/proc 与 进程相关
本文平台是 x86虚拟云服务器,kernel版本时 4.15
主要分析 /proc/[pid]/下的 节点信息
sh@tencent_cloud:/proc/1 $ sudo ls -al
total 0
dr-xr-xr-x 9 root root 0 Mar 28 00:38 .
dr-xr-xr-x 195 root root 0 Mar 28 00:38 ..
dr-xr-xr-x 2 root root 0 Apr 7 15:00 attr
-rw-r--r-- 1 root root 0 Apr 11 15:38 autogroup
-r-------- 1 root root 0 Apr 11 15:38 auxv
-r--r--r-- 1 root root 0 Apr 7 15:00 cgroup
--w------- 1 root root 0 Apr 11 15:38 clear_refs
-r--r--r-- 1 root root 0 Mar 28 02:08 cmdline
-rw-r--r-- 1 root root 0 Apr 7 15:00 comm
-rw-r--r-- 1 root root 0 Apr 11 15:38 coredump_filter
-r--r--r-- 1 root root 0 Apr 11 15:38 cpuset
lrwxrwxrwx 1 root root 0 Mar 30 02:10 cwd -> /
-r-------- 1 root root 0 Apr 11 15:38 environ
lrwxrwxrwx 1 root root 0 Mar 28 02:08 exe -> /lib/systemd/systemd
dr-x------ 2 root root 0 Mar 28 02:08 fd
dr-x------ 2 root root 0 Apr 11 15:38 fdinfo
-rw-r--r-- 1 root root 0 Apr 11 15:38 gid_map
-r-------- 1 root root 0 Apr 11 15:38 io
-r--r--r-- 1 root root 0 Mar 28 02:09 limits
-rw-r--r-- 1 root root 0 Apr 7 15:00 loginuid
dr-x------ 2 root root 0 Apr 11 15:38 map_files
-r--r--r-- 1 root root 0 Apr 11 15:38 maps
-rw------- 1 root root 0 Apr 11 15:38 mem
-r--r--r-- 1 root root 0 Mar 28 00:38 mountinfo
-r--r--r-- 1 root root 0 Apr 11 15:38 mounts
-r-------- 1 root root 0 Apr 11 15:38 mountstats
dr-xr-xr-x 5 root root 0 Apr 11 15:38 net
dr-x--x--x 2 root root 0 Apr 11 15:38 ns
-r--r--r-- 1 root root 0 Apr 11 15:38 numa_maps
-rw-r--r-- 1 root root 0 Apr 11 15:38 oom_adj
-r--r--r-- 1 root root 0 Apr 11 15:38 oom_score
-rw-r--r-- 1 root root 0 Mar 29 00:08 oom_score_adj
-r-------- 1 root root 0 Apr 11 15:38 pagemap
-r-------- 1 root root 0 Apr 11 15:38 patch_state
-r-------- 1 root root 0 Apr 11 15:38 personality
-rw-r--r-- 1 root root 0 Apr 11 15:38 projid_map
lrwxrwxrwx 1 root root 0 Apr 11 15:38 root -> /
-rw-r--r-- 1 root root 0 Apr 11 15:38 sched
-r--r--r-- 1 root root 0 Apr 11 15:38 schedstat
-r--r--r-- 1 root root 0 Apr 7 15:00 sessionid
-rw-r--r-- 1 root root 0 Apr 11 15:38 setgroups
-r--r--r-- 1 root root 0 Apr 11 15:38 smaps
-r--r--r-- 1 root root 0 Apr 11 15:38 smaps_rollup
-r-------- 1 root root 0 Apr 11 15:38 stack
-r--r--r-- 1 root root 0 Mar 28 02:08 stat
-r--r--r-- 1 root root 0 Apr 11 15:38 statm
-r--r--r-- 1 root root 0 Mar 28 02:08 status
-r-------- 1 root root 0 Apr 11 15:38 syscall
dr-xr-xr-x 3 root root 0 Apr 11 15:38 task
-r--r--r-- 1 root root 0 Apr 11 15:38 timers
-rw-rw-rw- 1 root root 0 Apr 11 15:38 timerslack_ns
-rw-r--r-- 1 root root 0 Apr 11 15:38 uid_map
-r--r--r-- 1 root root 0 Apr 11 15:38 wchan
comm
进程的名字,common 在 task_struct中只有 16 byte,所以进程名字最多织女显示15个字符
sh@tencent_cloud:/proc/1 $ cat comm
systemd
cmdline
进程 启动的时候带的 参数
sh@tencent_cloud:/proc/1 $ cat cmdline
/sbin/init
coredump_filter
coredump是抓取进程空间内的内存并保存到文件上,并不是所有内存都需要保存的,你可以通过设置/proc/$pid/coredump_filter参数过滤,
只抓取部分内存。该参数是一个值,每个bit位都有对应的含义用来表示是否抓取这部分内:
bit0: 私有匿名
bit1: 共享匿名
bit2: 有底层文件的私有映射
bit3: 有底层文件共享映射
bit4: ELF头
bit5: 私有大尺寸页
bit6: 共享大尺寸页
sh@tencent_cloud:/proc/1 $ cat coredump_filter
00000033
