[PATCH 0/2] kcmp.2 manpage and prctl.2 update

[PATCH 0/2] kcmp.2 manpage and prctl.2 update

[Cyrill Gorcunov]

Hi Michael,

here are two patches on top of current man-pages git.
Please review. If there something I should rephrase
or anything -- please don't hesitate to poke me.

[PATCH 1/2] Add kcmp.2 manpage

[Cyrill Gorcunov]

NAME
       kcmp - compare if two processes do share a particular kernel resource

SYNOPSIS
       #define _GNU_SOURCE         /* See feature_test_macros(7) */
       #include <unistd.h>
       #include <linux/kcmp.h>
       #include <sys/syscall.h>   /* For SYS_xxx definitions */

       int syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);

DESCRIPTION
       kcmp() allows to find out if two processes identified by pid1 and pid2
       share kernel resources such as virtual memory, file descriptors, file system etc.

       The comparison type is one of the following

       KCMP_FILE determines whether a file descriptor idx1 in the first process
       is the same as another descriptor idx2 in the second process

       KCMP_VM compares whether processes share address space

       KCMP_FILES compares the file descriptor arrays to see whether the processes
       share all files

       KCMP_FS compares whether processes share the file system information (the current
       umask, working directory, namespace root, etc)

       KCMP_SIGHAND compares whether processes share a signal handlers table

       KCMP_IO compares whether processes do share I/O context, used mainly for
       block I/O scheduling

       KCMP_SYSVSEM compares the list of undo operations associated with SYSV semaphores

       Note  the  kcmp() is not protected against false positives which may have
       place if tasks are running.  Which means one should stop tasks being inspected
       with this syscall to obtain meaningful results.

RETURN VALUE
       kcmp was designed to return values suitable for sorting.  This is particularly handy
       when one have to compare a large number of file descriptors.

       The return value is merely a result of simple arithmetic comparison of kernel pointers
       (when kernel compares resources, it uses their memory addresses).

       The  easiest way to explain is to consider an example.  Lets say v1 and v2 are the
       addresses of appropriate resources, then the return value is one of the following

       0 - v1 is equal to v2 , in other words we have a shared resource here
       1 - v1 is less than v2
       2 - v1 is greater than v2
       3 - v1 is not equal to but ordering information is unavailble.

       On error, -1 is returned, and errno is set appropriately.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
CC: "Eric W. Biederman" <ebiederm@xmission.com>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Pavel Emelyanov <xemul@parallels.com>
CC: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
---
 man2/kcmp.2 |  113 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 113 insertions(+), 0 deletions(-)
 create mode 100644 man2/kcmp.2

