proc - process information pseudo-filesystem
The
proc filesystem is a pseudo-filesystem which provides an interface to
kernel data structures. It is commonly mounted at
/proc. Typically, it
is mounted automatically by the system, but it can also be mounted manually
using a command such as:
mount -t proc proc /proc
Most of the files in the
proc filesystem are read-only, but some files
are writable, allowing kernel variables to be changed.
The
proc filesystem supports the following mount options:
- hidepid=n (since Linux 3.3)
- This option controls who can access the information in /proc/[pid]
directories. The argument, n, is one of the following values:
- 0
- Everybody may access all /proc/[pid] directories. This is the
traditional behavior, and the default if this mount option is not
specified.
- 1
- Users may not access files and subdirectories inside any
/proc/[pid] directories but their own (the /proc/[pid]
directories themselves remain visible). Sensitive files such as
/proc/[pid]/cmdline and /proc/[pid]/status are now protected
against other users. This makes it impossible to learn whether any user is
running a specific program (so long as the program doesn't otherwise
reveal itself by its behavior).
- 2
- As for mode 1, but in addition the /proc/[pid] directories
belonging to other users become invisible. This means that
/proc/[pid] entries can no longer be used to discover the PIDs on
the system. This doesn't hide the fact that a process with a specific PID
value exists (it can be learned by other means, for example, by "kill
-0 $PID"), but it hides a process's UID and GID, which could
otherwise be learned by employing stat(2) on a /proc/[pid]
directory. This greatly complicates an attacker's task of gathering
information about running processes (e.g., discovering whether some daemon
is running with elevated privileges, whether another user is running some
sensitive program, whether other users are running any program at all, and
so on).
- gid=gid (since Linux 3.3)
- Specifies the ID of a group whose members are authorized to learn process
information otherwise prohibited by hidepid (i.e., users in this
group behave as though /proc was mounted with hidepid=0).
This group should be used instead of approaches such as putting nonroot
users into the sudoers(5) file.
Underneath
/proc, there are the following general groups of files and
subdirectories:
- /proc/[pid] subdirectories
- Each one of these subdirectories contains files and subdirectories
exposing information about the process with the corresponding process
ID.
- Underneath each of the /proc/[pid] directories, a task
subdirectory contains subdirectories of the form task/[tid], which
contain corresponding information about each of the threads in the
process, where tid is the kernel thread ID of the thread.
- The /proc/[pid] subdirectories are visible when iterating through
/proc with getdents(2) (and thus are visible when one uses
ls(1) to view the contents of /proc).
- /proc/[tid] subdirectories
- Each one of these subdirectories contains files and subdirectories
exposing information about the thread with the corresponding thread ID.
The contents of these directories are the same as the corresponding
/proc/[pid]/task/[tid] directories.
- The /proc/[tid] subdirectories are not visible when
iterating through /proc with getdents(2) (and thus are
not visible when one uses ls(1) to view the contents of
/proc).
- /proc/self
- When a process accesses this magic symbolic link, it resolves to the
process's own /proc/[pid] directory.
- /proc/thread-self
- When a thread accesses this magic symbolic link, it resolves to the
process's own /proc/self/task/[tid] directory.
- /proc/[a-z]*
- Various other files and subdirectories under /proc expose
system-wide information.
All of the above are described in more detail below.
The following list provides details of many of the files and directories under
the
/proc hierarchy.
- /proc/[pid]
- There is a numerical subdirectory for each running process; the
subdirectory is named by the process ID. Each /proc/[pid]
subdirectory contains the pseudo-files and directories described
below.
- The files inside each /proc/[pid] directory are normally owned by
the effective user and effective group ID of the process. However, as a
security measure, the ownership is made root:root if the process's
"dumpable" attribute is set to a value other than 1.
- Before Linux 4.11, root:root meant the "global" root user
ID and group ID (i.e., UID 0 and GID 0 in the initial user namespace).
Since Linux 4.11, if the process is in a noninitial user namespace that
has a valid mapping for user (group) ID 0 inside the namespace, then the
user (group) ownership of the files under /proc/[pid] is instead
made the same as the root user (group) ID of the namespace. This means
that inside a container, things work as expected for the container
"root" user.
- The process's "dumpable" attribute may change for the following
reasons:
- *
- The attribute was explicitly set via the prctl(2)
PR_SET_DUMPABLE operation.
- *
- The attribute was reset to the value in the file
/proc/sys/fs/suid_dumpable (described below), for the reasons
described in prctl(2).
- Resetting the "dumpable" attribute to 1 reverts the ownership of
the /proc/[pid]/* files to the process's effective UID and
GID.
- /proc/[pid]/attr
- The files in this directory provide an API for security modules. The
contents of this directory are files that can be read and written in order
to set security-related attributes. This directory was added to support
SELinux, but the intention was that the API be general enough to support
other security modules. For the purpose of explanation, examples of how
SELinux uses these files are provided below.
- This directory is present only if the kernel was configured with
CONFIG_SECURITY.
- /proc/[pid]/attr/current (since Linux 2.6.0)
- The contents of this file represent the current security attributes of the
process.
- In SELinux, this file is used to get the security context of a process.
Prior to Linux 2.6.11, this file could not be used to set the security
context (a write was always denied), since SELinux limited process
security transitions to execve(2) (see the description of
/proc/[pid]/attr/exec, below). Since Linux 2.6.11, SELinux lifted
this restriction and began supporting "set" operations via
writes to this node if authorized by policy, although use of this
operation is only suitable for applications that are trusted to maintain
any desired separation between the old and new security contexts.
- Prior to Linux 2.6.28, SELinux did not allow threads within a
multi-threaded process to set their security context via this node as it
would yield an inconsistency among the security contexts of the threads
sharing the same memory space. Since Linux 2.6.28, SELinux lifted this
restriction and began supporting "set" operations for threads
within a multithreaded process if the new security context is bounded by
the old security context, where the bounded relation is defined in policy
and guarantees that the new security context has a subset of the
permissions of the old security context.
- Other security modules may choose to support "set" operations
via writes to this node.
- /proc/[pid]/attr/exec (since Linux 2.6.0)
- This file represents the attributes to assign to the process upon a
subsequent execve(2).
- In SELinux, this is needed to support role/domain transitions, and
execve(2) is the preferred point to make such transitions because
it offers better control over the initialization of the process in the new
security label and the inheritance of state. In SELinux, this attribute is
reset on execve(2) so that the new program reverts to the default
behavior for any execve(2) calls that it may make. In SELinux, a
process can set only its own /proc/[pid]/attr/exec attribute.
- /proc/[pid]/attr/fscreate (since Linux 2.6.0)
- This file represents the attributes to assign to files created by
subsequent calls to open(2), mkdir(2), symlink(2),
and mknod(2)
- SELinux employs this file to support creation of a file (using the
aforementioned system calls) in a secure state, so that there is no risk
of inappropriate access being obtained between the time of creation and
the time that attributes are set. In SELinux, this attribute is reset on
execve(2), so that the new program reverts to the default behavior
for any file creation calls it may make, but the attribute will persist
across multiple file creation calls within a program unless it is
explicitly reset. In SELinux, a process can set only its own
/proc/[pid]/attr/fscreate attribute.
- /proc/[pid]/attr/keycreate (since Linux 2.6.18)
- If a process writes a security context into this file, all subsequently
created keys (add_key(2)) will be labeled with this context. For
further information, see the kernel source file
Documentation/security/keys/core.rst (or file
Documentation/security/keys.txt on Linux between 3.0 and 4.13, or
Documentation/keys.txt before Linux 3.0).
- /proc/[pid]/attr/prev (since Linux 2.6.0)
- This file contains the security context of the process before the last
execve(2); that is, the previous value of
/proc/[pid]/attr/current.
- /proc/[pid]/attr/socketcreate (since Linux 2.6.18)
- If a process writes a security context into this file, all subsequently
created sockets will be labeled with this context.
- /proc/[pid]/autogroup (since Linux 2.6.38)
- See sched(7).
- /proc/[pid]/auxv (since 2.6.0)
- This contains the contents of the ELF interpreter information passed to
the process at exec time. The format is one unsigned long ID plus
one unsigned long value for each entry. The last entry contains two
zeros. See also getauxval(3).
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- /proc/[pid]/cgroup (since Linux 2.6.24)
- See cgroups(7).
- /proc/[pid]/clear_refs (since Linux 2.6.22)
- This is a write-only file, writable only by owner of the process.
- The following values may be written to the file:
- 1 (since Linux 2.6.22)
- Reset the PG_Referenced and ACCESSED/YOUNG bits for all the pages
associated with the process. (Before kernel 2.6.32, writing any nonzero
value to this file had this effect.)
- 2 (since Linux 2.6.32)
- Reset the PG_Referenced and ACCESSED/YOUNG bits for all anonymous pages
associated with the process.
- 3 (since Linux 2.6.32)
- Reset the PG_Referenced and ACCESSED/YOUNG bits for all file-mapped pages
associated with the process.
- Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a method to
measure approximately how much memory a process is using. One first
inspects the values in the "Referenced" fields for the VMAs
shown in /proc/[pid]/smaps to get an idea of the memory footprint
of the process. One then clears the PG_Referenced and ACCESSED/YOUNG bits
and, after some measured time interval, once again inspects the values in
the "Referenced" fields to get an idea of the change in memory
footprint of the process during the measured interval. If one is
interested only in inspecting the selected mapping types, then the value 2
or 3 can be used instead of 1.
- Further values can be written to affect different properties:
- 4 (since Linux 3.11)
- Clear the soft-dirty bit for all the pages associated with the process.
This is used (in conjunction with /proc/[pid]/pagemap) by the
check-point restore system to discover which pages of a process have been
dirtied since the file /proc/[pid]/clear_refs was written to.
- 5 (since Linux 4.0)
- Reset the peak resident set size ("high water mark") to the
process's current resident set size value.
- Writing any value to /proc/[pid]/clear_refs other than those listed
above has no effect.
- The /proc/[pid]/clear_refs file is present only if the
CONFIG_PROC_PAGE_MONITOR kernel configuration option is
enabled.
- /proc/[pid]/cmdline
- This read-only file holds the complete command line for the process,
unless the process is a zombie. In the latter case, there is nothing in
this file: that is, a read on this file will return 0 characters. The
command-line arguments appear in this file as a set of strings separated
by null bytes ('\0'), with a further null byte after the last string.
- /proc/[pid]/comm (since Linux 2.6.33)
- This file exposes the process's comm value—that is, the
command name associated with the process. Different threads in the same
process may have different comm values, accessible via
/proc/[pid]/task/[tid]/comm. A thread may modify its comm
value, or that of any of other thread in the same thread group (see the
discussion of CLONE_THREAD in clone(2)), by writing to the
file /proc/self/task/[tid]/comm. Strings longer than
TASK_COMM_LEN (16) characters are silently truncated.
- This file provides a superset of the prctl(2) PR_SET_NAME
and PR_GET_NAME operations, and is employed by
pthread_setname_np(3) when used to rename threads other than the
caller.
- /proc/[pid]/coredump_filter (since Linux 2.6.23)
- See core(5).
- /proc/[pid]/cpuset (since Linux 2.6.12)
- See cpuset(7).
- /proc/[pid]/cwd
- This is a symbolic link to the current working directory of the process.
To find out the current working directory of process 20, for instance, you
can do this:
-
$ cd /proc/20/cwd; /bin/pwd
- Note that the pwd command is often a shell built-in, and might not
work properly. In bash(1), you may use pwd -P.
- In a multithreaded process, the contents of this symbolic link are not
available if the main thread has already terminated (typically by calling
pthread_exit(3)).
- Permission to dereference or read (readlink(2)) this symbolic link
is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check;
see ptrace(2).
- /proc/[pid]/environ
- This file contains the initial environment that was set when the currently
executing program was started via execve(2). The entries are
separated by null bytes ('\0'), and there may be a null byte at the end.
Thus, to print out the environment of process 1, you would do:
-
$ cat /proc/1/environ | tr '\000' '\n'
- If, after an execve(2), the process modifies its environment (e.g.,
by calling functions such as putenv(3) or modifying the
environ(7) variable directly), this file will not reflect
those changes.
- Furthermore, a process may change the memory location that this file
refers via prctl(2) operations such as
PR_SET_MM_ENV_START.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- /proc/[pid]/exe
- Under Linux 2.2 and later, this file is a symbolic link containing the
actual pathname of the executed command. This symbolic link can be
dereferenced normally; attempting to open it will open the executable. You
can even type /proc/[pid]/exe to run another copy of the same
executable that is being run by process [pid]. If the pathname has been
unlinked, the symbolic link will contain the string '(deleted)' appended
to the original pathname. In a multithreaded process, the contents of this
symbolic link are not available if the main thread has already terminated
(typically by calling pthread_exit(3)).
- Permission to dereference or read (readlink(2)) this symbolic link
is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check;
see ptrace(2).
- Under Linux 2.0 and earlier, /proc/[pid]/exe is a pointer to the
binary which was executed, and appears as a symbolic link. A
readlink(2) call on this file under Linux 2.0 returns a string in
the format:
-
[device]:inode
- For example, [0301]:1502 would be inode 1502 on device major 03 (IDE, MFM,
etc. drives) minor 01 (first partition on the first drive).
- find(1) with the -inum option can be used to locate the
file.
- /proc/[pid]/fd/
- This is a subdirectory containing one entry for each file which the
process has open, named by its file descriptor, and which is a symbolic
link to the actual file. Thus, 0 is standard input, 1 standard output, 2
standard error, and so on.
- For file descriptors for pipes and sockets, the entries will be symbolic
links whose content is the file type with the inode. A readlink(2)
call on this file returns a string in the format:
-
type:[inode]
- For example, socket:[2248868] will be a socket and its inode is
2248868. For sockets, that inode can be used to find more information in
one of the files under /proc/net/.
- For file descriptors that have no corresponding inode (e.g., file
descriptors produced by bpf(2), epoll_create(2),
eventfd(2), inotify_init(2), perf_event_open(2),
signalfd(2), timerfd_create(2), and userfaultfd(2)),
the entry will be a symbolic link with contents of the form
-
anon_inode:<file-type>
- In many cases (but not all), the file-type is surrounded by square
brackets.
- For example, an epoll file descriptor will have a symbolic link whose
content is the string anon_inode:[eventpoll].
- In a multithreaded process, the contents of this directory are not
available if the main thread has already terminated (typically by calling
pthread_exit(3)).
- Programs that take a filename as a command-line argument, but don't take
input from standard input if no argument is supplied, and programs that
write to a file named as a command-line argument, but don't send their
output to standard output if no argument is supplied, can nevertheless be
made to use standard input or standard output by using
/proc/[pid]/fd files as command-line arguments. For example,
assuming that -i is the flag designating an input file and
-o is the flag designating an output file:
-
$ foobar -i /proc/self/fd/0 -o /proc/self/fd/1 ...
- and you have a working filter.
- /proc/self/fd/N is approximately the same as /dev/fd/N in
some UNIX and UNIX-like systems. Most Linux MAKEDEV scripts symbolically
link /dev/fd to /proc/self/fd, in fact.
- Most systems provide symbolic links /dev/stdin, /dev/stdout,
and /dev/stderr, which respectively link to the files 0,
1, and 2 in /proc/self/fd. Thus the example command
above could be written as:
-
$ foobar -i /dev/stdin -o /dev/stdout ...
- Permission to dereference or read (readlink(2)) the symbolic links
in this directory is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- Note that for file descriptors referring to inodes (pipes and sockets, see
above), those inodes still have permission bits and ownership information
distinct from those of the /proc/[pid]/fd entry, and that the owner
may differ from the user and group IDs of the process. An unprivileged
process may lack permissions to open them, as in this example:
-
$ echo test | sudo -u nobody cat
test
$ echo test | sudo -u nobody cat /proc/self/fd/0
cat: /proc/self/fd/0: Permission denied
- File descriptor 0 refers to the pipe created by the shell and owned by
that shell's user, which is not nobody, so cat does not have
permission to create a new file descriptor to read from that inode, even
though it can still read from its existing file descriptor 0.
- /proc/[pid]/fdinfo/ (since Linux 2.6.22)
- This is a subdirectory containing one entry for each file which the
process has open, named by its file descriptor. The files in this
directory are readable only by the owner of the process. The contents of
each file can be read to obtain information about the corresponding file
descriptor. The content depends on the type of file referred to by the
corresponding file descriptor.
- For regular files and directories, we see something like:
-
$ cat /proc/12015/fdinfo/4
pos: 1000
flags: 01002002
mnt_id: 21
- The fields are as follows:
- pos
- This is a decimal number showing the file offset.
- flags
- This is an octal number that displays the file access mode and file status
flags (see open(2)). If the close-on-exec file descriptor flag is
set, then flags will also include the value O_CLOEXEC.
- Before Linux 3.1, this field incorrectly displayed the setting of
O_CLOEXEC at the time the file was opened, rather than the current
setting of the close-on-exec flag.
- mnt_id
- This field, present since Linux 3.15, is the ID of the mount point
containing this file. See the description of
/proc/[pid]/mountinfo.
- For eventfd file descriptors (see eventfd(2)), we see (since Linux
3.8) the following fields:
-
pos: 0
flags: 02
mnt_id: 10
eventfd-count: 40
- eventfd-count is the current value of the eventfd counter, in
hexadecimal.
- For epoll file descriptors (see epoll(7)), we see (since Linux 3.8)
the following fields:
-
pos: 0
flags: 02
mnt_id: 10
tfd: 9 events: 19 data: 74253d2500000009
tfd: 7 events: 19 data: 74253d2500000007
- Each of the lines beginning tfd describes one of the file
descriptors being monitored via the epoll file descriptor (see
epoll_ctl(2) for some details). The tfd field is the number
of the file descriptor. The events field is a hexadecimal mask of
the events being monitored for this file descriptor. The data field
is the data value associated with this file descriptor.
- For signalfd file descriptors (see signalfd(2)), we see (since
Linux 3.8) the following fields:
-
pos: 0
flags: 02
mnt_id: 10
sigmask: 0000000000000006
- sigmask is the hexadecimal mask of signals that are accepted via
this signalfd file descriptor. (In this example, bits 2 and 3 are set,
corresponding to the signals SIGINT and SIGQUIT; see
signal(7).)
- For inotify file descriptors (see inotify(7)), we see (since Linux
3.8) the following fields:
-
pos: 0
flags: 00
mnt_id: 11
inotify wd:2 ino:7ef82a sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:2af87e00220ffd73
inotify wd:1 ino:192627 sdev:800001 mask:800afff ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:27261900802dfd73
- Each of the lines beginning with "inotify" displays information
about one file or directory that is being monitored. The fields in this
line are as follows:
- wd
- A watch descriptor number (in decimal).
