1.. SPDX-License-Identifier: GPL-2.0 2 3==================== 4The /proc Filesystem 5==================== 6 7===================== ======================================= ================ 8/proc/sys Terrehon Bowden <terrehon@pacbell.net>, October 7 1999 9 Bodo Bauer <bb@ricochet.net> 102.4.x update Jorge Nerin <comandante@zaralinux.com> November 14 2000 11move /proc/sys Shen Feng <shen@cn.fujitsu.com> April 1 2009 12fixes/update part 1.1 Stefani Seibold <stefani@seibold.net> June 9 2009 13===================== ======================================= ================ 14 15 16 17.. Table of Contents 18 19 0 Preface 20 0.1 Introduction/Credits 21 0.2 Legal Stuff 22 23 1 Collecting System Information 24 1.1 Process-Specific Subdirectories 25 1.2 Kernel data 26 1.3 IDE devices in /proc/ide 27 1.4 Networking info in /proc/net 28 1.5 SCSI info 29 1.6 Parallel port info in /proc/parport 30 1.7 TTY info in /proc/tty 31 1.8 Miscellaneous kernel statistics in /proc/stat 32 1.9 Ext4 file system parameters 33 34 2 Modifying System Parameters 35 36 3 Per-Process Parameters 37 3.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj - Adjust the oom-killer 38 score 39 3.2 /proc/<pid>/oom_score - Display current oom-killer score 40 3.3 /proc/<pid>/io - Display the IO accounting fields 41 3.4 /proc/<pid>/coredump_filter - Core dump filtering settings 42 3.5 /proc/<pid>/mountinfo - Information about mounts 43 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 44 3.7 /proc/<pid>/task/<tid>/children - Information about task children 45 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 46 3.9 /proc/<pid>/map_files - Information about memory mapped files 47 3.10 /proc/<pid>/timerslack_ns - Task timerslack value 48 3.11 /proc/<pid>/patch_state - Livepatch patch operation state 49 3.12 /proc/<pid>/arch_status - Task architecture specific information 50 3.13 /proc/<pid>/fd - List of symlinks to open files 51 3.14 /proc/<pid/ksm_stat - Information about the process's ksm status. 52 53 4 Configuring procfs 54 4.1 Mount options 55 56 5 Filesystem behavior 57 58Preface 59======= 60 610.1 Introduction/Credits 62------------------------ 63 64This documentation is part of a soon (or so we hope) to be released book on 65the SuSE Linux distribution. As there is no complete documentation for the 66/proc file system and we've used many freely available sources to write these 67chapters, it seems only fair to give the work back to the Linux community. 68This work is based on the 2.2.* kernel version and the upcoming 2.4.*. I'm 69afraid it's still far from complete, but we hope it will be useful. As far as 70we know, it is the first 'all-in-one' document about the /proc file system. It 71is focused on the Intel x86 hardware, so if you are looking for PPC, ARM, 72SPARC, AXP, etc., features, you probably won't find what you are looking for. 73It also only covers IPv4 networking, not IPv6 nor other protocols - sorry. But 74additions and patches are welcome and will be added to this document if you 75mail them to Bodo. 76 77We'd like to thank Alan Cox, Rik van Riel, and Alexey Kuznetsov and a lot of 78other people for help compiling this documentation. We'd also like to extend a 79special thank you to Andi Kleen for documentation, which we relied on heavily 80to create this document, as well as the additional information he provided. 81Thanks to everybody else who contributed source or docs to the Linux kernel 82and helped create a great piece of software... :) 83 84If you have any comments, corrections or additions, please don't hesitate to 85contact Bodo Bauer at bb@ricochet.net. We'll be happy to add them to this 86document. 87 88The latest version of this document is available online at 89https://www.kernel.org/doc/html/latest/filesystems/proc.html 90 91If the above direction does not works for you, you could try the kernel 92mailing list at linux-kernel@vger.kernel.org and/or try to reach me at 93comandante@zaralinux.com. 94 950.2 Legal Stuff 96--------------- 97 98We don't guarantee the correctness of this document, and if you come to us 99complaining about how you screwed up your system because of incorrect 100documentation, we won't feel responsible... 101 102Chapter 1: Collecting System Information 103======================================== 104 105In This Chapter 106--------------- 107* Investigating the properties of the pseudo file system /proc and its 108 ability to provide information on the running Linux system 109* Examining /proc's structure 110* Uncovering various information about the kernel and the processes running 111 on the system 112 113------------------------------------------------------------------------------ 114 115The proc file system acts as an interface to internal data structures in the 116kernel. It can be used to obtain information about the system and to change 117certain kernel parameters at runtime (sysctl). 118 119First, we'll take a look at the read-only parts of /proc. In Chapter 2, we 120show you how you can use /proc/sys to change settings. 121 1221.1 Process-Specific Subdirectories 123----------------------------------- 124 125The directory /proc contains (among other things) one subdirectory for each 126process running on the system, which is named after the process ID (PID). 127 128The link 'self' points to the process reading the file system. Each process 129subdirectory has the entries listed in Table 1-1. 130 131A process can read its own information from /proc/PID/* with no extra 132permissions. When reading /proc/PID/* information for other processes, reading 133process is required to have either CAP_SYS_PTRACE capability with 134PTRACE_MODE_READ access permissions, or, alternatively, CAP_PERFMON 135capability. This applies to all read-only information like `maps`, `environ`, 136`pagemap`, etc. The only exception is `mem` file due to its read-write nature, 137which requires CAP_SYS_PTRACE capabilities with more elevated 138PTRACE_MODE_ATTACH permissions; CAP_PERFMON capability does not grant access 139to /proc/PID/mem for other processes. 140 141Note that an open file descriptor to /proc/<pid> or to any of its 142contained files or subdirectories does not prevent <pid> being reused 143for some other process in the event that <pid> exits. Operations on 144open /proc/<pid> file descriptors corresponding to dead processes 145never act on any new process that the kernel may, through chance, have 146also assigned the process ID <pid>. Instead, operations on these FDs 147usually fail with ESRCH. 148 149.. table:: Table 1-1: Process specific entries in /proc 150 151 ============= =============================================================== 152 File Content 153 ============= =============================================================== 154 clear_refs Clears page referenced bits shown in smaps output 155 cmdline Command line arguments 156 cpu Current and last cpu in which it was executed (2.4)(smp) 157 cwd Link to the current working directory 158 environ Values of environment variables 159 exe Link to the executable of this process 160 fd Directory, which contains all file descriptors 161 maps Memory maps to executables and library files (2.4) 162 mem Memory held by this process 163 root Link to the root directory of this process 164 stat Process status 165 statm Process memory status information 166 status Process status in human readable form 167 wchan Present with CONFIG_KALLSYMS=y: it shows the kernel function 168 symbol the task is blocked in - or "0" if not blocked. 169 pagemap Page table 170 stack Report full stack trace, enable via CONFIG_STACKTRACE 171 smaps An extension based on maps, showing the memory consumption of 172 each mapping and flags associated with it 173 smaps_rollup Accumulated smaps stats for all mappings of the process. This 174 can be derived from smaps, but is faster and more convenient 175 numa_maps An extension based on maps, showing the memory locality and 176 binding policy as well as mem usage (in pages) of each mapping. 177 ============= =============================================================== 178 179For example, to get the status information of a process, all you have to do is 180read the file /proc/PID/status:: 181 182 >cat /proc/self/status 183 Name: cat 184 State: R (running) 185 Tgid: 5452 186 Pid: 5452 187 PPid: 743 188 TracerPid: 0 (2.4) 189 Uid: 501 501 501 501 190 Gid: 100 100 100 100 191 FDSize: 256 192 Groups: 100 14 16 193 Kthread: 0 194 VmPeak: 5004 kB 195 VmSize: 5004 kB 196 VmLck: 0 kB 197 VmHWM: 476 kB 198 VmRSS: 476 kB 199 RssAnon: 352 kB 200 RssFile: 120 kB 201 RssShmem: 4 kB 202 VmData: 156 kB 203 VmStk: 88 kB 204 VmExe: 68 kB 205 VmLib: 1412 kB 206 VmPTE: 20 kb 207 VmSwap: 0 kB 208 HugetlbPages: 0 kB 209 CoreDumping: 0 210 THP_enabled: 1 211 Threads: 1 212 SigQ: 0/28578 213 SigPnd: 0000000000000000 214 ShdPnd: 0000000000000000 215 SigBlk: 0000000000000000 216 SigIgn: 0000000000000000 217 SigCgt: 0000000000000000 218 CapInh: 00000000fffffeff 219 CapPrm: 0000000000000000 220 CapEff: 0000000000000000 221 CapBnd: ffffffffffffffff 222 CapAmb: 0000000000000000 223 NoNewPrivs: 0 224 Seccomp: 0 225 Speculation_Store_Bypass: thread vulnerable 226 SpeculationIndirectBranch: conditional enabled 227 voluntary_ctxt_switches: 0 228 nonvoluntary_ctxt_switches: 1 229 230This shows you nearly the same information you would get if you viewed it with 231the ps command. In fact, ps uses the proc file system to obtain its 232information. But you get a more detailed view of the process by reading the 233file /proc/PID/status. It fields are described in table 1-2. 234 235The statm file contains more detailed information about the process 236memory usage. Its seven fields are explained in Table 1-3. The stat file 237contains detailed information about the process itself. Its fields are 238explained in Table 1-4. 239 240(for SMP CONFIG users) 241 242For making accounting scalable, RSS related information are handled in an 243asynchronous manner and the value may not be very precise. To see a precise 244snapshot of a moment, you can see /proc/<pid>/smaps file and scan page table. 245It's slow but very precise. 246 247.. table:: Table 1-2: Contents of the status fields (as of 4.19) 248 249 ========================== =================================================== 250 Field Content 251 ========================== =================================================== 252 Name filename of the executable 253 Umask file mode creation mask 254 State state (R is running, S is sleeping, D is sleeping 255 in an uninterruptible wait, Z is zombie, 256 T is traced or stopped) 257 Tgid thread group ID 258 Ngid NUMA group ID (0 if none) 259 Pid process id 260 PPid process id of the parent process 261 TracerPid PID of process tracing this process (0 if not, or 262 the tracer is outside of the current pid namespace) 263 Uid Real, effective, saved set, and file system UIDs 264 Gid Real, effective, saved set, and file system GIDs 265 FDSize number of file descriptor slots currently allocated 266 Groups supplementary group list 267 NStgid descendant namespace thread group ID hierarchy 268 NSpid descendant namespace process ID hierarchy 269 NSpgid descendant namespace process group ID hierarchy 270 NSsid descendant namespace session ID hierarchy 271 Kthread kernel thread flag, 1 is yes, 0 is no 272 VmPeak peak virtual memory size 273 VmSize total program size 274 VmLck locked memory size 275 VmPin pinned memory size 276 VmHWM peak resident set size ("high water mark") 277 VmRSS size of memory portions. It contains the three 278 following parts 279 (VmRSS = RssAnon + RssFile + RssShmem) 280 RssAnon size of resident anonymous memory 281 RssFile size of resident file mappings 282 RssShmem size of resident shmem memory (includes SysV shm, 283 mapping of tmpfs and shared anonymous mappings) 284 VmData size of private data segments 285 VmStk size of stack segments 286 VmExe size of text segment 287 VmLib size of shared library code 288 VmPTE size of page table entries 289 VmSwap amount of swap used by anonymous private data 290 (shmem swap usage is not included) 291 HugetlbPages size of hugetlb memory portions 292 CoreDumping process's memory is currently being dumped 293 (killing the process may lead to a corrupted core) 294 THP_enabled process is allowed to use THP (returns 0 when 295 PR_SET_THP_DISABLE is set on the process 296 Threads number of threads 297 SigQ number of signals queued/max. number for queue 298 SigPnd bitmap of pending signals for the thread 299 ShdPnd bitmap of shared pending signals for the process 300 SigBlk bitmap of blocked signals 301 SigIgn bitmap of ignored signals 302 SigCgt bitmap of caught signals 303 CapInh bitmap of inheritable capabilities 304 CapPrm bitmap of permitted capabilities 305 CapEff bitmap of effective capabilities 306 CapBnd bitmap of capabilities bounding set 307 CapAmb bitmap of ambient capabilities 308 NoNewPrivs no_new_privs, like prctl(PR_GET_NO_NEW_PRIV, ...) 