1PROC(5)                    Linux Programmer's Manual                   PROC(5)
2
3
4

NAME

6       proc - process information pseudo-filesystem
7

DESCRIPTION

9       The  proc filesystem is a pseudo-filesystem which provides an interface
10       to kernel data structures.  It is commonly  mounted  at  /proc.   Typi‐
11       cally,  it  is  mounted automatically by the system, but it can also be
12       mounted manually using a command such as:
13
14           mount -t proc proc /proc
15
16       Most of the files in the proc filesystem are read-only, but some  files
17       are writable, allowing kernel variables to be changed.
18
19   Mount options
20       The proc filesystem supports the following mount options:
21
22       hidepid=n (since Linux 3.3)
23              This   option   controls  who  can  access  the  information  in
24              /proc/[pid] directories.  The argument, n, is one of the follow‐
25              ing values:
26
27              0   Everybody  may  access all /proc/[pid] directories.  This is
28                  the traditional behavior, and  the  default  if  this  mount
29                  option is not specified.
30
31              1   Users  may  not  access  files and subdirectories inside any
32                  /proc/[pid]  directories  but  their  own  (the  /proc/[pid]
33                  directories  themselves  remain  visible).   Sensitive files
34                  such as /proc/[pid]/cmdline and /proc/[pid]/status  are  now
35                  protected  against other users.  This makes it impossible to
36                  learn whether any user is running  a  specific  program  (so
37                  long  as  the program doesn't otherwise reveal itself by its
38                  behavior).
39
40              2   As for mode 1, but in addition the  /proc/[pid]  directories
41                  belonging  to other users become invisible.  This means that
42                  /proc/[pid] entries can no longer be used  to  discover  the
43                  PIDs  on  the  system.   This  doesn't  hide the fact that a
44                  process with a specific PID value exists (it can be  learned
45                  by  other  means,  for  example,  by "kill -0 $PID"), but it
46                  hides a process's UID and  GID,  which  could  otherwise  be
47                  learned  by  employing  stat(2)  on a /proc/[pid] directory.
48                  This greatly complicates an  attacker's  task  of  gathering
49                  information   about  running  processes  (e.g.,  discovering
50                  whether some daemon is  running  with  elevated  privileges,
51                  whether  another  user  is  running  some sensitive program,
52                  whether other users are running any program at all,  and  so
53                  on).
54
55       gid=gid (since Linux 3.3)
56              Specifies  the  ID  of  a  group whose members are authorized to
57              learn process information otherwise prohibited by hidepid (i.e.,
58              users  in  this  group  behave  as though /proc was mounted with
59              hidepid=0).  This group should be  used  instead  of  approaches
60              such as putting nonroot users into the sudoers(5) file.
61
62   Overview
63       Underneath  /proc,  there are the following general groups of files and
64       subdirectories:
65
66       /proc/[pid] subdirectories
67              Each one of these subdirectories contains files and  subdirecto‐
68              ries exposing information about the process with the correspond‐
69              ing process ID.
70
71              Underneath each of the /proc/[pid] directories, a task subdirec‐
72              tory  contains subdirectories of the form task/[tid], which con‐
73              tain corresponding information about each of the threads in  the
74              process, where tid is the kernel thread ID of the thread.
75
76              The   /proc/[pid]  subdirectories  are  visible  when  iterating
77              through /proc with getdents(2) (and thus are  visible  when  one
78              uses ls(1) to view the contents of /proc).
79
80       /proc/[tid] subdirectories
81              Each  one of these subdirectories contains files and subdirecto‐
82              ries exposing information about the thread with the  correspond‐
83              ing  thread  ID.  The contents of these directories are the same
84              as the corresponding /proc/[pid]/task/[tid] directories.
85
86              The /proc/[tid] subdirectories are not  visible  when  iterating
87              through  /proc  with  getdents(2) (and thus are not visible when
88              one uses ls(1) to view the contents of /proc).
89
90       /proc/self
91              When a process accesses this magic symbolic link, it resolves to
92              the process's own /proc/[pid] directory.
93
94       /proc/thread-self
95              When  a thread accesses this magic symbolic link, it resolves to
96              the process's own /proc/self/task/[tid] directory.
97
98       /proc/[a-z]*
99              Various other files and subdirectories under /proc  expose  sys‐
100              tem-wide information.
101
102       All of the above are described in more detail below.
103
104   Files and directories
105       The  following  list provides details of many of the files and directo‐
106       ries under the /proc hierarchy.
107
108       /proc/[pid]
109              There is a numerical subdirectory for each running process;  the
110              subdirectory  is named by the process ID.  Each /proc/[pid] sub‐
111              directory contains the pseudo-files  and  directories  described
112              below.
113
114              The  files  inside each /proc/[pid] directory are normally owned
115              by the effective user and effective group  ID  of  the  process.
116              However,  as a security measure, the ownership is made root:root
117              if the process's "dumpable" attribute is set to  a  value  other
118              than 1.
119
120              Before Linux 4.11, root:root meant the "global" root user ID and
121              group ID (i.e., UID 0 and GID 0 in the initial user  namespace).
122              Since  Linux 4.11, if the process is in a noninitial user names‐
123              pace that has a valid mapping for user (group) ID 0  inside  the
124              namespace,  then  the  user (group) ownership of the files under
125              /proc/[pid] is instead made the same as the root user (group) ID
126              of  the  namespace.   This means that inside a container, things
127              work as expected for the container "root" user.
128
129              The process's "dumpable" attribute may change for the  following
130              reasons:
131
132              *  The   attribute   was   explicitly   set   via  the  prctl(2)
133                 PR_SET_DUMPABLE operation.
134
135              *  The  attribute  was  reset  to  the   value   in   the   file
136                 /proc/sys/fs/suid_dumpable (described below), for the reasons
137                 described in prctl(2).
138
139              Resetting the "dumpable" attribute to 1 reverts the ownership of
140              the /proc/[pid]/* files to the process's effective UID and GID.
141
142       /proc/[pid]/attr
143              The files in this directory provide an API for security modules.
144              The contents of this directory are files that can  be  read  and
145              written  in  order  to  set  security-related  attributes.  This
146              directory was added to support SELinux, but  the  intention  was
147              that  the  API  be general enough to support other security mod‐
148              ules.  For the purpose of explanation, examples of  how  SELinux
149              uses these files are provided below.
150
151              This directory is present only if the kernel was configured with
152              CONFIG_SECURITY.
153
154       /proc/[pid]/attr/current (since Linux 2.6.0)
155              The  contents  of  this  file  represent  the  current  security
156              attributes of the process.
157
158              In  SELinux,  this file is used to get the security context of a
159              process.  Prior to Linux 2.6.11, this file could not be used  to
160              set  the  security  context  (a  write was always denied), since
161              SELinux limited process security transitions to  execve(2)  (see
162              the  description  of /proc/[pid]/attr/exec, below).  Since Linux
163              2.6.11, SELinux lifted this  restriction  and  began  supporting
164              "set"  operations  via writes to this node if authorized by pol‐
165              icy, although use of this operation is only suitable for  appli‐
166              cations  that  are  trusted  to  maintain any desired separation
167              between the old and new security contexts.
168
169              Prior to Linux 2.6.28, SELinux did not allow  threads  within  a
170              multi-threaded  process  to  set their security context via this
171              node as it would yield an inconsistency among the security  con‐
172              texts of the threads sharing the same memory space.  Since Linux
173              2.6.28, SELinux lifted this  restriction  and  began  supporting
174              "set"  operations  for threads within a multithreaded process if
175              the new security context is bounded by the old security context,
176              where  the  bounded relation is defined in policy and guarantees
177              that the new security context has a subset of the permissions of
178              the old security context.
179
180              Other  security  modules  may choose to support "set" operations
181              via writes to this node.
182
183       /proc/[pid]/attr/exec (since Linux 2.6.0)
184              This file represents the attributes to  assign  to  the  process
185              upon a subsequent execve(2).
186
187              In  SELinux,  this is needed to support role/domain transitions,
188              and execve(2) is the preferred point to  make  such  transitions
189              because  it offers better control over the initialization of the
190              process in the new security label and the inheritance of  state.
191              In SELinux, this attribute is reset on execve(2) so that the new
192              program reverts to the default behavior for any execve(2)  calls
193              that  it  may  make.  In SELinux, a process can set only its own
194              /proc/[pid]/attr/exec attribute.
195
196       /proc/[pid]/attr/fscreate (since Linux 2.6.0)
197              This file represents the attributes to assign to  files  created
198              by  subsequent  calls  to  open(2),  mkdir(2),  symlink(2),  and
199              mknod(2)
200
201              SELinux employs this file to support creation of a  file  (using
202              the  aforementioned  system  calls)  in  a secure state, so that
203              there is no risk of inappropriate access being obtained  between
204              the  time  of creation and the time that attributes are set.  In
205              SELinux, this attribute is reset on execve(2), so that  the  new
206              program  reverts  to  the default behavior for any file creation
207              calls it may make, but the attribute will persist across  multi‐
208              ple file creation calls within a program unless it is explicitly
209              reset.   In  SELinux,  a  process   can   set   only   its   own
210              /proc/[pid]/attr/fscreate attribute.
211
212       /proc/[pid]/attr/keycreate (since Linux 2.6.18)
213              If  a process writes a security context into this file, all sub‐
214              sequently created keys (add_key(2)) will be  labeled  with  this
215              context.   For  further  information, see the kernel source file
216              Documentation/security/keys/core.rst   (or    file    Documenta‐
217              tion/security/keys.txt  on  Linux between 3.0 and 4.13, or Docu‐
218              mentation/keys.txt before Linux 3.0).
219
220       /proc/[pid]/attr/prev (since Linux 2.6.0)
221              This file contains the security context of  the  process  before
222              the   last   execve(2);   that   is,   the   previous  value  of
223              /proc/[pid]/attr/current.
224
225       /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
226              If a process writes a security context into this file, all  sub‐
227              sequently created sockets will be labeled with this context.
228
229       /proc/[pid]/autogroup (since Linux 2.6.38)
230              See sched(7).
231
232       /proc/[pid]/auxv (since 2.6.0)
233              This  contains  the  contents of the ELF interpreter information
234              passed to the process at exec time.  The format is one  unsigned
235              long  ID  plus one unsigned long value for each entry.  The last
236              entry contains two zeros.  See also getauxval(3).
237
238              Permission to access this file is governed by  a  ptrace  access
239              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
240
241       /proc/[pid]/cgroup (since Linux 2.6.24)
242              See cgroups(7).
243
244       /proc/[pid]/clear_refs (since Linux 2.6.22)
245
246              This  is  a  write-only  file,  writable  only  by  owner of the
247              process.
248
249              The following values may be written to the file:
250
251              1 (since Linux 2.6.22)
252                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
253                     the  pages  associated  with the process.  (Before kernel
254                     2.6.32, writing any nonzero value to this file  had  this
255                     effect.)
256
257              2 (since Linux 2.6.32)
258                     Reset  the  PG_Referenced and ACCESSED/YOUNG bits for all
259                     anonymous pages associated with the process.
260
261              3 (since Linux 2.6.32)
262                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
263                     file-mapped pages associated with the process.
264
265              Clearing  the  PG_Referenced  and ACCESSED/YOUNG bits provides a
266              method to measure approximately how much  memory  a  process  is
267              using.  One first inspects the values in the "Referenced" fields
268              for the VMAs shown in /proc/[pid]/smaps to get an  idea  of  the
269              memory  footprint of the process.  One then clears the PG_Refer‐
270              enced and ACCESSED/YOUNG bits  and,  after  some  measured  time
271              interval,  once  again  inspects  the values in the "Referenced"
272              fields to get an idea of the change in memory footprint  of  the
273              process during the measured interval.  If one is interested only
274              in inspecting the selected mapping types, then the value 2 or  3
275              can be used instead of 1.
276
277              Further values can be written to affect different properties:
278
279              4 (since Linux 3.11)
280                     Clear  the  soft-dirty  bit  for all the pages associated
281                     with the process.  This  is  used  (in  conjunction  with
282                     /proc/[pid]/pagemap) by the check-point restore system to
283                     discover which pages of a process have been dirtied since
284                     the file /proc/[pid]/clear_refs was written to.
285
286              5 (since Linux 4.0)
287                     Reset  the  peak resident set size ("high water mark") to
288                     the process's current resident set size value.
289
290              Writing any value to  /proc/[pid]/clear_refs  other  than  those
291              listed above has no effect.
292
293              The  /proc/[pid]/clear_refs  file  is  present  only if the CON‐
294              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
295
296       /proc/[pid]/cmdline
297              This read-only file holds the  complete  command  line  for  the
298              process,  unless  the  process is a zombie.  In the latter case,
299              there is nothing in this file: that is, a read on this file will
300              return  0 characters.  The command-line arguments appear in this
301              file as a set of strings separated by null bytes ('\0'), with  a
302              further null byte after the last string.
303
304       /proc/[pid]/comm (since Linux 2.6.33)
305              This  file exposes the process's comm value—that is, the command
306              name associated with the process.  Different threads in the same
307              process   may   have   different  comm  values,  accessible  via
308              /proc/[pid]/task/[tid]/comm.   A  thread  may  modify  its  comm
309              value,  or  that of any of other thread in the same thread group
310              (see the discussion of CLONE_THREAD in clone(2)), by writing  to
311              the   file   /proc/self/task/[tid]/comm.   Strings  longer  than
312              TASK_COMM_LEN (16) characters are silently truncated.
313
314              This file provides a superset of the  prctl(2)  PR_SET_NAME  and
315              PR_GET_NAME operations, and is employed by pthread_setname_np(3)
316              when used to rename threads other than the caller.
317
318       /proc/[pid]/coredump_filter (since Linux 2.6.23)
319              See core(5).
320
321       /proc/[pid]/cpuset (since Linux 2.6.12)
322              See cpuset(7).
323
324       /proc/[pid]/cwd
325              This is a symbolic link to the current working directory of  the
326              process.   To  find out the current working directory of process
327              20, for instance, you can do this:
328
329                  $ cd /proc/20/cwd; /bin/pwd
330
331              Note that the pwd command is often a shell built-in,  and  might
332              not work properly.  In bash(1), you may use pwd -P.
333
334              In  a  multithreaded process, the contents of this symbolic link
335              are not available if the  main  thread  has  already  terminated
336              (typically by calling pthread_exit(3)).
337
338              Permission  to  dereference  or read (readlink(2)) this symbolic
339              link    is    governed    by    a     ptrace     access     mode
340              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
341
342       /proc/[pid]/environ
343              This file contains the initial environment that was set when the
344              currently executing program  was  started  via  execve(2).   The
345              entries  are  separated by null bytes ('\0'), and there may be a
346              null byte at the end.  Thus, to print  out  the  environment  of
347              process 1, you would do:
348
349                  $ cat /proc/1/environ | tr '\000' '\n'
350
351              If,  after  an  execve(2),  the process modifies its environment
352              (e.g., by calling functions such as putenv(3) or  modifying  the
353              environ(7)  variable directly), this file will not reflect those
354              changes.
355
356              Furthermore, a process may change the memory location that  this
357              file refers via prctl(2) operations such as PR_SET_MM_ENV_START.
358
359              Permission  to  access  this file is governed by a ptrace access
360              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
361
362       /proc/[pid]/exe
363              Under Linux 2.2 and later, this file is a symbolic link contain‐
364              ing  the actual pathname of the executed command.  This symbolic
365              link can be dereferenced normally; attempting to  open  it  will
366              open  the  executable.  You can even type /proc/[pid]/exe to run
367              another copy of the same executable that is being run by process
368              [pid].   If  the  pathname  has been unlinked, the symbolic link
369              will contain the string '(deleted)'  appended  to  the  original
370              pathname.  In a multithreaded process, the contents of this sym‐
371              bolic link are not available if the main thread has already ter‐
372              minated (typically by calling pthread_exit(3)).
373
374              Permission  to  dereference  or read (readlink(2)) this symbolic
375              link    is    governed    by    a     ptrace     access     mode
376              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
377
378              Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the
379              binary which was executed, and appears as a  symbolic  link.   A
380              readlink(2)  call  on this file under Linux 2.0 returns a string
381              in the format:
382
383                  [device]:inode
384
385              For example, [0301]:1502 would be inode 1502 on device major  03
386              (IDE,  MFM,  etc. drives) minor 01 (first partition on the first
387              drive).
388
389              find(1) with the -inum option can be used to locate the file.
390
391       /proc/[pid]/fd/
392              This is a subdirectory containing one entry for each file  which
393              the process has open, named by its file descriptor, and which is
394              a symbolic link to the actual file.  Thus, 0 is standard  input,
395              1 standard output, 2 standard error, and so on.
396
397              For  file descriptors for pipes and sockets, the entries will be
398              symbolic links whose content is the file type with the inode.  A
399              readlink(2) call on this file returns a string in the format:
400
401                  type:[inode]
402
403              For  example, socket:[2248868] will be a socket and its inode is
404              2248868.  For sockets, that inode  can  be  used  to  find  more
405              information in one of the files under /proc/net/.
406
407              For  file  descriptors  that  have no corresponding inode (e.g.,
408              file   descriptors   produced   by   bpf(2),    epoll_create(2),
409              eventfd(2),  inotify_init(2),  perf_event_open(2),  signalfd(2),
410              timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
411              bolic link with contents of the form
412
413                  anon_inode:<file-type>
414
415              In  many  cases  (but  not  all), the file-type is surrounded by
416              square brackets.
417
418              For example, an epoll file descriptor will have a symbolic  link
419              whose content is the string anon_inode:[eventpoll].
420
421              In  a  multithreaded process, the contents of this directory are
422              not available if the main thread has already  terminated  (typi‐
423              cally by calling pthread_exit(3)).
424
425              Programs  that  take  a filename as a command-line argument, but
426              don't take input from standard input if no argument is supplied,
427              and  programs that write to a file named as a command-line argu‐
428              ment, but don't send their output to standard output if no argu‐
429              ment is supplied, can nevertheless be made to use standard input
430              or standard output by using /proc/[pid]/fd files as command-line
431              arguments.   For example, assuming that -i is the flag designat‐
432              ing an input file and -o is the flag designating an output file:
433
434                  $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
435
436              and you have a working filter.
437
438              /proc/self/fd/N is approximately the same as /dev/fd/N  in  some
439              UNIX and UNIX-like systems.  Most Linux MAKEDEV scripts symboli‐
440              cally link /dev/fd to /proc/self/fd, in fact.
441
442              Most systems provide symbolic links /dev/stdin, /dev/stdout, and
443              /dev/stderr, which respectively link to the files 0, 1, and 2 in
444              /proc/self/fd.  Thus the example command above could be  written
445              as:
446
447                  $ foobar -i /dev/stdin -o /dev/stdout ...
448
449              Permission  to  dereference  or  read (readlink(2)) the symbolic
450              links in this directory is governed  by  a  ptrace  access  mode
451              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
452
453              Note  that  for  file descriptors referring to inodes (pipes and
454              sockets, see above), those inodes still have permission bits and
455              ownership  information distinct from those of the /proc/[pid]/fd
456              entry, and that the owner may differ from the user and group IDs
457              of the process.  An unprivileged process may lack permissions to
458              open them, as in this example:
459
460                  $ echo test | sudo -u nobody cat
461                  test
462                  $ echo test | sudo -u nobody cat /proc/self/fd/0
463                  cat: /proc/self/fd/0: Permission denied
464
465              File descriptor 0 refers to the pipe created by  the  shell  and
466              owned by that shell's user, which is not nobody, so cat does not
467              have permission to create a new file  descriptor  to  read  from
468              that inode, even though it can still read from its existing file
469              descriptor 0.
470
471       /proc/[pid]/fdinfo/ (since Linux 2.6.22)
472              This is a subdirectory containing one entry for each file  which
473              the  process  has open, named by its file descriptor.  The files
474              in this directory are readable only by the owner of the process.
475              The  contents  of  each  file  can be read to obtain information
476              about the corresponding file descriptor.  The content depends on
477              the  type of file referred to by the corresponding file descrip‐
478              tor.
479
480              For regular files and directories, we see something like:
481
482                  $ cat /proc/12015/fdinfo/4
483                  pos:    1000
484                  flags:  01002002
485                  mnt_id: 21
486
487              The fields are as follows:
488
489              pos    This is a decimal number showing the file offset.
490
491              flags  This is an octal number that  displays  the  file  access
492                     mode  and file status flags (see open(2)).  If the close-
493                     on-exec file descriptor flag is set, then flags will also
494                     include the value O_CLOEXEC.
495
496                     Before  Linux  3.1,  this field incorrectly displayed the
497                     setting of O_CLOEXEC at the time  the  file  was  opened,
498                     rather  than  the  current  setting  of the close-on-exec
499                     flag.
500
501              mnt_id This field, present since Linux 3.15, is the  ID  of  the
502                     mount point containing this file.  See the description of
503                     /proc/[pid]/mountinfo.
504
505              For eventfd file descriptors (see  eventfd(2)),  we  see  (since
506              Linux 3.8) the following fields:
507
508                  pos: 0
509                  flags:    02
510                  mnt_id:   10
511                  eventfd-count:               40
512
513              eventfd-count  is  the  current value of the eventfd counter, in
514              hexadecimal.
515
516              For epoll file descriptors (see epoll(7)), we see  (since  Linux
517              3.8) the following fields:
518
519                  pos: 0
520                  flags:    02
521                  mnt_id:   10
522                  tfd:        9 events:       19 data: 74253d2500000009
523                  tfd:        7 events:       19 data: 74253d2500000007
524
525              Each  of  the  lines  beginning  tfd  describes  one of the file
526              descriptors being monitored via the epoll file  descriptor  (see
527              epoll_ctl(2)  for some details).  The tfd field is the number of
528              the file descriptor.  The events field is a hexadecimal mask  of
529              the  events  being monitored for this file descriptor.  The data
530              field is the data value associated with this file descriptor.
531
532              For signalfd file descriptors (see signalfd(2)), we  see  (since
533              Linux 3.8) the following fields:
534
535                  pos: 0
536                  flags:    02
537                  mnt_id:   10
538                  sigmask:  0000000000000006
539
540              sigmask is the hexadecimal mask of signals that are accepted via
541              this signalfd file descriptor.  (In this example, bits 2  and  3
542              are  set,  corresponding  to the signals SIGINT and SIGQUIT; see
543              signal(7).)
544
545              For inotify file descriptors (see  inotify(7)),  we  see  (since
546              Linux 3.8) the following fields:
547
548                  pos: 0
549                  flags:    00
550                  mnt_id:   11
551                  inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
552                  inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
553
554              Each  of the lines beginning with "inotify" displays information
555              about one file or directory that is being monitored.  The fields
556              in this line are as follows:
557
558              wd     A watch descriptor number (in decimal).
559
560              ino    The inode number of the target file (in hexadecimal).
561
562              sdev   The  ID  of  the device where the target file resides (in
563                     hexadecimal).
564
565              mask   The mask of events being monitored for  the  target  file
566                     (in hexadecimal).
567
568              If  the  kernel was built with exportfs support, the path to the
569              target file is exposed as a file handle, via  three  hexadecimal
570              fields: fhandle-bytes, fhandle-type, and f_handle.