- ino
- The inode number of the target file (in hexadecimal).
- sdev
- The ID of the device where the target file resides (in hexadecimal).
- mask
- The mask of events being monitored for the target file (in
hexadecimal).
- If the kernel was built with exportfs support, the path to the target file
is exposed as a file handle, via three hexadecimal fields:
fhandle-bytes, fhandle-type, and f_handle.
- For fanotify file descriptors (see fanotify(7)), we see (since
Linux 3.8) the following fields:
-
pos: 0
flags: 02
mnt_id: 11
fanotify flags:0 event-flags:88002
fanotify ino:19264f sdev:800001 mflags:0 mask:1 ignored_mask:0 fhandle-bytes:8 fhandle-type:1 f_handle:4f261900a82dfd73
- The fourth line displays information defined when the fanotify group was
created via fanotify_init(2):
- flags
- The flags argument given to fanotify_init(2) (expressed in
hexadecimal).
- event-flags
- The event_f_flags argument given to fanotify_init(2)
(expressed in hexadecimal).
- Each additional line shown in the file contains information about one of
the marks in the fanotify group. Most of these fields are as for inotify,
except:
- mflags
- The flags associated with the mark (expressed in hexadecimal).
- mask
- The events mask for this mark (expressed in hexadecimal).
- ignored_mask
- The mask of events that are ignored for this mark (expressed in
hexadecimal).
- For details on these fields, see fanotify_mark(2).
- For timerfd file descriptors (see timerfd(2)), we see (since Linux
3.17) the following fields:
-
pos: 0
flags: 02004002
mnt_id: 13
clockid: 0
ticks: 0
settime flags: 03
it_value: (7695568592, 640020877)
it_interval: (0, 0)
- clockid
- This is the numeric value of the clock ID (corresponding to one of the
CLOCK_* constants defined via <time.h>) that is used
to mark the progress of the timer (in this example, 0 is
CLOCK_REALTIME).
- ticks
- This is the number of timer expirations that have occurred, (i.e., the
value that read(2) on it would return).
- settime flags
- This field lists the flags with which the timerfd was last armed (see
timerfd_settime(2)), in octal (in this example, both
TFD_TIMER_ABSTIME and TFD_TIMER_CANCEL_ON_SET are set).
- it_value
- This field contains the amount of time until the timer will next expire,
expressed in seconds and nanoseconds. This is always expressed as a
relative value, regardless of whether the timer was created using the
TFD_TIMER_ABSTIME flag.
- it_interval
- This field contains the interval of the timer, in seconds and nanoseconds.
(The it_value and it_interval fields contain the values that
timerfd_gettime(2) on this file descriptor would return.)
- /proc/[pid]/gid_map (since Linux 3.5)
- See user_namespaces(7).
- /proc/[pid]/io (since kernel 2.6.20)
- This file contains I/O statistics for the process, for example:
-
# cat /proc/3828/io
rchar: 323934931
wchar: 323929600
syscr: 632687
syscw: 632675
read_bytes: 0
write_bytes: 323932160
cancelled_write_bytes: 0
- The fields are as follows:
- rchar: characters read
- The number of bytes which this task has caused to be read from storage.
This is simply the sum of bytes which this process passed to
read(2) and similar system calls. It includes things such as
terminal I/O and is unaffected by whether or not actual physical disk I/O
was required (the read might have been satisfied from pagecache).
- wchar: characters written
- The number of bytes which this task has caused, or shall cause to be
written to disk. Similar caveats apply here as with rchar.
- syscr: read syscalls
- Attempt to count the number of read I/O operations—that is, system
calls such as read(2) and pread(2).
- syscw: write syscalls
- Attempt to count the number of write I/O operations—that is, system
calls such as write(2) and pwrite(2).
- read_bytes: bytes read
- Attempt to count the number of bytes which this process really did cause
to be fetched from the storage layer. This is accurate for block-backed
filesystems.
- write_bytes: bytes written
- Attempt to count the number of bytes which this process caused to be sent
to the storage layer.
- cancelled_write_bytes:
- The big inaccuracy here is truncate. If a process writes 1MB to a file and
then deletes the file, it will in fact perform no writeout. But it will
have been accounted as having caused 1MB of write. In other words: this
field represents the number of bytes which this process caused to not
happen, by truncating pagecache. A task can cause "negative" I/O
too. If this task truncates some dirty pagecache, some I/O which another
task has been accounted for (in its write_bytes) will not be
happening.
- Note: In the current implementation, things are a bit racy on
32-bit systems: if process A reads process B's /proc/[pid]/io while
process B is updating one of these 64-bit counters, process A could see an
intermediate result.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- /proc/[pid]/limits (since Linux 2.6.24)
- This file displays the soft limit, hard limit, and units of measurement
for each of the process's resource limits (see getrlimit(2)). Up to
and including Linux 2.6.35, this file is protected to allow reading only
by the real UID of the process. Since Linux 2.6.36, this file is readable
by all users on the system.
- /proc/[pid]/map_files/ (since kernel 3.3)
- This subdirectory contains entries corresponding to memory-mapped files
(see mmap(2)). Entries are named by memory region start and end
address pair (expressed as hexadecimal numbers), and are symbolic links to
the mapped files themselves. Here is an example, with the output wrapped
and reformatted to fit on an 80-column display:
-
# ls -l /proc/self/map_files/
lr--------. 1 root root 64 Apr 16 21:31
3252e00000-3252e20000 -> /usr/lib64/ld-2.15.so
...
- Although these entries are present for memory regions that were mapped
with the MAP_FILE flag, the way anonymous shared memory (regions
created with the MAP_ANON | MAP_SHARED flags) is implemented in
Linux means that such regions also appear on this directory. Here is an
example where the target file is the deleted /dev/zero one:
-
lrw-------. 1 root root 64 Apr 16 21:33
7fc075d2f000-7fc075e6f000 -> /dev/zero (deleted)
- This directory appears only if the CONFIG_CHECKPOINT_RESTORE kernel
configuration option is enabled. Privilege (CAP_SYS_ADMIN) is
required to view the contents of this directory.
- /proc/[pid]/maps
- A file containing the currently mapped memory regions and their access
permissions. See mmap(2) for some further information about memory
mappings.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- The format of the file is:
-
address perms offset dev inode pathname
00400000-00452000 r-xp 00000000 08:02 173521 /usr/bin/dbus-daemon
00651000-00652000 r--p 00051000 08:02 173521 /usr/bin/dbus-daemon
00652000-00655000 rw-p 00052000 08:02 173521 /usr/bin/dbus-daemon
00e03000-00e24000 rw-p 00000000 00:00 0 [heap]
00e24000-011f7000 rw-p 00000000 00:00 0 [heap]
...
35b1800000-35b1820000 r-xp 00000000 08:02 135522 /usr/lib64/ld-2.15.so
35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522 /usr/lib64/ld-2.15.so
35b1a20000-35b1a21000 rw-p 00020000 08:02 135522 /usr/lib64/ld-2.15.so
35b1a21000-35b1a22000 rw-p 00000000 00:00 0
35b1c00000-35b1dac000 r-xp 00000000 08:02 135870 /usr/lib64/libc-2.15.so
35b1dac000-35b1fac000 ---p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870 /usr/lib64/libc-2.15.so
...
f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0 [stack:986]
...
7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0 [stack]
7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0 [vdso]
- The address field is the address space in the process that the
mapping occupies. The perms field is a set of permissions:
-
r = read
w = write
x = execute
s = shared
p = private (copy on write)
- The offset field is the offset into the file/whatever; dev
is the device (major:minor); inode is the inode on that device. 0
indicates that no inode is associated with the memory region, as would be
the case with BSS (uninitialized data).
- The pathname field will usually be the file that is backing the
mapping. For ELF files, you can easily coordinate with the offset
field by looking at the Offset field in the ELF program headers
(readelf -l).
- There are additional helpful pseudo-paths:
- [stack]
- The initial process's (also known as the main thread's) stack.
- [stack:<tid>] (from Linux 3.4 to 4.4)
- A thread's stack (where the <tid> is a thread ID). It
corresponds to the /proc/[pid]/task/[tid]/ path. This field was
removed in Linux 4.5, since providing this information for a process with
large numbers of threads is expensive.
- [vdso]
- The virtual dynamically linked shared object. See vdso(7).
- [heap]
- The process's heap.
- If the pathname field is blank, this is an anonymous mapping as
obtained via mmap(2). There is no easy way to coordinate this back
to a process's source, short of running it through gdb(1),
strace(1), or similar.
- pathname is shown unescaped except for newline characters, which
are replaced with an octal escape sequence. As a result, it is not
possible to determine whether the original pathname contained a newline
character or the literal \e012 character sequence.
- If the mapping is file-backed and the file has been deleted, the string
" (deleted)" is appended to the pathname. Note that this is
ambiguous too.
- Under Linux 2.0, there is no field giving pathname.
- /proc/[pid]/mem
- This file can be used to access the pages of a process's memory through
open(2), read(2), and lseek(2).
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
- /proc/[pid]/mountinfo (since Linux 2.6.26)
- This file contains information about mount points in the process's mount
namespace (see mount_namespaces(7)). It supplies various
information (e.g., propagation state, root of mount for bind mounts,
identifier for each mount and its parent) that is missing from the (older)
/proc/[pid]/mounts file, and fixes various other problems with that
file (e.g., nonextensibility, failure to distinguish per-mount versus
per-superblock options).
- The file contains lines of the form:
-
36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
(1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11)
- The numbers in parentheses are labels for the descriptions below:
- (1)
- mount ID: a unique ID for the mount (may be reused after
umount(2)).
- (2)
- parent ID: the ID of the parent mount (or of self for the root of this
mount namespace's mount tree).
- If a new mount is stacked on top of a previous existing mount (so that it
hides the existing mount) at pathname P, then the parent of the new mount
is the previous mount at that location. Thus, when looking at all the
mounts stacked at a particular location, the top-most mount is the one
that is not the parent of any other mount at the same location. (Note,
however, that this top-most mount will be accessible only if the longest
path subprefix of P that is a mount point is not itself hidden by a
stacked mount.)
- If the parent mount point lies outside the process's root directory (see
chroot(2)), the ID shown here won't have a corresponding record in
mountinfo whose mount ID (field 1) matches this parent mount ID
(because mount points that lie outside the process's root directory are
not shown in mountinfo). As a special case of this point, the
process's root mount point may have a parent mount (for the initramfs
filesystem) that lies outside the process's root directory, and an entry
for that mount point will not appear in mountinfo.
- (3)
- major:minor: the value of st_dev for files on this filesystem (see
stat(2)).
- (4)
- root: the pathname of the directory in the filesystem which forms the root
of this mount.
- (5)
- mount point: the pathname of the mount point relative to the process's
root directory.
- (6)
- mount options: per-mount options (see mount(2)).
- (7)
- optional fields: zero or more fields of the form "tag[:value]";
see below.
- (8)
- separator: the end of the optional fields is marked by a single
hyphen.
- (9)
- filesystem type: the filesystem type in the form
"type[.subtype]".
- (10)
- mount source: filesystem-specific information or "none".
- (11)
- super options: per-superblock options (see mount(2)).
- Currently, the possible optional fields are shared, master,
propagate_from, and unbindable. See
mount_namespaces(7) for a description of these fields. Parsers
should ignore all unrecognized optional fields.
- For more information on mount propagation see:
Documentation/filesystems/sharedsubtree.txt in the Linux kernel
source tree.
- /proc/[pid]/mounts (since Linux 2.4.19)
- This file lists all the filesystems currently mounted in the process's
mount namespace (see mount_namespaces(7)). The format of this file
is documented in fstab(5).
- Since kernel version 2.6.15, this file is pollable: after opening the file
for reading, a change in this file (i.e., a filesystem mount or unmount)
causes select(2) to mark the file descriptor as having an
exceptional condition, and poll(2) and epoll_wait(2) mark
the file as having a priority event (POLLPRI). (Before Linux
2.6.30, a change in this file was indicated by the file descriptor being
marked as readable for select(2), and being marked as having an
error condition for poll(2) and epoll_wait(2).)
- /proc/[pid]/mountstats (since Linux 2.6.17)
- This file exports information (statistics, configuration information)
about the mount points in the process's mount namespace (see
mount_namespaces(7)). Lines in this file have the form:
-
device /dev/sda7 mounted on /home with fstype ext3 [statistics]
( 1 ) ( 2 ) (3 ) (4)
- The fields in each line are:
- (1)
- The name of the mounted device (or "nodevice" if there is no
corresponding device).
- (2)
- The mount point within the filesystem tree.
- (3)
- The filesystem type.
- (4)
- Optional statistics and configuration information. Currently (as at Linux
2.6.26), only NFS filesystems export information via this field.
- This file is readable only by the owner of the process.
- /proc/[pid]/net (since Linux 2.6.25)
- See the description of /proc/net.
- /proc/[pid]/ns/ (since Linux 3.0)
- This is a subdirectory containing one entry for each namespace that
supports being manipulated by setns(2). For more information, see
namespaces(7).
- /proc/[pid]/numa_maps (since Linux 2.6.14)
- See numa(7).
- /proc/[pid]/oom_adj (since Linux 2.6.11)
- This file can be used to adjust the score used to select which process
should be killed in an out-of-memory (OOM) situation. The kernel uses this
value for a bit-shift operation of the process's oom_score value:
valid values are in the range -16 to +15, plus the special value -17,
which disables OOM-killing altogether for this process. A positive score
increases the likelihood of this process being killed by the OOM-killer; a
negative score decreases the likelihood.
- The default value for this file is 0; a new process inherits its parent's
oom_adj setting. A process must be privileged
(CAP_SYS_RESOURCE) to update this file.
- Since Linux 2.6.36, use of this file is deprecated in favor of
/proc/[pid]/oom_score_adj.
- /proc/[pid]/oom_score (since Linux 2.6.11)
- This file displays the current score that the kernel gives to this process
for the purpose of selecting a process for the OOM-killer. A higher score
means that the process is more likely to be selected by the OOM-killer.
The basis for this score is the amount of memory used by the process, with
increases (+) or decreases (-) for factors including:
- *
- whether the process is privileged (-).
- Before kernel 2.6.36 the following factors were also used in the
calculation of oom_score:
- *
- whether the process creates a lot of children using fork(2)
(+);
- *
- whether the process has been running a long time, or has used a lot of CPU
time (-);
- *
- whether the process has a low nice value (i.e., > 0) (+); and
- *
- whether the process is making direct hardware access (-).
- The oom_score also reflects the adjustment specified by the
oom_score_adj or oom_adj setting for the process.
- /proc/[pid]/oom_score_adj (since Linux 2.6.36)
- This file can be used to adjust the badness heuristic used to select which
process gets killed in out-of-memory conditions.
- The badness heuristic assigns a value to each candidate task ranging from
0 (never kill) to 1000 (always kill) to determine which process is
targeted. The units are roughly a proportion along that range of allowed
memory the process may allocate from, based on an estimation of its
current memory and swap use. For example, if a task is using all allowed
memory, its badness score will be 1000. If it is using half of its allowed
memory, its score will be 500.
- There is an additional factor included in the badness score: root
processes are given 3% extra memory over other tasks.
- The amount of "allowed" memory depends on the context in which
the OOM-killer was called. If it is due to the memory assigned to the
allocating task's cpuset being exhausted, the allowed memory represents
the set of mems assigned to that cpuset (see cpuset(7)). If it is
due to a mempolicy's node(s) being exhausted, the allowed memory
represents the set of mempolicy nodes. If it is due to a memory limit (or
swap limit) being reached, the allowed memory is that configured limit.
Finally, if it is due to the entire system being out of memory, the
allowed memory represents all allocatable resources.
- The value of oom_score_adj is added to the badness score before it
is used to determine which task to kill. Acceptable values range from
-1000 (OOM_SCORE_ADJ_MIN) to +1000 (OOM_SCORE_ADJ_MAX). This allows user
space to control the preference for OOM-killing, ranging from always
preferring a certain task or completely disabling it from OOM killing. The
lowest possible value, -1000, is equivalent to disabling OOM-killing
entirely for that task, since it will always report a badness score of
0.
- Consequently, it is very simple for user space to define the amount of
memory to consider for each task. Setting an oom_score_adj value of
+500, for example, is roughly equivalent to allowing the remainder of
tasks sharing the same system, cpuset, mempolicy, or memory controller
resources to use at least 50% more memory. A value of -500, on the other
hand, would be roughly equivalent to discounting 50% of the task's allowed
memory from being considered as scoring against the task.
- For backward compatibility with previous kernels,
/proc/[pid]/oom_adj can still be used to tune the badness score.
Its value is scaled linearly with oom_score_adj.
- Writing to /proc/[pid]/oom_score_adj or /proc/[pid]/oom_adj
will change the other with its scaled value.
- The choom(1) program provides a command-line interface for
adjusting the oom_score_adj value of a running process or a newly
executed command.
- /proc/[pid]/pagemap (since Linux 2.6.25)
- This file shows the mapping of each of the process's virtual pages into
physical page frames or swap area. It contains one 64-bit value for each
virtual page, with the bits set as follows:
- 63
- If set, the page is present in RAM.
- 62
- If set, the page is in swap space
- 61 (since Linux 3.5)
- The page is a file-mapped page or a shared anonymous page.
- 60–57 (since Linux 3.11)
- Zero
- 56 (since Linux 4.2)
- The page is exclusively mapped.
- 55 (since Linux 3.11)
- PTE is soft-dirty (see the kernel source file
Documentation/admin-guide/mm/soft-dirty.rst).
- 54–0
- If the page is present in RAM (bit 63), then these bits provide the page
frame number, which can be used to index /proc/kpageflags and
/proc/kpagecount. If the page is present in swap (bit 62), then
bits 4–0 give the swap type, and bits 54–5 encode the swap
offset.
- Before Linux 3.11, bits 60–55 were used to encode the base-2 log of
the page size.
- To employ /proc/[pid]/pagemap efficiently, use
/proc/[pid]/maps to determine which areas of memory are actually
mapped and seek to skip over unmapped regions.
- The /proc/[pid]/pagemap file is present only if the
CONFIG_PROC_PAGE_MONITOR kernel configuration option is
enabled.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- /proc/[pid]/personality (since Linux 2.6.28)
- This read-only file exposes the process's execution domain, as set by
personality(2). The value is displayed in hexadecimal
notation.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
- /proc/[pid]/root
- UNIX and Linux support the idea of a per-process root of the filesystem,
set by the chroot(2) system call. This file is a symbolic link that
points to the process's root directory, and behaves in the same way as
exe, and fd/*.