309 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...) 310 Speculation_Store_Bypass speculative store bypass mitigation status 311 SpeculationIndirectBranch indirect branch speculation mode 312 Cpus_allowed mask of CPUs on which this process may run 313 Cpus_allowed_list Same as previous, but in "list format" 314 Mems_allowed mask of memory nodes allowed to this process 315 Mems_allowed_list Same as previous, but in "list format" 316 voluntary_ctxt_switches number of voluntary context switches 317 nonvoluntary_ctxt_switches number of non voluntary context switches 318 ========================== =================================================== 319 320 321.. table:: Table 1-3: Contents of the statm fields (as of 2.6.8-rc3) 322 323 ======== =============================== ============================== 324 Field Content 325 ======== =============================== ============================== 326 size total program size (pages) (same as VmSize in status) 327 resident size of memory portions (pages) (same as VmRSS in status) 328 shared number of pages that are shared (i.e. backed by a file, same 329 as RssFile+RssShmem in status) 330 trs number of pages that are 'code' (not including libs; broken, 331 includes data segment) 332 lrs number of pages of library (always 0 on 2.6) 333 drs number of pages of data/stack (including libs; broken, 334 includes library text) 335 dt number of dirty pages (always 0 on 2.6) 336 ======== =============================== ============================== 337 338 339.. table:: Table 1-4: Contents of the stat fields (as of 2.6.30-rc7) 340 341 ============= =============================================================== 342 Field Content 343 ============= =============================================================== 344 pid process id 345 tcomm filename of the executable 346 state state (R is running, S is sleeping, D is sleeping in an 347 uninterruptible wait, Z is zombie, T is traced or stopped) 348 ppid process id of the parent process 349 pgrp pgrp of the process 350 sid session id 351 tty_nr tty the process uses 352 tty_pgrp pgrp of the tty 353 flags task flags 354 min_flt number of minor faults 355 cmin_flt number of minor faults with child's 356 maj_flt number of major faults 357 cmaj_flt number of major faults with child's 358 utime user mode jiffies 359 stime kernel mode jiffies 360 cutime user mode jiffies with child's 361 cstime kernel mode jiffies with child's 362 priority priority level 363 nice nice level 364 num_threads number of threads 365 it_real_value (obsolete, always 0) 366 start_time time the process started after system boot 367 vsize virtual memory size 368 rss resident set memory size 369 rsslim current limit in bytes on the rss 370 start_code address above which program text can run 371 end_code address below which program text can run 372 start_stack address of the start of the main process stack 373 esp current value of ESP 374 eip current value of EIP 375 pending bitmap of pending signals 376 blocked bitmap of blocked signals 377 sigign bitmap of ignored signals 378 sigcatch bitmap of caught signals 379 0 (place holder, used to be the wchan address, 380 use /proc/PID/wchan instead) 381 0 (place holder) 382 0 (place holder) 383 exit_signal signal to send to parent thread on exit 384 task_cpu which CPU the task is scheduled on 385 rt_priority realtime priority 386 policy scheduling policy (man sched_setscheduler) 387 blkio_ticks time spent waiting for block IO 388 gtime guest time of the task in jiffies 389 cgtime guest time of the task children in jiffies 390 start_data address above which program data+bss is placed 391 end_data address below which program data+bss is placed 392 start_brk address above which program heap can be expanded with brk() 393 arg_start address above which program command line is placed 394 arg_end address below which program command line is placed 395 env_start address above which program environment is placed 396 env_end address below which program environment is placed 397 exit_code the thread's exit_code in the form reported by the waitpid 398 system call 399 ============= =============================================================== 400 401The /proc/PID/maps file contains the currently mapped memory regions and 402their access permissions. 403 404The format is:: 405 406 address perms offset dev inode pathname 407 408 08048000-08049000 r-xp 00000000 03:00 8312 /opt/test 409 08049000-0804a000 rw-p 00001000 03:00 8312 /opt/test 410 0804a000-0806b000 rw-p 00000000 00:00 0 [heap] 411 a7cb1000-a7cb2000 ---p 00000000 00:00 0 412 a7cb2000-a7eb2000 rw-p 00000000 00:00 0 413 a7eb2000-a7eb3000 ---p 00000000 00:00 0 414 a7eb3000-a7ed5000 rw-p 00000000 00:00 0 415 a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 416 a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 417 a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 418 a800b000-a800e000 rw-p 00000000 00:00 0 419 a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 420 a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 421 a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 422 a8024000-a8027000 rw-p 00000000 00:00 0 423 a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 424 a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 425 a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 426 aff35000-aff4a000 rw-p 00000000 00:00 0 [stack] 427 ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] 428 429where "address" is the address space in the process that it occupies, "perms" 430is a set of permissions:: 431 432 r = read 433 w = write 434 x = execute 435 s = shared 436 p = private (copy on write) 437 438"offset" is the offset into the mapping, "dev" is the device (major:minor), and 439"inode" is the inode on that device. 0 indicates that no inode is associated 440with the memory region, as the case would be with BSS (uninitialized data). 441The "pathname" shows the name associated file for this mapping. If the mapping 442is not associated with a file: 443 444 =================== =========================================== 445 [heap] the heap of the program 446 [stack] the stack of the main process 447 [vdso] the "virtual dynamic shared object", 448 the kernel system call handler 449 [anon:<name>] a private anonymous mapping that has been 450 named by userspace 451 [anon_shmem:<name>] an anonymous shared memory mapping that has 452 been named by userspace 453 =================== =========================================== 454 455 or if empty, the mapping is anonymous. 456 457Starting with 6.11 kernel, /proc/PID/maps provides an alternative 458ioctl()-based API that gives ability to flexibly and efficiently query and 459filter individual VMAs. This interface is binary and is meant for more 460efficient and easy programmatic use. `struct procmap_query`, defined in 461linux/fs.h UAPI header, serves as an input/output argument to the 462`PROCMAP_QUERY` ioctl() command. See comments in linus/fs.h UAPI header for 463details on query semantics, supported flags, data returned, and general API 464usage information. 465 466The /proc/PID/smaps is an extension based on maps, showing the memory 467consumption for each of the process's mappings. For each mapping (aka Virtual 468Memory Area, or VMA) there is a series of lines such as the following:: 469 470 08048000-080bc000 r-xp 00000000 03:02 13130 /bin/bash 471 472 Size: 1084 kB 473 KernelPageSize: 4 kB 474 MMUPageSize: 4 kB 475 Rss: 892 kB 476 Pss: 374 kB 477 Pss_Dirty: 0 kB 478 Shared_Clean: 892 kB 479 Shared_Dirty: 0 kB 480 Private_Clean: 0 kB 481 Private_Dirty: 0 kB 482 Referenced: 892 kB 483 Anonymous: 0 kB 484 KSM: 0 kB 485 LazyFree: 0 kB 486 AnonHugePages: 0 kB 487 ShmemPmdMapped: 0 kB 488 Shared_Hugetlb: 0 kB 489 Private_Hugetlb: 0 kB 490 Swap: 0 kB 491 SwapPss: 0 kB 492 KernelPageSize: 4 kB 493 MMUPageSize: 4 kB 494 Locked: 0 kB 495 THPeligible: 0 496 VmFlags: rd ex mr mw me dw 497 498The first of these lines shows the same information as is displayed for 499the mapping in /proc/PID/maps. Following lines show the size of the 500mapping (size); the size of each page allocated when backing a VMA 501(KernelPageSize), which is usually the same as the size in the page table 502entries; the page size used by the MMU when backing a VMA (in most cases, 503the same as KernelPageSize); the amount of the mapping that is currently 504resident in RAM (RSS); the process's proportional share of this mapping 505(PSS); and the number of clean and dirty shared and private pages in the 506mapping. 507 508The "proportional set size" (PSS) of a process is the count of pages it has 509in memory, where each page is divided by the number of processes sharing it. 510So if a process has 1000 pages all to itself, and 1000 shared with one other 511process, its PSS will be 1500. "Pss_Dirty" is the portion of PSS which 512consists of dirty pages. ("Pss_Clean" is not included, but it can be 513calculated by subtracting "Pss_Dirty" from "Pss".) 514 515Traditionally, a page is accounted as "private" if it is mapped exactly once, 516and a page is accounted as "shared" when mapped multiple times, even when 517mapped in the same process multiple times. Note that this accounting is 518independent of MAP_SHARED. 519 520In some kernel configurations, the semantics of pages part of a larger 521allocation (e.g., THP) can differ: a page is accounted as "private" if all 522pages part of the corresponding large allocation are *certainly* mapped in the 523same process, even if the page is mapped multiple times in that process. A 524page is accounted as "shared" if any page page of the larger allocation 525is *maybe* mapped in a different process. In some cases, a large allocation 526might be treated as "maybe mapped by multiple processes" even though this 527is no longer the case. 528 529Some kernel configurations do not track the precise number of times a page part 530of a larger allocation is mapped. In this case, when calculating the PSS, the 531average number of mappings per page in this larger allocation might be used 532as an approximation for the number of mappings of a page. The PSS calculation 533will be imprecise in this case. 534 535"Referenced" indicates the amount of memory currently marked as referenced or 536accessed. 537 538"Anonymous" shows the amount of memory that does not belong to any file. Even 539a mapping associated with a file may contain anonymous pages: when MAP_PRIVATE 540and a page is modified, the file page is replaced by a private anonymous copy. 541 542"KSM" reports how many of the pages are KSM pages. Note that KSM-placed zeropages 543are not included, only actual KSM pages. 544 545"LazyFree" shows the amount of memory which is marked by madvise(MADV_FREE). 546The memory isn't freed immediately with madvise(). It's freed in memory 547pressure if the memory is clean. Please note that the printed value might 548be lower than the real value due to optimizations used in the current 549implementation. If this is not desirable please file a bug report. 550 551"AnonHugePages" shows the amount of memory backed by transparent hugepage. 552 553"ShmemPmdMapped" shows the amount of shared (shmem/tmpfs) memory backed by 554huge pages. 555 556"Shared_Hugetlb" and "Private_Hugetlb" show the amounts of memory backed by 557hugetlbfs page which is *not* counted in "RSS" or "PSS" field for historical 558reasons. And these are not included in {Shared,Private}_{Clean,Dirty} field. 559 560"Swap" shows how much would-be-anonymous memory is also used, but out on swap. 561 562For shmem mappings, "Swap" includes also the size of the mapped (and not 563replaced by copy-on-write) part of the underlying shmem object out on swap. 564"SwapPss" shows proportional swap share of this mapping. Unlike "Swap", this 565does not take into account swapped out page of underlying shmem objects. 566"Locked" indicates whether the mapping is locked in memory or not. 567 568"THPeligible" indicates whether the mapping is eligible for allocating 569naturally aligned THP pages of any currently enabled size. 1 if true, 0 570otherwise. 