1------------------------------------------------------------------------------ 2 T H E /proc F I L E S Y S T E M 3------------------------------------------------------------------------------ 4/proc/sys Terrehon Bowden <terrehon@pacbell.net> October 7 1999 5 Bodo Bauer <bb@ricochet.net> 6 72.4.x update Jorge Nerin <comandante@zaralinux.com> November 14 2000 8move /proc/sys Shen Feng <shen@cn.fujitsu.com> April 1 2009 9------------------------------------------------------------------------------ 10Version 1.3 Kernel version 2.2.12 11 Kernel version 2.4.0-test11-pre4 12------------------------------------------------------------------------------ 13fixes/update part 1.1 Stefani Seibold <stefani@seibold.net> June 9 2009 14 15Table of Contents 16----------------- 17 18 0 Preface 19 0.1 Introduction/Credits 20 0.2 Legal Stuff 21 22 1 Collecting System Information 23 1.1 Process-Specific Subdirectories 24 1.2 Kernel data 25 1.3 IDE devices in /proc/ide 26 1.4 Networking info in /proc/net 27 1.5 SCSI info 28 1.6 Parallel port info in /proc/parport 29 1.7 TTY info in /proc/tty 30 1.8 Miscellaneous kernel statistics in /proc/stat 31 1.9 Ext4 file system parameters 32 33 2 Modifying System Parameters 34 35 3 Per-Process Parameters 36 3.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj - Adjust the oom-killer 37 score 38 3.2 /proc/<pid>/oom_score - Display current oom-killer score 39 3.3 /proc/<pid>/io - Display the IO accounting fields 40 3.4 /proc/<pid>/coredump_filter - Core dump filtering settings 41 3.5 /proc/<pid>/mountinfo - Information about mounts 42 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 43 3.7 /proc/<pid>/task/<tid>/children - Information about task children 44 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 45 46 4 Configuring procfs 47 4.1 Mount options 48 49------------------------------------------------------------------------------ 50Preface 51------------------------------------------------------------------------------ 52 530.1 Introduction/Credits 54------------------------ 55 56This documentation is part of a soon (or so we hope) to be released book on 57the SuSE Linux distribution. As there is no complete documentation for the 58/proc file system and we've used many freely available sources to write these 59chapters, it seems only fair to give the work back to the Linux community. 60This work is based on the 2.2.* kernel version and the upcoming 2.4.*. I'm 61afraid it's still far from complete, but we hope it will be useful. As far as 62we know, it is the first 'all-in-one' document about the /proc file system. It 63is focused on the Intel x86 hardware, so if you are looking for PPC, ARM, 64SPARC, AXP, etc., features, you probably won't find what you are looking for. 65It also only covers IPv4 networking, not IPv6 nor other protocols - sorry. But 66additions and patches are welcome and will be added to this document if you 67mail them to Bodo. 68 69We'd like to thank Alan Cox, Rik van Riel, and Alexey Kuznetsov and a lot of 70other people for help compiling this documentation. We'd also like to extend a 71special thank you to Andi Kleen for documentation, which we relied on heavily 72to create this document, as well as the additional information he provided. 73Thanks to everybody else who contributed source or docs to the Linux kernel 74and helped create a great piece of software... :) 75 76If you have any comments, corrections or additions, please don't hesitate to 77contact Bodo Bauer at bb@ricochet.net. We'll be happy to add them to this 78document. 79 80The latest version of this document is available online at 81http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html 82 83If the above direction does not works for you, you could try the kernel 84mailing list at linux-kernel@vger.kernel.org and/or try to reach me at 85comandante@zaralinux.com. 86 870.2 Legal Stuff 88--------------- 89 90We don't guarantee the correctness of this document, and if you come to us 91complaining about how you screwed up your system because of incorrect 92documentation, we won't feel responsible... 93 94------------------------------------------------------------------------------ 95CHAPTER 1: COLLECTING SYSTEM INFORMATION 96------------------------------------------------------------------------------ 97 98------------------------------------------------------------------------------ 99In This Chapter 100------------------------------------------------------------------------------ 101* Investigating the properties of the pseudo file system /proc and its 102 ability to provide information on the running Linux system 103* Examining /proc's structure 104* Uncovering various information about the kernel and the processes running 105 on the system 106------------------------------------------------------------------------------ 107 108 109The proc file system acts as an interface to internal data structures in the 110kernel. It can be used to obtain information about the system and to change 111certain kernel parameters at runtime (sysctl). 112 113First, we'll take a look at the read-only parts of /proc. In Chapter 2, we 114show you how you can use /proc/sys to change settings. 115 1161.1 Process-Specific Subdirectories 117----------------------------------- 118 119The directory /proc contains (among other things) one subdirectory for each 120process running on the system, which is named after the process ID (PID). 121 122The link self points to the process reading the file system. Each process 123subdirectory has the entries listed in Table 1-1. 124 125 126Table 1-1: Process specific entries in /proc 127.............................................................................. 128 File Content 129 clear_refs Clears page referenced bits shown in smaps output 130 cmdline Command line arguments 131 cpu Current and last cpu in which it was executed (2.4)(smp) 132 cwd Link to the current working directory 133 environ Values of environment variables 134 exe Link to the executable of this process 135 fd Directory, which contains all file descriptors 136 maps Memory maps to executables and library files (2.4) 137 mem Memory held by this process 138 root Link to the root directory of this process 139 stat Process status 140 statm Process memory status information 141 status Process status in human readable form 142 wchan If CONFIG_KALLSYMS is set, a pre-decoded wchan 143 pagemap Page table 144 stack Report full stack trace, enable via CONFIG_STACKTRACE 145 smaps a extension based on maps, showing the memory consumption of 146 each mapping and flags associated with it 147.............................................................................. 148 149For example, to get the status information of a process, all you have to do is 150read the file /proc/PID/status: 151 152 >cat /proc/self/status 153 Name: cat 154 State: R (running) 155 Tgid: 5452 156 Pid: 5452 157 PPid: 743 158 TracerPid: 0 (2.4) 159 Uid: 501 501 501 501 160 Gid: 100 100 100 100 161 FDSize: 256 162 Groups: 100 14 16 163 VmPeak: 5004 kB 164 VmSize: 5004 kB 165 VmLck: 0 kB 166 VmHWM: 476 kB 167 VmRSS: 476 kB 168 VmData: 156 kB 169 VmStk: 88 kB 170 VmExe: 68 kB 171 VmLib: 1412 kB 172 VmPTE: 20 kb 173 VmSwap: 0 kB 174 Threads: 1 175 SigQ: 0/28578 176 SigPnd: 0000000000000000 177 ShdPnd: 0000000000000000 178 SigBlk: 0000000000000000 179 SigIgn: 0000000000000000 180 SigCgt: 0000000000000000 181 CapInh: 00000000fffffeff 182 CapPrm: 0000000000000000 183 CapEff: 0000000000000000 184 CapBnd: ffffffffffffffff 185 Seccomp: 0 186 voluntary_ctxt_switches: 0 187 nonvoluntary_ctxt_switches: 1 188 189This shows you nearly the same information you would get if you viewed it with 190the ps command. In fact, ps uses the proc file system to obtain its 191information. But you get a more detailed view of the process by reading the 192file /proc/PID/status. It fields are described in table 1-2. 193 194The statm file contains more detailed information about the process 195memory usage. Its seven fields are explained in Table 1-3. The stat file 196contains details information about the process itself. Its fields are 197explained in Table 1-4. 198 199(for SMP CONFIG users) 200For making accounting scalable, RSS related information are handled in 201asynchronous manner and the vaule may not be very precise. To see a precise 202snapshot of a moment, you can see /proc/<pid>/smaps file and scan page table. 203It's slow but very precise. 204 205Table 1-2: Contents of the status files (as of 2.6.30-rc7) 206.............................................................................. 207 Field Content 208 Name filename of the executable 209 State state (R is running, S is sleeping, D is sleeping 210 in an uninterruptible wait, Z is zombie, 211 T is traced or stopped) 212 Tgid thread group ID 213 Pid process id 214 PPid process id of the parent process 215 TracerPid PID of process tracing this process (0 if not) 216 Uid Real, effective, saved set, and file system UIDs 217 Gid Real, effective, saved set, and file system GIDs 218 FDSize number of file descriptor slots currently allocated 219 Groups supplementary group list 220 VmPeak peak virtual memory size 221 VmSize total program size 222 VmLck locked memory size 223 VmHWM peak resident set size ("high water mark") 224 VmRSS size of memory portions 225 VmData size of data, stack, and text segments 226 VmStk size of data, stack, and text segments 227 VmExe size of text segment 228 VmLib size of shared library code 229 VmPTE size of page table entries 230 VmSwap size of swap usage (the number of referred swapents) 231 Threads number of threads 232 SigQ number of signals queued/max. number for queue 233 SigPnd bitmap of pending signals for the thread 234 ShdPnd bitmap of shared pending signals for the process 235 SigBlk bitmap of blocked signals 236 SigIgn bitmap of ignored signals 237 SigCgt bitmap of caught signals 238 CapInh bitmap of inheritable capabilities 239 CapPrm bitmap of permitted capabilities 240 CapEff bitmap of effective capabilities 241 CapBnd bitmap of capabilities bounding set 242 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...) 