1 .\" Copyright (C) 2012, Cyrill Gorcunov <gorcunov@openvz.org>
2 .\" and Copyright (C) 2012, 2016, Michael Kerrisk <mtk.manpages@gmail.com>
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Kernel commit d97b46a64674a267bc41c9e16132ee2a98c3347d
8 .TH KCMP 2 (date) "Linux man-pages (unreleased)"
10 kcmp \- compare two processes to determine if they share a kernel resource
13 .RI ( libc ", " \-lc )
16 .BR "#include <linux/kcmp.h>" " /* Definition of " KCMP_* " constants */"
17 .BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
18 .B #include <unistd.h>
20 .BI "int syscall(SYS_kcmp, pid_t " pid1 ", pid_t " pid2 ", int " type ,
21 .BI " unsigned long " idx1 ", unsigned long " idx2 );
25 glibc provides no wrapper for
27 necessitating the use of
32 system call can be used to check whether the two processes identified by
36 share a kernel resource such as virtual memory, file descriptors,
41 is governed by ptrace access mode
42 .B PTRACE_MODE_READ_REALCREDS
52 argument specifies which resource is to be compared in the two processes.
53 It has one of the following values:
56 Check whether a file descriptor
60 refers to the same open file description (see
66 The existence of two file descriptors that refer to the same
67 open file description can occur as a result of
71 or passing file descriptors via a domain socket (see
75 Check whether the processes share the same set of open file descriptors.
81 See the discussion of the
87 Check whether the processes share the same filesystem information
88 (i.e., file mode creation mask, working directory, and filesystem root).
94 See the discussion of the
100 Check whether the processes share I/O context.
106 See the discussion of the
112 Check whether the processes share the same table of signal dispositions.
118 See the discussion of the
124 Check whether the processes share the same
125 list of System\ V semaphore undo operations.
131 See the discussion of the
137 Check whether the processes share the same address space.
143 See the discussion of the
148 .BR KCMP_EPOLL_TFD " (since Linux 4.13)"
149 .\" commit 0791e3644e5ef21646fe565b9061788d05ec71d4
150 Check whether the file descriptor
156 instance described by
162 is a pointer to a structure where the target file is described.
163 This structure has the form:
167 struct kcmp_epoll_slot {
175 Within this structure,
177 is an epoll file descriptor returned from
178 .BR epoll_create (2),
180 is a target file descriptor number, and
182 is a target file offset counted from zero.
183 Several different targets may be registered with
184 the same file descriptor number and setting a specific
185 offset helps to investigate each of them.
189 is not protected against false positives which may occur if
190 the processes are currently running.
191 One should stop the processes by sending
195 prior to inspection with this system call to obtain meaningful results.
197 The return value of a successful call to
199 is simply the result of arithmetic comparison
200 of kernel pointers (when the kernel compares resources, it uses their
203 The easiest way to explain is to consider an example.
208 are the addresses of appropriate resources, then the return value
209 is one of the following:
216 in other words, the two processes share the resource.
232 but ordering information is unavailable.
235 On error, \-1 is returned, and
237 is set to indicate the error.
240 was designed to return values suitable for sorting.
241 This is particularly handy if one needs to compare
242 a large number of file descriptors.
253 is not an open file descriptor.
256 The epoll slot addressed by
258 is outside of the user's address space.
265 The target file is not present in
270 Insufficient permission to inspect process resources.
273 capability is required to inspect processes that you do not own.
274 Other ptrace limitations may also apply, such as
275 .BR CONFIG_SECURITY_YAMA ,
277 .I /proc/sys/kernel/yama/ptrace_scope
293 system call first appeared in Linux 3.5.
296 is Linux-specific and should not be used in programs intended to be portable.
299 this system call is available only if the kernel is configured with
300 .BR CONFIG_CHECKPOINT_RESTORE ,
301 since the original purpose of the system call was for the
302 checkpoint/restore in user space (CRIU) feature.
303 (The alternative to this system call would have been to expose suitable
304 process information via the
306 filesystem; this was deemed to be unsuitable for security reasons.)
308 this system call is also available if the kernel is configured with
313 for some background information on the shared resources
314 referred to on this page.
316 The program below uses
318 to test whether pairs of file descriptors refer to
319 the same open file description.
320 The program tests different cases for the file descriptor pairs,
321 as described in the program output.
322 An example run of the program is as follows:
328 Parent opened file on FD 3
330 PID of child of fork() is 1145
331 Compare duplicate FDs from different processes:
332 kcmp(1145, 1144, KCMP_FILE, 3, 3) ==> same
333 Child opened file on FD 4
334 Compare FDs from distinct open()s in same process:
335 kcmp(1145, 1145, KCMP_FILE, 3, 4) ==> different
336 Child duplicated FD 3 to create FD 5
337 Compare duplicated FDs in same process:
338 kcmp(1145, 1145, KCMP_FILE, 3, 5) ==> same
343 .\" SRC BEGIN (kcmp.c)
348 #include <linux/kcmp.h>
352 #include <sys/syscall.h>
353 #include <sys/wait.h>
357 kcmp(pid_t pid1, pid_t pid2, int type,
358 unsigned long idx1, unsigned long idx2)
360 return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
364 test_kcmp(char *msg, pid_t pid1, pid_t pid2, int fd_a, int fd_b)
366 printf("\et%s\en", msg);
367 printf("\et\etkcmp(%jd, %jd, KCMP_FILE, %d, %d) ==> %s\en",
368 (intmax_t) pid1, (intmax_t) pid2, fd_a, fd_b,
369 (kcmp(pid1, pid2, KCMP_FILE, fd_a, fd_b) == 0) ?
370 "same" : "different");
377 static const char pathname[] = "/tmp/kcmp.test";
379 fd1 = open(pathname, O_CREAT | O_RDWR, 0600);
381 err(EXIT_FAILURE, "open");
383 printf("Parent PID is %jd\en", (intmax_t) getpid());
384 printf("Parent opened file on FD %d\en\en", fd1);
388 err(EXIT_FAILURE, "fork");
391 printf("PID of child of fork() is %jd\en", (intmax_t) getpid());
393 test_kcmp("Compare duplicate FDs from different processes:",
394 getpid(), getppid(), fd1, fd1);
396 fd2 = open(pathname, O_CREAT | O_RDWR, 0600);
398 err(EXIT_FAILURE, "open");
399 printf("Child opened file on FD %d\en", fd2);
401 test_kcmp("Compare FDs from distinct open()s in same process:",
402 getpid(), getpid(), fd1, fd2);
406 err(EXIT_FAILURE, "dup");
407 printf("Child duplicated FD %d to create FD %d\en", fd1, fd3);
409 test_kcmp("Compare duplicated FDs in same process:",
410 getpid(), getpid(), fd1, fd3);