571 572"VmFlags" field deserves a separate description. This member represents the 573kernel flags associated with the particular virtual memory area in two letter 574encoded manner. The codes are the following: 575 576 == ======================================= 577 rd readable 578 wr writeable 579 ex executable 580 sh shared 581 mr may read 582 mw may write 583 me may execute 584 ms may share 585 gd stack segment growns down 586 pf pure PFN range 587 dw disabled write to the mapped file 588 lo pages are locked in memory 589 io memory mapped I/O area 590 sr sequential read advise provided 591 rr random read advise provided 592 dc do not copy area on fork 593 de do not expand area on remapping 594 ac area is accountable 595 nr swap space is not reserved for the area 596 ht area uses huge tlb pages 597 sf synchronous page fault 598 ar architecture specific flag 599 wf wipe on fork 600 dd do not include area into core dump 601 sd soft dirty flag 602 mm mixed map area 603 hg huge page advise flag 604 nh no huge page advise flag 605 mg mergeable advise flag 606 bt arm64 BTI guarded page 607 mt arm64 MTE allocation tags are enabled 608 um userfaultfd missing tracking 609 uw userfaultfd wr-protect tracking 610 ss shadow/guarded control stack page 611 sl sealed 612 == ======================================= 613 614Note that there is no guarantee that every flag and associated mnemonic will 615be present in all further kernel releases. Things get changed, the flags may 616be vanished or the reverse -- new added. Interpretation of their meaning 617might change in future as well. So each consumer of these flags has to 618follow each specific kernel version for the exact semantic. 619 620This file is only present if the CONFIG_MMU kernel configuration option is 621enabled. 622 623Note: reading /proc/PID/maps or /proc/PID/smaps is inherently racy (consistent 624output can be achieved only in the single read call). 625 626This typically manifests when doing partial reads of these files while the 627memory map is being modified. Despite the races, we do provide the following 628guarantees: 629 6301) The mapped addresses never go backwards, which implies no two 631 regions will ever overlap. 6322) If there is something at a given vaddr during the entirety of the 633 life of the smaps/maps walk, there will be some output for it. 634 635The /proc/PID/smaps_rollup file includes the same fields as /proc/PID/smaps, 636but their values are the sums of the corresponding values for all mappings of 637the process. Additionally, it contains these fields: 638 639- Pss_Anon 640- Pss_File 641- Pss_Shmem 642 643They represent the proportional shares of anonymous, file, and shmem pages, as 644described for smaps above. These fields are omitted in smaps since each 645mapping identifies the type (anon, file, or shmem) of all pages it contains. 646Thus all information in smaps_rollup can be derived from smaps, but at a 647significantly higher cost. 648 649The /proc/PID/clear_refs is used to reset the PG_Referenced and ACCESSED/YOUNG 650bits on both physical and virtual pages associated with a process, and the 651soft-dirty bit on pte (see Documentation/admin-guide/mm/soft-dirty.rst 652for details). 653To clear the bits for all the pages associated with the process:: 654 655 > echo 1 > /proc/PID/clear_refs 656 657To clear the bits for the anonymous pages associated with the process:: 658 659 > echo 2 > /proc/PID/clear_refs 660 661To clear the bits for the file mapped pages associated with the process:: 662 663 > echo 3 > /proc/PID/clear_refs 664 665To clear the soft-dirty bit:: 666 667 > echo 4 > /proc/PID/clear_refs 668 669To reset the peak resident set size ("high water mark") to the process's 670current value:: 671 672 > echo 5 > /proc/PID/clear_refs 673 674Any other value written to /proc/PID/clear_refs will have no effect. 675 676The /proc/pid/pagemap gives the PFN, which can be used to find the pageflags 677using /proc/kpageflags and number of times a page is mapped using 678/proc/kpagecount. For detailed explanation, see 679Documentation/admin-guide/mm/pagemap.rst. 680 681The /proc/pid/numa_maps is an extension based on maps, showing the memory 682locality and binding policy, as well as the memory usage (in pages) of 683each mapping. The output follows a general format where mapping details get 684summarized separated by blank spaces, one mapping per each file line:: 685 686 address policy mapping details 687 688 00400000 default file=/usr/local/bin/app mapped=1 active=0 N3=1 kernelpagesize_kB=4 689 00600000 default file=/usr/local/bin/app anon=1 dirty=1 N3=1 kernelpagesize_kB=4 690 3206000000 default file=/lib64/ld-2.12.so mapped=26 mapmax=6 N0=24 N3=2 kernelpagesize_kB=4 691 320621f000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 692 3206220000 default file=/lib64/ld-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 693 3206221000 default anon=1 dirty=1 N3=1 kernelpagesize_kB=4 694 3206800000 default file=/lib64/libc-2.12.so mapped=59 mapmax=21 active=55 N0=41 N3=18 kernelpagesize_kB=4 695 320698b000 default file=/lib64/libc-2.12.so 696 3206b8a000 default file=/lib64/libc-2.12.so anon=2 dirty=2 N3=2 kernelpagesize_kB=4 697 3206b8e000 default file=/lib64/libc-2.12.so anon=1 dirty=1 N3=1 kernelpagesize_kB=4 698 3206b8f000 default anon=3 dirty=3 active=1 N3=3 kernelpagesize_kB=4 699 7f4dc10a2000 default anon=3 dirty=3 N3=3 kernelpagesize_kB=4 700 7f4dc10b4000 default anon=2 dirty=2 active=1 N3=2 kernelpagesize_kB=4 701 7f4dc1200000 default file=/anon_hugepage\040(deleted) huge anon=1 dirty=1 N3=1 kernelpagesize_kB=2048 702 7fff335f0000 default stack anon=3 dirty=3 N3=3 kernelpagesize_kB=4 703 7fff3369d000 default mapped=1 mapmax=35 active=0 N3=1 kernelpagesize_kB=4 704 705Where: 706 707"address" is the starting address for the mapping; 708 709"policy" reports the NUMA memory policy set for the mapping (see Documentation/admin-guide/mm/numa_memory_policy.rst); 710 711"mapping details" summarizes mapping data such as mapping type, page usage counters, 712node locality page counters (N0 == node0, N1 == node1, ...) and the kernel page 713size, in KB, that is backing the mapping up. 714 715Note that some kernel configurations do not track the precise number of times 716a page part of a larger allocation (e.g., THP) is mapped. In these 717configurations, "mapmax" might corresponds to the average number of mappings 718per page in such a larger allocation instead. 719 7201.2 Kernel data 721--------------- 722 723Similar to the process entries, the kernel data files give information about 724the running kernel. The files used to obtain this information are contained in 725/proc and are listed in Table 1-5. Not all of these will be present in your 726system. It depends on the kernel configuration and the loaded modules, which 727files are there, and which are missing. 728 729.. table:: Table 1-5: Kernel info in /proc 730 731 ============ =============================================================== 732 File Content 733 ============ =============================================================== 734 allocinfo Memory allocations profiling information 735 apm Advanced power management info 736 bootconfig Kernel command line obtained from boot config, 737 and, if there were kernel parameters from the 738 boot loader, a "# Parameters from bootloader:" 739 line followed by a line containing those 740 parameters prefixed by "# ". (5.5) 741 buddyinfo Kernel memory allocator information (see text) (2.5) 742 bus Directory containing bus specific information 743 cmdline Kernel command line, both from bootloader and embedded 744 in the kernel image 745 cpuinfo Info about the CPU 746 devices Available devices (block and character) 747 dma Used DMS channels 748 filesystems Supported filesystems 749 driver Various drivers grouped here, currently rtc (2.4) 750 execdomains Execdomains, related to security (2.4) 751 fb Frame Buffer devices (2.4) 752 fs File system parameters, currently nfs/exports (2.4) 753 ide Directory containing info about the IDE subsystem 754 interrupts Interrupt usage 755 iomem Memory map (2.4) 756 ioports I/O port usage 757 irq Masks for irq to cpu affinity (2.4)(smp?) 758 isapnp ISA PnP (Plug&Play) Info (2.4) 759 kcore Kernel core image (can be ELF or A.OUT(deprecated in 2.4)) 760 kmsg Kernel messages 761 ksyms Kernel symbol table 762 loadavg Load average of last 1, 5 & 15 minutes; 763 number of processes currently runnable (running or on ready queue); 764 total number of processes in system; 765 last pid created. 766 All fields are separated by one space except "number of 767 processes currently runnable" and "total number of processes 768 in system", which are separated by a slash ('/'). Example: 769 0.61 0.61 0.55 3/828 22084 770 locks Kernel locks 771 meminfo Memory info 772 misc Miscellaneous 773 modules List of loaded modules 774 mounts Mounted filesystems 775 net Networking info (see text) 776 pagetypeinfo Additional page allocator information (see text) (2.5) 777 partitions Table of partitions known to the system 778 pci Deprecated info of PCI bus (new way -> /proc/bus/pci/, 779 decoupled by lspci (2.4) 780 rtc Real time clock 781 scsi SCSI info (see text) 782 slabinfo Slab pool info 783 softirqs softirq usage 784 stat Overall statistics 785 swaps Swap space utilization 786 sys See chapter 2 787 sysvipc Info of SysVIPC Resources (msg, sem, shm) (2.4) 788 tty Info of tty drivers 789 uptime Wall clock since boot, combined idle time of all cpus 790 version Kernel version 791 video bttv info of video resources (2.4) 792 vmallocinfo Show vmalloced areas 793 ============ =============================================================== 794 795You can, for example, check which interrupts are currently in use and what 796they are used for by looking in the file /proc/interrupts:: 797 798 > cat /proc/interrupts 799 CPU0 800 0: 8728810 XT-PIC timer 801 1: 895 XT-PIC keyboard 802 2: 0 XT-PIC cascade 803 3: 531695 XT-PIC aha152x 804 4: 2014133 XT-PIC serial 805 5: 44401 XT-PIC pcnet_cs 806 8: 2 XT-PIC rtc 807 11: 8 XT-PIC i82365 808 12: 182918 XT-PIC PS/2 Mouse 809 13: 1 XT-PIC fpu 810 14: 1232265 XT-PIC ide0 811 15: 7 XT-PIC ide1 812 NMI: 0 813 814In 2.4.* a couple of lines where added to this file LOC & ERR (this time is the 815output of a SMP machine):: 816 817 > cat /proc/interrupts 818 819 CPU0 CPU1 820 0: 1243498 1214548 IO-APIC-edge timer 821 1: 8949 8958 IO-APIC-edge keyboard 822 2: 0 0 XT-PIC cascade 823 5: 11286 10161 IO-APIC-edge soundblaster 824 8: 1 0 IO-APIC-edge rtc 825 9: 27422 27407 IO-APIC-edge 3c503 826 12: 113645 113873 IO-APIC-edge PS/2 Mouse 827 13: 0 0 XT-PIC fpu 828 14: 22491 24012 IO-APIC-edge ide0 829 15: 2183 2415 IO-APIC-edge ide1 830 17: 30564 30414 IO-APIC-level eth0 831 18: 177 164 IO-APIC-level bttv 832 NMI: 2457961 2457959 833 LOC: 2457882 2457881 834 ERR: 2155 835 836NMI is incremented in this case because every timer interrupt generates a NMI 837(Non Maskable Interrupt) which is used by the NMI Watchdog to detect lockups. 838 839LOC is the local interrupt counter of the internal APIC of every CPU. 840 841ERR is incremented in the case of errors in the IO-APIC bus (the bus that 842connects the CPUs in a SMP system. This means that an error has been detected, 843the IO-APIC automatically retry the transmission, so it should not be a big 844problem, but you should read the SMP-FAQ. 845 846In 2.6.2* /proc/interrupts was expanded again. This time the goal was for 847/proc/interrupts to display every IRQ vector in use by the system, not 848just those considered 'most important'. The new vectors are: 849 850THR 851 interrupt raised when a machine check threshold counter 852 (typically counting ECC corrected errors of memory or cache) exceeds 853 a configurable threshold. Only available on some systems. 854 855TRM 856 a thermal event interrupt occurs when a temperature threshold 857 has been exceeded for the CPU. This interrupt may also be generated 858 when the temperature drops back to normal. 859 860SPU 861 a spurious interrupt is some interrupt that was raised then lowered 862 by some IO device before it could be fully processed by the APIC. Hence 863 the APIC sees the interrupt but does not know what device it came from. 864 For this case the APIC will generate the interrupt with a IRQ vector 865 of 0xff. This might also be generated by chipset bugs. 866 867RES, CAL, TLB 868 rescheduling, call and TLB flush interrupts are 869 sent from one CPU to another per the needs of the OS. Typically, 870 their statistics are used by kernel developers and interested users to 871 determine the occurrence of interrupts of the given type. 872 873The above IRQ vectors are displayed only when relevant. For example, 874the threshold vector does not exist on x86_64 platforms. Others are 875suppressed when the system is a uniprocessor. As of this writing, only 876i386 and x86_64 platforms support the new IRQ vector displays. 877 878Of some interest is the introduction of the /proc/irq directory to 2.4. 