1 .\" Copyright (C) 2012, Cyrill Gorcunov <gorcunov@openvz.org>
2 .\" and Copyright (C) 2012, 2016, Michael Kerrisk <mtk.manpages@gmail.com>
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Kernel commit d97b46a64674a267bc41c9e16132ee2a98c3347d
8 .TH KCMP 2 2021-03-22 "Linux man-pages (unreleased)"
10 kcmp \- compare two processes to determine if they share a kernel resource
13 .RI ( libc ", " \-lc )
16 .BR "#include <linux/kcmp.h>" " /* Definition of " KCMP_* " constants */"
17 .BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
18 .B #include <unistd.h>
20 .BI "int syscall(SYS_kcmp, pid_t " pid1 ", pid_t " pid2 ", int " type ,
21 .BI " unsigned long " idx1 ", unsigned long " idx2 );
25 glibc provides no wrapper for
27 necessitating the use of
32 system call can be used to check whether the two processes identified by
36 share a kernel resource such as virtual memory, file descriptors,
41 is governed by ptrace access mode
42 .B PTRACE_MODE_READ_REALCREDS
52 argument specifies which resource is to be compared in the two processes.
53 It has one of the following values:
56 Check whether a file descriptor
60 refers to the same open file description (see
66 The existence of two file descriptors that refer to the same
67 open file description can occur as a result of
71 or passing file descriptors via a domain socket (see
75 Check whether the processes share the same set of open file descriptors.
81 See the discussion of the
87 Check whether the processes share the same filesystem information
88 (i.e., file mode creation mask, working directory, and filesystem root).
94 See the discussion of the
100 Check whether the processes share I/O context.
106 See the discussion of the
112 Check whether the processes share the same table of signal dispositions.
118 See the discussion of the
124 Check whether the processes share the same
125 list of System\ V semaphore undo operations.
131 See the discussion of the
137 Check whether the processes share the same address space.
143 See the discussion of the
148 .BR KCMP_EPOLL_TFD " (since Linux 4.13)"
149 .\" commit 0791e3644e5ef21646fe565b9061788d05ec71d4
150 Check whether the file descriptor
156 instance described by
162 is a pointer to a structure where the target file is described.
163 This structure has the form:
167 struct kcmp_epoll_slot {
175 Within this structure,
177 is an epoll file descriptor returned from
178 .BR epoll_create (2),
180 is a target file descriptor number, and
182 is a target file offset counted from zero.
183 Several different targets may be registered with
184 the same file descriptor number and setting a specific
185 offset helps to investigate each of them.
189 is not protected against false positives which may occur if
190 the processes are currently running.
191 One should stop the processes by sending
195 prior to inspection with this system call to obtain meaningful results.
197 The return value of a successful call to
199 is simply the result of arithmetic comparison
200 of kernel pointers (when the kernel compares resources, it uses their
203 The easiest way to explain is to consider an example.
208 are the addresses of appropriate resources, then the return value
209 is one of the following:
215 in other words, the two processes share the resource.
228 but ordering information is unavailable.
231 On error, \-1 is returned, and
233 is set to indicate the error.
236 was designed to return values suitable for sorting.
237 This is particularly handy if one needs to compare
238 a large number of file descriptors.
249 is not an open file descriptor.
252 The epoll slot addressed by
254 is outside of the user's address space.
261 The target file is not present in
266 Insufficient permission to inspect process resources.
269 capability is required to inspect processes that you do not own.
270 Other ptrace limitations may also apply, such as
271 .BR CONFIG_SECURITY_YAMA ,
273 .I /proc/sys/kernel/yama/ptrace_scope
289 system call first appeared in Linux 3.5.
292 is Linux-specific and should not be used in programs intended to be portable.
295 this system call is available only if the kernel is configured with
296 .BR CONFIG_CHECKPOINT_RESTORE ,
297 since the original purpose of the system call was for the
298 checkpoint/restore in user space (CRIU) feature.
299 (The alternative to this system call would have been to expose suitable
300 process information via the
302 filesystem; this was deemed to be unsuitable for security reasons.)
304 this system call is also available if the kernel is configured with
309 for some background information on the shared resources
310 referred to on this page.
312 The program below uses
314 to test whether pairs of file descriptors refer to
315 the same open file description.
316 The program tests different cases for the file descriptor pairs,
317 as described in the program output.
318 An example run of the program is as follows:
324 Parent opened file on FD 3
326 PID of child of fork() is 1145
327 Compare duplicate FDs from different processes:
328 kcmp(1145, 1144, KCMP_FILE, 3, 3) ==> same
329 Child opened file on FD 4
330 Compare FDs from distinct open()s in same process:
331 kcmp(1145, 1145, KCMP_FILE, 3, 4) ==> different
332 Child duplicated FD 3 to create FD 5
333 Compare duplicated FDs in same process:
334 kcmp(1145, 1145, KCMP_FILE, 3, 5) ==> same
339 .\" SRC BEGIN (kcmp.c)
343 #include <linux/kcmp.h>
347 #include <sys/syscall.h>
348 #include <sys/wait.h>
351 #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \e
355 kcmp(pid_t pid1, pid_t pid2, int type,
356 unsigned long idx1, unsigned long idx2)
358 return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
362 test_kcmp(char *msg, pid_t pid1, pid_t pid2, int fd_a, int fd_b)
364 printf("\et%s\en", msg);
365 printf("\et\etkcmp(%jd, %jd, KCMP_FILE, %d, %d) ==> %s\en",
366 (intmax_t) pid1, (intmax_t) pid2, fd_a, fd_b,
367 (kcmp(pid1, pid2, KCMP_FILE, fd_a, fd_b) == 0) ?
368 "same" : "different");
375 char pathname[] = "/tmp/kcmp.test";
377 fd1 = open(pathname, O_CREAT | O_RDWR, 0600);
381 printf("Parent PID is %jd\en", (intmax_t) getpid());
382 printf("Parent opened file on FD %d\en\en", fd1);
389 printf("PID of child of fork() is %jd\en", (intmax_t) getpid());
391 test_kcmp("Compare duplicate FDs from different processes:",
392 getpid(), getppid(), fd1, fd1);
394 fd2 = open(pathname, O_CREAT | O_RDWR, 0600);
397 printf("Child opened file on FD %d\en", fd2);
399 test_kcmp("Compare FDs from distinct open()s in same process:",
400 getpid(), getpid(), fd1, fd2);
405 printf("Child duplicated FD %d to create FD %d\en", fd1, fd3);
407 test_kcmp("Compare duplicated FDs in same process:",
408 getpid(), getpid(), fd1, fd3);