243 Cpus_allowed mask of CPUs on which this process may run 244 Cpus_allowed_list Same as previous, but in "list format" 245 Mems_allowed mask of memory nodes allowed to this process 246 Mems_allowed_list Same as previous, but in "list format" 247 voluntary_ctxt_switches number of voluntary context switches 248 nonvoluntary_ctxt_switches number of non voluntary context switches 249.............................................................................. 250 251Table 1-3: Contents of the statm files (as of 2.6.8-rc3) 252.............................................................................. 253 Field Content 254 size total program size (pages) (same as VmSize in status) 255 resident size of memory portions (pages) (same as VmRSS in status) 256 shared number of pages that are shared (i.e. backed by a file) 257 trs number of pages that are 'code' (not including libs; broken, 258 includes data segment) 259 lrs number of pages of library (always 0 on 2.6) 260 drs number of pages of data/stack (including libs; broken, 261 includes library text) 262 dt number of dirty pages (always 0 on 2.6) 263.............................................................................. 264 265 266Table 1-4: Contents of the stat files (as of 2.6.30-rc7) 267.............................................................................. 268 Field Content 269 pid process id 270 tcomm filename of the executable 271 state state (R is running, S is sleeping, D is sleeping in an 272 uninterruptible wait, Z is zombie, T is traced or stopped) 273 ppid process id of the parent process 274 pgrp pgrp of the process 275 sid session id 276 tty_nr tty the process uses 277 tty_pgrp pgrp of the tty 278 flags task flags 279 min_flt number of minor faults 280 cmin_flt number of minor faults with child's 281 maj_flt number of major faults 282 cmaj_flt number of major faults with child's 283 utime user mode jiffies 284 stime kernel mode jiffies 285 cutime user mode jiffies with child's 286 cstime kernel mode jiffies with child's 287 priority priority level 288 nice nice level 289 num_threads number of threads 290 it_real_value (obsolete, always 0) 291 start_time time the process started after system boot 292 vsize virtual memory size 293 rss resident set memory size 294 rsslim current limit in bytes on the rss 295 start_code address above which program text can run 296 end_code address below which program text can run 297 start_stack address of the start of the main process stack 298 esp current value of ESP 299 eip current value of EIP 300 pending bitmap of pending signals 301 blocked bitmap of blocked signals 302 sigign bitmap of ignored signals 303 sigcatch bitmap of caught signals 304 wchan address where process went to sleep 305 0 (place holder) 306 0 (place holder) 307 exit_signal signal to send to parent thread on exit 308 task_cpu which CPU the task is scheduled on 309 rt_priority realtime priority 310 policy scheduling policy (man sched_setscheduler) 311 blkio_ticks time spent waiting for block IO 312 gtime guest time of the task in jiffies 313 cgtime guest time of the task children in jiffies 314 start_data address above which program data+bss is placed 315 end_data address below which program data+bss is placed 316 start_brk address above which program heap can be expanded with brk() 317 arg_start address above which program command line is placed 318 arg_end address below which program command line is placed 319 env_start address above which program environment is placed 320 env_end address below which program environment is placed 321 exit_code the thread's exit_code in the form reported by the waitpid system call 322.............................................................................. 323 324The /proc/PID/maps file containing the currently mapped memory regions and 325their access permissions. 326 327The format is: 328 329address perms offset dev inode pathname 330 33108048000-08049000 r-xp 00000000 03:00 8312 /opt/test 33208049000-0804a000 rw-p 00001000 03:00 8312 /opt/test 3330804a000-0806b000 rw-p 00000000 00:00 0 [heap] 334a7cb1000-a7cb2000 ---p 00000000 00:00 0 335a7cb2000-a7eb2000 rw-p 00000000 00:00 0 336a7eb2000-a7eb3000 ---p 00000000 00:00 0 337a7eb3000-a7ed5000 rw-p 00000000 00:00 0 [stack:1001] 338a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 339a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 340a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 341a800b000-a800e000 rw-p 00000000 00:00 0 342a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 343a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 344a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 345a8024000-a8027000 rw-p 00000000 00:00 0 346a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 347a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 348a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 349aff35000-aff4a000 rw-p 00000000 00:00 0 [stack] 350ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] 351 352where "address" is the address space in the process that it occupies, "perms" 353is a set of permissions: 354 355 r = read 356 w = write 357 x = execute 358 s = shared 359 p = private (copy on write) 360 361"offset" is the offset into the mapping, "dev" is the device (major:minor), and 362"inode" is the inode on that device. 0 indicates that no inode is associated 363with the memory region, as the case would be with BSS (uninitialized data). 364The "pathname" shows the name associated file for this mapping. If the mapping 365is not associated with a file: 366 367 [heap] = the heap of the program 368 [stack] = the stack of the main process 369 [stack:1001] = the stack of the thread with tid 1001 370 [vdso] = the "virtual dynamic shared object", 371 the kernel system call handler 372 [anon:<name>] = an anonymous mapping that has been 373 named by userspace 374 375 or if empty, the mapping is anonymous. 376 377The /proc/PID/task/TID/maps is a view of the virtual memory from the viewpoint 378of the individual tasks of a process. In this file you will see a mapping marked 379as [stack] if that task sees it as a stack. This is a key difference from the 380content of /proc/PID/maps, where you will see all mappings that are being used 381as stack by all of those tasks. Hence, for the example above, the task-level 382map, i.e. /proc/PID/task/TID/maps for thread 1001 will look like this: 383 38408048000-08049000 r-xp 00000000 03:00 8312 /opt/test 38508049000-0804a000 rw-p 00001000 03:00 8312 /opt/test 3860804a000-0806b000 rw-p 00000000 00:00 0 [heap] 387a7cb1000-a7cb2000 ---p 00000000 00:00 0 388a7cb2000-a7eb2000 rw-p 00000000 00:00 0 389a7eb2000-a7eb3000 ---p 00000000 00:00 0 390a7eb3000-a7ed5000 rw-p 00000000 00:00 0 [stack] 391a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 392a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 393a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 394a800b000-a800e000 rw-p 00000000 00:00 0 395a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 396a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 397a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 398a8024000-a8027000 rw-p 00000000 00:00 0 399a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 400a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 401a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 402aff35000-aff4a000 rw-p 00000000 00:00 0 403ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] 404 405The /proc/PID/smaps is an extension based on maps, showing the memory 406consumption for each of the process's mappings. For each of mappings there 407is a series of lines such as the following: 408 40908048000-080bc000 r-xp 00000000 03:02 13130 /bin/bash 410Size: 1084 kB 411Rss: 892 kB 412Pss: 374 kB 413Shared_Clean: 892 kB 414Shared_Dirty: 0 kB 415Private_Clean: 0 kB 416Private_Dirty: 0 kB 417Referenced: 892 kB 418Anonymous: 0 kB 419Swap: 0 kB 420SwapPss: 0 kB 421KernelPageSize: 4 kB 422MMUPageSize: 4 kB 423Locked: 374 kB 424VmFlags: rd ex mr mw me de 425Name: name from userspace 426 427the first of these lines shows the same information as is displayed for the 428mapping in /proc/PID/maps. The remaining lines show the size of the mapping 429(size), the amount of the mapping that is currently resident in RAM (RSS), the 430process' proportional share of this mapping (PSS), the number of clean and 431dirty private pages in the mapping. 432 433The "proportional set size" (PSS) of a process is the count of pages it has 434in memory, where each page is divided by the number of processes sharing it. 435So if a process has 1000 pages all to itself, and 1000 shared with one other 436process, its PSS will be 1500. 437Note that even a page which is part of a MAP_SHARED mapping, but has only 438a single pte mapped, i.e. is currently used by only one process, is accounted 439as private and not as shared. 440"Referenced" indicates the amount of memory currently marked as referenced or 441accessed. 442"Anonymous" shows the amount of memory that does not belong to any file. Even 443a mapping associated with a file may contain anonymous pages: when MAP_PRIVATE 444and a page is modified, the file page is replaced by a private anonymous copy. 445"Swap" shows how much would-be-anonymous memory is also used, but out on 446swap. 447"SwapPss" shows proportional swap share of this mapping. 