571
572              For  fanotify  file descriptors (see fanotify(7)), we see (since
573              Linux 3.8) the following fields:
574
575                  pos: 0
576                  flags:    02
577                  mnt_id:   11
578                  fanotify flags:0 event-flags:88002
579                  fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
580
581              The fourth line displays information defined when  the  fanotify
582              group was created via fanotify_init(2):
583
584              flags  The  flags  argument given to fanotify_init(2) (expressed
585                     in hexadecimal).
586
587              event-flags
588                     The  event_f_flags  argument  given  to  fanotify_init(2)
589                     (expressed in hexadecimal).
590
591              Each  additional  line  shown  in  the file contains information
592              about one of the marks in the fanotify  group.   Most  of  these
593              fields are as for inotify, except:
594
595              mflags The flags associated with the mark (expressed in hexadec‐
596                     imal).
597
598              mask   The events mask for this mark (expressed in hexadecimal).
599
600              ignored_mask
601                     The mask  of  events  that  are  ignored  for  this  mark
602                     (expressed in hexadecimal).
603
604              For details on these fields, see fanotify_mark(2).
605
606              For  timerfd  file  descriptors  (see timerfd(2)), we see (since
607              Linux 3.17) the following fields:
608
609                  pos:    0
610                  flags:  02004002
611                  mnt_id: 13
612                  clockid: 0
613                  ticks: 0
614                  settime flags: 03
615                  it_value: (7695568592, 640020877)
616                  it_interval: (0, 0)
617
618              clockid
619                     This is the numeric value of the clock ID  (corresponding
620                     to  one  of  the  CLOCK_* constants defined via <time.h>)
621                     that is used to mark the progress of the timer  (in  this
622                     example, 0 is CLOCK_REALTIME).
623
624              ticks  This  is  the  number  of  timer  expirations  that  have
625                     occurred, (i.e., the  value  that  read(2)  on  it  would
626                     return).
627
628              settime flags
629                     This  field  lists  the  flags with which the timerfd was
630                     last armed (see timerfd_settime(2)), in  octal  (in  this
631                     example,   both   TFD_TIMER_ABSTIME   and  TFD_TIMER_CAN‐
632                     CEL_ON_SET are set).
633
634              it_value
635                     This field contains the amount of time  until  the  timer
636                     will  next  expire, expressed in seconds and nanoseconds.
637                     This is always expressed as a relative value,  regardless
638                     of    whether   the   timer   was   created   using   the
639                     TFD_TIMER_ABSTIME flag.
640
641              it_interval
642                     This field contains the interval of the timer, in seconds
643                     and  nanoseconds.   (The  it_value and it_interval fields
644                     contain the values that timerfd_gettime(2) on  this  file
645                     descriptor would return.)
646
647       /proc/[pid]/gid_map (since Linux 3.5)
648              See user_namespaces(7).
649
650       /proc/[pid]/io (since kernel 2.6.20)
651              This file contains I/O statistics for the process, for example:
652
653                  # cat /proc/3828/io
654                  rchar: 323934931
655                  wchar: 323929600
656                  syscr: 632687
657                  syscw: 632675
658                  read_bytes: 0
659                  write_bytes: 323932160
660                  cancelled_write_bytes: 0
661
662              The fields are as follows:
663
664              rchar: characters read
665                     The number of bytes which this task has caused to be read
666                     from storage.  This is simply the sum of bytes which this
667                     process  passed  to read(2) and similar system calls.  It
668                     includes things such as terminal I/O and is unaffected by
669                     whether or not actual physical disk I/O was required (the
670                     read might have been satisfied from pagecache).
671
672              wchar: characters written
673                     The number of bytes which this task has caused, or  shall
674                     cause  to be written to disk.  Similar caveats apply here
675                     as with rchar.
676
677              syscr: read syscalls
678                     Attempt to count the number of read  I/O  operations—that
679                     is, system calls such as read(2) and pread(2).
680
681              syscw: write syscalls
682                     Attempt  to count the number of write I/O operations—that
683                     is, system calls such as write(2) and pwrite(2).
684
685              read_bytes: bytes read
686                     Attempt to count the number of bytes which  this  process
687                     really  did  cause  to be fetched from the storage layer.
688                     This is accurate for block-backed filesystems.
689
690              write_bytes: bytes written
691                     Attempt to count the number of bytes which  this  process
692                     caused to be sent to the storage layer.
693
694              cancelled_write_bytes:
695                     The big inaccuracy here is truncate.  If a process writes
696                     1MB to a file and then deletes the file, it will in  fact
697                     perform  no writeout.  But it will have been accounted as
698                     having caused 1MB of write.  In other words:  this  field
699                     represents  the number of bytes which this process caused
700                     to not happen, by truncating pagecache.  A task can cause
701                     "negative"  I/O  too.   If this task truncates some dirty
702                     pagecache, some I/O which another task has been accounted
703                     for (in its write_bytes) will not be happening.
704
705              Note:  In  the  current implementation, things are a bit racy on
706              32-bit systems: if process A reads  process  B's  /proc/[pid]/io
707              while  process  B  is  updating  one  of  these 64-bit counters,
708              process A could see an intermediate result.
709
710              Permission to access this file is governed by  a  ptrace  access
711              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
712
713       /proc/[pid]/limits (since Linux 2.6.24)
714              This file displays the soft limit, hard limit, and units of mea‐
715              surement for each of the process's resource  limits  (see  getr‐
716              limit(2)).   Up to and including Linux 2.6.35, this file is pro‐
717              tected to allow reading only by the real  UID  of  the  process.
718              Since  Linux  2.6.36,  this file is readable by all users on the
719              system.
720
721       /proc/[pid]/map_files/ (since kernel 3.3)
722              This subdirectory  contains  entries  corresponding  to  memory-
723              mapped  files (see mmap(2)).  Entries are named by memory region
724              start and end address pair (expressed as  hexadecimal  numbers),
725              and  are symbolic links to the mapped files themselves.  Here is
726              an example, with the output wrapped and reformatted to fit on an
727              80-column display:
728
729                  # ls -l /proc/self/map_files/
730                  lr--------. 1 root root 64 Apr 16 21:31
731                              3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
732                  ...
733
734              Although  these entries are present for memory regions that were
735              mapped with the MAP_FILE flag, the way anonymous  shared  memory
736              (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
737              mented in Linux means that such  regions  also  appear  on  this
738              directory.   Here  is  an  example  where the target file is the
739              deleted /dev/zero one:
740
741                  lrw-------. 1 root root 64 Apr 16 21:33
742                              7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
743
744              This directory appears  only  if  the  CONFIG_CHECKPOINT_RESTORE
745              kernel    configuration    option    is    enabled.    Privilege
746              (CAP_SYS_ADMIN) is required to view the contents of this  direc‐
747              tory.
748
749       /proc/[pid]/maps
750              A  file containing the currently mapped memory regions and their
751              access permissions.  See mmap(2) for  some  further  information
752              about memory mappings.
753
754              Permission  to  access  this file is governed by a ptrace access
755              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
756
757              The format of the file is:
758
759    address           perms offset  dev   inode       pathname
760    00400000-00452000 r-xp 00000000 08:02 173521      /usr/bin/dbus-daemon
761    00651000-00652000 r--p 00051000 08:02 173521      /usr/bin/dbus-daemon
762    00652000-00655000 rw-p 00052000 08:02 173521      /usr/bin/dbus-daemon
763    00e03000-00e24000 rw-p 00000000 00:00 0           [heap]
764    00e24000-011f7000 rw-p 00000000 00:00 0           [heap]
765    ...
766    35b1800000-35b1820000 r-xp 00000000 08:02 135522  /usr/lib64/ld-2.15.so
767    35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522  /usr/lib64/ld-2.15.so
768    35b1a20000-35b1a21000 rw-p 00020000 08:02 135522  /usr/lib64/ld-2.15.so
769    35b1a21000-35b1a22000 rw-p 00000000 00:00 0
770    35b1c00000-35b1dac000 r-xp 00000000 08:02 135870  /usr/lib64/libc-2.15.so
771    35b1dac000-35b1fac000 ---p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
772    35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
773    35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870  /usr/lib64/libc-2.15.so
774    ...
775    f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0    [stack:986]
776    ...
777    7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0   [stack]
778    7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0   [vdso]
779
780              The address field is the address space in the process  that  the
781              mapping occupies.  The perms field is a set of permissions:
782
783                  r = read
784                  w = write
785                  x = execute
786                  s = shared
787                  p = private (copy on write)
788
789              The  offset  field  is the offset into the file/whatever; dev is
790              the device (major:minor); inode is the inode on that device.   0
791              indicates that no inode is associated with the memory region, as
792              would be the case with BSS (uninitialized data).
793
794              The pathname field will usually be the file that is backing  the
795              mapping.  For ELF files, you can easily coordinate with the off‐
796              set field by looking at the Offset  field  in  the  ELF  program
797              headers (readelf -l).
798
799              There are additional helpful pseudo-paths:
800
801                   [stack]
802                          The  initial  process's  (also  known  as  the  main
803                          thread's) stack.
804
805                   [stack:<tid>] (from Linux 3.4 to 4.4)
806                          A thread's stack (where the <tid> is a  thread  ID).
807                          It  corresponds to the /proc/[pid]/task/[tid]/ path.
808                          This field was removed in Linux 4.5, since providing
809                          this information for a process with large numbers of
810                          threads is expensive.
811
812                   [vdso] The virtual dynamically linked shared  object.   See
813                          vdso(7).
814
815                   [heap] The process's heap.
816
817              If  the pathname field is blank, this is an anonymous mapping as
818              obtained via mmap(2).  There is no easy way to  coordinate  this
819              back  to a process's source, short of running it through gdb(1),
820              strace(1), or similar.
821
822              pathname is shown unescaped except for newline characters, which
823              are  replaced with an octal escape sequence.  As a result, it is
824              not possible to determine whether  the  original  pathname  con‐
825              tained  a  newline  character  or  the  literal  \e012 character
826              sequence.
827
828              If the mapping is file-backed and the file has been deleted, the
829              string " (deleted)" is appended to the pathname.  Note that this
830              is ambiguous too.
831
832              Under Linux 2.0, there is no field giving pathname.
833
834       /proc/[pid]/mem
835              This file can be used to access the pages of a process's  memory
836              through open(2), read(2), and lseek(2).
837
838              Permission  to  access  this file is governed by a ptrace access
839              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
840
841       /proc/[pid]/mountinfo (since Linux 2.6.26)
842              This  file  contains  information  about  mount  points  in  the
843              process's  mount  namespace  (see mount_namespaces(7)).  It sup‐
844              plies various information  (e.g.,  propagation  state,  root  of
845              mount for bind mounts, identifier for each mount and its parent)
846              that is missing from the (older)  /proc/[pid]/mounts  file,  and
847              fixes  various  other problems with that file (e.g., nonextensi‐
848              bility, failure to distinguish per-mount  versus  per-superblock
849              options).
850
851              The file contains lines of the form:
852
85336 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
854(1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
855
856              The  numbers  in  parentheses  are  labels  for the descriptions
857              below:
858
859              (1)  mount ID: a unique ID for the mount (may  be  reused  after
860                   umount(2)).
861
862              (2)  parent  ID:  the ID of the parent mount (or of self for the
863                   root of this mount namespace's mount tree).
864
865                   If a new mount is stacked on top  of  a  previous  existing
866                   mount  (so that it hides the existing mount) at pathname P,
867                   then the parent of the new mount is the previous  mount  at
868                   that  location.   Thus,  when  looking  at  all  the mounts
869                   stacked at a particular location, the top-most mount is the
870                   one  that  is not the parent of any other mount at the same
871                   location.  (Note, however, that this top-most mount will be
872                   accessible  only if the longest path subprefix of P that is
873                   a mount point is not itself hidden by a stacked mount.)
874
875                   If the parent mount point lies outside the  process's  root
876                   directory  (see  chroot(2)), the ID shown here won't have a
877                   corresponding record in mountinfo whose mount ID (field  1)
878                   matches this parent mount ID (because mount points that lie
879                   outside the process's  root  directory  are  not  shown  in
880                   mountinfo).  As a special case of this point, the process's
881                   root mount point may have a parent mount (for the initramfs
882                   filesystem) that lies outside the process's root directory,
883                   and an entry for  that  mount  point  will  not  appear  in
884                   mountinfo.
885
886              (3)  major:minor: the value of st_dev for files on this filesys‐
887                   tem (see stat(2)).
888
889              (4)  root: the pathname of the directory in the filesystem which
890                   forms the root of this mount.
891
892              (5)  mount  point:  the  pathname of the mount point relative to
893                   the process's root directory.
894
895              (6)  mount options: per-mount options (see mount(2)).
896
897              (7)  optional  fields:  zero  or  more  fields   of   the   form
898                   "tag[:value]"; see below.
899
900              (8)  separator:  the  end  of the optional fields is marked by a
901                   single hyphen.
902
903              (9)  filesystem  type:  the  filesystem   type   in   the   form
904                   "type[.subtype]".
905
906              (10) mount source: filesystem-specific information or "none".
907
908              (11) super options: per-superblock options (see mount(2)).
909
910              Currently,  the  possible  optional  fields  are shared, master,
911              propagate_from, and unbindable.  See mount_namespaces(7)  for  a
912              description of these fields.  Parsers should ignore all unrecog‐
913              nized optional fields.
914
915              For  more  information  on  mount  propagation  see:  Documenta‐
916              tion/filesystems/sharedsubtree.txt  in  the  Linux kernel source
917              tree.
918
919       /proc/[pid]/mounts (since Linux 2.4.19)
920              This file lists all the filesystems  currently  mounted  in  the
921              process's mount namespace (see mount_namespaces(7)).  The format
922              of this file is documented in fstab(5).
923
924              Since kernel version 2.6.15, this file is pollable: after  open‐
925              ing  the  file  for  reading,  a  change  in  this file (i.e., a
926              filesystem mount or unmount) causes select(2) to mark  the  file
927              descriptor  as  having an exceptional condition, and poll(2) and
928              epoll_wait(2) mark the file as having a  priority  event  (POLL‐
929              PRI).  (Before Linux 2.6.30, a change in this file was indicated
930              by the file descriptor being marked as readable  for  select(2),
931              and  being  marked  as having an error condition for poll(2) and
932              epoll_wait(2).)
933
934       /proc/[pid]/mountstats (since Linux 2.6.17)
935              This file exports information (statistics, configuration  infor‐
936              mation)  about the mount points in the process's mount namespace
937              (see mount_namespaces(7)).  Lines in this file have the form:
938
939                  device /dev/sda7 mounted on /home with fstype ext3 [statistics]
940                  (       1      )            ( 2 )             (3 ) (4)
941
942              The fields in each line are:
943
944              (1)  The name of the mounted device (or "nodevice" if  there  is
945                   no corresponding device).
946
947              (2)  The mount point within the filesystem tree.
948
949              (3)  The filesystem type.
950
951              (4)  Optional  statistics  and  configuration information.  Cur‐
952                   rently (as at Linux 2.6.26), only  NFS  filesystems  export
953                   information via this field.
954
955              This file is readable only by the owner of the process.
956
957       /proc/[pid]/net (since Linux 2.6.25)
958              See the description of /proc/net.
959
960       /proc/[pid]/ns/ (since Linux 3.0)
961              This  is  a subdirectory containing one entry for each namespace
962              that supports being manipulated by setns(2).  For more  informa‐
963              tion, see namespaces(7).
964
965       /proc/[pid]/numa_maps (since Linux 2.6.14)
966              See numa(7).
967
968       /proc/[pid]/oom_adj (since Linux 2.6.11)
969              This  file  can be used to adjust the score used to select which
970              process should be killed in an  out-of-memory  (OOM)  situation.
971              The  kernel  uses  this  value  for a bit-shift operation of the
972              process's oom_score value: valid values are in the range -16  to
973              +15,  plus  the  special  value  -17, which disables OOM-killing
974              altogether for this process.  A  positive  score  increases  the
975              likelihood  of  this  process  being killed by the OOM-killer; a
976              negative score decreases the likelihood.
977
978              The default value for this file is 0; a new process inherits its
979              parent's   oom_adj   setting.   A  process  must  be  privileged
980              (CAP_SYS_RESOURCE) to update this file.
981
982              Since Linux 2.6.36, use of this file is deprecated in  favor  of
983              /proc/[pid]/oom_score_adj.
984
985       /proc/[pid]/oom_score (since Linux 2.6.11)
986              This  file  displays  the current score that the kernel gives to
987              this process for the purpose of selecting a process for the OOM-
988              killer.  A higher score means that the process is more likely to
989              be selected by the OOM-killer.  The basis for this score is  the
990              amount  of  memory  used  by  the process, with increases (+) or
991              decreases (-) for factors including:
992
993              * whether the process is privileged (-).
994
995              Before kernel 2.6.36 the following factors were also used in the
996              calculation of oom_score:
997
998              * whether  the  process  creates a lot of children using fork(2)
999                (+);
1000
1001              * whether the process has been running a long time, or has  used
1002                a lot of CPU time (-);
1003
1004              * whether the process has a low nice value (i.e., > 0) (+); and
1005
1006              * whether the process is making direct hardware access (-).
1007
1008              The  oom_score  also  reflects  the  adjustment specified by the
1009              oom_score_adj or oom_adj setting for the process.
1010
1011       /proc/[pid]/oom_score_adj (since Linux 2.6.36)
1012              This file can be used to adjust the badness  heuristic  used  to
1013              select which process gets killed in out-of-memory conditions.
1014
1015              The  badness  heuristic  assigns  a value to each candidate task
1016              ranging from 0 (never kill) to 1000 (always kill)  to  determine
1017              which  process  is targeted.  The units are roughly a proportion
1018              along that range of allowed  memory  the  process  may  allocate
1019              from, based on an estimation of its current memory and swap use.
1020              For example, if a task is using all allowed memory, its  badness
1021              score  will be 1000.  If it is using half of its allowed memory,
1022              its score will be 500.
1023
1024              There is an additional factor included  in  the  badness  score:
1025              root processes are given 3% extra memory over other tasks.
1026
1027              The  amount  of "allowed" memory depends on the context in which
1028              the OOM-killer was called.  If it is due to the memory  assigned
1029              to  the  allocating  task's  cpuset being exhausted, the allowed
1030              memory represents the set of mems assigned to that  cpuset  (see
1031              cpuset(7)).   If  it  is  due  to  a  mempolicy's  node(s) being
1032              exhausted, the allowed memory represents the  set  of  mempolicy
1033              nodes.   If  it  is  due to a memory limit (or swap limit) being
1034              reached, the allowed memory is that configured limit.   Finally,
1035              if  it  is  due  to  the  entire system being out of memory, the
1036              allowed memory represents all allocatable resources.
1037
1038              The value of oom_score_adj is added to the badness score  before
1039              it  is  used to determine which task to kill.  Acceptable values
1040              range    from     -1000     (OOM_SCORE_ADJ_MIN)     to     +1000
1041              (OOM_SCORE_ADJ_MAX).   This  allows  user  space  to control the
1042              preference for OOM-killing, ranging  from  always  preferring  a
1043              certain  task  or completely disabling it from OOM killing.  The
1044              lowest possible value, -1000, is equivalent  to  disabling  OOM-
1045              killing  entirely  for  that task, since it will always report a
1046              badness score of 0.
1047
1048              Consequently, it is very simple for user  space  to  define  the
1049              amount  of  memory  to  consider  for  each  task.   Setting  an
1050              oom_score_adj value of +500, for example, is roughly  equivalent
1051              to  allowing  the  remainder  of  tasks sharing the same system,
1052              cpuset, mempolicy, or memory  controller  resources  to  use  at
1053              least  50%  more  memory.   A  value of -500, on the other hand,
1054              would be roughly equivalent to discounting  50%  of  the  task's
1055              allowed  memory  from  being  considered  as scoring against the
1056              task.
1057
1058              For    backward    compatibility    with    previous    kernels,
1059              /proc/[pid]/oom_adj can still be used to tune the badness score.
1060              Its value is scaled linearly with oom_score_adj.
1061
1062              Writing to /proc/[pid]/oom_score_adj or /proc/[pid]/oom_adj will
1063              change the other with its scaled value.
1064
1065              The  choom(1)  program  provides  a  command-line  interface for
1066              adjusting the oom_score_adj value of  a  running  process  or  a
1067              newly executed command.
1068
1069       /proc/[pid]/pagemap (since Linux 2.6.25)
1070              This  file  shows  the  mapping of each of the process's virtual
1071              pages into physical page frames or swap area.  It  contains  one
1072              64-bit  value  for  each virtual page, with the bits set as fol‐
1073              lows:
1074
1075                   63     If set, the page is present in RAM.
1076
1077                   62     If set, the page is in swap space
1078
1079                   61 (since Linux 3.5)
1080                          The page is a file-mapped page or a shared anonymous
1081                          page.
1082
1083                   60–57 (since Linux 3.11)
1084                          Zero
1085
1086                   56 (since Linux 4.2)
1087                          The page is exclusively mapped.
1088
1089                   55 (since Linux 3.11)
1090                          PTE  is soft-dirty (see the kernel source file Docu‐
1091                          mentation/admin-guide/mm/soft-dirty.rst).
1092
1093                   54–0   If the page is present in RAM (bit 63),  then  these
1094                          bits  provide  the  page  frame number, which can be
1095                          used to index /proc/kpageflags and /proc/kpagecount.
1096                          If  the  page is present in swap (bit 62), then bits
1097                          4–0 give the swap type, and  bits  54–5  encode  the
1098                          swap offset.
1099
1100              Before Linux 3.11, bits 60–55 were used to encode the base-2 log
1101              of the page size.
1102
1103              To employ /proc/[pid]/pagemap efficiently, use  /proc/[pid]/maps
1104              to  determine which areas of memory are actually mapped and seek
1105              to skip over unmapped regions.
1106
1107              The  /proc/[pid]/pagemap  file  is  present  only  if  the  CON‐
1108              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1109
1110              Permission  to  access  this file is governed by a ptrace access
1111              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1112
1113       /proc/[pid]/personality (since Linux 2.6.28)
1114              This read-only file exposes the process's execution  domain,  as
1115              set  by  personality(2).   The value is displayed in hexadecimal
1116              notation.
1117
1118              Permission to access this file is governed by  a  ptrace  access
1119              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1120
1121       /proc/[pid]/root
1122              UNIX  and  Linux  support  the idea of a per-process root of the
1123              filesystem, set by the chroot(2) system call.  This  file  is  a
1124              symbolic  link  that points to the process's root directory, and
1125              behaves in the same way as exe, and fd/*.
1126
1127              Note however that this file is not merely a symbolic  link.   It
1128              provides  the  same view of the filesystem (including namespaces
1129              and the set of per-process mounts) as the  process  itself.   An
1130              example  illustrates  this  point.   In one terminal, we start a
1131              shell in new user and mount namespaces, and  in  that  shell  we
1132              create some new mount points:
1133
1134                  $ PS1='sh1# ' unshare -Urnm
1135                  sh1# mount -t tmpfs tmpfs /etc  # Mount empty tmpfs at /etc
1136                  sh1# mount --bind /usr /dev     # Mount /usr at /dev
1137                  sh1# echo $$
1138                  27123
1139
1140              In  a second terminal window, in the initial mount namespace, we
1141              look at the contents of the corresponding mounts in the  initial
1142              and new namespaces:
1143
1144                  $ PS1='sh2# ' sudo sh
1145                  sh2# ls /etc | wc -l                  # In initial NS
1146                  309
1147                  sh2# ls /proc/27123/root/etc | wc -l  # /etc in other NS
1148                  0                                     # The empty tmpfs dir
1149                  sh2# ls /dev | wc -l                  # In initial NS
1150                  205
1151                  sh2# ls /proc/27123/root/dev | wc -l  # /dev in other NS
1152                  11                                    # Actually bind
1153                                                        # mounted to /usr
1154                  sh2# ls /usr | wc -l                  # /usr in initial NS
1155                  11
1156
1157              In a multithreaded process, the contents of the /proc/[pid]/root
1158              symbolic link are not available if the main thread  has  already
1159              terminated (typically by calling pthread_exit(3)).
