1.. SPDX-License-Identifier: GPL-2.0 2 3==================== 4The /proc Filesystem 5==================== 6 7===================== ======================================= ================ 8/proc/sys Terrehon Bowden <terrehon@pacbell.net>, October 7 1999 9 Bodo Bauer <bb@ricochet.net> 102.4.x update Jorge Nerin <comandante@zaralinux.com> November 14 2000 11move /proc/sys Shen Feng <shen@cn.fujitsu.com> April 1 2009 12fixes/update part 1.1 Stefani Seibold <stefani@seibold.net> June 9 2009 13===================== ======================================= ================ 14 15 16 17.. Table of Contents 18 19 0 Preface 20 0.1 Introduction/Credits 21 0.2 Legal Stuff 22 23 1 Collecting System Information 24 1.1 Process-Specific Subdirectories 25 1.2 Kernel data 26 1.3 IDE devices in /proc/ide 27 1.4 Networking info in /proc/net 28 1.5 SCSI info 29 1.6 Parallel port info in /proc/parport 30 1.7 TTY info in /proc/tty 31 1.8 Miscellaneous kernel statistics in /proc/stat 32 1.9 Ext4 file system parameters 33 34 2 Modifying System Parameters 35 36 3 Per-Process Parameters 37 3.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj - Adjust the oom-killer 38 score 39 3.2 /proc/<pid>/oom_score - Display current oom-killer score 40 3.3 /proc/<pid>/io - Display the IO accounting fields 41 3.4 /proc/<pid>/coredump_filter - Core dump filtering settings 42 3.5 /proc/<pid>/mountinfo - Information about mounts 43 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 44 3.7 /proc/<pid>/task/<tid>/children - Information about task children 45 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 46 3.9 /proc/<pid>/map_files - Information about memory mapped files 47 3.10 /proc/<pid>/timerslack_ns - Task timerslack value 48 3.11 /proc/<pid>/patch_state - Livepatch patch operation state 49 3.12 /proc/<pid>/arch_status - Task architecture specific information 50 3.13 /proc/<pid>/fd - List of symlinks to open files 51 3.14 /proc/<pid/ksm_stat - Information about the process's ksm status. 52 53 4 Configuring procfs 54 4.1 Mount options 55 56 5 Filesystem behavior 57 58Preface 59======= 60 610.1 Introduction/Credits 62------------------------ 63 64This documentation is part of a soon (or so we hope) to be released book on 65the SuSE Linux distribution. As there is no complete documentation for the 66/proc file system and we've used many freely available sources to write these 67chapters, it seems only fair to give the work back to the Linux community. 68This work is based on the 2.2.* kernel version and the upcoming 2.4.*. I'm 69afraid it's still far from complete, but we hope it will be useful. As far as 70we know, it is the first 'all-in-one' document about the /proc file system. It 71is focused on the Intel x86 hardware, so if you are looking for PPC, ARM, 72SPARC, AXP, etc., features, you probably won't find what you are looking for. 73It also only covers IPv4 networking, not IPv6 nor other protocols - sorry. But 74additions and patches are welcome and will be added to this document if you 75mail them to Bodo. 76 77We'd like to thank Alan Cox, Rik van Riel, and Alexey Kuznetsov and a lot of 78other people for help compiling this documentation. We'd also like to extend a 79special thank you to Andi Kleen for documentation, which we relied on heavily 80to create this document, as well as the additional information he provided. 81Thanks to everybody else who contributed source or docs to the Linux kernel 82and helped create a great piece of software... :) 83 84If you have any comments, corrections or additions, please don't hesitate to 85contact Bodo Bauer at bb@ricochet.net. We'll be happy to add them to this 86document. 87 88The latest version of this document is available online at 89https://www.kernel.org/doc/html/latest/filesystems/proc.html 90 91If the above direction does not works for you, you could try the kernel 92mailing list at linux-kernel@vger.kernel.org and/or try to reach me at 93comandante@zaralinux.com. 94 950.2 Legal Stuff 96--------------- 97 98We don't guarantee the correctness of this document, and if you come to us 99complaining about how you screwed up your system because of incorrect 100documentation, we won't feel responsible... 101 102Chapter 1: Collecting System Information 103======================================== 104 105In This Chapter 106--------------- 107* Investigating the properties of the pseudo file system /proc and its 108 ability to provide information on the running Linux system 109* Examining /proc's structure 110* Uncovering various information about the kernel and the processes running 111 on the system 112 113------------------------------------------------------------------------------ 114 115The proc file system acts as an interface to internal data structures in the 116kernel. It can be used to obtain information about the system and to change 117certain kernel parameters at runtime (sysctl). 118 119First, we'll take a look at the read-only parts of /proc. In Chapter 2, we 120show you how you can use /proc/sys to change settings. 121 1221.1 Process-Specific Subdirectories 123----------------------------------- 124 125The directory /proc contains (among other things) one subdirectory for each 126process running on the system, which is named after the process ID (PID). 127 128The link 'self' points to the process reading the file system. Each process 129subdirectory has the entries listed in Table 1-1. 130 131A process can read its own information from /proc/PID/* with no extra 132permissions. When reading /proc/PID/* information for other processes, reading 133process is required to have either CAP_SYS_PTRACE capability with 134PTRACE_MODE_READ access permissions, or, alternatively, CAP_PERFMON 135capability. This applies to all read-only information like `maps`, `environ`, 136`pagemap`, etc. The only exception is `mem` file due to its read-write nature, 137which requires CAP_SYS_PTRACE capabilities with more elevated 138PTRACE_MODE_ATTACH permissions; CAP_PERFMON capability does not grant access 139to /proc/PID/mem for other processes. 140 141Note that an open file descriptor to /proc/<pid> or to any of its 142contained files or subdirectories does not prevent <pid> being reused 143for some other process in the event that <pid> exits. Operations on 144open /proc/<pid> file descriptors corresponding to dead processes 145never act on any new process that the kernel may, through chance, have 146also assigned the process ID <pid>. Instead, operations on these FDs 147usually fail with ESRCH. 148 149.. table:: Table 1-1: Process specific entries in /proc 150 151 ============= =============================================================== 152 File Content 153 ============= =============================================================== 154 clear_refs Clears page referenced bits shown in smaps output 155 cmdline Command line arguments 156 cpu Current and last cpu in which it was executed (2.4)(smp) 157 cwd Link to the current working directory 158 environ Values of environment variables 159 exe Link to the executable of this process 160 fd Directory, which contains all file descriptors 161 maps Memory maps to executables and library files (2.4) 162 mem Memory held by this process 163 root Link to the root directory of this process 164 stat Process status 165 statm Process memory status information 166 status Process status in human readable form 167 wchan Present with CONFIG_KALLSYMS=y: it shows the kernel function 168 symbol the task is blocked in - or "0" if not blocked. 169 pagemap Page table 170 stack Report full stack trace, enable via CONFIG_STACKTRACE 171 smaps An extension based on maps, showing the memory consumption of 172 each mapping and flags associated with it 173 smaps_rollup Accumulated smaps stats for all mappings of the process. This 174 can be derived from smaps, but is faster and more convenient 175 numa_maps An extension based on maps, showing the memory locality and 176 binding policy as well as mem usage (in pages) of each mapping. 177 ============= =============================================================== 178 179For example, to get the status information of a process, all you have to do is 180read the file /proc/PID/status:: 181 182 >cat /proc/self/status 183 Name: cat 184 State: R (running) 185 Tgid: 5452 186 Pid: 5452 187 PPid: 743 188 TracerPid: 0 (2.4) 189 Uid: 501 501 501 501 190 Gid: 100 100 100 100 191 FDSize: 256 192 Groups: 100 14 16 193 Kthread: 0 194 VmPeak: 5004 kB 195 VmSize: 5004 kB 196 VmLck: 0 kB 197 VmHWM: 476 kB 198 VmRSS: 476 kB 199 RssAnon: 352 kB 200 RssFile: 120 kB 201 RssShmem: 4 kB 202 VmData: 156 kB 203 VmStk: 88 kB 204 VmExe: 68 kB 205 VmLib: 1412 kB 206 VmPTE: 20 kb 207 VmSwap: 0 kB 208 HugetlbPages: 0 kB 209 CoreDumping: 0 210 THP_enabled: 1 211 Threads: 1 212 SigQ: 0/28578 213 SigPnd: 0000000000000000 214 ShdPnd: 0000000000000000 215 SigBlk: 0000000000000000 216 SigIgn: 0000000000000000 217 SigCgt: 0000000000000000 218 CapInh: 00000000fffffeff 219 CapPrm: 0000000000000000 220 CapEff: 0000000000000000 221 CapBnd: ffffffffffffffff 222 CapAmb: 0000000000000000 223 NoNewPrivs: 0 224 Seccomp: 0 225 Speculation_Store_Bypass: thread vulnerable 226 SpeculationIndirectBranch: conditional enabled 227 voluntary_ctxt_switches: 0 228 nonvoluntary_ctxt_switches: 1 229 230This shows you nearly the same information you would get if you viewed it with 231the ps command. In fact, ps uses the proc file system to obtain its 232information. But you get a more detailed view of the process by reading the 233file /proc/PID/status. It fields are described in table 1-2. 234 235The statm file contains more detailed information about the process 236memory usage. Its seven fields are explained in Table 1-3. The stat file 237contains detailed information about the process itself. Its fields are 238explained in Table 1-4. 239 240(for SMP CONFIG users) 241 242For making accounting scalable, RSS related information are handled in an 243asynchronous manner and the value may not be very precise. To see a precise 244snapshot of a moment, you can see /proc/<pid>/smaps file and scan page table. 245It's slow but very precise. 246 247.. table:: Table 1-2: Contents of the status fields (as of 4.19) 248 249 ========================== =================================================== 250 Field Content 251 ========================== =================================================== 252 Name filename of the executable 253 Umask file mode creation mask 254 State state (R is running, S is sleeping, D is sleeping 255 in an uninterruptible wait, Z is zombie, 256 T is traced or stopped) 257 Tgid thread group ID 258 Ngid NUMA group ID (0 if none) 259 Pid process id 260 PPid process id of the parent process 261 TracerPid PID of process tracing this process (0 if not, or 262 the tracer is outside of the current pid namespace) 263 Uid Real, effective, saved set, and file system UIDs 264 Gid Real, effective, saved set, and file system GIDs 265 FDSize number of file descriptor slots currently allocated 266 Groups supplementary group list 267 NStgid descendant namespace thread group ID hierarchy 268 NSpid descendant namespace process ID hierarchy 269 NSpgid descendant namespace process group ID hierarchy 270 NSsid descendant namespace session ID hierarchy 271 Kthread kernel thread flag, 1 is yes, 0 is no 272 VmPeak peak virtual memory size 273 VmSize total program size 274 VmLck locked memory size 275 VmPin pinned memory size 276 VmHWM peak resident set size ("high water mark") 277 VmRSS size of memory portions. It contains the three 278 following parts 279 (VmRSS = RssAnon + RssFile + RssShmem) 280 RssAnon size of resident anonymous memory 281 RssFile size of resident file mappings 282 RssShmem size of resident shmem memory (includes SysV shm, 283 mapping of tmpfs and shared anonymous mappings) 284 VmData size of private data segments 285 VmStk size of stack segments 286 VmExe size of text segment 287 VmLib size of shared library code 288 VmPTE size of page table entries 289 VmSwap amount of swap used by anonymous private data 290 (shmem swap usage is not included) 291 HugetlbPages size of hugetlb memory portions 292 CoreDumping process's memory is currently being dumped 293 (killing the process may lead to a corrupted core) 294 THP_enabled process is allowed to use THP (returns 0 when 295 PR_SET_THP_DISABLE is set on the process to disable 296 THP completely, not just partially) 297 Threads number of threads 298 SigQ number of signals queued/max. number for queue 299 SigPnd bitmap of pending signals for the thread 300 ShdPnd bitmap of shared pending signals for the process 301 SigBlk bitmap of blocked signals 302 SigIgn bitmap of ignored signals 303 SigCgt bitmap of caught signals 304 CapInh bitmap of inheritable capabilities 305 CapPrm bitmap of permitted capabilities 306 CapEff bitmap of effective capabilities 307 CapBnd bitmap of capabilities bounding set 308 CapAmb bitmap of ambient capabilities 309 NoNewPrivs no_new_privs, like prctl(PR_GET_NO_NEW_PRIV, ...) 