448"VmFlags" field deserves a separate description. This member represents the kernel 449flags associated with the particular virtual memory area in two letter encoded 450manner. The codes are the following: 451 rd - readable 452 wr - writeable 453 ex - executable 454 sh - shared 455 mr - may read 456 mw - may write 457 me - may execute 458 ms - may share 459 gd - stack segment growns down 460 pf - pure PFN range 461 dw - disabled write to the mapped file 462 lo - pages are locked in memory 463 io - memory mapped I/O area 464 sr - sequential read advise provided 465 rr - random read advise provided 466 dc - do not copy area on fork 467 de - do not expand area on remapping 468 ac - area is accountable 469 nr - swap space is not reserved for the area 470 ht - area uses huge tlb pages 471 nl - non-linear mapping 472 ar - architecture specific flag 473 dd - do not include area into core dump 474 sd - soft-dirty flag 475 mm - mixed map area 476 hg - huge page advise flag 477 nh - no-huge page advise flag 478 mg - mergable advise flag 479 480Note that there is no guarantee that every flag and associated mnemonic will 481be present in all further kernel releases. Things get changed, the flags may 482be vanished or the reverse -- new added. 483 484The "Name" field will only be present on a mapping that has been named by 485userspace, and will show the name passed in by userspace. 486 487This file is only present if the CONFIG_MMU kernel configuration option is 488enabled. 489 490The /proc/PID/clear_refs is used to reset the PG_Referenced and ACCESSED/YOUNG 491bits on both physical and virtual pages associated with a process, and the 492soft-dirty bit on pte (see Documentation/vm/soft-dirty.txt for details). 493To clear the bits for all the pages associated with the process 494 > echo 1 > /proc/PID/clear_refs 495 496To clear the bits for the anonymous pages associated with the process 497 > echo 2 > /proc/PID/clear_refs 498 499To clear the bits for the file mapped pages associated with the process 500 > echo 3 > /proc/PID/clear_refs 501 502To clear the soft-dirty bit 503 > echo 4 > /proc/PID/clear_refs 504 505To reset the peak resident set size ("high water mark") to the process's 506current value: 507 > echo 5 > /proc/PID/clear_refs 508 509Any other value written to /proc/PID/clear_refs will have no effect. 510 511The /proc/pid/pagemap gives the PFN, which can be used to find the pageflags 512using /proc/kpageflags and number of times a page is mapped using 513/proc/kpagecount. For detailed explanation, see Documentation/vm/pagemap.txt. 514 5151.2 Kernel data 516--------------- 517 518Similar to the process entries, the kernel data files give information about 519the running kernel. The files used to obtain this information are contained in 520/proc and are listed in Table 1-5. Not all of these will be present in your 521system. It depends on the kernel configuration and the loaded modules, which 522files are there, and which are missing. 523 524Table 1-5: Kernel info in /proc 525.............................................................................. 526 File Content 527 apm Advanced power management info 528 buddyinfo Kernel memory allocator information (see text) (2.5) 529 bus Directory containing bus specific information 530 cmdline Kernel command line 531 cpuinfo Info about the CPU 532 devices Available devices (block and character) 533 dma Used DMS channels 534 filesystems Supported filesystems 535 driver Various drivers grouped here, currently rtc (2.4) 536 execdomains Execdomains, related to security (2.4) 537 fb Frame Buffer devices (2.4) 538 fs File system parameters, currently nfs/exports (2.4) 539 ide Directory containing info about the IDE subsystem 540 interrupts Interrupt usage 541 iomem Memory map (2.4) 542 ioports I/O port usage 543 irq Masks for irq to cpu affinity (2.4)(smp?) 544 isapnp ISA PnP (Plug&Play) Info (2.4) 545 kcore Kernel core image (can be ELF or A.OUT(deprecated in 2.4)) 546 kmsg Kernel messages 547 ksyms Kernel symbol table 548 loadavg Load average of last 1, 5 & 15 minutes 549 locks Kernel locks 550 meminfo Memory info 551 misc Miscellaneous 552 modules List of loaded modules 553 mounts Mounted filesystems 554 net Networking info (see text) 555 pagetypeinfo Additional page allocator information (see text) (2.5) 556 partitions Table of partitions known to the system 557 pci Deprecated info of PCI bus (new way -> /proc/bus/pci/, 558 decoupled by lspci (2.4) 559 rtc Real time clock 560 scsi SCSI info (see text) 561 slabinfo Slab pool info 562 softirqs softirq usage 563 stat Overall statistics 564 swaps Swap space utilization 565 sys See chapter 2 566 sysvipc Info of SysVIPC Resources (msg, sem, shm) (2.4) 567 tty Info of tty drivers 568 uptime Wall clock since boot, combined idle time of all cpus 569 version Kernel version 570 video bttv info of video resources (2.4) 571 vmallocinfo Show vmalloced areas 572.............................................................................. 573 574You can, for example, check which interrupts are currently in use and what 575they are used for by looking in the file /proc/interrupts: 576 577 > cat /proc/interrupts 578 CPU0 579 0: 8728810 XT-PIC timer 580 1: 895 XT-PIC keyboard 581 2: 0 XT-PIC cascade 582 3: 531695 XT-PIC aha152x 583 4: 2014133 XT-PIC serial 584 5: 44401 XT-PIC pcnet_cs 585 8: 2 XT-PIC rtc 586 11: 8 XT-PIC i82365 587 12: 182918 XT-PIC PS/2 Mouse 588 13: 1 XT-PIC fpu 589 14: 1232265 XT-PIC ide0 590 15: 7 XT-PIC ide1 591 NMI: 0 592 593In 2.4.* a couple of lines where added to this file LOC & ERR (this time is the 594output of a SMP machine): 595 596 > cat /proc/interrupts 597 598 CPU0 CPU1 599 0: 1243498 1214548 IO-APIC-edge timer 600 1: 8949 8958 IO-APIC-edge keyboard 601 2: 0 0 XT-PIC cascade 602 5: 11286 10161 IO-APIC-edge soundblaster 603 8: 1 0 IO-APIC-edge rtc 604 9: 27422 27407 IO-APIC-edge 3c503 605 12: 113645 113873 IO-APIC-edge PS/2 Mouse 606 13: 0 0 XT-PIC fpu 607 14: 22491 24012 IO-APIC-edge ide0 608 15: 2183 2415 IO-APIC-edge ide1 609 17: 30564 30414 IO-APIC-level eth0 610 18: 177 164 IO-APIC-level bttv 611 NMI: 2457961 2457959 612 LOC: 2457882 2457881 613 ERR: 2155 614 615NMI is incremented in this case because every timer interrupt generates a NMI 616(Non Maskable Interrupt) which is used by the NMI Watchdog to detect lockups. 617 618LOC is the local interrupt counter of the internal APIC of every CPU. 619 620ERR is incremented in the case of errors in the IO-APIC bus (the bus that 621connects the CPUs in a SMP system. This means that an error has been detected, 622the IO-APIC automatically retry the transmission, so it should not be a big 623problem, but you should read the SMP-FAQ. 624 625In 2.6.2* /proc/interrupts was expanded again. This time the goal was for 626/proc/interrupts to display every IRQ vector in use by the system, not 627just those considered 'most important'. The new vectors are: 628 629 THR -- interrupt raised when a machine check threshold counter 630 (typically counting ECC corrected errors of memory or cache) exceeds 631 a configurable threshold. Only available on some systems. 632 633 TRM -- a thermal event interrupt occurs when a temperature threshold 634 has been exceeded for the CPU. This interrupt may also be generated 635 when the temperature drops back to normal. 636 637 SPU -- a spurious interrupt is some interrupt that was raised then lowered 638 by some IO device before it could be fully processed by the APIC. Hence 639 the APIC sees the interrupt but does not know what device it came from. 640 For this case the APIC will generate the interrupt with a IRQ vector 641 of 0xff. This might also be generated by chipset bugs. 642 643 RES, CAL, TLB -- rescheduling, call and TLB flush interrupts are 644 sent from one CPU to another per the needs of the OS. Typically, 645 their statistics are used by kernel developers and interested users to 646 determine the occurrence of interrupts of the given type. 647 648The above IRQ vectors are displayed only when relevant. For example, 649the threshold vector does not exist on x86_64 platforms. Others are 650suppressed when the system is a uniprocessor. As of this writing, only 651i386 and x86_64 platforms support the new IRQ vector displays. 652 653Of some interest is the introduction of the /proc/irq directory to 2.4. 654It could be used to set IRQ to CPU affinity, this means that you can "hook" an 655IRQ to only one CPU, or to exclude a CPU of handling IRQs. The contents of the 656irq subdir is one subdir for each IRQ, and two files; default_smp_affinity and 657prof_cpu_mask. 658 659For example 660 > ls /proc/irq/ 661 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask 662 1 11 13 15 17 19 3 5 7 9 default_smp_affinity 663 > ls /proc/irq/0/ 664 smp_affinity 665 666smp_affinity is a bitmask, in which you can specify which CPUs can handle the 667IRQ, you can set it by doing: 668 669 > echo 1 > /proc/irq/10/smp_affinity 670 671This means that only the first CPU will handle the IRQ, but you can also echo 6725 which means that only the first and fourth CPU can handle the IRQ. 673 674The contents of each smp_affinity file is the same by default: 675 676 > cat /proc/irq/0/smp_affinity 677 ffffffff 678 679There is an alternate interface, smp_affinity_list which allows specifying 680a cpu range instead of a bitmask: 681 682 > cat /proc/irq/0/smp_affinity_list 683 1024-1031 684 685The default_smp_affinity mask applies to all non-active IRQs, which are the 686IRQs which have not yet been allocated/activated, and hence which lack a 687/proc/irq/[0-9]* directory. 688 689The node file on an SMP system shows the node to which the device using the IRQ 690reports itself as being attached. This hardware locality information does not 691include information about any possible driver locality preference. 