1160
1161              Permission  to  dereference  or read (readlink(2)) this symbolic
1162              link    is    governed    by    a     ptrace     access     mode
1163              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1164
1165       /proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)
1166              This  file  can  be used to read and change the process's secure
1167              computing (seccomp) mode setting.  It contains the  value  0  if
1168              the  process  is not in seccomp mode, and 1 if the process is in
1169              strict seccomp mode (see seccomp(2)).  Writing 1  to  this  file
1170              places  the  process irreversibly in strict seccomp mode.  (Fur‐
1171              ther attempts to write to the file fail with the EPERM error.)
1172
1173              In Linux 2.6.23, this file went away,  to  be  replaced  by  the
1174              prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
1175              by seccomp(2) and the Seccomp field in /proc/[pid]/status).
1176
1177       /proc/[pid]/setgroups (since Linux 3.19)
1178              See user_namespaces(7).
1179
1180       /proc/[pid]/smaps (since Linux 2.6.14)
1181              This file shows memory consumption for  each  of  the  process's
1182              mappings.  (The pmap(1) command displays similar information, in
1183              a form that may be easier for parsing.)  For each mapping  there
1184              is a series of lines such as the following:
1185
1186                  00400000-0048a000 r-xp 00000000 fd:03 960637       /bin/bash
1187                  Size:                552 kB
1188                  Rss:                 460 kB
1189                  Pss:                 100 kB
1190                  Shared_Clean:        452 kB
1191                  Shared_Dirty:          0 kB
1192                  Private_Clean:         8 kB
1193                  Private_Dirty:         0 kB
1194                  Referenced:          460 kB
1195                  Anonymous:             0 kB
1196                  AnonHugePages:         0 kB
1197                  ShmemHugePages:        0 kB
1198                  ShmemPmdMapped:        0 kB
1199                  Swap:                  0 kB
1200                  KernelPageSize:        4 kB
1201                  MMUPageSize:           4 kB
1202                  KernelPageSize:        4 kB
1203                  MMUPageSize:           4 kB
1204                  Locked:                0 kB
1205                  ProtectionKey:         0
1206                  VmFlags: rd ex mr mw me dw
1207
1208              The  first  of these lines shows the same information as is dis‐
1209              played for the mapping in /proc/[pid]/maps.  The following lines
1210              show  the size of the mapping, the amount of the mapping that is
1211              currently resident in RAM ("Rss"),  the  process's  proportional
1212              share  of  this  mapping  ("Pss"), the number of clean and dirty
1213              shared pages in the mapping, and the number of clean  and  dirty
1214              private pages in the mapping.  "Referenced" indicates the amount
1215              of memory currently marked as referenced or  accessed.   "Anony‐
1216              mous"  shows  the  amount  of memory that does not belong to any
1217              file.  "Swap" shows how much would-be-anonymous memory  is  also
1218              used, but out on swap.
1219
1220              The  "KernelPageSize" line (available since Linux 2.6.29) is the
1221              page size used by the kernel to back the  virtual  memory  area.
1222              This  matches the size used by the MMU in the majority of cases.
1223              However, one counter-example occurs on PPC64 kernels  whereby  a
1224              kernel  using  64kB  as a base page size may still use 4kB pages
1225              for the  MMU  on  older  processors.   To  distinguish  the  two
1226              attributes,  the  "MMUPageSize" line (also available since Linux
1227              2.6.29) reports the page size used by the MMU.
1228
1229              The "Locked" indicates whether the mapping is locked  in  memory
1230              or not.
1231
1232              The  "ProtectionKey"  line  (available  since  Linux 4.9, on x86
1233              only) contains the memory protection key (see pkeys(7))  associ‐
1234              ated  with  the virtual memory area.  This entry is present only
1235              if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1236              TION_KEYS configuration option.
1237
1238              The  "VmFlags"  line  (available since Linux 3.8) represents the
1239              kernel flags associated with the virtual  memory  area,  encoded
1240              using the following two-letter codes:
1241
1242                  rd  - readable
1243                  wr  - writable
1244                  ex  - executable
1245                  sh  - shared
1246                  mr  - may read
1247                  mw  - may write
1248                  me  - may execute
1249                  ms  - may share
1250                  gd  - stack segment grows down
1251                  pf  - pure PFN range
1252                  dw  - disabled write to the mapped file
1253                  lo  - pages are locked in memory
1254                  io  - memory mapped I/O area
1255                  sr  - sequential read advise provided
1256                  rr  - random read advise provided
1257                  dc  - do not copy area on fork
1258                  de  - do not expand area on remapping
1259                  ac  - area is accountable
1260                  nr  - swap space is not reserved for the area
1261                  ht  - area uses huge tlb pages
1262                  nl  - non-linear mapping
1263                  ar  - architecture specific flag
1264                  dd  - do not include area into core dump
1265                  sd  - soft-dirty flag
1266                  mm  - mixed map area
1267                  hg  - huge page advise flag
1268                  nh  - no-huge page advise flag
1269                  mg  - mergeable advise flag
1270
1271              "ProtectionKey"  field  contains  the memory protection key (see
1272              pkeys(5)) associated with the virtual memory area.  Present only
1273              if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1274              TION_KEYS configuration option. (since Linux 4.6)
1275
1276              The  /proc/[pid]/smaps  file  is  present  only  if   the   CON‐
1277              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1278
1279       /proc/[pid]/stack (since Linux 2.6.29)
1280              This  file  provides  a  symbolic trace of the function calls in
1281              this process's kernel stack.  This file is provided only if  the
1282              kernel   was  built  with  the  CONFIG_STACKTRACE  configuration
1283              option.
1284
1285              Permission to access this file is governed by  a  ptrace  access
1286              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1287
1288       /proc/[pid]/stat
1289              Status  information  about  the process.  This is used by ps(1).
1290              It is defined in the kernel source file fs/proc/array.c.
1291
1292              The fields, in order, with their proper scanf(3)  format  speci‐
1293              fiers, are listed below.  Whether or not certain of these fields
1294              display valid information is governed by a  ptrace  access  mode
1295              PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT  check  (refer to
1296              ptrace(2)).  If the check denies access, then the field value is
1297              displayed  as  0.   The  affected  fields are indicated with the
1298              marking [PT].
1299
1300              (1) pid  %d
1301                        The process ID.
1302
1303              (2) comm  %s
1304                        The filename of the executable, in parentheses.   This
1305                        is  visible  whether  or not the executable is swapped
1306                        out.
1307
1308              (3) state  %c
1309                        One of the following  characters,  indicating  process
1310                        state:
1311
1312                        R  Running
1313
1314                        S  Sleeping in an interruptible wait
1315
1316                        D  Waiting in uninterruptible disk sleep
1317
1318                        Z  Zombie
1319
1320                        T  Stopped  (on  a  signal)  or  (before Linux 2.6.33)
1321                           trace stopped
1322
1323                        t  Tracing stop (Linux 2.6.33 onward)
1324
1325                        W  Paging (only before Linux 2.6.0)
1326
1327                        X  Dead (from Linux 2.6.0 onward)
1328
1329                        x  Dead (Linux 2.6.33 to 3.13 only)
1330
1331                        K  Wakekill (Linux 2.6.33 to 3.13 only)
1332
1333                        W  Waking (Linux 2.6.33 to 3.13 only)
1334
1335                        P  Parked (Linux 3.9 to 3.13 only)
1336
1337              (4) ppid  %d
1338                        The PID of the parent of this process.
1339
1340              (5) pgrp  %d
1341                        The process group ID of the process.
1342
1343              (6) session  %d
1344                        The session ID of the process.
1345
1346              (7) tty_nr  %d
1347                        The controlling terminal of the process.   (The  minor
1348                        device  number is contained in the combination of bits
1349                        31 to 20 and 7 to 0; the major  device  number  is  in
1350                        bits 15 to 8.)
1351
1352              (8) tpgid  %d
1353                        The ID of the foreground process group of the control‐
1354                        ling terminal of the process.
1355
1356              (9) flags  %u
1357                        The kernel flags word of the process.  For  bit  mean‐
1358                        ings,  see the PF_* defines in the Linux kernel source
1359                        file include/linux/sched.h.   Details  depend  on  the
1360                        kernel version.
1361
1362                        The format for this field was %lu before Linux 2.6.
1363
1364              (10) minflt  %lu
1365                        The  number of minor faults the process has made which
1366                        have not required loading a memory page from disk.
1367
1368              (11) cminflt  %lu
1369                        The number of minor faults that the process's  waited-
1370                        for children have made.
1371
1372              (12) majflt  %lu
1373                        The  number of major faults the process has made which
1374                        have required loading a memory page from disk.
1375
1376              (13) cmajflt  %lu
1377                        The number of major faults that the process's  waited-
1378                        for children have made.
1379
1380              (14) utime  %lu
1381                        Amount of time that this process has been scheduled in
1382                        user  mode,  measured  in  clock  ticks   (divide   by
1383                        sysconf(_SC_CLK_TCK)).    This  includes  guest  time,
1384                        guest_time (time spent  running  a  virtual  CPU,  see
1385                        below), so that applications that are not aware of the
1386                        guest time field do not lose that time from their cal‐
1387                        culations.
1388
1389              (15) stime  %lu
1390                        Amount of time that this process has been scheduled in
1391                        kernel  mode,  measured  in  clock  ticks  (divide  by
1392                        sysconf(_SC_CLK_TCK)).
1393
1394              (16) cutime  %ld
1395                        Amount of time that this process's waited-for children
1396                        have been scheduled in user mode,  measured  in  clock
1397                        ticks  (divide  by  sysconf(_SC_CLK_TCK)).   (See also
1398                        times(2).)   This  includes  guest  time,  cguest_time
1399                        (time spent running a virtual CPU, see below).
1400
1401              (17) cstime  %ld
1402                        Amount of time that this process's waited-for children
1403                        have been scheduled in kernel mode, measured in  clock
1404                        ticks (divide by sysconf(_SC_CLK_TCK)).
1405
1406              (18) priority  %ld
1407                        (Explanation  for  Linux  2.6) For processes running a
1408                        real-time  scheduling  policy   (policy   below;   see
1409                        sched_setscheduler(2)), this is the negated scheduling
1410                        priority, minus one; that is, a number in the range -2
1411                        to  -100,  corresponding  to real-time priorities 1 to
1412                        99.   For  processes  running  under  a  non-real-time
1413                        scheduling policy, this is the raw nice value (setpri‐
1414                        ority(2)) as represented in the  kernel.   The  kernel
1415                        stores nice values as numbers in the range 0 (high) to
1416                        39 (low), corresponding to the user-visible nice range
1417                        of -20 to 19.
1418
1419                        Before Linux 2.6, this was a scaled value based on the
1420                        scheduler weighting given to this process.
1421
1422              (19) nice  %ld
1423                        The nice value (see setpriority(2)), a  value  in  the
1424                        range 19 (low priority) to -20 (high priority).
1425
1426              (20) num_threads  %ld
1427                        Number  of  threads in this process (since Linux 2.6).
1428                        Before kernel 2.6, this field was hard coded to 0 as a
1429                        placeholder for an earlier removed field.
1430
1431              (21) itrealvalue  %ld
1432                        The time in jiffies before the next SIGALRM is sent to
1433                        the process due to an interval  timer.   Since  kernel
1434                        2.6.17,  this  field  is  no longer maintained, and is
1435                        hard coded as 0.
1436
1437              (22) starttime  %llu
1438                        The time the process started after  system  boot.   In
1439                        kernels  before Linux 2.6, this value was expressed in
1440                        jiffies.  Since Linux 2.6, the value is  expressed  in
1441                        clock ticks (divide by sysconf(_SC_CLK_TCK)).
1442
1443                        The format for this field was %lu before Linux 2.6.
1444
1445              (23) vsize  %lu
1446                        Virtual memory size in bytes.
1447
1448              (24) rss  %ld
1449                        Resident  Set Size: number of pages the process has in
1450                        real memory.  This  is  just  the  pages  which  count
1451                        toward  text,  data,  or  stack  space.  This does not
1452                        include pages which have not been demand-loaded in, or
1453                        which are swapped out.
1454
1455              (25) rsslim  %lu
1456                        Current soft limit in bytes on the rss of the process;
1457                        see the description of RLIMIT_RSS in getrlimit(2).
1458
1459              (26) startcode  %lu  [PT]
1460                        The address above which program text can run.
1461
1462              (27) endcode  %lu  [PT]
1463                        The address below which program text can run.
1464
1465              (28) startstack  %lu  [PT]
1466                        The address of the start (i.e., bottom) of the stack.
1467
1468              (29) kstkesp  %lu  [PT]
1469                        The current value of ESP (stack pointer), as found  in
1470                        the kernel stack page for the process.
1471
1472              (30) kstkeip  %lu  [PT]
1473                        The current EIP (instruction pointer).
1474
1475              (31) signal  %lu
1476                        The  bitmap of pending signals, displayed as a decimal
1477                        number.  Obsolete, because it does not provide  infor‐
1478                        mation  on  real-time  signals; use /proc/[pid]/status
1479                        instead.
1480
1481              (32) blocked  %lu
1482                        The bitmap of blocked signals, displayed as a  decimal
1483                        number.   Obsolete, because it does not provide infor‐
1484                        mation on real-time  signals;  use  /proc/[pid]/status
1485                        instead.
1486
1487              (33) sigignore  %lu
1488                        The  bitmap of ignored signals, displayed as a decimal
1489                        number.  Obsolete, because it does not provide  infor‐
1490                        mation  on  real-time  signals; use /proc/[pid]/status
1491                        instead.
1492
1493              (34) sigcatch  %lu
1494                        The bitmap of caught signals, displayed as  a  decimal
1495                        number.   Obsolete, because it does not provide infor‐
1496                        mation on real-time  signals;  use  /proc/[pid]/status
1497                        instead.
1498
1499              (35) wchan  %lu  [PT]
1500                        This is the "channel" in which the process is waiting.
1501                        It is the address of a location in  the  kernel  where
1502                        the  process  is sleeping.  The corresponding symbolic
1503                        name can be found in /proc/[pid]/wchan.
1504
1505              (36) nswap  %lu
1506                        Number of pages swapped (not maintained).
1507
1508              (37) cnswap  %lu
1509                        Cumulative nswap for child processes (not maintained).
1510
1511              (38) exit_signal  %d  (since Linux 2.1.22)
1512                        Signal to be sent to parent when we die.
1513
1514              (39) processor  %d  (since Linux 2.2.8)
1515                        CPU number last executed on.
1516
1517              (40) rt_priority  %u  (since Linux 2.5.19)
1518                        Real-time scheduling priority, a number in the range 1
1519                        to  99  for processes scheduled under a real-time pol‐
1520                        icy,  or   0,   for   non-real-time   processes   (see
1521                        sched_setscheduler(2)).
1522
1523              (41) policy  %u  (since Linux 2.5.19)
1524                        Scheduling policy (see sched_setscheduler(2)).  Decode
1525                        using the SCHED_* constants in linux/sched.h.
1526
1527                        The format for this field was %lu before Linux 2.6.22.
1528
1529              (42) delayacct_blkio_ticks  %llu  (since Linux 2.6.18)
1530                        Aggregated block I/O delays, measured in  clock  ticks
1531                        (centiseconds).
1532
1533              (43) guest_time  %lu  (since Linux 2.6.24)
1534                        Guest  time  of the process (time spent running a vir‐
1535                        tual CPU for a guest operating  system),  measured  in
1536                        clock ticks (divide by sysconf(_SC_CLK_TCK)).
1537
1538              (44) cguest_time  %ld  (since Linux 2.6.24)
1539                        Guest  time  of  the  process's  children, measured in
1540                        clock ticks (divide by sysconf(_SC_CLK_TCK)).
1541
1542              (45) start_data  %lu  (since Linux 3.3)  [PT]
1543                        Address above which program initialized and uninitial‐
1544                        ized (BSS) data are placed.
1545
1546              (46) end_data  %lu  (since Linux 3.3)  [PT]
1547                        Address below which program initialized and uninitial‐
1548                        ized (BSS) data are placed.
1549
1550              (47) start_brk  %lu  (since Linux 3.3)  [PT]
1551                        Address above which program heap can be expanded  with
1552                        brk(2).
1553
1554              (48) arg_start  %lu  (since Linux 3.5)  [PT]
1555                        Address  above  which  program  command-line arguments
1556                        (argv) are placed.
1557
1558              (49) arg_end  %lu  (since Linux 3.5)  [PT]
1559                        Address below program  command-line  arguments  (argv)
1560                        are placed.
1561
1562              (50) env_start  %lu  (since Linux 3.5)  [PT]
1563                        Address above which program environment is placed.
1564
1565              (51) env_end  %lu  (since Linux 3.5)  [PT]
1566                        Address below which program environment is placed.
1567
1568              (52) exit_code  %d  (since Linux 3.5)  [PT]
1569                        The thread's exit status in the form reported by wait‐
1570                        pid(2).
1571
1572       /proc/[pid]/statm
1573              Provides information about memory usage, measured in pages.  The
1574              columns are:
1575
1576                  size       (1) total program size
1577                             (same as VmSize in /proc/[pid]/status)
1578                  resident   (2) resident set size
1579                             (same as VmRSS in /proc/[pid]/status)
1580                  shared     (3) number of resident shared pages (i.e., backed by a file)
1581                             (same as RssFile+RssShmem in /proc/[pid]/status)
1582                  text       (4) text (code)
1583                  lib        (5) library (unused since Linux 2.6; always 0)
1584                  data       (6) data + stack
1585                  dt         (7) dirty pages (unused since Linux 2.6; always 0)
1586
1587       /proc/[pid]/status
1588              Provides   much  of  the  information  in  /proc/[pid]/stat  and
1589              /proc/[pid]/statm in a format that's easier for humans to parse.
1590              Here's an example:
1591
1592                  $ cat /proc/$$/status
1593                  Name:   bash
1594                  Umask:  0022
1595                  State:  S (sleeping)
1596                  Tgid:   17248
1597                  Ngid:   0
1598                  Pid:    17248
1599                  PPid:   17200
1600                  TracerPid:      0
1601                  Uid:    1000    1000    1000    1000
1602                  Gid:    100     100     100     100
1603                  FDSize: 256
1604                  Groups: 16 33 100
1605                  NStgid: 17248
1606                  NSpid:  17248
1607                  NSpgid: 17248
1608                  NSsid:  17200
1609                  VmPeak:     131168 kB
1610                  VmSize:     131168 kB
1611                  VmLck:           0 kB
1612                  VmPin:           0 kB
1613                  VmHWM:       13484 kB
1614                  VmRSS:       13484 kB
1615                  RssAnon:     10264 kB
1616                  RssFile:      3220 kB
1617                  RssShmem:        0 kB
1618                  VmData:      10332 kB
1619                  VmStk:         136 kB
1620                  VmExe:         992 kB
1621                  VmLib:        2104 kB
1622                  VmPTE:          76 kB
1623                  VmPMD:          12 kB
1624                  VmSwap:          0 kB
1625                  HugetlbPages:          0 kB        # 4.4
1626                  CoreDumping:   0                       # 4.15
1627                  Threads:        1
1628                  SigQ:   0/3067
1629                  SigPnd: 0000000000000000
1630                  ShdPnd: 0000000000000000
1631                  SigBlk: 0000000000010000
1632                  SigIgn: 0000000000384004
1633                  SigCgt: 000000004b813efb
1634                  CapInh: 0000000000000000
1635                  CapPrm: 0000000000000000
1636                  CapEff: 0000000000000000
1637                  CapBnd: ffffffffffffffff
1638                  CapAmb:   0000000000000000
1639                  NoNewPrivs:     0
1640                  Seccomp:        0
1641                  Speculation_Store_Bypass:       vulnerable
1642                  Cpus_allowed:   00000001
1643                  Cpus_allowed_list:      0
1644                  Mems_allowed:   1
1645                  Mems_allowed_list:      0
1646                  voluntary_ctxt_switches:        150
1647                  nonvoluntary_ctxt_switches:     545
1648
1649              The fields are as follows:
1650
1651              * Name: Command run by this process.
1652
1653              * Umask:  Process umask, expressed in octal with a leading zero;
1654                see umask(2).  (Since Linux 4.7.)
1655
1656              * State: Current state of the process.  One of "R (running)", "S
1657                (sleeping)",  "D  (disk  sleep)",  "T  (stopped)", "T (tracing
1658                stop)", "Z (zombie)", or "X (dead)".
1659
1660              * Tgid: Thread group ID (i.e., Process ID).
1661
1662              * Ngid: NUMA group ID (0 if none; since Linux 3.13).
1663
1664              * Pid: Thread ID (see gettid(2)).
1665
1666              * PPid: PID of parent process.
1667
1668              * TracerPid: PID of process tracing this process (0 if not being
1669                traced).
1670
1671              * Uid,  Gid:  Real,  effective,  saved  set, and filesystem UIDs
1672                (GIDs).
1673
1674              * FDSize: Number of file descriptor slots currently allocated.
1675
1676              * Groups: Supplementary group list.
1677
1678              * NStgid: Thread group ID (i.e., PID) in each of the PID  names‐
1679                paces  of  which  [pid] is a member.  The leftmost entry shows
1680                the value with respect to the PID  namespace  of  the  process
1681                that  mounted this procfs (or the root namespace if mounted by
1682                the kernel), followed by  the  value  in  successively  nested
1683                inner namespaces.  (Since Linux 4.1.)
1684
1685              * NSpid:  Thread ID in each of the PID namespaces of which [pid]
1686                is a member.  The fields are ordered as  for  NStgid.   (Since
1687                Linux 4.1.)
1688
1689              * NSpgid:  Process  group  ID  in  each of the PID namespaces of
1690                which [pid] is a member.  The fields are ordered as  for  NSt‐
1691                gid.  (Since Linux 4.1.)
1692
1693              * NSsid: descendant namespace session ID hierarchy Session ID in
1694                each of the PID namespaces of which [pid] is  a  member.   The
1695                fields are ordered as for NStgid.  (Since Linux 4.1.)
1696
1697              * VmPeak: Peak virtual memory size.
1698
1699              * VmSize: Virtual memory size.
1700
1701              * VmLck: Locked memory size (see mlock(2)).
1702
1703              * VmPin:  Pinned memory size (since Linux 3.2).  These are pages
1704                that can't be moved because something needs to directly access
1705                physical memory.
1706
1707              * VmHWM: Peak resident set size ("high water mark").
1708
1709              * VmRSS: Resident set size.  Note that the value here is the sum
1710                of RssAnon, RssFile, and RssShmem.
1711
1712              * RssAnon: Size of  resident  anonymous  memory.   (since  Linux
1713                4.5).
1714
1715              * RssFile: Size of resident file mappings.  (since Linux 4.5).