310 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...) 311 Speculation_Store_Bypass speculative store bypass mitigation status 312 SpeculationIndirectBranch indirect branch speculation mode 313 Cpus_allowed mask of CPUs on which this process may run 314 Cpus_allowed_list Same as previous, but in "list format" 315 Mems_allowed mask of memory nodes allowed to this process 316 Mems_allowed_list Same as previous, but in "list format" 317 voluntary_ctxt_switches number of voluntary context switches 318 nonvoluntary_ctxt_switches number of non voluntary context switches 319 ========================== =================================================== 320 321 322.. table:: Table 1-3: Contents of the statm fields (as of 2.6.8-rc3) 323 324 ======== =============================== ============================== 325 Field Content 326 ======== =============================== ============================== 327 size total program size (pages) (same as VmSize in status) 328 resident size of memory portions (pages) (same as VmRSS in status) 329 shared number of pages that are shared (i.e. backed by a file, same 330 as RssFile+RssShmem in status) 331 trs number of pages that are 'code' (not including libs; broken, 332 includes data segment) 333 lrs number of pages of library (always 0 on 2.6) 334 drs number of pages of data/stack (including libs; broken, 335 includes library text) 336 dt number of dirty pages (always 0 on 2.6) 337 ======== =============================== ============================== 338 339 340.. table:: Table 1-4: Contents of the stat fields (as of 2.6.30-rc7) 341 342 ============= =============================================================== 343 Field Content 344 ============= =============================================================== 345 pid process id 346 tcomm filename of the executable 347 state state (R is running, S is sleeping, D is sleeping in an 348 uninterruptible wait, Z is zombie, T is traced or stopped) 349 ppid process id of the parent process 350 pgrp pgrp of the process 351 sid session id 352 tty_nr tty the process uses 353 tty_pgrp pgrp of the tty 354 flags task flags 355 min_flt number of minor faults 356 cmin_flt number of minor faults with child's 357 maj_flt number of major faults 358 cmaj_flt number of major faults with child's 359 utime user mode jiffies 360 stime kernel mode jiffies 361 cutime user mode jiffies with child's 362 cstime kernel mode jiffies with child's 363 priority priority level 364 nice nice level 365 num_threads number of threads 366 it_real_value (obsolete, always 0) 367 start_time time the process started after system boot 368 vsize virtual memory size 369 rss resident set memory size 370 rsslim current limit in bytes on the rss 371 start_code address above which program text can run 372 end_code address below which program text can run 373 start_stack address of the start of the main process stack 374 esp current value of ESP 375 eip current value of EIP 376 pending bitmap of pending signals 377 blocked bitmap of blocked signals 378 sigign bitmap of ignored signals 379 sigcatch bitmap of caught signals 380 0 (place holder, used to be the wchan address, 381 use /proc/PID/wchan instead) 382 0 (place holder) 383 0 (place holder) 384 exit_signal signal to send to parent thread on exit 385 task_cpu which CPU the task is scheduled on 386 rt_priority realtime priority 387 policy scheduling policy (man sched_setscheduler) 388 blkio_ticks time spent waiting for block IO 389 gtime guest time of the task in jiffies 390 cgtime guest time of the task children in jiffies 391 start_data address above which program data+bss is placed 392 end_data address below which program data+bss is placed 393 start_brk address above which program heap can be expanded with brk() 394 arg_start address above which program command line is placed 395 arg_end address below which program command line is placed 396 env_start address above which program environment is placed 397 env_end address below which program environment is placed 398 exit_code the thread's exit_code in the form reported by the waitpid 399 system call 400 ============= =============================================================== 401 402The /proc/PID/maps file contains the currently mapped memory regions and 403their access permissions. 404 405The format is:: 406 407 address perms offset dev inode pathname 408 409 08048000-08049000 r-xp 00000000 03:00 8312 /opt/test 410 08049000-0804a000 rw-p 00001000 03:00 8312 /opt/test 411 0804a000-0806b000 rw-p 00000000 00:00 0 [heap] 412 a7cb1000-a7cb2000 ---p 00000000 00:00 0 413 a7cb2000-a7eb2000 rw-p 00000000 00:00 0 414 a7eb2000-a7eb3000 ---p 00000000 00:00 0 415 a7eb3000-a7ed5000 rw-p 00000000 00:00 0 416 a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 417 a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 418 a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 419 a800b000-a800e000 rw-p 00000000 00:00 0 420 a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 421 a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 422 a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 423 a8024000-a8027000 rw-p 00000000 00:00 0 424 a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 425 a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 426 a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 427 aff35000-aff4a000 rw-p 00000000 00:00 0 [stack] 428 ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] 429 430where "address" is the address space in the process that it occupies, "perms" 431is a set of permissions:: 432 433 r = read 434 w = write 435 x = execute 436 s = shared 437 p = private (copy on write) 438 439"offset" is the offset into the mapping, "dev" is the device (major:minor), and 440"inode" is the inode on that device. 0 indicates that no inode is associated 441with the memory region, as the case would be with BSS (uninitialized data). 442The "pathname" shows the name associated file for this mapping. If the mapping 443is not associated with a file: 444 445 =================== =========================================== 446 [heap] the heap of the program 447 [stack] the stack of the main process 448 [vdso] the "virtual dynamic shared object", 449 the kernel system call handler 450 [anon:<name>] a private anonymous mapping that has been 451 named by userspace 452 [anon_shmem:<name>] an anonymous shared memory mapping that has 453 been named by userspace 454 =================== =========================================== 455 456 or if empty, the mapping is anonymous. 457 458Starting with 6.11 kernel, /proc/PID/maps provides an alternative 459ioctl()-based API that gives ability to flexibly and efficiently query and 460filter individual VMAs. This interface is binary and is meant for more 461efficient and easy programmatic use. `struct procmap_query`, defined in 462linux/fs.h UAPI header, serves as an input/output argument to the 463`PROCMAP_QUERY` ioctl() command. See comments in linus/fs.h UAPI header for 464details on query semantics, supported flags, data returned, and general API 465usage information. 466 467The /proc/PID/smaps is an extension based on maps, showing the memory 468consumption for each of the process's mappings. For each mapping (aka Virtual 469Memory Area, or VMA) there is a series of lines such as the following:: 470 471 08048000-080bc000 r-xp 00000000 03:02 13130 /bin/bash 472 473 Size: 1084 kB 474 KernelPageSize: 4 kB 475 MMUPageSize: 4 kB 476 Rss: 892 kB 477 Pss: 374 kB 478 Pss_Dirty: 0 kB 479 Shared_Clean: 892 kB 480 Shared_Dirty: 0 kB 481 Private_Clean: 0 kB 482 Private_Dirty: 0 kB 483 Referenced: 892 kB 484 Anonymous: 0 kB 485 KSM: 0 kB 486 LazyFree: 0 kB 487 AnonHugePages: 0 kB 488 ShmemPmdMapped: 0 kB 489 Shared_Hugetlb: 0 kB 490 Private_Hugetlb: 0 kB 491 Swap: 0 kB 492 SwapPss: 0 kB 493 KernelPageSize: 4 kB 494 MMUPageSize: 4 kB 495 Locked: 0 kB 496 THPeligible: 0 497 VmFlags: rd ex mr mw me dw 498 499The first of these lines shows the same information as is displayed for 500the mapping in /proc/PID/maps. Following lines show the size of the 501mapping (size); the size of each page allocated when backing a VMA 502(KernelPageSize), which is usually the same as the size in the page table 503entries; the page size used by the MMU when backing a VMA (in most cases, 504the same as KernelPageSize); the amount of the mapping that is currently 505resident in RAM (RSS); the process's proportional share of this mapping 506(PSS); and the number of clean and dirty shared and private pages in the 507mapping. 508 509The "proportional set size" (PSS) of a process is the count of pages it has 510in memory, where each page is divided by the number of processes sharing it. 511So if a process has 1000 pages all to itself, and 1000 shared with one other 512process, its PSS will be 1500. "Pss_Dirty" is the portion of PSS which 513consists of dirty pages. ("Pss_Clean" is not included, but it can be 514calculated by subtracting "Pss_Dirty" from "Pss".) 515 516Traditionally, a page is accounted as "private" if it is mapped exactly once, 517and a page is accounted as "shared" when mapped multiple times, even when 518mapped in the same process multiple times. Note that this accounting is 519independent of MAP_SHARED. 520 521In some kernel configurations, the semantics of pages part of a larger 522allocation (e.g., THP) can differ: a page is accounted as "private" if all 523pages part of the corresponding large allocation are *certainly* mapped in the 524same process, even if the page is mapped multiple times in that process. A 525page is accounted as "shared" if any page page of the larger allocation 526is *maybe* mapped in a different process. In some cases, a large allocation 527might be treated as "maybe mapped by multiple processes" even though this 528is no longer the case. 529 530Some kernel configurations do not track the precise number of times a page part 531of a larger allocation is mapped. In this case, when calculating the PSS, the 532average number of mappings per page in this larger allocation might be used 533as an approximation for the number of mappings of a page. The PSS calculation 534will be imprecise in this case. 535 536"Referenced" indicates the amount of memory currently marked as referenced or 537accessed. 538 539"Anonymous" shows the amount of memory that does not belong to any file. Even 540a mapping associated with a file may contain anonymous pages: when MAP_PRIVATE 541and a page is modified, the file page is replaced by a private anonymous copy. 542 543"KSM" reports how many of the pages are KSM pages. Note that KSM-placed zeropages 544are not included, only actual KSM pages. 545 546"LazyFree" shows the amount of memory which is marked by madvise(MADV_FREE). 547The memory isn't freed immediately with madvise(). It's freed in memory 548pressure if the memory is clean. Please note that the printed value might 549be lower than the real value due to optimizations used in the current 550implementation. If this is not desirable please file a bug report. 551 552"AnonHugePages" shows the amount of memory backed by transparent hugepage. 553 554"ShmemPmdMapped" shows the amount of shared (shmem/tmpfs) memory backed by 555huge pages. 556 557"Shared_Hugetlb" and "Private_Hugetlb" show the amounts of memory backed by 558hugetlbfs page which is *not* counted in "RSS" or "PSS" field for historical 559reasons. And these are not included in {Shared,Private}_{Clean,Dirty} field. 560 561"Swap" shows how much would-be-anonymous memory is also used, but out on swap. 562 563For shmem mappings, "Swap" includes also the size of the mapped (and not 564replaced by copy-on-write) part of the underlying shmem object out on swap. 565"SwapPss" shows proportional swap share of this mapping. Unlike "Swap", this 566does not take into account swapped out page of underlying shmem objects. 567"Locked" indicates whether the mapping is locked in memory or not. 568 569"THPeligible" indicates whether the mapping is eligible for allocating 570naturally aligned THP pages of any currently enabled size. 1 if true, 0 571otherwise. 