692 693prof_cpu_mask specifies which CPUs are to be profiled by the system wide 694profiler. Default value is ffffffff (all cpus if there are only 32 of them). 695 696The way IRQs are routed is handled by the IO-APIC, and it's Round Robin 697between all the CPUs which are allowed to handle it. As usual the kernel has 698more info than you and does a better job than you, so the defaults are the 699best choice for almost everyone. [Note this applies only to those IO-APIC's 700that support "Round Robin" interrupt distribution.] 701 702There are three more important subdirectories in /proc: net, scsi, and sys. 703The general rule is that the contents, or even the existence of these 704directories, depend on your kernel configuration. If SCSI is not enabled, the 705directory scsi may not exist. The same is true with the net, which is there 706only when networking support is present in the running kernel. 707 708The slabinfo file gives information about memory usage at the slab level. 709Linux uses slab pools for memory management above page level in version 2.2. 710Commonly used objects have their own slab pool (such as network buffers, 711directory cache, and so on). 712 713.............................................................................. 714 715> cat /proc/buddyinfo 716 717Node 0, zone DMA 0 4 5 4 4 3 ... 718Node 0, zone Normal 1 0 0 1 101 8 ... 719Node 0, zone HighMem 2 0 0 1 1 0 ... 720 721External fragmentation is a problem under some workloads, and buddyinfo is a 722useful tool for helping diagnose these problems. Buddyinfo will give you a 723clue as to how big an area you can safely allocate, or why a previous 724allocation failed. 725 726Each column represents the number of pages of a certain order which are 727available. In this case, there are 0 chunks of 2^0*PAGE_SIZE available in 728ZONE_DMA, 4 chunks of 2^1*PAGE_SIZE in ZONE_DMA, 101 chunks of 2^4*PAGE_SIZE 729available in ZONE_NORMAL, etc... 730 731More information relevant to external fragmentation can be found in 732pagetypeinfo. 733 734> cat /proc/pagetypeinfo 735Page block order: 9 736Pages per block: 512 737 738Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 739Node 0, zone DMA, type Unmovable 0 0 0 1 1 1 1 1 1 1 0 740Node 0, zone DMA, type Reclaimable 0 0 0 0 0 0 0 0 0 0 0 741Node 0, zone DMA, type Movable 1 1 2 1 2 1 1 0 1 0 2 742Node 0, zone DMA, type Reserve 0 0 0 0 0 0 0 0 0 1 0 743Node 0, zone DMA, type Isolate 0 0 0 0 0 0 0 0 0 0 0 744Node 0, zone DMA32, type Unmovable 103 54 77 1 1 1 11 8 7 1 9 745Node 0, zone DMA32, type Reclaimable 0 0 2 1 0 0 0 0 1 0 0 746Node 0, zone DMA32, type Movable 169 152 113 91 77 54 39 13 6 1 452 747Node 0, zone DMA32, type Reserve 1 2 2 2 2 0 1 1 1 1 0 748Node 0, zone DMA32, type Isolate 0 0 0 0 0 0 0 0 0 0 0 749 750Number of blocks type Unmovable Reclaimable Movable Reserve Isolate 751Node 0, zone DMA 2 0 5 1 0 752Node 0, zone DMA32 41 6 967 2 0 753 754Fragmentation avoidance in the kernel works by grouping pages of different 755migrate types into the same contiguous regions of memory called page blocks. 756A page block is typically the size of the default hugepage size e.g. 2MB on 757X86-64. By keeping pages grouped based on their ability to move, the kernel 758can reclaim pages within a page block to satisfy a high-order allocation. 759 760The pagetypinfo begins with information on the size of a page block. It 761then gives the same type of information as buddyinfo except broken down 762by migrate-type and finishes with details on how many page blocks of each 763type exist. 764 765If min_free_kbytes has been tuned correctly (recommendations made by hugeadm 766from libhugetlbfs http://sourceforge.net/projects/libhugetlbfs/), one can 767make an estimate of the likely number of huge pages that can be allocated 768at a given point in time. All the "Movable" blocks should be allocatable 769unless memory has been mlock()'d. Some of the Reclaimable blocks should 770also be allocatable although a lot of filesystem metadata may have to be 771reclaimed to achieve this. 772 773.............................................................................. 774 775meminfo: 776 777Provides information about distribution and utilization of memory. This 778varies by architecture and compile options. The following is from a 77916GB PIII, which has highmem enabled. You may not have all of these fields. 780 781> cat /proc/meminfo 782 783The "Locked" indicates whether the mapping is locked in memory or not. 784 785 786MemTotal: 16344972 kB 787MemFree: 13634064 kB 788MemAvailable: 14836172 kB 789Buffers: 3656 kB 790Cached: 1195708 kB 791SwapCached: 0 kB 792Active: 891636 kB 793Inactive: 1077224 kB 794HighTotal: 15597528 kB 795HighFree: 13629632 kB 796LowTotal: 747444 kB 797LowFree: 4432 kB 798SwapTotal: 0 kB 799SwapFree: 0 kB 800Dirty: 968 kB 801Writeback: 0 kB 802AnonPages: 861800 kB 803Mapped: 280372 kB 804Slab: 284364 kB 805SReclaimable: 159856 kB 806SUnreclaim: 124508 kB 807PageTables: 24448 kB 808NFS_Unstable: 0 kB 809Bounce: 0 kB 810WritebackTmp: 0 kB 811CommitLimit: 7669796 kB 812Committed_AS: 100056 kB 813VmallocTotal: 112216 kB 814VmallocUsed: 428 kB 815VmallocChunk: 111088 kB 816AnonHugePages: 49152 kB 817 818 MemTotal: Total usable ram (i.e. physical ram minus a few reserved 819 bits and the kernel binary code) 820 MemFree: The sum of LowFree+HighFree 821MemAvailable: An estimate of how much memory is available for starting new 822 applications, without swapping. Calculated from MemFree, 823 SReclaimable, the size of the file LRU lists, and the low 824 watermarks in each zone. 825 The estimate takes into account that the system needs some 826 page cache to function well, and that not all reclaimable 827 slab will be reclaimable, due to items being in use. The 828 impact of those factors will vary from system to system. 829 Buffers: Relatively temporary storage for raw disk blocks 830 shouldn't get tremendously large (20MB or so) 831 Cached: in-memory cache for files read from the disk (the 832 pagecache). Doesn't include SwapCached 833 SwapCached: Memory that once was swapped out, is swapped back in but 834 still also is in the swapfile (if memory is needed it 835 doesn't need to be swapped out AGAIN because it is already 836 in the swapfile. This saves I/O) 837 Active: Memory that has been used more recently and usually not 838 reclaimed unless absolutely necessary. 839 Inactive: Memory which has been less recently used. It is more 840 eligible to be reclaimed for other purposes 841 HighTotal: 842 HighFree: Highmem is all memory above ~860MB of physical memory 843 Highmem areas are for use by userspace programs, or 844 for the pagecache. The kernel must use tricks to access 845 this memory, making it slower to access than lowmem. 846 LowTotal: 847 LowFree: Lowmem is memory which can be used for everything that 848 highmem can be used for, but it is also available for the 849 kernel's use for its own data structures. Among many 850 other things, it is where everything from the Slab is 851 allocated. Bad things happen when you're out of lowmem. 852 SwapTotal: total amount of swap space available 853 SwapFree: Memory which has been evicted from RAM, and is temporarily 854 on the disk 855 Dirty: Memory which is waiting to get written back to the disk 856 Writeback: Memory which is actively being written back to the disk 857 AnonPages: Non-file backed pages mapped into userspace page tables 858AnonHugePages: Non-file backed huge pages mapped into userspace page tables 859 Mapped: files which have been mmaped, such as libraries 860 Slab: in-kernel data structures cache 861SReclaimable: Part of Slab, that might be reclaimed, such as caches 862 SUnreclaim: Part of Slab, that cannot be reclaimed on memory pressure 863 PageTables: amount of memory dedicated to the lowest level of page 864 tables. 865NFS_Unstable: NFS pages sent to the server, but not yet committed to stable 866 storage 867 Bounce: Memory used for block device "bounce buffers" 868WritebackTmp: Memory used by FUSE for temporary writeback buffers 869 CommitLimit: Based on the overcommit ratio ('vm.overcommit_ratio'), 870 this is the total amount of memory currently available to 871 be allocated on the system. This limit is only adhered to 872 if strict overcommit accounting is enabled (mode 2 in 873 'vm.overcommit_memory'). 874 The CommitLimit is calculated with the following formula: 875 CommitLimit = ([total RAM pages] - [total huge TLB pages]) * 876 overcommit_ratio / 100 + [total swap pages] 877 For example, on a system with 1G of physical RAM and 7G 878 of swap with a `vm.overcommit_ratio` of 30 it would 879 yield a CommitLimit of 7.3G. 880 For more details, see the memory overcommit documentation 881 in vm/overcommit-accounting. 882Committed_AS: The amount of memory presently allocated on the system. 883 The committed memory is a sum of all of the memory which 884 has been allocated by processes, even if it has not been 885 "used" by them as of yet. A process which malloc()'s 1G 886 of memory, but only touches 300M of it will show up as 887 using 1G. This 1G is memory which has been "committed" to 888 by the VM and can be used at any time by the allocating 889 application. With strict overcommit enabled on the system 890 (mode 2 in 'vm.overcommit_memory'),allocations which would 891 exceed the CommitLimit (detailed above) will not be permitted. 892 This is useful if one needs to guarantee that processes will 893 not fail due to lack of memory once that memory has been 894 successfully allocated. 895VmallocTotal: total size of vmalloc memory area 896 VmallocUsed: amount of vmalloc area which is used 897VmallocChunk: largest contiguous block of vmalloc area which is free 898 899.............................................................................. 