1proc(5)                       File Formats Manual                      proc(5)
2
3
4

NAME

6       proc  -  process  information,  system  information, and sysctl pseudo-
7       filesystem
8

DESCRIPTION

10       The proc filesystem is a pseudo-filesystem which provides an  interface
11       to  kernel  data  structures.   It is commonly mounted at /proc.  Typi‐
12       cally, it is mounted automatically by the system, but it  can  also  be
13       mounted manually using a command such as:
14
15           mount -t proc proc /proc
16
17       Most  of the files in the proc filesystem are read-only, but some files
18       are writable, allowing kernel variables to be changed.
19
20   Mount options
21       The proc filesystem supports the following mount options:
22
23       hidepid=n (since Linux 3.3)
24              This option controls who can access the information in /proc/pid
25              directories.  The argument, n, is one of the following values:
26
27              0   Everybody may access all /proc/pid directories.  This is the
28                  traditional behavior, and the default if this  mount  option
29                  is not specified.
30
31              1   Users  may  not  access  files and subdirectories inside any
32                  /proc/pid directories but their own (the /proc/pid  directo‐
33                  ries  themselves  remain  visible).  Sensitive files such as
34                  /proc/pid/cmdline and  /proc/pid/status  are  now  protected
35                  against  other  users.   This  makes  it impossible to learn
36                  whether any user is running a specific program (so  long  as
37                  the  program  doesn't  otherwise reveal itself by its behav‐
38                  ior).
39
40              2   As for mode 1, but in addition the /proc/pid directories be‐
41                  longing  to  other  users become invisible.  This means that
42                  /proc/pid entries can no longer be used to discover the PIDs
43                  on  the  system.   This doesn't hide the fact that a process
44                  with a specific PID value exists (it can be learned by other
45                  means,  for  example,  by  "kill  -0  $PID"), but it hides a
46                  process's UID and GID, which could otherwise be  learned  by
47                  employing  stat(2)  on  a /proc/pid directory.  This greatly
48                  complicates an  attacker's  task  of  gathering  information
49                  about running processes (e.g., discovering whether some dae‐
50                  mon is running with  elevated  privileges,  whether  another
51                  user  is running some sensitive program, whether other users
52                  are running any program at all, and so on).
53
54       gid=gid (since Linux 3.3)
55              Specifies the ID of a group  whose  members  are  authorized  to
56              learn process information otherwise prohibited by hidepid (i.e.,
57              users in this group behave as  though  /proc  was  mounted  with
58              hidepid=0).   This  group  should  be used instead of approaches
59              such as putting nonroot users into the sudoers(5) file.
60
61   Overview
62       Underneath /proc, there are the following general groups of  files  and
63       subdirectories:
64
65       /proc/pid subdirectories
66              Each  one of these subdirectories contains files and subdirecto‐
67              ries exposing information about the process with the correspond‐
68              ing process ID.
69
70              Underneath  each  of the /proc/pid directories, a task subdirec‐
71              tory contains subdirectories of the form task/tid, which contain
72              corresponding  information  about  each  of  the  threads in the
73              process, where tid is the kernel thread ID of the thread.
74
75              The /proc/pid subdirectories are visible when iterating  through
76              /proc with getdents(2) (and thus are visible when one uses ls(1)
77              to view the contents of /proc).
78
79       /proc/tid subdirectories
80              Each one of these subdirectories contains files and  subdirecto‐
81              ries  exposing information about the thread with the correspond‐
82              ing thread ID.  The contents of these directories are  the  same
83              as the corresponding /proc/pid/task/tid directories.
84
85              The  /proc/tid  subdirectories  are  not  visible when iterating
86              through /proc with getdents(2) (and thus are  not  visible  when
87              one uses ls(1) to view the contents of /proc).
88
89       /proc/self
90              When a process accesses this magic symbolic link, it resolves to
91              the process's own /proc/pid directory.
92
93       /proc/thread-self
94              When a thread accesses this magic symbolic link, it resolves  to
95              the process's own /proc/self/task/tid directory.
96
97       /proc/[a-z]*
98              Various  other  files and subdirectories under /proc expose sys‐
99              tem-wide information.
100
101       All of the above are described in more detail below.
102
103   Files and directories
104       The following list provides details of many of the files  and  directo‐
105       ries under the /proc hierarchy.
106
107       /proc/pid
108              There  is a numerical subdirectory for each running process; the
109              subdirectory is named by the process ID.  Each /proc/pid  subdi‐
110              rectory  contains the pseudo-files and directories described be‐
111              low.
112
113              The files inside each /proc/pid directory are normally owned  by
114              the  effective user and effective group ID of the process.  How‐
115              ever, as a security measure, the ownership is made root:root  if
116              the  process's "dumpable" attribute is set to a value other than
117              1.
118
119              Before Linux 4.11, root:root meant the "global" root user ID and
120              group  ID (i.e., UID 0 and GID 0 in the initial user namespace).
121              Since Linux 4.11, if the process is in a noninitial  user  name‐
122              space  that has a valid mapping for user (group) ID 0 inside the
123              namespace, then the user (group) ownership of  the  files  under
124              /proc/pid  is  instead made the same as the root user (group) ID
125              of the namespace.  This means that inside  a  container,  things
126              work as expected for the container "root" user.
127
128              The  process's "dumpable" attribute may change for the following
129              reasons:
130
131              •  The  attribute  was   explicitly   set   via   the   prctl(2)
132                 PR_SET_DUMPABLE operation.
133
134              •  The   attribute   was   reset   to  the  value  in  the  file
135                 /proc/sys/fs/suid_dumpable (described below), for the reasons
136                 described in prctl(2).
137
138              Resetting the "dumpable" attribute to 1 reverts the ownership of
139              the /proc/pid/* files to the process's effective  UID  and  GID.
140              Note,  however, that if the effective UID or GID is subsequently
141              modified, then the "dumpable" attribute may  be  reset,  as  de‐
142              scribed  in  prctl(2).   Therefore, it may be desirable to reset
143              the "dumpable" attribute after making any desired changes to the
144              process's effective UID or GID.
145
146       /proc/pid/attr
147              The files in this directory provide an API for security modules.
148              The contents of this directory are files that can  be  read  and
149              written  in  order to set security-related attributes.  This di‐
150              rectory was added to support SELinux, but the intention was that
151              the  API  be  general  enough to support other security modules.
152              For the purpose of explanation, examples  of  how  SELinux  uses
153              these files are provided below.
154
155              This directory is present only if the kernel was configured with
156              CONFIG_SECURITY.
157
158       /proc/pid/attr/current (since Linux 2.6.0)
159              The contents of this file represent  the  current  security  at‐
160              tributes of the process.
161
162              In  SELinux,  this file is used to get the security context of a
163              process.  Prior to Linux 2.6.11, this file could not be used  to
164              set  the  security  context  (a  write was always denied), since
165              SELinux limited process security transitions to  execve(2)  (see
166              the  description  of  /proc/pid/attr/exec,  below).  Since Linux
167              2.6.11, SELinux lifted this  restriction  and  began  supporting
168              "set"  operations  via writes to this node if authorized by pol‐
169              icy, although use of this operation is only suitable for  appli‐
170              cations  that are trusted to maintain any desired separation be‐
171              tween the old and new security contexts.
172
173              Prior to Linux 2.6.28, SELinux did not allow  threads  within  a
174              multithreaded  process  to  set  their security context via this
175              node as it would yield an inconsistency among the security  con‐
176              texts of the threads sharing the same memory space.  Since Linux
177              2.6.28, SELinux lifted this  restriction  and  began  supporting
178              "set"  operations  for threads within a multithreaded process if
179              the new security context is bounded by the old security context,
180              where  the  bounded relation is defined in policy and guarantees
181              that the new security context has a subset of the permissions of
182              the old security context.
183
184              Other  security  modules  may choose to support "set" operations
185              via writes to this node.
186
187       /proc/pid/attr/exec (since Linux 2.6.0)
188              This file represents the attributes to  assign  to  the  process
189              upon a subsequent execve(2).
190
191              In  SELinux,  this is needed to support role/domain transitions,
192              and execve(2) is the preferred point to  make  such  transitions
193              because  it offers better control over the initialization of the
194              process in the new security label and the inheritance of  state.
195              In SELinux, this attribute is reset on execve(2) so that the new
196              program reverts to the default behavior for any execve(2)  calls
197              that  it  may  make.  In SELinux, a process can set only its own
198              /proc/pid/attr/exec attribute.
199
200       /proc/pid/attr/fscreate (since Linux 2.6.0)
201              This file represents the attributes to assign to  files  created
202              by  subsequent  calls  to  open(2),  mkdir(2),  symlink(2),  and
203              mknod(2)
204
205              SELinux employs this file to support creation of a  file  (using
206              the  aforementioned  system  calls)  in  a secure state, so that
207              there is no risk of inappropriate access being obtained  between
208              the  time  of creation and the time that attributes are set.  In
209              SELinux, this attribute is reset on execve(2), so that  the  new
210              program  reverts  to  the default behavior for any file creation
211              calls it may make, but the attribute will persist across  multi‐
212              ple file creation calls within a program unless it is explicitly
213              reset.   In  SELinux,  a  process   can   set   only   its   own
214              /proc/pid/attr/fscreate attribute.
215
216       /proc/pid/attr/keycreate (since Linux 2.6.18)
217              If  a process writes a security context into this file, all sub‐
218              sequently created keys (add_key(2)) will be  labeled  with  this
219              context.   For  further  information, see the kernel source file
220              Documentation/security/keys/core.rst (or file  Documentation/se‐
221              curity/keys.txt  between Linux 3.0 and Linux 4.13, or Documenta‐
222              tion/keys.txt before Linux 3.0).
223
224       /proc/pid/attr/prev (since Linux 2.6.0)
225              This file contains the security context of  the  process  before
226              the   last   execve(2);   that   is,   the   previous  value  of
227              /proc/pid/attr/current.
228
229       /proc/pid/attr/socketcreate (since Linux 2.6.18)
230              If a process writes a security context into this file, all  sub‐
231              sequently created sockets will be labeled with this context.
232
233       /proc/pid/autogroup (since Linux 2.6.38)
234              See sched(7).
235
236       /proc/pid/auxv (since Linux 2.6.0)
237              This  contains  the  contents of the ELF interpreter information
238              passed to the process at exec time.  The format is one  unsigned
239              long  ID  plus one unsigned long value for each entry.  The last
240              entry contains two zeros.  See also getauxval(3).
241
242              Permission to access this file is governed by  a  ptrace  access
243              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
244
245       /proc/pid/cgroup (since Linux 2.6.24)
246              See cgroups(7).
247
248       /proc/pid/clear_refs (since Linux 2.6.22)
249
250              This  is  a  write-only  file,  writable  only  by  owner of the
251              process.
252
253              The following values may be written to the file:
254
255              1 (since Linux 2.6.22)
256                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
257                     the  pages  associated  with  the process.  (Before Linux
258                     2.6.32, writing any nonzero value to this file  had  this
259                     effect.)
260
261              2 (since Linux 2.6.32)
262                     Reset  the  PG_Referenced and ACCESSED/YOUNG bits for all
263                     anonymous pages associated with the process.
264
265              3 (since Linux 2.6.32)
266                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
267                     file-mapped pages associated with the process.
268
269              Clearing  the  PG_Referenced  and ACCESSED/YOUNG bits provides a
270              method to measure approximately how much memory a process is us‐
271              ing.   One  first inspects the values in the "Referenced" fields
272              for the VMAs shown in /proc/pid/smaps to get an idea of the mem‐
273              ory footprint of the process.  One then clears the PG_Referenced
274              and ACCESSED/YOUNG bits and, after some measured time  interval,
275              once again inspects the values in the "Referenced" fields to get
276              an idea of the change in memory footprint of the process  during
277              the  measured interval.  If one is interested only in inspecting
278              the selected mapping types, then the value 2 or 3  can  be  used
279              instead of 1.
280
281              Further values can be written to affect different properties:
282
283              4 (since Linux 3.11)
284                     Clear  the  soft-dirty  bit  for all the pages associated
285                     with the process.  This  is  used  (in  conjunction  with
286                     /proc/pid/pagemap)  by  the check-point restore system to
287                     discover which pages of a process have been dirtied since
288                     the file /proc/pid/clear_refs was written to.
289
290              5 (since Linux 4.0)
291                     Reset  the  peak resident set size ("high water mark") to
292                     the process's current resident set size value.
293
294              Writing any  value  to  /proc/pid/clear_refs  other  than  those
295              listed above has no effect.
296
297              The  /proc/pid/clear_refs  file  is  present  only  if  the CON‐
298              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
299
300       /proc/pid/cmdline
301              This read-only file holds the  complete  command  line  for  the
302              process,  unless  the  process is a zombie.  In the latter case,
303              there is nothing in this file: that is, a read on this file will
304              return  0 characters.  The command-line arguments appear in this
305              file as a set of strings separated by null bytes ('\0'), with  a
306              further null byte after the last string.
307
308              If,  after  an execve(2), the process modifies its argv strings,
309              those changes will show up here.  This is not the same thing  as
310              modifying the argv array.
311
312              Furthermore,  a process may change the memory location that this
313              file refers via prctl(2) operations such as PR_SET_MM_ARG_START.
314
315              Think of this file as the command line that  the  process  wants
316              you to see.
317
318       /proc/pid/comm (since Linux 2.6.33)
319              This  file exposes the process's comm value—that is, the command
320              name associated with the process.  Different threads in the same
321              process   may   have   different  comm  values,  accessible  via
322              /proc/pid/task/tid/comm.  A thread may modify its comm value, or
323              that  of  any  of other thread in the same thread group (see the
324              discussion of CLONE_THREAD in clone(2)), by writing to the  file
325              /proc/self/task/tid/comm.   Strings  longer  than  TASK_COMM_LEN
326              (16)  characters  (including  the  terminating  null  byte)  are
327              silently truncated.
328
329              This  file  provides  a superset of the prctl(2) PR_SET_NAME and
330              PR_GET_NAME operations, and is employed by pthread_setname_np(3)
331              when used to rename threads other than the caller.  The value in
332              this file  is  used  for  the  %e  specifier  in  /proc/sys/ker‐
333              nel/core_pattern; see core(5).
334
335       /proc/pid/coredump_filter (since Linux 2.6.23)
336              See core(5).
337
338       /proc/pid/cpuset (since Linux 2.6.12)
339              See cpuset(7).
340
341       /proc/pid/cwd
342              This  is a symbolic link to the current working directory of the
343              process.  To find out the current working directory  of  process
344              20, for instance, you can do this:
345
346                  $ cd /proc/20/cwd; pwd -P
347
348              In  a  multithreaded process, the contents of this symbolic link
349              are not available if the  main  thread  has  already  terminated
350              (typically by calling pthread_exit(3)).
351
352              Permission  to  dereference  or read (readlink(2)) this symbolic
353              link is governed by a ptrace  access  mode  PTRACE_MODE_READ_FS‐
354              CREDS check; see ptrace(2).
355
356       /proc/pid/environ
357              This file contains the initial environment that was set when the
358              currently executing program was started via execve(2).  The  en‐
359              tries  are  separated  by  null bytes ('\0'), and there may be a
360              null byte at the end.  Thus, to print  out  the  environment  of
361              process 1, you would do:
362
363                  $ cat /proc/1/environ | tr '\000' '\n'
364
365              If,  after  an  execve(2),  the process modifies its environment
366              (e.g., by calling functions such as putenv(3) or  modifying  the
367              environ(7)  variable directly), this file will not reflect those
368              changes.
369
370              Furthermore, a process may change the memory location that  this
371              file refers via prctl(2) operations such as PR_SET_MM_ENV_START.
372
373              Permission  to  access  this file is governed by a ptrace access
374              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
375
376       /proc/pid/exe
377              Under Linux 2.2 and later, this file is a symbolic link contain‐
378              ing  the actual pathname of the executed command.  This symbolic
379              link can be dereferenced normally; attempting to  open  it  will
380              open the executable.  You can even type /proc/pid/exe to run an‐
381              other copy of the same executable that is being run  by  process
382              pid.   If the pathname has been unlinked, the symbolic link will
383              contain the string '(deleted)' appended to  the  original  path‐
384              name.  In a multithreaded process, the contents of this symbolic
385              link are not available if the main thread has already terminated
386              (typically by calling pthread_exit(3)).
387
388              Permission  to  dereference  or read (readlink(2)) this symbolic
389              link is governed by a ptrace  access  mode  PTRACE_MODE_READ_FS‐
390              CREDS check; see ptrace(2).
391
392              Under  Linux  2.0 and earlier, /proc/pid/exe is a pointer to the
393              binary which was executed, and appears as a  symbolic  link.   A
394              readlink(2)  call  on this file under Linux 2.0 returns a string
395              in the format:
396
397                  [device]:inode
398
399              For example, [0301]:1502 would be inode 1502 on device major  03
400              (IDE,  MFM,  etc. drives) minor 01 (first partition on the first
401              drive).
402
403              find(1) with the -inum option can be used to locate the file.
404
405       /proc/pid/fd/
406              This is a subdirectory containing one entry for each file  which
407              the process has open, named by its file descriptor, and which is
408              a symbolic link to the actual file.  Thus, 0 is standard  input,
409              1 standard output, 2 standard error, and so on.
410
411              For  file descriptors for pipes and sockets, the entries will be
412              symbolic links whose content is the file type with the inode.  A
413              readlink(2) call on this file returns a string in the format:
414
415                  type:[inode]
416
417              For  example, socket:[2248868] will be a socket and its inode is
418              2248868.  For sockets, that inode can be used to find  more  in‐
419              formation in one of the files under /proc/net/.
420
421              For  file  descriptors  that  have no corresponding inode (e.g.,
422              file   descriptors   produced   by   bpf(2),    epoll_create(2),
423              eventfd(2),  inotify_init(2),  perf_event_open(2),  signalfd(2),
424              timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
425              bolic link with contents of the form
426
427                  anon_inode:file-type
428
429              In  many  cases  (but  not  all), the file-type is surrounded by
430              square brackets.
431
432              For example, an epoll file descriptor will have a symbolic  link
433              whose content is the string anon_inode:[eventpoll].
434
435              In  a  multithreaded process, the contents of this directory are
436              not available if the main thread has already  terminated  (typi‐
437              cally by calling pthread_exit(3)).
438
439              Programs  that  take  a filename as a command-line argument, but
440              don't take input from standard input if no argument is supplied,
441              and  programs that write to a file named as a command-line argu‐
442              ment, but don't send their output to standard output if no argu‐
443              ment is supplied, can nevertheless be made to use standard input
444              or standard output by using /proc/pid/fd files  as  command-line
445              arguments.   For example, assuming that -i is the flag designat‐
446              ing an input file and -o is the flag designating an output file:
447
448                  $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
449
450              and you have a working filter.
451
452              /proc/self/fd/N is approximately the same as /dev/fd/N  in  some
453              UNIX and UNIX-like systems.  Most Linux MAKEDEV scripts symboli‐
454              cally link /dev/fd to /proc/self/fd, in fact.
455
456              Most systems provide symbolic links /dev/stdin, /dev/stdout, and
457              /dev/stderr, which respectively link to the files 0, 1, and 2 in
458              /proc/self/fd.  Thus the example command above could be  written
459              as:
460
461                  $ foobar -i /dev/stdin -o /dev/stdout ...
462
463              Permission  to  dereference  or  read (readlink(2)) the symbolic
464              links in this directory is governed  by  a  ptrace  access  mode
465              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
466
467              Note  that  for  file descriptors referring to inodes (pipes and
468              sockets, see above), those inodes still have permission bits and
469              ownership  information  distinct  from those of the /proc/pid/fd
470              entry, and that the owner may differ from the user and group IDs
471              of the process.  An unprivileged process may lack permissions to
472              open them, as in this example:
473
474                  $ echo test | sudo -u nobody cat
475                  test
476                  $ echo test | sudo -u nobody cat /proc/self/fd/0
477                  cat: /proc/self/fd/0: Permission denied
478
479              File descriptor 0 refers to the pipe created by  the  shell  and
480              owned by that shell's user, which is not nobody, so cat does not
481              have permission to create a new file  descriptor  to  read  from
482              that inode, even though it can still read from its existing file
483              descriptor 0.
484
485       /proc/pid/fdinfo/ (since Linux 2.6.22)
486              This is a subdirectory containing one entry for each file  which
487              the  process  has open, named by its file descriptor.  The files
488              in this directory are readable only by the owner of the process.
489              The  contents  of  each  file  can be read to obtain information
490              about the corresponding file descriptor.  The content depends on
491              the  type of file referred to by the corresponding file descrip‐
492              tor.
493
494              For regular files and directories, we see something like:
495
496                  $ cat /proc/12015/fdinfo/4
497                  pos:    1000
498                  flags:  01002002
499                  mnt_id: 21
500
501              The fields are as follows:
502
503              pos    This is a decimal number showing the file offset.
504
505              flags  This is an octal number that  displays  the  file  access
506                     mode  and file status flags (see open(2)).  If the close-
507                     on-exec file descriptor flag is set, then flags will also
508                     include the value O_CLOEXEC.
509
510                     Before  Linux  3.1,  this field incorrectly displayed the
511                     setting of O_CLOEXEC at the time  the  file  was  opened,
512                     rather  than  the  current  setting  of the close-on-exec
513                     flag.
514
515              mnt_id This field, present since Linux 3.15, is the  ID  of  the
516                     mount  containing  this  file.   See  the  description of
517                     /proc/pid/mountinfo.
518
519              For eventfd file descriptors (see  eventfd(2)),  we  see  (since
520              Linux 3.8) the following fields:
521
522                  pos: 0
523                  flags:    02
524                  mnt_id:   10
525                  eventfd-count:               40
526
527              eventfd-count  is  the  current value of the eventfd counter, in
528              hexadecimal.
529
530              For epoll file descriptors (see epoll(7)), we see  (since  Linux
531              3.8) the following fields:
532
533                  pos: 0
534                  flags:    02
535                  mnt_id:   10
536                  tfd:        9 events:       19 data: 74253d2500000009
537                  tfd:        7 events:       19 data: 74253d2500000007
538
539              Each  of  the  lines beginning tfd describes one of the file de‐
540              scriptors being monitored via the  epoll  file  descriptor  (see
541              epoll_ctl(2)  for some details).  The tfd field is the number of
542              the file descriptor.  The events field is a hexadecimal mask  of
543              the  events  being monitored for this file descriptor.  The data
544              field is the data value associated with this file descriptor.
545
546              For signalfd file descriptors (see signalfd(2)), we  see  (since
547              Linux 3.8) the following fields:
548
549                  pos: 0
550                  flags:    02
551                  mnt_id:   10
552                  sigmask:  0000000000000006
553
554              sigmask is the hexadecimal mask of signals that are accepted via
555              this signalfd file descriptor.  (In this example, bits 2  and  3
556              are  set,  corresponding  to the signals SIGINT and SIGQUIT; see
557              signal(7).)
558
559              For inotify file descriptors (see  inotify(7)),  we  see  (since
560              Linux 3.8) the following fields:
561
562                  pos: 0
563                  flags:    00
564                  mnt_id:   11
565                  inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
566                  inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
567
568              Each  of the lines beginning with "inotify" displays information
569              about one file or directory that is being monitored.  The fields
570              in this line are as follows:
571
572              wd     A watch descriptor number (in decimal).
573
574              ino    The inode number of the target file (in hexadecimal).
575
576              sdev   The  ID  of  the device where the target file resides (in
577                     hexadecimal).
578
579              mask   The mask of events being monitored for  the  target  file
580                     (in hexadecimal).
581
582              If  the  kernel was built with exportfs support, the path to the
583              target file is exposed as a file handle, via  three  hexadecimal
584              fields: fhandle-bytes, fhandle-type, and f_handle.
