1proc(5)                       File Formats Manual                      proc(5)
2
3
4

NAME

6       proc  -  process  information,  system  information, and sysctl pseudo-
7       filesystem
8

DESCRIPTION

10       The proc filesystem is a pseudo-filesystem which provides an  interface
11       to  kernel  data  structures.   It is commonly mounted at /proc.  Typi‐
12       cally, it is mounted automatically by the system, but it  can  also  be
13       mounted manually using a command such as:
14
15           mount -t proc proc /proc
16
17       Most  of the files in the proc filesystem are read-only, but some files
18       are writable, allowing kernel variables to be changed.
19
20   Mount options
21       The proc filesystem supports the following mount options:
22
23       hidepid=n (since Linux 3.3)
24              This option controls who can access the information in /proc/pid
25              directories.  The argument, n, is one of the following values:
26
27              0   Everybody may access all /proc/pid directories.  This is the
28                  traditional behavior, and the default if this  mount  option
29                  is not specified.
30
31              1   Users  may  not  access  files and subdirectories inside any
32                  /proc/pid directories but their own (the /proc/pid  directo‐
33                  ries  themselves  remain  visible).  Sensitive files such as
34                  /proc/pid/cmdline and  /proc/pid/status  are  now  protected
35                  against  other  users.   This  makes  it impossible to learn
36                  whether any user is running a specific program (so  long  as
37                  the  program  doesn't  otherwise reveal itself by its behav‐
38                  ior).
39
40              2   As for mode 1, but in addition the /proc/pid directories be‐
41                  longing  to  other  users become invisible.  This means that
42                  /proc/pid entries can no longer be used to discover the PIDs
43                  on  the  system.   This doesn't hide the fact that a process
44                  with a specific PID value exists (it can be learned by other
45                  means,  for  example,  by  "kill  -0  $PID"), but it hides a
46                  process's UID and GID, which could otherwise be  learned  by
47                  employing  stat(2)  on  a /proc/pid directory.  This greatly
48                  complicates an  attacker's  task  of  gathering  information
49                  about running processes (e.g., discovering whether some dae‐
50                  mon is running with  elevated  privileges,  whether  another
51                  user  is running some sensitive program, whether other users
52                  are running any program at all, and so on).
53
54       gid=gid (since Linux 3.3)
55              Specifies the ID of a group  whose  members  are  authorized  to
56              learn process information otherwise prohibited by hidepid (i.e.,
57              users in this group behave as  though  /proc  was  mounted  with
58              hidepid=0).   This  group  should  be used instead of approaches
59              such as putting nonroot users into the sudoers(5) file.
60
61   Overview
62       Underneath /proc, there are the following general groups of  files  and
63       subdirectories:
64
65       /proc/pid subdirectories
66              Each  one of these subdirectories contains files and subdirecto‐
67              ries exposing information about the process with the correspond‐
68              ing process ID.
69
70              Underneath  each  of the /proc/pid directories, a task subdirec‐
71              tory contains subdirectories of the form task/tid, which contain
72              corresponding  information  about  each  of  the  threads in the
73              process, where tid is the kernel thread ID of the thread.
74
75              The /proc/pid subdirectories are visible when iterating  through
76              /proc with getdents(2) (and thus are visible when one uses ls(1)
77              to view the contents of /proc).
78
79       /proc/tid subdirectories
80              Each one of these subdirectories contains files and  subdirecto‐
81              ries  exposing information about the thread with the correspond‐
82              ing thread ID.  The contents of these directories are  the  same
83              as the corresponding /proc/pid/task/tid directories.
84
85              The  /proc/tid  subdirectories  are  not  visible when iterating
86              through /proc with getdents(2) (and thus are  not  visible  when
87              one uses ls(1) to view the contents of /proc).
88
89       /proc/self
90              When a process accesses this magic symbolic link, it resolves to
91              the process's own /proc/pid directory.
92
93       /proc/thread-self
94              When a thread accesses this magic symbolic link, it resolves  to
95              the process's own /proc/self/task/tid directory.
96
97       /proc/[a-z]*
98              Various  other  files and subdirectories under /proc expose sys‐
99              tem-wide information.
100
101       All of the above are described in more detail below.
102
103   Files and directories
104       The following list provides details of many of the files  and  directo‐
105       ries under the /proc hierarchy.
106
107       /proc/pid
108              There  is a numerical subdirectory for each running process; the
109              subdirectory is named by the process ID.  Each /proc/pid  subdi‐
110              rectory  contains the pseudo-files and directories described be‐
111              low.
112
113              The files inside each /proc/pid directory are normally owned  by
114              the  effective user and effective group ID of the process.  How‐
115              ever, as a security measure, the ownership is made root:root  if
116              the  process's "dumpable" attribute is set to a value other than
117              1.
118
119              Before Linux 4.11, root:root meant the "global" root user ID and
120              group  ID (i.e., UID 0 and GID 0 in the initial user namespace).
121              Since Linux 4.11, if the process is in a noninitial  user  name‐
122              space  that has a valid mapping for user (group) ID 0 inside the
123              namespace, then the user (group) ownership of  the  files  under
124              /proc/pid  is  instead made the same as the root user (group) ID
125              of the namespace.  This means that inside  a  container,  things
126              work as expected for the container "root" user.
127
128              The  process's "dumpable" attribute may change for the following
129              reasons:
130
131              •  The  attribute  was   explicitly   set   via   the   prctl(2)
132                 PR_SET_DUMPABLE operation.
133
134              •  The   attribute   was   reset   to  the  value  in  the  file
135                 /proc/sys/fs/suid_dumpable (described below), for the reasons
136                 described in prctl(2).
137
138              Resetting the "dumpable" attribute to 1 reverts the ownership of
139              the /proc/pid/* files to the process's effective  UID  and  GID.
140              Note,  however, that if the effective UID or GID is subsequently
141              modified, then the "dumpable" attribute may  be  reset,  as  de‐
142              scribed  in  prctl(2).   Therefore, it may be desirable to reset
143              the "dumpable" attribute after making any desired changes to the
144              process's effective UID or GID.
145
146       /proc/pid/attr
147              The files in this directory provide an API for security modules.
148              The contents of this directory are files that can  be  read  and
149              written  in  order to set security-related attributes.  This di‐
150              rectory was added to support SELinux, but the intention was that
151              the  API  be  general  enough to support other security modules.
152              For the purpose of explanation, examples  of  how  SELinux  uses
153              these files are provided below.
154
155              This directory is present only if the kernel was configured with
156              CONFIG_SECURITY.
157
158       /proc/pid/attr/current (since Linux 2.6.0)
159              The contents of this file represent  the  current  security  at‐
160              tributes of the process.
161
162              In  SELinux,  this file is used to get the security context of a
163              process.  Prior to Linux 2.6.11, this file could not be used  to
164              set  the  security  context  (a  write was always denied), since
165              SELinux limited process security transitions to  execve(2)  (see
166              the  description  of  /proc/pid/attr/exec,  below).  Since Linux
167              2.6.11, SELinux lifted this  restriction  and  began  supporting
168              "set"  operations  via writes to this node if authorized by pol‐
169              icy, although use of this operation is only suitable for  appli‐
170              cations  that are trusted to maintain any desired separation be‐
171              tween the old and new security contexts.
172
173              Prior to Linux 2.6.28, SELinux did not allow  threads  within  a
174              multithreaded  process  to  set  their security context via this
175              node as it would yield an inconsistency among the security  con‐
176              texts of the threads sharing the same memory space.  Since Linux
177              2.6.28, SELinux lifted this  restriction  and  began  supporting
178              "set"  operations  for threads within a multithreaded process if
179              the new security context is bounded by the old security context,
180              where  the  bounded relation is defined in policy and guarantees
181              that the new security context has a subset of the permissions of
182              the old security context.
183
184              Other  security  modules  may choose to support "set" operations
185              via writes to this node.
186
187       /proc/pid/attr/exec (since Linux 2.6.0)
188              This file represents the attributes to  assign  to  the  process
189              upon a subsequent execve(2).
190
191              In  SELinux,  this is needed to support role/domain transitions,
192              and execve(2) is the preferred point to  make  such  transitions
193              because  it offers better control over the initialization of the
194              process in the new security label and the inheritance of  state.
195              In SELinux, this attribute is reset on execve(2) so that the new
196              program reverts to the default behavior for any execve(2)  calls
197              that  it  may  make.  In SELinux, a process can set only its own
198              /proc/pid/attr/exec attribute.
199
200       /proc/pid/attr/fscreate (since Linux 2.6.0)
201              This file represents the attributes to assign to  files  created
202              by  subsequent  calls  to  open(2),  mkdir(2),  symlink(2),  and
203              mknod(2)
204
205              SELinux employs this file to support creation of a  file  (using
206              the  aforementioned  system  calls)  in  a secure state, so that
207              there is no risk of inappropriate access being obtained  between
208              the  time  of creation and the time that attributes are set.  In
209              SELinux, this attribute is reset on execve(2), so that  the  new
210              program  reverts  to  the default behavior for any file creation
211              calls it may make, but the attribute will persist across  multi‐
212              ple file creation calls within a program unless it is explicitly
213              reset.   In  SELinux,  a  process   can   set   only   its   own
214              /proc/pid/attr/fscreate attribute.
215
216       /proc/pid/attr/keycreate (since Linux 2.6.18)
217              If  a process writes a security context into this file, all sub‐
218              sequently created keys (add_key(2)) will be  labeled  with  this
219              context.   For  further  information, see the kernel source file
220              Documentation/security/keys/core.rst (or file  Documentation/se‐
221              curity/keys.txt  between Linux 3.0 and Linux 4.13, or Documenta‐
222              tion/keys.txt before Linux 3.0).
223
224       /proc/pid/attr/prev (since Linux 2.6.0)
225              This file contains the security context of  the  process  before
226              the   last   execve(2);   that   is,   the   previous  value  of
227              /proc/pid/attr/current.
228
229       /proc/pid/attr/socketcreate (since Linux 2.6.18)
230              If a process writes a security context into this file, all  sub‐
231              sequently created sockets will be labeled with this context.
232
233       /proc/pid/autogroup (since Linux 2.6.38)
234              See sched(7).
235
236       /proc/pid/auxv (since Linux 2.6.0)
237              This  contains  the  contents of the ELF interpreter information
238              passed to the process at exec time.  The format is one  unsigned
239              long  ID  plus one unsigned long value for each entry.  The last
240              entry contains two zeros.  See also getauxval(3).
241
242              Permission to access this file is governed by  a  ptrace  access
243              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
244
245       /proc/pid/cgroup (since Linux 2.6.24)
246              See cgroups(7).
247
248       /proc/pid/clear_refs (since Linux 2.6.22)
249
250              This  is  a  write-only  file,  writable  only  by  owner of the
251              process.
252
253              The following values may be written to the file:
254
255              1 (since Linux 2.6.22)
256                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
257                     the  pages  associated  with  the process.  (Before Linux
258                     2.6.32, writing any nonzero value to this file  had  this
259                     effect.)
260
261              2 (since Linux 2.6.32)
262                     Reset  the  PG_Referenced and ACCESSED/YOUNG bits for all
263                     anonymous pages associated with the process.
264
265              3 (since Linux 2.6.32)
266                     Reset the PG_Referenced and ACCESSED/YOUNG bits  for  all
267                     file-mapped pages associated with the process.
268
269              Clearing  the  PG_Referenced  and ACCESSED/YOUNG bits provides a
270              method to measure approximately how much memory a process is us‐
271              ing.   One  first inspects the values in the "Referenced" fields
272              for the VMAs shown in /proc/pid/smaps to get an idea of the mem‐
273              ory footprint of the process.  One then clears the PG_Referenced
274              and ACCESSED/YOUNG bits and, after some measured time  interval,
275              once again inspects the values in the "Referenced" fields to get
276              an idea of the change in memory footprint of the process  during
277              the  measured interval.  If one is interested only in inspecting
278              the selected mapping types, then the value 2 or 3  can  be  used
279              instead of 1.
280
281              Further values can be written to affect different properties:
282
283              4 (since Linux 3.11)
284                     Clear  the  soft-dirty  bit  for all the pages associated
285                     with the process.  This  is  used  (in  conjunction  with
286                     /proc/pid/pagemap)  by  the check-point restore system to
287                     discover which pages of a process have been dirtied since
288                     the file /proc/pid/clear_refs was written to.
289
290              5 (since Linux 4.0)
291                     Reset  the  peak resident set size ("high water mark") to
292                     the process's current resident set size value.
293
294              Writing any  value  to  /proc/pid/clear_refs  other  than  those
295              listed above has no effect.
296
297              The  /proc/pid/clear_refs  file  is  present  only  if  the CON‐
298              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
299
300       /proc/pid/cmdline
301              This read-only file holds the  complete  command  line  for  the
302              process,  unless  the  process is a zombie.  In the latter case,
303              there is nothing in this file: that is, a read on this file will
304              return 0 characters.
305
306              For  processes  which  are still running, the command-line argu‐
307              ments appear in this file in the  same  layout  as  they  do  in
308              process  memory:  If the process is well-behaved, it is a set of
309              strings separated by null bytes ('\0'), with a further null byte
310              after the last string.
311
312              This is the common case, but processes have the freedom to over‐
313              ride the memory region and break assumptions about the  contents
314              or format of the /proc/pid/cmdline file.
315
316              If,  after  an execve(2), the process modifies its argv strings,
317              those changes will show up here.  This is not the same thing  as
318              modifying the argv array.
319
320              Furthermore,  a process may change the memory location that this
321              file refers via prctl(2) operations such as PR_SET_MM_ARG_START.
322
323              Think of this file as the command line that  the  process  wants
324              you to see.
325
326       /proc/pid/comm (since Linux 2.6.33)
327              This  file exposes the process's comm value—that is, the command
328              name associated with the process.  Different threads in the same
329              process   may   have   different  comm  values,  accessible  via
330              /proc/pid/task/tid/comm.  A thread may modify its comm value, or
331              that  of  any  of other thread in the same thread group (see the
332              discussion of CLONE_THREAD in clone(2)), by writing to the  file
333              /proc/self/task/tid/comm.   Strings  longer  than  TASK_COMM_LEN
334              (16)  characters  (including  the  terminating  null  byte)  are
335              silently truncated.
336
337              This  file  provides  a superset of the prctl(2) PR_SET_NAME and
338              PR_GET_NAME operations, and is employed by pthread_setname_np(3)
339              when used to rename threads other than the caller.  The value in
340              this file  is  used  for  the  %e  specifier  in  /proc/sys/ker‐
341              nel/core_pattern; see core(5).
342
343       /proc/pid/coredump_filter (since Linux 2.6.23)
344              See core(5).
345
346       /proc/pid/cpuset (since Linux 2.6.12)
347              See cpuset(7).
348
349       /proc/pid/cwd
350              This  is a symbolic link to the current working directory of the
351              process.  To find out the current working directory  of  process
352              20, for instance, you can do this:
353
354                  $ cd /proc/20/cwd; pwd -P
355
356              In  a  multithreaded process, the contents of this symbolic link
357              are not available if the  main  thread  has  already  terminated
358              (typically by calling pthread_exit(3)).
359
360              Permission  to  dereference  or read (readlink(2)) this symbolic
361              link is governed by a ptrace  access  mode  PTRACE_MODE_READ_FS‐
362              CREDS check; see ptrace(2).
363
364       /proc/pid/environ
365              This file contains the initial environment that was set when the
366              currently executing program was started via execve(2).  The  en‐
367              tries  are  separated  by  null bytes ('\0'), and there may be a
368              null byte at the end.  Thus, to print  out  the  environment  of
369              process 1, you would do:
370
371                  $ cat /proc/1/environ | tr '\000' '\n'
372
373              If,  after  an  execve(2),  the process modifies its environment
374              (e.g., by calling functions such as putenv(3) or  modifying  the
375              environ(7)  variable directly), this file will not reflect those
376              changes.
377
378              Furthermore, a process may change the memory location that  this
379              file refers via prctl(2) operations such as PR_SET_MM_ENV_START.
380
381              Permission  to  access  this file is governed by a ptrace access
382              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
383
384       /proc/pid/exe
385              Under Linux 2.2 and later, this file is a symbolic link contain‐
386              ing  the actual pathname of the executed command.  This symbolic
387              link can be dereferenced normally; attempting to  open  it  will
388              open the executable.  You can even type /proc/pid/exe to run an‐
389              other copy of the same executable that is being run  by  process
390              pid.   If the pathname has been unlinked, the symbolic link will
391              contain the string ' (deleted)' appended to the  original  path‐
392              name.  In a multithreaded process, the contents of this symbolic
393              link are not available if the main thread has already terminated
394              (typically by calling pthread_exit(3)).
395
396              Permission  to  dereference  or read (readlink(2)) this symbolic
397              link is governed by a ptrace  access  mode  PTRACE_MODE_READ_FS‐
398              CREDS check; see ptrace(2).
399
400              Under  Linux  2.0 and earlier, /proc/pid/exe is a pointer to the
401              binary which was executed, and appears as a  symbolic  link.   A
402              readlink(2)  call  on this file under Linux 2.0 returns a string
403              in the format:
404
405                  [device]:inode
406
407              For example, [0301]:1502 would be inode 1502 on device major  03
408              (IDE,  MFM,  etc. drives) minor 01 (first partition on the first
409              drive).
410
411              find(1) with the -inum option can be used to locate the file.
412
413       /proc/pid/fd/
414              This is a subdirectory containing one entry for each file  which
415              the process has open, named by its file descriptor, and which is
416              a symbolic link to the actual file.  Thus, 0 is standard  input,
417              1 standard output, 2 standard error, and so on.
418
419              For  file descriptors for pipes and sockets, the entries will be
420              symbolic links whose content is the file type with the inode.  A
421              readlink(2) call on this file returns a string in the format:
422
423                  type:[inode]
424
425              For  example, socket:[2248868] will be a socket and its inode is
426              2248868.  For sockets, that inode can be used to find  more  in‐
427              formation in one of the files under /proc/net/.
428
429              For  file  descriptors  that  have no corresponding inode (e.g.,
430              file   descriptors   produced   by   bpf(2),    epoll_create(2),
431              eventfd(2),  inotify_init(2),  perf_event_open(2),  signalfd(2),
432              timerfd_create(2), and userfaultfd(2)), the entry will be a sym‐
433              bolic link with contents of the form
434
435                  anon_inode:file-type
436
437              In  many  cases  (but  not  all), the file-type is surrounded by
438              square brackets.
439
440              For example, an epoll file descriptor will have a symbolic  link
441              whose content is the string anon_inode:[eventpoll].
442
443              In  a  multithreaded process, the contents of this directory are
444              not available if the main thread has already  terminated  (typi‐
445              cally by calling pthread_exit(3)).
446
447              Programs  that  take  a filename as a command-line argument, but
448              don't take input from standard input if no argument is supplied,
449              and  programs that write to a file named as a command-line argu‐
450              ment, but don't send their output to standard output if no argu‐
451              ment is supplied, can nevertheless be made to use standard input
452              or standard output by using /proc/pid/fd files  as  command-line
453              arguments.   For example, assuming that -i is the flag designat‐
454              ing an input file and -o is the flag designating an output file:
455
456                  $ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
457
458              and you have a working filter.
459
460              /proc/self/fd/N is approximately the same as /dev/fd/N  in  some
461              UNIX and UNIX-like systems.  Most Linux MAKEDEV scripts symboli‐
462              cally link /dev/fd to /proc/self/fd, in fact.
463
464              Most systems provide symbolic links /dev/stdin, /dev/stdout, and
465              /dev/stderr, which respectively link to the files 0, 1, and 2 in
466              /proc/self/fd.  Thus the example command above could be  written
467              as:
468
469                  $ foobar -i /dev/stdin -o /dev/stdout ...
470
471              Permission  to  dereference  or  read (readlink(2)) the symbolic
472              links in this directory is governed  by  a  ptrace  access  mode
473              PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
474
475              Note  that  for  file descriptors referring to inodes (pipes and
476              sockets, see above), those inodes still have permission bits and
477              ownership  information  distinct  from those of the /proc/pid/fd
478              entry, and that the owner may differ from the user and group IDs
479              of the process.  An unprivileged process may lack permissions to
480              open them, as in this example:
481
482                  $ echo test | sudo -u nobody cat
483                  test
484                  $ echo test | sudo -u nobody cat /proc/self/fd/0
485                  cat: /proc/self/fd/0: Permission denied
486
487              File descriptor 0 refers to the pipe created by  the  shell  and
488              owned by that shell's user, which is not nobody, so cat does not
489              have permission to create a new file  descriptor  to  read  from
490              that inode, even though it can still read from its existing file
491              descriptor 0.
492
493       /proc/pid/fdinfo/ (since Linux 2.6.22)
494              This is a subdirectory containing one entry for each file  which
495              the  process  has open, named by its file descriptor.  The files
496              in this directory are readable only by the owner of the process.
497              The  contents  of  each  file  can be read to obtain information
498              about the corresponding file descriptor.  The content depends on
499              the  type of file referred to by the corresponding file descrip‐
500              tor.
501
502              For regular files and directories, we see something like:
503
504                  $ cat /proc/12015/fdinfo/4
505                  pos:    1000
506                  flags:  01002002
507                  mnt_id: 21
508
509              The fields are as follows:
510
511              pos    This is a decimal number showing the file offset.
512
513              flags  This is an octal number that  displays  the  file  access
514                     mode  and file status flags (see open(2)).  If the close-
515                     on-exec file descriptor flag is set, then flags will also
516                     include the value O_CLOEXEC.
517
518                     Before  Linux  3.1,  this field incorrectly displayed the
519                     setting of O_CLOEXEC at the time  the  file  was  opened,
520                     rather  than  the  current  setting  of the close-on-exec
521                     flag.
522
523              mnt_id This field, present since Linux 3.15, is the  ID  of  the
524                     mount  containing  this  file.   See  the  description of
525                     /proc/pid/mountinfo.
526
527              For eventfd file descriptors (see  eventfd(2)),  we  see  (since
528              Linux 3.8) the following fields:
529
530                  pos: 0
531                  flags:    02
532                  mnt_id:   10
533                  eventfd-count:               40
534
535              eventfd-count  is  the  current value of the eventfd counter, in
536              hexadecimal.
537
538              For epoll file descriptors (see epoll(7)), we see  (since  Linux
539              3.8) the following fields:
540
541                  pos: 0
542                  flags:    02
543                  mnt_id:   10
544                  tfd:        9 events:       19 data: 74253d2500000009
545                  tfd:        7 events:       19 data: 74253d2500000007
546
547              Each  of  the  lines beginning tfd describes one of the file de‐
548              scriptors being monitored via the  epoll  file  descriptor  (see
549              epoll_ctl(2)  for some details).  The tfd field is the number of
550              the file descriptor.  The events field is a hexadecimal mask  of
551              the  events  being monitored for this file descriptor.  The data
552              field is the data value associated with this file descriptor.
553
554              For signalfd file descriptors (see signalfd(2)), we  see  (since
555              Linux 3.8) the following fields:
556
557                  pos: 0
558                  flags:    02
559                  mnt_id:   10
560                  sigmask:  0000000000000006
561
562              sigmask is the hexadecimal mask of signals that are accepted via
563              this signalfd file descriptor.  (In this example, bits 2  and  3
564              are  set,  corresponding  to the signals SIGINT and SIGQUIT; see
565              signal(7).)
566
567              For inotify file descriptors (see  inotify(7)),  we  see  (since
568              Linux 3.8) the following fields:
569
570                  pos: 0
571                  flags:    00
572                  mnt_id:   11
573                  inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
574                  inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
575
576              Each  of the lines beginning with "inotify" displays information
577              about one file or directory that is being monitored.  The fields
578              in this line are as follows:
579
580              wd     A watch descriptor number (in decimal).
581
582              ino    The inode number of the target file (in hexadecimal).
583
584              sdev   The  ID  of  the device where the target file resides (in
585                     hexadecimal).
586
587              mask   The mask of events being monitored for  the  target  file
588                     (in hexadecimal).
589
590              If  the  kernel was built with exportfs support, the path to the
591              target file is exposed as a file handle, via  three  hexadecimal
592              fields: fhandle-bytes, fhandle-type, and f_handle.