- Note however that this file is not merely a symbolic link. It provides the
same view of the filesystem (including namespaces and the set of
per-process mounts) as the process itself. An example illustrates this
point. In one terminal, we start a shell in new user and mount namespaces,
and in that shell we create some new mount points:
-
$ PS1='sh1# ' unshare -Urnm
sh1# mount -t tmpfs tmpfs /etc # Mount empty tmpfs at /etc
sh1# mount --bind /usr /dev # Mount /usr at /dev
sh1# echo $$
27123
- In a second terminal window, in the initial mount namespace, we look at
the contents of the corresponding mounts in the initial and new
namespaces:
-
$ PS1='sh2# ' sudo sh
sh2# ls /etc | wc -l # In initial NS
309
sh2# ls /proc/27123/root/etc | wc -l # /etc in other NS
0 # The empty tmpfs dir
sh2# ls /dev | wc -l # In initial NS
205
sh2# ls /proc/27123/root/dev | wc -l # /dev in other NS
11 # Actually bind
# mounted to /usr
sh2# ls /usr | wc -l # /usr in initial NS
11
- In a multithreaded process, the contents of the /proc/[pid]/root
symbolic link are not available if the main thread has already terminated
(typically by calling pthread_exit(3)).
- Permission to dereference or read (readlink(2)) this symbolic link
is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check;
see ptrace(2).
- /proc/[pid]/seccomp (Linux 2.6.12 to 2.6.22)
- This file can be used to read and change the process's secure computing
(seccomp) mode setting. It contains the value 0 if the process is not in
seccomp mode, and 1 if the process is in strict seccomp mode (see
seccomp(2)). Writing 1 to this file places the process irreversibly
in strict seccomp mode. (Further attempts to write to the file fail with
the EPERM error.)
- In Linux 2.6.23, this file went away, to be replaced by the
prctl(2) PR_GET_SECCOMP and PR_SET_SECCOMP operations
(and later by seccomp(2) and the Seccomp field in
/proc/[pid]/status).
- /proc/[pid]/setgroups (since Linux 3.19)
- See user_namespaces(7).
- /proc/[pid]/smaps (since Linux 2.6.14)
- This file shows memory consumption for each of the process's mappings.
(The pmap(1) command displays similar information, in a form that
may be easier for parsing.) For each mapping there is a series of lines
such as the following:
-
00400000-0048a000 r-xp 00000000 fd:03 960637 /bin/bash
Size: 552 kB
Rss: 460 kB
Pss: 100 kB
Shared_Clean: 452 kB
Shared_Dirty: 0 kB
Private_Clean: 8 kB
Private_Dirty: 0 kB
Referenced: 460 kB
Anonymous: 0 kB
AnonHugePages: 0 kB
ShmemHugePages: 0 kB
ShmemPmdMapped: 0 kB
Swap: 0 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Locked: 0 kB
ProtectionKey: 0
VmFlags: rd ex mr mw me dw
- The first of these lines shows the same information as is displayed for
the mapping in /proc/[pid]/maps. The following lines show the size
of the mapping, the amount of the mapping that is currently resident in
RAM ("Rss"), the process's proportional share of this mapping
("Pss"), the number of clean and dirty shared pages in the
mapping, and the number of clean and dirty private pages in the mapping.
"Referenced" indicates the amount of memory currently marked as
referenced or accessed. "Anonymous" shows the amount of memory
that does not belong to any file. "Swap" shows how much
would-be-anonymous memory is also used, but out on swap.
- The "KernelPageSize" line (available since Linux 2.6.29) is the
page size used by the kernel to back the virtual memory area. This matches
the size used by the MMU in the majority of cases. However, one
counter-example occurs on PPC64 kernels whereby a kernel using 64kB as a
base page size may still use 4kB pages for the MMU on older processors. To
distinguish the two attributes, the "MMUPageSize" line (also
available since Linux 2.6.29) reports the page size used by the MMU.
- The "Locked" indicates whether the mapping is locked in memory
or not.
- The "ProtectionKey" line (available since Linux 4.9, on x86
only) contains the memory protection key (see pkeys(7)) associated
with the virtual memory area. This entry is present only if the kernel was
built with the CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
configuration option.
- The "VmFlags" line (available since Linux 3.8) represents the
kernel flags associated with the virtual memory area, encoded using the
following two-letter codes:
-
rd - readable
wr - writable
ex - executable
sh - shared
mr - may read
mw - may write
me - may execute
ms - may share
gd - stack segment grows down
pf - pure PFN range
dw - disabled write to the mapped file
lo - pages are locked in memory
io - memory mapped I/O area
sr - sequential read advise provided
rr - random read advise provided
dc - do not copy area on fork
de - do not expand area on remapping
ac - area is accountable
nr - swap space is not reserved for the area
ht - area uses huge tlb pages
nl - non-linear mapping
ar - architecture specific flag
dd - do not include area into core dump
sd - soft-dirty flag
mm - mixed map area
hg - huge page advise flag
nh - no-huge page advise flag
mg - mergeable advise flag
- "ProtectionKey" field contains the memory protection key (see
pkeys(5)) associated with the virtual memory area. Present only if
the kernel was built with the
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS configuration option.
(since Linux 4.6)
- The /proc/[pid]/smaps file is present only if the
CONFIG_PROC_PAGE_MONITOR kernel configuration option is
enabled.
- /proc/[pid]/stack (since Linux 2.6.29)
- This file provides a symbolic trace of the function calls in this
process's kernel stack. This file is provided only if the kernel was built
with the CONFIG_STACKTRACE configuration option.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
- /proc/[pid]/stat
- Status information about the process. This is used by ps(1). It is
defined in the kernel source file fs/proc/array.c.
- The fields, in order, with their proper scanf(3) format specifiers,
are listed below. Whether or not certain of these fields display valid
information is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT
check (refer to ptrace(2)). If the check denies access, then the
field value is displayed as 0. The affected fields are indicated with the
marking [PT].
- (1) pid %d
-
The process ID.
- (2) comm %s
- The filename of the executable, in parentheses. This is visible whether or
not the executable is swapped out.
- (3) state %c
- One of the following characters, indicating process state:
- R
- Running
- S
- Sleeping in an interruptible wait
- D
- Waiting in uninterruptible disk sleep
- Z
- Zombie
- T
- Stopped (on a signal) or (before Linux 2.6.33) trace stopped
- t
- Tracing stop (Linux 2.6.33 onward)
- W
- Paging (only before Linux 2.6.0)
- X
- Dead (from Linux 2.6.0 onward)
- x
- Dead (Linux 2.6.33 to 3.13 only)
- K
- Wakekill (Linux 2.6.33 to 3.13 only)
- W
- Waking (Linux 2.6.33 to 3.13 only)
- P
- Parked (Linux 3.9 to 3.13 only)
- (4) ppid %d
- The PID of the parent of this process.
- (5) pgrp %d
- The process group ID of the process.
- (6) session %d
- The session ID of the process.
- (7) tty_nr %d
- The controlling terminal of the process. (The minor device number is
contained in the combination of bits 31 to 20 and 7 to 0; the major device
number is in bits 15 to 8.)
- (8) tpgid %d
- The ID of the foreground process group of the controlling terminal of the
process.
- (9) flags %u
- The kernel flags word of the process. For bit meanings, see the PF_*
defines in the Linux kernel source file include/linux/sched.h.
Details depend on the kernel version.
- The format for this field was %lu before Linux 2.6.
- (10) minflt %lu
- The number of minor faults the process has made which have not required
loading a memory page from disk.
- (11) cminflt %lu
- The number of minor faults that the process's waited-for children have
made.
- (12) majflt %lu
- The number of major faults the process has made which have required
loading a memory page from disk.
- (13) cmajflt %lu
- The number of major faults that the process's waited-for children have
made.
- (14) utime %lu
- Amount of time that this process has been scheduled in user mode, measured
in clock ticks (divide by sysconf(_SC_CLK_TCK)). This includes
guest time, guest_time (time spent running a virtual CPU, see
below), so that applications that are not aware of the guest time field do
not lose that time from their calculations.
- (15) stime %lu
- Amount of time that this process has been scheduled in kernel mode,
measured in clock ticks (divide by sysconf(_SC_CLK_TCK)).
- (16) cutime %ld
- Amount of time that this process's waited-for children have been scheduled
in user mode, measured in clock ticks (divide by
sysconf(_SC_CLK_TCK)). (See also times(2).) This includes
guest time, cguest_time (time spent running a virtual CPU, see
below).
- (17) cstime %ld
- Amount of time that this process's waited-for children have been scheduled
in kernel mode, measured in clock ticks (divide by
sysconf(_SC_CLK_TCK)).
- (18) priority %ld
- (Explanation for Linux 2.6) For processes running a real-time scheduling
policy (policy below; see sched_setscheduler(2)), this is
the negated scheduling priority, minus one; that is, a number in the range
-2 to -100, corresponding to real-time priorities 1 to 99. For processes
running under a non-real-time scheduling policy, this is the raw nice
value (setpriority(2)) as represented in the kernel. The kernel
stores nice values as numbers in the range 0 (high) to 39 (low),
corresponding to the user-visible nice range of -20 to 19.
- Before Linux 2.6, this was a scaled value based on the scheduler weighting
given to this process.
- (19) nice %ld
- The nice value (see setpriority(2)), a value in the range 19 (low
priority) to -20 (high priority).
- (20) num_threads %ld
- Number of threads in this process (since Linux 2.6). Before kernel 2.6,
this field was hard coded to 0 as a placeholder for an earlier removed
field.
- (21) itrealvalue %ld
- The time in jiffies before the next SIGALRM is sent to the process
due to an interval timer. Since kernel 2.6.17, this field is no longer
maintained, and is hard coded as 0.
- (22) starttime %llu
- The time the process started after system boot. In kernels before Linux
2.6, this value was expressed in jiffies. Since Linux 2.6, the value is
expressed in clock ticks (divide by sysconf(_SC_CLK_TCK)).
- The format for this field was %lu before Linux 2.6.
- (23) vsize %lu
- Virtual memory size in bytes.
- (24) rss %ld
- Resident Set Size: number of pages the process has in real memory. This is
just the pages which count toward text, data, or stack space. This does
not include pages which have not been demand-loaded in, or which are
swapped out.
- (25) rsslim %lu
- Current soft limit in bytes on the rss of the process; see the description
of RLIMIT_RSS in getrlimit(2).
- (26) startcode %lu [PT]
- The address above which program text can run.
- (27) endcode %lu [PT]
- The address below which program text can run.
- (28) startstack %lu [PT]
- The address of the start (i.e., bottom) of the stack.
- (29) kstkesp %lu [PT]
- The current value of ESP (stack pointer), as found in the kernel stack
page for the process.
- (30) kstkeip %lu [PT]
- The current EIP (instruction pointer).
- (31) signal %lu
- The bitmap of pending signals, displayed as a decimal number. Obsolete,
because it does not provide information on real-time signals; use
/proc/[pid]/status instead.
- (32) blocked %lu
- The bitmap of blocked signals, displayed as a decimal number. Obsolete,
because it does not provide information on real-time signals; use
/proc/[pid]/status instead.
- (33) sigignore %lu
- The bitmap of ignored signals, displayed as a decimal number. Obsolete,
because it does not provide information on real-time signals; use
/proc/[pid]/status instead.
- (34) sigcatch %lu
- The bitmap of caught signals, displayed as a decimal number. Obsolete,
because it does not provide information on real-time signals; use
/proc/[pid]/status instead.
- (35) wchan %lu [PT]
- This is the "channel" in which the process is waiting. It is the
address of a location in the kernel where the process is sleeping. The
corresponding symbolic name can be found in /proc/[pid]/wchan.
- (36) nswap %lu
- Number of pages swapped (not maintained).
- (37) cnswap %lu
- Cumulative nswap for child processes (not maintained).
- (38) exit_signal %d (since Linux 2.1.22)
- Signal to be sent to parent when we die.
- (39) processor %d (since Linux 2.2.8)
- CPU number last executed on.
- (40) rt_priority %u (since Linux 2.5.19)
- Real-time scheduling priority, a number in the range 1 to 99 for processes
scheduled under a real-time policy, or 0, for non-real-time processes (see
sched_setscheduler(2)).
- (41) policy %u (since Linux 2.5.19)
- Scheduling policy (see sched_setscheduler(2)). Decode using the
SCHED_* constants in linux/sched.h.
- The format for this field was %lu before Linux 2.6.22.
- (42) delayacct_blkio_ticks %llu (since Linux
2.6.18)
- Aggregated block I/O delays, measured in clock ticks (centiseconds).
- (43) guest_time %lu (since Linux 2.6.24)
- Guest time of the process (time spent running a virtual CPU for a guest
operating system), measured in clock ticks (divide by
sysconf(_SC_CLK_TCK)).
- (44) cguest_time %ld (since Linux 2.6.24)
- Guest time of the process's children, measured in clock ticks (divide by
sysconf(_SC_CLK_TCK)).
- (45) start_data %lu (since Linux 3.3)
[PT]
- Address above which program initialized and uninitialized (BSS) data are
placed.
- (46) end_data %lu (since Linux 3.3)
[PT]
- Address below which program initialized and uninitialized (BSS) data are
placed.
- (47) start_brk %lu (since Linux 3.3)
[PT]
- Address above which program heap can be expanded with brk(2).
- (48) arg_start %lu (since Linux 3.5)
[PT]
- Address above which program command-line arguments (argv) are
placed.
- (49) arg_end %lu (since Linux 3.5)
[PT]
- Address below program command-line arguments (argv) are
placed.
- (50) env_start %lu (since Linux 3.5)
[PT]
- Address above which program environment is placed.
- (51) env_end %lu (since Linux 3.5)
[PT]
- Address below which program environment is placed.
- (52) exit_code %d (since Linux 3.5)
[PT]
- The thread's exit status in the form reported by waitpid(2).
- /proc/[pid]/statm
- Provides information about memory usage, measured in pages. The columns
are:
-
size (1) total program size
(same as VmSize in /proc/[pid]/status)
resident (2) resident set size
(same as VmRSS in /proc/[pid]/status)
shared (3) number of resident shared pages (i.e., backed by a file)
(same as RssFile+RssShmem in /proc/[pid]/status)
text (4) text (code)
lib (5) library (unused since Linux 2.6; always 0)
data (6) data + stack
dt (7) dirty pages (unused since Linux 2.6; always 0)
- /proc/[pid]/status
- Provides much of the information in /proc/[pid]/stat and
/proc/[pid]/statm in a format that's easier for humans to parse.
Here's an example:
-
$ cat /proc/$$/status
Name: bash
Umask: 0022
State: S (sleeping)
Tgid: 17248
Ngid: 0
Pid: 17248
PPid: 17200
TracerPid: 0
Uid: 1000 1000 1000 1000
Gid: 100 100 100 100
FDSize: 256
Groups: 16 33 100
NStgid: 17248
NSpid: 17248
NSpgid: 17248
NSsid: 17200
VmPeak: 131168 kB
VmSize: 131168 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 13484 kB
VmRSS: 13484 kB
RssAnon: 10264 kB
RssFile: 3220 kB
RssShmem: 0 kB
VmData: 10332 kB
VmStk: 136 kB
VmExe: 992 kB
VmLib: 2104 kB
VmPTE: 76 kB
VmPMD: 12 kB
VmSwap: 0 kB
HugetlbPages: 0 kB # 4.4
CoreDumping: 0 # 4.15
Threads: 1
SigQ: 0/3067
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000010000
SigIgn: 0000000000384004
SigCgt: 000000004b813efb
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: vulnerable
Cpus_allowed: 00000001
Cpus_allowed_list: 0
Mems_allowed: 1
Mems_allowed_list: 0
voluntary_ctxt_switches: 150
nonvoluntary_ctxt_switches: 545
- The fields are as follows:
- *
- Name: Command run by this process.
- *
- Umask: Process umask, expressed in octal with a leading zero; see
umask(2). (Since Linux 4.7.)
- *
- State: Current state of the process. One of "R
(running)", "S (sleeping)", "D (disk sleep)",
"T (stopped)", "T (tracing stop)", "Z
(zombie)", or "X (dead)".
- *
- Tgid: Thread group ID (i.e., Process ID).
- *
- Ngid: NUMA group ID (0 if none; since Linux 3.13).
- *
- Pid: Thread ID (see gettid(2)).
- *
- PPid: PID of parent process.
- *
- TracerPid: PID of process tracing this process (0 if not being
traced).
- *
- Uid, Gid: Real, effective, saved set, and filesystem UIDs
(GIDs).
- *
- FDSize: Number of file descriptor slots currently allocated.
- *
- Groups: Supplementary group list.
- *
- NStgid: Thread group ID (i.e., PID) in each of the PID namespaces
of which [pid] is a member. The leftmost entry shows the value with
respect to the PID namespace of the process that mounted this procfs (or
the root namespace if mounted by the kernel), followed by the value in
successively nested inner namespaces. (Since Linux 4.1.)
- *
- NSpid: Thread ID in each of the PID namespaces of which
[pid] is a member. The fields are ordered as for NStgid.
(Since Linux 4.1.)
- *
- NSpgid: Process group ID in each of the PID namespaces of which
[pid] is a member. The fields are ordered as for NStgid.
(Since Linux 4.1.)
- *
- NSsid: descendant namespace session ID hierarchy Session ID in each
of the PID namespaces of which [pid] is a member. The fields are
ordered as for NStgid. (Since Linux 4.1.)
- *
- VmPeak: Peak virtual memory size.
- *
- VmSize: Virtual memory size.
- *
- VmLck: Locked memory size (see mlock(2)).
- *
- VmPin: Pinned memory size (since Linux 3.2). These are pages that
can't be moved because something needs to directly access physical
memory.
- *
- VmHWM: Peak resident set size ("high water mark").
- *
- VmRSS: Resident set size. Note that the value here is the sum of
RssAnon, RssFile, and RssShmem.
- *
- RssAnon: Size of resident anonymous memory. (since Linux 4.5).
- *
- RssFile: Size of resident file mappings. (since Linux 4.5).
- *
- RssShmem: Size of resident shared memory (includes System V shared
memory, mappings from tmpfs(5), and shared anonymous mappings).
(since Linux 4.5).
- *
- VmData, VmStk, VmExe: Size of data, stack, and text
segments.
- *
- VmLib: Shared library code size.
- *
- VmPTE: Page table entries size (since Linux 2.6.10).
- *
- VmPMD: Size of second-level page tables (added in Linux 4.0;
removed in Linux 4.15).
- *
- VmSwap: Swapped-out virtual memory size by anonymous private pages;
shmem swap usage is not included (since Linux 2.6.34).
- *
- HugetlbPages: Size of hugetlb memory portions (since Linux
4.4).