diff --git a/man2/kcmp.2 b/man2/kcmp.2
new file mode 100644
index 0000000..5d2e9a3
--- /dev/null
+++ b/man2/kcmp.2
@@ -0,0 +1,113 @@
+.TH KCMP 2 2012-02-01 "Linux" "Linux Programmer's Manual"
+
+.SH NAME
+kcmp \- compare if two processes do share a particular kernel resource
+
+.SH SYNOPSIS
+.nf
+.BR "#define _GNU_SOURCE" "         /* See feature_test_macros(7) */"
+.B #include <unistd.h>
+.B #include <linux/kcmp.h>
+.BR "#include <sys/syscall.h>   "  "/* For SYS_xxx definitions */"
+
+.BI "int syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);"
+.fi
+
+.SH DESCRIPTION
+
+.BR kcmp ()
+allows to find out if two processes identified by
+.I pid1
+and
+.I pid2
+share kernel resources such as virtual memory, file descriptors, file system etc.
+
+The comparison
+.I type
+is one of the following
+
+.BR KCMP_FILE
+determines whether a file descriptor
+.I idx1
+in the first process is the same as another descriptor
+.I idx2
+in the second process
+
+.BR KCMP_VM
+compares whether processes share address space
+
+.BR KCMP_FILES
+compares the file descriptor arrays to see whether the processes share all files
+
+.BR KCMP_FS
+compares whether processes share the file system information (the current umask,
+working directory, namespace root, etc)
+
+.BR KCMP_SIGHAND
+compares whether processes share a signal handlers table
+
+.BR KCMP_IO
+compares whether processes do share I/O context,
+used mainly for block I/O scheduling
+
+.BR KCMP_SYSVSEM
+compares the list of undo operations associated with SYSV semaphores
+
+Note the
+.BR kcmp ()
+is not protected against false positives which may have place if tasks are
+running.
+Which means one should stop tasks being inspected with this syscall to obtain
+meaningful results.
+
+.SH "RETURN VALUE"
+.B kcmp
+was designed to return values suitable for sorting.
+This is particularly handy when one have to compare
+a large number of file descriptors.
+
+The return value is merely a result of simple arithmetic comparison
+of kernel pointers (when kernel compares resources, it uses their
+memory addresses).
+
+The easiest way to explain is to consider an example.
+Lets say
+.I v1
+and
+.I v2
+are the addresses of appropriate resources, then the return value
+is one of the following
+
+.B 0
+\-
+.I v1
+is equal to
+.IR v2 ,
+in other words we have a shared resource here
+
+.B 1
+\-
+.I v1
+is less than
+.I v2
+
+.B 2
+\-
+.I v1
+is greater than
+.I v2
+
+.B 3
+\-
+.I v1
+is not equal to
+.IR v2 ,
+but ordering information is unavailable.
+
+On error, \-1 is returned, and errno is set appropriately.
+
+.SH "CONFORMING TO"
+.BR kcmp ()
+is Linux specific and should not be used in programs intended to be portable.
+.SH "SEE ALSO"
+.BR clone (2)
-- 
1.7.7.6

[PATCH 2/2] prctl.2: Add PR_SET_MM option description

[Cyrill Gorcunov]

CC: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
---
 man2/prctl.2 |  161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 160 insertions(+), 1 deletions(-)