900 901vmallocinfo: 902 903Provides information about vmalloced/vmaped areas. One line per area, 904containing the virtual address range of the area, size in bytes, 905caller information of the creator, and optional information depending 906on the kind of area : 907 908 pages=nr number of pages 909 phys=addr if a physical address was specified 910 ioremap I/O mapping (ioremap() and friends) 911 vmalloc vmalloc() area 912 vmap vmap()ed pages 913 user VM_USERMAP area 914 vpages buffer for pages pointers was vmalloced (huge area) 915 N<node>=nr (Only on NUMA kernels) 916 Number of pages allocated on memory node <node> 917 918> cat /proc/vmallocinfo 9190xffffc20000000000-0xffffc20000201000 2101248 alloc_large_system_hash+0x204 ... 920 /0x2c0 pages=512 vmalloc N0=128 N1=128 N2=128 N3=128 9210xffffc20000201000-0xffffc20000302000 1052672 alloc_large_system_hash+0x204 ... 922 /0x2c0 pages=256 vmalloc N0=64 N1=64 N2=64 N3=64 9230xffffc20000302000-0xffffc20000304000 8192 acpi_tb_verify_table+0x21/0x4f... 924 phys=7fee8000 ioremap 9250xffffc20000304000-0xffffc20000307000 12288 acpi_tb_verify_table+0x21/0x4f... 926 phys=7fee7000 ioremap 9270xffffc2000031d000-0xffffc2000031f000 8192 init_vdso_vars+0x112/0x210 9280xffffc2000031f000-0xffffc2000032b000 49152 cramfs_uncompress_init+0x2e ... 929 /0x80 pages=11 vmalloc N0=3 N1=3 N2=2 N3=3 9300xffffc2000033a000-0xffffc2000033d000 12288 sys_swapon+0x640/0xac0 ... 931 pages=2 vmalloc N1=2 9320xffffc20000347000-0xffffc2000034c000 20480 xt_alloc_table_info+0xfe ... 933 /0x130 [x_tables] pages=4 vmalloc N0=4 9340xffffffffa0000000-0xffffffffa000f000 61440 sys_init_module+0xc27/0x1d00 ... 935 pages=14 vmalloc N2=14 9360xffffffffa000f000-0xffffffffa0014000 20480 sys_init_module+0xc27/0x1d00 ... 937 pages=4 vmalloc N1=4 9380xffffffffa0014000-0xffffffffa0017000 12288 sys_init_module+0xc27/0x1d00 ... 939 pages=2 vmalloc N1=2 9400xffffffffa0017000-0xffffffffa0022000 45056 sys_init_module+0xc27/0x1d00 ... 941 pages=10 vmalloc N0=10 942 943.............................................................................. 944 945softirqs: 946 947Provides counts of softirq handlers serviced since boot time, for each cpu. 948 949> cat /proc/softirqs 950 CPU0 CPU1 CPU2 CPU3 951 HI: 0 0 0 0 952 TIMER: 27166 27120 27097 27034 953 NET_TX: 0 0 0 17 954 NET_RX: 42 0 0 39 955 BLOCK: 0 0 107 1121 956 TASKLET: 0 0 0 290 957 SCHED: 27035 26983 26971 26746 958 HRTIMER: 0 0 0 0 959 RCU: 1678 1769 2178 2250 960 961 9621.3 IDE devices in /proc/ide 963---------------------------- 964 965The subdirectory /proc/ide contains information about all IDE devices of which 966the kernel is aware. There is one subdirectory for each IDE controller, the 967file drivers and a link for each IDE device, pointing to the device directory 968in the controller specific subtree. 969 970The file drivers contains general information about the drivers used for the 971IDE devices: 972 973 > cat /proc/ide/drivers 974 ide-cdrom version 4.53 975 ide-disk version 1.08 976 977More detailed information can be found in the controller specific 978subdirectories. These are named ide0, ide1 and so on. Each of these 979directories contains the files shown in table 1-6. 980 981 982Table 1-6: IDE controller info in /proc/ide/ide? 983.............................................................................. 984 File Content 985 channel IDE channel (0 or 1) 986 config Configuration (only for PCI/IDE bridge) 987 mate Mate name 988 model Type/Chipset of IDE controller 989.............................................................................. 990 991Each device connected to a controller has a separate subdirectory in the 992controllers directory. The files listed in table 1-7 are contained in these 993directories. 994 995 996Table 1-7: IDE device information 997.............................................................................. 998 File Content 999 cache The cache 1000 capacity Capacity of the medium (in 512Byte blocks) 1001 driver driver and version 1002 geometry physical and logical geometry 1003 identify device identify block 1004 media media type 1005 model device identifier 1006 settings device setup 1007 smart_thresholds IDE disk management thresholds 1008 smart_values IDE disk management values 1009.............................................................................. 1010 1011The most interesting file is settings. This file contains a nice overview of 1012the drive parameters: 1013 1014 # cat /proc/ide/ide0/hda/settings 1015 name value min max mode 1016 ---- ----- --- --- ---- 1017 bios_cyl 526 0 65535 rw 1018 bios_head 255 0 255 rw 1019 bios_sect 63 0 63 rw 1020 breada_readahead 4 0 127 rw 1021 bswap 0 0 1 r 1022 file_readahead 72 0 2097151 rw 1023 io_32bit 0 0 3 rw 1024 keepsettings 0 0 1 rw 1025 max_kb_per_request 122 1 127 rw 1026 multcount 0 0 8 rw 1027 nice1 1 0 1 rw 1028 nowerr 0 0 1 rw 1029 pio_mode write-only 0 255 w 1030 slow 0 0 1 rw 1031 unmaskirq 0 0 1 rw 1032 using_dma 0 0 1 rw 1033 1034 10351.4 Networking info in /proc/net 1036-------------------------------- 1037 1038The subdirectory /proc/net follows the usual pattern. Table 1-8 shows the 1039additional values you get for IP version 6 if you configure the kernel to 1040support this. Table 1-9 lists the files and their meaning. 1041 1042 1043Table 1-8: IPv6 info in /proc/net 1044.............................................................................. 1045 File Content 1046 udp6 UDP sockets (IPv6) 1047 tcp6 TCP sockets (IPv6) 1048 raw6 Raw device statistics (IPv6) 1049 igmp6 IP multicast addresses, which this host joined (IPv6) 1050 if_inet6 List of IPv6 interface addresses 1051 ipv6_route Kernel routing table for IPv6 1052 rt6_stats Global IPv6 routing tables statistics 1053 sockstat6 Socket statistics (IPv6) 1054 snmp6 Snmp data (IPv6) 1055.............................................................................. 1056 1057 1058Table 1-9: Network info in /proc/net 1059.............................................................................. 1060 File Content 1061 arp Kernel ARP table 1062 dev network devices with statistics 1063 dev_mcast the Layer2 multicast groups a device is listening too 1064 (interface index, label, number of references, number of bound 1065 addresses). 1066 dev_stat network device status 1067 ip_fwchains Firewall chain linkage 1068 ip_fwnames Firewall chain names 1069 ip_masq Directory containing the masquerading tables 1070 ip_masquerade Major masquerading table 1071 netstat Network statistics 1072 raw raw device statistics 1073 route Kernel routing table 1074 rpc Directory containing rpc info 1075 rt_cache Routing cache 1076 snmp SNMP data 1077 sockstat Socket statistics 1078 tcp TCP sockets 1079 udp UDP sockets 1080 unix UNIX domain sockets 1081 wireless Wireless interface data (Wavelan etc) 1082 igmp IP multicast addresses, which this host joined 1083 psched Global packet scheduler parameters. 1084 netlink List of PF_NETLINK sockets 1085 ip_mr_vifs List of multicast virtual interfaces 1086 ip_mr_cache List of multicast routing cache 1087.............................................................................. 1088 1089You can use this information to see which network devices are available in 1090your system and how much traffic was routed over those devices: 1091 1092 > cat /proc/net/dev 1093 Inter-|Receive |[... 1094 face |bytes packets errs drop fifo frame compressed multicast|[... 1095 lo: 908188 5596 0 0 0 0 0 0 [... 1096 ppp0:15475140 20721 410 0 0 410 0 0 [... 1097 eth0: 614530 7085 0 0 0 0 0 1 [... 1098 1099 ...] Transmit 1100 ...] bytes packets errs drop fifo colls carrier compressed 1101 ...] 908188 5596 0 0 0 0 0 0 1102 ...] 1375103 17405 0 0 0 0 0 0 1103 ...] 1703981 5535 0 0 0 3 0 0 1104 1105In addition, each Channel Bond interface has its own directory. For 1106example, the bond0 device will have a directory called /proc/net/bond0/. 1107It will contain information that is specific to that bond, such as the 1108current slaves of the bond, the link status of the slaves, and how 1109many times the slaves link has failed. 1110 11111.5 SCSI info 1112------------- 1113 1114If you have a SCSI host adapter in your system, you'll find a subdirectory 1115named after the driver for this adapter in /proc/scsi. You'll also see a list 1116of all recognized SCSI devices in /proc/scsi: 1117 1118 >cat /proc/scsi/scsi 1119 Attached devices: 1120 Host: scsi0 Channel: 00 Id: 00 Lun: 00 1121 Vendor: IBM Model: DGHS09U Rev: 03E0 1122 Type: Direct-Access ANSI SCSI revision: 03 1123 Host: scsi0 Channel: 00 Id: 06 Lun: 00 1124 Vendor: PIONEER Model: CD-ROM DR-U06S Rev: 1.04 1125 Type: CD-ROM ANSI SCSI revision: 02 1126 1127 1128The directory named after the driver has one file for each adapter found in 1129the system. These files contain information about the controller, including 1130the used IRQ and the IO address range. The amount of information shown is 1131dependent on the adapter you use. The example shows the output for an Adaptec 1132AHA-2940 SCSI adapter: 1133 1134 > cat /proc/scsi/aic7xxx/0 1135 1136 Adaptec AIC7xxx driver version: 5.1.19/3.2.4 1137 Compile Options: 1138 TCQ Enabled By Default : Disabled 1139 AIC7XXX_PROC_STATS : Disabled 1140 AIC7XXX_RESET_DELAY : 5 1141 Adapter Configuration: 1142 SCSI Adapter: Adaptec AHA-294X Ultra SCSI host adapter 1143 Ultra Wide Controller 1144 PCI MMAPed I/O Base: 0xeb001000 1145 Adapter SEEPROM Config: SEEPROM found and used. 1146 Adaptec SCSI BIOS: Enabled 1147 IRQ: 10 1148 SCBs: Active 0, Max Active 2, 1149 Allocated 15, HW 16, Page 255 1150 Interrupts: 160328 1151 BIOS Control Word: 0x18b6 1152 Adapter Control Word: 0x005b 1153 Extended Translation: Enabled 1154 Disconnect Enable Flags: 0xffff 1155 Ultra Enable Flags: 0x0001 1156 Tag Queue Enable Flags: 0x0000 1157 Ordered Queue Tag Flags: 0x0000 1158 Default Tag Queue Depth: 8 1159 Tagged Queue By Device array for aic7xxx host instance 0: 1160 {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255} 1161 Actual queue depth per device for aic7xxx host instance 0: 1162 {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1} 1163 Statistics: 1164 (scsi0:0:0:0) 1165 Device using Wide/Sync transfers at 40.0 MByte/sec, offset 8 1166 Transinfo settings: current(12/8/1/0), goal(12/8/1/0), user(12/15/1/0) 1167 Total transfers 160151 (74577 reads and 85574 writes) 1168 (scsi0:0:6:0) 1169 Device using Narrow/Sync transfers at 5.0 MByte/sec, offset 15 1170 Transinfo settings: current(50/15/0/0), goal(50/15/0/0), user(50/15/0/0) 1171 Total transfers 0 (0 reads and 0 writes) 1172 1173 11741.6 Parallel port info in /proc/parport 1175--------------------------------------- 1176 1177The directory /proc/parport contains information about the parallel ports of 1178your system. It has one subdirectory for each port, named after the port 1179number (0,1,2,...). 