get written back to the disk 1161Writeback 1162 Memory which is actively being written back to the disk 1163AnonPages 1164 Non-file backed pages mapped into userspace page tables. Note that 1165 some kernel configurations might consider all pages part of a 1166 larger allocation (e.g., THP) as "mapped", as soon as a single 1167 page is mapped. 1168Mapped 1169 files which have been mmapped, such as libraries. Note that some 1170 kernel configurations might consider all pages part of a larger 1171 allocation (e.g., THP) as "mapped", as soon as a single page is 1172 mapped. 1173Shmem 1174 Total memory used by shared memory (shmem) and tmpfs 1175KReclaimable 1176 Kernel allocations that the kernel will attempt to reclaim 1177 under memory pressure. Includes SReclaimable (below), and other 1178 direct allocations with a shrinker. 1179Slab 1180 in-kernel data structures cache 1181SReclaimable 1182 Part of Slab, that might be reclaimed, such as caches 1183SUnreclaim 1184 Part of Slab, that cannot be reclaimed on memory pressure 1185KernelStack 1186 Memory consumed by the kernel stacks of all tasks 1187PageTables 1188 Memory consumed by userspace page tables 1189SecPageTables 1190 Memory consumed by secondary page tables, this currently includes 1191 KVM mmu and IOMMU allocations on x86 and arm64. 1192NFS_Unstable 1193 Always zero. Previously counted pages which had been written to 1194 the server, but has not been committed to stable storage. 1195Bounce 1196 Always zero. Previously memory used for block device 1197 "bounce buffers". 1198WritebackTmp 1199 Always zero. Previously memory used by FUSE for temporary 1200 writeback buffers. 1201CommitLimit 1202 Based on the overcommit ratio ('vm.overcommit_ratio'), 1203 this is the total amount of memory currently available to 1204 be allocated on the system. This limit is only adhered to 1205 if strict overcommit accounting is enabled (mode 2 in 1206 'vm.overcommit_memory'). 1207 1208 The CommitLimit is calculated with the following formula:: 1209 1210 CommitLimit = ([total RAM pages] - [total huge TLB pages]) * 1211 overcommit_ratio / 100 + [total swap pages] 1212 1213 For example, on a system with 1G of physical RAM and 7G 1214 of swap with a `vm.overcommit_ratio` of 30 it would 1215 yield a CommitLimit of 7.3G. 1216 1217 For more details, see the memory overcommit documentation 1218 in mm/overcommit-accounting. 1219Committed_AS 1220 The amount of memory presently allocated on the system. 1221 The committed memory is a sum of all of the memory which 1222 has been allocated by processes, even if it has not been 1223 "used" by them as of yet. A process which malloc()'s 1G 1224 of memory, but only touches 300M of it will show up as 1225 using 1G. This 1G is memory which has been "committed" to 1226 by the VM and can be used at any time by the allocating 1227 application. With strict overcommit enabled on the system 1228 (mode 2 in 'vm.overcommit_memory'), allocations which would 1229 exceed the CommitLimit (detailed above) will not be permitted. 1230 This is useful if one needs to guarantee that processes will 1231 not fail due to lack of memory once that memory has been 1232 successfully allocated. 1233VmallocTotal 1234 total size of vmalloc virtual address space 1235VmallocUsed 1236 amount of vmalloc area which is used 1237VmallocChunk 1238 largest contiguous block of vmalloc area which is free 1239Percpu 1240 Memory allocated to the percpu allocator used to back percpu 1241 allocations. This stat excludes the cost of metadata. 1242EarlyMemtestBad 1243 The amount of RAM/memory in kB, that was identified as corrupted 1244 by early memtest. If memtest was not run, this field will not 1245 be displayed at all. Size is never rounded down to 0 kB. 1246 That means if 0 kB is reported, you can safely assume 1247 there was at least one pass of memtest and none of the passes 1248 found a single faulty byte of RAM. 1249HardwareCorrupted 1250 The amount of RAM/memory in KB, the kernel identifies as 1251 corrupted. 1252AnonHugePages 1253 Non-file backed huge pages mapped into userspace page tables 1254ShmemHugePages 1255 Memory used by shared memory (shmem) and tmpfs allocated 1256 with huge pages 1257ShmemPmdMapped 1258 Shared memory mapped into userspace with huge pages 1259FileHugePages 1260 Memory used for filesystem data (page cache) allocated 1261 with huge pages 1262FilePmdMapped 1263 Page cache mapped into userspace with huge pages 1264CmaTotal 1265 Memory reserved for the Contiguous Memory Allocator (CMA) 1266CmaFree 1267 Free remaining memory in the CMA reserves 1268Unaccepted 1269 Memory that has not been accepted by the guest 1270Balloon 1271 Memory returned to Host by VM Balloon Drivers 1272HugePages_Total, HugePages_Free, HugePages_Rsvd, HugePages_Surp, Hugepagesize, Hugetlb 1273 See Documentation/admin-guide/mm/hugetlbpage.rst. 1274DirectMap4k, DirectMap2M, DirectMap1G 1275 Breakdown of page table sizes used in the kernel's 1276 identity mapping of RAM 1277 1278vmallocinfo 1279~~~~~~~~~~~ 1280 1281Provides information about vmalloced/vmaped areas. One line per area, 1282containing the virtual address range of the area, size in bytes, 1283caller information of the creator, and optional information depending 1284on the kind of area: 1285 1286 ========== =================================================== 1287 pages=nr number of pages 1288 phys=addr if a physical address was specified 1289 ioremap I/O mapping (ioremap() and friends) 1290 vmalloc vmalloc() area 1291 vmap vmap()ed pages 1292 user VM_USERMAP area 1293 vpages buffer for pages pointers was vmalloced (huge area) 1294 N<node>=nr (Only on NUMA kernels) 1295 Number of pages allocated on memory node <node> 1296 ========== =================================================== 1297 1298:: 1299 1300 > cat /proc/vmallocinfo 1301 0xffffc20000000000-0xffffc20000201000 2101248 alloc_large_system_hash+0x204 ... 1302 /0x2c0 pages=512 vmalloc N0=128 N1=128 N2=128 N3=128 1303 0xffffc20000201000-0xffffc20000302000 1052672 alloc_large_system_hash+0x204 ... 1304 /0x2c0 pages=256 vmalloc N0=64 N1=64 N2=64 N3=64 1305 0xffffc20000302000-0xffffc20000304000 8192 acpi_tb_verify_table+0x21/0x4f... 1306 phys=7fee8000 ioremap 1307 0xffffc20000304000-0xffffc20000307000 12288 acpi_tb_verify_table+0x21/0x4f... 1308 phys=7fee7000 ioremap 1309 0xffffc2000031d000-0xffffc2000031f000 8192 init_vdso_vars+0x112/0x210 1310 0xffffc2000031f000-0xffffc2000032b000 49152 cramfs_uncompress_init+0x2e ... 1311 /0x80 pages=11 vmalloc N0=3 N1=3 N2=2 N3=3 1312 0xffffc2000033a000-0xffffc2000033d000 12288 sys_swapon+0x640/0xac0 ... 1313 pages=2 vmalloc N1=2 1314 0xffffc20000347000-0xffffc2000034c000 20480 xt_alloc_table_info+0xfe ... 