diff --git a/man2/prctl.2 b/man2/prctl.2
index effad2a..2e1b27c 100644
--- a/man2/prctl.2
+++ b/man2/prctl.2
@@ -378,6 +378,121 @@ Return the current per-process machine check kill policy.
 All unused
 .BR prctl ()
 arguments must be zero.
+.TP
+.BR PR_SET_MM " (since Linux 3.3)"
+Allows a user to modify certain kernel memory map descriptor fields
+of the calling process.
+Usually these fields are set by the kernel and dynamic loader (see
+.BR ld.so (8)
+for more information) and a regular application should not use this feature.
+Still there are cases such as self-modifying programs, where a program might
+find it useful to change its own memory map.
+The kernel must be built with
+.BR CONFIG_CHECKPOINT_RESTORE
+option turned on, otherwise this feature will not be accessible
+from a user space level.
+The calling process must have
+.BR CAP_SYS_RESOURCE
+(see
+.BR capabilities (7)
+for details) capability granted.
+The value in
+.I arg2
+is one of the options below, while
+.I arg3
+provides a new value for this option.
+
+.BR PR_SET_MM_START_CODE
+to set the address above which program text can run.
+
+.BR PR_SET_MM_END_CODE
+to set the address below which program text can run.
+
+.BR PR_SET_MM_START_DATA
+to set the address above which program data+bss is placed.
+
+.B PR_SET_MM_END_DATA
+to set the address below which program data+bss is placed.
+
+.BR PR_SET_MM_START_STACK
+to set the start address of the stack.
+
+.BR PR_SET_MM_START_BRK
+to set the address above which program heap can be expanded with
+.BR brk (2)
+call.
+The address must not be greater than ending address of
+the current program data segment, neither it may exceed
+resource limit for data (see
+.BR setrlimit (2)
+for more information).
+
+.BR PR_SET_MM_BRK
+to set the current
+.BR brk (2)
+value.
+The requirements for address are the same as for
+.BR PR_SET_MM_START_BRK
+option.
+
+.BR PR_SET_MM_ARG_START
+to set the address above which program command line is placed.
+
+.BR PR_SET_MM_ARG_END
+to set the address below which program command line is placed.
+
+.BR PR_SET_MM_ENV_START
+to set the address above which program environment is placed.
+
+.BR PR_SET_MM_ENV_END
+to set the address below which program environment is placed.
+
+The address passed with
+.BR PR_SET_MM_ARG_START ,
+.BR PR_SET_MM_ARG_END ,
+.BR PR_SET_MM_ENV_START ,
+.BR PR_SET_MM_ENV_END ,
+should belong to a process stack area, thus corresponding memory area
+must be readable, writable and (depending on the kernel
+configuration) has
+.BR MAP_GROWSDOWN
+attribute set (see
+.BR mmap (2)
+for details).
+
+.BR PR_SET_MM_AUXV
+to set a new auxiliary vector.
+The
+.I arg3
+argument should provide the address of the vector.
+The
+.I arg4
+is the size of the vector.
+
+.BR PR_SET_MM_EXE_FILE
+to supersede
+.IR /proc/pid/exe
+symbolic link with a new one pointing to a new executable file
+which descriptor is provided provided in the
+.I arg3
+argument.
+The file descriptor should be obtaned with a regular
+.BR open (2)
+call.
+
+To change the symlink, one needs to unmap all existing
+executable memory areas being created by the kernel itself
+(for example the kernel usually creates at least one executable
+memory area for Elf file
+.IR \.text
+section).
+
+The second limitation is that such transition can be done once
+in a process life time.
+Any furter attempts will be rejected.
+This should help system administrators to monitor the unusual
+symlinks transitions over all process running in a system.
+.\"
 .SH "RETURN VALUE"
 On success,
 .BR PR_GET_DUMPABLE ,
@@ -411,7 +526,9 @@ is not recognized.
 is
 .BR PR_MCE_KILL
 or
-.BR PR_MCE_KILL_GET ,
+.BR PR_MCE_KILL_GET
+or
+.BR PR_SET_MM ,
 and unused
 .BR prctl ()
 arguments were not specified as zero.
@@ -459,6 +576,48 @@ is
 and the caller does not have the
 .B CAP_SETPCAP
 capability.
+.TP
+.B EPERM
+.I option
+is
+.BR PR_SET_MM ,
+and the caller does not have the
+.B CAP_SYS_RESOURCE
+capability.
+.TP
+.B EACCES
+.I option
+is
+.BR PR_SET_MM ,
+and the
+.I arg3
+is
+.BR PR_SET_MM_EXE_FILE ,
+the file is not executable one.
+.TP
+.B EBUSY
+.I option
+is
+.BR PR_SET_MM ,
+and the
+.I arg3
+is
+.BR PR_SET_MM_EXE_FILE ,
+the second attempt to change
+.I /proc/pid/exe
+symlink is prohibited.
+.TP
+.B EBADF
+.I option
+is
+.BR PR_SET_MM ,
+and the
+.I arg3
+is
+.BR PR_SET_MM_EXE_FILE ,
+the file descriptor passed in
+.I arg4
+is not found.
 .\" The following can't actually happen, because prctl() in
 .\" seccomp mode will cause SIGKILL.
 .\" .TP
-- 
1.7.7.6

Re: [PATCH 1/2] Add kcmp.2 manpage

[Michael Kerrisk (man-pages)]

Hello Cyrill,

On Mon, Jul 23, 2012 at 12:15 AM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> NAME
>        kcmp - compare if two processes do share a particular kernel resource

Very late follow up on this page, sorry. You didn't provide a
copyright or license for this page. Could you please supply that
information. See http://www.kernel.org/doc/man-pages/licenses.html .