593
594              For  fanotify  file descriptors (see fanotify(7)), we see (since
595              Linux 3.8) the following fields:
596
597                  pos: 0
598                  flags:    02
599                  mnt_id:   11
600                  fanotify flags:0 event-flags:88002
601                  fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
602
603              The fourth line displays information defined when  the  fanotify
604              group was created via fanotify_init(2):
605
606              flags  The  flags  argument given to fanotify_init(2) (expressed
607                     in hexadecimal).
608
609              event-flags
610                     The event_f_flags argument given to fanotify_init(2) (ex‐
611                     pressed in hexadecimal).
612
613              Each  additional  line  shown  in  the file contains information
614              about one of the marks in the fanotify  group.   Most  of  these
615              fields are as for inotify, except:
616
617              mflags The flags associated with the mark (expressed in hexadec‐
618                     imal).
619
620              mask   The events mask for this mark (expressed in hexadecimal).
621
622              ignored_mask
623                     The mask of events that are ignored for  this  mark  (ex‐
624                     pressed in hexadecimal).
625
626              For details on these fields, see fanotify_mark(2).
627
628              For  timerfd  file  descriptors  (see timerfd(2)), we see (since
629              Linux 3.17) the following fields:
630
631                  pos:    0
632                  flags:  02004002
633                  mnt_id: 13
634                  clockid: 0
635                  ticks: 0
636                  settime flags: 03
637                  it_value: (7695568592, 640020877)
638                  it_interval: (0, 0)
639
640              clockid
641                     This is the numeric value of the clock ID  (corresponding
642                     to  one  of  the  CLOCK_* constants defined via <time.h>)
643                     that is used to mark the progress of the timer  (in  this
644                     example, 0 is CLOCK_REALTIME).
645
646              ticks  This  is  the  number  of timer expirations that have oc‐
647                     curred, (i.e., the value that read(2)  on  it  would  re‐
648                     turn).
649
650              settime flags
651                     This  field  lists  the  flags with which the timerfd was
652                     last armed (see timerfd_settime(2)), in  octal  (in  this
653                     example,   both   TFD_TIMER_ABSTIME   and  TFD_TIMER_CAN‐
654                     CEL_ON_SET are set).
655
656              it_value
657                     This field contains the amount of time  until  the  timer
658                     will  next  expire, expressed in seconds and nanoseconds.
659                     This is always expressed as a relative value,  regardless
660                     of  whether the timer was created using the TFD_TIMER_AB‐
661                     STIME flag.
662
663              it_interval
664                     This field contains the interval of the timer, in seconds
665                     and  nanoseconds.   (The  it_value and it_interval fields
666                     contain the values that timerfd_gettime(2) on  this  file
667                     descriptor would return.)
668
669       /proc/pid/gid_map (since Linux 3.5)
670              See user_namespaces(7).
671
672       /proc/pid/io (since Linux 2.6.20)
673              This file contains I/O statistics for the process, for example:
674
675                  # cat /proc/3828/io
676                  rchar: 323934931
677                  wchar: 323929600
678                  syscr: 632687
679                  syscw: 632675
680                  read_bytes: 0
681                  write_bytes: 323932160
682                  cancelled_write_bytes: 0
683
684              The fields are as follows:
685
686              rchar: characters read
687                     The number of bytes which this task has caused to be read
688                     from storage.  This is simply the sum of bytes which this
689                     process  passed  to read(2) and similar system calls.  It
690                     includes things such as terminal I/O and is unaffected by
691                     whether or not actual physical disk I/O was required (the
692                     read might have been satisfied from pagecache).
693
694              wchar: characters written
695                     The number of bytes which this task has caused, or  shall
696                     cause  to be written to disk.  Similar caveats apply here
697                     as with rchar.
698
699              syscr: read syscalls
700                     Attempt to count the number of read  I/O  operations—that
701                     is, system calls such as read(2) and pread(2).
702
703              syscw: write syscalls
704                     Attempt  to count the number of write I/O operations—that
705                     is, system calls such as write(2) and pwrite(2).
706
707              read_bytes: bytes read
708                     Attempt to count the number of bytes which  this  process
709                     really  did  cause  to be fetched from the storage layer.
710                     This is accurate for block-backed filesystems.
711
712              write_bytes: bytes written
713                     Attempt to count the number of bytes which  this  process
714                     caused to be sent to the storage layer.
715
716              cancelled_write_bytes:
717                     The big inaccuracy here is truncate.  If a process writes
718                     1 MB to a file and then deletes the file, it will in fact
719                     perform  no writeout.  But it will have been accounted as
720                     having caused 1 MB of write.  In other words: this  field
721                     represents  the number of bytes which this process caused
722                     to not happen, by truncating pagecache.  A task can cause
723                     "negative"  I/O  too.   If this task truncates some dirty
724                     pagecache, some I/O which another task has been accounted
725                     for (in its write_bytes) will not be happening.
726
727              Note:  In  the  current implementation, things are a bit racy on
728              32-bit systems: if process  A  reads  process  B's  /proc/pid/io
729              while  process  B  is  updating  one  of  these 64-bit counters,
730              process A could see an intermediate result.
731
732              Permission to access this file is governed by  a  ptrace  access
733              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
734
735       /proc/pid/limits (since Linux 2.6.24)
736              This file displays the soft limit, hard limit, and units of mea‐
737              surement for each of the process's resource  limits  (see  getr‐
738              limit(2)).   Up to and including Linux 2.6.35, this file is pro‐
739              tected to allow reading only by the real  UID  of  the  process.
740              Since  Linux  2.6.36,  this file is readable by all users on the
741              system.
742
743       /proc/pid/map_files/ (since Linux 3.3)
744              This subdirectory  contains  entries  corresponding  to  memory-
745              mapped  files (see mmap(2)).  Entries are named by memory region
746              start and end address pair (expressed as  hexadecimal  numbers),
747              and  are symbolic links to the mapped files themselves.  Here is
748              an example, with the output wrapped and reformatted to fit on an
749              80-column display:
750
751                  # ls -l /proc/self/map_files/
752                  lr--------. 1 root root 64 Apr 16 21:31
753                              3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
754                  ...
755
756              Although  these entries are present for memory regions that were
757              mapped with the MAP_FILE flag, the way anonymous  shared  memory
758              (regions created with the MAP_ANON | MAP_SHARED flags) is imple‐
759              mented in Linux means that such regions also appear on this  di‐
760              rectory.   Here  is  an  example  where  the  target file is the
761              deleted /dev/zero one:
762
763                  lrw-------. 1 root root 64 Apr 16 21:33
764                              7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
765
766              Permission to access this file is governed by  a  ptrace  access
767              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
768
769              Until  Linux  4.3,  this  directory  appeared  only  if the CON‐
770              FIG_CHECKPOINT_RESTORE kernel configuration option was enabled.
771
772              Capabilities are required to read the contents of  the  symbolic
773              links  in  this directory: before Linux 5.9, the reading process
774              requires CAP_SYS_ADMIN in  the  initial  user  namespace;  since
775              Linux 5.9, the reading process must have either CAP_SYS_ADMIN or
776              CAP_CHECKPOINT_RESTORE in the initial  (i.e.  root)  user  name‐
777              space.
778
779       /proc/pid/maps
780              A  file containing the currently mapped memory regions and their
781              access permissions.  See mmap(2) for  some  further  information
782              about memory mappings.
783
784              Permission  to  access  this file is governed by a ptrace access
785              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
786
787              The format of the file is:
788
789                  address           perms offset  dev   inode       pathname
790                  00400000-00452000 r-xp 00000000 08:02 173521      /usr/bin/dbus-daemon
791                  00651000-00652000 r--p 00051000 08:02 173521      /usr/bin/dbus-daemon
792                  00652000-00655000 rw-p 00052000 08:02 173521      /usr/bin/dbus-daemon
793                  00e03000-00e24000 rw-p 00000000 00:00 0           [heap]
794                  00e24000-011f7000 rw-p 00000000 00:00 0           [heap]
795                  ...
796                  35b1800000-35b1820000 r-xp 00000000 08:02 135522  /usr/lib64/ld-2.15.so
797                  35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522  /usr/lib64/ld-2.15.so
798                  35b1a20000-35b1a21000 rw-p 00020000 08:02 135522  /usr/lib64/ld-2.15.so
799                  35b1a21000-35b1a22000 rw-p 00000000 00:00 0
800                  35b1c00000-35b1dac000 r-xp 00000000 08:02 135870  /usr/lib64/libc-2.15.so
801                  35b1dac000-35b1fac000 ---p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
802                  35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870  /usr/lib64/libc-2.15.so
803                  35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870  /usr/lib64/libc-2.15.so
804                  ...
805                  f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0    [stack:986]
806                  ...
807                  7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0   [stack]
808                  7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0   [vdso]
809
810              The address field is the address space in the process  that  the
811              mapping occupies.  The perms field is a set of permissions:
812
813                  r = read
814                  w = write
815                  x = execute
816                  s = shared
817                  p = private (copy on write)
818
819              The  offset  field  is the offset into the file/whatever; dev is
820              the device (major:minor); inode is the inode on that device.   0
821              indicates that no inode is associated with the memory region, as
822              would be the case with BSS (uninitialized data).
823
824              The pathname field will usually be the file that is backing  the
825              mapping.  For ELF files, you can easily coordinate with the off‐
826              set field by looking at the Offset  field  in  the  ELF  program
827              headers (readelf -l).
828
829              There are additional helpful pseudo-paths:
830
831              [stack]
832                     The  initial  process's (also known as the main thread's)
833                     stack.
834
835              [stack:tid] (from Linux 3.4 to Linux 4.4)
836                     A thread's stack (where the tid is a thread ID).  It cor‐
837                     responds to the /proc/pid/task/tid/ path.  This field was
838                     removed in Linux 4.5, since  providing  this  information
839                     for a process with large numbers of threads is expensive.
840
841              [vdso] The   virtual  dynamically  linked  shared  object.   See
842                     vdso(7).
843
844              [heap] The process's heap.
845
846              [anon:name] (since Linux 5.17)
847                     A named private anonymous  mapping.   Set  with  prctl(2)
848                     PR_SET_VMA_ANON_NAME.
849
850              [anon_shmem:name] (since Linux 6.2)
851                     A  named  shared  anonymous  mapping.   Set with prctl(2)
852                     PR_SET_VMA_ANON_NAME.
853
854              If the pathname field is blank, this is an anonymous mapping  as
855              obtained  via  mmap(2).  There is no easy way to coordinate this
856              back to a process's source, short of running it through  gdb(1),
857              strace(1), or similar.
858
859              pathname is shown unescaped except for newline characters, which
860              are replaced with an octal escape sequence.  As a result, it  is
861              not  possible  to  determine  whether the original pathname con‐
862              tained a newline character or the  literal  \012  character  se‐
863              quence.
864
865              If the mapping is file-backed and the file has been deleted, the
866              string " (deleted)" is appended to the pathname.  Note that this
867              is ambiguous too.
868
869              Under Linux 2.0, there is no field giving pathname.
870
871       /proc/pid/mem
872              This  file can be used to access the pages of a process's memory
873              through open(2), read(2), and lseek(2).
874
875              Permission to access this file is governed by  a  ptrace  access
876              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
877
878       /proc/pid/mountinfo (since Linux 2.6.26)
879              This  file  contains  information  about mounts in the process's
880              mount namespace (see mount_namespaces(7)).  It supplies  various
881              information  (e.g.,  propagation  state,  root of mount for bind
882              mounts, identifier for each mount and its parent) that is  miss‐
883              ing  from  the  (older) /proc/pid/mounts file, and fixes various
884              other problems with that file (e.g.,  nonextensibility,  failure
885              to distinguish per-mount versus per-superblock options).
886
887              The file contains lines of the form:
888
889              36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
890              (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
891
892              The  numbers  in parentheses are labels for the descriptions be‐
893              low:
894
895              (1)  mount ID: a unique ID for the mount (may  be  reused  after
896                   umount(2)).
897
898              (2)  parent  ID:  the ID of the parent mount (or of self for the
899                   root of this mount namespace's mount tree).
900
901                   If a new mount is stacked on top  of  a  previous  existing
902                   mount  (so that it hides the existing mount) at pathname P,
903                   then the parent of the new mount is the previous  mount  at
904                   that  location.   Thus,  when  looking  at  all  the mounts
905                   stacked at a particular location, the top-most mount is the
906                   one  that  is not the parent of any other mount at the same
907                   location.  (Note, however, that this top-most mount will be
908                   accessible  only if the longest path subprefix of P that is
909                   a mount point is not itself hidden by a stacked mount.)
910
911                   If the parent mount lies outside the process's root  direc‐
912                   tory (see chroot(2)), the ID shown here won't have a corre‐
913                   sponding record in  mountinfo  whose  mount  ID  (field  1)
914                   matches  this parent mount ID (because mounts that lie out‐
915                   side  the  process's  root  directory  are  not  shown   in
916                   mountinfo).  As a special case of this point, the process's
917                   root mount may have  a  parent  mount  (for  the  initramfs
918                   filesystem) that lies outside the process's root directory,
919                   and an entry for that mount will not appear in mountinfo.
920
921              (3)  major:minor: the value of st_dev for files on this filesys‐
922                   tem (see stat(2)).
923
924              (4)  root: the pathname of the directory in the filesystem which
925                   forms the root of this mount.
926
927              (5)  mount point: the pathname of the mount  point  relative  to
928                   the process's root directory.
929
930              (6)  mount options: per-mount options (see mount(2)).
931
932              (7)  optional   fields:   zero   or  more  fields  of  the  form
933                   "tag[:value]"; see below.
934
935              (8)  separator: the end of the optional fields is  marked  by  a
936                   single hyphen.
937
938              (9)  filesystem   type:   the   filesystem   type  in  the  form
939                   "type[.subtype]".
940
941              (10) mount source: filesystem-specific information or "none".
942
943              (11) super options: per-superblock options (see mount(2)).
944
945              Currently, the possible  optional  fields  are  shared,  master,
946              propagate_from,  and  unbindable.  See mount_namespaces(7) for a
947              description of these fields.  Parsers should ignore all unrecog‐
948              nized optional fields.
949
950              For   more  information  on  mount  propagation  see  Documenta‐
951              tion/filesystems/sharedsubtree.rst  (or   Documentation/filesys‐
952              tems/sharedsubtree.txt  before  Linux  5.8)  in the Linux kernel
953              source tree.
954
955       /proc/pid/mounts (since Linux 2.4.19)
956              This file lists all the filesystems  currently  mounted  in  the
957              process's mount namespace (see mount_namespaces(7)).  The format
958              of this file is documented in fstab(5).
959
960              Since Linux 2.6.15, this file is  pollable:  after  opening  the
961              file  for  reading,  a  change  in this file (i.e., a filesystem
962              mount or unmount) causes select(2) to mark the  file  descriptor
963              as   having   an   exceptional   condition,   and   poll(2)  and
964              epoll_wait(2) mark the file as having a  priority  event  (POLL‐
965              PRI).  (Before Linux 2.6.30, a change in this file was indicated
966              by the file descriptor being marked as readable  for  select(2),
967              and  being  marked  as having an error condition for poll(2) and
968              epoll_wait(2).)
969
970       /proc/pid/mountstats (since Linux 2.6.17)
971              This file exports information (statistics, configuration  infor‐
972              mation)  about  the mounts in the process's mount namespace (see
973              mount_namespaces(7)).  Lines in this file have the form:
974
975                  device /dev/sda7 mounted on /home with fstype ext3 [stats]
976                  (       1      )            ( 2 )             (3 ) (  4  )
977
978              The fields in each line are:
979
980              (1)  The name of the mounted device (or "nodevice" if  there  is
981                   no corresponding device).
982
983              (2)  The mount point within the filesystem tree.
984
985              (3)  The filesystem type.
986
987              (4)  Optional  statistics  and  configuration information.  Cur‐
988                   rently (as at Linux 2.6.26), only  NFS  filesystems  export
989                   information via this field.
990
991              This file is readable only by the owner of the process.
992
993       /proc/pid/net (since Linux 2.6.25)
994              See the description of /proc/net.
995
996       /proc/pid/ns/ (since Linux 3.0)
997              This  is  a subdirectory containing one entry for each namespace
998              that supports being manipulated by setns(2).  For more  informa‐
999              tion, see namespaces(7).
1000
1001       /proc/pid/numa_maps (since Linux 2.6.14)
1002              See numa(7).
1003
1004       /proc/pid/oom_adj (since Linux 2.6.11)
1005              This  file  can be used to adjust the score used to select which
1006              process should be killed in an  out-of-memory  (OOM)  situation.
1007              The  kernel  uses  this  value  for a bit-shift operation of the
1008              process's oom_score value: valid values are in the range -16  to
1009              +15,  plus the special value -17, which disables OOM-killing al‐
1010              together for this process.  A positive score increases the like‐
1011              lihood  of  this process being killed by the OOM-killer; a nega‐
1012              tive score decreases the likelihood.
1013
1014              The default value for this file is 0; a new process inherits its
1015              parent's   oom_adj   setting.   A  process  must  be  privileged
1016              (CAP_SYS_RESOURCE) to update this file, although a  process  can
1017              always increase its own oom_adj setting (since Linux 2.6.20).
1018
1019              Since  Linux  2.6.36, use of this file is deprecated in favor of
1020              /proc/pid/oom_score_adj, and finally removed in Linux 3.7.
1021
1022       /proc/pid/oom_score (since Linux 2.6.11)
1023              This file displays the current score that the  kernel  gives  to
1024              this process for the purpose of selecting a process for the OOM-
1025              killer.  A higher score means that the process is more likely to
1026              be  selected by the OOM-killer.  The basis for this score is the
1027              amount of memory used by the process, with increases (+) or  de‐
1028              creases (-) for factors including:
1029
1030              •  whether the process is privileged (-).
1031
1032              Before  Linux 2.6.36 the following factors were also used in the
1033              calculation of oom_score:
1034
1035              •  whether the process creates a lot of children  using  fork(2)
1036                 (+);
1037
1038              •  whether the process has been running a long time, or has used
1039                 a lot of CPU time (-);
1040
1041              •  whether the process has a low nice value (i.e., > 0) (+); and
1042
1043              •  whether the process is making direct hardware access (-).
1044
1045              The oom_score also reflects  the  adjustment  specified  by  the
1046              oom_score_adj or oom_adj setting for the process.
1047
1048       /proc/pid/oom_score_adj (since Linux 2.6.36)
1049              This  file  can  be used to adjust the badness heuristic used to
1050              select which process gets killed in out-of-memory conditions.
1051
1052              The badness heuristic assigns a value  to  each  candidate  task
1053              ranging  from  0 (never kill) to 1000 (always kill) to determine
1054              which process is targeted.  The units are roughly  a  proportion
1055              along  that  range  of  allowed  memory the process may allocate
1056              from, based on an estimation of its current memory and swap use.
1057              For  example, if a task is using all allowed memory, its badness
1058              score will be 1000.  If it is using half of its allowed  memory,
1059              its score will be 500.
1060
1061              There  is  an  additional  factor included in the badness score:
1062              root processes are given 3% extra memory over other tasks.
1063
1064              The amount of "allowed" memory depends on the context  in  which
1065              the  OOM-killer was called.  If it is due to the memory assigned
1066              to the allocating task's cpuset  being  exhausted,  the  allowed
1067              memory  represents  the set of mems assigned to that cpuset (see
1068              cpuset(7)).  If it is due to a  mempolicy's  node(s)  being  ex‐
1069              hausted,  the  allowed  memory  represents  the set of mempolicy
1070              nodes.  If it is due to a memory limit  (or  swap  limit)  being
1071              reached,  the allowed memory is that configured limit.  Finally,
1072              if it is due to the entire system being out of memory,  the  al‐
1073              lowed memory represents all allocatable resources.
1074
1075              The  value of oom_score_adj is added to the badness score before
1076              it is used to determine which task to kill.   Acceptable  values
1077              range     from     -1000     (OOM_SCORE_ADJ_MIN)     to    +1000
1078              (OOM_SCORE_ADJ_MAX).  This allows  user  space  to  control  the
1079              preference  for  OOM-killing,  ranging  from always preferring a
1080              certain task or completely disabling it from  OOM-killing.   The
1081              lowest  possible  value,  -1000, is equivalent to disabling OOM-
1082              killing entirely for that task, since it will  always  report  a
1083              badness score of 0.
1084
1085              Consequently,  it  is  very  simple for user space to define the
1086              amount  of  memory  to  consider  for  each  task.   Setting  an
1087              oom_score_adj  value of +500, for example, is roughly equivalent
1088              to allowing the remainder of  tasks  sharing  the  same  system,
1089              cpuset,  mempolicy,  or  memory  controller  resources to use at
1090              least 50% more memory.  A value of  -500,  on  the  other  hand,
1091              would be roughly equivalent to discounting 50% of the task's al‐
1092              lowed memory from being considered as scoring against the task.
1093
1094              For    backward    compatibility    with    previous    kernels,
1095              /proc/pid/oom_adj  can  still be used to tune the badness score.
1096              Its value is scaled linearly with oom_score_adj.
1097
1098              Writing to  /proc/pid/oom_score_adj  or  /proc/pid/oom_adj  will
1099              change the other with its scaled value.
1100
1101              The  choom(1)  program provides a command-line interface for ad‐
1102              justing the oom_score_adj value of a running process or a  newly
1103              executed command.
1104
1105       /proc/pid/pagemap (since Linux 2.6.25)
1106              This  file  shows  the  mapping of each of the process's virtual
1107              pages into physical page frames or swap area.  It  contains  one
1108              64-bit  value  for  each virtual page, with the bits set as fol‐
1109              lows:
1110
1111              63     If set, the page is present in RAM.
1112
1113              62     If set, the page is in swap space
1114
1115              61 (since Linux 3.5)
1116                     The page is a file-mapped  page  or  a  shared  anonymous
1117                     page.
1118
1119              60–58 (since Linux 3.11)
1120                     Zero
1121
1122              57 (since Linux 5.14)
1123                     If   set,  the  page  is  write-protected  through  user‐
1124                     faultfd(2).
1125
1126              56 (since Linux 4.2)
1127                     The page is exclusively mapped.
1128
1129              55 (since Linux 3.11)
1130                     PTE is soft-dirty (see the kernel source file  Documenta‐
1131                     tion/admin-guide/mm/soft-dirty.rst).
1132
1133              54–0   If  the  page is present in RAM (bit 63), then these bits
1134                     provide the page frame number, which can be used to index
1135                     /proc/kpageflags  and  /proc/kpagecount.   If the page is
1136                     present in swap (bit 62), then bits  4–0  give  the  swap
1137                     type, and bits 54–5 encode the swap offset.
1138
1139              Before Linux 3.11, bits 60–55 were used to encode the base-2 log
1140              of the page size.
1141
1142              To employ /proc/pid/pagemap efficiently, use  /proc/pid/maps  to
1143              determine  which areas of memory are actually mapped and seek to
1144              skip over unmapped regions.
1145
1146              The  /proc/pid/pagemap  file  is  present  only  if   the   CON‐
1147              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1148
1149              Permission  to  access  this file is governed by a ptrace access
1150              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
1151
1152       /proc/pid/personality (since Linux 2.6.28)
1153              This read-only file exposes the process's execution  domain,  as
1154              set  by  personality(2).   The value is displayed in hexadecimal
1155              notation.
1156
1157              Permission to access this file is governed by  a  ptrace  access
1158              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1159
1160       /proc/pid/root
1161              UNIX  and  Linux  support  the idea of a per-process root of the
1162              filesystem, set by the chroot(2) system call.  This  file  is  a
1163              symbolic  link  that points to the process's root directory, and
1164              behaves in the same way as exe, and fd/*.