1315 /0x130 [x_tables] pages=4 vmalloc N0=4 1316 0xffffffffa0000000-0xffffffffa000f000 61440 sys_init_module+0xc27/0x1d00 ... 1317 pages=14 vmalloc N2=14 1318 0xffffffffa000f000-0xffffffffa0014000 20480 sys_init_module+0xc27/0x1d00 ... 1319 pages=4 vmalloc N1=4 1320 0xffffffffa0014000-0xffffffffa0017000 12288 sys_init_module+0xc27/0x1d00 ... 1321 pages=2 vmalloc N1=2 1322 0xffffffffa0017000-0xffffffffa0022000 45056 sys_init_module+0xc27/0x1d00 ... 1323 pages=10 vmalloc N0=10 1324 1325 1326softirqs 1327~~~~~~~~ 1328 1329Provides counts of softirq handlers serviced since boot time, for each CPU. 1330 1331:: 1332 1333 > cat /proc/softirqs 1334 CPU0 CPU1 CPU2 CPU3 1335 HI: 0 0 0 0 1336 TIMER: 27166 27120 27097 27034 1337 NET_TX: 0 0 0 17 1338 NET_RX: 42 0 0 39 1339 BLOCK: 0 0 107 1121 1340 TASKLET: 0 0 0 290 1341 SCHED: 27035 26983 26971 26746 1342 HRTIMER: 0 0 0 0 1343 RCU: 1678 1769 2178 2250 1344 13451.3 Networking info in /proc/net 1346-------------------------------- 1347 1348The subdirectory /proc/net follows the usual pattern. Table 1-8 shows the 1349additional values you get for IP version 6 if you configure the kernel to 1350support this. Table 1-9 lists the files and their meaning. 1351 1352 1353.. table:: Table 1-8: IPv6 info in /proc/net 1354 1355 ========== ===================================================== 1356 File Content 1357 ========== ===================================================== 1358 udp6 UDP sockets (IPv6) 1359 tcp6 TCP sockets (IPv6) 1360 raw6 Raw device statistics (IPv6) 1361 igmp6 IP multicast addresses, which this host joined (IPv6) 1362 if_inet6 List of IPv6 interface addresses 1363 ipv6_route Kernel routing table for IPv6 1364 rt6_stats Global IPv6 routing tables statistics 1365 sockstat6 Socket statistics (IPv6) 1366 snmp6 Snmp data (IPv6) 1367 ========== ===================================================== 1368 1369.. table:: Table 1-9: Network info in /proc/net 1370 1371 ============= ================================================================ 1372 File Content 1373 ============= ================================================================ 1374 arp Kernel ARP table 1375 dev network devices with statistics 1376 dev_mcast the Layer2 multicast groups a device is listening too 1377 (interface index, label, number of references, number of bound 1378 addresses). 1379 dev_stat network device status 1380 ip_fwchains Firewall chain linkage 1381 ip_fwnames Firewall chain names 1382 ip_masq Directory containing the masquerading tables 1383 ip_masquerade Major masquerading table 1384 netstat Network statistics 1385 raw raw device statistics 1386 route Kernel routing table 1387 rpc Directory containing rpc info 1388 rt_cache Routing cache 1389 snmp SNMP data 1390 sockstat Socket statistics 1391 softnet_stat Per-CPU incoming packets queues statistics of online CPUs 1392 tcp TCP sockets 1393 udp UDP sockets 1394 unix UNIX domain sockets 1395 wireless Wireless interface data (Wavelan etc) 1396 igmp IP multicast addresses, which this host joined 1397 psched Global packet scheduler parameters. 1398 netlink List of PF_NETLINK sockets 1399 ip_mr_vifs List of multicast virtual interfaces 1400 ip_mr_cache List of multicast routing cache 1401 ============= ================================================================ 1402 1403You can use this information to see which network devices are available in 1404your system and how much traffic was routed over those devices:: 1405 1406 > cat /proc/net/dev 1407 Inter-|Receive |[... 1408 face |bytes packets errs drop fifo frame compressed multicast|[... 1409 lo: 908188 5596 0 0 0 0 0 0 [... 1410 ppp0:15475140 20721 410 0 0 410 0 0 [... 1411 eth0: 614530 7085 0 0 0 0 0 1 [... 1412 1413 ...] Transmit 1414 ...] bytes packets errs drop fifo colls carrier compressed 1415 ...] 908188 5596 0 0 0 0 0 0 1416 ...] 1375103 17405 0 0 0 0 0 0 1417 ...] 1703981 5535 0 0 0 3 0 0 1418 1419In addition, each Channel Bond interface has its own directory. For 1420example, the bond0 device will have a directory called /proc/net/bond0/. 1421It will contain information that is specific to that bond, such as the 1422current slaves of the bond, the link status of the slaves, and how 1423many times the slaves link has failed. 1424 14251.4 SCSI info 1426------------- 1427 1428If you have a SCSI or ATA host adapter in your system, you'll find a 1429subdirectory named after the driver for this adapter in /proc/scsi. 1430You'll also see a list of all recognized SCSI devices in /proc/scsi:: 1431 1432 >cat /proc/scsi/scsi 1433 Attached devices: 1434 Host: scsi0 Channel: 00 Id: 00 Lun: 00 1435 Vendor: IBM Model: DGHS09U Rev: 03E0 1436 Type: Direct-Access ANSI SCSI revision: 03 1437 Host: scsi0 Channel: 00 Id: 06 Lun: 00 1438 Vendor: PIONEER Model: CD-ROM DR-U06S Rev: 1.04 1439 Type: CD-ROM ANSI SCSI revision: 02 1440 1441 1442The directory named after the driver has one file for each adapter found in 1443the system. These files contain information about the controller, including 1444the used IRQ and the IO address range. The amount of information shown is 1445dependent on the adapter you use. The example shows the output for an Adaptec 1446AHA-2940 SCSI adapter:: 1447 1448 > cat /proc/scsi/aic7xxx/0 1449 1450 Adaptec AIC7xxx driver version: 5.1.19/3.2.4 1451 Compile Options: 1452 TCQ Enabled By Default : Disabled 1453 AIC7XXX_PROC_STATS : Disabled 1454 AIC7XXX_RESET_DELAY : 5 1455 Adapter Configuration: 1456 SCSI Adapter: Adaptec AHA-294X Ultra SCSI host adapter 1457 Ultra Wide Controller 1458 PCI MMAPed I/O Base: 0xeb001000 1459 Adapter SEEPROM Config: SEEPROM found and used. 1460 Adaptec SCSI BIOS: Enabled 1461 IRQ: 10 1462 SCBs: Active 0, Max Active 2, 1463 Allocated 15, HW 16, Page 255 1464 Interrupts: 160328 1465 BIOS Control Word: 0x18b6 1466 Adapter Control Word: 0x005b 1467 Extended Translation: Enabled 1468 Disconnect Enable Flags: 0xffff 1469 Ultra Enable Flags: 0x0001 1470 Tag Queue Enable Flags: 0x0000 1471 Ordered Queue Tag Flags: 0x0000 1472 Default Tag Queue Depth: 8 1473 Tagged Queue By Device array for aic7xxx host instance 0: 1474 {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255} 1475 Actual queue depth per device for aic7xxx host instance 0: 1476 {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1} 1477 Statistics: 1478 (scsi0:0:0:0) 1479 Device using Wide/Sync transfers at 40.0 MByte/sec, offset 8 1480 Transinfo settings: current(12/8/1/0), goal(12/8/1/0), user(12/15/1/0) 1481 Total transfers 160151 (74577 reads and 85574 writes) 1482 (scsi0:0:6:0) 1483 Device using Narrow/Sync transfers at 5.0 MByte/sec, offset 15 1484 Transinfo settings: current(50/15/0/0), goal(50/15/0/0), user(50/15/0/0) 1485 Total transfers 0 (0 reads and 0 writes) 1486 1487 14881.5 Parallel port info in /proc/parport 1489--------------------------------------- 1490 1491The directory /proc/parport contains information about the parallel ports of 1492your system. It has one subdirectory for each port, named after the port 1493number (0,1,2,...). 