572 573"VmFlags" field deserves a separate description. This member represents the 574kernel flags associated with the particular virtual memory area in two letter 575encoded manner. The codes are the following: 576 577 == ======================================= 578 rd readable 579 wr writeable 580 ex executable 581 sh shared 582 mr may read 583 mw may write 584 me may execute 585 ms may share 586 gd stack segment growns down 587 pf pure PFN range 588 lo pages are locked in memory 589 io memory mapped I/O area 590 sr sequential read advise provided 591 rr random read advise provided 592 dc do not copy area on fork 593 de do not expand area on remapping 594 ac area is accountable 595 nr swap space is not reserved for the area 596 ht area uses huge tlb pages 597 sf synchronous page fault 598 ar architecture specific flag 599 wf wipe on fork 600 dd do not include area into core dump 601 sd soft dirty flag 602 mm mixed map area 603 hg huge page advise flag 604 nh no huge page advise flag 605 mg mergeable advise flag 606 bt arm64 BTI guarded page 607 mt arm64 MTE allocation tags are enabled 608 um userfaultfd missing tracking 609 uw userfaultfd wr-protect tracking 610 ui userfaultfd minor fault 611 ss shadow/guarded control stack page 612 sl sealed 613 lf lock on fault pages 614 dp always lazily freeable mapping 615 == ======================================= 616 617Note that there is no guarantee that every flag and associated mnemonic will 618be present in all further kernel releases. Things get changed, the flags may 619be vanished or the reverse -- new added. Interpretation of their meaning 620might change in future as well. So each consumer of these flags has to 621follow each specific kernel version for the exact semantic. 622 623This file is only present if the CONFIG_MMU kernel configuration option is 624enabled. 625 626Note: reading /proc/PID/maps or /proc/PID/smaps is inherently racy (consistent 627output can be achieved only in the single read call). 628 629This typically manifests when doing partial reads of these files while the 630memory map is being modified. Despite the races, we do provide the following 631guarantees: 632 6331) The mapped addresses never go backwards, which implies no two 634 regions will ever overlap. 6352) If there is something at a given vaddr during the entirety of the 636 life of the smaps/maps walk, there will be some output for it. 637 638The /proc/PID/smaps_rollup file includes the same fields as /proc/PID/smaps, 639but their values are the sums of the corresponding values for all mappings of 640the process. Additionally, it contains these fields: 641 642- Pss_Anon 643- Pss_File 644- Pss_Shmem 645 646They represent the proportional shares of anonymous, file, and shmem pages, as 647described for smaps above. These fields are omitted in smaps since each 648mapping identifies the type (anon, file, or shmem) of all pages it contains. 649Thus all information in smaps_rollup can be derived from smaps, but at a 650significantly higher cost. 651 652The /proc/PID/clear_refs is used to reset the PG_Referenced and ACCESSED/YOUNG 653bits on both physical and virtual pages associated with a process, and the 654soft-dirty bit on pte (see Documentation/admin-guide/mm/soft-dirty.rst 655for details). 656To clear the bits for all the pages associated with the process:: 657 658 > echo 1 > /proc/PID/clear_refs 659 660To clear the bits for the anonymous pages associated with the process:: 661 662 > echo 2 > /proc/PID/clear_refs 663 664To clear the bits for the file mapped pages associated with the process:: 665 666 > echo 3 > /proc/PID/clear_refs 667 668To clear the soft-dirty bit:: 669 670 > echo 4 > /proc/PID/clear_refs 671 672To reset the peak resident set size ("high water mark") to the process's 673current value:: 674 675 > echo 5 > /proc/PID/clear_refs 676 677Any other value written to /proc/PID/clear_refs will have no effect. 678 679The /proc/pid/pagemap gives the PFN, which can be used to find the pageflags 680using /proc/kpageflags and number of times a page is mapped using 681/proc/kpagecount. For detailed explanation, see 682Documentation/admin-guide/mm/pagemap.rst. 683 684The /proc/pid/numa_maps is an extension based on maps, showing the memory 685locality and binding policy, as well as the memory usage (in pages) of 686each mapping. The output follows a general format where mapping details get 687summarized separated by blank spaces, one mapping per each file line:: 688 689 address policy mapping details 690 691 00400000 default file=/usr/local/bin/app mapped=1 active=0 N3=1 kernelpagesize_kB=4 692 00600000 default file=/usr/local/bin/app anon=1 dirty=1 N3=1 kernelpagesize_kB=4 693 3206000000 default file=/lib64/ld-2.12.so mapped=26 mapmax=6 N0=24 N3=2 kernelpagesize_kB=4 694 320621f000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 695 3206220000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 696 3206221000 default anon=1 dirty=1 N3=1 kernelpagesize_kB=4 697 3206800000 default file=/lib64/libc-2.12.so mapped=59 mapmax=21 active=55 N0=41 N3=18 kernelpagesize_kB=4 698 320698b000 default file=/lib64/libc-2.12.so 699 3206b8a000 default file=/lib64/libc-2.12.so anon=2 dirty=2 N3=2 kernelpagesize_kB=4 700 3206b8e000 default file=/lib64/libc-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 701 3206b8f000 default anon=3 dirty=3 active=1 N3=3 kernelpagesize_kB=4 702 7f4dc10a2000 default anon=3 dirty=3 N3=3 kernelpagesize_kB=4 703 7f4dc10b4000 default anon=2 dirty=2 active=1 N3=2 kernelpagesize_kB=4 704 7f4dc1200000 default file=/anon_hugepage\040(deleted) huge anon=1 dirty=1 N3=1 kernelpagesize_kB=2048 705 7fff335f0000 default stack anon=3 dirty=3 N3=3 kernelpagesize_kB=4 706 7fff3369d000 default mapped=1 mapmax=35 active=0 N3=1 kernelpagesize_kB=4 707 708Where: 709 710"address" is the starting address for the mapping; 711 712"policy" reports the NUMA memory policy set for the mapping (see Documentation/admin-guide/mm/numa_memory_policy.rst); 713 714"mapping details" summarizes mapping data such as mapping type, page usage counters, 715node locality page counters (N0 == node0, N1 == node1, ...) and the kernel page 716size, in KB, that is backing the mapping up. 717 718Note that some kernel configurations do not track the precise number of times 719a page part of a larger allocation (e.g., THP) is mapped. In these 720configurations, "mapmax" might corresponds to the average number of mappings 721per page in such a larger allocation instead. 722 7231.2 Kernel data 724--------------- 725 726Similar to the process entries, the kernel data files give information about 727the running kernel. The files used to obtain this information are contained in 728/proc and are listed in Table 1-5. Not all of these will be present in your 729system. It depends on the kernel configuration and the loaded modules, which 730files are there, and which are missing. 731 732.. table:: Table 1-5: Kernel info in /proc 733 734 ============ =============================================================== 735 File Content 736 ============ =============================================================== 737 allocinfo Memory allocations profiling information 738 apm Advanced power management info 739 bootconfig Kernel command line obtained from boot config, 740 and, if there were kernel parameters from the 741 boot loader, a "# Parameters from bootloader:" 742 line followed by a line containing those 743 parameters prefixed by "# ". (5.5) 744 buddyinfo Kernel memory allocator information (see text) (2.5) 745 bus Directory containing bus specific information 746 cmdline Kernel command line, both from bootloader and embedded 747 in the kernel image 748 cpuinfo Info about the CPU 749 devices Available devices (block and character) 750 dma Used DMS channels 751 filesystems Supported filesystems 752 driver Various drivers grouped here, currently rtc (2.4) 753 execdomains Execdomains, related to security (2.4) 754 fb Frame Buffer devices (2.4) 755 fs File system parameters, currently nfs/exports (2.4) 756 ide Directory containing info about the IDE subsystem 757 interrupts Interrupt usage 758 iomem Memory map (2.4) 759 ioports I/O port usage 760 irq Masks for irq to cpu affinity (2.4)(smp?) 761 isapnp ISA PnP (Plug&Play) Info (2.4) 762 kcore Kernel core image (can be ELF or A.OUT(deprecated in 2.4)) 763 kmsg Kernel messages 764 ksyms Kernel symbol table 765 loadavg Load average of last 1, 5 & 15 minutes; 766 number of processes currently runnable (running or on ready queue); 767 total number of processes in system; 768 last pid created. 769 All fields are separated by one space except "number of 770 processes currently runnable" and "total number of processes 771 in system", which are separated by a slash ('/'). Example: 772 0.61 0.61 0.55 3/828 22084 773 locks Kernel locks 774 meminfo Memory info 775 misc Miscellaneous 776 modules List of loaded modules 777 mounts Mounted filesystems 778 net Networking info (see text) 779 pagetypeinfo Additional page allocator information (see text) (2.5) 780 partitions Table of partitions known to the system 781 pci Deprecated info of PCI bus (new way -> /proc/bus/pci/, 782 decoupled by lspci (2.4) 783 rtc Real time clock 784 scsi SCSI info (see text) 785 slabinfo Slab pool info 786 softirqs softirq usage 787 stat Overall statistics 788 swaps Swap space utilization 789 sys See chapter 2 790 sysvipc Info of SysVIPC Resources (msg, sem, shm) (2.4) 791 tty Info of tty drivers 792 uptime Wall clock since boot, combined idle time of all cpus 793 version Kernel version 794 video bttv info of video resources (2.4) 795 vmallocinfo Show vmalloced areas 796 ============ =============================================================== 797 798You can, for example, check which interrupts are currently in use and what 799they are used for by looking in the file /proc/interrupts:: 800 801 > cat /proc/interrupts 802 CPU0 803 0: 8728810 XT-PIC timer 804 1: 895 XT-PIC keyboard 805 2: 0 XT-PIC cascade 806 3: 531695 XT-PIC aha152x 807 4: 2014133 XT-PIC serial 808 5: 44401 XT-PIC pcnet_cs 809 8: 2 XT-PIC rtc 810 11: 8 XT-PIC i82365 811 12: 182918 XT-PIC PS/2 Mouse 812 13: 1 XT-PIC fpu 813 14: 1232265 XT-PIC ide0 814 15: 7 XT-PIC ide1 815 NMI: 0 816 817In 2.4.* a couple of lines where added to this file LOC & ERR (this time is the 818output of a SMP machine):: 819 820 > cat /proc/interrupts 821 822 CPU0 CPU1 823 0: 1243498 1214548 IO-APIC-edge timer 824 1: 8949 8958 IO-APIC-edge keyboard 825 2: 0 0 XT-PIC cascade 826 5: 11286 10161 IO-APIC-edge soundblaster 827 8: 1 0 IO-APIC-edge rtc 828 9: 27422 27407 IO-APIC-edge 3c503 829 12: 113645 113873 IO-APIC-edge PS/2 Mouse 830 13: 0 0 XT-PIC fpu 831 14: 22491 24012 IO-APIC-edge ide0 832 15: 2183 2415 IO-APIC-edge ide1 833 17: 30564 30414 IO-APIC-level eth0 834 18: 177 164 IO-APIC-level bttv 835 NMI: 2457961 2457959 836 LOC: 2457882 2457881 837 ERR: 2155 838 839NMI is incremented in this case because every timer interrupt generates a NMI 840(Non Maskable Interrupt) which is used by the NMI Watchdog to detect lockups. 841 842LOC is the local interrupt counter of the internal APIC of every CPU. 843 844ERR is incremented in the case of errors in the IO-APIC bus (the bus that 845connects the CPUs in a SMP system. This means that an error has been detected, 846the IO-APIC automatically retry the transmission, so it should not be a big 847problem, but you should read the SMP-FAQ. 848 849In 2.6.2* /proc/interrupts was expanded again. This time the goal was for 850/proc/interrupts to display every IRQ vector in use by the system, not 851just those considered 'most important'. The new vectors are: 852 853THR 854 interrupt raised when a machine check threshold counter 855 (typically counting ECC corrected errors of memory or cache) exceeds 856 a configurable threshold. Only available on some systems. 857 858TRM 859 a thermal event interrupt occurs when a temperature threshold 860 has been exceeded for the CPU. This interrupt may also be generated 861 when the temperature drops back to normal. 862 863SPU 864 a spurious interrupt is some interrupt that was raised then lowered 865 by some IO device before it could be fully processed by the APIC. Hence 866 the APIC sees the interrupt but does not know what device it came from. 867 For this case the APIC will generate the interrupt with a IRQ vector 868 of 0xff. This might also be generated by chipset bugs. 869 870RES, CAL, TLB 871 rescheduling, call and TLB flush interrupts are 872 sent from one CPU to another per the needs of the OS. Typically, 873 their statistics are used by kernel developers and interested users to 874 determine the occurrence of interrupts of the given type. 875 876The above IRQ vectors are displayed only when relevant. For example, 877the threshold vector does not exist on x86_64 platforms. Others are 878suppressed when the system is a uniprocessor. As of this writing, only 879i386 and x86_64 platforms support the new IRQ vector displays. 880 881Of some interest is the introduction of the /proc/irq directory to 2.4. 