Cheers,

Michael

> SYNOPSIS
>        #define _GNU_SOURCE         /* See feature_test_macros(7) */
>        #include <unistd.h>
>        #include <linux/kcmp.h>
>        #include <sys/syscall.h>   /* For SYS_xxx definitions */
>
>        int syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
>
> DESCRIPTION
>        kcmp() allows to find out if two processes identified by pid1 and pid2
>        share kernel resources such as virtual memory, file descriptors, file system etc.
>
>        The comparison type is one of the following
>
>        KCMP_FILE determines whether a file descriptor idx1 in the first process
>        is the same as another descriptor idx2 in the second process
>
>        KCMP_VM compares whether processes share address space
>
>        KCMP_FILES compares the file descriptor arrays to see whether the processes
>        share all files
>
>        KCMP_FS compares whether processes share the file system information (the current
>        umask, working directory, namespace root, etc)
>
>        KCMP_SIGHAND compares whether processes share a signal handlers table
>
>        KCMP_IO compares whether processes do share I/O context, used mainly for
>        block I/O scheduling
>
>        KCMP_SYSVSEM compares the list of undo operations associated with SYSV semaphores
>
>        Note  the  kcmp() is not protected against false positives which may have
>        place if tasks are running.  Which means one should stop tasks being inspected
>        with this syscall to obtain meaningful results.
>
> RETURN VALUE
>        kcmp was designed to return values suitable for sorting.  This is particularly handy
>        when one have to compare a large number of file descriptors.
>
>        The return value is merely a result of simple arithmetic comparison of kernel pointers
>        (when kernel compares resources, it uses their memory addresses).
>
>        The  easiest way to explain is to consider an example.  Lets say v1 and v2 are the
>        addresses of appropriate resources, then the return value is one of the following
>
>        0 - v1 is equal to v2 , in other words we have a shared resource here
>        1 - v1 is less than v2
>        2 - v1 is greater than v2
>        3 - v1 is not equal to but ordering information is unavailble.
>
>        On error, -1 is returned, and errno is set appropriately.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
> CC: "Eric W. Biederman" <ebiederm@xmission.com>
> CC: "H. Peter Anvin" <hpa@zytor.com>
> CC: Pavel Emelyanov <xemul@parallels.com>
> CC: Al Viro <viro@ZenIV.linux.org.uk>
> Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
> ---
>  man2/kcmp.2 |  113 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 113 insertions(+), 0 deletions(-)
>  create mode 100644 man2/kcmp.2
>
> diff --git a/man2/kcmp.2 b/man2/kcmp.2
> new file mode 100644
> index 0000000..5d2e9a3
> --- /dev/null
> +++ b/man2/kcmp.2
> @@ -0,0 +1,113 @@
> +.TH KCMP 2 2012-02-01 "Linux" "Linux Programmer's Manual"
> +
> +.SH NAME
> +kcmp \- compare if two processes do share a particular kernel resource
> +
> +.SH SYNOPSIS
> +.nf
> +.BR "#define _GNU_SOURCE" "         /* See feature_test_macros(7) */"
> +.B #include <unistd.h>
> +.B #include <linux/kcmp.h>
> +.BR "#include <sys/syscall.h>   "  "/* For SYS_xxx definitions */"
> +
> +.BI "int syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);"
> +.fi
> +
> +.SH DESCRIPTION
> +
> +.BR kcmp ()
> +allows to find out if two processes identified by
> +.I pid1
> +and
> +.I pid2
> +share kernel resources such as virtual memory, file descriptors, file system etc.
> +
> +The comparison
> +.I type
> +is one of the following
> +
> +.BR KCMP_FILE
> +determines whether a file descriptor
> +.I idx1
> +in the first process is the same as another descriptor
> +.I idx2
> +in the second process
> +
> +.BR KCMP_VM
> +compares whether processes share address space
> +
> +.BR KCMP_FILES
> +compares the file descriptor arrays to see whether the processes share all files
> +
> +.BR KCMP_FS
> +compares whether processes share the file system information (the current umask,
> +working directory, namespace root, etc)
> +
> +.BR KCMP_SIGHAND
> +compares whether processes share a signal handlers table
> +
> +.BR KCMP_IO
> +compares whether processes do share I/O context,
> +used mainly for block I/O scheduling
> +
> +.BR KCMP_SYSVSEM
> +compares the list of undo operations associated with SYSV semaphores
> +
> +Note the
> +.BR kcmp ()
> +is not protected against false positives which may have place if tasks are
> +running.
> +Which means one should stop tasks being inspected with this syscall to obtain
> +meaningful results.
> +
> +.SH "RETURN VALUE"
> +.B kcmp
> +was designed to return values suitable for sorting.
> +This is particularly handy when one have to compare
> +a large number of file descriptors.
> +
> +The return value is merely a result of simple arithmetic comparison
> +of kernel pointers (when kernel compares resources, it uses their
> +memory addresses).
> +
> +The easiest way to explain is to consider an example.
> +Lets say
> +.I v1
> +and
> +.I v2
> +are the addresses of appropriate resources, then the return value
> +is one of the following
> +
> +.B 0
> +\-
> +.I v1
> +is equal to
> +.IR v2 ,
> +in other words we have a shared resource here
> +
> +.B 1
> +\-
> +.I v1
> +is less than
> +.I v2
> +
> +.B 2
> +\-
> +.I v1
> +is greater than
> +.I v2
> +
> +.B 3
> +\-
> +.I v1
> +is not equal to
> +.IR v2 ,
> +but ordering information is unavailable.
> +
> +On error, \-1 is returned, and errno is set appropriately.
> +
> +.SH "CONFORMING TO"
> +.BR kcmp ()
> +is Linux specific and should not be used in programs intended to be portable.
> +.SH "SEE ALSO"
> +.BR clone (2)
> --
> 1.7.7.6
>