1494 1495These directories contain the four files shown in Table 1-10. 1496 1497 1498.. table:: Table 1-10: Files in /proc/parport 1499 1500 ========= ==================================================================== 1501 File Content 1502 ========= ==================================================================== 1503 autoprobe Any IEEE-1284 device ID information that has been acquired. 1504 devices list of the device drivers using that port. A + will appear by the 1505 name of the device currently using the port (it might not appear 1506 against any). 1507 hardware Parallel port's base address, IRQ line and DMA channel. 1508 irq IRQ that parport is using for that port. This is in a separate 1509 file to allow you to alter it by writing a new value in (IRQ 1510 number or none). 1511 ========= ==================================================================== 1512 15131.6 TTY info in /proc/tty 1514------------------------- 1515 1516Information about the available and actually used tty's can be found in the 1517directory /proc/tty. You'll find entries for drivers and line disciplines in 1518this directory, as shown in Table 1-11. 1519 1520 1521.. table:: Table 1-11: Files in /proc/tty 1522 1523 ============= ============================================== 1524 File Content 1525 ============= ============================================== 1526 drivers list of drivers and their usage 1527 ldiscs registered line disciplines 1528 driver/serial usage statistic and status of single tty lines 1529 ============= ============================================== 1530 1531To see which tty's are currently in use, you can simply look into the file 1532/proc/tty/drivers:: 1533 1534 > cat /proc/tty/drivers 1535 pty_slave /dev/pts 136 0-255 pty:slave 1536 pty_master /dev/ptm 128 0-255 pty:master 1537 pty_slave /dev/ttyp 3 0-255 pty:slave 1538 pty_master /dev/pty 2 0-255 pty:master 1539 serial /dev/cua 5 64-67 serial:callout 1540 serial /dev/ttyS 4 64-67 serial 1541 /dev/tty0 /dev/tty0 4 0 system:vtmaster 1542 /dev/ptmx /dev/ptmx 5 2 system 1543 /dev/console /dev/console 5 1 system:console 1544 /dev/tty /dev/tty 5 0 system:/dev/tty 1545 unknown /dev/tty 4 1-63 console 1546 1547 15481.7 Miscellaneous kernel statistics in /proc/stat 1549------------------------------------------------- 1550 1551Various pieces of information about kernel activity are available in the 1552/proc/stat file. All of the numbers reported in this file are aggregates 1553since the system first booted. For a quick look, simply cat the file:: 1554 1555 > cat /proc/stat 1556 cpu 237902850 368826709 106375398 1873517540 1135548 0 14507935 0 0 0 1557 cpu0 60045249 91891769 26331539 468411416 495718 0 5739640 0 0 0 1558 cpu1 59746288 91759249 26609887 468860630 312281 0 4384817 0 0 0 1559 cpu2 59489247 92985423 26904446 467808813 171668 0 2268998 0 0 0 1560 cpu3 58622065 92190267 26529524 468436680 155879 0 2114478 0 0 0 1561 intr 8688370575 8 3373 0 0 0 0 0 0 1 40791 0 0 353317 0 0 0 0 224789828 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 190974333 41958554 123983334 43 0 224593 0 0 0 <more 0's deleted> 1562 ctxt 22848221062 1563 btime 1605316999 1564 processes 746787147 1565 procs_running 2 1566 procs_blocked 0 1567 softirq 12121874454 100099120 3938138295 127375644 2795979 187870761 0 173808342 3072582055 52608 224184354 1568 1569The very first "cpu" line aggregates the numbers in all of the other "cpuN" 1570lines. These numbers identify the amount of time the CPU has spent performing 1571different kinds of work. Time units are in USER_HZ (typically hundredths of a 1572second). The meanings of the columns are as follows, from left to right: 1573 1574- user: normal processes executing in user mode 1575- nice: niced processes executing in user mode 1576- system: processes executing in kernel mode 1577- idle: twiddling thumbs 1578- iowait: In a word, iowait stands for waiting for I/O to complete. But there 1579 are several problems: 1580 1581 1. CPU will not wait for I/O to complete, iowait is the time that a task is 1582 waiting for I/O to complete. When CPU goes into idle state for 1583 outstanding task I/O, another task will be scheduled on this CPU. 1584 2. In a multi-core CPU, the task waiting for I/O to complete is not running 1585 on any CPU, so the iowait of each CPU is difficult to calculate. 1586 3. The value of iowait field in /proc/stat will decrease in certain 1587 conditions. 1588 1589 So, the iowait is not reliable by reading from /proc/stat. 1590- irq: servicing interrupts 1591- softirq: servicing softirqs 1592- steal: involuntary wait 1593- guest: running a normal guest 1594- guest_nice: running a niced guest 1595 1596The "intr" line gives counts of interrupts serviced since boot time, for each 1597of the possible system interrupts. The first column is the total of all 1598interrupts serviced including unnumbered architecture specific interrupts; 1599each subsequent column is the total for that particular numbered interrupt. 1600Unnumbered interrupts are not shown, only summed into the total. 1601 1602The "ctxt" line gives the total number of context switches across all CPUs. 1603 1604The "btime" line gives the time at which the system booted, in seconds since 1605the Unix epoch. 1606 1607The "processes" line gives the number of processes and threads created, which 1608includes (but is not limited to) those created by calls to the fork() and 1609clone() system calls. 1610 1611The "procs_running" line gives the total number of threads that are 1612running or ready to run (i.e., the total number of runnable threads). 1613 1614The "procs_blocked" line gives the number of processes currently blocked, 1615waiting for I/O to complete. 1616 1617The "softirq" line gives counts of softirqs serviced since boot time, for each 1618of the possible system softirqs. The first column is the total of all 1619softirqs serviced; each subsequent column is the total for that particular 1620softirq. 1621 1622 16231.8 Ext4 file system parameters 1624------------------------------- 1625 1626Information about mounted ext4 file systems can be found in 1627/proc/fs/ext4. Each mounted filesystem will have a directory in 1628/proc/fs/ext4 based on its device name (i.e., /proc/fs/ext4/hdc or 1629/proc/fs/ext4/sda9 or /proc/fs/ext4/dm-0). The files in each per-device 1630directory are shown in Table 1-12, below. 