chapter-5

CT 320: Network and System Administra8on Fall 2014*

Dr. Indrajit Ray Email: [email protected]

Department of Computer Science

Colorado State University Fort Collins, CO 80528, USA

Dr. Indrajit Ray, Computer Science Department CT 320 Network and Systems Administra8on, Fall 2014

* Thanks to Dr. James Walden, NKU and Russ Wakeeld, CSU for contents of these slides

Controlling Processes


Topics


1. Components 2. Life cycle of a process 3. Signals 4. Process states 5. /proc 6. Monitoring processes

Components of a Process


Process address space Kernels internal data structures Common components Process iden8ca8on numbers User iden8ca8on numbers Group iden8ca8on numbers Priority Control Terminal

Address space


Set of memory pages marked for the processs user

Contains Code and libraries the process is execu8ng Processs variables Stacks Informa8on needed by the kerne Buer pooll

Kernels internal data structures


Process address space map Current status of the process Sleeping, stopped, runnable

Execu8on priority of the process Informa8on about the resources the process has used

Open le table Signal mask (which signals blocked) Owner of the process

Process Iden8ca8on Numbers


PID A unique id assigned by the kernel to every process Used by most commands to manipulate the process PIDs assigned in the order the process are created

PPID PID of the parent process Useful when tracing back a runaway process

User Iden8ca8on Numbers


UID User iden8ca8on number of the creator of the process

Copy of the UID value of the parent process Usually, only creator and superuser can manipulate process

EUID Eec8ve User Iden8ca8on Number Extra UID used to determine what resources and les a process has permission to access

Most processes the UID and EID are the same Dierent when setuid() used Keeps iden8ty and permissions separate

Group Iden8ca8on Numbers


GID Group Iden8ca8on Number Process can be a member of many groups Provides a mechanism to provide access and permissions to a specic set of people

EGID Eec8ve Group Iden8ca8on Number Similar to EUID Set by the user of setgid()

Priority


Priority Determines how much CPU 8me the process receives

Dynamic algorithm used by the kernel Amount of 8me a process has recently consumed Length of 8me it has been wai8ng to use Administra8ve set value nice

Real-8me Scheduling classes Currently 3 classes Each process assigned to one class Not widely used

Nice


Numeric hint to the kernel about how the process should be treated.

How nice are you going to be? High value means low priority Allowable range is -20 to +19 Nice value inherited from its parent Can be raised with nice command

Control Terminal


Most non-daemon processes have an associated control terminal

Determines the default linkage for standard input, standard output, and standard error

When command started from a shell, the terminal becomes the processs control terminal

Aects the distribu8on of signals

Topics



Life cycle of a Process


fork() exec() clone() init wait()

fork()


Creates a copy of the origina8ng process Unique PID New set of accoun8ng informa8on

Returns two values PID of the child process to the parent Zero to the child process

exec()


Usually used by child process aler fork() Loads a new program and transfers control to it Changes the program text Resets the data and stack segments

Family of calls Diers in the way command line arguments and environments are given to the new program

Shell example

clone()


Dened by Linux to allow a more lightweight process

Creates a set of processes that share: Memory I/O spaces

Analogous to mul8-threaded facility Each thread of execu8on is represented by a full-edged process rather than a thread object.

init


Grandfather of all processes Created by kernel at boot 8me All other processes are descendants of init

Always process number 1 Process termina8on _exit() called to no8fy the kernel and why Parent required to be no8ed Summary of resources Exit code

init holds role of parent if parent has terminated early

wait()


Called by parent to wait for a child or a set of children

Exit code returned, as well as accoun8ng informa8on

Topics



Signals


Process-level solware interrupt requests About 30 dierent kinds dened Sent among processes as a means of communica8on

Sent by the terminal driver to kill, interrupt, or suspend processes when special keys (cntl-c) typed

Sent by adminstrator (kill) Sent by kernel when process commits an infrac8on Divide by zero

Sent by kernel to no8fy process of an interes8ng condi8on Death of a child process Availability of data on a I/O channel

Ac8ons on Receipt of a Signal


If the receiving process has designated a signal handler: Called catching the signal Handler is called with info about the context Control given to the handler Returns to the place interrupted

If no signal handler Kernel takes a default ac8on Mostly die

Blocking or Ignoring Signals


Signals can be caught, blocked, or ignored. Ignored Simply discarded Has no eect on the process