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Author of "The Linux Programming Interface"; http://man7.org/tlpi/

Re: [PATCH 1/2] Add kcmp.2 manpage

[Cyrill Gorcunov]

On Tue, Dec 18, 2012 at 05:54:49PM +0100, Michael Kerrisk (man-pages) wrote:
> Hello Cyrill,
> 
> On Mon, Jul 23, 2012 at 12:15 AM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> > NAME
> >        kcmp - compare if two processes do share a particular kernel resource
> 
> Very late follow up on this page, sorry. You didn't provide a
> copyright or license for this page. Could you please supply that
> information. See http://www.kernel.org/doc/man-pages/licenses.html .

Sure, gimme some time to update it...

	Cyrill

Re: [PATCH 1/2] Add kcmp.2 manpage

[Cyrill Gorcunov]

On Tue, Dec 18, 2012 at 09:06:24PM +0400, Cyrill Gorcunov wrote:
> On Tue, Dec 18, 2012 at 05:54:49PM +0100, Michael Kerrisk (man-pages) wrote:
> > Hello Cyrill,
> > 
> > On Mon, Jul 23, 2012 at 12:15 AM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> > > NAME
> > >        kcmp - compare if two processes do share a particular kernel resource
> > 
> > Very late follow up on this page, sorry. You didn't provide a
> > copyright or license for this page. Could you please supply that
> > information. See http://www.kernel.org/doc/man-pages/licenses.html .
> 
> Sure, gimme some time to update it...

Something like below?
---
From: Cyrill Gorcunov <gorcunov@openvz.org>
Subject: [PATCH 1/2] Add kcmp.2 manpage

NAME
       kcmp - compare if two processes do share a particular kernel resource

SYNOPSIS
       #define _GNU_SOURCE         /* See feature_test_macros(7) */
       #include <unistd.h>
       #include <linux/kcmp.h>
       #include <sys/syscall.h>   /* For SYS_xxx definitions */

       int syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);

DESCRIPTION
       kcmp() allows to find out if two processes identified by pid1 and pid2
       share kernel resources such as virtual memory, file descriptors, file system etc.

       The comparison type is one of the following

       KCMP_FILE determines whether a file descriptor idx1 in the first process
       is the same as another descriptor idx2 in the second process

       KCMP_VM compares whether processes share address space

       KCMP_FILES compares the file descriptor arrays to see whether the processes
       share all files

       KCMP_FS compares whether processes share the file system information (the current
       umask, working directory, namespace root, etc)

       KCMP_SIGHAND compares whether processes share a signal handlers table

       KCMP_IO compares whether processes do share I/O context, used mainly for
       block I/O scheduling

       KCMP_SYSVSEM compares the list of undo operations associated with SYSV semaphores

       Note  the  kcmp() is not protected against false positives which may have
       place if tasks are running.  Which means one should stop tasks being inspected
       with this syscall to obtain meaningful results.