882It could be used to set IRQ to CPU affinity. This means that you can "hook" an 883IRQ to only one CPU, or to exclude a CPU of handling IRQs. The contents of the 884irq subdir is one subdir for each IRQ, and two files; default_smp_affinity and 885prof_cpu_mask. 886 887For example:: 888 889 > ls /proc/irq/ 890 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask 891 1 11 13 15 17 19 3 5 7 9 default_smp_affinity 892 > ls /proc/irq/0/ 893 smp_affinity 894 895smp_affinity is a bitmask, in which you can specify which CPUs can handle the 896IRQ. You can set it by doing:: 897 898 > echo 1 > /proc/irq/10/smp_affinity 899 900This means that only the first CPU will handle the IRQ, but you can also echo 9015 which means that only the first and third CPU can handle the IRQ. 902 903The contents of each smp_affinity file is the same by default:: 904 905 > cat /proc/irq/0/smp_affinity 906 ffffffff 907 908There is an alternate interface, smp_affinity_list which allows specifying 909a CPU range instead of a bitmask:: 910 911 > cat /proc/irq/0/smp_affinity_list 912 1024-1031 913 914The default_smp_affinity mask applies to all non-active IRQs, which are the 915IRQs which have not yet been allocated/activated, and hence which lack a 916/proc/irq/[0-9]* directory. 917 918The node file on an SMP system shows the node to which the device using the IRQ 919reports itself as being attached. This hardware locality information does not 920include information about any possible driver locality preference. 921 922prof_cpu_mask specifies which CPUs are to be profiled by the system wide 923profiler. Default value is ffffffff (all CPUs if there are only 32 of them). 924 925The way IRQs are routed is handled by the IO-APIC, and it's Round Robin 926between all the CPUs which are allowed to handle it. As usual the kernel has 927more info than you and does a better job than you, so the defaults are the 928best choice for almost everyone. [Note this applies only to those IO-APIC's 929that support "Round Robin" interrupt distribution.] 930 931There are three more important subdirectories in /proc: net, scsi, and sys. 932The general rule is that the contents, or even the existence of these 933directories, depend on your kernel configuration. If SCSI is not enabled, the 934directory scsi may not exist. The same is true with the net, which is there 935only when networking support is present in the running kernel. 936 937The slabinfo file gives information about memory usage at the slab level. 938Linux uses slab pools for memory management above page level in version 2.2. 939Commonly used objects have their own slab pool (such as network buffers, 940directory cache, and so on). 941 942:: 943 944 > cat /proc/buddyinfo 945 946 Node 0, zone DMA 0 4 5 4 4 3 ... 947 Node 0, zone Normal 1 0 0 1 101 8 ... 948 Node 0, zone HighMem 2 0 0 1 1 0 ... 949 950External fragmentation is a problem under some workloads, and buddyinfo is a 951useful tool for helping diagnose these problems. Buddyinfo will give you a 952clue as to how big an area you can safely allocate, or why a previous 953allocation failed. 954 955Each column represents the number of pages of a certain order which are 956available. In this case, there are 0 chunks of 2^0*PAGE_SIZE available in 957ZONE_DMA, 4 chunks of 2^1*PAGE_SIZE in ZONE_DMA, 101 chunks of 2^4*PAGE_SIZE 958available in ZONE_NORMAL, etc... 959 960More information relevant to external fragmentation can be found in 961pagetypeinfo:: 962 963 > cat /proc/pagetypeinfo 964 Page block order: 9 965 Pages per block: 512 966 967 Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 968 Node 0, zone DMA, type Unmovable 0 0 0 1 1 1 1 1 1 1 0 969 Node 0, zone DMA, type Reclaimable 0 0 0 0 0 0 0 0 0 0 0 970 Node 0, zone DMA, type Movable 1 1 2 1 2 1 1 0 1 0 2 971 Node 0, zone DMA, type Reserve 0 0 0 0 0 0 0 0 0 1 0 972 Node 0, zone DMA, type Isolate 0 0 0 0 0 0 0 0 0 0 0 973 Node 0, zone DMA32, type Unmovable 103 54 77 1 1 1 11 8 7 1 9 974 Node 0, zone DMA32, type Reclaimable 0 0 2 1 0 0 0 0 1 0 0 975 Node 0, zone DMA32, type Movable 169 152 113 91 77 54 39 13 6 1 452 976 Node 0, zone DMA32, type Reserve 1 2 2 2 2 0 1 1 1 1 0 977 Node 0, zone DMA32, type Isolate 0 0 0 0 0 0 0 0 0 0 0 978 979 Number of blocks type Unmovable Reclaimable Movable Reserve Isolate 980 Node 0, zone DMA 2 0 5 1 0 981 Node 0, zone DMA32 41 6 967 2 0 982 983Fragmentation avoidance in the kernel works by grouping pages of different 984migrate types into the same contiguous regions of memory called page blocks. 985A page block is typically the size of the default hugepage size, e.g. 2MB on 986X86-64. By keeping pages grouped based on their ability to move, the kernel 987can reclaim pages within a page block to satisfy a high-order allocation. 988 989The pagetypinfo begins with information on the size of a page block. It 990then gives the same type of information as buddyinfo except broken down 991by migrate-type and finishes with details on how many page blocks of each 992type exist. 993 994If min_free_kbytes has been tuned correctly (recommendations made by hugeadm 995from libhugetlbfs https://github.com/libhugetlbfs/libhugetlbfs/), one can 996make an estimate of the likely number of huge pages that can be allocated 997at a given point in time. All the "Movable" blocks should be allocatable 998unless memory has been mlock()'d. Some of the Reclaimable blocks should 999also be allocatable although a lot of filesystem metadata may have to be 1000reclaimed to achieve this. 1001 1002 1003allocinfo 1004~~~~~~~~~ 1005 1006Provides information about memory allocations at all locations in the code 1007base. Each allocation in the code is identified by its source file, line 1008number, module (if originates from a loadable module) and the function calling 1009the allocation. The number of bytes allocated and number of calls at each 1010location are reported. The first line indicates the version of the file, the 1011second line is the header listing fields in the file. 1012 1013Example output. 1014 1015:: 1016 1017 > tail -n +3 /proc/allocinfo | sort -rn 1018 127664128 31168 mm/page_ext.c:270 func:alloc_page_ext 1019 56373248 4737 mm/slub.c:2259 func:alloc_slab_page 1020 14880768 3633 mm/readahead.c:247 func:page_cache_ra_unbounded 1021 14417920 3520 mm/mm_init.c:2530 func:alloc_large_system_hash 1022 13377536 234 block/blk-mq.c:3421 func:blk_mq_alloc_rqs 1023 11718656 2861 mm/filemap.c:1919 func:__filemap_get_folio 1024 9192960 2800 kernel/fork.c:307 func:alloc_thread_stack_node 1025 4206592 4 net/netfilter/nf_conntrack_core.c:2567 func:nf_ct_alloc_hashtable 1026 4136960 1010 drivers/staging/ctagmod/ctagmod.c:20 [ctagmod] func:ctagmod_start 1027 3940352 962 mm/memory.c:4214 func:alloc_anon_folio 1028 2894464 22613 fs/kernfs/dir.c:615 func:__kernfs_new_node 1029 ... 1030 1031 1032meminfo 1033~~~~~~~ 1034 1035Provides information about distribution and utilization of memory. This 1036varies by architecture and compile options. Some of the counters reported 1037here overlap. The memory reported by the non overlapping counters may not 1038add up to the overall memory usage and the difference for some workloads 1039can be substantial. In many cases there are other means to find out 1040additional memory using subsystem specific interfaces, for instance 1041/proc/net/sockstat for TCP memory allocations. 1042 1043Example output. You may not have all of these fields. 1044 1045:: 1046 1047 > cat /proc/meminfo 1048 1049 MemTotal: 32858820 kB 1050 MemFree: 21001236 kB 1051 MemAvailable: 27214312 kB 1052 Buffers: 581092 kB 1053 Cached: 5587612 kB 1054 SwapCached: 0 kB 1055 Active: 3237152 kB 1056 Inactive: 7586256 kB 1057 Active(anon): 94064 kB 1058 Inactive(anon): 4570616 kB 1059 Active(file): 3143088 kB 1060 Inactive(file): 3015640 kB 1061 Unevictable: 0 kB 1062 Mlocked: 0 kB 1063 SwapTotal: 0 kB 1064 SwapFree: 0 kB 1065 Zswap: 1904 kB 1066 Zswapped: 7792 kB 1067 Dirty: 12 kB 1068 Writeback: 0 kB 1069 AnonPages: 4654780 kB 1070 Mapped: 266244 kB 1071 Shmem: 9976 kB 1072 KReclaimable: 517708 kB 1073 Slab: 660044 kB 1074 SReclaimable: 517708 kB 1075 SUnreclaim: 142336 kB 1076 KernelStack: 11168 kB 1077 PageTables: 20540 kB 1078 SecPageTables: 0 kB 1079 NFS_Unstable: 0 kB 1080 Bounce: 0 kB 1081 WritebackTmp: 0 kB 1082 CommitLimit: 16429408 kB 1083 Committed_AS: 7715148 kB 1084 VmallocTotal: 34359738367 kB 1085 VmallocUsed: 40444 kB 1086 VmallocChunk: 0 kB 1087 Percpu: 29312 kB 1088 EarlyMemtestBad: 0 kB 1089 HardwareCorrupted: 0 kB 1090 AnonHugePages: 4149248 kB 1091 ShmemHugePages: 0 kB 1092 ShmemPmdMapped: 0 kB 1093 FileHugePages: 0 kB 1094 FilePmdMapped: 0 kB 1095 CmaTotal: 0 kB 1096 CmaFree: 0 kB 1097 Unaccepted: 0 kB 1098 Balloon: 0 kB 1099 HugePages_Total: 0 1100 HugePages_Free: 0 1101 HugePages_Rsvd: 0 1102 HugePages_Surp: 0 1103 Hugepagesize: 2048 kB 1104 Hugetlb: 0 kB 1105 DirectMap4k: 401152 kB 1106 DirectMap2M: 10008576 kB 1107 DirectMap1G: 24117248 kB 1108 1109MemTotal 1110 Total usable RAM (i.e. physical RAM minus a few reserved 1111 bits and the kernel binary code) 1112MemFree 1113 Total free RAM. On highmem systems, the sum of LowFree+HighFree 1114MemAvailable 1115 An estimate of how much memory is available for starting new 1116 applications, without swapping. Calculated from MemFree, 1117 SReclaimable, the size of the file LRU lists, and the low 1118 watermarks in each zone. 1119 The estimate takes into account that the system needs some 1120 page cache to function well, and that not all reclaimable 1121 slab will be reclaimable, due to items being in use. The 1122 impact of those factors will vary from system to system. 1123Buffers 1124 Relatively temporary storage for raw disk blocks 1125 shouldn't get tremendously large (20MB or so) 1126Cached 1127 In-memory cache for files read from the disk (the 1128 pagecache) as well as tmpfs & shmem. 1129 Doesn't include SwapCached. 1130SwapCached 1131 Memory that once was swapped out, is swapped back in but 1132 still also is in the swapfile (if memory is needed it 1133 doesn't need to be swapped out AGAIN because it is already 1134 in the swapfile. This saves I/O) 1135Active 1136 Memory that has been used more recently and usually not 1137 reclaimed unless absolutely necessary. 1138Inactive 1139 Memory which has been less recently used. It is more 1140 eligible to be reclaimed for other purposes 1141Unevictable 1142 Memory allocated for userspace which cannot be reclaimed, such 1143 as mlocked pages, ramfs backing pages, secret memfd pages etc. 1144Mlocked 1145 Memory locked with mlock(). 1146HighTotal, HighFree 1147 Highmem is all memory above ~860MB of physical memory. 1148 Highmem areas are for use by userspace programs, or 1149 for the pagecache. The kernel must use tricks to access 1150 this memory, making it slower to access than lowmem. 1151LowTotal, LowFree 1152 Lowmem is memory which can be used for everything that 1153 highmem can be used for, but it is also available for the 1154 kernel's use for its own data structures. Among many 1155 other things, it is where everything from the Slab is 1156 allocated. Bad things happen when you're out of lowmem. 1157SwapTotal 1158 total amount of swap space available 1159SwapFree 1160 Memory which has been evicted from RAM, and is temporarily 1161 on the disk 1162Zswap 1163 Memory consumed by the zswap backend (compressed size) 1164Zswapped 1165 Amount of anonymous memory stored in zswap (original size) 1166Dirty 1167 Memory which is waiting to get written back to the disk 1168Writeback 1169 Memory which is actively being written back to the disk 1170AnonPages 1171 Non-file backed pages mapped into userspace page tables. Note that 1172 some kernel configurations might consider all pages part of a 1173 larger allocation (e.g., THP) as "mapped", as soon as a single 1174 page is mapped. 1175Mapped 1176 files which have been mmapped, such as libraries. Note that some 1177 kernel configurations might consider all pages part of a larger 1178 allocation (e.g., THP) as "mapped", as soon as a single page is 1179 mapped. 1180Shmem 1181 Total memory used by shared memory (shmem) and tmpfs 1182KReclaimable 1183 Kernel allocations that the kernel will attempt to reclaim 1184 under memory pressure. Includes SReclaimable (below), and other 1185 direct allocations with a shrinker. 1186Slab 1187 in-kernel data structures cache 1188SReclaimable 1189 Part of Slab, that might be reclaimed, such as caches 1190SUnreclaim 1191 Part of Slab, that cannot be reclaimed on memory pressure 1192KernelStack 1193 Memory consumed by the kernel stacks of all tasks 1194PageTables 1195 Memory consumed by userspace page tables 1196SecPageTables 1197 Memory consumed by secondary page tables, this currently includes 1198 KVM mmu and IOMMU allocations on x86 and arm64. 1199NFS_Unstable 1200 Always zero. Previously counted pages which had been written to 1201 the server, but has not been committed to stable storage. 1202Bounce 1203 Always zero. Previously memory used for block device 1204 "bounce buffers". 1205WritebackTmp 1206 Always zero. Previously memory used by FUSE for temporary 1207 writeback buffers. 