585
586              For  fanotify  file descriptors (see fanotify(7)), we see (since
587              Linux 3.8) the following fields:
588
589                  pos: 0
590                  flags:    02
591                  mnt_id:   11
592                  fanotify flags:0 event-flags:88002
593                  fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
594
595              The fourth line displays information defined when  the  fanotify
596              group was created via fanotify_init(2):
597
598              flags  The  flags  argument given to fanotify_init(2) (expressed
599                     in hexadecimal).
600
601              event-flags
602                     The event_f_flags argument given to fanotify_init(2) (ex‐
603                     pressed in hexadecimal).
604
605              Each  additional  line  shown  in  the file contains information
606              about one of the marks in the fanotify  group.   Most  of  these
607              fields are as for inotify, except:
608
609              mflags The flags associated with the mark (expressed in hexadec‐
610                     imal).
611
612              mask   The events mask for this mark (expressed in hexadecimal).
613
614              ignored_mask
615                     The mask of events that are ignored for  this  mark  (ex‐
616                     pressed in hexadecimal).
617
618              For details on these fields, see fanotify_mark(2).
619
620              For  timerfd  file  descriptors  (see timerfd(2)), we see (since
621              Linux 3.17) the following fields:
622
623                  pos:    0
624                  flags:  02004002
625                  mnt_id: 13
626                  clockid: 0
627                  ticks: 0
628                  settime flags: 03
629                  it_value: (7695568592, 640020877)
630                  it_interval: (0, 0)
631
632              clockid
633                     This is the numeric value of the clock ID  (corresponding
634                     to  one  of  the  CLOCK_* constants defined via <time.h>)
635                     that is used to mark the progress of the timer  (in  this
636                     example, 0 is CLOCK_REALTIME).
637
638              ticks  This  is  the  number  of timer expirations that have oc‐
639                     curred, (i.e., the value that read(2)  on  it  would  re‐
640                     turn).
641
642              settime flags
643                     This  field  lists  the  flags with which the timerfd was
644                     last armed (see timerfd_settime(2)), in  octal  (in  this
645                     example,   both   TFD_TIMER_ABSTIME   and  TFD_TIMER_CAN‐
646                     CEL_ON_SET are set).
647
648              it_value
649                     This field contains the amount of time  until  the  timer
650                     will  next  expire, expressed in seconds and nanoseconds.
651                     This is always expressed as a relative value,  regardless
652                     of  whether the timer was created using the TFD_TIMER_AB‐
653                     STIME flag.
654
655              it_interval
656                     This field contains the interval of the timer, in seconds
657                     and  nanoseconds.   (The  it_value and it_interval fields
658                     contain the values that timerfd_gettime(2) on  this  file
659                     descriptor would return.)
660
661       /proc/pid/gid_map (since Linux 3.5)
662              See user_namespaces(7).
663
664       /proc/pid/io (since Linux 2.6.20)
665              This file contains I/O statistics for the process, for example:
666
667                  # cat /proc/3828/io
668                  rchar: 323934931
669                  wchar: 323929600
670                  syscr: 632687
671                  syscw: 632675
672                  read_bytes: 0
673                  write_bytes: 323932160
674                  cancelled_write_bytes: 0
675
676              The fields are as follows:
677
678              rchar: characters read
679                     The number of bytes which this task has caused to be read
680                     from storage.  This is simply the sum of bytes which this
681                     process  passed  to read(2) and similar system calls.  It
682                     includes things such as terminal I/O and is unaffected by
683                     whether or not actual physical disk I/O was required (the
684                     read might have been satisfied from pagecache).
685
686              wchar: characters written
687                     The number of bytes which this task has caused, or  shall
688                     cause  to be written to disk.  Similar caveats apply here
689                     as with rchar.
690
691              syscr: read syscalls
692                     Attempt to count the number of read  I/O  operations—that
693                     is, system calls such as read(2) and pread(2).
694
695              syscw: write syscalls
696                     Attempt  to count the number of write I/O operations—that
697                     is, system calls such as write(2) and pwrite(2).
698
699              read_bytes: bytes read
700                     Attempt to count the number of bytes which  this  process
701                     really  did  cause  to be fetched from the storage layer.
702                     This is accurate for block-backed filesystems.
703
704              write_bytes: bytes written
705                     Attempt to count the number of bytes which  this  process
706                     caused to be sent to the storage layer.
707
708              cancelled_write_bytes:
709                     The big inaccuracy here is truncate.  If a process writes
710                     1 MB to a file and then deletes the file, it will in fact
711                     perform  no writeout.  But it will have been accounted as
712                     having caused 1 MB of write.  In other words: this  field
713                     represents  the number of bytes which this process caused
714                     to not happen, by truncating pagecache.  A task can cause
715                     "negative"  I/O  too.   If this task truncates some dirty
716                     pagecache, some I/O which another task has been accounted
717                     for (in its write_bytes) will not be happening.
718
719              Note:  In  the  current implementation, things are a bit racy on
720              32-bit systems: if process  A  reads  process  B's  /proc/pid/io
721              while  process  B  is  updating  one  of  these 64-bit counters,
722              process A could see an intermediate result.
723
724              Permission to access this file is governed by  a  ptrace  access
725              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
726
727       /proc/pid/limits (since Linux 2.6.24)
728              This file displays the soft limit, hard limit, and units of mea‐
729              surement for each of the process's resource  limits  (see  getr‐
730              limit(2)).   Up to and including Linux 2.6.35, this file is pro‐
731              tected to allow reading only by the real  UID  of  the  process.
732              Since  Linux  2.6.36,  this file is readable by all users on the
733              system.
734
735       /proc/pid/map_files/ (since Linux 3.3)
736              This subdirectory  contains  entries  corresponding  to  memory-
737              mapped  files (see mmap(2)).  Entries are named by memory region
738              start and end address pair (expressed as  hexadecimal  numbers),
739              and  are symbolic links to the mapped files themselves.  Here is
740              an example, with the output wrapped and reformatted to fit on an
741              80-column display:
742
743                  # ls -l /proc/self/map_files/
744                  lr--------. 1 root root 64 Apr 16 21:31
745                              3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
746                  ...
747
748              Although  these entries are present for memory regions that were
749              mapped with the MAP_FILE flag, the way anonymous  shared  memory
750              (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
751              mented in Linux means that such regions also appear on this  di‐
752              rectory.   Here  is  an  example  where  the  target file is the
753              deleted /dev/zero one:
754
755                  lrw-------. 1 root root 64 Apr 16 21:33
756                              7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
757
758              Permission to access this file is governed by  a  ptrace  access
759              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
760
761              Until  Linux  4.3,  this  directory  appeared  only  if the CON‐
762              FIG_CHECKPOINT_RESTORE kernel configuration option was enabled.
763
764              Capabilities are required to read the contents of  the  symbolic
765              links  in  this directory: before Linux 5.9, the reading process
766              requires CAP_SYS_ADMIN in  the  initial  user  namespace;  since
767              Linux 5.9, the reading process must have either CAP_SYS_ADMIN or
768              CAP_CHECKPOINT_RESTORE in the initial  (i.e.  root)  user  name‐
769              space.
770
771       /proc/pid/maps
772              A  file containing the currently mapped memory regions and their
773              access permissions.  See mmap(2) for  some  further  information
774              about memory mappings.
775
776              Permission  to  access  this file is governed by a ptrace access
777              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
778
779              The format of the file is:
780
781                  address           perms offset  dev   inode       pathname
782                  00400000-00452000 r-xp 00000000 08:02 173521      /usr/bin/dbus-daemon
783                  00651000-00652000 r--p 00051000 08:02 173521      /usr/bin/dbus-daemon
784                  00652000-00655000 rw-p 00052000 08:02 173521      /usr/bin/dbus-daemon
785                  00e03000-00e24000 rw-p 00000000 00:00 0           [heap]
786                  00e24000-011f7000 rw-p 00000000 00:00 0           [heap]
787                  ...
788                  35b1800000-35b1820000 r-xp 00000000 08:02 135522  /usr/lib64/ld-2.15.so
789                  35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522  /usr/lib64/ld-2.15.so
790                  35b1a20000-35b1a21000 rw-p 00020000 08:02 135522  /usr/lib64/ld-2.15.so
791                  35b1a21000-35b1a22000 rw-p 00000000 00:00 0
792                  35b1c00000-35b1dac000 r-xp 00000000 08:02 135870  /usr/lib64/libc-2.15.so
793                  35b1dac000-35b1fac000 ---p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
794                  35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
795                  35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870  /usr/lib64/libc-2.15.so
796                  ...
797                  f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0    [stack:986]
798                  ...
799                  7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0   [stack]
800                  7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0   [vdso]
801
802              The address field is the address space in the process  that  the
803              mapping occupies.  The perms field is a set of permissions:
804
805                  r = read
806                  w = write
807                  x = execute
808                  s = shared
809                  p = private (copy on write)
810
811              The  offset  field  is the offset into the file/whatever; dev is
812              the device (major:minor); inode is the inode on that device.   0
813              indicates that no inode is associated with the memory region, as
814              would be the case with BSS (uninitialized data).
815
816              The pathname field will usually be the file that is backing  the
817              mapping.  For ELF files, you can easily coordinate with the off‐
818              set field by looking at the Offset  field  in  the  ELF  program
819              headers (readelf -l).
820
821              There are additional helpful pseudo-paths:
822
823              [stack]
824                     The  initial  process's (also known as the main thread's)
825                     stack.
826
827              [stack:tid] (from Linux 3.4 to Linux 4.4)
828                     A thread's stack (where the tid is a thread ID).  It cor‐
829                     responds to the /proc/pid/task/tid/ path.  This field was
830                     removed in Linux 4.5, since  providing  this  information
831                     for a process with large numbers of threads is expensive.
832
833              [vdso] The   virtual  dynamically  linked  shared  object.   See
834                     vdso(7).
835
836              [heap] The process's heap.
837
838              [anon:name] (since Linux 5.17)
839                     A named private anonymous  mapping.   Set  with  prctl(2)
840                     PR_SET_VMA_ANON_NAME.
841
842              [anon_shmem:name] (since Linux 6.2)
843                     A  named  shared  anonymous  mapping.   Set with prctl(2)
844                     PR_SET_VMA_ANON_NAME.
845
846              If the pathname field is blank, this is an anonymous mapping  as
847              obtained  via  mmap(2).  There is no easy way to coordinate this
848              back to a process's source, short of running it through  gdb(1),
849              strace(1), or similar.
850
851              pathname is shown unescaped except for newline characters, which
852              are replaced with an octal escape sequence.  As a result, it  is
853              not  possible  to  determine  whether the original pathname con‐
854              tained a newline character or the  literal  \012  character  se‐
855              quence.
856
857              If the mapping is file-backed and the file has been deleted, the
858              string " (deleted)" is appended to the pathname.  Note that this
859              is ambiguous too.
860
861              Under Linux 2.0, there is no field giving pathname.
862
863       /proc/pid/mem
864              This  file can be used to access the pages of a process's memory
865              through open(2), read(2), and lseek(2).
866
867              Permission to access this file is governed by  a  ptrace  access
868              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
869
870       /proc/pid/mountinfo (since Linux 2.6.26)
871              This  file  contains  information  about mounts in the process's
872              mount namespace (see mount_namespaces(7)).  It supplies  various
873              information  (e.g.,  propagation  state,  root of mount for bind
874              mounts, identifier for each mount and its parent) that is  miss‐
875              ing  from  the  (older) /proc/pid/mounts file, and fixes various
876              other problems with that file (e.g.,  nonextensibility,  failure
877              to distinguish per-mount versus per-superblock options).
878
879              The file contains lines of the form:
880
881              36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
882              (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
883
884              The  numbers  in parentheses are labels for the descriptions be‐
885              low:
886
887              (1)  mount ID: a unique ID for the mount (may  be  reused  after
888                   umount(2)).
889
890              (2)  parent  ID:  the ID of the parent mount (or of self for the
891                   root of this mount namespace's mount tree).
892
893                   If a new mount is stacked on top  of  a  previous  existing
894                   mount  (so that it hides the existing mount) at pathname P,
895                   then the parent of the new mount is the previous  mount  at
896                   that  location.   Thus,  when  looking  at  all  the mounts
897                   stacked at a particular location, the top-most mount is the
898                   one  that  is not the parent of any other mount at the same
899                   location.  (Note, however, that this top-most mount will be
900                   accessible  only if the longest path subprefix of P that is
901                   a mount point is not itself hidden by a stacked mount.)
902
903                   If the parent mount lies outside the process's root  direc‐
904                   tory (see chroot(2)), the ID shown here won't have a corre‐
905                   sponding record in  mountinfo  whose  mount  ID  (field  1)
906                   matches  this parent mount ID (because mounts that lie out‐
907                   side  the  process's  root  directory  are  not  shown   in
908                   mountinfo).  As a special case of this point, the process's
909                   root mount may have  a  parent  mount  (for  the  initramfs
910                   filesystem) that lies outside the process's root directory,
911                   and an entry for that mount will not appear in mountinfo.
912
913              (3)  major:minor: the value of st_dev for files on this filesys‐
914                   tem (see stat(2)).
915
916              (4)  root: the pathname of the directory in the filesystem which
917                   forms the root of this mount.
918
919              (5)  mount point: the pathname of the mount  point  relative  to
920                   the process's root directory.
921
922              (6)  mount options: per-mount options (see mount(2)).
923
924              (7)  optional   fields:   zero   or  more  fields  of  the  form
925                   "tag[:value]"; see below.
926
927              (8)  separator: the end of the optional fields is  marked  by  a
928                   single hyphen.
929
930              (9)  filesystem   type:   the   filesystem   type  in  the  form
931                   "type[.subtype]".
932
933              (10) mount source: filesystem-specific information or "none".
934
935              (11) super options: per-superblock options (see mount(2)).
936
937              Currently, the possible  optional  fields  are  shared,  master,
938              propagate_from,  and  unbindable.  See mount_namespaces(7) for a
939              description of these fields.  Parsers should ignore all unrecog‐
940              nized optional fields.
941
942              For   more  information  on  mount  propagation  see  Documenta‐
943              tion/filesystems/sharedsubtree.rst  (or   Documentation/filesys‐
944              tems/sharedsubtree.txt  before  Linux  5.8)  in the Linux kernel
945              source tree.
946
947       /proc/pid/mounts (since Linux 2.4.19)
948              This file lists all the filesystems  currently  mounted  in  the
949              process's mount namespace (see mount_namespaces(7)).  The format
950              of this file is documented in fstab(5).
951
952              Since Linux 2.6.15, this file is  pollable:  after  opening  the
953              file  for  reading,  a  change  in this file (i.e., a filesystem
954              mount or unmount) causes select(2) to mark the  file  descriptor
955              as   having   an   exceptional   condition,   and   poll(2)  and
956              epoll_wait(2) mark the file as having a  priority  event  (POLL‐
957              PRI).  (Before Linux 2.6.30, a change in this file was indicated
958              by the file descriptor being marked as readable  for  select(2),
959              and  being  marked  as having an error condition for poll(2) and
960              epoll_wait(2).)
961
962       /proc/pid/mountstats (since Linux 2.6.17)
963              This file exports information (statistics, configuration  infor‐
964              mation)  about  the mounts in the process's mount namespace (see
965              mount_namespaces(7)).  Lines in this file have the form:
966
967                  device /dev/sda7 mounted on /home with fstype ext3 [stats]
968                  (       1      )            ( 2 )             (3 ) (  4  )
969
970              The fields in each line are:
971
972              (1)  The name of the mounted device (or "nodevice" if  there  is
973                   no corresponding device).
974
975              (2)  The mount point within the filesystem tree.
976
977              (3)  The filesystem type.
978
979              (4)  Optional  statistics  and  configuration information.  Cur‐
980                   rently (as at Linux 2.6.26), only  NFS  filesystems  export
981                   information via this field.
982
983              This file is readable only by the owner of the process.
984
985       /proc/pid/net (since Linux 2.6.25)
986              See the description of /proc/net.
987
988       /proc/pid/ns/ (since Linux 3.0)
989              This  is  a subdirectory containing one entry for each namespace
990              that supports being manipulated by setns(2).  For more  informa‐
991              tion, see namespaces(7).
992
993       /proc/pid/numa_maps (since Linux 2.6.14)
994              See numa(7).
995
996       /proc/pid/oom_adj (since Linux 2.6.11)
997              This  file  can be used to adjust the score used to select which
998              process should be killed in an  out-of-memory  (OOM)  situation.
999              The  kernel  uses  this  value  for a bit-shift operation of the
1000              process's oom_score value: valid values are in the range -16  to
1001              +15,  plus the special value -17, which disables OOM-killing al‐
1002              together for this process.  A positive score increases the like‐
1003              lihood  of  this process being killed by the OOM-killer; a nega‐
1004              tive score decreases the likelihood.
1005
1006              The default value for this file is 0; a new process inherits its
1007              parent's   oom_adj   setting.   A  process  must  be  privileged
1008              (CAP_SYS_RESOURCE) to update this file.
1009
1010              Since Linux 2.6.36, use of this file is deprecated in  favor  of
1011              /proc/pid/oom_score_adj.
1012
1013       /proc/pid/oom_score (since Linux 2.6.11)
1014              This  file  displays  the current score that the kernel gives to
1015              this process for the purpose of selecting a process for the OOM-
1016              killer.  A higher score means that the process is more likely to
1017              be selected by the OOM-killer.  The basis for this score is  the
1018              amount  of memory used by the process, with increases (+) or de‐
1019              creases (-) for factors including:
1020
1021              •  whether the process is privileged (-).
1022
1023              Before Linux 2.6.36 the following factors were also used in  the
1024              calculation of oom_score:
1025
1026              •  whether  the  process creates a lot of children using fork(2)
1027                 (+);
1028
1029              •  whether the process has been running a long time, or has used
1030                 a lot of CPU time (-);
1031
1032              •  whether the process has a low nice value (i.e., > 0) (+); and
1033
1034              •  whether the process is making direct hardware access (-).
1035
1036              The  oom_score  also  reflects  the  adjustment specified by the
1037              oom_score_adj or oom_adj setting for the process.
1038
1039       /proc/pid/oom_score_adj (since Linux 2.6.36)
1040              This file can be used to adjust the badness  heuristic  used  to
1041              select which process gets killed in out-of-memory conditions.
1042
1043              The  badness  heuristic  assigns  a value to each candidate task
1044              ranging from 0 (never kill) to 1000 (always kill)  to  determine
1045              which  process  is targeted.  The units are roughly a proportion
1046              along that range of allowed  memory  the  process  may  allocate
1047              from, based on an estimation of its current memory and swap use.
1048              For example, if a task is using all allowed memory, its  badness
1049              score  will be 1000.  If it is using half of its allowed memory,
1050              its score will be 500.
1051
1052              There is an additional factor included  in  the  badness  score:
1053              root processes are given 3% extra memory over other tasks.
1054
1055              The  amount  of "allowed" memory depends on the context in which
1056              the OOM-killer was called.  If it is due to the memory  assigned
1057              to  the  allocating  task's  cpuset being exhausted, the allowed
1058              memory represents the set of mems assigned to that  cpuset  (see
1059              cpuset(7)).   If  it  is  due to a mempolicy's node(s) being ex‐
1060              hausted, the allowed memory  represents  the  set  of  mempolicy
1061              nodes.   If  it  is  due to a memory limit (or swap limit) being
1062              reached, the allowed memory is that configured limit.   Finally,
1063              if  it  is due to the entire system being out of memory, the al‐
1064              lowed memory represents all allocatable resources.
1065
1066              The value of oom_score_adj is added to the badness score  before
1067              it  is  used to determine which task to kill.  Acceptable values
1068              range    from     -1000     (OOM_SCORE_ADJ_MIN)     to     +1000
1069              (OOM_SCORE_ADJ_MAX).   This  allows  user  space  to control the
1070              preference for OOM-killing, ranging  from  always  preferring  a
1071              certain  task  or completely disabling it from OOM-killing.  The
1072              lowest possible value, -1000, is equivalent  to  disabling  OOM-
1073              killing  entirely  for  that task, since it will always report a
1074              badness score of 0.
1075
1076              Consequently, it is very simple for user  space  to  define  the
1077              amount  of  memory  to  consider  for  each  task.   Setting  an
1078              oom_score_adj value of +500, for example, is roughly  equivalent
1079              to  allowing  the  remainder  of  tasks sharing the same system,
1080              cpuset, mempolicy, or memory  controller  resources  to  use  at
1081              least  50%  more  memory.   A  value of -500, on the other hand,
1082              would be roughly equivalent to discounting 50% of the task's al‐
1083              lowed memory from being considered as scoring against the task.
1084
1085              For    backward    compatibility    with    previous    kernels,
1086              /proc/pid/oom_adj can still be used to tune the  badness  score.
1087              Its value is scaled linearly with oom_score_adj.
1088
1089              Writing  to  /proc/pid/oom_score_adj  or  /proc/pid/oom_adj will
1090              change the other with its scaled value.
1091
1092              The choom(1) program provides a command-line interface  for  ad‐
1093              justing  the oom_score_adj value of a running process or a newly
1094              executed command.
1095
1096       /proc/pid/pagemap (since Linux 2.6.25)
1097              This file shows the mapping of each  of  the  process's  virtual
1098              pages  into  physical page frames or swap area.  It contains one
1099              64-bit value for each virtual page, with the bits  set  as  fol‐
1100              lows:
1101
1102              63     If set, the page is present in RAM.
1103
1104              62     If set, the page is in swap space
1105
1106              61 (since Linux 3.5)
1107                     The  page  is  a  file-mapped  page or a shared anonymous
1108                     page.
1109
1110              60–58 (since Linux 3.11)
1111                     Zero
1112
1113              57 (since Linux 5.14)
1114                     If  set,  the  page  is  write-protected  through   user‐
1115                     faultfd(2).
1116
1117              56 (since Linux 4.2)
1118                     The page is exclusively mapped.
1119
1120              55 (since Linux 3.11)
1121                     PTE  is soft-dirty (see the kernel source file Documenta‐
1122                     tion/admin-guide/mm/soft-dirty.rst).
1123
1124              54–0   If the page is present in RAM (bit 63), then  these  bits
1125                     provide the page frame number, which can be used to index
1126                     /proc/kpageflags and /proc/kpagecount.  If  the  page  is
1127                     present  in  swap  (bit  62), then bits 4–0 give the swap
1128                     type, and bits 54–5 encode the swap offset.
1129
1130              Before Linux 3.11, bits 60–55 were used to encode the base-2 log
1131              of the page size.
1132
1133              To  employ  /proc/pid/pagemap efficiently, use /proc/pid/maps to
1134              determine which areas of memory are actually mapped and seek  to
1135              skip over unmapped regions.
1136
1137              The   /proc/pid/pagemap   file  is  present  only  if  the  CON‐
1138              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1139
1140              Permission to access this file is governed by  a  ptrace  access
1141              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1142
1143       /proc/pid/personality (since Linux 2.6.28)
1144              This  read-only  file exposes the process's execution domain, as
1145              set by personality(2).  The value is  displayed  in  hexadecimal
1146              notation.
1147
1148              Permission  to  access  this file is governed by a ptrace access
1149              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1150
1151       /proc/pid/root
1152              UNIX and Linux support the idea of a  per-process  root  of  the
1153              filesystem,  set  by  the chroot(2) system call.  This file is a
1154              symbolic link that points to the process's root  directory,  and
1155              behaves in the same way as exe, and fd/*.
