See this page as a slide show
CT 320: Network and System Administration
CHAPTER 5: CONTROLLING PROCESSES
Original slides from Dr. James Walden at Northern Kentucky University.
Topics
- Components
- Life cycle of a process
- Signals
- Process states
/proc
- Monitoring processes
Components of a Process
- Process address space
- Kernel internal data structures
- Common components
- Process identification number (PID)
- Parent process identification number (PPID)
- User identification numbers
- Group identification numbers
- Priority
- Control Terminal
Address space
- Set of memory pages marked for the process’s user
- Contains
- Code that process is executing
- Libraries that process is executing
- Process’s variables
- Process’s stacks
- Extra information needed by the kernel
- Buffer pool
Kernel’s internal data structures
- Process address space map
- Current status of the process
- sleeping, stopped, runnable
- Execution priority of the process
- Information about process’s resources
- Open file table
- Open network ports
- Signal mask (which signals blocked)
- Owner of the process
Process Identification Numbers
- PID
- A unique id assigned by the kernel to every process
- Well, unique, but re-used.
- Used by most commands to manipulate the process
- PIDs assigned in the order the process are created
- PPID (Parent Process ID)
- Useful when tracing back a runaway process
User Identification Numbers
- UID
- User identification number of the creator of the process
- Copy of the UID value of the parent process
- Usually, only creator and superuser can manipulate process
- EUID
- Effective user identification number
- Extra UID used to determine what resources and files a
process has permission to access
- Most processes the UID and EUID are the same
- Different when
setuid() used
- Keeps identity and permissions separate
Group IDentification numbers
- GID
- Group IDentification number
- Process can be a member of many groups
- Provides a mechanism to provide access and permissions to a
specific set of people
- EGID
- Effective Group IDentification number
- Similar to EUID
- Different when
setgid() used
- Keeps identity and permissions separate
Priority
- Priority
- Determines how much CPU time the process receives
- Dynamic algorithm used by the kernel
- Amount of time a process has recently consumed
- Length of time it has been waiting to use
- Administrative set nice value
- Real-time Scheduling classes
SCHED_BATCH, SCHED_IDLE, SCHED_FIFO, SCHED_RR
- Each process assigned to one class
Nice Value
- Numeric hint to the kernel about how the process should be treated.
- How “nice” are you going to be?
- High value means low priority
- Allowable range is -20 to +19
- Nice value inherited from its parent
- Can be raised with
nice command at startup
- Changed later via
renice
Control Terminal
- Most non-daemon processes have an associated control terminal
- Determines the default linkage for standard input,
standard output, and standard error
- When command started from a shell, the terminal
become’s the process’s control terminal
- Affects the distribution of signals
Topics
- Components
- Life cycle of a process
- Signals
- Process states
/proc
- Monitoring processes
Life cycle of a Process
fork()
exec()
clone()
systemd or upstart or init
wait()
fork()
- Creates a copy of the originating process
- Unique PID
- New set of accounting information
- Returns two values
- PID of the child process to the parent
- Zero to the child process
exec()
- Usually used by child process after
fork()
- Loads a new program and transfers control to it
- Changes the program text
- Resets the data and stack segments
- Family of calls
- Differs in the way command line arguments and environments
are given to the new program
- Shell example
clone()
- Defined by Linux to allow a more lightweight process
- Creates a set of processes that share:
- Analogous to multi-threaded facility
- Each thread of execution is represented by a full-fledged
process rather than a thread object.
systemd or upstart or init
- Ancestor of all processes
- Created by kernel at boot time
- All other processes are descendants of
systemd or upstart or init
- Always process number 1
- Process termination
_exit() called to notify the kernel and why
- Parent required to be notified
- Summary of resources
- Exit code
- adopts orphan processes if parent has terminated early
wait()
- Called by parent to wait for a child or a set of children
- Exit code returned, as well as accounting information
Topics
- Components
- Life cycle of a process
- Signals
- Process states
/proc
- Monitoring processes
Signals
- Process-level software interrupt requests
- About 30 different kinds
- Sent among processes as a means of communication
- Sent by the terminal driver to kill, interrupt, or suspend
processes when special keys (CTRL-C) typed
- Sent by administrator (kill)
- Sent by kernel when process commits an infraction
- Sent by kernel to notify process of an “interesting” condition
- Death of a child process
- Availability of data on a I/O channel
Actions on Receipt of a Signal
- If the receiving process has designated a signal handler:
- Called “catching” the signal
- Handler is called with info about the context
- Control given to the handler
- Returns to the place interrupted
- If no signal handler:
- Kernel takes a default action
- Often just kills the process
Blocking or Ignoring Signals
- Signals can be caught, blocked, or ignored.