1180 1181These directories contain the four files shown in Table 1-10. 1182 1183 1184Table 1-10: Files in /proc/parport 1185.............................................................................. 1186 File Content 1187 autoprobe Any IEEE-1284 device ID information that has been acquired. 1188 devices list of the device drivers using that port. A + will appear by the 1189 name of the device currently using the port (it might not appear 1190 against any). 1191 hardware Parallel port's base address, IRQ line and DMA channel. 1192 irq IRQ that parport is using for that port. This is in a separate 1193 file to allow you to alter it by writing a new value in (IRQ 1194 number or none). 1195.............................................................................. 1196 11971.7 TTY info in /proc/tty 1198------------------------- 1199 1200Information about the available and actually used tty's can be found in the 1201directory /proc/tty.You'll find entries for drivers and line disciplines in 1202this directory, as shown in Table 1-11. 1203 1204 1205Table 1-11: Files in /proc/tty 1206.............................................................................. 1207 File Content 1208 drivers list of drivers and their usage 1209 ldiscs registered line disciplines 1210 driver/serial usage statistic and status of single tty lines 1211.............................................................................. 1212 1213To see which tty's are currently in use, you can simply look into the file 1214/proc/tty/drivers: 1215 1216 > cat /proc/tty/drivers 1217 pty_slave /dev/pts 136 0-255 pty:slave 1218 pty_master /dev/ptm 128 0-255 pty:master 1219 pty_slave /dev/ttyp 3 0-255 pty:slave 1220 pty_master /dev/pty 2 0-255 pty:master 1221 serial /dev/cua 5 64-67 serial:callout 1222 serial /dev/ttyS 4 64-67 serial 1223 /dev/tty0 /dev/tty0 4 0 system:vtmaster 1224 /dev/ptmx /dev/ptmx 5 2 system 1225 /dev/console /dev/console 5 1 system:console 1226 /dev/tty /dev/tty 5 0 system:/dev/tty 1227 unknown /dev/tty 4 1-63 console 1228 1229 12301.8 Miscellaneous kernel statistics in /proc/stat 1231------------------------------------------------- 1232 1233Various pieces of information about kernel activity are available in the 1234/proc/stat file. All of the numbers reported in this file are aggregates 1235since the system first booted. For a quick look, simply cat the file: 1236 1237 > cat /proc/stat 1238 cpu 2255 34 2290 22625563 6290 127 456 0 0 1239 cpu0 1132 34 1441 11311718 3675 127 438 0 0 1240 cpu1 1123 0 849 11313845 2614 0 18 0 0 1241 intr 114930548 113199788 3 0 5 263 0 4 [... lots more numbers ...] 1242 ctxt 1990473 1243 btime 1062191376 1244 processes 2915 1245 procs_running 1 1246 procs_blocked 0 1247 softirq 183433 0 21755 12 39 1137 231 21459 2263 1248 1249The very first "cpu" line aggregates the numbers in all of the other "cpuN" 1250lines. These numbers identify the amount of time the CPU has spent performing 1251different kinds of work. Time units are in USER_HZ (typically hundredths of a 1252second). The meanings of the columns are as follows, from left to right: 1253 1254- user: normal processes executing in user mode 1255- nice: niced processes executing in user mode 1256- system: processes executing in kernel mode 1257- idle: twiddling thumbs 1258- iowait: waiting for I/O to complete 1259- irq: servicing interrupts 1260- softirq: servicing softirqs 1261- steal: involuntary wait 1262- guest: running a normal guest 1263- guest_nice: running a niced guest 1264 1265The "intr" line gives counts of interrupts serviced since boot time, for each 1266of the possible system interrupts. The first column is the total of all 1267interrupts serviced including unnumbered architecture specific interrupts; 1268each subsequent column is the total for that particular numbered interrupt. 1269Unnumbered interrupts are not shown, only summed into the total. 1270 1271The "ctxt" line gives the total number of context switches across all CPUs. 1272 1273The "btime" line gives the time at which the system booted, in seconds since 1274the Unix epoch. 1275 1276The "processes" line gives the number of processes and threads created, which 1277includes (but is not limited to) those created by calls to the fork() and 1278clone() system calls. 1279 1280The "procs_running" line gives the total number of threads that are 1281running or ready to run (i.e., the total number of runnable threads). 1282 1283The "procs_blocked" line gives the number of processes currently blocked, 1284waiting for I/O to complete. 1285 1286The "softirq" line gives counts of softirqs serviced since boot time, for each 1287of the possible system softirqs. The first column is the total of all 1288softirqs serviced; each subsequent column is the total for that particular 1289softirq. 1290 1291 12921.9 Ext4 file system parameters 1293------------------------------ 1294 1295Information about mounted ext4 file systems can be found in 1296/proc/fs/ext4. Each mounted filesystem will have a directory in 1297/proc/fs/ext4 based on its device name (i.e., /proc/fs/ext4/hdc or 1298/proc/fs/ext4/dm-0). The files in each per-device directory are shown 1299in Table 1-12, below. 1300 1301Table 1-12: Files in /proc/fs/ext4/<devname> 1302.............................................................................. 1303 File Content 1304 mb_groups details of multiblock allocator buddy cache of free blocks 1305.............................................................................. 1306 13072.0 /proc/consoles 1308------------------ 1309Shows registered system console lines. 1310 1311To see which character device lines are currently used for the system console 1312/dev/console, you may simply look into the file /proc/consoles: 1313 1314 > cat /proc/consoles 1315 tty0 -WU (ECp) 4:7 1316 ttyS0 -W- (Ep) 4:64 1317 1318The columns are: 1319 1320 device name of the device 1321 operations R = can do read operations 1322 W = can do write operations 1323 U = can do unblank 1324 flags E = it is enabled 1325 C = it is preferred console 1326 B = it is primary boot console 1327 p = it is used for printk buffer 1328 b = it is not a TTY but a Braille device 1329 a = it is safe to use when cpu is offline 1330 major:minor major and minor number of the device separated by a colon 1331 1332------------------------------------------------------------------------------ 1333Summary 1334------------------------------------------------------------------------------ 1335The /proc file system serves information about the running system. It not only 1336allows access to process data but also allows you to request the kernel status 1337by reading files in the hierarchy. 1338 1339The directory structure of /proc reflects the types of information and makes 1340it easy, if not obvious, where to look for specific data. 1341------------------------------------------------------------------------------ 1342 1343------------------------------------------------------------------------------ 1344CHAPTER 2: MODIFYING SYSTEM PARAMETERS 1345------------------------------------------------------------------------------ 1346 1347------------------------------------------------------------------------------ 1348In This Chapter 1349------------------------------------------------------------------------------ 1350* Modifying kernel parameters by writing into files found in /proc/sys 1351* Exploring the files which modify certain parameters 1352* Review of the /proc/sys file tree 1353------------------------------------------------------------------------------ 1354 1355 1356A very interesting part of /proc is the directory /proc/sys. This is not only 1357a source of information, it also allows you to change parameters within the 1358kernel. Be very careful when attempting this. You can optimize your system, 1359but you can also cause it to crash. Never alter kernel parameters on a 1360production system. Set up a development machine and test to make sure that 1361everything works the way you want it to. You may have no alternative but to 1362reboot the machine once an error has been made. 1363 1364To change a value, simply echo the new value into the file. An example is 1365given below in the section on the file system data. You need to be root to do 1366this. You can create your own boot script to perform this every time your 1367system boots. 1368 1369The files in /proc/sys can be used to fine tune and monitor miscellaneous and 1370general things in the operation of the Linux kernel. Since some of the files 1371can inadvertently disrupt your system, it is advisable to read both 1372documentation and source before actually making adjustments. In any case, be 1373very careful when writing to any of these files. The entries in /proc may 1374change slightly between the 2.1.