1PROC(5) Linux Programmer's Manual PROC(5)
2
6 proc - process information pseudo-filesystem
7
9 The proc filesystem is a pseudo-filesystem which provides an interface
10 to kernel data structures. It is commonly mounted at /proc. Typi‐
11 cally, it is mounted automatically by the system, but it can also be
12 mounted manually using a command such as:
13 mount -t proc proc /proc
15 Most of the files in the proc filesystem are read-only, but some files
17 are writable, allowing kernel variables to be changed.
18 Mount options
20 The proc filesystem supports the following mount options:
21 hidepid=n (since Linux 3.3)
23 This option controls who can access the information in
24 /proc/[pid] directories. The argument, n, is one of the follow‐
25 ing values:
26 0 Everybody may access all /proc/[pid] directories. This is
28 the traditional behavior, and the default if this mount
29 option is not specified.
30 1 Users may not access files and subdirectories inside any
32 /proc/[pid] directories but their own (the /proc/[pid]
33 directories themselves remain visible). Sensitive files
34 such as /proc/[pid]/cmdline and /proc/[pid]/status are now
35 protected against other users. This makes it impossible to
36 learn whether any user is running a specific program (so
37 long as the program doesn't otherwise reveal itself by its
38 behavior).
39 2 As for mode 1, but in addition the /proc/[pid] directories
41 belonging to other users become invisible. This means that
42 /proc/[pid] entries can no longer be used to discover the
43 PIDs on the system. This doesn't hide the fact that a
44 process with a specific PID value exists (it can be learned
45 by other means, for example, by "kill -0 $PID"), but it
46 hides a process's UID and GID, which could otherwise be
47 learned by employing stat(2) on a /proc/[pid] directory.
48 This greatly complicates an attacker's task of gathering
49 information about running processes (e.g., discovering
50 whether some daemon is running with elevated privileges,
51 whether another user is running some sensitive program,
52 whether other users are running any program at all, and so
53 on).
54 gid=gid (since Linux 3.3)
56 Specifies the ID of a group whose members are authorized to
57 learn process information otherwise prohibited by hidepid (i.e.,
58 users in this group behave as though /proc was mounted with
59 hidepid=0). This group should be used instead of approaches
60 such as putting nonroot users into the sudoers(5) file.
61 Overview
63 Underneath /proc, there are the following general groups of files and
64 subdirectories:
65 /proc/[pid] subdirectories
67 Each one of these subdirectories contains files and subdirecto‐
68 ries exposing information about the process with the correspond‐
69 ing process ID.
70 Underneath each of the /proc/[pid] directories, a task subdirec‐
72 tory contains subdirectories of the form task/[tid], which con‐
73 tain corresponding information about each of the threads in the
74 process, where tid is the kernel thread ID of the thread.
75 The /proc/[pid] subdirectories are visible when iterating
77 through /proc with getdents(2) (and thus are visible when one
78 uses ls(1) to view the contents of /proc).
79 /proc/[tid] subdirectories
81 Each one of these subdirectories contains files and subdirecto‐
82 ries exposing information about the thread with the correspond‐
83 ing thread ID. The contents of these directories are the same
84 as the corresponding /proc/[pid]/task/[tid] directories.
85 The /proc/[tid] subdirectories are not visible when iterating
87 through /proc with getdents(2) (and thus are not visible when
88 one uses ls(1) to view the contents of /proc).
89 /proc/self
91 When a process accesses this magic symbolic link, it resolves to
92 the process's own /proc/[pid] directory.
93 /proc/thread-self
95 When a thread accesses this magic symbolic link, it resolves to
96 the process's own /proc/self/task/[tid] directory.
97 /proc/[a-z]*
99 Various other files and subdirectories under /proc expose sys‐
100 tem-wide information.
101 All of the above are described in more detail below.
103 Files and directories
105 The following list provides details of many of the files and directo‐
106 ries under the /proc hierarchy.
107 /proc/[pid]
109 There is a numerical subdirectory for each running process; the
110 subdirectory is named by the process ID. Each /proc/[pid] sub‐
111 directory contains the pseudo-files and directories described
112 below.
113 The files inside each /proc/[pid] directory are normally owned
115 by the effective user and effective group ID of the process.
116 However, as a security measure, the ownership is made root:root
117 if the process's "dumpable" attribute is set to a value other
118 than 1.
119 Before Linux 4.11, root:root meant the "global" root user ID and
121 group ID (i.e., UID 0 and GID 0 in the initial user namespace).
122 Since Linux 4.11, if the process is in a noninitial user names‐
123 pace that has a valid mapping for user (group) ID 0 inside the
124 namespace, then the user (group) ownership of the files under
125 /proc/[pid] is instead made the same as the root user (group) ID
126 of the namespace. This means that inside a container, things
127 work as expected for the container "root" user.
128 The process's "dumpable" attribute may change for the following
130 reasons:
131 * The attribute was explicitly set via the prctl(2)
133 PR_SET_DUMPABLE operation.
134 * The attribute was reset to the value in the file
136 /proc/sys/fs/suid_dumpable (described below), for the reasons
137 described in prctl(2).
138 Resetting the "dumpable" attribute to 1 reverts the ownership of
140 the /proc/[pid]/* files to the process's effective UID and GID.
141 /proc/[pid]/attr
143 The files in this directory provide an API for security modules.
144 The contents of this directory are files that can be read and
145 written in order to set security-related attributes. This
146 directory was added to support SELinux, but the intention was
147 that the API be general enough to support other security mod‐
148 ules. For the purpose of explanation, examples of how SELinux
149 uses these files are provided below.
150 This directory is present only if the kernel was configured with
152 CONFIG_SECURITY.
153 /proc/[pid]/attr/current (since Linux 2.6.0)
155 The contents of this file represent the current security
156 attributes of the process.
157 In SELinux, this file is used to get the security context of a
159 process. Prior to Linux 2.6.11, this file could not be used to
160 set the security context (a write was always denied), since
161 SELinux limited process security transitions to execve(2) (see
162 the description of /proc/[pid]/attr/exec, below). Since Linux
163 2.6.11, SELinux lifted this restriction and began supporting
164 "set" operations via writes to this node if authorized by pol‐
165 icy, although use of this operation is only suitable for appli‐
166 cations that are trusted to maintain any desired separation
167 between the old and new security contexts.
168 Prior to Linux 2.6.28, SELinux did not allow threads within a
170 multi-threaded process to set their security context via this
171 node as it would yield an inconsistency among the security con‐
172 texts of the threads sharing the same memory space. Since Linux
173 2.6.28, SELinux lifted this restriction and began supporting
174 "set" operations for threads within a multithreaded process if
175 the new security context is bounded by the old security context,
176 where the bounded relation is defined in policy and guarantees
177 that the new security context has a subset of the permissions of
178 the old security context.
179 Other security modules may choose to support "set" operations
181 via writes to this node.
182 /proc/[pid]/attr/exec (since Linux 2.6.0)
184 This file represents the attributes to assign to the process
185 upon a subsequent execve(2).
186 In SELinux, this is needed to support role/domain transitions,
188 and execve(2) is the preferred point to make such transitions
189 because it offers better control over the initialization of the
190 process in the new security label and the inheritance of state.
191 In SELinux, this attribute is reset on execve(2) so that the new
192 program reverts to the default behavior for any execve(2) calls
193 that it may make. In SELinux, a process can set only its own
194 /proc/[pid]/attr/exec attribute.
195 /proc/[pid]/attr/fscreate (since Linux 2.6.0)
197 This file represents the attributes to assign to files created
198 by subsequent calls to open(2), mkdir(2), symlink(2), and
199 mknod(2)
200 SELinux employs this file to support creation of a file (using
202 the aforementioned system calls) in a secure state, so that
203 there is no risk of inappropriate access being obtained between
204 the time of creation and the time that attributes are set. In
205 SELinux, this attribute is reset on execve(2), so that the new
206 program reverts to the default behavior for any file creation
207 calls it may make, but the attribute will persist across multi‐
208 ple file creation calls within a program unless it is explicitly
209 reset. In SELinux, a process can set only its own
210 /proc/[pid]/attr/fscreate attribute.
211 /proc/[pid]/attr/keycreate (since Linux 2.6.18)
213 If a process writes a security context into this file, all sub‐
214 sequently created keys (add_key(2)) will be labeled with this
215 context. For further information, see the kernel source file
216 Documentation/security/keys/core.rst (or file Documenta‐
217 tion/security/keys.txt on Linux between 3.0 and 4.13, or Docu‐
218 mentation/keys.txt before Linux 3.0).
219 /proc/[pid]/attr/prev (since Linux 2.6.0)
221 This file contains the security context of the process before
222 the last execve(2); that is, the previous value of
223 /proc/[pid]/attr/current.
224 /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
226 If a process writes a security context into this file, all sub‐
227 sequently created sockets will be labeled with this context.
228 /proc/[pid]/autogroup (since Linux 2.6.38)
230 See sched(7).
231 /proc/[pid]/auxv (since 2.6.0)
233 This contains the contents of the ELF interpreter information
234 passed to the process at exec time. The format is one unsigned
235 long ID plus one unsigned long value for each entry. The last
236 entry contains two zeros. See also getauxval(3).
237 Permission to access this file is governed by a ptrace access
239 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
240 /proc/[pid]/cgroup (since Linux 2.6.24)
242 See cgroups(7).
243 /proc/[pid]/clear_refs (since Linux 2.6.22)
245 This is a write-only file, writable only by owner of the
247 process.
248 The following values may be written to the file:
250 1 (since Linux 2.6.22)
252 Reset the PG_Referenced and ACCESSED/YOUNG bits for all
253 the pages associated with the process. (Before kernel
254 2.6.32, writing any nonzero value to this file had this
255 effect.)
256 2 (since Linux 2.6.32)
258 Reset the PG_Referenced and ACCESSED/YOUNG bits for all
259 anonymous pages associated with the process.
260 3 (since Linux 2.6.32)
262 Reset the PG_Referenced and ACCESSED/YOUNG bits for all
263 file-mapped pages associated with the process.
264 Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a
266 method to measure approximately how much memory a process is
267 using. One first inspects the values in the "Referenced" fields
268 for the VMAs shown in /proc/[pid]/smaps to get an idea of the
269 memory footprint of the process. One then clears the PG_Refer‐
270 enced and ACCESSED/YOUNG bits and, after some measured time
271 interval, once again inspects the values in the "Referenced"
272 fields to get an idea of the change in memory footprint of the
273 process during the measured interval. If one is interested only
274 in inspecting the selected mapping types, then the value 2 or 3
275 can be used instead of 1.
276 Further values can be written to affect different properties:
278 4 (since Linux 3.11)
280 Clear the soft-dirty bit for all the pages associated
281 with the process. This is used (in conjunction with
282 /proc/[pid]/pagemap) by the check-point restore system to
283 discover which pages of a process have been dirtied since
284 the file /proc/[pid]/clear_refs was written to.
285 5 (since Linux 4.0)
287 Reset the peak resident set size ("high water mark") to
288 the process's current resident set size value.
289 Writing any value to /proc/[pid]/clear_refs other than those
291 listed above has no effect.
292 The /proc/[pid]/clear_refs file is present only if the CON‐
294 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
295 /proc/[pid]/cmdline
297 This read-only file holds the complete command line for the
298 process, unless the process is a zombie. In the latter case,
299 there is nothing in this file: that is, a read on this file will
300 return 0 characters. The command-line arguments appear in this
301 file as a set of strings separated by null bytes ('\0'), with a
302 further null byte after the last string.
303 /proc/[pid]/comm (since Linux 2.6.33)
305 This file exposes the process's comm value—that is, the command
306 name associated with the process. Different threads in the same
307 process may have different comm values, accessible via
308 /proc/[pid]/task/[tid]/comm. A thread may modify its comm
309 value, or that of any of other thread in the same thread group
310 (see the discussion of CLONE_THREAD in clone(2)), by writing to
311 the file /proc/self/task/[tid]/comm. Strings longer than
312 TASK_COMM_LEN (16) characters are silently truncated.
313 This file provides a superset of the prctl(2) PR_SET_NAME and
315 PR_GET_NAME operations, and is employed by pthread_setname_np(3)
316 when used to rename threads other than the caller.
317 /proc/[pid]/coredump_filter (since Linux 2.6.23)
319 See core(5).
320 /proc/[pid]/cpuset (since Linux 2.6.12)
322 See cpuset(7).
323 /proc/[pid]/cwd
325 This is a symbolic link to the current working directory of the
326 process. To find out the current working directory of process
327 20, for instance, you can do this:
328 $ cd /proc/20/cwd; /bin/pwd
330 Note that the pwd command is often a shell built-in, and might
332 not work properly. In bash(1), you may use pwd -P.
333 In a multithreaded process, the contents of this symbolic link
335 are not available if the main thread has already terminated
336 (typically by calling pthread_exit(3)).
337 Permission to dereference or read (readlink(2)) this symbolic
339 link is governed by a ptrace access mode
340 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
341 /proc/[pid]/environ
343 This file contains the initial environment that was set when the
344 currently executing program was started via execve(2). The
345 entries are separated by null bytes ('\0'), and there may be a
346 null byte at the end. Thus, to print out the environment of
347 process 1, you would do:
348 $ cat /proc/1/environ | tr '\000' '\n'
350 If, after an execve(2), the process modifies its environment
352 (e.g., by calling functions such as putenv(3) or modifying the
353 environ(7) variable directly), this file will not reflect those
354 changes.
355 Furthermore, a process may change the memory location that this
357 file refers via prctl(2) operations such as PR_SET_MM_ENV_START.
358 Permission to access this file is governed by a ptrace access
360 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
361 /proc/[pid]/exe
363 Under Linux 2.2 and later, this file is a symbolic link contain‐
364 ing the actual pathname of the executed command. This symbolic
365 link can be dereferenced normally; attempting to open it will
366 open the executable. You can even type /proc/[pid]/exe to run
367 another copy of the same executable that is being run by process
368 [pid]. If the pathname has been unlinked, the symbolic link
369 will contain the string '(deleted)' appended to the original
370 pathname. In a multithreaded process, the contents of this sym‐
371 bolic link are not available if the main thread has already ter‐
372 minated (typically by calling pthread_exit(3)).
373 Permission to dereference or read (readlink(2)) this symbolic
375 link is governed by a ptrace access mode
376 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
377 Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the
379 binary which was executed, and appears as a symbolic link. A
380 readlink(2) call on this file under Linux 2.0 returns a string
381 in the format:
382 [device]:inode
384 For example, [0301]:1502 would be inode 1502 on device major 03
386 (IDE, MFM, etc. drives) minor 01 (first partition on the first
387 drive).
388 find(1) with the -inum option can be used to locate the file.
390 /proc/[pid]/fd/
392 This is a subdirectory containing one entry for each file which
393 the process has open, named by its file descriptor, and which is
394 a symbolic link to the actual file. Thus, 0 is standard input,
395 1 standard output, 2 standard error, and so on.
396 For file descriptors for pipes and sockets, the entries will be
398 symbolic links whose content is the file type with the inode. A
399 readlink(2) call on this file returns a string in the format:
400 type:[inode]
402 For example, socket:[2248868] will be a socket and its inode is
404 2248868. For sockets, that inode can be used to find more
405 information in one of the files under /proc/net/.
406 For file descriptors that have no corresponding inode (e.g.,
408 file descriptors produced by bpf(2), epoll_create(2),
409 eventfd(2), inotify_init(2), perf_event_open(2), signalfd(2),
410 timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
411 bolic link with contents of the form
412 anon_inode:<file-type>
414 In many cases (but not all), the file-type is surrounded by
416 square brackets.
417 For example, an epoll file descriptor will have a symbolic link
419 whose content is the string anon_inode:[eventpoll].
420 In a multithreaded process, the contents of this directory are
422 not available if the main thread has already terminated (typi‐
423 cally by calling pthread_exit(3)).
424 Programs that take a filename as a command-line argument, but
426 don't take input from standard input if no argument is supplied,
427 and programs that write to a file named as a command-line argu‐
428 ment, but don't send their output to standard output if no argu‐
429 ment is supplied, can nevertheless be made to use standard input
430 or standard output by using /proc/[pid]/fd files as command-line
431 arguments. For example, assuming that -i is the flag designat‐
432 ing an input file and -o is the flag designating an output file:
433 $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
435 and you have a working filter.
437 /proc/self/fd/N is approximately the same as /dev/fd/N in some
439 UNIX and UNIX-like systems. Most Linux MAKEDEV scripts symboli‐
440 cally link /dev/fd to /proc/self/fd, in fact.
441 Most systems provide symbolic links /dev/stdin, /dev/stdout, and
443 /dev/stderr, which respectively link to the files 0, 1, and 2 in
444 /proc/self/fd. Thus the example command above could be written
445 as:
446 $ foobar -i /dev/stdin -o /dev/stdout ...
448 Permission to dereference or read (readlink(2)) the symbolic
450 links in this directory is governed by a ptrace access mode
451 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
452 Note that for file descriptors referring to inodes (pipes and
454 sockets, see above), those inodes still have permission bits and
455 ownership information distinct from those of the /proc/[pid]/fd
456 entry, and that the owner may differ from the user and group IDs
457 of the process. An unprivileged process may lack permissions to
458 open them, as in this example:
459 $ echo test | sudo -u nobody cat
461 test
462 $ echo test | sudo -u nobody cat /proc/self/fd/0
463 cat: /proc/self/fd/0: Permission denied
464 File descriptor 0 refers to the pipe created by the shell and
466 owned by that shell's user, which is not nobody, so cat does not
467 have permission to create a new file descriptor to read from
468 that inode, even though it can still read from its existing file
469 descriptor 0.
470 /proc/[pid]/fdinfo/ (since Linux 2.6.22)
472 This is a subdirectory containing one entry for each file which
473 the process has open, named by its file descriptor. The files
474 in this directory are readable only by the owner of the process.
475 The contents of each file can be read to obtain information
476 about the corresponding file descriptor. The content depends on
477 the type of file referred to by the corresponding file descrip‐
478 tor.
479 For regular files and directories, we see something like:
481 $ cat /proc/12015/fdinfo/4
483 pos: 1000
484 flags: 01002002
485 mnt_id: 21
486 The fields are as follows:
488 pos This is a decimal number showing the file offset.
490 flags This is an octal number that displays the file access
492 mode and file status flags (see open(2)). If the close-
493 on-exec file descriptor flag is set, then flags will also
494 include the value O_CLOEXEC.
495 Before Linux 3.1, this field incorrectly displayed the
497 setting of O_CLOEXEC at the time the file was opened,
498 rather than the current setting of the close-on-exec
499 flag.
500 mnt_id This field, present since Linux 3.15, is the ID of the
502 mount point containing this file. See the description of
503 /proc/[pid]/mountinfo.
504 For eventfd file descriptors (see eventfd(2)), we see (since
506 Linux 3.8) the following fields:
507 pos: 0
509 flags: 02
510 mnt_id: 10
511 eventfd-count: 40
512 eventfd-count is the current value of the eventfd counter, in
514 hexadecimal.
515 For epoll file descriptors (see epoll(7)), we see (since Linux
517 3.8) the following fields:
518 pos: 0
520 flags: 02
521 mnt_id: 10
522 tfd: 9 events: 19 data: 74253d2500000009
523 tfd: 7 events: 19 data: 74253d2500000007
524 Each of the lines beginning tfd describes one of the file
526 descriptors being monitored via the epoll file descriptor (see
527 epoll_ctl(2) for some details). The tfd field is the number of
528 the file descriptor. The events field is a hexadecimal mask of
529 the events being monitored for this file descriptor. The data
530 field is the data value associated with this file descriptor.
531 For signalfd file descriptors (see signalfd(2)), we see (since
533 Linux 3.8) the following fields:
534 pos: 0
536 flags: 02
537 mnt_id: 10
538 sigmask: 0000000000000006
539 sigmask is the hexadecimal mask of signals that are accepted via
541 this signalfd file descriptor. (In this example, bits 2 and 3
542 are set, corresponding to the signals SIGINT and SIGQUIT; see
543 signal(7).)
544 For inotify file descriptors (see inotify(7)), we see (since
546 Linux 3.8) the following fields:
547 pos: 0
549 flags: 00
550 mnt_id: 11
551 inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
552 inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
553 Each of the lines beginning with "inotify" displays information
555 about one file or directory that is being monitored. The fields
556 in this line are as follows:
557 wd A watch descriptor number (in decimal).
559 ino The inode number of the target file (in hexadecimal).
561 sdev The ID of the device where the target file resides (in
563 hexadecimal).
564 mask The mask of events being monitored for the target file
566 (in hexadecimal).
567 If the kernel was built with exportfs support, the path to the
569 target file is exposed as a file handle, via three hexadecimal
570 fields: fhandle-bytes, fhandle-type, and f_handle.