1156
1157              Note  however  that this file is not merely a symbolic link.  It
1158              provides the same view of the filesystem  (including  namespaces
1159              and  the  set  of per-process mounts) as the process itself.  An
1160              example illustrates this point.  In one  terminal,  we  start  a
1161              shell  in  new  user  and mount namespaces, and in that shell we
1162              create some new mounts:
1163
1164                  $ PS1='sh1# ' unshare -Urnm
1165                  sh1# mount -t tmpfs tmpfs /etc  # Mount empty tmpfs at /etc
1166                  sh1# mount --bind /usr /dev     # Mount /usr at /dev
1167                  sh1# echo $$
1168                  27123
1169
1170              In a second terminal window, in the initial mount namespace,  we
1171              look  at the contents of the corresponding mounts in the initial
1172              and new namespaces:
1173
1174                  $ PS1='sh2# ' sudo sh
1175                  sh2# ls /etc | wc -l                  # In initial NS
1176                  309
1177                  sh2# ls /proc/27123/root/etc | wc -l  # /etc in other NS
1178                  0                                     # The empty tmpfs dir
1179                  sh2# ls /dev | wc -l                  # In initial NS
1180                  205
1181                  sh2# ls /proc/27123/root/dev | wc -l  # /dev in other NS
1182                  11                                    # Actually bind
1183                                                        # mounted to /usr
1184                  sh2# ls /usr | wc -l                  # /usr in initial NS
1185                  11
1186
1187              In a multithreaded process, the contents of  the  /proc/pid/root
1188              symbolic  link  are not available if the main thread has already
1189              terminated (typically by calling pthread_exit(3)).
1190
1191              Permission to dereference or read  (readlink(2))  this  symbolic
1192              link  is  governed  by a ptrace access mode PTRACE_MODE_READ_FS‐
1193              CREDS check; see ptrace(2).
1194
1195       /proc/pid/projid_map (since Linux 3.7)
1196              See user_namespaces(7).
1197
1198       /proc/pid/seccomp (Linux 2.6.12 to Linux 2.6.22)
1199              This file can be used to read and change  the  process's  secure
1200              computing  (seccomp)  mode  setting.  It contains the value 0 if
1201              the process is not in seccomp mode, and 1 if the process  is  in
1202              strict  seccomp  mode  (see seccomp(2)).  Writing 1 to this file
1203              places the process irreversibly in strict seccomp  mode.   (Fur‐
1204              ther attempts to write to the file fail with the EPERM error.)
1205
1206              In  Linux  2.6.23,  this  file  went away, to be replaced by the
1207              prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
1208              by seccomp(2) and the Seccomp field in /proc/pid/status).
1209
1210       /proc/pid/setgroups (since Linux 3.19)
1211              See user_namespaces(7).
1212
1213       /proc/pid/smaps (since Linux 2.6.14)
1214              This  file  shows  memory  consumption for each of the process's
1215              mappings.  (The pmap(1) command displays similar information, in
1216              a  form that may be easier for parsing.)  For each mapping there
1217              is a series of lines such as the following:
1218
1219                  00400000-0048a000 r-xp 00000000 fd:03 960637       /bin/bash
1220                  Size:                552 kB
1221                  Rss:                 460 kB
1222                  Pss:                 100 kB
1223                  Shared_Clean:        452 kB
1224                  Shared_Dirty:          0 kB
1225                  Private_Clean:         8 kB
1226                  Private_Dirty:         0 kB
1227                  Referenced:          460 kB
1228                  Anonymous:             0 kB
1229                  AnonHugePages:         0 kB
1230                  ShmemHugePages:        0 kB
1231                  ShmemPmdMapped:        0 kB
1232                  Swap:                  0 kB
1233                  KernelPageSize:        4 kB
1234                  MMUPageSize:           4 kB
1235                  Locked:                0 kB
1236                  ProtectionKey:         0
1237                  VmFlags: rd ex mr mw me dw
1238
1239              The first of these lines shows the same information as  is  dis‐
1240              played  for  the mapping in /proc/pid/maps.  The following lines
1241              show the size of the mapping, the amount of the mapping that  is
1242              currently  resident  in  RAM ("Rss"), the process's proportional
1243              share of this mapping ("Pss"), the number  of  clean  and  dirty
1244              shared  pages  in the mapping, and the number of clean and dirty
1245              private pages in the mapping.  "Referenced" indicates the amount
1246              of  memory  currently marked as referenced or accessed.  "Anony‐
1247              mous" shows the amount of memory that does  not  belong  to  any
1248              file.   "Swap"  shows how much would-be-anonymous memory is also
1249              used, but out on swap.
1250
1251              The "KernelPageSize" line (available since Linux 2.6.29) is  the
1252              page  size  used  by the kernel to back the virtual memory area.
1253              This matches the size used by the MMU in the majority of  cases.
1254              However,  one  counter-example occurs on PPC64 kernels whereby a
1255              kernel using 64 kB as a base page size may still use 4 kB  pages
1256              for  the  MMU  on  older processors.  To distinguish the two at‐
1257              tributes, the "MMUPageSize" line  (also  available  since  Linux
1258              2.6.29) reports the page size used by the MMU.
1259
1260              The  "Locked"  indicates whether the mapping is locked in memory
1261              or not.
1262
1263              The "ProtectionKey" line (available  since  Linux  4.9,  on  x86
1264              only)  contains the memory protection key (see pkeys(7)) associ‐
1265              ated with the virtual memory area.  This entry is  present  only
1266              if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1267              TION_KEYS configuration option (since Linux 4.6).
1268
1269              The "VmFlags" line (available since Linux  3.8)  represents  the
1270              kernel  flags  associated  with the virtual memory area, encoded
1271              using the following two-letter codes:
1272
1273                     rd   -   readable
1274                     wr   -   writable
1275                     ex   -   executable
1276                     sh   -   shared
1277                     mr   -   may read
1278                     mw   -   may write
1279                     me   -   may execute
1280                     ms   -   may share
1281                     gd   -   stack segment grows down
1282                     pf   -   pure PFN range
1283                     dw   -   disabled write to the mapped file
1284                     lo   -   pages are locked in memory
1285                     io   -   memory mapped I/O area
1286                     sr   -   sequential read advise provided
1287                     rr   -   random read advise provided
1288                     dc   -   do not copy area on fork
1289                     de   -   do not expand area on remapping
1290                     ac   -   area is accountable
1291                     nr   -   swap space is not reserved for the area
1292                     ht   -   area uses huge tlb pages
1293                     sf   -   perform synchronous page faults (since Linux 4.15)
1294                     nl   -   non-linear mapping (removed in Linux 4.0)
1295                     ar   -   architecture specific flag
1296                     wf   -   wipe on fork (since Linux 4.14)
1297                     dd   -   do not include area into core dump
1298                     sd   -   soft-dirty flag (since Linux 3.13)
1299                     mm   -   mixed map area
1300                     hg   -   huge page advise flag
1301                     nh   -   no-huge page advise flag
1302                     mg   -   mergeable advise flag
1303                     um   -   userfaultfd missing pages tracking (since Linux 4.3)
1304                     uw   -   userfaultfd wprotect pages tracking (since Linux 4.3)
1305
1306              The  /proc/pid/smaps  file  is  present   only   if   the   CON‐
1307              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1308
1309       /proc/pid/stack (since Linux 2.6.29)
1310              This  file  provides  a  symbolic trace of the function calls in
1311              this process's kernel stack.  This file is provided only if  the
1312              kernel  was  built  with the CONFIG_STACKTRACE configuration op‐
1313              tion.
1314
1315              Permission to access this file is governed by  a  ptrace  access
1316              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1317
1318       /proc/pid/stat
1319              Status  information  about  the process.  This is used by ps(1).
1320              It is defined in the kernel source file fs/proc/array.c.
1321
1322              The fields, in order, with their proper scanf(3)  format  speci‐
1323              fiers, are listed below.  Whether or not certain of these fields
1324              display valid information is governed by a  ptrace  access  mode
1325              PTRACE_MODE_READ_FSCREDS  |  PTRACE_MODE_NOAUDIT check (refer to
1326              ptrace(2)).  If the check denies access, then the field value is
1327              displayed  as  0.   The  affected  fields are indicated with the
1328              marking [PT].
1329
1330              (1) pid  %d
1331                     The process ID.
1332
1333              (2) comm  %s
1334                     The filename of the executable, in parentheses.   Strings
1335                     longer  than TASK_COMM_LEN (16) characters (including the
1336                     terminating null byte) are silently truncated.   This  is
1337                     visible whether or not the executable is swapped out.
1338
1339              (3) state  %c
1340                     One  of  the  following  characters,  indicating  process
1341                     state:
1342
1343                     R      Running
1344
1345                     S      Sleeping in an interruptible wait
1346
1347                     D      Waiting in uninterruptible disk sleep
1348
1349                     Z      Zombie
1350
1351                     T      Stopped (on a signal)  or  (before  Linux  2.6.33)
1352                            trace stopped
1353
1354                     t      Tracing stop (Linux 2.6.33 onward)
1355
1356                     W      Paging (only before Linux 2.6.0)
1357
1358                     X      Dead (from Linux 2.6.0 onward)
1359
1360                     x      Dead (Linux 2.6.33 to 3.13 only)
1361
1362                     K      Wakekill (Linux 2.6.33 to 3.13 only)
1363
1364                     W      Waking (Linux 2.6.33 to 3.13 only)
1365
1366                     P      Parked (Linux 3.9 to 3.13 only)
1367
1368                     I      Idle (Linux 4.14 onward)
1369
1370              (4) ppid  %d
1371                     The PID of the parent of this process.
1372
1373              (5) pgrp  %d
1374                     The process group ID of the process.
1375
1376              (6) session  %d
1377                     The session ID of the process.
1378
1379              (7) tty_nr  %d
1380                     The  controlling terminal of the process.  (The minor de‐
1381                     vice number is contained in the combination of bits 31 to
1382                     20  and  7 to 0; the major device number is in bits 15 to
1383                     8.)
1384
1385              (8) tpgid  %d
1386                     The ID of the foreground process group of the controlling
1387                     terminal of the process.
1388
1389              (9) flags  %u
1390                     The  kernel flags word of the process.  For bit meanings,
1391                     see the PF_* defines in the Linux kernel source file  in‐
1392                     clude/linux/sched.h.   Details  depend on the kernel ver‐
1393                     sion.
1394
1395                     The format for this field was %lu before Linux 2.6.
1396
1397              (10) minflt  %lu
1398                     The number of minor faults the  process  has  made  which
1399                     have not required loading a memory page from disk.
1400
1401              (11) cminflt  %lu
1402                     The  number of minor faults that the process's waited-for
1403                     children have made.
1404
1405              (12) majflt  %lu
1406                     The number of major faults the  process  has  made  which
1407                     have required loading a memory page from disk.
1408
1409              (13) cmajflt  %lu
1410                     The  number of major faults that the process's waited-for
1411                     children have made.
1412
1413              (14) utime  %lu
1414                     Amount of time that this process has  been  scheduled  in
1415                     user   mode,   measured   in   clock   ticks  (divide  by
1416                     sysconf(_SC_CLK_TCK)).    This   includes   guest   time,
1417                     guest_time (time spent running a virtual CPU, see below),
1418                     so that applications that are not aware of the guest time
1419                     field do not lose that time from their calculations.
1420
1421              (15) stime  %lu
1422                     Amount  of  time  that this process has been scheduled in
1423                     kernel  mode,  measured  in  clock   ticks   (divide   by
1424                     sysconf(_SC_CLK_TCK)).
1425
1426              (16) cutime  %ld
1427                     Amount  of  time  that this process's waited-for children
1428                     have been scheduled in user mode, measured in clock ticks
1429                     (divide  by  sysconf(_SC_CLK_TCK)).  (See also times(2).)
1430                     This includes guest time, cguest_time (time spent running
1431                     a virtual CPU, see below).
1432
1433              (17) cstime  %ld
1434                     Amount  of  time  that this process's waited-for children
1435                     have been scheduled in kernel  mode,  measured  in  clock
1436                     ticks (divide by sysconf(_SC_CLK_TCK)).
1437
1438              (18) priority  %ld
1439                     (Explanation for Linux 2.6) For processes running a real-
1440                     time scheduling policy (policy below; see sched_setsched‐
1441                     uler(2)),  this is the negated scheduling priority, minus
1442                     one; that is, a number in the range -2  to  -100,  corre‐
1443                     sponding  to real-time priorities 1 to 99.  For processes
1444                     running under a non-real-time scheduling policy, this  is
1445                     the raw nice value (setpriority(2)) as represented in the
1446                     kernel.  The kernel stores nice values as numbers in  the
1447                     range  0  (high)  to 39 (low), corresponding to the user-
1448                     visible nice range of -20 to 19.
1449
1450                     Before Linux 2.6, this was a scaled value  based  on  the
1451                     scheduler weighting given to this process.
1452
1453              (19) nice  %ld
1454                     The nice value (see setpriority(2)), a value in the range
1455                     19 (low priority) to -20 (high priority).
1456
1457              (20) num_threads  %ld
1458                     Number of threads in this process (since Linux 2.6).  Be‐
1459                     fore  Linux  2.6,  this  field  was  hard coded to 0 as a
1460                     placeholder for an earlier removed field.
1461
1462              (21) itrealvalue  %ld
1463                     The time in jiffies before the next SIGALRM  is  sent  to
1464                     the  process  due  to  an  interval  timer.   Since Linux
1465                     2.6.17, this field is no longer maintained, and  is  hard
1466                     coded as 0.
1467
1468              (22) starttime  %llu
1469                     The  time  the process started after system boot.  Before
1470                     Linux 2.6, this value was expressed  in  jiffies.   Since
1471                     Linux  2.6, the value is expressed in clock ticks (divide
1472                     by sysconf(_SC_CLK_TCK)).
1473
1474                     The format for this field was %lu before Linux 2.6.
1475
1476              (23) vsize  %lu
1477                     Virtual memory size in bytes.
1478
1479              (24) rss  %ld
1480                     Resident Set Size: number of pages  the  process  has  in
1481                     real  memory.   This is just the pages which count toward
1482                     text, data, or stack space.  This does not include  pages
1483                     which  have  not  been  demand-loaded  in,  or  which are
1484                     swapped   out.    This   value   is    inaccurate;    see
1485                     /proc/pid/statm below.
1486
1487              (25) rsslim  %lu
1488                     Current  soft  limit  in bytes on the rss of the process;
1489                     see the description of RLIMIT_RSS in getrlimit(2).
1490
1491              (26) startcode  %lu  [PT]
1492                     The address above which program text can run.
1493
1494              (27) endcode  %lu  [PT]
1495                     The address below which program text can run.
1496
1497              (28) startstack  %lu  [PT]
1498                     The address of the start (i.e., bottom) of the stack.
1499
1500              (29) kstkesp  %lu  [PT]
1501                     The current value of ESP (stack pointer), as found in the
1502                     kernel stack page for the process.
1503
1504              (30) kstkeip  %lu  [PT]
1505                     The current EIP (instruction pointer).
1506
1507              (31) signal  %lu
1508                     The  bitmap  of  pending  signals, displayed as a decimal
1509                     number.  Obsolete, because it does not  provide  informa‐
1510                     tion on real-time signals; use /proc/pid/status instead.
1511
1512              (32) blocked  %lu
1513                     The  bitmap  of  blocked  signals, displayed as a decimal
1514                     number.  Obsolete, because it does not  provide  informa‐
1515                     tion on real-time signals; use /proc/pid/status instead.
1516
1517              (33) sigignore  %lu
1518                     The  bitmap  of  ignored  signals, displayed as a decimal
1519                     number.  Obsolete, because it does not  provide  informa‐
1520                     tion on real-time signals; use /proc/pid/status instead.
1521
1522              (34) sigcatch  %lu
1523                     The bitmap of caught signals, displayed as a decimal num‐
1524                     ber.  Obsolete, because it does not  provide  information
1525                     on real-time signals; use /proc/pid/status instead.
1526
1527              (35) wchan  %lu  [PT]
1528                     This  is  the  "channel" in which the process is waiting.
1529                     It is the address of a location in the kernel  where  the
1530                     process is sleeping.  The corresponding symbolic name can
1531                     be found in /proc/pid/wchan.
1532
1533              (36) nswap  %lu
1534                     Number of pages swapped (not maintained).
1535
1536              (37) cnswap  %lu
1537                     Cumulative nswap for child processes (not maintained).
1538
1539              (38) exit_signal  %d  (since Linux 2.1.22)
1540                     Signal to be sent to parent when we die.
1541
1542              (39) processor  %d  (since Linux 2.2.8)
1543                     CPU number last executed on.
1544
1545              (40) rt_priority  %u  (since Linux 2.5.19)
1546                     Real-time scheduling priority, a number in the range 1 to
1547                     99  for  processes scheduled under a real-time policy, or
1548                     0,  for  non-real-time  processes  (see   sched_setsched‐
1549                     uler(2)).
1550
1551              (41) policy  %u  (since Linux 2.5.19)
1552                     Scheduling  policy  (see  sched_setscheduler(2)).  Decode
1553                     using the SCHED_* constants in linux/sched.h.
1554
1555                     The format for this field was %lu before Linux 2.6.22.
1556
1557              (42) delayacct_blkio_ticks  %llu  (since Linux 2.6.18)
1558                     Aggregated block I/O  delays,  measured  in  clock  ticks
1559                     (centiseconds).
1560
1561              (43) guest_time  %lu  (since Linux 2.6.24)
1562                     Guest  time  of the process (time spent running a virtual
1563                     CPU for a guest  operating  system),  measured  in  clock
1564                     ticks (divide by sysconf(_SC_CLK_TCK)).
1565
1566              (44) cguest_time  %ld  (since Linux 2.6.24)
1567                     Guest  time  of the process's children, measured in clock
1568                     ticks (divide by sysconf(_SC_CLK_TCK)).
1569
1570              (45) start_data  %lu  (since Linux 3.3)  [PT]
1571                     Address above which program initialized and uninitialized
1572                     (BSS) data are placed.
1573
1574              (46) end_data  %lu  (since Linux 3.3)  [PT]
1575                     Address below which program initialized and uninitialized
1576                     (BSS) data are placed.
1577
1578              (47) start_brk  %lu  (since Linux 3.3)  [PT]
1579                     Address above which program heap  can  be  expanded  with
1580                     brk(2).
1581
1582              (48) arg_start  %lu  (since Linux 3.5)  [PT]
1583                     Address above which program command-line arguments (argv)
1584                     are placed.
1585
1586              (49) arg_end  %lu  (since Linux 3.5)  [PT]
1587                     Address below program command-line arguments  (argv)  are
1588                     placed.
1589
1590              (50) env_start  %lu  (since Linux 3.5)  [PT]
1591                     Address above which program environment is placed.
1592
1593              (51) env_end  %lu  (since Linux 3.5)  [PT]
1594                     Address below which program environment is placed.
1595
1596              (52) exit_code  %d  (since Linux 3.5)  [PT]
1597                     The  thread's  exit  status in the form reported by wait‐
1598                     pid(2).
1599
1600       /proc/pid/statm
1601              Provides information about memory usage, measured in pages.  The
1602              columns are:
1603
1604                  size       (1) total program size
1605                             (same as VmSize in /proc/pid/status)
1606                  resident   (2) resident set size
1607                             (inaccurate; same as VmRSS in /proc/pid/status)
1608                  shared     (3) number of resident shared pages
1609                             (i.e., backed by a file)
1610                             (inaccurate; same as RssFile+RssShmem in
1611                             /proc/pid/status)
1612                  text       (4) text (code)
1613                  lib        (5) library (unused since Linux 2.6; always 0)
1614                  data       (6) data + stack
1615                  dt         (7) dirty pages (unused since Linux 2.6; always 0)
1616
1617              Some of these values are inaccurate because of a kernel-internal
1618              scalability optimization.  If accurate values are required,  use
1619              /proc/pid/smaps  or  /proc/pid/smaps_rollup  instead,  which are
1620              much slower but provide accurate, detailed information.
1621
1622       /proc/pid/status
1623              Provides  much  of  the  information   in   /proc/pid/stat   and
1624              /proc/pid/statm  in  a format that's easier for humans to parse.
1625              Here's an example:
1626
1627                  $ cat /proc/$$/status
1628                  Name:   bash
1629                  Umask:  0022
1630                  State:  S (sleeping)
1631                  Tgid:   17248
1632                  Ngid:   0
1633                  Pid:    17248
1634                  PPid:   17200
1635                  TracerPid:      0
1636                  Uid:    1000    1000    1000    1000
1637                  Gid:    100     100     100     100
1638                  FDSize: 256
1639                  Groups: 16 33 100
1640                  NStgid: 17248
1641                  NSpid:  17248
1642                  NSpgid: 17248
1643                  NSsid:  17200
1644                  VmPeak:                                                         131168 kB
1645                  VmSize:                                                         131168 kB
1646                  VmLck:                                                               0 kB
1647                  VmPin:                                                               0 kB
1648                  VmHWM:                                                           13484 kB
1649                  VmRSS:                                                           13484 kB
1650                  RssAnon:                                                         10264 kB
1651                  RssFile:                                                          3220 kB
1652                  RssShmem:                                                            0 kB
1653                  VmData:                                                          10332 kB
1654                  VmStk:                                                             136 kB
1655                  VmExe:                                                             992 kB
1656                  VmLib:                                                            2104 kB
1657                  VmPTE:                                                              76 kB
1658                  VmPMD:                                                              12 kB
1659                  VmSwap:                                                              0 kB
1660                  HugetlbPages:          0 kB                                   # 4.4
1661                  CoreDumping:                                                  0                       # 4.15
1662                  Threads:        1
1663                  SigQ:   0/3067
1664                  SigPnd: 0000000000000000
1665                  ShdPnd: 0000000000000000
1666                  SigBlk: 0000000000010000
1667                  SigIgn: 0000000000384004
1668                  SigCgt: 000000004b813efb
1669                  CapInh: 0000000000000000
1670                  CapPrm: 0000000000000000
1671                  CapEff: 0000000000000000
1672                  CapBnd: ffffffffffffffff
1673                  CapAmb:                                                       0000000000000000
1674                  NoNewPrivs:     0
1675                  Seccomp:        0
1676                  Speculation_Store_Bypass:       vulnerable
1677                  Cpus_allowed:   00000001
1678                  Cpus_allowed_list:      0
1679                  Mems_allowed:   1
1680                  Mems_allowed_list:      0
1681                  voluntary_ctxt_switches:        150
1682                  nonvoluntary_ctxt_switches:     545
1683
1684              The fields are as follows:
1685
1686              Name   Command  run  by  this  process.   Strings  longer   than
1687                     TASK_COMM_LEN  (16) characters (including the terminating
1688                     null byte) are silently truncated.
1689
1690              Umask  Process umask, expressed in octal with  a  leading  zero;
1691                     see umask(2).  (Since Linux 4.7.)
1692
1693              State  Current  state  of the process.  One of "R (running)", "S
1694                     (sleeping)", "D (disk sleep)", "T (stopped)", "t (tracing
1695                     stop)", "Z (zombie)", or "X (dead)".
1696
1697              Tgid   Thread group ID (i.e., Process ID).
1698
1699              Ngid   NUMA group ID (0 if none; since Linux 3.13).
1700
1701              Pid    Thread ID (see gettid(2)).
1702
1703              PPid   PID of parent process.
1704
1705              TracerPid
1706                     PID  of  process  tracing  this  process  (0 if not being
1707                     traced).
1708
1709              Uid, Gid
1710                     Real, effective, saved set, and filesystem UIDs (GIDs).
1711
1712              FDSize Number of file descriptor slots currently allocated.
1713
1714              Groups Supplementary group list.
1715
1716              NStgid Thread group ID (i.e., PID) in each of the PID namespaces
1717                     of  which  pid is a member.  The leftmost entry shows the
1718                     value with respect to the PID namespace  of  the  process
1719                     that  mounted  this  procfs  (or  the  root  namespace if
1720                     mounted by the kernel), followed by the value in  succes‐
1721                     sively nested inner namespaces.  (Since Linux 4.1.)
1722
1723              NSpid  Thread ID in each of the PID namespaces of which pid is a
1724                     member.  The fields are ordered as  for  NStgid.   (Since
1725                     Linux 4.1.)
1726
1727              NSpgid Process  group  ID in each of the PID namespaces of which
1728                     pid is a member.  The fields are ordered as  for  NStgid.
1729                     (Since Linux 4.1.)
1730
1731              NSsid  descendant  namespace  session ID hierarchy Session ID in
1732                     each of the PID namespaces of which pid is a member.  The
1733                     fields are ordered as for NStgid.  (Since Linux 4.1.)