1165
1166              Note however that this file is not merely a symbolic  link.   It
1167              provides  the  same view of the filesystem (including namespaces
1168              and the set of per-process mounts) as the  process  itself.   An
1169              example  illustrates  this  point.   In one terminal, we start a
1170              shell in new user and mount namespaces, and  in  that  shell  we
1171              create some new mounts:
1172
1173                  $ PS1='sh1# ' unshare -Urnm
1174                  sh1# mount -t tmpfs tmpfs /etc  # Mount empty tmpfs at /etc
1175                  sh1# mount --bind /usr /dev     # Mount /usr at /dev
1176                  sh1# echo $$
1177                  27123
1178
1179              In  a second terminal window, in the initial mount namespace, we
1180              look at the contents of the corresponding mounts in the  initial
1181              and new namespaces:
1182
1183                  $ PS1='sh2# ' sudo sh
1184                  sh2# ls /etc | wc -l                  # In initial NS
1185                  309
1186                  sh2# ls /proc/27123/root/etc | wc -l  # /etc in other NS
1187                  0                                     # The empty tmpfs dir
1188                  sh2# ls /dev | wc -l                  # In initial NS
1189                  205
1190                  sh2# ls /proc/27123/root/dev | wc -l  # /dev in other NS
1191                  11                                    # Actually bind
1192                                                        # mounted to /usr
1193                  sh2# ls /usr | wc -l                  # /usr in initial NS
1194                  11
1195
1196              In  a  multithreaded process, the contents of the /proc/pid/root
1197              symbolic link are not available if the main thread  has  already
1198              terminated (typically by calling pthread_exit(3)).
1199
1200              Permission  to  dereference  or read (readlink(2)) this symbolic
1201              link is governed by a ptrace  access  mode  PTRACE_MODE_READ_FS‐
1202              CREDS check; see ptrace(2).
1203
1204       /proc/pid/projid_map (since Linux 3.7)
1205              See user_namespaces(7).
1206
1207       /proc/pid/seccomp (Linux 2.6.12 to Linux 2.6.22)
1208              This  file  can  be used to read and change the process's secure
1209              computing (seccomp) mode setting.  It contains the  value  0  if
1210              the  process  is not in seccomp mode, and 1 if the process is in
1211              strict seccomp mode (see seccomp(2)).  Writing 1  to  this  file
1212              places  the  process irreversibly in strict seccomp mode.  (Fur‐
1213              ther attempts to write to the file fail with the EPERM error.)
1214
1215              In Linux 2.6.23, this file went away,  to  be  replaced  by  the
1216              prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations (and later
1217              by seccomp(2) and the Seccomp field in /proc/pid/status).
1218
1219       /proc/pid/setgroups (since Linux 3.19)
1220              See user_namespaces(7).
1221
1222       /proc/pid/smaps (since Linux 2.6.14)
1223              This file shows memory consumption for  each  of  the  process's
1224              mappings.  (The pmap(1) command displays similar information, in
1225              a form that may be easier for parsing.)  For each mapping  there
1226              is a series of lines such as the following:
1227
1228                  00400000-0048a000 r-xp 00000000 fd:03 960637       /bin/bash
1229                  Size:                552 kB
1230                  Rss:                 460 kB
1231                  Pss:                 100 kB
1232                  Shared_Clean:        452 kB
1233                  Shared_Dirty:          0 kB
1234                  Private_Clean:         8 kB
1235                  Private_Dirty:         0 kB
1236                  Referenced:          460 kB
1237                  Anonymous:             0 kB
1238                  AnonHugePages:         0 kB
1239                  ShmemHugePages:        0 kB
1240                  ShmemPmdMapped:        0 kB
1241                  Swap:                  0 kB
1242                  KernelPageSize:        4 kB
1243                  MMUPageSize:           4 kB
1244                  Locked:                0 kB
1245                  ProtectionKey:         0
1246                  VmFlags: rd ex mr mw me dw
1247
1248              The  first  of these lines shows the same information as is dis‐
1249              played for the mapping in /proc/pid/maps.  The  following  lines
1250              show  the size of the mapping, the amount of the mapping that is
1251              currently resident in RAM ("Rss"),  the  process's  proportional
1252              share  of  this  mapping  ("Pss"), the number of clean and dirty
1253              shared pages in the mapping, and the number of clean  and  dirty
1254              private pages in the mapping.  "Referenced" indicates the amount
1255              of memory currently marked as referenced or  accessed.   "Anony‐
1256              mous"  shows  the  amount  of memory that does not belong to any
1257              file.  "Swap" shows how much would-be-anonymous memory  is  also
1258              used, but out on swap.
1259
1260              The  "KernelPageSize" line (available since Linux 2.6.29) is the
1261              page size used by the kernel to back the  virtual  memory  area.
1262              This  matches the size used by the MMU in the majority of cases.
1263              However, one counter-example occurs on PPC64 kernels  whereby  a
1264              kernel  using 64 kB as a base page size may still use 4 kB pages
1265              for the MMU on older processors.  To  distinguish  the  two  at‐
1266              tributes,  the  "MMUPageSize"  line  (also available since Linux
1267              2.6.29) reports the page size used by the MMU.
1268
1269              The "Locked" indicates whether the mapping is locked  in  memory
1270              or not.
1271
1272              The  "ProtectionKey"  line  (available  since  Linux 4.9, on x86
1273              only) contains the memory protection key (see pkeys(7))  associ‐
1274              ated  with  the virtual memory area.  This entry is present only
1275              if the kernel was built with the CONFIG_X86_INTEL_MEMORY_PROTEC‐
1276              TION_KEYS configuration option (since Linux 4.6).
1277
1278              The  "VmFlags"  line  (available since Linux 3.8) represents the
1279              kernel flags associated with the virtual  memory  area,  encoded
1280              using the following two-letter codes:
1281
1282                     rd   -   readable
1283                     wr   -   writable
1284                     ex   -   executable
1285                     sh   -   shared
1286                     mr   -   may read
1287                     mw   -   may write
1288                     me   -   may execute
1289                     ms   -   may share
1290                     gd   -   stack segment grows down
1291                     pf   -   pure PFN range
1292                     dw   -   disabled write to the mapped file
1293                     lo   -   pages are locked in memory
1294                     io   -   memory mapped I/O area
1295                     sr   -   sequential read advise provided
1296                     rr   -   random read advise provided
1297                     dc   -   do not copy area on fork
1298                     de   -   do not expand area on remapping
1299                     ac   -   area is accountable
1300                     nr   -   swap space is not reserved for the area
1301                     ht   -   area uses huge tlb pages
1302                     sf   -   perform synchronous page faults (since Linux 4.15)
1303                     nl   -   non-linear mapping (removed in Linux 4.0)
1304                     ar   -   architecture specific flag
1305                     wf   -   wipe on fork (since Linux 4.14)
1306                     dd   -   do not include area into core dump
1307                     sd   -   soft-dirty flag (since Linux 3.13)
1308                     mm   -   mixed map area
1309                     hg   -   huge page advise flag
1310                     nh   -   no-huge page advise flag
1311                     mg   -   mergeable advise flag
1312                     um   -   userfaultfd missing pages tracking (since Linux 4.3)
1313                     uw   -   userfaultfd wprotect pages tracking (since Linux 4.3)
1314
1315              The   /proc/pid/smaps   file   is   present  only  if  the  CON‐
1316              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
1317
1318       /proc/pid/stack (since Linux 2.6.29)
1319              This file provides a symbolic trace of  the  function  calls  in
1320              this  process's kernel stack.  This file is provided only if the
1321              kernel was built with the  CONFIG_STACKTRACE  configuration  op‐
1322              tion.
1323
1324              Permission  to  access  this file is governed by a ptrace access
1325              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1326
1327       /proc/pid/stat
1328              Status information about the process.  This is  used  by  ps(1).
1329              It is defined in the kernel source file fs/proc/array.c.
1330
1331              The  fields,  in order, with their proper scanf(3) format speci‐
1332              fiers, are listed below.  Whether or not certain of these fields
1333              display  valid  information  is governed by a ptrace access mode
1334              PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT check  (refer  to
1335              ptrace(2)).  If the check denies access, then the field value is
1336              displayed as 0.  The affected  fields  are  indicated  with  the
1337              marking [PT].
1338
1339              (1) pid  %d
1340                     The process ID.
1341
1342              (2) comm  %s
1343                     The  filename of the executable, in parentheses.  Strings
1344                     longer than TASK_COMM_LEN (16) characters (including  the
1345                     terminating  null  byte) are silently truncated.  This is
1346                     visible whether or not the executable is swapped out.
1347
1348              (3) state  %c
1349                     One  of  the  following  characters,  indicating  process
1350                     state:
1351
1352                     R      Running
1353
1354                     S      Sleeping in an interruptible wait
1355
1356                     D      Waiting in uninterruptible disk sleep
1357
1358                     Z      Zombie
1359
1360                     T      Stopped  (on  a  signal)  or (before Linux 2.6.33)
1361                            trace stopped
1362
1363                     t      Tracing stop (Linux 2.6.33 onward)
1364
1365                     W      Paging (only before Linux 2.6.0)
1366
1367                     X      Dead (from Linux 2.6.0 onward)
1368
1369                     x      Dead (Linux 2.6.33 to 3.13 only)
1370
1371                     K      Wakekill (Linux 2.6.33 to 3.13 only)
1372
1373                     W      Waking (Linux 2.6.33 to 3.13 only)
1374
1375                     P      Parked (Linux 3.9 to 3.13 only)
1376
1377                     I      Idle (Linux 4.14 onward)
1378
1379              (4) ppid  %d
1380                     The PID of the parent of this process.
1381
1382              (5) pgrp  %d
1383                     The process group ID of the process.
1384
1385              (6) session  %d
1386                     The session ID of the process.
1387
1388              (7) tty_nr  %d
1389                     The controlling terminal of the process.  (The minor  de‐
1390                     vice number is contained in the combination of bits 31 to
1391                     20 and 7 to 0; the major device number is in bits  15  to
1392                     8.)
1393
1394              (8) tpgid  %d
1395                     The ID of the foreground process group of the controlling
1396                     terminal of the process.
1397
1398              (9) flags  %u
1399                     The kernel flags word of the process.  For bit  meanings,
1400                     see  the PF_* defines in the Linux kernel source file in‐
1401                     clude/linux/sched.h.  Details depend on the  kernel  ver‐
1402                     sion.
1403
1404                     The format for this field was %lu before Linux 2.6.
1405
1406              (10) minflt  %lu
1407                     The  number  of  minor  faults the process has made which
1408                     have not required loading a memory page from disk.
1409
1410              (11) cminflt  %lu
1411                     The number of minor faults that the process's  waited-for
1412                     children have made.
1413
1414              (12) majflt  %lu
1415                     The  number  of  major  faults the process has made which
1416                     have required loading a memory page from disk.
1417
1418              (13) cmajflt  %lu
1419                     The number of major faults that the process's  waited-for
1420                     children have made.
1421
1422              (14) utime  %lu
1423                     Amount  of  time  that this process has been scheduled in
1424                     user  mode,  measured   in   clock   ticks   (divide   by
1425                     sysconf(_SC_CLK_TCK)).    This   includes   guest   time,
1426                     guest_time (time spent running a virtual CPU, see below),
1427                     so that applications that are not aware of the guest time
1428                     field do not lose that time from their calculations.
1429
1430              (15) stime  %lu
1431                     Amount of time that this process has  been  scheduled  in
1432                     kernel   mode,   measured   in  clock  ticks  (divide  by
1433                     sysconf(_SC_CLK_TCK)).
1434
1435              (16) cutime  %ld
1436                     Amount of time that this  process's  waited-for  children
1437                     have been scheduled in user mode, measured in clock ticks
1438                     (divide by sysconf(_SC_CLK_TCK)).  (See  also  times(2).)
1439                     This includes guest time, cguest_time (time spent running
1440                     a virtual CPU, see below).
1441
1442              (17) cstime  %ld
1443                     Amount of time that this  process's  waited-for  children
1444                     have  been  scheduled  in  kernel mode, measured in clock
1445                     ticks (divide by sysconf(_SC_CLK_TCK)).
1446
1447              (18) priority  %ld
1448                     (Explanation for Linux 2.6) For processes running a real-
1449                     time scheduling policy (policy below; see sched_setsched‐
1450                     uler(2)), this is the negated scheduling priority,  minus
1451                     one;  that  is,  a number in the range -2 to -100, corre‐
1452                     sponding to real-time priorities 1 to 99.  For  processes
1453                     running  under a non-real-time scheduling policy, this is
1454                     the raw nice value (setpriority(2)) as represented in the
1455                     kernel.   The kernel stores nice values as numbers in the
1456                     range 0 (high) to 39 (low), corresponding  to  the  user-
1457                     visible nice range of -20 to 19.
1458
1459                     Before  Linux  2.6,  this was a scaled value based on the
1460                     scheduler weighting given to this process.
1461
1462              (19) nice  %ld
1463                     The nice value (see setpriority(2)), a value in the range
1464                     19 (low priority) to -20 (high priority).
1465
1466              (20) num_threads  %ld
1467                     Number of threads in this process (since Linux 2.6).  Be‐
1468                     fore Linux 2.6, this field was  hard  coded  to  0  as  a
1469                     placeholder for an earlier removed field.
1470
1471              (21) itrealvalue  %ld
1472                     The  time  in  jiffies before the next SIGALRM is sent to
1473                     the process  due  to  an  interval  timer.   Since  Linux
1474                     2.6.17,  this  field is no longer maintained, and is hard
1475                     coded as 0.
1476
1477              (22) starttime  %llu
1478                     The time the process started after system  boot.   Before
1479                     Linux  2.6,  this  value was expressed in jiffies.  Since
1480                     Linux 2.6, the value is expressed in clock ticks  (divide
1481                     by sysconf(_SC_CLK_TCK)).
1482
1483                     The format for this field was %lu before Linux 2.6.
1484
1485              (23) vsize  %lu
1486                     Virtual memory size in bytes.
1487
1488              (24) rss  %ld
1489                     Resident  Set  Size:  number  of pages the process has in
1490                     real memory.  This is just the pages which  count  toward
1491                     text,  data, or stack space.  This does not include pages
1492                     which have  not  been  demand-loaded  in,  or  which  are
1493                     swapped    out.     This   value   is   inaccurate;   see
1494                     /proc/pid/statm below.
1495
1496              (25) rsslim  %lu
1497                     Current soft limit in bytes on the rss  of  the  process;
1498                     see the description of RLIMIT_RSS in getrlimit(2).
1499
1500              (26) startcode  %lu  [PT]
1501                     The address above which program text can run.
1502
1503              (27) endcode  %lu  [PT]
1504                     The address below which program text can run.
1505
1506              (28) startstack  %lu  [PT]
1507                     The address of the start (i.e., bottom) of the stack.
1508
1509              (29) kstkesp  %lu  [PT]
1510                     The current value of ESP (stack pointer), as found in the
1511                     kernel stack page for the process.
1512
1513              (30) kstkeip  %lu  [PT]
1514                     The current EIP (instruction pointer).
1515
1516              (31) signal  %lu
1517                     The bitmap of pending signals,  displayed  as  a  decimal
1518                     number.   Obsolete,  because it does not provide informa‐
1519                     tion on real-time signals; use /proc/pid/status instead.
1520
1521              (32) blocked  %lu
1522                     The bitmap of blocked signals,  displayed  as  a  decimal
1523                     number.   Obsolete,  because it does not provide informa‐
1524                     tion on real-time signals; use /proc/pid/status instead.
1525
1526              (33) sigignore  %lu
1527                     The bitmap of ignored signals,  displayed  as  a  decimal
1528                     number.   Obsolete,  because it does not provide informa‐
1529                     tion on real-time signals; use /proc/pid/status instead.
1530
1531              (34) sigcatch  %lu
1532                     The bitmap of caught signals, displayed as a decimal num‐
1533                     ber.   Obsolete,  because it does not provide information
1534                     on real-time signals; use /proc/pid/status instead.
1535
1536              (35) wchan  %lu  [PT]
1537                     This is the "channel" in which the  process  is  waiting.
1538                     It  is  the address of a location in the kernel where the
1539                     process is sleeping.  The corresponding symbolic name can
1540                     be found in /proc/pid/wchan.
1541
1542              (36) nswap  %lu
1543                     Number of pages swapped (not maintained).
1544
1545              (37) cnswap  %lu
1546                     Cumulative nswap for child processes (not maintained).
1547
1548              (38) exit_signal  %d  (since Linux 2.1.22)
1549                     Signal to be sent to parent when we die.
1550
1551              (39) processor  %d  (since Linux 2.2.8)
1552                     CPU number last executed on.
1553
1554              (40) rt_priority  %u  (since Linux 2.5.19)
1555                     Real-time scheduling priority, a number in the range 1 to
1556                     99 for processes scheduled under a real-time  policy,  or
1557                     0,   for  non-real-time  processes  (see  sched_setsched‐
1558                     uler(2)).
1559
1560              (41) policy  %u  (since Linux 2.5.19)
1561                     Scheduling policy  (see  sched_setscheduler(2)).   Decode
1562                     using the SCHED_* constants in linux/sched.h.
1563
1564                     The format for this field was %lu before Linux 2.6.22.
1565
1566              (42) delayacct_blkio_ticks  %llu  (since Linux 2.6.18)
1567                     Aggregated  block  I/O  delays,  measured  in clock ticks
1568                     (centiseconds).
1569
1570              (43) guest_time  %lu  (since Linux 2.6.24)
1571                     Guest time of the process (time spent running  a  virtual
1572                     CPU  for  a  guest  operating  system), measured in clock
1573                     ticks (divide by sysconf(_SC_CLK_TCK)).
1574
1575              (44) cguest_time  %ld  (since Linux 2.6.24)
1576                     Guest time of the process's children, measured  in  clock
1577                     ticks (divide by sysconf(_SC_CLK_TCK)).
1578
1579              (45) start_data  %lu  (since Linux 3.3)  [PT]
1580                     Address above which program initialized and uninitialized
1581                     (BSS) data are placed.
1582
1583              (46) end_data  %lu  (since Linux 3.3)  [PT]
1584                     Address below which program initialized and uninitialized
1585                     (BSS) data are placed.
1586
1587              (47) start_brk  %lu  (since Linux 3.3)  [PT]
1588                     Address  above  which  program  heap can be expanded with
1589                     brk(2).
1590
1591              (48) arg_start  %lu  (since Linux 3.5)  [PT]
1592                     Address above which program command-line arguments (argv)
1593                     are placed.
1594
1595              (49) arg_end  %lu  (since Linux 3.5)  [PT]
1596                     Address  below  program command-line arguments (argv) are
1597                     placed.
1598
1599              (50) env_start  %lu  (since Linux 3.5)  [PT]
1600                     Address above which program environment is placed.
1601
1602              (51) env_end  %lu  (since Linux 3.5)  [PT]
1603                     Address below which program environment is placed.
1604
1605              (52) exit_code  %d  (since Linux 3.5)  [PT]
1606                     The thread's exit status in the form  reported  by  wait‐
1607                     pid(2).
1608
1609       /proc/pid/statm
1610              Provides information about memory usage, measured in pages.  The
1611              columns are:
1612
1613                  size       (1) total program size
1614                             (same as VmSize in /proc/pid/status)
1615                  resident   (2) resident set size
1616                             (inaccurate; same as VmRSS in /proc/pid/status)
1617                  shared     (3) number of resident shared pages
1618                             (i.e., backed by a file)
1619                             (inaccurate; same as RssFile+RssShmem in
1620                             /proc/pid/status)
1621                  text       (4) text (code)
1622                  lib        (5) library (unused since Linux 2.6; always 0)
1623                  data       (6) data + stack
1624                  dt         (7) dirty pages (unused since Linux 2.6; always 0)
1625
1626              Some of these values are inaccurate because of a kernel-internal
1627              scalability  optimization.  If accurate values are required, use
1628              /proc/pid/smaps or  /proc/pid/smaps_rollup  instead,  which  are
1629              much slower but provide accurate, detailed information.
1630
1631       /proc/pid/status
1632              Provides   much   of   the  information  in  /proc/pid/stat  and
1633              /proc/pid/statm in a format that's easier for humans  to  parse.
1634              Here's an example:
1635
1636                  $ cat /proc/$$/status
1637                  Name:   bash
1638                  Umask:  0022
1639                  State:  S (sleeping)
1640                  Tgid:   17248
1641                  Ngid:   0
1642                  Pid:    17248
1643                  PPid:   17200
1644                  TracerPid:      0
1645                  Uid:    1000    1000    1000    1000
1646                  Gid:    100     100     100     100
1647                  FDSize: 256
1648                  Groups: 16 33 100
1649                  NStgid: 17248
1650                  NSpid:  17248
1651                  NSpgid: 17248
1652                  NSsid:  17200
1653                  VmPeak:                                                         131168 kB
1654                  VmSize:                                                         131168 kB
1655                  VmLck:                                                               0 kB
1656                  VmPin:                                                               0 kB
1657                  VmHWM:                                                           13484 kB
1658                  VmRSS:                                                           13484 kB
1659                  RssAnon:                                                         10264 kB
1660                  RssFile:                                                          3220 kB
1661                  RssShmem:                                                            0 kB
1662                  VmData:                                                          10332 kB
1663                  VmStk:                                                             136 kB
1664                  VmExe:                                                             992 kB
1665                  VmLib:                                                            2104 kB
1666                  VmPTE:                                                              76 kB
1667                  VmPMD:                                                              12 kB
1668                  VmSwap:                                                              0 kB
1669                  HugetlbPages:          0 kB                                   # 4.4
1670                  CoreDumping:                                                  0                       # 4.15
1671                  Threads:        1
1672                  SigQ:   0/3067
1673                  SigPnd: 0000000000000000
1674                  ShdPnd: 0000000000000000
1675                  SigBlk: 0000000000010000
1676                  SigIgn: 0000000000384004
1677                  SigCgt: 000000004b813efb
1678                  CapInh: 0000000000000000
1679                  CapPrm: 0000000000000000
1680                  CapEff: 0000000000000000
1681                  CapBnd: ffffffffffffffff
1682                  CapAmb:                                                       0000000000000000
1683                  NoNewPrivs:     0
1684                  Seccomp:        0
1685                  Speculation_Store_Bypass:       vulnerable
1686                  Cpus_allowed:   00000001
1687                  Cpus_allowed_list:      0
1688                  Mems_allowed:   1
1689                  Mems_allowed_list:      0
1690                  voluntary_ctxt_switches:        150
1691                  nonvoluntary_ctxt_switches:     545
1692
1693              The fields are as follows:
1694
1695              Name   Command   run  by  this  process.   Strings  longer  than
1696                     TASK_COMM_LEN (16) characters (including the  terminating
1697                     null byte) are silently truncated.
1698
1699              Umask  Process  umask,  expressed  in octal with a leading zero;
1700                     see umask(2).  (Since Linux 4.7.)
1701
1702              State  Current state of the process.  One of "R  (running)",  "S
1703                     (sleeping)", "D (disk sleep)", "T (stopped)", "t (tracing
1704                     stop)", "Z (zombie)", or "X (dead)".
1705
1706              Tgid   Thread group ID (i.e., Process ID).
1707
1708              Ngid   NUMA group ID (0 if none; since Linux 3.13).
1709
1710              Pid    Thread ID (see gettid(2)).
1711
1712              PPid   PID of parent process.
1713
1714              TracerPid
1715                     PID of process tracing  this  process  (0  if  not  being
1716                     traced).
1717
1718              Uid, Gid
1719                     Real, effective, saved set, and filesystem UIDs (GIDs).
1720
1721              FDSize Number of file descriptor slots currently allocated.
1722
1723              Groups Supplementary group list.
1724
1725              NStgid Thread group ID (i.e., PID) in each of the PID namespaces
1726                     of which pid is a member.  The leftmost entry  shows  the
1727                     value  with  respect  to the PID namespace of the process
1728                     that mounted  this  procfs  (or  the  root  namespace  if
1729                     mounted  by the kernel), followed by the value in succes‐
1730                     sively nested inner namespaces.  (Since Linux 4.1.)
1731
1732              NSpid  Thread ID in each of the PID namespaces of which pid is a
1733                     member.   The  fields  are ordered as for NStgid.  (Since
1734                     Linux 4.1.)
1735
1736              NSpgid Process group ID in each of the PID namespaces  of  which
1737                     pid  is  a member.  The fields are ordered as for NStgid.
1738                     (Since Linux 4.1.)
1739
1740              NSsid  descendant namespace session ID hierarchy Session  ID  in
1741                     each of the PID namespaces of which pid is a member.  The
1742                     fields are ordered as for NStgid.  (Since Linux 4.1.)
