Linux Kernel(4.19) Hacks

rousalome.egloos.com

포토로그 Kernel Crash


통계 위젯 (화이트)

83235
1036
103653


[Linux][Kernel] Check process in Linux system Linux-Kernel Analysis

In order to be able to survive as competitive Linux system developers(DevOps for device drivers) for a long time, you need to know the Linux kernel better. However, the Linux kernel is huge, and its content depth is a difficult technical area to grasp in the short term. I started the Linux kernel with the question "What is a process?" I saw a lot of words like the Bible or blasphemy. Unfortunately, most of the process was abandoned. This is because the book or blog describing the process theoretically describes the process.

How can you learn this process quickly?
To be familiar with the process, Linux systems and processes often enter a command output during the process of ftrace logs often meet. In this chapter, enter the command in Raspberry and confirm the processing to output the log from the ftrace log.

First, let's check the list of processes on the system using the following Linux commands. Execute the program through the Raspberry Pi in the terminal. To do this, let's go into the "PS -ely" command as follows:
root@raspberrypi:/home/pi# ps -ely
S   UID   PID  PPID  C PRI  NI   RSS    SZ WCHAN  TTY          TIME CMD
S     0     1     0  0  80   0  5956  6991 SyS_ep ?        00:00:02 systemd
S     0     2     0  0  80   0     0     0 kthrea ?        00:00:00 kthreadd
...
S  1000   867   517  0  80   0  7720 12887 poll_s ?        00:00:00 gvfsd-trash
S  1000   876   730  0  80   0 20084 12108 poll_s ?        00:00:07 lxterminal
S  1000   877   876  0  80   0  1324   590 unix_s ?        00:00:00 gnome-pty-helpe
S  1000   878   876  0  80   0  4028  1628 wait   pts/0    00:00:00 bash
S     0   886   878  0  80   0  3380  1908 poll_s pts/0    00:00:00 sudo
S     0   890   886  0  80   0  3076  1818 wait   pts/0    00:00:00 su

To see a list of processes on a Linux system, enter the command "ps".

If you are running in an X terminal shell, enter the status of the "Information PS" command and you can see the meaning of the ps command.
-------
PS(1)                                   User Commands                                   PS(1)

NAME
       ps - report a snapshot of the current processes.

SYNOPSIS
       ps [options]

This command prints the processes running on a Linux system. My command was written a lot on Linux systems that let us use debugging frequently.

If you type the ps command to access the internal data structure of the Linux kernel, what is processed to represent the information about entire process? All processes created on Linux systems (user-level and kernel threads) are connected to global variables that are registered in the init_tasks.next member of the list representing the init process. Entering the ps command will retrieve the process information output by the processing information (structure's task_struct) in the traversal link list.

This time, give the option "-ejH" a list of parent-child relationships for the process that the ps command outputs.
root@raspberrypi:/home/pi # ps -ejH
2   PID  PGID   SID TTY          TIME CMD
3    2     0     0 ?        00:00:00 kthreadd
4    4     0     0 ?        00:00:00   kworker/0:0H
5    6     0     0 ?        00:00:00   mm_percpu_wq
6    7     0     0 ?        00:00:00   ksoftirqd/0
...
7  17103     0     0 ?     00:00:00   kworker/1:1
8  17108     0     0 ?     00:00:00   kworker/u8:0
9     1     1     1 ?        00:00:02 systemd
10   94    94    94 ?        00:00:00   systemd-journal
11  127   127   127 ?        00:00:00   systemd-udevd
12  274   274   274 ?        00:00:00   systemd-timesyn

On the line shown by the line "kworker / 0:0H" 4~6 lines, "mm_percpu_wq" and "ksoftirqd / 0" are three times the parent process of the process "kthreadd" in the line.

The process of PID following "kthreadd" will help to create a process that runs in kernel space. In the above output 4-8 line process, you must have the same row aligned. The process shown in this list is called the kernel thread, the kernel process. Run only in kernel space.

You must have the PID stored in the <sys.types.h> header file as pid_t for the Linux kernel. 
[https://elixir.bootlin.com/linux/v4.14.70/source/include/linux/types.h]
typedef __kernel_pid_t pid_t;

[https://elixir.bootlin.com/linux/v4.14.70/source/include/uapi/asm-generic/posix_types.h]
typedef int __kernel_pid_t;

As you can see there is a __kernel_pid_t format definition __kernel_pid_t which is specified as an int type code will be pid_t. Pid_t is an int type.

The Linux kernel license (process ID) PID of the int type ID is for each process.
The process of switching technology, PID is 0 init process kthreadd process PID 1 and creating kernel thread is PID 2.

When you create a new process, the value of the PID integer given by the kernel increases. With PID, you can estimate when the process was created.

The maximum value of PID is 32768. Enter the following command to get the maximum PID value.

How to identify a PID in user space?
Call the low-level function getpid() in Linux to read in the process PID. Call the getpid() function, which corresponds to the system call handler of the getpid() function sys_getpid() function in kernel space.
[https://elixir.bootlin.com/linux/v4.14.70/source/kernel/sys.c]
SYSCALL_DEFINE0(getpid)
{
return task_tgid_vnr(current);
}

The Linux kernel or if you pass the taeseuteu descriptor to the parameters of the other task_tgid_vnr() function in the driver code, you can read the process PID.


Let's look at the ninth line of the log this time. I saw a systemd process with pid = 1.
9     1     1     1 ?        00:00:02 systemd


The process creates all user space in the embedded Linux pid 1 role for the init process and the execution of the parent.

There are many things in this process that are designed by objectifying humans. A process has its own child process and signals the parent process when the child process exits.

Suppose you have grandparents, parents and child processes. Once an exception occurs, the parent process terminates the parent process and disappears from the child's perspective. At this point, the grandparents become the parent process. In this case, the init process performs the role of the grandparent (the new parent process).

In the next section when you create a process to open the kernel source code, let's see what is the function of the implementation.

덧글

댓글 입력 영역