571 For fanotify file descriptors (see fanotify(7)), we see (since
573 Linux 3.8) the following fields:
574 pos: 0
576 flags: 02
577 mnt_id: 11
578 fanotify flags:0 event-flags:88002
579 fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
580 The fourth line displays information defined when the fanotify
582 group was created via fanotify_init(2):
583 flags The flags argument given to fanotify_init(2) (expressed
585 in hexadecimal).
586 event-flags
588 The event_f_flags argument given to fanotify_init(2)
589 (expressed in hexadecimal).
590 Each additional line shown in the file contains information
592 about one of the marks in the fanotify group. Most of these
593 fields are as for inotify, except:
594 mflags The flags associated with the mark (expressed in hexadec‐
596 imal).
597 mask The events mask for this mark (expressed in hexadecimal).
599 ignored_mask
601 The mask of events that are ignored for this mark
602 (expressed in hexadecimal).
603 For details on these fields, see fanotify_mark(2).
605 For timerfd file descriptors (see timerfd(2)), we see (since
607 Linux 3.17) the following fields:
608 pos: 0
610 flags: 02004002
611 mnt_id: 13
612 clockid: 0
613 ticks: 0
614 settime flags: 03
615 it_value: (7695568592, 640020877)
616 it_interval: (0, 0)
617 clockid
619 This is the numeric value of the clock ID (corresponding
620 to one of the CLOCK_* constants defined via <time.h>)
621 that is used to mark the progress of the timer (in this
622 example, 0 is CLOCK_REALTIME).
623 ticks This is the number of timer expirations that have
625 occurred, (i.e., the value that read(2) on it would
626 return).
627 settime flags
629 This field lists the flags with which the timerfd was
630 last armed (see timerfd_settime(2)), in octal (in this
631 example, both TFD_TIMER_ABSTIME and TFD_TIMER_CAN‐
632 CEL_ON_SET are set).
633 it_value
635 This field contains the amount of time until the timer
636 will next expire, expressed in seconds and nanoseconds.
637 This is always expressed as a relative value, regardless
638 of whether the timer was created using the
639 TFD_TIMER_ABSTIME flag.
640 it_interval
642 This field contains the interval of the timer, in seconds
643 and nanoseconds. (The it_value and it_interval fields
644 contain the values that timerfd_gettime(2) on this file
645 descriptor would return.)
646 /proc/[pid]/gid_map (since Linux 3.5)
648 See user_namespaces(7).
649 /proc/[pid]/io (since kernel 2.6.20)
651 This file contains I/O statistics for the process, for example:
652 # cat /proc/3828/io
654 rchar: 323934931
655 wchar: 323929600
656 syscr: 632687
657 syscw: 632675
658 read_bytes: 0
659 write_bytes: 323932160
660 cancelled_write_bytes: 0
661 The fields are as follows:
663 rchar: characters read
665 The number of bytes which this task has caused to be read
666 from storage. This is simply the sum of bytes which this
667 process passed to read(2) and similar system calls. It
668 includes things such as terminal I/O and is unaffected by
669 whether or not actual physical disk I/O was required (the
670 read might have been satisfied from pagecache).
671 wchar: characters written
673 The number of bytes which this task has caused, or shall
674 cause to be written to disk. Similar caveats apply here
675 as with rchar.
676 syscr: read syscalls
678 Attempt to count the number of read I/O operations—that
679 is, system calls such as read(2) and pread(2).
680 syscw: write syscalls
682 Attempt to count the number of write I/O operations—that
683 is, system calls such as write(2) and pwrite(2).
684 read_bytes: bytes read
686 Attempt to count the number of bytes which this process
687 really did cause to be fetched from the storage layer.
688 This is accurate for block-backed filesystems.
689 write_bytes: bytes written
691 Attempt to count the number of bytes which this process
692 caused to be sent to the storage layer.
693 cancelled_write_bytes:
695 The big inaccuracy here is truncate. If a process writes
696 1MB to a file and then deletes the file, it will in fact
697 perform no writeout. But it will have been accounted as
698 having caused 1MB of write. In other words: this field
699 represents the number of bytes which this process caused
700 to not happen, by truncating pagecache. A task can cause
701 "negative" I/O too. If this task truncates some dirty
702 pagecache, some I/O which another task has been accounted
703 for (in its write_bytes) will not be happening.
704 Note: In the current implementation, things are a bit racy on
706 32-bit systems: if process A reads process B's /proc/[pid]/io
707 while process B is updating one of these 64-bit counters,
708 process A could see an intermediate result.
709 Permission to access this file is governed by a ptrace access
711 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
712 /proc/[pid]/limits (since Linux 2.6.24)
714 This file displays the soft limit, hard limit, and units of mea‐
715 surement for each of the process's resource limits (see getr‐
716 limit(2)). Up to and including Linux 2.6.35, this file is pro‐
717 tected to allow reading only by the real UID of the process.
718 Since Linux 2.6.36, this file is readable by all users on the
719 system.
720 /proc/[pid]/map_files/ (since kernel 3.3)
722 This subdirectory contains entries corresponding to memory-
723 mapped files (see mmap(2)). Entries are named by memory region
724 start and end address pair (expressed as hexadecimal numbers),
725 and are symbolic links to the mapped files themselves. Here is
726 an example, with the output wrapped and reformatted to fit on an
727 80-column display:
728 # ls -l /proc/self/map_files/
730 lr--------. 1 root root 64 Apr 16 21:31
731 3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
732 ...
733 Although these entries are present for memory regions that were
735 mapped with the MAP_FILE flag, the way anonymous shared memory
736 (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
737 mented in Linux means that such regions also appear on this
738 directory. Here is an example where the target file is the
739 deleted /dev/zero one:
740 lrw-------. 1 root root 64 Apr 16 21:33
742 7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
743 This directory appears only if the CONFIG_CHECKPOINT_RESTORE
745 kernel configuration option is enabled. Privilege
746 (CAP_SYS_ADMIN) is required to view the contents of this direc‐
747 tory.
748 /proc/[pid]/maps
750 A file containing the currently mapped memory regions and their
751 access permissions. See mmap(2) for some further information
752 about memory mappings.
753 Permission to access this file is governed by a ptrace access
755 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
756 The format of the file is:
758 address perms offset dev inode pathname
760 00400000-00452000 r-xp 00000000 08:02 173521 /usr/bin/dbus-daemon
761 00651000-00652000 r--p 00051000 08:02 173521 /usr/bin/dbus-daemon
762 00652000-00655000 rw-p 00052000 08:02 173521 /usr/bin/dbus-daemon
763 00e03000-00e24000 rw-p 00000000 00:00 0 [heap]
764 00e24000-011f7000 rw-p 00000000 00:00 0 [heap]
765 ...
766 35b1800000-35b1820000 r-xp 00000000 08:02 135522 /usr/lib64/ld-2.15.so
767 35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522 /usr/lib64/ld-2.15.so
768 35b1a20000-35b1a21000 rw-p 00020000 08:02 135522 /usr/lib64/ld-2.15.so
769 35b1a21000-35b1a22000 rw-p 00000000 00:00 0
770 35b1c00000-35b1dac000 r-xp 00000000 08:02 135870 /usr/lib64/libc-2.15.so
771 35b1dac000-35b1fac000 ---p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
772 35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
773 35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870 /usr/lib64/libc-2.15.so
774 ...
775 f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0 [stack:986]
776 ...
777 7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0 [stack]
778 7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0 [vdso]
779 The address field is the address space in the process that the
781 mapping occupies. The perms field is a set of permissions:
782 r = read
784 w = write
785 x = execute
786 s = shared
787 p = private (copy on write)
788 The offset field is the offset into the file/whatever; dev is
790 the device (major:minor); inode is the inode on that device. 0
791 indicates that no inode is associated with the memory region, as
792 would be the case with BSS (uninitialized data).
793 The pathname field will usually be the file that is backing the
795 mapping. For ELF files, you can easily coordinate with the off‐
796 set field by looking at the Offset field in the ELF program
797 headers (readelf -l).
798 There are additional helpful pseudo-paths:
800 [stack]
802 The initial process's (also known as the main
803 thread's) stack.
804 [stack:<tid>] (from Linux 3.4 to 4.4)
806 A thread's stack (where the <tid> is a thread ID).
807 It corresponds to the /proc/[pid]/task/[tid]/ path.
808 This field was removed in Linux 4.5, since providing
809 this information for a process with large numbers of
810 threads is expensive.
811 [vdso] The virtual dynamically linked shared object. See
813 vdso(7).
814 [heap] The process's heap.
816 If the pathname field is blank, this is an anonymous mapping as
818 obtained via mmap(2). There is no easy way to coordinate this
819 back to a process's source, short of running it through gdb(1),
820 strace(1), or similar.
821 pathname is shown unescaped except for newline characters, which
823 are replaced with an octal escape sequence. As a result, it is
824 not possible to determine whether the original pathname con‐
825 tained a newline character or the literal \e012 character
826 sequence.
827 If the mapping is file-backed and the file has been deleted, the
829 string " (deleted)" is appended to the pathname. Note that this
830 is ambiguous too.
831 Under Linux 2.0, there is no field giving pathname.
833 /proc/[pid]/mem
835 This file can be used to access the pages of a process's memory
836 through open(2), read(2), and lseek(2).
837 Permission to access this file is governed by a ptrace access
839 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
840 /proc/[pid]/mountinfo (since Linux 2.6.26)
842 This file contains information about mount points in the
843 process's mount namespace (see mount_namespaces(7)). It sup‐
844 plies various information (e.g., propagation state, root of
845 mount for bind mounts, identifier for each mount and its parent)
846 that is missing from the (older) /proc/[pid]/mounts file, and
847 fixes various other problems with that file (e.g., nonextensi‐
848 bility, failure to distinguish per-mount versus per-superblock
849 options).
850 The file contains lines of the form:
85236 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
854(1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11)
855 The numbers in parentheses are labels for the descriptions
857 below:
858 (1) mount ID: a unique ID for the mount (may be reused after
860 umount(2)).
861 (2) parent ID: the ID of the parent mount (or of self for the
863 root of this mount namespace's mount tree).
864 If a new mount is stacked on top of a previous existing
866 mount (so that it hides the existing mount) at pathname P,
867 then the parent of the new mount is the previous mount at
868 that location. Thus, when looking at all the mounts
869 stacked at a particular location, the top-most mount is the
870 one that is not the parent of any other mount at the same
871 location. (Note, however, that this top-most mount will be
872 accessible only if the longest path subprefix of P that is
873 a mount point is not itself hidden by a stacked mount.)
874 If the parent mount point lies outside the process's root
876 directory (see chroot(2)), the ID shown here won't have a
877 corresponding record in mountinfo whose mount ID (field 1)
878 matches this parent mount ID (because mount points that lie
879 outside the process's root directory are not shown in
880 mountinfo). As a special case of this point, the process's
881 root mount point may have a parent mount (for the initramfs
882 filesystem) that lies outside the process's root directory,
883 and an entry for that mount point will not appear in
884 mountinfo.
885 (3) major:minor: the value of st_dev for files on this filesys‐
887 tem (see stat(2)).
888 (4) root: the pathname of the directory in the filesystem which
890 forms the root of this mount.
891 (5) mount point: the pathname of the mount point relative to
893 the process's root directory.
894 (6) mount options: per-mount options (see mount(2)).
896 (7) optional fields: zero or more fields of the form
898 "tag[:value]"; see below.
899 (8) separator: the end of the optional fields is marked by a
901 single hyphen.
902 (9) filesystem type: the filesystem type in the form
904 "type[.subtype]".
905 (10) mount source: filesystem-specific information or "none".
907 (11) super options: per-superblock options (see mount(2)).
909 Currently, the possible optional fields are shared, master,
911 propagate_from, and unbindable. See mount_namespaces(7) for a
912 description of these fields. Parsers should ignore all unrecog‐
913 nized optional fields.
914 For more information on mount propagation see: Documenta‐
916 tion/filesystems/sharedsubtree.txt in the Linux kernel source
917 tree.
918 /proc/[pid]/mounts (since Linux 2.4.19)
920 This file lists all the filesystems currently mounted in the
921 process's mount namespace (see mount_namespaces(7)). The format
922 of this file is documented in fstab(5).
923 Since kernel version 2.6.15, this file is pollable: after open‐
925 ing the file for reading, a change in this file (i.e., a
926 filesystem mount or unmount) causes select(2) to mark the file
927 descriptor as having an exceptional condition, and poll(2) and
928 epoll_wait(2) mark the file as having a priority event (POLL‐
929 PRI). (Before Linux 2.6.30, a change in this file was indicated
930 by the file descriptor being marked as readable for select(2),
931 and being marked as having an error condition for poll(2) and
932 epoll_wait(2).)
933 /proc/[pid]/mountstats (since Linux 2.6.17)
935 This file exports information (statistics, configuration infor‐
936 mation) about the mount points in the process's mount namespace
937 (see mount_namespaces(7)). Lines in this file have the form:
938 device /dev/sda7 mounted on /home with fstype ext3 [statistics]
940 ( 1 ) ( 2 ) (3 ) (4)
941 The fields in each line are:
943 (1) The name of the mounted device (or "nodevice" if there is
945 no corresponding device).
946 (2) The mount point within the filesystem tree.
948 (3) The filesystem type.
950 (4) Optional statistics and configuration information. Cur‐
952 rently (as at Linux 2.6.26), only NFS filesystems export
953 information via this field.
954 This file is readable only by the owner of the process.
956 /proc/[pid]/net (since Linux 2.6.25)
958 See the description of /proc/net.
959 /proc/[pid]/ns/ (since Linux 3.0)
961 This is a subdirectory containing one entry for each namespace
962 that supports being manipulated by setns(2). For more informa‐
963 tion, see namespaces(7).
964 /proc/[pid]/numa_maps (since Linux 2.6.14)
966 See numa(7).
967 /proc/[pid]/oom_adj (since Linux 2.6.11)
969 This file can be used to adjust the score used to select which
970 process should be killed in an out-of-memory (OOM) situation.
971 The kernel uses this value for a bit-shift operation of the
972 process's oom_score value: valid values are in the range -16 to
973 +15, plus the special value -17, which disables OOM-killing
974 altogether for this process. A positive score increases the
975 likelihood of this process being killed by the OOM-killer; a
976 negative score decreases the likelihood.
977 The default value for this file is 0; a new process inherits its
979 parent's oom_adj setting. A process must be privileged
980 (CAP_SYS_RESOURCE) to update this file.
981 Since Linux 2.6.36, use of this file is deprecated in favor of
983 /proc/[pid]/oom_score_adj.
984 /proc/[pid]/oom_score (since Linux 2.6.11)
986 This file displays the current score that the kernel gives to
987 this process for the purpose of selecting a process for the OOM-
988 killer. A higher score means that the process is more likely to
989 be selected by the OOM-killer. The basis for this score is the
990 amount of memory used by the process, with increases (+) or
991 decreases (-) for factors including:
992 * whether the process is privileged (-).
994 Before kernel 2.6.36 the following factors were also used in the
996 calculation of oom_score:
997 * whether the process creates a lot of children using fork(2)
999 (+);
1000 * whether the process has been running a long time, or has used
1002 a lot of CPU time (-);
1003 * whether the process has a low nice value (i.e., > 0) (+); and
1005 * whether the process is making direct hardware access (-).
1007 The oom_score also reflects the adjustment specified by the
1009 oom_score_adj or oom_adj setting for the process.
1010 /proc/[pid]/oom_score_adj (since Linux 2.6.36)
1012 This file can be used to adjust the badness heuristic used to
1013 select which process gets killed in out-of-memory conditions.
1014 The badness heuristic assigns a value to each candidate task
1016 ranging from 0 (never kill) to 1000 (always kill) to determine
1017 which process is targeted. The units are roughly a proportion
1018 along that range of allowed memory the process may allocate
1019 from, based on an estimation of its current memory and swap use.
1020 For example, if a task is using all allowed memory, its badness
1021 score will be 1000. If it is using half of its allowed memory,
1022 its score will be 500.
1023 There is an additional factor included in the badness score:
1025 root processes are given 3% extra memory over other tasks.
1026 The amount of "allowed" memory depends on the context in which
1028 the OOM-killer was called. If it is due to the memory assigned
1029 to the allocating task's cpuset being exhausted, the allowed
1030 memory represents the set of mems assigned to that cpuset (see
1031 cpuset(7)). If it is due to a mempolicy's node(s) being
1032 exhausted, the allowed memory represents the set of mempolicy
1033 nodes. If it is due to a memory limit (or swap limit) being
1034 reached, the allowed memory is that configured limit. Finally,
1035 if it is due to the entire system being out of memory, the
1036 allowed memory represents all allocatable resources.
1037 The value of oom_score_adj is added to the badness score before
1039 it is used to determine which task to kill. Acceptable values
1040 range from -1000 (OOM_SCORE_ADJ_MIN) to +1000
1041 (OOM_SCORE_ADJ_MAX). This allows user space to control the
1042 preference for OOM-killing, ranging from always preferring a
1043 certain task or completely disabling it from OOM killing. The
1044 lowest possible value, -1000, is equivalent to disabling OOM-
1045 killing entirely for that task, since it will always report a
1046 badness score of 0.
1047 Consequently, it is very simple for user space to define the
1049 amount of memory to consider for each task. Setting an
1050 oom_score_adj value of +500, for example, is roughly equivalent
1051 to allowing the remainder of tasks sharing the same system,
1052 cpuset, mempolicy, or memory controller resources to use at
1053 least 50% more memory. A value of -500, on the other hand,
1054 would be roughly equivalent to discounting 50% of the task's
1055 allowed memory from being considered as scoring against the
1056 task.
1057 For backward compatibility with previous kernels,
1059 /proc/[pid]/oom_adj can still be used to tune the badness score.
1060 Its value is scaled linearly with oom_score_adj.
1061 Writing to /proc/[pid]/oom_score_adj or /proc/[pid]/oom_adj will
1063 change the other with its scaled value.
1064 The choom(1) program provides a command-line interface for
1066 adjusting the oom_score_adj value of a running process or a
1067 newly executed command.
1068 /proc/[pid]/pagemap (since Linux 2.6.25)
1070 This file shows the mapping of each of the process's virtual
1071 pages into physical page frames or swap area. It contains one
1072 64-bit value for each virtual page, with the bits set as fol‐
1073 lows:
1074 63 If set, the page is present in RAM.
1076 62 If set, the page is in swap space
1078 61 (since Linux 3.5)
1080 The page is a file-mapped page or a shared anonymous
1081 page.
1082 60–57 (since Linux 3.11)
1084 Zero
1085 56 (since Linux 4.2)
1087 The page is exclusively mapped.
1088 55 (since Linux 3.11)
1090 PTE is soft-dirty (see the kernel source file Docu‐
1091 mentation/admin-guide/mm/soft-dirty.rst).
1092 54–0 If the page is present in RAM (bit 63), then these
1094 bits provide the page frame number, which can be
1095 used to index /proc/kpageflags and /proc/kpagecount.
1096 If the page is present in swap (bit 62), then bits
1097 4–0 give the swap type, and bits 54–5 encode the
1098 swap offset.
1099 Before Linux 3.11, bits 60–55 were used to encode the base-2 log
1101 of the page size.
1102 To employ /proc/[pid]/pagemap efficiently, use /proc/[pid]/maps
1104 to determine which areas of memory are actually mapped and seek
1105 to skip over unmapped regions.
1106 The /proc/[pid]/pagemap file is present only if the CON‐
1108 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1109 Permission to access this file is governed by a ptrace access
1111 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1112 /proc/[pid]/personality (since Linux 2.6.28)
1114 This read-only file exposes the process's execution domain, as
1115 set by personality(2). The value is displayed in hexadecimal
1116 notation.
1117 Permission to access this file is governed by a ptrace access
1119 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1120 /proc/[pid]/root
1122 UNIX and Linux support the idea of a per-process root of the
1123 filesystem, set by the chroot(2) system call. This file is a
1124 symbolic link that points to the process's root directory, and
1125 behaves in the same way as exe, and fd/*.
1126 Note however that this file is not merely a symbolic link. It
1128 provides the same view of the filesystem (including namespaces
1129 and the set of per-process mounts) as the process itself. An
1130 example illustrates this point. In one terminal, we start a
1131 shell in new user and mount namespaces, and in that shell we
1132 create some new mount points:
1133 $ PS1='sh1# ' unshare -Urnm
1135 sh1# mount -t tmpfs tmpfs /etc # Mount empty tmpfs at /etc
1136 sh1# mount --bind /usr /dev # Mount /usr at /dev
1137 sh1# echo $$
1138 27123
1139 In a second terminal window, in the initial mount namespace, we
1141 look at the contents of the corresponding mounts in the initial
1142 and new namespaces:
1143 $ PS1='sh2# ' sudo sh
1145 sh2# ls /etc | wc -l # In initial NS
1146 309
1147 sh2# ls /proc/27123/root/etc | wc -l # /etc in other NS
1148 0 # The empty tmpfs dir
1149 sh2# ls /dev | wc -l # In initial NS
1150 205
1151 sh2# ls /proc/27123/root/dev | wc -l # /dev in other NS
1152 11 # Actually bind
1153 # mounted to /usr
1154 sh2# ls /usr | wc -l # /usr in initial NS
1155 11
1156 In a multithreaded process, the contents of the /proc/[pid]/root
1158 symbolic link are not available if the main thread has already
1159 terminated (typically by calling pthread_exit(3)).