- *
- CoreDumping: Contains the value 1 if the process is currently
dumping core, and 0 if it is not (since Linux 4.15). This information can
be used by a monitoring process to avoid killing a process that is
currently dumping core, which could result in a corrupted core dump
file.
- *
- Threads: Number of threads in process containing this thread.
- *
- SigQ: This field contains two slash-separated numbers that relate
to queued signals for the real user ID of this process. The first of these
is the number of currently queued signals for this real user ID, and the
second is the resource limit on the number of queued signals for this
process (see the description of RLIMIT_SIGPENDING in
getrlimit(2)).
- *
- SigPnd, ShdPnd: Mask (expressed in hexadecimal) of signals
pending for thread and for process as a whole (see pthreads(7) and
signal(7)).
- *
- SigBlk, SigIgn, SigCgt: Masks (expressed in
hexadecimal) indicating signals being blocked, ignored, and caught (see
signal(7)).
- *
- CapInh, CapPrm, CapEff: Masks (expressed in
hexadecimal) of capabilities enabled in inheritable, permitted, and
effective sets (see capabilities(7)).
- *
- CapBnd: Capability bounding set, expressed in hexadecimal (since
Linux 2.6.26, see capabilities(7)).
- *
- CapAmb: Ambient capability set, expressed in hexadecimal (since
Linux 4.3, see capabilities(7)).
- *
- NoNewPrivs: Value of the no_new_privs bit (since Linux 4.10,
see prctl(2)).
- *
- Seccomp: Seccomp mode of the process (since Linux 3.8, see
seccomp(2)). 0 means SECCOMP_MODE_DISABLED; 1 means
SECCOMP_MODE_STRICT; 2 means SECCOMP_MODE_FILTER. This field
is provided only if the kernel was built with the CONFIG_SECCOMP
kernel configuration option enabled.
- *
- Speculation_Store_Bypass: Speculation flaw mitigation state (since
Linux 4.17, see prctl(2)).
- *
- Cpus_allowed: Hexadecimal mask of CPUs on which this process may
run (since Linux 2.6.24, see cpuset(7)).
- *
- Cpus_allowed_list: Same as previous, but in "list format"
(since Linux 2.6.26, see cpuset(7)).
- *
- Mems_allowed: Mask of memory nodes allowed to this process (since
Linux 2.6.24, see cpuset(7)).
- *
- Mems_allowed_list: Same as previous, but in "list format"
(since Linux 2.6.26, see cpuset(7)).
- *
- voluntary_ctxt_switches, nonvoluntary_ctxt_switches: Number
of voluntary and involuntary context switches (since Linux 2.6.23).
- /proc/[pid]/syscall (since Linux 2.6.27)
- This file exposes the system call number and argument registers for the
system call currently being executed by the process, followed by the
values of the stack pointer and program counter registers. The values of
all six argument registers are exposed, although most system calls use
fewer registers.
- If the process is blocked, but not in a system call, then the file
displays -1 in place of the system call number, followed by just the
values of the stack pointer and program counter. If process is not
blocked, then the file contains just the string "running".
- This file is present only if the kernel was configured with
CONFIG_HAVE_ARCH_TRACEHOOK.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).
- /proc/[pid]/task (since Linux 2.6.0)
- This is a directory that contains one subdirectory for each thread in the
process. The name of each subdirectory is the numerical thread ID
([tid]) of the thread (see gettid(2)).
- Within each of these subdirectories, there is a set of files with the same
names and contents as under the /proc/[pid] directories. For
attributes that are shared by all threads, the contents for each of the
files under the task/[tid] subdirectories will be the same as in
the corresponding file in the parent /proc/[pid] directory (e.g.,
in a multithreaded process, all of the task/[tid]/cwd files will
have the same value as the /proc/[pid]/cwd file in the parent
directory, since all of the threads in a process share a working
directory). For attributes that are distinct for each thread, the
corresponding files under task/[tid] may have different values
(e.g., various fields in each of the task/[tid]/status files may be
different for each thread), or they might not exist in /proc/[pid]
at all.
- In a multithreaded process, the contents of the /proc/[pid]/task
directory are not available if the main thread has already terminated
(typically by calling pthread_exit(3)).
- /proc/[pid]/task/[tid]/children (since Linux 3.5)
- A space-separated list of child tasks of this task. Each child task is
represented by its TID.
- This option is intended for use by the checkpoint-restore (CRIU) system,
and reliably provides a list of children only if all of the child
processes are stopped or frozen. It does not work properly if children of
the target task exit while the file is being read! Exiting children may
cause non-exiting children to be omitted from the list. This makes this
interface even more unreliable than classic PID-based approaches if the
inspected task and its children aren't frozen, and most code should
probably not use this interface.
- Until Linux 4.2, the presence of this file was governed by the
CONFIG_CHECKPOINT_RESTORE kernel configuration option. Since Linux
4.2, it is governed by the CONFIG_PROC_CHILDREN option.
- /proc/[pid]/timers (since Linux 3.10)
- A list of the POSIX timers for this process. Each timer is listed with a
line that starts with the string "ID:". For example:
-
ID: 1
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 0
ID: 0
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 1
- The lines shown for each timer have the following meanings:
- ID
- The ID for this timer. This is not the same as the timer ID returned by
timer_create(2); rather, it is the same kernel-internal ID that is
available via the si_timerid field of the siginfo_t
structure (see sigaction(2)).
- signal
- This is the signal number that this timer uses to deliver notifications
followed by a slash, and then the sigev_value value supplied to the
signal handler. Valid only for timers that notify via a signal.
- notify
- The part before the slash specifies the mechanism that this timer uses to
deliver notifications, and is one of "thread",
"signal", or "none". Immediately following the slash
is either the string "tid" for timers with
SIGEV_THREAD_ID notification, or "pid" for timers that
notify by other mechanisms. Following the "." is the PID of the
process (or the kernel thread ID of the thread) that will be delivered a
signal if the timer delivers notifications via a signal.
- ClockID
- This field identifies the clock that the timer uses for measuring time.
For most clocks, this is a number that matches one of the user-space
CLOCK_* constants exposed via <time.h>.
CLOCK_PROCESS_CPUTIME_ID timers display with a value of -6 in this
field. CLOCK_THREAD_CPUTIME_ID timers display with a value of -2 in
this field.
- This file is available only when the kernel was configured with
CONFIG_CHECKPOINT_RESTORE.
- /proc/[pid]/timerslack_ns (since Linux 4.6)
- This file exposes the process's "current" timer slack value,
expressed in nanoseconds. The file is writable, allowing the process's
timer slack value to be changed. Writing 0 to this file resets the
"current" timer slack to the "default" timer slack
value. For further details, see the discussion of PR_SET_TIMERSLACK
in prctl(2).
- Initially, permission to access this file was governed by a ptrace access
mode PTRACE_MODE_ATTACH_FSCREDS check (see ptrace(2)).
However, this was subsequently deemed too strict a requirement (and had
the side effect that requiring a process to have the CAP_SYS_PTRACE
capability would also allow it to view and change any process's memory).
Therefore, since Linux 4.9, only the (weaker) CAP_SYS_NICE
capability is required to access this file.
- /proc/[pid]/uid_map, /proc/[pid]/gid_map (since Linux
3.5)
- See user_namespaces(7).
- /proc/[pid]/wchan (since Linux 2.6.0)
- The symbolic name corresponding to the location in the kernel where the
process is sleeping.
- Permission to access this file is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
- /proc/[tid]
- There is a numerical subdirectory for each running thread that is not a
thread group leader (i.e., a thread whose thread ID is not the same as its
process ID); the subdirectory is named by the thread ID. Each one of these
subdirectories contains files and subdirectories exposing information
about the thread with the thread ID tid. The contents of these
directories are the same as the corresponding
/proc/[pid]/task/[tid] directories.
- The /proc/[tid] subdirectories are not visible when
iterating through /proc with getdents(2) (and thus are
not visible when one uses ls(1) to view the contents of
/proc). However, the pathnames of these directories are visible to
(i.e., usable as arguments in) system calls that operate on
pathnames.
- /proc/apm
- Advanced power management version and battery information when
CONFIG_APM is defined at kernel compilation time.
- /proc/buddyinfo
- This file contains information which is used for diagnosing memory
fragmentation issues. Each line starts with the identification of the node
and the name of the zone which together identify a memory region This is
then followed by the count of available chunks of a certain order in which
these zones are split. The size in bytes of a certain order is given by
the formula:
-
(2^order) * PAGE_SIZE
- The binary buddy allocator algorithm inside the kernel will split one
chunk into two chunks of a smaller order (thus with half the size) or
combine two contiguous chunks into one larger chunk of a higher order
(thus with double the size) to satisfy allocation requests and to counter
memory fragmentation. The order matches the column number, when starting
to count at zero.
- For example on an x86-64 system:
-
Node 0, zone DMA 1 1 1 0 2 1 1 0 1 1 3
Node 0, zone DMA32 65 47 4 81 52 28 13 10 5 1 404
Node 0, zone Normal 216 55 189 101 84 38 37 27 5 3 587
- In this example, there is one node containing three zones and there are 11
different chunk sizes. If the page size is 4 kilobytes, then the first
zone called DMA (on x86 the first 16 megabyte of memory) has 1
chunk of 4 kilobytes (order 0) available and has 3 chunks of 4 megabytes
(order 10) available.
- If the memory is heavily fragmented, the counters for higher order chunks
will be zero and allocation of large contiguous areas will fail.
- Further information about the zones can be found in
/proc/zoneinfo.
- /proc/bus
- Contains subdirectories for installed busses.
- /proc/bus/pccard
- Subdirectory for PCMCIA devices when CONFIG_PCMCIA is set at kernel
compilation time.
- /proc/bus/pccard/drivers
- /proc/bus/pci
- Contains various bus subdirectories and pseudo-files containing
information about PCI busses, installed devices, and device drivers. Some
of these files are not ASCII.
- /proc/bus/pci/devices
- Information about PCI devices. They may be accessed through
lspci(8) and setpci(8).
- /proc/cgroups (since Linux 2.6.24)
- See cgroups(7).
- /proc/cmdline
- Arguments passed to the Linux kernel at boot time. Often done via a boot
manager such as lilo(8) or grub(8).
- /proc/config.gz (since Linux 2.6)
- This file exposes the configuration options that were used to build the
currently running kernel, in the same format as they would be shown in the
.config file that resulted when configuring the kernel (using
make xconfig, make config, or similar). The file contents
are compressed; view or search them using zcat(1) and
zgrep(1). As long as no changes have been made to the following
file, the contents of /proc/config.gz are the same as those
provided by:
-
cat /lib/modules/$(uname -r)/build/.config
- /proc/config.gz is provided only if the kernel is configured with
CONFIG_IKCONFIG_PROC.
- /proc/crypto
- A list of the ciphers provided by the kernel crypto API. For details, see
the kernel Linux Kernel Crypto API documentation available under
the kernel source directory Documentation/crypto/ (or
Documentation/DocBook before 4.10; the documentation can be built
using a command such as make htmldocs in the root directory of the
kernel source tree).
- /proc/cpuinfo
- This is a collection of CPU and system architecture dependent items, for
each supported architecture a different list. Two common entries are
processor which gives CPU number and bogomips; a system
constant that is calculated during kernel initialization. SMP machines
have information for each CPU. The lscpu(1) command gathers its
information from this file.
- /proc/devices
- Text listing of major numbers and device groups. This can be used by
MAKEDEV scripts for consistency with the kernel.
- /proc/diskstats (since Linux 2.5.69)
- This file contains disk I/O statistics for each disk device. See the Linux
kernel source file Documentation/iostats.txt for further
information.
- /proc/dma
- This is a list of the registered ISA DMA (direct memory access)
channels in use.
- /proc/driver
- Empty subdirectory.
- /proc/execdomains
- List of the execution domains (ABI personalities).
- /proc/fb
- Frame buffer information when CONFIG_FB is defined during kernel
compilation.
- /proc/filesystems
- A text listing of the filesystems which are supported by the kernel,
namely filesystems which were compiled into the kernel or whose kernel
modules are currently loaded. (See also filesystems(5).) If a
filesystem is marked with "nodev", this means that it does not
require a block device to be mounted (e.g., virtual filesystem, network
filesystem).
- Incidentally, this file may be used by mount(8) when no filesystem
is specified and it didn't manage to determine the filesystem type. Then
filesystems contained in this file are tried (excepted those that are
marked with "nodev").
- /proc/fs
- Contains subdirectories that in turn contain files with information about
(certain) mounted filesystems.
- /proc/ide
- This directory exists on systems with the IDE bus. There are directories
for each IDE channel and attached device. Files include:
-
cache buffer size in KB
capacity number of sectors
driver driver version
geometry physical and logical geometry
identify in hexadecimal
media media type
model manufacturer's model number
settings drive settings
smart_thresholds in hexadecimal
smart_values in hexadecimal
- The hdparm(8) utility provides access to this information in a
friendly format.
- /proc/interrupts
- This is used to record the number of interrupts per CPU per IO device.
Since Linux 2.6.24, for the i386 and x86-64 architectures, at least, this
also includes interrupts internal to the system (that is, not associated
with a device as such), such as NMI (nonmaskable interrupt), LOC (local
timer interrupt), and for SMP systems, TLB (TLB flush interrupt), RES
(rescheduling interrupt), CAL (remote function call interrupt), and
possibly others. Very easy to read formatting, done in ASCII.
- /proc/iomem
- I/O memory map in Linux 2.4.
- /proc/ioports
- This is a list of currently registered Input-Output port regions that are
in use.
- /proc/kallsyms (since Linux 2.5.71)
- This holds the kernel exported symbol definitions used by the
modules(X) tools to dynamically link and bind loadable modules. In
Linux 2.5.47 and earlier, a similar file with slightly different syntax
was named ksyms.
- /proc/kcore
- This file represents the physical memory of the system and is stored in
the ELF core file format. With this pseudo-file, and an unstripped kernel
(/usr/src/linux/vmlinux) binary, GDB can be used to examine the
current state of any kernel data structures.
- The total length of the file is the size of physical memory (RAM) plus
4 KiB.
- /proc/keys (since Linux 2.6.10)
- See keyrings(7).
- /proc/key-users (since Linux 2.6.10)
- See keyrings(7).
- /proc/kmsg
- This file can be used instead of the syslog(2) system call to read
kernel messages. A process must have superuser privileges to read this
file, and only one process should read this file. This file should not be
read if a syslog process is running which uses the syslog(2) system
call facility to log kernel messages.
- Information in this file is retrieved with the dmesg(1)
program.
- /proc/kpagecgroup (since Linux 4.3)
- This file contains a 64-bit inode number of the memory cgroup each page is
charged to, indexed by page frame number (see the discussion of
/proc/[pid]/pagemap).
- The /proc/kpagecgroup file is present only if the
CONFIG_MEMCG kernel configuration option is enabled.
- /proc/kpagecount (since Linux 2.6.25)
- This file contains a 64-bit count of the number of times each physical
page frame is mapped, indexed by page frame number (see the discussion of
/proc/[pid]/pagemap).
- The /proc/kpagecount file is present only if the
CONFIG_PROC_PAGE_MONITOR kernel configuration option is
enabled.
- /proc/kpageflags (since Linux 2.6.25)
- This file contains 64-bit masks corresponding to each physical page frame;
it is indexed by page frame number (see the discussion of
/proc/[pid]/pagemap). The bits are as follows:
-
0 - KPF_LOCKED
1 - KPF_ERROR
2 - KPF_REFERENCED
3 - KPF_UPTODATE
4 - KPF_DIRTY
5 - KPF_LRU
6 - KPF_ACTIVE
7 - KPF_SLAB
8 - KPF_WRITEBACK
9 - KPF_RECLAIM
10 - KPF_BUDDY
11 - KPF_MMAP (since Linux 2.6.31)
12 - KPF_ANON (since Linux 2.6.31)
13 - KPF_SWAPCACHE (since Linux 2.6.31)
14 - KPF_SWAPBACKED (since Linux 2.6.31)
15 - KPF_COMPOUND_HEAD (since Linux 2.6.31)
16 - KPF_COMPOUND_TAIL (since Linux 2.6.31)
17 - KPF_HUGE (since Linux 2.6.31)
18 - KPF_UNEVICTABLE (since Linux 2.6.31)
19 - KPF_HWPOISON (since Linux 2.6.31)
20 - KPF_NOPAGE (since Linux 2.6.31)
21 - KPF_KSM (since Linux 2.6.32)
22 - KPF_THP (since Linux 3.4)
23 - KPF_BALLOON (since Linux 3.18)
24 - KPF_ZERO_PAGE (since Linux 4.0)
25 - KPF_IDLE (since Linux 4.3)
- For further details on the meanings of these bits, see the kernel source
file Documentation/admin-guide/mm/pagemap.rst. Before kernel
2.6.29, KPF_WRITEBACK, KPF_RECLAIM, KPF_BUDDY, and
KPF_LOCKED did not report correctly.
- The /proc/kpageflags file is present only if the
CONFIG_PROC_PAGE_MONITOR kernel configuration option is
enabled.
- /proc/ksyms (Linux 1.1.23–2.5.47)
- See /proc/kallsyms.
- /proc/loadavg
- The first three fields in this file are load average figures giving the
number of jobs in the run queue (state R) or waiting for disk I/O (state
D) averaged over 1, 5, and 15 minutes. They are the same as the load
average numbers given by uptime(1) and other programs. The fourth
field consists of two numbers separated by a slash (/). The first of these
is the number of currently runnable kernel scheduling entities (processes,
threads). The value after the slash is the number of kernel scheduling
entities that currently exist on the system. The fifth field is the PID of
the process that was most recently created on the system.
- /proc/locks
- This file shows current file locks (flock(2) and fcntl(2))
and leases (fcntl(2)).
- An example of the content shown in this file is the following:
-
1: POSIX ADVISORY READ 5433 08:01:7864448 128 128
2: FLOCK ADVISORY WRITE 2001 08:01:7864554 0 EOF
3: FLOCK ADVISORY WRITE 1568 00:2f:32388 0 EOF
4: POSIX ADVISORY WRITE 699 00:16:28457 0 EOF
5: POSIX ADVISORY WRITE 764 00:16:21448 0 0
6: POSIX ADVISORY READ 3548 08:01:7867240 1 1
7: POSIX ADVISORY READ 3548 08:01:7865567 1826 2335
8: OFDLCK ADVISORY WRITE -1 08:01:8713209 128 191
- The fields shown in each line are as follows:
- (1)
- The ordinal position of the lock in the list.
- (2)
- The lock type. Values that may appear here include:
- FLOCK
- This is a BSD file lock created using flock(2).
- OFDLCK
- This is an open file description (OFD) lock created using
fcntl(2).