1734
1735              VmPeak Peak virtual memory size.
1736
1737              VmSize Virtual memory size.
1738
1739              VmLck  Locked memory size (see mlock(2)).
1740
1741              VmPin  Pinned  memory  size  (since Linux 3.2).  These are pages
1742                     that can't be moved because something needs  to  directly
1743                     access physical memory.
1744
1745              VmHWM  Peak  resident  set size ("high water mark").  This value
1746                     is inaccurate; see /proc/pid/statm above.
1747
1748              VmRSS  Resident set size.  Note that the value here is  the  sum
1749                     of RssAnon, RssFile, and RssShmem.  This value is inaccu‐
1750                     rate; see /proc/pid/statm above.
1751
1752              RssAnon
1753                     Size of resident anonymous memory.   (since  Linux  4.5).
1754                     This value is inaccurate; see /proc/pid/statm above.
1755
1756              RssFile
1757                     Size of resident file mappings.  (since Linux 4.5).  This
1758                     value is inaccurate; see /proc/pid/statm above.
1759
1760              RssShmem
1761                     Size of resident shared memory (includes System V  shared
1762                     memory, mappings from tmpfs(5), and shared anonymous map‐
1763                     pings).  (since Linux 4.5).
1764
1765              VmData, VmStk, VmExe
1766                     Size of data, stack, and text segments.   This  value  is
1767                     inaccurate; see /proc/pid/statm above.
1768
1769              VmLib  Shared library code size.
1770
1771              VmPTE  Page table entries size (since Linux 2.6.10).
1772
1773              VmPMD  Size of second-level page tables (added in Linux 4.0; re‐
1774                     moved in Linux 4.15).
1775
1776              VmSwap Swapped-out virtual  memory  size  by  anonymous  private
1777                     pages;  shmem  swap  usage  is  not included (since Linux
1778                     2.6.34).  This value is inaccurate;  see  /proc/pid/statm
1779                     above.
1780
1781              HugetlbPages
1782                     Size of hugetlb memory portions (since Linux 4.4).
1783
1784              CoreDumping
1785                     Contains  the value 1 if the process is currently dumping
1786                     core, and 0 if it is not (since Linux 4.15).  This infor‐
1787                     mation  can  be  used  by  a  monitoring process to avoid
1788                     killing a process that is currently dumping  core,  which
1789                     could result in a corrupted core dump file.
1790
1791              Threads
1792                     Number of threads in process containing this thread.
1793
1794              SigQ   This  field contains two slash-separated numbers that re‐
1795                     late to queued signals for  the  real  user  ID  of  this
1796                     process.   The  first of these is the number of currently
1797                     queued signals for this real user ID, and the  second  is
1798                     the  resource  limit  on the number of queued signals for
1799                     this process (see the description of RLIMIT_SIGPENDING in
1800                     getrlimit(2)).
1801
1802              SigPnd, ShdPnd
1803                     Mask  (expressed  in  hexadecimal) of signals pending for
1804                     thread and for process as a whole  (see  pthreads(7)  and
1805                     signal(7)).
1806
1807              SigBlk, SigIgn, SigCgt
1808                     Masks (expressed in hexadecimal) indicating signals being
1809                     blocked, ignored, and caught (see signal(7)).
1810
1811              CapInh, CapPrm, CapEff
1812                     Masks (expressed in hexadecimal) of capabilities  enabled
1813                     in  inheritable, permitted, and effective sets (see capa‐
1814                     bilities(7)).
1815
1816              CapBnd Capability bounding set, expressed in hexadecimal  (since
1817                     Linux 2.6.26, see capabilities(7)).
1818
1819              CapAmb Ambient  capability  set, expressed in hexadecimal (since
1820                     Linux 4.3, see capabilities(7)).
1821
1822              NoNewPrivs
1823                     Value of the no_new_privs  bit  (since  Linux  4.10,  see
1824                     prctl(2)).
1825
1826              Seccomp
1827                     Seccomp  mode  of  the process (since Linux 3.8, see sec‐
1828                     comp(2)).  0 means SECCOMP_MODE_DISABLED;  1  means  SEC‐
1829                     COMP_MODE_STRICT;   2  means  SECCOMP_MODE_FILTER.   This
1830                     field is provided only if the kernel was built  with  the
1831                     CONFIG_SECCOMP kernel configuration option enabled.
1832
1833              Speculation_Store_Bypass
1834                     Speculation  flaw mitigation state (since Linux 4.17, see
1835                     prctl(2)).
1836
1837              Cpus_allowed
1838                     Hexadecimal mask of CPUs on which this  process  may  run
1839                     (since Linux 2.6.24, see cpuset(7)).
1840
1841              Cpus_allowed_list
1842                     Same  as  previous,  but  in  "list  format" (since Linux
1843                     2.6.26, see cpuset(7)).
1844
1845              Mems_allowed
1846                     Mask of memory nodes allowed to this process (since Linux
1847                     2.6.24, see cpuset(7)).
1848
1849              Mems_allowed_list
1850                     Same  as  previous,  but  in  "list  format" (since Linux
1851                     2.6.26, see cpuset(7)).
1852
1853              voluntary_ctxt_switches, nonvoluntary_ctxt_switches
1854                     Number of  voluntary  and  involuntary  context  switches
1855                     (since Linux 2.6.23).
1856
1857       /proc/pid/syscall (since Linux 2.6.27)
1858              This  file exposes the system call number and argument registers
1859              for the system call currently being  executed  by  the  process,
1860              followed  by the values of the stack pointer and program counter
1861              registers.  The values of all six  argument  registers  are  ex‐
1862              posed, although most system calls use fewer registers.
1863
1864              If  the  process  is blocked, but not in a system call, then the
1865              file displays -1 in place of the system call number, followed by
1866              just  the  values  of the stack pointer and program counter.  If
1867              process is not blocked, then the file contains just  the  string
1868              "running".
1869
1870              This file is present only if the kernel was configured with CON‐
1871              FIG_HAVE_ARCH_TRACEHOOK.
1872
1873              Permission to access this file is governed by  a  ptrace  access
1874              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1875
1876       /proc/pid/task (since Linux 2.6.0)
1877              This  is  a  directory  that  contains one subdirectory for each
1878              thread in the process.  The name of each subdirectory is the nu‐
1879              merical thread ID (tid) of the thread (see gettid(2)).
1880
1881              Within  each  of  these  subdirectories, there is a set of files
1882              with the same names and contents as under the /proc/pid directo‐
1883              ries.   For  attributes that are shared by all threads, the con‐
1884              tents for each of the files under  the  task/tid  subdirectories
1885              will  be  the  same  as  in the corresponding file in the parent
1886              /proc/pid directory (e.g., in a multithreaded  process,  all  of
1887              the   task/tid/cwd  files  will  have  the  same  value  as  the
1888              /proc/pid/cwd file in the parent directory,  since  all  of  the
1889              threads in a process share a working directory).  For attributes
1890              that are distinct for each thread, the corresponding files under
1891              task/tid may have different values (e.g., various fields in each
1892              of the task/tid/status files may be different for each  thread),
1893              or they might not exist in /proc/pid at all.
1894
1895              In  a  multithreaded process, the contents of the /proc/pid/task
1896              directory are not available if the main thread has already  ter‐
1897              minated (typically by calling pthread_exit(3)).
1898
1899       /proc/pid/task/tid/children (since Linux 3.5)
1900              A  space-separated list of child tasks of this task.  Each child
1901              task is represented by its TID.
1902
1903              This option is intended for use by the checkpoint-restore (CRIU)
1904              system,  and reliably provides a list of children only if all of
1905              the child processes are stopped or frozen.   It  does  not  work
1906              properly  if  children of the target task exit while the file is
1907              being read!  Exiting children may cause non-exiting children  to
1908              be  omitted  from the list.  This makes this interface even more
1909              unreliable than classic PID-based approaches  if  the  inspected
1910              task and its children aren't frozen, and most code should proba‐
1911              bly not use this interface.
1912
1913              Until Linux 4.2, the presence of this file was governed  by  the
1914              CONFIG_CHECKPOINT_RESTORE  kernel  configuration  option.  Since
1915              Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.
1916
1917       /proc/pid/timers (since Linux 3.10)
1918              A list of the POSIX timers for  this  process.   Each  timer  is
1919              listed with a line that starts with the string "ID:".  For exam‐
1920              ple:
1921
1922                  ID: 1
1923                  signal: 60/00007fff86e452a8
1924                  notify: signal/pid.2634
1925                  ClockID: 0
1926                  ID: 0
1927                  signal: 60/00007fff86e452a8
1928                  notify: signal/pid.2634
1929                  ClockID: 1
1930
1931              The lines shown for each timer have the following meanings:
1932
1933              ID     The ID for this timer.  This is not the same as the timer
1934                     ID  returned  by  timer_create(2); rather, it is the same
1935                     kernel-internal ID that is available via  the  si_timerid
1936                     field of the siginfo_t structure (see sigaction(2)).
1937
1938              signal This is the signal number that this timer uses to deliver
1939                     notifications  followed  by  a  slash,   and   then   the
1940                     sigev_value  value supplied to the signal handler.  Valid
1941                     only for timers that notify via a signal.
1942
1943              notify The part before the slash specifies  the  mechanism  that
1944                     this  timer  uses to deliver notifications, and is one of
1945                     "thread", "signal", or "none".  Immediately following the
1946                     slash   is  either  the  string  "tid"  for  timers  with
1947                     SIGEV_THREAD_ID notification, or "pid"  for  timers  that
1948                     notify by other mechanisms.  Following the "." is the PID
1949                     of the process (or the kernel thread ID  of  the  thread)
1950                     that will be delivered a signal if the timer delivers no‐
1951                     tifications via a signal.
1952
1953              ClockID
1954                     This field identifies the clock that the timer  uses  for
1955                     measuring  time.   For most clocks, this is a number that
1956                     matches one of the user-space CLOCK_*  constants  exposed
1957                     via  <time.h>.   CLOCK_PROCESS_CPUTIME_ID  timers display
1958                     with    a    value    of    -6     in     this     field.
1959                     CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
1960                     in this field.
1961
1962              This file is available only when the kernel was configured  with
1963              CONFIG_CHECKPOINT_RESTORE.
1964
1965       /proc/pid/timerslack_ns (since Linux 4.6)
1966              This file exposes the process's "current" timer slack value, ex‐
1967              pressed in nanoseconds.  The  file  is  writable,  allowing  the
1968              process's  timer  slack  value to be changed.  Writing 0 to this
1969              file resets the "current" timer slack  to  the  "default"  timer
1970              slack  value.   For  further  details,  see  the  discussion  of
1971              PR_SET_TIMERSLACK in prctl(2).
1972
1973              Initially, permission to access this  file  was  governed  by  a
1974              ptrace   access   mode   PTRACE_MODE_ATTACH_FSCREDS  check  (see
1975              ptrace(2)).  However, this was subsequently deemed too strict  a
1976              requirement (and had the side effect that requiring a process to
1977              have the CAP_SYS_PTRACE capability would also allow it  to  view
1978              and  change  any process's memory).  Therefore, since Linux 4.9,
1979              only the (weaker) CAP_SYS_NICE capability is required to  access
1980              this file.
1981
1982       /proc/pid/uid_map (since Linux 3.5)
1983              See user_namespaces(7).
1984
1985       /proc/pid/wchan (since Linux 2.6.0)
1986              The  symbolic  name  corresponding to the location in the kernel
1987              where the process is sleeping.
1988
1989              Permission to access this file is governed by  a  ptrace  access
1990              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1991
1992       /proc/tid
1993              There   is a numerical subdirectory for each running thread that
1994              is not a thread group leader (i.e., a thread whose thread ID  is
1995              not  the  same  as its process ID); the subdirectory is named by
1996              the thread ID.  Each one of these subdirectories contains  files
1997              and  subdirectories  exposing  information about the thread with
1998              the thread ID tid.  The contents of these  directories  are  the
1999              same as the corresponding /proc/pid/task/tid directories.
2000
2001              The  /proc/tid  subdirectories  are  not  visible when iterating
2002              through /proc with getdents(2) (and thus are  not  visible  when
2003              one  uses  ls(1)  to  view the contents of /proc).  However, the
2004              pathnames of these directories are visible to (i.e.,  usable  as
2005              arguments in) system calls that operate on pathnames.
2006
2007       /proc/apm
2008              Advanced  power  management version and battery information when
2009              CONFIG_APM is defined at kernel compilation time.
2010
2011       /proc/buddyinfo
2012              This file contains information which is used for diagnosing mem‐
2013              ory fragmentation issues.  Each line starts with the identifica‐
2014              tion of the node and the name of the zone which  together  iden‐
2015              tify  a  memory  region.   This is then followed by the count of
2016              available chunks of a certain order in  which  these  zones  are
2017              split.   The  size  in  bytes of a certain order is given by the
2018              formula:
2019
2020                  (2^order) * PAGE_SIZE
2021
2022              The binary buddy allocator  algorithm  inside  the  kernel  will
2023              split  one  chunk  into two chunks of a smaller order (thus with
2024              half the size) or combine two contiguous chunks into one  larger
2025              chunk  of  a higher order (thus with double the size) to satisfy
2026              allocation requests and to counter  memory  fragmentation.   The
2027              order matches the column number, when starting to count at zero.
2028
2029              For example on an x86-64 system:
2030         Node 0, zone     DMA     1    1    1    0    2    1    1    0    1    1    3
2031         Node 0, zone   DMA32    65   47    4   81   52   28   13   10    5    1  404
2032         Node 0, zone  Normal   216   55  189  101   84   38   37   27    5    3  587
2033
2034              In  this  example,  there is one node containing three zones and
2035              there are 11 different chunk sizes.  If the page size is 4 kilo‐
2036              bytes,  then  the  first  zone  called  DMA (on x86 the first 16
2037              megabyte of memory) has 1 chunk of 4 kilobytes (order 0)  avail‐
2038              able and has 3 chunks of 4 megabytes (order 10) available.
2039
2040              If the memory is heavily fragmented, the counters for higher or‐
2041              der chunks will be zero and allocation of large contiguous areas
2042              will fail.
2043
2044              Further  information about the zones can be found in /proc/zone‐
2045              info.
2046
2047       /proc/bus
2048              Contains subdirectories for installed buses.
2049
2050       /proc/bus/pccard
2051              Subdirectory for PCMCIA devices when  CONFIG_PCMCIA  is  set  at
2052              kernel compilation time.
2053
2054       /proc/bus/pccard/drivers
2055
2056       /proc/bus/pci
2057              Contains  various bus subdirectories and pseudo-files containing
2058              information about PCI buses, installed devices, and device driv‐
2059              ers.  Some of these files are not ASCII.
2060
2061       /proc/bus/pci/devices
2062              Information  about  PCI  devices.   They may be accessed through
2063              lspci(8) and setpci(8).
2064
2065       /proc/cgroups (since Linux 2.6.24)
2066              See cgroups(7).
2067
2068       /proc/cmdline
2069              Arguments passed to the Linux kernel at boot time.   Often  done
2070              via a boot manager such as lilo(8) or grub(8).
2071
2072       /proc/config.gz (since Linux 2.6)
2073              This  file  exposes  the configuration options that were used to
2074              build the currently running kernel, in the same format  as  they
2075              would  be shown in the .config file that resulted when configur‐
2076              ing the kernel (using make xconfig, make  config,  or  similar).
2077              The  file  contents  are  compressed;  view or search them using
2078              zcat(1) and zgrep(1).  As long as no changes have been  made  to
2079              the following file, the contents of /proc/config.gz are the same
2080              as those provided by:
2081
2082                  cat /lib/modules/$(uname -r)/build/.config
2083
2084              /proc/config.gz is provided only if  the  kernel  is  configured
2085              with CONFIG_IKCONFIG_PROC.
2086
2087       /proc/crypto
2088              A  list  of  the ciphers provided by the kernel crypto API.  For
2089              details, see the kernel Linux Kernel  Crypto  API  documentation
2090              available   under   the   kernel   source  directory  Documenta‐
2091              tion/crypto/ (or Documentation/DocBook before  Linux  4.10;  the
2092              documentation can be built using a command such as make htmldocs
2093              in the root directory of the kernel source tree).
2094
2095       /proc/cpuinfo
2096              This is a collection of CPU and  system  architecture  dependent
2097              items,  for  each  supported architecture a different list.  Two
2098              common entries are processor which  gives  CPU  number  and  bo‐
2099              gomips;  a system constant that is calculated during kernel ini‐
2100              tialization.  SMP machines have information for each  CPU.   The
2101              lscpu(1) command gathers its information from this file.
2102
2103       /proc/devices
2104              Text  listing  of  major numbers and device groups.  This can be
2105              used by MAKEDEV scripts for consistency with the kernel.
2106
2107       /proc/diskstats (since Linux 2.5.69)
2108              This file contains disk I/O statistics  for  each  disk  device.
2109              See    the    Linux   kernel   source   file   Documentation/ad‐
2110              min-guide/iostats.rst (or Documentation/iostats.txt before Linux
2111              5.3) for further information.
2112
2113       /proc/dma
2114              This  is a list of the registered ISA DMA (direct memory access)
2115              channels in use.
2116
2117       /proc/driver
2118              Empty subdirectory.
2119
2120       /proc/execdomains
2121              List of the execution domains (ABI personalities).
2122
2123       /proc/fb
2124              Frame buffer information when CONFIG_FB is defined during kernel
2125              compilation.
2126
2127       /proc/filesystems
2128              A  text  listing  of  the filesystems which are supported by the
2129              kernel, namely filesystems which were compiled into  the  kernel
2130              or  whose  kernel  modules  are  currently  loaded.   (See  also
2131              filesystems(5).)  If a filesystem is marked with  "nodev",  this
2132              means  that  it  does  not  require a block device to be mounted
2133              (e.g., virtual filesystem, network filesystem).
2134
2135              Incidentally, this file may be used by mount(8) when no filesys‐
2136              tem  is specified and it didn't manage to determine the filesys‐
2137              tem type.  Then filesystems contained in  this  file  are  tried
2138              (excepted those that are marked with "nodev").
2139
2140       /proc/fs
2141              Contains subdirectories that in turn contain files with informa‐
2142              tion about (certain) mounted filesystems.
2143
2144       /proc/ide
2145              This directory exists on systems with the IDE  bus.   There  are
2146              directories for each IDE channel and attached device.  Files in‐
2147              clude:
2148
2149                  cache              buffer size in KB
2150                  capacity           number of sectors
2151                  driver             driver version
2152                  geometry           physical and logical geometry
2153                  identify           in hexadecimal
2154                  media              media type
2155                  model              manufacturer's model number
2156                  settings           drive settings
2157                  smart_thresholds   IDE disk management thresholds (in hex)
2158                  smart_values       IDE disk management values (in hex)
2159
2160              The hdparm(8) utility provides access to this information  in  a
2161              friendly format.
2162
2163       /proc/interrupts
2164              This  is  used to record the number of interrupts per CPU per IO
2165              device.  Since Linux 2.6.24, for the i386 and  x86-64  architec‐
2166              tures,  at  least, this also includes interrupts internal to the
2167              system (that is, not associated with a device as such), such  as
2168              NMI  (nonmaskable  interrupt),  LOC (local timer interrupt), and
2169              for SMP systems, TLB (TLB flush  interrupt),  RES  (rescheduling
2170              interrupt),  CAL  (remote function call interrupt), and possibly
2171              others.  Very easy to read formatting, done in ASCII.
2172
2173       /proc/iomem
2174              I/O memory map in Linux 2.4.
2175
2176       /proc/ioports
2177              This is a list of currently registered Input-Output port regions
2178              that are in use.
2179
2180       /proc/kallsyms (since Linux 2.5.71)
2181              This  holds  the  kernel exported symbol definitions used by the
2182              modules(X) tools to dynamically link and bind loadable  modules.
2183              In  Linux  2.5.47 and earlier, a similar file with slightly dif‐
2184              ferent syntax was named ksyms.
2185
2186       /proc/kcore
2187              This file represents the physical memory of the  system  and  is
2188              stored  in the ELF core file format.  With this pseudo-file, and
2189              an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
2190              used to examine the current state of any kernel data structures.
2191
2192              The  total  length  of  the  file is the size of physical memory
2193              (RAM) plus 4 KiB.
2194
2195       /proc/keys (since Linux 2.6.10)
2196              See keyrings(7).
2197
2198       /proc/key-users (since Linux 2.6.10)
2199              See keyrings(7).
2200
2201       /proc/kmsg
2202              This file can be used instead of the syslog(2)  system  call  to
2203              read  kernel messages.  A process must have superuser privileges
2204              to read this file, and only one process should read  this  file.
2205              This  file  should  not  be  read if a syslog process is running
2206              which uses the syslog(2) system call facility to log kernel mes‐
2207              sages.
2208
2209              Information in this file is retrieved with the dmesg(1) program.
2210
2211       /proc/kpagecgroup (since Linux 4.3)
2212              This  file  contains  a 64-bit inode number of the memory cgroup
2213              each page is charged to, indexed by page frame number  (see  the
2214              discussion of /proc/pid/pagemap).
2215
2216              The  /proc/kpagecgroup  file is present only if the CONFIG_MEMCG
2217              kernel configuration option is enabled.
2218
2219       /proc/kpagecount (since Linux 2.6.25)
2220              This file contains a 64-bit count of the number  of  times  each
2221              physical page frame is mapped, indexed by page frame number (see
2222              the discussion of /proc/pid/pagemap).
2223
2224              The  /proc/kpagecount  file  is  present  only   if   the   CON‐
2225              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2226
2227       /proc/kpageflags (since Linux 2.6.25)
2228              This  file  contains 64-bit masks corresponding to each physical
2229              page frame; it is indexed by page frame number (see the  discus‐
2230              sion of /proc/pid/pagemap).  The bits are as follows:
2231
2232                      0   -   KPF_LOCKED
2233                      1   -   KPF_ERROR
2234                      2   -   KPF_REFERENCED
2235                      3   -   KPF_UPTODATE
2236                      4   -   KPF_DIRTY
2237                      5   -   KPF_LRU
2238                      6   -   KPF_ACTIVE
2239                      7   -   KPF_SLAB
2240                      8   -   KPF_WRITEBACK
2241                      9   -   KPF_RECLAIM
2242                     10   -   KPF_BUDDY
2243                     11   -   KPF_MMAP            (since Linux 2.6.31)
2244                     12   -   KPF_ANON            (since Linux 2.6.31)
2245                     13   -   KPF_SWAPCACHE       (since Linux 2.6.31)
2246                     14   -   KPF_SWAPBACKED      (since Linux 2.6.31)
2247                     15   -   KPF_COMPOUND_HEAD   (since Linux 2.6.31)
2248                     16   -   KPF_COMPOUND_TAIL   (since Linux 2.6.31)
2249                     17   -   KPF_HUGE            (since Linux 2.6.31)
2250                     18   -   KPF_UNEVICTABLE     (since Linux 2.6.31)
2251                     19   -   KPF_HWPOISON        (since Linux 2.6.31)
2252                     20   -   KPF_NOPAGE          (since Linux 2.6.31)
2253                     21   -   KPF_KSM             (since Linux 2.6.32)
2254                     22   -   KPF_THP             (since Linux 3.4)
2255                     23   -   KPF_BALLOON         (since Linux 3.18)
2256                     24   -   KPF_ZERO_PAGE       (since Linux 4.0)
2257                     25   -   KPF_IDLE            (since Linux 4.3)
2258                     26   -   KPF_PGTABLE         (since Linux 4.18)
2259
2260              For  further details on the meanings of these bits, see the ker‐
2261              nel source file  Documentation/admin-guide/mm/pagemap.rst.   Be‐
2262              fore  Linux  2.6.29,  KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and
2263              KPF_LOCKED did not report correctly.
2264
2265              The  /proc/kpageflags  file  is  present  only   if   the   CON‐
2266              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2267
2268       /proc/ksyms (Linux 1.1.23–2.5.47)
2269              See /proc/kallsyms.
2270
2271       /proc/loadavg
2272              The  first  three  fields  in this file are load average figures
2273              giving the number of jobs in the run queue (state R) or  waiting
2274              for disk I/O (state D) averaged over 1, 5, and 15 minutes.  They
2275              are the same as the load average numbers given by uptime(1)  and
2276              other  programs.  The fourth field consists of two numbers sepa‐
2277              rated by a slash (/).  The first of these is the number of  cur‐
2278              rently runnable kernel scheduling entities (processes, threads).