1631 1632.. table:: Table 1-12: Files in /proc/fs/ext4/<devname> 1633 1634 ============== ========================================================== 1635 File Content 1636 mb_groups details of multiblock allocator buddy cache of free blocks 1637 ============== ========================================================== 1638 16391.9 /proc/consoles 1640------------------- 1641Shows registered system console lines. 1642 1643To see which character device lines are currently used for the system console 1644/dev/console, you may simply look into the file /proc/consoles:: 1645 1646 > cat /proc/consoles 1647 tty0 -WU (ECp) 4:7 1648 ttyS0 -W- (Ep) 4:64 1649 1650The columns are: 1651 1652+--------------------+-------------------------------------------------------+ 1653| device | name of the device | 1654+====================+=======================================================+ 1655| operations | * R = can do read operations | 1656| | * W = can do write operations | 1657| | * U = can do unblank | 1658+--------------------+-------------------------------------------------------+ 1659| flags | * E = it is enabled | 1660| | * C = it is preferred console | 1661| | * B = it is primary boot console | 1662| | * p = it is used for printk buffer | 1663| | * b = it is not a TTY but a Braille device | 1664| | * a = it is safe to use when cpu is offline | 1665+--------------------+-------------------------------------------------------+ 1666| major:minor | major and minor number of the device separated by a | 1667| | colon | 1668+--------------------+-------------------------------------------------------+ 1669 1670Summary 1671------- 1672 1673The /proc file system serves information about the running system. It not only 1674allows access to process data but also allows you to request the kernel status 1675by reading files in the hierarchy. 1676 1677The directory structure of /proc reflects the types of information and makes 1678it easy, if not obvious, where to look for specific data. 1679 1680Chapter 2: Modifying System Parameters 1681====================================== 1682 1683In This Chapter 1684--------------- 1685 1686* Modifying kernel parameters by writing into files found in /proc/sys 1687* Exploring the files which modify certain parameters 1688* Review of the /proc/sys file tree 1689 1690------------------------------------------------------------------------------ 1691 1692A very interesting part of /proc is the directory /proc/sys. This is not only 1693a source of information, it also allows you to change parameters within the 1694kernel. Be very careful when attempting this. You can optimize your system, 1695but you can also cause it to crash. Never alter kernel parameters on a 1696production system. Set up a development machine and test to make sure that 1697everything works the way you want it to. You may have no alternative but to 1698reboot the machine once an error has been made. 1699 1700To change a value, simply echo the new value into the file. 1701You need to be root to do this. You can create your own boot script 1702to perform this every time your system boots. 1703 1704The files in /proc/sys can be used to fine tune and monitor miscellaneous and 1705general things in the operation of the Linux kernel. Since some of the files 1706can inadvertently disrupt your system, it is advisable to read both 1707documentation and source before actually making adjustments. In any case, be 1708very careful when writing to any of these files. The entries in /proc may 1709change slightly between the 2.1.* and the 2.2 kernel, so if there is any doubt 1710review the kernel documentation in the directory linux/Documentation. 1711This chapter is heavily based on the documentation included in the pre 2.2 1712kernels, and became part of it in version 2.2.1 of the Linux kernel. 1713 1714Please see: Documentation/admin-guide/sysctl/ directory for descriptions of 1715these entries. 1716 1717Summary 1718------- 1719 1720Certain aspects of kernel behavior can be modified at runtime, without the 1721need to recompile the kernel, or even to reboot the system. The files in the 1722/proc/sys tree can not only be read, but also modified. You can use the echo 1723command to write value into these files, thereby changing the default settings 1724of the kernel. 1725 1726 1727Chapter 3: Per-process Parameters 1728================================= 1729 17303.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj- Adjust the oom-killer score 1731-------------------------------------------------------------------------------- 1732 1733These files can be used to adjust the badness heuristic used to select which 1734process gets killed in out of memory (oom) conditions. 1735 1736The badness heuristic assigns a value to each candidate task ranging from 0 1737(never kill) to 1000 (always kill) to determine which process is targeted. The 1738units are roughly a proportion along that range of allowed memory the process 1739may allocate from based on an estimation of its current memory and swap use. 1740For example, if a task is using all allowed memory, its badness score will be 17411000. If it is using half of its allowed memory, its score will be 500. 1742 1743The amount of "allowed" memory depends on the context in which the oom killer 1744was called. If it is due to the memory assigned to the allocating task's cpuset 1745being exhausted, the allowed memory represents the set of mems assigned to that 1746cpuset. If it is due to a mempolicy's node(s) being exhausted, the allowed 1747memory represents the set of mempolicy nodes. If it is due to a memory 1748limit (or swap limit) being reached, the allowed memory is that configured 1749limit. Finally, if it is due to the entire system being out of memory, the 1750allowed memory represents all allocatable resources. 1751 1752The value of /proc/<pid>/oom_score_adj is added to the badness score before it 1753is used to determine which task to kill. Acceptable values range from -1000 1754(OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows userspace to 1755polarize the preference for oom killing either by always preferring a certain 1756task or completely disabling it. The lowest possible value, -1000, is 1757equivalent to disabling oom killing entirely for that task since it will always 1758report a badness score of 0. 1759 1760Consequently, it is very simple for userspace to define the amount of memory to 1761consider for each task. Setting a /proc/<pid>/oom_score_adj value of +500, for 1762example, is roughly equivalent to allowing the remainder of tasks sharing the 1763same system, cpuset, mempolicy, or memory controller resources to use at least 176450% more memory. A value of -500, on the other hand, would be roughly 1765equivalent to discounting 50% of the task's allowed memory from being considered 1766as scoring against the task. 1767 1768For backwards compatibility with previous kernels, /proc/<pid>/oom_adj may also 1769be used to tune the badness score. Its acceptable values range from -16 1770(OOM_ADJUST_MIN) to +15 (OOM_ADJUST_MAX) and a special value of -17 1771(OOM_DISABLE) to disable oom killing entirely for that task. Its value is 1772scaled linearly with /proc/<pid>/oom_score_adj. 1773 1774The value of /proc/<pid>/oom_score_adj may be reduced no lower than the last 1775value set by a CAP_SYS_RESOURCE process. To reduce the value any lower 1776requires CAP_SYS_RESOURCE. 