- POSIX
- This is a POSIX byte-range lock created using fcntl(2).
- (3)
- Among the strings that can appear here are the following:
- ADVISORY
- This is an advisory lock.
- MANDATORY
- This is a mandatory lock.
- (4)
- The type of lock. Values that can appear here are:
- READ
- This is a POSIX or OFD read lock, or a BSD shared lock.
- WRITE
- This is a POSIX or OFD write lock, or a BSD exclusive lock.
- (5)
- The PID of the process that owns the lock.
- Because OFD locks are not owned by a single process (since multiple
processes may have file descriptors that refer to the same open file
description), the value -1 is displayed in this field for OFD locks.
(Before kernel 4.14, a bug meant that the PID of the process that
initially acquired the lock was displayed instead of the value -1.)
- (6)
- Three colon-separated subfields that identify the major and minor device
ID of the device containing the filesystem where the locked file resides,
followed by the inode number of the locked file.
- (7)
- The byte offset of the first byte of the lock. For BSD locks, this value
is always 0.
- (8)
- The byte offset of the last byte of the lock. EOF in this field
means that the lock extends to the end of the file. For BSD locks, the
value shown is always EOF.
- Since Linux 4.9, the list of locks shown in /proc/locks is filtered
to show just the locks for the processes in the PID namespace (see
pid_namespaces(7)) for which the /proc filesystem was
mounted. (In the initial PID namespace, there is no filtering of the
records shown in this file.)
- The lslocks(8) command provides a bit more information about each
lock.
- /proc/malloc (only up to and including Linux 2.2)
- This file is present only if CONFIG_DEBUG_MALLOC was defined during
compilation.
- /proc/meminfo
- This file reports statistics about memory usage on the system. It is used
by free(1) to report the amount of free and used memory (both
physical and swap) on the system as well as the shared memory and buffers
used by the kernel. Each line of the file consists of a parameter name,
followed by a colon, the value of the parameter, and an option unit of
measurement (e.g., "kB"). The list below describes the parameter
names and the format specifier required to read the field value. Except as
noted below, all of the fields have been present since at least Linux
2.6.0. Some fields are displayed only if the kernel was configured with
various options; those dependencies are noted in the list.
- MemTotal %lu
- Total usable RAM (i.e., physical RAM minus a few reserved bits and the
kernel binary code).
- MemFree %lu
- The sum of LowFree+HighFree.
- MemAvailable %lu (since Linux 3.14)
- An estimate of how much memory is available for starting new applications,
without swapping.
- Buffers %lu
- Relatively temporary storage for raw disk blocks that shouldn't get
tremendously large (20MB or so).
- Cached %lu
- In-memory cache for files read from the disk (the page cache). Doesn't
include SwapCached.
- SwapCached %lu
- Memory that once was swapped out, is swapped back in but still also is in
the swap file. (If memory pressure is high, these pages don't need to be
swapped out again because they are already in the swap file. This saves
I/O.)
- Active %lu
- Memory that has been used more recently and usually not reclaimed unless
absolutely necessary.
- Inactive %lu
- Memory which has been less recently used. It is more eligible to be
reclaimed for other purposes.
- Active(anon) %lu (since Linux 2.6.28)
- [To be documented.]
- Inactive(anon) %lu (since Linux 2.6.28)
- [To be documented.]
- Active(file) %lu (since Linux 2.6.28)
- [To be documented.]
- Inactive(file) %lu (since Linux 2.6.28)
- [To be documented.]
- Unevictable %lu (since Linux 2.6.28)
- (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was required.)
[To be documented.]
- Mlocked %lu (since Linux 2.6.28)
- (From Linux 2.6.28 to 2.6.30, CONFIG_UNEVICTABLE_LRU was required.)
[To be documented.]
- HighTotal %lu
- (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.) Total
amount of highmem. Highmem is all memory above ~860MB of physical memory.
Highmem areas are for use by user-space programs, or for the page cache.
The kernel must use tricks to access this memory, making it slower to
access than lowmem.
- HighFree %lu
- (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.) Amount of
free highmem.
- LowTotal %lu
- (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.) Total
amount of lowmem. Lowmem is memory which can be used for everything that
highmem can be used for, but it is also available for the kernel's use for
its own data structures. Among many other things, it is where everything
from Slab is allocated. Bad things happen when you're out of
lowmem.
- LowFree %lu
- (Starting with Linux 2.6.19, CONFIG_HIGHMEM is required.) Amount of
free lowmem.
- MmapCopy %lu (since Linux 2.6.29)
- (CONFIG_MMU is required.) [To be documented.]
- SwapTotal %lu
- Total amount of swap space available.
- SwapFree %lu
- Amount of swap space that is currently unused.
- Dirty %lu
- Memory which is waiting to get written back to the disk.
- Writeback %lu
- Memory which is actively being written back to the disk.
- AnonPages %lu (since Linux 2.6.18)
- Non-file backed pages mapped into user-space page tables.
- Mapped %lu
- Files which have been mapped into memory (with mmap(2)), such as
libraries.
- Shmem %lu (since Linux 2.6.32)
- Amount of memory consumed in tmpfs(5) filesystems.
- KReclaimable %lu (since Linux 4.20)
- Kernel allocations that the kernel will attempt to reclaim under memory
pressure. Includes SReclaimable (below), and other direct
allocations with a shrinker.
- Slab %lu
- In-kernel data structures cache. (See slabinfo(5).)
- SReclaimable %lu (since Linux 2.6.19)
- Part of Slab, that might be reclaimed, such as caches.
- SUnreclaim %lu (since Linux 2.6.19)
- Part of Slab, that cannot be reclaimed on memory pressure.
- KernelStack %lu (since Linux 2.6.32)
- Amount of memory allocated to kernel stacks.
- PageTables %lu (since Linux 2.6.18)
- Amount of memory dedicated to the lowest level of page tables.
- Quicklists %lu (since Linux 2.6.27)
- (CONFIG_QUICKLIST is required.) [To be documented.]
- NFS_Unstable %lu (since Linux 2.6.18)
- NFS pages sent to the server, but not yet committed to stable
storage.
- Bounce %lu (since Linux 2.6.18)
- Memory used for block device "bounce buffers".
- WritebackTmp %lu (since Linux 2.6.26)
- Memory used by FUSE for temporary writeback buffers.
- CommitLimit %lu (since Linux 2.6.10)
- This is the total amount of memory currently available to be allocated on
the system, expressed in kilobytes. This limit is adhered to only if
strict overcommit accounting is enabled (mode 2 in
/proc/sys/vm/overcommit_memory). The limit is calculated according
to the formula described under /proc/sys/vm/overcommit_memory. For
further details, see the kernel source file
Documentation/vm/overcommit-accounting.rst.
- Committed_AS %lu
- The amount of memory presently allocated on the system. The committed
memory is a sum of all of the memory which has been allocated by
processes, even if it has not been "used" by them as of yet. A
process which allocates 1GB of memory (using malloc(3) or similar),
but touches only 300MB of that memory will show up as using only 300MB of
memory even if it has the address space allocated for the entire 1GB.
- This 1GB is memory which has been "committed" to by the VM and
can be used at any time by the allocating application. With strict
overcommit enabled on the system (mode 2 in
/proc/sys/vm/overcommit_memory), allocations which would exceed the
CommitLimit will not be permitted. This is useful if one needs to
guarantee that processes will not fail due to lack of memory once that
memory has been successfully allocated.
- VmallocTotal %lu
- Total size of vmalloc memory area.
- VmallocUsed %lu
- Amount of vmalloc area which is used. Since Linux 4.4, this field is no
longer calculated, and is hard coded as 0. See
/proc/vmallocinfo.
- VmallocChunk %lu
- Largest contiguous block of vmalloc area which is free. Since Linux 4.4,
this field is no longer calculated and is hard coded as 0. See
/proc/vmallocinfo.
- HardwareCorrupted %lu (since Linux 2.6.32)
- (CONFIG_MEMORY_FAILURE is required.) [To be documented.]
- LazyFree %lu (since Linux 4.12)
- Shows the amount of memory marked by madvise(2)
MADV_FREE.
- AnonHugePages %lu (since Linux 2.6.38)
- (CONFIG_TRANSPARENT_HUGEPAGE is required.) Non-file backed huge
pages mapped into user-space page tables.
- ShmemHugePages %lu (since Linux 4.8)
- (CONFIG_TRANSPARENT_HUGEPAGE is required.) Memory used by shared
memory (shmem) and tmpfs(5) allocated with huge pages
- ShmemPmdMapped %lu (since Linux 4.8)
- (CONFIG_TRANSPARENT_HUGEPAGE is required.) Shared memory mapped
into user space with huge pages.
- CmaTotal %lu (since Linux 3.1)
- Total CMA (Contiguous Memory Allocator) pages. ( CONFIG_CMA is
required.)
- CmaFree %lu (since Linux 3.1)
- Free CMA (Contiguous Memory Allocator) pages. ( CONFIG_CMA is
required.)
- HugePages_Total %lu
- (CONFIG_HUGETLB_PAGE is required.) The size of the pool of huge
pages.
- HugePages_Free %lu
- (CONFIG_HUGETLB_PAGE is required.) The number of huge pages in the
pool that are not yet allocated.
- HugePages_Rsvd %lu (since Linux 2.6.17)
- (CONFIG_HUGETLB_PAGE is required.) This is the number of huge pages
for which a commitment to allocate from the pool has been made, but no
allocation has yet been made. These reserved huge pages guarantee that an
application will be able to allocate a huge page from the pool of huge
pages at fault time.
- HugePages_Surp %lu (since Linux 2.6.24)
- (CONFIG_HUGETLB_PAGE is required.) This is the number of huge pages
in the pool above the value in /proc/sys/vm/nr_hugepages. The
maximum number of surplus huge pages is controlled by
/proc/sys/vm/nr_overcommit_hugepages.
- Hugepagesize %lu
- (CONFIG_HUGETLB_PAGE is required.) The size of huge pages.
- DirectMap4k %lu (since Linux 2.6.27)
- Number of bytes of RAM linearly mapped by kernel in 4kB pages. (x86.)
- DirectMap4M %lu (since Linux 2.6.27)
- Number of bytes of RAM linearly mapped by kernel in 4MB pages. (x86 with
CONFIG_X86_64 or CONFIG_X86_PAE enabled.)
- DirectMap2M %lu (since Linux 2.6.27)
- Number of bytes of RAM linearly mapped by kernel in 2MB pages. (x86 with
neither CONFIG_X86_64 nor CONFIG_X86_PAE enabled.)
- DirectMap1G %lu (since Linux 2.6.27)
- (x86 with CONFIG_X86_64 and CONFIG_X86_DIRECT_GBPAGES
enabled.)
- /proc/modules
- A text list of the modules that have been loaded by the system. See also
lsmod(8).
- /proc/mounts
- Before kernel 2.4.19, this file was a list of all the filesystems
currently mounted on the system. With the introduction of per-process
mount namespaces in Linux 2.4.19 (see mount_namespaces(7)), this
file became a link to /proc/self/mounts, which lists the mount
points of the process's own mount namespace. The format of this file is
documented in fstab(5).
- /proc/mtrr
- Memory Type Range Registers. See the Linux kernel source file
Documentation/x86/mtrr.txt (or Documentation/mtrr.txt before
Linux 2.6.28) for details.
- /proc/net
- This directory contains various files and subdirectories containing
information about the networking layer. The files contain ASCII structures
and are, therefore, readable with cat(1). However, the standard
netstat(8) suite provides much cleaner access to these files.
- With the advent of network namespaces, various information relating to the
network stack is virtualized (see network_namespaces(7)). Thus,
since Linux 2.6.25, /proc/net is a symbolic link to the directory
/proc/self/net, which contains the same files and directories as
listed below. However, these files and directories now expose information
for the network namespace of which the process is a member.
- /proc/net/arp
- This holds an ASCII readable dump of the kernel ARP table used for address
resolutions. It will show both dynamically learned and preprogrammed ARP
entries. The format is:
-
IP address HW type Flags HW address Mask Device
192.168.0.50 0x1 0x2 00:50:BF:25:68:F3 * eth0
192.168.0.250 0x1 0xc 00:00:00:00:00:00 * eth0
- Here "IP address" is the IPv4 address of the machine and the
"HW type" is the hardware type of the address from
RFC 826. The flags are the internal flags of the ARP structure (as
defined in /usr/include/linux/if_arp.h) and the "HW
address" is the data link layer mapping for that IP address if it is
known.
- /proc/net/dev
- The dev pseudo-file contains network device status information. This gives
the number of received and sent packets, the number of errors and
collisions and other basic statistics. These are used by the
ifconfig(8) program to report device status. The format is:
-
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 2776770 11307 0 0 0 0 0 0 2776770 11307 0 0 0 0 0 0
eth0: 1215645 2751 0 0 0 0 0 0 1782404 4324 0 0 0 427 0 0
ppp0: 1622270 5552 1 0 0 0 0 0 354130 5669 0 0 0 0 0 0
tap0: 7714 81 0 0 0 0 0 0 7714 81 0 0 0 0 0 0
- /proc/net/dev_mcast
- Defined in /usr/src/linux/net/core/dev_mcast.c:
-
indx interface_name dmi_u dmi_g dmi_address
2 eth0 1 0 01005e000001
3 eth1 1 0 01005e000001
4 eth2 1 0 01005e000001
- /proc/net/igmp
- Internet Group Management Protocol. Defined in
/usr/src/linux/net/core/igmp.c.
- /proc/net/rarp
- This file uses the same format as the arp file and contains the
current reverse mapping database used to provide rarp(8) reverse
address lookup services. If RARP is not configured into the kernel, this
file will not be present.
- /proc/net/raw
- Holds a dump of the RAW socket table. Much of the information is not of
use apart from debugging. The "sl" value is the kernel hash slot
for the socket, the "local_address" is the local address and
protocol number pair. "St" is the internal status of the socket.
The "tx_queue" and "rx_queue" are the outgoing and
incoming data queue in terms of kernel memory usage. The "tr",
"tm->when", and "rexmits" fields are not used by
RAW. The "uid" field holds the effective UID of the creator of
the socket.
- /proc/net/snmp
- This file holds the ASCII data needed for the IP, ICMP, TCP, and UDP
management information bases for an SNMP agent.
- /proc/net/tcp
- Holds a dump of the TCP socket table. Much of the information is not of
use apart from debugging. The "sl" value is the kernel hash slot
for the socket, the "local_address" is the local address and
port number pair. The "rem_address" is the remote address and
port number pair (if connected). "St" is the internal status of
the socket. The "tx_queue" and "rx_queue" are the
outgoing and incoming data queue in terms of kernel memory usage. The
"tr", "tm->when", and "rexmits" fields
hold internal information of the kernel socket state and are useful only
for debugging. The "uid" field holds the effective UID of the
creator of the socket.
- /proc/net/udp
- Holds a dump of the UDP socket table. Much of the information is not of
use apart from debugging. The "sl" value is the kernel hash slot
for the socket, the "local_address" is the local address and
port number pair. The "rem_address" is the remote address and
port number pair (if connected). "St" is the internal status of
the socket. The "tx_queue" and "rx_queue" are the
outgoing and incoming data queue in terms of kernel memory usage. The
"tr", "tm->when", and "rexmits" fields
are not used by UDP. The "uid" field holds the effective UID of
the creator of the socket. The format is:
-
sl local_address rem_address st tx_queue rx_queue tr rexmits tm->when uid
1: 01642C89:0201 0C642C89:03FF 01 00000000:00000001 01:000071BA 00000000 0
1: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 6F000100 0
1: 00000000:0201 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0
- /proc/net/unix
- Lists the UNIX domain sockets present within the system and their status.
The format is:
-
Num RefCount Protocol Flags Type St Inode Path
0: 00000002 00000000 00000000 0001 03 42
1: 00000001 00000000 00010000 0001 01 1948 /dev/printer
- The fields are as follows:
- Num:
- the kernel table slot number.
- RefCount:
- the number of users of the socket.
- Protocol:
- currently always 0.
- Flags:
- the internal kernel flags holding the status of the socket.
- Type:
- the socket type. For SOCK_STREAM sockets, this is 0001; for
SOCK_DGRAM sockets, it is 0002; and for SOCK_SEQPACKET
sockets, it is 0005.
- St:
- the internal state of the socket.
- Inode:
- the inode number of the socket.
- Path:
- the bound pathname (if any) of the socket. Sockets in the abstract
namespace are included in the list, and are shown with a Path that
commences with the character '@'.
- /proc/net/netfilter/nfnetlink_queue
- This file contains information about netfilter user-space queueing, if
used. Each line represents a queue. Queues that have not been subscribed
to by user space are not shown.
-
1 4207 0 2 65535 0 0 0 1
(1) (2) (3)(4) (5) (6) (7) (8)
- The fields in each line are:
- (1)
- The ID of the queue. This matches what is specified in the
--queue-num or --queue-balance options to the
iptables(8) NFQUEUE target. See iptables-extensions(8) for
more information.
- (2)
- The netlink port ID subscribed to the queue.
- (3)
- The number of packets currently queued and waiting to be processed by the
application.
- (4)
- The copy mode of the queue. It is either 1 (metadata only) or 2 (also copy
payload data to user space).
- (5)
- Copy range; that is, how many bytes of packet payload should be copied to
user space at most.
- (6)
- queue dropped. Number of packets that had to be dropped by the kernel
because too many packets are already waiting for user space to send back
the mandatory accept/drop verdicts.
- (7)
- queue user dropped. Number of packets that were dropped within the netlink
subsystem. Such drops usually happen when the corresponding socket buffer
is full; that is, user space is not able to read messages fast
enough.
- (8)
- sequence number. Every queued packet is associated with a (32-bit)
monotonically-increasing sequence number. This shows the ID of the most
recent packet queued.
- The last number exists only for compatibility reasons and is always
1.
- /proc/partitions
- Contains the major and minor numbers of each partition as well as the
number of 1024-byte blocks and the partition name.
- /proc/pci
- This is a listing of all PCI devices found during kernel initialization
and their configuration.
- This file has been deprecated in favor of a new /proc interface for
PCI (/proc/bus/pci). It became optional in Linux 2.2 (available
with CONFIG_PCI_OLD_PROC set at kernel compilation). It became once
more nonoptionally enabled in Linux 2.4. Next, it was deprecated in Linux
2.6 (still available with CONFIG_PCI_LEGACY_PROC set), and finally
removed altogether since Linux 2.6.17.
- /proc/profile (since Linux 2.4)
- This file is present only if the kernel was booted with the
profile=1 command-line option. It exposes kernel profiling
information in a binary format for use by readprofile(1). Writing
(e.g., an empty string) to this file resets the profiling counters; on
some architectures, writing a binary integer "profiling
multiplier" of size sizeof(int) sets the profiling interrupt
frequency.