1743
1744              VmPeak Peak virtual memory size.
1745
1746              VmSize Virtual memory size.
1747
1748              VmLck  Locked memory size (see mlock(2)).
1749
1750              VmPin  Pinned memory size (since Linux 3.2).   These  are  pages
1751                     that  can't  be moved because something needs to directly
1752                     access physical memory.
1753
1754              VmHWM  Peak resident set size ("high water mark").   This  value
1755                     is inaccurate; see /proc/pid/statm above.
1756
1757              VmRSS  Resident  set  size.  Note that the value here is the sum
1758                     of RssAnon, RssFile, and RssShmem.  This value is inaccu‐
1759                     rate; see /proc/pid/statm above.
1760
1761              RssAnon
1762                     Size  of  resident  anonymous memory.  (since Linux 4.5).
1763                     This value is inaccurate; see /proc/pid/statm above.
1764
1765              RssFile
1766                     Size of resident file mappings.  (since Linux 4.5).  This
1767                     value is inaccurate; see /proc/pid/statm above.
1768
1769              RssShmem
1770                     Size  of resident shared memory (includes System V shared
1771                     memory, mappings from tmpfs(5), and shared anonymous map‐
1772                     pings).  (since Linux 4.5).
1773
1774              VmData, VmStk, VmExe
1775                     Size  of  data,  stack, and text segments.  This value is
1776                     inaccurate; see /proc/pid/statm above.
1777
1778              VmLib  Shared library code size.
1779
1780              VmPTE  Page table entries size (since Linux 2.6.10).
1781
1782              VmPMD  Size of second-level page tables (added in Linux 4.0; re‐
1783                     moved in Linux 4.15).
1784
1785              VmSwap Swapped-out  virtual  memory  size  by  anonymous private
1786                     pages; shmem swap usage  is  not  included  (since  Linux
1787                     2.6.34).   This  value is inaccurate; see /proc/pid/statm
1788                     above.
1789
1790              HugetlbPages
1791                     Size of hugetlb memory portions (since Linux 4.4).
1792
1793              CoreDumping
1794                     Contains the value 1 if the process is currently  dumping
1795                     core, and 0 if it is not (since Linux 4.15).  This infor‐
1796                     mation can be used  by  a  monitoring  process  to  avoid
1797                     killing  a  process that is currently dumping core, which
1798                     could result in a corrupted core dump file.
1799
1800              Threads
1801                     Number of threads in process containing this thread.
1802
1803              SigQ   This field contains two slash-separated numbers that  re‐
1804                     late  to  queued  signals  for  the  real user ID of this
1805                     process.  The first of these is the number  of  currently
1806                     queued  signals  for this real user ID, and the second is
1807                     the resource limit on the number of  queued  signals  for
1808                     this process (see the description of RLIMIT_SIGPENDING in
1809                     getrlimit(2)).
1810
1811              SigPnd, ShdPnd
1812                     Mask (expressed in hexadecimal) of  signals  pending  for
1813                     thread  and  for  process as a whole (see pthreads(7) and
1814                     signal(7)).
1815
1816              SigBlk, SigIgn, SigCgt
1817                     Masks (expressed in hexadecimal) indicating signals being
1818                     blocked, ignored, and caught (see signal(7)).
1819
1820              CapInh, CapPrm, CapEff
1821                     Masks  (expressed in hexadecimal) of capabilities enabled
1822                     in inheritable, permitted, and effective sets (see  capa‐
1823                     bilities(7)).
1824
1825              CapBnd Capability  bounding set, expressed in hexadecimal (since
1826                     Linux 2.6.26, see capabilities(7)).
1827
1828              CapAmb Ambient capability set, expressed in  hexadecimal  (since
1829                     Linux 4.3, see capabilities(7)).
1830
1831              NoNewPrivs
1832                     Value  of  the  no_new_privs  bit  (since Linux 4.10, see
1833                     prctl(2)).
1834
1835              Seccomp
1836                     Seccomp mode of the process (since Linux  3.8,  see  sec‐
1837                     comp(2)).   0  means  SECCOMP_MODE_DISABLED; 1 means SEC‐
1838                     COMP_MODE_STRICT;  2  means  SECCOMP_MODE_FILTER.    This
1839                     field  is  provided only if the kernel was built with the
1840                     CONFIG_SECCOMP kernel configuration option enabled.
1841
1842              Speculation_Store_Bypass
1843                     Speculation flaw mitigation state (since Linux 4.17,  see
1844                     prctl(2)).
1845
1846              Cpus_allowed
1847                     Hexadecimal  mask  of  CPUs on which this process may run
1848                     (since Linux 2.6.24, see cpuset(7)).
1849
1850              Cpus_allowed_list
1851                     Same as previous,  but  in  "list  format"  (since  Linux
1852                     2.6.26, see cpuset(7)).
1853
1854              Mems_allowed
1855                     Mask of memory nodes allowed to this process (since Linux
1856                     2.6.24, see cpuset(7)).
1857
1858              Mems_allowed_list
1859                     Same as previous,  but  in  "list  format"  (since  Linux
1860                     2.6.26, see cpuset(7)).
1861
1862              voluntary_ctxt_switches, nonvoluntary_ctxt_switches
1863                     Number  of  voluntary  and  involuntary  context switches
1864                     (since Linux 2.6.23).
1865
1866       /proc/pid/syscall (since Linux 2.6.27)
1867              This file exposes the system call number and argument  registers
1868              for  the  system  call  currently being executed by the process,
1869              followed by the values of the stack pointer and program  counter
1870              registers.   The  values  of  all six argument registers are ex‐
1871              posed, although most system calls use fewer registers.
1872
1873              If the process is blocked, but not in a system  call,  then  the
1874              file displays -1 in place of the system call number, followed by
1875              just the values of the stack pointer and  program  counter.   If
1876              process  is  not blocked, then the file contains just the string
1877              "running".
1878
1879              This file is present only if the kernel was configured with CON‐
1880              FIG_HAVE_ARCH_TRACEHOOK.
1881
1882              Permission  to  access  this file is governed by a ptrace access
1883              mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
1884
1885       /proc/pid/task (since Linux 2.6.0)
1886              This is a directory that  contains  one  subdirectory  for  each
1887              thread in the process.  The name of each subdirectory is the nu‐
1888              merical thread ID (tid) of the thread (see gettid(2)).
1889
1890              Within each of these subdirectories, there is  a  set  of  files
1891              with the same names and contents as under the /proc/pid directo‐
1892              ries.  For attributes that are shared by all threads,  the  con‐
1893              tents  for  each  of the files under the task/tid subdirectories
1894              will be the same as in the  corresponding  file  in  the  parent
1895              /proc/pid  directory  (e.g.,  in a multithreaded process, all of
1896              the  task/tid/cwd  files  will  have  the  same  value  as   the
1897              /proc/pid/cwd  file  in  the  parent directory, since all of the
1898              threads in a process share a working directory).  For attributes
1899              that are distinct for each thread, the corresponding files under
1900              task/tid may have different values (e.g., various fields in each
1901              of  the task/tid/status files may be different for each thread),
1902              or they might not exist in /proc/pid at all.
1903
1904              In a multithreaded process, the contents of  the  /proc/pid/task
1905              directory  are not available if the main thread has already ter‐
1906              minated (typically by calling pthread_exit(3)).
1907
1908       /proc/pid/task/tid/children (since Linux 3.5)
1909              A space-separated list of child tasks of this task.  Each  child
1910              task is represented by its TID.
1911
1912              This option is intended for use by the checkpoint-restore (CRIU)
1913              system, and reliably provides a list of children only if all  of
1914              the  child  processes  are  stopped or frozen.  It does not work
1915              properly if children of the target task exit while the  file  is
1916              being  read!  Exiting children may cause non-exiting children to
1917              be omitted from the list.  This makes this interface  even  more
1918              unreliable  than  classic  PID-based approaches if the inspected
1919              task and its children aren't frozen, and most code should proba‐
1920              bly not use this interface.
1921
1922              Until  Linux  4.2, the presence of this file was governed by the
1923              CONFIG_CHECKPOINT_RESTORE kernel  configuration  option.   Since
1924              Linux 4.2, it is governed by the CONFIG_PROC_CHILDREN option.
1925
1926       /proc/pid/timers (since Linux 3.10)
1927              A  list  of  the  POSIX  timers for this process.  Each timer is
1928              listed with a line that starts with the string "ID:".  For exam‐
1929              ple:
1930
1931                  ID: 1
1932                  signal: 60/00007fff86e452a8
1933                  notify: signal/pid.2634
1934                  ClockID: 0
1935                  ID: 0
1936                  signal: 60/00007fff86e452a8
1937                  notify: signal/pid.2634
1938                  ClockID: 1
1939
1940              The lines shown for each timer have the following meanings:
1941
1942              ID     The ID for this timer.  This is not the same as the timer
1943                     ID returned by timer_create(2); rather, it  is  the  same
1944                     kernel-internal  ID  that is available via the si_timerid
1945                     field of the siginfo_t structure (see sigaction(2)).
1946
1947              signal This is the signal number that this timer uses to deliver
1948                     notifications   followed   by   a  slash,  and  then  the
1949                     sigev_value value supplied to the signal handler.   Valid
1950                     only for timers that notify via a signal.
1951
1952              notify The  part  before  the slash specifies the mechanism that
1953                     this timer uses to deliver notifications, and is  one  of
1954                     "thread", "signal", or "none".  Immediately following the
1955                     slash  is  either  the  string  "tid"  for  timers   with
1956                     SIGEV_THREAD_ID  notification,  or  "pid" for timers that
1957                     notify by other mechanisms.  Following the "." is the PID
1958                     of  the  process  (or the kernel thread ID of the thread)
1959                     that will be delivered a signal if the timer delivers no‐
1960                     tifications via a signal.
1961
1962              ClockID
1963                     This  field  identifies the clock that the timer uses for
1964                     measuring time.  For most clocks, this is a  number  that
1965                     matches  one  of the user-space CLOCK_* constants exposed
1966                     via <time.h>.   CLOCK_PROCESS_CPUTIME_ID  timers  display
1967                     with     a     value     of    -6    in    this    field.
1968                     CLOCK_THREAD_CPUTIME_ID timers display with a value of -2
1969                     in this field.
1970
1971              This  file is available only when the kernel was configured with
1972              CONFIG_CHECKPOINT_RESTORE.
1973
1974       /proc/pid/timerslack_ns (since Linux 4.6)
1975              This file exposes the process's "current" timer slack value, ex‐
1976              pressed  in  nanoseconds.   The  file  is writable, allowing the
1977              process's timer slack value to be changed.  Writing  0  to  this
1978              file  resets  the  "current"  timer slack to the "default" timer
1979              slack  value.   For  further  details,  see  the  discussion  of
1980              PR_SET_TIMERSLACK in prctl(2).
1981
1982              Initially,  permission  to  access  this  file was governed by a
1983              ptrace  access  mode   PTRACE_MODE_ATTACH_FSCREDS   check   (see
1984              ptrace(2)).   However, this was subsequently deemed too strict a
1985              requirement (and had the side effect that requiring a process to
1986              have  the  CAP_SYS_PTRACE capability would also allow it to view
1987              and change any process's memory).  Therefore, since  Linux  4.9,
1988              only  the (weaker) CAP_SYS_NICE capability is required to access
1989              this file.
1990
1991       /proc/pid/uid_map (since Linux 3.5)
1992              See user_namespaces(7).
1993
1994       /proc/pid/wchan (since Linux 2.6.0)
1995              The symbolic name corresponding to the location  in  the  kernel
1996              where the process is sleeping.
1997
1998              Permission  to  access  this file is governed by a ptrace access
1999              mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
2000
2001       /proc/tid
2002              There  is a numerical subdirectory for each running thread  that
2003              is  not a thread group leader (i.e., a thread whose thread ID is
2004              not the same as its process ID); the subdirectory  is  named  by
2005              the  thread ID.  Each one of these subdirectories contains files
2006              and subdirectories exposing information about  the  thread  with
2007              the  thread  ID  tid.  The contents of these directories are the
2008              same as the corresponding /proc/pid/task/tid directories.
2009
2010              The /proc/tid subdirectories  are  not  visible  when  iterating
2011              through  /proc  with  getdents(2) (and thus are not visible when
2012              one uses ls(1) to view the contents  of  /proc).   However,  the
2013              pathnames  of  these directories are visible to (i.e., usable as
2014              arguments in) system calls that operate on pathnames.
2015
2016       /proc/apm
2017              Advanced power management version and battery  information  when
2018              CONFIG_APM is defined at kernel compilation time.
2019
2020       /proc/buddyinfo
2021              This file contains information which is used for diagnosing mem‐
2022              ory fragmentation issues.  Each line starts with the identifica‐
2023              tion  of  the node and the name of the zone which together iden‐
2024              tify a memory region.  This is then followed  by  the  count  of
2025              available  chunks  of  a  certain order in which these zones are
2026              split.  The size in bytes of a certain order  is  given  by  the
2027              formula:
2028
2029                  (2^order) * PAGE_SIZE
2030
2031              The  binary  buddy  allocator  algorithm  inside the kernel will
2032              split one chunk into two chunks of a smaller  order  (thus  with
2033              half  the size) or combine two contiguous chunks into one larger
2034              chunk of a higher order (thus with double the size)  to  satisfy
2035              allocation  requests  and  to counter memory fragmentation.  The
2036              order matches the column number, when starting to count at zero.
2037
2038              For example on an x86-64 system:
2039         Node 0, zone     DMA     1    1    1    0    2    1    1    0    1    1    3
2040         Node 0, zone   DMA32    65   47    4   81   52   28   13   10    5    1  404
2041         Node 0, zone  Normal   216   55  189  101   84   38   37   27    5    3  587
2042
2043              In this example, there is one node containing  three  zones  and
2044              there are 11 different chunk sizes.  If the page size is 4 kilo‐
2045              bytes, then the first zone called  DMA  (on  x86  the  first  16
2046              megabyte  of memory) has 1 chunk of 4 kilobytes (order 0) avail‐
2047              able and has 3 chunks of 4 megabytes (order 10) available.
2048
2049              If the memory is heavily fragmented, the counters for higher or‐
2050              der chunks will be zero and allocation of large contiguous areas
2051              will fail.
2052
2053              Further information about the zones can be found in  /proc/zone‐
2054              info.
2055
2056       /proc/bus
2057              Contains subdirectories for installed buses.
2058
2059       /proc/bus/pccard
2060              Subdirectory  for  PCMCIA  devices  when CONFIG_PCMCIA is set at
2061              kernel compilation time.
2062
2063       /proc/bus/pccard/drivers
2064
2065       /proc/bus/pci
2066              Contains various bus subdirectories and pseudo-files  containing
2067              information about PCI buses, installed devices, and device driv‐
2068              ers.  Some of these files are not ASCII.
2069
2070       /proc/bus/pci/devices
2071              Information about PCI devices.  They  may  be  accessed  through
2072              lspci(8) and setpci(8).
2073
2074       /proc/cgroups (since Linux 2.6.24)
2075              See cgroups(7).
2076
2077       /proc/cmdline
2078              Arguments  passed  to the Linux kernel at boot time.  Often done
2079              via a boot manager such as lilo(8) or  grub(8).   Any  arguments
2080              embedded in the kernel image or initramfs via CONFIG_BOOT_CONFIG
2081              will also be displayed.
2082
2083       /proc/config.gz (since Linux 2.6)
2084              This file exposes the configuration options that  were  used  to
2085              build  the  currently running kernel, in the same format as they
2086              would be shown in the .config file that resulted when  configur‐
2087              ing  the  kernel  (using make xconfig, make config, or similar).
2088              The file contents are compressed;  view  or  search  them  using
2089              zcat(1)  and  zgrep(1).  As long as no changes have been made to
2090              the following file, the contents of /proc/config.gz are the same
2091              as those provided by:
2092
2093                  cat /lib/modules/$(uname -r)/build/.config
2094
2095              /proc/config.gz  is  provided  only  if the kernel is configured
2096              with CONFIG_IKCONFIG_PROC.
2097
2098       /proc/crypto
2099              A list of the ciphers provided by the kernel  crypto  API.   For
2100              details,  see  the  kernel Linux Kernel Crypto API documentation
2101              available  under  the   kernel   source   directory   Documenta‐
2102              tion/crypto/  (or  Documentation/DocBook  before Linux 4.10; the
2103              documentation can be built using a command such as make htmldocs
2104              in the root directory of the kernel source tree).
2105
2106       /proc/cpuinfo
2107              This  is  a  collection of CPU and system architecture dependent
2108              items, for each supported architecture a  different  list.   Two
2109              common  entries  are  processor  which  gives CPU number and bo‐
2110              gomips; a system constant that is calculated during kernel  ini‐
2111              tialization.   SMP  machines have information for each CPU.  The
2112              lscpu(1) command gathers its information from this file.
2113
2114       /proc/devices
2115              Text listing of major numbers and device groups.   This  can  be
2116              used by MAKEDEV scripts for consistency with the kernel.
2117
2118       /proc/diskstats (since Linux 2.5.69)
2119              This  file  contains  disk  I/O statistics for each disk device.
2120              See   the   Linux   kernel   source    file    Documentation/ad‐
2121              min-guide/iostats.rst (or Documentation/iostats.txt before Linux
2122              5.3) for further information.
2123
2124       /proc/dma
2125              This is a list of the registered ISA DMA (direct memory  access)
2126              channels in use.
2127
2128       /proc/driver
2129              Empty subdirectory.
2130
2131       /proc/execdomains
2132              Used  to list ABI personalities before Linux 4.1; now contains a
2133              constant string for userspace compatibility.
2134
2135       /proc/fb
2136              Frame buffer information when CONFIG_FB is defined during kernel
2137              compilation.
2138
2139       /proc/filesystems
2140              A  text  listing  of  the filesystems which are supported by the
2141              kernel, namely filesystems which were compiled into  the  kernel
2142              or  whose  kernel  modules  are  currently  loaded.   (See  also
2143              filesystems(5).)  If a filesystem is marked with  "nodev",  this
2144              means  that  it  does  not  require a block device to be mounted
2145              (e.g., virtual filesystem, network filesystem).
2146
2147              Incidentally, this file may be used by mount(8) when no filesys‐
2148              tem  is specified and it didn't manage to determine the filesys‐
2149              tem type.  Then filesystems contained in  this  file  are  tried
2150              (excepted those that are marked with "nodev").
2151
2152       /proc/fs
2153              Contains subdirectories that in turn contain files with informa‐
2154              tion about (certain) mounted filesystems.
2155
2156       /proc/ide
2157              This directory exists on systems with the IDE  bus.   There  are
2158              directories for each IDE channel and attached device.  Files in‐
2159              clude:
2160
2161                  cache              buffer size in KB
2162                  capacity           number of sectors
2163                  driver             driver version
2164                  geometry           physical and logical geometry
2165                  identify           in hexadecimal
2166                  media              media type
2167                  model              manufacturer's model number
2168                  settings           drive settings
2169                  smart_thresholds   IDE disk management thresholds (in hex)
2170                  smart_values       IDE disk management values (in hex)
2171
2172              The hdparm(8) utility provides access to this information  in  a
2173              friendly format.
2174
2175       /proc/interrupts
2176              This  is  used to record the number of interrupts per CPU per IO
2177              device.  Since Linux 2.6.24, for the i386 and  x86-64  architec‐
2178              tures,  at  least, this also includes interrupts internal to the
2179              system (that is, not associated with a device as such), such  as
2180              NMI  (nonmaskable  interrupt),  LOC (local timer interrupt), and
2181              for SMP systems, TLB (TLB flush  interrupt),  RES  (rescheduling
2182              interrupt),  CAL  (remote function call interrupt), and possibly
2183              others.  Very easy to read formatting, done in ASCII.
2184
2185       /proc/iomem
2186              I/O memory map in Linux 2.4.
2187
2188       /proc/ioports
2189              This is a list of currently registered Input-Output port regions
2190              that are in use.
2191
2192       /proc/kallsyms (since Linux 2.5.71)
2193              This  holds  the  kernel exported symbol definitions used by the
2194              modules(X) tools to dynamically link and bind loadable  modules.
2195              In  Linux  2.5.47 and earlier, a similar file with slightly dif‐
2196              ferent syntax was named ksyms.
2197
2198       /proc/kcore
2199              This file represents the physical memory of the  system  and  is
2200              stored  in the ELF core file format.  With this pseudo-file, and
2201              an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be
2202              used to examine the current state of any kernel data structures.
2203
2204              The  total  length  of  the  file is the size of physical memory
2205              (RAM) plus 4 KiB.
2206
2207       /proc/keys (since Linux 2.6.10)
2208              See keyrings(7).
2209
2210       /proc/key-users (since Linux 2.6.10)
2211              See keyrings(7).
2212
2213       /proc/kmsg
2214              This file can be used instead of the syslog(2)  system  call  to
2215              read  kernel messages.  A process must have superuser privileges
2216              to read this file, and only one process should read  this  file.
2217              This  file  should  not  be  read if a syslog process is running
2218              which uses the syslog(2) system call facility to log kernel mes‐
2219              sages.
2220
2221              Information in this file is retrieved with the dmesg(1) program.
2222
2223       /proc/kpagecgroup (since Linux 4.3)
2224              This  file  contains  a 64-bit inode number of the memory cgroup
2225              each page is charged to, indexed by page frame number  (see  the
2226              discussion of /proc/pid/pagemap).
2227
2228              The  /proc/kpagecgroup  file is present only if the CONFIG_MEMCG
2229              kernel configuration option is enabled.
2230
2231       /proc/kpagecount (since Linux 2.6.25)
2232              This file contains a 64-bit count of the number  of  times  each
2233              physical page frame is mapped, indexed by page frame number (see
2234              the discussion of /proc/pid/pagemap).
2235
2236              The  /proc/kpagecount  file  is  present  only   if   the   CON‐
2237              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2238
2239       /proc/kpageflags (since Linux 2.6.25)
2240              This  file  contains 64-bit masks corresponding to each physical
2241              page frame; it is indexed by page frame number (see the  discus‐
2242              sion of /proc/pid/pagemap).  The bits are as follows:
2243
2244                      0   -   KPF_LOCKED
2245                      1   -   KPF_ERROR
2246                      2   -   KPF_REFERENCED
2247                      3   -   KPF_UPTODATE
2248                      4   -   KPF_DIRTY
2249                      5   -   KPF_LRU
2250                      6   -   KPF_ACTIVE
2251                      7   -   KPF_SLAB
2252                      8   -   KPF_WRITEBACK
2253                      9   -   KPF_RECLAIM
2254                     10   -   KPF_BUDDY
2255                     11   -   KPF_MMAP            (since Linux 2.6.31)
2256                     12   -   KPF_ANON            (since Linux 2.6.31)
2257                     13   -   KPF_SWAPCACHE       (since Linux 2.6.31)
2258                     14   -   KPF_SWAPBACKED      (since Linux 2.6.31)
2259                     15   -   KPF_COMPOUND_HEAD   (since Linux 2.6.31)
2260                     16   -   KPF_COMPOUND_TAIL   (since Linux 2.6.31)
2261                     17   -   KPF_HUGE            (since Linux 2.6.31)
2262                     18   -   KPF_UNEVICTABLE     (since Linux 2.6.31)
2263                     19   -   KPF_HWPOISON        (since Linux 2.6.31)
2264                     20   -   KPF_NOPAGE          (since Linux 2.6.31)
2265                     21   -   KPF_KSM             (since Linux 2.6.32)
2266                     22   -   KPF_THP             (since Linux 3.4)
2267                     23   -   KPF_BALLOON         (since Linux 3.18)
2268                     24   -   KPF_ZERO_PAGE       (since Linux 4.0)
2269                     25   -   KPF_IDLE            (since Linux 4.3)
2270                     26   -   KPF_PGTABLE         (since Linux 4.18)
2271
2272              For  further details on the meanings of these bits, see the ker‐
2273              nel source file  Documentation/admin-guide/mm/pagemap.rst.   Be‐
2274              fore  Linux  2.6.29,  KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and
2275              KPF_LOCKED did not report correctly.
2276
2277              The  /proc/kpageflags  file  is  present  only   if   the   CON‐
2278              FIG_PROC_PAGE_MONITOR kernel configuration option is enabled.
2279
2280       /proc/ksyms (Linux 1.1.23–2.5.47)
2281              See /proc/kallsyms.
2282
2283       /proc/loadavg
2284              The  first  three  fields  in this file are load average figures
2285              giving the number of jobs in the run queue (state R) or  waiting
2286              for disk I/O (state D) averaged over 1, 5, and 15 minutes.  They
2287              are the same as the load average numbers given by uptime(1)  and
2288              other  programs.  The fourth field consists of two numbers sepa‐
2289              rated by a slash (/).  The first of these is the number of  cur‐
2290              rently runnable kernel scheduling entities (processes, threads).