- Caught
- As described
- Requires a handler
- Ignored
- Simply discarded
- Has no effect on the process
- Blocked
- Queued for delivery
- Handled by the processes when the signal is unblocked
- Handler is only called once—even if received many times
Common Signals
| # | Name | Desc | Default | Catch? | Block? | Core? |
|---|
| 1 | HUP | Hangup | Term | Y | Y | N |
| 2 | INT | Interrupt | Term | Y | Y | N |
| 3 | QUIT | Quit | Term | Y | Y | Y |
| 9 | KILL | Kill | Term | N | N | N |
| | BUS | Bus Error | term | y | y | y |
| 11 | SEGV | Segfault | Term | Y | Y | Y |
| 15 | TERM | SW term | Term | Y | Y | N |
| | USR1 | User-def1 | Term | Y | Y | N |
| | USR2 | User-def2 | Term | Y | Y | N |
| | STOP | Stop | Stop | N | N | N |
What are Signals Used For?
- KILL
- Cannot be caught, blocked, or ignored
- Destroys the receiving process
- STOP
- Cannot be caught, blocked, or ignored
- Suspends a process execution until a CONT signal received
- CONT
- Can be caught or ignored, but not blocked
What are signals used for?
- BUS and SEGV
- Can be caught, blocked, and ignored
- Most of the reason for program crashes
- Both indicated an attempt to use or access memory improperly
- INT
- Sent by the terminal driver when you hit CTRL-C
- Request to terminate the current operation
- Most programs just quit
- Handle the signal if there is cleanup
What are signals used for?
- TERM
- Request to terminate execution completely.
- Expected for process to clean up slate and leave
- HUP
- Interpreted as a reset request by many daemons
- Asks the daemon to reread its config and adjust to changes
without restarting
- Also sent by the terminal driver to clean up the processes
attached to a specific terminal
- Holdover from days of wired terminals and modem connections
What are signals used for?
- TSTP (Terminal Stop)
- Soft version of STOP—treated as a request (CNTL-Z)
- QUIT
- Similar to TERM
- Defaults to producing a core dump if not call
- Sometimes used for other reasons
Sending Signals
kill can be used by superuser to send signals to anyone
kill -n pid
- Sends signal n to process pid
kill -QUIT pid
- Only losers memorize numbers: sends QUIT signal to pid
kill -1
- Broadcasts the signal to all processes except process 1
kill pid
killall
- You can look up the PID of a process using the
ps command
killall
- Performs the lookup for you
- Usage:
sudo killall -USR1 xinetd
- Perform matching on command names
Topics
- Components
- Life cycle of a process
- Signals
- Process states
/proc
- Monitoring processes
Process States
| State | Meaning |
|---|
| Runnable | The process can be executed |
| Sleeping | The process is waiting for resources |
| Zombie | The process is waiting to die |
| Stopped | The process is suspended |
Process States
- Runnable
- The process is ready to execute whenever CPU time is available
- Has all resources it needs
- When the process makes a system call that it cannot immediately resolve, Linux puts it to sleep
- Sleeping
- Processes are waiting for a specific event to occur.
- Shells and daemons spend most of their time in this state
- Gets no CPU time until it receives a signal
Process States
- Zombies
- Processes that have finished execution by not had a
wait()
executed on it.
- Parent or adoptive parent (PID 1)
- Stopped
- Administratively kept from running.
- Received a STOP or TSTP signal
- Waiting on a CONT signal
- Must be restarted by another process
Topics
- Components
- Life cycle of a process
- Signals
- Process states
/proc
- Monitoring processes
/proc
- Data for
ps, top; read process state info
from the /proc directory
- Pseudo-filesystem which the kernel exposes information to
about the system’s state
- Information not limited to process info
- All status info and statistics generated by kernel are represented
- Popular info read by
ps and vmstate
- Less popular info must be read directly from
/proc
/proc
man proc
- Information in the files in
/proc is created by the
kernel on the fly
- Most show empty when listed with
ls -l
cat the contents to see what they contain
Process info files in /proc
| File | Contents |
|---|
| cmd | Command or program the process is executing |
| cmdline | Complete command line of the process |
| cwd | Symbolic link to the process’s current directory |
| environ | The process’s environment variables |
| exe | Symbolic link to the file being executed |
| fd | Subdirectory containing links for each open descriptor |
| maps | Memory mapping info |
| root | Symbolic link to the process’s root directory |
| stat | General process status information |
| statm | Memory usage information |
Topics
- Components
- Life cycle of a process
- Signals
- Process states
/proc
- Monitoring processes
ps & top
ps:
- Allows monitoring of processes
- Implementation of
ps varies widely across Unix/Linux versions,
but the Linux version tries to recognize everybody’s options.
top:
- Shows processes taking most cpu time/space/whatever.
strace
- On Unix — hard to figure out what a process is actually doing
- Can make inference through filesystem and
ps
- Linux has
strace
- Shows every system call the process makes
- Shows every signal it receives
- Can attach to a running process and see what is happening
without disturbing it.
- Shows the name of the system calls and decodes the arguments
sudo strace -p 5810
Runaway processes
- Can identify processes that use excessive CPU time
by looking at the output of
ps or top
- May have to get into user’s filesystem / code
- May have legimate requirements
- May be malicious
- May be filling up filesystem
- Suspend while you contact/scold/educate owner
renice
