I want to parse /proc/net/tcp/
, but is it safe?
How should I open and read files from /proc/
and not be afraid, that some other process (or the OS itself) will be changing it in the same time?
In general, no. (So most of the answers here are wrong.) It might be safe, depending on what property you want. But it's easy to end up with bugs in your code if you assume too much about the consistency of a file in /proc
. For example, see this bug which came from assuming that /proc/mounts
was a consistent snapshot.
For example:
/proc/uptime
is totally atomic, as someone mentioned in another answer -- but only since Linux 2.6.30, which is less than two years old. So even this tiny, trivial file was subject to a race condition until then, and still is in most enterprise kernels. See fs/proc/uptime.c
for the current source, or the commit that made it atomic. On a pre-2.6.30 kernel, you can open
the file, read
a bit of it, then if you later come back and read
again, the piece you get will be inconsistent with the first piece. (I just demonstrated this -- try it yourself for fun.)
/proc/mounts
is atomic within a single read
system call. So if you read
the whole file all at once, you get a single consistent snapshot of the mount points on the system. However, if you use several read
system calls -- and if the file is big, this is exactly what will happen if you use normal I/O libraries and don't pay special attention to this issue -- you will be subject to a race condition. Not only will you not get a consistent snapshot, but mount points which were present before you started and never stopped being present might go missing in what you see. To see that it's atomic for one read()
, look at m_start()
in fs/namespace.c
and see it grab a semaphore that guards the list of mountpoints, which it keeps until m_stop()
, which is called when the read()
is done. To see what can go wrong, see this bug from last year (same one I linked above) in otherwise high-quality software that blithely read /proc/mounts
.
/proc/net/tcp
, which is the one you're actually asking about, is even less consistent than that. It's atomic only within each row of the table. To see this, look at listening_get_next()
in net/ipv4/tcp_ipv4.c
and established_get_next()
just below in the same file, and see the locks they take out on each entry in turn. I don't have repro code handy to demonstrate the lack of consistency from row to row, but there are no locks there (or anything else) that would make it consistent. Which makes sense if you think about it -- networking is often a super-busy part of the system, so it's not worth the overhead to present a consistent view in this diagnostic tool.
The other piece that keeps /proc/net/tcp
atomic within each row is the buffering in seq_read()
, which you can read in fs/seq_file.c
. This ensures that once you read()
part of one row, the text of the whole row is kept in a buffer so that the next read()
will get the rest of that row before starting a new one. The same mechanism is used in /proc/mounts
to keep each row atomic even if you do multiple read()
calls, and it's also the mechanism that /proc/uptime
in newer kernels uses to stay atomic. That mechanism does not buffer the whole file, because the kernel is cautious about memory use.
Most files in /proc
will be at least as consistent as /proc/net/tcp
, with each row a consistent picture of one entry in whatever information they're providing, because most of them use the same seq_file
abstraction. As the /proc/uptime
example illustrates, though, some files were still being migrated to use seq_file
as recently as 2009; I bet there are still some that use older mechanisms and don't have even that level of atomicity. These caveats are rarely documented. For a given file, your only guarantee is to read the source.
In the case of /proc/net/tcp
, you can read it and parse each line without fear. But if you try to draw any conclusions from multiple lines at once -- beware, other processes and the kernel are changing it while you read it, and you are probably creating a bug.