可以参考 https://www.cnblogs.com/YYPapa/p/7011241.html
cwd
这是一个软连接,链接到进程 work的目录
sh@tencent_cloud:/proc/1 $ sudo ls cwd
bin dev imgcreate_linux_install_0.1.23 lib media proc sbin sys var www
boot etc initrd.img lib64 mnt root snap tmp vmlinuz
data home initrd.img.old lost+found opt run srv usr vmlinuz.old
environ
进程 启动时的环境变量值
sh@tencent_cloud:/proc/1 $ sudo cat environ
biosdevname=0HOME=/init=/sbin/initNETWORK_SKIP_ENSLAVED=recovery=TERM=linuxdrop_caps=BOOT_IMAGE=/boot/vmlinuz-4.15.0-54-genericPATH=/sbin:/usr/sbin:/bin:/usr/bincrashkernel=1800M-64G:160M,64G-:512MPWD=/rootmnt=/root
exe
这是这个进程的bin文件内容
cwd
这是一个软连接,链接到进程 work的目录
sh@tencent_cloud:/proc/1 $ sudo ls cwd
bin dev imgcreate_linux_install_0.1.23 lib media proc sbin sys var www
boot etc initrd.img lib64 mnt root snap tmp vmlinuz
data home initrd.img.old lost+found opt run srv usr vmlinuz.old
fd
fd 是 进程 打开的文件描述 符号,一般会 自动 继承 0号进程打开的
三个文件描述符 0 1 2 对应是 stdin stdout stderr
fdinfo
fdinfo 类似于 fd
sh@tencent_cloud:/proc/1 $ sudo cat fdinfo/96
pos: 0
flags: 02004002
mnt_id: 9
gid_map
没看懂。。 与 user_namespaces 有关
sh@tencent_cloud:/proc/1 $ cat gid_map
0 0 4294967295
io
包含进程的I/O统计信息
sh@tencent_cloud:/proc/1 $ sudo cat io
rchar: 88297651287
wchar: 209116207766
syscr: 111187165
syscw: 96765943
read_bytes: 64498747392
write_bytes: 14568419328
cancelled_write_bytes: 623161344
limits
显示了 此进程的 软限制、硬限制
sh@tencent_cloud:/proc/1 $ cat limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 7063 7063 processes
Max open files 1048576 1048576 files
Max locked memory 16777216 16777216 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 7063 7063 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
map_files
这是文件映射的虚拟地址,用mmap映射的文件
sh@tencent_cloud:/proc/1 $ sudo ls map_files/
56008724e000-56008739d000 7f5e10f79000-7f5e10f7a000 7f5e12092000-7f5e12093000 7f5e13267000-7f5e132ae000
56008759c000-5600875d7000 7f5e10f7a000-7f5e10f7b000 7f5e12093000-7f5e121a7000 7f5e132ae000-7f5e134ae000
5600875d7000-5600875d8000 7f5e10f7b000-7f5e10f81000 7f5e121a7000-7f5e123a7000 7f5e134ae000-7f5e134b2000
7f5e0fd21000-7f5e0febe000 7f5e10f81000-7f5e11180000 7f5e123a7000-7f5e123a9000 7f5e134b2000-7f5e134b3000
7f5e0febe000-7f5e100bd000 7f5e11180000-7f5e11181000 7f5e123a9000-7f5e123ae000 7f5e134b4000-7f5e13505000
7f5e100bd000-7f5e100be000 7f5e11181000-7f5e11182000 7f5e123af000-7f5e123b3000 7f5e13505000-7f5e13704000
7f5e100be000-7f5e100bf000 7f5e11182000-7f5e11185000 7f5e123b3000-7f5e125b3000 7f5e13704000-7f5e13706000
map
进程的地址空间 task_struct->mm mm->vma
smaps 提供了更详细的信息
sh@tencent_cloud:/proc/1 $ sudo cat maps
56008724e000-56008739d000 r-xp 00000000 fc:01 138786 /lib/systemd/systemd
56008759c000-5600875d7000 r--p 0014e000 fc:01 138786 /lib/systemd/systemd
5600875d7000-5600875d8000 rw-p 00189000 fc:01 138786 /lib/systemd/systemd
560088f7d000-56008913b000 rw-p 00000000 00:00 0 [heap]
7f5e08000000-7f5e08021000 rw-p 00000000 00:00 0
7f5e08021000-7f5e0c000000 ---p 00000000 00:00 0
7f5e0ed1f000-7f5e0ed20000 ---p 00000000 00:00 0
7f5e0ed20000-7f5e0f520000 rw-p 00000000 00:00 0
