Provided by: manpages-dev_4.15-1_all bug

NAME

       kcmp - compare two processes to determine if they share a kernel resource

SYNOPSIS

       #include <linux/kcmp.h>

       int kcmp(pid_t pid1, pid_t pid2, int type,
                unsigned long idx1, unsigned long idx2);

       Note: There is no glibc wrapper for this system call; see NOTES.

DESCRIPTION

       The  kcmp()  system call can be used to check whether the two processes identified by pid1
       and pid2 share a kernel resource such as virtual memory, file descriptors, and so on.

       Permission to employ kcmp() is governed by ptrace access  mode  PTRACE_MODE_READ_REALCREDS
       checks against both pid1 and pid2; see ptrace(2).

       The type argument specifies which resource is to be compared in the two processes.  It has
       one of the following values:

       KCMP_FILE
              Check whether a file descriptor idx1 in the process pid1 refers to  the  same  open
              file  description  (see  open(2)) as file descriptor idx2 in the process pid2.  The
              existence of two file descriptors that refer to the same open file description  can
              occur  as a result of dup(2) (and similar) fork(2), or passing file descriptors via
              a domain socket (see unix(7)).

       KCMP_FILES
              Check whether the processes share the same  set  of  open  file  descriptors.   The
              arguments idx1 and idx2 are ignored.  See the discussion of the CLONE_FILES flag in
              clone(2).

       KCMP_FS
              Check whether the processes share the same filesystem information (i.e., file  mode
              creation  mask,  working  directory,  and filesystem root).  The arguments idx1 and
              idx2 are ignored.  See the discussion of the CLONE_FS flag in clone(2).

       KCMP_IO
              Check whether the processes share I/O context.  The arguments  idx1  and  idx2  are
              ignored.  See the discussion of the CLONE_IO flag in clone(2).

       KCMP_SIGHAND
              Check  whether  the  processes  share  the  same table of signal dispositions.  The
              arguments idx1 and idx2 are ignored.  See the discussion of the CLONE_SIGHAND  flag
              in clone(2).

       KCMP_SYSVSEM
              Check  whether  the  processes  share  the  same  list  of  System V semaphore undo
              operations.  The arguments idx1 and idx2 are ignored.  See the  discussion  of  the
              CLONE_SYSVSEM flag in clone(2).

       KCMP_VM
              Check  whether  the processes share the same address space.  The arguments idx1 and
              idx2 are ignored.  See the discussion of the CLONE_VM flag in clone(2).

       KCMP_EPOLL_TFD (since Linux 4.13)
              Check whether the file descriptor idx1 of  the  process  pid1  is  present  in  the
              epoll(7)  instance  described  by idx2 of the process pid2.  The argument idx2 is a
              pointer to a structure where the target file is described.  This structure has  the
              form:

           struct kcmp_epoll_slot {
               __u32 efd;
               __u32 tfd;
               __u64 toff;
           };

       Within  this structure, efd is an epoll file descriptor returned from epoll_create(2), tfd
       is a target file descriptor number, and toff is a target file offset  counted  from  zero.
       Several  different  targets  may  be  registered  with the same file descriptor number and
       setting a specific offset helps to investigate each of them.

       Note the kcmp() is not protected against false positives which may occur if the  processes
       are  currently  running.  One should stop the processes by sending SIGSTOP (see signal(7))
       prior to inspection with this system call to obtain meaningful results.

RETURN VALUE

       The return value of a successful call  to  kcmp()  is  simply  the  result  of  arithmetic
       comparison  of  kernel  pointers (when the kernel compares resources, it uses their memory
       addresses).

       The easiest way to explain is to consider an example.  Suppose that  v1  and  v2  are  the
       addresses of appropriate resources, then the return value is one of the following:

           0   v1 is equal to v2; in other words, the two processes share the resource.

           1   v1 is less than v2.

           2   v1 is greater than v2.

           3   v1 is not equal to v2, but ordering information is unavailable.

       On error, -1 is returned, and errno is set appropriately.

       kcmp()  was designed to return values suitable for sorting.  This is particularly handy if
       one needs to compare a large number of file descriptors.

ERRORS

       EBADF  type is KCMP_FILE and fd1 or fd2 is not an open file descriptor.

       EINVAL type is invalid.