1777 1778 17793.2 /proc/<pid>/oom_score - Display current oom-killer score 1780------------------------------------------------------------- 1781 1782This file can be used to check the current score used by the oom-killer for 1783any given <pid>. Use it together with /proc/<pid>/oom_score_adj to tune which 1784process should be killed in an out-of-memory situation. 1785 1786Please note that the exported value includes oom_score_adj so it is 1787effectively in range [0,2000]. 1788 1789 17903.3 /proc/<pid>/io - Display the IO accounting fields 1791------------------------------------------------------- 1792 1793This file contains IO statistics for each running process. 1794 1795Example 1796~~~~~~~ 1797 1798:: 1799 1800 test:/tmp # dd if=/dev/zero of=/tmp/test.dat & 1801 [1] 3828 1802 1803 test:/tmp # cat /proc/3828/io 1804 rchar: 323934931 1805 wchar: 323929600 1806 syscr: 632687 1807 syscw: 632675 1808 read_bytes: 0 1809 write_bytes: 323932160 1810 cancelled_write_bytes: 0 1811 1812 1813Description 1814~~~~~~~~~~~ 1815 1816rchar 1817^^^^^ 1818 1819I/O counter: chars read 1820The number of bytes which this task has caused to be read from storage. This 1821is simply the sum of bytes which this process passed to read() and pread(). 1822It includes things like tty IO and it is unaffected by whether or not actual 1823physical disk IO was required (the read might have been satisfied from 1824pagecache). 1825 1826 1827wchar 1828^^^^^ 1829 1830I/O counter: chars written 1831The number of bytes which this task has caused, or shall cause to be written 1832to disk. Similar caveats apply here as with rchar. 1833 1834 1835syscr 1836^^^^^ 1837 1838I/O counter: read syscalls 1839Attempt to count the number of read I/O operations, i.e. syscalls like read() 1840and pread(). 1841 1842 1843syscw 1844^^^^^ 1845 1846I/O counter: write syscalls 1847Attempt to count the number of write I/O operations, i.e. syscalls like 1848write() and pwrite(). 1849 1850 1851read_bytes 1852^^^^^^^^^^ 1853 1854I/O counter: bytes read 1855Attempt to count the number of bytes which this process really did cause to 1856be fetched from the storage layer. Done at the submit_bio() level, so it is 1857accurate for block-backed filesystems. <please add status regarding NFS and 1858CIFS at a later time> 1859 1860 1861write_bytes 1862^^^^^^^^^^^ 1863 1864I/O counter: bytes written 1865Attempt to count the number of bytes which this process caused to be sent to 1866the storage layer. This is done at page-dirtying time. 1867 1868 1869cancelled_write_bytes 1870^^^^^^^^^^^^^^^^^^^^^ 1871 1872The big inaccuracy here is truncate. If a process writes 1MB to a file and 1873then deletes the file, it will in fact perform no writeout. But it will have 1874been accounted as having caused 1MB of write. 1875In other words: The number of bytes which this process caused to not happen, 1876by truncating pagecache. A task can cause "negative" IO too. If this task 1877truncates some dirty pagecache, some IO which another task has been accounted 1878for (in its write_bytes) will not be happening. We _could_ just subtract that 1879from the truncating task's write_bytes, but there is information loss in doing 1880that. 1881 1882 1883.. Note:: 1884 1885 At its current implementation state, this is a bit racy on 32-bit machines: 1886 if process A reads process B's /proc/pid/io while process B is updating one 1887 of those 64-bit counters, process A could see an intermediate result. 1888 1889 1890More information about this can be found within the taskstats documentation in 1891Documentation/accounting. 1892 18933.4 /proc/<pid>/coredump_filter - Core dump filtering settings 1894--------------------------------------------------------------- 1895When a process is dumped, all anonymous memory is written to a core file as 1896long as the size of the core file isn't limited. But sometimes we don't want 1897to dump some memory segments, for example, huge shared memory or DAX. 1898Conversely, sometimes we want to save file-backed memory segments into a core 1899file, not only the individual files. 1900 1901/proc/<pid>/coredump_filter allows you to customize which memory segments 1902will be dumped when the <pid> process is dumped. coredump_filter is a bitmask 1903of memory types. If a bit of the bitmask is set, memory segments of the 1904corresponding memory type are dumped, otherwise they are not dumped. 1905 1906The following 9 memory types are supported: 1907 1908 - (bit 0) anonymous private memory 1909 - (bit 1) anonymous shared memory 1910 - (bit 2) file-backed private memory 1911 - (bit 3) file-backed shared memory 1912 - (bit 4) ELF header pages in file-backed private memory areas (it is 1913 effective only if the bit 2 is cleared) 1914 - (bit 5) hugetlb private memory 1915 - (bit 6) hugetlb shared memory 1916 - (bit 7) DAX private memory 1917 - (bit 8) DAX shared memory 1918 1919 Note that MMIO pages such as frame buffer are never dumped and vDSO pages 1920 are always dumped regardless of the bitmask status. 1921 1922 Note that bits 0-4 don't affect hugetlb or DAX memory. hugetlb memory is 1923 only affected by bit 5-6, and DAX is only affected by bits 7-8. 1924 1925The default value of coredump_filter is 0x33; this means all anonymous memory 1926segments, ELF header pages and hugetlb private memory are dumped. 