879It could be used to set IRQ to CPU affinity. This means that you can "hook" an 880IRQ to only one CPU, or to exclude a CPU of handling IRQs. The contents of the 881irq subdir is one subdir for each IRQ, and two files; default_smp_affinity and 882prof_cpu_mask. 883 884For example:: 885 886 > ls /proc/irq/ 887 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask 888 1 11 13 15 17 19 3 5 7 9 default_smp_affinity 889 > ls /proc/irq/0/ 890 smp_affinity 891 892smp_affinity is a bitmask, in which you can specify which CPUs can handle the 893IRQ. You can set it by doing:: 894 895 > echo 1 > /proc/irq/10/smp_affinity 896 897This means that only the first CPU will handle the IRQ, but you can also echo 8985 which means that only the first and third CPU can handle the IRQ. 899 900The contents of each smp_affinity file is the same by default:: 901 902 > cat /proc/irq/0/smp_affinity 903 ffffffff 904 905There is an alternate interface, smp_affinity_list which allows specifying 906a CPU range instead of a bitmask:: 907 908 > cat /proc/irq/0/smp_affinity_list 909 1024-1031 910 911The default_smp_affinity mask applies to all non-active IRQs, which are the 912IRQs which have not yet been allocated/activated, and hence which lack a 913/proc/irq/[0-9]* directory. 914 915The node file on an SMP system shows the node to which the device using the IRQ 916reports itself as being attached. This hardware locality information does not 917include information about any possible driver locality preference. 918 919prof_cpu_mask specifies which CPUs are to be profiled by the system wide 920profiler. Default value is ffffffff (all CPUs if there are only 32 of them). 921 922The way IRQs are routed is handled by the IO-APIC, and it's Round Robin 923between all the CPUs which are allowed to handle it. As usual the kernel has 924more info than you and does a better job than you, so the defaults are the 925best choice for almost everyone. [Note this applies only to those IO-APIC's 926that support "Round Robin" interrupt distribution.] 927 928There are three more important subdirectories in /proc: net, scsi, and sys. 929The general rule is that the contents, or even the existence of these 930directories, depend on your kernel configuration. If SCSI is not enabled, the 931directory scsi may not exist. The same is true with the net, which is there 932only when networking support is present in the running kernel. 933 934The slabinfo file gives information about memory usage at the slab level. 935Linux uses slab pools for memory management above page level in version 2.2. 936Commonly used objects have their own slab pool (such as network buffers, 937directory cache, and so on). 938 939:: 940 941 > cat /proc/buddyinfo 942 943 Node 0, zone DMA 0 4 5 4 4 3 ... 944 Node 0, zone Normal 1 0 0 1 101 8 ... 945 Node 0, zone HighMem 2 0 0 1 1 0 ... 946 947External fragmentation is a problem under some workloads, and buddyinfo is a 948useful tool for helping diagnose these problems. Buddyinfo will give you a 949clue as to how big an area you can safely allocate, or why a previous 950allocation failed. 951 952Each column represents the number of pages of a certain order which are 953available. In this case, there are 0 chunks of 2^0*PAGE_SIZE available in 954ZONE_DMA, 4 chunks of 2^1*PAGE_SIZE in ZONE_DMA, 101 chunks of 2^4*PAGE_SIZE 955available in ZONE_NORMAL, etc... 956 957More information relevant to external fragmentation can be found in 958pagetypeinfo:: 959 960 > cat /proc/pagetypeinfo 961 Page block order: 9 962 Pages per block: 512 963 964 Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 965 Node 0, zone DMA, type Unmovable 0 0 0 1 1 1 1 1 1 1 0 966 Node 0, zone DMA, type Reclaimable 0 0 0 0 0 0 0 0 0 0 0 967 Node 0, zone DMA, type Movable 1 1 2 1 2 1 1 0 1 0 2 968 Node 0, zone DMA, type Reserve 0 0 0 0 0 0 0 0 0 1 0 969 Node 0, zone DMA, type Isolate 0 0 0 0 0 0 0 0 0 0 0 970 Node 0, zone DMA32, type Unmovable 103 54 77 1 1 1 11 8 7 1 9 971 Node 0, zone DMA32, type Reclaimable 0 0 2 1 0 0 0 0 1 0 0 972 Node 0, zone DMA32, type Movable 169 152 113 91 77 54 39 13 6 1 452 973 Node 0, zone DMA32, type Reserve 1 2 2 2 2 0 1 1 1 1 0 974 Node 0, zone DMA32, type Isolate 0 0 0 0 0 0 0 0 0 0 0 975 976 Number of blocks type Unmovable Reclaimable Movable Reserve Isolate 977 Node 0, zone DMA 2 0 5 1 0 978 Node 0, zone DMA32 41 6 967 2 0 979 980Fragmentation avoidance in the kernel works by grouping pages of different 981migrate types into the same contiguous regions of memory called page blocks. 982A page block is typically the size of the default hugepage size, e.g. 2MB on 983X86-64. By keeping pages grouped based on their ability to move, the kernel 984can reclaim pages within a page block to satisfy a high-order allocation. 985 986The pagetypinfo begins with information on the size of a page block. It 987then gives the same type of information as buddyinfo except broken down 988by migrate-type and finishes with details on how many page blocks of each 989type exist. 990 991If min_free_kbytes has been tuned correctly (recommendations made by hugeadm 992from libhugetlbfs https://github.com/libhugetlbfs/libhugetlbfs/), one can 993make an estimate of the likely number of huge pages that can be allocated 994at a given point in time. All the "Movable" blocks should be allocatable 995unless memory has been mlock()'d. Some of the Reclaimable blocks should 996also be allocatable although a lot of filesystem metadata may have to be 997reclaimed to achieve this. 998 999 1000allocinfo 1001~~~~~~~~~ 1002 1003Provides information about memory allocations at all locations in the code 1004base. Each allocation in the code is identified by its source file, line 1005number, module (if originates from a loadable module) and the function calling 1006the allocation. The number of bytes allocated and number of calls at each 1007location are reported. The first line indicates the version of the file, the 1008second line is the header listing fields in the file. 1009 1010Example output. 1011 1012:: 1013 1014 > tail -n +3 /proc/allocinfo | sort -rn 1015 127664128 31168 mm/page_ext.c:270 func:alloc_page_ext 1016 56373248 4737 mm/slub.c:2259 func:alloc_slab_page 1017 14880768 3633 mm/readahead.c:247 func:page_cache_ra_unbounded 1018 14417920 3520 mm/mm_init.c:2530 func:alloc_large_system_hash 1019 13377536 234 block/blk-mq.c:3421 func:blk_mq_alloc_rqs 1020 11718656 2861 mm/filemap.c:1919 func:__filemap_get_folio 1021 9192960 2800 kernel/fork.c:307 func:alloc_thread_stack_node 1022 4206592 4 net/netfilter/nf_conntrack_core.c:2567 func:nf_ct_alloc_hashtable 1023 4136960 1010 drivers/staging/ctagmod/ctagmod.c:20 [ctagmod] func:ctagmod_start 1024 3940352 962 mm/memory.c:4214 func:alloc_anon_folio 1025 2894464 22613 fs/kernfs/dir.c:615 func:__kernfs_new_node 1026 ... 1027 1028 1029meminfo 1030~~~~~~~ 1031 1032Provides information about distribution and utilization of memory. This 1033varies by architecture and compile options. Some of the counters reported 1034here overlap. The memory reported by the non overlapping counters may not 1035add up to the overall memory usage and the difference for some workloads 1036can be substantial. In many cases there are other means to find out 1037additional memory using subsystem specific interfaces, for instance 1038/proc/net/sockstat for TCP memory allocations. 1039 1040Example output. You may not have all of these fields. 1041 1042:: 1043 1044 > cat /proc/meminfo 1045 1046 MemTotal: 32858820 kB 1047 MemFree: 21001236 kB 1048 MemAvailable: 27214312 kB 1049 Buffers: 581092 kB 1050 Cached: 5587612 kB 1051 SwapCached: 0 kB 1052 Active: 3237152 kB 1053 Inactive: 7586256 kB 1054 Active(anon): 94064 kB 1055 Inactive(anon): 4570616 kB 1056 Active(file): 3143088 kB 1057 Inactive(file): 3015640 kB 1058 Unevictable: 0 kB 1059 Mlocked: 0 kB 1060 SwapTotal: 0 kB 1061 SwapFree: 0 kB 1062 Zswap: 1904 kB 1063 Zswapped: 7792 kB 1064 Dirty: 12 kB 1065 Writeback: 0 kB 1066 AnonPages: 4654780 kB 1067 Mapped: 266244 kB 1068 Shmem: 9976 kB 1069 KReclaimable: 517708 kB 1070 Slab: 660044 kB 1071 SReclaimable: 517708 kB 1072 SUnreclaim: 142336 kB 1073 KernelStack: 11168 kB 1074 PageTables: 20540 kB 1075 SecPageTables: 0 kB 1076 NFS_Unstable: 0 kB 1077 Bounce: 0 kB 1078 WritebackTmp: 0 kB 1079 CommitLimit: 16429408 kB 1080 Committed_AS: 7715148 kB 1081 VmallocTotal: 34359738367 kB 1082 VmallocUsed: 40444 kB 1083 VmallocChunk: 0 kB 1084 Percpu: 29312 kB 1085 EarlyMemtestBad: 0 kB 1086 HardwareCorrupted: 0 kB 1087 AnonHugePages: 4149248 kB 1088 ShmemHugePages: 0 kB 1089 ShmemPmdMapped: 0 kB 1090 FileHugePages: 0 kB 1091 FilePmdMapped: 0 kB 1092 CmaTotal: 0 kB 1093 CmaFree: 0 kB 1094 Unaccepted: 0 kB 1095 Balloon: 0 kB 1096 HugePages_Total: 0 1097 HugePages_Free: 0 1098 HugePages_Rsvd: 0 1099 HugePages_Surp: 0 1100 Hugepagesize: 2048 kB 1101 Hugetlb: 0 kB 1102 DirectMap4k: 401152 kB 1103 DirectMap2M: 10008576 kB 1104 DirectMap1G: 24117248 kB 1105 1106MemTotal 1107 Total usable RAM (i.e. physical RAM minus a few reserved 1108 bits and the kernel binary code) 1109MemFree 1110 Total free RAM. On highmem systems, the sum of LowFree+HighFree 1111MemAvailable 1112 An estimate of how much memory is available for starting new 1113 applications, without swapping. Calculated from MemFree, 1114 SReclaimable, the size of the file LRU lists, and the low 1115 watermarks in each zone. 1116 The estimate takes into account that the system needs some 1117 page cache to function well, and that not all reclaimable 1118 slab will be reclaimable, due to items being in use. The 1119 impact of those factors will vary from system to system. 1120Buffers 1121 Relatively temporary storage for raw disk blocks 1122 shouldn't get tremendously large (20MB or so) 1123Cached 1124 In-memory cache for files read from the disk (the 1125 pagecache) as well as tmpfs & shmem. 1126 Doesn't include SwapCached. 1127SwapCached 1128 Memory that once was swapped out, is swapped back in but 1129 still also is in the swapfile (if memory is needed it 1130 doesn't need to be swapped out AGAIN because it is already 1131 in the swapfile. This saves I/O) 1132Active 1133 Memory that has been used more recently and usually not 1134 reclaimed unless absolutely necessary. 1135Inactive 1136 Memory which has been less recently used. It is more 1137 eligible to be reclaimed for other purposes 1138Unevictable 1139 Memory allocated for userspace which cannot be reclaimed, such 1140 as mlocked pages, ramfs backing pages, secret memfd pages etc. 1141Mlocked 1142 Memory locked with mlock(). 1143HighTotal, HighFree 1144 Highmem is all memory above ~860MB of physical memory. 1145 Highmem areas are for use by userspace programs, or 1146 for the pagecache. The kernel must use tricks to access 1147 this memory, making it slower to access than lowmem. 1148LowTotal, LowFree 1149 Lowmem is memory which can be used for everything that 1150 highmem can be used for, but it is also available for the 1151 kernel's use for its own data structures. Among many 1152 other things, it is where everything from the Slab is 1153 allocated. Bad things happen when you're out of lowmem. 1154SwapTotal 1155 total amount of swap space available 1156SwapFree 1157 Memory which has been evicted from RAM, and is temporarily 1158 on the disk 1159Zswap 1160 Memory consumed by the zswap backend (compressed size) 1161Zswapped 1162 Amount of anonymous memory stored in zswap (original size) 1163Dirty 1164 Memory which is waiting to get written back to the disk 1165Writeback 1166 Memory which is actively being written back to the disk 1167AnonPages 1168 Non-file backed pages mapped into userspace page tables. Note that 1169 some kernel configurations might consider all pages part of a 1170 larger allocation (e.g., THP) as "mapped", as soon as a single 1171 page is mapped. 1172Mapped 1173 files which have been mmapped, such as libraries. Note that some 1174 kernel configurations might consider all pages part of a larger 1175 allocation (e.g., THP) as "mapped", as soon as a single page is 1176 mapped. 1177Shmem 1178 Total memory used by shared memory (shmem) and tmpfs 1179KReclaimable 1180 Kernel allocations that the kernel will attempt to reclaim 1181 under memory pressure. Includes SReclaimable (below), and other 1182 direct allocations with a shrinker. 1183Slab 1184 in-kernel data structures cache 1185SReclaimable 1186 Part of Slab, that might be reclaimed, such as caches 1187SUnreclaim 1188 Part of Slab, that cannot be reclaimed on memory pressure 1189KernelStack 1190 Memory consumed by the kernel stacks of all tasks 1191PageTables 1192 Memory consumed by userspace page tables 1193SecPageTables 1194 Memory consumed by secondary page tables, this currently includes 1195 KVM mmu and IOMMU allocations on x86 and arm64. 1196NFS_Unstable 1197 Always zero. Previous counted pages which had been written to 1198 the server, but has not been committed to stable storage. 1199Bounce 1200 Memory used for block device "bounce buffers" 1201WritebackTmp 1202 Memory used by FUSE for temporary writeback buffers 1203CommitLimit 1204 Based on the overcommit ratio ('vm.overcommit_ratio'), 1205 this is the total amount of memory currently available to 1206 be allocated on the system. This limit is only adhered to 1207 if strict overcommit accounting is enabled (mode 2 in 1208 'vm.overcommit_memory'). 