See this page as a slide show

CT 320: Network and System Administration

CHAPTER 5: CONTROLLING PROCESSES

Original slides from Dr. James Walden at Northern Kentucky University.

Topics

1. Components
2. Life cycle of a process
3. Signals
4. Process states
5. /proc
6. Monitoring processes

Components of a Process

• Process address space
• Kernel internal data structures
• Common components
  • Process identification number (PID)
  • Parent process identification number (PPID)
  • User identification numbers
  • Group identification numbers
  • Priority
  • Control Terminal

Address space

• Set of memory pages marked for the process’s user
• Contains
  • Code that process is executing
  • Libraries that process is executing
  • Process’s variables
  • Process’s stacks
  • Extra information needed by the kernel
  • Buffer pool

Kernel’s internal data structures

• Process address space map
• Current status of the process
  • sleeping, stopped, runnable
• Execution priority of the process
• Information about process’s resources
• Open file table
• Open network ports
• Signal mask (which signals blocked)
• Owner of the process

Process Identification Numbers

• PID
  • A unique id assigned by the kernel to every process
    • Well, unique, but re-used.
  • Used by most commands to manipulate the process
  • PIDs assigned in the order the process are created
• PPID (Parent Process ID)
  • Useful when tracing back a runaway process
  • Forms a tree of processes

User Identification Numbers

• UID
  • User identification number of the creator of the process
  • Copy of the UID value of the parent process
  • Usually, only creator and superuser can manipulate process
• EUID
  • Effective user identification number
  • Extra UID used to determine what resources and files a process has permission to access
  • Most processes the UID and EUID are the same
  • Different when setuid() used
    • Keeps identity and permissions separate

Group IDentification numbers

• GID
  • Group IDentification number
  • Process can be a member of many groups
  • Provides a mechanism to provide access and permissions to a specific set of people
• EGID
  • Effective Group IDentification number
  • Similar to EUID
  • Different when setgid() used
    • Keeps identity and permissions separate

Priority

• Priority
  • Determines how much CPU time the process receives
  • Dynamic algorithm used by the kernel
    • Amount of time a process has recently consumed
    • Length of time it has been waiting to use
    • Administrative set nice value
  • Real-time Scheduling classes
    • SCHED_BATCH, SCHED_IDLE, SCHED_FIFO, SCHED_RR
    • Each process assigned to one class

Nice Value

• Numeric hint to the kernel about how the process should be treated.
• How “nice” are you going to be?
• High value means low priority
• Allowable range is -20 to +19
• Nice value inherited from its parent
  • Can be raised with nice command at startup
  • Changed later via renice

Control Terminal

• Most non-daemon processes have an associated control terminal
• Determines the default linkage for standard input, standard output, and standard error
• When command started from a shell, the terminal become’s the process’s control terminal
• Affects the distribution of signals

Topics

1. Components
2. Life cycle of a process
3. Signals
4. Process states
5. /proc
6. Monitoring processes

Life cycle of a Process

• fork()
• exec()
• Adopted by systemd or upstart or init
• wait()

fork()

• Creates a copy of the originating process
  • Unique PID
  • New set of accounting information
• Returns two values
  • PID of the child process to the parent
  • Zero to the child process

exec()

• Usually used by child process after fork()
• Loads a new program and transfers control to it
  • Changes the program text
  • Resets the data and stack segments
• Family of calls
  • Differs in the way command line arguments and environments are given to the new program
• Shell example

clone()

• Defined by Linux to allow a more lightweight process
• Creates a set of processes that share:
  • Memory
  • I/O spaces
• Analogous to multi-threaded facility
  • Each thread of execution is represented by a full-fledged process rather than a thread object.

systemd or upstart or init

• Ancestor of all processes
  • Created by kernel at boot time
  • All other processes are descendants of systemd or upstart or init
• Always process number 1
• Process termination
  • _exit() called to notify the kernel and why
  • Parent required to be notified
    • Summary of resources
    • Exit code
  • adopts orphan processes if parent has terminated early

wait()

• Called by parent to wait for a child or a set of children
• Exit code returned, as well as accounting information

Topics

1. Components
2. Life cycle of a process
3. Signals
4. Process states
5. /proc
6. Monitoring processes

Signals

• Process-level software interrupt requests
• About thirty different kinds.
  • Sent among processes as a means of communication
  • Sent by the terminal driver to kill, interrupt, or suspend processes when special keys (CTRL-C) typed
  • Sent by administrator (kill)
  • Sent by kernel when process commits an infraction
    • Divide by zero
  • Sent by kernel to notify process of an “interesting” condition
    • Death of a child process
    • Availability of data on a I/O channel

Actions on Receipt of a Signal

• If the receiving process has designated a signal handler:
  • Called “catching” the signal
  • Handler is called with info about the context
  • Control given to the handler
  • Returns to the place interrupted
• If no signal handler:
  • Kernel takes a default action
    • Might ignore the signal
    • Might kill the process