1927 1928If you don't want to dump all shared memory segments attached to pid 1234, 1929write 0x31 to the process's proc file:: 1930 1931 $ echo 0x31 > /proc/1234/coredump_filter 1932 1933When a new process is created, the process inherits the bitmask status from its 1934parent. It is useful to set up coredump_filter before the program runs. 1935For example:: 1936 1937 $ echo 0x7 > /proc/self/coredump_filter 1938 $ ./some_program 1939 19403.5 /proc/<pid>/mountinfo - Information about mounts 1941-------------------------------------------------------- 1942 1943This file contains lines of the form:: 1944 1945 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue 1946 (1)(2)(3) (4) (5) (6) (n…m) (m+1)(m+2) (m+3) (m+4) 1947 1948 (1) mount ID: unique identifier of the mount (may be reused after umount) 1949 (2) parent ID: ID of parent (or of self for the top of the mount tree) 1950 (3) major:minor: value of st_dev for files on filesystem 1951 (4) root: root of the mount within the filesystem 1952 (5) mount point: mount point relative to the process's root 1953 (6) mount options: per mount options 1954 (n…m) optional fields: zero or more fields of the form "tag[:value]" 1955 (m+1) separator: marks the end of the optional fields 1956 (m+2) filesystem type: name of filesystem of the form "type[.subtype]" 1957 (m+3) mount source: filesystem specific information or "none" 1958 (m+4) super options: per super block options 1959 1960Parsers should ignore all unrecognised optional fields. Currently the 1961possible optional fields are: 1962 1963================ ============================================================== 1964shared:X mount is shared in peer group X 1965master:X mount is slave to peer group X 1966propagate_from:X mount is slave and receives propagation from peer group X [#]_ 1967unbindable mount is unbindable 1968================ ============================================================== 1969 1970.. [#] X is the closest dominant peer group under the process's root. If 1971 X is the immediate master of the mount, or if there's no dominant peer 1972 group under the same root, then only the "master:X" field is present 1973 and not the "propagate_from:X" field. 1974 1975For more information on mount propagation see: 1976 1977 Documentation/filesystems/sharedsubtree.rst 1978 1979 19803.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 1981-------------------------------------------------------- 1982These files provide a method to access a task's comm value. It also allows for 1983a task to set its own or one of its thread siblings comm value. The comm value 1984is limited in size compared to the cmdline value, so writing anything longer 1985then the kernel's TASK_COMM_LEN (currently 16 chars, including the NUL 1986terminator) will result in a truncated comm value. 1987 1988 19893.7 /proc/<pid>/task/<tid>/children - Information about task children 1990------------------------------------------------------------------------- 1991This file provides a fast way to retrieve first level children pids 1992of a task pointed by <pid>/<tid> pair. The format is a space separated 1993stream of pids. 1994 1995Note the "first level" here -- if a child has its own children they will 1996not be listed here; one needs to read /proc/<children-pid>/task/<tid>/children 1997to obtain the descendants. 1998 1999Since this interface is intended to be fast and cheap it doesn't 2000guarantee to provide precise results and some children might be 2001skipped, especially if they've exited right after we printed their 2002pids, so one needs to either stop or freeze processes being inspected 2003if precise results are needed. 2004 2005 20063.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 2007--------------------------------------------------------------- 2008This file provides information associated with an opened file. The regular 2009files have at least four fields -- 'pos', 'flags', 'mnt_id' and 'ino'. 2010The 'pos' represents the current offset of the opened file in decimal 2011form [see lseek(2) for details], 'flags' denotes the octal O_xxx mask the 2012file has been created with [see open(2) for details] and 'mnt_id' represents 2013mount ID of the file system containing the opened file [see 3.5 2014/proc/<pid>/mountinfo for details]. 'ino' represents the inode number of 2015the file. 2016 2017A typical output is:: 2018 2019 pos: 0 2020 flags: 0100002 2021 mnt_id: 19 2022 ino: 63107 2023 2024All locks associated with a file descriptor are shown in its fdinfo too:: 2025 2026 lock: 1: FLOCK ADVISORY WRITE 359 00:13:11691 0 EOF 2027 2028The files such as eventfd, fsnotify, signalfd, epoll among the regular pos/flags 2029pair provide additional information particular to the objects they represent. 2030 2031Eventfd files 2032~~~~~~~~~~~~~ 2033 2034:: 2035 2036 pos: 0 2037 flags: 04002 2038 mnt_id: 9 2039 ino: 63107 2040 eventfd-count: 5a 2041 2042where 'eventfd-count' is hex value of a counter. 2043 2044Signalfd files 2045~~~~~~~~~~~~~~ 2046 2047:: 2048 2049 pos: 0 2050 flags: 04002 2051 mnt_id: 9 2052 ino: 63107 2053 sigmask: 0000000000000200 2054 2055where 'sigmask' is hex value of the signal mask associated 2056with a file. 2057 2058Epoll files 2059~~~~~~~~~~~ 2060 2061:: 2062 2063 pos: 0 2064 flags: 02 2065 mnt_id: 9 2066 ino: 63107 2067 tfd: 5 events: 1d data: ffffffffffffffff pos:0 ino:61af sdev:7 2068 2069where 'tfd' is a target file descriptor number in decimal form, 2070'events' is events mask being watched and the 'data' is data 2071associated with a target [see epoll(7) for more details]. 2072 2073The 'pos' is current offset of the target file in decimal form 2074[see lseek(2)], 'ino' and 'sdev' are inode and device numbers 2075where target file resides, all in hex format. 2076 2077Fsnotify files 2078~~~~~~~~~~~~~~ 2079For inotify files the format is the following:: 2080 2081 pos: 0 2082 flags: 02000000 2083 mnt_id: 9 2084 ino: 63107 2085 inotify wd:3 ino:9e7e sdev:800013 mask:800afce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:7e9e0000640d1b6d 2086 2087where 'wd' is a watch descriptor in decimal form, i.e. a target file 2088descriptor number, 'ino' and 'sdev' are inode and device where the 2089target file resides and the 'mask' is the mask of events, all in hex 2090form [see inotify(7) for more details]. 2091 2092If the kernel was built with exportfs support, the path to the target 2093file is encoded as a file handle. The file handle is provided by three 2094fields 'fhandle-bytes', 'fhandle-type' and 'f_handle', all in hex 2095format. 2096 2097If the kernel is built without exportfs support the file handle won't be 2098printed out. 2099 2100If there is no inotify mark attached yet the 'inotify' line will be omitted. 2101 2102For fanotify files the format is:: 2103 2104 pos: 0 2105 flags: 02 2106 mnt_id: 9 2107 ino: 63107 2108 fanotify flags:10 event-flags:0 2109 fanotify mnt_id:12 mflags:40 mask:38 ignored_mask:40000003 2110 fanotify ino:4f969 sdev:800013 mflags:0 mask:3b ignored_mask:40000000 fhandle-bytes:8 fhandle-type:1 f_handle:69f90400c275b5b4 2111 2112where fanotify 'flags' and 'event-flags' are values used in fanotify_init 2113call, 'mnt_id' is the mount point identifier, 'mflags' is the value of 2114flags associated with mark which are tracked separately from events 2115mask. 'ino' and 'sdev' are target inode and device, 'mask' is the events 2116mask and 'ignored_mask' is the mask of events which are to be ignored. 2117All are in hex format. Incorporation of 'mflags', 'mask' and 'ignored_mask' 2118provide information about flags and mask used in fanotify_mark 2119call [see fsnotify manpage for details]. 