1 .\" Copyright (C) 2012, Cyrill Gorcunov <gorcunov@openvz.org>
2 .\" and Copyright (C) 2012, 2016, Michael Kerrisk <mtk.manpages@gmail.com>
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Kernel commit d97b46a64674a267bc41c9e16132ee2a98c3347d
8 .TH kcmp 2 (date) "Linux man-pages (unreleased)"
10 kcmp \- compare two processes to determine if they share a kernel resource
13 .RI ( libc ", " \-lc )
16 .BR "#include <linux/kcmp.h>" " /* Definition of " KCMP_* " constants */"
17 .BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
18 .B #include <unistd.h>
20 .BI "int syscall(SYS_kcmp, pid_t " pid1 ", pid_t " pid2 ", int " type ,
21 .BI " unsigned long " idx1 ", unsigned long " idx2 );
25 glibc provides no wrapper for
27 necessitating the use of
32 system call can be used to check whether the two processes identified by
36 share a kernel resource such as virtual memory, file descriptors,
41 is governed by ptrace access mode
42 .B PTRACE_MODE_READ_REALCREDS
52 argument specifies which resource is to be compared in the two processes.
53 It has one of the following values:
56 Check whether a file descriptor
60 refers to the same open file description (see
66 The existence of two file descriptors that refer to the same
67 open file description can occur as a result of
71 or passing file descriptors via a domain socket (see
75 Check whether the processes share the same set of open file descriptors.
81 See the discussion of the
87 Check whether the processes share the same filesystem information
88 (i.e., file mode creation mask, working directory, and filesystem root).
94 See the discussion of the
100 Check whether the processes share I/O context.
106 See the discussion of the
112 Check whether the processes share the same table of signal dispositions.
118 See the discussion of the
124 Check whether the processes share the same
125 list of System\ V semaphore undo operations.
131 See the discussion of the
137 Check whether the processes share the same address space.
143 See the discussion of the
148 .BR KCMP_EPOLL_TFD " (since Linux 4.13)"
149 .\" commit 0791e3644e5ef21646fe565b9061788d05ec71d4
150 Check whether the file descriptor
156 instance described by
162 is a pointer to a structure where the target file is described.
163 This structure has the form:
167 struct kcmp_epoll_slot {
175 Within this structure,
177 is an epoll file descriptor returned from
178 .BR epoll_create (2),
180 is a target file descriptor number, and
182 is a target file offset counted from zero.
183 Several different targets may be registered with
184 the same file descriptor number and setting a specific
185 offset helps to investigate each of them.
189 is not protected against false positives which may occur if
190 the processes are currently running.
191 One should stop the processes by sending
195 prior to inspection with this system call to obtain meaningful results.
197 The return value of a successful call to
199 is simply the result of arithmetic comparison
200 of kernel pointers (when the kernel compares resources, it uses their
203 The easiest way to explain is to consider an example.
208 are the addresses of appropriate resources, then the return value
209 is one of the following:
216 in other words, the two processes share the resource.
232 but ordering information is unavailable.
235 On error, \-1 is returned, and
237 is set to indicate the error.
240 was designed to return values suitable for sorting.
241 This is particularly handy if one needs to compare
242 a large number of file descriptors.
253 is not an open file descriptor.
256 The epoll slot addressed by
258 is outside of the user's address space.
265 The target file is not present in
270 Insufficient permission to inspect process resources.
273 capability is required to inspect processes that you do not own.
274 Other ptrace limitations may also apply, such as
275 .BR CONFIG_SECURITY_YAMA ,
277 .I /proc/sys/kernel/yama/ptrace_scope
296 this system call is available only if the kernel is configured with
297 .BR CONFIG_CHECKPOINT_RESTORE ,
298 since the original purpose of the system call was for the
299 checkpoint/restore in user space (CRIU) feature.
300 (The alternative to this system call would have been to expose suitable
301 process information via the
303 filesystem; this was deemed to be unsuitable for security reasons.)
305 this system call is also available if the kernel is configured with
310 for some background information on the shared resources
311 referred to on this page.
313 The program below uses
315 to test whether pairs of file descriptors refer to
316 the same open file description.
317 The program tests different cases for the file descriptor pairs,
318 as described in the program output.
319 An example run of the program is as follows:
325 Parent opened file on FD 3
327 PID of child of fork() is 1145
328 Compare duplicate FDs from different processes:
329 kcmp(1145, 1144, KCMP_FILE, 3, 3) ==> same
330 Child opened file on FD 4
331 Compare FDs from distinct open()s in same process:
332 kcmp(1145, 1145, KCMP_FILE, 3, 4) ==> different
333 Child duplicated FD 3 to create FD 5
334 Compare duplicated FDs in same process:
335 kcmp(1145, 1145, KCMP_FILE, 3, 5) ==> same
340 .\" SRC BEGIN (kcmp.c)
345 #include <linux/kcmp.h>
349 #include <sys/syscall.h>
350 #include <sys/wait.h>
354 kcmp(pid_t pid1, pid_t pid2, int type,
355 unsigned long idx1, unsigned long idx2)
357 return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
361 test_kcmp(char *msg, pid_t pid1, pid_t pid2, int fd_a, int fd_b)
363 printf("\et%s\en", msg);
364 printf("\et\etkcmp(%jd, %jd, KCMP_FILE, %d, %d) ==> %s\en",
365 (intmax_t) pid1, (intmax_t) pid2, fd_a, fd_b,
366 (kcmp(pid1, pid2, KCMP_FILE, fd_a, fd_b) == 0) ?
367 "same" : "different");
374 static const char pathname[] = "/tmp/kcmp.test";
376 fd1 = open(pathname, O_CREAT | O_RDWR, 0600);
378 err(EXIT_FAILURE, "open");
380 printf("Parent PID is %jd\en", (intmax_t) getpid());
381 printf("Parent opened file on FD %d\en\en", fd1);
385 err(EXIT_FAILURE, "fork");
388 printf("PID of child of fork() is %jd\en", (intmax_t) getpid());
390 test_kcmp("Compare duplicate FDs from different processes:",
391 getpid(), getppid(), fd1, fd1);
393 fd2 = open(pathname, O_CREAT | O_RDWR, 0600);
395 err(EXIT_FAILURE, "open");
396 printf("Child opened file on FD %d\en", fd2);
398 test_kcmp("Compare FDs from distinct open()s in same process:",
399 getpid(), getpid(), fd1, fd2);
403 err(EXIT_FAILURE, "dup");
404 printf("Child duplicated FD %d to create FD %d\en", fd1, fd3);
406 test_kcmp("Compare duplicated FDs in same process:",
407 getpid(), getpid(), fd1, fd3);