1208CommitLimit 1209 Based on the overcommit ratio ('vm.overcommit_ratio'), 1210 this is the total amount of memory currently available to 1211 be allocated on the system. This limit is only adhered to 1212 if strict overcommit accounting is enabled (mode 2 in 1213 'vm.overcommit_memory'). 1214 1215 The CommitLimit is calculated with the following formula:: 1216 1217 CommitLimit = ([total RAM pages] - [total huge TLB pages]) * 1218 overcommit_ratio / 100 + [total swap pages] 1219 1220 For example, on a system with 1G of physical RAM and 7G 1221 of swap with a `vm.overcommit_ratio` of 30 it would 1222 yield a CommitLimit of 7.3G. 1223 1224 For more details, see the memory overcommit documentation 1225 in mm/overcommit-accounting. 1226Committed_AS 1227 The amount of memory presently allocated on the system. 1228 The committed memory is a sum of all of the memory which 1229 has been allocated by processes, even if it has not been 1230 "used" by them as of yet. A process which malloc()'s 1G 1231 of memory, but only touches 300M of it will show up as 1232 using 1G. This 1G is memory which has been "committed" to 1233 by the VM and can be used at any time by the allocating 1234 application. With strict overcommit enabled on the system 1235 (mode 2 in 'vm.overcommit_memory'), allocations which would 1236 exceed the CommitLimit (detailed above) will not be permitted. 1237 This is useful if one needs to guarantee that processes will 1238 not fail due to lack of memory once that memory has been 1239 successfully allocated. 1240VmallocTotal 1241 total size of vmalloc virtual address space 1242VmallocUsed 1243 amount of vmalloc area which is used 1244VmallocChunk 1245 largest contiguous block of vmalloc area which is free 1246Percpu 1247 Memory allocated to the percpu allocator used to back percpu 1248 allocations. This stat excludes the cost of metadata. 1249EarlyMemtestBad 1250 The amount of RAM/memory in kB, that was identified as corrupted 1251 by early memtest. If memtest was not run, this field will not 1252 be displayed at all. Size is never rounded down to 0 kB. 1253 That means if 0 kB is reported, you can safely assume 1254 there was at least one pass of memtest and none of the passes 1255 found a single faulty byte of RAM. 1256HardwareCorrupted 1257 The amount of RAM/memory in KB, the kernel identifies as 1258 corrupted. 1259AnonHugePages 1260 Non-file backed huge pages mapped into userspace page tables 1261ShmemHugePages 1262 Memory used by shared memory (shmem) and tmpfs allocated 1263 with huge pages 1264ShmemPmdMapped 1265 Shared memory mapped into userspace with huge pages 1266FileHugePages 1267 Memory used for filesystem data (page cache) allocated 1268 with huge pages 1269FilePmdMapped 1270 Page cache mapped into userspace with huge pages 1271CmaTotal 1272 Memory reserved for the Contiguous Memory Allocator (CMA) 1273CmaFree 1274 Free remaining memory in the CMA reserves 1275Unaccepted 1276 Memory that has not been accepted by the guest 1277Balloon 1278 Memory returned to Host by VM Balloon Drivers 1279HugePages_Total, HugePages_Free, HugePages_Rsvd, HugePages_Surp, Hugepagesize, Hugetlb 1280 See Documentation/admin-guide/mm/hugetlbpage.rst. 1281DirectMap4k, DirectMap2M, DirectMap1G 1282 Breakdown of page table sizes used in the kernel's 1283 identity mapping of RAM 1284 1285vmallocinfo 1286~~~~~~~~~~~ 1287 1288Provides information about vmalloced/vmaped areas. One line per area, 1289containing the virtual address range of the area, size in bytes, 1290caller information of the creator, and optional information depending 1291on the kind of area: 1292 1293 ========== =================================================== 1294 pages=nr number of pages 1295 phys=addr if a physical address was specified 1296 ioremap I/O mapping (ioremap() and friends) 1297 vmalloc vmalloc() area 1298 vmap vmap()ed pages 1299 user VM_USERMAP area 1300 vpages buffer for pages pointers was vmalloced (huge area) 1301 N<node>=nr (Only on NUMA kernels) 1302 Number of pages allocated on memory node <node> 1303 ========== =================================================== 1304 1305:: 1306 1307 > cat /proc/vmallocinfo 1308 0xffffc20000000000-0xffffc20000201000 2101248 alloc_large_system_hash+0x204 ... 1309 /0x2c0 pages=512 vmalloc N0=128 N1=128 N2=128 N3=128 1310 0xffffc20000201000-0xffffc20000302000 1052672 alloc_large_system_hash+0x204 ... 1311 /0x2c0 pages=256 vmalloc N0=64 N1=64 N2=64 N3=64 1312 0xffffc20000302000-0xffffc20000304000 8192 acpi_tb_verify_table+0x21/0x4f... 1313 phys=7fee8000 ioremap 1314 0xffffc20000304000-0xffffc20000307000 12288 acpi_tb_verify_table+0x21/0x4f... 1315 phys=7fee7000 ioremap 1316 0xffffc2000031d000-0xffffc2000031f000 8192 init_vdso_vars+0x112/0x210 1317 0xffffc2000031f000-0xffffc2000032b000 49152 cramfs_uncompress_init+0x2e ... 1318 /0x80 pages=11 vmalloc N0=3 N1=3 N2=2 N3=3 1319 0xffffc2000033a000-0xffffc2000033d000 12288 sys_swapon+0x640/0xac0 ... 1320 pages=2 vmalloc N1=2 1321 0xffffc20000347000-0xffffc2000034c000 20480 xt_alloc_table_info+0xfe ... 1322 /0x130 [x_tables] pages=4 vmalloc N0=4 1323 0xffffffffa0000000-0xffffffffa000f000 61440 sys_init_module+0xc27/0x1d00 ... 1324 pages=14 vmalloc N2=14 1325 0xffffffffa000f000-0xffffffffa0014000 20480 sys_init_module+0xc27/0x1d00 ... 1326 pages=4 vmalloc N1=4 1327 0xffffffffa0014000-0xffffffffa0017000 12288 sys_init_module+0xc27/0x1d00 ... 1328 pages=2 vmalloc N1=2 1329 0xffffffffa0017000-0xffffffffa0022000 45056 sys_init_module+0xc27/0x1d00 ... 1330 pages=10 vmalloc N0=10 1331 1332 1333softirqs 1334~~~~~~~~ 1335 1336Provides counts of softirq handlers serviced since boot time, for each CPU. 1337 1338:: 1339 1340 > cat /proc/softirqs 1341 CPU0 CPU1 CPU2 CPU3 1342 HI: 0 0 0 0 1343 TIMER: 27166 27120 27097 27034 1344 NET_TX: 0 0 0 17 1345 NET_RX: 42 0 0 39 1346 BLOCK: 0 0 107 1121 1347 TASKLET: 0 0 0 290 1348 SCHED: 27035 26983 26971 26746 1349 HRTIMER: 0 0 0 0 1350 RCU: 1678 1769 2178 2250 1351 13521.3 Networking info in /proc/net 1353-------------------------------- 1354 1355The subdirectory /proc/net follows the usual pattern. Table 1-8 shows the 1356additional values you get for IP version 6 if you configure the kernel to 1357support this. Table 1-9 lists the files and their meaning. 1358 1359 1360.. table:: Table 1-8: IPv6 info in /proc/net 1361 1362 ========== ===================================================== 1363 File Content 1364 ========== ===================================================== 1365 udp6 UDP sockets (IPv6) 1366 tcp6 TCP sockets (IPv6) 1367 raw6 Raw device statistics (IPv6) 1368 igmp6 IP multicast addresses, which this host joined (IPv6) 1369 if_inet6 List of IPv6 interface addresses 1370 ipv6_route Kernel routing table for IPv6 1371 rt6_stats Global IPv6 routing tables statistics 1372 sockstat6 Socket statistics (IPv6) 1373 snmp6 Snmp data (IPv6) 1374 ========== ===================================================== 1375 1376.. table:: Table 1-9: Network info in /proc/net 1377 1378 ============= ================================================================ 1379 File Content 1380 ============= ================================================================ 1381 arp Kernel ARP table 1382 dev network devices with statistics 1383 dev_mcast the Layer2 multicast groups a device is listening too 1384 (interface index, label, number of references, number of bound 1385 addresses). 1386 dev_stat network device status 1387 ip_fwchains Firewall chain linkage 1388 ip_fwnames Firewall chain names 1389 ip_masq Directory containing the masquerading tables 1390 ip_masquerade Major masquerading table 1391 netstat Network statistics 1392 raw raw device statistics 1393 route Kernel routing table 1394 rpc Directory containing rpc info 1395 rt_cache Routing cache 1396 snmp SNMP data 1397 sockstat Socket statistics 1398 softnet_stat Per-CPU incoming packets queues statistics of online CPUs 1399 tcp TCP sockets 1400 udp UDP sockets 1401 unix UNIX domain sockets 1402 wireless Wireless interface data (Wavelan etc) 1403 igmp IP multicast addresses, which this host joined 1404 psched Global packet scheduler parameters. 1405 netlink List of PF_NETLINK sockets 1406 ip_mr_vifs List of multicast virtual interfaces 1407 ip_mr_cache List of multicast routing cache 1408 ============= ================================================================ 1409 1410You can use this information to see which network devices are available in 1411your system and how much traffic was routed over those devices:: 1412 1413 > cat /proc/net/dev 1414 Inter-|Receive |[... 1415 face |bytes packets errs drop fifo frame compressed multicast|[... 1416 lo: 908188 5596 0 0 0 0 0 0 [... 1417 ppp0:15475140 20721 410 0 0 410 0 0 [... 1418 eth0: 614530 7085 0 0 0 0 0 1 [... 1419 1420 ...] Transmit 1421 ...] bytes packets errs drop fifo colls carrier compressed 1422 ...] 908188 5596 0 0 0 0 0 0 1423 ...] 1375103 17405 0 0 0 0 0 0 1424 ...] 1703981 5535 0 0 0 3 0 0 1425 1426In addition, each Channel Bond interface has its own directory. For 1427example, the bond0 device will have a directory called /proc/net/bond0/. 1428It will contain information that is specific to that bond, such as the 1429current slaves of the bond, the link status of the slaves, and how 1430many times the slaves link has failed. 1431 14321.4 SCSI info 1433------------- 1434 1435If you have a SCSI or ATA host adapter in your system, you'll find a 1436subdirectory named after the driver for this adapter in /proc/scsi. 1437You'll also see a list of all recognized SCSI devices in /proc/scsi:: 1438 1439 >cat /proc/scsi/scsi 1440 Attached devices: 1441 Host: scsi0 Channel: 00 Id: 00 Lun: 00 1442 Vendor: IBM Model: DGHS09U Rev: 03E0 1443 Type: Direct-Access ANSI SCSI revision: 03 1444 Host: scsi0 Channel: 00 Id: 06 Lun: 00 1445 Vendor: PIONEER Model: CD-ROM DR-U06S Rev: 1.04 1446 Type: CD-ROM ANSI SCSI revision: 02 1447 1448 1449The directory named after the driver has one file for each adapter found in 1450the system. These files contain information about the controller, including 1451the used IRQ and the IO address range. The amount of information shown is 1452dependent on the adapter you use. The example shows the output for an Adaptec 1453AHA-2940 SCSI adapter:: 1454 1455 > cat /proc/scsi/aic7xxx/0 1456 1457 Adaptec AIC7xxx driver version: 5.1.19/3.2.4 1458 Compile Options: 1459 TCQ Enabled By Default : Disabled 1460 AIC7XXX_PROC_STATS : Disabled 1461 AIC7XXX_RESET_DELAY : 5 1462 Adapter Configuration: 1463 SCSI Adapter: Adaptec AHA-294X Ultra SCSI host adapter 1464 Ultra Wide Controller 1465 PCI MMAPed I/O Base: 0xeb001000 1466 Adapter SEEPROM Config: SEEPROM found and used. 1467 Adaptec SCSI BIOS: Enabled 1468 IRQ: 10 1469 SCBs: Active 0, Max Active 2, 1470 Allocated 15, HW 16, Page 255 1471 Interrupts: 160328 1472 BIOS Control Word: 0x18b6 1473 Adapter Control Word: 0x005b 1474 Extended Translation: Enabled 1475 Disconnect Enable Flags: 0xffff 1476 Ultra Enable Flags: 0x0001 1477 Tag Queue Enable Flags: 0x0000 1478 Ordered Queue Tag Flags: 0x0000 1479 Default Tag Queue Depth: 8 1480 Tagged Queue By Device array for aic7xxx host instance 0: 1481 {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255} 1482 Actual queue depth per device for aic7xxx host instance 0: 1483 {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1} 1484 Statistics: 1485 (scsi0:0:0:0) 1486 Device using Wide/Sync transfers at 40.0 MByte/sec, offset 8 1487 Transinfo settings: current(12/8/1/0), goal(12/8/1/0), user(12/15/1/0) 1488 Total transfers 160151 (74577 reads and 85574 writes) 1489 (scsi0:0:6:0) 1490 Device using Narrow/Sync transfers at 5.0 MByte/sec, offset 15 1491 Transinfo settings: current(50/15/0/0), goal(50/15/0/0), user(50/15/0/0) 1492 Total transfers 0 (0 reads and 0 writes) 1493 1494 14951.5 Parallel port info in /proc/parport 1496--------------------------------------- 1497 1498The directory /proc/parport contains information about the parallel ports of 1499your system. It has one subdirectory for each port, named after the port 1500number (0,1,2,...). 1501 1502These directories contain the four files shown in Table 1-10. 1503 1504 1505.. table:: Table 1-10: Files in /proc/parport 1506 1507 ========= ==================================================================== 1508 File Content 1509 ========= ==================================================================== 1510 autoprobe Any IEEE-1284 device ID information that has been acquired. 1511 devices list of the device drivers using that port. A + will appear by the 1512 name of the device currently using the port (it might not appear 1513 against any). 1514 hardware Parallel port's base address, IRQ line and DMA channel. 1515 irq IRQ that parport is using for that port. This is in a separate 1516 file to allow you to alter it by writing a new value in (IRQ 1517 number or none). 