RETURN VALUE
       kcmp was designed to return values suitable for sorting.  This is particularly handy
       when one have to compare a large number of file descriptors.

       The return value is merely a result of simple arithmetic comparison of kernel pointers
       (when kernel compares resources, it uses their memory addresses).

       The  easiest way to explain is to consider an example.  Lets say v1 and v2 are the
       addresses of appropriate resources, then the return value is one of the following

       0 - v1 is equal to v2 , in other words we have a shared resource here
       1 - v1 is less than v2
       2 - v1 is greater than v2
       3 - v1 is not equal to but ordering information is unavailble.

       On error, -1 is returned, and errno is set appropriately.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
CC: "Eric W. Biederman" <ebiederm@xmission.com>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Pavel Emelyanov <xemul@parallels.com>
CC: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
---
 man2/kcmp.2 | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)
 create mode 100644 man2/kcmp.2

diff --git a/man2/kcmp.2 b/man2/kcmp.2
new file mode 100644
index 0000000..6c514b6
--- /dev/null
+++ b/man2/kcmp.2
@@ -0,0 +1,134 @@
+.\" Copyright (c) 2012, Cyrill Gorcunov <gorcunov@openvz.org>
+.\"
+.\" Permission is granted to make and distribute verbatim copies of this
+.\" manual provided the copyright notice and this permission notice are
+.\" preserved on all copies.
+.\"
+.\" Permission is granted to copy and distribute modified versions of
+.\" this manual under the conditions for verbatim copying, provided that
+.\" the entire resulting derived work is distributed under the terms of
+.\" a permission notice identical to this one.
+.\"
+.\" Since the Linux kernel and libraries are constantly changing, this
+.\" manual page may be incorrect or out-of-date.  The author(s) assume.
+.\" no responsibility for errors or omissions, or for damages resulting.
+.\" from the use of the information contained herein.  The author(s) may.
+.\" not have taken the same level of care in the production of this.
+.\" manual, which is licensed free of charge, as they might when working.
+.\" professionally.
+.\"
+.\" Formatted or processed versions of this manual, if unaccompanied by
+.\" the source, must acknowledge the copyright and authors of this work.
+.TH KCMP 2 2012-02-01 "Linux" "Linux Programmer's Manual"
+
+.SH NAME
+kcmp \- compare if two processes do share a particular kernel resource
+
+.SH SYNOPSIS
+.nf
+.BR "#define _GNU_SOURCE" "         /* See feature_test_macros(7) */"
+.B #include <unistd.h>
+.B #include <linux/kcmp.h>
+.BR "#include <sys/syscall.h>   "  "/* For SYS_xxx definitions */"
+
+.BI "int syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);"
+.fi
+
+.SH DESCRIPTION
+
+.BR kcmp ()
+allows to find out if two processes identified by
+.I pid1
+and
+.I pid2
+share kernel resources such as virtual memory, file descriptors, file system etc.
+
+The comparison
+.I type
+is one of the following
+
+.BR KCMP_FILE
+determines whether a file descriptor
+.I idx1
+in the first process is the same as another descriptor
+.I idx2
+in the second process
+
+.BR KCMP_VM
+compares whether processes share address space
+
+.BR KCMP_FILES
+compares the file descriptor arrays to see whether the processes share all files
+
+.BR KCMP_FS
+compares whether processes share the file system information (the current umask,
+working directory, namespace root, etc)
+
+.BR KCMP_SIGHAND
+compares whether processes share a signal handlers table
+
+.BR KCMP_IO
+compares whether processes do share I/O context,
+used mainly for block I/O scheduling
+
+.BR KCMP_SYSVSEM
+compares the list of undo operations associated with SYSV semaphores
+
+Note the
+.BR kcmp ()
+is not protected against false positives which may have place if tasks are
+running.
+Which means one should stop tasks being inspected with this syscall to obtain
+meaningful results.
+
+.SH "RETURN VALUE"
+.B kcmp
+was designed to return values suitable for sorting.
+This is particularly handy when one have to compare
+a large number of file descriptors.
+
+The return value is merely a result of simple arithmetic comparison
+of kernel pointers (when kernel compares resources, it uses their
+memory addresses).
+
+The easiest way to explain is to consider an example.
+Lets say
+.I v1
+and
+.I v2
+are the addresses of appropriate resources, then the return value
+is one of the following
+
+.B 0
+\-
+.I v1
+is equal to
+.IR v2 ,
+in other words we have a shared resource here
+
+.B 1
+\-
+.I v1
+is less than
+.I v2
+
+.B 2
+\-
+.I v1
+is greater than
+.I v2
+
+.B 3
+\-
+.I v1
+is not equal to
+.IR v2 ,
+but ordering information is unavailable.
+
+On error, \-1 is returned, and errno is set appropriately.
+
+.SH "CONFORMING TO"
+.BR kcmp ()
+is Linux specific and should not be used in programs intended to be portable.
+.SH "SEE ALSO"
+.BR clone (2)
-- 
1.8.0.1