- /proc/scsi
- A directory with the scsi mid-level pseudo-file and various SCSI
low-level driver directories, which contain a file for each SCSI host in
this system, all of which give the status of some part of the SCSI IO
subsystem. These files contain ASCII structures and are, therefore,
readable with cat(1).
- You can also write to some of the files to reconfigure the subsystem or
switch certain features on or off.
- /proc/scsi/scsi
- This is a listing of all SCSI devices known to the kernel. The listing is
similar to the one seen during bootup. scsi currently supports only the
add-single-device command which allows root to add a hotplugged
device to the list of known devices.
- The command
-
echo 'scsi add-single-device 1 0 5 0' > /proc/scsi/scsi
- will cause host scsi1 to scan on SCSI channel 0 for a device on ID 5 LUN
0. If there is already a device known on this address or the address is
invalid, an error will be returned.
- /proc/scsi/[drivername]
- [drivername] can currently be NCR53c7xx, aha152x, aha1542, aha1740,
aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000, pas16, qlogic,
scsi_debug, seagate, t128, u15-24f, ultrastore, or wd7000. These
directories show up for all drivers that registered at least one SCSI HBA.
Every directory contains one file per registered host. Every host-file is
named after the number the host was assigned during initialization.
- Reading these files will usually show driver and host configuration,
statistics, and so on.
- Writing to these files allows different things on different hosts. For
example, with the latency and nolatency commands, root can
switch on and off command latency measurement code in the eata_dma driver.
With the lockup and unlock commands, root can control bus
lockups simulated by the scsi_debug driver.
- /proc/self
- This directory refers to the process accessing the /proc
filesystem, and is identical to the /proc directory named by the
process ID of the same process.
- /proc/slabinfo
- Information about kernel caches. See slabinfo(5) for details.
- /proc/stat
- kernel/system statistics. Varies with architecture. Common entries
include:
- cpu 10132153 290696 3084719 46828483 16683 0 25195 0 175628 0
- cpu0 1393280 32966 572056 13343292 6130 0 17875 0 23933 0 The
amount of time, measured in units of USER_HZ (1/100ths of a second on most
architectures, use sysconf(_SC_CLK_TCK) to obtain the right value),
that the system ("cpu" line) or the specific CPU ("cpu
N" line) spent in various states:
- user
- (1) Time spent in user mode.
- nice
- (2) Time spent in user mode with low priority (nice).
- system
- (3) Time spent in system mode.
- idle
- (4) Time spent in the idle task. This value should be USER_HZ times the
second entry in the /proc/uptime pseudo-file.
- iowait (since Linux 2.5.41)
- (5) Time waiting for I/O to complete. This value is not reliable, for the
following reasons:
- 1.
- The CPU will not wait for I/O to complete; iowait is the time that a task
is waiting for I/O to complete. When a CPU goes into idle state for
outstanding task I/O, another task will be scheduled on this CPU.
- 2.
- On a multi-core CPU, the task waiting for I/O to complete is not running
on any CPU, so the iowait of each CPU is difficult to calculate.
- 3.
- The value in this field may decrease in certain conditions.
- irq (since Linux 2.6.0)
- (6) Time servicing interrupts.
- softirq (since Linux 2.6.0
- (7) Time servicing softirqs.
- steal (since Linux 2.6.11)
- (8) Stolen time, which is the time spent in other operating systems when
running in a virtualized environment
- guest (since Linux 2.6.24)
- (9) Time spent running a virtual CPU for guest operating systems under the
control of the Linux kernel.
- guest_nice (since Linux 2.6.33)
- (10) Time spent running a niced guest (virtual CPU for guest operating
systems under the control of the Linux kernel).
- page 5741 1808
- The number of pages the system paged in and the number that were paged out
(from disk).
- swap 1 0
- The number of swap pages that have been brought in and out.
- intr 1462898
- This line shows counts of interrupts serviced since boot time, for each of
the possible system interrupts. The first column is the total of all
interrupts serviced including unnumbered architecture specific interrupts;
each subsequent column is the total for that particular numbered
interrupt. Unnumbered interrupts are not shown, only summed into the
total.
- disk_io: (2,0):(31,30,5764,1,2) (3,0):...
- (major,disk_idx):(noinfo, read_io_ops, blks_read, write_io_ops,
blks_written)
(Linux 2.4 only)
- ctxt 115315
- The number of context switches that the system underwent.
- btime 769041601
- boot time, in seconds since the Epoch, 1970-01-01 00:00:00 +0000
(UTC).
- processes 86031
- Number of forks since boot.
- procs_running 6
- Number of processes in runnable state. (Linux 2.5.45 onward.)
- procs_blocked 2
- Number of processes blocked waiting for I/O to complete. (Linux 2.5.45
onward.)
- softirq 229245889 94 60001584 13619 5175704 2471304 28 51212741
59130143 0 51240672
- This line shows the number of softirq for all CPUs. The first column is
the total of all softirqs and each subsequent column is the total for
particular softirq. (Linux 2.6.31 onward.)
- /proc/swaps
- Swap areas in use. See also swapon(8).
- /proc/sys
- This directory (present since 1.3.57) contains a number of files and
subdirectories corresponding to kernel variables. These variables can be
read and sometimes modified using the /proc filesystem, and the
(deprecated) sysctl(2) system call.
- String values may be terminated by either '\0' or '\n'.
- Integer and long values may be written either in decimal or in hexadecimal
notation (e.g. 0x3FFF). When writing multiple integer or long values,
these may be separated by any of the following whitespace characters:
' ', '\t', or '\n'. Using other separators leads to the error
EINVAL.
- /proc/sys/abi (since Linux 2.4.10)
- This directory may contain files with application binary information. See
the Linux kernel source file Documentation/sysctl/abi.txt for more
information.
- /proc/sys/debug
- This directory may be empty.
- /proc/sys/dev
- This directory contains device-specific information (e.g.,
dev/cdrom/info). On some systems, it may be empty.
- /proc/sys/fs
- This directory contains the files and subdirectories for kernel variables
related to filesystems.
- /proc/sys/fs/binfmt_misc
- Documentation for files in this directory can be found in the Linux kernel
source in the file Documentation/admin-guide/binfmt-misc.rst (or in
Documentation/binfmt_misc.txt on older kernels).
- /proc/sys/fs/dentry-state (since Linux 2.2)
- This file contains information about the status of the directory cache
(dcache). The file contains six numbers, nr_dentry,
nr_unused, age_limit (age in seconds), want_pages
(pages requested by system) and two dummy values.
- *
- nr_dentry is the number of allocated dentries (dcache entries).
This field is unused in Linux 2.2.
- *
- nr_unused is the number of unused dentries.
- *
- age_limit is the age in seconds after which dcache entries can be
reclaimed when memory is short.
- *
- want_pages is nonzero when the kernel has called
shrink_dcache_pages() and the dcache isn't pruned yet.
- /proc/sys/fs/dir-notify-enable
- This file can be used to disable or enable the dnotify interface
described in fcntl(2) on a system-wide basis. A value of 0 in this
file disables the interface, and a value of 1 enables it.
- /proc/sys/fs/dquot-max
- This file shows the maximum number of cached disk quota entries. On some
(2.4) systems, it is not present. If the number of free cached disk quota
entries is very low and you have some awesome number of simultaneous
system users, you might want to raise the limit.
- /proc/sys/fs/dquot-nr
- This file shows the number of allocated disk quota entries and the number
of free disk quota entries.
- /proc/sys/fs/epoll (since Linux 2.6.28)
- This directory contains the file max_user_watches, which can be
used to limit the amount of kernel memory consumed by the epoll
interface. For further details, see epoll(7).
- /proc/sys/fs/file-max
- This file defines a system-wide limit on the number of open files for all
processes. System calls that fail when encountering this limit fail with
the error ENFILE. (See also setrlimit(2), which can be used
by a process to set the per-process limit, RLIMIT_NOFILE, on the
number of files it may open.) If you get lots of error messages in the
kernel log about running out of file handles (look for "VFS: file-max
limit <number> reached"), try increasing this value:
-
echo 100000 > /proc/sys/fs/file-max
- Privileged processes (CAP_SYS_ADMIN) can override the
file-max limit.
- /proc/sys/fs/file-nr
- This (read-only) file contains three numbers: the number of allocated file
handles (i.e., the number of files presently opened); the number of free
file handles; and the maximum number of file handles (i.e., the same value
as /proc/sys/fs/file-max). If the number of allocated file handles
is close to the maximum, you should consider increasing the maximum.
Before Linux 2.6, the kernel allocated file handles dynamically, but it
didn't free them again. Instead the free file handles were kept in a list
for reallocation; the "free file handles" value indicates the
size of that list. A large number of free file handles indicates that
there was a past peak in the usage of open file handles. Since Linux 2.6,
the kernel does deallocate freed file handles, and the "free file
handles" value is always zero.
- /proc/sys/fs/inode-max (only present until Linux 2.2)
- This file contains the maximum number of in-memory inodes. This value
should be 3–4 times larger than the value in file-max, since
stdin, stdout and network sockets also need an inode to
handle them. When you regularly run out of inodes, you need to increase
this value.
- Starting with Linux 2.4, there is no longer a static limit on the number
of inodes, and this file is removed.
- /proc/sys/fs/inode-nr
- This file contains the first two values from inode-state.
- /proc/sys/fs/inode-state
- This file contains seven numbers: nr_inodes, nr_free_inodes,
preshrink, and four dummy values (always zero).
- nr_inodes is the number of inodes the system has allocated.
nr_free_inodes represents the number of free inodes.
- preshrink is nonzero when the nr_inodes >
inode-max and the system needs to prune the inode list instead of
allocating more; since Linux 2.4, this field is a dummy value (always
zero).
- /proc/sys/fs/inotify (since Linux 2.6.13)
- This directory contains files max_queued_events,
max_user_instances, and max_user_watches, that can be used
to limit the amount of kernel memory consumed by the inotify
interface. For further details, see inotify(7).
- /proc/sys/fs/lease-break-time
- This file specifies the grace period that the kernel grants to a process
holding a file lease (fcntl(2)) after it has sent a signal to that
process notifying it that another process is waiting to open the file. If
the lease holder does not remove or downgrade the lease within this grace
period, the kernel forcibly breaks the lease.
- /proc/sys/fs/leases-enable
- This file can be used to enable or disable file leases (fcntl(2))
on a system-wide basis. If this file contains the value 0, leases are
disabled. A nonzero value enables leases.
- /proc/sys/fs/mount-max (since Linux 4.9)
- The value in this file specifies the maximum number of mounts that may
exist in a mount namespace. The default value in this file is
100,000.
- /proc/sys/fs/mqueue (since Linux 2.6.6)
- This directory contains files msg_max, msgsize_max, and
queues_max, controlling the resources used by POSIX message queues.
See mq_overview(7) for details.
- /proc/sys/fs/nr_open (since Linux 2.6.25)
- This file imposes ceiling on the value to which the RLIMIT_NOFILE
resource limit can be raised (see getrlimit(2)). This ceiling is
enforced for both unprivileged and privileged process. The default value
in this file is 1048576. (Before Linux 2.6.25, the ceiling for
RLIMIT_NOFILE was hard-coded to the same value.)
- /proc/sys/fs/overflowgid and /proc/sys/fs/overflowuid
- These files allow you to change the value of the fixed UID and GID. The
default is 65534. Some filesystems support only 16-bit UIDs and GIDs,
although in Linux UIDs and GIDs are 32 bits. When one of these filesystems
is mounted with writes enabled, any UID or GID that would exceed 65535 is
translated to the overflow value before being written to disk.
- /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
- See pipe(7).
- /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
- See pipe(7).
- /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
- See pipe(7).
- /proc/sys/fs/protected_hardlinks (since Linux 3.6)
- When the value in this file is 0, no restrictions are placed on the
creation of hard links (i.e., this is the historical behavior before Linux
3.6). When the value in this file is 1, a hard link can be created to a
target file only if one of the following conditions is true:
- *
- The calling process has the CAP_FOWNER capability in its user
namespace and the file UID has a mapping in the namespace.
- *
- The filesystem UID of the process creating the link matches the owner
(UID) of the target file (as described in credentials(7), a
process's filesystem UID is normally the same as its effective UID).
- *
- All of the following conditions are true:
- •
- the target is a regular file;
- •
- the target file does not have its set-user-ID mode bit enabled;
- •
- the target file does not have both its set-group-ID and group-executable
mode bits enabled; and
- •
- the caller has permission to read and write the target file (either via
the file's permissions mask or because it has suitable capabilities).
- The default value in this file is 0. Setting the value to 1 prevents a
longstanding class of security issues caused by hard-link-based
time-of-check, time-of-use races, most commonly seen in world-writable
directories such as /tmp. The common method of exploiting this flaw
is to cross privilege boundaries when following a given hard link (i.e., a
root process follows a hard link created by another user). Additionally,
on systems without separated partitions, this stops unauthorized users
from "pinning" vulnerable set-user-ID and set-group-ID files
against being upgraded by the administrator, or linking to special
files.
- /proc/sys/fs/protected_symlinks (since Linux 3.6)
- When the value in this file is 0, no restrictions are placed on following
symbolic links (i.e., this is the historical behavior before Linux 3.6).
When the value in this file is 1, symbolic links are followed only in the
following circumstances:
- *
- the filesystem UID of the process following the link matches the owner
(UID) of the symbolic link (as described in credentials(7), a
process's filesystem UID is normally the same as its effective UID);
- *
- the link is not in a sticky world-writable directory; or
- *
- the symbolic link and its parent directory have the same owner (UID)
- A system call that fails to follow a symbolic link because of the above
restrictions returns the error EACCES in errno.
- The default value in this file is 0. Setting the value to 1 avoids a
longstanding class of security issues based on time-of-check, time-of-use
races when accessing symbolic links.
- /proc/sys/fs/suid_dumpable (since Linux 2.6.13)
- The value in this file is assigned to a process's "dumpable"
flag in the circumstances described in prctl(2). In effect, the
value in this file determines whether core dump files are produced for
set-user-ID or otherwise protected/tainted binaries. The
"dumpable" setting also affects the ownership of files in a
process's /proc/[pid] directory, as described above.
- Three different integer values can be specified:
- 0 (default)
- This provides the traditional (pre-Linux 2.6.13) behavior. A core dump
will not be produced for a process which has changed credentials (by
calling seteuid(2), setgid(2), or similar, or by executing a
set-user-ID or set-group-ID program) or whose binary does not have read
permission enabled.
- 1 ("debug")
- All processes dump core when possible. (Reasons why a process might
nevertheless not dump core are described in core(5).) The core dump
is owned by the filesystem user ID of the dumping process and no security
is applied. This is intended for system debugging situations only: this
mode is insecure because it allows unprivileged users to examine the
memory contents of privileged processes.
- 2 ("suidsafe")
- Any binary which normally would not be dumped (see "0" above) is
dumped readable by root only. This allows the user to remove the core dump
file but not to read it. For security reasons core dumps in this mode will
not overwrite one another or other files. This mode is appropriate when
administrators are attempting to debug problems in a normal
environment.
- Additionally, since Linux 3.6, /proc/sys/kernel/core_pattern must
either be an absolute pathname or a pipe command, as detailed in
core(5). Warnings will be written to the kernel log if
core_pattern does not follow these rules, and no core dump will be
produced.
- For details of the effect of a process's "dumpable" setting on
ptrace access mode checking, see ptrace(2).
- /proc/sys/fs/super-max
- This file controls the maximum number of superblocks, and thus the maximum
number of mounted filesystems the kernel can have. You need increase only
super-max if you need to mount more filesystems than the current
value in super-max allows you to.
- /proc/sys/fs/super-nr
- This file contains the number of filesystems currently mounted.
- /proc/sys/kernel
- This directory contains files controlling a range of kernel parameters, as
described below.
- /proc/sys/kernel/acct
- This file contains three numbers: highwater, lowwater, and
frequency. If BSD-style process accounting is enabled, these values
control its behavior. If free space on filesystem where the log lives goes
below lowwater percent, accounting suspends. If free space gets
above highwater percent, accounting resumes. frequency
determines how often the kernel checks the amount of free space (value is
in seconds). Default values are 4, 2 and 30. That is, suspend accounting
if 2% or less space is free; resume it if 4% or more space is free;
consider information about amount of free space valid for 30 seconds.
- /proc/sys/kernel/auto_msgmni (Linux 2.6.27 to 3.18)
- From Linux 2.6.27 to 3.18, this file was used to control recomputing of
the value in /proc/sys/kernel/msgmni upon the addition or removal
of memory or upon IPC namespace creation/removal. Echoing "1"
into this file enabled msgmni automatic recomputing (and triggered
a recomputation of msgmni based on the current amount of available
memory and number of IPC namespaces). Echoing "0" disabled
automatic recomputing. (Automatic recomputing was also disabled if a value
was explicitly assigned to /proc/sys/kernel/msgmni.) The default
value in auto_msgmni was 1.
- Since Linux 3.19, the content of this file has no effect (because
msgmni defaults to near the maximum value possible), and reads from
this file always return the value "0".
- /proc/sys/kernel/cap_last_cap (since Linux 3.2)
- See capabilities(7).
- /proc/sys/kernel/cap-bound (from Linux 2.2 to 2.6.24)
- This file holds the value of the kernel capability bounding set
(expressed as a signed decimal number). This set is ANDed against the
capabilities permitted to a process during execve(2). Starting with
Linux 2.6.25, the system-wide capability bounding set disappeared, and was
replaced by a per-thread bounding set; see capabilities(7).
- /proc/sys/kernel/core_pattern
- See core(5).
- /proc/sys/kernel/core_pipe_limit
- See core(5).
- /proc/sys/kernel/core_uses_pid
- See core(5).
- /proc/sys/kernel/ctrl-alt-del
- This file controls the handling of Ctrl-Alt-Del from the keyboard. When
the value in this file is 0, Ctrl-Alt-Del is trapped and sent to the
init(1) program to handle a graceful restart. When the value is
greater than zero, Linux's reaction to a Vulcan Nerve Pinch (tm) will be
an immediate reboot, without even syncing its dirty buffers. Note: when a
program (like dosemu) has the keyboard in "raw" mode, the
ctrl-alt-del is intercepted by the program before it ever reaches the
kernel tty layer, and it's up to the program to decide what to do with
it.
- /proc/sys/kernel/dmesg_restrict (since Linux 2.6.37)
- The value in this file determines who can see kernel syslog contents. A
value of 0 in this file imposes no restrictions. If the value is 1, only
privileged users can read the kernel syslog. (See syslog(2) for
more details.) Since Linux 3.4, only users with the CAP_SYS_ADMIN
capability may change the value in this file.