2291              The value after the slash is the number of kernel scheduling en‐
2292              tities  that  currently exist on the system.  The fifth field is
2293              the PID of the process that was most  recently  created  on  the
2294              system.
2295
2296       /proc/locks
2297              This  file  shows current file locks (flock(2) and fcntl(2)) and
2298              leases (fcntl(2)).
2299
2300              An example of the content shown in this file is the following:
2301
2302                  1: POSIX  ADVISORY  READ  5433 08:01:7864448 128 128
2303                  2: FLOCK  ADVISORY  WRITE 2001 08:01:7864554 0 EOF
2304                  3: FLOCK  ADVISORY  WRITE 1568 00:2f:32388 0 EOF
2305                  4: POSIX  ADVISORY  WRITE 699 00:16:28457 0 EOF
2306                  5: POSIX  ADVISORY  WRITE 764 00:16:21448 0 0
2307                  6: POSIX  ADVISORY  READ  3548 08:01:7867240 1 1
2308                  7: POSIX  ADVISORY  READ  3548 08:01:7865567 1826 2335
2309                  8: OFDLCK ADVISORY  WRITE -1 08:01:8713209 128 191
2310
2311              The fields shown in each line are as follows:
2312
2313              [1]  The ordinal position of the lock in the list.
2314
2315              [2]  The lock type.  Values that may appear here include:
2316
2317                   FLOCK  This is a BSD file lock created using flock(2).
2318
2319                   OFDLCK This is an open file description (OFD) lock  created
2320                          using fcntl(2).
2321
2322                   POSIX  This  is  a  POSIX byte-range lock created using fc‐
2323                          ntl(2).
2324
2325              [3]  Among the strings that can appear here are the following:
2326
2327                   ADVISORY
2328                          This is an advisory lock.
2329
2330                   MANDATORY
2331                          This is a mandatory lock.
2332
2333              [4]  The type of lock.  Values that can appear here are:
2334
2335                   READ   This is a POSIX or OFD read lock, or  a  BSD  shared
2336                          lock.
2337
2338                   WRITE  This  is  a POSIX or OFD write lock, or a BSD exclu‐
2339                          sive lock.
2340
2341              [5]  The PID of the process that owns the lock.
2342
2343                   Because OFD locks are not owned by a single process  (since
2344                   multiple  processes may have file descriptors that refer to
2345                   the same open file description), the value -1 is  displayed
2346                   in  this  field  for  OFD locks.  (Before Linux 4.14, a bug
2347                   meant that the PID of the process that  initially  acquired
2348                   the lock was displayed instead of the value -1.)
2349
2350              [6]  Three colon-separated subfields that identify the major and
2351                   minor device ID of the  device  containing  the  filesystem
2352                   where the locked file resides, followed by the inode number
2353                   of the locked file.
2354
2355              [7]  The byte offset of the first byte of  the  lock.   For  BSD
2356                   locks, this value is always 0.
2357
2358              [8]  The  byte offset of the last byte of the lock.  EOF in this
2359                   field means that the lock extends to the end of  the  file.
2360                   For BSD locks, the value shown is always EOF.
2361
2362              Since  Linux 4.9, the list of locks shown in /proc/locks is fil‐
2363              tered to show just the locks for the processes in the PID  name‐
2364              space (see pid_namespaces(7)) for which the /proc filesystem was
2365              mounted.  (In the initial PID namespace, there is  no  filtering
2366              of the records shown in this file.)
2367
2368              The  lslocks(8)  command  provides  a bit more information about
2369              each lock.
2370
2371       /proc/malloc (only up to and including Linux 2.2)
2372              This file is present only  if  CONFIG_DEBUG_MALLOC  was  defined
2373              during compilation.
2374
2375       /proc/meminfo
2376              This  file  reports statistics about memory usage on the system.
2377              It is used by free(1) to report the amount of free and used mem‐
2378              ory (both physical and swap) on the system as well as the shared
2379              memory and buffers used by the kernel.  Each line  of  the  file
2380              consists  of a parameter name, followed by a colon, the value of
2381              the parameter, and an option unit of measurement  (e.g.,  "kB").
2382              The  list  below  describes  the  parameter names and the format
2383              specifier required to read the field value.  Except as noted be‐
2384              low,  all  of  the fields have been present since at least Linux
2385              2.6.0.  Some fields are displayed only if the kernel was config‐
2386              ured  with  various options; those dependencies are noted in the
2387              list.
2388
2389              MemTotal %lu
2390                     Total usable RAM (i.e., physical RAM minus a few reserved
2391                     bits and the kernel binary code).
2392
2393              MemFree %lu
2394                     The sum of LowFree+HighFree.
2395
2396              MemAvailable %lu (since Linux 3.14)
2397                     An  estimate of how much memory is available for starting
2398                     new applications, without swapping.
2399
2400              Buffers %lu
2401                     Relatively temporary storage for  raw  disk  blocks  that
2402                     shouldn't get tremendously large (20 MB or so).
2403
2404              Cached %lu
2405                     In-memory  cache  for  files read from the disk (the page
2406                     cache).  Doesn't include SwapCached.
2407
2408              SwapCached %lu
2409                     Memory that once was swapped out, is swapped back in  but
2410                     still  also  is in the swap file.  (If memory pressure is
2411                     high, these pages don't need to be swapped out again  be‐
2412                     cause  they  are  already  in  the swap file.  This saves
2413                     I/O.)
2414
2415              Active %lu
2416                     Memory that has been used more recently and  usually  not
2417                     reclaimed unless absolutely necessary.
2418
2419              Inactive %lu
2420                     Memory which has been less recently used.  It is more el‐
2421                     igible to be reclaimed for other purposes.
2422
2423              Active(anon) %lu (since Linux 2.6.28)
2424                     [To be documented.]
2425
2426              Inactive(anon) %lu (since Linux 2.6.28)
2427                     [To be documented.]
2428
2429              Active(file) %lu (since Linux 2.6.28)
2430                     [To be documented.]
2431
2432              Inactive(file) %lu (since Linux 2.6.28)
2433                     [To be documented.]
2434
2435              Unevictable %lu (since Linux 2.6.28)
2436                     (From  Linux   2.6.28   to   Linux   2.6.30,   CONFIG_UN‐
2437                     EVICTABLE_LRU was required.)  [To be documented.]
2438
2439              Mlocked %lu (since Linux 2.6.28)
2440                     (From   Linux   2.6.28   to   Linux   2.6.30,  CONFIG_UN‐
2441                     EVICTABLE_LRU was required.)  [To be documented.]
2442
2443              HighTotal %lu
2444                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2445                     Total  amount  of  highmem.   Highmem is all memory above
2446                     ~860 MB of physical memory.  Highmem areas are for use by
2447                     user-space  programs,  or for the page cache.  The kernel
2448                     must use tricks to access this memory, making  it  slower
2449                     to access than lowmem.
2450
2451              HighFree %lu
2452                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2453                     Amount of free highmem.
2454
2455              LowTotal %lu
2456                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2457                     Total  amount  of  lowmem.  Lowmem is memory which can be
2458                     used for everything that highmem can be used for, but  it
2459                     is  also  available for the kernel's use for its own data
2460                     structures.  Among many other things, it is where  every‐
2461                     thing  from  Slab  is  allocated.  Bad things happen when
2462                     you're out of lowmem.
2463
2464              LowFree %lu
2465                     (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.)
2466                     Amount of free lowmem.
2467
2468              MmapCopy %lu (since Linux 2.6.29)
2469                     (CONFIG_MMU is required.)  [To be documented.]
2470
2471              SwapTotal %lu
2472                     Total amount of swap space available.
2473
2474              SwapFree %lu
2475                     Amount of swap space that is currently unused.
2476
2477              Dirty %lu
2478                     Memory which is waiting to get written back to the disk.
2479
2480              Writeback %lu
2481                     Memory which is actively being written back to the disk.
2482
2483              AnonPages %lu (since Linux 2.6.18)
2484                     Non-file backed pages mapped into user-space page tables.
2485
2486              Mapped %lu
2487                     Files  which have been mapped into memory (with mmap(2)),
2488                     such as libraries.
2489
2490              Shmem %lu (since Linux 2.6.32)
2491                     Amount of memory consumed in tmpfs(5) filesystems.
2492
2493              KReclaimable %lu (since Linux 4.20)
2494                     Kernel allocations that the kernel will  attempt  to  re‐
2495                     claim  under memory pressure.  Includes SReclaimable (be‐
2496                     low), and other direct allocations with a shrinker.
2497
2498              Slab %lu
2499                     In-kernel data structures cache.  (See slabinfo(5).)
2500
2501              SReclaimable %lu (since Linux 2.6.19)
2502                     Part of Slab, that might be reclaimed, such as caches.
2503
2504              SUnreclaim %lu (since Linux 2.6.19)
2505                     Part of Slab, that cannot be reclaimed  on  memory  pres‐
2506                     sure.
2507
2508              KernelStack %lu (since Linux 2.6.32)
2509                     Amount of memory allocated to kernel stacks.
2510
2511              PageTables %lu (since Linux 2.6.18)
2512                     Amount  of  memory  dedicated to the lowest level of page
2513                     tables.
2514
2515              Quicklists %lu (since Linux 2.6.27)
2516                     (CONFIG_QUICKLIST is required.)  [To be documented.]
2517
2518              NFS_Unstable %lu (since Linux 2.6.18)
2519                     NFS pages sent to the server, but not  yet  committed  to
2520                     stable storage.
2521
2522              Bounce %lu (since Linux 2.6.18)
2523                     Memory used for block device "bounce buffers".
2524
2525              WritebackTmp %lu (since Linux 2.6.26)
2526                     Memory used by FUSE for temporary writeback buffers.
2527
2528              CommitLimit %lu (since Linux 2.6.10)
2529                     This is the total amount of memory currently available to
2530                     be allocated on the system, expressed in kilobytes.  This
2531                     limit  is adhered to only if strict overcommit accounting
2532                     is enabled (mode  2  in  /proc/sys/vm/overcommit_memory).
2533                     The  limit  is  calculated  according  to the formula de‐
2534                     scribed under /proc/sys/vm/overcommit_memory.   For  fur‐
2535                     ther  details,  see  the  kernel  source  file Documenta‐
2536                     tion/vm/overcommit-accounting.rst.
2537
2538              Committed_AS %lu
2539                     The amount of memory presently allocated on  the  system.
2540                     The  committed memory is a sum of all of the memory which
2541                     has been allocated by processes, even if it has not  been
2542                     "used" by them as of yet.  A process which allocates 1 GB
2543                     of memory (using malloc(3) or similar), but touches  only
2544                     300  MB  of that memory will show up as using only 300 MB
2545                     of memory even if it has the address space allocated  for
2546                     the entire 1 GB.
2547
2548                     This  1 GB is memory which has been "committed" to by the
2549                     VM and can be used at any time by the allocating applica‐
2550                     tion.  With strict overcommit enabled on the system (mode
2551                     2 in /proc/sys/vm/overcommit_memory),  allocations  which
2552                     would exceed the CommitLimit will not be permitted.  This
2553                     is useful if one needs to guarantee that  processes  will
2554                     not  fail due to lack of memory once that memory has been
2555                     successfully allocated.
2556
2557              VmallocTotal %lu
2558                     Total size of vmalloc memory area.
2559
2560              VmallocUsed %lu
2561                     Amount of vmalloc area which is used.  Since  Linux  4.4,
2562                     this  field is no longer calculated, and is hard coded as
2563                     0.  See /proc/vmallocinfo.
2564
2565              VmallocChunk %lu
2566                     Largest contiguous block of vmalloc area which  is  free.
2567                     Since  Linux  4.4, this field is no longer calculated and
2568                     is hard coded as 0.  See /proc/vmallocinfo.
2569
2570              HardwareCorrupted %lu (since Linux 2.6.32)
2571                     (CONFIG_MEMORY_FAILURE is required.)  [To be documented.]
2572
2573              LazyFree %lu (since Linux 4.12)
2574                     Shows  the  amount  of  memory   marked   by   madvise(2)
2575                     MADV_FREE.
2576
2577              AnonHugePages %lu (since Linux 2.6.38)
2578                     (CONFIG_TRANSPARENT_HUGEPAGE   is   required.)   Non-file
2579                     backed huge pages mapped into user-space page tables.
2580
2581              ShmemHugePages %lu (since Linux 4.8)
2582                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)   Memory  used
2583                     by shared memory (shmem) and tmpfs(5) allocated with huge
2584                     pages.
2585
2586              ShmemPmdMapped %lu (since Linux 4.8)
2587                     (CONFIG_TRANSPARENT_HUGEPAGE is required.)  Shared memory
2588                     mapped into user space with huge pages.
2589
2590              CmaTotal %lu (since Linux 3.1)
2591                     Total  CMA  (Contiguous  Memory  Allocator) pages.  (CON‐
2592                     FIG_CMA is required.)
2593
2594              CmaFree %lu (since Linux 3.1)
2595                     Free CMA  (Contiguous  Memory  Allocator)  pages.   (CON‐
2596                     FIG_CMA is required.)
2597
2598              HugePages_Total %lu
2599                     (CONFIG_HUGETLB_PAGE  is required.)  The size of the pool
2600                     of huge pages.
2601
2602              HugePages_Free %lu
2603                     (CONFIG_HUGETLB_PAGE is required.)  The  number  of  huge
2604                     pages in the pool that are not yet allocated.
2605
2606              HugePages_Rsvd %lu (since Linux 2.6.17)
2607                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2608                     huge pages for which a commitment to  allocate  from  the
2609                     pool  has been made, but no allocation has yet been made.
2610                     These reserved huge pages guarantee that  an  application
2611                     will  be  able  to  allocate a huge page from the pool of
2612                     huge pages at fault time.
2613
2614              HugePages_Surp %lu (since Linux 2.6.24)
2615                     (CONFIG_HUGETLB_PAGE is required.)  This is the number of
2616                     huge   pages   in   the   pool   above   the   value   in
2617                     /proc/sys/vm/nr_hugepages.  The maximum number of surplus
2618                     huge  pages  is  controlled  by  /proc/sys/vm/nr_overcom‐
2619                     mit_hugepages.
2620
2621              Hugepagesize %lu
2622                     (CONFIG_HUGETLB_PAGE is  required.)   The  size  of  huge
2623                     pages.
2624
2625              DirectMap4k %lu (since Linux 2.6.27)
2626                     Number  of bytes of RAM linearly mapped by kernel in 4 kB
2627                     pages.  (x86.)
2628
2629              DirectMap4M %lu (since Linux 2.6.27)
2630                     Number of bytes of RAM linearly mapped by kernel in 4  MB
2631                     pages.   (x86  with  CONFIG_X86_64  or CONFIG_X86_PAE en‐
2632                     abled.)
2633
2634              DirectMap2M %lu (since Linux 2.6.27)
2635                     Number of bytes of RAM linearly mapped by kernel in 2  MB
2636                     pages.    (x86   with   neither  CONFIG_X86_64  nor  CON‐
2637                     FIG_X86_PAE enabled.)
2638
2639              DirectMap1G %lu (since Linux 2.6.27)
2640                     (x86 with CONFIG_X86_64 and CONFIG_X86_DIRECT_GBPAGES en‐
2641                     abled.)
2642
2643       /proc/modules
2644              A  text list of the modules that have been loaded by the system.
2645              See also lsmod(8).
2646
2647       /proc/mounts
2648              Before Linux 2.4.19, this file was a list of all the filesystems
2649              currently  mounted on the system.  With the introduction of per-
2650              process  mount  namespaces  in  Linux  2.4.19  (see  mount_name‐
2651              spaces(7)),  this file became a link to /proc/self/mounts, which
2652              lists the mounts of the process's own mount namespace.  The for‐
2653              mat of this file is documented in fstab(5).
2654
2655       /proc/mtrr
2656              Memory  Type  Range Registers.  See the Linux kernel source file
2657              Documentation/x86/mtrr.rst (or Documentation/x86/mtrr.txt before
2658              Linux  5.2,  or  Documentation/mtrr.txt before Linux 2.6.28) for
2659              details.
2660
2661       /proc/net
2662              This directory contains various files  and  subdirectories  con‐
2663              taining  information about the networking layer.  The files con‐
2664              tain ASCII structures and are, therefore, readable with  cat(1).
2665              However, the standard netstat(8) suite provides much cleaner ac‐
2666              cess to these files.
2667
2668              With the advent of network namespaces, various  information  re‐
2669              lating  to  the  network stack is virtualized (see network_name‐
2670              spaces(7)).  Thus, since Linux 2.6.25, /proc/net is  a  symbolic
2671              link  to  the  directory /proc/self/net, which contains the same
2672              files and directories as listed below.  However, these files and
2673              directories  now expose information for the network namespace of
2674              which the process is a member.
2675
2676       /proc/net/arp
2677              This holds an ASCII readable dump of the kernel ARP  table  used
2678              for  address resolutions.  It will show both dynamically learned
2679              and preprogrammed ARP entries.  The format is:
2680
2681                  IP address     HW type   Flags     HW address          Mask   Device
2682                  192.168.0.50   0x1       0x2       00:50:BF:25:68:F3   *      eth0
2683                  192.168.0.250  0x1       0xc       00:00:00:00:00:00   *      eth0
2684
2685              Here "IP address" is the IPv4 address of the machine and the "HW
2686              type"  is  the  hardware  type of the address from RFC 826.  The
2687              flags are the internal flags of the ARP structure (as defined in
2688              /usr/include/linux/if_arp.h)  and  the  "HW address" is the data
2689              link layer mapping for that IP address if it is known.
2690
2691       /proc/net/dev
2692              The dev pseudo-file contains network device status  information.
2693              This  gives  the number of received and sent packets, the number
2694              of errors and collisions and other basic statistics.  These  are
2695              used  by  the  ifconfig(8) program to report device status.  The
2696              format is:
2697
2698              Inter-|   Receive                                                |  Transmit
2699               face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
2700                  lo: 2776770   11307    0    0    0     0          0         0  2776770   11307    0    0    0     0       0          0
2701                eth0: 1215645    2751    0    0    0     0          0         0  1782404    4324    0    0    0   427       0          0
2702                ppp0: 1622270    5552    1    0    0     0          0         0   354130    5669    0    0    0     0       0          0
2703                tap0:    7714      81    0    0    0     0          0         0     7714      81    0    0    0     0       0          0
2704
2705       /proc/net/dev_mcast
2706              Defined in /usr/src/linux/net/core/dev_mcast.c:
2707
2708                  indx interface_name  dmi_u dmi_g dmi_address
2709                  2    eth0            1     0     01005e000001
2710                  3    eth1            1     0     01005e000001
2711                  4    eth2            1     0     01005e000001
2712
2713       /proc/net/igmp
2714              Internet    Group    Management    Protocol.      Defined     in
2715              /usr/src/linux/net/core/igmp.c.
2716
2717       /proc/net/rarp
2718              This  file uses the same format as the arp file and contains the
2719              current reverse mapping database used to provide rarp(8) reverse
2720              address  lookup  services.   If  RARP is not configured into the
2721              kernel, this file will not be present.
2722
2723       /proc/net/raw
2724              Holds a dump of the RAW socket table.  Much of  the  information
2725              is  not of use apart from debugging.  The "sl" value is the ker‐
2726              nel hash slot for the socket, the "local_address" is  the  local
2727              address  and  protocol number pair.  "St" is the internal status
2728              of the socket.  The "tx_queue" and "rx_queue" are  the  outgoing
2729              and  incoming  data  queue in terms of kernel memory usage.  The
2730              "tr", "tm->when", and "rexmits" fields are not used by RAW.  The
2731              "uid"  field  holds  the  effective  UID  of  the creator of the
2732              socket.
2733
2734       /proc/net/snmp
2735              This file holds the ASCII data needed for the IP, ICMP, TCP, and
2736              UDP management information bases for an SNMP agent.
2737
2738       /proc/net/tcp
2739              Holds  a  dump of the TCP socket table.  Much of the information
2740              is not of use apart from debugging.  The "sl" value is the  ker‐
2741              nel  hash  slot for the socket, the "local_address" is the local
2742              address and port number pair.  The "rem_address" is  the  remote
2743              address and port number pair (if connected).  "St" is the inter‐
2744              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2745              outgoing  and  incoming data queue in terms of kernel memory us‐
2746              age.  The "tr", "tm->when", and "rexmits" fields  hold  internal
2747              information  of  the kernel socket state and are useful only for
2748              debugging.  The "uid" field holds the effective UID of the  cre‐
2749              ator of the socket.
2750
2751       /proc/net/udp
2752              Holds  a  dump of the UDP socket table.  Much of the information
2753              is not of use apart from debugging.  The "sl" value is the  ker‐
2754              nel  hash  slot for the socket, the "local_address" is the local
2755              address and port number pair.  The "rem_address" is  the  remote
2756              address and port number pair (if connected).  "St" is the inter‐
2757              nal status of the socket.  The "tx_queue" and "rx_queue" are the
2758              outgoing  and  incoming data queue in terms of kernel memory us‐
2759              age.  The "tr", "tm->when", and "rexmits" fields are not used by
2760              UDP.   The "uid" field holds the effective UID of the creator of
2761              the socket.  The format is:
2762
2763              sl  local_address rem_address   st tx_queue rx_queue tr rexmits  tm->when uid
2764               1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
2765               1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
2766               1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
2767
2768       /proc/net/unix
2769              Lists the UNIX domain sockets  present  within  the  system  and
2770              their status.  The format is:
2771
2772              Num RefCount Protocol Flags    Type St Inode Path
2773               0: 00000002 00000000 00000000 0001 03    42
2774               1: 00000001 00000000 00010000 0001 01  1948 /dev/printer
2775
2776              The fields are as follows:
2777
2778              Num:      the kernel table slot number.
2779
2780              RefCount: the number of users of the socket.
2781
2782              Protocol: currently always 0.
2783
2784              Flags:    the  internal  kernel  flags holding the status of the
2785                        socket.
2786
2787              Type:     the socket type.  For  SOCK_STREAM  sockets,  this  is
2788                        0001;  for  SOCK_DGRAM  sockets,  it  is 0002; and for
2789                        SOCK_SEQPACKET sockets, it is 0005.
2790
2791              St:       the internal state of the socket.
2792
2793              Inode:    the inode number of the socket.
2794
2795              Path:     the bound pathname (if any) of the socket.  Sockets in
2796                        the  abstract  namespace are included in the list, and
2797                        are shown with a Path that commences with the  charac‐
2798                        ter '@'.
2799
2800       /proc/net/netfilter/nfnetlink_queue
2801              This file contains information about netfilter user-space queue‐
2802              ing, if used.  Each line represents a queue.  Queues  that  have
2803              not been subscribed to by user space are not shown.
2804
2805                     1   4207     0  2 65535     0     0        0  1
2806                    (1)   (2)    (3)(4)  (5)    (6)   (7)      (8)
2807
2808              The fields in each line are:
2809
2810              (1)  The ID of the queue.  This matches what is specified in the
2811                   --queue-num or --queue-balance options to  the  iptables(8)
2812                   NFQUEUE target.  See iptables-extensions(8) for more infor‐
2813                   mation.
2814
2815              (2)  The netlink port ID subscribed to the queue.
2816
2817              (3)  The number of packets currently queued and  waiting  to  be
2818                   processed by the application.
2819
2820              (4)  The copy mode of the queue.  It is either 1 (metadata only)
2821                   or 2 (also copy payload data to user space).
2822
2823              (5)  Copy range; that is,  how  many  bytes  of  packet  payload
2824                   should be copied to user space at most.