2120 2121While the first three lines are mandatory and always printed, the rest is 2122optional and may be omitted if no marks created yet. 2123 2124Timerfd files 2125~~~~~~~~~~~~~ 2126 2127:: 2128 2129 pos: 0 2130 flags: 02 2131 mnt_id: 9 2132 ino: 63107 2133 clockid: 0 2134 ticks: 0 2135 settime flags: 01 2136 it_value: (0, 49406829) 2137 it_interval: (1, 0) 2138 2139where 'clockid' is the clock type and 'ticks' is the number of the timer expirations 2140that have occurred [see timerfd_create(2) for details]. 'settime flags' are 2141flags in octal form been used to setup the timer [see timerfd_settime(2) for 2142details]. 'it_value' is remaining time until the timer expiration. 2143'it_interval' is the interval for the timer. Note the timer might be set up 2144with TIMER_ABSTIME option which will be shown in 'settime flags', but 'it_value' 2145still exhibits timer's remaining time. 2146 2147DMA Buffer files 2148~~~~~~~~~~~~~~~~ 2149 2150:: 2151 2152 pos: 0 2153 flags: 04002 2154 mnt_id: 9 2155 ino: 63107 2156 size: 32768 2157 count: 2 2158 exp_name: system-heap 2159 2160where 'size' is the size of the DMA buffer in bytes. 'count' is the file count of 2161the DMA buffer file. 'exp_name' is the name of the DMA buffer exporter. 2162 2163VFIO Device files 2164~~~~~~~~~~~~~~~~~ 2165 2166:: 2167 2168 pos: 0 2169 flags: 02000002 2170 mnt_id: 17 2171 ino: 5122 2172 vfio-device-syspath: /sys/devices/pci0000:e0/0000:e0:01.1/0000:e1:00.0/0000:e2:05.0/0000:e8:00.0 2173 2174where 'vfio-device-syspath' is the sysfs path corresponding to the VFIO device 2175file. 2176 21773.9 /proc/<pid>/map_files - Information about memory mapped files 2178--------------------------------------------------------------------- 2179This directory contains symbolic links which represent memory mapped files 2180the process is maintaining. Example output:: 2181 2182 | lr-------- 1 root root 64 Jan 27 11:24 333c600000-333c620000 -> /usr/lib64/ld-2.18.so 2183 | lr-------- 1 root root 64 Jan 27 11:24 333c81f000-333c820000 -> /usr/lib64/ld-2.18.so 2184 | lr-------- 1 root root 64 Jan 27 11:24 333c820000-333c821000 -> /usr/lib64/ld-2.18.so 2185 | ... 2186 | lr-------- 1 root root 64 Jan 27 11:24 35d0421000-35d0422000 -> /usr/lib64/libselinux.so.1 2187 | lr-------- 1 root root 64 Jan 27 11:24 400000-41a000 -> /usr/bin/ls 2188 2189The name of a link represents the virtual memory bounds of a mapping, i.e. 2190vm_area_struct::vm_start-vm_area_struct::vm_end. 2191 2192The main purpose of the map_files is to retrieve a set of memory mapped 2193files in a fast way instead of parsing /proc/<pid>/maps or 2194/proc/<pid>/smaps, both of which contain many more records. At the same 2195time one can open(2) mappings from the listings of two processes and 2196comparing their inode numbers to figure out which anonymous memory areas 2197are actually shared. 2198 21993.10 /proc/<pid>/timerslack_ns - Task timerslack value 2200--------------------------------------------------------- 2201This file provides the value of the task's timerslack value in nanoseconds. 2202This value specifies an amount of time that normal timers may be deferred 2203in order to coalesce timers and avoid unnecessary wakeups. 2204 2205This allows a task's interactivity vs power consumption tradeoff to be 2206adjusted. 2207 2208Writing 0 to the file will set the task's timerslack to the default value. 2209 2210Valid values are from 0 - ULLONG_MAX 2211 2212An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level 2213permissions on the task specified to change its timerslack_ns value. 2214 22153.11 /proc/<pid>/patch_state - Livepatch patch operation state 2216----------------------------------------------------------------- 2217When CONFIG_LIVEPATCH is enabled, this file displays the value of the 2218patch state for the task. 2219 2220A value of '-1' indicates that no patch is in transition. 2221 2222A value of '0' indicates that a patch is in transition and the task is 2223unpatched. If the patch is being enabled, then the task hasn't been 2224patched yet. If the patch is being disabled, then the task has already 2225been unpatched. 2226 2227A value of '1' indicates that a patch is in transition and the task is 2228patched. If the patch is being enabled, then the task has already been 2229patched. If the patch is being disabled, then the task hasn't been 2230unpatched yet. 2231 22323.12 /proc/<pid>/arch_status - task architecture specific status 2233------------------------------------------------------------------- 2234When CONFIG_PROC_PID_ARCH_STATUS is enabled, this file displays the 2235architecture specific status of the task. 2236 2237Example 2238~~~~~~~ 2239 2240:: 2241 2242 $ cat /proc/6753/arch_status 2243 AVX512_elapsed_ms: 8 2244 2245Description 2246~~~~~~~~~~~ 2247 2248x86 specific entries 2249~~~~~~~~~~~~~~~~~~~~~ 2250 2251AVX512_elapsed_ms 2252^^^^^^^^^^^^^^^^^^ 2253 2254 If AVX512 is supported on the machine, this entry shows the milliseconds 2255 elapsed since the last time AVX512 usage was recorded. The recording 2256 happens on a best effort basis when a task is scheduled out. This means 2257 that the value depends on two factors: 2258 2259 1) The time which the task spent on the CPU without being scheduled 2260 out. With CPU isolation and a single runnable task this can take 2261 several seconds. 2262 2263 2) The time since the task was scheduled out last. Depending on the 2264 reason for being scheduled out (time slice exhausted, syscall ...) 2265 this can be arbitrary long time. 2266 2267 As a consequence the value cannot be considered precise and authoritative 2268 information. The application which uses this information has to be aware 2269 of the overall scenario on the system in order to determine whether a 2270 task is a real AVX512 user or not. Precise information can be obtained 2271 with performance counters. 2272 2273 A special value of '-1' indicates that no AVX512 usage was recorded, thus 2274 the task is unlikely an AVX512 user, but depends on the workload and the 2275 scheduling scenario, it also could be a false negative mentioned above. 2276 22773.13 /proc/<pid>/fd - List of symlinks to open files 2278------------------------------------------------------- 2279This directory contains symbolic links which represent open files 2280the process is maintaining. Example output:: 2281 2282 lr-x------ 1 root root 64 Sep 20 17:53 0 -> /dev/null 2283 l-wx------ 1 root root 64 Sep 20 17:53 1 -> /dev/null 2284 lrwx------ 1 root root 64 Sep 20 17:53 10 -> 'socket:[12539]' 2285 lrwx------ 1 root root 64 Sep 20 17:53 11 -> 'socket:[12540]' 2286 lrwx------ 1 root root 64 Sep 20 17:53 12 -> 'socket:[12542]' 2287 2288The number of open files for the process is stored in 'size' member 2289of stat() output for /proc/<pid>/fd for fast access. 