1160 Permission to dereference or read (readlink(2)) this symbolic
1162 link is governed by a ptrace access mode
1163 PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1164 /proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)
1166 This file can be used to read and change the process's secure
1167 computing (seccomp) mode setting. It contains the value 0 if
1168 the process is not in seccomp mode, and 1 if the process is in
1169 strict seccomp mode (see seccomp(2)). Writing 1 to this file
1170 places the process irreversibly in strict seccomp mode. (Fur‐
1171 ther attempts to write to the file fail with the EPERM error.)
1172 In Linux 2.6.23, this file went away, to be replaced by the
1174 prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
1175 by seccomp(2) and the Seccomp field in /proc/[pid]/status).
1176 /proc/[pid]/setgroups (since Linux 3.19)
1178 See user_namespaces(7).
1179 /proc/[pid]/smaps (since Linux 2.6.14)
1181 This file shows memory consumption for each of the process's
1182 mappings. (The pmap(1) command displays similar information, in
1183 a form that may be easier for parsing.) For each mapping there
1184 is a series of lines such as the following:
1185 00400000-0048a000 r-xp 00000000 fd:03 960637 /bin/bash
1187 Size: 552 kB
1188 Rss: 460 kB
1189 Pss: 100 kB
1190 Shared_Clean: 452 kB
1191 Shared_Dirty: 0 kB
1192 Private_Clean: 8 kB
1193 Private_Dirty: 0 kB
1194 Referenced: 460 kB
1195 Anonymous: 0 kB
1196 AnonHugePages: 0 kB
1197 ShmemHugePages: 0 kB
1198 ShmemPmdMapped: 0 kB
1199 Swap: 0 kB
1200 KernelPageSize: 4 kB
1201 MMUPageSize: 4 kB
1202 KernelPageSize: 4 kB
1203 MMUPageSize: 4 kB
1204 Locked: 0 kB
1205 ProtectionKey: 0
1206 VmFlags: rd ex mr mw me dw
1207 The first of these lines shows the same information as is dis‐
1209 played for the mapping in /proc/[pid]/maps. The following lines
1210 show the size of the mapping, the amount of the mapping that is
1211 currently resident in RAM ("Rss"), the process's proportional
1212 share of this mapping ("Pss"), the number of clean and dirty
1213 shared pages in the mapping, and the number of clean and dirty
1214 private pages in the mapping. "Referenced" indicates the amount
1215 of memory currently marked as referenced or accessed. "Anony‐
1216 mous" shows the amount of memory that does not belong to any
1217 file. "Swap" shows how much would-be-anonymous memory is also
1218 used, but out on swap.
1219 The "KernelPageSize" line (available since Linux 2.6.29) is the
1221 page size used by the kernel to back the virtual memory area.
1222 This matches the size used by the MMU in the majority of cases.
1223 However, one counter-example occurs on PPC64 kernels whereby a
1224 kernel using 64kB as a base page size may still use 4kB pages
1225 for the MMU on older processors. To distinguish the two
1226 attributes, the "MMUPageSize" line (also available since Linux
1227 2.6.29) reports the page size used by the MMU.
1228 The "Locked" indicates whether the mapping is locked in memory
1230 or not.
1231 The "ProtectionKey" line (available since Linux 4.9, on x86
1233 only) contains the memory protection key (see pkeys(7)) associ‐
1234 ated with the virtual memory area. This entry is present only
1235 if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1236 TION_KEYS configuration option.
1237 The "VmFlags" line (available since Linux 3.8) represents the
1239 kernel flags associated with the virtual memory area, encoded
1240 using the following two-letter codes:
1241 rd - readable
1243 wr - writable
1244 ex - executable
1245 sh - shared
1246 mr - may read
1247 mw - may write
1248 me - may execute
1249 ms - may share
1250 gd - stack segment grows down
1251 pf - pure PFN range
1252 dw - disabled write to the mapped file
1253 lo - pages are locked in memory
1254 io - memory mapped I/O area
1255 sr - sequential read advise provided
1256 rr - random read advise provided
1257 dc - do not copy area on fork
1258 de - do not expand area on remapping
1259 ac - area is accountable
1260 nr - swap space is not reserved for the area
1261 ht - area uses huge tlb pages
1262 nl - non-linear mapping
1263 ar - architecture specific flag
1264 dd - do not include area into core dump
1265 sd - soft-dirty flag
1266 mm - mixed map area
1267 hg - huge page advise flag
1268 nh - no-huge page advise flag
1269 mg - mergeable advise flag
1270 "ProtectionKey" field contains the memory protection key (see
1272 pkeys(5)) associated with the virtual memory area. Present only
1273 if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1274 TION_KEYS configuration option. (since Linux 4.6)
1275 The /proc/[pid]/smaps file is present only if the CON‐
1277 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1278 /proc/[pid]/stack (since Linux 2.6.29)
1280 This file provides a symbolic trace of the function calls in
1281 this process's kernel stack. This file is provided only if the
1282 kernel was built with the CONFIG_STACKTRACE configuration
1283 option.
1284 Permission to access this file is governed by a ptrace access
1286 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1287 /proc/[pid]/stat
1289 Status information about the process. This is used by ps(1).
1290 It is defined in the kernel source file fs/proc/array.c.
1291 The fields, in order, with their proper scanf(3) format speci‐
1293 fiers, are listed below. Whether or not certain of these fields
1294 display valid information is governed by a ptrace access mode
1295 PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT check (refer to
1296 ptrace(2)). If the check denies access, then the field value is
1297 displayed as 0. The affected fields are indicated with the
1298 marking [PT].
1299 (1) pid %d
1301 The process ID.
1302 (2) comm %s
1304 The filename of the executable, in parentheses. This
1305 is visible whether or not the executable is swapped
1306 out.
1307 (3) state %c
1309 One of the following characters, indicating process
1310 state:
1311 R Running
1313 S Sleeping in an interruptible wait
1315 D Waiting in uninterruptible disk sleep
1317 Z Zombie
1319 T Stopped (on a signal) or (before Linux 2.6.33)
1321 trace stopped
1322 t Tracing stop (Linux 2.6.33 onward)
1324 W Paging (only before Linux 2.6.0)
1326 X Dead (from Linux 2.6.0 onward)
1328 x Dead (Linux 2.6.33 to 3.13 only)
1330 K Wakekill (Linux 2.6.33 to 3.13 only)
1332 W Waking (Linux 2.6.33 to 3.13 only)
1334 P Parked (Linux 3.9 to 3.13 only)
1336 (4) ppid %d
1338 The PID of the parent of this process.
1339 (5) pgrp %d
1341 The process group ID of the process.
1342 (6) session %d
1344 The session ID of the process.
1345 (7) tty_nr %d
1347 The controlling terminal of the process. (The minor
1348 device number is contained in the combination of bits
1349 31 to 20 and 7 to 0; the major device number is in
1350 bits 15 to 8.)
1351 (8) tpgid %d
1353 The ID of the foreground process group of the control‐
1354 ling terminal of the process.
1355 (9) flags %u
1357 The kernel flags word of the process. For bit mean‐
1358 ings, see the PF_* defines in the Linux kernel source
1359 file include/linux/sched.h. Details depend on the
1360 kernel version.
1361 The format for this field was %lu before Linux 2.6.
1363 (10) minflt %lu
1365 The number of minor faults the process has made which
1366 have not required loading a memory page from disk.
1367 (11) cminflt %lu
1369 The number of minor faults that the process's waited-
1370 for children have made.
1371 (12) majflt %lu
1373 The number of major faults the process has made which
1374 have required loading a memory page from disk.
1375 (13) cmajflt %lu
1377 The number of major faults that the process's waited-
1378 for children have made.
1379 (14) utime %lu
1381 Amount of time that this process has been scheduled in
1382 user mode, measured in clock ticks (divide by
1383 sysconf(_SC_CLK_TCK)). This includes guest time,
1384 guest_time (time spent running a virtual CPU, see
1385 below), so that applications that are not aware of the
1386 guest time field do not lose that time from their cal‐
1387 culations.
1388 (15) stime %lu
1390 Amount of time that this process has been scheduled in
1391 kernel mode, measured in clock ticks (divide by
1392 sysconf(_SC_CLK_TCK)).
1393 (16) cutime %ld
1395 Amount of time that this process's waited-for children
1396 have been scheduled in user mode, measured in clock
1397 ticks (divide by sysconf(_SC_CLK_TCK)). (See also
1398 times(2).) This includes guest time, cguest_time
1399 (time spent running a virtual CPU, see below).
1400 (17) cstime %ld
1402 Amount of time that this process's waited-for children
1403 have been scheduled in kernel mode, measured in clock
1404 ticks (divide by sysconf(_SC_CLK_TCK)).
1405 (18) priority %ld
1407 (Explanation for Linux 2.6) For processes running a
1408 real-time scheduling policy (policy below; see
1409 sched_setscheduler(2)), this is the negated scheduling
1410 priority, minus one; that is, a number in the range -2
1411 to -100, corresponding to real-time priorities 1 to
1412 99. For processes running under a non-real-time
1413 scheduling policy, this is the raw nice value (setpri‐
1414 ority(2)) as represented in the kernel. The kernel
1415 stores nice values as numbers in the range 0 (high) to
1416 39 (low), corresponding to the user-visible nice range
1417 of -20 to 19.
1418 Before Linux 2.6, this was a scaled value based on the
1420 scheduler weighting given to this process.
1421 (19) nice %ld
1423 The nice value (see setpriority(2)), a value in the
1424 range 19 (low priority) to -20 (high priority).
1425 (20) num_threads %ld
1427 Number of threads in this process (since Linux 2.6).
1428 Before kernel 2.6, this field was hard coded to 0 as a
1429 placeholder for an earlier removed field.
1430 (21) itrealvalue %ld
1432 The time in jiffies before the next SIGALRM is sent to
1433 the process due to an interval timer. Since kernel
1434 2.6.17, this field is no longer maintained, and is
1435 hard coded as 0.
1436 (22) starttime %llu
1438 The time the process started after system boot. In
1439 kernels before Linux 2.6, this value was expressed in
1440 jiffies. Since Linux 2.6, the value is expressed in
1441 clock ticks (divide by sysconf(_SC_CLK_TCK)).
1442 The format for this field was %lu before Linux 2.6.
1444 (23) vsize %lu
1446 Virtual memory size in bytes.
1447 (24) rss %ld
1449 Resident Set Size: number of pages the process has in
1450 real memory. This is just the pages which count
1451 toward text, data, or stack space. This does not
1452 include pages which have not been demand-loaded in, or
1453 which are swapped out.
1454 (25) rsslim %lu
1456 Current soft limit in bytes on the rss of the process;
1457 see the description of RLIMIT_RSS in getrlimit(2).
1458 (26) startcode %lu [PT]
1460 The address above which program text can run.
1461 (27) endcode %lu [PT]
1463 The address below which program text can run.
1464 (28) startstack %lu [PT]
1466 The address of the start (i.e., bottom) of the stack.
1467 (29) kstkesp %lu [PT]
1469 The current value of ESP (stack pointer), as found in
1470 the kernel stack page for the process.
1471 (30) kstkeip %lu [PT]
1473 The current EIP (instruction pointer).
1474 (31) signal %lu
1476 The bitmap of pending signals, displayed as a decimal
1477 number. Obsolete, because it does not provide infor‐
1478 mation on real-time signals; use /proc/[pid]/status
1479 instead.
1480 (32) blocked %lu
1482 The bitmap of blocked signals, displayed as a decimal
1483 number. Obsolete, because it does not provide infor‐
1484 mation on real-time signals; use /proc/[pid]/status
1485 instead.
1486 (33) sigignore %lu
1488 The bitmap of ignored signals, displayed as a decimal
1489 number. Obsolete, because it does not provide infor‐
1490 mation on real-time signals; use /proc/[pid]/status
1491 instead.
1492 (34) sigcatch %lu
1494 The bitmap of caught signals, displayed as a decimal
1495 number. Obsolete, because it does not provide infor‐
1496 mation on real-time signals; use /proc/[pid]/status
1497 instead.
1498 (35) wchan %lu [PT]
1500 This is the "channel" in which the process is waiting.
1501 It is the address of a location in the kernel where
1502 the process is sleeping. The corresponding symbolic
1503 name can be found in /proc/[pid]/wchan.
1504 (36) nswap %lu
1506 Number of pages swapped (not maintained).
1507 (37) cnswap %lu
1509 Cumulative nswap for child processes (not maintained).
1510 (38) exit_signal %d (since Linux 2.1.22)
1512 Signal to be sent to parent when we die.
1513 (39) processor %d (since Linux 2.2.8)
1515 CPU number last executed on.
1516 (40) rt_priority %u (since Linux 2.5.19)
1518 Real-time scheduling priority, a number in the range 1
1519 to 99 for processes scheduled under a real-time pol‐
1520 icy, or 0, for non-real-time processes (see
1521 sched_setscheduler(2)).
1522 (41) policy %u (since Linux 2.5.19)
1524 Scheduling policy (see sched_setscheduler(2)). Decode
1525 using the SCHED_* constants in linux/sched.h.
1526 The format for this field was %lu before Linux 2.6.22.
1528 (42) delayacct_blkio_ticks %llu (since Linux 2.6.18)
1530 Aggregated block I/O delays, measured in clock ticks
1531 (centiseconds).
1532 (43) guest_time %lu (since Linux 2.6.24)
1534 Guest time of the process (time spent running a vir‐
1535 tual CPU for a guest operating system), measured in
1536 clock ticks (divide by sysconf(_SC_CLK_TCK)).
1537 (44) cguest_time %ld (since Linux 2.6.24)
1539 Guest time of the process's children, measured in
1540 clock ticks (divide by sysconf(_SC_CLK_TCK)).
1541 (45) start_data %lu (since Linux 3.3) [PT]
1543 Address above which program initialized and uninitial‐
1544 ized (BSS) data are placed.
1545 (46) end_data %lu (since Linux 3.3) [PT]
1547 Address below which program initialized and uninitial‐
1548 ized (BSS) data are placed.
1549 (47) start_brk %lu (since Linux 3.3) [PT]
1551 Address above which program heap can be expanded with
1552 brk(2).
1553 (48) arg_start %lu (since Linux 3.5) [PT]
1555 Address above which program command-line arguments
1556 (argv) are placed.
1557 (49) arg_end %lu (since Linux 3.5) [PT]
1559 Address below program command-line arguments (argv)
1560 are placed.
1561 (50) env_start %lu (since Linux 3.5) [PT]
1563 Address above which program environment is placed.
1564 (51) env_end %lu (since Linux 3.5) [PT]
1566 Address below which program environment is placed.
1567 (52) exit_code %d (since Linux 3.5) [PT]
1569 The thread's exit status in the form reported by wait‐
1570 pid(2).
1571 /proc/[pid]/statm
1573 Provides information about memory usage, measured in pages. The
1574 columns are:
1575 size (1) total program size
1577 (same as VmSize in /proc/[pid]/status)
1578 resident (2) resident set size
1579 (same as VmRSS in /proc/[pid]/status)
1580 shared (3) number of resident shared pages (i.e., backed by a file)
1581 (same as RssFile+RssShmem in /proc/[pid]/status)
1582 text (4) text (code)
1583 lib (5) library (unused since Linux 2.6; always 0)
1584 data (6) data + stack
1585 dt (7) dirty pages (unused since Linux 2.6; always 0)
1586 /proc/[pid]/status
1588 Provides much of the information in /proc/[pid]/stat and
1589 /proc/[pid]/statm in a format that's easier for humans to parse.
1590 Here's an example:
1591 $ cat /proc/$$/status
1593 Name: bash
1594 Umask: 0022
1595 State: S (sleeping)
1596 Tgid: 17248
1597 Ngid: 0
1598 Pid: 17248
1599 PPid: 17200
1600 TracerPid: 0
1601 Uid: 1000 1000 1000 1000
1602 Gid: 100 100 100 100
1603 FDSize: 256
1604 Groups: 16 33 100
1605 NStgid: 17248
1606 NSpid: 17248
1607 NSpgid: 17248
1608 NSsid: 17200
1609 VmPeak: 131168 kB
1610 VmSize: 131168 kB
1611 VmLck: 0 kB
1612 VmPin: 0 kB
1613 VmHWM: 13484 kB
1614 VmRSS: 13484 kB
1615 RssAnon: 10264 kB
1616 RssFile: 3220 kB
1617 RssShmem: 0 kB
1618 VmData: 10332 kB
1619 VmStk: 136 kB
1620 VmExe: 992 kB
1621 VmLib: 2104 kB
1622 VmPTE: 76 kB
1623 VmPMD: 12 kB
1624 VmSwap: 0 kB
1625 HugetlbPages: 0 kB # 4.4
1626 CoreDumping: 0 # 4.15
1627 Threads: 1
1628 SigQ: 0/3067
1629 SigPnd: 0000000000000000
1630 ShdPnd: 0000000000000000
1631 SigBlk: 0000000000010000
1632 SigIgn: 0000000000384004
1633 SigCgt: 000000004b813efb
1634 CapInh: 0000000000000000
1635 CapPrm: 0000000000000000
1636 CapEff: 0000000000000000
1637 CapBnd: ffffffffffffffff
1638 CapAmb: 0000000000000000
1639 NoNewPrivs: 0
1640 Seccomp: 0
1641 Speculation_Store_Bypass: vulnerable
1642 Cpus_allowed: 00000001
1643 Cpus_allowed_list: 0
1644 Mems_allowed: 1
1645 Mems_allowed_list: 0
1646 voluntary_ctxt_switches: 150
1647 nonvoluntary_ctxt_switches: 545
1648 The fields are as follows:
1650 * Name: Command run by this process.
1652 * Umask: Process umask, expressed in octal with a leading zero;
1654 see umask(2). (Since Linux 4.7.)
1655 * State: Current state of the process. One of "R (running)", "S
1657 (sleeping)", "D (disk sleep)", "T (stopped)", "T (tracing
1658 stop)", "Z (zombie)", or "X (dead)".
1659 * Tgid: Thread group ID (i.e., Process ID).
1661 * Ngid: NUMA group ID (0 if none; since Linux 3.13).
1663 * Pid: Thread ID (see gettid(2)).
1665 * PPid: PID of parent process.
1667 * TracerPid: PID of process tracing this process (0 if not being
1669 traced).
1670 * Uid, Gid: Real, effective, saved set, and filesystem UIDs
1672 (GIDs).
1673 * FDSize: Number of file descriptor slots currently allocated.
1675 * Groups: Supplementary group list.
1677 * NStgid: Thread group ID (i.e., PID) in each of the PID names‐
1679 paces of which [pid] is a member. The leftmost entry shows
1680 the value with respect to the PID namespace of the process
1681 that mounted this procfs (or the root namespace if mounted by
1682 the kernel), followed by the value in successively nested
1683 inner namespaces. (Since Linux 4.1.)
1684 * NSpid: Thread ID in each of the PID namespaces of which [pid]
1686 is a member. The fields are ordered as for NStgid. (Since
1687 Linux 4.1.)
1688 * NSpgid: Process group ID in each of the PID namespaces of
1690 which [pid] is a member. The fields are ordered as for NSt‐
1691 gid. (Since Linux 4.1.)
1692 * NSsid: descendant namespace session ID hierarchy Session ID in
1694 each of the PID namespaces of which [pid] is a member. The
1695 fields are ordered as for NStgid. (Since Linux 4.1.)
1696 * VmPeak: Peak virtual memory size.
1698 * VmSize: Virtual memory size.
1700 * VmLck: Locked memory size (see mlock(2)).
1702 * VmPin: Pinned memory size (since Linux 3.2). These are pages
1704 that can't be moved because something needs to directly access
1705 physical memory.
1706 * VmHWM: Peak resident set size ("high water mark").
1708 * VmRSS: Resident set size. Note that the value here is the sum
1710 of RssAnon, RssFile, and RssShmem.
1711 * RssAnon: Size of resident anonymous memory. (since Linux
1713 4.5).
1714 * RssFile: Size of resident file mappings. (since Linux 4.5).
1716 * RssShmem: Size of resident shared memory (includes System V
1718 shared memory, mappings from tmpfs(5), and shared anonymous
1719 mappings). (since Linux 4.5).
1720 * VmData, VmStk, VmExe: Size of data, stack, and text segments.
1722 * VmLib: Shared library code size.