1716
1717              * RssShmem:  Size  of  resident shared memory (includes System V
1718                shared memory, mappings from tmpfs(5),  and  shared  anonymous
1719                mappings).  (since Linux 4.5).
1720
1721              * VmData, VmStk, VmExe: Size of data, stack, and text segments.
1722
1723              * VmLib: Shared library code size.
1724
1725              * VmPTE: Page table entries size (since Linux 2.6.10).
1726
1727              * VmPMD:  Size  of second-level page tables (added in Linux 4.0;
1728                removed in Linux 4.15).
1729
1730              * VmSwap: Swapped-out virtual memory size by  anonymous  private
1731                pages; shmem swap usage is not included (since Linux 2.6.34).
1732
1733              * HugetlbPages:  Size  of  hugetlb  memory portions (since Linux
1734                4.4).
1735
1736              * CoreDumping: Contains the value 1 if the process is  currently
1737                dumping  core,  and  0  if it is not (since Linux 4.15).  This
1738                information can be used  by  a  monitoring  process  to  avoid
1739                killing  a process that is currently dumping core, which could
1740                result in a corrupted core dump file.
1741
1742              * Threads: Number of threads in process containing this thread.
1743
1744              * SigQ: This field contains  two  slash-separated  numbers  that
1745                relate to queued signals for the real user ID of this process.
1746                The first of these is the number of currently  queued  signals
1747                for this real user ID, and the second is the resource limit on
1748                the number  of  queued  signals  for  this  process  (see  the
1749                description of RLIMIT_SIGPENDING in getrlimit(2)).
1750
1751              * SigPnd, ShdPnd:
1752                 Mask (expressed in hexadecimal) of signals pending for thread
1753                and for process as a whole (see pthreads(7) and signal(7)).
1754
1755              * SigBlk, SigIgn, SigCgt: Masks (expressed in hexadeximal) indi‐
1756                cating  signals  being  blocked, ignored, and caught (see sig‐
1757                nal(7)).
1758
1759              * CapInh, CapPrm, CapEff: Masks (expressed  in  hexadeximal)  of
1760                capabilities  enabled in inheritable, permitted, and effective
1761                sets (see capabilities(7)).
1762
1763              * CapBnd: Capability  bounding  set,  expressed  in  hexadecimal
1764                (since Linux 2.6.26, see capabilities(7)).
1765
1766              * CapAmb:  Ambient  capability  set,  expressed  in  hexadecimal
1767                (since Linux 4.3, see capabilities(7)).
1768
1769              * NoNewPrivs: Value of the no_new_privs bit (since  Linux  4.10,
1770                see prctl(2)).
1771
1772              * Seccomp:  Seccomp  mode  of  the process (since Linux 3.8, see
1773                seccomp(2)).  0  means  SECCOMP_MODE_DISABLED;  1  means  SEC‐
1774                COMP_MODE_STRICT;  2 means SECCOMP_MODE_FILTER.  This field is
1775                provided only if the kernel was built with the  CONFIG_SECCOMP
1776                kernel configuration option enabled.
1777
1778              * Speculation_Store_Bypass:  Speculation  flaw  mitigation state
1779                (since Linux 4.17, see prctl(2)).
1780
1781              * Cpus_allowed: Hexadecimal mask of CPUs on which  this  process
1782                may run (since Linux 2.6.24, see cpuset(7)).
1783
1784              * Cpus_allowed_list:  Same  as  previous,  but  in "list format"
1785                (since Linux 2.6.26, see cpuset(7)).
1786
1787              * Mems_allowed: Mask of memory nodes  allowed  to  this  process
1788                (since Linux 2.6.24, see cpuset(7)).
1789
1790              * Mems_allowed_list:  Same  as  previous,  but  in "list format"
1791                (since Linux 2.6.26, see cpuset(7)).
1792
1793              * voluntary_ctxt_switches, nonvoluntary_ctxt_switches: Number of
1794                voluntary   and  involuntary  context  switches  (since  Linux
1795                2.6.23).
1796
1797       /proc/[pid]/syscall (since Linux 2.6.27)
1798              This file exposes the system call number and argument  registers
1799              for  the  system  call  currently being executed by the process,
1800              followed by the values of the stack pointer and program  counter
1801              registers.   The  values  of  all  six  argument  registers  are
1802              exposed, although most system calls use fewer registers.
1803
1804              If the process is blocked, but not in a system  call,  then  the
1805              file displays -1 in place of the system call number, followed by
1806              just the values of the stack pointer and  program  counter.   If
1807              process  is  not blocked, then the file contains just the string
1808              "running".
1809
1810              This file is present only if the kernel was configured with CON‐
1811              FIG_HAVE_ARCH_TRACEHOOK.
1812
1813              Permission  to  access  this file is governed by a ptrace access
1814              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1815
1816       /proc/[pid]/task (since Linux 2.6.0)
1817              This is a directory that  contains  one  subdirectory  for  each
1818              thread  in  the  process.   The name of each subdirectory is the
1819              numerical thread ID ([tid]) of the thread (see gettid(2)).
1820
1821              Within each of these subdirectories, there is  a  set  of  files
1822              with the same names and contents as under the /proc/[pid] direc‐
1823              tories.  For attributes that are shared by all threads, the con‐
1824              tents  for each of the files under the task/[tid] subdirectories
1825              will be the same as in the  corresponding  file  in  the  parent
1826              /proc/[pid]  directory (e.g., in a multithreaded process, all of
1827              the task/[tid]/cwd  files  will  have  the  same  value  as  the
1828              /proc/[pid]/cwd  file  in the parent directory, since all of the
1829              threads in a process share a working directory).  For attributes
1830              that are distinct for each thread, the corresponding files under
1831              task/[tid] may have different values (e.g.,  various  fields  in
1832              each  of  the  task/[tid]/status files may be different for each
1833              thread), or they might not exist in /proc/[pid] at all.
1834
1835              In a multithreaded process, the contents of the /proc/[pid]/task
1836              directory  are not available if the main thread has already ter‐
1837              minated (typically by calling pthread_exit(3)).
1838
1839       /proc/[pid]/task/[tid]/children (since Linux 3.5)
1840              A space-separated list of child tasks of this task.  Each  child
1841              task is represented by its TID.
1842
1843              This option is intended for use by the checkpoint-restore (CRIU)
1844              system, and reliably provides a list of children only if all  of
1845              the  child  processes  are  stopped or frozen.  It does not work
1846              properly if children of the target task exit while the  file  is
1847              being  read!  Exiting children may cause non-exiting children to
1848              be omitted from the list.  This makes this interface  even  more
1849              unreliable  than  classic  PID-based approaches if the inspected
1850              task and its children aren't frozen, and most code should proba‐
1851              bly not use this interface.
1852
1853              Until  Linux  4.2, the presence of this file was governed by the
1854              CONFIG_CHECKPOINT_RESTORE kernel  configuration  option.   Since
1855              Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.
1856
1857       /proc/[pid]/timers (since Linux 3.10)
1858              A  list  of  the  POSIX  timers for this process.  Each timer is
1859              listed with a line that starts with the string "ID:".  For exam‐
1860              ple:
1861
1862                  ID: 1
1863                  signal: 60/00007fff86e452a8
1864                  notify: signal/pid.2634
1865                  ClockID: 0
1866                  ID: 0
1867                  signal: 60/00007fff86e452a8
1868                  notify: signal/pid.2634
1869                  ClockID: 1
1870
1871              The lines shown for each timer have the following meanings:
1872
1873              ID     The ID for this timer.  This is not the same as the timer
1874                     ID returned by timer_create(2); rather, it  is  the  same
1875                     kernel-internal  ID  that is available via the si_timerid
1876                     field of the siginfo_t structure (see sigaction(2)).
1877
1878              signal This is the signal number that this timer uses to deliver
1879                     notifications   followed   by   a  slash,  and  then  the
1880                     sigev_value value supplied to the signal handler.   Valid
1881                     only for timers that notify via a signal.
1882
1883              notify The  part  before  the slash specifies the mechanism that
1884                     this timer uses to deliver notifications, and is  one  of
1885                     "thread", "signal", or "none".  Immediately following the
1886                     slash  is  either  the  string  "tid"  for  timers   with
1887                     SIGEV_THREAD_ID  notification,  or  "pid" for timers that
1888                     notify by other mechanisms.  Following the "." is the PID
1889                     of  the  process  (or the kernel thread ID of the thread)
1890                     that will be delivered a signal  if  the  timer  delivers
1891                     notifications via a signal.
1892
1893              ClockID
1894                     This  field  identifies the clock that the timer uses for
1895                     measuring time.  For most clocks, this is a  number  that
1896                     matches  one  of the user-space CLOCK_* constants exposed
1897                     via <time.h>.   CLOCK_PROCESS_CPUTIME_ID  timers  display
1898                     with     a     value     of    -6    in    this    field.
1899                     CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
1900                     in this field.
1901
1902              This  file is available only when the kernel was configured with
1903              CONFIG_CHECKPOINT_RESTORE.
1904
1905       /proc/[pid]/timerslack_ns (since Linux 4.6)
1906              This file exposes the process's  "current"  timer  slack  value,
1907              expressed  in  nanoseconds.   The file is writable, allowing the
1908              process's timer slack value to be changed.  Writing  0  to  this
1909              file  resets  the  "current"  timer slack to the "default" timer
1910              slack  value.   For  further  details,  see  the  discussion  of
1911              PR_SET_TIMERSLACK in prctl(2).
1912
1913              Initially,  permission  to  access  this  file was governed by a
1914              ptrace  access  mode   PTRACE_MODE_ATTACH_FSCREDS   check   (see
1915              ptrace(2)).   However, this was subsequently deemed too strict a
1916              requirement (and had the side effect that requiring a process to
1917              have  the  CAP_SYS_PTRACE capability would also allow it to view
1918              and change any process's memory).  Therefore, since  Linux  4.9,
1919              only  the (weaker) CAP_SYS_NICE capability is required to access
1920              this file.
1921
1922       /proc/[pid]/uid_map, /proc/[pid]/gid_map (since Linux 3.5)
1923              See user_namespaces(7).
1924
1925       /proc/[pid]/wchan (since Linux 2.6.0)
1926              The symbolic name corresponding to the location  in  the  kernel
1927              where the process is sleeping.
1928
1929              Permission  to  access  this file is governed by a ptrace access
1930              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1931
1932       /proc/[tid]
1933              There  is a numerical subdirectory for each running thread  that
1934              is  not a thread group leader (i.e., a thread whose thread ID is
1935              not the same as its process ID); the subdirectory  is  named  by
1936              the  thread ID.  Each one of these subdirectories contains files
1937              and subdirectories exposing information about  the  thread  with
1938              the  thread  ID  tid.  The contents of these directories are the
1939              same as the corresponding /proc/[pid]/task/[tid] directories.
1940
1941              The /proc/[tid] subdirectories are not  visible  when  iterating
1942              through  /proc  with  getdents(2) (and thus are not visible when
1943              one uses ls(1) to view the contents  of  /proc).   However,  the
1944              pathnames  of  these directories are visible to (i.e., usable as
1945              arguments in) system calls that operate on pathnames.
1946
1947       /proc/apm
1948              Advanced power management version and battery  information  when
1949              CONFIG_APM is defined at kernel compilation time.
1950
1951       /proc/buddyinfo
1952              This file contains information which is used for diagnosing mem‐
1953              ory fragmentation issues.  Each line starts with the identifica‐
1954              tion  of  the node and the name of the zone which together iden‐
1955              tify a memory region This is  then  followed  by  the  count  of
1956              available  chunks  of  a  certain order in which these zones are
1957              split.  The size in bytes of a certain order  is  given  by  the
1958              formula:
1959
1960                  (2^order) * PAGE_SIZE
1961
1962              The  binary  buddy  allocator  algorithm  inside the kernel will
1963              split one chunk into two chunks of a smaller  order  (thus  with
1964              half  the size) or combine two contiguous chunks into one larger
1965              chunk of a higher order (thus with double the size)  to  satisfy
1966              allocation  requests  and  to counter memory fragmentation.  The
1967              order matches the column number, when starting to count at zero.
1968
1969              For example on an x86-64 system:
1970
1971  Node 0, zone     DMA     1    1    1    0    2    1    1    0    1    1    3
1972  Node 0, zone   DMA32    65   47    4   81   52   28   13   10    5    1  404
1973  Node 0, zone  Normal   216   55  189  101   84   38   37   27    5    3  587
1974
1975              In this example, there is one node containing  three  zones  and
1976              there are 11 different chunk sizes.  If the page size is 4 kilo‐
1977              bytes, then the first zone called  DMA  (on  x86  the  first  16
1978              megabyte  of memory) has 1 chunk of 4 kilobytes (order 0) avail‐
1979              able and has 3 chunks of 4 megabytes (order 10) available.
1980
1981              If the memory is heavily fragmented,  the  counters  for  higher
1982              order  chunks  will  be  zero and allocation of large contiguous
1983              areas will fail.
1984
1985              Further information about the zones can be found in  /proc/zone‐
1986              info.
1987
1988       /proc/bus
1989              Contains subdirectories for installed busses.
1990
1991       /proc/bus/pccard
1992              Subdirectory  for  PCMCIA  devices  when CONFIG_PCMCIA is set at
1993              kernel compilation time.
1994
1995       /proc/bus/pccard/drivers
1996
1997       /proc/bus/pci
1998              Contains various bus subdirectories and pseudo-files  containing
1999              information  about  PCI  busses,  installed  devices, and device
2000              drivers.  Some of these files are not ASCII.
2001
2002       /proc/bus/pci/devices
2003              Information about PCI devices.  They  may  be  accessed  through
2004              lspci(8) and setpci(8).
2005
2006       /proc/cgroups (since Linux 2.6.24)
2007              See cgroups(7).
2008
2009       /proc/cmdline
2010              Arguments  passed  to the Linux kernel at boot time.  Often done
2011              via a boot manager such as lilo(8) or grub(8).
2012
2013       /proc/config.gz (since Linux 2.6)
2014              This file exposes the configuration options that  were  used  to
2015              build  the  currently running kernel, in the same format as they
2016              would be shown in the .config file that resulted when  configur‐
2017              ing  the  kernel  (using make xconfig, make config, or similar).
2018              The file contents are compressed;  view  or  search  them  using
2019              zcat(1)  and  zgrep(1).  As long as no changes have been made to
2020              the following file, the contents of /proc/config.gz are the same
2021              as those provided by:
2022
2023                  cat /lib/modules/$(uname -r)/build/.config
2024
2025              /proc/config.gz  is  provided  only  if the kernel is configured
2026              with CONFIG_IKCONFIG_PROC.
2027
2028       /proc/crypto
2029              A list of the ciphers provided by the kernel  crypto  API.   For
2030              details,  see  the  kernel Linux Kernel Crypto API documentation
2031              available  under  the   kernel   source   directory   Documenta‐
2032              tion/crypto/ (or Documentation/DocBook before 4.10; the documen‐
2033              tation can be built using a command such as make htmldocs in the
2034              root directory of the kernel source tree).
2035
2036       /proc/cpuinfo
2037              This  is  a  collection of CPU and system architecture dependent
2038              items, for each supported architecture a  different  list.   Two
2039              common   entries  are  processor  which  gives  CPU  number  and
2040              bogomips; a system constant that  is  calculated  during  kernel
2041              initialization.   SMP  machines  have  information for each CPU.
2042              The lscpu(1) command gathers its information from this file.
2043
2044       /proc/devices
2045              Text listing of major numbers and device groups.   This  can  be
2046              used by MAKEDEV scripts for consistency with the kernel.
2047
2048       /proc/diskstats (since Linux 2.5.69)
2049              This  file  contains  disk  I/O statistics for each disk device.
2050              See the Linux kernel source file  Documentation/iostats.txt  for
2051              further information.
2052
2053       /proc/dma
2054              This  is a list of the registered ISA DMA (direct memory access)
2055              channels in use.
2056
2057       /proc/driver
2058              Empty subdirectory.
2059
2060       /proc/execdomains
2061              List of the execution domains (ABI personalities).
2062
2063       /proc/fb
2064              Frame buffer information when CONFIG_FB is defined during kernel
2065              compilation.
2066
2067       /proc/filesystems
2068              A  text  listing  of  the filesystems which are supported by the
2069              kernel, namely filesystems which were compiled into  the  kernel
2070              or  whose  kernel  modules  are  currently  loaded.   (See  also
2071              filesystems(5).)  If a filesystem is marked with  "nodev",  this
2072              means  that  it  does  not  require a block device to be mounted
2073              (e.g., virtual filesystem, network filesystem).
2074
2075              Incidentally, this file may be used by mount(8) when no filesys‐
2076              tem  is specified and it didn't manage to determine the filesys‐
2077              tem type.  Then filesystems contained in  this  file  are  tried
2078              (excepted those that are marked with "nodev").
2079
2080       /proc/fs
2081              Contains subdirectories that in turn contain files with informa‐
2082              tion about (certain) mounted filesystems.
2083
2084       /proc/ide
2085              This directory exists on systems with the IDE  bus.   There  are
2086              directories  for  each  IDE  channel and attached device.  Files
2087              include:
2088
2089                  cache              buffer size in KB
2090                  capacity           number of sectors
2091                  driver             driver version
2092                  geometry           physical and logical geometry
2093                  identify           in hexadecimal
2094                  media              media type
2095                  model              manufacturer's model number
2096                  settings           drive settings
2097                  smart_thresholds   in hexadecimal
2098                  smart_values       in hexadecimal
2099
2100              The hdparm(8) utility provides access to this information  in  a
2101              friendly format.
2102
2103       /proc/interrupts
2104              This  is  used to record the number of interrupts per CPU per IO
2105              device.  Since Linux 2.6.24, for the i386 and  x86-64  architec‐
2106              tures,  at  least, this also includes interrupts internal to the
2107              system (that is, not associated with a device as such), such  as
2108              NMI  (nonmaskable  interrupt),  LOC (local timer interrupt), and
2109              for SMP systems, TLB (TLB flush  interrupt),  RES  (rescheduling
2110              interrupt),  CAL  (remote function call interrupt), and possibly
2111              others.  Very easy to read formatting, done in ASCII.
2112
2113       /proc/iomem
2114              I/O memory map in Linux 2.4.
2115
2116       /proc/ioports
2117              This is a list of currently registered Input-Output port regions
2118              that are in use.
2119
2120       /proc/kallsyms (since Linux 2.5.71)
2121              This  holds  the  kernel exported symbol definitions used by the
2122              modules(X) tools to dynamically link and bind loadable  modules.
2123              In  Linux  2.5.47 and earlier, a similar file with slightly dif‐
2124              ferent syntax was named ksyms.
2125
2126       /proc/kcore
2127              This file represents the physical memory of the  system  and  is
2128              stored  in the ELF core file format.  With this pseudo-file, and
2129              an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
2130              used to examine the current state of any kernel data structures.
2131
2132              The  total  length  of  the  file is the size of physical memory
2133              (RAM) plus 4 KiB.
2134
2135       /proc/keys (since Linux 2.6.10)
2136              See keyrings(7).
2137
2138       /proc/key-users (since Linux 2.6.10)
2139              See keyrings(7).
2140
2141       /proc/kmsg
2142              This file can be used instead of the syslog(2)  system  call  to
2143              read  kernel messages.  A process must have superuser privileges
2144              to read this file, and only one process should read  this  file.
2145              This  file  should  not  be  read if a syslog process is running
2146              which uses the syslog(2) system call facility to log kernel mes‐
2147              sages.
2148
2149              Information in this file is retrieved with the dmesg(1) program.
2150
2151       /proc/kpagecgroup (since Linux 4.3)
2152              This  file  contains  a 64-bit inode number of the memory cgroup
2153              each page is charged to, indexed by page frame number  (see  the
2154              discussion of /proc/[pid]/pagemap).
2155
2156              The  /proc/kpagecgroup  file is present only if the CONFIG_MEMCG
2157              kernel configuration option is enabled.
2158
2159       /proc/kpagecount (since Linux 2.6.25)
2160              This file contains a 64-bit count of the number  of  times  each
2161              physical page frame is mapped, indexed by page frame number (see
2162              the discussion of /proc/[pid]/pagemap).
2163
2164              The  /proc/kpagecount  file  is  present  only   if   the   CON‐
2165              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2166
2167       /proc/kpageflags (since Linux 2.6.25)
2168              This  file  contains 64-bit masks corresponding to each physical
2169              page frame; it is indexed by page frame number (see the  discus‐
2170              sion of /proc/[pid]/pagemap).  The bits are as follows:
2171
2172                   0 - KPF_LOCKED
2173                   1 - KPF_ERROR
2174                   2 - KPF_REFERENCED
2175                   3 - KPF_UPTODATE
2176                   4 - KPF_DIRTY
2177                   5 - KPF_LRU
2178                   6 - KPF_ACTIVE
2179                   7 - KPF_SLAB
2180                   8 - KPF_WRITEBACK
2181                   9 - KPF_RECLAIM
2182                  10 - KPF_BUDDY
2183                  11 - KPF_MMAP           (since Linux 2.6.31)
2184                  12 - KPF_ANON           (since Linux 2.6.31)
2185                  13 - KPF_SWAPCACHE      (since Linux 2.6.31)
2186                  14 - KPF_SWAPBACKED     (since Linux 2.6.31)
2187                  15 - KPF_COMPOUND_HEAD  (since Linux 2.6.31)
2188                  16 - KPF_COMPOUND_TAIL  (since Linux 2.6.31)
2189                  17 - KPF_HUGE           (since Linux 2.6.31)
2190                  18 - KPF_UNEVICTABLE    (since Linux 2.6.31)
2191                  19 - KPF_HWPOISON       (since Linux 2.6.31)
2192                  20 - KPF_NOPAGE         (since Linux 2.6.31)
2193                  21 - KPF_KSM            (since Linux 2.6.32)
2194                  22 - KPF_THP            (since Linux 3.4)
2195                  23 - KPF_BALLOON        (since Linux 3.18)
2196                  24 - KPF_ZERO_PAGE      (since Linux 4.0)
2197                  25 - KPF_IDLE           (since Linux 4.3)
2198
2199              For  further details on the meanings of these bits, see the ker‐
2200              nel   source   file    Documentation/admin-guide/mm/pagemap.rst.
2201              Before kernel 2.6.29, KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and
2202              KPF_LOCKED did not report correctly.
2203
2204              The  /proc/kpageflags  file  is  present  only   if   the   CON‐
2205              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2206
2207       /proc/ksyms (Linux 1.1.23–2.5.47)
2208              See /proc/kallsyms.
2209
2210       /proc/loadavg
2211              The  first  three  fields  in this file are load average figures
2212              giving the number of jobs in the run queue (state R) or  waiting
2213              for disk I/O (state D) averaged over 1, 5, and 15 minutes.  They
2214              are the same as the load average numbers given by uptime(1)  and
2215              other  programs.  The fourth field consists of two numbers sepa‐
2216              rated by a slash (/).  The first of these is the number of  cur‐
2217              rently runnable kernel scheduling entities (processes, threads).
2218              The value after the slash is the  number  of  kernel  scheduling
2219              entities that currently exist on the system.  The fifth field is
2220              the PID of the process that was most  recently  created  on  the
2221              system.
2222
2223       /proc/locks
2224              This  file  shows current file locks (flock(2) and fcntl(2)) and
2225              leases (fcntl(2)).