1518 ========= ==================================================================== 1519 15201.6 TTY info in /proc/tty 1521------------------------- 1522 1523Information about the available and actually used tty's can be found in the 1524directory /proc/tty. You'll find entries for drivers and line disciplines in 1525this directory, as shown in Table 1-11. 1526 1527 1528.. table:: Table 1-11: Files in /proc/tty 1529 1530 ============= ============================================== 1531 File Content 1532 ============= ============================================== 1533 drivers list of drivers and their usage 1534 ldiscs registered line disciplines 1535 driver/serial usage statistic and status of single tty lines 1536 ============= ============================================== 1537 1538To see which tty's are currently in use, you can simply look into the file 1539/proc/tty/drivers:: 1540 1541 > cat /proc/tty/drivers 1542 pty_slave /dev/pts 136 0-255 pty:slave 1543 pty_master /dev/ptm 128 0-255 pty:master 1544 pty_slave /dev/ttyp 3 0-255 pty:slave 1545 pty_master /dev/pty 2 0-255 pty:master 1546 serial /dev/cua 5 64-67 serial:callout 1547 serial /dev/ttyS 4 64-67 serial 1548 /dev/tty0 /dev/tty0 4 0 system:vtmaster 1549 /dev/ptmx /dev/ptmx 5 2 system 1550 /dev/console /dev/console 5 1 system:console 1551 /dev/tty /dev/tty 5 0 system:/dev/tty 1552 unknown /dev/tty 4 1-63 console 1553 1554 15551.7 Miscellaneous kernel statistics in /proc/stat 1556------------------------------------------------- 1557 1558Various pieces of information about kernel activity are available in the 1559/proc/stat file. All of the numbers reported in this file are aggregates 1560since the system first booted. For a quick look, simply cat the file:: 1561 1562 > cat /proc/stat 1563 cpu 237902850 368826709 106375398 1873517540 1135548 0 14507935 0 0 0 1564 cpu0 60045249 91891769 26331539 468411416 495718 0 5739640 0 0 0 1565 cpu1 59746288 91759249 26609887 468860630 312281 0 4384817 0 0 0 1566 cpu2 59489247 92985423 26904446 467808813 171668 0 2268998 0 0 0 1567 cpu3 58622065 92190267 26529524 468436680 155879 0 2114478 0 0 0 1568 intr 8688370575 8 3373 0 0 0 0 0 0 1 40791 0 0 353317 0 0 0 0 224789828 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 190974333 41958554 123983334 43 0 224593 0 0 0 <more 0's deleted> 1569 ctxt 22848221062 1570 btime 1605316999 1571 processes 746787147 1572 procs_running 2 1573 procs_blocked 0 1574 softirq 12121874454 100099120 3938138295 127375644 2795979 187870761 0 173808342 3072582055 52608 224184354 1575 1576The very first "cpu" line aggregates the numbers in all of the other "cpuN" 1577lines. These numbers identify the amount of time the CPU has spent performing 1578different kinds of work. Time units are in USER_HZ (typically hundredths of a 1579second). The meanings of the columns are as follows, from left to right: 1580 1581- user: normal processes executing in user mode 1582- nice: niced processes executing in user mode 1583- system: processes executing in kernel mode 1584- idle: twiddling thumbs 1585- iowait: In a word, iowait stands for waiting for I/O to complete. But there 1586 are several problems: 1587 1588 1. CPU will not wait for I/O to complete, iowait is the time that a task is 1589 waiting for I/O to complete. When CPU goes into idle state for 1590 outstanding task I/O, another task will be scheduled on this CPU. 1591 2. In a multi-core CPU, the task waiting for I/O to complete is not running 1592 on any CPU, so the iowait of each CPU is difficult to calculate. 1593 3. The value of iowait field in /proc/stat will decrease in certain 1594 conditions. 1595 1596 So, the iowait is not reliable by reading from /proc/stat. 1597- irq: servicing interrupts 1598- softirq: servicing softirqs 1599- steal: involuntary wait 1600- guest: running a normal guest 1601- guest_nice: running a niced guest 1602 1603The "intr" line gives counts of interrupts serviced since boot time, for each 1604of the possible system interrupts. The first column is the total of all 1605interrupts serviced including unnumbered architecture specific interrupts; 1606each subsequent column is the total for that particular numbered interrupt. 1607Unnumbered interrupts are not shown, only summed into the total. 1608 1609The "ctxt" line gives the total number of context switches across all CPUs. 1610 1611The "btime" line gives the time at which the system booted, in seconds since 1612the Unix epoch. 1613 1614The "processes" line gives the number of processes and threads created, which 1615includes (but is not limited to) those created by calls to the fork() and 1616clone() system calls. 1617 1618The "procs_running" line gives the total number of threads that are 1619running or ready to run (i.e., the total number of runnable threads). 1620 1621The "procs_blocked" line gives the number of processes currently blocked, 1622waiting for I/O to complete. 1623 1624The "softirq" line gives counts of softirqs serviced since boot time, for each 1625of the possible system softirqs. The first column is the total of all 1626softirqs serviced; each subsequent column is the total for that particular 1627softirq. 1628 1629 16301.8 Ext4 file system parameters 1631------------------------------- 1632 1633Information about mounted ext4 file systems can be found in 1634/proc/fs/ext4. Each mounted filesystem will have a directory in 1635/proc/fs/ext4 based on its device name (i.e., /proc/fs/ext4/hdc or 1636/proc/fs/ext4/sda9 or /proc/fs/ext4/dm-0). The files in each per-device 1637directory are shown in Table 1-12, below. 1638 1639.. table:: Table 1-12: Files in /proc/fs/ext4/<devname> 1640 1641 ============== ========================================================== 1642 File Content 1643 mb_groups details of multiblock allocator buddy cache of free blocks 1644 ============== ========================================================== 1645 16461.9 /proc/consoles 1647------------------- 1648Shows registered system console lines. 1649 1650To see which character device lines are currently used for the system console 1651/dev/console, you may simply look into the file /proc/consoles:: 1652 1653 > cat /proc/consoles 1654 tty0 -WU (ECp) 4:7 1655 ttyS0 -W- (Ep) 4:64 1656 1657The columns are: 1658 1659+--------------------+-------------------------------------------------------+ 1660| device | name of the device | 1661+====================+=======================================================+ 1662| operations | * R = can do read operations | 1663| | * W = can do write operations | 1664| | * U = can do unblank | 1665+--------------------+-------------------------------------------------------+ 1666| flags | * E = it is enabled | 1667| | * C = it is preferred console | 1668| | * B = it is primary boot console | 1669| | * p = it is used for printk buffer | 1670| | * b = it is not a TTY but a Braille device | 1671| | * a = it is safe to use when cpu is offline | 1672+--------------------+-------------------------------------------------------+ 1673| major:minor | major and minor number of the device separated by a | 1674| | colon | 1675+--------------------+-------------------------------------------------------+ 1676 1677Summary 1678------- 1679 1680The /proc file system serves information about the running system. It not only 1681allows access to process data but also allows you to request the kernel status 1682by reading files in the hierarchy. 1683 1684The directory structure of /proc reflects the types of information and makes 1685it easy, if not obvious, where to look for specific data. 1686 1687Chapter 2: Modifying System Parameters 1688====================================== 1689 1690In This Chapter 1691--------------- 1692 1693* Modifying kernel parameters by writing into files found in /proc/sys 1694* Exploring the files which modify certain parameters 1695* Review of the /proc/sys file tree 1696 1697------------------------------------------------------------------------------ 1698 1699A very interesting part of /proc is the directory /proc/sys. This is not only 1700a source of information, it also allows you to change parameters within the 1701kernel. Be very careful when attempting this. You can optimize your system, 1702but you can also cause it to crash. Never alter kernel parameters on a 1703production system. Set up a development machine and test to make sure that 1704everything works the way you want it to. You may have no alternative but to 1705reboot the machine once an error has been made. 1706 1707To change a value, simply echo the new value into the file. 1708You need to be root to do this. You can create your own boot script 1709to perform this every time your system boots. 1710 1711The files in /proc/sys can be used to fine tune and monitor miscellaneous and 1712general things in the operation of the Linux kernel. Since some of the files 1713can inadvertently disrupt your system, it is advisable to read both 1714documentation and source before actually making adjustments. In any case, be 1715very careful when writing to any of these files. The entries in /proc may 1716change slightly between the 2.1.* and the 2.2 kernel, so if there is any doubt 1717review the kernel documentation in the directory linux/Documentation. 1718This chapter is heavily based on the documentation included in the pre 2.2 1719kernels, and became part of it in version 2.2.1 of the Linux kernel. 1720 1721Please see: Documentation/admin-guide/sysctl/ directory for descriptions of 1722these entries. 1723 1724Summary 1725------- 1726 1727Certain aspects of kernel behavior can be modified at runtime, without the 1728need to recompile the kernel, or even to reboot the system. The files in the 1729/proc/sys tree can not only be read, but also modified. You can use the echo 1730command to write value into these files, thereby changing the default settings 1731of the kernel. 1732 1733 1734Chapter 3: Per-process Parameters 1735================================= 1736 17373.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj- Adjust the oom-killer score 1738-------------------------------------------------------------------------------- 1739 1740These files can be used to adjust the badness heuristic used to select which 1741process gets killed in out of memory (oom) conditions. 1742 1743The badness heuristic assigns a value to each candidate task ranging from 0 1744(never kill) to 1000 (always kill) to determine which process is targeted. The 1745units are roughly a proportion along that range of allowed memory the process 1746may allocate from based on an estimation of its current memory and swap use. 1747For example, if a task is using all allowed memory, its badness score will be 17481000. If it is using half of its allowed memory, its score will be 500. 1749 1750The amount of "allowed" memory depends on the context in which the oom killer 1751was called. If it is due to the memory assigned to the allocating task's cpuset 1752being exhausted, the allowed memory represents the set of mems assigned to that 1753cpuset. If it is due to a mempolicy's node(s) being exhausted, the allowed 1754memory represents the set of mempolicy nodes. If it is due to a memory 1755limit (or swap limit) being reached, the allowed memory is that configured 1756limit. Finally, if it is due to the entire system being out of memory, the 1757allowed memory represents all allocatable resources. 1758 1759The value of /proc/<pid>/oom_score_adj is added to the badness score before it 1760is used to determine which task to kill. Acceptable values range from -1000 1761(OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows userspace to 1762polarize the preference for oom killing either by always preferring a certain 1763task or completely disabling it. The lowest possible value, -1000, is 1764equivalent to disabling oom killing entirely for that task since it will always 1765report a badness score of 0. 1766 1767Consequently, it is very simple for userspace to define the amount of memory to 1768consider for each task. Setting a /proc/<pid>/oom_score_adj value of +500, for 1769example, is roughly equivalent to allowing the remainder of tasks sharing the 1770same system, cpuset, mempolicy, or memory controller resources to use at least 177150% more memory. A value of -500, on the other hand, would be roughly 1772equivalent to discounting 50% of the task's allowed memory from being considered 1773as scoring against the task. 1774 1775For backwards compatibility with previous kernels, /proc/<pid>/oom_adj may also 1776be used to tune the badness score. Its acceptable values range from -16 1777(OOM_ADJUST_MIN) to +15 (OOM_ADJUST_MAX) and a special value of -17 1778(OOM_DISABLE) to disable oom killing entirely for that task. Its value is 1779scaled linearly with /proc/<pid>/oom_score_adj. 1780 1781The value of /proc/<pid>/oom_score_adj may be reduced no lower than the last 1782value set by a CAP_SYS_RESOURCE process. To reduce the value any lower 1783requires CAP_SYS_RESOURCE. 