1724 * VmPTE: Page table entries size (since Linux 2.6.10).
1726 * VmPMD: Size of second-level page tables (added in Linux 4.0;
1728 removed in Linux 4.15).
1729 * VmSwap: Swapped-out virtual memory size by anonymous private
1731 pages; shmem swap usage is not included (since Linux 2.6.34).
1732 * HugetlbPages: Size of hugetlb memory portions (since Linux
1734 4.4).
1735 * CoreDumping: Contains the value 1 if the process is currently
1737 dumping core, and 0 if it is not (since Linux 4.15). This
1738 information can be used by a monitoring process to avoid
1739 killing a process that is currently dumping core, which could
1740 result in a corrupted core dump file.
1741 * Threads: Number of threads in process containing this thread.
1743 * SigQ: This field contains two slash-separated numbers that
1745 relate to queued signals for the real user ID of this process.
1746 The first of these is the number of currently queued signals
1747 for this real user ID, and the second is the resource limit on
1748 the number of queued signals for this process (see the
1749 description of RLIMIT_SIGPENDING in getrlimit(2)).
1750 * SigPnd, ShdPnd:
1752 Mask (expressed in hexadecimal) of signals pending for thread
1753 and for process as a whole (see pthreads(7) and signal(7)).
1754 * SigBlk, SigIgn, SigCgt: Masks (expressed in hexadeximal) indi‐
1756 cating signals being blocked, ignored, and caught (see sig‐
1757 nal(7)).
1758 * CapInh, CapPrm, CapEff: Masks (expressed in hexadeximal) of
1760 capabilities enabled in inheritable, permitted, and effective
1761 sets (see capabilities(7)).
1762 * CapBnd: Capability bounding set, expressed in hexadecimal
1764 (since Linux 2.6.26, see capabilities(7)).
1765 * CapAmb: Ambient capability set, expressed in hexadecimal
1767 (since Linux 4.3, see capabilities(7)).
1768 * NoNewPrivs: Value of the no_new_privs bit (since Linux 4.10,
1770 see prctl(2)).
1771 * Seccomp: Seccomp mode of the process (since Linux 3.8, see
1773 seccomp(2)). 0 means SECCOMP_MODE_DISABLED; 1 means SEC‐
1774 COMP_MODE_STRICT; 2 means SECCOMP_MODE_FILTER. This field is
1775 provided only if the kernel was built with the CONFIG_SECCOMP
1776 kernel configuration option enabled.
1777 * Speculation_Store_Bypass: Speculation flaw mitigation state
1779 (since Linux 4.17, see prctl(2)).
1780 * Cpus_allowed: Hexadecimal mask of CPUs on which this process
1782 may run (since Linux 2.6.24, see cpuset(7)).
1783 * Cpus_allowed_list: Same as previous, but in "list format"
1785 (since Linux 2.6.26, see cpuset(7)).
1786 * Mems_allowed: Mask of memory nodes allowed to this process
1788 (since Linux 2.6.24, see cpuset(7)).
1789 * Mems_allowed_list: Same as previous, but in "list format"
1791 (since Linux 2.6.26, see cpuset(7)).
1792 * voluntary_ctxt_switches, nonvoluntary_ctxt_switches: Number of
1794 voluntary and involuntary context switches (since Linux
1795 2.6.23).
1796 /proc/[pid]/syscall (since Linux 2.6.27)
1798 This file exposes the system call number and argument registers
1799 for the system call currently being executed by the process,
1800 followed by the values of the stack pointer and program counter
1801 registers. The values of all six argument registers are
1802 exposed, although most system calls use fewer registers.
1803 If the process is blocked, but not in a system call, then the
1805 file displays -1 in place of the system call number, followed by
1806 just the values of the stack pointer and program counter. If
1807 process is not blocked, then the file contains just the string
1808 "running".
1809 This file is present only if the kernel was configured with CON‐
1811 FIG_HAVE_ARCH_TRACEHOOK.
1812 Permission to access this file is governed by a ptrace access
1814 mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1815 /proc/[pid]/task (since Linux 2.6.0)
1817 This is a directory that contains one subdirectory for each
1818 thread in the process. The name of each subdirectory is the
1819 numerical thread ID ([tid]) of the thread (see gettid(2)).
1820 Within each of these subdirectories, there is a set of files
1822 with the same names and contents as under the /proc/[pid] direc‐
1823 tories. For attributes that are shared by all threads, the con‐
1824 tents for each of the files under the task/[tid] subdirectories
1825 will be the same as in the corresponding file in the parent
1826 /proc/[pid] directory (e.g., in a multithreaded process, all of
1827 the task/[tid]/cwd files will have the same value as the
1828 /proc/[pid]/cwd file in the parent directory, since all of the
1829 threads in a process share a working directory). For attributes
1830 that are distinct for each thread, the corresponding files under
1831 task/[tid] may have different values (e.g., various fields in
1832 each of the task/[tid]/status files may be different for each
1833 thread), or they might not exist in /proc/[pid] at all.
1834 In a multithreaded process, the contents of the /proc/[pid]/task
1836 directory are not available if the main thread has already ter‐
1837 minated (typically by calling pthread_exit(3)).
1838 /proc/[pid]/task/[tid]/children (since Linux 3.5)
1840 A space-separated list of child tasks of this task. Each child
1841 task is represented by its TID.
1842 This option is intended for use by the checkpoint-restore (CRIU)
1844 system, and reliably provides a list of children only if all of
1845 the child processes are stopped or frozen. It does not work
1846 properly if children of the target task exit while the file is
1847 being read! Exiting children may cause non-exiting children to
1848 be omitted from the list. This makes this interface even more
1849 unreliable than classic PID-based approaches if the inspected
1850 task and its children aren't frozen, and most code should proba‐
1851 bly not use this interface.
1852 Until Linux 4.2, the presence of this file was governed by the
1854 CONFIG_CHECKPOINT_RESTORE kernel configuration option. Since
1855 Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.
1856 /proc/[pid]/timers (since Linux 3.10)
1858 A list of the POSIX timers for this process. Each timer is
1859 listed with a line that starts with the string "ID:". For exam‐
1860 ple:
1861 ID: 1
1863 signal: 60/00007fff86e452a8
1864 notify: signal/pid.2634
1865 ClockID: 0
1866 ID: 0
1867 signal: 60/00007fff86e452a8
1868 notify: signal/pid.2634
1869 ClockID: 1
1870 The lines shown for each timer have the following meanings:
1872 ID The ID for this timer. This is not the same as the timer
1874 ID returned by timer_create(2); rather, it is the same
1875 kernel-internal ID that is available via the si_timerid
1876 field of the siginfo_t structure (see sigaction(2)).
1877 signal This is the signal number that this timer uses to deliver
1879 notifications followed by a slash, and then the
1880 sigev_value value supplied to the signal handler. Valid
1881 only for timers that notify via a signal.
1882 notify The part before the slash specifies the mechanism that
1884 this timer uses to deliver notifications, and is one of
1885 "thread", "signal", or "none". Immediately following the
1886 slash is either the string "tid" for timers with
1887 SIGEV_THREAD_ID notification, or "pid" for timers that
1888 notify by other mechanisms. Following the "." is the PID
1889 of the process (or the kernel thread ID of the thread)
1890 that will be delivered a signal if the timer delivers
1891 notifications via a signal.
1892 ClockID
1894 This field identifies the clock that the timer uses for
1895 measuring time. For most clocks, this is a number that
1896 matches one of the user-space CLOCK_* constants exposed
1897 via <time.h>. CLOCK_PROCESS_CPUTIME_ID timers display
1898 with a value of -6 in this field.
1899 CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
1900 in this field.
1901 This file is available only when the kernel was configured with
1903 CONFIG_CHECKPOINT_RESTORE.
1904 /proc/[pid]/timerslack_ns (since Linux 4.6)
1906 This file exposes the process's "current" timer slack value,
1907 expressed in nanoseconds. The file is writable, allowing the
1908 process's timer slack value to be changed. Writing 0 to this
1909 file resets the "current" timer slack to the "default" timer
1910 slack value. For further details, see the discussion of
1911 PR_SET_TIMERSLACK in prctl(2).
1912 Initially, permission to access this file was governed by a
1914 ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check (see
1915 ptrace(2)). However, this was subsequently deemed too strict a
1916 requirement (and had the side effect that requiring a process to
1917 have the CAP_SYS_PTRACE capability would also allow it to view
1918 and change any process's memory). Therefore, since Linux 4.9,
1919 only the (weaker) CAP_SYS_NICE capability is required to access
1920 this file.
1921 /proc/[pid]/uid_map, /proc/[pid]/gid_map (since Linux 3.5)
1923 See user_namespaces(7).
1924 /proc/[pid]/wchan (since Linux 2.6.0)
1926 The symbolic name corresponding to the location in the kernel
1927 where the process is sleeping.
1928 Permission to access this file is governed by a ptrace access
1930 mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1931 /proc/[tid]
1933 There is a numerical subdirectory for each running thread that
1934 is not a thread group leader (i.e., a thread whose thread ID is
1935 not the same as its process ID); the subdirectory is named by
1936 the thread ID. Each one of these subdirectories contains files
1937 and subdirectories exposing information about the thread with
1938 the thread ID tid. The contents of these directories are the
1939 same as the corresponding /proc/[pid]/task/[tid] directories.
1940 The /proc/[tid] subdirectories are not visible when iterating
1942 through /proc with getdents(2) (and thus are not visible when
1943 one uses ls(1) to view the contents of /proc). However, the
1944 pathnames of these directories are visible to (i.e., usable as
1945 arguments in) system calls that operate on pathnames.
1946 /proc/apm
1948 Advanced power management version and battery information when
1949 CONFIG_APM is defined at kernel compilation time.
1950 /proc/buddyinfo
1952 This file contains information which is used for diagnosing mem‐
1953 ory fragmentation issues. Each line starts with the identifica‐
1954 tion of the node and the name of the zone which together iden‐
1955 tify a memory region This is then followed by the count of
1956 available chunks of a certain order in which these zones are
1957 split. The size in bytes of a certain order is given by the
1958 formula:
1959 (2^order) * PAGE_SIZE
1961 The binary buddy allocator algorithm inside the kernel will
1963 split one chunk into two chunks of a smaller order (thus with
1964 half the size) or combine two contiguous chunks into one larger
1965 chunk of a higher order (thus with double the size) to satisfy
1966 allocation requests and to counter memory fragmentation. The
1967 order matches the column number, when starting to count at zero.
1968 For example on an x86-64 system:
1970 Node 0, zone DMA 1 1 1 0 2 1 1 0 1 1 3
1972 Node 0, zone DMA32 65 47 4 81 52 28 13 10 5 1 404
1973 Node 0, zone Normal 216 55 189 101 84 38 37 27 5 3 587
1974 In this example, there is one node containing three zones and
1976 there are 11 different chunk sizes. If the page size is 4 kilo‐
1977 bytes, then the first zone called DMA (on x86 the first 16
1978 megabyte of memory) has 1 chunk of 4 kilobytes (order 0) avail‐
1979 able and has 3 chunks of 4 megabytes (order 10) available.
1980 If the memory is heavily fragmented, the counters for higher
1982 order chunks will be zero and allocation of large contiguous
1983 areas will fail.
1984 Further information about the zones can be found in /proc/zone‐
1986 info.
1987 /proc/bus
1989 Contains subdirectories for installed busses.
1990 /proc/bus/pccard
1992 Subdirectory for PCMCIA devices when CONFIG_PCMCIA is set at
1993 kernel compilation time.
1994 /proc/bus/pccard/drivers
1996 /proc/bus/pci
1998 Contains various bus subdirectories and pseudo-files containing
1999 information about PCI busses, installed devices, and device
2000 drivers. Some of these files are not ASCII.
2001 /proc/bus/pci/devices
2003 Information about PCI devices. They may be accessed through
2004 lspci(8) and setpci(8).
2005 /proc/cgroups (since Linux 2.6.24)
2007 See cgroups(7).
2008 /proc/cmdline
2010 Arguments passed to the Linux kernel at boot time. Often done
2011 via a boot manager such as lilo(8) or grub(8).
2012 /proc/config.gz (since Linux 2.6)
2014 This file exposes the configuration options that were used to
2015 build the currently running kernel, in the same format as they
2016 would be shown in the .config file that resulted when configur‐
2017 ing the kernel (using make xconfig, make config, or similar).
2018 The file contents are compressed; view or search them using
2019 zcat(1) and zgrep(1). As long as no changes have been made to
2020 the following file, the contents of /proc/config.gz are the same
2021 as those provided by:
2022 cat /lib/modules/$(uname -r)/build/.config
2024 /proc/config.gz is provided only if the kernel is configured
2026 with CONFIG_IKCONFIG_PROC.
2027 /proc/crypto
2029 A list of the ciphers provided by the kernel crypto API. For
2030 details, see the kernel Linux Kernel Crypto API documentation
2031 available under the kernel source directory Documenta‐
2032 tion/crypto/ (or Documentation/DocBook before 4.10; the documen‐
2033 tation can be built using a command such as make htmldocs in the
2034 root directory of the kernel source tree).
2035 /proc/cpuinfo
2037 This is a collection of CPU and system architecture dependent
2038 items, for each supported architecture a different list. Two
2039 common entries are processor which gives CPU number and
2040 bogomips; a system constant that is calculated during kernel
2041 initialization. SMP machines have information for each CPU.
2042 The lscpu(1) command gathers its information from this file.
2043 /proc/devices
2045 Text listing of major numbers and device groups. This can be
2046 used by MAKEDEV scripts for consistency with the kernel.
2047 /proc/diskstats (since Linux 2.5.69)
2049 This file contains disk I/O statistics for each disk device.
2050 See the Linux kernel source file Documentation/iostats.txt for
2051 further information.
2052 /proc/dma
2054 This is a list of the registered ISA DMA (direct memory access)
2055 channels in use.
2056 /proc/driver
2058 Empty subdirectory.
2059 /proc/execdomains
2061 List of the execution domains (ABI personalities).
2062 /proc/fb
2064 Frame buffer information when CONFIG_FB is defined during kernel
2065 compilation.
2066 /proc/filesystems
2068 A text listing of the filesystems which are supported by the
2069 kernel, namely filesystems which were compiled into the kernel
2070 or whose kernel modules are currently loaded. (See also
2071 filesystems(5).) If a filesystem is marked with "nodev", this
2072 means that it does not require a block device to be mounted
2073 (e.g., virtual filesystem, network filesystem).
2074 Incidentally, this file may be used by mount(8) when no filesys‐
2076 tem is specified and it didn't manage to determine the filesys‐
2077 tem type. Then filesystems contained in this file are tried
2078 (excepted those that are marked with "nodev").
2079 /proc/fs
2081 Contains subdirectories that in turn contain files with informa‐
2082 tion about (certain) mounted filesystems.
2083 /proc/ide
2085 This directory exists on systems with the IDE bus. There are
2086 directories for each IDE channel and attached device. Files
2087 include:
2088 cache buffer size in KB
2090 capacity number of sectors
2091 driver driver version
2092 geometry physical and logical geometry
2093 identify in hexadecimal
2094 media media type
2095 model manufacturer's model number
2096 settings drive settings
2097 smart_thresholds in hexadecimal
2098 smart_values in hexadecimal
2099 The hdparm(8) utility provides access to this information in a
2101 friendly format.
2102 /proc/interrupts
2104 This is used to record the number of interrupts per CPU per IO
2105 device. Since Linux 2.6.24, for the i386 and x86-64 architec‐
2106 tures, at least, this also includes interrupts internal to the
2107 system (that is, not associated with a device as such), such as
2108 NMI (nonmaskable interrupt), LOC (local timer interrupt), and
2109 for SMP systems, TLB (TLB flush interrupt), RES (rescheduling
2110 interrupt), CAL (remote function call interrupt), and possibly
2111 others. Very easy to read formatting, done in ASCII.
2112 /proc/iomem
2114 I/O memory map in Linux 2.4.
2115 /proc/ioports
2117 This is a list of currently registered Input-Output port regions
2118 that are in use.
2119 /proc/kallsyms (since Linux 2.5.71)
2121 This holds the kernel exported symbol definitions used by the
2122 modules(X) tools to dynamically link and bind loadable modules.
2123 In Linux 2.5.47 and earlier, a similar file with slightly dif‐
2124 ferent syntax was named ksyms.
2125 /proc/kcore
2127 This file represents the physical memory of the system and is
2128 stored in the ELF core file format. With this pseudo-file, and
2129 an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
2130 used to examine the current state of any kernel data structures.
2131 The total length of the file is the size of physical memory
2133 (RAM) plus 4 KiB.
2134 /proc/keys (since Linux 2.6.10)
2136 See keyrings(7).
2137 /proc/key-users (since Linux 2.6.10)
2139 See keyrings(7).
2140 /proc/kmsg
2142 This file can be used instead of the syslog(2) system call to
2143 read kernel messages. A process must have superuser privileges
2144 to read this file, and only one process should read this file.
2145 This file should not be read if a syslog process is running
2146 which uses the syslog(2) system call facility to log kernel mes‐
2147 sages.
2148 Information in this file is retrieved with the dmesg(1) program.
2150 /proc/kpagecgroup (since Linux 4.3)
2152 This file contains a 64-bit inode number of the memory cgroup
2153 each page is charged to, indexed by page frame number (see the
2154 discussion of /proc/[pid]/pagemap).
2155 The /proc/kpagecgroup file is present only if the CONFIG_MEMCG
2157 kernel configuration option is enabled.
2158 /proc/kpagecount (since Linux 2.6.25)
2160 This file contains a 64-bit count of the number of times each
2161 physical page frame is mapped, indexed by page frame number (see
2162 the discussion of /proc/[pid]/pagemap).
2163 The /proc/kpagecount file is present only if the CON‐
2165 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2166 /proc/kpageflags (since Linux 2.6.25)
2168 This file contains 64-bit masks corresponding to each physical
2169 page frame; it is indexed by page frame number (see the discus‐
2170 sion of /proc/[pid]/pagemap). The bits are as follows:
2171 0 - KPF_LOCKED
2173 1 - KPF_ERROR
2174 2 - KPF_REFERENCED
2175 3 - KPF_UPTODATE
2176 4 - KPF_DIRTY
2177 5 - KPF_LRU
2178 6 - KPF_ACTIVE
2179 7 - KPF_SLAB
2180 8 - KPF_WRITEBACK
2181 9 - KPF_RECLAIM
2182 10 - KPF_BUDDY
2183 11 - KPF_MMAP (since Linux 2.6.31)
2184 12 - KPF_ANON (since Linux 2.6.31)
2185 13 - KPF_SWAPCACHE (since Linux 2.6.31)
2186 14 - KPF_SWAPBACKED (since Linux 2.6.31)
2187 15 - KPF_COMPOUND_HEAD (since Linux 2.6.31)
2188 16 - KPF_COMPOUND_TAIL (since Linux 2.6.31)
2189 17 - KPF_HUGE (since Linux 2.6.31)
2190 18 - KPF_UNEVICTABLE (since Linux 2.6.31)
2191 19 - KPF_HWPOISON (since Linux 2.6.31)
2192 20 - KPF_NOPAGE (since Linux 2.6.31)
2193 21 - KPF_KSM (since Linux 2.6.32)
2194 22 - KPF_THP (since Linux 3.4)
2195 23 - KPF_BALLOON (since Linux 3.18)
2196 24 - KPF_ZERO_PAGE (since Linux 4.0)
2197 25 - KPF_IDLE (since Linux 4.3)
2198 For further details on the meanings of these bits, see the ker‐
2200 nel source file Documentation/admin-guide/mm/pagemap.rst.
2201 Before kernel 2.6.29, KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and
2202 KPF_LOCKED did not report correctly.
2203 The /proc/kpageflags file is present only if the CON‐
2205 FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2206 /proc/ksyms (Linux 1.1.23–2.5.47)
2208 See /proc/kallsyms.
2209 /proc/loadavg
2211 The first three fields in this file are load average figures
2212 giving the number of jobs in the run queue (state R) or waiting
2213 for disk I/O (state D) averaged over 1, 5, and 15 minutes. They
2214 are the same as the load average numbers given by uptime(1) and
2215 other programs. The fourth field consists of two numbers sepa‐
2216 rated by a slash (/). The first of these is the number of cur‐
2217 rently runnable kernel scheduling entities (processes, threads).
2218 The value after the slash is the number of kernel scheduling
2219 entities that currently exist on the system. The fifth field is
2220 the PID of the process that was most recently created on the
2221 system.
2222 /proc/locks
2224 This file shows current file locks (flock(2) and fcntl(2)) and
2225 leases (fcntl(2)).
