1KCMP(2) Linux Programmer's Manual KCMP(2)
2
6 kcmp - compare two processes to determine if they share a kernel re‐
7 source
8
10 #include <linux/kcmp.h>
11 int kcmp(pid_t pid1, pid_t pid2, int type,
13 unsigned long idx1, unsigned long idx2);
14 Note: There is no glibc wrapper for this system call; see NOTES.
16
18 The kcmp() system call can be used to check whether the two processes
19 identified by pid1 and pid2 share a kernel resource such as virtual
20 memory, file descriptors, and so on.
21 Permission to employ kcmp() is governed by ptrace access mode
23 PTRACE_MODE_READ_REALCREDS checks against both pid1 and pid2; see
24 ptrace(2).
25 The type argument specifies which resource is to be compared in the two
27 processes. It has one of the following values:
28 KCMP_FILE
30 Check whether a file descriptor idx1 in the process pid1 refers
31 to the same open file description (see open(2)) as file descrip‐
32 tor idx2 in the process pid2. The existence of two file de‐
33 scriptors that refer to the same open file description can occur
34 as a result of dup(2) (and similar) fork(2), or passing file de‐
35 scriptors via a domain socket (see unix(7)).
36 KCMP_FILES
38 Check whether the processes share the same set of open file de‐
39 scriptors. The arguments idx1 and idx2 are ignored. See the
40 discussion of the CLONE_FILES flag in clone(2).
41 KCMP_FS
43 Check whether the processes share the same filesystem informa‐
44 tion (i.e., file mode creation mask, working directory, and
45 filesystem root). The arguments idx1 and idx2 are ignored. See
46 the discussion of the CLONE_FS flag in clone(2).
47 KCMP_IO
49 Check whether the processes share I/O context. The arguments
50 idx1 and idx2 are ignored. See the discussion of the CLONE_IO
51 flag in clone(2).
52 KCMP_SIGHAND
54 Check whether the processes share the same table of signal dis‐
55 positions. The arguments idx1 and idx2 are ignored. See the
56 discussion of the CLONE_SIGHAND flag in clone(2).
57 KCMP_SYSVSEM
59 Check whether the processes share the same list of System V sem‐
60 aphore undo operations. The arguments idx1 and idx2 are ig‐
61 nored. See the discussion of the CLONE_SYSVSEM flag in
62 clone(2).
63 KCMP_VM
65 Check whether the processes share the same address space. The
66 arguments idx1 and idx2 are ignored. See the discussion of the
67 CLONE_VM flag in clone(2).
68 KCMP_EPOLL_TFD (since Linux 4.13)
70 Check whether the file descriptor idx1 of the process pid1 is
71 present in the epoll(7) instance described by idx2 of the
72 process pid2. The argument idx2 is a pointer to a structure
73 where the target file is described. This structure has the
74 form:
75 struct kcmp_epoll_slot {
77 __u32 efd;
78 __u32 tfd;
79 __u64 toff;
80 };
81 Within this structure, efd is an epoll file descriptor returned from
83 epoll_create(2), tfd is a target file descriptor number, and toff is a
84 target file offset counted from zero. Several different targets may be
85 registered with the same file descriptor number and setting a specific
86 offset helps to investigate each of them.
87 Note the kcmp() is not protected against false positives which may oc‐
89 cur if the processes are currently running. One should stop the pro‐
90 cesses by sending SIGSTOP (see signal(7)) prior to inspection with this
91 system call to obtain meaningful results.
92
94 The return value of a successful call to kcmp() is simply the result of
95 arithmetic comparison of kernel pointers (when the kernel compares re‐
96 sources, it uses their memory addresses).
97 The easiest way to explain is to consider an example. Suppose that v1
99 and v2 are the addresses of appropriate resources, then the return
100 value is one of the following:
101 0 v1 is equal to v2; in other words, the two processes share the
103 resource.
104 1 v1 is less than v2.
106 2 v1 is greater than v2.
108 3 v1 is not equal to v2, but ordering information is unavailable.
110 On error, -1 is returned, and errno is set appropriately.
112 kcmp() was designed to return values suitable for sorting. This is
114 particularly handy if one needs to compare a large number of file de‐
115 scriptors.
116
118 EBADF type is KCMP_FILE and fd1 or fd2 is not an open file descriptor.
119 EFAULT The epoll slot addressed by idx2 is outside of the user's ad‐
121 dress space.