2825
2826              (6)  queue dropped.  Number of packets that had to be dropped by
2827                   the kernel because too many packets are already waiting for
2828                   user space to send back the mandatory accept/drop verdicts.
2829
2830              (7)  queue  user  dropped.   Number of packets that were dropped
2831                   within the netlink subsystem.  Such  drops  usually  happen
2832                   when the corresponding socket buffer is full; that is, user
2833                   space is not able to read messages fast enough.
2834
2835              (8)  sequence number.  Every queued packet is associated with  a
2836                   (32-bit)  monotonically  increasing  sequence number.  This
2837                   shows the ID of the most recent packet queued.
2838
2839              The last number exists only for compatibility reasons and is al‐
2840              ways 1.
2841
2842       /proc/partitions
2843              Contains  the  major and minor numbers of each partition as well
2844              as the number of 1024-byte blocks and the partition name.
2845
2846       /proc/pci
2847              This is a listing of all PCI devices found  during  kernel  ini‐
2848              tialization and their configuration.
2849
2850              This  file has been deprecated in favor of a new /proc interface
2851              for PCI  (/proc/bus/pci).   It  became  optional  in  Linux  2.2
2852              (available  with CONFIG_PCI_OLD_PROC set at kernel compilation).
2853              It became once more nonoptionally enabled in Linux  2.4.   Next,
2854              it  was  deprecated  in  Linux  2.6  (still  available with CON‐
2855              FIG_PCI_LEGACY_PROC set), and finally removed  altogether  since
2856              Linux 2.6.17.
2857
2858       /proc/profile (since Linux 2.4)
2859              This file is present only if the kernel was booted with the pro‐
2860              file=1 command-line option.  It exposes kernel profiling  infor‐
2861              mation  in  a  binary format for use by readprofile(1).  Writing
2862              (e.g., an empty string) to this file resets the profiling  coun‐
2863              ters; on some architectures, writing a binary integer "profiling
2864              multiplier" of size sizeof(int)  sets  the  profiling  interrupt
2865              frequency.
2866
2867       /proc/scsi
2868              A directory with the scsi mid-level pseudo-file and various SCSI
2869              low-level driver directories, which contain a file for each SCSI
2870              host  in  this system, all of which give the status of some part
2871              of the SCSI IO subsystem.  These files contain ASCII  structures
2872              and are, therefore, readable with cat(1).
2873
2874              You  can also write to some of the files to reconfigure the sub‐
2875              system or switch certain features on or off.
2876
2877       /proc/scsi/scsi
2878              This is a listing of all SCSI devices known to the kernel.   The
2879              listing  is  similar  to  the one seen during bootup.  scsi cur‐
2880              rently supports only the add-single-device command which  allows
2881              root to add a hotplugged device to the list of known devices.
2882
2883              The command
2884
2885                  echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
2886
2887              will  cause host scsi1 to scan on SCSI channel 0 for a device on
2888              ID 5 LUN 0.  If there is already a device known on this  address
2889              or the address is invalid, an error will be returned.
2890
2891       /proc/scsi/drivername
2892              drivername   can   currently  be  NCR53c7xx,  aha152x,  aha1542,
2893              aha1740, aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000,
2894              pas16,  qlogic,  scsi_debug, seagate, t128, u15-24f, ultrastore,
2895              or wd7000.  These directories show up for all drivers that  reg‐
2896              istered  at  least  one  SCSI HBA.  Every directory contains one
2897              file per registered host.  Every host-file is  named  after  the
2898              number the host was assigned during initialization.
2899
2900              Reading these files will usually show driver and host configura‐
2901              tion, statistics, and so on.
2902
2903              Writing to these files  allows  different  things  on  different
2904              hosts.   For  example,  with the latency and nolatency commands,
2905              root can switch on and off command latency measurement  code  in
2906              the  eata_dma driver.  With the lockup and unlock commands, root
2907              can control bus lockups simulated by the scsi_debug driver.
2908
2909       /proc/self
2910              This  directory  refers  to  the  process  accessing  the  /proc
2911              filesystem, and is identical to the /proc directory named by the
2912              process ID of the same process.
2913
2914       /proc/slabinfo
2915              Information about kernel caches.  See slabinfo(5) for details.
2916
2917       /proc/stat
2918              kernel/system statistics.  Varies with architecture.  Common en‐
2919              tries include:
2920
2921              cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
2922              cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0
2923                     The   amount  of  time,  measured  in  units  of  USER_HZ
2924                     (1/100ths  of  a  second  on  most   architectures,   use
2925                     sysconf(_SC_CLK_TCK) to obtain the right value), that the
2926                     system ("cpu" line) or the  specific  CPU  ("cpuN"  line)
2927                     spent in various states:
2928
2929                     user   (1) Time spent in user mode.
2930
2931                     nice   (2)  Time  spent  in  user  mode with low priority
2932                            (nice).
2933
2934                     system (3) Time spent in system mode.
2935
2936                     idle   (4) Time spent  in  the  idle  task.   This  value
2937                            should  be  USER_HZ  times the second entry in the
2938                            /proc/uptime pseudo-file.
2939
2940                     iowait (since Linux 2.5.41)
2941                            (5) Time waiting for I/O to complete.  This  value
2942                            is not reliable, for the following reasons:
2943
2944                            •  The  CPU  will  not  wait  for I/O to complete;
2945                               iowait is the time that a task is  waiting  for
2946                               I/O  to  complete.   When  a CPU goes into idle
2947                               state for outstanding task  I/O,  another  task
2948                               will be scheduled on this CPU.
2949
2950                            •  On  a  multi-core CPU, the task waiting for I/O
2951                               to complete is not running on any CPU,  so  the
2952                               iowait of each CPU is difficult to calculate.
2953
2954                            •  The value in this field may decrease in certain
2955                               conditions.
2956
2957                     irq (since Linux 2.6.0)
2958                            (6) Time servicing interrupts.
2959
2960                     softirq (since Linux 2.6.0)
2961                            (7) Time servicing softirqs.
2962
2963                     steal (since Linux 2.6.11)
2964                            (8) Stolen time, which is the time spent in  other
2965                            operating  systems  when  running in a virtualized
2966                            environment
2967
2968                     guest (since Linux 2.6.24)
2969                            (9) Time spent running a virtual CPU for guest op‐
2970                            erating  systems  under  the  control of the Linux
2971                            kernel.
2972
2973                     guest_nice (since Linux 2.6.33)
2974                            (10) Time spent running a niced guest (virtual CPU
2975                            for  guest  operating systems under the control of
2976                            the Linux kernel).
2977
2978              page 5741 1808
2979                     The number of pages the system paged in  and  the  number
2980                     that were paged out (from disk).
2981
2982              swap 1 0
2983                     The  number  of  swap pages that have been brought in and
2984                     out.
2985
2986              intr 1462898
2987                     This line shows counts of interrupts serviced since  boot
2988                     time,  for  each  of the possible system interrupts.  The
2989                     first column is the total of all interrupts serviced  in‐
2990                     cluding unnumbered architecture specific interrupts; each
2991                     subsequent column is the total for that  particular  num‐
2992                     bered  interrupt.   Unnumbered  interrupts are not shown,
2993                     only summed into the total.
2994
2995              disk_io: (2,0):(31,30,5764,1,2) (3,0):...
2996                     (major,disk_idx):(noinfo,     read_io_ops,     blks_read,
2997                     write_io_ops, blks_written)
2998                     (Linux 2.4 only)
2999
3000              ctxt 115315
3001                     The number of context switches that the system underwent.
3002
3003              btime 769041601
3004                     boot   time,  in  seconds  since  the  Epoch,  1970-01-01
3005                     00:00:00 +0000 (UTC).
3006
3007              processes 86031
3008                     Number of forks since boot.
3009
3010              procs_running 6
3011                     Number of processes in runnable state.  (Linux 2.5.45 on‐
3012                     ward.)
3013
3014              procs_blocked 2
3015                     Number  of processes blocked waiting for I/O to complete.
3016                     (Linux 2.5.45 onward.)
3017
3018              softirq 229245889 94 60001584 13619 5175704 2471304 28  51212741
3019              59130143 0 51240672
3020                     This  line shows the number of softirq for all CPUs.  The
3021                     first column is the total of all softirqs and each subse‐
3022                     quent column is the total for particular softirq.  (Linux
3023                     2.6.31 onward.)
3024
3025       /proc/swaps
3026              Swap areas in use.  See also swapon(8).
3027
3028       /proc/sys
3029              This directory (present since Linux 1.3.57) contains a number of
3030              files  and  subdirectories  corresponding  to  kernel variables.
3031              These variables can be read and in some cases modified using the
3032              /proc filesystem, and the (deprecated) sysctl(2) system call.
3033
3034              String values may be terminated by either '\0' or '\n'.
3035
3036              Integer  and  long values may be written either in decimal or in
3037              hexadecimal notation (e.g., 0x3FFF).  When writing multiple  in‐
3038              teger  or long values, these may be separated by any of the fol‐
3039              lowing whitespace characters: ' ', '\t', or '\n'.   Using  other
3040              separators leads to the error EINVAL.
3041
3042       /proc/sys/abi (since Linux 2.4.10)
3043              This  directory may contain files with application binary infor‐
3044              mation.   See  the   Linux   kernel   source   file   Documenta‐
3045              tion/sysctl/abi.rst   (or   Documentation/sysctl/abi.txt  before
3046              Linux 5.3) for more information.
3047
3048       /proc/sys/debug
3049              This directory may be empty.
3050
3051       /proc/sys/dev
3052              This  directory  contains  device-specific  information   (e.g.,
3053              dev/cdrom/info).  On some systems, it may be empty.
3054
3055       /proc/sys/fs
3056              This  directory contains the files and subdirectories for kernel
3057              variables related to filesystems.
3058
3059       /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr (since Linux 2.6.4)
3060              aio-nr is the running total of the number of events specified by
3061              io_setup(2)  calls  for  all  currently active AIO contexts.  If
3062              aio-nr reaches aio-max-nr, then io_setup(2) will fail  with  the
3063              error  EAGAIN.  Raising aio-max-nr does not result in the preal‐
3064              location or resizing of any kernel data structures.
3065
3066       /proc/sys/fs/binfmt_misc
3067              Documentation for files in this directory can be  found  in  the
3068              Linux    kernel    source    in   the   file   Documentation/ad‐
3069              min-guide/binfmt-misc.rst (or  in  Documentation/binfmt_misc.txt
3070              on older kernels).
3071
3072       /proc/sys/fs/dentry-state (since Linux 2.2)
3073              This file contains information about the status of the directory
3074              cache (dcache).   The  file  contains  six  numbers,  nr_dentry,
3075              nr_unused,  age_limit  (age  in  seconds), want_pages (pages re‐
3076              quested by system) and two dummy values.
3077
3078              •  nr_dentry is the number of  allocated  dentries  (dcache  en‐
3079                 tries).  This field is unused in Linux 2.2.
3080
3081              •  nr_unused is the number of unused dentries.
3082
3083              •  age_limit  is  the  age in seconds after which dcache entries
3084                 can be reclaimed when memory is short.
3085
3086              •  want_pages  is   nonzero   when   the   kernel   has   called
3087                 shrink_dcache_pages() and the dcache isn't pruned yet.
3088
3089       /proc/sys/fs/dir-notify-enable
3090              This file can be used to disable or enable the dnotify interface
3091              described in fcntl(2) on a system-wide basis.  A value of  0  in
3092              this file disables the interface, and a value of 1 enables it.
3093
3094       /proc/sys/fs/dquot-max
3095              This file shows the maximum number of cached disk quota entries.
3096              On some (2.4) systems, it is not present.  If the number of free
3097              cached  disk quota entries is very low and you have some awesome
3098              number of simultaneous system users, you might want to raise the
3099              limit.
3100
3101       /proc/sys/fs/dquot-nr
3102              This  file  shows the number of allocated disk quota entries and
3103              the number of free disk quota entries.
3104
3105       /proc/sys/fs/epoll (since Linux 2.6.28)
3106              This directory contains the file max_user_watches, which can  be
3107              used  to limit the amount of kernel memory consumed by the epoll
3108              interface.  For further details, see epoll(7).
3109
3110       /proc/sys/fs/file-max
3111              This file defines a system-wide limit  on  the  number  of  open
3112              files for all processes.  System calls that fail when encounter‐
3113              ing this limit fail with the  error  ENFILE.   (See  also  setr‐
3114              limit(2),  which can be used by a process to set the per-process
3115              limit, RLIMIT_NOFILE, on the number of files it may  open.)   If
3116              you  get  lots of error messages in the kernel log about running
3117              out of file handles (open file  descriptions)  (look  for  "VFS:
3118              file-max limit <number> reached"), try increasing this value:
3119
3120                  echo 100000 > /proc/sys/fs/file-max
3121
3122              Privileged  processes  (CAP_SYS_ADMIN) can override the file-max
3123              limit.
3124
3125       /proc/sys/fs/file-nr
3126              This (read-only) file contains three numbers: the number of  al‐
3127              located  file  handles  (i.e.,  the number of open file descrip‐
3128              tions; see open(2)); the number of free file  handles;  and  the
3129              maximum  number  of  file  handles  (i.e.,  the  same  value  as
3130              /proc/sys/fs/file-max).  If the number of allocated file handles
3131              is close to the maximum, you should consider increasing the max‐
3132              imum.  Before Linux 2.6, the kernel allocated file  handles  dy‐
3133              namically, but it didn't free them again.  Instead the free file
3134              handles were kept in a list for  reallocation;  the  "free  file
3135              handles"  value indicates the size of that list.  A large number
3136              of free file handles indicates that there was a past peak in the
3137              usage  of  open  file handles.  Since Linux 2.6, the kernel does
3138              deallocate freed file handles, and the "free file handles" value
3139              is always zero.
3140
3141       /proc/sys/fs/inode-max (only present until Linux 2.2)
3142              This file contains the maximum number of in-memory inodes.  This
3143              value should be 3–4 times larger than  the  value  in  file-max,
3144              since  stdin,  stdout  and network sockets also need an inode to
3145              handle them.  When you regularly run out of inodes, you need  to
3146              increase this value.
3147
3148              Starting  with  Linux  2.4, there is no longer a static limit on
3149              the number of inodes, and this file is removed.
3150
3151       /proc/sys/fs/inode-nr
3152              This file contains the first two values from inode-state.
3153
3154       /proc/sys/fs/inode-state
3155              This file contains  seven  numbers:  nr_inodes,  nr_free_inodes,
3156              preshrink, and four dummy values (always zero).
3157
3158              nr_inodes  is  the  number  of  inodes the system has allocated.
3159              nr_free_inodes represents the number of free inodes.
3160
3161              preshrink is nonzero when the nr_inodes > inode-max and the sys‐
3162              tem  needs  to  prune the inode list instead of allocating more;
3163              since Linux 2.4, this field is a dummy value (always zero).
3164
3165       /proc/sys/fs/inotify (since Linux 2.6.13)
3166              This directory contains  files  max_queued_events,  max_user_in‐
3167              stances,  and  max_user_watches,  that  can be used to limit the
3168              amount of kernel memory consumed by the inotify interface.   For
3169              further details, see inotify(7).
3170
3171       /proc/sys/fs/lease-break-time
3172              This file specifies the grace period that the kernel grants to a
3173              process holding a file lease (fcntl(2)) after it has sent a sig‐
3174              nal to that process notifying it that another process is waiting
3175              to open the file.  If the lease holder does not remove or  down‐
3176              grade  the  lease  within this grace period, the kernel forcibly
3177              breaks the lease.
3178
3179       /proc/sys/fs/leases-enable
3180              This file can be used to enable  or  disable  file  leases  (fc‐
3181              ntl(2)) on a system-wide basis.  If this file contains the value
3182              0, leases are disabled.  A nonzero value enables leases.
3183
3184       /proc/sys/fs/mount-max (since Linux 4.9)
3185              The value in this file specifies the maximum  number  of  mounts
3186              that  may exist in a mount namespace.  The default value in this
3187              file is 100,000.
3188
3189       /proc/sys/fs/mqueue (since Linux 2.6.6)
3190              This  directory  contains  files   msg_max,   msgsize_max,   and
3191              queues_max,  controlling  the  resources  used  by POSIX message
3192              queues.  See mq_overview(7) for details.
3193
3194       /proc/sys/fs/nr_open (since Linux 2.6.25)
3195              This  file  imposes  a  ceiling  on  the  value  to  which   the
3196              RLIMIT_NOFILE  resource  limit can be raised (see getrlimit(2)).
3197              This ceiling is enforced for both  unprivileged  and  privileged
3198              process.   The  default  value in this file is 1048576.  (Before
3199              Linux 2.6.25, the ceiling for RLIMIT_NOFILE  was  hard-coded  to
3200              the same value.)
3201
3202       /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
3203              These  files  allow you to change the value of the fixed UID and
3204              GID.  The default  is  65534.   Some  filesystems  support  only
3205              16-bit  UIDs  and  GIDs,  although in Linux UIDs and GIDs are 32
3206              bits.  When one of these filesystems is mounted with writes  en‐
3207              abled,  any  UID or GID that would exceed 65535 is translated to
3208              the overflow value before being written to disk.
3209
3210       /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
3211              See pipe(7).
3212
3213       /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
3214              See pipe(7).
3215
3216       /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
3217              See pipe(7).
3218
3219       /proc/sys/fs/protected_fifos (since Linux 4.19)
3220              The value in this file is/can be set to one of the following:
3221
3222              0   Writing to FIFOs is unrestricted.
3223
3224              1   Don't allow O_CREAT open(2) on FIFOs that the caller doesn't
3225                  own in world-writable sticky directories, unless the FIFO is
3226                  owned by the owner of the directory.
3227
3228              2   As for the value 1, but  the  restriction  also  applies  to
3229                  group-writable sticky directories.
3230
3231              The  intent  of  the above protections is to avoid unintentional
3232              writes to an attacker-controlled FIFO when a program expected to
3233              create a regular file.
3234
3235       /proc/sys/fs/protected_hardlinks (since Linux 3.6)
3236              When  the value in this file is 0, no restrictions are placed on
3237              the creation of hard links (i.e., this is the historical  behav‐
3238              ior before Linux 3.6).  When the value in this file is 1, a hard
3239              link can be created to a target file only if one of the  follow‐
3240              ing conditions is true:
3241
3242              •  The calling process has the CAP_FOWNER capability in its user
3243                 namespace and the file UID has a mapping in the namespace.
3244
3245              •  The filesystem UID of the process creating the  link  matches
3246                 the  owner  (UID) of the target file (as described in creden‐
3247                 tials(7), a process's filesystem UID is normally the same  as
3248                 its effective UID).
3249
3250              •  All of the following conditions are true:
3251
3252                  •  the target is a regular file;
3253
3254                  •  the  target  file  does not have its set-user-ID mode bit
3255                     enabled;
3256
3257                  •  the target file does not have both its  set-group-ID  and
3258                     group-executable mode bits enabled; and
3259
3260                  •  the  caller  has  permission to read and write the target
3261                     file (either via the file's permissions mask  or  because
3262                     it has suitable capabilities).
3263
3264              The  default  value  in  this file is 0.  Setting the value to 1
3265              prevents a longstanding class of security issues caused by hard-
3266              link-based  time-of-check, time-of-use races, most commonly seen
3267              in world-writable directories such as /tmp.  The  common  method
3268              of  exploiting  this  flaw is to cross privilege boundaries when
3269              following a given hard link (i.e., a root process follows a hard
3270              link created by another user).  Additionally, on systems without
3271              separated partitions, this stops unauthorized users  from  "pin‐
3272              ning"  vulnerable set-user-ID and set-group-ID files against be‐
3273              ing upgraded by the administrator, or linking to special files.
3274
3275       /proc/sys/fs/protected_regular (since Linux 4.19)
3276              The value in this file is/can be set to one of the following:
3277
3278              0   Writing to regular files is unrestricted.
3279
3280              1   Don't allow O_CREAT open(2) on regular files that the caller
3281                  doesn't own in world-writable sticky directories, unless the
3282                  regular file is owned by the owner of the directory.
3283
3284              2   As for the value 1, but  the  restriction  also  applies  to
3285                  group-writable sticky directories.
3286
3287              The  intent of the above protections is similar to protected_fi‐
3288              fos, but allows an application to avoid writes to  an  attacker-
3289              controlled  regular file, where the application expected to cre‐
3290              ate one.
3291
3292       /proc/sys/fs/protected_symlinks (since Linux 3.6)
3293              When the value in this file is 0, no restrictions are placed  on
3294              following  symbolic links (i.e., this is the historical behavior
3295              before Linux 3.6).  When the value in this file is  1,  symbolic
3296              links are followed only in the following circumstances:
3297
3298              •  the  filesystem UID of the process following the link matches
3299                 the owner (UID) of the symbolic link (as described in creden‐
3300                 tials(7),  a process's filesystem UID is normally the same as
3301                 its effective UID);
3302
3303              •  the link is not in a sticky world-writable directory; or
3304
3305              •  the symbolic link and its  parent  directory  have  the  same
3306                 owner (UID)
3307
3308              A  system  call  that fails to follow a symbolic link because of
3309              the above restrictions returns the error EACCES in errno.
3310
3311              The default value in this file is 0.  Setting  the  value  to  1
3312              avoids a longstanding class of security issues based on time-of-
3313              check, time-of-use races when accessing symbolic links.
3314
3315       /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
3316              The value in this file is assigned  to  a  process's  "dumpable"
3317              flag in the circumstances described in prctl(2).  In effect, the
3318              value in this file determines whether core dump files  are  pro‐
3319              duced  for  set-user-ID or otherwise protected/tainted binaries.
3320              The "dumpable" setting also affects the ownership of files in  a
3321              process's /proc/pid directory, as described above.
3322
3323              Three different integer values can be specified:
3324
3325              0 (default)
3326                     This  provides  the traditional (pre-Linux 2.6.13) behav‐
3327                     ior.  A core dump will not  be  produced  for  a  process
3328                     which  has  changed  credentials  (by calling seteuid(2),
3329                     setgid(2), or similar, or by executing a  set-user-ID  or
3330                     set-group-ID  program) or whose binary does not have read
3331                     permission enabled.
3332
3333              1 ("debug")
3334                     All processes dump core when possible.   (Reasons  why  a
3335                     process might nevertheless not dump core are described in
3336                     core(5).)  The core dump is owned by the filesystem  user
3337                     ID  of  the  dumping  process and no security is applied.
3338                     This is intended for system  debugging  situations  only:
3339                     this  mode  is  insecure  because  it allows unprivileged
3340                     users to examine the memory contents of  privileged  pro‐
3341                     cesses.
3342
3343              2 ("suidsafe")
3344                     Any  binary  which  normally would not be dumped (see "0"
3345                     above) is dumped readable by root only.  This allows  the
3346                     user  to  remove  the  core dump file but not to read it.
3347                     For security reasons core dumps in  this  mode  will  not
3348                     overwrite  one  another or other files.  This mode is ap‐
3349                     propriate when administrators  are  attempting  to  debug
3350                     problems in a normal environment.
3351
3352                     Additionally, since Linux 3.6, /proc/sys/kernel/core_pat‐
3353                     tern must either be an absolute pathname or a  pipe  com‐
3354                     mand,  as  detailed in core(5).  Warnings will be written
3355                     to the kernel log if core_pattern does not  follow  these
3356                     rules, and no core dump will be produced.
3357
3358              For  details  of the effect of a process's "dumpable" setting on
3359              ptrace access mode checking, see ptrace(2).
3360
3361       /proc/sys/fs/super-max
3362              This file controls the maximum number of superblocks,  and  thus
3363              the  maximum  number of mounted filesystems the kernel can have.
3364              You need increase only super-max  if  you  need  to  mount  more
3365              filesystems than the current value in super-max allows you to.
3366
3367       /proc/sys/fs/super-nr
3368              This file contains the number of filesystems currently mounted.
3369
3370       /proc/sys/kernel
3371              This  directory contains files controlling a range of kernel pa‐
3372              rameters, as described below.