Re: [PATCH 1/2] Add kcmp.2 manpage

[Michael Kerrisk (man-pages)]

On Tue, Dec 18, 2012 at 6:12 PM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> On Tue, Dec 18, 2012 at 09:06:24PM +0400, Cyrill Gorcunov wrote:
>> On Tue, Dec 18, 2012 at 05:54:49PM +0100, Michael Kerrisk (man-pages) wrote:
>> > Hello Cyrill,
>> >
>> > On Mon, Jul 23, 2012 at 12:15 AM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
>> > > NAME
>> > >        kcmp - compare if two processes do share a particular kernel resource
>> >
>> > Very late follow up on this page, sorry. You didn't provide a
>> > copyright or license for this page. Could you please supply that
>> > information. See http://www.kernel.org/doc/man-pages/licenses.html .
>>
>> Sure, gimme some time to update it...
>
> Something like below?

Yep, that's fine. I've done some substantial editing and added several
pieces to the page.  Could you take a careful look at the version to
see that I have not injected any inaccuracies?

Thanks,

Michael


.\" Copyright (C) 2012, Cyrill Gorcunov <gorcunov@openvz.org>
.\" and Copyright (C) 2012, Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of
.\" this manual under the conditions for verbatim copying, provided that
.\" the entire resulting derived work is distributed under the terms of
.\" a permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume.
.\" no responsibility for errors or omissions, or for damages resulting.
.\" from the use of the information contained herein.  The author(s) may.
.\" not have taken the same level of care in the production of this.
.\" manual, which is licensed free of charge, as they might when working.
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\"
.\" Kernel commit d97b46a64674a267bc41c9e16132ee2a98c3347d
.\"
.TH KCMP 2 2012-12-19 "Linux" "Linux Programmer's Manual"

.SH NAME
kcmp \- compare two processes to determine if they share a kernel resource

.SH SYNOPSIS
.nf
.B #include <linux/kcmp.h>

.BI "int kcmp(pid_t " pid1 ", pid_t " pid2 ", int " type ,
.BI "         unsigned long " idx1 ", unsigned long "  idx2 );

.fi

.IR Note :
There is no glibc wrapper for this system call; see NOTES.

.SH DESCRIPTION
The
.BR kcmp ()
system call can be used to check whether the two processes identified by
.I pid1
and
.I pid2
share a kernel resource such as virtual memory, file descriptors,
and so on.

The
.I type
argument specifies which resource is to be compared in the two processes.
It has one of the following values:

.TP
.BR KCMP_FILE
Check whether a file descriptor
.I idx1
in the process
.I pid1
refers to the same open file description (see
.BR open (2))
as file descriptor
.I idx2
in the process
.IR pid2 .

.TP
.BR KCMP_FILES
Check whether the process share the same set of open file descriptors.
The arguments
.I idx1
and
.I idx2
are ignored.

.TP
.BR KCMP_FS
Check whether the processes share the same file system information
(i.e., file mode creation mask, working directory, and file system root).
The arguments
.I idx1
and
.I idx2
are ignored.

.TP
.BR KCMP_IO
Check whether the processes share I/O context.
The arguments
.I idx1
and
.I idx2
are ignored.

