Linux 内核提供了一种通过 proc 文件系统,在运行时访问内核内部数据结构、改变内核设置的机制。proc 文件系统是一个伪文件系统,它只存在内存当中,而不占用外存空间。它以文件系统的方式为访问系统内核数据的操作提供接口。
用户和应用程序可以通过 proc 得到系统的信息,并可以改变内核的某些参数。由于系统的信息,如进程,是动态改变的,所以用户或应用程序读取 proc 文件时,proc 文件系统是动态从系统内核读出所需信息并提交的。
/proc/[pid]/auxv 包含传递给进程的 ELF 解释器信息,格式是每一项都是一个 unsigned long长度的 ID 加上一个 unsigned long 长度的值。最后一项以连续的两个 0x00 开头。
hexdump -x /proc/2406/auxv
/proc/[pid]/environ 显示进程的环境变量
/proc/[pid]/fd 是一个目录,包含进程打开文件的情况。举例如下:
address perms offset dev inode pathname
permissions(perms)
r = read
w = write
x = execute
s = shared
p = private (copy on write)
The pathname field will usually be the file that is
backing the mapping.
ELF 全称 “Executable and Linkable Format”,即可执行可链接文件格式,目前常见的Linux、 Android可执行文件、共享库(.so)、目标文件( .o)以及Core 文件(吐核)均为此格式。
/proc/[pid]/stack 示当前进程的内核调用栈信息,只有内核编译时打开了 CONFIG_STACKTRACE 编译选项,才会生成这个文件。
/proc/[pid]/statm 显示进程所占用内存大小的统计信息。包含七个值,度量单位是 page(page大小可通过 getconf PAGESIZE 得到)。
- 进程占用的总的内存
- 进程当前时刻占用的物理内存
- 同其它进程共享的内存
- 进程的代码段
- 共享库(从2.6版本起,这个值为0)
- 进程的堆栈
- dirty pages(从2.6版本起,这个值为0)
/proc/[pid]/status 包含进程的状态信息。其很多内容与 /proc/[pid]/stat 和 /proc/[pid]/statm 相同,但是却是以一种更清晰地方式展现出来。举例如下:
文献很详细
Name Command run by this process. Strings longer than
TASK_COMM_LEN (16) characters (including the
terminating null byte) are silently truncated.
Umask Process umask, expressed in octal with a leading
zero; see umask(2). (Since Linux 4.7.)
State Current state of the process. One of "R
(running)", "S (sleeping)", "D (disk sleep)", "T
(stopped)", "t (tracing stop)", "Z (zombie)", or "X
(dead)".
Tgid Thread group ID (i.e., Process ID).
Ngid NUMA group ID (0 if none; since Linux 3.13).
Pid Thread ID (see gettid(2)).
PPid PID of parent process.
TracerPid
PID of process tracing this process (0 if not being
traced).
Uid, Gid
Real, effective, saved set, and filesystem UIDs
(GIDs).
FDSize Number of file descriptor slots currently
allocated.
Groups Supplementary group list.
NStgid Thread group ID (i.e., PID) in each of the PID
namespaces of which [pid] is a member. The
leftmost entry shows the value with respect to the
PID namespace of the process that mounted this
procfs (or the root namespace if mounted by the
kernel), followed by the value in successively
nested inner namespaces. (Since Linux 4.1.)
NSpid Thread ID in each of the PID namespaces of which
[pid] is a member. The fields are ordered as for
NStgid. (Since Linux 4.1.)
NSpgid Process group ID in each of the PID namespaces of
which [pid] is a member. The fields are ordered as
for NStgid. (Since Linux 4.1.)
NSsid descendant namespace session ID hierarchy Session
ID in each of the PID namespaces of which [pid] is
a member. The fields are ordered as for NStgid.
(Since Linux 4.1.)
VmPeak Peak virtual memory size.
VmSize Virtual memory size.
VmLck Locked memory size (see mlock(2)).
VmPin Pinned memory size (since Linux 3.2). These are
pages that can't be moved because something needs
to directly access physical memory.