1209 1210 The CommitLimit is calculated with the following formula:: 1211 1212 CommitLimit = ([total RAM pages] - [total huge TLB pages]) * 1213 overcommit_ratio / 100 + [total swap pages] 1214 1215 For example, on a system with 1G of physical RAM and 7G 1216 of swap with a `vm.overcommit_ratio` of 30 it would 1217 yield a CommitLimit of 7.3G. 1218 1219 For more details, see the memory overcommit documentation 1220 in mm/overcommit-accounting. 1221Committed_AS 1222 The amount of memory presently allocated on the system. 1223 The committed memory is a sum of all of the memory which 1224 has been allocated by processes, even if it has not been 1225 "used" by them as of yet. A process which malloc()'s 1G 1226 of memory, but only touches 300M of it will show up as 1227 using 1G. This 1G is memory which has been "committed" to 1228 by the VM and can be used at any time by the allocating 1229 application. With strict overcommit enabled on the system 1230 (mode 2 in 'vm.overcommit_memory'), allocations which would 1231 exceed the CommitLimit (detailed above) will not be permitted. 1232 This is useful if one needs to guarantee that processes will 1233 not fail due to lack of memory once that memory has been 1234 successfully allocated. 1235VmallocTotal 1236 total size of vmalloc virtual address space 1237VmallocUsed 1238 amount of vmalloc area which is used 1239VmallocChunk 1240 largest contiguous block of vmalloc area which is free 1241Percpu 1242 Memory allocated to the percpu allocator used to back percpu 1243 allocations. This stat excludes the cost of metadata. 1244EarlyMemtestBad 1245 The amount of RAM/memory in kB, that was identified as corrupted 1246 by early memtest. If memtest was not run, this field will not 1247 be displayed at all. Size is never rounded down to 0 kB. 1248 That means if 0 kB is reported, you can safely assume 1249 there was at least one pass of memtest and none of the passes 1250 found a single faulty byte of RAM. 1251HardwareCorrupted 1252 The amount of RAM/memory in KB, the kernel identifies as 1253 corrupted. 1254AnonHugePages 1255 Non-file backed huge pages mapped into userspace page tables 1256ShmemHugePages 1257 Memory used by shared memory (shmem) and tmpfs allocated 1258 with huge pages 1259ShmemPmdMapped 1260 Shared memory mapped into userspace with huge pages 1261FileHugePages 1262 Memory used for filesystem data (page cache) allocated 1263 with huge pages 1264FilePmdMapped 1265 Page cache mapped into userspace with huge pages 1266CmaTotal 1267 Memory reserved for the Contiguous Memory Allocator (CMA) 1268CmaFree 1269 Free remaining memory in the CMA reserves 1270Unaccepted 1271 Memory that has not been accepted by the guest 1272Balloon 1273 Memory returned to Host by VM Balloon Drivers 1274HugePages_Total, HugePages_Free, HugePages_Rsvd, HugePages_Surp, Hugepagesize, Hugetlb 1275 See Documentation/admin-guide/mm/hugetlbpage.rst. 1276DirectMap4k, DirectMap2M, DirectMap1G 1277 Breakdown of page table sizes used in the kernel's 1278 identity mapping of RAM 1279 1280vmallocinfo 1281~~~~~~~~~~~ 1282 1283Provides information about vmalloced/vmaped areas. One line per area, 1284containing the virtual address range of the area, size in bytes, 1285caller information of the creator, and optional information depending 1286on the kind of area: 1287 1288 ========== =================================================== 1289 pages=nr number of pages 1290 phys=addr if a physical address was specified 1291 ioremap I/O mapping (ioremap() and friends) 1292 vmalloc vmalloc() area 1293 vmap vmap()ed pages 1294 user VM_USERMAP area 1295 vpages buffer for pages pointers was vmalloced (huge area) 1296 N<node>=nr (Only on NUMA kernels) 1297 Number of pages allocated on memory node <node> 1298 ========== =================================================== 1299 1300:: 1301 1302 > cat /proc/vmallocinfo 1303 0xffffc20000000000-0xffffc20000201000 2101248 alloc_large_system_hash+0x204 ... 1304 /0x2c0 pages=512 vmalloc N0=128 N1=128 N2=128 N3=128 1305 0xffffc20000201000-0xffffc20000302000 1052672 alloc_large_system_hash+0x204 ... 1306 /0x2c0 pages=256 vmalloc N0=64 N1=64 N2=64 N3=64 1307 0xffffc20000302000-0xffffc20000304000 8192 acpi_tb_verify_table+0x21/0x4f... 1308 phys=7fee8000 ioremap 1309 0xffffc20000304000-0xffffc20000307000 12288 acpi_tb_verify_table+0x21/0x4f... 1310 phys=7fee7000 ioremap 1311 0xffffc2000031d000-0xffffc2000031f000 8192 init_vdso_vars+0x112/0x210 1312 0xffffc2000031f000-0xffffc2000032b000 49152 cramfs_uncompress_init+0x2e ... 1313 /0x80 pages=11 vmalloc N0=3 N1=3 N2=2 N3=3 1314 0xffffc2000033a000-0xffffc2000033d000 12288 sys_swapon+0x640/0xac0 ... 1315 pages=2 vmalloc N1=2 1316 0xffffc20000347000-0xffffc2000034c000 20480 xt_alloc_table_info+0xfe ... 1317 /0x130 [x_tables] pages=4 vmalloc N0=4 1318 0xffffffffa0000000-0xffffffffa000f000 61440 sys_init_module+0xc27/0x1d00 ... 1319 pages=14 vmalloc N2=14 1320 0xffffffffa000f000-0xffffffffa0014000 20480 sys_init_module+0xc27/0x1d00 ... 1321 pages=4 vmalloc N1=4 1322 0xffffffffa0014000-0xffffffffa0017000 12288 sys_init_module+0xc27/0x1d00 ... 1323 pages=2 vmalloc N1=2 1324 0xffffffffa0017000-0xffffffffa0022000 45056 sys_init_module+0xc27/0x1d00 ... 1325 pages=10 vmalloc N0=10 1326 1327 1328softirqs 1329~~~~~~~~ 1330 1331Provides counts of softirq handlers serviced since boot time, for each CPU. 1332 1333:: 1334 1335 > cat /proc/softirqs 1336 CPU0 CPU1 CPU2 CPU3 1337 HI: 0 0 0 0 1338 TIMER: 27166 27120 27097 27034 1339 NET_TX: 0 0 0 17 1340 NET_RX: 42 0 0 39 1341 BLOCK: 0 0 107 1121 1342 TASKLET: 0 0 0 290 1343 SCHED: 27035 26983 26971 26746 1344 HRTIMER: 0 0 0 0 1345 RCU: 1678 1769 2178 2250 1346 13471.3 Networking info in /proc/net 1348-------------------------------- 1349 1350The subdirectory /proc/net follows the usual pattern. Table 1-8 shows the 1351additional values you get for IP version 6 if you configure the kernel to 1352support this. Table 1-9 lists the files and their meaning. 1353 1354 1355.. table:: Table 1-8: IPv6 info in /proc/net 1356 1357 ========== ===================================================== 1358 File Content 1359 ========== ===================================================== 1360 udp6 UDP sockets (IPv6) 1361 tcp6 TCP sockets (IPv6) 1362 raw6 Raw device statistics (IPv6) 1363 igmp6 IP multicast addresses, which this host joined (IPv6) 1364 if_inet6 List of IPv6 interface addresses 1365 ipv6_route Kernel routing table for IPv6 1366 rt6_stats Global IPv6 routing tables statistics 1367 sockstat6 Socket statistics (IPv6) 1368 snmp6 Snmp data (IPv6) 1369 ========== ===================================================== 1370 1371.. table:: Table 1-9: Network info in /proc/net 1372 1373 ============= ================================================================ 1374 File Content 1375 ============= ================================================================ 1376 arp Kernel ARP table 1377 dev network devices with statistics 1378 dev_mcast the Layer2 multicast groups a device is listening too 1379 (interface index, label, number of references, number of bound 1380 addresses). 1381 dev_stat network device status 1382 ip_fwchains Firewall chain linkage 1383 ip_fwnames Firewall chain names 1384 ip_masq Directory containing the masquerading tables 1385 ip_masquerade Major masquerading table 1386 netstat Network statistics 1387 raw raw device statistics 1388 route Kernel routing table 1389 rpc Directory containing rpc info 1390 rt_cache Routing cache 1391 snmp SNMP data 1392 sockstat Socket statistics 1393 softnet_stat Per-CPU incoming packets queues statistics of online CPUs 1394 tcp TCP sockets 1395 udp UDP sockets 1396 unix UNIX domain sockets 1397 wireless Wireless interface data (Wavelan etc) 1398 igmp IP multicast addresses, which this host joined 1399 psched Global packet scheduler parameters. 1400 netlink List of PF_NETLINK sockets 1401 ip_mr_vifs List of multicast virtual interfaces 1402 ip_mr_cache List of multicast routing cache 1403 ============= ================================================================ 1404 1405You can use this information to see which network devices are available in 1406your system and how much traffic was routed over those devices:: 1407 1408 > cat /proc/net/dev 1409 Inter-|Receive |[... 1410 face |bytes packets errs drop fifo frame compressed multicast|[... 1411 lo: 908188 5596 0 0 0 0 0 0 [... 1412 ppp0:15475140 20721 410 0 0 410 0 0 [... 1413 eth0: 614530 7085 0 0 0 0 0 1 [... 1414 1415 ...] Transmit 1416 ...] bytes packets errs drop fifo colls carrier compressed 1417 ...] 908188 5596 0 0 0 0 0 0 1418 ...] 1375103 17405 0 0 0 0 0 0 1419 ...] 1703981 5535 0 0 0 3 0 0 1420 1421In addition, each Channel Bond interface has its own directory. For 1422example, the bond0 device will have a directory called /proc/net/bond0/. 1423It will contain information that is specific to that bond, such as the 1424current slaves of the bond, the link status of the slaves, and how 1425many times the slaves link has failed. 1426 14271.4 SCSI info 1428------------- 1429 1430If you have a SCSI or ATA host adapter in your system, you'll find a 1431subdirectory named after the driver for this adapter in /proc/scsi. 1432You'll also see a list of all recognized SCSI devices in /proc/scsi:: 1433 1434 >cat /proc/scsi/scsi 1435 Attached devices: 1436 Host: scsi0 Channel: 00 Id: 00 Lun: 00 1437 Vendor: IBM Model: DGHS09U Rev: 03E0 1438 Type: Direct-Access ANSI SCSI revision: 03 1439 Host: scsi0 Channel: 00 Id: 06 Lun: 00 1440 Vendor: PIONEER Model: CD-ROM DR-U06S Rev: 1.04 1441 Type: CD-ROM ANSI SCSI revision: 02 1442 1443 1444The directory named after the driver has one file for each adapter found in 1445the system. These files contain information about the controller, including 1446the used IRQ and the IO address range. The amount of information shown is 1447dependent on the adapter you use. The example shows the output for an Adaptec 1448AHA-2940 SCSI adapter:: 1449 1450 > cat /proc/scsi/aic7xxx/0 1451 1452 Adaptec AIC7xxx driver version: 5.1.19/3.2.4 1453 Compile Options: 1454 TCQ Enabled By Default : Disabled 1455 AIC7XXX_PROC_STATS : Disabled 1456 AIC7XXX_RESET_DELAY : 5 1457 Adapter Configuration: 1458 SCSI Adapter: Adaptec AHA-294X Ultra SCSI host adapter 1459 Ultra Wide Controller 1460 PCI MMAPed I/O Base: 0xeb001000 1461 Adapter SEEPROM Config: SEEPROM found and used. 1462 Adaptec SCSI BIOS: Enabled 1463 IRQ: 10 1464 SCBs: Active 0, Max Active 2, 1465 Allocated 15, HW 16, Page 255 1466 Interrupts: 160328 1467 BIOS Control Word: 0x18b6 1468 Adapter Control Word: 0x005b 1469 Extended Translation: Enabled 1470 Disconnect Enable Flags: 0xffff 1471 Ultra Enable Flags: 0x0001 1472 Tag Queue Enable Flags: 0x0000 1473 Ordered Queue Tag Flags: 0x0000 1474 Default Tag Queue Depth: 8 1475 Tagged Queue By Device array for aic7xxx host instance 0: 1476 {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255} 1477 Actual queue depth per device for aic7xxx host instance 0: 1478 {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1} 1479 Statistics: 1480 (scsi0:0:0:0) 1481 Device using Wide/Sync transfers at 40.0 MByte/sec, offset 8 1482 Transinfo settings: current(12/8/1/0), goal(12/8/1/0), user(12/15/1/0) 1483 Total transfers 160151 (74577 reads and 85574 writes) 1484 (scsi0:0:6:0) 1485 Device using Narrow/Sync transfers at 5.0 MByte/sec, offset 15 1486 Transinfo settings: current(50/15/0/0), goal(50/15/0/0), user(50/15/0/0) 1487 Total transfers 0 (0 reads and 0 writes) 1488 1489 14901.5 Parallel port info in /proc/parport 1491--------------------------------------- 1492 1493The directory /proc/parport contains information about the parallel ports of 1494your system. It has one subdirectory for each port, named after the port 1495number (0,1,2,...). 1496 1497These directories contain the four files shown in Table 1-10. 1498 1499 1500.. table:: Table 1-10: Files in /proc/parport 1501 1502 ========= ==================================================================== 1503 File Content 1504 ========= ==================================================================== 1505 autoprobe Any IEEE-1284 device ID information that has been acquired. 1506 devices list of the device drivers using that port. A + will appear by the 1507 name of the device currently using the port (it might not appear 1508 against any). 1509 hardware Parallel port's base address, IRQ line and DMA channel. 1510 irq IRQ that parport is using for that port. This is in a separate 1511 file to allow you to alter it by writing a new value in (IRQ 1512 number or none). 