2279              The value after the slash is the number of kernel scheduling en‐
2280              tities  that  currently exist on the system.  The fifth field is
2281              the PID of the process that was most  recently  created  on  the
2282              system.
2283
2284       /proc/locks
2285              This  file  shows current file locks (flock(2) and fcntl(2)) and
2286              leases (fcntl(2)).
2287
2288              An example of the content shown in this file is the following:
2289
2290                  1: POSIX  ADVISORY  READ  5433 08:01:7864448 128 128
2291                  2: FLOCK  ADVISORY  WRITE 2001 08:01:7864554 0 EOF
2292                  3: FLOCK  ADVISORY  WRITE 1568 00:2f:32388 0 EOF
2293                  4: POSIX  ADVISORY  WRITE 699 00:16:28457 0 EOF
2294                  5: POSIX  ADVISORY  WRITE 764 00:16:21448 0 0
2295                  6: POSIX  ADVISORY  READ  3548 08:01:7867240 1 1
2296                  7: POSIX  ADVISORY  READ  3548 08:01:7865567 1826 2335
2297                  8: OFDLCK ADVISORY  WRITE -1 08:01:8713209 128 191
2298
2299              The fields shown in each line are as follows:
2300
2301              [1]  The ordinal position of the lock in the list.
2302
2303              [2]  The lock type.  Values that may appear here include:
2304
2305                   FLOCK  This is a BSD file lock created using flock(2).
2306
2307                   OFDLCK This is an open file description (OFD) lock  created
2308                          using fcntl(2).
2309
2310                   POSIX  This  is  a  POSIX byte-range lock created using fc‐
2311                          ntl(2).
2312
2313              [3]  Among the strings that can appear here are the following:
2314
2315                   ADVISORY
2316                          This is an advisory lock.
2317
2318                   MANDATORY
2319                          This is a mandatory lock.
2320
2321              [4]  The type of lock.  Values that can appear here are:
2322
2323                   READ   This is a POSIX or OFD read lock, or  a  BSD  shared
2324                          lock.
2325
2326                   WRITE  This  is  a POSIX or OFD write lock, or a BSD exclu‐
2327                          sive lock.
2328
2329              [5]  The PID of the process that owns the lock.
2330
2331                   Because OFD locks are not owned by a single process  (since
2332                   multiple  processes may have file descriptors that refer to
2333                   the same open file description), the value -1 is  displayed
2334                   in  this  field  for  OFD locks.  (Before Linux 4.14, a bug
2335                   meant that the PID of the process that  initially  acquired
2336                   the lock was displayed instead of the value -1.)
2337
2338              [6]  Three colon-separated subfields that identify the major and
2339                   minor device ID of the  device  containing  the  filesystem
2340                   where the locked file resides, followed by the inode number
2341                   of the locked file.
2342
2343              [7]  The byte offset of the first byte of  the  lock.   For  BSD
2344                   locks, this value is always 0.
2345
2346              [8]  The  byte offset of the last byte of the lock.  EOF in this
2347                   field means that the lock extends to the end of  the  file.
2348                   For BSD locks, the value shown is always EOF.
2349
2350              Since  Linux 4.9, the list of locks shown in /proc/locks is fil‐
2351              tered to show just the locks for the processes in the PID  name‐
2352              space (see pid_namespaces(7)) for which the /proc filesystem was
2353              mounted.  (In the initial PID namespace, there is  no  filtering
2354              of the records shown in this file.)
2355
2356              The  lslocks(8)  command  provides  a bit more information about
2357              each lock.
2358
2359       /proc/malloc (only up to and including Linux 2.2)
2360              This file is present only  if  CONFIG_DEBUG_MALLOC  was  defined
2361              during compilation.
2362
2363       /proc/meminfo
2364              This  file  reports statistics about memory usage on the system.
2365              It is used by free(1) to report the amount of free and used mem‐
2366              ory (both physical and swap) on the system as well as the shared
2367              memory and buffers used by the kernel.  Each line  of  the  file
2368              consists  of a parameter name, followed by a colon, the value of
2369              the parameter, and an option unit of measurement  (e.g.,  "kB").
2370              The  list  below  describes  the  parameter names and the format
2371              specifier required to read the field value.  Except as noted be‐
2372              low,  all  of  the fields have been present since at least Linux
2373              2.6.0.  Some fields are displayed only if the kernel was config‐
2374              ured  with  various options; those dependencies are noted in the
2375              list.
2376
2377              MemTotal %lu
2378                     Total usable RAM (i.e., physical RAM minus a few reserved
2379                     bits and the kernel binary code).
2380
2381              MemFree %lu
2382                     The sum of LowFree+HighFree.
2383
2384              MemAvailable %lu (since Linux 3.14)
2385                     An  estimate of how much memory is available for starting
2386                     new applications, without swapping.
2387
2388              Buffers %lu
2389                     Relatively temporary storage for  raw  disk  blocks  that
2390                     shouldn't get tremendously large (20 MB or so).
2391
2392              Cached %lu
2393                     In-memory  cache  for  files read from the disk (the page
2394                     cache).  Doesn't include SwapCached.
2395
2396              SwapCached %lu
2397                     Memory that once was swapped out, is swapped back in  but
2398                     still  also  is in the swap file.  (If memory pressure is
2399                     high, these pages don't need to be swapped out again  be‐
2400                     cause  they  are  already  in  the swap file.  This saves
2401                     I/O.)
2402
2403              Active %lu
2404                     Memory that has been used more recently and  usually  not
2405                     reclaimed unless absolutely necessary.
2406
2407              Inactive %lu
2408                     Memory which has been less recently used.  It is more el‐
2409                     igible to be reclaimed for other purposes.
2410
2411              Active(anon) %lu (since Linux 2.6.28)
2412                     [To be documented.]
2413
2414              Inactive(anon) %lu (since Linux 2.6.28)
2415                     [To be documented.]
2416
2417              Active(file) %lu (since Linux 2.6.28)
2418                     [To be documented.]
2419
2420              Inactive(file) %lu (since Linux 2.6.28)
2421                     [To be documented.]
2422
2423              Unevictable %lu (since Linux 2.6.28)
2424                     (From  Linux   2.6.28   to   Linux   2.6.30,   CONFIG_UN‐
2425                     EVICTABLE_LRU was required.)  [To be documented.]
2426
2427              Mlocked %lu (since Linux 2.6.28)
2428                     (From   Linux   2.6.28   to   Linux   2.6.30,  CONFIG_UN‐
2429                     EVICTABLE_LRU was required.)  [To be documented.]
2430
2431              HighTotal %lu
2432                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2433                     Total  amount  of  highmem.   Highmem is all memory above
2434                     ~860 MB of physical memory.  Highmem areas are for use by
2435                     user-space  programs,  or for the page cache.  The kernel
2436                     must use tricks to access this memory, making  it  slower
2437                     to access than lowmem.
2438
2439              HighFree %lu
2440                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2441                     Amount of free highmem.
2442
2443              LowTotal %lu
2444                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2445                     Total  amount  of  lowmem.  Lowmem is memory which can be
2446                     used for everything that highmem can be used for, but  it
2447                     is  also  available for the kernel's use for its own data
2448                     structures.  Among many other things, it is where  every‐
2449                     thing  from  Slab  is  allocated.  Bad things happen when
2450                     you're out of lowmem.
2451
2452              LowFree %lu
2453                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2454                     Amount of free lowmem.
2455
2456              MmapCopy %lu (since Linux 2.6.29)
2457                     (CONFIG_MMU is required.)  [To be documented.]
2458
2459              SwapTotal %lu
2460                     Total amount of swap space available.
2461
2462              SwapFree %lu
2463                     Amount of swap space that is currently unused.
2464
2465              Dirty %lu
2466                     Memory which is waiting to get written back to the disk.
2467
2468              Writeback %lu
2469                     Memory which is actively being written back to the disk.
2470
2471              AnonPages %lu (since Linux 2.6.18)
2472                     Non-file backed pages mapped into user-space page tables.
2473
2474              Mapped %lu
2475                     Files  which have been mapped into memory (with mmap(2)),
2476                     such as libraries.
2477
2478              Shmem %lu (since Linux 2.6.32)
2479                     Amount of memory consumed in tmpfs(5) filesystems.
2480
2481              KReclaimable %lu (since Linux 4.20)
2482                     Kernel allocations that the kernel will  attempt  to  re‐
2483                     claim  under memory pressure.  Includes SReclaimable (be‐
2484                     low), and other direct allocations with a shrinker.
2485
2486              Slab %lu
2487                     In-kernel data structures cache.  (See slabinfo(5).)
2488
2489              SReclaimable %lu (since Linux 2.6.19)
2490                     Part of Slab, that might be reclaimed, such as caches.
2491
2492              SUnreclaim %lu (since Linux 2.6.19)
2493                     Part of Slab, that cannot be reclaimed  on  memory  pres‐
2494                     sure.
2495
2496              KernelStack %lu (since Linux 2.6.32)
2497                     Amount of memory allocated to kernel stacks.
2498
2499              PageTables %lu (since Linux 2.6.18)
2500                     Amount  of  memory  dedicated to the lowest level of page
2501                     tables.
2502
2503              Quicklists %lu (since Linux 2.6.27)
2504                     (CONFIG_QUICKLIST is required.)  [To be documented.]
2505
2506              NFS_Unstable %lu (since Linux 2.6.18)
2507                     NFS pages sent to the server, but not  yet  committed  to
2508                     stable storage.
2509
2510              Bounce %lu (since Linux 2.6.18)
2511                     Memory used for block device "bounce buffers".
2512
2513              WritebackTmp %lu (since Linux 2.6.26)
2514                     Memory used by FUSE for temporary writeback buffers.
2515
2516              CommitLimit %lu (since Linux 2.6.10)
2517                     This is the total amount of memory currently available to
2518                     be allocated on the system, expressed in kilobytes.  This
2519                     limit  is adhered to only if strict overcommit accounting
2520                     is enabled (mode  2  in  /proc/sys/vm/overcommit_memory).
2521                     The  limit  is  calculated  according  to the formula de‐
2522                     scribed under /proc/sys/vm/overcommit_memory.   For  fur‐
2523                     ther  details,  see  the  kernel  source  file Documenta‐
2524                     tion/vm/overcommit-accounting.rst.
2525
2526              Committed_AS %lu
2527                     The amount of memory presently allocated on  the  system.
2528                     The  committed memory is a sum of all of the memory which
2529                     has been allocated by processes, even if it has not  been
2530                     "used" by them as of yet.  A process which allocates 1 GB
2531                     of memory (using malloc(3) or similar), but touches  only
2532                     300  MB  of that memory will show up as using only 300 MB
2533                     of memory even if it has the address space allocated  for
2534                     the entire 1 GB.
2535
2536                     This  1 GB is memory which has been "committed" to by the
2537                     VM and can be used at any time by the allocating applica‐
2538                     tion.  With strict overcommit enabled on the system (mode
2539                     2 in /proc/sys/vm/overcommit_memory),  allocations  which
2540                     would exceed the CommitLimit will not be permitted.  This
2541                     is useful if one needs to guarantee that  processes  will
2542                     not  fail due to lack of memory once that memory has been
2543                     successfully allocated.
2544
2545              VmallocTotal %lu
2546                     Total size of vmalloc memory area.
2547
2548              VmallocUsed %lu
2549                     Amount of vmalloc area which is used.  Since  Linux  4.4,
2550                     this  field is no longer calculated, and is hard coded as
2551                     0.  See /proc/vmallocinfo.
2552
2553              VmallocChunk %lu
2554                     Largest contiguous block of vmalloc area which  is  free.
2555                     Since  Linux  4.4, this field is no longer calculated and
2556                     is hard coded as 0.  See /proc/vmallocinfo.
2557
2558              HardwareCorrupted %lu (since Linux 2.6.32)
2559                     (CONFIG_MEMORY_FAILURE is required.)  [To be documented.]
2560
2561              LazyFree %lu (since Linux 4.12)
2562                     Shows  the  amount  of  memory   marked   by   madvise(2)
2563                     MADV_FREE.
2564
2565              AnonHugePages %lu (since Linux 2.6.38)
2566                     (CONFIG_TRANSPARENT_HUGEPAGE   is   required.)   Non-file
2567                     backed huge pages mapped into user-space page tables.
2568
2569              ShmemHugePages %lu (since Linux 4.8)
2570                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)   Memory  used
2571                     by shared memory (shmem) and tmpfs(5) allocated with huge
2572                     pages.
2573
2574              ShmemPmdMapped %lu (since Linux 4.8)
2575                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)  Shared memory
2576                     mapped into user space with huge pages.
2577
2578              CmaTotal %lu (since Linux 3.1)
2579                     Total  CMA  (Contiguous  Memory  Allocator) pages.  (CON‐
2580                     FIG_CMA is required.)
2581
2582              CmaFree %lu (since Linux 3.1)
2583                     Free CMA  (Contiguous  Memory  Allocator)  pages.   (CON‐
2584                     FIG_CMA is required.)
2585
2586              HugePages_Total %lu
2587                     (CONFIG_HUGETLB_PAGE  is required.)  The size of the pool
2588                     of huge pages.
2589
2590              HugePages_Free %lu
2591                     (CONFIG_HUGETLB_PAGE is required.)  The  number  of  huge
2592                     pages in the pool that are not yet allocated.
2593
2594              HugePages_Rsvd %lu (since Linux 2.6.17)
2595                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2596                     huge pages for which a commitment to  allocate  from  the
2597                     pool  has been made, but no allocation has yet been made.
2598                     These reserved huge pages guarantee that  an  application
2599                     will  be  able  to  allocate a huge page from the pool of
2600                     huge pages at fault time.
2601
2602              HugePages_Surp %lu (since Linux 2.6.24)
2603                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2604                     huge   pages   in   the   pool   above   the   value   in
2605                     /proc/sys/vm/nr_hugepages.  The maximum number of surplus
2606                     huge  pages  is  controlled  by  /proc/sys/vm/nr_overcom‐
2607                     mit_hugepages.
2608
2609              Hugepagesize %lu
2610                     (CONFIG_HUGETLB_PAGE is  required.)   The  size  of  huge
2611                     pages.
2612
2613              DirectMap4k %lu (since Linux 2.6.27)
2614                     Number  of bytes of RAM linearly mapped by kernel in 4 kB
2615                     pages.  (x86.)
2616
2617              DirectMap4M %lu (since Linux 2.6.27)
2618                     Number of bytes of RAM linearly mapped by kernel in 4  MB
2619                     pages.   (x86  with  CONFIG_X86_64  or CONFIG_X86_PAE en‐
2620                     abled.)
2621
2622              DirectMap2M %lu (since Linux 2.6.27)
2623                     Number of bytes of RAM linearly mapped by kernel in 2  MB
2624                     pages.    (x86   with   neither  CONFIG_X86_64  nor  CON‐
2625                     FIG_X86_PAE enabled.)
2626
2627              DirectMap1G %lu (since Linux 2.6.27)
2628                     (x86 with CONFIG_X86_64 and CONFIG_X86_DIRECT_GBPAGES en‐
2629                     abled.)
2630
2631       /proc/modules
2632              A  text list of the modules that have been loaded by the system.
2633              See also lsmod(8).
2634
2635       /proc/mounts
2636              Before Linux 2.4.19, this file was a list of all the filesystems
2637              currently  mounted on the system.  With the introduction of per-
2638              process  mount  namespaces  in  Linux  2.4.19  (see  mount_name‐
2639              spaces(7)),  this file became a link to /proc/self/mounts, which
2640              lists the mounts of the process's own mount namespace.  The for‐
2641              mat of this file is documented in fstab(5).
2642
2643       /proc/mtrr
2644              Memory  Type  Range Registers.  See the Linux kernel source file
2645              Documentation/x86/mtrr.rst (or Documentation/x86/mtrr.txt before
2646              Linux  5.2,  or  Documentation/mtrr.txt before Linux 2.6.28) for
2647              details.
2648
2649       /proc/net
2650              This directory contains various files  and  subdirectories  con‐
2651              taining  information about the networking layer.  The files con‐
2652              tain ASCII structures and are, therefore, readable with  cat(1).
2653              However, the standard netstat(8) suite provides much cleaner ac‐
2654              cess to these files.
2655
2656              With the advent of network namespaces, various  information  re‐
2657              lating  to  the  network stack is virtualized (see network_name‐
2658              spaces(7)).  Thus, since Linux 2.6.25, /proc/net is  a  symbolic
2659              link  to  the  directory /proc/self/net, which contains the same
2660              files and directories as listed below.  However, these files and
2661              directories  now expose information for the network namespace of
2662              which the process is a member.
2663
2664       /proc/net/arp
2665              This holds an ASCII readable dump of the kernel ARP  table  used
2666              for  address resolutions.  It will show both dynamically learned
2667              and preprogrammed ARP entries.  The format is:
2668
2669                  IP address     HW type   Flags     HW address          Mask   Device
2670                  192.168.0.50   0x1       0x2       00:50:BF:25:68:F3   *      eth0
2671                  192.168.0.250  0x1       0xc       00:00:00:00:00:00   *      eth0
2672
2673              Here "IP address" is the IPv4 address of the machine and the "HW
2674              type"  is  the  hardware  type of the address from RFC 826.  The
2675              flags are the internal flags of the ARP structure (as defined in
2676              /usr/include/linux/if_arp.h)  and  the  "HW address" is the data
2677              link layer mapping for that IP address if it is known.
2678
2679       /proc/net/dev
2680              The dev pseudo-file contains network device status  information.
2681              This  gives  the number of received and sent packets, the number
2682              of errors and collisions and other basic statistics.  These  are
2683              used  by  the  ifconfig(8) program to report device status.  The
2684              format is:
2685
2686              Inter-|   Receive                                                |  Transmit
2687               face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
2688                  lo: 2776770   11307    0    0    0     0          0         0  2776770   11307    0    0    0     0       0          0
2689                eth0: 1215645    2751    0    0    0     0          0         0  1782404    4324    0    0    0   427       0          0
2690                ppp0: 1622270    5552    1    0    0     0          0         0   354130    5669    0    0    0     0       0          0
2691                tap0:    7714      81    0    0    0     0          0         0     7714      81    0    0    0     0       0          0
2692
2693       /proc/net/dev_mcast
2694              Defined in /usr/src/linux/net/core/dev_mcast.c:
2695
2696                  indx interface_name  dmi_u dmi_g dmi_address
2697                  2    eth0            1     0     01005e000001
2698                  3    eth1            1     0     01005e000001
2699                  4    eth2            1     0     01005e000001
2700
2701       /proc/net/igmp
2702              Internet    Group    Management    Protocol.      Defined     in
2703              /usr/src/linux/net/core/igmp.c.
2704
2705       /proc/net/rarp
2706              This  file uses the same format as the arp file and contains the
2707              current reverse mapping database used to provide rarp(8) reverse
2708              address  lookup  services.   If  RARP is not configured into the
2709              kernel, this file will not be present.
2710
2711       /proc/net/raw
2712              Holds a dump of the RAW socket table.  Much of  the  information
2713              is  not of use apart from debugging.  The "sl" value is the ker‐
2714              nel hash slot for the socket, the "local_address" is  the  local
2715              address  and  protocol number pair.  "St" is the internal status
2716              of the socket.  The "tx_queue" and "rx_queue" are  the  outgoing
2717              and  incoming  data  queue in terms of kernel memory usage.  The
2718              "tr", "tm->when", and "rexmits" fields are not used by RAW.  The
2719              "uid"  field  holds  the  effective  UID  of  the creator of the
2720              socket.
2721
2722       /proc/net/snmp
2723              This file holds the ASCII data needed for the IP, ICMP, TCP, and
2724              UDP management information bases for an SNMP agent.
2725
2726       /proc/net/tcp
2727              Holds  a  dump of the TCP socket table.  Much of the information
2728              is not of use apart from debugging.  The "sl" value is the  ker‐
2729              nel  hash  slot for the socket, the "local_address" is the local
2730              address and port number pair.  The "rem_address" is  the  remote
2731              address and port number pair (if connected).  "St" is the inter‐
2732              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2733              outgoing  and  incoming data queue in terms of kernel memory us‐
2734              age.  The "tr", "tm->when", and "rexmits" fields  hold  internal
2735              information  of  the kernel socket state and are useful only for
2736              debugging.  The "uid" field holds the effective UID of the  cre‐
2737              ator of the socket.
2738
2739       /proc/net/udp
2740              Holds  a  dump of the UDP socket table.  Much of the information
2741              is not of use apart from debugging.  The "sl" value is the  ker‐
2742              nel  hash  slot for the socket, the "local_address" is the local
2743              address and port number pair.  The "rem_address" is  the  remote
2744              address and port number pair (if connected).  "St" is the inter‐
2745              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2746              outgoing  and  incoming data queue in terms of kernel memory us‐
2747              age.  The "tr", "tm->when", and "rexmits" fields are not used by
2748              UDP.   The "uid" field holds the effective UID of the creator of
2749              the socket.  The format is:
2750
2751              sl  local_address rem_address   st tx_queue rx_queue tr rexmits  tm->when uid
2752               1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
2753               1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
2754               1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
2755
2756       /proc/net/unix
2757              Lists the UNIX domain sockets  present  within  the  system  and
2758              their status.  The format is:
2759
2760              Num RefCount Protocol Flags    Type St Inode Path
2761               0: 00000002 00000000 00000000 0001 03    42
2762               1: 00000001 00000000 00010000 0001 01  1948 /dev/printer
2763
2764              The fields are as follows:
2765
2766              Num:      the kernel table slot number.
2767
2768              RefCount: the number of users of the socket.
2769
2770              Protocol: currently always 0.
2771
2772              Flags:    the  internal  kernel  flags holding the status of the
2773                        socket.
2774
2775              Type:     the socket type.  For  SOCK_STREAM  sockets,  this  is
2776                        0001;  for  SOCK_DGRAM  sockets,  it  is 0002; and for
2777                        SOCK_SEQPACKET sockets, it is 0005.
2778
2779              St:       the internal state of the socket.
2780
2781              Inode:    the inode number of the socket.
2782
2783              Path:     the bound pathname (if any) of the socket.  Sockets in
2784                        the  abstract  namespace are included in the list, and
2785                        are shown with a Path that commences with the  charac‐
2786                        ter '@'.
2787
2788       /proc/net/netfilter/nfnetlink_queue
2789              This file contains information about netfilter user-space queue‐
2790              ing, if used.  Each line represents a queue.  Queues  that  have
2791              not been subscribed to by user space are not shown.
2792
2793                     1   4207     0  2 65535     0     0        0  1
2794                    (1)   (2)    (3)(4)  (5)    (6)   (7)      (8)
2795
2796              The fields in each line are:
2797
2798              (1)  The ID of the queue.  This matches what is specified in the
2799                   --queue-num or --queue-balance options to  the  iptables(8)
2800                   NFQUEUE target.  See iptables-extensions(8) for more infor‐
2801                   mation.
2802
2803              (2)  The netlink port ID subscribed to the queue.
2804
2805              (3)  The number of packets currently queued and  waiting  to  be
2806                   processed by the application.
2807
2808              (4)  The copy mode of the queue.  It is either 1 (metadata only)
2809                   or 2 (also copy payload data to user space).
2810
2811              (5)  Copy range; that is,  how  many  bytes  of  packet  payload
2812                   should be copied to user space at most.
2813
2814              (6)  queue dropped.  Number of packets that had to be dropped by
2815                   the kernel because too many packets are already waiting for
2816                   user space to send back the mandatory accept/drop verdicts.