.TP
.BR KCMP_SIGHAND
Check whether the processes share the same table of signal dispositions.
The arguments
.I idx1
and
.I idx2
are ignored.

.TP
.BR KCMP_SYSVSEM
Check whether the processes share the same
list of System V semaphore undo operations.
The arguments
.I idx1
and
.I idx2
are ignored.

.TP
.BR KCMP_VM
Check whether the processes share the same address space.
The arguments
.I idx1
and
.I idx2
are ignored.

.PP
Note the
.BR kcmp ()
is not protected against false positives which may have place if tasks are
running.
Which means one should stop tasks being inspected with this syscall to obtain
meaningful results.

.SH "RETURN VALUE"
The return value of a successful call to
.BR kcmp ()
is simply the result of arithmetic comparison
of kernel pointers (when the kernel compares resources, it uses their
memory addresses).

The easiest way to explain is to consider an example.
Suppose that
.I v1
and
.I v2
are the addresses of appropriate resources, then the return value
is one of the following:

.RS 4
.IP 0 4
.I v1
is equal to
.IR v2 ;
in other words, the two processes share the resource.

.IP 1
.I v1
is less than
.IR v2 .

.IP 2
.I v1
is greater than
.IR v2 .

.IP 3
.I v1
is not equal to
.IR v2 ,
but ordering information is unavailable.
.RE

.PP
On error, \-1 is returned, and
.I errno
is set appropriately.

.B kcmp ()
was designed to return values suitable for sorting.
This is particularly handy if one needs to compare
a large number of file descriptors.

.SH ERRORS

.TP
.B EBADF
.I type
is
.B KCMP_FILE
and
.I fd1
or
.I fd2
is not an open file descriptor.
.TP
.B EINVAL
.I type
is invalid.
.TP
.B EPERM
Insufficient permission to inspect process resources.
The
.B CAP_SYS_PTRACE
capability is required to inspect processes that you do not own.
.TP
.B ESRCH
Process
.I pid1
or
.I pid2
does not exist.

.SH VERSIONS
The
.BR kcmp ()
system call first appeared in Linux 3.5.

.SH "CONFORMING TO"
.BR kcmp ()
is Linux specific and should not be used in programs intended to be portable.

.SH NOTES
Glibc does not provide a wrapper for this system call; call it using
.BR syscall (2).

This system call is available only if the kernel was configured with
.BR CONFIG_CHECKPOINT_RESTORE .
The main use of the system call is for the
checkpoint/restore in user space (CRIU) feature.
The alternative to this system call would have been to expose suitable
process information via the
.BR proc (5)
file system; this was deemed to be unsuitable for security reasons.

See
.BR clone (2)
for some background information on the shared resources
referred to on this page.

.SH "SEE ALSO"
.BR clone (2),
.BR unshare (2)

Re: [PATCH 1/2] Add kcmp.2 manpage

[Cyrill Gorcunov]

On Fri, Dec 21, 2012 at 07:24:27PM +0100, Michael Kerrisk (man-pages) wrote:
> On Tue, Dec 18, 2012 at 6:12 PM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> > On Tue, Dec 18, 2012 at 09:06:24PM +0400, Cyrill Gorcunov wrote:
> >> On Tue, Dec 18, 2012 at 05:54:49PM +0100, Michael Kerrisk (man-pages) wrote:
> >> > Hello Cyrill,
> >> >
> >> > On Mon, Jul 23, 2012 at 12:15 AM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> >> > > NAME
> >> > >        kcmp - compare if two processes do share a particular kernel resource
> >> >
> >> > Very late follow up on this page, sorry. You didn't provide a
> >> > copyright or license for this page. Could you please supply that
> >> > information. See http://www.kernel.org/doc/man-pages/licenses.html .
> >>
> >> Sure, gimme some time to update it...
> >
> > Something like below?
> 
> Yep, that's fine. I've done some substantial editing and added several
> pieces to the page.  Could you take a careful look at the version to
> see that I have not injected any inaccuracies?

Looks good to me, thanks! (There is some work initiated to make this
syscall available for all archs so this page will need to be updated
more-less soon, but it's my problems, i'll send you update once transition
complete).

	Cyrill