1513 ========= ==================================================================== 1514 15151.6 TTY info in /proc/tty 1516------------------------- 1517 1518Information about the available and actually used tty's can be found in the 1519directory /proc/tty. You'll find entries for drivers and line disciplines in 1520this directory, as shown in Table 1-11. 1521 1522 1523.. table:: Table 1-11: Files in /proc/tty 1524 1525 ============= ============================================== 1526 File Content 1527 ============= ============================================== 1528 drivers list of drivers and their usage 1529 ldiscs registered line disciplines 1530 driver/serial usage statistic and status of single tty lines 1531 ============= ============================================== 1532 1533To see which tty's are currently in use, you can simply look into the file 1534/proc/tty/drivers:: 1535 1536 > cat /proc/tty/drivers 1537 pty_slave /dev/pts 136 0-255 pty:slave 1538 pty_master /dev/ptm 128 0-255 pty:master 1539 pty_slave /dev/ttyp 3 0-255 pty:slave 1540 pty_master /dev/pty 2 0-255 pty:master 1541 serial /dev/cua 5 64-67 serial:callout 1542 serial /dev/ttyS 4 64-67 serial 1543 /dev/tty0 /dev/tty0 4 0 system:vtmaster 1544 /dev/ptmx /dev/ptmx 5 2 system 1545 /dev/console /dev/console 5 1 system:console 1546 /dev/tty /dev/tty 5 0 system:/dev/tty 1547 unknown /dev/tty 4 1-63 console 1548 1549 15501.7 Miscellaneous kernel statistics in /proc/stat 1551------------------------------------------------- 1552 1553Various pieces of information about kernel activity are available in the 1554/proc/stat file. All of the numbers reported in this file are aggregates 1555since the system first booted. For a quick look, simply cat the file:: 1556 1557 > cat /proc/stat 1558 cpu 237902850 368826709 106375398 1873517540 1135548 0 14507935 0 0 0 1559 cpu0 60045249 91891769 26331539 468411416 495718 0 5739640 0 0 0 1560 cpu1 59746288 91759249 26609887 468860630 312281 0 4384817 0 0 0 1561 cpu2 59489247 92985423 26904446 467808813 171668 0 2268998 0 0 0 1562 cpu3 58622065 92190267 26529524 468436680 155879 0 2114478 0 0 0 1563 intr 8688370575 8 3373 0 0 0 0 0 0 1 40791 0 0 353317 0 0 0 0 224789828 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 190974333 41958554 123983334 43 0 224593 0 0 0 <more 0's deleted> 1564 ctxt 22848221062 1565 btime 1605316999 1566 processes 746787147 1567 procs_running 2 1568 procs_blocked 0 1569 softirq 12121874454 100099120 3938138295 127375644 2795979 187870761 0 173808342 3072582055 52608 224184354 1570 1571The very first "cpu" line aggregates the numbers in all of the other "cpuN" 1572lines. These numbers identify the amount of time the CPU has spent performing 1573different kinds of work. Time units are in USER_HZ (typically hundredths of a 1574second). The meanings of the columns are as follows, from left to right: 1575 1576- user: normal processes executing in user mode 1577- nice: niced processes executing in user mode 1578- system: processes executing in kernel mode 1579- idle: twiddling thumbs 1580- iowait: In a word, iowait stands for waiting for I/O to complete. But there 1581 are several problems: 1582 1583 1. CPU will not wait for I/O to complete, iowait is the time that a task is 1584 waiting for I/O to complete. When CPU goes into idle state for 1585 outstanding task I/O, another task will be scheduled on this CPU. 1586 2. In a multi-core CPU, the task waiting for I/O to complete is not running 1587 on any CPU, so the iowait of each CPU is difficult to calculate. 1588 3. The value of iowait field in /proc/stat will decrease in certain 1589 conditions. 1590 1591 So, the iowait is not reliable by reading from /proc/stat. 1592- irq: servicing interrupts 1593- softirq: servicing softirqs 1594- steal: involuntary wait 1595- guest: running a normal guest 1596- guest_nice: running a niced guest 1597 1598The "intr" line gives counts of interrupts serviced since boot time, for each 1599of the possible system interrupts. The first column is the total of all 1600interrupts serviced including unnumbered architecture specific interrupts; 1601each subsequent column is the total for that particular numbered interrupt. 1602Unnumbered interrupts are not shown, only summed into the total. 1603 1604The "ctxt" line gives the total number of context switches across all CPUs. 1605 1606The "btime" line gives the time at which the system booted, in seconds since 1607the Unix epoch. 1608 1609The "processes" line gives the number of processes and threads created, which 1610includes (but is not limited to) those created by calls to the fork() and 1611clone() system calls. 1612 1613The "procs_running" line gives the total number of threads that are 1614running or ready to run (i.e., the total number of runnable threads). 1615 1616The "procs_blocked" line gives the number of processes currently blocked, 1617waiting for I/O to complete. 1618 1619The "softirq" line gives counts of softirqs serviced since boot time, for each 1620of the possible system softirqs. The first column is the total of all 1621softirqs serviced; each subsequent column is the total for that particular 1622softirq. 1623 1624 16251.8 Ext4 file system parameters 1626------------------------------- 1627 1628Information about mounted ext4 file systems can be found in 1629/proc/fs/ext4. Each mounted filesystem will have a directory in 1630/proc/fs/ext4 based on its device name (i.e., /proc/fs/ext4/hdc or 1631/proc/fs/ext4/sda9 or /proc/fs/ext4/dm-0). The files in each per-device 1632directory are shown in Table 1-12, below. 1633 1634.. table:: Table 1-12: Files in /proc/fs/ext4/<devname> 1635 1636 ============== ========================================================== 1637 File Content 1638 mb_groups details of multiblock allocator buddy cache of free blocks 1639 ============== ========================================================== 1640 16411.9 /proc/consoles 1642------------------- 1643Shows registered system console lines. 1644 1645To see which character device lines are currently used for the system console 1646/dev/console, you may simply look into the file /proc/consoles:: 1647 1648 > cat /proc/consoles 1649 tty0 -WU (ECp) 4:7 1650 ttyS0 -W- (Ep) 4:64 1651 1652The columns are: 1653 1654+--------------------+-------------------------------------------------------+ 1655| device | name of the device | 1656+====================+=======================================================+ 1657| operations | * R = can do read operations | 1658| | * W = can do write operations | 1659| | * U = can do unblank | 1660+--------------------+-------------------------------------------------------+ 1661| flags | * E = it is enabled | 1662| | * C = it is preferred console | 1663| | * B = it is primary boot console | 1664| | * p = it is used for printk buffer | 1665| | * b = it is not a TTY but a Braille device | 1666| | * a = it is safe to use when cpu is offline | 1667+--------------------+-------------------------------------------------------+ 1668| major:minor | major and minor number of the device separated by a | 1669| | colon | 1670+--------------------+-------------------------------------------------------+ 1671 1672Summary 1673------- 1674 1675The /proc file system serves information about the running system. It not only 1676allows access to process data but also allows you to request the kernel status 1677by reading files in the hierarchy. 1678 1679The directory structure of /proc reflects the types of information and makes 1680it easy, if not obvious, where to look for specific data. 1681 1682Chapter 2: Modifying System Parameters 1683====================================== 1684 1685In This Chapter 1686--------------- 1687 1688* Modifying kernel parameters by writing into files found in /proc/sys 1689* Exploring the files which modify certain parameters 1690* Review of the /proc/sys file tree 1691 1692------------------------------------------------------------------------------ 1693 1694A very interesting part of /proc is the directory /proc/sys. This is not only 1695a source of information, it also allows you to change parameters within the 1696kernel. Be very careful when attempting this. You can optimize your system, 1697but you can also cause it to crash. Never alter kernel parameters on a 1698production system. Set up a development machine and test to make sure that 1699everything works the way you want it to. You may have no alternative but to 1700reboot the machine once an error has been made. 1701 1702To change a value, simply echo the new value into the file. 1703You need to be root to do this. You can create your own boot script 1704to perform this every time your system boots. 1705 1706The files in /proc/sys can be used to fine tune and monitor miscellaneous and 1707general things in the operation of the Linux kernel. Since some of the files 1708can inadvertently disrupt your system, it is advisable to read both 1709documentation and source before actually making adjustments. In any case, be 1710very careful when writing to any of these files. The entries in /proc may 1711change slightly between the 2.1.* and the 2.2 kernel, so if there is any doubt 1712review the kernel documentation in the directory linux/Documentation. 1713This chapter is heavily based on the documentation included in the pre 2.2 1714kernels, and became part of it in version 2.2.1 of the Linux kernel. 1715 1716Please see: Documentation/admin-guide/sysctl/ directory for descriptions of 1717these entries. 1718 1719Summary 1720------- 1721 1722Certain aspects of kernel behavior can be modified at runtime, without the 1723need to recompile the kernel, or even to reboot the system. The files in the 1724/proc/sys tree can not only be read, but also modified. You can use the echo 1725command to write value into these files, thereby changing the default settings 1726of the kernel. 1727 1728 1729Chapter 3: Per-process Parameters 1730================================= 1731 17323.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj- Adjust the oom-killer score 1733-------------------------------------------------------------------------------- 1734 1735These files can be used to adjust the badness heuristic used to select which 1736process gets killed in out of memory (oom) conditions. 1737 1738The badness heuristic assigns a value to each candidate task ranging from 0 1739(never kill) to 1000 (always kill) to determine which process is targeted. The 1740units are roughly a proportion along that range of allowed memory the process 1741may allocate from based on an estimation of its current memory and swap use. 1742For example, if a task is using all allowed memory, its badness score will be 17431000. If it is using half of its allowed memory, its score will be 500. 1744 1745The amount of "allowed" memory depends on the context in which the oom killer 1746was called. If it is due to the memory assigned to the allocating task's cpuset 1747being exhausted, the allowed memory represents the set of mems assigned to that 1748cpuset. If it is due to a mempolicy's node(s) being exhausted, the allowed 1749memory represents the set of mempolicy nodes. If it is due to a memory 1750limit (or swap limit) being reached, the allowed memory is that configured 1751limit. Finally, if it is due to the entire system being out of memory, the 1752allowed memory represents all allocatable resources. 1753 1754The value of /proc/<pid>/oom_score_adj is added to the badness score before it 1755is used to determine which task to kill. Acceptable values range from -1000 1756(OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows userspace to 1757polarize the preference for oom killing either by always preferring a certain 1758task or completely disabling it. The lowest possible value, -1000, is 1759equivalent to disabling oom killing entirely for that task since it will always 1760report a badness score of 0. 1761 1762Consequently, it is very simple for userspace to define the amount of memory to 1763consider for each task. Setting a /proc/<pid>/oom_score_adj value of +500, for 1764example, is roughly equivalent to allowing the remainder of tasks sharing the 1765same system, cpuset, mempolicy, or memory controller resources to use at least 176650% more memory. A value of -500, on the other hand, would be roughly 1767equivalent to discounting 50% of the task's allowed memory from being considered 1768as scoring against the task. 1769 1770For backwards compatibility with previous kernels, /proc/<pid>/oom_adj may also 1771be used to tune the badness score. Its acceptable values range from -16 1772(OOM_ADJUST_MIN) to +15 (OOM_ADJUST_MAX) and a special value of -17 1773(OOM_DISABLE) to disable oom killing entirely for that task. Its value is 1774scaled linearly with /proc/<pid>/oom_score_adj. 1775 1776The value of /proc/<pid>/oom_score_adj may be reduced no lower than the last 1777value set by a CAP_SYS_RESOURCE process. To reduce the value any lower 1778requires CAP_SYS_RESOURCE. 