3373
3374       /proc/sys/kernel/acct
3375              This file contains three numbers: highwater, lowwater, and  fre‐
3376              quency.   If BSD-style process accounting is enabled, these val‐
3377              ues control its behavior.  If free space on filesystem where the
3378              log  lives goes below lowwater percent, accounting suspends.  If
3379              free space gets above  highwater  percent,  accounting  resumes.
3380              frequency  determines  how often the kernel checks the amount of
3381              free space (value is in seconds).  Default values are 4, 2,  and
3382              30.   That  is,  suspend accounting if 2% or less space is free;
3383              resume it if 4% or more  space  is  free;  consider  information
3384              about amount of free space valid for 30 seconds.
3385
3386       /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to Linux 3.18)
3387              From  Linux  2.6.27 to Linux 3.18, this file was used to control
3388              recomputing of the value in /proc/sys/kernel/msgmni upon the ad‐
3389              dition  or  removal of memory or upon IPC namespace creation/re‐
3390              moval.  Echoing "1" into this file enabled msgmni automatic  re‐
3391              computing  (and triggered a recomputation of msgmni based on the
3392              current amount of available  memory  and  number  of  IPC  name‐
3393              spaces).   Echoing  "0"  disabled automatic recomputing.  (Auto‐
3394              matic recomputing was also disabled if a  value  was  explicitly
3395              assigned  to  /proc/sys/kernel/msgmni.)   The  default  value in
3396              auto_msgmni was 1.
3397
3398              Since Linux 3.19, the content of this file has  no  effect  (be‐
3399              cause  msgmni  defaults to near the maximum value possible), and
3400              reads from this file always return the value "0".
3401
3402       /proc/sys/kernel/cap_last_cap (since Linux 3.2)
3403              See capabilities(7).
3404
3405       /proc/sys/kernel/cap-bound (from Linux 2.2 to Linux 2.6.24)
3406              This file holds the value of the kernel capability bounding  set
3407              (expressed  as  a  signed  decimal  number).   This set is ANDed
3408              against the capabilities  permitted  to  a  process  during  ex‐
3409              ecve(2).  Starting with Linux 2.6.25, the system-wide capability
3410              bounding set disappeared,  and  was  replaced  by  a  per-thread
3411              bounding set; see capabilities(7).
3412
3413       /proc/sys/kernel/core_pattern
3414              See core(5).
3415
3416       /proc/sys/kernel/core_pipe_limit
3417              See core(5).
3418
3419       /proc/sys/kernel/core_uses_pid
3420              See core(5).
3421
3422       /proc/sys/kernel/ctrl-alt-del
3423              This  file  controls  the handling of Ctrl-Alt-Del from the key‐
3424              board.  When the value  in  this  file  is  0,  Ctrl-Alt-Del  is
3425              trapped  and  sent  to  the init(1) program to handle a graceful
3426              restart.  When the value is greater than zero, Linux's  reaction
3427              to  a Vulcan Nerve Pinch (tm) will be an immediate reboot, with‐
3428              out even syncing its dirty buffers.  Note: when a program  (like
3429              dosemu)  has the keyboard in "raw" mode, the Ctrl-Alt-Del is in‐
3430              tercepted by the program before it ever reaches the  kernel  tty
3431              layer, and it's up to the program to decide what to do with it.
3432
3433       /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
3434              The value in this file determines who can see kernel syslog con‐
3435              tents.  A value of 0 in this file imposes no  restrictions.   If
3436              the  value  is 1, only privileged users can read the kernel sys‐
3437              log.  (See syslog(2) for more details.)  Since Linux  3.4,  only
3438              users  with the CAP_SYS_ADMIN capability may change the value in
3439              this file.
3440
3441       /proc/sys/kernel/domainname and /proc/sys/kernel/hostname
3442              can be used to set the NIS/YP domainname  and  the  hostname  of
3443              your  box  in exactly the same way as the commands domainname(1)
3444              and hostname(1), that is:
3445
3446                  # echo 'darkstar' > /proc/sys/kernel/hostname
3447                  # echo 'mydomain' > /proc/sys/kernel/domainname
3448
3449              has the same effect as
3450
3451                  # hostname 'darkstar'
3452                  # domainname 'mydomain'
3453
3454              Note, however, that the classic darkstar.frop.org has the  host‐
3455              name "darkstar" and DNS (Internet Domain Name Server) domainname
3456              "frop.org", not to be confused with the NIS (Network Information
3457              Service)  or  YP  (Yellow  Pages)  domainname.  These two domain
3458              names are in general different.  For a detailed  discussion  see
3459              the hostname(1) man page.
3460
3461       /proc/sys/kernel/hotplug
3462              This  file  contains  the pathname for the hotplug policy agent.
3463              The default value in this file is /sbin/hotplug.
3464
3465       /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
3466              (PowerPC only) If this file is set to a nonzero value, the  Pow‐
3467              erPC  htab  (see kernel file Documentation/powerpc/ppc_htab.txt)
3468              is pruned each time the system hits the idle loop.
3469
3470       /proc/sys/kernel/keys/*
3471              This directory contains various files that define parameters and
3472              limits  for  the  key-management  facility.  These files are de‐
3473              scribed in keyrings(7).
3474
3475       /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
3476              The value in this file determines whether kernel  addresses  are
3477              exposed  via  /proc files and other interfaces.  A value of 0 in
3478              this file imposes no restrictions.  If the value  is  1,  kernel
3479              pointers printed using the %pK format specifier will be replaced
3480              with zeros unless the user has the  CAP_SYSLOG  capability.   If
3481              the  value  is  2,  kernel pointers printed using the %pK format
3482              specifier will be replaced with zeros regardless of  the  user's
3483              capabilities.   The  initial  default value for this file was 1,
3484              but the default was changed to 0 in Linux 2.6.39.   Since  Linux
3485              3.4, only users with the CAP_SYS_ADMIN capability can change the
3486              value in this file.
3487
3488       /proc/sys/kernel/l2cr
3489              (PowerPC only) This file contains a flag that  controls  the  L2
3490              cache of G3 processor boards.  If 0, the cache is disabled.  En‐
3491              abled if nonzero.
3492
3493       /proc/sys/kernel/modprobe
3494              This file contains the pathname for the  kernel  module  loader.
3495              The  default  value is /sbin/modprobe.  The file is present only
3496              if the kernel is built with the CONFIG_MODULES  (CONFIG_KMOD  in
3497              Linux  2.6.26  and  earlier) option enabled.  It is described by
3498              the Linux kernel  source  file  Documentation/kmod.txt  (present
3499              only in Linux 2.4 and earlier).
3500
3501       /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
3502              A toggle value indicating if modules are allowed to be loaded in
3503              an otherwise modular kernel.  This toggle defaults to  off  (0),
3504              but  can  be  set  true  (1).  Once true, modules can be neither
3505              loaded nor unloaded, and the toggle cannot be set back to false.
3506              The  file  is  present only if the kernel is built with the CON‐
3507              FIG_MODULES option enabled.
3508
3509       /proc/sys/kernel/msgmax (since Linux 2.2)
3510              This file defines a system-wide  limit  specifying  the  maximum
3511              number  of  bytes in a single message written on a System V mes‐
3512              sage queue.
3513
3514       /proc/sys/kernel/msgmni (since Linux 2.4)
3515              This file defines the system-wide limit on the number of message
3516              queue identifiers.  See also /proc/sys/kernel/auto_msgmni.
3517
3518       /proc/sys/kernel/msgmnb (since Linux 2.2)
3519              This file defines a system-wide parameter used to initialize the
3520              msg_qbytes setting for subsequently created message queues.  The
3521              msg_qbytes  setting  specifies  the maximum number of bytes that
3522              may be written to the message queue.
3523
3524       /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
3525              This is a read-only file that displays the upper  limit  on  the
3526              number of a process's group memberships.
3527
3528       /proc/sys/kernel/ns_last_pid (since Linux 3.3)
3529              See pid_namespaces(7).
3530
3531       /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
3532              These files give substrings of /proc/version.
3533
3534       /proc/sys/kernel/overflowgid and /proc/sys/kernel/overflowuid
3535              These  files  duplicate  the  files /proc/sys/fs/overflowgid and
3536              /proc/sys/fs/overflowuid.
3537
3538       /proc/sys/kernel/panic
3539              This  file  gives  read/write  access  to  the  kernel  variable
3540              panic_timeout.   If  this  is  zero,  the  kernel will loop on a
3541              panic; if nonzero, it indicates that the kernel  should  autore‐
3542              boot  after  this  number of seconds.  When you use the software
3543              watchdog device driver, the recommended setting is 60.
3544
3545       /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
3546              This file controls the kernel's behavior when an oops or BUG  is
3547              encountered.   If this file contains 0, then the system tries to
3548              continue operation.  If it contains 1, then the system delays  a
3549              few  seconds  (to give klogd time to record the oops output) and
3550              then panics.  If the /proc/sys/kernel/panic file  is  also  non‐
3551              zero, then the machine will be rebooted.
3552
3553       /proc/sys/kernel/pid_max (since Linux 2.5.34)
3554              This  file  specifies the value at which PIDs wrap around (i.e.,
3555              the value in this file is one greater  than  the  maximum  PID).
3556              PIDs  greater than this value are not allocated; thus, the value
3557              in this file also acts as a system-wide limit on the total  num‐
3558              ber  of processes and threads.  The default value for this file,
3559              32768, results in the same range of PIDs as on earlier  kernels.
3560              On 32-bit platforms, 32768 is the maximum value for pid_max.  On
3561              64-bit systems, pid_max can be set  to  any  value  up  to  2^22
3562              (PID_MAX_LIMIT, approximately 4 million).
3563
3564       /proc/sys/kernel/powersave-nap (PowerPC only)
3565              This file contains a flag.  If set, Linux-PPC will use the "nap"
3566              mode of powersaving, otherwise the "doze" mode will be used.
3567
3568       /proc/sys/kernel/printk
3569              See syslog(2).
3570
3571       /proc/sys/kernel/pty (since Linux 2.6.4)
3572              This directory contains two files relating to the number of UNIX
3573              98 pseudoterminals (see pts(4)) on the system.
3574
3575       /proc/sys/kernel/pty/max
3576              This file defines the maximum number of pseudoterminals.
3577
3578       /proc/sys/kernel/pty/nr
3579              This  read-only file indicates how many pseudoterminals are cur‐
3580              rently in use.
3581
3582       /proc/sys/kernel/random
3583              This directory contains various parameters controlling the oper‐
3584              ation of the file /dev/random.  See random(4) for further infor‐
3585              mation.
3586
3587       /proc/sys/kernel/random/uuid (since Linux 2.4)
3588              Each read from this read-only file returns a randomly  generated
3589              128-bit UUID, as a string in the standard UUID format.
3590
3591       /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
3592              Select  the address space layout randomization (ASLR) policy for
3593              the system (on architectures that support ASLR).   Three  values
3594              are supported for this file:
3595
3596              0      Turn  ASLR  off.   This  is the default for architectures
3597                     that don't support ASLR, and when the  kernel  is  booted
3598                     with the norandmaps parameter.
3599
3600              1      Make the addresses of mmap(2) allocations, the stack, and
3601                     the VDSO page randomized.  Among other things, this means
3602                     that  shared  libraries  will be loaded at randomized ad‐
3603                     dresses.  The text segment of  PIE-linked  binaries  will
3604                     also  be  loaded  at a randomized address.  This value is
3605                     the default if the kernel was configured with CONFIG_COM‐
3606                     PAT_BRK.
3607
3608              2      (Since  Linux  2.6.25)  Also  support heap randomization.
3609                     This value is the default if the kernel was  not  config‐
3610                     ured with CONFIG_COMPAT_BRK.
3611
3612       /proc/sys/kernel/real-root-dev
3613              This file is documented in the Linux kernel source file Documen‐
3614              tation/admin-guide/initrd.rst (or  Documentation/initrd.txt  be‐
3615              fore Linux 4.10).
3616
3617       /proc/sys/kernel/reboot-cmd (Sparc only)
3618              This  file  seems  to  be a way to give an argument to the SPARC
3619              ROM/Flash boot loader.  Maybe to tell it what to  do  after  re‐
3620              booting?
3621
3622       /proc/sys/kernel/rtsig-max
3623              (Up  to  and  including Linux 2.6.7; see setrlimit(2)) This file
3624              can be used to  tune  the  maximum  number  of  POSIX  real-time
3625              (queued) signals that can be outstanding in the system.
3626
3627       /proc/sys/kernel/rtsig-nr
3628              (Up  to  and including Linux 2.6.7.)  This file shows the number
3629              of POSIX real-time signals currently queued.
3630
3631       /proc/pid/sched_autogroup_enabled (since Linux 2.6.38)
3632              See sched(7).
3633
3634       /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
3635              If this file contains the value zero, then, after a fork(2), the
3636              parent  is  first  scheduled on the CPU.  If the file contains a
3637              nonzero value, then the child is scheduled  first  on  the  CPU.
3638              (Of course, on a multiprocessor system, the parent and the child
3639              might both immediately be scheduled on a CPU.)
3640
3641       /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
3642              See sched_rr_get_interval(2).
3643
3644       /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
3645              See sched(7).
3646
3647       /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
3648              See sched(7).
3649
3650       /proc/sys/kernel/seccomp (since Linux 4.14)
3651              This directory provides additional seccomp information and  con‐
3652              figuration.  See seccomp(2) for further details.
3653
3654       /proc/sys/kernel/sem (since Linux 2.4)
3655              This  file  contains  4 numbers defining limits for System V IPC
3656              semaphores.  These fields are, in order:
3657
3658              SEMMSL The maximum semaphores per semaphore set.
3659
3660              SEMMNS A system-wide limit on the number of  semaphores  in  all
3661                     semaphore sets.
3662
3663              SEMOPM The maximum number of operations that may be specified in
3664                     a semop(2) call.
3665
3666              SEMMNI A system-wide limit on the maximum  number  of  semaphore
3667                     identifiers.
3668
3669       /proc/sys/kernel/sg-big-buff
3670              This file shows the size of the generic SCSI device (sg) buffer.
3671              You can't tune it just yet, but you could change it  at  compile
3672              time  by  editing  include/scsi/sg.h  and  changing the value of
3673              SG_BIG_BUFF.  However, there shouldn't be any reason  to  change
3674              this value.
3675
3676       /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
3677              If  this  file  is set to 1, all System V shared memory segments
3678              will be marked for destruction as soon as the number of attached
3679              processes  falls to zero; in other words, it is no longer possi‐
3680              ble to create shared memory segments that exist independently of
3681              any attached process.
3682
3683              The effect is as though a shmctl(2) IPC_RMID is performed on all
3684              existing segments as well as all segments created in the  future
3685              (until  this  file  is reset to 0).  Note that existing segments
3686              that are attached to no process will  be  immediately  destroyed
3687              when  this  file is set to 1.  Setting this option will also de‐
3688              stroy segments that were created, but never attached, upon  ter‐
3689              mination of the process that created the segment with shmget(2).
3690
3691              Setting  this file to 1 provides a way of ensuring that all Sys‐
3692              tem V shared memory segments are counted  against  the  resource
3693              usage  and  resource limits (see the description of RLIMIT_AS in
3694              getrlimit(2)) of at least one process.
3695
3696              Because setting this file to 1 produces behavior  that  is  non‐
3697              standard and could also break existing applications, the default
3698              value in this file is 0.  Set this file to 1 only if you have  a
3699              good  understanding  of  the semantics of the applications using
3700              System V shared memory on your system.
3701
3702       /proc/sys/kernel/shmall (since Linux 2.2)
3703              This file contains the system-wide limit on the total number  of
3704              pages of System V shared memory.
3705
3706       /proc/sys/kernel/shmmax (since Linux 2.2)
3707              This file can be used to query and set the run-time limit on the
3708              maximum (System V IPC) shared memory segment size  that  can  be
3709              created.  Shared memory segments up to 1 GB are now supported in
3710              the kernel.  This value defaults to SHMMAX.
3711
3712       /proc/sys/kernel/shmmni (since Linux 2.4)
3713              This file specifies the system-wide maximum number of  System  V
3714              shared memory segments that can be created.
3715
3716       /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
3717              The  value  in  this file determines how the file offset affects
3718              the behavior of updating entries in files under /proc/sys.   The
3719              file has three possible values:
3720
3721              -1  This  provides  legacy  handling,  with  no printk warnings.
3722                  Each write(2) must fully contain the value  to  be  written,
3723                  and  multiple  writes on the same file descriptor will over‐
3724                  write the entire value, regardless of the file position.
3725
3726              0   (default) This provides the same behavior  as  for  -1,  but
3727                  printk  warnings  are  written  for  processes  that perform
3728                  writes when the file offset is not 0.
3729
3730              1   Respect the file offset when writing strings into  /proc/sys
3731                  files.   Multiple  writes  will  append to the value buffer.
3732                  Anything written beyond the maximum length of the value buf‐
3733                  fer  will  be  ignored.  Writes to numeric /proc/sys entries
3734                  must always be at file offset 0 and the value must be  fully
3735                  contained in the buffer provided to write(2).
3736
3737       /proc/sys/kernel/sysrq
3738              This  file  controls  the functions allowed to be invoked by the
3739              SysRq key.  By default, the file contains 1 meaning  that  every
3740              possible  SysRq  request  is  allowed (in older kernel versions,
3741              SysRq was disabled by default, and you were required to specifi‐
3742              cally enable it at run-time, but this is not the case any more).
3743              Possible values in this file are:
3744
3745              0    Disable sysrq completely
3746
3747              1    Enable all functions of sysrq
3748
3749              > 1  Bit mask of allowed sysrq functions, as follows:
3750                     2  Enable control of console logging level
3751                     4  Enable control of keyboard (SAK, unraw)
3752                     8  Enable debugging dumps of processes etc.
3753                    16  Enable sync command
3754                    32  Enable remount read-only
3755                    64  Enable signaling of processes (term, kill, oom-kill)
3756                   128  Allow reboot/poweroff
3757                   256  Allow nicing of all real-time tasks
3758
3759              This file is present only if the CONFIG_MAGIC_SYSRQ kernel  con‐
3760              figuration option is enabled.  For further details see the Linux
3761              kernel source file Documentation/admin-guide/sysrq.rst (or Docu‐
3762              mentation/sysrq.txt before Linux 4.10).
3763
3764       /proc/sys/kernel/version
3765              This file contains a string such as:
3766
3767                  #5 Wed Feb 25 21:49:24 MET 1998
3768
3769              The  "#5"  means  that  this is the fifth kernel built from this
3770              source base and the date following it  indicates  the  time  the
3771              kernel was built.
3772
3773       /proc/sys/kernel/threads-max (since Linux 2.3.11)
3774              This  file  specifies  the  system-wide  limit  on the number of
3775              threads (tasks) that can be created on the system.
3776
3777              Since Linux 4.1, the value that can be written to threads-max is
3778              bounded.  The minimum value that can be written is 20.  The max‐
3779              imum value that can be written is  given  by  the  constant  FU‐
3780              TEX_TID_MASK  (0x3fffffff).  If a value outside of this range is
3781              written to threads-max, the error EINVAL occurs.
3782
3783              The value written is checked against the  available  RAM  pages.
3784              If the thread structures would occupy too much (more than 1/8th)
3785              of the available RAM pages, threads-max is reduced accordingly.
3786
3787       /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
3788              See ptrace(2).
3789
3790       /proc/sys/kernel/zero-paged (PowerPC only)
3791              This file contains a flag.  When  enabled  (nonzero),  Linux-PPC
3792              will  pre-zero  pages  in  the  idle  loop, possibly speeding up
3793              get_free_pages.
3794
3795       /proc/sys/net
3796              This directory contains networking stuff.  Explanations for some
3797              of  the  files  under  this directory can be found in tcp(7) and
3798              ip(7).
3799
3800       /proc/sys/net/core/bpf_jit_enable
3801              See bpf(2).
3802
3803       /proc/sys/net/core/somaxconn
3804              This file defines a ceiling value for the  backlog  argument  of
3805              listen(2); see the listen(2) manual page for details.
3806
3807       /proc/sys/proc
3808              This directory may be empty.
3809
3810       /proc/sys/sunrpc
3811              This  directory  supports  Sun remote procedure call for network
3812              filesystem (NFS).  On some systems, it is not present.
3813
3814       /proc/sys/user (since Linux 4.9)
3815              See namespaces(7).
3816
3817       /proc/sys/vm
3818              This directory contains files for memory management tuning, buf‐
3819              fer, and cache management.
3820
3821       /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
3822              This file defines the amount of free memory (in KiB) on the sys‐
3823              tem that should  be  reserved  for  users  with  the  capability
3824              CAP_SYS_ADMIN.
3825
3826              The  default  value  in  this file is the minimum of [3% of free
3827              pages, 8MiB] expressed as KiB.  The default is intended to  pro‐
3828              vide  enough  for the superuser to log in and kill a process, if
3829              necessary, under the default overcommit 'guess' mode (i.e., 0 in
3830              /proc/sys/vm/overcommit_memory).
3831
3832              Systems   running   in  "overcommit  never"  mode  (i.e.,  2  in
3833              /proc/sys/vm/overcommit_memory) should  increase  the  value  in
3834              this  file  to  account  for the full virtual memory size of the
3835              programs used to recover (e.g.,  login(1)  ssh(1),  and  top(1))
3836              Otherwise,  the  superuser  may not be able to log in to recover
3837              the system.  For example, on x86-64 a suitable value  is  131072
3838              (128MiB reserved).
3839
3840              Changing  the value in this file takes effect whenever an appli‐
3841              cation requests memory.
3842
3843       /proc/sys/vm/compact_memory (since Linux 2.6.35)
3844              When 1 is written to this file, all  zones  are  compacted  such
3845              that  free memory is available in contiguous blocks where possi‐
3846              ble.  The effect  of  this  action  can  be  seen  by  examining
3847              /proc/buddyinfo.
3848
3849              Present  only  if  the  kernel  was  configured with CONFIG_COM‐
3850              PACTION.
3851
3852       /proc/sys/vm/drop_caches (since Linux 2.6.16)
3853              Writing to this file causes the kernel  to  drop  clean  caches,
3854              dentries,  and inodes from memory, causing that memory to become
3855              free.  This can be useful for memory management testing and per‐
3856              forming  reproducible filesystem benchmarks.  Because writing to
3857              this file causes the benefits of caching to be lost, it can  de‐
3858              grade overall system performance.
3859
3860              To free pagecache, use:
3861
3862                  echo 1 > /proc/sys/vm/drop_caches
3863
3864              To free dentries and inodes, use:
3865
3866                  echo 2 > /proc/sys/vm/drop_caches
3867
3868              To free pagecache, dentries, and inodes, use:
3869
3870                  echo 3 > /proc/sys/vm/drop_caches
3871
3872              Because  writing  to this file is a nondestructive operation and
3873              dirty objects are not freeable,  the  user  should  run  sync(1)
3874              first.
3875
3876       /proc/sys/vm/sysctl_hugetlb_shm_group (since Linux 2.6.7)
3877              This  writable file contains a group ID that is allowed to allo‐
3878              cate memory using huge pages.  If a  process  has  a  filesystem
3879              group  ID  or any supplementary group ID that matches this group
3880              ID, then it can make huge-page allocations without  holding  the
3881              CAP_IPC_LOCK   capability;  see  memfd_create(2),  mmap(2),  and
3882              shmget(2).
3883
3884       /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
3885              If nonzero, this disables the new 32-bit memory-mapping  layout;
3886              the kernel will use the legacy (2.4) layout for all processes.
3887
3888       /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
3889              Control  how  to kill processes when an uncorrected memory error
3890              (typically a 2-bit error in a memory module) that cannot be han‐
3891              dled  by  the  kernel is detected in the background by hardware.
3892              In some cases (like the page still having a valid copy on disk),
3893              the kernel will handle the failure transparently without affect‐
3894              ing any applications.  But if there is no other up-to-date  copy
3895              of  the data, it will kill processes to prevent any data corrup‐
3896              tions from propagating.
3897
3898              The file has one of the following values:
3899
3900              1      Kill  all  processes  that  have  the  corrupted-and-not-
3901                     reloadable  page  mapped as soon as the corruption is de‐
3902                     tected.  Note that this is not supported for a few  types
3903                     of pages, such as kernel internally allocated data or the
3904                     swap cache, but works for the majority of user pages.