2817
2818              (7)  queue  user  dropped.   Number of packets that were dropped
2819                   within the netlink subsystem.  Such  drops  usually  happen
2820                   when the corresponding socket buffer is full; that is, user
2821                   space is not able to read messages fast enough.
2822
2823              (8)  sequence number.  Every queued packet is associated with  a
2824                   (32-bit)  monotonically  increasing  sequence number.  This
2825                   shows the ID of the most recent packet queued.
2826
2827              The last number exists only for compatibility reasons and is al‐
2828              ways 1.
2829
2830       /proc/partitions
2831              Contains  the  major and minor numbers of each partition as well
2832              as the number of 1024-byte blocks and the partition name.
2833
2834       /proc/pci
2835              This is a listing of all PCI devices found  during  kernel  ini‐
2836              tialization and their configuration.
2837
2838              This  file has been deprecated in favor of a new /proc interface
2839              for PCI  (/proc/bus/pci).   It  became  optional  in  Linux  2.2
2840              (available  with CONFIG_PCI_OLD_PROC set at kernel compilation).
2841              It became once more nonoptionally enabled in Linux  2.4.   Next,
2842              it  was  deprecated  in  Linux  2.6  (still  available with CON‐
2843              FIG_PCI_LEGACY_PROC set), and finally removed  altogether  since
2844              Linux 2.6.17.
2845
2846       /proc/profile (since Linux 2.4)
2847              This file is present only if the kernel was booted with the pro‐
2848              file=1 command-line option.  It exposes kernel profiling  infor‐
2849              mation  in  a  binary format for use by readprofile(1).  Writing
2850              (e.g., an empty string) to this file resets the profiling  coun‐
2851              ters; on some architectures, writing a binary integer "profiling
2852              multiplier" of size sizeof(int)  sets  the  profiling  interrupt
2853              frequency.
2854
2855       /proc/scsi
2856              A directory with the scsi mid-level pseudo-file and various SCSI
2857              low-level driver directories, which contain a file for each SCSI
2858              host  in  this system, all of which give the status of some part
2859              of the SCSI IO subsystem.  These files contain ASCII  structures
2860              and are, therefore, readable with cat(1).
2861
2862              You  can also write to some of the files to reconfigure the sub‐
2863              system or switch certain features on or off.
2864
2865       /proc/scsi/scsi
2866              This is a listing of all SCSI devices known to the kernel.   The
2867              listing  is  similar  to  the one seen during bootup.  scsi cur‐
2868              rently supports only the add-single-device command which  allows
2869              root to add a hotplugged device to the list of known devices.
2870
2871              The command
2872
2873                  echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
2874
2875              will  cause host scsi1 to scan on SCSI channel 0 for a device on
2876              ID 5 LUN 0.  If there is already a device known on this  address
2877              or the address is invalid, an error will be returned.
2878
2879       /proc/scsi/drivername
2880              drivername   can   currently  be  NCR53c7xx,  aha152x,  aha1542,
2881              aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
2882              pas16,  qlogic,  scsi_debug, seagate, t128, u15-24f, ultrastore,
2883              or wd7000.  These directories show up for all drivers that  reg‐
2884              istered  at  least  one  SCSI HBA.  Every directory contains one
2885              file per registered host.  Every host-file is  named  after  the
2886              number the host was assigned during initialization.
2887
2888              Reading these files will usually show driver and host configura‐
2889              tion, statistics, and so on.
2890
2891              Writing to these files  allows  different  things  on  different
2892              hosts.   For  example,  with the latency and nolatency commands,
2893              root can switch on and off command latency measurement  code  in
2894              the  eata_dma driver.  With the lockup and unlock commands, root
2895              can control bus lockups simulated by the scsi_debug driver.
2896
2897       /proc/self
2898              This  directory  refers  to  the  process  accessing  the  /proc
2899              filesystem, and is identical to the /proc directory named by the
2900              process ID of the same process.
2901
2902       /proc/slabinfo
2903              Information about kernel caches.  See slabinfo(5) for details.
2904
2905       /proc/stat
2906              kernel/system statistics.  Varies with architecture.  Common en‐
2907              tries include:
2908
2909              cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
2910              cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
2911                     The   amount  of  time,  measured  in  units  of  USER_HZ
2912                     (1/100ths  of  a  second  on  most   architectures,   use
2913                     sysconf(_SC_CLK_TCK) to obtain the right value), that the
2914                     system ("cpu" line) or the  specific  CPU  ("cpuN"  line)
2915                     spent in various states:
2916
2917                     user   (1) Time spent in user mode.
2918
2919                     nice   (2)  Time  spent  in  user  mode with low priority
2920                            (nice).
2921
2922                     system (3) Time spent in system mode.
2923
2924                     idle   (4) Time spent  in  the  idle  task.   This  value
2925                            should  be  USER_HZ  times the second entry in the
2926                            /proc/uptime pseudo-file.
2927
2928                     iowait (since Linux 2.5.41)
2929                            (5) Time waiting for I/O to complete.  This  value
2930                            is not reliable, for the following reasons:
2931
2932                            •  The  CPU  will  not  wait  for I/O to complete;
2933                               iowait is the time that a task is  waiting  for
2934                               I/O  to  complete.   When  a CPU goes into idle
2935                               state for outstanding task  I/O,  another  task
2936                               will be scheduled on this CPU.
2937
2938                            •  On  a  multi-core CPU, the task waiting for I/O
2939                               to complete is not running on any CPU,  so  the
2940                               iowait of each CPU is difficult to calculate.
2941
2942                            •  The value in this field may decrease in certain
2943                               conditions.
2944
2945                     irq (since Linux 2.6.0)
2946                            (6) Time servicing interrupts.
2947
2948                     softirq (since Linux 2.6.0)
2949                            (7) Time servicing softirqs.
2950
2951                     steal (since Linux 2.6.11)
2952                            (8) Stolen time, which is the time spent in  other
2953                            operating  systems  when  running in a virtualized
2954                            environment
2955
2956                     guest (since Linux 2.6.24)
2957                            (9) Time spent running a virtual CPU for guest op‐
2958                            erating  systems  under  the  control of the Linux
2959                            kernel.
2960
2961                     guest_nice (since Linux 2.6.33)
2962                            (10) Time spent running a niced guest (virtual CPU
2963                            for  guest  operating systems under the control of
2964                            the Linux kernel).
2965
2966              page 5741 1808
2967                     The number of pages the system paged in  and  the  number
2968                     that were paged out (from disk).
2969
2970              swap 1 0
2971                     The  number  of  swap pages that have been brought in and
2972                     out.
2973
2974              intr 1462898
2975                     This line shows counts of interrupts serviced since  boot
2976                     time,  for  each  of the possible system interrupts.  The
2977                     first column is the total of all interrupts serviced  in‐
2978                     cluding unnumbered architecture specific interrupts; each
2979                     subsequent column is the total for that  particular  num‐
2980                     bered  interrupt.   Unnumbered  interrupts are not shown,
2981                     only summed into the total.
2982
2983              disk_io: (2,0):(31,30,5764,1,2) (3,0):...
2984                     (major,disk_idx):(noinfo,     read_io_ops,     blks_read,
2985                     write_io_ops, blks_written)
2986                     (Linux 2.4 only)
2987
2988              ctxt 115315
2989                     The number of context switches that the system underwent.
2990
2991              btime 769041601
2992                     boot   time,  in  seconds  since  the  Epoch,  1970-01-01
2993                     00:00:00 +0000 (UTC).
2994
2995              processes 86031
2996                     Number of forks since boot.
2997
2998              procs_running 6
2999                     Number of processes in runnable state.  (Linux 2.5.45 on‐
3000                     ward.)
3001
3002              procs_blocked 2
3003                     Number  of processes blocked waiting for I/O to complete.
3004                     (Linux 2.5.45 onward.)
3005
3006              softirq 229245889 94 60001584 13619 5175704 2471304 28  51212741
3007              59130143 0 51240672
3008                     This  line shows the number of softirq for all CPUs.  The
3009                     first column is the total of all softirqs and each subse‐
3010                     quent column is the total for particular softirq.  (Linux
3011                     2.6.31 onward.)
3012
3013       /proc/swaps
3014              Swap areas in use.  See also swapon(8).
3015
3016       /proc/sys
3017              This directory (present since Linux 1.3.57) contains a number of
3018              files  and  subdirectories  corresponding  to  kernel variables.
3019              These variables can be read and in some cases modified using the
3020              /proc filesystem, and the (deprecated) sysctl(2) system call.
3021
3022              String values may be terminated by either '\0' or '\n'.
3023
3024              Integer  and  long values may be written either in decimal or in
3025              hexadecimal notation (e.g., 0x3FFF).  When writing multiple  in‐
3026              teger  or long values, these may be separated by any of the fol‐
3027              lowing whitespace characters: ' ', '\t', or '\n'.   Using  other
3028              separators leads to the error EINVAL.
3029
3030       /proc/sys/abi (since Linux 2.4.10)
3031              This  directory may contain files with application binary infor‐
3032              mation.   See  the   Linux   kernel   source   file   Documenta‐
3033              tion/sysctl/abi.rst   (or   Documentation/sysctl/abi.txt  before
3034              Linux 5.3) for more information.
3035
3036       /proc/sys/debug
3037              This directory may be empty.
3038
3039       /proc/sys/dev
3040              This  directory  contains  device-specific  information   (e.g.,
3041              dev/cdrom/info).  On some systems, it may be empty.
3042
3043       /proc/sys/fs
3044              This  directory contains the files and subdirectories for kernel
3045              variables related to filesystems.
3046
3047       /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr (since Linux 2.6.4)
3048              aio-nr is the running total of the number of events specified by
3049              io_setup(2)  calls  for  all  currently active AIO contexts.  If
3050              aio-nr reaches aio-max-nr, then io_setup(2) will fail  with  the
3051              error  EAGAIN.  Raising aio-max-nr does not result in the preal‐
3052              location or resizing of any kernel data structures.
3053
3054       /proc/sys/fs/binfmt_misc
3055              Documentation for files in this directory can be  found  in  the
3056              Linux    kernel    source    in   the   file   Documentation/ad‐
3057              min-guide/binfmt-misc.rst (or  in  Documentation/binfmt_misc.txt
3058              on older kernels).
3059
3060       /proc/sys/fs/dentry-state (since Linux 2.2)
3061              This file contains information about the status of the directory
3062              cache (dcache).   The  file  contains  six  numbers,  nr_dentry,
3063              nr_unused,  age_limit  (age  in  seconds), want_pages (pages re‐
3064              quested by system) and two dummy values.
3065
3066              •  nr_dentry is the number of  allocated  dentries  (dcache  en‐
3067                 tries).  This field is unused in Linux 2.2.
3068
3069              •  nr_unused is the number of unused dentries.
3070
3071              •  age_limit  is  the  age in seconds after which dcache entries
3072                 can be reclaimed when memory is short.
3073
3074              •  want_pages  is   nonzero   when   the   kernel   has   called
3075                 shrink_dcache_pages() and the dcache isn't pruned yet.
3076
3077       /proc/sys/fs/dir-notify-enable
3078              This file can be used to disable or enable the dnotify interface
3079              described in fcntl(2) on a system-wide basis.  A value of  0  in
3080              this file disables the interface, and a value of 1 enables it.
3081
3082       /proc/sys/fs/dquot-max
3083              This file shows the maximum number of cached disk quota entries.
3084              On some (2.4) systems, it is not present.  If the number of free
3085              cached  disk quota entries is very low and you have some awesome
3086              number of simultaneous system users, you might want to raise the
3087              limit.
3088
3089       /proc/sys/fs/dquot-nr
3090              This  file  shows the number of allocated disk quota entries and
3091              the number of free disk quota entries.
3092
3093       /proc/sys/fs/epoll (since Linux 2.6.28)
3094              This directory contains the file max_user_watches, which can  be
3095              used  to limit the amount of kernel memory consumed by the epoll
3096              interface.  For further details, see epoll(7).
3097
3098       /proc/sys/fs/file-max
3099              This file defines a system-wide limit  on  the  number  of  open
3100              files for all processes.  System calls that fail when encounter‐
3101              ing this limit fail with the  error  ENFILE.   (See  also  setr‐
3102              limit(2),  which can be used by a process to set the per-process
3103              limit, RLIMIT_NOFILE, on the number of files it may  open.)   If
3104              you  get  lots of error messages in the kernel log about running
3105              out of file handles (open file  descriptions)  (look  for  "VFS:
3106              file-max limit <number> reached"), try increasing this value:
3107
3108                  echo 100000 > /proc/sys/fs/file-max
3109
3110              Privileged  processes  (CAP_SYS_ADMIN) can override the file-max
3111              limit.
3112
3113       /proc/sys/fs/file-nr
3114              This (read-only) file contains three numbers: the number of  al‐
3115              located  file  handles  (i.e.,  the number of open file descrip‐
3116              tions; see open(2)); the number of free file  handles;  and  the
3117              maximum  number  of  file  handles  (i.e.,  the  same  value  as
3118              /proc/sys/fs/file-max).  If the number of allocated file handles
3119              is close to the maximum, you should consider increasing the max‐
3120              imum.  Before Linux 2.6, the kernel allocated file  handles  dy‐
3121              namically, but it didn't free them again.  Instead the free file
3122              handles were kept in a list for  reallocation;  the  "free  file
3123              handles"  value indicates the size of that list.  A large number
3124              of free file handles indicates that there was a past peak in the
3125              usage  of  open  file handles.  Since Linux 2.6, the kernel does
3126              deallocate freed file handles, and the "free file handles" value
3127              is always zero.
3128
3129       /proc/sys/fs/inode-max (only present until Linux 2.2)
3130              This file contains the maximum number of in-memory inodes.  This
3131              value should be 3–4 times larger than  the  value  in  file-max,
3132              since  stdin,  stdout  and network sockets also need an inode to
3133              handle them.  When you regularly run out of inodes, you need  to
3134              increase this value.
3135
3136              Starting  with  Linux  2.4, there is no longer a static limit on
3137              the number of inodes, and this file is removed.
3138
3139       /proc/sys/fs/inode-nr
3140              This file contains the first two values from inode-state.
3141
3142       /proc/sys/fs/inode-state
3143              This file contains  seven  numbers:  nr_inodes,  nr_free_inodes,
3144              preshrink, and four dummy values (always zero).
3145
3146              nr_inodes  is  the  number  of  inodes the system has allocated.
3147              nr_free_inodes represents the number of free inodes.
3148
3149              preshrink is nonzero when the nr_inodes > inode-max and the sys‐
3150              tem  needs  to  prune the inode list instead of allocating more;
3151              since Linux 2.4, this field is a dummy value (always zero).
3152
3153       /proc/sys/fs/inotify (since Linux 2.6.13)
3154              This directory contains  files  max_queued_events,  max_user_in‐
3155              stances,  and  max_user_watches,  that  can be used to limit the
3156              amount of kernel memory consumed by the inotify interface.   For
3157              further details, see inotify(7).
3158
3159       /proc/sys/fs/lease-break-time
3160              This file specifies the grace period that the kernel grants to a
3161              process holding a file lease (fcntl(2)) after it has sent a sig‐
3162              nal to that process notifying it that another process is waiting
3163              to open the file.  If the lease holder does not remove or  down‐
3164              grade  the  lease  within this grace period, the kernel forcibly
3165              breaks the lease.
3166
3167       /proc/sys/fs/leases-enable
3168              This file can be used to enable  or  disable  file  leases  (fc‐
3169              ntl(2)) on a system-wide basis.  If this file contains the value
3170              0, leases are disabled.  A nonzero value enables leases.
3171
3172       /proc/sys/fs/mount-max (since Linux 4.9)
3173              The value in this file specifies the maximum  number  of  mounts
3174              that  may exist in a mount namespace.  The default value in this
3175              file is 100,000.
3176
3177       /proc/sys/fs/mqueue (since Linux 2.6.6)
3178              This  directory  contains  files   msg_max,   msgsize_max,   and
3179              queues_max,  controlling  the  resources  used  by POSIX message
3180              queues.  See mq_overview(7) for details.
3181
3182       /proc/sys/fs/nr_open (since Linux 2.6.25)
3183              This  file  imposes  a  ceiling  on  the  value  to  which   the
3184              RLIMIT_NOFILE  resource  limit can be raised (see getrlimit(2)).
3185              This ceiling is enforced for both  unprivileged  and  privileged
3186              process.   The  default  value in this file is 1048576.  (Before
3187              Linux 2.6.25, the ceiling for RLIMIT_NOFILE  was  hard-coded  to
3188              the same value.)
3189
3190       /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
3191              These  files  allow you to change the value of the fixed UID and
3192              GID.  The default  is  65534.   Some  filesystems  support  only
3193              16-bit  UIDs  and  GIDs,  although in Linux UIDs and GIDs are 32
3194              bits.  When one of these filesystems is mounted with writes  en‐
3195              abled,  any  UID or GID that would exceed 65535 is translated to
3196              the overflow value before being written to disk.
3197
3198       /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
3199              See pipe(7).
3200
3201       /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
3202              See pipe(7).
3203
3204       /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
3205              See pipe(7).
3206
3207       /proc/sys/fs/protected_fifos (since Linux 4.19)
3208              The value in this file is/can be set to one of the following:
3209
3210              0   Writing to FIFOs is unrestricted.
3211
3212              1   Don't allow O_CREAT open(2) on FIFOs that the caller doesn't
3213                  own in world-writable sticky directories, unless the FIFO is
3214                  owned by the owner of the directory.
3215
3216              2   As for the value 1, but  the  restriction  also  applies  to
3217                  group-writable sticky directories.
3218
3219              The  intent  of  the above protections is to avoid unintentional
3220              writes to an attacker-controlled FIFO when a program expected to
3221              create a regular file.
3222
3223       /proc/sys/fs/protected_hardlinks (since Linux 3.6)
3224              When  the value in this file is 0, no restrictions are placed on
3225              the creation of hard links (i.e., this is the historical  behav‐
3226              ior before Linux 3.6).  When the value in this file is 1, a hard
3227              link can be created to a target file only if one of the  follow‐
3228              ing conditions is true:
3229
3230              •  The calling process has the CAP_FOWNER capability in its user
3231                 namespace and the file UID has a mapping in the namespace.
3232
3233              •  The filesystem UID of the process creating the  link  matches
3234                 the  owner  (UID) of the target file (as described in creden‐
3235                 tials(7), a process's filesystem UID is normally the same  as
3236                 its effective UID).
3237
3238              •  All of the following conditions are true:
3239
3240                  •  the target is a regular file;
3241
3242                  •  the  target  file  does not have its set-user-ID mode bit
3243                     enabled;
3244
3245                  •  the target file does not have both its  set-group-ID  and
3246                     group-executable mode bits enabled; and
3247
3248                  •  the  caller  has  permission to read and write the target
3249                     file (either via the file's permissions mask  or  because
3250                     it has suitable capabilities).
3251
3252              The  default  value  in  this file is 0.  Setting the value to 1
3253              prevents a longstanding class of security issues caused by hard-
3254              link-based  time-of-check, time-of-use races, most commonly seen
3255              in world-writable directories such as /tmp.  The  common  method
3256              of  exploiting  this  flaw is to cross privilege boundaries when
3257              following a given hard link (i.e., a root process follows a hard
3258              link created by another user).  Additionally, on systems without
3259              separated partitions, this stops unauthorized users  from  "pin‐
3260              ning"  vulnerable set-user-ID and set-group-ID files against be‐
3261              ing upgraded by the administrator, or linking to special files.
3262
3263       /proc/sys/fs/protected_regular (since Linux 4.19)
3264              The value in this file is/can be set to one of the following:
3265
3266              0   Writing to regular files is unrestricted.
3267
3268              1   Don't allow O_CREAT open(2) on regular files that the caller
3269                  doesn't own in world-writable sticky directories, unless the
3270                  regular file is owned by the owner of the directory.
3271
3272              2   As for the value 1, but  the  restriction  also  applies  to
3273                  group-writable sticky directories.
3274
3275              The  intent of the above protections is similar to protected_fi‐
3276              fos, but allows an application to avoid writes to  an  attacker-
3277              controlled  regular file, where the application expected to cre‐
3278              ate one.
3279
3280       /proc/sys/fs/protected_symlinks (since Linux 3.6)
3281              When the value in this file is 0, no restrictions are placed  on
3282              following  symbolic links (i.e., this is the historical behavior
3283              before Linux 3.6).  When the value in this file is  1,  symbolic
3284              links are followed only in the following circumstances:
3285
3286              •  the  filesystem UID of the process following the link matches
3287                 the owner (UID) of the symbolic link (as described in creden‐
3288                 tials(7),  a process's filesystem UID is normally the same as
3289                 its effective UID);
3290
3291              •  the link is not in a sticky world-writable directory; or
3292
3293              •  the symbolic link and its  parent  directory  have  the  same
3294                 owner (UID)
3295
3296              A  system  call  that fails to follow a symbolic link because of
3297              the above restrictions returns the error EACCES in errno.
3298
3299              The default value in this file is 0.  Setting  the  value  to  1
3300              avoids a longstanding class of security issues based on time-of-
3301              check, time-of-use races when accessing symbolic links.
3302
3303       /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
3304              The value in this file is assigned  to  a  process's  "dumpable"
3305              flag in the circumstances described in prctl(2).  In effect, the
3306              value in this file determines whether core dump files  are  pro‐
3307              duced  for  set-user-ID or otherwise protected/tainted binaries.
3308              The "dumpable" setting also affects the ownership of files in  a
3309              process's /proc/pid directory, as described above.
3310
3311              Three different integer values can be specified:
3312
3313              0 (default)
3314                     This  provides  the traditional (pre-Linux 2.6.13) behav‐
3315                     ior.  A core dump will not  be  produced  for  a  process
3316                     which  has  changed  credentials  (by calling seteuid(2),
3317                     setgid(2), or similar, or by executing a  set-user-ID  or
3318                     set-group-ID  program) or whose binary does not have read
3319                     permission enabled.
3320
3321              1 ("debug")
3322                     All processes dump core when possible.   (Reasons  why  a
3323                     process might nevertheless not dump core are described in
3324                     core(5).)  The core dump is owned by the filesystem  user
3325                     ID  of  the  dumping  process and no security is applied.
3326                     This is intended for system  debugging  situations  only:
3327                     this  mode  is  insecure  because  it allows unprivileged
3328                     users to examine the memory contents of  privileged  pro‐
3329                     cesses.
3330
3331              2 ("suidsafe")
3332                     Any  binary  which  normally would not be dumped (see "0"
3333                     above) is dumped readable by root only.  This allows  the
3334                     user  to  remove  the  core dump file but not to read it.
3335                     For security reasons core dumps in  this  mode  will  not
3336                     overwrite  one  another or other files.  This mode is ap‐
3337                     propriate when administrators  are  attempting  to  debug
3338                     problems in a normal environment.
3339
3340                     Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
3341                     tern must either be an absolute pathname or a  pipe  com‐
3342                     mand,  as  detailed in core(5).  Warnings will be written
3343                     to the kernel log if core_pattern does not  follow  these
3344                     rules, and no core dump will be produced.
3345
3346              For  details  of the effect of a process's "dumpable" setting on
3347              ptrace access mode checking, see ptrace(2).
3348
3349       /proc/sys/fs/super-max
3350              This file controls the maximum number of superblocks,  and  thus
3351              the  maximum  number of mounted filesystems the kernel can have.
3352              You need increase only super-max  if  you  need  to  mount  more
3353              filesystems than the current value in super-max allows you to.
3354
3355       /proc/sys/fs/super-nr
3356              This file contains the number of filesystems currently mounted.
3357
3358       /proc/sys/kernel
3359              This  directory contains files controlling a range of kernel pa‐
3360              rameters, as described below.
3361
3362       /proc/sys/kernel/acct
3363              This file contains three numbers: highwater, lowwater, and  fre‐
3364              quency.   If BSD-style process accounting is enabled, these val‐
3365              ues control its behavior.  If free space on filesystem where the
3366              log  lives goes below lowwater percent, accounting suspends.  If
3367              free space gets above  highwater  percent,  accounting  resumes.