1779 1780 17813.2 /proc/<pid>/oom_score - Display current oom-killer score 1782------------------------------------------------------------- 1783 1784This file can be used to check the current score used by the oom-killer for 1785any given <pid>. Use it together with /proc/<pid>/oom_score_adj to tune which 1786process should be killed in an out-of-memory situation. 1787 1788Please note that the exported value includes oom_score_adj so it is 1789effectively in range [0,2000]. 1790 1791 17923.3 /proc/<pid>/io - Display the IO accounting fields 1793------------------------------------------------------- 1794 1795This file contains IO statistics for each running process. 1796 1797Example 1798~~~~~~~ 1799 1800:: 1801 1802 test:/tmp # dd if=/dev/zero of=/tmp/test.dat & 1803 [1] 3828 1804 1805 test:/tmp # cat /proc/3828/io 1806 rchar: 323934931 1807 wchar: 323929600 1808 syscr: 632687 1809 syscw: 632675 1810 read_bytes: 0 1811 write_bytes: 323932160 1812 cancelled_write_bytes: 0 1813 1814 1815Description 1816~~~~~~~~~~~ 1817 1818rchar 1819^^^^^ 1820 1821I/O counter: chars read 1822The number of bytes which this task has caused to be read from storage. This 1823is simply the sum of bytes which this process passed to read() and pread(). 1824It includes things like tty IO and it is unaffected by whether or not actual 1825physical disk IO was required (the read might have been satisfied from 1826pagecache). 1827 1828 1829wchar 1830^^^^^ 1831 1832I/O counter: chars written 1833The number of bytes which this task has caused, or shall cause to be written 1834to disk. Similar caveats apply here as with rchar. 1835 1836 1837syscr 1838^^^^^ 1839 1840I/O counter: read syscalls 1841Attempt to count the number of read I/O operations, i.e. syscalls like read() 1842and pread(). 1843 1844 1845syscw 1846^^^^^ 1847 1848I/O counter: write syscalls 1849Attempt to count the number of write I/O operations, i.e. syscalls like 1850write() and pwrite(). 1851 1852 1853read_bytes 1854^^^^^^^^^^ 1855 1856I/O counter: bytes read 1857Attempt to count the number of bytes which this process really did cause to 1858be fetched from the storage layer. Done at the submit_bio() level, so it is 1859accurate for block-backed filesystems. <please add status regarding NFS and 1860CIFS at a later time> 1861 1862 1863write_bytes 1864^^^^^^^^^^^ 1865 1866I/O counter: bytes written 1867Attempt to count the number of bytes which this process caused to be sent to 1868the storage layer. This is done at page-dirtying time. 1869 1870 1871cancelled_write_bytes 1872^^^^^^^^^^^^^^^^^^^^^ 1873 1874The big inaccuracy here is truncate. If a process writes 1MB to a file and 1875then deletes the file, it will in fact perform no writeout. But it will have 1876been accounted as having caused 1MB of write. 1877In other words: The number of bytes which this process caused to not happen, 1878by truncating pagecache. A task can cause "negative" IO too. If this task 1879truncates some dirty pagecache, some IO which another task has been accounted 1880for (in its write_bytes) will not be happening. We _could_ just subtract that 1881from the truncating task's write_bytes, but there is information loss in doing 1882that. 1883 1884 1885.. Note:: 1886 1887 At its current implementation state, this is a bit racy on 32-bit machines: 1888 if process A reads process B's /proc/pid/io while process B is updating one 1889 of those 64-bit counters, process A could see an intermediate result. 1890 1891 1892More information about this can be found within the taskstats documentation in 1893Documentation/accounting. 1894 18953.4 /proc/<pid>/coredump_filter - Core dump filtering settings 1896--------------------------------------------------------------- 1897When a process is dumped, all anonymous memory is written to a core file as 1898long as the size of the core file isn't limited. But sometimes we don't want 1899to dump some memory segments, for example, huge shared memory or DAX. 1900Conversely, sometimes we want to save file-backed memory segments into a core 1901file, not only the individual files. 1902 1903/proc/<pid>/coredump_filter allows you to customize which memory segments 1904will be dumped when the <pid> process is dumped. coredump_filter is a bitmask 1905of memory types. If a bit of the bitmask is set, memory segments of the 1906corresponding memory type are dumped, otherwise they are not dumped. 1907 1908The following 9 memory types are supported: 1909 1910 - (bit 0) anonymous private memory 1911 - (bit 1) anonymous shared memory 1912 - (bit 2) file-backed private memory 1913 - (bit 3) file-backed shared memory 1914 - (bit 4) ELF header pages in file-backed private memory areas (it is 1915 effective only if the bit 2 is cleared) 1916 - (bit 5) hugetlb private memory 1917 - (bit 6) hugetlb shared memory 1918 - (bit 7) DAX private memory 1919 - (bit 8) DAX shared memory 1920 1921 Note that MMIO pages such as frame buffer are never dumped and vDSO pages 1922 are always dumped regardless of the bitmask status. 1923 1924 Note that bits 0-4 don't affect hugetlb or DAX memory. hugetlb memory is 1925 only affected by bit 5-6, and DAX is only affected by bits 7-8. 1926 1927The default value of coredump_filter is 0x33; this means all anonymous memory 1928segments, ELF header pages and hugetlb private memory are dumped. 1929 1930If you don't want to dump all shared memory segments attached to pid 1234, 1931write 0x31 to the process's proc file:: 1932 1933 $ echo 0x31 > /proc/1234/coredump_filter 1934 1935When a new process is created, the process inherits the bitmask status from its 1936parent. It is useful to set up coredump_filter before the program runs. 1937For example:: 1938 1939 $ echo 0x7 > /proc/self/coredump_filter 1940 $ ./some_program 1941 19423.5 /proc/<pid>/mountinfo - Information about mounts 1943-------------------------------------------------------- 1944 1945This file contains lines of the form:: 1946 1947 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue 1948 (1)(2)(3) (4) (5) (6) (n…m) (m+1)(m+2) (m+3) (m+4) 1949 1950 (1) mount ID: unique identifier of the mount (may be reused after umount) 1951 (2) parent ID: ID of parent (or of self for the top of the mount tree) 1952 (3) major:minor: value of st_dev for files on filesystem 1953 (4) root: root of the mount within the filesystem 1954 (5) mount point: mount point relative to the process's root 1955 (6) mount options: per mount options 1956 (n…m) optional fields: zero or more fields of the form "tag[:value]" 1957 (m+1) separator: marks the end of the optional fields 1958 (m+2) filesystem type: name of filesystem of the form "type[.subtype]" 1959 (m+3) mount source: filesystem specific information or "none" 1960 (m+4) super options: per super block options 1961 1962Parsers should ignore all unrecognised optional fields. Currently the 1963possible optional fields are: 1964 1965================ ============================================================== 1966shared:X mount is shared in peer group X 1967master:X mount is slave to peer group X 1968propagate_from:X mount is slave and receives propagation from peer group X [#]_ 1969unbindable mount is unbindable 1970================ ============================================================== 1971 1972.. [#] X is the closest dominant peer group under the process's root. If 1973 X is the immediate master of the mount, or if there's no dominant peer 1974 group under the same root, then only the "master:X" field is present 1975 and not the "propagate_from:X" field. 1976 1977For more information on mount propagation see: 1978 1979 Documentation/filesystems/sharedsubtree.rst 1980 1981 19823.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 1983-------------------------------------------------------- 1984These files provide a method to access a task's comm value. It also allows for 1985a task to set its own or one of its thread siblings comm value. The comm value 1986is limited in size compared to the cmdline value, so writing anything longer 1987then the kernel's TASK_COMM_LEN (currently 16 chars, including the NUL 1988terminator) will result in a truncated comm value. 1989 1990 19913.7 /proc/<pid>/task/<tid>/children - Information about task children 1992------------------------------------------------------------------------- 1993This file provides a fast way to retrieve first level children pids 1994of a task pointed by <pid>/<tid> pair. The format is a space separated 1995stream of pids. 1996 1997Note the "first level" here -- if a child has its own children they will 1998not be listed here; one needs to read /proc/<children-pid>/task/<tid>/children 1999to obtain the descendants. 2000 2001Since this interface is intended to be fast and cheap it doesn't 2002guarantee to provide precise results and some children might be 2003skipped, especially if they've exited right after we printed their 2004pids, so one needs to either stop or freeze processes being inspected 2005if precise results are needed. 2006 2007 20083.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 2009--------------------------------------------------------------- 2010This file provides information associated with an opened file. The regular 2011files have at least four fields -- 'pos', 'flags', 'mnt_id' and 'ino'. 2012The 'pos' represents the current offset of the opened file in decimal 2013form [see lseek(2) for details], 'flags' denotes the octal O_xxx mask the 2014file has been created with [see open(2) for details] and 'mnt_id' represents 2015mount ID of the file system containing the opened file [see 3.5 2016/proc/<pid>/mountinfo for details]. 'ino' represents the inode number of 2017the file. 2018 2019A typical output is:: 2020 2021 pos: 0 2022 flags: 0100002 2023 mnt_id: 19 2024 ino: 63107 2025 2026All locks associated with a file descriptor are shown in its fdinfo too:: 2027 2028 lock: 1: FLOCK ADVISORY WRITE 359 00:13:11691 0 EOF 2029 2030The files such as eventfd, fsnotify, signalfd, epoll among the regular pos/flags 2031pair provide additional information particular to the objects they represent. 2032 2033Eventfd files 2034~~~~~~~~~~~~~ 2035 2036:: 2037 2038 pos: 0 2039 flags: 04002 2040 mnt_id: 9 2041 ino: 63107 2042 eventfd-count: 5a 2043 2044where 'eventfd-count' is hex value of a counter. 2045 2046Signalfd files 2047~~~~~~~~~~~~~~ 2048 2049:: 2050 2051 pos: 0 2052 flags: 04002 2053 mnt_id: 9 2054 ino: 63107 2055 sigmask: 0000000000000200 2056 2057where 'sigmask' is hex value of the signal mask associated 2058with a file. 2059 2060Epoll files 2061~~~~~~~~~~~ 2062 2063:: 2064 2065 pos: 0 2066 flags: 02 2067 mnt_id: 9 2068 ino: 63107 2069 tfd: 5 events: 1d data: ffffffffffffffff pos:0 ino:61af sdev:7 2070 2071where 'tfd' is a target file descriptor number in decimal form, 2072'events' is events mask being watched and the 'data' is data 2073associated with a target [see epoll(7) for more details]. 2074 2075The 'pos' is current offset of the target file in decimal form 2076[see lseek(2)], 'ino' and 'sdev' are inode and device numbers 2077where target file resides, all in hex format. 2078 2079Fsnotify files 2080~~~~~~~~~~~~~~ 2081For inotify files the format is the following:: 2082 2083 pos: 0 2084 flags: 02000000 2085 mnt_id: 9 2086 ino: 63107 2087 inotify wd:3 ino:9e7e sdev:800013 mask:800afce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:7e9e0000640d1b6d 2088 2089where 'wd' is a watch descriptor in decimal form, i.e. a target file 2090descriptor number, 'ino' and 'sdev' are inode and device where the 2091target file resides and the 'mask' is the mask of events, all in hex 2092form [see inotify(7) for more details]. 2093 2094If the kernel was built with exportfs support, the path to the target 2095file is encoded as a file handle. The file handle is provided by three 2096fields 'fhandle-bytes', 'fhandle-type' and 'f_handle', all in hex 2097format. 2098 2099If the kernel is built without exportfs support the file handle won't be 2100printed out. 2101 2102If there is no inotify mark attached yet the 'inotify' line will be omitted. 2103 2104For fanotify files the format is:: 2105 2106 pos: 0 2107 flags: 02 2108 mnt_id: 9 2109 ino: 63107 2110 fanotify flags:10 event-flags:0 2111 fanotify mnt_id:12 mflags:40 mask:38 ignored_mask:40000003 2112 fanotify ino:4f969 sdev:800013 mflags:0 mask:3b ignored_mask:40000000 fhandle-bytes:8 fhandle-type:1 f_handle:69f90400c275b5b4 2113 2114where fanotify 'flags' and 'event-flags' are values used in fanotify_init 2115call, 'mnt_id' is the mount point identifier, 'mflags' is the value of 2116flags associated with mark which are tracked separately from events 2117mask. 'ino' and 'sdev' are target inode and device, 'mask' is the events 2118mask and 'ignored_mask' is the mask of events which are to be ignored. 