* and the 2.2 kernel, so if there is any doubt 1375review the kernel documentation in the directory /usr/src/linux/Documentation. 1376This chapter is heavily based on the documentation included in the pre 2.2 1377kernels, and became part of it in version 2.2.1 of the Linux kernel. 1378 1379Please see: Documentation/sysctl/ directory for descriptions of these 1380entries. 1381 1382------------------------------------------------------------------------------ 1383Summary 1384------------------------------------------------------------------------------ 1385Certain aspects of kernel behavior can be modified at runtime, without the 1386need to recompile the kernel, or even to reboot the system. The files in the 1387/proc/sys tree can not only be read, but also modified. You can use the echo 1388command to write value into these files, thereby changing the default settings 1389of the kernel. 1390------------------------------------------------------------------------------ 1391 1392------------------------------------------------------------------------------ 1393CHAPTER 3: PER-PROCESS PARAMETERS 1394------------------------------------------------------------------------------ 1395 13963.1 /proc/<pid>/oom_adj & /proc/<pid>/oom_score_adj- Adjust the oom-killer score 1397-------------------------------------------------------------------------------- 1398 1399These file can be used to adjust the badness heuristic used to select which 1400process gets killed in out of memory conditions. 1401 1402The badness heuristic assigns a value to each candidate task ranging from 0 1403(never kill) to 1000 (always kill) to determine which process is targeted. The 1404units are roughly a proportion along that range of allowed memory the process 1405may allocate from based on an estimation of its current memory and swap use. 1406For example, if a task is using all allowed memory, its badness score will be 14071000. If it is using half of its allowed memory, its score will be 500. 1408 1409There is an additional factor included in the badness score: the current memory 1410and swap usage is discounted by 3% for root processes. 1411 1412The amount of "allowed" memory depends on the context in which the oom killer 1413was called. If it is due to the memory assigned to the allocating task's cpuset 1414being exhausted, the allowed memory represents the set of mems assigned to that 1415cpuset. If it is due to a mempolicy's node(s) being exhausted, the allowed 1416memory represents the set of mempolicy nodes. If it is due to a memory 1417limit (or swap limit) being reached, the allowed memory is that configured 1418limit. Finally, if it is due to the entire system being out of memory, the 1419allowed memory represents all allocatable resources. 1420 1421The value of /proc/<pid>/oom_score_adj is added to the badness score before it 1422is used to determine which task to kill. Acceptable values range from -1000 1423(OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows userspace to 1424polarize the preference for oom killing either by always preferring a certain 1425task or completely disabling it. The lowest possible value, -1000, is 1426equivalent to disabling oom killing entirely for that task since it will always 1427report a badness score of 0. 1428 1429Consequently, it is very simple for userspace to define the amount of memory to 1430consider for each task. Setting a /proc/<pid>/oom_score_adj value of +500, for 1431example, is roughly equivalent to allowing the remainder of tasks sharing the 1432same system, cpuset, mempolicy, or memory controller resources to use at least 143350% more memory. A value of -500, on the other hand, would be roughly 1434equivalent to discounting 50% of the task's allowed memory from being considered 1435as scoring against the task. 1436 1437For backwards compatibility with previous kernels, /proc/<pid>/oom_adj may also 1438be used to tune the badness score. Its acceptable values range from -16 1439(OOM_ADJUST_MIN) to +15 (OOM_ADJUST_MAX) and a special value of -17 1440(OOM_DISABLE) to disable oom killing entirely for that task. Its value is 1441scaled linearly with /proc/<pid>/oom_score_adj. 1442 1443The value of /proc/<pid>/oom_score_adj may be reduced no lower than the last 1444value set by a CAP_SYS_RESOURCE process. To reduce the value any lower 1445requires CAP_SYS_RESOURCE. 1446 1447Caveat: when a parent task is selected, the oom killer will sacrifice any first 1448generation children with separate address spaces instead, if possible. This 1449avoids servers and important system daemons from being killed and loses the 1450minimal amount of work. 1451 1452 14533.2 /proc/<pid>/oom_score - Display current oom-killer score 1454------------------------------------------------------------- 1455 1456This file can be used to check the current score used by the oom-killer is for 1457any given <pid>. Use it together with /proc/<pid>/oom_score_adj to tune which 1458process should be killed in an out-of-memory situation. 1459 1460 14613.3 /proc/<pid>/io - Display the IO accounting fields 1462------------------------------------------------------- 1463 1464This file contains IO statistics for each running process 1465 1466Example 1467------- 1468 1469test:/tmp # dd if=/dev/zero of=/tmp/test.dat & 1470[1] 3828 1471 1472test:/tmp # cat /proc/3828/io 1473rchar: 323934931 1474wchar: 323929600 1475syscr: 632687 1476syscw: 632675 1477read_bytes: 0 1478write_bytes: 323932160 1479cancelled_write_bytes: 0 1480 1481 1482Description 1483----------- 1484 1485rchar 1486----- 1487 1488I/O counter: chars read 1489The number of bytes which this task has caused to be read from storage. This 1490is simply the sum of bytes which this process passed to read() and pread(). 1491It includes things like tty IO and it is unaffected by whether or not actual 1492physical disk IO was required (the read might have been satisfied from 1493pagecache) 1494 1495 1496wchar 1497----- 1498 1499I/O counter: chars written 1500The number of bytes which this task has caused, or shall cause to be written 1501to disk. Similar caveats apply here as with rchar. 1502 1503 1504syscr 1505----- 1506 1507I/O counter: read syscalls 1508Attempt to count the number of read I/O operations, i.e. syscalls like read() 1509and pread(). 1510 1511 1512syscw 1513----- 1514 1515I/O counter: write syscalls 1516Attempt to count the number of write I/O operations, i.e. syscalls like 1517write() and pwrite(). 1518 1519 1520read_bytes 1521---------- 1522 1523I/O counter: bytes read 1524Attempt to count the number of bytes which this process really did cause to 1525be fetched from the storage layer. Done at the submit_bio() level, so it is 1526accurate for block-backed filesystems. <please add status regarding NFS and 1527CIFS at a later time> 1528 1529 1530write_bytes 1531----------- 1532 1533I/O counter: bytes written 1534Attempt to count the number of bytes which this process caused to be sent to 1535the storage layer. This is done at page-dirtying time. 1536 1537 1538cancelled_write_bytes 1539--------------------- 1540 1541The big inaccuracy here is truncate. If a process writes 1MB to a file and 1542then deletes the file, it will in fact perform no writeout. But it will have 1543been accounted as having caused 1MB of write. 1544In other words: The number of bytes which this process caused to not happen, 1545by truncating pagecache. A task can cause "negative" IO too. If this task 1546truncates some dirty pagecache, some IO which another task has been accounted 1547for (in its write_bytes) will not be happening. We _could_ just subtract that 1548from the truncating task's write_bytes, but there is information loss in doing 1549that. 1550 1551 1552Note 1553---- 1554 1555At its current implementation state, this is a bit racy on 32-bit machines: if 1556process A reads process B's /proc/pid/io while process B is updating one of 1557those 64-bit counters, process A could see an intermediate result. 1558 1559 1560More information about this can be found within the taskstats documentation in 1561Documentation/accounting. 1562 15633.4 /proc/<pid>/coredump_filter - Core dump filtering settings 1564--------------------------------------------------------------- 1565When a process is dumped, all anonymous memory is written to a core file as 1566long as the size of the core file isn't limited. But sometimes we don't want 1567to dump some memory segments, for example, huge shared memory. Conversely, 1568sometimes we want to save file-backed memory segments into a core file, not 1569only the individual files. 1570 1571/proc/<pid>/coredump_filter allows you to customize which memory segments 1572will be dumped when the <pid> process is dumped. coredump_filter is a bitmask 1573of memory types. If a bit of the bitmask is set, memory segments of the 1574corresponding memory type are dumped, otherwise they are not dumped. 1575 1576The following 7 memory types are supported: 1577 - (bit 0) anonymous private memory 1578 - (bit 1) anonymous shared memory 1579 - (bit 2) file-backed private memory 1580 - (bit 3) file-backed shared memory 1581 - (bit 4) ELF header pages in file-backed private memory areas (it is 1582 effective only if the bit 2 is cleared) 1583 - (bit 5) hugetlb private memory 1584 - (bit 6) hugetlb shared memory 1585 1586 Note that MMIO pages such as frame buffer are never dumped and vDSO pages 1587 are always dumped regardless of the bitmask status. 1588 1589 Note bit 0-4 doesn't effect any hugetlb memory. hugetlb memory are only 1590 effected by bit 5-6. 