Blocking or Ignoring Signals

• Signals can be caught, blocked, or ignored.
• Caught
  • As described
  • Requires a handler
• Ignored
  • Simply discarded
  • Has no effect on the process
• Blocked
  • Queued for delivery
  • Handled by the processes when the signal is unblocked
  • Handler is only called once—even if received many times

List of signals

$ kill -l
 1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT	17) SIGCHLD	18) SIGCONT	19) SIGSTOP	20) SIGTSTP
21) SIGTTIN	22) SIGTTOU	23) SIGURG	24) SIGXCPU	25) SIGXFSZ
26) SIGVTALRM	27) SIGPROF	28) SIGWINCH	29) SIGIO	30) SIGPWR
31) SIGSYS	34) SIGRTMIN	35) SIGRTMIN+1	36) SIGRTMIN+2	37) SIGRTMIN+3
38) SIGRTMIN+4	39) SIGRTMIN+5	40) SIGRTMIN+6	41) SIGRTMIN+7	42) SIGRTMIN+8
43) SIGRTMIN+9	44) SIGRTMIN+10	45) SIGRTMIN+11	46) SIGRTMIN+12	47) SIGRTMIN+13
48) SIGRTMIN+14	49) SIGRTMIN+15	50) SIGRTMAX-14	51) SIGRTMAX-13	52) SIGRTMAX-12
53) SIGRTMAX-11	54) SIGRTMAX-10	55) SIGRTMAX-9	56) SIGRTMAX-8	57) SIGRTMAX-7
58) SIGRTMAX-6	59) SIGRTMAX-5	60) SIGRTMAX-4	61) SIGRTMAX-3	62) SIGRTMAX-2
63) SIGRTMAX-1	64) SIGRTMAX	

Common Signals

#	Name	Desc	Default	Catch?	Block?	Core?
1	SIGHUP	Hangup	Term	Y	Y	N
2	SIGINT	Interrupt	Term	Y	Y	N
3	SIGQUIT	Quit	Term	Y	Y	Y
9	SIGKILL	Kill	Term	N	N	N
	SIGBUS	Bus Error	Term	Y	Y	Y
15	SIGTERM	Terminate	Term	Y	Y	N
	SIGCHLD	Child death	Ignore	Y	Y	N
	SIGUSR1	User-def1	Term	Y	Y	N
	SIGUSR2	User-def2	Term	Y	Y	N
	SIGSTOP	Stop	Stop	N	N	N

What are signals used for?

Sliding scale of manual process termination:

• SIGINT
  • Result of control-C
• SIGQUIT
  • Result of control-backslash
  • historically generated a core file
• SIGTERM
  • Request to terminate execution completely.
  • Expected for process to clean up slate and leave
• SIGKILL
  • Good-bye

What are Signals Used For?

• SIGKILL
  • Cannot be caught, blocked, or ignored
  • Destroys the receiving process
• SIGSTOP
  • Cannot be caught, blocked, or ignored
  • Suspends a process execution until a CONT signal received
• SIGCONT
  • Can be caught or ignored, but not blocked

What are signals used for?

• Self-inflicted signals:
  • SIGBUS and SIGSEGV
    • Can be caught, blocked, and ignored
    • Most of the reason for program crashes
    • Both indicated an attempt to use or access memory improperly
  • SIGFPE
    • Divide by zero
  • SIGABORT
    • called abort
  • SIGALRM
    • Set an alarm by calling alarm

What are signals used for?

• SIGHUP
  • Interpreted as a reset request by many daemons
  • Asks the daemon to reread its config and adjust to changes without restarting
  • Also sent by the terminal driver to clean up the processes attached to a specific terminal
    • Holdover from days of wired terminals and modem connections

What are signals used for?

• SIGTSTP (Terminal Stop)
  • Soft version of STOP—treated as a request (CNTL-Z)
• SIGQUIT
  • Similar to TERM
  • Defaults to producing a core dump if not call
  • Sometimes used for other reasons

Sending Signals

• kill can be used by superuser to send signals to anyone
• kill -n pid
  • Sends signal n to process pid
• kill -QUIT pid
  • Only losers memorize numbers: sends QUIT signal to pid
• kill -1
  • Broadcasts the signal to all processes except process 1
• kill pid
  • Sends TERM signal