2226 An example of the content shown in this file is the following:
2228 1: POSIX ADVISORY READ 5433 08:01:7864448 128 128
2230 2: FLOCK ADVISORY WRITE 2001 08:01:7864554 0 EOF
2231 3: FLOCK ADVISORY WRITE 1568 00:2f:32388 0 EOF
2232 4: POSIX ADVISORY WRITE 699 00:16:28457 0 EOF
2233 5: POSIX ADVISORY WRITE 764 00:16:21448 0 0
2234 6: POSIX ADVISORY READ 3548 08:01:7867240 1 1
2235 7: POSIX ADVISORY READ 3548 08:01:7865567 1826 2335
2236 8: OFDLCK ADVISORY WRITE -1 08:01:8713209 128 191
2237 The fields shown in each line are as follows:
2239 (1) The ordinal position of the lock in the list.
2241 (2) The lock type. Values that may appear here include:
2243 FLOCK This is a BSD file lock created using flock(2).
2245 OFDLCK This is an open file description (OFD) lock created
2247 using fcntl(2).
2248 POSIX This is a POSIX byte-range lock created using
2250 fcntl(2).
2251 (3) Among the strings that can appear here are the following:
2253 ADVISORY
2255 This is an advisory lock.
2256 MANDATORY
2258 This is a mandatory lock.
2259 (4) The type of lock. Values that can appear here are:
2261 READ This is a POSIX or OFD read lock, or a BSD shared
2263 lock.
2264 WRITE This is a POSIX or OFD write lock, or a BSD exclusive
2266 lock.
2267 (5) The PID of the process that owns the lock.
2269 Because OFD locks are not owned by a single process (since
2271 multiple processes may have file descriptors that refer to
2272 the same open file description), the value -1 is displayed
2273 in this field for OFD locks. (Before kernel 4.14, a bug
2274 meant that the PID of the process that initially acquired
2275 the lock was displayed instead of the value -1.)
2276 (6) Three colon-separated subfields that identify the major and
2278 minor device ID of the device containing the filesystem
2279 where the locked file resides, followed by the inode number
2280 of the locked file.
2281 (7) The byte offset of the first byte of the lock. For BSD
2283 locks, this value is always 0.
2284 (8) The byte offset of the last byte of the lock. EOF in this
2286 field means that the lock extends to the end of the file.
2287 For BSD locks, the value shown is always EOF.
2288 Since Linux 4.9, the list of locks shown in /proc/locks is fil‐
2290 tered to show just the locks for the processes in the PID names‐
2291 pace (see pid_namespaces(7)) for which the /proc filesystem was
2292 mounted. (In the initial PID namespace, there is no filtering
2293 of the records shown in this file.)
2294 The lslocks(8) command provides a bit more information about
2296 each lock.
2297 /proc/malloc (only up to and including Linux 2.2)
2299 This file is present only if CONFIG_DEBUG_MALLOC was defined
2300 during compilation.
2301 /proc/meminfo
2303 This file reports statistics about memory usage on the system.
2304 It is used by free(1) to report the amount of free and used mem‐
2305 ory (both physical and swap) on the system as well as the shared
2306 memory and buffers used by the kernel. Each line of the file
2307 consists of a parameter name, followed by a colon, the value of
2308 the parameter, and an option unit of measurement (e.g., "kB").
2309 The list below describes the parameter names and the format
2310 specifier required to read the field value. Except as noted
2311 below, all of the fields have been present since at least Linux
2312 2.6.0. Some fields are displayed only if the kernel was config‐
2313 ured with various options; those dependencies are noted in the
2314 list.
2315 MemTotal %lu
2317 Total usable RAM (i.e., physical RAM minus a few reserved
2318 bits and the kernel binary code).
2319 MemFree %lu
2321 The sum of LowFree+HighFree.
2322 MemAvailable %lu (since Linux 3.14)
2324 An estimate of how much memory is available for starting
2325 new applications, without swapping.
2326 Buffers %lu
2328 Relatively temporary storage for raw disk blocks that
2329 shouldn't get tremendously large (20MB or so).
2330 Cached %lu
2332 In-memory cache for files read from the disk (the page
2333 cache). Doesn't include SwapCached.
2334 SwapCached %lu
2336 Memory that once was swapped out, is swapped back in but
2337 still also is in the swap file. (If memory pressure is
2338 high, these pages don't need to be swapped out again
2339 because they are already in the swap file. This saves
2340 I/O.)
2341 Active %lu
2343 Memory that has been used more recently and usually not
2344 reclaimed unless absolutely necessary.
2345 Inactive %lu
2347 Memory which has been less recently used. It is more
2348 eligible to be reclaimed for other purposes.
2349 Active(anon) %lu (since Linux 2.6.28)
2351 [To be documented.]
2352 Inactive(anon) %lu (since Linux 2.6.28)
2354 [To be documented.]
2355 Active(file) %lu (since Linux 2.6.28)
2357 [To be documented.]
2358 Inactive(file) %lu (since Linux 2.6.28)
2360 [To be documented.]
2361 Unevictable %lu (since Linux 2.6.28)
2363 (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
2364 required.) [To be documented.]
2365 Mlocked %lu (since Linux 2.6.28)
2367 (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was
2368 required.) [To be documented.]
2369 HighTotal %lu
2371 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2372 Total amount of highmem. Highmem is all memory above
2373 ~860MB of physical memory. Highmem areas are for use by
2374 user-space programs, or for the page cache. The kernel
2375 must use tricks to access this memory, making it slower
2376 to access than lowmem.
2377 HighFree %lu
2379 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2380 Amount of free highmem.
2381 LowTotal %lu
2383 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2384 Total amount of lowmem. Lowmem is memory which can be
2385 used for everything that highmem can be used for, but it
2386 is also available for the kernel's use for its own data
2387 structures. Among many other things, it is where every‐
2388 thing from Slab is allocated. Bad things happen when
2389 you're out of lowmem.
2390 LowFree %lu
2392 (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2393 Amount of free lowmem.
2394 MmapCopy %lu (since Linux 2.6.29)
2396 (CONFIG_MMU is required.) [To be documented.]
2397 SwapTotal %lu
2399 Total amount of swap space available.
2400 SwapFree %lu
2402 Amount of swap space that is currently unused.
2403 Dirty %lu
2405 Memory which is waiting to get written back to the disk.
2406 Writeback %lu
2408 Memory which is actively being written back to the disk.
2409 AnonPages %lu (since Linux 2.6.18)
2411 Non-file backed pages mapped into user-space page tables.
2412 Mapped %lu
2414 Files which have been mapped into memory (with mmap(2)),
2415 such as libraries.
2416 Shmem %lu (since Linux 2.6.32)
2418 Amount of memory consumed in tmpfs(5) filesystems.
2419 KReclaimable %lu (since Linux 4.20)
2421 Kernel allocations that the kernel will attempt to
2422 reclaim under memory pressure. Includes SReclaimable
2423 (below), and other direct allocations with a shrinker.
2424 Slab %lu
2426 In-kernel data structures cache. (See slabinfo(5).)
2427 SReclaimable %lu (since Linux 2.6.19)
2429 Part of Slab, that might be reclaimed, such as caches.
2430 SUnreclaim %lu (since Linux 2.6.19)
2432 Part of Slab, that cannot be reclaimed on memory pres‐
2433 sure.
2434 KernelStack %lu (since Linux 2.6.32)
2436 Amount of memory allocated to kernel stacks.
2437 PageTables %lu (since Linux 2.6.18)
2439 Amount of memory dedicated to the lowest level of page
2440 tables.
2441 Quicklists %lu (since Linux 2.6.27)
2443 (CONFIG_QUICKLIST is required.) [To be documented.]
2444 NFS_Unstable %lu (since Linux 2.6.18)
2446 NFS pages sent to the server, but not yet committed to
2447 stable storage.
2448 Bounce %lu (since Linux 2.6.18)
2450 Memory used for block device "bounce buffers".
2451 WritebackTmp %lu (since Linux 2.6.26)
2453 Memory used by FUSE for temporary writeback buffers.
2454 CommitLimit %lu (since Linux 2.6.10)
2456 This is the total amount of memory currently available to
2457 be allocated on the system, expressed in kilobytes. This
2458 limit is adhered to only if strict overcommit accounting
2459 is enabled (mode 2 in /proc/sys/vm/overcommit_memory).
2460 The limit is calculated according to the formula
2461 described under /proc/sys/vm/overcommit_memory. For fur‐
2462 ther details, see the kernel source file Documenta‐
2463 tion/vm/overcommit-accounting.rst.
2464 Committed_AS %lu
2466 The amount of memory presently allocated on the system.
2467 The committed memory is a sum of all of the memory which
2468 has been allocated by processes, even if it has not been
2469 "used" by them as of yet. A process which allocates 1GB
2470 of memory (using malloc(3) or similar), but touches only
2471 300MB of that memory will show up as using only 300MB of
2472 memory even if it has the address space allocated for the
2473 entire 1GB.
2474 This 1GB is memory which has been "committed" to by the
2476 VM and can be used at any time by the allocating applica‐
2477 tion. With strict overcommit enabled on the system (mode
2478 2 in /proc/sys/vm/overcommit_memory), allocations which
2479 would exceed the CommitLimit will not be permitted. This
2480 is useful if one needs to guarantee that processes will
2481 not fail due to lack of memory once that memory has been
2482 successfully allocated.
2483 VmallocTotal %lu
2485 Total size of vmalloc memory area.
2486 VmallocUsed %lu
2488 Amount of vmalloc area which is used. Since Linux 4.4,
2489 this field is no longer calculated, and is hard coded as
2490 0. See /proc/vmallocinfo.
2491 VmallocChunk %lu
2493 Largest contiguous block of vmalloc area which is free.
2494 Since Linux 4.4, this field is no longer calculated and
2495 is hard coded as 0. See /proc/vmallocinfo.
2496 HardwareCorrupted %lu (since Linux 2.6.32)
2498 (CONFIG_MEMORY_FAILURE is required.) [To be documented.]
2499 LazyFree %lu (since Linux 4.12)
2501 Shows the amount of memory marked by madvise(2)
2502 MADV_FREE.
2503 AnonHugePages %lu (since Linux 2.6.38)
2505 (CONFIG_TRANSPARENT_HUGEPAGE is required.) Non-file
2506 backed huge pages mapped into user-space page tables.
2507 ShmemHugePages %lu (since Linux 4.8)
2509 (CONFIG_TRANSPARENT_HUGEPAGE is required.) Memory used
2510 by shared memory (shmem) and tmpfs(5) allocated with huge
2511 pages
2512 ShmemPmdMapped %lu (since Linux 4.8)
2514 (CONFIG_TRANSPARENT_HUGEPAGE is required.) Shared memory
2515 mapped into user space with huge pages.
2516 CmaTotal %lu (since Linux 3.1)
2518 Total CMA (Contiguous Memory Allocator) pages. (CON‐
2519 FIG_CMA is required.)
2520 CmaFree %lu (since Linux 3.1)
2522 Free CMA (Contiguous Memory Allocator) pages. (CON‐
2523 FIG_CMA is required.)
2524 HugePages_Total %lu
2526 (CONFIG_HUGETLB_PAGE is required.) The size of the pool
2527 of huge pages.
2528 HugePages_Free %lu
2530 (CONFIG_HUGETLB_PAGE is required.) The number of huge
2531 pages in the pool that are not yet allocated.
2532 HugePages_Rsvd %lu (since Linux 2.6.17)
2534 (CONFIG_HUGETLB_PAGE is required.) This is the number of
2535 huge pages for which a commitment to allocate from the
2536 pool has been made, but no allocation has yet been made.
2537 These reserved huge pages guarantee that an application
2538 will be able to allocate a huge page from the pool of
2539 huge pages at fault time.
2540 HugePages_Surp %lu (since Linux 2.6.24)
2542 (CONFIG_HUGETLB_PAGE is required.) This is the number of
2543 huge pages in the pool above the value in
2544 /proc/sys/vm/nr_hugepages. The maximum number of surplus
2545 huge pages is controlled by /proc/sys/vm/nr_overcom‐
2546 mit_hugepages.
2547 Hugepagesize %lu
2549 (CONFIG_HUGETLB_PAGE is required.) The size of huge
2550 pages.
2551 DirectMap4k %lu (since Linux 2.6.27)
2553 Number of bytes of RAM linearly mapped by kernel in 4kB
2554 pages. (x86.)
2555 DirectMap4M %lu (since Linux 2.6.27)
2557 Number of bytes of RAM linearly mapped by kernel in 4MB
2558 pages. (x86 with CONFIG_X86_64 or CONFIG_X86_PAE
2559 enabled.)
2560 DirectMap2M %lu (since Linux 2.6.27)
2562 Number of bytes of RAM linearly mapped by kernel in 2MB
2563 pages. (x86 with neither CONFIG_X86_64 nor CON‐
2564 FIG_X86_PAE enabled.)
2565 DirectMap1G %lu (since Linux 2.6.27)
2567 (x86 with CONFIG_X86_64 and CONFIG_X86_DIRECT_GBPAGES
2568 enabled.)
2569 /proc/modules
2571 A text list of the modules that have been loaded by the system.
2572 See also lsmod(8).
2573 /proc/mounts
2575 Before kernel 2.4.19, this file was a list of all the filesys‐
2576 tems currently mounted on the system. With the introduction of
2577 per-process mount namespaces in Linux 2.4.19 (see mount_names‐
2578 paces(7)), this file became a link to /proc/self/mounts, which
2579 lists the mount points of the process's own mount namespace.
2580 The format of this file is documented in fstab(5).
2581 /proc/mtrr
2583 Memory Type Range Registers. See the Linux kernel source file
2584 Documentation/x86/mtrr.txt (or Documentation/mtrr.txt before
2585 Linux 2.6.28) for details.
2586 /proc/net
2588 This directory contains various files and subdirectories con‐
2589 taining information about the networking layer. The files con‐
2590 tain ASCII structures and are, therefore, readable with cat(1).
2591 However, the standard netstat(8) suite provides much cleaner
2592 access to these files.
2593 With the advent of network namespaces, various information
2595 relating to the network stack is virtualized (see names‐
2596 paces(7)). Thus, since Linux 2.6.25, /proc/net is a symbolic
2597 link to the directory /proc/self/net, which contains the same
2598 files and directories as listed below. However, these files and
2599 directories now expose information for the network namespace of
2600 which the process is a member.
2601 /proc/net/arp
2603 This holds an ASCII readable dump of the kernel ARP table used
2604 for address resolutions. It will show both dynamically learned
2605 and preprogrammed ARP entries. The format is:
2606 IP address HW type Flags HW address Mask Device
2608 192.168.0.50 0x1 0x2 00:50:BF:25:68:F3 * eth0
2609 192.168.0.250 0x1 0xc 00:00:00:00:00:00 * eth0
2610 Here "IP address" is the IPv4 address of the machine and the "HW
2612 type" is the hardware type of the address from RFC 826. The
2613 flags are the internal flags of the ARP structure (as defined in
2614 /usr/include/linux/if_arp.h) and the "HW address" is the data
2615 link layer mapping for that IP address if it is known.
2616 /proc/net/dev
2618 The dev pseudo-file contains network device status information.
2619 This gives the number of received and sent packets, the number
2620 of errors and collisions and other basic statistics. These are
2621 used by the ifconfig(8) program to report device status. The
2622 format is:
2623 Inter-| Receive | Transmit
2625 face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
2626 lo: 2776770 11307 0 0 0 0 0 0 2776770 11307 0 0 0 0 0 0
2627 eth0: 1215645 2751 0 0 0 0 0 0 1782404 4324 0 0 0 427 0 0
2628 ppp0: 1622270 5552 1 0 0 0 0 0 354130 5669 0 0 0 0 0 0
2629 tap0: 7714 81 0 0 0 0 0 0 7714 81 0 0 0 0 0 0
2630 /proc/net/dev_mcast
2632 Defined in /usr/src/linux/net/core/dev_mcast.c:
2633 indx interface_name dmi_u dmi_g dmi_address
2635 2 eth0 1 0 01005e000001
2636 3 eth1 1 0 01005e000001
2637 4 eth2 1 0 01005e000001
2638 /proc/net/igmp
2640 Internet Group Management Protocol. Defined in
2641 /usr/src/linux/net/core/igmp.c.
2642 /proc/net/rarp
2644 This file uses the same format as the arp file and contains the
2645 current reverse mapping database used to provide rarp(8) reverse
2646 address lookup services. If RARP is not configured into the
2647 kernel, this file will not be present.
2648 /proc/net/raw
2650 Holds a dump of the RAW socket table. Much of the information
2651 is not of use apart from debugging. The "sl" value is the ker‐
2652 nel hash slot for the socket, the "local_address" is the local
2653 address and protocol number pair. "St" is the internal status
2654 of the socket. The "tx_queue" and "rx_queue" are the outgoing
2655 and incoming data queue in terms of kernel memory usage. The
2656 "tr", "tm->when", and "rexmits" fields are not used by RAW. The
2657 "uid" field holds the effective UID of the creator of the
2658 socket.
2659 /proc/net/snmp
2661 This file holds the ASCII data needed for the IP, ICMP, TCP, and
2662 UDP management information bases for an SNMP agent.
2663 /proc/net/tcp
2665 Holds a dump of the TCP socket table. Much of the information
2666 is not of use apart from debugging. The "sl" value is the ker‐
2667 nel hash slot for the socket, the "local_address" is the local
2668 address and port number pair. The "rem_address" is the remote
2669 address and port number pair (if connected). "St" is the inter‐
2670 nal status of the socket. The "tx_queue" and "rx_queue" are the
2671 outgoing and incoming data queue in terms of kernel memory
2672 usage. The "tr", "tm->when", and "rexmits" fields hold internal
2673 information of the kernel socket state and are useful only for
2674 debugging. The "uid" field holds the effective UID of the cre‐
2675 ator of the socket.
2676 /proc/net/udp
2678 Holds a dump of the UDP socket table. Much of the information
2679 is not of use apart from debugging. The "sl" value is the ker‐
2680 nel hash slot for the socket, the "local_address" is the local
2681 address and port number pair. The "rem_address" is the remote
2682 address and port number pair (if connected). "St" is the inter‐
2683 nal status of the socket. The "tx_queue" and "rx_queue" are the
2684 outgoing and incoming data queue in terms of kernel memory
2685 usage. The "tr", "tm->when", and "rexmits" fields are not used
2686 by UDP. The "uid" field holds the effective UID of the creator
2687 of the socket. The format is:
2688 sl local_address rem_address st tx_queue rx_queue tr rexmits tm->when uid
2690 1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
2691 1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
2692 1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
2693 /proc/net/unix
2695 Lists the UNIX domain sockets present within the system and
2696 their status. The format is:
2697 Num RefCount Protocol Flags Type St Inode Path
2699 0: 00000002 00000000 00000000 0001 03 42
2700 1: 00000001 00000000 00010000 0001 01 1948 /dev/printer
2701 The fields are as follows:
2703 Num: the kernel table slot number.
2705 RefCount: the number of users of the socket.
2707 Protocol: currently always 0.
2709 Flags: the internal kernel flags holding the status of the
2711 socket.
2712 Type: the socket type. For SOCK_STREAM sockets, this is
2714 0001; for SOCK_DGRAM sockets, it is 0002; and for
2715 SOCK_SEQPACKET sockets, it is 0005.
2716 St: the internal state of the socket.
2718 Inode: the inode number of the socket.
2720 Path: the bound pathname (if any) of the socket. Sockets in
2722 the abstract namespace are included in the list, and
2723 are shown with a Path that commences with the charac‐
2724 ter '@'.
2725 /proc/net/netfilter/nfnetlink_queue
2727 This file contains information about netfilter user-space queue‐
2728 ing, if used. Each line represents a queue. Queues that have
2729 not been subscribed to by user space are not shown.
2730 1 4207 0 2 65535 0 0 0 1
2732 (1) (2) (3)(4) (5) (6) (7) (8)
2733 The fields in each line are:
2735 (1) The ID of the queue. This matches what is specified in the
2737 --queue-num or --queue-balance options to the iptables(8)
2738 NFQUEUE target. See iptables-extensions(8) for more infor‐
2739 mation.
2740 (2) The netlink port ID subscribed to the queue.
2742 (3) The number of packets currently queued and waiting to be
2744 processed by the application.
2745 (4) The copy mode of the queue. It is either 1 (metadata only)
2747 or 2 (also copy payload data to user space).
2748 (5) Copy range; that is, how many bytes of packet payload
2750 should be copied to user space at most.
2751 (6) queue dropped. Number of packets that had to be dropped by
2753 the kernel because too many packets are already waiting for
2754 user space to send back the mandatory accept/drop verdicts.
2755 (7) queue user dropped. Number of packets that were dropped
2757 within the netlink subsystem. Such drops usually happen
2758 when the corresponding socket buffer is full; that is, user
2759 space is not able to read messages fast enough.
2760 (8) sequence number. Every queued packet is associated with a
2762 (32-bit) monotonically-increasing sequence number. This
2763 shows the ID of the most recent packet queued.