7f5e0f520000-7f5e0f521000 ---p 00000000 00:00 0
7f5e0f521000-7f5e0fd21000 rw-p 00000000 00:00 0
7f5e0fd21000-7f5e0febe000 r-xp 00000000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e0febe000-7f5e100bd000 ---p 0019d000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e100bd000-7f5e100be000 r--p 0019c000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e100be000-7f5e100bf000 rw-p 0019d000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e100bf000-7f5e100dc000 r-xp 00000000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
7f5e100dc000-7f5e102db000 ---p 0001d000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
7f5e102db000-7f5e102dc000 r--p 0001c000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
7f5e102dc000-7f5e102dd000 rw-p 0001d000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
mem
此文件可用于通过"open()"访问进程的内存页
mounts
mountinfo
mountstats
与文件系统挂载有关系,存储了文件系统挂载的所有信息
sh@tencent_cloud:/proc/1 $ sudo cat mounts
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,nosuid,relatime,size=904116k,nr_inodes=226029,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=187752k,mode=755 0 0
/dev/vda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/unified cgroup2 rw,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,name=systemd 0 0
net
网络相关,参考/proc/net
ns
和 user_namespace有关
numa_maps
和 numa架构有关
oom_adj oom_score oom_score_adj
oom killer相关
oom_adj: 给一些 重要 或者不重要进程的 acore 人为调整的一个值(-1000 ~ 1000)
oom_score: 根据进程创建的线程数量、占用内存等计算的一个得分
oom_score_adj: 实际得分 = oom_score + oom_adj
sh@tencent_cloud:/proc/1 $ sudo cat oom_adj
0
sh@tencent_cloud:/proc/1 $ sudo cat oom_score
0
sh@tencent_cloud:/proc/1 $ sudo cat oom_score_adj
0
pagemap
此文件显示进程的每个虚拟页到物理页框架或交换区域的映射。它为每个虚拟页包含一个64位值,位设置如下
root
root 目录的软链接
sh@tencent_cloud:/proc/1 $ sudo ls root
bin dev imgcreate_linux_install_0.1.23 lib media proc sbin sys var www
boot etc initrd.img lib64 mnt root snap tmp vmlinuz
data home initrd.img.old lost+found opt run srv usr vmlinuz.old
sched
sched 进程的调度信息
schedstat 也是类似
sh@tencent_cloud:/proc/1 $ sudo cat sched
systemd (1, #threads: 1)
-------------------------------------------------------------------
se.exec_start : 1277231851.645603
se.vruntime : 55879.680770
se.sum_exec_runtime : 57044.673679
se.nr_migrations : 0
nr_switches : 459725
nr_voluntary_switches : 451299
nr_involuntary_switches : 8426
se.load.weight : 1048576
se.runnable_weight : 1048576
se.avg.load_sum : 143
se.avg.runnable_load_sum : 143
se.avg.util_sum : 142336
se.avg.load_avg : 3
se.avg.runnable_load_avg : 3
se.avg.util_avg : 3
se.avg.last_update_time : 1277231851644928
policy : 0
prio : 120
clock-delta : 79
mm->numa_scan_seq : 0
numa_pages_migrated : 0
numa_preferred_nid : -1
total_numa_faults : 0
current_node=0, numa_group_id=0
numa_faults node=0 task_private=0 task_shared=0 group_private=0 group_shared=0
smaps_rollup
smaps_rollup 目录的软链接
sh@tencent_cloud:/proc/1 $ sudo cat smaps_rollup
56008724e000-ffffffffff601000 ---p 00000000 00:00 0 [rollup]
Rss: 5376 kB
Pss: 2748 kB
Shared_Clean: 3256 kB