2290------------------------------------------------------- 2291 22923.14 /proc/<pid/ksm_stat - Information about the process's ksm status 2293--------------------------------------------------------------------- 2294When CONFIG_KSM is enabled, each process has this file which displays 2295the information of ksm merging status. 2296 2297Example 2298~~~~~~~ 2299 2300:: 2301 2302 / # cat /proc/self/ksm_stat 2303 ksm_rmap_items 0 2304 ksm_zero_pages 0 2305 ksm_merging_pages 0 2306 ksm_process_profit 0 2307 ksm_merge_any: no 2308 ksm_mergeable: no 2309 2310Description 2311~~~~~~~~~~~ 2312 2313ksm_rmap_items 2314^^^^^^^^^^^^^^ 2315 2316The number of ksm_rmap_item structures in use. The structure 2317ksm_rmap_item stores the reverse mapping information for virtual 2318addresses. KSM will generate a ksm_rmap_item for each ksm-scanned page of 2319the process. 2320 2321ksm_zero_pages 2322^^^^^^^^^^^^^^ 2323 2324When /sys/kernel/mm/ksm/use_zero_pages is enabled, it represent how many 2325empty pages are merged with kernel zero pages by KSM. 2326 2327ksm_merging_pages 2328^^^^^^^^^^^^^^^^^ 2329 2330It represents how many pages of this process are involved in KSM merging 2331(not including ksm_zero_pages). It is the same with what 2332/proc/<pid>/ksm_merging_pages shows. 2333 2334ksm_process_profit 2335^^^^^^^^^^^^^^^^^^ 2336 2337The profit that KSM brings (Saved bytes). KSM can save memory by merging 2338identical pages, but also can consume additional memory, because it needs 2339to generate a number of rmap_items to save each scanned page's brief rmap 2340information. Some of these pages may be merged, but some may not be abled 2341to be merged after being checked several times, which are unprofitable 2342memory consumed. 2343 2344ksm_merge_any 2345^^^^^^^^^^^^^ 2346 2347It specifies whether the process's 'mm is added by prctl() into the 2348candidate list of KSM or not, and if KSM scanning is fully enabled at 2349process level. 2350 2351ksm_mergeable 2352^^^^^^^^^^^^^ 2353 2354It specifies whether any VMAs of the process''s mms are currently 2355applicable to KSM. 2356 2357More information about KSM can be found in 2358Documentation/admin-guide/mm/ksm.rst. 2359 2360 2361Chapter 4: Configuring procfs 2362============================= 2363 23644.1 Mount options 2365--------------------- 2366 2367The following mount options are supported: 2368 2369 ========= ======================================================== 2370 hidepid= Set /proc/<pid>/ access mode. 2371 gid= Set the group authorized to learn processes information. 2372 subset= Show only the specified subset of procfs. 2373 pidns= Specify a the namespace used by this procfs. 2374 ========= ======================================================== 2375 2376hidepid=off or hidepid=0 means classic mode - everybody may access all 2377/proc/<pid>/ directories (default). 2378 2379hidepid=noaccess or hidepid=1 means users may not access any /proc/<pid>/ 2380directories but their own. Sensitive files like cmdline, sched*, status are now 2381protected against other users. This makes it impossible to learn whether any 2382user runs specific program (given the program doesn't reveal itself by its 2383behaviour). As an additional bonus, as /proc/<pid>/cmdline is unaccessible for 2384other users, poorly written programs passing sensitive information via program 2385arguments are now protected against local eavesdroppers. 2386 2387hidepid=invisible or hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be 2388fully invisible to other users. It doesn't mean that it hides a fact whether a 2389process with a specific pid value exists (it can be learned by other means, e.g. 2390by "kill -0 $PID"), but it hides process's uid and gid, which may be learned by 2391stat()'ing /proc/<pid>/ otherwise. It greatly complicates an intruder's task of 2392gathering information about running processes, whether some daemon runs with 2393elevated privileges, whether other user runs some sensitive program, whether 2394other users run any program at all, etc. 2395 2396hidepid=ptraceable or hidepid=4 means that procfs should only contain 2397/proc/<pid>/ directories that the caller can ptrace. 2398 2399gid= defines a group authorized to learn processes information otherwise 2400prohibited by hidepid=. If you use some daemon like identd which needs to learn 2401information about processes information, just add identd to this group. 2402 2403subset=pid hides all top level files and directories in the procfs that 2404are not related to tasks. 2405 2406pidns= specifies a pid namespace (either as a string path to something like 2407`/proc/$pid/ns/pid`, or a file descriptor when using `FSCONFIG_SET_FD`) that 2408will be used by the procfs instance when translating pids. By default, procfs 2409will use the calling process's active pid namespace. Note that the pid 2410namespace of an existing procfs instance cannot be modified (attempting to do 2411so will give an `-EBUSY` error). 2412 2413Chapter 5: Filesystem behavior 2414============================== 2415 2416Originally, before the advent of pid namespace, procfs was a global file 2417system. It means that there was only one procfs instance in the system. 2418 2419When pid namespace was added, a separate procfs instance was mounted in 2420each pid namespace. So, procfs mount options are global among all 2421mountpoints within the same namespace:: 2422 2423 # grep ^proc /proc/mounts 2424 proc /proc proc rw,relatime,hidepid=2 0 0 2425 2426 # strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc 2427 mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 2428 +++ exited with 0 +++ 2429 2430 # grep ^proc /proc/mounts 2431 proc /proc proc rw,relatime,hidepid=2 0 0 2432 proc /tmp/proc proc rw,relatime,hidepid=2 0 0 2433 2434and only after remounting procfs mount options will change at all 2435mountpoints:: 2436 2437 # mount -o remount,hidepid=1 -t proc proc /tmp/proc 2438 2439 # grep ^proc /proc/mounts 2440 proc /proc proc rw,relatime,hidepid=1 0 0 2441 proc /tmp/proc proc rw,relatime,hidepid=1 0 0 2442 2443This behavior is different from the behavior of other filesystems. 2444 2445The new procfs behavior is more like other filesystems. Each procfs mount 2446creates a new procfs instance. Mount options affect own procfs instance. 2447It means that it became possible to have several procfs instances 2448displaying tasks with different filtering options in one pid namespace:: 2449 2450 # mount -o hidepid=invisible -t proc proc /proc 2451 # mount -o hidepid=noaccess -t proc proc /tmp/proc 2452 # grep ^proc /proc/mounts 2453 proc /proc proc rw,relatime,hidepid=invisible 0 0 2454 proc /tmp/proc proc rw,relatime,hidepid=noaccess 0 0 2455