2764 The last number exists only for compatibility reasons and is
2766 always 1.
2767 /proc/partitions
2769 Contains the major and minor numbers of each partition as well
2770 as the number of 1024-byte blocks and the partition name.
2771 /proc/pci
2773 This is a listing of all PCI devices found during kernel ini‐
2774 tialization and their configuration.
2775 This file has been deprecated in favor of a new /proc interface
2777 for PCI (/proc/bus/pci). It became optional in Linux 2.2
2778 (available with CONFIG_PCI_OLD_PROC set at kernel compilation).
2779 It became once more nonoptionally enabled in Linux 2.4. Next,
2780 it was deprecated in Linux 2.6 (still available with CON‐
2781 FIG_PCI_LEGACY_PROC set), and finally removed altogether since
2782 Linux 2.6.17.
2783 /proc/profile (since Linux 2.4)
2785 This file is present only if the kernel was booted with the pro‐
2786 file=1 command-line option. It exposes kernel profiling infor‐
2787 mation in a binary format for use by readprofile(1). Writing
2788 (e.g., an empty string) to this file resets the profiling coun‐
2789 ters; on some architectures, writing a binary integer "profiling
2790 multiplier" of size sizeof(int) sets the profiling interrupt
2791 frequency.
2792 /proc/scsi
2794 A directory with the scsi mid-level pseudo-file and various SCSI
2795 low-level driver directories, which contain a file for each SCSI
2796 host in this system, all of which give the status of some part
2797 of the SCSI IO subsystem. These files contain ASCII structures
2798 and are, therefore, readable with cat(1).
2799 You can also write to some of the files to reconfigure the sub‐
2801 system or switch certain features on or off.
2802 /proc/scsi/scsi
2804 This is a listing of all SCSI devices known to the kernel. The
2805 listing is similar to the one seen during bootup. scsi cur‐
2806 rently supports only the add-single-device command which allows
2807 root to add a hotplugged device to the list of known devices.
2808 The command
2810 echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
2812 will cause host scsi1 to scan on SCSI channel 0 for a device on
2814 ID 5 LUN 0. If there is already a device known on this address
2815 or the address is invalid, an error will be returned.
2816 /proc/scsi/[drivername]
2818 [drivername] can currently be NCR53c7xx, aha152x, aha1542,
2819 aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
2820 pas16, qlogic, scsi_debug, seagate, t128, u15-24f, ultrastore,
2821 or wd7000. These directories show up for all drivers that reg‐
2822 istered at least one SCSI HBA. Every directory contains one
2823 file per registered host. Every host-file is named after the
2824 number the host was assigned during initialization.
2825 Reading these files will usually show driver and host configura‐
2827 tion, statistics, and so on.
2828 Writing to these files allows different things on different
2830 hosts. For example, with the latency and nolatency commands,
2831 root can switch on and off command latency measurement code in
2832 the eata_dma driver. With the lockup and unlock commands, root
2833 can control bus lockups simulated by the scsi_debug driver.
2834 /proc/self
2836 This directory refers to the process accessing the /proc
2837 filesystem, and is identical to the /proc directory named by the
2838 process ID of the same process.
2839 /proc/slabinfo
2841 Information about kernel caches. See slabinfo(5) for details.
2842 /proc/stat
2844 kernel/system statistics. Varies with architecture. Common
2845 entries include:
2846 cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
2848 cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
2849 The amount of time, measured in units of USER_HZ
2850 (1/100ths of a second on most architectures, use
2851 sysconf(_SC_CLK_TCK) to obtain the right value), that the
2852 system ("cpu" line) or the specific CPU ("cpuN" line)
2853 spent in various states:
2854 user (1) Time spent in user mode.
2856 nice (2) Time spent in user mode with low priority
2858 (nice).
2859 system (3) Time spent in system mode.
2861 idle (4) Time spent in the idle task. This value
2863 should be USER_HZ times the second entry in the
2864 /proc/uptime pseudo-file.
2865 iowait (since Linux 2.5.41)
2867 (5) Time waiting for I/O to complete. This value
2868 is not reliable, for the following reasons:
2869 1. The CPU will not wait for I/O to complete;
2871 iowait is the time that a task is waiting for
2872 I/O to complete. When a CPU goes into idle
2873 state for outstanding task I/O, another task
2874 will be scheduled on this CPU.
2875 2. On a multi-core CPU, the task waiting for I/O
2877 to complete is not running on any CPU, so the
2878 iowait of each CPU is difficult to calculate.
2879 3. The value in this field may decrease in certain
2881 conditions.
2882 irq (since Linux 2.6.0)
2884 (6) Time servicing interrupts.
2885 softirq (since Linux 2.6.0
2887 (7) Time servicing softirqs.
2888 steal (since Linux 2.6.11)
2890 (8) Stolen time, which is the time spent in other
2891 operating systems when running in a virtualized
2892 environment
2893 guest (since Linux 2.6.24)
2895 (9) Time spent running a virtual CPU for guest
2896 operating systems under the control of the Linux
2897 kernel.
2898 guest_nice (since Linux 2.6.33)
2900 (10) Time spent running a niced guest (virtual CPU
2901 for guest operating systems under the control of
2902 the Linux kernel).
2903 page 5741 1808
2905 The number of pages the system paged in and the number
2906 that were paged out (from disk).
2907 swap 1 0
2909 The number of swap pages that have been brought in and
2910 out.
2911 intr 1462898
2913 This line shows counts of interrupts serviced since boot
2914 time, for each of the possible system interrupts. The
2915 first column is the total of all interrupts serviced
2916 including unnumbered architecture specific interrupts;
2917 each subsequent column is the total for that particular
2918 numbered interrupt. Unnumbered interrupts are not shown,
2919 only summed into the total.
2920 disk_io: (2,0):(31,30,5764,1,2) (3,0):...
2922 (major,disk_idx):(noinfo, read_io_ops, blks_read,
2923 write_io_ops, blks_written)
2924 (Linux 2.4 only)
2925 ctxt 115315
2927 The number of context switches that the system underwent.
2928 btime 769041601
2930 boot time, in seconds since the Epoch, 1970-01-01
2931 00:00:00 +0000 (UTC).
2932 processes 86031
2934 Number of forks since boot.
2935 procs_running 6
2937 Number of processes in runnable state. (Linux 2.5.45
2938 onward.)
2939 procs_blocked 2
2941 Number of processes blocked waiting for I/O to complete.
2942 (Linux 2.5.45 onward.)
2943 softirq 229245889 94 60001584 13619 5175704 2471304 28 51212741
2945 59130143 0 51240672
2946 This line shows the number of softirq for all CPUs. The
2947 first column is the total of all softirqs and each subse‐
2948 quent column is the total for particular softirq. (Linux
2949 2.6.31 onward.)
2950 /proc/swaps
2952 Swap areas in use. See also swapon(8).
2953 /proc/sys
2955 This directory (present since 1.3.57) contains a number of files
2956 and subdirectories corresponding to kernel variables. These
2957 variables can be read and sometimes modified using the /proc
2958 filesystem, and the (deprecated) sysctl(2) system call.
2959 String values may be terminated by either '\0' or '\n'.
2961 Integer and long values may be written either in decimal or in
2963 hexadecimal notation (e.g. 0x3FFF). When writing multiple inte‐
2964 ger or long values, these may be separated by any of the follow‐
2965 ing whitespace characters: ' ', '\t', or '\n'. Using other sep‐
2966 arators leads to the error EINVAL.
2967 /proc/sys/abi (since Linux 2.4.10)
2969 This directory may contain files with application binary infor‐
2970 mation. See the Linux kernel source file Documenta‐
2971 tion/sysctl/abi.txt for more information.
2972 /proc/sys/debug
2974 This directory may be empty.
2975 /proc/sys/dev
2977 This directory contains device-specific information (e.g.,
2978 dev/cdrom/info). On some systems, it may be empty.
2979 /proc/sys/fs
2981 This directory contains the files and subdirectories for kernel
2982 variables related to filesystems.
2983 /proc/sys/fs/binfmt_misc
2985 Documentation for files in this directory can be found in the
2986 Linux kernel source in the file Documentation/admin-
2987 guide/binfmt-misc.rst (or in Documentation/binfmt_misc.txt on
2988 older kernels).
2989 /proc/sys/fs/dentry-state (since Linux 2.2)
2991 This file contains information about the status of the directory
2992 cache (dcache). The file contains six numbers, nr_dentry,
2993 nr_unused, age_limit (age in seconds), want_pages (pages
2994 requested by system) and two dummy values.
2995 * nr_dentry is the number of allocated dentries (dcache
2997 entries). This field is unused in Linux 2.2.
2998 * nr_unused is the number of unused dentries.
3000 * age_limit is the age in seconds after which dcache entries can
3002 be reclaimed when memory is short.
3003 * want_pages is nonzero when the kernel has called
3005 shrink_dcache_pages() and the dcache isn't pruned yet.
3006 /proc/sys/fs/dir-notify-enable
3008 This file can be used to disable or enable the dnotify interface
3009 described in fcntl(2) on a system-wide basis. A value of 0 in
3010 this file disables the interface, and a value of 1 enables it.
3011 /proc/sys/fs/dquot-max
3013 This file shows the maximum number of cached disk quota entries.
3014 On some (2.4) systems, it is not present. If the number of free
3015 cached disk quota entries is very low and you have some awesome
3016 number of simultaneous system users, you might want to raise the
3017 limit.
3018 /proc/sys/fs/dquot-nr
3020 This file shows the number of allocated disk quota entries and
3021 the number of free disk quota entries.
3022 /proc/sys/fs/epoll (since Linux 2.6.28)
3024 This directory contains the file max_user_watches, which can be
3025 used to limit the amount of kernel memory consumed by the epoll
3026 interface. For further details, see epoll(7).
3027 /proc/sys/fs/file-max
3029 This file defines a system-wide limit on the number of open
3030 files for all processes. System calls that fail when encounter‐
3031 ing this limit fail with the error ENFILE. (See also setr‐
3032 limit(2), which can be used by a process to set the per-process
3033 limit, RLIMIT_NOFILE, on the number of files it may open.) If
3034 you get lots of error messages in the kernel log about running
3035 out of file handles (look for "VFS: file-max limit <number>
3036 reached"), try increasing this value:
3037 echo 100000 > /proc/sys/fs/file-max
3039 Privileged processes (CAP_SYS_ADMIN) can override the file-max
3041 limit.
3042 /proc/sys/fs/file-nr
3044 This (read-only) file contains three numbers: the number of
3045 allocated file handles (i.e., the number of files presently
3046 opened); the number of free file handles; and the maximum number
3047 of file handles (i.e., the same value as /proc/sys/fs/file-max).
3048 If the number of allocated file handles is close to the maximum,
3049 you should consider increasing the maximum. Before Linux 2.6,
3050 the kernel allocated file handles dynamically, but it didn't
3051 free them again. Instead the free file handles were kept in a
3052 list for reallocation; the "free file handles" value indicates
3053 the size of that list. A large number of free file handles
3054 indicates that there was a past peak in the usage of open file
3055 handles. Since Linux 2.6, the kernel does deallocate freed file
3056 handles, and the "free file handles" value is always zero.
3057 /proc/sys/fs/inode-max (only present until Linux 2.2)
3059 This file contains the maximum number of in-memory inodes. This
3060 value should be 3–4 times larger than the value in file-max,
3061 since stdin, stdout and network sockets also need an inode to
3062 handle them. When you regularly run out of inodes, you need to
3063 increase this value.
3064 Starting with Linux 2.4, there is no longer a static limit on
3066 the number of inodes, and this file is removed.
3067 /proc/sys/fs/inode-nr
3069 This file contains the first two values from inode-state.
3070 /proc/sys/fs/inode-state
3072 This file contains seven numbers: nr_inodes, nr_free_inodes,
3073 preshrink, and four dummy values (always zero).
3074 nr_inodes is the number of inodes the system has allocated.
3076 nr_free_inodes represents the number of free inodes.
3077 preshrink is nonzero when the nr_inodes > inode-max and the sys‐
3079 tem needs to prune the inode list instead of allocating more;
3080 since Linux 2.4, this field is a dummy value (always zero).
3081 /proc/sys/fs/inotify (since Linux 2.6.13)
3083 This directory contains files max_queued_events,
3084 max_user_instances, and max_user_watches, that can be used to
3085 limit the amount of kernel memory consumed by the inotify inter‐
3086 face. For further details, see inotify(7).
3087 /proc/sys/fs/lease-break-time
3089 This file specifies the grace period that the kernel grants to a
3090 process holding a file lease (fcntl(2)) after it has sent a sig‐
3091 nal to that process notifying it that another process is waiting
3092 to open the file. If the lease holder does not remove or down‐
3093 grade the lease within this grace period, the kernel forcibly
3094 breaks the lease.
3095 /proc/sys/fs/leases-enable
3097 This file can be used to enable or disable file leases
3098 (fcntl(2)) on a system-wide basis. If this file contains the
3099 value 0, leases are disabled. A nonzero value enables leases.
3100 /proc/sys/fs/mount-max (since Linux 4.9)
3102 The value in this file specifies the maximum number of mounts
3103 that may exist in a mount namespace. The default value in this
3104 file is 100,000.
3105 /proc/sys/fs/mqueue (since Linux 2.6.6)
3107 This directory contains files msg_max, msgsize_max, and
3108 queues_max, controlling the resources used by POSIX message
3109 queues. See mq_overview(7) for details.
3110 /proc/sys/fs/nr_open (since Linux 2.6.25)
3112 This file imposes ceiling on the value to which the
3113 RLIMIT_NOFILE resource limit can be raised (see getrlimit(2)).
3114 This ceiling is enforced for both unprivileged and privileged
3115 process. The default value in this file is 1048576. (Before
3116 Linux 2.6.25, the ceiling for RLIMIT_NOFILE was hard-coded to
3117 the same value.)
3118 /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
3120 These files allow you to change the value of the fixed UID and
3121 GID. The default is 65534. Some filesystems support only
3122 16-bit UIDs and GIDs, although in Linux UIDs and GIDs are 32
3123 bits. When one of these filesystems is mounted with writes
3124 enabled, any UID or GID that would exceed 65535 is translated to
3125 the overflow value before being written to disk.
3126 /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
3128 See pipe(7).
3129 /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
3131 See pipe(7).
3132 /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
3134 See pipe(7).
3135 /proc/sys/fs/protected_hardlinks (since Linux 3.6)
3137 When the value in this file is 0, no restrictions are placed on
3138 the creation of hard links (i.e., this is the historical behav‐
3139 ior before Linux 3.6). When the value in this file is 1, a hard
3140 link can be created to a target file only if one of the follow‐
3141 ing conditions is true:
3142 * The calling process has the CAP_FOWNER capability in its user
3144 namespace and the file UID has a mapping in the namespace.
3145 * The filesystem UID of the process creating the link matches
3147 the owner (UID) of the target file (as described in creden‐
3148 tials(7), a process's filesystem UID is normally the same as
3149 its effective UID).
3150 * All of the following conditions are true:
3152 · the target is a regular file;
3154 · the target file does not have its set-user-ID mode bit
3156 enabled;
3157 · the target file does not have both its set-group-ID and
3159 group-executable mode bits enabled; and
3160 · the caller has permission to read and write the target
3162 file (either via the file's permissions mask or because
3163 it has suitable capabilities).
3164 The default value in this file is 0. Setting the value to 1
3166 prevents a longstanding class of security issues caused by hard-
3167 link-based time-of-check, time-of-use races, most commonly seen
3168 in world-writable directories such as /tmp. The common method
3169 of exploiting this flaw is to cross privilege boundaries when
3170 following a given hard link (i.e., a root process follows a hard
3171 link created by another user). Additionally, on systems without
3172 separated partitions, this stops unauthorized users from "pin‐
3173 ning" vulnerable set-user-ID and set-group-ID files against
3174 being upgraded by the administrator, or linking to special
3175 files.
3176 /proc/sys/fs/protected_symlinks (since Linux 3.6)
3178 When the value in this file is 0, no restrictions are placed on
3179 following symbolic links (i.e., this is the historical behavior
3180 before Linux 3.6). When the value in this file is 1, symbolic
3181 links are followed only in the following circumstances:
3182 * the filesystem UID of the process following the link matches
3184 the owner (UID) of the symbolic link (as described in creden‐
3185 tials(7), a process's filesystem UID is normally the same as
3186 its effective UID);
3187 * the link is not in a sticky world-writable directory; or
3189 * the symbolic link and its parent directory have the same
3191 owner (UID)
3192 A system call that fails to follow a symbolic link because of
3194 the above restrictions returns the error EACCES in errno.
3195 The default value in this file is 0. Setting the value to 1
3197 avoids a longstanding class of security issues based on time-of-
3198 check, time-of-use races when accessing symbolic links.
3199 /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
3201 The value in this file is assigned to a process's "dumpable"
3202 flag in the circumstances described in prctl(2). In effect, the
3203 value in this file determines whether core dump files are pro‐
3204 duced for set-user-ID or otherwise protected/tainted binaries.
3205 The "dumpable" setting also affects the ownership of files in a
3206 process's /proc/[pid] directory, as described above.
3207 Three different integer values can be specified:
3209 0 (default)
3211 This provides the traditional (pre-Linux 2.6.13) behav‐
3212 ior. A core dump will not be produced for a process
3213 which has changed credentials (by calling seteuid(2),
3214 setgid(2), or similar, or by executing a set-user-ID or
3215 set-group-ID program) or whose binary does not have read
3216 permission enabled.
3217 1 ("debug")
3219 All processes dump core when possible. (Reasons why a
3220 process might nevertheless not dump core are described in
3221 core(5).) The core dump is owned by the filesystem user
3222 ID of the dumping process and no security is applied.
3223 This is intended for system debugging situations only:
3224 this mode is insecure because it allows unprivileged
3225 users to examine the memory contents of privileged pro‐
3226 cesses.
3227 2 ("suidsafe")
3229 Any binary which normally would not be dumped (see "0"
3230 above) is dumped readable by root only. This allows the
3231 user to remove the core dump file but not to read it.
3232 For security reasons core dumps in this mode will not
3233 overwrite one another or other files. This mode is
3234 appropriate when administrators are attempting to debug
3235 problems in a normal environment.
3236 Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
3238 tern must either be an absolute pathname or a pipe com‐
3239 mand, as detailed in core(5). Warnings will be written
3240 to the kernel log if core_pattern does not follow these
3241 rules, and no core dump will be produced.
3242 For details of the effect of a process's "dumpable" setting on
3244 ptrace access mode checking, see ptrace(2).
3245 /proc/sys/fs/super-max
3247 This file controls the maximum number of superblocks, and thus
3248 the maximum number of mounted filesystems the kernel can have.
3249 You need increase only super-max if you need to mount more
3250 filesystems than the current value in super-max allows you to.
3251 /proc/sys/fs/super-nr
3253 This file contains the number of filesystems currently mounted.
3254 /proc/sys/kernel
3256 This directory contains files controlling a range of kernel
3257 parameters, as described below.
3258 /proc/sys/kernel/acct
3260 This file contains three numbers: highwater, lowwater, and fre‐
3261 quency. If BSD-style process accounting is enabled, these val‐
3262 ues control its behavior. If free space on filesystem where the
3263 log lives goes below lowwater percent, accounting suspends. If
3264 free space gets above highwater percent, accounting resumes.
3265 frequency determines how often the kernel checks the amount of
3266 free space (value is in seconds). Default values are 4, 2 and
3267 30. That is, suspend accounting if 2% or less space is free;
3268 resume it if 4% or more space is free; consider information
3269 about amount of free space valid for 30 seconds.
3270 /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to 3.18)
3272 From Linux 2.6.27 to 3.18, this file was used to control recom‐
3273 puting of the value in /proc/sys/kernel/msgmni upon the addition
3274 or removal of memory or upon IPC namespace creation/removal.
3275 Echoing "1" into this file enabled msgmni automatic recomputing
3276 (and triggered a recomputation of msgmni based on the current
3277 amount of available memory and number of IPC namespaces). Echo‐
3278 ing "0" disabled automatic recomputing. (Automatic recomputing
3279 was also disabled if a value was explicitly assigned to
3280 /proc/sys/kernel/msgmni.) The default value in auto_msgmni was
3281 1.
3282 Since Linux 3.19, the content of this file has no effect
3284 (because msgmni defaults to near the maximum value possible),
3285 and reads from this file always return the value "0".
3286 /proc/sys/kernel/cap_last_cap (since Linux 3.2)
3288 See capabilities(7).
3289 /proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)
3291 This file holds the value of the kernel capability bounding set
3292 (expressed as a signed decimal number). This set is ANDed
3293 against the capabilities permitted to a process during
3294 execve(2). Starting with Linux 2.6.25, the system-wide capabil‐
3295 ity bounding set disappeared, and was replaced by a per-thread
3296 bounding set; see capabilities(7).