- /proc/sys/kernel/domainname and
/proc/sys/kernel/hostname
- can be used to set the NIS/YP domainname and the hostname of your box in
exactly the same way as the commands domainname(1) and
hostname(1), that is:
-
# echo 'darkstar' > /proc/sys/kernel/hostname
# echo 'mydomain' > /proc/sys/kernel/domainname
- has the same effect as
-
# hostname 'darkstar'
# domainname 'mydomain'
- Note, however, that the classic darkstar.frop.org has the hostname
"darkstar" and DNS (Internet Domain Name Server) domainname
"frop.org", not to be confused with the NIS (Network Information
Service) or YP (Yellow Pages) domainname. These two domain names are in
general different. For a detailed discussion see the hostname(1)
man page.
- /proc/sys/kernel/hotplug
- This file contains the pathname for the hotplug policy agent. The default
value in this file is /sbin/hotplug.
- /proc/sys/kernel/htab-reclaim (before Linux 2.4.9.2)
- (PowerPC only) If this file is set to a nonzero value, the PowerPC htab
(see kernel file Documentation/powerpc/ppc_htab.txt) is pruned each
time the system hits the idle loop.
- /proc/sys/kernel/keys/*
- This directory contains various files that define parameters and limits
for the key-management facility. These files are described in
keyrings(7).
- /proc/sys/kernel/kptr_restrict (since Linux 2.6.38)
- The value in this file determines whether kernel addresses are exposed via
/proc files and other interfaces. A value of 0 in this file imposes
no restrictions. If the value is 1, kernel pointers printed using the
%pK format specifier will be replaced with zeros unless the user
has the CAP_SYSLOG capability. If the value is 2, kernel pointers
printed using the %pK format specifier will be replaced with zeros
regardless of the user's capabilities. The initial default value for this
file was 1, but the default was changed to 0 in Linux 2.6.39. Since Linux
3.4, only users with the CAP_SYS_ADMIN capability can change the
value in this file.
- /proc/sys/kernel/l2cr
- (PowerPC only) This file contains a flag that controls the L2 cache of G3
processor boards. If 0, the cache is disabled. Enabled if nonzero.
- /proc/sys/kernel/modprobe
- This file contains the pathname for the kernel module loader. The default
value is /sbin/modprobe. The file is present only if the kernel is
built with the CONFIG_MODULES (CONFIG_KMOD in Linux 2.6.26
and earlier) option enabled. It is described by the Linux kernel source
file Documentation/kmod.txt (present only in kernel 2.4 and
earlier).
- /proc/sys/kernel/modules_disabled (since Linux 2.6.31)
- A toggle value indicating if modules are allowed to be loaded in an
otherwise modular kernel. This toggle defaults to off (0), but can be set
true (1). Once true, modules can be neither loaded nor unloaded, and the
toggle cannot be set back to false. The file is present only if the kernel
is built with the CONFIG_MODULES option enabled.
- /proc/sys/kernel/msgmax (since Linux 2.2)
- This file defines a system-wide limit specifying the maximum number of
bytes in a single message written on a System V message queue.
- /proc/sys/kernel/msgmni (since Linux 2.4)
- This file defines the system-wide limit on the number of message queue
identifiers. See also /proc/sys/kernel/auto_msgmni.
- /proc/sys/kernel/msgmnb (since Linux 2.2)
- This file defines a system-wide parameter used to initialize the
msg_qbytes setting for subsequently created message queues. The
msg_qbytes setting specifies the maximum number of bytes that may
be written to the message queue.
- /proc/sys/kernel/ngroups_max (since Linux 2.6.4)
- This is a read-only file that displays the upper limit on the number of a
process's group memberships.
- /proc/sys/kernel/ns_last_pid (since Linux 3.3)
- See pid_namespaces(7).
- /proc/sys/kernel/ostype and /proc/sys/kernel/osrelease
- These files give substrings of /proc/version.
- /proc/sys/kernel/overflowgid and
/proc/sys/kernel/overflowuid
- These files duplicate the files /proc/sys/fs/overflowgid and
/proc/sys/fs/overflowuid.
- /proc/sys/kernel/panic
- This file gives read/write access to the kernel variable
panic_timeout. If this is zero, the kernel will loop on a panic; if
nonzero, it indicates that the kernel should autoreboot after this number
of seconds. When you use the software watchdog device driver, the
recommended setting is 60.
- /proc/sys/kernel/panic_on_oops (since Linux 2.5.68)
- This file controls the kernel's behavior when an oops or BUG is
encountered. If this file contains 0, then the system tries to continue
operation. If it contains 1, then the system delays a few seconds (to give
klogd time to record the oops output) and then panics. If the
/proc/sys/kernel/panic file is also nonzero, then the machine will
be rebooted.
- /proc/sys/kernel/pid_max (since Linux 2.5.34)
- This file specifies the value at which PIDs wrap around (i.e., the value
in this file is one greater than the maximum PID). PIDs greater than this
value are not allocated; thus, the value in this file also acts as a
system-wide limit on the total number of processes and threads. The
default value for this file, 32768, results in the same range of PIDs as
on earlier kernels. On 32-bit platforms, 32768 is the maximum value for
pid_max. On 64-bit systems, pid_max can be set to any value
up to 2^22 (PID_MAX_LIMIT, approximately 4 million).
- /proc/sys/kernel/powersave-nap (PowerPC only)
- This file contains a flag. If set, Linux-PPC will use the "nap"
mode of powersaving, otherwise the "doze" mode will be
used.
- /proc/sys/kernel/printk
- See syslog(2).
- /proc/sys/kernel/pty (since Linux 2.6.4)
- This directory contains two files relating to the number of UNIX 98
pseudoterminals (see pts(4)) on the system.
- /proc/sys/kernel/pty/max
- This file defines the maximum number of pseudoterminals.
- /proc/sys/kernel/pty/nr
- This read-only file indicates how many pseudoterminals are currently in
use.
- /proc/sys/kernel/random
- This directory contains various parameters controlling the operation of
the file /dev/random. See random(4) for further
information.
- /proc/sys/kernel/random/uuid (since Linux 2.4)
- Each read from this read-only file returns a randomly generated 128-bit
UUID, as a string in the standard UUID format.
- /proc/sys/kernel/randomize_va_space (since Linux 2.6.12)
- Select the address space layout randomization (ASLR) policy for the system
(on architectures that support ASLR). Three values are supported for this
file:
- 0
- Turn ASLR off. This is the default for architectures that don't support
ASLR, and when the kernel is booted with the norandmaps
parameter.
- 1
- Make the addresses of mmap(2) allocations, the stack, and the VDSO
page randomized. Among other things, this means that shared libraries will
be loaded at randomized addresses. The text segment of PIE-linked binaries
will also be loaded at a randomized address. This value is the default if
the kernel was configured with CONFIG_COMPAT_BRK.
- 2
- (Since Linux 2.6.25) Also support heap randomization. This value is the
default if the kernel was not configured with
CONFIG_COMPAT_BRK.
- /proc/sys/kernel/real-root-dev
- This file is documented in the Linux kernel source file
Documentation/admin-guide/initrd.rst (or
Documentation/initrd.txt before Linux 4.10).
- /proc/sys/kernel/reboot-cmd (Sparc only)
- This file seems to be a way to give an argument to the SPARC ROM/Flash
boot loader. Maybe to tell it what to do after rebooting?
- /proc/sys/kernel/rtsig-max
- (Only in kernels up to and including 2.6.7; see setrlimit(2)) This
file can be used to tune the maximum number of POSIX real-time (queued)
signals that can be outstanding in the system.
- /proc/sys/kernel/rtsig-nr
- (Only in kernels up to and including 2.6.7.) This file shows the number of
POSIX real-time signals currently queued.
- /proc/[pid]/sched_autogroup_enabled (since Linux 2.6.38)
- See sched(7).
- /proc/sys/kernel/sched_child_runs_first (since Linux 2.6.23)
- If this file contains the value zero, then, after a fork(2), the
parent is first scheduled on the CPU. If the file contains a nonzero
value, then the child is scheduled first on the CPU. (Of course, on a
multiprocessor system, the parent and the child might both immediately be
scheduled on a CPU.)
- /proc/sys/kernel/sched_rr_timeslice_ms (since Linux 3.9)
- See sched_rr_get_interval(2).
- /proc/sys/kernel/sched_rt_period_us (since Linux 2.6.25)
- See sched(7).
- /proc/sys/kernel/sched_rt_runtime_us (since Linux 2.6.25)
- See sched(7).
- /proc/sys/kernel/seccomp (since Linux 4.14)
- This directory provides additional seccomp information and configuration.
See seccomp(2) for further details.
- /proc/sys/kernel/sem (since Linux 2.4)
- This file contains 4 numbers defining limits for System V IPC semaphores.
These fields are, in order:
- SEMMSL
- The maximum semaphores per semaphore set.
- SEMMNS
- A system-wide limit on the number of semaphores in all semaphore
sets.
- SEMOPM
- The maximum number of operations that may be specified in a
semop(2) call.
- SEMMNI
- A system-wide limit on the maximum number of semaphore identifiers.
- /proc/sys/kernel/sg-big-buff
- This file shows the size of the generic SCSI device (sg) buffer. You can't
tune it just yet, but you could change it at compile time by editing
include/scsi/sg.h and changing the value of SG_BIG_BUFF.
However, there shouldn't be any reason to change this value.
- /proc/sys/kernel/shm_rmid_forced (since Linux 3.1)
- If this file is set to 1, all System V shared memory segments will be
marked for destruction as soon as the number of attached processes falls
to zero; in other words, it is no longer possible to create shared memory
segments that exist independently of any attached process.
- The effect is as though a shmctl(2) IPC_RMID is performed on
all existing segments as well as all segments created in the future (until
this file is reset to 0). Note that existing segments that are attached to
no process will be immediately destroyed when this file is set to 1.
Setting this option will also destroy segments that were created, but
never attached, upon termination of the process that created the segment
with shmget(2).
- Setting this file to 1 provides a way of ensuring that all System V shared
memory segments are counted against the resource usage and resource limits
(see the description of RLIMIT_AS in getrlimit(2)) of at
least one process.
- Because setting this file to 1 produces behavior that is nonstandard and
could also break existing applications, the default value in this file is
0. Set this file to 1 only if you have a good understanding of the
semantics of the applications using System V shared memory on your
system.
- /proc/sys/kernel/shmall (since Linux 2.2)
- This file contains the system-wide limit on the total number of pages of
System V shared memory.
- /proc/sys/kernel/shmmax (since Linux 2.2)
- This file can be used to query and set the run-time limit on the maximum
(System V IPC) shared memory segment size that can be created. Shared
memory segments up to 1GB are now supported in the kernel. This value
defaults to SHMMAX.
- /proc/sys/kernel/shmmni (since Linux 2.4)
- This file specifies the system-wide maximum number of System V shared
memory segments that can be created.
- /proc/sys/kernel/sysctl_writes_strict (since Linux 3.16)
- The value in this file determines how the file offset affects the behavior
of updating entries in files under /proc/sys. The file has three
possible values:
- -1
- This provides legacy handling, with no printk warnings. Each
write(2) must fully contain the value to be written, and multiple
writes on the same file descriptor will overwrite the entire value,
regardless of the file position.
- 0
- (default) This provides the same behavior as for -1, but printk warnings
are written for processes that perform writes when the file offset is not
0.
- 1
- Respect the file offset when writing strings into /proc/sys files.
Multiple writes will append to the value buffer. Anything written
beyond the maximum length of the value buffer will be ignored. Writes to
numeric /proc/sys entries must always be at file offset 0 and the
value must be fully contained in the buffer provided to
write(2).
- /proc/sys/kernel/sysrq
- This file controls the functions allowed to be invoked by the SysRq key.
By default, the file contains 1 meaning that every possible SysRq request
is allowed (in older kernel versions, SysRq was disabled by default, and
you were required to specifically enable it at run-time, but this is not
the case any more). Possible values in this file are:
- 0
- Disable sysrq completely
- 1
- Enable all functions of sysrq
- > 1
- Bit mask of allowed sysrq functions, as follows:
- 2
- Enable control of console logging level
- 4
- Enable control of keyboard (SAK, unraw)
- 8
- Enable debugging dumps of processes etc.
- 16
- Enable sync command
- 32
- Enable remount read-only
- 64
- Enable signaling of processes (term, kill, oom-kill)
- 128
- Allow reboot/poweroff
- 256
- Allow nicing of all real-time tasks
- This file is present only if the CONFIG_MAGIC_SYSRQ kernel
configuration option is enabled. For further details see the Linux kernel
source file Documentation/admin-guide/sysrq.rst (or
Documentation/sysrq.txt before Linux 4.10).
- /proc/sys/kernel/version
- This file contains a string such as:
-
#5 Wed Feb 25 21:49:24 MET 1998
- The "#5" means that this is the fifth kernel built from this
source base and the date following it indicates the time the kernel was
built.
- /proc/sys/kernel/threads-max (since Linux 2.3.11)
- This file specifies the system-wide limit on the number of threads (tasks)
that can be created on the system.
- Since Linux 4.1, the value that can be written to threads-max is
bounded. The minimum value that can be written is 20. The maximum value
that can be written is given by the constant FUTEX_TID_MASK
(0x3fffffff). If a value outside of this range is written to
threads-max, the error EINVAL occurs.
- The value written is checked against the available RAM pages. If the
thread structures would occupy too much (more than 1/8th) of the available
RAM pages, threads-max is reduced accordingly.
- /proc/sys/kernel/yama/ptrace_scope (since Linux 3.5)
- See ptrace(2).
- /proc/sys/kernel/zero-paged (PowerPC only)
- This file contains a flag. When enabled (nonzero), Linux-PPC will pre-zero
pages in the idle loop, possibly speeding up get_free_pages.
- /proc/sys/net
- This directory contains networking stuff. Explanations for some of the
files under this directory can be found in tcp(7) and
ip(7).
- /proc/sys/net/core/bpf_jit_enable
- See bpf(2).
- /proc/sys/net/core/somaxconn
- This file defines a ceiling value for the backlog argument of
listen(2); see the listen(2) manual page for details.
- /proc/sys/proc
- This directory may be empty.
- /proc/sys/sunrpc
- This directory supports Sun remote procedure call for network filesystem
(NFS). On some systems, it is not present.
- /proc/sys/user (since Linux 4.9)
- See namespaces(7).
- /proc/sys/vm
- This directory contains files for memory management tuning, buffer and
cache management.
- /proc/sys/vm/admin_reserve_kbytes (since Linux 3.10)
- This file defines the amount of free memory (in KiB) on the system that
should be reserved for users with the capability
CAP_SYS_ADMIN.
- The default value in this file is the minimum of [3% of free pages, 8MiB]
expressed as KiB. The default is intended to provide enough for the
superuser to log in and kill a process, if necessary, under the default
overcommit 'guess' mode (i.e., 0 in
/proc/sys/vm/overcommit_memory).
- Systems running in "overcommit never" mode (i.e., 2 in
/proc/sys/vm/overcommit_memory) should increase the value in this
file to account for the full virtual memory size of the programs used to
recover (e.g., login(1) ssh(1), and top(1))
Otherwise, the superuser may not be able to log in to recover the system.
For example, on x86-64 a suitable value is 131072 (128MiB reserved).
- Changing the value in this file takes effect whenever an application
requests memory.
- /proc/sys/vm/compact_memory (since Linux 2.6.35)
- When 1 is written to this file, all zones are compacted such that free
memory is available in contiguous blocks where possible. The effect of
this action can be seen by examining /proc/buddyinfo.
- Present only if the kernel was configured with
CONFIG_COMPACTION.
- /proc/sys/vm/drop_caches (since Linux 2.6.16)
- Writing to this file causes the kernel to drop clean caches, dentries, and
inodes from memory, causing that memory to become free. This can be useful
for memory management testing and performing reproducible filesystem
benchmarks. Because writing to this file causes the benefits of caching to
be lost, it can degrade overall system performance.
- To free pagecache, use:
-
echo 1 > /proc/sys/vm/drop_caches
- To free dentries and inodes, use:
-
echo 2 > /proc/sys/vm/drop_caches
- To free pagecache, dentries and inodes, use:
-
echo 3 > /proc/sys/vm/drop_caches
- Because writing to this file is a nondestructive operation and dirty
objects are not freeable, the user should run sync(1) first.
- /proc/sys/vm/legacy_va_layout (since Linux 2.6.9)
- If nonzero, this disables the new 32-bit memory-mapping layout; the kernel
will use the legacy (2.4) layout for all processes.
- /proc/sys/vm/memory_failure_early_kill (since Linux 2.6.32)
- Control how to kill processes when an uncorrected memory error (typically
a 2-bit error in a memory module) that cannot be handled by the kernel is
detected in the background by hardware. In some cases (like the page still
having a valid copy on disk), the kernel will handle the failure
transparently without affecting any applications. But if there is no other
up-to-date copy of the data, it will kill processes to prevent any data
corruptions from propagating.
- The file has one of the following values:
- 1:
- Kill all processes that have the corrupted-and-not-reloadable page mapped
as soon as the corruption is detected. Note that this is not supported for
a few types of pages, such as kernel internally allocated data or the swap
cache, but works for the majority of user pages.
- 0:
- Unmap the corrupted page from all processes and kill a process only if it
tries to access the page.
- The kill is performed using a SIGBUS signal with si_code set
to BUS_MCEERR_AO. Processes can handle this if they want to; see
sigaction(2) for more details.
- This feature is active only on architectures/platforms with advanced
machine check handling and depends on the hardware capabilities.
- Applications can override the memory_failure_early_kill setting
individually with the prctl(2) PR_MCE_KILL operation.
- Present only if the kernel was configured with
CONFIG_MEMORY_FAILURE.
- /proc/sys/vm/memory_failure_recovery (since Linux 2.6.32)
- Enable memory failure recovery (when supported by the platform)
- 1:
- Attempt recovery.
- 0:
- Always panic on a memory failure.
- Present only if the kernel was configured with
CONFIG_MEMORY_FAILURE.
- /proc/sys/vm/oom_dump_tasks (since Linux 2.6.25)
- Enables a system-wide task dump (excluding kernel threads) to be produced
when the kernel performs an OOM-killing. The dump includes the following
information for each task (thread, process): thread ID, real user ID,
thread group ID (process ID), virtual memory size, resident set size, the
CPU that the task is scheduled on, oom_adj score (see the description of
/proc/[pid]/oom_adj), and command name. This is helpful to
determine why the OOM-killer was invoked and to identify the rogue task
that caused it.