1784 1785 17863.2 /proc/<pid>/oom_score - Display current oom-killer score 1787------------------------------------------------------------- 1788 1789This file can be used to check the current score used by the oom-killer for 1790any given <pid>. Use it together with /proc/<pid>/oom_score_adj to tune which 1791process should be killed in an out-of-memory situation. 1792 1793Please note that the exported value includes oom_score_adj so it is 1794effectively in range [0,2000]. 1795 1796 17973.3 /proc/<pid>/io - Display the IO accounting fields 1798------------------------------------------------------- 1799 1800This file contains IO statistics for each running process. 1801 1802Example 1803~~~~~~~ 1804 1805:: 1806 1807 test:/tmp # dd if=/dev/zero of=/tmp/test.dat & 1808 [1] 3828 1809 1810 test:/tmp # cat /proc/3828/io 1811 rchar: 323934931 1812 wchar: 323929600 1813 syscr: 632687 1814 syscw: 632675 1815 read_bytes: 0 1816 write_bytes: 323932160 1817 cancelled_write_bytes: 0 1818 1819 1820Description 1821~~~~~~~~~~~ 1822 1823rchar 1824^^^^^ 1825 1826I/O counter: chars read 1827The number of bytes which this task has caused to be read from storage. This 1828is simply the sum of bytes which this process passed to read() and pread(). 1829It includes things like tty IO and it is unaffected by whether or not actual 1830physical disk IO was required (the read might have been satisfied from 1831pagecache). 1832 1833 1834wchar 1835^^^^^ 1836 1837I/O counter: chars written 1838The number of bytes which this task has caused, or shall cause to be written 1839to disk. Similar caveats apply here as with rchar. 1840 1841 1842syscr 1843^^^^^ 1844 1845I/O counter: read syscalls 1846Attempt to count the number of read I/O operations, i.e. syscalls like read() 1847and pread(). 1848 1849 1850syscw 1851^^^^^ 1852 1853I/O counter: write syscalls 1854Attempt to count the number of write I/O operations, i.e. syscalls like 1855write() and pwrite(). 1856 1857 1858read_bytes 1859^^^^^^^^^^ 1860 1861I/O counter: bytes read 1862Attempt to count the number of bytes which this process really did cause to 1863be fetched from the storage layer. Done at the submit_bio() level, so it is 1864accurate for block-backed filesystems. <please add status regarding NFS and 1865CIFS at a later time> 1866 1867 1868write_bytes 1869^^^^^^^^^^^ 1870 1871I/O counter: bytes written 1872Attempt to count the number of bytes which this process caused to be sent to 1873the storage layer. This is done at page-dirtying time. 1874 1875 1876cancelled_write_bytes 1877^^^^^^^^^^^^^^^^^^^^^ 1878 1879The big inaccuracy here is truncate. If a process writes 1MB to a file and 1880then deletes the file, it will in fact perform no writeout. But it will have 1881been accounted as having caused 1MB of write. 1882In other words: The number of bytes which this process caused to not happen, 1883by truncating pagecache. A task can cause "negative" IO too. If this task 1884truncates some dirty pagecache, some IO which another task has been accounted 1885for (in its write_bytes) will not be happening. We _could_ just subtract that 1886from the truncating task's write_bytes, but there is information loss in doing 1887that. 1888 1889 1890.. Note:: 1891 1892 At its current implementation state, this is a bit racy on 32-bit machines: 1893 if process A reads process B's /proc/pid/io while process B is updating one 1894 of those 64-bit counters, process A could see an intermediate result. 1895 1896 1897More information about this can be found within the taskstats documentation in 1898Documentation/accounting. 1899 19003.4 /proc/<pid>/coredump_filter - Core dump filtering settings 1901--------------------------------------------------------------- 1902When a process is dumped, all anonymous memory is written to a core file as 1903long as the size of the core file isn't limited. But sometimes we don't want 1904to dump some memory segments, for example, huge shared memory or DAX. 1905Conversely, sometimes we want to save file-backed memory segments into a core 1906file, not only the individual files. 1907 1908/proc/<pid>/coredump_filter allows you to customize which memory segments 1909will be dumped when the <pid> process is dumped. coredump_filter is a bitmask 1910of memory types. If a bit of the bitmask is set, memory segments of the 1911corresponding memory type are dumped, otherwise they are not dumped. 1912 1913The following 9 memory types are supported: 1914 1915 - (bit 0) anonymous private memory 1916 - (bit 1) anonymous shared memory 1917 - (bit 2) file-backed private memory 1918 - (bit 3) file-backed shared memory 1919 - (bit 4) ELF header pages in file-backed private memory areas (it is 1920 effective only if the bit 2 is cleared) 1921 - (bit 5) hugetlb private memory 1922 - (bit 6) hugetlb shared memory 1923 - (bit 7) DAX private memory 1924 - (bit 8) DAX shared memory 1925 1926 Note that MMIO pages such as frame buffer are never dumped and vDSO pages 1927 are always dumped regardless of the bitmask status. 1928 1929 Note that bits 0-4 don't affect hugetlb or DAX memory. hugetlb memory is 1930 only affected by bit 5-6, and DAX is only affected by bits 7-8. 1931 1932The default value of coredump_filter is 0x33; this means all anonymous memory 1933segments, ELF header pages and hugetlb private memory are dumped. 1934 1935If you don't want to dump all shared memory segments attached to pid 1234, 1936write 0x31 to the process's proc file:: 1937 1938 $ echo 0x31 > /proc/1234/coredump_filter 1939 1940When a new process is created, the process inherits the bitmask status from its 1941parent. It is useful to set up coredump_filter before the program runs. 1942For example:: 1943 1944 $ echo 0x7 > /proc/self/coredump_filter 1945 $ ./some_program 1946 19473.5 /proc/<pid>/mountinfo - Information about mounts 1948-------------------------------------------------------- 1949 1950This file contains lines of the form:: 1951 1952 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue 1953 (1)(2)(3) (4) (5) (6) (n…m) (m+1)(m+2) (m+3) (m+4) 1954 1955 (1) mount ID: unique identifier of the mount (may be reused after umount) 1956 (2) parent ID: ID of parent (or of self for the top of the mount tree) 1957 (3) major:minor: value of st_dev for files on filesystem 1958 (4) root: root of the mount within the filesystem 1959 (5) mount point: mount point relative to the process's root 1960 (6) mount options: per mount options 1961 (n…m) optional fields: zero or more fields of the form "tag[:value]" 1962 (m+1) separator: marks the end of the optional fields 1963 (m+2) filesystem type: name of filesystem of the form "type[.subtype]" 1964 (m+3) mount source: filesystem specific information or "none" 1965 (m+4) super options: per super block options 1966 1967Parsers should ignore all unrecognised optional fields. Currently the 1968possible optional fields are: 1969 1970================ ============================================================== 1971shared:X mount is shared in peer group X 1972master:X mount is slave to peer group X 1973propagate_from:X mount is slave and receives propagation from peer group X [#]_ 1974unbindable mount is unbindable 1975================ ============================================================== 1976 1977.. [#] X is the closest dominant peer group under the process's root. If 1978 X is the immediate master of the mount, or if there's no dominant peer 1979 group under the same root, then only the "master:X" field is present 1980 and not the "propagate_from:X" field. 1981 1982For more information on mount propagation see: 1983 1984 Documentation/filesystems/sharedsubtree.rst 1985 1986 19873.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 1988-------------------------------------------------------- 1989These files provide a method to access a task's comm value. It also allows for 1990a task to set its own or one of its thread siblings comm value. The comm value 1991is limited in size compared to the cmdline value, so writing anything longer 1992then the kernel's TASK_COMM_LEN (currently 16 chars, including the NUL 1993terminator) will result in a truncated comm value. 1994 1995 19963.7 /proc/<pid>/task/<tid>/children - Information about task children 1997------------------------------------------------------------------------- 1998This file provides a fast way to retrieve first level children pids 1999of a task pointed by <pid>/<tid> pair. The format is a space separated 2000stream of pids. 2001 2002Note the "first level" here -- if a child has its own children they will 2003not be listed here; one needs to read /proc/<children-pid>/task/<tid>/children 2004to obtain the descendants. 2005 2006Since this interface is intended to be fast and cheap it doesn't 2007guarantee to provide precise results and some children might be 2008skipped, especially if they've exited right after we printed their 2009pids, so one needs to either stop or freeze processes being inspected 2010if precise results are needed. 2011 2012 20133.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 2014--------------------------------------------------------------- 2015This file provides information associated with an opened file. The regular 2016files have at least four fields -- 'pos', 'flags', 'mnt_id' and 'ino'. 2017The 'pos' represents the current offset of the opened file in decimal 2018form [see lseek(2) for details], 'flags' denotes the octal O_xxx mask the 2019file has been created with [see open(2) for details] and 'mnt_id' represents 2020mount ID of the file system containing the opened file [see 3.5 2021/proc/<pid>/mountinfo for details]. 'ino' represents the inode number of 2022the file. 2023 2024A typical output is:: 2025 2026 pos: 0 2027 flags: 0100002 2028 mnt_id: 19 2029 ino: 63107 2030 2031All locks associated with a file descriptor are shown in its fdinfo too:: 2032 2033 lock: 1: FLOCK ADVISORY WRITE 359 00:13:11691 0 EOF 2034 2035The files such as eventfd, fsnotify, signalfd, epoll among the regular pos/flags 2036pair provide additional information particular to the objects they represent. 2037 2038Eventfd files 2039~~~~~~~~~~~~~ 2040 2041:: 2042 2043 pos: 0 2044 flags: 04002 2045 mnt_id: 9 2046 ino: 63107 2047 eventfd-count: 5a 2048 2049where 'eventfd-count' is hex value of a counter. 2050 2051Signalfd files 2052~~~~~~~~~~~~~~ 2053 2054:: 2055 2056 pos: 0 2057 flags: 04002 2058 mnt_id: 9 2059 ino: 63107 2060 sigmask: 0000000000000200 2061 2062where 'sigmask' is hex value of the signal mask associated 2063with a file. 2064 2065Epoll files 2066~~~~~~~~~~~ 2067 2068:: 2069 2070 pos: 0 2071 flags: 02 2072 mnt_id: 9 2073 ino: 63107 2074 tfd: 5 events: 1d data: ffffffffffffffff pos:0 ino:61af sdev:7 2075 2076where 'tfd' is a target file descriptor number in decimal form, 2077'events' is events mask being watched and the 'data' is data 2078associated with a target [see epoll(7) for more details]. 2079 2080The 'pos' is current offset of the target file in decimal form 2081[see lseek(2)], 'ino' and 'sdev' are inode and device numbers 2082where target file resides, all in hex format. 2083 2084Fsnotify files 2085~~~~~~~~~~~~~~ 2086For inotify files the format is the following:: 2087 2088 pos: 0 2089 flags: 02000000 2090 mnt_id: 9 2091 ino: 63107 2092 inotify wd:3 ino:9e7e sdev:800013 mask:800afce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:7e9e0000640d1b6d 2093 2094where 'wd' is a watch descriptor in decimal form, i.e. a target file 2095descriptor number, 'ino' and 'sdev' are inode and device where the 2096target file resides and the 'mask' is the mask of events, all in hex 2097form [see inotify(7) for more details]. 2098 2099If the kernel was built with exportfs support, the path to the target 2100file is encoded as a file handle. The file handle is provided by three 2101fields 'fhandle-bytes', 'fhandle-type' and 'f_handle', all in hex 2102format. 2103 2104If the kernel is built without exportfs support the file handle won't be 2105printed out. 2106 2107If there is no inotify mark attached yet the 'inotify' line will be omitted. 2108 2109For fanotify files the format is:: 2110 2111 pos: 0 2112 flags: 02 2113 mnt_id: 9 2114 ino: 63107 2115 fanotify flags:10 event-flags:0 2116 fanotify mnt_id:12 mflags:40 mask:38 ignored_mask:40000003 2117 fanotify ino:4f969 sdev:800013 mflags:0 mask:3b ignored_mask:40000000 fhandle-bytes:8 fhandle-type:1 f_handle:69f90400c275b5b4 2118 2119where fanotify 'flags' and 'event-flags' are values used in fanotify_init 2120call, 'mnt_id' is the mount point identifier, 'mflags' is the value of 2121flags associated with mark which are tracked separately from events 2122mask. 'ino' and 'sdev' are target inode and device, 'mask' is the events 2123mask and 'ignored_mask' is the mask of events which are to be ignored. 