2226
2227              An example of the content shown in this file is the following:
2228
2229                  1: POSIX  ADVISORY  READ  5433 08:01:7864448 128 128
2230                  2: FLOCK  ADVISORY  WRITE 2001 08:01:7864554 0 EOF
2231                  3: FLOCK  ADVISORY  WRITE 1568 00:2f:32388 0 EOF
2232                  4: POSIX  ADVISORY  WRITE 699 00:16:28457 0 EOF
2233                  5: POSIX  ADVISORY  WRITE 764 00:16:21448 0 0
2234                  6: POSIX  ADVISORY  READ  3548 08:01:7867240 1 1
2235                  7: POSIX  ADVISORY  READ  3548 08:01:7865567 1826 2335
2236                  8: OFDLCK ADVISORY  WRITE -1 08:01:8713209 128 191
2237
2238              The fields shown in each line are as follows:
2239
2240              (1) The ordinal position of the lock in the list.
2241
2242              (2) The lock type.  Values that may appear here include:
2243
2244                  FLOCK  This is a BSD file lock created using flock(2).
2245
2246                  OFDLCK This is an open file description (OFD)  lock  created
2247                         using fcntl(2).
2248
2249                  POSIX  This   is  a  POSIX  byte-range  lock  created  using
2250                         fcntl(2).
2251
2252              (3) Among the strings that can appear here are the following:
2253
2254                  ADVISORY
2255                         This is an advisory lock.
2256
2257                  MANDATORY
2258                         This is a mandatory lock.
2259
2260              (4) The type of lock.  Values that can appear here are:
2261
2262                  READ   This is a POSIX or OFD read lock,  or  a  BSD  shared
2263                         lock.
2264
2265                  WRITE  This is a POSIX or OFD write lock, or a BSD exclusive
2266                         lock.
2267
2268              (5) The PID of the process that owns the lock.
2269
2270                  Because OFD locks are not owned by a single  process  (since
2271                  multiple  processes  may have file descriptors that refer to
2272                  the same open file description), the value -1  is  displayed
2273                  in  this  field  for  OFD locks.  (Before kernel 4.14, a bug
2274                  meant that the PID of the process  that  initially  acquired
2275                  the lock was displayed instead of the value -1.)
2276
2277              (6) Three  colon-separated subfields that identify the major and
2278                  minor device ID of  the  device  containing  the  filesystem
2279                  where  the locked file resides, followed by the inode number
2280                  of the locked file.
2281
2282              (7) The byte offset of the first byte  of  the  lock.   For  BSD
2283                  locks, this value is always 0.
2284
2285              (8) The  byte  offset of the last byte of the lock.  EOF in this
2286                  field means that the lock extends to the end  of  the  file.
2287                  For BSD locks, the value shown is always EOF.
2288
2289              Since  Linux 4.9, the list of locks shown in /proc/locks is fil‐
2290              tered to show just the locks for the processes in the PID names‐
2291              pace  (see pid_namespaces(7)) for which the /proc filesystem was
2292              mounted.  (In the initial PID namespace, there is  no  filtering
2293              of the records shown in this file.)
2294
2295              The  lslocks(8)  command  provides  a bit more information about
2296              each lock.
2297
2298       /proc/malloc (only up to and including Linux 2.2)
2299              This file is present only  if  CONFIG_DEBUG_MALLOC  was  defined
2300              during compilation.
2301
2302       /proc/meminfo
2303              This  file  reports statistics about memory usage on the system.
2304              It is used by free(1) to report the amount of free and used mem‐
2305              ory (both physical and swap) on the system as well as the shared
2306              memory and buffers used by the kernel.  Each line  of  the  file
2307              consists  of a parameter name, followed by a colon, the value of
2308              the parameter, and an option unit of measurement  (e.g.,  "kB").
2309              The  list  below  describes  the  parameter names and the format
2310              specifier required to read the field  value.   Except  as  noted
2311              below,  all of the fields have been present since at least Linux
2312              2.6.0.  Some fields are displayed only if the kernel was config‐
2313              ured  with  various options; those dependencies are noted in the
2314              list.
2315
2316              MemTotal %lu
2317                     Total usable RAM (i.e., physical RAM minus a few reserved
2318                     bits and the kernel binary code).
2319
2320              MemFree %lu
2321                     The sum of LowFree+HighFree.
2322
2323              MemAvailable %lu (since Linux 3.14)
2324                     An  estimate of how much memory is available for starting
2325                     new applications, without swapping.
2326
2327              Buffers %lu
2328                     Relatively temporary storage for  raw  disk  blocks  that
2329                     shouldn't get tremendously large (20MB or so).
2330
2331              Cached %lu
2332                     In-memory  cache  for  files read from the disk (the page
2333                     cache).  Doesn't include SwapCached.
2334
2335              SwapCached %lu
2336                     Memory that once was swapped out, is swapped back in  but
2337                     still  also  is in the swap file.  (If memory pressure is
2338                     high, these pages don't need  to  be  swapped  out  again
2339                     because  they  are  already in the swap file.  This saves
2340                     I/O.)
2341
2342              Active %lu
2343                     Memory that has been used more recently and  usually  not
2344                     reclaimed unless absolutely necessary.
2345
2346              Inactive %lu
2347                     Memory  which  has  been  less recently used.  It is more
2348                     eligible to be reclaimed for other purposes.
2349
2350              Active(anon) %lu (since Linux 2.6.28)
2351                     [To be documented.]
2352
2353              Inactive(anon) %lu (since Linux 2.6.28)
2354                     [To be documented.]
2355
2356              Active(file) %lu (since Linux 2.6.28)
2357                     [To be documented.]
2358
2359              Inactive(file) %lu (since Linux 2.6.28)
2360                     [To be documented.]
2361
2362              Unevictable %lu (since Linux 2.6.28)
2363                     (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU  was
2364                     required.)  [To be documented.]
2365
2366              Mlocked %lu (since Linux 2.6.28)
2367                     (From  Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
2368                     required.)  [To be documented.]
2369
2370              HighTotal %lu
2371                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2372                     Total  amount  of  highmem.   Highmem is all memory above
2373                     ~860MB of physical memory.  Highmem areas are for use  by
2374                     user-space  programs,  or for the page cache.  The kernel
2375                     must use tricks to access this memory, making  it  slower
2376                     to access than lowmem.
2377
2378              HighFree %lu
2379                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2380                     Amount of free highmem.
2381
2382              LowTotal %lu
2383                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2384                     Total  amount  of  lowmem.  Lowmem is memory which can be
2385                     used for everything that highmem can be used for, but  it
2386                     is  also  available for the kernel's use for its own data
2387                     structures.  Among many other things, it is where  every‐
2388                     thing  from  Slab  is  allocated.  Bad things happen when
2389                     you're out of lowmem.
2390
2391              LowFree %lu
2392                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2393                     Amount of free lowmem.
2394
2395              MmapCopy %lu (since Linux 2.6.29)
2396                     (CONFIG_MMU is required.)  [To be documented.]
2397
2398              SwapTotal %lu
2399                     Total amount of swap space available.
2400
2401              SwapFree %lu
2402                     Amount of swap space that is currently unused.
2403
2404              Dirty %lu
2405                     Memory which is waiting to get written back to the disk.
2406
2407              Writeback %lu
2408                     Memory which is actively being written back to the disk.
2409
2410              AnonPages %lu (since Linux 2.6.18)
2411                     Non-file backed pages mapped into user-space page tables.
2412
2413              Mapped %lu
2414                     Files  which have been mapped into memory (with mmap(2)),
2415                     such as libraries.
2416
2417              Shmem %lu (since Linux 2.6.32)
2418                     Amount of memory consumed in tmpfs(5) filesystems.
2419
2420              KReclaimable %lu (since Linux 4.20)
2421                     Kernel  allocations  that  the  kernel  will  attempt  to
2422                     reclaim  under  memory  pressure.   Includes SReclaimable
2423                     (below), and other direct allocations with a shrinker.
2424
2425              Slab %lu
2426                     In-kernel data structures cache.  (See slabinfo(5).)
2427
2428              SReclaimable %lu (since Linux 2.6.19)
2429                     Part of Slab, that might be reclaimed, such as caches.
2430
2431              SUnreclaim %lu (since Linux 2.6.19)
2432                     Part of Slab, that cannot be reclaimed  on  memory  pres‐
2433                     sure.
2434
2435              KernelStack %lu (since Linux 2.6.32)
2436                     Amount of memory allocated to kernel stacks.
2437
2438              PageTables %lu (since Linux 2.6.18)
2439                     Amount  of  memory  dedicated to the lowest level of page
2440                     tables.
2441
2442              Quicklists %lu (since Linux 2.6.27)
2443                     (CONFIG_QUICKLIST is required.)  [To be documented.]
2444
2445              NFS_Unstable %lu (since Linux 2.6.18)
2446                     NFS pages sent to the server, but not  yet  committed  to
2447                     stable storage.
2448
2449              Bounce %lu (since Linux 2.6.18)
2450                     Memory used for block device "bounce buffers".
2451
2452              WritebackTmp %lu (since Linux 2.6.26)
2453                     Memory used by FUSE for temporary writeback buffers.
2454
2455              CommitLimit %lu (since Linux 2.6.10)
2456                     This is the total amount of memory currently available to
2457                     be allocated on the system, expressed in kilobytes.  This
2458                     limit  is adhered to only if strict overcommit accounting
2459                     is enabled (mode  2  in  /proc/sys/vm/overcommit_memory).
2460                     The   limit   is  calculated  according  to  the  formula
2461                     described under /proc/sys/vm/overcommit_memory.  For fur‐
2462                     ther  details,  see  the  kernel  source  file Documenta‐
2463                     tion/vm/overcommit-accounting.rst.
2464
2465              Committed_AS %lu
2466                     The amount of memory presently allocated on  the  system.
2467                     The  committed memory is a sum of all of the memory which
2468                     has been allocated by processes, even if it has not  been
2469                     "used"  by them as of yet.  A process which allocates 1GB
2470                     of memory (using malloc(3) or similar), but touches  only
2471                     300MB  of that memory will show up as using only 300MB of
2472                     memory even if it has the address space allocated for the
2473                     entire 1GB.
2474
2475                     This  1GB  is memory which has been "committed" to by the
2476                     VM and can be used at any time by the allocating applica‐
2477                     tion.  With strict overcommit enabled on the system (mode
2478                     2 in /proc/sys/vm/overcommit_memory),  allocations  which
2479                     would exceed the CommitLimit will not be permitted.  This
2480                     is useful if one needs to guarantee that  processes  will
2481                     not  fail due to lack of memory once that memory has been
2482                     successfully allocated.
2483
2484              VmallocTotal %lu
2485                     Total size of vmalloc memory area.
2486
2487              VmallocUsed %lu
2488                     Amount of vmalloc area which is used.  Since  Linux  4.4,
2489                     this  field is no longer calculated, and is hard coded as
2490                     0.  See /proc/vmallocinfo.
2491
2492              VmallocChunk %lu
2493                     Largest contiguous block of vmalloc area which  is  free.
2494                     Since  Linux  4.4, this field is no longer calculated and
2495                     is hard coded as 0.  See /proc/vmallocinfo.
2496
2497              HardwareCorrupted %lu (since Linux 2.6.32)
2498                     (CONFIG_MEMORY_FAILURE is required.)  [To be documented.]
2499
2500              LazyFree %lu (since Linux 4.12)
2501                     Shows  the  amount  of  memory   marked   by   madvise(2)
2502                     MADV_FREE.
2503
2504              AnonHugePages %lu (since Linux 2.6.38)
2505                     (CONFIG_TRANSPARENT_HUGEPAGE   is   required.)   Non-file
2506                     backed huge pages mapped into user-space page tables.
2507
2508              ShmemHugePages %lu (since Linux 4.8)
2509                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)   Memory  used
2510                     by shared memory (shmem) and tmpfs(5) allocated with huge
2511                     pages
2512
2513              ShmemPmdMapped %lu (since Linux 4.8)
2514                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)  Shared memory
2515                     mapped into user space with huge pages.
2516
2517              CmaTotal %lu (since Linux 3.1)
2518                     Total  CMA  (Contiguous  Memory  Allocator) pages.  (CON‐
2519                     FIG_CMA is required.)
2520
2521              CmaFree %lu (since Linux 3.1)
2522                     Free CMA  (Contiguous  Memory  Allocator)  pages.   (CON‐
2523                     FIG_CMA is required.)
2524
2525              HugePages_Total %lu
2526                     (CONFIG_HUGETLB_PAGE  is required.)  The size of the pool
2527                     of huge pages.
2528
2529              HugePages_Free %lu
2530                     (CONFIG_HUGETLB_PAGE is required.)  The  number  of  huge
2531                     pages in the pool that are not yet allocated.
2532
2533              HugePages_Rsvd %lu (since Linux 2.6.17)
2534                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2535                     huge pages for which a commitment to  allocate  from  the
2536                     pool  has been made, but no allocation has yet been made.
2537                     These reserved huge pages guarantee that  an  application
2538                     will  be  able  to  allocate a huge page from the pool of
2539                     huge pages at fault time.
2540
2541              HugePages_Surp %lu (since Linux 2.6.24)
2542                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2543                     huge   pages   in   the   pool   above   the   value   in
2544                     /proc/sys/vm/nr_hugepages.  The maximum number of surplus
2545                     huge  pages  is  controlled  by  /proc/sys/vm/nr_overcom‐
2546                     mit_hugepages.
2547
2548              Hugepagesize %lu
2549                     (CONFIG_HUGETLB_PAGE is  required.)   The  size  of  huge
2550                     pages.
2551
2552              DirectMap4k %lu (since Linux 2.6.27)
2553                     Number  of  bytes of RAM linearly mapped by kernel in 4kB
2554                     pages.  (x86.)
2555
2556              DirectMap4M %lu (since Linux 2.6.27)
2557                     Number of bytes of RAM linearly mapped by kernel  in  4MB
2558                     pages.    (x86   with   CONFIG_X86_64  or  CONFIG_X86_PAE
2559                     enabled.)
2560
2561              DirectMap2M %lu (since Linux 2.6.27)
2562                     Number of bytes of RAM linearly mapped by kernel  in  2MB
2563                     pages.    (x86   with   neither  CONFIG_X86_64  nor  CON‐
2564                     FIG_X86_PAE enabled.)
2565
2566              DirectMap1G %lu (since Linux 2.6.27)
2567                     (x86  with  CONFIG_X86_64  and  CONFIG_X86_DIRECT_GBPAGES
2568                     enabled.)
2569
2570       /proc/modules
2571              A  text list of the modules that have been loaded by the system.
2572              See also lsmod(8).
2573
2574       /proc/mounts
2575              Before kernel 2.4.19, this file was a list of all  the  filesys‐
2576              tems  currently mounted on the system.  With the introduction of
2577              per-process mount namespaces in Linux 2.4.19  (see  mount_names‐
2578              paces(7)),  this  file became a link to /proc/self/mounts, which
2579              lists the mount points of the  process's  own  mount  namespace.
2580              The format of this file is documented in fstab(5).
2581
2582       /proc/mtrr
2583              Memory  Type  Range Registers.  See the Linux kernel source file
2584              Documentation/x86/mtrr.txt  (or  Documentation/mtrr.txt   before
2585              Linux 2.6.28) for details.
2586
2587       /proc/net
2588              This  directory  contains  various files and subdirectories con‐
2589              taining information about the networking layer.  The files  con‐
2590              tain  ASCII structures and are, therefore, readable with cat(1).
2591              However, the standard netstat(8)  suite  provides  much  cleaner
2592              access to these files.
2593
2594              With  the  advent  of  network  namespaces,  various information
2595              relating  to  the  network  stack  is  virtualized  (see  names‐
2596              paces(7)).   Thus,  since  Linux 2.6.25, /proc/net is a symbolic
2597              link to the directory /proc/self/net, which  contains  the  same
2598              files and directories as listed below.  However, these files and
2599              directories now expose information for the network namespace  of
2600              which the process is a member.
2601
2602       /proc/net/arp
2603              This  holds  an ASCII readable dump of the kernel ARP table used
2604              for address resolutions.  It will show both dynamically  learned
2605              and preprogrammed ARP entries.  The format is:
2606
2607       IP address     HW type   Flags     HW address          Mask   Device
2608       192.168.0.50   0x1       0x2       00:50:BF:25:68:F3   *      eth0
2609       192.168.0.250  0x1       0xc       00:00:00:00:00:00   *      eth0
2610
2611              Here "IP address" is the IPv4 address of the machine and the "HW
2612              type" is the hardware type of the  address  from  RFC 826.   The
2613              flags are the internal flags of the ARP structure (as defined in
2614              /usr/include/linux/if_arp.h) and the "HW address"  is  the  data
2615              link layer mapping for that IP address if it is known.
2616
2617       /proc/net/dev
2618              The  dev pseudo-file contains network device status information.
2619              This gives the number of received and sent packets,  the  number
2620              of  errors and collisions and other basic statistics.  These are
2621              used by the ifconfig(8) program to report  device  status.   The
2622              format is:
2623
2624 Inter-|   Receive                                                |  Transmit
2625  face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
2626     lo: 2776770   11307    0    0    0     0          0         0  2776770   11307    0    0    0     0       0          0
2627   eth0: 1215645    2751    0    0    0     0          0         0  1782404    4324    0    0    0   427       0          0
2628   ppp0: 1622270    5552    1    0    0     0          0         0   354130    5669    0    0    0     0       0          0
2629   tap0:    7714      81    0    0    0     0          0         0     7714      81    0    0    0     0       0          0
2630
2631       /proc/net/dev_mcast
2632              Defined in /usr/src/linux/net/core/dev_mcast.c:
2633
2634                  indx interface_name  dmi_u dmi_g dmi_address
2635                  2    eth0            1     0     01005e000001
2636                  3    eth1            1     0     01005e000001
2637                  4    eth2            1     0     01005e000001
2638
2639       /proc/net/igmp
2640              Internet     Group     Management    Protocol.     Defined    in
2641              /usr/src/linux/net/core/igmp.c.
2642
2643       /proc/net/rarp
2644              This file uses the same format as the arp file and contains  the
2645              current reverse mapping database used to provide rarp(8) reverse
2646              address lookup services.  If RARP is  not  configured  into  the
2647              kernel, this file will not be present.
2648
2649       /proc/net/raw
2650              Holds  a  dump of the RAW socket table.  Much of the information
2651              is not of use apart from debugging.  The "sl" value is the  ker‐
2652              nel  hash  slot for the socket, the "local_address" is the local
2653              address and protocol number pair.  "St" is the  internal  status
2654              of  the  socket.  The "tx_queue" and "rx_queue" are the outgoing
2655              and incoming data queue in terms of kernel  memory  usage.   The
2656              "tr", "tm->when", and "rexmits" fields are not used by RAW.  The
2657              "uid" field holds the  effective  UID  of  the  creator  of  the
2658              socket.
2659
2660       /proc/net/snmp
2661              This file holds the ASCII data needed for the IP, ICMP, TCP, and
2662              UDP management information bases for an SNMP agent.
2663
2664       /proc/net/tcp
2665              Holds a dump of the TCP socket table.  Much of  the  information
2666              is  not of use apart from debugging.  The "sl" value is the ker‐
2667              nel hash slot for the socket, the "local_address" is  the  local
2668              address  and  port number pair.  The "rem_address" is the remote
2669              address and port number pair (if connected).  "St" is the inter‐
2670              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2671              outgoing and incoming data  queue  in  terms  of  kernel  memory
2672              usage.  The "tr", "tm->when", and "rexmits" fields hold internal
2673              information of the kernel socket state and are useful  only  for
2674              debugging.   The "uid" field holds the effective UID of the cre‐
2675              ator of the socket.
2676
2677       /proc/net/udp
2678              Holds a dump of the UDP socket table.  Much of  the  information
2679              is  not of use apart from debugging.  The "sl" value is the ker‐
2680              nel hash slot for the socket, the "local_address" is  the  local
2681              address  and  port number pair.  The "rem_address" is the remote
2682              address and port number pair (if connected).  "St" is the inter‐
2683              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2684              outgoing and incoming data  queue  in  terms  of  kernel  memory
2685              usage.   The "tr", "tm->when", and "rexmits" fields are not used
2686              by UDP.  The "uid" field holds the effective UID of the  creator
2687              of the socket.  The format is:
2688
2689 sl  local_address rem_address   st tx_queue rx_queue tr rexmits  tm->when uid
2690  1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
2691  1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
2692  1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
2693
2694       /proc/net/unix
2695              Lists  the  UNIX  domain  sockets  present within the system and
2696              their status.  The format is:
2697
2698 Num RefCount Protocol Flags    Type St Inode Path
2699  0: 00000002 00000000 00000000 0001 03    42
2700  1: 00000001 00000000 00010000 0001 01  1948 /dev/printer
2701
2702              The fields are as follows:
2703
2704              Num:      the kernel table slot number.
2705
2706              RefCount: the number of users of the socket.
2707
2708              Protocol: currently always 0.
2709
2710              Flags:    the internal kernel flags holding the  status  of  the
2711                        socket.
2712
2713              Type:     the  socket  type.   For  SOCK_STREAM sockets, this is
2714                        0001; for SOCK_DGRAM sockets,  it  is  0002;  and  for
2715                        SOCK_SEQPACKET sockets, it is 0005.
2716
2717              St:       the internal state of the socket.
2718
2719              Inode:    the inode number of the socket.
2720
2721              Path:     the bound pathname (if any) of the socket.  Sockets in
2722                        the abstract namespace are included in the  list,  and
2723                        are  shown with a Path that commences with the charac‐
2724                        ter '@'.
2725
2726       /proc/net/netfilter/nfnetlink_queue
2727              This file contains information about netfilter user-space queue‐
2728              ing,  if  used.  Each line represents a queue.  Queues that have
2729              not been subscribed to by user space are not shown.
2730
2731                     1   4207     0  2 65535     0     0        0  1
2732                    (1)   (2)    (3)(4)  (5)    (6)   (7)      (8)
2733
2734              The fields in each line are:
2735
2736              (1)  The ID of the queue.  This matches what is specified in the
2737                   --queue-num  or  --queue-balance options to the iptables(8)
2738                   NFQUEUE target.  See iptables-extensions(8) for more infor‐
2739                   mation.
2740
2741              (2)  The netlink port ID subscribed to the queue.
2742
2743              (3)  The  number  of  packets currently queued and waiting to be
2744                   processed by the application.
2745
2746              (4)  The copy mode of the queue.  It is either 1 (metadata only)
2747                   or 2 (also copy payload data to user space).
2748
2749              (5)  Copy  range;  that  is,  how  many  bytes of packet payload
2750                   should be copied to user space at most.
2751
2752              (6)  queue dropped.  Number of packets that had to be dropped by
2753                   the kernel because too many packets are already waiting for
2754                   user space to send back the mandatory accept/drop verdicts.
2755
2756              (7)  queue user dropped.  Number of packets  that  were  dropped
2757                   within  the  netlink  subsystem.  Such drops usually happen
2758                   when the corresponding socket buffer is full; that is, user
2759                   space is not able to read messages fast enough.
2760
2761              (8)  sequence  number.  Every queued packet is associated with a
2762                   (32-bit) monotonically-increasing  sequence  number.   This
2763                   shows the ID of the most recent packet queued.
2764
2765              The  last  number  exists  only for compatibility reasons and is
2766              always 1.