122 EINVAL type is invalid.
124 ENOENT The target file is not present in epoll(7) instance.
126 EPERM Insufficient permission to inspect process resources. The
128 CAP_SYS_PTRACE capability is required to inspect processes that
129 you do not own. Other ptrace limitations may also apply, such
130 as CONFIG_SECURITY_YAMA, which, when /proc/sys/ker‐
131 nel/yama/ptrace_scope is 2, limits kcmp() to child processes;
132 see ptrace(2).
133 ESRCH Process pid1 or pid2 does not exist.
135
137 The kcmp() system call first appeared in Linux 3.5.
138
140 kcmp() is Linux-specific and should not be used in programs intended to
141 be portable.
142
144 Glibc does not provide a wrapper for this system call; call it using
145 syscall(2).
146 This system call is available only if the kernel was configured with
148 CONFIG_CHECKPOINT_RESTORE. The main use of the system call is for the
149 checkpoint/restore in user space (CRIU) feature. The alternative to
150 this system call would have been to expose suitable process information
151 via the proc(5) filesystem; this was deemed to be unsuitable for secu‐
152 rity reasons.
153 See clone(2) for some background information on the shared resources
155 referred to on this page.
156
158 The program below uses kcmp() to test whether pairs of file descriptors
159 refer to the same open file description. The program tests different
160 cases for the file descriptor pairs, as described in the program out‐
161 put. An example run of the program is as follows:
162 $ ./a.out
164 Parent PID is 1144
165 Parent opened file on FD 3
166 PID of child of fork() is 1145
168 Compare duplicate FDs from different processes:
169 kcmp(1145, 1144, KCMP_FILE, 3, 3) ==> same
170 Child opened file on FD 4
171 Compare FDs from distinct open()s in same process:
172 kcmp(1145, 1145, KCMP_FILE, 3, 4) ==> different
173 Child duplicated FD 3 to create FD 5
174 Compare duplicated FDs in same process:
175 kcmp(1145, 1145, KCMP_FILE, 3, 5) ==> same
176 Program source
178 #define _GNU_SOURCE
180 #include <sys/syscall.h>
181 #include <sys/wait.h>
182 #include <sys/stat.h>
183 #include <stdint.h>
184 #include <stdlib.h>
185 #include <stdio.h>
186 #include <unistd.h>
187 #include <fcntl.h>
188 #include <linux/kcmp.h>
189 #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \
191 } while (0)
192 static int
194 kcmp(pid_t pid1, pid_t pid2, int type,
195 unsigned long idx1, unsigned long idx2)
196 {
197 return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
198 }
199 static void
201 test_kcmp(char *msg, pid_t pid1, pid_t pid2, int fd_a, int fd_b)
202 {
203 printf("\t%s\n", msg);
204 printf("\t\tkcmp(%jd, %jd, KCMP_FILE, %d, %d) ==> %s\n",
205 (intmax_t) pid1, (intmax_t) pid2, fd_a, fd_b,
206 (kcmp(pid1, pid2, KCMP_FILE, fd_a, fd_b) == 0) ?
207 "same" : "different");
208 }
209 int
211 main(int argc, char *argv[])
212 {
213 int fd1, fd2, fd3;
214 char pathname[] = "/tmp/kcmp.test";
215 fd1 = open(pathname, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
217 if (fd1 == -1)
218 errExit("open");
219 printf("Parent PID is %jd\n", (intmax_t) getpid());
221 printf("Parent opened file on FD %d\n\n", fd1);
222 switch (fork()) {
224 case -1:
225 errExit("fork");
226 case 0:
228 printf("PID of child of fork() is %jd\n", (intmax_t) getpid());
229 test_kcmp("Compare duplicate FDs from different processes:",
231 getpid(), getppid(), fd1, fd1);
232 fd2 = open(pathname, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
234 if (fd2 == -1)
235 errExit("open");
236 printf("Child opened file on FD %d\n", fd2);
237 test_kcmp("Compare FDs from distinct open()s in same process:",
239 getpid(), getpid(), fd1, fd2);
240 fd3 = dup(fd1);
242 if (fd3 == -1)
243 errExit("dup");
244 printf("Child duplicated FD %d to create FD %d\n", fd1, fd3);
245 test_kcmp("Compare duplicated FDs in same process:",
247 getpid(), getpid(), fd1, fd3);
248 break;
249 default:
251 wait(NULL);
252 }
253 exit(EXIT_SUCCESS);
255 }
256
258 clone(2), unshare(2)
259
261 This page is part of release 5.10 of the Linux man-pages project. A
262 description of the project, information about reporting bugs, and the
263 latest version of this page, can be found at
264 https://www.kernel.org/doc/man-pages/.
265Linux 2020-11-01 KCMP(2)