- If this contains the value zero, this information is suppressed. On very
large systems with thousands of tasks, it may not be feasible to dump the
memory state information for each one. Such systems should not be forced
to incur a performance penalty in OOM situations when the information may
not be desired.
- If this is set to nonzero, this information is shown whenever the
OOM-killer actually kills a memory-hogging task.
- The default value is 0.
- /proc/sys/vm/oom_kill_allocating_task (since Linux 2.6.24)
- This enables or disables killing the OOM-triggering task in out-of-memory
situations.
- If this is set to zero, the OOM-killer will scan through the entire
tasklist and select a task based on heuristics to kill. This normally
selects a rogue memory-hogging task that frees up a large amount of memory
when killed.
- If this is set to nonzero, the OOM-killer simply kills the task that
triggered the out-of-memory condition. This avoids a possibly expensive
tasklist scan.
- If /proc/sys/vm/panic_on_oom is nonzero, it takes precedence over
whatever value is used in
/proc/sys/vm/oom_kill_allocating_task.
- The default value is 0.
- /proc/sys/vm/overcommit_kbytes (since Linux 3.14)
- This writable file provides an alternative to
/proc/sys/vm/overcommit_ratio for controlling the
CommitLimit when /proc/sys/vm/overcommit_memory has the
value 2. It allows the amount of memory overcommitting to be specified as
an absolute value (in kB), rather than as a percentage, as is done with
overcommit_ratio. This allows for finer-grained control of
CommitLimit on systems with extremely large memory sizes.
- Only one of overcommit_kbytes or overcommit_ratio can have
an effect: if overcommit_kbytes has a nonzero value, then it is
used to calculate CommitLimit, otherwise overcommit_ratio is
used. Writing a value to either of these files causes the value in the
other file to be set to zero.
- /proc/sys/vm/overcommit_memory
- This file contains the kernel virtual memory accounting mode. Values
are:
- 0: heuristic overcommit (this is the default)
1: always overcommit, never check
2: always check, never overcommit
- In mode 0, calls of mmap(2) with MAP_NORESERVE are not
checked, and the default check is very weak, leading to the risk of
getting a process "OOM-killed".
- In mode 1, the kernel pretends there is always enough memory, until memory
actually runs out. One use case for this mode is scientific computing
applications that employ large sparse arrays. In Linux kernel versions
before 2.6.0, any nonzero value implies mode 1.
- In mode 2 (available since Linux 2.6), the total virtual address space
that can be allocated (CommitLimit in /proc/meminfo) is
calculated as
-
CommitLimit = (total_RAM - total_huge_TLB) *
overcommit_ratio / 100 + total_swap
- where:
- *
- total_RAM is the total amount of RAM on the system;
- *
- total_huge_TLB is the amount of memory set aside for huge
pages;
- *
- overcommit_ratio is the value in
/proc/sys/vm/overcommit_ratio; and
- *
- total_swap is the amount of swap space.
- For example, on a system with 16GB of physical RAM, 16GB of swap, no space
dedicated to huge pages, and an overcommit_ratio of 50, this
formula yields a CommitLimit of 24GB.
- Since Linux 3.14, if the value in /proc/sys/vm/overcommit_kbytes is
nonzero, then CommitLimit is instead calculated as:
-
CommitLimit = overcommit_kbytes + total_swap
- See also the description of /proc/sys/vm/admin_reserve_kbytes and
/proc/sys/vm/user_reserve_kbytes.
- /proc/sys/vm/overcommit_ratio (since Linux 2.6.0)
- This writable file defines a percentage by which memory can be
overcommitted. The default value in the file is 50. See the description of
/proc/sys/vm/overcommit_memory.
- /proc/sys/vm/panic_on_oom (since Linux 2.6.18)
- This enables or disables a kernel panic in an out-of-memory
situation.
- If this file is set to the value 0, the kernel's OOM-killer will kill some
rogue process. Usually, the OOM-killer is able to kill a rogue process and
the system will survive.
- If this file is set to the value 1, then the kernel normally panics when
out-of-memory happens. However, if a process limits allocations to certain
nodes using memory policies (mbind(2) MPOL_BIND) or cpusets
(cpuset(7)) and those nodes reach memory exhaustion status, one
process may be killed by the OOM-killer. No panic occurs in this case:
because other nodes' memory may be free, this means the system as a whole
may not have reached an out-of-memory situation yet.
- If this file is set to the value 2, the kernel always panics when an
out-of-memory condition occurs.
- The default value is 0. 1 and 2 are for failover of clustering. Select
either according to your policy of failover.
- /proc/sys/vm/swappiness
- The value in this file controls how aggressively the kernel will swap
memory pages. Higher values increase aggressiveness, lower values decrease
aggressiveness. The default value is 60.
- /proc/sys/vm/user_reserve_kbytes (since Linux 3.10)
- Specifies an amount of memory (in KiB) to reserve for user processes, This
is intended to prevent a user from starting a single memory hogging
process, such that they cannot recover (kill the hog). The value in this
file has an effect only when /proc/sys/vm/overcommit_memory is set
to 2 ("overcommit never" mode). In this case, the system
reserves an amount of memory that is the minimum of [3% of current process
size, user_reserve_kbytes].
- The default value in this file is the minimum of [3% of free pages,
128MiB] expressed as KiB.
- If the value in this file is set to zero, then a user will be allowed to
allocate all free memory with a single process (minus the amount reserved
by /proc/sys/vm/admin_reserve_kbytes). Any subsequent attempts to
execute a command will result in "fork: Cannot allocate
memory".
- Changing the value in this file takes effect whenever an application
requests memory.
- /proc/sys/vm/unprivileged_userfaultfd (since Linux 5.2)
- This (writable) file exposes a flag that controls whether unprivileged
processes are allowed to employ userfaultfd(2). If this file has
the value 1, then unprivileged processes may use userfaultfd(2). If
this file has the value 0, then only processes that have the
CAP_SYS_PTRACE capability may employ userfaultfd(2). The
default value in this file is 1.
- /proc/sysrq-trigger (since Linux 2.4.21)
- Writing a character to this file triggers the same SysRq function as
typing ALT-SysRq-<character> (see the description of
/proc/sys/kernel/sysrq). This file is normally writable only by
root. For further details see the Linux kernel source file
Documentation/admin-guide/sysrq.rst (or
Documentation/sysrq.txt before Linux 4.10).
- /proc/sysvipc
- Subdirectory containing the pseudo-files msg, sem and
shm. These files list the System V Interprocess Communication (IPC)
objects (respectively: message queues, semaphores, and shared memory) that
currently exist on the system, providing similar information to that
available via ipcs(1). These files have headers and are formatted
(one IPC object per line) for easy understanding. sysvipc(7)
provides further background on the information shown by these files.
- /proc/thread-self (since Linux 3.17)
- This directory refers to the thread accessing the /proc filesystem,
and is identical to the /proc/self/task/[tid] directory named by
the process thread ID ([tid]) of the same thread.
- /proc/timer_list (since Linux 2.6.21)
- This read-only file exposes a list of all currently pending
(high-resolution) timers, all clock-event sources, and their parameters in
a human-readable form.
- /proc/timer_stats (from Linux 2.6.21 until Linux 4.10)
- This is a debugging facility to make timer (ab)use in a Linux system
visible to kernel and user-space developers. It can be used by kernel and
user-space developers to verify that their code does not make undue use of
timers. The goal is to avoid unnecessary wakeups, thereby optimizing power
consumption.
- If enabled in the kernel (CONFIG_TIMER_STATS), but not used, it has
almost zero run-time overhead and a relatively small data-structure
overhead. Even if collection is enabled at run time, overhead is low: all
the locking is per-CPU and lookup is hashed.
- The /proc/timer_stats file is used both to control sampling
facility and to read out the sampled information.
- The timer_stats functionality is inactive on bootup. A sampling
period can be started using the following command:
-
# echo 1 > /proc/timer_stats
- The following command stops a sampling period:
-
# echo 0 > /proc/timer_stats
- The statistics can be retrieved by:
-
$ cat /proc/timer_stats
- While sampling is enabled, each readout from /proc/timer_stats will
see newly updated statistics. Once sampling is disabled, the sampled
information is kept until a new sample period is started. This allows
multiple readouts.
- Sample output from /proc/timer_stats:
-
$ cat /proc/timer_stats
Timer Stats Version: v0.3
Sample period: 1.764 s
Collection: active
255, 0 swapper/3 hrtimer_start_range_ns (tick_sched_timer)
71, 0 swapper/1 hrtimer_start_range_ns (tick_sched_timer)
58, 0 swapper/0 hrtimer_start_range_ns (tick_sched_timer)
4, 1694 gnome-shell mod_delayed_work_on (delayed_work_timer_fn)
17, 7 rcu_sched rcu_gp_kthread (process_timeout)
...
1, 4911 kworker/u16:0 mod_delayed_work_on (delayed_work_timer_fn)
1D, 2522 kworker/0:0 queue_delayed_work_on (delayed_work_timer_fn)
1029 total events, 583.333 events/sec
- The output columns are:
- *
- a count of the number of events, optionally (since Linux 2.6.23) followed
by the letter 'D' if this is a deferrable timer;
- *
- the PID of the process that initialized the timer;
- *
- the name of the process that initialized the timer;
- *
- the function where the timer was initialized; and
- *
- (in parentheses) the callback function that is associated with the
timer.
- During the Linux 4.11 development cycle, this file was removed because of
security concerns, as it exposes information across namespaces.
Furthermore, it is possible to obtain the same information via in-kernel
tracing facilities such as ftrace.
- /proc/tty
- Subdirectory containing the pseudo-files and subdirectories for tty
drivers and line disciplines.
- /proc/uptime
- This file contains two numbers (values in seconds): the uptime of the
system (including time spent in suspend) and the amount of time spent in
the idle process.
- /proc/version
- This string identifies the kernel version that is currently running. It
includes the contents of /proc/sys/kernel/ostype,
/proc/sys/kernel/osrelease and /proc/sys/kernel/version. For
example:
-
Linux version 1.0.9 (quinlan@phaze) #1 Sat May 14 01:51:54 EDT 1994
- /proc/vmstat (since Linux 2.6.0)
- This file displays various virtual memory statistics. Each line of this
file contains a single name-value pair, delimited by white space. Some
lines are present only if the kernel was configured with suitable options.
(In some cases, the options required for particular files have changed
across kernel versions, so they are not listed here. Details can be found
by consulting the kernel source code.) The following fields may be
present:
- nr_free_pages (since Linux 2.6.31)
- nr_alloc_batch (since Linux 3.12)
- nr_inactive_anon (since Linux 2.6.28)
- nr_active_anon (since Linux 2.6.28)
- nr_inactive_file (since Linux 2.6.28)
- nr_active_file (since Linux 2.6.28)
- nr_unevictable (since Linux 2.6.28)
- nr_mlock (since Linux 2.6.28)
- nr_anon_pages (since Linux 2.6.18)
- nr_mapped (since Linux 2.6.0)
- nr_file_pages (since Linux 2.6.18)
- nr_dirty (since Linux 2.6.0)
- nr_writeback (since Linux 2.6.0)
- nr_slab_reclaimable (since Linux 2.6.19)
- nr_slab_unreclaimable (since Linux 2.6.19)
- nr_page_table_pages (since Linux 2.6.0)
- nr_kernel_stack (since Linux 2.6.32)
- Amount of memory allocated to kernel stacks.
- nr_unstable (since Linux 2.6.0)
- nr_bounce (since Linux 2.6.12)
- nr_vmscan_write (since Linux 2.6.19)
- nr_vmscan_immediate_reclaim (since Linux 3.2)
- nr_writeback_temp (since Linux 2.6.26)
- nr_isolated_anon (since Linux 2.6.32)
- nr_isolated_file (since Linux 2.6.32)
- nr_shmem (since Linux 2.6.32)
- Pages used by shmem and tmpfs(5).
- nr_dirtied (since Linux 2.6.37)
- nr_written (since Linux 2.6.37)
- nr_pages_scanned (since Linux 3.17)
- numa_hit (since Linux 2.6.18)
- numa_miss (since Linux 2.6.18)
- numa_foreign (since Linux 2.6.18)
- numa_interleave (since Linux 2.6.18)
- numa_local (since Linux 2.6.18)
- numa_other (since Linux 2.6.18)
- workingset_refault (since Linux 3.15)
- workingset_activate (since Linux 3.15)
- workingset_nodereclaim (since Linux 3.15)
- nr_anon_transparent_hugepages (since Linux 2.6.38)
- nr_free_cma (since Linux 3.7)
- Number of free CMA (Contiguous Memory Allocator) pages.
- nr_dirty_threshold (since Linux 2.6.37)
- nr_dirty_background_threshold (since Linux 2.6.37)
- pgpgin (since Linux 2.6.0)
- pgpgout (since Linux 2.6.0)
- pswpin (since Linux 2.6.0)
- pswpout (since Linux 2.6.0)
- pgalloc_dma (since Linux 2.6.5)
- pgalloc_dma32 (since Linux 2.6.16)
- pgalloc_normal (since Linux 2.6.5)
- pgalloc_high (since Linux 2.6.5)
- pgalloc_movable (since Linux 2.6.23)
- pgfree (since Linux 2.6.0)
- pgactivate (since Linux 2.6.0)
- pgdeactivate (since Linux 2.6.0)
- pgfault (since Linux 2.6.0)
- pgmajfault (since Linux 2.6.0)
- pgrefill_dma (since Linux 2.6.5)
- pgrefill_dma32 (since Linux 2.6.16)
- pgrefill_normal (since Linux 2.6.5)
- pgrefill_high (since Linux 2.6.5)
- pgrefill_movable (since Linux 2.6.23)
- pgsteal_kswapd_dma (since Linux 3.4)
- pgsteal_kswapd_dma32 (since Linux 3.4)
- pgsteal_kswapd_normal (since Linux 3.4)
- pgsteal_kswapd_high (since Linux 3.4)
- pgsteal_kswapd_movable (since Linux 3.4)
- pgsteal_direct_dma
- pgsteal_direct_dma32 (since Linux 3.4)
- pgsteal_direct_normal (since Linux 3.4)
- pgsteal_direct_high (since Linux 3.4)
- pgsteal_direct_movable (since Linux 2.6.23)
- pgscan_kswapd_dma
- pgscan_kswapd_dma32 (since Linux 2.6.16)
- pgscan_kswapd_normal (since Linux 2.6.5)
- pgscan_kswapd_high
- pgscan_kswapd_movable (since Linux 2.6.23)
- pgscan_direct_dma
- pgscan_direct_dma32 (since Linux 2.6.16)
- pgscan_direct_normal
- pgscan_direct_high
- pgscan_direct_movable (since Linux 2.6.23)
- pgscan_direct_throttle (since Linux 3.6)
- zone_reclaim_failed (since linux 2.6.31)
- pginodesteal (since linux 2.6.0)
- slabs_scanned (since linux 2.6.5)
- kswapd_inodesteal (since linux 2.6.0)
- kswapd_low_wmark_hit_quickly (since 2.6.33)
- kswapd_high_wmark_hit_quickly (since 2.6.33)
- pageoutrun (since Linux 2.6.0)
- allocstall (since Linux 2.6.0)
- pgrotated (since Linux 2.6.0)
- drop_pagecache (since Linux 3.15)
- drop_slab (since Linux 3.15)
- numa_pte_updates (since Linux 3.8)
- numa_huge_pte_updates (since Linux 3.13)
- numa_hint_faults (since Linux 3.8)
- numa_hint_faults_local (since Linux 3.8)
- numa_pages_migrated (since Linux 3.8)
- pgmigrate_success (since Linux 3.8)
- pgmigrate_fail (since Linux 3.8)
- compact_migrate_scanned (since Linux 3.8)
- compact_free_scanned (since Linux 3.8)
- compact_isolated (since Linux 3.8)
- compact_stall (since Linux 2.6.35)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- compact_fail (since Linux 2.6.35)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- compact_success (since Linux 2.6.35)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- htlb_buddy_alloc_success (since Linux 2.6.26)
- htlb_buddy_alloc_fail (since Linux 2.6.26)
- unevictable_pgs_culled (since Linux 2.6.28)
- unevictable_pgs_scanned (since Linux 2.6.28)
- unevictable_pgs_rescued (since Linux 2.6.28)
- unevictable_pgs_mlocked (since Linux 2.6.28)
- unevictable_pgs_munlocked (since Linux 2.6.28)
- unevictable_pgs_cleared (since Linux 2.6.28)
- unevictable_pgs_stranded (since Linux 2.6.28)
- thp_fault_alloc (since Linux 2.6.39)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- thp_fault_fallback (since Linux 2.6.39)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- thp_collapse_alloc (since Linux 2.6.39)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- thp_collapse_alloc_failed (since Linux 2.6.39)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- thp_split (since Linux 2.6.39)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- thp_zero_page_alloc (since Linux 3.8)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- thp_zero_page_alloc_failed (since Linux 3.8)
- See the kernel source file
Documentation/admin-guide/mm/transhuge.rst.
- balloon_inflate (since Linux 3.18)
- balloon_deflate (since Linux 3.18)
- balloon_migrate (since Linux 3.18)
- nr_tlb_remote_flush (since Linux 3.12)
- nr_tlb_remote_flush_received (since Linux 3.12)
- nr_tlb_local_flush_all (since Linux 3.12)
- nr_tlb_local_flush_one (since Linux 3.12)
- vmacache_find_calls (since Linux 3.16)
- vmacache_find_hits (since Linux 3.16)
- vmacache_full_flushes (since Linux 3.19)
- /proc/zoneinfo (since Linux 2.6.13)
- This file display information about memory zones. This is useful for
analyzing virtual memory behavior.
Many files contain strings (e.g., the environment and command line) that are in
the internal format, with subfields terminated by null bytes ('\0'). When
inspecting such files, you may find that the results are more readable if you
use a command of the following form to display them:
$ cat file | tr '\000' '\n'
This manual page is incomplete, possibly inaccurate, and is the kind of thing
that needs to be updated very often.
cat(1),
dmesg(1),
find(1),
free(1),
htop(1),
init(1),
ps(1),
pstree(1),
tr(1),
uptime(1),
chroot(2),
mmap(2),
readlink(2),
syslog(2),
slabinfo(5),
sysfs(5),
hier(7),
namespaces(7),
time(7),
arp(8),
hdparm(8),
ifconfig(8),
lsmod(8),
lspci(8),
mount(8),
netstat(8),
procinfo(8),
route(8),
sysctl(8)
The Linux kernel source files:
Documentation/filesystems/proc.txt,
Documentation/sysctl/fs.txt,
Documentation/sysctl/kernel.txt,
Documentation/sysctl/net.txt, and
Documentation/sysctl/vm.txt.