2767
2768       /proc/partitions
2769              Contains the major and minor numbers of each partition  as  well
2770              as the number of 1024-byte blocks and the partition name.
2771
2772       /proc/pci
2773              This  is  a  listing of all PCI devices found during kernel ini‐
2774              tialization and their configuration.
2775
2776              This file has been deprecated in favor of a new /proc  interface
2777              for  PCI  (/proc/bus/pci).   It  became  optional  in  Linux 2.2
2778              (available with CONFIG_PCI_OLD_PROC set at kernel  compilation).
2779              It  became  once more nonoptionally enabled in Linux 2.4.  Next,
2780              it was deprecated  in  Linux  2.6  (still  available  with  CON‐
2781              FIG_PCI_LEGACY_PROC  set),  and finally removed altogether since
2782              Linux 2.6.17.
2783
2784       /proc/profile (since Linux 2.4)
2785              This file is present only if the kernel was booted with the pro‐
2786              file=1  command-line option.  It exposes kernel profiling infor‐
2787              mation in a binary format for use  by  readprofile(1).   Writing
2788              (e.g.,  an empty string) to this file resets the profiling coun‐
2789              ters; on some architectures, writing a binary integer "profiling
2790              multiplier"  of  size  sizeof(int)  sets the profiling interrupt
2791              frequency.
2792
2793       /proc/scsi
2794              A directory with the scsi mid-level pseudo-file and various SCSI
2795              low-level driver directories, which contain a file for each SCSI
2796              host in this system, all of which give the status of  some  part
2797              of  the SCSI IO subsystem.  These files contain ASCII structures
2798              and are, therefore, readable with cat(1).
2799
2800              You can also write to some of the files to reconfigure the  sub‐
2801              system or switch certain features on or off.
2802
2803       /proc/scsi/scsi
2804              This  is a listing of all SCSI devices known to the kernel.  The
2805              listing is similar to the one seen  during  bootup.   scsi  cur‐
2806              rently  supports only the add-single-device command which allows
2807              root to add a hotplugged device to the list of known devices.
2808
2809              The command
2810
2811                  echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
2812
2813              will cause host scsi1 to scan on SCSI channel 0 for a device  on
2814              ID  5 LUN 0.  If there is already a device known on this address
2815              or the address is invalid, an error will be returned.
2816
2817       /proc/scsi/[drivername]
2818              [drivername]  can  currently  be  NCR53c7xx,  aha152x,  aha1542,
2819              aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
2820              pas16, qlogic, scsi_debug, seagate, t128,  u15-24f,  ultrastore,
2821              or  wd7000.  These directories show up for all drivers that reg‐
2822              istered at least one SCSI HBA.   Every  directory  contains  one
2823              file  per  registered  host.  Every host-file is named after the
2824              number the host was assigned during initialization.
2825
2826              Reading these files will usually show driver and host configura‐
2827              tion, statistics, and so on.
2828
2829              Writing  to  these  files  allows  different things on different
2830              hosts.  For example, with the latency  and  nolatency  commands,
2831              root  can  switch on and off command latency measurement code in
2832              the eata_dma driver.  With the lockup and unlock commands,  root
2833              can control bus lockups simulated by the scsi_debug driver.
2834
2835       /proc/self
2836              This  directory  refers  to  the  process  accessing  the  /proc
2837              filesystem, and is identical to the /proc directory named by the
2838              process ID of the same process.
2839
2840       /proc/slabinfo
2841              Information about kernel caches.  See slabinfo(5) for details.
2842
2843       /proc/stat
2844              kernel/system  statistics.   Varies  with  architecture.  Common
2845              entries include:
2846
2847              cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
2848              cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
2849                     The  amount  of  time,  measured  in  units  of   USER_HZ
2850                     (1/100ths   of   a  second  on  most  architectures,  use
2851                     sysconf(_SC_CLK_TCK) to obtain the right value), that the
2852                     system  ("cpu"  line)  or  the specific CPU ("cpuN" line)
2853                     spent in various states:
2854
2855                     user   (1) Time spent in user mode.
2856
2857                     nice   (2) Time spent in  user  mode  with  low  priority
2858                            (nice).
2859
2860                     system (3) Time spent in system mode.
2861
2862                     idle   (4)  Time  spent  in  the  idle  task.  This value
2863                            should be USER_HZ times the second  entry  in  the
2864                            /proc/uptime pseudo-file.
2865
2866                     iowait (since Linux 2.5.41)
2867                            (5)  Time waiting for I/O to complete.  This value
2868                            is not reliable, for the following reasons:
2869
2870                            1. The CPU will not  wait  for  I/O  to  complete;
2871                               iowait  is  the time that a task is waiting for
2872                               I/O to complete.  When a  CPU  goes  into  idle
2873                               state  for  outstanding  task I/O, another task
2874                               will be scheduled on this CPU.
2875
2876                            2. On a multi-core CPU, the task waiting  for  I/O
2877                               to  complete  is not running on any CPU, so the
2878                               iowait of each CPU is difficult to calculate.
2879
2880                            3. The value in this field may decrease in certain
2881                               conditions.
2882
2883                     irq (since Linux 2.6.0)
2884                            (6) Time servicing interrupts.
2885
2886                     softirq (since Linux 2.6.0
2887                            (7) Time servicing softirqs.
2888
2889                     steal (since Linux 2.6.11)
2890                            (8)  Stolen time, which is the time spent in other
2891                            operating systems when running  in  a  virtualized
2892                            environment
2893
2894                     guest (since Linux 2.6.24)
2895                            (9)  Time  spent  running  a virtual CPU for guest
2896                            operating systems under the control of  the  Linux
2897                            kernel.
2898
2899                     guest_nice (since Linux 2.6.33)
2900                            (10) Time spent running a niced guest (virtual CPU
2901                            for guest operating systems under the  control  of
2902                            the Linux kernel).
2903
2904              page 5741 1808
2905                     The  number  of  pages the system paged in and the number
2906                     that were paged out (from disk).
2907
2908              swap 1 0
2909                     The number of swap pages that have been  brought  in  and
2910                     out.
2911
2912              intr 1462898
2913                     This  line shows counts of interrupts serviced since boot
2914                     time, for each of the possible  system  interrupts.   The
2915                     first  column  is  the  total  of all interrupts serviced
2916                     including unnumbered  architecture  specific  interrupts;
2917                     each  subsequent  column is the total for that particular
2918                     numbered interrupt.  Unnumbered interrupts are not shown,
2919                     only summed into the total.
2920
2921              disk_io: (2,0):(31,30,5764,1,2) (3,0):...
2922                     (major,disk_idx):(noinfo,     read_io_ops,     blks_read,
2923                     write_io_ops, blks_written)
2924                     (Linux 2.4 only)
2925
2926              ctxt 115315
2927                     The number of context switches that the system underwent.
2928
2929              btime 769041601
2930                     boot  time,  in  seconds  since  the  Epoch,   1970-01-01
2931                     00:00:00 +0000 (UTC).
2932
2933              processes 86031
2934                     Number of forks since boot.
2935
2936              procs_running 6
2937                     Number  of  processes  in  runnable state.  (Linux 2.5.45
2938                     onward.)
2939
2940              procs_blocked 2
2941                     Number of processes blocked waiting for I/O to  complete.
2942                     (Linux 2.5.45 onward.)
2943
2944              softirq  229245889 94 60001584 13619 5175704 2471304 28 51212741
2945              59130143 0 51240672
2946                     This line shows the number of softirq for all CPUs.   The
2947                     first column is the total of all softirqs and each subse‐
2948                     quent column is the total for particular softirq.  (Linux
2949                     2.6.31 onward.)
2950
2951       /proc/swaps
2952              Swap areas in use.  See also swapon(8).
2953
2954       /proc/sys
2955              This directory (present since 1.3.57) contains a number of files
2956              and subdirectories corresponding  to  kernel  variables.   These
2957              variables  can  be  read  and sometimes modified using the /proc
2958              filesystem, and the (deprecated) sysctl(2) system call.
2959
2960              String values may be terminated by either '\0' or '\n'.
2961
2962              Integer and long values may be written either in decimal  or  in
2963              hexadecimal notation (e.g. 0x3FFF).  When writing multiple inte‐
2964              ger or long values, these may be separated by any of the follow‐
2965              ing whitespace characters: ' ', '\t', or '\n'.  Using other sep‐
2966              arators leads to the error EINVAL.
2967
2968       /proc/sys/abi (since Linux 2.4.10)
2969              This directory may contain files with application binary  infor‐
2970              mation.    See   the   Linux   kernel   source  file  Documenta‐
2971              tion/sysctl/abi.txt for more information.
2972
2973       /proc/sys/debug
2974              This directory may be empty.
2975
2976       /proc/sys/dev
2977              This  directory  contains  device-specific  information   (e.g.,
2978              dev/cdrom/info).  On some systems, it may be empty.
2979
2980       /proc/sys/fs
2981              This  directory contains the files and subdirectories for kernel
2982              variables related to filesystems.
2983
2984       /proc/sys/fs/binfmt_misc
2985              Documentation for files in this directory can be  found  in  the
2986              Linux   kernel   source   in   the   file   Documentation/admin-
2987              guide/binfmt-misc.rst (or  in  Documentation/binfmt_misc.txt  on
2988              older kernels).
2989
2990       /proc/sys/fs/dentry-state (since Linux 2.2)
2991              This file contains information about the status of the directory
2992              cache (dcache).   The  file  contains  six  numbers,  nr_dentry,
2993              nr_unused,   age_limit   (age  in  seconds),  want_pages  (pages
2994              requested by system) and two dummy values.
2995
2996              * nr_dentry  is  the  number  of  allocated   dentries   (dcache
2997                entries).  This field is unused in Linux 2.2.
2998
2999              * nr_unused is the number of unused dentries.
3000
3001              * age_limit is the age in seconds after which dcache entries can
3002                be reclaimed when memory is short.
3003
3004              * want_pages   is   nonzero   when   the   kernel   has   called
3005                shrink_dcache_pages() and the dcache isn't pruned yet.
3006
3007       /proc/sys/fs/dir-notify-enable
3008              This file can be used to disable or enable the dnotify interface
3009              described in fcntl(2) on a system-wide basis.  A value of  0  in
3010              this file disables the interface, and a value of 1 enables it.
3011
3012       /proc/sys/fs/dquot-max
3013              This file shows the maximum number of cached disk quota entries.
3014              On some (2.4) systems, it is not present.  If the number of free
3015              cached  disk quota entries is very low and you have some awesome
3016              number of simultaneous system users, you might want to raise the
3017              limit.
3018
3019       /proc/sys/fs/dquot-nr
3020              This  file  shows the number of allocated disk quota entries and
3021              the number of free disk quota entries.
3022
3023       /proc/sys/fs/epoll (since Linux 2.6.28)
3024              This directory contains the file max_user_watches, which can  be
3025              used  to limit the amount of kernel memory consumed by the epoll
3026              interface.  For further details, see epoll(7).
3027
3028       /proc/sys/fs/file-max
3029              This file defines a system-wide limit  on  the  number  of  open
3030              files for all processes.  System calls that fail when encounter‐
3031              ing this limit fail with the  error  ENFILE.   (See  also  setr‐
3032              limit(2),  which can be used by a process to set the per-process
3033              limit, RLIMIT_NOFILE, on the number of files it may  open.)   If
3034              you  get  lots of error messages in the kernel log about running
3035              out of file handles (look  for  "VFS:  file-max  limit  <number>
3036              reached"), try increasing this value:
3037
3038                  echo 100000 > /proc/sys/fs/file-max
3039
3040              Privileged  processes  (CAP_SYS_ADMIN) can override the file-max
3041              limit.
3042
3043       /proc/sys/fs/file-nr
3044              This (read-only) file contains  three  numbers:  the  number  of
3045              allocated  file  handles  (i.e.,  the  number of files presently
3046              opened); the number of free file handles; and the maximum number
3047              of file handles (i.e., the same value as /proc/sys/fs/file-max).
3048              If the number of allocated file handles is close to the maximum,
3049              you  should  consider increasing the maximum.  Before Linux 2.6,
3050              the kernel allocated file handles  dynamically,  but  it  didn't
3051              free  them  again.  Instead the free file handles were kept in a
3052              list for reallocation; the "free file handles"  value  indicates
3053              the  size  of  that  list.   A large number of free file handles
3054              indicates that there was a past peak in the usage of  open  file
3055              handles.  Since Linux 2.6, the kernel does deallocate freed file
3056              handles, and the "free file handles" value is always zero.
3057
3058       /proc/sys/fs/inode-max (only present until Linux 2.2)
3059              This file contains the maximum number of in-memory inodes.  This
3060              value  should  be  3–4  times larger than the value in file-max,
3061              since stdin, stdout and network sockets also need  an  inode  to
3062              handle  them.  When you regularly run out of inodes, you need to
3063              increase this value.
3064
3065              Starting with Linux 2.4, there is no longer a  static  limit  on
3066              the number of inodes, and this file is removed.
3067
3068       /proc/sys/fs/inode-nr
3069              This file contains the first two values from inode-state.
3070
3071       /proc/sys/fs/inode-state
3072              This  file  contains  seven  numbers: nr_inodes, nr_free_inodes,
3073              preshrink, and four dummy values (always zero).
3074
3075              nr_inodes is the number of  inodes  the  system  has  allocated.
3076              nr_free_inodes represents the number of free inodes.
3077
3078              preshrink is nonzero when the nr_inodes > inode-max and the sys‐
3079              tem needs to prune the inode list instead  of  allocating  more;
3080              since Linux 2.4, this field is a dummy value (always zero).
3081
3082       /proc/sys/fs/inotify (since Linux 2.6.13)
3083              This     directory     contains     files     max_queued_events,
3084              max_user_instances, and max_user_watches, that can  be  used  to
3085              limit the amount of kernel memory consumed by the inotify inter‐
3086              face.  For further details, see inotify(7).
3087
3088       /proc/sys/fs/lease-break-time
3089              This file specifies the grace period that the kernel grants to a
3090              process holding a file lease (fcntl(2)) after it has sent a sig‐
3091              nal to that process notifying it that another process is waiting
3092              to  open the file.  If the lease holder does not remove or down‐
3093              grade the lease within this grace period,  the  kernel  forcibly
3094              breaks the lease.
3095
3096       /proc/sys/fs/leases-enable
3097              This  file  can  be  used  to  enable  or  disable  file  leases
3098              (fcntl(2)) on a system-wide basis.  If this  file  contains  the
3099              value 0, leases are disabled.  A nonzero value enables leases.
3100
3101       /proc/sys/fs/mount-max (since Linux 4.9)
3102              The  value  in  this file specifies the maximum number of mounts
3103              that may exist in a mount namespace.  The default value in  this
3104              file is 100,000.
3105
3106       /proc/sys/fs/mqueue (since Linux 2.6.6)
3107              This   directory   contains   files  msg_max,  msgsize_max,  and
3108              queues_max, controlling the  resources  used  by  POSIX  message
3109              queues.  See mq_overview(7) for details.
3110
3111       /proc/sys/fs/nr_open (since Linux 2.6.25)
3112              This   file   imposes   ceiling   on  the  value  to  which  the
3113              RLIMIT_NOFILE resource limit can be raised  (see  getrlimit(2)).
3114              This  ceiling  is  enforced for both unprivileged and privileged
3115              process.  The default value in this file  is  1048576.   (Before
3116              Linux  2.6.25,  the  ceiling for RLIMIT_NOFILE was hard-coded to
3117              the same value.)
3118
3119       /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
3120              These files allow you to change the value of the fixed  UID  and
3121              GID.   The  default  is  65534.   Some  filesystems support only
3122              16-bit UIDs and GIDs, although in Linux UIDs  and  GIDs  are  32
3123              bits.   When  one  of  these  filesystems is mounted with writes
3124              enabled, any UID or GID that would exceed 65535 is translated to
3125              the overflow value before being written to disk.
3126
3127       /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
3128              See pipe(7).
3129
3130       /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
3131              See pipe(7).
3132
3133       /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
3134              See pipe(7).
3135
3136       /proc/sys/fs/protected_hardlinks (since Linux 3.6)
3137              When  the value in this file is 0, no restrictions are placed on
3138              the creation of hard links (i.e., this is the historical  behav‐
3139              ior before Linux 3.6).  When the value in this file is 1, a hard
3140              link can be created to a target file only if one of the  follow‐
3141              ing conditions is true:
3142
3143              *  The calling process has the CAP_FOWNER capability in its user
3144                 namespace and the file UID has a mapping in the namespace.
3145
3146              *  The filesystem UID of the process creating the  link  matches
3147                 the  owner  (UID) of the target file (as described in creden‐
3148                 tials(7), a process's filesystem UID is normally the same  as
3149                 its effective UID).
3150
3151              *  All of the following conditions are true:
3152
3153                  ·  the target is a regular file;
3154
3155                  ·  the  target  file  does not have its set-user-ID mode bit
3156                     enabled;
3157
3158                  ·  the target file does not have both its  set-group-ID  and
3159                     group-executable mode bits enabled; and
3160
3161                  ·  the  caller  has  permission to read and write the target
3162                     file (either via the file's permissions mask  or  because
3163                     it has suitable capabilities).
3164
3165              The  default  value  in  this file is 0.  Setting the value to 1
3166              prevents a longstanding class of security issues caused by hard-
3167              link-based  time-of-check, time-of-use races, most commonly seen
3168              in world-writable directories such as /tmp.  The  common  method
3169              of  exploiting  this  flaw is to cross privilege boundaries when
3170              following a given hard link (i.e., a root process follows a hard
3171              link created by another user).  Additionally, on systems without
3172              separated partitions, this stops unauthorized users  from  "pin‐
3173              ning"  vulnerable  set-user-ID  and  set-group-ID  files against
3174              being upgraded by  the  administrator,  or  linking  to  special
3175              files.
3176
3177       /proc/sys/fs/protected_symlinks (since Linux 3.6)
3178              When  the value in this file is 0, no restrictions are placed on
3179              following symbolic links (i.e., this is the historical  behavior
3180              before  Linux  3.6).  When the value in this file is 1, symbolic
3181              links are followed only in the following circumstances:
3182
3183              *  the filesystem UID of the process following the link  matches
3184                 the owner (UID) of the symbolic link (as described in creden‐
3185                 tials(7), a process's filesystem UID is normally the same  as
3186                 its effective UID);
3187
3188              *  the link is not in a sticky world-writable directory; or
3189
3190              *  the  symbolic  link  and  its  parent directory have the same
3191                 owner (UID)
3192
3193              A system call that fails to follow a symbolic  link  because  of
3194              the above restrictions returns the error EACCES in errno.
3195
3196              The  default  value  in  this file is 0.  Setting the value to 1
3197              avoids a longstanding class of security issues based on time-of-
3198              check, time-of-use races when accessing symbolic links.
3199
3200       /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
3201              The  value  in  this  file is assigned to a process's "dumpable"
3202              flag in the circumstances described in prctl(2).  In effect, the
3203              value  in  this file determines whether core dump files are pro‐
3204              duced for set-user-ID or otherwise  protected/tainted  binaries.
3205              The  "dumpable" setting also affects the ownership of files in a
3206              process's /proc/[pid] directory, as described above.
3207
3208              Three different integer values can be specified:
3209
3210              0 (default)
3211                     This provides the traditional (pre-Linux  2.6.13)  behav‐
3212                     ior.   A  core  dump  will  not be produced for a process
3213                     which has changed  credentials  (by  calling  seteuid(2),
3214                     setgid(2),  or  similar, or by executing a set-user-ID or
3215                     set-group-ID program) or whose binary does not have  read
3216                     permission enabled.
3217
3218              1 ("debug")
3219                     All  processes  dump  core when possible.  (Reasons why a
3220                     process might nevertheless not dump core are described in
3221                     core(5).)   The core dump is owned by the filesystem user
3222                     ID of the dumping process and  no  security  is  applied.
3223                     This  is  intended  for system debugging situations only:
3224                     this mode is  insecure  because  it  allows  unprivileged
3225                     users  to  examine the memory contents of privileged pro‐
3226                     cesses.
3227
3228              2 ("suidsafe")
3229                     Any binary which normally would not be  dumped  (see  "0"
3230                     above)  is dumped readable by root only.  This allows the
3231                     user to remove the core dump file but  not  to  read  it.
3232                     For  security  reasons  core  dumps in this mode will not
3233                     overwrite one another  or  other  files.   This  mode  is
3234                     appropriate  when  administrators are attempting to debug
3235                     problems in a normal environment.
3236
3237                     Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
3238                     tern  must  either be an absolute pathname or a pipe com‐
3239                     mand, as detailed in core(5).  Warnings will  be  written
3240                     to  the  kernel log if core_pattern does not follow these
3241                     rules, and no core dump will be produced.
3242
3243              For details of the effect of a process's "dumpable"  setting  on
3244              ptrace access mode checking, see ptrace(2).
3245
3246       /proc/sys/fs/super-max
3247              This  file  controls the maximum number of superblocks, and thus
3248              the maximum number of mounted filesystems the kernel  can  have.
3249              You  need  increase  only  super-max  if  you need to mount more
3250              filesystems than the current value in super-max allows you to.
3251
3252       /proc/sys/fs/super-nr
3253              This file contains the number of filesystems currently mounted.
3254
3255       /proc/sys/kernel
3256              This directory contains files  controlling  a  range  of  kernel
3257              parameters, as described below.
3258
3259       /proc/sys/kernel/acct
3260              This  file contains three numbers: highwater, lowwater, and fre‐
3261              quency.  If BSD-style process accounting is enabled, these  val‐
3262              ues control its behavior.  If free space on filesystem where the
3263              log lives goes below lowwater percent, accounting suspends.   If
3264              free  space  gets  above  highwater percent, accounting resumes.
3265              frequency determines how often the kernel checks the  amount  of
3266              free  space  (value is in seconds).  Default values are 4, 2 and
3267              30.  That is, suspend accounting if 2% or less  space  is  free;
3268              resume  it  if  4%  or  more space is free; consider information
3269              about amount of free space valid for 30 seconds.
3270
3271       /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to 3.18)
3272              From Linux 2.6.27 to 3.18, this file was used to control  recom‐
3273              puting of the value in /proc/sys/kernel/msgmni upon the addition
3274              or removal of memory or  upon  IPC  namespace  creation/removal.
3275              Echoing  "1" into this file enabled msgmni automatic recomputing
3276              (and triggered a recomputation of msgmni based  on  the  current
3277              amount of available memory and number of IPC namespaces).  Echo‐
3278              ing "0" disabled automatic recomputing.  (Automatic  recomputing
3279              was  also  disabled  if  a  value  was  explicitly  assigned  to
3280              /proc/sys/kernel/msgmni.)  The default value in auto_msgmni  was
3281              1.
3282
3283              Since  Linux  3.19,  the  content  of  this  file  has no effect
3284              (because msgmni defaults to near the  maximum  value  possible),
3285              and reads from this file always return the value "0".
3286
3287       /proc/sys/kernel/cap_last_cap (since Linux 3.2)
3288              See capabilities(7).
3289
3290       /proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)
3291              This  file holds the value of the kernel capability bounding set
3292              (expressed as a signed  decimal  number).   This  set  is  ANDed
3293              against   the   capabilities   permitted  to  a  process  during
3294              execve(2).  Starting with Linux 2.6.25, the system-wide capabil‐
3295              ity  bounding  set disappeared, and was replaced by a per-thread
3296              bounding set; see capabilities(7).