List of signals

$ kill -l
 1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT	17) SIGCHLD	18) SIGCONT	19) SIGSTOP	20) SIGTSTP
21) SIGTTIN	22) SIGTTOU	23) SIGURG	24) SIGXCPU	25) SIGXFSZ
26) SIGVTALRM	27) SIGPROF	28) SIGWINCH	29) SIGIO	30) SIGPWR
31) SIGSYS	34) SIGRTMIN	35) SIGRTMIN+1	36) SIGRTMIN+2	37) SIGRTMIN+3
38) SIGRTMIN+4	39) SIGRTMIN+5	40) SIGRTMIN+6	41) SIGRTMIN+7	42) SIGRTMIN+8
43) SIGRTMIN+9	44) SIGRTMIN+10	45) SIGRTMIN+11	46) SIGRTMIN+12	47) SIGRTMIN+13
48) SIGRTMIN+14	49) SIGRTMIN+15	50) SIGRTMAX-14	51) SIGRTMAX-13	52) SIGRTMAX-12
53) SIGRTMAX-11	54) SIGRTMAX-10	55) SIGRTMAX-9	56) SIGRTMAX-8	57) SIGRTMAX-7
58) SIGRTMAX-6	59) SIGRTMAX-5	60) SIGRTMAX-4	61) SIGRTMAX-3	62) SIGRTMAX-2
63) SIGRTMAX-1	64) SIGRTMAX	

killall

• You can look up the PID of a process using the ps command
• killall
  • Performs the lookup for you
  • Usage:
    • sudo killall -USR1 xinetd
  • Perform matching on command names

Topics

1. Components
2. Life cycle of a process
3. Signals
4. Process states
5. /proc
6. Monitoring processes

Process States

State	Meaning
Runnable	The process can be executed
Sleeping	The process is waiting for resources
Zombie	The process is waiting to die
Stopped	The process is suspended

Process States

• Runnable
  • The process is ready to execute whenever CPU time is available
  • Has all resources it needs
  • When the process makes a system call that it cannot immediately resolve, Linux puts it to sleep
• Sleeping
  • Processes are waiting for a specific event to occur.
  • Shells and daemons spend most of their time in this state
  • Gets no CPU time until it receives a signal

Process States

• Zombies
  • Processes that have finished execution by not had a wait() executed on it.
  • Parent or adoptive parent (PID 1)
• Stopped
  • Administratively kept from running.
  • Received a STOP or TSTP signal
  • Waiting on a CONT signal
  • Must be restarted by another process

Topics

1. Components
2. Life cycle of a process
3. Signals
4. Process states
5. /proc
6. Monitoring processes

/proc

• Data for ps, top; read process state info from the /proc directory
  • Pseudo-filesystem which the kernel exposes information to about the system’s state
  • Information not limited to process info
    • All status info and statistics generated by kernel are represented
  • Popular info read by ps and vmstate
  • Less popular info must be read directly from /proc

/proc

• man proc
  • Useful tips
• Information in the files in /proc is created by the kernel on the fly
  • Most show empty when listed with ls -l
• cat the contents to see what they contain

Process info files in /proc

File	Contents
/proc/pid/cmd	Command or program the process is executing
/proc/pid/cmdline	Complete command line of the process
/proc/pid/cwd	Symbolic link to the process’s current directory
/proc/pid/environ	The process’s environment variables
/proc/pid/exe	Symbolic link to the file being executed
/proc/pid/fd	Subdirectory with links for each open descriptor
/proc/pid/maps	Memory mapping info
/proc/pid/root	Symbolic link to the process’s root directory
/proc/pid/stat	General process status information
/proc/pid/statm	Memory usage information

Topics

1. Components
2. Life cycle of a process
3. Signals
4. Process states
5. /proc
6. Monitoring processes

ps & top

ps:

• Allows monitoring of processes
• Implementation of ps varies widely across Unix/Linux versions, but the Linux version tries to recognize everybody’s options.

top:

• Shows processes taking most cpu time/space/whatever.

strace

• On Unix — hard to figure out what a process is actually doing
• Can make inference through filesystem and ps
• Linux has strace
  • Shows every system call the process makes
  • Shows every signal it receives
  • Can attach to a running process and see what is happening without disturbing it.
  • Shows the name of the system calls and decodes the arguments
• sudo strace -p 5810

Runaway processes

• Can identify processes that use excessive CPU time by looking at the output of ps or top
• May have to get into user’s filesystem / code
  • May have legimate requirements
  • May be malicious
• May be filling up filesystem
• Suspend while you contact/scold/educate owner
• renice

Signal code

A sample program that deals with signals:

$ cat ~applin/bin/signals
#! /usr/bin/env run-c

#include <stdio.h>			// for printf()
#include <signal.h>			// for signal()
#include <unistd.h>			// for sleep()

void handler() {			// I get called for SIGINT.
    printf("Ouch!\n");
    signal(SIGINT, handler);		// Re-install signal handler
}

int main() {
    signal(SIGINT, handler);		// Call handler() upon interrupt.
    for (int i=1; i<=300; i++) {	// five minutes
	printf("%d\n", i);
	sleep(1);			// Kill some time.
    }
}