3368              frequency  determines  how often the kernel checks the amount of
3369              free space (value is in seconds).  Default values are 4, 2,  and
3370              30.   That  is,  suspend accounting if 2% or less space is free;
3371              resume it if 4% or more  space  is  free;  consider  information
3372              about amount of free space valid for 30 seconds.
3373
3374       /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to Linux 3.18)
3375              From  Linux  2.6.27 to Linux 3.18, this file was used to control
3376              recomputing of the value in /proc/sys/kernel/msgmni upon the ad‐
3377              dition  or  removal of memory or upon IPC namespace creation/re‐
3378              moval.  Echoing "1" into this file enabled msgmni automatic  re‐
3379              computing  (and triggered a recomputation of msgmni based on the
3380              current amount of available  memory  and  number  of  IPC  name‐
3381              spaces).   Echoing  "0"  disabled automatic recomputing.  (Auto‐
3382              matic recomputing was also disabled if a  value  was  explicitly
3383              assigned  to  /proc/sys/kernel/msgmni.)   The  default  value in
3384              auto_msgmni was 1.
3385
3386              Since Linux 3.19, the content of this file has  no  effect  (be‐
3387              cause  msgmni  defaults to near the maximum value possible), and
3388              reads from this file always return the value "0".
3389
3390       /proc/sys/kernel/cap_last_cap (since Linux 3.2)
3391              See capabilities(7).
3392
3393       /proc/sys/kernel/cap-bound (from Linux 2.2 to Linux 2.6.24)
3394              This file holds the value of the kernel capability bounding  set
3395              (expressed  as  a  signed  decimal  number).   This set is ANDed
3396              against the capabilities  permitted  to  a  process  during  ex‐
3397              ecve(2).  Starting with Linux 2.6.25, the system-wide capability
3398              bounding set disappeared,  and  was  replaced  by  a  per-thread
3399              bounding set; see capabilities(7).
3400
3401       /proc/sys/kernel/core_pattern
3402              See core(5).
3403
3404       /proc/sys/kernel/core_pipe_limit
3405              See core(5).
3406
3407       /proc/sys/kernel/core_uses_pid
3408              See core(5).
3409
3410       /proc/sys/kernel/ctrl-alt-del
3411              This  file  controls  the handling of Ctrl-Alt-Del from the key‐
3412              board.  When the value  in  this  file  is  0,  Ctrl-Alt-Del  is
3413              trapped  and  sent  to  the init(1) program to handle a graceful
3414              restart.  When the value is greater than zero, Linux's  reaction
3415              to  a Vulcan Nerve Pinch (tm) will be an immediate reboot, with‐
3416              out even syncing its dirty buffers.  Note: when a program  (like
3417              dosemu)  has the keyboard in "raw" mode, the ctrl-alt-del is in‐
3418              tercepted by the program before it ever reaches the  kernel  tty
3419              layer, and it's up to the program to decide what to do with it.
3420
3421       /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
3422              The value in this file determines who can see kernel syslog con‐
3423              tents.  A value of 0 in this file imposes no  restrictions.   If
3424              the  value  is 1, only privileged users can read the kernel sys‐
3425              log.  (See syslog(2) for more details.)  Since Linux  3.4,  only
3426              users  with the CAP_SYS_ADMIN capability may change the value in
3427              this file.
3428
3429       /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
3430              can be used to set the NIS/YP domainname  and  the  hostname  of
3431              your  box  in exactly the same way as the commands domainname(1)
3432              and hostname(1), that is:
3433
3434                  # echo 'darkstar' > /proc/sys/kernel/hostname
3435                  # echo 'mydomain' > /proc/sys/kernel/domainname
3436
3437              has the same effect as
3438
3439                  # hostname 'darkstar'
3440                  # domainname 'mydomain'
3441
3442              Note, however, that the classic darkstar.frop.org has the  host‐
3443              name "darkstar" and DNS (Internet Domain Name Server) domainname
3444              "frop.org", not to be confused with the NIS (Network Information
3445              Service)  or  YP  (Yellow  Pages)  domainname.  These two domain
3446              names are in general different.  For a detailed  discussion  see
3447              the hostname(1) man page.
3448
3449       /proc/sys/kernel/hotplug
3450              This  file  contains  the pathname for the hotplug policy agent.
3451              The default value in this file is /sbin/hotplug.
3452
3453       /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
3454              (PowerPC only) If this file is set to a nonzero value, the  Pow‐
3455              erPC  htab  (see kernel file Documentation/powerpc/ppc_htab.txt)
3456              is pruned each time the system hits the idle loop.
3457
3458       /proc/sys/kernel/keys/*
3459              This directory contains various files that define parameters and
3460              limits  for  the  key-management  facility.  These files are de‐
3461              scribed in keyrings(7).
3462
3463       /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
3464              The value in this file determines whether kernel  addresses  are
3465              exposed  via  /proc files and other interfaces.  A value of 0 in
3466              this file imposes no restrictions.  If the value  is  1,  kernel
3467              pointers printed using the %pK format specifier will be replaced
3468              with zeros unless the user has the  CAP_SYSLOG  capability.   If
3469              the  value  is  2,  kernel pointers printed using the %pK format
3470              specifier will be replaced with zeros regardless of  the  user's
3471              capabilities.   The  initial  default value for this file was 1,
3472              but the default was changed to 0 in Linux 2.6.39.   Since  Linux
3473              3.4, only users with the CAP_SYS_ADMIN capability can change the
3474              value in this file.
3475
3476       /proc/sys/kernel/l2cr
3477              (PowerPC only) This file contains a flag that  controls  the  L2
3478              cache of G3 processor boards.  If 0, the cache is disabled.  En‐
3479              abled if nonzero.
3480
3481       /proc/sys/kernel/modprobe
3482              This file contains the pathname for the  kernel  module  loader.
3483              The  default  value is /sbin/modprobe.  The file is present only
3484              if the kernel is built with the CONFIG_MODULES  (CONFIG_KMOD  in
3485              Linux  2.6.26  and  earlier) option enabled.  It is described by
3486              the Linux kernel  source  file  Documentation/kmod.txt  (present
3487              only in Linux 2.4 and earlier).
3488
3489       /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
3490              A toggle value indicating if modules are allowed to be loaded in
3491              an otherwise modular kernel.  This toggle defaults to  off  (0),
3492              but  can  be  set  true  (1).  Once true, modules can be neither
3493              loaded nor unloaded, and the toggle cannot be set back to false.
3494              The  file  is  present only if the kernel is built with the CON‐
3495              FIG_MODULES option enabled.
3496
3497       /proc/sys/kernel/msgmax (since Linux 2.2)
3498              This file defines a system-wide  limit  specifying  the  maximum
3499              number  of  bytes in a single message written on a System V mes‐
3500              sage queue.
3501
3502       /proc/sys/kernel/msgmni (since Linux 2.4)
3503              This file defines the system-wide limit on the number of message
3504              queue identifiers.  See also /proc/sys/kernel/auto_msgmni.
3505
3506       /proc/sys/kernel/msgmnb (since Linux 2.2)
3507              This file defines a system-wide parameter used to initialize the
3508              msg_qbytes setting for subsequently created message queues.  The
3509              msg_qbytes  setting  specifies  the maximum number of bytes that
3510              may be written to the message queue.
3511
3512       /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
3513              This is a read-only file that displays the upper  limit  on  the
3514              number of a process's group memberships.
3515
3516       /proc/sys/kernel/ns_last_pid (since Linux 3.3)
3517              See pid_namespaces(7).
3518
3519       /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
3520              These files give substrings of /proc/version.
3521
3522       /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
3523              These  files  duplicate  the  files /proc/sys/fs/overflowgid and
3524              /proc/sys/fs/overflowuid.
3525
3526       /proc/sys/kernel/panic
3527              This  file  gives  read/write  access  to  the  kernel  variable
3528              panic_timeout.   If  this  is  zero,  the  kernel will loop on a
3529              panic; if nonzero, it indicates that the kernel  should  autore‐
3530              boot  after  this  number of seconds.  When you use the software
3531              watchdog device driver, the recommended setting is 60.
3532
3533       /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
3534              This file controls the kernel's behavior when an oops or BUG  is
3535              encountered.   If this file contains 0, then the system tries to
3536              continue operation.  If it contains 1, then the system delays  a
3537              few  seconds  (to give klogd time to record the oops output) and
3538              then panics.  If the /proc/sys/kernel/panic file  is  also  non‐
3539              zero, then the machine will be rebooted.
3540
3541       /proc/sys/kernel/pid_max (since Linux 2.5.34)
3542              This  file  specifies the value at which PIDs wrap around (i.e.,
3543              the value in this file is one greater  than  the  maximum  PID).
3544              PIDs  greater than this value are not allocated; thus, the value
3545              in this file also acts as a system-wide limit on the total  num‐
3546              ber  of processes and threads.  The default value for this file,
3547              32768, results in the same range of PIDs as on earlier  kernels.
3548              On 32-bit platforms, 32768 is the maximum value for pid_max.  On
3549              64-bit systems, pid_max can be set  to  any  value  up  to  2^22
3550              (PID_MAX_LIMIT, approximately 4 million).
3551
3552       /proc/sys/kernel/powersave-nap (PowerPC only)
3553              This file contains a flag.  If set, Linux-PPC will use the "nap"
3554              mode of powersaving, otherwise the "doze" mode will be used.
3555
3556       /proc/sys/kernel/printk
3557              See syslog(2).
3558
3559       /proc/sys/kernel/pty (since Linux 2.6.4)
3560              This directory contains two files relating to the number of UNIX
3561              98 pseudoterminals (see pts(4)) on the system.
3562
3563       /proc/sys/kernel/pty/max
3564              This file defines the maximum number of pseudoterminals.
3565
3566       /proc/sys/kernel/pty/nr
3567              This  read-only file indicates how many pseudoterminals are cur‐
3568              rently in use.
3569
3570       /proc/sys/kernel/random
3571              This directory contains various parameters controlling the oper‐
3572              ation of the file /dev/random.  See random(4) for further infor‐
3573              mation.
3574
3575       /proc/sys/kernel/random/uuid (since Linux 2.4)
3576              Each read from this read-only file returns a randomly  generated
3577              128-bit UUID, as a string in the standard UUID format.
3578
3579       /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
3580              Select  the address space layout randomization (ASLR) policy for
3581              the system (on architectures that support ASLR).   Three  values
3582              are supported for this file:
3583
3584              0      Turn  ASLR  off.   This  is the default for architectures
3585                     that don't support ASLR, and when the  kernel  is  booted
3586                     with the norandmaps parameter.
3587
3588              1      Make the addresses of mmap(2) allocations, the stack, and
3589                     the VDSO page randomized.  Among other things, this means
3590                     that  shared  libraries  will be loaded at randomized ad‐
3591                     dresses.  The text segment of  PIE-linked  binaries  will
3592                     also  be  loaded  at a randomized address.  This value is
3593                     the default if the kernel was configured with CONFIG_COM‐
3594                     PAT_BRK.
3595
3596              2      (Since  Linux  2.6.25)  Also  support heap randomization.
3597                     This value is the default if the kernel was  not  config‐
3598                     ured with CONFIG_COMPAT_BRK.
3599
3600       /proc/sys/kernel/real-root-dev
3601              This file is documented in the Linux kernel source file Documen‐
3602              tation/admin-guide/initrd.rst (or  Documentation/initrd.txt  be‐
3603              fore Linux 4.10).
3604
3605       /proc/sys/kernel/reboot-cmd (Sparc only)
3606              This  file  seems  to  be a way to give an argument to the SPARC
3607              ROM/Flash boot loader.  Maybe to tell it what to  do  after  re‐
3608              booting?
3609
3610       /proc/sys/kernel/rtsig-max
3611              (Up  to  and  including Linux 2.6.7; see setrlimit(2)) This file
3612              can be used to  tune  the  maximum  number  of  POSIX  real-time
3613              (queued) signals that can be outstanding in the system.
3614
3615       /proc/sys/kernel/rtsig-nr
3616              (Up  to  and including Linux 2.6.7.)  This file shows the number
3617              of POSIX real-time signals currently queued.
3618
3619       /proc/pid/sched_autogroup_enabled (since Linux 2.6.38)
3620              See sched(7).
3621
3622       /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
3623              If this file contains the value zero, then, after a fork(2), the
3624              parent  is  first  scheduled on the CPU.  If the file contains a
3625              nonzero value, then the child is scheduled  first  on  the  CPU.
3626              (Of course, on a multiprocessor system, the parent and the child
3627              might both immediately be scheduled on a CPU.)
3628
3629       /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
3630              See sched_rr_get_interval(2).
3631
3632       /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
3633              See sched(7).
3634
3635       /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
3636              See sched(7).
3637
3638       /proc/sys/kernel/seccomp (since Linux 4.14)
3639              This directory provides additional seccomp information and  con‐
3640              figuration.  See seccomp(2) for further details.
3641
3642       /proc/sys/kernel/sem (since Linux 2.4)
3643              This  file  contains  4 numbers defining limits for System V IPC
3644              semaphores.  These fields are, in order:
3645
3646              SEMMSL The maximum semaphores per semaphore set.
3647
3648              SEMMNS A system-wide limit on the number of  semaphores  in  all
3649                     semaphore sets.
3650
3651              SEMOPM The maximum number of operations that may be specified in
3652                     a semop(2) call.
3653
3654              SEMMNI A system-wide limit on the maximum  number  of  semaphore
3655                     identifiers.
3656
3657       /proc/sys/kernel/sg-big-buff
3658              This file shows the size of the generic SCSI device (sg) buffer.
3659              You can't tune it just yet, but you could change it  at  compile
3660              time  by  editing  include/scsi/sg.h  and  changing the value of
3661              SG_BIG_BUFF.  However, there shouldn't be any reason  to  change
3662              this value.
3663
3664       /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
3665              If  this  file  is set to 1, all System V shared memory segments
3666              will be marked for destruction as soon as the number of attached
3667              processes  falls to zero; in other words, it is no longer possi‐
3668              ble to create shared memory segments that exist independently of
3669              any attached process.
3670
3671              The effect is as though a shmctl(2) IPC_RMID is performed on all
3672              existing segments as well as all segments created in the  future
3673              (until  this  file  is reset to 0).  Note that existing segments
3674              that are attached to no process will  be  immediately  destroyed
3675              when  this  file is set to 1.  Setting this option will also de‐
3676              stroy segments that were created, but never attached, upon  ter‐
3677              mination of the process that created the segment with shmget(2).
3678
3679              Setting  this file to 1 provides a way of ensuring that all Sys‐
3680              tem V shared memory segments are counted  against  the  resource
3681              usage  and  resource limits (see the description of RLIMIT_AS in
3682              getrlimit(2)) of at least one process.
3683
3684              Because setting this file to 1 produces behavior  that  is  non‐
3685              standard and could also break existing applications, the default
3686              value in this file is 0.  Set this file to 1 only if you have  a
3687              good  understanding  of  the semantics of the applications using
3688              System V shared memory on your system.
3689
3690       /proc/sys/kernel/shmall (since Linux 2.2)
3691              This file contains the system-wide limit on the total number  of
3692              pages of System V shared memory.
3693
3694       /proc/sys/kernel/shmmax (since Linux 2.2)
3695              This file can be used to query and set the run-time limit on the
3696              maximum (System V IPC) shared memory segment size  that  can  be
3697              created.  Shared memory segments up to 1 GB are now supported in
3698              the kernel.  This value defaults to SHMMAX.
3699
3700       /proc/sys/kernel/shmmni (since Linux 2.4)
3701              This file specifies the system-wide maximum number of  System  V
3702              shared memory segments that can be created.
3703
3704       /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
3705              The  value  in  this file determines how the file offset affects
3706              the behavior of updating entries in files under /proc/sys.   The
3707              file has three possible values:
3708
3709              -1  This  provides  legacy  handling,  with  no printk warnings.
3710                  Each write(2) must fully contain the value  to  be  written,
3711                  and  multiple  writes on the same file descriptor will over‐
3712                  write the entire value, regardless of the file position.
3713
3714              0   (default) This provides the same behavior  as  for  -1,  but
3715                  printk  warnings  are  written  for  processes  that perform
3716                  writes when the file offset is not 0.
3717
3718              1   Respect the file offset when writing strings into  /proc/sys
3719                  files.   Multiple  writes  will  append to the value buffer.
3720                  Anything written beyond the maximum length of the value buf‐
3721                  fer  will  be  ignored.  Writes to numeric /proc/sys entries
3722                  must always be at file offset 0 and the value must be  fully
3723                  contained in the buffer provided to write(2).
3724
3725       /proc/sys/kernel/sysrq
3726              This  file  controls  the functions allowed to be invoked by the
3727              SysRq key.  By default, the file contains 1 meaning  that  every
3728              possible  SysRq  request  is  allowed (in older kernel versions,
3729              SysRq was disabled by default, and you were required to specifi‐
3730              cally enable it at run-time, but this is not the case any more).
3731              Possible values in this file are:
3732
3733              0    Disable sysrq completely
3734
3735              1    Enable all functions of sysrq
3736
3737              > 1  Bit mask of allowed sysrq functions, as follows:
3738                     2  Enable control of console logging level
3739                     4  Enable control of keyboard (SAK, unraw)
3740                     8  Enable debugging dumps of processes etc.
3741                    16  Enable sync command
3742                    32  Enable remount read-only
3743                    64  Enable signaling of processes (term, kill, oom-kill)
3744                   128  Allow reboot/poweroff
3745                   256  Allow nicing of all real-time tasks
3746
3747              This file is present only if the CONFIG_MAGIC_SYSRQ kernel  con‐
3748              figuration option is enabled.  For further details see the Linux
3749              kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
3750              mentation/sysrq.txt before Linux 4.10).
3751
3752       /proc/sys/kernel/version
3753              This file contains a string such as:
3754
3755                  #5 Wed Feb 25 21:49:24 MET 1998
3756
3757              The  "#5"  means  that  this is the fifth kernel built from this
3758              source base and the date following it  indicates  the  time  the
3759              kernel was built.
3760
3761       /proc/sys/kernel/threads-max (since Linux 2.3.11)
3762              This  file  specifies  the  system-wide  limit  on the number of
3763              threads (tasks) that can be created on the system.
3764
3765              Since Linux 4.1, the value that can be written to threads-max is
3766              bounded.  The minimum value that can be written is 20.  The max‐
3767              imum value that can be written is  given  by  the  constant  FU‐
3768              TEX_TID_MASK  (0x3fffffff).  If a value outside of this range is
3769              written to threads-max, the error EINVAL occurs.
3770
3771              The value written is checked against the  available  RAM  pages.
3772              If the thread structures would occupy too much (more than 1/8th)
3773              of the available RAM pages, threads-max is reduced accordingly.
3774
3775       /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
3776              See ptrace(2).
3777
3778       /proc/sys/kernel/zero-paged (PowerPC only)
3779              This file contains a flag.  When  enabled  (nonzero),  Linux-PPC
3780              will  pre-zero  pages  in  the  idle  loop, possibly speeding up
3781              get_free_pages.
3782
3783       /proc/sys/net
3784              This directory contains networking stuff.  Explanations for some
3785              of  the  files  under  this directory can be found in tcp(7) and
3786              ip(7).
3787
3788       /proc/sys/net/core/bpf_jit_enable
3789              See bpf(2).
3790
3791       /proc/sys/net/core/somaxconn
3792              This file defines a ceiling value for the  backlog  argument  of
3793              listen(2); see the listen(2) manual page for details.
3794
3795       /proc/sys/proc
3796              This directory may be empty.
3797
3798       /proc/sys/sunrpc
3799              This  directory  supports  Sun remote procedure call for network
3800              filesystem (NFS).  On some systems, it is not present.
3801
3802       /proc/sys/user (since Linux 4.9)
3803              See namespaces(7).
3804
3805       /proc/sys/vm
3806              This directory contains files for memory management tuning, buf‐
3807              fer, and cache management.
3808
3809       /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
3810              This file defines the amount of free memory (in KiB) on the sys‐
3811              tem that should  be  reserved  for  users  with  the  capability
3812              CAP_SYS_ADMIN.
3813
3814              The  default  value  in  this file is the minimum of [3% of free
3815              pages, 8MiB] expressed as KiB.  The default is intended to  pro‐
3816              vide  enough  for the superuser to log in and kill a process, if
3817              necessary, under the default overcommit 'guess' mode (i.e., 0 in
3818              /proc/sys/vm/overcommit_memory).
3819
3820              Systems   running   in  "overcommit  never"  mode  (i.e.,  2  in
3821              /proc/sys/vm/overcommit_memory) should  increase  the  value  in
3822              this  file  to  account  for the full virtual memory size of the
3823              programs used to recover (e.g.,  login(1)  ssh(1),  and  top(1))
3824              Otherwise,  the  superuser  may not be able to log in to recover
3825              the system.  For example, on x86-64 a suitable value  is  131072
3826              (128MiB reserved).
3827
3828              Changing  the value in this file takes effect whenever an appli‐
3829              cation requests memory.
3830
3831       /proc/sys/vm/compact_memory (since Linux 2.6.35)
3832              When 1 is written to this file, all  zones  are  compacted  such
3833              that  free memory is available in contiguous blocks where possi‐
3834              ble.  The effect  of  this  action  can  be  seen  by  examining
3835              /proc/buddyinfo.
3836
3837              Present  only  if  the  kernel  was  configured with CONFIG_COM‐
3838              PACTION.
3839
3840       /proc/sys/vm/drop_caches (since Linux 2.6.16)
3841              Writing to this file causes the kernel  to  drop  clean  caches,
3842              dentries,  and inodes from memory, causing that memory to become
3843              free.  This can be useful for memory management testing and per‐
3844              forming  reproducible filesystem benchmarks.  Because writing to
3845              this file causes the benefits of caching to be lost, it can  de‐
3846              grade overall system performance.
3847
3848              To free pagecache, use:
3849
3850                  echo 1 > /proc/sys/vm/drop_caches
3851
3852              To free dentries and inodes, use:
3853
3854                  echo 2 > /proc/sys/vm/drop_caches
3855
3856              To free pagecache, dentries, and inodes, use:
3857
3858                  echo 3 > /proc/sys/vm/drop_caches
3859
3860              Because  writing  to this file is a nondestructive operation and
3861              dirty objects are not freeable,  the  user  should  run  sync(1)
3862              first.
3863
3864       /proc/sys/vm/sysctl_hugetlb_shm_group (since Linux 2.6.7)
3865              This  writable file contains a group ID that is allowed to allo‐
3866              cate memory using huge pages.  If a  process  has  a  filesystem
3867              group  ID  or any supplementary group ID that matches this group
3868              ID, then it can make huge-page allocations without  holding  the
3869              CAP_IPC_LOCK   capability;  see  memfd_create(2),  mmap(2),  and
3870              shmget(2).
3871
3872       /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
3873              If nonzero, this disables the new 32-bit memory-mapping  layout;
3874              the kernel will use the legacy (2.4) layout for all processes.
3875
3876       /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
3877              Control  how  to kill processes when an uncorrected memory error
3878              (typically a 2-bit error in a memory module) that cannot be han‐
3879              dled  by  the  kernel is detected in the background by hardware.
3880              In some cases (like the page still having a valid copy on disk),
3881              the kernel will handle the failure transparently without affect‐
3882              ing any applications.  But if there is no other up-to-date  copy
3883              of  the data, it will kill processes to prevent any data corrup‐
3884              tions from propagating.
3885
3886              The file has one of the following values:
3887
3888              1      Kill  all  processes  that  have  the  corrupted-and-not-
3889                     reloadable  page  mapped as soon as the corruption is de‐
3890                     tected.  Note that this is not supported for a few  types
3891                     of pages, such as kernel internally allocated data or the
3892                     swap cache, but works for the majority of user pages.
3893
3894              0      Unmap the corrupted page from all processes  and  kill  a
3895                     process only if it tries to access the page.