3297
3298       /proc/sys/kernel/core_pattern
3299              See core(5).
3300
3301       /proc/sys/kernel/core_pipe_limit
3302              See core(5).
3303
3304       /proc/sys/kernel/core_uses_pid
3305              See core(5).
3306
3307       /proc/sys/kernel/ctrl-alt-del
3308              This file controls the handling of Ctrl-Alt-Del  from  the  key‐
3309              board.   When  the  value  in  this  file  is 0, Ctrl-Alt-Del is
3310              trapped and sent to the init(1) program  to  handle  a  graceful
3311              restart.   When the value is greater than zero, Linux's reaction
3312              to a Vulcan Nerve Pinch (tm) will be an immediate reboot,  with‐
3313              out  even syncing its dirty buffers.  Note: when a program (like
3314              dosemu) has the keyboard in  "raw"  mode,  the  ctrl-alt-del  is
3315              intercepted by the program before it ever reaches the kernel tty
3316              layer, and it's up to the program to decide what to do with it.
3317
3318       /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
3319              The value in this file determines who can see kernel syslog con‐
3320              tents.   A  value of 0 in this file imposes no restrictions.  If
3321              the value is 1, only privileged users can read the  kernel  sys‐
3322              log.   (See  syslog(2) for more details.)  Since Linux 3.4, only
3323              users with the CAP_SYS_ADMIN capability may change the value  in
3324              this file.
3325
3326       /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
3327              can  be  used  to  set the NIS/YP domainname and the hostname of
3328              your box in exactly the same way as the  commands  domainname(1)
3329              and hostname(1), that is:
3330
3331                  # echo 'darkstar' > /proc/sys/kernel/hostname
3332                  # echo 'mydomain' > /proc/sys/kernel/domainname
3333
3334              has the same effect as
3335
3336                  # hostname 'darkstar'
3337                  # domainname 'mydomain'
3338
3339              Note,  however, that the classic darkstar.frop.org has the host‐
3340              name "darkstar" and DNS (Internet Domain Name Server) domainname
3341              "frop.org", not to be confused with the NIS (Network Information
3342              Service) or YP (Yellow  Pages)  domainname.   These  two  domain
3343              names  are  in general different.  For a detailed discussion see
3344              the hostname(1) man page.
3345
3346       /proc/sys/kernel/hotplug
3347              This file contains the pathname for the  hotplug  policy  agent.
3348              The default value in this file is /sbin/hotplug.
3349
3350       /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
3351              (PowerPC  only) If this file is set to a nonzero value, the Pow‐
3352              erPC htab (see kernel  file  Documentation/powerpc/ppc_htab.txt)
3353              is pruned each time the system hits the idle loop.
3354
3355       /proc/sys/kernel/keys/*
3356              This directory contains various files that define parameters and
3357              limits  for  the  key-management  facility.   These  files   are
3358              described in keyrings(7).
3359
3360       /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
3361              The  value  in this file determines whether kernel addresses are
3362              exposed via /proc files and other interfaces.  A value of  0  in
3363              this  file  imposes  no restrictions.  If the value is 1, kernel
3364              pointers printed using the %pK format specifier will be replaced
3365              with  zeros  unless  the user has the CAP_SYSLOG capability.  If
3366              the value is 2, kernel pointers printed  using  the  %pK  format
3367              specifier  will  be replaced with zeros regardless of the user's
3368              capabilities.  The initial default value for this  file  was  1,
3369              but  the  default was changed to 0 in Linux 2.6.39.  Since Linux
3370              3.4, only users with the CAP_SYS_ADMIN capability can change the
3371              value in this file.
3372
3373       /proc/sys/kernel/l2cr
3374              (PowerPC  only)  This  file contains a flag that controls the L2
3375              cache of G3 processor boards.  If  0,  the  cache  is  disabled.
3376              Enabled if nonzero.
3377
3378       /proc/sys/kernel/modprobe
3379              This  file  contains  the pathname for the kernel module loader.
3380              The default value is /sbin/modprobe.  The file is  present  only
3381              if  the  kernel is built with the CONFIG_MODULES (CONFIG_KMOD in
3382              Linux 2.6.26 and earlier) option enabled.  It  is  described  by
3383              the  Linux  kernel  source  file Documentation/kmod.txt (present
3384              only in kernel 2.4 and earlier).
3385
3386       /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
3387              A toggle value indicating if modules are allowed to be loaded in
3388              an  otherwise  modular kernel.  This toggle defaults to off (0),
3389              but can be set true (1).  Once  true,  modules  can  be  neither
3390              loaded nor unloaded, and the toggle cannot be set back to false.
3391              The file is present only if the kernel is built  with  the  CON‐
3392              FIG_MODULES option enabled.
3393
3394       /proc/sys/kernel/msgmax (since Linux 2.2)
3395              This  file  defines  a  system-wide limit specifying the maximum
3396              number of bytes in a single message written on a System  V  mes‐
3397              sage queue.
3398
3399       /proc/sys/kernel/msgmni (since Linux 2.4)
3400              This file defines the system-wide limit on the number of message
3401              queue identifiers.  See also /proc/sys/kernel/auto_msgmni.
3402
3403       /proc/sys/kernel/msgmnb (since Linux 2.2)
3404              This file defines a system-wide parameter used to initialize the
3405              msg_qbytes setting for subsequently created message queues.  The
3406              msg_qbytes setting specifies the maximum number  of  bytes  that
3407              may be written to the message queue.
3408
3409       /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
3410              This  is  a  read-only file that displays the upper limit on the
3411              number of a process's group memberships.
3412
3413       /proc/sys/kernel/ns_last_pid (since Linux 3.3)
3414              See pid_namespaces(7).
3415
3416       /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
3417              These files give substrings of /proc/version.
3418
3419       /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
3420              These files duplicate  the  files  /proc/sys/fs/overflowgid  and
3421              /proc/sys/fs/overflowuid.
3422
3423       /proc/sys/kernel/panic
3424              This  file  gives  read/write  access  to  the  kernel  variable
3425              panic_timeout.  If this is zero,  the  kernel  will  loop  on  a
3426              panic;  if  nonzero, it indicates that the kernel should autore‐
3427              boot after this number of seconds.  When you  use  the  software
3428              watchdog device driver, the recommended setting is 60.
3429
3430       /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
3431              This  file controls the kernel's behavior when an oops or BUG is
3432              encountered.  If this file contains 0, then the system tries  to
3433              continue  operation.  If it contains 1, then the system delays a
3434              few seconds (to give klogd time to record the oops  output)  and
3435              then   panics.   If  the  /proc/sys/kernel/panic  file  is  also
3436              nonzero, then the machine will be rebooted.
3437
3438       /proc/sys/kernel/pid_max (since Linux 2.5.34)
3439              This file specifies the value at which PIDs wrap  around  (i.e.,
3440              the  value  in  this  file is one greater than the maximum PID).
3441              PIDs greater than this value are not allocated; thus, the  value
3442              in  this file also acts as a system-wide limit on the total num‐
3443              ber of processes and threads.  The default value for this  file,
3444              32768,  results in the same range of PIDs as on earlier kernels.
3445              On 32-bit platforms, 32768 is the maximum value for pid_max.  On
3446              64-bit  systems,  pid_max  can  be  set  to any value up to 2^22
3447              (PID_MAX_LIMIT, approximately 4 million).
3448
3449       /proc/sys/kernel/powersave-nap (PowerPC only)
3450              This file contains a flag.  If set, Linux-PPC will use the "nap"
3451              mode of powersaving, otherwise the "doze" mode will be used.
3452
3453       /proc/sys/kernel/printk
3454              See syslog(2).
3455
3456       /proc/sys/kernel/pty (since Linux 2.6.4)
3457              This directory contains two files relating to the number of UNIX
3458              98 pseudoterminals (see pts(4)) on the system.
3459
3460       /proc/sys/kernel/pty/max
3461              This file defines the maximum number of pseudoterminals.
3462
3463       /proc/sys/kernel/pty/nr
3464              This read-only file indicates how many pseudoterminals are  cur‐
3465              rently in use.
3466
3467       /proc/sys/kernel/random
3468              This directory contains various parameters controlling the oper‐
3469              ation of the file /dev/random.  See random(4) for further infor‐
3470              mation.
3471
3472       /proc/sys/kernel/random/uuid (since Linux 2.4)
3473              Each  read from this read-only file returns a randomly generated
3474              128-bit UUID, as a string in the standard UUID format.
3475
3476       /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
3477              Select the address space layout randomization (ASLR) policy  for
3478              the  system  (on architectures that support ASLR).  Three values
3479              are supported for this file:
3480
3481              0  Turn ASLR off.  This is the default  for  architectures  that
3482                 don't  support  ASLR,  and when the kernel is booted with the
3483                 norandmaps parameter.
3484
3485              1  Make the addresses of mmap(2) allocations, the stack, and the
3486                 VDSO  page  randomized.   Among other things, this means that
3487                 shared libraries will be loaded at randomized addresses.  The
3488                 text  segment of PIE-linked binaries will also be loaded at a
3489                 randomized address.  This value is the default if the  kernel
3490                 was configured with CONFIG_COMPAT_BRK.
3491
3492              2  (Since  Linux  2.6.25) Also support heap randomization.  This
3493                 value is the default if the kernel was  not  configured  with
3494                 CONFIG_COMPAT_BRK.
3495
3496       /proc/sys/kernel/real-root-dev
3497              This file is documented in the Linux kernel source file Documen‐
3498              tation/admin-guide/initrd.rst    (or    Documentation/initrd.txt
3499              before Linux 4.10).
3500
3501       /proc/sys/kernel/reboot-cmd (Sparc only)
3502              This  file  seems  to  be a way to give an argument to the SPARC
3503              ROM/Flash boot loader.  Maybe  to  tell  it  what  to  do  after
3504              rebooting?
3505
3506       /proc/sys/kernel/rtsig-max
3507              (Only  in  kernels  up to and including 2.6.7; see setrlimit(2))
3508              This file can be used to tune the maximum number of POSIX  real-
3509              time (queued) signals that can be outstanding in the system.
3510
3511       /proc/sys/kernel/rtsig-nr
3512              (Only  in  kernels  up to and including 2.6.7.)  This file shows
3513              the number of POSIX real-time signals currently queued.
3514
3515       /proc/[pid]/sched_autogroup_enabled (since Linux 2.6.38)
3516              See sched(7).
3517
3518       /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
3519              If this file contains the value zero, then, after a fork(2), the
3520              parent  is  first  scheduled on the CPU.  If the file contains a
3521              nonzero value, then the child is scheduled  first  on  the  CPU.
3522              (Of course, on a multiprocessor system, the parent and the child
3523              might both immediately be scheduled on a CPU.)
3524
3525       /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
3526              See sched_rr_get_interval(2).
3527
3528       /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
3529              See sched(7).
3530
3531       /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
3532              See sched(7).
3533
3534       /proc/sys/kernel/seccomp (since Linux 4.14)
3535              This directory provides additional seccomp information and  con‐
3536              figuration.  See seccomp(2) for further details.
3537
3538       /proc/sys/kernel/sem (since Linux 2.4)
3539              This  file  contains  4 numbers defining limits for System V IPC
3540              semaphores.  These fields are, in order:
3541
3542              SEMMSL  The maximum semaphores per semaphore set.
3543
3544              SEMMNS  A system-wide limit on the number of semaphores  in  all
3545                      semaphore sets.
3546
3547              SEMOPM  The  maximum  number of operations that may be specified
3548                      in a semop(2) call.
3549
3550              SEMMNI  A system-wide limit on the maximum number  of  semaphore
3551                      identifiers.
3552
3553       /proc/sys/kernel/sg-big-buff
3554              This file shows the size of the generic SCSI device (sg) buffer.
3555              You can't tune it just yet, but you could change it  at  compile
3556              time  by  editing  include/scsi/sg.h  and  changing the value of
3557              SG_BIG_BUFF.  However, there shouldn't be any reason  to  change
3558              this value.
3559
3560       /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
3561              If  this  file  is set to 1, all System V shared memory segments
3562              will be marked for destruction as soon as the number of attached
3563              processes  falls to zero; in other words, it is no longer possi‐
3564              ble to create shared memory segments that exist independently of
3565              any attached process.
3566
3567              The effect is as though a shmctl(2) IPC_RMID is performed on all
3568              existing segments as well as all segments created in the  future
3569              (until  this  file  is reset to 0).  Note that existing segments
3570              that are attached to no process will  be  immediately  destroyed
3571              when  this  file  is  set  to  1.  Setting this option will also
3572              destroy segments that were created,  but  never  attached,  upon
3573              termination  of  the  process  that  created  the  segment  with
3574              shmget(2).
3575
3576              Setting this file to 1 provides a way of ensuring that all  Sys‐
3577              tem  V  shared  memory segments are counted against the resource
3578              usage and resource limits (see the description of  RLIMIT_AS  in
3579              getrlimit(2)) of at least one process.
3580
3581              Because  setting  this  file to 1 produces behavior that is non‐
3582              standard and could also break existing applications, the default
3583              value  in this file is 0.  Set this file to 1 only if you have a
3584              good understanding of the semantics of  the  applications  using
3585              System V shared memory on your system.
3586
3587       /proc/sys/kernel/shmall (since Linux 2.2)
3588              This  file contains the system-wide limit on the total number of
3589              pages of System V shared memory.
3590
3591       /proc/sys/kernel/shmmax (since Linux 2.2)
3592              This file can be used to query and set the run-time limit on the
3593              maximum  (System  V  IPC) shared memory segment size that can be
3594              created.  Shared memory segments up to 1GB are now supported  in
3595              the kernel.  This value defaults to SHMMAX.
3596
3597       /proc/sys/kernel/shmmni (since Linux 2.4)
3598              This  file  specifies the system-wide maximum number of System V
3599              shared memory segments that can be created.
3600
3601       /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
3602              The value in this file determines how the  file  offset  affects
3603              the  behavior of updating entries in files under /proc/sys.  The
3604              file has three possible values:
3605
3606              -1  This provides legacy  handling,  with  no  printk  warnings.
3607                  Each  write(2)  must  fully contain the value to be written,
3608                  and multiple writes on the same file descriptor  will  over‐
3609                  write the entire value, regardless of the file position.
3610
3611              0   (default)  This  provides  the  same behavior as for -1, but
3612                  printk warnings  are  written  for  processes  that  perform
3613                  writes when the file offset is not 0.
3614
3615              1   Respect  the file offset when writing strings into /proc/sys
3616                  files.  Multiple writes will append  to  the  value  buffer.
3617                  Anything written beyond the maximum length of the value buf‐
3618                  fer will be ignored.  Writes to  numeric  /proc/sys  entries
3619                  must  always be at file offset 0 and the value must be fully
3620                  contained in the buffer provided to write(2).
3621
3622       /proc/sys/kernel/sysrq
3623              This file controls the functions allowed to be  invoked  by  the
3624              SysRq  key.   By default, the file contains 1 meaning that every
3625              possible SysRq request is allowed  (in  older  kernel  versions,
3626              SysRq was disabled by default, and you were required to specifi‐
3627              cally enable it at run-time, but this is not the case any more).
3628              Possible values in this file are:
3629
3630              0    Disable sysrq completely
3631
3632              1    Enable all functions of sysrq
3633
3634              > 1  Bit mask of allowed sysrq functions, as follows:
3635                     2  Enable control of console logging level
3636                     4  Enable control of keyboard (SAK, unraw)
3637                     8  Enable debugging dumps of processes etc.
3638                    16  Enable sync command
3639                    32  Enable remount read-only
3640                    64  Enable signaling of processes (term, kill, oom-kill)
3641                   128  Allow reboot/poweroff
3642                   256  Allow nicing of all real-time tasks
3643
3644              This  file is present only if the CONFIG_MAGIC_SYSRQ kernel con‐
3645              figuration option is enabled.  For further details see the Linux
3646              kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
3647              mentation/sysrq.txt before Linux 4.10).
3648
3649       /proc/sys/kernel/version
3650              This file contains a string such as:
3651
3652                  #5 Wed Feb 25 21:49:24 MET 1998
3653
3654              The "#5" means that this is the fifth  kernel  built  from  this
3655              source  base  and  the  date following it indicates the time the
3656              kernel was built.
3657
3658       /proc/sys/kernel/threads-max (since Linux 2.3.11)
3659              This file specifies the  system-wide  limit  on  the  number  of
3660              threads (tasks) that can be created on the system.
3661
3662              Since Linux 4.1, the value that can be written to threads-max is
3663              bounded.  The minimum value that can be written is 20.  The max‐
3664              imum  value  that  can  be  written  is  given  by  the constant
3665              FUTEX_TID_MASK (0x3fffffff).  If a value outside of  this  range
3666              is written to threads-max, the error EINVAL occurs.
3667
3668              The  value  written  is checked against the available RAM pages.
3669              If the thread structures would occupy too much (more than 1/8th)
3670              of the available RAM pages, threads-max is reduced accordingly.
3671
3672       /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
3673              See ptrace(2).
3674
3675       /proc/sys/kernel/zero-paged (PowerPC only)
3676              This  file  contains  a flag.  When enabled (nonzero), Linux-PPC
3677              will pre-zero pages in  the  idle  loop,  possibly  speeding  up
3678              get_free_pages.
3679
3680       /proc/sys/net
3681              This directory contains networking stuff.  Explanations for some
3682              of the files under this directory can be  found  in  tcp(7)  and
3683              ip(7).
3684
3685       /proc/sys/net/core/bpf_jit_enable
3686              See bpf(2).
3687
3688       /proc/sys/net/core/somaxconn
3689              This  file  defines  a ceiling value for the backlog argument of
3690              listen(2); see the listen(2) manual page for details.
3691
3692       /proc/sys/proc
3693              This directory may be empty.
3694
3695       /proc/sys/sunrpc
3696              This directory supports Sun remote procedure  call  for  network
3697              filesystem (NFS).  On some systems, it is not present.
3698
3699       /proc/sys/user (since Linux 4.9)
3700              See namespaces(7).
3701
3702       /proc/sys/vm
3703              This directory contains files for memory management tuning, buf‐
3704              fer and cache management.
3705
3706       /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
3707              This file defines the amount of free memory (in KiB) on the sys‐
3708              tem  that  should  be  reserved  for  users  with the capability
3709              CAP_SYS_ADMIN.
3710
3711              The default value in this file is the minimum  of  [3%  of  free
3712              pages,  8MiB] expressed as KiB.  The default is intended to pro‐
3713              vide enough for the superuser to log in and kill a  process,  if
3714              necessary, under the default overcommit 'guess' mode (i.e., 0 in
3715              /proc/sys/vm/overcommit_memory).
3716
3717              Systems  running  in  "overcommit  never"  mode  (i.e.,   2   in
3718              /proc/sys/vm/overcommit_memory)  should  increase  the  value in
3719              this file to account for the full virtual  memory  size  of  the
3720              programs  used  to  recover  (e.g., login(1) ssh(1), and top(1))
3721              Otherwise, the superuser may not be able to log  in  to  recover
3722              the  system.   For example, on x86-64 a suitable value is 131072
3723              (128MiB reserved).
3724
3725              Changing the value in this file takes effect whenever an  appli‐
3726              cation requests memory.
3727
3728       /proc/sys/vm/compact_memory (since Linux 2.6.35)
3729              When  1  is  written  to this file, all zones are compacted such
3730              that free memory is available in contiguous blocks where  possi‐
3731              ble.   The  effect  of  this  action  can  be  seen by examining
3732              /proc/buddyinfo.
3733
3734              Present only if  the  kernel  was  configured  with  CONFIG_COM‐
3735              PACTION.
3736
3737       /proc/sys/vm/drop_caches (since Linux 2.6.16)
3738              Writing  to  this  file  causes the kernel to drop clean caches,
3739              dentries, and inodes from memory, causing that memory to  become
3740              free.  This can be useful for memory management testing and per‐
3741              forming reproducible filesystem benchmarks.  Because writing  to
3742              this  file  causes  the  benefits  of caching to be lost, it can
3743              degrade overall system performance.
3744
3745              To free pagecache, use:
3746
3747                  echo 1 > /proc/sys/vm/drop_caches
3748
3749              To free dentries and inodes, use:
3750
3751                  echo 2 > /proc/sys/vm/drop_caches
3752
3753              To free pagecache, dentries and inodes, use:
3754
3755                  echo 3 > /proc/sys/vm/drop_caches
3756
3757              Because writing to this file is a nondestructive  operation  and
3758              dirty  objects  are  not  freeable,  the user should run sync(1)
3759              first.
3760
3761       /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
3762              If nonzero, this disables the new 32-bit memory-mapping  layout;
3763              the kernel will use the legacy (2.4) layout for all processes.
3764
3765       /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
3766              Control  how  to kill processes when an uncorrected memory error
3767              (typically a 2-bit error in a memory module) that cannot be han‐
3768              dled  by  the  kernel is detected in the background by hardware.
3769              In some cases (like the page still having a valid copy on disk),
3770              the kernel will handle the failure transparently without affect‐
3771              ing any applications.  But if there is no other up-to-date  copy
3772              of  the data, it will kill processes to prevent any data corrup‐
3773              tions from propagating.
3774
3775              The file has one of the following values:
3776
3777              1:  Kill all processes that have  the  corrupted-and-not-reload‐
3778                  able  page  mapped  as  soon  as the corruption is detected.
3779                  Note that this is not supported for a few  types  of  pages,
3780                  such  as kernel internally allocated data or the swap cache,
3781                  but works for the majority of user pages.
3782
3783              0:  Unmap the corrupted page  from  all  processes  and  kill  a
3784                  process only if it tries to access the page.
3785
3786              The  kill is performed using a SIGBUS signal with si_code set to
3787              BUS_MCEERR_AO.  Processes can handle this if they want  to;  see
3788              sigaction(2) for more details.
3789
3790              This  feature  is  active  only  on architectures/platforms with
3791              advanced machine check handling  and  depends  on  the  hardware
3792              capabilities.
3793
3794              Applications  can override the memory_failure_early_kill setting
3795              individually with the prctl(2) PR_MCE_KILL operation.
3796
3797              Present only if  the  kernel  was  configured  with  CONFIG_MEM‐
3798              ORY_FAILURE.
3799
3800       /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
3801              Enable memory failure recovery (when supported by the platform)
3802
3803              1:  Attempt recovery.
3804
3805              0:  Always panic on a memory failure.
3806
3807              Present  only  if  the  kernel  was  configured with CONFIG_MEM‐
3808              ORY_FAILURE.
3809
3810       /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
3811              Enables a system-wide task dump (excluding kernel threads) to be
3812              produced  when  the  kernel  performs  an OOM-killing.  The dump
3813              includes  the  following  information  for  each  task  (thread,
3814              process): thread ID, real user ID, thread group ID (process ID),
3815              virtual memory size, resident set size, the CPU that the task is
3816              scheduled   on,   oom_adj   score   (see   the   description  of
3817              /proc/[pid]/oom_adj), and command  name.   This  is  helpful  to
3818              determine  why  the  OOM-killer  was invoked and to identify the
3819              rogue task that caused it.
3820
3821              If this contains the value zero, this information is suppressed.
3822              On  very  large  systems  with thousands of tasks, it may not be
3823              feasible to dump the memory  state  information  for  each  one.
3824              Such systems should not be forced to incur a performance penalty
3825              in OOM situations when the information may not be desired.