3905
3906              0      Unmap the corrupted page from all processes  and  kill  a
3907                     process only if it tries to access the page.
3908
3909              The  kill is performed using a SIGBUS signal with si_code set to
3910              BUS_MCEERR_AO.  Processes can handle this if they want  to;  see
3911              sigaction(2) for more details.
3912
3913              This  feature is active only on architectures/platforms with ad‐
3914              vanced machine check handling and depends on the hardware  capa‐
3915              bilities.
3916
3917              Applications  can override the memory_failure_early_kill setting
3918              individually with the prctl(2) PR_MCE_KILL operation.
3919
3920              Present only if  the  kernel  was  configured  with  CONFIG_MEM‐
3921              ORY_FAILURE.
3922
3923       /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
3924              Enable memory failure recovery (when supported by the platform).
3925
3926              1      Attempt recovery.
3927
3928              0      Always panic on a memory failure.
3929
3930              Present  only  if  the  kernel  was  configured with CONFIG_MEM‐
3931              ORY_FAILURE.
3932
3933       /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
3934              Enables a system-wide task dump (excluding kernel threads) to be
3935              produced  when the kernel performs an OOM-killing.  The dump in‐
3936              cludes  the  following  information  for  each   task   (thread,
3937              process): thread ID, real user ID, thread group ID (process ID),
3938              virtual memory size, resident set size, the CPU that the task is
3939              scheduled   on,   oom_adj   score   (see   the   description  of
3940              /proc/pid/oom_adj), and command name.  This is helpful to deter‐
3941              mine  why  the  OOM-killer was invoked and to identify the rogue
3942              task that caused it.
3943
3944              If this contains the value zero, this information is suppressed.
3945              On  very  large  systems  with thousands of tasks, it may not be
3946              feasible to dump the memory  state  information  for  each  one.
3947              Such systems should not be forced to incur a performance penalty
3948              in OOM situations when the information may not be desired.
3949
3950              If this is set to nonzero, this information  is  shown  whenever
3951              the OOM-killer actually kills a memory-hogging task.
3952
3953              The default value is 0.
3954
3955       /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
3956              This enables or disables killing the OOM-triggering task in out-
3957              of-memory situations.
3958
3959              If this is set to zero, the OOM-killer will scan through the en‐
3960              tire  tasklist  and  select  a task based on heuristics to kill.
3961              This normally selects a rogue memory-hogging task that frees  up
3962              a large amount of memory when killed.
3963
3964              If  this is set to nonzero, the OOM-killer simply kills the task
3965              that triggered the out-of-memory condition.  This avoids a  pos‐
3966              sibly expensive tasklist scan.
3967
3968              If  /proc/sys/vm/panic_on_oom  is  nonzero,  it takes precedence
3969              over whatever value is  used  in  /proc/sys/vm/oom_kill_allocat‐
3970              ing_task.
3971
3972              The default value is 0.
3973
3974       /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
3975              This writable file provides an alternative to /proc/sys/vm/over‐
3976              commit_ratio    for    controlling    the    CommitLimit    when
3977              /proc/sys/vm/overcommit_memory  has  the value 2.  It allows the
3978              amount of memory overcommitting to be specified as  an  absolute
3979              value  (in  kB),  rather  than  as a percentage, as is done with
3980              overcommit_ratio.  This allows for finer-grained control of Com‐
3981              mitLimit on systems with extremely large memory sizes.
3982
3983              Only  one  of  overcommit_kbytes or overcommit_ratio can have an
3984              effect: if overcommit_kbytes has a nonzero  value,  then  it  is
3985              used  to  calculate  CommitLimit,  otherwise overcommit_ratio is
3986              used.  Writing a value to either of these files causes the value
3987              in the other file to be set to zero.
3988
3989       /proc/sys/vm/overcommit_memory
3990              This  file  contains  the kernel virtual memory accounting mode.
3991              Values are:
3992
3993                     0: heuristic overcommit (this is the default)
3994                     1: always overcommit, never check
3995                     2: always check, never overcommit
3996
3997              In mode 0, calls of mmap(2) with MAP_NORESERVE are not  checked,
3998              and  the default check is very weak, leading to the risk of get‐
3999              ting a process "OOM-killed".
4000
4001              In mode 1, the kernel pretends there is  always  enough  memory,
4002              until  memory  actually runs out.  One use case for this mode is
4003              scientific computing applications that employ large  sparse  ar‐
4004              rays.  Before Linux 2.6.0, any nonzero value implies mode 1.
4005
4006              In mode 2 (available since Linux 2.6), the total virtual address
4007              space that can be allocated (CommitLimit  in  /proc/meminfo)  is
4008              calculated as
4009
4010                  CommitLimit = (total_RAM - total_huge_TLB) *
4011                          overcommit_ratio / 100 + total_swap
4012
4013              where:
4014
4015              •  total_RAM is the total amount of RAM on the system;
4016
4017              •  total_huge_TLB  is  the  amount  of memory set aside for huge
4018                 pages;
4019
4020              •  overcommit_ratio is the value in  /proc/sys/vm/overcommit_ra‐
4021                 tio; and
4022
4023              •  total_swap is the amount of swap space.
4024
4025              For  example,  on  a system with 16 GB of physical RAM, 16 GB of
4026              swap, no space dedicated to huge pages, and an  overcommit_ratio
4027              of 50, this formula yields a CommitLimit of 24 GB.
4028
4029              Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes
4030              is nonzero, then CommitLimit is instead calculated as:
4031
4032                  CommitLimit = overcommit_kbytes + total_swap
4033
4034              See also the  description  of  /proc/sys/vm/admin_reserve_kbytes
4035              and /proc/sys/vm/user_reserve_kbytes.
4036
4037       /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
4038              This  writable  file defines a percentage by which memory can be
4039              overcommitted.  The default value in the file is  50.   See  the
4040              description of /proc/sys/vm/overcommit_memory.
4041
4042       /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
4043              This enables or disables a kernel panic in an out-of-memory sit‐
4044              uation.
4045
4046              If this file is set to the value 0, the kernel's OOM-killer will
4047              kill  some  rogue  process.   Usually, the OOM-killer is able to
4048              kill a rogue process and the system will survive.
4049
4050              If this file is set to the value 1,  then  the  kernel  normally
4051              panics when out-of-memory happens.  However, if a process limits
4052              allocations to certain nodes  using  memory  policies  (mbind(2)
4053              MPOL_BIND)  or  cpusets (cpuset(7)) and those nodes reach memory
4054              exhaustion status, one process may be killed by the  OOM-killer.
4055              No panic occurs in this case: because other nodes' memory may be
4056              free, this means the system as a whole may not have  reached  an
4057              out-of-memory situation yet.
4058
4059              If  this  file  is  set to the value 2, the kernel always panics
4060              when an out-of-memory condition occurs.
4061
4062              The default value is 0.  1 and 2 are for failover of clustering.
4063              Select either according to your policy of failover.
4064
4065       /proc/sys/vm/swappiness
4066              The value in this file controls how aggressively the kernel will
4067              swap memory pages.  Higher values increase aggressiveness, lower
4068              values decrease aggressiveness.  The default value is 60.
4069
4070       /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
4071              Specifies  an amount of memory (in KiB) to reserve for user pro‐
4072              cesses.  This is intended to prevent a user from starting a sin‐
4073              gle  memory hogging process, such that they cannot recover (kill
4074              the hog).  The value in  this  file  has  an  effect  only  when
4075              /proc/sys/vm/overcommit_memory  is  set to 2 ("overcommit never"
4076              mode).  In this case, the system reserves an  amount  of  memory
4077              that  is  the  minimum  of [3% of current process size, user_re‐
4078              serve_kbytes].
4079
4080              The default value in this file is the minimum  of  [3%  of  free
4081              pages, 128MiB] expressed as KiB.
4082
4083              If  the  value  in this file is set to zero, then a user will be
4084              allowed to allocate all free memory with a single process (minus
4085              the  amount reserved by /proc/sys/vm/admin_reserve_kbytes).  Any
4086              subsequent attempts to execute a command will result  in  "fork:
4087              Cannot allocate memory".
4088
4089              Changing  the value in this file takes effect whenever an appli‐
4090              cation requests memory.
4091
4092       /proc/sys/vm/unprivileged_userfaultfd (since Linux 5.2)
4093              This (writable) file exposes a flag that  controls  whether  un‐
4094              privileged  processes  are allowed to employ userfaultfd(2).  If
4095              this file has the value 1, then unprivileged processes  may  use
4096              userfaultfd(2).   If  this  file has the value 0, then only pro‐
4097              cesses that have the CAP_SYS_PTRACE capability may employ  user‐
4098              faultfd(2).  The default value in this file is 1.
4099
4100       /proc/sysrq-trigger (since Linux 2.4.21)
4101              Writing  a  character to this file triggers the same SysRq func‐
4102              tion as typing ALT-SysRq-<character>  (see  the  description  of
4103              /proc/sys/kernel/sysrq).  This file is normally writable only by
4104              root.  For further details see the Linux kernel source file Doc‐
4105              umentation/admin-guide/sysrq.rst (or Documentation/sysrq.txt be‐
4106              fore Linux 4.10).
4107
4108       /proc/sysvipc
4109              Subdirectory containing  the  pseudo-files  msg,  sem  and  shm.
4110              These  files  list the System V Interprocess Communication (IPC)
4111              objects (respectively: message queues,  semaphores,  and  shared
4112              memory)  that  currently  exist on the system, providing similar
4113              information to that available via  ipcs(1).   These  files  have
4114              headers and are formatted (one IPC object per line) for easy un‐
4115              derstanding.  sysvipc(7) provides further background on the  in‐
4116              formation shown by these files.
4117
4118       /proc/thread-self (since Linux 3.17)
4119              This directory refers to the thread accessing the /proc filesys‐
4120              tem, and is identical to the /proc/self/task/tid directory named
4121              by the process thread ID (tid) of the same thread.
4122
4123       /proc/timer_list (since Linux 2.6.21)
4124              This  read-only  file  exposes  a  list of all currently pending
4125              (high-resolution) timers, all clock-event sources, and their pa‐
4126              rameters in a human-readable form.
4127
4128       /proc/timer_stats (from  Linux 2.6.21 until Linux 4.10)
4129              This  is  a  debugging facility to make timer (ab)use in a Linux
4130              system visible to kernel and user-space developers.  It  can  be
4131              used  by  kernel  and user-space developers to verify that their
4132              code does not make undue use of timers.  The goal  is  to  avoid
4133              unnecessary wakeups, thereby optimizing power consumption.
4134
4135              If  enabled in the kernel (CONFIG_TIMER_STATS), but not used, it
4136              has almost zero run-time overhead and a relatively  small  data-
4137              structure  overhead.  Even if collection is enabled at run time,
4138              overhead is low: all  the  locking  is  per-CPU  and  lookup  is
4139              hashed.
4140
4141              The  /proc/timer_stats file is used both to control sampling fa‐
4142              cility and to read out the sampled information.
4143
4144              The timer_stats functionality is inactive on bootup.  A sampling
4145              period can be started using the following command:
4146
4147                  # echo 1 > /proc/timer_stats
4148
4149              The following command stops a sampling period:
4150
4151                  # echo 0 > /proc/timer_stats
4152
4153              The statistics can be retrieved by:
4154
4155                  $ cat /proc/timer_stats
4156
4157              While  sampling  is enabled, each readout from /proc/timer_stats
4158              will see newly updated statistics.  Once sampling  is  disabled,
4159              the  sampled  information  is  kept until a new sample period is
4160              started.  This allows multiple readouts.
4161
4162              Sample output from /proc/timer_stats:
4163
4164                  $ cat /proc/timer_stats
4165                  Timer Stats Version: v0.3
4166                  Sample period: 1.764 s
4167                  Collection: active
4168                    255,     0 swapper/3        hrtimer_start_range_ns (tick_sched_timer)
4169                     71,     0 swapper/1        hrtimer_start_range_ns (tick_sched_timer)
4170                     58,     0 swapper/0        hrtimer_start_range_ns (tick_sched_timer)
4171                      4,  1694 gnome-shell      mod_delayed_work_on (delayed_work_timer_fn)
4172                     17,     7 rcu_sched        rcu_gp_kthread (process_timeout)
4173                  ...
4174                      1,  4911 kworker/u16:0    mod_delayed_work_on (delayed_work_timer_fn)
4175                     1D,  2522 kworker/0:0      queue_delayed_work_on (delayed_work_timer_fn)
4176                  1029 total events, 583.333 events/sec
4177
4178              The output columns are:
4179
4180              [1]  a count of the number of events,  optionally  (since  Linux
4181                   2.6.23)  followed by the letter 'D' if this is a deferrable
4182                   timer;
4183
4184              [2]  the PID of the process that initialized the timer;
4185
4186              [3]  the name of the process that initialized the timer;
4187
4188              [4]  the function where  the  timer  was  initialized;  and  (in
4189                   parentheses)  the callback function that is associated with
4190                   the timer.
4191
4192              During the Linux 4.11 development cycle, this file  was  removed
4193              because  of  security concerns, as it exposes information across
4194              namespaces.  Furthermore, it is possible to obtain the same  in‐
4195              formation via in-kernel tracing facilities such as ftrace.
4196
4197       /proc/tty
4198              Subdirectory  containing the pseudo-files and subdirectories for
4199              tty drivers and line disciplines.
4200
4201       /proc/uptime
4202              This file contains two numbers (values in seconds):  the  uptime
4203              of  the  system (including time spent in suspend) and the amount
4204              of time spent in the idle process.
4205
4206       /proc/version
4207              This string identifies the kernel version that is currently run‐
4208              ning.   It  includes  the  contents  of /proc/sys/kernel/ostype,
4209              /proc/sys/kernel/osrelease, and  /proc/sys/kernel/version.   For
4210              example:
4211
4212                  Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
4213
4214       /proc/vmstat (since Linux 2.6.0)
4215              This file displays various virtual memory statistics.  Each line
4216              of this file contains a single  name-value  pair,  delimited  by
4217              white space.  Some lines are present only if the kernel was con‐
4218              figured with suitable options.  (In some cases, the options  re‐
4219              quired for particular files have changed across kernel versions,
4220              so they are not listed here.  Details can be found by consulting
4221              the kernel source code.)  The following fields may be present:
4222
4223              nr_free_pages (since Linux 2.6.31)
4224
4225              nr_alloc_batch (since Linux 3.12)
4226
4227              nr_inactive_anon (since Linux 2.6.28)
4228
4229              nr_active_anon (since Linux 2.6.28)
4230
4231              nr_inactive_file (since Linux 2.6.28)
4232
4233              nr_active_file (since Linux 2.6.28)
4234
4235              nr_unevictable (since Linux 2.6.28)
4236
4237              nr_mlock (since Linux 2.6.28)
4238
4239              nr_anon_pages (since Linux 2.6.18)
4240
4241              nr_mapped (since Linux 2.6.0)
4242
4243              nr_file_pages (since Linux 2.6.18)
4244
4245              nr_dirty (since Linux 2.6.0)
4246
4247              nr_writeback (since Linux 2.6.0)
4248
4249              nr_slab_reclaimable (since Linux 2.6.19)
4250
4251              nr_slab_unreclaimable (since Linux 2.6.19)
4252
4253              nr_page_table_pages (since Linux 2.6.0)
4254
4255              nr_kernel_stack (since Linux 2.6.32)
4256                     Amount of memory allocated to kernel stacks.
4257
4258              nr_unstable (since Linux 2.6.0)
4259
4260              nr_bounce (since Linux 2.6.12)
4261
4262              nr_vmscan_write (since Linux 2.6.19)
4263
4264              nr_vmscan_immediate_reclaim (since Linux 3.2)
4265
4266              nr_writeback_temp (since Linux 2.6.26)
4267
4268              nr_isolated_anon (since Linux 2.6.32)
4269
4270              nr_isolated_file (since Linux 2.6.32)
4271
4272              nr_shmem (since Linux 2.6.32)
4273                     Pages used by shmem and tmpfs(5).
4274
4275              nr_dirtied (since Linux 2.6.37)
4276
4277              nr_written (since Linux 2.6.37)
4278
4279              nr_pages_scanned (since Linux 3.17)
4280
4281              numa_hit (since Linux 2.6.18)
4282
4283              numa_miss (since Linux 2.6.18)
4284
4285              numa_foreign (since Linux 2.6.18)
4286
4287              numa_interleave (since Linux 2.6.18)
4288
4289              numa_local (since Linux 2.6.18)
4290
4291              numa_other (since Linux 2.6.18)
4292
4293              workingset_refault (since Linux 3.15)
4294
4295              workingset_activate (since Linux 3.15)
4296
4297              workingset_nodereclaim (since Linux 3.15)
4298
4299              nr_anon_transparent_hugepages (since Linux 2.6.38)
4300
4301              nr_free_cma (since Linux 3.7)
4302                     Number of free CMA (Contiguous Memory Allocator) pages.
4303
4304              nr_dirty_threshold (since Linux 2.6.37)
4305
4306              nr_dirty_background_threshold (since Linux 2.6.37)
4307
4308              pgpgin (since Linux 2.6.0)
4309
4310              pgpgout (since Linux 2.6.0)
4311
4312              pswpin (since Linux 2.6.0)
4313
4314              pswpout (since Linux 2.6.0)
4315
4316              pgalloc_dma (since Linux 2.6.5)
4317
4318              pgalloc_dma32 (since Linux 2.6.16)
4319
4320              pgalloc_normal (since Linux 2.6.5)
4321
4322              pgalloc_high (since Linux 2.6.5)
4323
4324              pgalloc_movable (since Linux 2.6.23)
4325
4326              pgfree (since Linux 2.6.0)
4327
4328              pgactivate (since Linux 2.6.0)
4329
4330              pgdeactivate (since Linux 2.6.0)
4331
4332              pgfault (since Linux 2.6.0)
4333
4334              pgmajfault (since Linux 2.6.0)
4335
4336              pgrefill_dma (since Linux 2.6.5)
4337
4338              pgrefill_dma32 (since Linux 2.6.16)
4339
4340              pgrefill_normal (since Linux 2.6.5)
4341
4342              pgrefill_high (since Linux 2.6.5)
4343
4344              pgrefill_movable (since Linux 2.6.23)
4345
4346              pgsteal_kswapd_dma (since Linux 3.4)
4347
4348              pgsteal_kswapd_dma32 (since Linux 3.4)
4349
4350              pgsteal_kswapd_normal (since Linux 3.4)
4351
4352              pgsteal_kswapd_high (since Linux 3.4)
4353
4354              pgsteal_kswapd_movable (since Linux 3.4)
4355
4356              pgsteal_direct_dma
4357
4358              pgsteal_direct_dma32 (since Linux 3.4)
4359
4360              pgsteal_direct_normal (since Linux 3.4)
4361
4362              pgsteal_direct_high (since Linux 3.4)
4363
4364              pgsteal_direct_movable (since Linux 2.6.23)
4365
4366              pgscan_kswapd_dma
4367
4368              pgscan_kswapd_dma32 (since Linux 2.6.16)
4369
4370              pgscan_kswapd_normal (since Linux 2.6.5)
4371
4372              pgscan_kswapd_high
4373
4374              pgscan_kswapd_movable (since Linux 2.6.23)
4375
4376              pgscan_direct_dma
4377
4378              pgscan_direct_dma32 (since Linux 2.6.16)
4379
4380              pgscan_direct_normal
4381
4382              pgscan_direct_high
4383
4384              pgscan_direct_movable (since Linux 2.6.23)
4385
4386              pgscan_direct_throttle (since Linux 3.6)
4387
4388              zone_reclaim_failed (since linux 2.6.31)
4389
4390              pginodesteal (since linux 2.6.0)
4391
4392              slabs_scanned (since linux 2.6.5)
4393
4394              kswapd_inodesteal (since linux 2.6.0)
4395
4396              kswapd_low_wmark_hit_quickly (since Linux 2.6.33)
4397
4398              kswapd_high_wmark_hit_quickly (since Linux 2.6.33)
4399
4400              pageoutrun (since Linux 2.6.0)
4401
4402              allocstall (since Linux 2.6.0)
4403
4404              pgrotated (since Linux 2.6.0)
4405
4406              drop_pagecache (since Linux 3.15)
4407
4408              drop_slab (since Linux 3.15)
4409
4410              numa_pte_updates (since Linux 3.8)
4411
4412              numa_huge_pte_updates (since Linux 3.13)
4413
4414              numa_hint_faults (since Linux 3.8)
4415
4416              numa_hint_faults_local (since Linux 3.8)
4417
4418              numa_pages_migrated (since Linux 3.8)
4419
4420              pgmigrate_success (since Linux 3.8)
4421
4422              pgmigrate_fail (since Linux 3.8)
4423
4424              compact_migrate_scanned (since Linux 3.8)
4425
4426              compact_free_scanned (since Linux 3.8)
4427
4428              compact_isolated (since Linux 3.8)
4429
4430              compact_stall (since Linux 2.6.35)
4431                     See    the    kernel    source   file   Documentation/ad‐
4432                     min-guide/mm/transhuge.rst.
4433
4434              compact_fail (since Linux 2.6.35)
4435                     See   the   kernel    source    file    Documentation/ad‐
4436                     min-guide/mm/transhuge.rst.
4437
4438              compact_success (since Linux 2.6.35)
4439                     See    the    kernel    source   file   Documentation/ad‐
4440                     min-guide/mm/transhuge.rst.
4441
4442              htlb_buddy_alloc_success (since Linux 2.6.26)
4443
4444              htlb_buddy_alloc_fail (since Linux 2.6.26)
4445
4446              unevictable_pgs_culled (since Linux 2.6.28)
4447
4448              unevictable_pgs_scanned (since Linux 2.6.28)
4449
4450              unevictable_pgs_rescued (since Linux 2.6.28)
4451
4452              unevictable_pgs_mlocked (since Linux 2.6.28)
4453
4454              unevictable_pgs_munlocked (since Linux 2.6.28)
4455
4456              unevictable_pgs_cleared (since Linux 2.6.28)
4457
4458              unevictable_pgs_stranded (since Linux 2.6.28)
4459
4460              thp_fault_alloc (since Linux 2.6.39)
4461                     See   the   kernel    source    file    Documentation/ad‐
4462                     min-guide/mm/transhuge.rst.
4463
4464              thp_fault_fallback (since Linux 2.6.39)
4465                     See    the    kernel    source   file   Documentation/ad‐
4466                     min-guide/mm/transhuge.rst.
4467
4468              thp_collapse_alloc (since Linux 2.6.39)
4469                     See   the   kernel    source    file    Documentation/ad‐
4470                     min-guide/mm/transhuge.rst.
4471
4472              thp_collapse_alloc_failed (since Linux 2.6.39)
4473                     See    the    kernel    source   file   Documentation/ad‐
4474                     min-guide/mm/transhuge.rst.
4475
4476              thp_split (since Linux 2.6.39)
4477                     See   the   kernel    source    file    Documentation/ad‐
4478                     min-guide/mm/transhuge.rst.
4479
4480              thp_zero_page_alloc (since Linux 3.8)
4481                     See    the    kernel    source   file   Documentation/ad‐
4482                     min-guide/mm/transhuge.rst.
4483
4484              thp_zero_page_alloc_failed (since Linux 3.8)
4485                     See   the   kernel    source    file    Documentation/ad‐
4486                     min-guide/mm/transhuge.rst.
4487
4488              balloon_inflate (since Linux 3.18)
4489
4490              balloon_deflate (since Linux 3.18)
4491
4492              balloon_migrate (since Linux 3.18)
4493
4494              nr_tlb_remote_flush (since Linux 3.12)
4495
4496              nr_tlb_remote_flush_received (since Linux 3.12)
4497
4498              nr_tlb_local_flush_all (since Linux 3.12)
4499
4500              nr_tlb_local_flush_one (since Linux 3.12)
4501
4502              vmacache_find_calls (since Linux 3.16)
4503
4504              vmacache_find_hits (since Linux 3.16)
4505
4506              vmacache_full_flushes (since Linux 3.19)
4507
4508       /proc/zoneinfo (since Linux 2.6.13)
4509              This file displays information about memory zones.  This is use‐
4510              ful for analyzing virtual memory behavior.
4511