VmHWM Peak resident set size ("high water mark"). This
value is inaccurate; see /proc/[pid]/statm above.
VmRSS Resident set size. Note that the value here is the
sum of RssAnon, RssFile, and RssShmem. This value
is inaccurate; see /proc/[pid]/statm above.
RssAnon
Size of resident anonymous memory. (since Linux
4.5). This value is inaccurate; see
/proc/[pid]/statm above.
RssFile
Size of resident file mappings. (since Linux 4.5).
This value is inaccurate; see /proc/[pid]/statm
above.
RssShmem
Size of resident shared memory (includes System V
shared memory, mappings from tmpfs(5), and shared
anonymous mappings). (since Linux 4.5).
VmData, VmStk, VmExe
Size of data, stack, and text segments. This value
is inaccurate; see /proc/[pid]/statm above.
VmLib Shared library code size.
VmPTE Page table entries size (since Linux 2.6.10).
VmPMD Size of second-level page tables (added in Linux
4.0; removed in Linux 4.15).
VmSwap Swapped-out virtual memory size by anonymous
private pages; shmem swap usage is not included
(since Linux 2.6.34). This value is inaccurate;
see /proc/[pid]/statm above.
HugetlbPages
Size of hugetlb memory portions (since Linux 4.4).
CoreDumping
Contains the value 1 if the process is currently
dumping core, and 0 if it is not (since Linux
4.15). This information can be used by a
monitoring process to avoid killing a process that
is currently dumping core, which could result in a
corrupted core dump file.
Threads
Number of threads in process containing this
thread.
SigQ This field contains two slash-separated numbers
that relate to queued signals for the real user ID
of this process. The first of these is the number
of currently queued signals for this real user ID,
and the second is the resource limit on the number
of queued signals for this process (see the
description of RLIMIT_SIGPENDING in getrlimit(2)).
SigPnd, ShdPnd
Mask (expressed in hexadecimal) of signals pending
for thread and for process as a whole (see
pthreads(7) and signal(7)).
SigBlk, SigIgn, SigCgt
Masks (expressed in hexadecimal) indicating signals
being blocked, ignored, and caught (see signal(7)).
CapInh, CapPrm, CapEff
Masks (expressed in hexadecimal) of capabilities
enabled in inheritable, permitted, and effective
sets (see capabilities(7)).
CapBnd Capability bounding set, expressed in hexadecimal
(since Linux 2.6.26, see capabilities(7)).
CapAmb Ambient capability set, expressed in hexadecimal
(since Linux 4.3, see capabilities(7)).
NoNewPrivs
Value of the no_new_privs bit (since Linux 4.10,
see prctl(2)).
Seccomp
Seccomp mode of the process (since Linux 3.8, see
seccomp(2)). 0 means SECCOMP_MODE_DISABLED; 1
means SECCOMP_MODE_STRICT; 2 means
SECCOMP_MODE_FILTER. This field is provided only
if the kernel was built with the CONFIG_SECCOMP
kernel configuration option enabled.
Speculation_Store_Bypass
Speculation flaw mitigation state (since Linux
4.17, see prctl(2)).
Cpus_allowed
Hexadecimal mask of CPUs on which this process may
run (since Linux 2.6.24, see cpuset(7)).
Cpus_allowed_list
Same as previous, but in "list format" (since Linux
2.6.26, see cpuset(7)).
Mems_allowed
Mask of memory nodes allowed to this process (since
Linux 2.6.24, see cpuset(7)).
Mems_allowed_list
Same as previous, but in "list format" (since Linux
2.6.26, see cpuset(7)).
voluntary_ctxt_switches, nonvoluntary_ctxt_switches
Number of voluntary and involuntary context
switches (since Linux 2.6.23).
参考文献
https://www.hi-linux.com/posts/64295.html
https://man7.org/linux/man-pages/man5/proc.5.html
https://www.networkworld.com/article/3211296/unix-dealing-with-signals.html