3826
3827              If this is set to nonzero, this information  is  shown  whenever
3828              the OOM-killer actually kills a memory-hogging task.
3829
3830              The default value is 0.
3831
3832       /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
3833              This enables or disables killing the OOM-triggering task in out-
3834              of-memory situations.
3835
3836              If this is set to zero, the OOM-killer  will  scan  through  the
3837              entire  tasklist  and select a task based on heuristics to kill.
3838              This normally selects a rogue memory-hogging task that frees  up
3839              a large amount of memory when killed.
3840
3841              If  this is set to nonzero, the OOM-killer simply kills the task
3842              that triggered the out-of-memory condition.  This avoids a  pos‐
3843              sibly expensive tasklist scan.
3844
3845              If  /proc/sys/vm/panic_on_oom  is  nonzero,  it takes precedence
3846              over whatever value is  used  in  /proc/sys/vm/oom_kill_allocat‐
3847              ing_task.
3848
3849              The default value is 0.
3850
3851       /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
3852              This writable file provides an alternative to /proc/sys/vm/over‐
3853              commit_ratio    for    controlling    the    CommitLimit    when
3854              /proc/sys/vm/overcommit_memory  has  the value 2.  It allows the
3855              amount of memory overcommitting to be specified as  an  absolute
3856              value  (in  kB),  rather  than  as a percentage, as is done with
3857              overcommit_ratio.  This allows for finer-grained control of Com‐
3858              mitLimit on systems with extremely large memory sizes.
3859
3860              Only  one  of  overcommit_kbytes or overcommit_ratio can have an
3861              effect: if overcommit_kbytes has a nonzero  value,  then  it  is
3862              used  to  calculate  CommitLimit,  otherwise overcommit_ratio is
3863              used.  Writing a value to either of these files causes the value
3864              in the other file to be set to zero.
3865
3866       /proc/sys/vm/overcommit_memory
3867              This  file  contains  the kernel virtual memory accounting mode.
3868              Values are:
3869
3870                     0: heuristic overcommit (this is the default)
3871                     1: always overcommit, never check
3872                     2: always check, never overcommit
3873
3874              In mode 0, calls of mmap(2) with MAP_NORESERVE are not  checked,
3875              and  the default check is very weak, leading to the risk of get‐
3876              ting a process "OOM-killed".
3877
3878              In mode 1, the kernel pretends there is  always  enough  memory,
3879              until  memory  actually runs out.  One use case for this mode is
3880              scientific  computing  applications  that  employ  large  sparse
3881              arrays.   In  Linux  kernel  versions  before 2.6.0, any nonzero
3882              value implies mode 1.
3883
3884              In mode 2 (available since Linux 2.6), the total virtual address
3885              space  that  can  be allocated (CommitLimit in /proc/meminfo) is
3886              calculated as
3887
3888                  CommitLimit = (total_RAM - total_huge_TLB) *
3889                                overcommit_ratio / 100 + total_swap
3890
3891              where:
3892
3893                   *  total_RAM is the total amount of RAM on the system;
3894
3895                   *  total_huge_TLB is the amount of  memory  set  aside  for
3896                      huge pages;
3897
3898                   *  overcommit_ratio  is  the value in /proc/sys/vm/overcom‐
3899                      mit_ratio; and
3900
3901                   *  total_swap is the amount of swap space.
3902
3903              For example, on a system with 16GB  of  physical  RAM,  16GB  of
3904              swap,  no space dedicated to huge pages, and an overcommit_ratio
3905              of 50, this formula yields a CommitLimit of 24GB.
3906
3907              Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
3908              is nonzero, then CommitLimit is instead calculated as:
3909
3910                  CommitLimit = overcommit_kbytes + total_swap
3911
3912              See  also  the  description of /proc/sys/vm/admin_reserve_kbytes
3913              and /proc/sys/vm/user_reserve_kbytes.
3914
3915       /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
3916              This writable file defines a percentage by which memory  can  be
3917              overcommitted.   The  default  value in the file is 50.  See the
3918              description of /proc/sys/vm/overcommit_memory.
3919
3920       /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
3921              This enables or disables a kernel panic in an out-of-memory sit‐
3922              uation.
3923
3924              If this file is set to the value 0, the kernel's OOM-killer will
3925              kill some rogue process.  Usually, the  OOM-killer  is  able  to
3926              kill a rogue process and the system will survive.
3927
3928              If  this  file  is  set to the value 1, then the kernel normally
3929              panics when out-of-memory happens.  However, if a process limits
3930              allocations  to  certain  nodes  using memory policies (mbind(2)
3931              MPOL_BIND) or cpusets (cpuset(7)) and those nodes  reach  memory
3932              exhaustion  status, one process may be killed by the OOM-killer.
3933              No panic occurs in this case: because other nodes' memory may be
3934              free,  this  means the system as a whole may not have reached an
3935              out-of-memory situation yet.
3936
3937              If this file is set to the value 2,  the  kernel  always  panics
3938              when an out-of-memory condition occurs.
3939
3940              The default value is 0.  1 and 2 are for failover of clustering.
3941              Select either according to your policy of failover.
3942
3943       /proc/sys/vm/swappiness
3944              The value in this file controls how aggressively the kernel will
3945              swap memory pages.  Higher values increase aggressiveness, lower
3946              values decrease aggressiveness.  The default value is 60.
3947
3948       /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
3949              Specifies an amount of memory (in KiB) to reserve for user  pro‐
3950              cesses,  This is intended to prevent a user from starting a sin‐
3951              gle memory hogging process, such that they cannot recover  (kill
3952              the  hog).   The  value  in  this  file  has an effect only when
3953              /proc/sys/vm/overcommit_memory is set to 2  ("overcommit  never"
3954              mode).   In  this  case, the system reserves an amount of memory
3955              that  is  the  minimum  of  [3%   of   current   process   size,
3956              user_reserve_kbytes].
3957
3958              The  default  value  in  this file is the minimum of [3% of free
3959              pages, 128MiB] expressed as KiB.
3960
3961              If the value in this file is set to zero, then a  user  will  be
3962              allowed to allocate all free memory with a single process (minus
3963              the amount reserved by /proc/sys/vm/admin_reserve_kbytes).   Any
3964              subsequent  attempts  to execute a command will result in "fork:
3965              Cannot allocate memory".
3966
3967              Changing the value in this file takes effect whenever an  appli‐
3968              cation requests memory.
3969
3970       /proc/sysrq-trigger (since Linux 2.4.21)
3971              Writing  a  character to this file triggers the same SysRq func‐
3972              tion as typing ALT-SysRq-<character>  (see  the  description  of
3973              /proc/sys/kernel/sysrq).  This file is normally writable only by
3974              root.  For further details see the Linux kernel source file Doc‐
3975              umentation/admin-guide/sysrq.rst   (or   Documentation/sysrq.txt
3976              before Linux 4.10).
3977
3978       /proc/sysvipc
3979              Subdirectory containing  the  pseudo-files  msg,  sem  and  shm.
3980              These  files  list the System V Interprocess Communication (IPC)
3981              objects (respectively: message queues,  semaphores,  and  shared
3982              memory)  that  currently  exist on the system, providing similar
3983              information to that available via  ipcs(1).   These  files  have
3984              headers  and  are  formatted  (one IPC object per line) for easy
3985              understanding.  sysvipc(7) provides further  background  on  the
3986              information shown by these files.
3987
3988       /proc/thread-self (since Linux 3.17)
3989              This directory refers to the thread accessing the /proc filesys‐
3990              tem, and is identical  to  the  /proc/self/task/[tid]  directory
3991              named by the process thread ID ([tid]) of the same thread.
3992
3993       /proc/timer_list (since Linux 2.6.21)
3994              This  read-only  file  exposes  a  list of all currently pending
3995              (high-resolution) timers, all  clock-event  sources,  and  their
3996              parameters in a human-readable form.
3997
3998       /proc/timer_stats (from  Linux 2.6.21 until Linux 4.10)
3999              This  is  a  debugging facility to make timer (ab)use in a Linux
4000              system visible to kernel and user-space developers.  It  can  be
4001              used  by  kernel  and user-space developers to verify that their
4002              code does not make undue use of timers.  The goal  is  to  avoid
4003              unnecessary wakeups, thereby optimizing power consumption.
4004
4005              If  enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
4006              has almost zero run-time overhead and a relatively  small  data-
4007              structure  overhead.  Even if collection is enabled at run time,
4008              overhead is low: all  the  locking  is  per-CPU  and  lookup  is
4009              hashed.
4010
4011              The  /proc/timer_stats  file  is  used  both to control sampling
4012              facility and to read out the sampled information.
4013
4014              The timer_stats functionality is inactive on bootup.  A sampling
4015              period can be started using the following command:
4016
4017                  # echo 1 > /proc/timer_stats
4018
4019              The following command stops a sampling period:
4020
4021                  # echo 0 > /proc/timer_stats
4022
4023              The statistics can be retrieved by:
4024
4025                  $ cat /proc/timer_stats
4026
4027              While  sampling  is enabled, each readout from /proc/timer_stats
4028              will see newly updated statistics.  Once sampling  is  disabled,
4029              the  sampled  information  is  kept until a new sample period is
4030              started.  This allows multiple readouts.
4031
4032              Sample output from /proc/timer_stats:
4033
4034    $ cat /proc/timer_stats
4035    Timer Stats Version: v0.3
4036    Sample period: 1.764 s
4037    Collection: active
4038      255,     0 swapper/3        hrtimer_start_range_ns (tick_sched_timer)
4039       71,     0 swapper/1        hrtimer_start_range_ns (tick_sched_timer)
4040       58,     0 swapper/0        hrtimer_start_range_ns (tick_sched_timer)
4041        4,  1694 gnome-shell      mod_delayed_work_on (delayed_work_timer_fn)
4042       17,     7 rcu_sched        rcu_gp_kthread (process_timeout)
4043    ...
4044        1,  4911 kworker/u16:0    mod_delayed_work_on (delayed_work_timer_fn)
4045       1D,  2522 kworker/0:0      queue_delayed_work_on (delayed_work_timer_fn)
4046    1029 total events, 583.333 events/sec
4047
4048              The output columns are:
4049
4050              *  a count of the number  of  events,  optionally  (since  Linux
4051                 2.6.23)  followed  by  the letter 'D' if this is a deferrable
4052                 timer;
4053
4054              *  the PID of the process that initialized the timer;
4055
4056              *  the name of the process that initialized the timer;
4057
4058              *  the function where the timer was initialized; and
4059
4060              *  (in parentheses) the callback  function  that  is  associated
4061                 with the timer.
4062
4063              During  the Linux 4.11 development cycle, this file  was removed
4064              because of security concerns, as it exposes  information  across
4065              namespaces.   Furthermore,  it  is  possible  to obtain the same
4066              information via in-kernel tracing facilities such as ftrace.
4067
4068       /proc/tty
4069              Subdirectory containing the pseudo-files and subdirectories  for
4070              tty drivers and line disciplines.
4071
4072       /proc/uptime
4073              This  file  contains two numbers (values in seconds): the uptime
4074              of the system (including time spent in suspend) and  the  amount
4075              of time spent in the idle process.
4076
4077       /proc/version
4078              This string identifies the kernel version that is currently run‐
4079              ning.  It  includes  the  contents  of  /proc/sys/kernel/ostype,
4080              /proc/sys/kernel/osrelease  and  /proc/sys/kernel/version.   For
4081              example:
4082
4083        Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
4084
4085       /proc/vmstat (since Linux 2.6.0)
4086              This file displays various virtual memory statistics.  Each line
4087              of  this  file  contains  a single name-value pair, delimited by
4088              white space.  Some lines are present only if the kernel was con‐
4089              figured  with  suitable  options.   (In  some cases, the options
4090              required for particular files have changed  across  kernel  ver‐
4091              sions,  so  they  are  not listed here.  Details can be found by
4092              consulting the kernel source code.)  The following fields may be
4093              present:
4094
4095              nr_free_pages (since Linux 2.6.31)
4096
4097              nr_alloc_batch (since Linux 3.12)
4098
4099              nr_inactive_anon (since Linux 2.6.28)
4100
4101              nr_active_anon (since Linux 2.6.28)
4102
4103              nr_inactive_file (since Linux 2.6.28)
4104
4105              nr_active_file (since Linux 2.6.28)
4106
4107              nr_unevictable (since Linux 2.6.28)
4108
4109              nr_mlock (since Linux 2.6.28)
4110
4111              nr_anon_pages (since Linux 2.6.18)
4112
4113              nr_mapped (since Linux 2.6.0)
4114
4115              nr_file_pages (since Linux 2.6.18)
4116
4117              nr_dirty (since Linux 2.6.0)
4118
4119              nr_writeback (since Linux 2.6.0)
4120
4121              nr_slab_reclaimable (since Linux 2.6.19)
4122
4123              nr_slab_unreclaimable (since Linux 2.6.19)
4124
4125              nr_page_table_pages (since Linux 2.6.0)
4126
4127              nr_kernel_stack (since Linux 2.6.32)
4128                     Amount of memory allocated to kernel stacks.
4129
4130              nr_unstable (since Linux 2.6.0)
4131
4132              nr_bounce (since Linux 2.6.12)
4133
4134              nr_vmscan_write (since Linux 2.6.19)
4135
4136              nr_vmscan_immediate_reclaim (since Linux 3.2)
4137
4138              nr_writeback_temp (since Linux 2.6.26)
4139
4140              nr_isolated_anon (since Linux 2.6.32)
4141
4142              nr_isolated_file (since Linux 2.6.32)
4143
4144              nr_shmem (since Linux 2.6.32)
4145                     Pages used by shmem and tmpfs(5).
4146
4147              nr_dirtied (since Linux 2.6.37)
4148
4149              nr_written (since Linux 2.6.37)
4150
4151              nr_pages_scanned (since Linux 3.17)
4152
4153              numa_hit (since Linux 2.6.18)
4154
4155              numa_miss (since Linux 2.6.18)
4156
4157              numa_foreign (since Linux 2.6.18)
4158
4159              numa_interleave (since Linux 2.6.18)
4160
4161              numa_local (since Linux 2.6.18)
4162
4163              numa_other (since Linux 2.6.18)
4164
4165              workingset_refault (since Linux 3.15)
4166
4167              workingset_activate (since Linux 3.15)
4168
4169              workingset_nodereclaim (since Linux 3.15)
4170
4171              nr_anon_transparent_hugepages (since Linux 2.6.38)
4172
4173              nr_free_cma (since Linux 3.7)
4174                     Number of free CMA (Contiguous Memory Allocator) pages.
4175
4176              nr_dirty_threshold (since Linux 2.6.37)
4177
4178              nr_dirty_background_threshold (since Linux 2.6.37)
4179
4180              pgpgin (since Linux 2.6.0)
4181
4182              pgpgout (since Linux 2.6.0)
4183
4184              pswpin (since Linux 2.6.0)
4185
4186              pswpout (since Linux 2.6.0)
4187
4188              pgalloc_dma (since Linux 2.6.5)
4189
4190              pgalloc_dma32 (since Linux 2.6.16)
4191
4192              pgalloc_normal (since Linux 2.6.5)
4193
4194              pgalloc_high (since Linux 2.6.5)
4195
4196              pgalloc_movable (since Linux 2.6.23)
4197
4198              pgfree (since Linux 2.6.0)
4199
4200              pgactivate (since Linux 2.6.0)
4201
4202              pgdeactivate (since Linux 2.6.0)
4203
4204              pgfault (since Linux 2.6.0)
4205
4206              pgmajfault (since Linux 2.6.0)
4207
4208              pgrefill_dma (since Linux 2.6.5)
4209
4210              pgrefill_dma32 (since Linux 2.6.16)
4211
4212              pgrefill_normal (since Linux 2.6.5)
4213
4214              pgrefill_high (since Linux 2.6.5)
4215
4216              pgrefill_movable (since Linux 2.6.23)
4217
4218              pgsteal_kswapd_dma (since Linux 3.4)
4219
4220              pgsteal_kswapd_dma32 (since Linux 3.4)
4221
4222              pgsteal_kswapd_normal (since Linux 3.4)
4223
4224              pgsteal_kswapd_high (since Linux 3.4)
4225
4226              pgsteal_kswapd_movable (since Linux 3.4)
4227
4228              pgsteal_direct_dma
4229
4230              pgsteal_direct_dma32 (since Linux 3.4)
4231
4232              pgsteal_direct_normal (since Linux 3.4)
4233
4234              pgsteal_direct_high (since Linux 3.4)
4235
4236              pgsteal_direct_movable (since Linux 2.6.23)
4237
4238              pgscan_kswapd_dma
4239
4240              pgscan_kswapd_dma32 (since Linux 2.6.16)
4241
4242              pgscan_kswapd_normal (since Linux 2.6.5)
4243
4244              pgscan_kswapd_high
4245
4246              pgscan_kswapd_movable (since Linux 2.6.23)
4247
4248              pgscan_direct_dma
4249
4250              pgscan_direct_dma32 (since Linux 2.6.16)
4251
4252              pgscan_direct_normal
4253
4254              pgscan_direct_high
4255
4256              pgscan_direct_movable (since Linux 2.6.23)
4257
4258              pgscan_direct_throttle (since Linux 3.6)
4259
4260              zone_reclaim_failed (since linux 2.6.31)
4261
4262              pginodesteal (since linux 2.6.0)
4263
4264              slabs_scanned (since linux 2.6.5)
4265
4266              kswapd_inodesteal (since linux 2.6.0)
4267
4268              kswapd_low_wmark_hit_quickly (since 2.6.33)
4269
4270              kswapd_high_wmark_hit_quickly (since 2.6.33)
4271
4272              pageoutrun (since Linux 2.6.0)
4273
4274              allocstall (since Linux 2.6.0)
4275
4276              pgrotated (since Linux 2.6.0)
4277
4278              drop_pagecache (since Linux 3.15)
4279
4280              drop_slab (since Linux 3.15)
4281
4282              numa_pte_updates (since Linux 3.8)
4283
4284              numa_huge_pte_updates (since Linux 3.13)
4285
4286              numa_hint_faults (since Linux 3.8)
4287
4288              numa_hint_faults_local (since Linux 3.8)
4289
4290              numa_pages_migrated (since Linux 3.8)
4291
4292              pgmigrate_success (since Linux 3.8)
4293
4294              pgmigrate_fail (since Linux 3.8)
4295
4296              compact_migrate_scanned (since Linux 3.8)
4297
4298              compact_free_scanned (since Linux 3.8)
4299
4300              compact_isolated (since Linux 3.8)
4301
4302              compact_stall (since Linux 2.6.35)
4303                     See   the   kernel   source   file   Documentation/admin-
4304                     guide/mm/transhuge.rst.
4305
4306              compact_fail (since Linux 2.6.35)
4307                     See   the   kernel   source   file   Documentation/admin-
4308                     guide/mm/transhuge.rst.
4309
4310              compact_success (since Linux 2.6.35)
4311                     See   the   kernel   source   file   Documentation/admin-
4312                     guide/mm/transhuge.rst.
4313
4314              htlb_buddy_alloc_success (since Linux 2.6.26)
4315
4316              htlb_buddy_alloc_fail (since Linux 2.6.26)
4317
4318              unevictable_pgs_culled (since Linux 2.6.28)
4319
4320              unevictable_pgs_scanned (since Linux 2.6.28)
4321
4322              unevictable_pgs_rescued (since Linux 2.6.28)
4323
4324              unevictable_pgs_mlocked (since Linux 2.6.28)
4325
4326              unevictable_pgs_munlocked (since Linux 2.6.28)
4327
4328              unevictable_pgs_cleared (since Linux 2.6.28)
4329
4330              unevictable_pgs_stranded (since Linux 2.6.28)
4331
4332              thp_fault_alloc (since Linux 2.6.39)
4333                     See   the   kernel   source   file   Documentation/admin-
4334                     guide/mm/transhuge.rst.
4335
4336              thp_fault_fallback (since Linux 2.6.39)
4337                     See   the   kernel   source   file   Documentation/admin-
4338                     guide/mm/transhuge.rst.
4339
4340              thp_collapse_alloc (since Linux 2.6.39)
4341                     See   the   kernel   source   file   Documentation/admin-
4342                     guide/mm/transhuge.rst.
4343
4344              thp_collapse_alloc_failed (since Linux 2.6.39)
4345                     See   the   kernel   source   file   Documentation/admin-
4346                     guide/mm/transhuge.rst.
4347
4348              thp_split (since Linux 2.6.39)
4349                     See   the   kernel   source   file   Documentation/admin-
4350                     guide/mm/transhuge.rst.
4351
4352              thp_zero_page_alloc (since Linux 3.8)
4353                     See   the   kernel   source   file   Documentation/admin-
4354                     guide/mm/transhuge.rst.
4355
4356              thp_zero_page_alloc_failed (since Linux 3.8)
4357                     See   the   kernel   source   file   Documentation/admin-
4358                     guide/mm/transhuge.rst.
4359
4360              balloon_inflate (since Linux 3.18)
4361
4362              balloon_deflate (since Linux 3.18)
4363
4364              balloon_migrate (since Linux 3.18)
4365
4366              nr_tlb_remote_flush (since Linux 3.12)
4367
4368              nr_tlb_remote_flush_received (since Linux 3.12)
4369
4370              nr_tlb_local_flush_all (since Linux 3.12)
4371
4372              nr_tlb_local_flush_one (since Linux 3.12)
4373
4374              vmacache_find_calls (since Linux 3.16)
4375
4376              vmacache_find_hits (since Linux 3.16)
4377
4378              vmacache_full_flushes (since Linux 3.19)
4379
4380       /proc/zoneinfo (since Linux 2.6.13)
4381              This  file display information about memory zones.  This is use‐
4382              ful for analyzing virtual memory behavior.
4383

NOTES

4385       Many files contain strings (e.g., the  environment  and  command  line)
4386       that  are  in  the  internal  format, with subfields terminated by null
4387       bytes ('\0').  When inspecting  such  files,  you  may  find  that  the
4388       results are more readable if you use a command of the following form to
4389       display them:
4390
4391           $ cat file | tr '\000' '\n'
4392
4393       This manual page is incomplete, possibly inaccurate, and is the kind of
4394       thing that needs to be updated very often.
4395

SEE ALSO

4397       cat(1), dmesg(1), find(1), free(1), htop(1), init(1), ps(1), pstree(1),
4398       tr(1),   uptime(1),   chroot(2),   mmap(2),   readlink(2),   syslog(2),
4399       slabinfo(5),   sysfs(5),   hier(7),   namespaces(7),  time(7),  arp(8),
4400       hdparm(8),  ifconfig(8),  lsmod(8),  lspci(8),  mount(8),   netstat(8),
4401       procinfo(8), route(8), sysctl(8)
4402
4403       The Linux kernel source files: Documentation/filesystems/proc.txt, Doc‐
4404       umentation/sysctl/fs.txt,  Documentation/sysctl/kernel.txt,  Documenta‐
4405       tion/sysctl/net.txt, and Documentation/sysctl/vm.txt.
4406

COLOPHON

4408       This  page  is  part of release 5.02 of the Linux man-pages project.  A
4409       description of the project, information about reporting bugs,  and  the
4410       latest     version     of     this    page,    can    be    found    at
4411       https://www.kernel.org/doc/man-pages/.
4412
4413
4414
4415Linux                             2019-08-02                           PROC(5)
Impressum