Blocked Queued for delivery Handled by the processes when the signal is unblocked

Handler is only called once even if received many 8mes

Common Signals


# Name Desc Default Catch? Block? Core?

1 HUP Hangup Term Y Y N

2 INT Interrupt Term Y Y N

3 QUIT Quit Term Y Y Y

9 KILL Kill Term N N N

* BUS Bus Error Term Y Y Y

11 SEGV Seg fault Term Y Y Y

15 TERM SW term Term Y Y N

* USR1 User-def 1 Terrn Y Y N

* USR2 User-def2 Term Y Y N

* STOP Stop Stop N N N

What are Signals Used For?


KILL Cannot be caught, blocked, or ignored Destroys the receiving process

STOP Cannot be caught, blocked, or ignored Suspends a process execu8on un8l a CONT signal received

CONT Can be caught or ignored, but not blocked

What are signals used for?


BUS & SEGV Can be caught, blocked, and ignored Most of the reason for program crashes Both indicated an auempt to use or access memory improperly

INT Sent by the terminal driver when you hit Request to terminate the current opera8on Most programs just quit Handle the signal if there is cleanup



TERM Request to terminate execu8on completely. Expected for process to clean up slate and leave

HUP Interpreted as a reset request by many daemons Asks the daemon to reread its cong and adjust to changes without restar8ng

Also sent by the terminal driver to clean up the processes auached to a specic terminal Holdover from days of wired terminals and modem connec8ons



TSTP Sol version of STOP treated as a request (CNTL-Z)

QUIT Similar to TERM Defaults to producing a core dump if not call Some8mes used for other reasons

Sending Signals


kill can be used by superuser to send signals to anyone

kill n pid Sends signal n to process PID

kill -1 Broadcasts the signal to all processes except init

kill KILL pid Sends KILL signal to PID

kill pid Sends TERM signal

killall


Can look up the PID of a process using the ps command

killall Performs the lookup for you Usage: sudo killall USR1 xinetd

Perform matching on command names

Topics



Process states


State Meaning

Runnable The process can be executed

Sleeping The process is wai8ng for some resouces

Zombie The process is wai8ng to die

Stopped The process is suspended

Process States


Runnable The process is ready to execute whenever CPU 8me is available

Has all resources it needs When the process makes a system call that it cannot immediately resolve, Linux puts it to sleep

Sleeping Processes are wai8ng for a specic event to occur. Shells and daemons spend most of their 8me in this state

Gets no CPU 8me un8l it receives a signal

Process States


Zombies Processes that have nished execu8on by not had a wait() executed on it.

Parent or init Stopped Administra8vely kept from running. Received a STOP or TSTP signal Wai8ng on a CONT signal Must be restarted by another process

Topics



/proc


Linux version of ps and top read process state info form the /proc directory Pseudo-lesystem which the kernel exposes informa8on to about the systems state

Informa8on not limited to process info All status info and sta8s8cs generated by kernel are represented

Popular info read by ps and vmstate Less popular info must be read directly from /proc

/proc


man proc Useful 8ps

Informa8on in the les in /proc is created by the kernel on the y Most show empty when listed with ls l

cat or more the contents to see what they contain

Process info les in /proc


File Contents

cmd Command or program the process is execu8ng

cmdline Complete command line of the process

cwd Symbolic link to the processs current directory

environ The processs environment variables

exe Symbolic link to the le being executed

fd Subdirectory containing links for each open descriptor

maps Memory mapping info

root Symbolic link to the processs root directory

stat General process status informa8on

statm Memory usage informa8on

ps & top


Allows monitoring of processes Implementa8on of ps varies widely Most other op8ons built in

Example: ps aux

top Regularly updated (10 secs) -q raises to hightest possible priori8es

strace


On UNIX hard to gure out what a process is actually doing

Can make inference through lesystem and ps Linux has strace Shows every system call the process makes Shows every signal it receives Can auach to a running process and see what is happening without disturbing it.

Shows the name of the system calls and decodes the arguments

sudo strace p 5810

Runaway processes


Can iden8fy processes that use excessive CPU 8me by looking at the output of ps or top

May have to get into users lesystem / code May have legimate requirements May be malicious

May be lling up lesystem Suspend while you contact owner renice

chapter-5

Documents

Transcript of chapter-5