2124All are in hex format. Incorporation of 'mflags', 'mask' and 'ignored_mask' 2125provide information about flags and mask used in fanotify_mark 2126call [see fsnotify manpage for details]. 2127 2128While the first three lines are mandatory and always printed, the rest is 2129optional and may be omitted if no marks created yet. 2130 2131Timerfd files 2132~~~~~~~~~~~~~ 2133 2134:: 2135 2136 pos: 0 2137 flags: 02 2138 mnt_id: 9 2139 ino: 63107 2140 clockid: 0 2141 ticks: 0 2142 settime flags: 01 2143 it_value: (0, 49406829) 2144 it_interval: (1, 0) 2145 2146where 'clockid' is the clock type and 'ticks' is the number of the timer expirations 2147that have occurred [see timerfd_create(2) for details]. 'settime flags' are 2148flags in octal form been used to setup the timer [see timerfd_settime(2) for 2149details]. 'it_value' is remaining time until the timer expiration. 2150'it_interval' is the interval for the timer. Note the timer might be set up 2151with TIMER_ABSTIME option which will be shown in 'settime flags', but 'it_value' 2152still exhibits timer's remaining time. 2153 2154DMA Buffer files 2155~~~~~~~~~~~~~~~~ 2156 2157:: 2158 2159 pos: 0 2160 flags: 04002 2161 mnt_id: 9 2162 ino: 63107 2163 size: 32768 2164 count: 2 2165 exp_name: system-heap 2166 2167where 'size' is the size of the DMA buffer in bytes. 'count' is the file count of 2168the DMA buffer file. 'exp_name' is the name of the DMA buffer exporter. 2169 21703.9 /proc/<pid>/map_files - Information about memory mapped files 2171--------------------------------------------------------------------- 2172This directory contains symbolic links which represent memory mapped files 2173the process is maintaining. Example output:: 2174 2175 | lr-------- 1 root root 64 Jan 27 11:24 333c600000-333c620000 -> /usr/lib64/ld-2.18.so 2176 | lr-------- 1 root root 64 Jan 27 11:24 333c81f000-333c820000 -> /usr/lib64/ld-2.18.so 2177 | lr-------- 1 root root 64 Jan 27 11:24 333c820000-333c821000 -> /usr/lib64/ld-2.18.so 2178 | ... 2179 | lr-------- 1 root root 64 Jan 27 11:24 35d0421000-35d0422000 -> /usr/lib64/libselinux.so.1 2180 | lr-------- 1 root root 64 Jan 27 11:24 400000-41a000 -> /usr/bin/ls 2181 2182The name of a link represents the virtual memory bounds of a mapping, i.e. 2183vm_area_struct::vm_start-vm_area_struct::vm_end. 2184 2185The main purpose of the map_files is to retrieve a set of memory mapped 2186files in a fast way instead of parsing /proc/<pid>/maps or 2187/proc/<pid>/smaps, both of which contain many more records. At the same 2188time one can open(2) mappings from the listings of two processes and 2189comparing their inode numbers to figure out which anonymous memory areas 2190are actually shared. 2191 21923.10 /proc/<pid>/timerslack_ns - Task timerslack value 2193--------------------------------------------------------- 2194This file provides the value of the task's timerslack value in nanoseconds. 2195This value specifies an amount of time that normal timers may be deferred 2196in order to coalesce timers and avoid unnecessary wakeups. 2197 2198This allows a task's interactivity vs power consumption tradeoff to be 2199adjusted. 2200 2201Writing 0 to the file will set the task's timerslack to the default value. 2202 2203Valid values are from 0 - ULLONG_MAX 2204 2205An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level 2206permissions on the task specified to change its timerslack_ns value. 2207 22083.11 /proc/<pid>/patch_state - Livepatch patch operation state 2209----------------------------------------------------------------- 2210When CONFIG_LIVEPATCH is enabled, this file displays the value of the 2211patch state for the task. 2212 2213A value of '-1' indicates that no patch is in transition. 2214 2215A value of '0' indicates that a patch is in transition and the task is 2216unpatched. If the patch is being enabled, then the task hasn't been 2217patched yet. If the patch is being disabled, then the task has already 2218been unpatched. 2219 2220A value of '1' indicates that a patch is in transition and the task is 2221patched. If the patch is being enabled, then the task has already been 2222patched. If the patch is being disabled, then the task hasn't been 2223unpatched yet. 2224 22253.12 /proc/<pid>/arch_status - task architecture specific status 2226------------------------------------------------------------------- 2227When CONFIG_PROC_PID_ARCH_STATUS is enabled, this file displays the 2228architecture specific status of the task. 2229 2230Example 2231~~~~~~~ 2232 2233:: 2234 2235 $ cat /proc/6753/arch_status 2236 AVX512_elapsed_ms: 8 2237 2238Description 2239~~~~~~~~~~~ 2240 2241x86 specific entries 2242~~~~~~~~~~~~~~~~~~~~~ 2243 2244AVX512_elapsed_ms 2245^^^^^^^^^^^^^^^^^^ 2246 2247 If AVX512 is supported on the machine, this entry shows the milliseconds 2248 elapsed since the last time AVX512 usage was recorded. The recording 2249 happens on a best effort basis when a task is scheduled out. This means 2250 that the value depends on two factors: 2251 2252 1) The time which the task spent on the CPU without being scheduled 2253 out. With CPU isolation and a single runnable task this can take 2254 several seconds. 2255 2256 2) The time since the task was scheduled out last. Depending on the 2257 reason for being scheduled out (time slice exhausted, syscall ...) 2258 this can be arbitrary long time. 2259 2260 As a consequence the value cannot be considered precise and authoritative 2261 information. The application which uses this information has to be aware 2262 of the overall scenario on the system in order to determine whether a 2263 task is a real AVX512 user or not. Precise information can be obtained 2264 with performance counters. 2265 2266 A special value of '-1' indicates that no AVX512 usage was recorded, thus 2267 the task is unlikely an AVX512 user, but depends on the workload and the 2268 scheduling scenario, it also could be a false negative mentioned above. 2269 22703.13 /proc/<pid>/fd - List of symlinks to open files 2271------------------------------------------------------- 2272This directory contains symbolic links which represent open files 2273the process is maintaining. Example output:: 2274 2275 lr-x------ 1 root root 64 Sep 20 17:53 0 -> /dev/null 2276 l-wx------ 1 root root 64 Sep 20 17:53 1 -> /dev/null 2277 lrwx------ 1 root root 64 Sep 20 17:53 10 -> 'socket:[12539]' 2278 lrwx------ 1 root root 64 Sep 20 17:53 11 -> 'socket:[12540]' 2279 lrwx------ 1 root root 64 Sep 20 17:53 12 -> 'socket:[12542]' 2280 2281The number of open files for the process is stored in 'size' member 2282of stat() output for /proc/<pid>/fd for fast access. 2283------------------------------------------------------- 2284 22853.14 /proc/<pid/ksm_stat - Information about the process's ksm status 2286--------------------------------------------------------------------- 2287When CONFIG_KSM is enabled, each process has this file which displays 2288the information of ksm merging status. 2289 2290Example 2291~~~~~~~ 2292 2293:: 2294 2295 / # cat /proc/self/ksm_stat 2296 ksm_rmap_items 0 2297 ksm_zero_pages 0 2298 ksm_merging_pages 0 2299 ksm_process_profit 0 2300 ksm_merge_any: no 2301 ksm_mergeable: no 2302 2303Description 2304~~~~~~~~~~~ 2305 2306ksm_rmap_items 2307^^^^^^^^^^^^^^ 2308 2309The number of ksm_rmap_item structures in use. The structure 2310ksm_rmap_item stores the reverse mapping information for virtual 2311addresses. KSM will generate a ksm_rmap_item for each ksm-scanned page of 2312the process. 2313 2314ksm_zero_pages 2315^^^^^^^^^^^^^^ 2316 2317When /sys/kernel/mm/ksm/use_zero_pages is enabled, it represent how many 2318empty pages are merged with kernel zero pages by KSM. 2319 2320ksm_merging_pages 2321^^^^^^^^^^^^^^^^^ 2322 2323It represents how many pages of this process are involved in KSM merging 2324(not including ksm_zero_pages). It is the same with what 2325/proc/<pid>/ksm_merging_pages shows. 2326 2327ksm_process_profit 2328^^^^^^^^^^^^^^^^^^ 2329 2330The profit that KSM brings (Saved bytes). KSM can save memory by merging 2331identical pages, but also can consume additional memory, because it needs 2332to generate a number of rmap_items to save each scanned page's brief rmap 2333information. Some of these pages may be merged, but some may not be abled 2334to be merged after being checked several times, which are unprofitable 2335memory consumed. 2336 2337ksm_merge_any 2338^^^^^^^^^^^^^ 2339 2340It specifies whether the process's 'mm is added by prctl() into the 2341candidate list of KSM or not, and if KSM scanning is fully enabled at 2342process level. 2343 2344ksm_mergeable 2345^^^^^^^^^^^^^ 2346 2347It specifies whether any VMAs of the process''s mms are currently 2348applicable to KSM. 2349 2350More information about KSM can be found in 2351Documentation/admin-guide/mm/ksm.rst. 2352 2353 2354Chapter 4: Configuring procfs 2355============================= 2356 23574.1 Mount options 2358--------------------- 2359 2360The following mount options are supported: 2361 2362 ========= ======================================================== 2363 hidepid= Set /proc/<pid>/ access mode. 2364 gid= Set the group authorized to learn processes information. 2365 subset= Show only the specified subset of procfs. 2366 ========= ======================================================== 2367 2368hidepid=off or hidepid=0 means classic mode - everybody may access all 2369/proc/<pid>/ directories (default). 2370 2371hidepid=noaccess or hidepid=1 means users may not access any /proc/<pid>/ 2372directories but their own. Sensitive files like cmdline, sched*, status are now 2373protected against other users. This makes it impossible to learn whether any 2374user runs specific program (given the program doesn't reveal itself by its 2375behaviour). As an additional bonus, as /proc/<pid>/cmdline is unaccessible for 2376other users, poorly written programs passing sensitive information via program 2377arguments are now protected against local eavesdroppers. 2378 2379hidepid=invisible or hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be 2380fully invisible to other users. It doesn't mean that it hides a fact whether a 2381process with a specific pid value exists (it can be learned by other means, e.g. 2382by "kill -0 $PID"), but it hides process's uid and gid, which may be learned by 2383stat()'ing /proc/<pid>/ otherwise. It greatly complicates an intruder's task of 2384gathering information about running processes, whether some daemon runs with 2385elevated privileges, whether other user runs some sensitive program, whether 2386other users run any program at all, etc. 2387 2388hidepid=ptraceable or hidepid=4 means that procfs should only contain 2389/proc/<pid>/ directories that the caller can ptrace. 2390 2391gid= defines a group authorized to learn processes information otherwise 2392prohibited by hidepid=. If you use some daemon like identd which needs to learn 2393information about processes information, just add identd to this group. 2394 2395subset=pid hides all top level files and directories in the procfs that 2396are not related to tasks. 2397 2398Chapter 5: Filesystem behavior 2399============================== 2400 2401Originally, before the advent of pid namespace, procfs was a global file 2402system. It means that there was only one procfs instance in the system. 2403 2404When pid namespace was added, a separate procfs instance was mounted in 2405each pid namespace. So, procfs mount options are global among all 2406mountpoints within the same namespace:: 2407 2408 # grep ^proc /proc/mounts 2409 proc /proc proc rw,relatime,hidepid=2 0 0 2410 2411 # strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc 2412 mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 2413 +++ exited with 0 +++ 2414 2415 # grep ^proc /proc/mounts 2416 proc /proc proc rw,relatime,hidepid=2 0 0 2417 proc /tmp/proc proc rw,relatime,hidepid=2 0 0 2418 2419and only after remounting procfs mount options will change at all 2420mountpoints:: 2421 2422 # mount -o remount,hidepid=1 -t proc proc /tmp/proc 2423 2424 # grep ^proc /proc/mounts 2425 proc /proc proc rw,relatime,hidepid=1 0 0 2426 proc /tmp/proc proc rw,relatime,hidepid=1 0 0 2427 2428This behavior is different from the behavior of other filesystems. 2429 2430The new procfs behavior is more like other filesystems. Each procfs mount 2431creates a new procfs instance. Mount options affect own procfs instance. 2432It means that it became possible to have several procfs instances 2433displaying tasks with different filtering options in one pid namespace:: 2434 2435 # mount -o hidepid=invisible -t proc proc /proc 2436 # mount -o hidepid=noaccess -t proc proc /tmp/proc 2437 # grep ^proc /proc/mounts 2438 proc /proc proc rw,relatime,hidepid=invisible 0 0 2439 proc /tmp/proc proc rw,relatime,hidepid=noaccess 0 0 2440