1591 1592Default value of coredump_filter is 0x23; this means all anonymous memory 1593segments and hugetlb private memory are dumped. 1594 1595If you don't want to dump all shared memory segments attached to pid 1234, 1596write 0x21 to the process's proc file. 1597 1598 $ echo 0x21 > /proc/1234/coredump_filter 1599 1600When a new process is created, the process inherits the bitmask status from its 1601parent. It is useful to set up coredump_filter before the program runs. 1602For example: 1603 1604 $ echo 0x7 > /proc/self/coredump_filter 1605 $ ./some_program 1606 16073.5 /proc/<pid>/mountinfo - Information about mounts 1608-------------------------------------------------------- 1609 1610This file contains lines of the form: 1611 161236 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue 1613(1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11) 1614 1615(1) mount ID: unique identifier of the mount (may be reused after umount) 1616(2) parent ID: ID of parent (or of self for the top of the mount tree) 1617(3) major:minor: value of st_dev for files on filesystem 1618(4) root: root of the mount within the filesystem 1619(5) mount point: mount point relative to the process's root 1620(6) mount options: per mount options 1621(7) optional fields: zero or more fields of the form "tag[:value]" 1622(8) separator: marks the end of the optional fields 1623(9) filesystem type: name of filesystem of the form "type[.subtype]" 1624(10) mount source: filesystem specific information or "none" 1625(11) super options: per super block options 1626 1627Parsers should ignore all unrecognised optional fields. Currently the 1628possible optional fields are: 1629 1630shared:X mount is shared in peer group X 1631master:X mount is slave to peer group X 1632propagate_from:X mount is slave and receives propagation from peer group X (*) 1633unbindable mount is unbindable 1634 1635(*) X is the closest dominant peer group under the process's root. If 1636X is the immediate master of the mount, or if there's no dominant peer 1637group under the same root, then only the "master:X" field is present 1638and not the "propagate_from:X" field. 1639 1640For more information on mount propagation see: 1641 1642 Documentation/filesystems/sharedsubtree.txt 1643 1644 16453.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm 1646-------------------------------------------------------- 1647These files provide a method to access a tasks comm value. It also allows for 1648a task to set its own or one of its thread siblings comm value. The comm value 1649is limited in size compared to the cmdline value, so writing anything longer 1650then the kernel's TASK_COMM_LEN (currently 16 chars) will result in a truncated 1651comm value. 1652 1653 16543.7 /proc/<pid>/task/<tid>/children - Information about task children 1655------------------------------------------------------------------------- 1656This file provides a fast way to retrieve first level children pids 1657of a task pointed by <pid>/<tid> pair. The format is a space separated 1658stream of pids. 1659 1660Note the "first level" here -- if a child has own children they will 1661not be listed here, one needs to read /proc/<children-pid>/task/<tid>/children 1662to obtain the descendants. 1663 1664Since this interface is intended to be fast and cheap it doesn't 1665guarantee to provide precise results and some children might be 1666skipped, especially if they've exited right after we printed their 1667pids, so one need to either stop or freeze processes being inspected 1668if precise results are needed. 1669 1670 16713.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 1672--------------------------------------------------------------- 1673This file provides information associated with an opened file. The regular 1674files have at least three fields -- 'pos', 'flags' and mnt_id. The 'pos' 1675represents the current offset of the opened file in decimal form [see lseek(2) 1676for details], 'flags' denotes the octal O_xxx mask the file has been 1677created with [see open(2) for details] and 'mnt_id' represents mount ID of 1678the file system containing the opened file [see 3.5 /proc/<pid>/mountinfo 1679for details]. 1680 1681A typical output is 1682 1683 pos: 0 1684 flags: 0100002 1685 mnt_id: 19 1686 1687The files such as eventfd, fsnotify, signalfd, epoll among the regular pos/flags 1688pair provide additional information particular to the objects they represent. 1689 1690 Eventfd files 1691 ~~~~~~~~~~~~~ 1692 pos: 0 1693 flags: 04002 1694 mnt_id: 9 1695 eventfd-count: 5a 1696 1697 where 'eventfd-count' is hex value of a counter. 1698 1699 Signalfd files 1700 ~~~~~~~~~~~~~~ 1701 pos: 0 1702 flags: 04002 1703 mnt_id: 9 1704 sigmask: 0000000000000200 1705 1706 where 'sigmask' is hex value of the signal mask associated 1707 with a file. 1708 1709 Epoll files 1710 ~~~~~~~~~~~ 1711 pos: 0 1712 flags: 02 1713 mnt_id: 9 1714 tfd: 5 events: 1d data: ffffffffffffffff 1715 1716 where 'tfd' is a target file descriptor number in decimal form, 1717 'events' is events mask being watched and the 'data' is data 1718 associated with a target [see epoll(7) for more details]. 1719 1720 Fsnotify files 1721 ~~~~~~~~~~~~~~ 1722 For inotify files the format is the following 1723 1724 pos: 0 1725 flags: 02000000 1726 inotify wd:3 ino:9e7e sdev:800013 mask:800afce ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:7e9e0000640d1b6d 1727 1728 where 'wd' is a watch descriptor in decimal form, ie a target file 1729 descriptor number, 'ino' and 'sdev' are inode and device where the 1730 target file resides and the 'mask' is the mask of events, all in hex 1731 form [see inotify(7) for more details]. 1732 1733 If the kernel was built with exportfs support, the path to the target 1734 file is encoded as a file handle. The file handle is provided by three 1735 fields 'fhandle-bytes', 'fhandle-type' and 'f_handle', all in hex 1736 format. 1737 1738 If the kernel is built without exportfs support the file handle won't be 1739 printed out. 1740 1741 If there is no inotify mark attached yet the 'inotify' line will be omitted. 1742 1743 For fanotify files the format is 1744 1745 pos: 0 1746 flags: 02 1747 mnt_id: 9 1748 fanotify flags:10 event-flags:0 1749 fanotify mnt_id:12 mflags:40 mask:38 ignored_mask:40000003 1750 fanotify ino:4f969 sdev:800013 mflags:0 mask:3b ignored_mask:40000000 fhandle-bytes:8 fhandle-type:1 f_handle:69f90400c275b5b4 1751 1752 where fanotify 'flags' and 'event-flags' are values used in fanotify_init 1753 call, 'mnt_id' is the mount point identifier, 'mflags' is the value of 1754 flags associated with mark which are tracked separately from events 1755 mask. 'ino', 'sdev' are target inode and device, 'mask' is the events 1756 mask and 'ignored_mask' is the mask of events which are to be ignored. 1757 All in hex format. Incorporation of 'mflags', 'mask' and 'ignored_mask' 1758 does provide information about flags and mask used in fanotify_mark 1759 call [see fsnotify manpage for details]. 1760 1761 While the first three lines are mandatory and always printed, the rest is 1762 optional and may be omitted if no marks created yet. 1763 1764 Timerfd files 1765 ~~~~~~~~~~~~~ 1766 1767 pos: 0 1768 flags: 02 1769 mnt_id: 9 1770 clockid: 0 1771 ticks: 0 1772 settime flags: 01 1773 it_value: (0, 49406829) 1774 it_interval: (1, 0) 1775 1776 where 'clockid' is the clock type and 'ticks' is the number of the timer expirations 1777 that have occurred [see timerfd_create(2) for details]. 'settime flags' are 1778 flags in octal form been used to setup the timer [see timerfd_settime(2) for 1779 details]. 'it_value' is remaining time until the timer exiration. 1780 'it_interval' is the interval for the timer. Note the timer might be set up 1781 with TIMER_ABSTIME option which will be shown in 'settime flags', but 'it_value' 1782 still exhibits timer's remaining time. 1783 1784------------------------------------------------------------------------------ 1785Configuring procfs 1786------------------------------------------------------------------------------ 1787 17884.1 Mount options 1789--------------------- 1790 1791The following mount options are supported: 1792 1793 hidepid= Set /proc/<pid>/ access mode. 1794 gid= Set the group authorized to learn processes information. 1795 1796hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories 1797(default). 1798 1799hidepid=1 means users may not access any /proc/<pid>/ directories but their 1800own. Sensitive files like cmdline, sched*, status are now protected against 1801other users. This makes it impossible to learn whether any user runs 1802specific program (given the program doesn't reveal itself by its behaviour). 1803As an additional bonus, as /proc/<pid>/cmdline is unaccessible for other users, 1804poorly written programs passing sensitive information via program arguments are 1805now protected against local eavesdroppers. 1806 1807hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be fully invisible to other 1808users. It doesn't mean that it hides a fact whether a process with a specific 1809pid value exists (it can be learned by other means, e.g. by "kill -0 $PID"), 1810but it hides process' uid and gid, which may be learned by stat()'ing 1811/proc/<pid>/ otherwise. It greatly complicates an intruder's task of gathering 1812information about running processes, whether some daemon runs with elevated 1813privileges, whether other user runs some sensitive program, whether other users 1814run any program at all, etc. 1815 1816gid= defines a group authorized to learn processes information otherwise 1817prohibited by hidepid=. If you use some daemon like identd which needs to learn 1818information about processes information, just add identd to this group. 1819