2119All are in hex format. Incorporation of 'mflags', 'mask' and 'ignored_mask' 2120provide information about flags and mask used in fanotify_mark 2121call [see fsnotify manpage for details]. 2122 2123While the first three lines are mandatory and always printed, the rest is 2124optional and may be omitted if no marks created yet. 2125 2126Timerfd files 2127~~~~~~~~~~~~~ 2128 2129:: 2130 2131 pos: 0 2132 flags: 02 2133 mnt_id: 9 2134 ino: 63107 2135 clockid: 0 2136 ticks: 0 2137 settime flags: 01 2138 it_value: (0, 49406829) 2139 it_interval: (1, 0) 2140 2141where 'clockid' is the clock type and 'ticks' is the number of the timer expirations 2142that have occurred [see timerfd_create(2) for details]. 'settime flags' are 2143flags in octal form been used to setup the timer [see timerfd_settime(2) for 2144details]. 'it_value' is remaining time until the timer expiration. 2145'it_interval' is the interval for the timer. Note the timer might be set up 2146with TIMER_ABSTIME option which will be shown in 'settime flags', but 'it_value' 2147still exhibits timer's remaining time. 2148 2149DMA Buffer files 2150~~~~~~~~~~~~~~~~ 2151 2152:: 2153 2154 pos: 0 2155 flags: 04002 2156 mnt_id: 9 2157 ino: 63107 2158 size: 32768 2159 count: 2 2160 exp_name: system-heap 2161 2162where 'size' is the size of the DMA buffer in bytes. 'count' is the file count of 2163the DMA buffer file. 'exp_name' is the name of the DMA buffer exporter. 2164 21653.9 /proc/<pid>/map_files - Information about memory mapped files 2166--------------------------------------------------------------------- 2167This directory contains symbolic links which represent memory mapped files 2168the process is maintaining. Example output:: 2169 2170 | lr-------- 1 root root 64 Jan 27 11:24 333c600000-333c620000 -> /usr/lib64/ld-2.18.so 2171 | lr-------- 1 root root 64 Jan 27 11:24 333c81f000-333c820000 -> /usr/lib64/ld-2.18.so 2172 | lr-------- 1 root root 64 Jan 27 11:24 333c820000-333c821000 -> /usr/lib64/ld-2.18.so 2173 | ... 2174 | lr-------- 1 root root 64 Jan 27 11:24 35d0421000-35d0422000 -> /usr/lib64/libselinux.so.1 2175 | lr-------- 1 root root 64 Jan 27 11:24 400000-41a000 -> /usr/bin/ls 2176 2177The name of a link represents the virtual memory bounds of a mapping, i.e. 2178vm_area_struct::vm_start-vm_area_struct::vm_end. 2179 2180The main purpose of the map_files is to retrieve a set of memory mapped 2181files in a fast way instead of parsing /proc/<pid>/maps or 2182/proc/<pid>/smaps, both of which contain many more records. At the same 2183time one can open(2) mappings from the listings of two processes and 2184comparing their inode numbers to figure out which anonymous memory areas 2185are actually shared. 2186 21873.10 /proc/<pid>/timerslack_ns - Task timerslack value 2188--------------------------------------------------------- 2189This file provides the value of the task's timerslack value in nanoseconds. 2190This value specifies an amount of time that normal timers may be deferred 2191in order to coalesce timers and avoid unnecessary wakeups. 2192 2193This allows a task's interactivity vs power consumption tradeoff to be 2194adjusted. 2195 2196Writing 0 to the file will set the task's timerslack to the default value. 2197 2198Valid values are from 0 - ULLONG_MAX 2199 2200An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level 2201permissions on the task specified to change its timerslack_ns value. 2202 22033.11 /proc/<pid>/patch_state - Livepatch patch operation state 2204----------------------------------------------------------------- 2205When CONFIG_LIVEPATCH is enabled, this file displays the value of the 2206patch state for the task. 2207 2208A value of '-1' indicates that no patch is in transition. 2209 2210A value of '0' indicates that a patch is in transition and the task is 2211unpatched. If the patch is being enabled, then the task hasn't been 2212patched yet. If the patch is being disabled, then the task has already 2213been unpatched. 2214 2215A value of '1' indicates that a patch is in transition and the task is 2216patched. If the patch is being enabled, then the task has already been 2217patched. If the patch is being disabled, then the task hasn't been 2218unpatched yet. 2219 22203.12 /proc/<pid>/arch_status - task architecture specific status 2221------------------------------------------------------------------- 2222When CONFIG_PROC_PID_ARCH_STATUS is enabled, this file displays the 2223architecture specific status of the task. 2224 2225Example 2226~~~~~~~ 2227 2228:: 2229 2230 $ cat /proc/6753/arch_status 2231 AVX512_elapsed_ms: 8 2232 2233Description 2234~~~~~~~~~~~ 2235 2236x86 specific entries 2237~~~~~~~~~~~~~~~~~~~~~ 2238 2239AVX512_elapsed_ms 2240^^^^^^^^^^^^^^^^^^ 2241 2242 If AVX512 is supported on the machine, this entry shows the milliseconds 2243 elapsed since the last time AVX512 usage was recorded. The recording 2244 happens on a best effort basis when a task is scheduled out. This means 2245 that the value depends on two factors: 2246 2247 1) The time which the task spent on the CPU without being scheduled 2248 out. With CPU isolation and a single runnable task this can take 2249 several seconds. 2250 2251 2) The time since the task was scheduled out last. Depending on the 2252 reason for being scheduled out (time slice exhausted, syscall ...) 2253 this can be arbitrary long time. 2254 2255 As a consequence the value cannot be considered precise and authoritative 2256 information. The application which uses this information has to be aware 2257 of the overall scenario on the system in order to determine whether a 2258 task is a real AVX512 user or not. Precise information can be obtained 2259 with performance counters. 2260 2261 A special value of '-1' indicates that no AVX512 usage was recorded, thus 2262 the task is unlikely an AVX512 user, but depends on the workload and the 2263 scheduling scenario, it also could be a false negative mentioned above. 2264 22653.13 /proc/<pid>/fd - List of symlinks to open files 2266------------------------------------------------------- 2267This directory contains symbolic links which represent open files 2268the process is maintaining. Example output:: 2269 2270 lr-x------ 1 root root 64 Sep 20 17:53 0 -> /dev/null 2271 l-wx------ 1 root root 64 Sep 20 17:53 1 -> /dev/null 2272 lrwx------ 1 root root 64 Sep 20 17:53 10 -> 'socket:[12539]' 2273 lrwx------ 1 root root 64 Sep 20 17:53 11 -> 'socket:[12540]' 2274 lrwx------ 1 root root 64 Sep 20 17:53 12 -> 'socket:[12542]' 2275 2276The number of open files for the process is stored in 'size' member 2277of stat() output for /proc/<pid>/fd for fast access. 2278------------------------------------------------------- 2279 22803.14 /proc/<pid/ksm_stat - Information about the process's ksm status 2281--------------------------------------------------------------------- 2282When CONFIG_KSM is enabled, each process has this file which displays 2283the information of ksm merging status. 2284 2285Example 2286~~~~~~~ 2287 2288:: 2289 2290 / # cat /proc/self/ksm_stat 2291 ksm_rmap_items 0 2292 ksm_zero_pages 0 2293 ksm_merging_pages 0 2294 ksm_process_profit 0 2295 ksm_merge_any: no 2296 ksm_mergeable: no 2297 2298Description 2299~~~~~~~~~~~ 2300 2301ksm_rmap_items 2302^^^^^^^^^^^^^^ 2303 2304The number of ksm_rmap_item structures in use. The structure 2305ksm_rmap_item stores the reverse mapping information for virtual 2306addresses. KSM will generate a ksm_rmap_item for each ksm-scanned page of 2307the process. 2308 2309ksm_zero_pages 2310^^^^^^^^^^^^^^ 2311 2312When /sys/kernel/mm/ksm/use_zero_pages is enabled, it represent how many 2313empty pages are merged with kernel zero pages by KSM. 2314 2315ksm_merging_pages 2316^^^^^^^^^^^^^^^^^ 2317 2318It represents how many pages of this process are involved in KSM merging 2319(not including ksm_zero_pages). It is the same with what 2320/proc/<pid>/ksm_merging_pages shows. 2321 2322ksm_process_profit 2323^^^^^^^^^^^^^^^^^^ 2324 2325The profit that KSM brings (Saved bytes). KSM can save memory by merging 2326identical pages, but also can consume additional memory, because it needs 2327to generate a number of rmap_items to save each scanned page's brief rmap 2328information. Some of these pages may be merged, but some may not be abled 2329to be merged after being checked several times, which are unprofitable 2330memory consumed. 2331 2332ksm_merge_any 2333^^^^^^^^^^^^^ 2334 2335It specifies whether the process's 'mm is added by prctl() into the 2336candidate list of KSM or not, and if KSM scanning is fully enabled at 2337process level. 2338 2339ksm_mergeable 2340^^^^^^^^^^^^^ 2341 2342It specifies whether any VMAs of the process''s mms are currently 2343applicable to KSM. 2344 2345More information about KSM can be found in 2346Documentation/admin-guide/mm/ksm.rst. 2347 2348 2349Chapter 4: Configuring procfs 2350============================= 2351 23524.1 Mount options 2353--------------------- 2354 2355The following mount options are supported: 2356 2357 ========= ======================================================== 2358 hidepid= Set /proc/<pid>/ access mode. 2359 gid= Set the group authorized to learn processes information. 2360 subset= Show only the specified subset of procfs. 2361 ========= ======================================================== 2362 2363hidepid=off or hidepid=0 means classic mode - everybody may access all 2364/proc/<pid>/ directories (default). 2365 2366hidepid=noaccess or hidepid=1 means users may not access any /proc/<pid>/ 2367directories but their own. Sensitive files like cmdline, sched*, status are now 2368protected against other users. This makes it impossible to learn whether any 2369user runs specific program (given the program doesn't reveal itself by its 2370behaviour). As an additional bonus, as /proc/<pid>/cmdline is unaccessible for 2371other users, poorly written programs passing sensitive information via program 2372arguments are now protected against local eavesdroppers. 2373 2374hidepid=invisible or hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be 2375fully invisible to other users. It doesn't mean that it hides a fact whether a 2376process with a specific pid value exists (it can be learned by other means, e.g. 2377by "kill -0 $PID"), but it hides process's uid and gid, which may be learned by 2378stat()'ing /proc/<pid>/ otherwise. It greatly complicates an intruder's task of 2379gathering information about running processes, whether some daemon runs with 2380elevated privileges, whether other user runs some sensitive program, whether 2381other users run any program at all, etc. 2382 2383hidepid=ptraceable or hidepid=4 means that procfs should only contain 2384/proc/<pid>/ directories that the caller can ptrace. 2385 2386gid= defines a group authorized to learn processes information otherwise 2387prohibited by hidepid=. If you use some daemon like identd which needs to learn 2388information about processes information, just add identd to this group. 2389 2390subset=pid hides all top level files and directories in the procfs that 2391are not related to tasks. 2392 2393Chapter 5: Filesystem behavior 2394============================== 2395 2396Originally, before the advent of pid namespace, procfs was a global file 2397system. It means that there was only one procfs instance in the system. 2398 2399When pid namespace was added, a separate procfs instance was mounted in 2400each pid namespace. So, procfs mount options are global among all 2401mountpoints within the same namespace:: 2402 2403 # grep ^proc /proc/mounts 2404 proc /proc proc rw,relatime,hidepid=2 0 0 2405 2406 # strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc 2407 mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 2408 +++ exited with 0 +++ 2409 2410 # grep ^proc /proc/mounts 2411 proc /proc proc rw,relatime,hidepid=2 0 0 2412 proc /tmp/proc proc rw,relatime,hidepid=2 0 0 2413 2414and only after remounting procfs mount options will change at all 2415mountpoints:: 2416 2417 # mount -o remount,hidepid=1 -t proc proc /tmp/proc 2418 2419 # grep ^proc /proc/mounts 2420 proc /proc proc rw,relatime,hidepid=1 0 0 2421 proc /tmp/proc proc rw,relatime,hidepid=1 0 0 2422 2423This behavior is different from the behavior of other filesystems. 2424 2425The new procfs behavior is more like other filesystems. Each procfs mount 2426creates a new procfs instance. Mount options affect own procfs instance. 2427It means that it became possible to have several procfs instances 2428displaying tasks with different filtering options in one pid namespace:: 2429 2430 # mount -o hidepid=invisible -t proc proc /proc 2431 # mount -o hidepid=noaccess -t proc proc /tmp/proc 2432 # grep ^proc /proc/mounts 2433 proc /proc proc rw,relatime,hidepid=invisible 0 0 2434 proc /tmp/proc proc rw,relatime,hidepid=noaccess 0 0 2435