3297 /proc/sys/kernel/core_pattern
3299 See core(5).
3300 /proc/sys/kernel/core_pipe_limit
3302 See core(5).
3303 /proc/sys/kernel/core_uses_pid
3305 See core(5).
3306 /proc/sys/kernel/ctrl-alt-del
3308 This file controls the handling of Ctrl-Alt-Del from the key‐
3309 board. When the value in this file is 0, Ctrl-Alt-Del is
3310 trapped and sent to the init(1) program to handle a graceful
3311 restart. When the value is greater than zero, Linux's reaction
3312 to a Vulcan Nerve Pinch (tm) will be an immediate reboot, with‐
3313 out even syncing its dirty buffers. Note: when a program (like
3314 dosemu) has the keyboard in "raw" mode, the ctrl-alt-del is
3315 intercepted by the program before it ever reaches the kernel tty
3316 layer, and it's up to the program to decide what to do with it.
3317 /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
3319 The value in this file determines who can see kernel syslog con‐
3320 tents. A value of 0 in this file imposes no restrictions. If
3321 the value is 1, only privileged users can read the kernel sys‐
3322 log. (See syslog(2) for more details.) Since Linux 3.4, only
3323 users with the CAP_SYS_ADMIN capability may change the value in
3324 this file.
3325 /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
3327 can be used to set the NIS/YP domainname and the hostname of
3328 your box in exactly the same way as the commands domainname(1)
3329 and hostname(1), that is:
3330 # echo 'darkstar' > /proc/sys/kernel/hostname
3332 # echo 'mydomain' > /proc/sys/kernel/domainname
3333 has the same effect as
3335 # hostname 'darkstar'
3337 # domainname 'mydomain'
3338 Note, however, that the classic darkstar.frop.org has the host‐
3340 name "darkstar" and DNS (Internet Domain Name Server) domainname
3341 "frop.org", not to be confused with the NIS (Network Information
3342 Service) or YP (Yellow Pages) domainname. These two domain
3343 names are in general different. For a detailed discussion see
3344 the hostname(1) man page.
3345 /proc/sys/kernel/hotplug
3347 This file contains the pathname for the hotplug policy agent.
3348 The default value in this file is /sbin/hotplug.
3349 /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
3351 (PowerPC only) If this file is set to a nonzero value, the Pow‐
3352 erPC htab (see kernel file Documentation/powerpc/ppc_htab.txt)
3353 is pruned each time the system hits the idle loop.
3354 /proc/sys/kernel/keys/*
3356 This directory contains various files that define parameters and
3357 limits for the key-management facility. These files are
3358 described in keyrings(7).
3359 /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
3361 The value in this file determines whether kernel addresses are
3362 exposed via /proc files and other interfaces. A value of 0 in
3363 this file imposes no restrictions. If the value is 1, kernel
3364 pointers printed using the %pK format specifier will be replaced
3365 with zeros unless the user has the CAP_SYSLOG capability. If
3366 the value is 2, kernel pointers printed using the %pK format
3367 specifier will be replaced with zeros regardless of the user's
3368 capabilities. The initial default value for this file was 1,
3369 but the default was changed to 0 in Linux 2.6.39. Since Linux
3370 3.4, only users with the CAP_SYS_ADMIN capability can change the
3371 value in this file.
3372 /proc/sys/kernel/l2cr
3374 (PowerPC only) This file contains a flag that controls the L2
3375 cache of G3 processor boards. If 0, the cache is disabled.
3376 Enabled if nonzero.
3377 /proc/sys/kernel/modprobe
3379 This file contains the pathname for the kernel module loader.
3380 The default value is /sbin/modprobe. The file is present only
3381 if the kernel is built with the CONFIG_MODULES (CONFIG_KMOD in
3382 Linux 2.6.26 and earlier) option enabled. It is described by
3383 the Linux kernel source file Documentation/kmod.txt (present
3384 only in kernel 2.4 and earlier).
3385 /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
3387 A toggle value indicating if modules are allowed to be loaded in
3388 an otherwise modular kernel. This toggle defaults to off (0),
3389 but can be set true (1). Once true, modules can be neither
3390 loaded nor unloaded, and the toggle cannot be set back to false.
3391 The file is present only if the kernel is built with the CON‐
3392 FIG_MODULES option enabled.
3393 /proc/sys/kernel/msgmax (since Linux 2.2)
3395 This file defines a system-wide limit specifying the maximum
3396 number of bytes in a single message written on a System V mes‐
3397 sage queue.
3398 /proc/sys/kernel/msgmni (since Linux 2.4)
3400 This file defines the system-wide limit on the number of message
3401 queue identifiers. See also /proc/sys/kernel/auto_msgmni.
3402 /proc/sys/kernel/msgmnb (since Linux 2.2)
3404 This file defines a system-wide parameter used to initialize the
3405 msg_qbytes setting for subsequently created message queues. The
3406 msg_qbytes setting specifies the maximum number of bytes that
3407 may be written to the message queue.
3408 /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
3410 This is a read-only file that displays the upper limit on the
3411 number of a process's group memberships.
3412 /proc/sys/kernel/ns_last_pid (since Linux 3.3)
3414 See pid_namespaces(7).
3415 /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
3417 These files give substrings of /proc/version.
3418 /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
3420 These files duplicate the files /proc/sys/fs/overflowgid and
3421 /proc/sys/fs/overflowuid.
3422 /proc/sys/kernel/panic
3424 This file gives read/write access to the kernel variable
3425 panic_timeout. If this is zero, the kernel will loop on a
3426 panic; if nonzero, it indicates that the kernel should autore‐
3427 boot after this number of seconds. When you use the software
3428 watchdog device driver, the recommended setting is 60.
3429 /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
3431 This file controls the kernel's behavior when an oops or BUG is
3432 encountered. If this file contains 0, then the system tries to
3433 continue operation. If it contains 1, then the system delays a
3434 few seconds (to give klogd time to record the oops output) and
3435 then panics. If the /proc/sys/kernel/panic file is also
3436 nonzero, then the machine will be rebooted.
3437 /proc/sys/kernel/pid_max (since Linux 2.5.34)
3439 This file specifies the value at which PIDs wrap around (i.e.,
3440 the value in this file is one greater than the maximum PID).
3441 PIDs greater than this value are not allocated; thus, the value
3442 in this file also acts as a system-wide limit on the total num‐
3443 ber of processes and threads. The default value for this file,
3444 32768, results in the same range of PIDs as on earlier kernels.
3445 On 32-bit platforms, 32768 is the maximum value for pid_max. On
3446 64-bit systems, pid_max can be set to any value up to 2^22
3447 (PID_MAX_LIMIT, approximately 4 million).
3448 /proc/sys/kernel/powersave-nap (PowerPC only)
3450 This file contains a flag. If set, Linux-PPC will use the "nap"
3451 mode of powersaving, otherwise the "doze" mode will be used.
3452 /proc/sys/kernel/printk
3454 See syslog(2).
3455 /proc/sys/kernel/pty (since Linux 2.6.4)
3457 This directory contains two files relating to the number of UNIX
3458 98 pseudoterminals (see pts(4)) on the system.
3459 /proc/sys/kernel/pty/max
3461 This file defines the maximum number of pseudoterminals.
3462 /proc/sys/kernel/pty/nr
3464 This read-only file indicates how many pseudoterminals are cur‐
3465 rently in use.
3466 /proc/sys/kernel/random
3468 This directory contains various parameters controlling the oper‐
3469 ation of the file /dev/random. See random(4) for further infor‐
3470 mation.
3471 /proc/sys/kernel/random/uuid (since Linux 2.4)
3473 Each read from this read-only file returns a randomly generated
3474 128-bit UUID, as a string in the standard UUID format.
3475 /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
3477 Select the address space layout randomization (ASLR) policy for
3478 the system (on architectures that support ASLR). Three values
3479 are supported for this file:
3480 0 Turn ASLR off. This is the default for architectures that
3482 don't support ASLR, and when the kernel is booted with the
3483 norandmaps parameter.
3484 1 Make the addresses of mmap(2) allocations, the stack, and the
3486 VDSO page randomized. Among other things, this means that
3487 shared libraries will be loaded at randomized addresses. The
3488 text segment of PIE-linked binaries will also be loaded at a
3489 randomized address. This value is the default if the kernel
3490 was configured with CONFIG_COMPAT_BRK.
3491 2 (Since Linux 2.6.25) Also support heap randomization. This
3493 value is the default if the kernel was not configured with
3494 CONFIG_COMPAT_BRK.
3495 /proc/sys/kernel/real-root-dev
3497 This file is documented in the Linux kernel source file Documen‐
3498 tation/admin-guide/initrd.rst (or Documentation/initrd.txt
3499 before Linux 4.10).
3500 /proc/sys/kernel/reboot-cmd (Sparc only)
3502 This file seems to be a way to give an argument to the SPARC
3503 ROM/Flash boot loader. Maybe to tell it what to do after
3504 rebooting?
3505 /proc/sys/kernel/rtsig-max
3507 (Only in kernels up to and including 2.6.7; see setrlimit(2))
3508 This file can be used to tune the maximum number of POSIX real-
3509 time (queued) signals that can be outstanding in the system.
3510 /proc/sys/kernel/rtsig-nr
3512 (Only in kernels up to and including 2.6.7.) This file shows
3513 the number of POSIX real-time signals currently queued.
3514 /proc/[pid]/sched_autogroup_enabled (since Linux 2.6.38)
3516 See sched(7).
3517 /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
3519 If this file contains the value zero, then, after a fork(2), the
3520 parent is first scheduled on the CPU. If the file contains a
3521 nonzero value, then the child is scheduled first on the CPU.
3522 (Of course, on a multiprocessor system, the parent and the child
3523 might both immediately be scheduled on a CPU.)
3524 /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
3526 See sched_rr_get_interval(2).
3527 /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
3529 See sched(7).
3530 /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
3532 See sched(7).
3533 /proc/sys/kernel/seccomp (since Linux 4.14)
3535 This directory provides additional seccomp information and con‐
3536 figuration. See seccomp(2) for further details.
3537 /proc/sys/kernel/sem (since Linux 2.4)
3539 This file contains 4 numbers defining limits for System V IPC
3540 semaphores. These fields are, in order:
3541 SEMMSL The maximum semaphores per semaphore set.
3543 SEMMNS A system-wide limit on the number of semaphores in all
3545 semaphore sets.
3546 SEMOPM The maximum number of operations that may be specified
3548 in a semop(2) call.
3549 SEMMNI A system-wide limit on the maximum number of semaphore
3551 identifiers.
3552 /proc/sys/kernel/sg-big-buff
3554 This file shows the size of the generic SCSI device (sg) buffer.
3555 You can't tune it just yet, but you could change it at compile
3556 time by editing include/scsi/sg.h and changing the value of
3557 SG_BIG_BUFF. However, there shouldn't be any reason to change
3558 this value.
3559 /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
3561 If this file is set to 1, all System V shared memory segments
3562 will be marked for destruction as soon as the number of attached
3563 processes falls to zero; in other words, it is no longer possi‐
3564 ble to create shared memory segments that exist independently of
3565 any attached process.
3566 The effect is as though a shmctl(2) IPC_RMID is performed on all
3568 existing segments as well as all segments created in the future
3569 (until this file is reset to 0). Note that existing segments
3570 that are attached to no process will be immediately destroyed
3571 when this file is set to 1. Setting this option will also
3572 destroy segments that were created, but never attached, upon
3573 termination of the process that created the segment with
3574 shmget(2).
3575 Setting this file to 1 provides a way of ensuring that all Sys‐
3577 tem V shared memory segments are counted against the resource
3578 usage and resource limits (see the description of RLIMIT_AS in
3579 getrlimit(2)) of at least one process.
3580 Because setting this file to 1 produces behavior that is non‐
3582 standard and could also break existing applications, the default
3583 value in this file is 0. Set this file to 1 only if you have a
3584 good understanding of the semantics of the applications using
3585 System V shared memory on your system.
3586 /proc/sys/kernel/shmall (since Linux 2.2)
3588 This file contains the system-wide limit on the total number of
3589 pages of System V shared memory.
3590 /proc/sys/kernel/shmmax (since Linux 2.2)
3592 This file can be used to query and set the run-time limit on the
3593 maximum (System V IPC) shared memory segment size that can be
3594 created. Shared memory segments up to 1GB are now supported in
3595 the kernel. This value defaults to SHMMAX.
3596 /proc/sys/kernel/shmmni (since Linux 2.4)
3598 This file specifies the system-wide maximum number of System V
3599 shared memory segments that can be created.
3600 /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
3602 The value in this file determines how the file offset affects
3603 the behavior of updating entries in files under /proc/sys. The
3604 file has three possible values:
3605 -1 This provides legacy handling, with no printk warnings.
3607 Each write(2) must fully contain the value to be written,
3608 and multiple writes on the same file descriptor will over‐
3609 write the entire value, regardless of the file position.
3610 0 (default) This provides the same behavior as for -1, but
3612 printk warnings are written for processes that perform
3613 writes when the file offset is not 0.
3614 1 Respect the file offset when writing strings into /proc/sys
3616 files. Multiple writes will append to the value buffer.
3617 Anything written beyond the maximum length of the value buf‐
3618 fer will be ignored. Writes to numeric /proc/sys entries
3619 must always be at file offset 0 and the value must be fully
3620 contained in the buffer provided to write(2).
3621 /proc/sys/kernel/sysrq
3623 This file controls the functions allowed to be invoked by the
3624 SysRq key. By default, the file contains 1 meaning that every
3625 possible SysRq request is allowed (in older kernel versions,
3626 SysRq was disabled by default, and you were required to specifi‐
3627 cally enable it at run-time, but this is not the case any more).
3628 Possible values in this file are:
3629 0 Disable sysrq completely
3631 1 Enable all functions of sysrq
3633 > 1 Bit mask of allowed sysrq functions, as follows:
3635 2 Enable control of console logging level
3636 4 Enable control of keyboard (SAK, unraw)
3637 8 Enable debugging dumps of processes etc.
3638 16 Enable sync command
3639 32 Enable remount read-only
3640 64 Enable signaling of processes (term, kill, oom-kill)
3641 128 Allow reboot/poweroff
3642 256 Allow nicing of all real-time tasks
3643 This file is present only if the CONFIG_MAGIC_SYSRQ kernel con‐
3645 figuration option is enabled. For further details see the Linux
3646 kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
3647 mentation/sysrq.txt before Linux 4.10).
3648 /proc/sys/kernel/version
3650 This file contains a string such as:
3651 #5 Wed Feb 25 21:49:24 MET 1998
3653 The "#5" means that this is the fifth kernel built from this
3655 source base and the date following it indicates the time the
3656 kernel was built.
3657 /proc/sys/kernel/threads-max (since Linux 2.3.11)
3659 This file specifies the system-wide limit on the number of
3660 threads (tasks) that can be created on the system.
3661 Since Linux 4.1, the value that can be written to threads-max is
3663 bounded. The minimum value that can be written is 20. The max‐
3664 imum value that can be written is given by the constant
3665 FUTEX_TID_MASK (0x3fffffff). If a value outside of this range
3666 is written to threads-max, the error EINVAL occurs.
3667 The value written is checked against the available RAM pages.
3669 If the thread structures would occupy too much (more than 1/8th)
3670 of the available RAM pages, threads-max is reduced accordingly.
3671 /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
3673 See ptrace(2).
3674 /proc/sys/kernel/zero-paged (PowerPC only)
3676 This file contains a flag. When enabled (nonzero), Linux-PPC
3677 will pre-zero pages in the idle loop, possibly speeding up
3678 get_free_pages.
3679 /proc/sys/net
3681 This directory contains networking stuff. Explanations for some
3682 of the files under this directory can be found in tcp(7) and
3683 ip(7).
3684 /proc/sys/net/core/bpf_jit_enable
3686 See bpf(2).
3687 /proc/sys/net/core/somaxconn
3689 This file defines a ceiling value for the backlog argument of
3690 listen(2); see the listen(2) manual page for details.
3691 /proc/sys/proc
3693 This directory may be empty.
3694 /proc/sys/sunrpc
3696 This directory supports Sun remote procedure call for network
3697 filesystem (NFS). On some systems, it is not present.
3698 /proc/sys/user (since Linux 4.9)
3700 See namespaces(7).
3701 /proc/sys/vm
3703 This directory contains files for memory management tuning, buf‐
3704 fer and cache management.
3705 /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
3707 This file defines the amount of free memory (in KiB) on the sys‐
3708 tem that should be reserved for users with the capability
3709 CAP_SYS_ADMIN.
3710 The default value in this file is the minimum of [3% of free
3712 pages, 8MiB] expressed as KiB. The default is intended to pro‐
3713 vide enough for the superuser to log in and kill a process, if
3714 necessary, under the default overcommit 'guess' mode (i.e., 0 in
3715 /proc/sys/vm/overcommit_memory).
3716 Systems running in "overcommit never" mode (i.e., 2 in
3718 /proc/sys/vm/overcommit_memory) should increase the value in
3719 this file to account for the full virtual memory size of the
3720 programs used to recover (e.g., login(1) ssh(1), and top(1))
3721 Otherwise, the superuser may not be able to log in to recover
3722 the system. For example, on x86-64 a suitable value is 131072
3723 (128MiB reserved).
3724 Changing the value in this file takes effect whenever an appli‐
3726 cation requests memory.
3727 /proc/sys/vm/compact_memory (since Linux 2.6.35)
3729 When 1 is written to this file, all zones are compacted such
3730 that free memory is available in contiguous blocks where possi‐
3731 ble. The effect of this action can be seen by examining
3732 /proc/buddyinfo.
3733 Present only if the kernel was configured with CONFIG_COM‐
3735 PACTION.
3736 /proc/sys/vm/drop_caches (since Linux 2.6.16)
3738 Writing to this file causes the kernel to drop clean caches,
3739 dentries, and inodes from memory, causing that memory to become
3740 free. This can be useful for memory management testing and per‐
3741 forming reproducible filesystem benchmarks. Because writing to
3742 this file causes the benefits of caching to be lost, it can
3743 degrade overall system performance.
3744 To free pagecache, use:
3746 echo 1 > /proc/sys/vm/drop_caches
3748 To free dentries and inodes, use:
3750 echo 2 > /proc/sys/vm/drop_caches
3752 To free pagecache, dentries and inodes, use:
3754 echo 3 > /proc/sys/vm/drop_caches
3756 Because writing to this file is a nondestructive operation and
3758 dirty objects are not freeable, the user should run sync(1)
3759 first.
3760 /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
3762 If nonzero, this disables the new 32-bit memory-mapping layout;
3763 the kernel will use the legacy (2.4) layout for all processes.
3764 /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
3766 Control how to kill processes when an uncorrected memory error
3767 (typically a 2-bit error in a memory module) that cannot be han‐
3768 dled by the kernel is detected in the background by hardware.
3769 In some cases (like the page still having a valid copy on disk),
3770 the kernel will handle the failure transparently without affect‐
3771 ing any applications. But if there is no other up-to-date copy
3772 of the data, it will kill processes to prevent any data corrup‐
3773 tions from propagating.
3774 The file has one of the following values:
3776 1: Kill all processes that have the corrupted-and-not-reload‐
3778 able page mapped as soon as the corruption is detected.
3779 Note that this is not supported for a few types of pages,
3780 such as kernel internally allocated data or the swap cache,
3781 but works for the majority of user pages.
3782 0: Unmap the corrupted page from all processes and kill a
3784 process only if it tries to access the page.
3785 The kill is performed using a SIGBUS signal with si_code set to
3787 BUS_MCEERR_AO. Processes can handle this if they want to; see
3788 sigaction(2) for more details.
3789 This feature is active only on architectures/platforms with
3791 advanced machine check handling and depends on the hardware
3792 capabilities.
3793 Applications can override the memory_failure_early_kill setting
3795 individually with the prctl(2) PR_MCE_KILL operation.
3796 Present only if the kernel was configured with CONFIG_MEM‐
3798 ORY_FAILURE.
3799 /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
3801 Enable memory failure recovery (when supported by the platform)
3802 1: Attempt recovery.
3804 0: Always panic on a memory failure.
3806 Present only if the kernel was configured with CONFIG_MEM‐
3808 ORY_FAILURE.
3809 /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
3811 Enables a system-wide task dump (excluding kernel threads) to be
3812 produced when the kernel performs an OOM-killing. The dump
3813 includes the following information for each task (thread,
3814 process): thread ID, real user ID, thread group ID (process ID),
3815 virtual memory size, resident set size, the CPU that the task is
3816 scheduled on, oom_adj score (see the description of
3817 /proc/[pid]/oom_adj), and command name. This is helpful to
3818 determine why the OOM-killer was invoked and to identify the
3819 rogue task that caused it.
3820 If this contains the value zero, this information is suppressed.
3822 On very large systems with thousands of tasks, it may not be
3823 feasible to dump the memory state information for each one.