       EPERM  Insufficient  permission  to  inspect  process   resources.    The   CAP_SYS_PTRACE
              capability  is  required  to  inspect  processes that you do not own.  Other ptrace
              limitations  may  also   apply,   such   as   CONFIG_SECURITY_YAMA,   which,   when
              /proc/sys/kernel/yama/ptrace_scope  is  2,  limits  kcmp()  to child processes; see
              ptrace(2).

       ESRCH  Process pid1 or pid2 does not exist.

       EFAULT The epoll slot addressed by idx2 is outside of the user's address space.

       ENOENT The target file is not present in epoll(7) instance.

VERSIONS

       The kcmp() system call first appeared in Linux 3.5.

CONFORMING TO

       kcmp() is Linux-specific and should not be used in programs intended to be portable.

NOTES

       Glibc does not provide a wrapper for this system call; call it using syscall(2).

       This   system   call   is   available   only   if   the   kernel   was   configured   with
       CONFIG_CHECKPOINT_RESTORE.   The main use of the system call is for the checkpoint/restore
       in user space (CRIU) feature.  The alternative to this system  call  would  have  been  to
       expose  suitable  process  information  via  the proc(5) filesystem; this was deemed to be
       unsuitable for security reasons.

       See clone(2) for some background information on the shared resources referred to  on  this
       page.

EXAMPLE

       The  program below uses kcmp() to test whether pairs of file descriptors refer to the same
       open file description.  The program tests different cases for the file  descriptor  pairs,
       as described in the program output.  An example run of the program is as follows:

           $ ./a.out
           Parent PID is 1144
           Parent opened file on FD 3

           PID of child of fork() is 1145
                Compare duplicate FDs from different processes:
                     kcmp(1145, 1144, KCMP_FILE, 3, 3) ==> same
           Child opened file on FD 4
                Compare FDs from distinct open()s in same process:
                     kcmp(1145, 1145, KCMP_FILE, 3, 4) ==> different
           Child duplicated FD 3 to create FD 5
                Compare duplicated FDs in same process:
                     kcmp(1145, 1145, KCMP_FILE, 3, 5) ==> same

   Program source

       #define _GNU_SOURCE
       #include <sys/syscall.h>
       #include <sys/wait.h>
       #include <sys/stat.h>
       #include <stdlib.h>
       #include <stdio.h>
       #include <unistd.h>
       #include <fcntl.h>
       #include <linux/kcmp.h>

       #define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \
                               } while (0)

       static int
       kcmp(pid_t pid1, pid_t pid2, int type,
            unsigned long idx1, unsigned long idx2)
       {
           return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
       }

       static void
       test_kcmp(char *msg, id_t pid1, pid_t pid2, int fd_a, int fd_b)
       {
           printf("\t%s\n", msg);
           printf("\t\tkcmp(%ld, %ld, KCMP_FILE, %d, %d) ==> %s\n",
                   (long) pid1, (long) pid2, fd_a, fd_b,
                   (kcmp(pid1, pid2, KCMP_FILE, fd_a, fd_b) == 0) ?
                               "same" : "different");
       }

       int
       main(int argc, char *argv[])
       {
           int fd1, fd2, fd3;
           char pathname[] = "/tmp/kcmp.test";

           fd1 = open(pathname, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
           if (fd1 == -1)
               errExit("open");

           printf("Parent PID is %ld\n", (long) getpid());
           printf("Parent opened file on FD %d\n\n", fd1);

           switch (fork()) {
           case -1:
               errExit("fork");

           case 0:
               printf("PID of child of fork() is %ld\n", (long) getpid());

               test_kcmp("Compare duplicate FDs from different processes:",
                       getpid(), getppid(), fd1, fd1);

               fd2 = open(pathname, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
               if (fd2 == -1)
                   errExit("open");
               printf("Child opened file on FD %d\n", fd2);

               test_kcmp("Compare FDs from distinct open()s in same process:",
                       getpid(), getpid(), fd1, fd2);

               fd3 = dup(fd1);
               if (fd3 == -1)
                   errExit("dup");
               printf("Child duplicated FD %d to create FD %d\n", fd1, fd3);

               test_kcmp("Compare duplicated FDs in same process:",
                       getpid(), getpid(), fd1, fd3);
               break;

           default:
               wait(NULL);
           }

           exit(EXIT_SUCCESS);
       }

SEE ALSO

       clone(2), unshare(2)

COLOPHON

       This  page  is  part of release 4.15 of the Linux man-pages project.  A description of the
       project, information about reporting bugs, and the latest version of  this  page,  can  be
       found at https://www.kernel.org/doc/man-pages/.