3896
3897              The  kill is performed using a SIGBUS signal with si_code set to
3898              BUS_MCEERR_AO.  Processes can handle this if they want  to;  see
3899              sigaction(2) for more details.
3900
3901              This  feature is active only on architectures/platforms with ad‐
3902              vanced machine check handling and depends on the hardware  capa‐
3903              bilities.
3904
3905              Applications  can override the memory_failure_early_kill setting
3906              individually with the prctl(2) PR_MCE_KILL operation.
3907
3908              Present only if  the  kernel  was  configured  with  CONFIG_MEM‐
3909              ORY_FAILURE.
3910
3911       /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
3912              Enable memory failure recovery (when supported by the platform).
3913
3914              1      Attempt recovery.
3915
3916              0      Always panic on a memory failure.
3917
3918              Present  only  if  the  kernel  was  configured with CONFIG_MEM‐
3919              ORY_FAILURE.
3920
3921       /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
3922              Enables a system-wide task dump (excluding kernel threads) to be
3923              produced  when the kernel performs an OOM-killing.  The dump in‐
3924              cludes  the  following  information  for  each   task   (thread,
3925              process): thread ID, real user ID, thread group ID (process ID),
3926              virtual memory size, resident set size, the CPU that the task is
3927              scheduled   on,   oom_adj   score   (see   the   description  of
3928              /proc/pid/oom_adj), and command name.  This is helpful to deter‐
3929              mine  why  the  OOM-killer was invoked and to identify the rogue
3930              task that caused it.
3931
3932              If this contains the value zero, this information is suppressed.
3933              On  very  large  systems  with thousands of tasks, it may not be
3934              feasible to dump the memory  state  information  for  each  one.
3935              Such systems should not be forced to incur a performance penalty
3936              in OOM situations when the information may not be desired.
3937
3938              If this is set to nonzero, this information  is  shown  whenever
3939              the OOM-killer actually kills a memory-hogging task.
3940
3941              The default value is 0.
3942
3943       /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
3944              This enables or disables killing the OOM-triggering task in out-
3945              of-memory situations.
3946
3947              If this is set to zero, the OOM-killer will scan through the en‐
3948              tire  tasklist  and  select  a task based on heuristics to kill.
3949              This normally selects a rogue memory-hogging task that frees  up
3950              a large amount of memory when killed.
3951
3952              If  this is set to nonzero, the OOM-killer simply kills the task
3953              that triggered the out-of-memory condition.  This avoids a  pos‐
3954              sibly expensive tasklist scan.
3955
3956              If  /proc/sys/vm/panic_on_oom  is  nonzero,  it takes precedence
3957              over whatever value is  used  in  /proc/sys/vm/oom_kill_allocat‐
3958              ing_task.
3959
3960              The default value is 0.
3961
3962       /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
3963              This writable file provides an alternative to /proc/sys/vm/over‐
3964              commit_ratio    for    controlling    the    CommitLimit    when
3965              /proc/sys/vm/overcommit_memory  has  the value 2.  It allows the
3966              amount of memory overcommitting to be specified as  an  absolute
3967              value  (in  kB),  rather  than  as a percentage, as is done with
3968              overcommit_ratio.  This allows for finer-grained control of Com‐
3969              mitLimit on systems with extremely large memory sizes.
3970
3971              Only  one  of  overcommit_kbytes or overcommit_ratio can have an
3972              effect: if overcommit_kbytes has a nonzero  value,  then  it  is
3973              used  to  calculate  CommitLimit,  otherwise overcommit_ratio is
3974              used.  Writing a value to either of these files causes the value
3975              in the other file to be set to zero.
3976
3977       /proc/sys/vm/overcommit_memory
3978              This  file  contains  the kernel virtual memory accounting mode.
3979              Values are:
3980
3981                     0: heuristic overcommit (this is the default)
3982                     1: always overcommit, never check
3983                     2: always check, never overcommit
3984
3985              In mode 0, calls of mmap(2) with MAP_NORESERVE are not  checked,
3986              and  the default check is very weak, leading to the risk of get‐
3987              ting a process "OOM-killed".
3988
3989              In mode 1, the kernel pretends there is  always  enough  memory,
3990              until  memory  actually runs out.  One use case for this mode is
3991              scientific computing applications that employ large  sparse  ar‐
3992              rays.  Before Linux 2.6.0, any nonzero value implies mode 1.
3993
3994              In mode 2 (available since Linux 2.6), the total virtual address
3995              space that can be allocated (CommitLimit  in  /proc/meminfo)  is
3996              calculated as
3997
3998                  CommitLimit = (total_RAM - total_huge_TLB) *
3999                          overcommit_ratio / 100 + total_swap
4000
4001              where:
4002
4003              •  total_RAM is the total amount of RAM on the system;
4004
4005              •  total_huge_TLB  is  the  amount  of memory set aside for huge
4006                 pages;
4007
4008              •  overcommit_ratio is the value in  /proc/sys/vm/overcommit_ra‐
4009                 tio; and
4010
4011              •  total_swap is the amount of swap space.
4012
4013              For  example,  on  a system with 16 GB of physical RAM, 16 GB of
4014              swap, no space dedicated to huge pages, and an  overcommit_ratio
4015              of 50, this formula yields a CommitLimit of 24 GB.
4016
4017              Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
4018              is nonzero, then CommitLimit is instead calculated as:
4019
4020                  CommitLimit = overcommit_kbytes + total_swap
4021
4022              See also the  description  of  /proc/sys/vm/admin_reserve_kbytes
4023              and /proc/sys/vm/user_reserve_kbytes.
4024
4025       /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
4026              This  writable  file defines a percentage by which memory can be
4027              overcommitted.  The default value in the file is  50.   See  the
4028              description of /proc/sys/vm/overcommit_memory.
4029
4030       /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
4031              This enables or disables a kernel panic in an out-of-memory sit‐
4032              uation.
4033
4034              If this file is set to the value 0, the kernel's OOM-killer will
4035              kill  some  rogue  process.   Usually, the OOM-killer is able to
4036              kill a rogue process and the system will survive.
4037
4038              If this file is set to the value 1,  then  the  kernel  normally
4039              panics when out-of-memory happens.  However, if a process limits
4040              allocations to certain nodes  using  memory  policies  (mbind(2)
4041              MPOL_BIND)  or  cpusets (cpuset(7)) and those nodes reach memory
4042              exhaustion status, one process may be killed by the  OOM-killer.
4043              No panic occurs in this case: because other nodes' memory may be
4044              free, this means the system as a whole may not have  reached  an
4045              out-of-memory situation yet.
4046
4047              If  this  file  is  set to the value 2, the kernel always panics
4048              when an out-of-memory condition occurs.
4049
4050              The default value is 0.  1 and 2 are for failover of clustering.
4051              Select either according to your policy of failover.
4052
4053       /proc/sys/vm/swappiness
4054              The value in this file controls how aggressively the kernel will
4055              swap memory pages.  Higher values increase aggressiveness, lower
4056              values decrease aggressiveness.  The default value is 60.
4057
4058       /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
4059              Specifies  an amount of memory (in KiB) to reserve for user pro‐
4060              cesses.  This is intended to prevent a user from starting a sin‐
4061              gle  memory hogging process, such that they cannot recover (kill
4062              the hog).  The value in  this  file  has  an  effect  only  when
4063              /proc/sys/vm/overcommit_memory  is  set to 2 ("overcommit never"
4064              mode).  In this case, the system reserves an  amount  of  memory
4065              that  is  the  minimum  of [3% of current process size, user_re‐
4066              serve_kbytes].
4067
4068              The default value in this file is the minimum  of  [3%  of  free
4069              pages, 128MiB] expressed as KiB.
4070
4071              If  the  value  in this file is set to zero, then a user will be
4072              allowed to allocate all free memory with a single process (minus
4073              the  amount reserved by /proc/sys/vm/admin_reserve_kbytes).  Any
4074              subsequent attempts to execute a command will result  in  "fork:
4075              Cannot allocate memory".
4076
4077              Changing  the value in this file takes effect whenever an appli‐
4078              cation requests memory.
4079
4080       /proc/sys/vm/unprivileged_userfaultfd (since Linux 5.2)
4081              This (writable) file exposes a flag that  controls  whether  un‐
4082              privileged  processes  are allowed to employ userfaultfd(2).  If
4083              this file has the value 1, then unprivileged processes  may  use
4084              userfaultfd(2).   If  this  file has the value 0, then only pro‐
4085              cesses that have the CAP_SYS_PTRACE capability may employ  user‐
4086              faultfd(2).  The default value in this file is 1.
4087
4088       /proc/sysrq-trigger (since Linux 2.4.21)
4089              Writing  a  character to this file triggers the same SysRq func‐
4090              tion as typing ALT-SysRq-<character>  (see  the  description  of
4091              /proc/sys/kernel/sysrq).  This file is normally writable only by
4092              root.  For further details see the Linux kernel source file Doc‐
4093              umentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt be‐
4094              fore Linux 4.10).
4095
4096       /proc/sysvipc
4097              Subdirectory containing  the  pseudo-files  msg,  sem  and  shm.
4098              These  files  list the System V Interprocess Communication (IPC)
4099              objects (respectively: message queues,  semaphores,  and  shared
4100              memory)  that  currently  exist on the system, providing similar
4101              information to that available via  ipcs(1).   These  files  have
4102              headers and are formatted (one IPC object per line) for easy un‐
4103              derstanding.  sysvipc(7) provides further background on the  in‐
4104              formation shown by these files.
4105
4106       /proc/thread-self (since Linux 3.17)
4107              This directory refers to the thread accessing the /proc filesys‐
4108              tem, and is identical to the /proc/self/task/tid directory named
4109              by the process thread ID (tid) of the same thread.
4110
4111       /proc/timer_list (since Linux 2.6.21)
4112              This  read-only  file  exposes  a  list of all currently pending
4113              (high-resolution) timers, all clock-event sources, and their pa‐
4114              rameters in a human-readable form.
4115
4116       /proc/timer_stats (from  Linux 2.6.21 until Linux 4.10)
4117              This  is  a  debugging facility to make timer (ab)use in a Linux
4118              system visible to kernel and user-space developers.  It  can  be
4119              used  by  kernel  and user-space developers to verify that their
4120              code does not make undue use of timers.  The goal  is  to  avoid
4121              unnecessary wakeups, thereby optimizing power consumption.
4122
4123              If  enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
4124              has almost zero run-time overhead and a relatively  small  data-
4125              structure  overhead.  Even if collection is enabled at run time,
4126              overhead is low: all  the  locking  is  per-CPU  and  lookup  is
4127              hashed.
4128
4129              The  /proc/timer_stats file is used both to control sampling fa‐
4130              cility and to read out the sampled information.
4131
4132              The timer_stats functionality is inactive on bootup.  A sampling
4133              period can be started using the following command:
4134
4135                  # echo 1 > /proc/timer_stats
4136
4137              The following command stops a sampling period:
4138
4139                  # echo 0 > /proc/timer_stats
4140
4141              The statistics can be retrieved by:
4142
4143                  $ cat /proc/timer_stats
4144
4145              While  sampling  is enabled, each readout from /proc/timer_stats
4146              will see newly updated statistics.  Once sampling  is  disabled,
4147              the  sampled  information  is  kept until a new sample period is
4148              started.  This allows multiple readouts.
4149
4150              Sample output from /proc/timer_stats:
4151
4152                  $ cat /proc/timer_stats
4153                  Timer Stats Version: v0.3
4154                  Sample period: 1.764 s
4155                  Collection: active
4156                    255,     0 swapper/3        hrtimer_start_range_ns (tick_sched_timer)
4157                     71,     0 swapper/1        hrtimer_start_range_ns (tick_sched_timer)
4158                     58,     0 swapper/0        hrtimer_start_range_ns (tick_sched_timer)
4159                      4,  1694 gnome-shell      mod_delayed_work_on (delayed_work_timer_fn)
4160                     17,     7 rcu_sched        rcu_gp_kthread (process_timeout)
4161                  ...
4162                      1,  4911 kworker/u16:0    mod_delayed_work_on (delayed_work_timer_fn)
4163                     1D,  2522 kworker/0:0      queue_delayed_work_on (delayed_work_timer_fn)
4164                  1029 total events, 583.333 events/sec
4165
4166              The output columns are:
4167
4168              [1]  a count of the number of events,  optionally  (since  Linux
4169                   2.6.23)  followed by the letter 'D' if this is a deferrable
4170                   timer;
4171
4172              [2]  the PID of the process that initialized the timer;
4173
4174              [3]  the name of the process that initialized the timer;
4175
4176              [4]  the function where  the  timer  was  initialized;  and  (in
4177                   parentheses)  the callback function that is associated with
4178                   the timer.
4179
4180              During the Linux 4.11 development cycle, this file  was  removed
4181              because  of  security concerns, as it exposes information across
4182              namespaces.  Furthermore, it is possible to obtain the same  in‐
4183              formation via in-kernel tracing facilities such as ftrace.
4184
4185       /proc/tty
4186              Subdirectory  containing the pseudo-files and subdirectories for
4187              tty drivers and line disciplines.
4188
4189       /proc/uptime
4190              This file contains two numbers (values in seconds):  the  uptime
4191              of  the  system (including time spent in suspend) and the amount
4192              of time spent in the idle process.
4193
4194       /proc/version
4195              This string identifies the kernel version that is currently run‐
4196              ning.   It  includes  the  contents  of /proc/sys/kernel/ostype,
4197              /proc/sys/kernel/osrelease, and  /proc/sys/kernel/version.   For
4198              example:
4199
4200                  Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
4201
4202       /proc/vmstat (since Linux 2.6.0)
4203              This file displays various virtual memory statistics.  Each line
4204              of this file contains a single  name-value  pair,  delimited  by
4205              white space.  Some lines are present only if the kernel was con‐
4206              figured with suitable options.  (In some cases, the options  re‐
4207              quired for particular files have changed across kernel versions,
4208              so they are not listed here.  Details can be found by consulting
4209              the kernel source code.)  The following fields may be present:
4210
4211              nr_free_pages (since Linux 2.6.31)
4212
4213              nr_alloc_batch (since Linux 3.12)
4214
4215              nr_inactive_anon (since Linux 2.6.28)
4216
4217              nr_active_anon (since Linux 2.6.28)
4218
4219              nr_inactive_file (since Linux 2.6.28)
4220
4221              nr_active_file (since Linux 2.6.28)
4222
4223              nr_unevictable (since Linux 2.6.28)
4224
4225              nr_mlock (since Linux 2.6.28)
4226
4227              nr_anon_pages (since Linux 2.6.18)
4228
4229              nr_mapped (since Linux 2.6.0)
4230
4231              nr_file_pages (since Linux 2.6.18)
4232
4233              nr_dirty (since Linux 2.6.0)
4234
4235              nr_writeback (since Linux 2.6.0)
4236
4237              nr_slab_reclaimable (since Linux 2.6.19)
4238
4239              nr_slab_unreclaimable (since Linux 2.6.19)
4240
4241              nr_page_table_pages (since Linux 2.6.0)
4242
4243              nr_kernel_stack (since Linux 2.6.32)
4244                     Amount of memory allocated to kernel stacks.
4245
4246              nr_unstable (since Linux 2.6.0)
4247
4248              nr_bounce (since Linux 2.6.12)
4249
4250              nr_vmscan_write (since Linux 2.6.19)
4251
4252              nr_vmscan_immediate_reclaim (since Linux 3.2)
4253
4254              nr_writeback_temp (since Linux 2.6.26)
4255
4256              nr_isolated_anon (since Linux 2.6.32)
4257
4258              nr_isolated_file (since Linux 2.6.32)
4259
4260              nr_shmem (since Linux 2.6.32)
4261                     Pages used by shmem and tmpfs(5).
4262
4263              nr_dirtied (since Linux 2.6.37)
4264
4265              nr_written (since Linux 2.6.37)
4266
4267              nr_pages_scanned (since Linux 3.17)
4268
4269              numa_hit (since Linux 2.6.18)
4270
4271              numa_miss (since Linux 2.6.18)
4272
4273              numa_foreign (since Linux 2.6.18)
4274
4275              numa_interleave (since Linux 2.6.18)
4276
4277              numa_local (since Linux 2.6.18)
4278
4279              numa_other (since Linux 2.6.18)
4280
4281              workingset_refault (since Linux 3.15)
4282
4283              workingset_activate (since Linux 3.15)
4284
4285              workingset_nodereclaim (since Linux 3.15)
4286
4287              nr_anon_transparent_hugepages (since Linux 2.6.38)
4288
4289              nr_free_cma (since Linux 3.7)
4290                     Number of free CMA (Contiguous Memory Allocator) pages.
4291
4292              nr_dirty_threshold (since Linux 2.6.37)
4293
4294              nr_dirty_background_threshold (since Linux 2.6.37)
4295
4296              pgpgin (since Linux 2.6.0)
4297
4298              pgpgout (since Linux 2.6.0)
4299
4300              pswpin (since Linux 2.6.0)
4301
4302              pswpout (since Linux 2.6.0)
4303
4304              pgalloc_dma (since Linux 2.6.5)
4305
4306              pgalloc_dma32 (since Linux 2.6.16)
4307
4308              pgalloc_normal (since Linux 2.6.5)
4309
4310              pgalloc_high (since Linux 2.6.5)
4311
4312              pgalloc_movable (since Linux 2.6.23)
4313
4314              pgfree (since Linux 2.6.0)
4315
4316              pgactivate (since Linux 2.6.0)
4317
4318              pgdeactivate (since Linux 2.6.0)
4319
4320              pgfault (since Linux 2.6.0)
4321
4322              pgmajfault (since Linux 2.6.0)
4323
4324              pgrefill_dma (since Linux 2.6.5)
4325
4326              pgrefill_dma32 (since Linux 2.6.16)
4327
4328              pgrefill_normal (since Linux 2.6.5)
4329
4330              pgrefill_high (since Linux 2.6.5)
4331
4332              pgrefill_movable (since Linux 2.6.23)
4333
4334              pgsteal_kswapd_dma (since Linux 3.4)
4335
4336              pgsteal_kswapd_dma32 (since Linux 3.4)
4337
4338              pgsteal_kswapd_normal (since Linux 3.4)
4339
4340              pgsteal_kswapd_high (since Linux 3.4)
4341
4342              pgsteal_kswapd_movable (since Linux 3.4)
4343
4344              pgsteal_direct_dma
4345
4346              pgsteal_direct_dma32 (since Linux 3.4)
4347
4348              pgsteal_direct_normal (since Linux 3.4)
4349
4350              pgsteal_direct_high (since Linux 3.4)
4351
4352              pgsteal_direct_movable (since Linux 2.6.23)
4353
4354              pgscan_kswapd_dma
4355
4356              pgscan_kswapd_dma32 (since Linux 2.6.16)
4357
4358              pgscan_kswapd_normal (since Linux 2.6.5)
4359
4360              pgscan_kswapd_high
4361
4362              pgscan_kswapd_movable (since Linux 2.6.23)
4363
4364              pgscan_direct_dma
4365
4366              pgscan_direct_dma32 (since Linux 2.6.16)
4367
4368              pgscan_direct_normal
4369
4370              pgscan_direct_high
4371
4372              pgscan_direct_movable (since Linux 2.6.23)
4373
4374              pgscan_direct_throttle (since Linux 3.6)
4375
4376              zone_reclaim_failed (since linux 2.6.31)
4377
4378              pginodesteal (since linux 2.6.0)
4379
4380              slabs_scanned (since linux 2.6.5)
4381
4382              kswapd_inodesteal (since linux 2.6.0)
4383
4384              kswapd_low_wmark_hit_quickly (since Linux 2.6.33)
4385
4386              kswapd_high_wmark_hit_quickly (since Linux 2.6.33)
4387
4388              pageoutrun (since Linux 2.6.0)
4389
4390              allocstall (since Linux 2.6.0)
4391
4392              pgrotated (since Linux 2.6.0)
4393
4394              drop_pagecache (since Linux 3.15)
4395
4396              drop_slab (since Linux 3.15)
4397
4398              numa_pte_updates (since Linux 3.8)
4399
4400              numa_huge_pte_updates (since Linux 3.13)
4401
4402              numa_hint_faults (since Linux 3.8)
4403
4404              numa_hint_faults_local (since Linux 3.8)
4405
4406              numa_pages_migrated (since Linux 3.8)
4407
4408              pgmigrate_success (since Linux 3.8)
4409
4410              pgmigrate_fail (since Linux 3.8)
4411
4412              compact_migrate_scanned (since Linux 3.8)
4413
4414              compact_free_scanned (since Linux 3.8)
4415
4416              compact_isolated (since Linux 3.8)
4417
4418              compact_stall (since Linux 2.6.35)
4419                     See    the    kernel    source   file   Documentation/ad‐
4420                     min-guide/mm/transhuge.rst.
4421
4422              compact_fail (since Linux 2.6.35)
4423                     See   the   kernel    source    file    Documentation/ad‐
4424                     min-guide/mm/transhuge.rst.
4425
4426              compact_success (since Linux 2.6.35)
4427                     See    the    kernel    source   file   Documentation/ad‐
4428                     min-guide/mm/transhuge.rst.
4429
4430              htlb_buddy_alloc_success (since Linux 2.6.26)
4431
4432              htlb_buddy_alloc_fail (since Linux 2.6.26)
4433
4434              unevictable_pgs_culled (since Linux 2.6.28)
4435
4436              unevictable_pgs_scanned (since Linux 2.6.28)
4437
4438              unevictable_pgs_rescued (since Linux 2.6.28)
4439
4440              unevictable_pgs_mlocked (since Linux 2.6.28)
4441
4442              unevictable_pgs_munlocked (since Linux 2.6.28)
4443
4444              unevictable_pgs_cleared (since Linux 2.6.28)
4445
4446              unevictable_pgs_stranded (since Linux 2.6.28)
4447
4448              thp_fault_alloc (since Linux 2.6.39)
4449                     See   the   kernel    source    file    Documentation/ad‐
4450                     min-guide/mm/transhuge.rst.
4451
4452              thp_fault_fallback (since Linux 2.6.39)
4453                     See    the    kernel    source   file   Documentation/ad‐
4454                     min-guide/mm/transhuge.rst.
4455
4456              thp_collapse_alloc (since Linux 2.6.39)
4457                     See   the   kernel    source    file    Documentation/ad‐
4458                     min-guide/mm/transhuge.rst.
4459
4460              thp_collapse_alloc_failed (since Linux 2.6.39)
4461                     See    the    kernel    source   file   Documentation/ad‐
4462                     min-guide/mm/transhuge.rst.
4463
4464              thp_split (since Linux 2.6.39)
4465                     See   the   kernel    source    file    Documentation/ad‐
4466                     min-guide/mm/transhuge.rst.
4467
4468              thp_zero_page_alloc (since Linux 3.8)
4469                     See    the    kernel    source   file   Documentation/ad‐
4470                     min-guide/mm/transhuge.rst.
4471
4472              thp_zero_page_alloc_failed (since Linux 3.8)
4473                     See   the   kernel    source    file    Documentation/ad‐
4474                     min-guide/mm/transhuge.rst.
4475
4476              balloon_inflate (since Linux 3.18)
4477
4478              balloon_deflate (since Linux 3.18)
4479
4480              balloon_migrate (since Linux 3.18)
4481
4482              nr_tlb_remote_flush (since Linux 3.12)
4483
4484              nr_tlb_remote_flush_received (since Linux 3.12)
4485
4486              nr_tlb_local_flush_all (since Linux 3.12)
4487
4488              nr_tlb_local_flush_one (since Linux 3.12)
4489
4490              vmacache_find_calls (since Linux 3.16)
4491
4492              vmacache_find_hits (since Linux 3.16)
4493
4494              vmacache_full_flushes (since Linux 3.19)
4495
4496       /proc/zoneinfo (since Linux 2.6.13)
4497              This file displays information about memory zones.  This is use‐
4498              ful for analyzing virtual memory behavior.
4499