3824 Such systems should not be forced to incur a performance penalty
3825 in OOM situations when the information may not be desired.
3826 If this is set to nonzero, this information is shown whenever
3828 the OOM-killer actually kills a memory-hogging task.
3829 The default value is 0.
3831 /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
3833 This enables or disables killing the OOM-triggering task in out-
3834 of-memory situations.
3835 If this is set to zero, the OOM-killer will scan through the
3837 entire tasklist and select a task based on heuristics to kill.
3838 This normally selects a rogue memory-hogging task that frees up
3839 a large amount of memory when killed.
3840 If this is set to nonzero, the OOM-killer simply kills the task
3842 that triggered the out-of-memory condition. This avoids a pos‐
3843 sibly expensive tasklist scan.
3844 If /proc/sys/vm/panic_on_oom is nonzero, it takes precedence
3846 over whatever value is used in /proc/sys/vm/oom_kill_allocat‐
3847 ing_task.
3848 The default value is 0.
3850 /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
3852 This writable file provides an alternative to /proc/sys/vm/over‐
3853 commit_ratio for controlling the CommitLimit when
3854 /proc/sys/vm/overcommit_memory has the value 2. It allows the
3855 amount of memory overcommitting to be specified as an absolute
3856 value (in kB), rather than as a percentage, as is done with
3857 overcommit_ratio. This allows for finer-grained control of Com‐
3858 mitLimit on systems with extremely large memory sizes.
3859 Only one of overcommit_kbytes or overcommit_ratio can have an
3861 effect: if overcommit_kbytes has a nonzero value, then it is
3862 used to calculate CommitLimit, otherwise overcommit_ratio is
3863 used. Writing a value to either of these files causes the value
3864 in the other file to be set to zero.
3865 /proc/sys/vm/overcommit_memory
3867 This file contains the kernel virtual memory accounting mode.
3868 Values are:
3869 0: heuristic overcommit (this is the default)
3871 1: always overcommit, never check
3872 2: always check, never overcommit
3873 In mode 0, calls of mmap(2) with MAP_NORESERVE are not checked,
3875 and the default check is very weak, leading to the risk of get‐
3876 ting a process "OOM-killed".
3877 In mode 1, the kernel pretends there is always enough memory,
3879 until memory actually runs out. One use case for this mode is
3880 scientific computing applications that employ large sparse
3881 arrays. In Linux kernel versions before 2.6.0, any nonzero
3882 value implies mode 1.
3883 In mode 2 (available since Linux 2.6), the total virtual address
3885 space that can be allocated (CommitLimit in /proc/meminfo) is
3886 calculated as
3887 CommitLimit = (total_RAM - total_huge_TLB) *
3889 overcommit_ratio / 100 + total_swap
3890 where:
3892 * total_RAM is the total amount of RAM on the system;
3894 * total_huge_TLB is the amount of memory set aside for
3896 huge pages;
3897 * overcommit_ratio is the value in /proc/sys/vm/overcom‐
3899 mit_ratio; and
3900 * total_swap is the amount of swap space.
3902 For example, on a system with 16GB of physical RAM, 16GB of
3904 swap, no space dedicated to huge pages, and an overcommit_ratio
3905 of 50, this formula yields a CommitLimit of 24GB.
3906 Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
3908 is nonzero, then CommitLimit is instead calculated as:
3909 CommitLimit = overcommit_kbytes + total_swap
3911 See also the description of /proc/sys/vm/admin_reserve_kbytes
3913 and /proc/sys/vm/user_reserve_kbytes.
3914 /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
3916 This writable file defines a percentage by which memory can be
3917 overcommitted. The default value in the file is 50. See the
3918 description of /proc/sys/vm/overcommit_memory.
3919 /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
3921 This enables or disables a kernel panic in an out-of-memory sit‐
3922 uation.
3923 If this file is set to the value 0, the kernel's OOM-killer will
3925 kill some rogue process. Usually, the OOM-killer is able to
3926 kill a rogue process and the system will survive.
3927 If this file is set to the value 1, then the kernel normally
3929 panics when out-of-memory happens. However, if a process limits
3930 allocations to certain nodes using memory policies (mbind(2)
3931 MPOL_BIND) or cpusets (cpuset(7)) and those nodes reach memory
3932 exhaustion status, one process may be killed by the OOM-killer.
3933 No panic occurs in this case: because other nodes' memory may be
3934 free, this means the system as a whole may not have reached an
3935 out-of-memory situation yet.
3936 If this file is set to the value 2, the kernel always panics
3938 when an out-of-memory condition occurs.
3939 The default value is 0. 1 and 2 are for failover of clustering.
3941 Select either according to your policy of failover.
3942 /proc/sys/vm/swappiness
3944 The value in this file controls how aggressively the kernel will
3945 swap memory pages. Higher values increase aggressiveness, lower
3946 values decrease aggressiveness. The default value is 60.
3947 /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
3949 Specifies an amount of memory (in KiB) to reserve for user pro‐
3950 cesses, This is intended to prevent a user from starting a sin‐
3951 gle memory hogging process, such that they cannot recover (kill
3952 the hog). The value in this file has an effect only when
3953 /proc/sys/vm/overcommit_memory is set to 2 ("overcommit never"
3954 mode). In this case, the system reserves an amount of memory
3955 that is the minimum of [3% of current process size,
3956 user_reserve_kbytes].
3957 The default value in this file is the minimum of [3% of free
3959 pages, 128MiB] expressed as KiB.
3960 If the value in this file is set to zero, then a user will be
3962 allowed to allocate all free memory with a single process (minus
3963 the amount reserved by /proc/sys/vm/admin_reserve_kbytes). Any
3964 subsequent attempts to execute a command will result in "fork:
3965 Cannot allocate memory".
3966 Changing the value in this file takes effect whenever an appli‐
3968 cation requests memory.
3969 /proc/sysrq-trigger (since Linux 2.4.21)
3971 Writing a character to this file triggers the same SysRq func‐
3972 tion as typing ALT-SysRq-<character> (see the description of
3973 /proc/sys/kernel/sysrq). This file is normally writable only by
3974 root. For further details see the Linux kernel source file Doc‐
3975 umentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt
3976 before Linux 4.10).
3977 /proc/sysvipc
3979 Subdirectory containing the pseudo-files msg, sem and shm.
3980 These files list the System V Interprocess Communication (IPC)
3981 objects (respectively: message queues, semaphores, and shared
3982 memory) that currently exist on the system, providing similar
3983 information to that available via ipcs(1). These files have
3984 headers and are formatted (one IPC object per line) for easy
3985 understanding. sysvipc(7) provides further background on the
3986 information shown by these files.
3987 /proc/thread-self (since Linux 3.17)
3989 This directory refers to the thread accessing the /proc filesys‐
3990 tem, and is identical to the /proc/self/task/[tid] directory
3991 named by the process thread ID ([tid]) of the same thread.
3992 /proc/timer_list (since Linux 2.6.21)
3994 This read-only file exposes a list of all currently pending
3995 (high-resolution) timers, all clock-event sources, and their
3996 parameters in a human-readable form.
3997 /proc/timer_stats (from Linux 2.6.21 until Linux 4.10)
3999 This is a debugging facility to make timer (ab)use in a Linux
4000 system visible to kernel and user-space developers. It can be
4001 used by kernel and user-space developers to verify that their
4002 code does not make undue use of timers. The goal is to avoid
4003 unnecessary wakeups, thereby optimizing power consumption.
4004 If enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
4006 has almost zero run-time overhead and a relatively small data-
4007 structure overhead. Even if collection is enabled at run time,
4008 overhead is low: all the locking is per-CPU and lookup is
4009 hashed.
4010 The /proc/timer_stats file is used both to control sampling
4012 facility and to read out the sampled information.
4013 The timer_stats functionality is inactive on bootup. A sampling
4015 period can be started using the following command:
4016 # echo 1 > /proc/timer_stats
4018 The following command stops a sampling period:
4020 # echo 0 > /proc/timer_stats
4022 The statistics can be retrieved by:
4024 $ cat /proc/timer_stats
4026 While sampling is enabled, each readout from /proc/timer_stats
4028 will see newly updated statistics. Once sampling is disabled,
4029 the sampled information is kept until a new sample period is
4030 started. This allows multiple readouts.
4031 Sample output from /proc/timer_stats:
4033 $ cat /proc/timer_stats
4035 Timer Stats Version: v0.3
4036 Sample period: 1.764 s
4037 Collection: active
4038 255, 0 swapper/3 hrtimer_start_range_ns (tick_sched_timer)
4039 71, 0 swapper/1 hrtimer_start_range_ns (tick_sched_timer)
4040 58, 0 swapper/0 hrtimer_start_range_ns (tick_sched_timer)
4041 4, 1694 gnome-shell mod_delayed_work_on (delayed_work_timer_fn)
4042 17, 7 rcu_sched rcu_gp_kthread (process_timeout)
4043 ...
4044 1, 4911 kworker/u16:0 mod_delayed_work_on (delayed_work_timer_fn)
4045 1D, 2522 kworker/0:0 queue_delayed_work_on (delayed_work_timer_fn)
4046 1029 total events, 583.333 events/sec
4047 The output columns are:
4049 * a count of the number of events, optionally (since Linux
4051 2.6.23) followed by the letter 'D' if this is a deferrable
4052 timer;
4053 * the PID of the process that initialized the timer;
4055 * the name of the process that initialized the timer;
4057 * the function where the timer was initialized; and
4059 * (in parentheses) the callback function that is associated
4061 with the timer.
4062 During the Linux 4.11 development cycle, this file was removed
4064 because of security concerns, as it exposes information across
4065 namespaces. Furthermore, it is possible to obtain the same
4066 information via in-kernel tracing facilities such as ftrace.
4067 /proc/tty
4069 Subdirectory containing the pseudo-files and subdirectories for
4070 tty drivers and line disciplines.
4071 /proc/uptime
4073 This file contains two numbers (values in seconds): the uptime
4074 of the system (including time spent in suspend) and the amount
4075 of time spent in the idle process.
4076 /proc/version
4078 This string identifies the kernel version that is currently run‐
4079 ning. It includes the contents of /proc/sys/kernel/ostype,
4080 /proc/sys/kernel/osrelease and /proc/sys/kernel/version. For
4081 example:
4082 Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
4084 /proc/vmstat (since Linux 2.6.0)
4086 This file displays various virtual memory statistics. Each line
4087 of this file contains a single name-value pair, delimited by
4088 white space. Some lines are present only if the kernel was con‐
4089 figured with suitable options. (In some cases, the options
4090 required for particular files have changed across kernel ver‐
4091 sions, so they are not listed here. Details can be found by
4092 consulting the kernel source code.) The following fields may be
4093 present:
4094 nr_free_pages (since Linux 2.6.31)
4096 nr_alloc_batch (since Linux 3.12)
4098 nr_inactive_anon (since Linux 2.6.28)
4100 nr_active_anon (since Linux 2.6.28)
4102 nr_inactive_file (since Linux 2.6.28)
4104 nr_active_file (since Linux 2.6.28)
4106 nr_unevictable (since Linux 2.6.28)
4108 nr_mlock (since Linux 2.6.28)
4110 nr_anon_pages (since Linux 2.6.18)
4112 nr_mapped (since Linux 2.6.0)
4114 nr_file_pages (since Linux 2.6.18)
4116 nr_dirty (since Linux 2.6.0)
4118 nr_writeback (since Linux 2.6.0)
4120 nr_slab_reclaimable (since Linux 2.6.19)
4122 nr_slab_unreclaimable (since Linux 2.6.19)
4124 nr_page_table_pages (since Linux 2.6.0)
4126 nr_kernel_stack (since Linux 2.6.32)
4128 Amount of memory allocated to kernel stacks.
4129 nr_unstable (since Linux 2.6.0)
4131 nr_bounce (since Linux 2.6.12)
4133 nr_vmscan_write (since Linux 2.6.19)
4135 nr_vmscan_immediate_reclaim (since Linux 3.2)
4137 nr_writeback_temp (since Linux 2.6.26)
4139 nr_isolated_anon (since Linux 2.6.32)
4141 nr_isolated_file (since Linux 2.6.32)
4143 nr_shmem (since Linux 2.6.32)
4145 Pages used by shmem and tmpfs(5).
4146 nr_dirtied (since Linux 2.6.37)
4148 nr_written (since Linux 2.6.37)
4150 nr_pages_scanned (since Linux 3.17)
4152 numa_hit (since Linux 2.6.18)
4154 numa_miss (since Linux 2.6.18)
4156 numa_foreign (since Linux 2.6.18)
4158 numa_interleave (since Linux 2.6.18)
4160 numa_local (since Linux 2.6.18)
4162 numa_other (since Linux 2.6.18)
4164 workingset_refault (since Linux 3.15)
4166 workingset_activate (since Linux 3.15)
4168 workingset_nodereclaim (since Linux 3.15)
4170 nr_anon_transparent_hugepages (since Linux 2.6.38)
4172 nr_free_cma (since Linux 3.7)
4174 Number of free CMA (Contiguous Memory Allocator) pages.
4175 nr_dirty_threshold (since Linux 2.6.37)
4177 nr_dirty_background_threshold (since Linux 2.6.37)
4179 pgpgin (since Linux 2.6.0)
4181 pgpgout (since Linux 2.6.0)
4183 pswpin (since Linux 2.6.0)
4185 pswpout (since Linux 2.6.0)
4187 pgalloc_dma (since Linux 2.6.5)
4189 pgalloc_dma32 (since Linux 2.6.16)
4191 pgalloc_normal (since Linux 2.6.5)
4193 pgalloc_high (since Linux 2.6.5)
4195 pgalloc_movable (since Linux 2.6.23)
4197 pgfree (since Linux 2.6.0)
4199 pgactivate (since Linux 2.6.0)
4201 pgdeactivate (since Linux 2.6.0)
4203 pgfault (since Linux 2.6.0)
4205 pgmajfault (since Linux 2.6.0)
4207 pgrefill_dma (since Linux 2.6.5)
4209 pgrefill_dma32 (since Linux 2.6.16)
4211 pgrefill_normal (since Linux 2.6.5)
4213 pgrefill_high (since Linux 2.6.5)
4215 pgrefill_movable (since Linux 2.6.23)
4217 pgsteal_kswapd_dma (since Linux 3.4)
4219 pgsteal_kswapd_dma32 (since Linux 3.4)
4221 pgsteal_kswapd_normal (since Linux 3.4)
4223 pgsteal_kswapd_high (since Linux 3.4)
4225 pgsteal_kswapd_movable (since Linux 3.4)
4227 pgsteal_direct_dma
4229 pgsteal_direct_dma32 (since Linux 3.4)
4231 pgsteal_direct_normal (since Linux 3.4)
4233 pgsteal_direct_high (since Linux 3.4)
4235 pgsteal_direct_movable (since Linux 2.6.23)
4237 pgscan_kswapd_dma
4239 pgscan_kswapd_dma32 (since Linux 2.6.16)
4241 pgscan_kswapd_normal (since Linux 2.6.5)
4243 pgscan_kswapd_high
4245 pgscan_kswapd_movable (since Linux 2.6.23)
4247 pgscan_direct_dma
4249 pgscan_direct_dma32 (since Linux 2.6.16)
4251 pgscan_direct_normal
4253 pgscan_direct_high
4255 pgscan_direct_movable (since Linux 2.6.23)
4257 pgscan_direct_throttle (since Linux 3.6)
4259 zone_reclaim_failed (since linux 2.6.31)
4261 pginodesteal (since linux 2.6.0)
4263 slabs_scanned (since linux 2.6.5)
4265 kswapd_inodesteal (since linux 2.6.0)
4267 kswapd_low_wmark_hit_quickly (since 2.6.33)
4269 kswapd_high_wmark_hit_quickly (since 2.6.33)
4271 pageoutrun (since Linux 2.6.0)
4273 allocstall (since Linux 2.6.0)
4275 pgrotated (since Linux 2.6.0)
4277 drop_pagecache (since Linux 3.15)
4279 drop_slab (since Linux 3.15)
4281 numa_pte_updates (since Linux 3.8)
4283 numa_huge_pte_updates (since Linux 3.13)
4285 numa_hint_faults (since Linux 3.8)
4287 numa_hint_faults_local (since Linux 3.8)
4289 numa_pages_migrated (since Linux 3.8)
4291 pgmigrate_success (since Linux 3.8)
4293 pgmigrate_fail (since Linux 3.8)
4295 compact_migrate_scanned (since Linux 3.8)
4297 compact_free_scanned (since Linux 3.8)
4299 compact_isolated (since Linux 3.8)
4301 compact_stall (since Linux 2.6.35)
4303 See the kernel source file Documentation/admin-
4304 guide/mm/transhuge.rst.
4305 compact_fail (since Linux 2.6.35)
4307 See the kernel source file Documentation/admin-
4308 guide/mm/transhuge.rst.
4309 compact_success (since Linux 2.6.35)
4311 See the kernel source file Documentation/admin-
4312 guide/mm/transhuge.rst.
4313 htlb_buddy_alloc_success (since Linux 2.6.26)
4315 htlb_buddy_alloc_fail (since Linux 2.6.26)
4317 unevictable_pgs_culled (since Linux 2.6.28)
4319 unevictable_pgs_scanned (since Linux 2.6.28)
4321 unevictable_pgs_rescued (since Linux 2.6.28)
4323 unevictable_pgs_mlocked (since Linux 2.6.28)
4325 unevictable_pgs_munlocked (since Linux 2.6.28)
4327 unevictable_pgs_cleared (since Linux 2.6.28)
4329 unevictable_pgs_stranded (since Linux 2.6.28)
4331 thp_fault_alloc (since Linux 2.6.39)
4333 See the kernel source file Documentation/admin-
4334 guide/mm/transhuge.rst.
4335 thp_fault_fallback (since Linux 2.6.39)
4337 See the kernel source file Documentation/admin-
4338 guide/mm/transhuge.rst.
4339 thp_collapse_alloc (since Linux 2.6.39)
4341 See the kernel source file Documentation/admin-
4342 guide/mm/transhuge.rst.
4343 thp_collapse_alloc_failed (since Linux 2.6.39)
4345 See the kernel source file Documentation/admin-
4346 guide/mm/transhuge.rst.
4347 thp_split (since Linux 2.6.39)
4349 See the kernel source file Documentation/admin-
4350 guide/mm/transhuge.rst.
4351 thp_zero_page_alloc (since Linux 3.8)
4353 See the kernel source file Documentation/admin-
4354 guide/mm/transhuge.rst.
4355 thp_zero_page_alloc_failed (since Linux 3.8)
4357 See the kernel source file Documentation/admin-
4358 guide/mm/transhuge.rst.
4359 balloon_inflate (since Linux 3.18)
4361 balloon_deflate (since Linux 3.18)
4363 balloon_migrate (since Linux 3.18)
4365 nr_tlb_remote_flush (since Linux 3.12)
4367 nr_tlb_remote_flush_received (since Linux 3.12)
4369 nr_tlb_local_flush_all (since Linux 3.12)
4371 nr_tlb_local_flush_one (since Linux 3.12)
4373 vmacache_find_calls (since Linux 3.16)
4375 vmacache_find_hits (since Linux 3.16)
4377 vmacache_full_flushes (since Linux 3.19)
4379 /proc/zoneinfo (since Linux 2.6.13)
4381 This file display information about memory zones. This is use‐
4382 ful for analyzing virtual memory behavior.
4383
4385 Many files contain strings (e.g., the environment and command line)
4386 that are in the internal format, with subfields terminated by null
4387 bytes ('\0'). When inspecting such files, you may find that the
4388 results are more readable if you use a command of the following form to
4389 display them:
4390 $ cat file | tr '\000' '\n'
4392 This manual page is incomplete, possibly inaccurate, and is the kind of
4394 thing that needs to be updated very often.
4395
4397 cat(1), dmesg(1), find(1), free(1), htop(1), init(1), ps(1), pstree(1),
4398 tr(1), uptime(1), chroot(2), mmap(2), readlink(2), syslog(2),
4399 slabinfo(5), sysfs(5), hier(7), namespaces(7), time(7), arp(8),
4400 hdparm(8), ifconfig(8), lsmod(8), lspci(8), mount(8), netstat(8),
4401 procinfo(8), route(8), sysctl(8)
4402 The Linux kernel source files: Documentation/filesystems/proc.txt, Doc‐
4404 umentation/sysctl/fs.txt, Documentation/sysctl/kernel.txt, Documenta‐
4405 tion/sysctl/net.txt, and Documentation/sysctl/vm.txt.
4406
4408 This page is part of release 5.02 of the Linux man-pages project. A
4409 description of the project, information about reporting bugs, and the
4410 latest version of this page, can be found at
4411 https://www.kernel.org/doc/man-pages/.
4412Linux 2019-08-02 PROC(5)