Shared_Dirty: 0 kB
Private_Clean: 920 kB
Private_Dirty: 1200 kB
Referenced: 5268 kB
Anonymous: 1892 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 684 kB
SwapPss: 282 kB
Locked: 0 kB
stack
stack 提供此进程内核堆栈中函数调用的符号跟踪。仅当内核是使用 CONFIG_STACKTRACE 配置选项构建时,才提供此文件
sh@tencent_cloud:/proc/1 $ sudo cat stack
[<0>] ep_poll+0x29c/0x3a0
[<0>] SyS_epoll_wait+0xc6/0xe0
[<0>] do_syscall_64+0x73/0x130
[<0>] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[<0>] 0xffffffffffffffff
stat
stat 进程的状态信息。这是ps使用的。它在内核源文件fs/proc/array.c中定义
sh@tencent_cloud:/proc/1 $ sudo cat stat
1 (systemd) S 0 1 1 0 -1 4194560 99843 75073438 8000 454965 2592 3113 338565 142342 20 0 1 0 2 163827712 1344 18446744073709551615 94560267329536 94560268700040 140734543024416 0 0 0 671173123 4096 1260 1 0 0 17 0 0 0 4164 0 0 94560270798448 94560271036736 94560297930752 140734543032063 140734543032074 140734543032074 140734543032301 0
statm
statm 提供有关内存使用情况的信息(以页为单位)。这些列是
size (1) total program size
(same as VmSize in /proc/[pid]/status)
resident (2) resident set size
(same as VmRSS in /proc/[pid]/status)
shared (3) number of resident shared pages (i.e., backed by a file)
(same as RssFile+RssShmem in /proc/[pid]/status)
text (4) text (code)
lib (5) library (unused since Linux 2.6; always 0)
data (6) data + stack
dt (7) dirty pages (unused since Linux 2.6; always 0)
sh@tencent_cloud:/proc/1 $ sudo cat statm
39997 1344 871 335 0 4693 0
status
status 提供了/proc/[pid]/stat和/proc/[pid]/statm中的大部分信息,其格式更便于人类分析
sh@tencent_cloud:/proc/1 $ sudo cat status
Name: systemd
Umask: 0000
State: S (sleeping)
Tgid: 1
Ngid: 0
Pid: 1
PPid: 0
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups:
NStgid: 1
NSpid: 1
NSpgid: 1
NSsid: 1
VmPeak: 225448 kB
VmSize: 159988 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 9064 kB
VmRSS: 5376 kB
RssAnon: 1892 kB
RssFile: 3484 kB
RssShmem: 0 kB
VmData: 18640 kB
VmStk: 132 kB
VmExe: 1340 kB
VmLib: 10020 kB
VmPTE: 200 kB
VmSwap: 684 kB
HugetlbPages: 0 kB
CoreDumping: 0
Threads: 1
SigQ: 0/7063
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 7be3c0fe28014a03
SigIgn: 0000000000001000
SigCgt: 00000001800004ec
CapInh: 0000000000000000
CapPrm: 0000003fffffffff
CapEff: 0000003fffffffff
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: vulnerable
Cpus_allowed: 1
Cpus_allowed_list: 0
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 451433
nonvoluntary_ctxt_switches: 8426
syscall
syscall 配置了 CONFIG_HAVE_ARCH_TRACEHOOK 才会有这个文件
sh@tencent_cloud:/proc/1 $ sudo cat syscall
232 0x4 0x7fff5071c400 0xaa 0xffffffff 0x0 0x7465677261742e79 0x7fff5071c3c0 0x7f5e142e3bb7
task
task 配置了 CONFIG_HAVE_ARCH_TRACEHOOK 才会有这个文件
sh@tencent_cloud:/proc/1/task/1 $ sudo ls
attr cmdline exe limits mounts oom_score projid_map setgroups statm
auxv comm fd loginuid net oom_score_adj root smaps status
cgroup cpuset fdinfo maps ns pagemap sched smaps_rollup syscall
children cwd gid_map mem numa_maps patch_state schedstat stack uid_map
clear_refs environ io mountinfo oom_adj personality sessionid stat wchan
timers
此进程的POSIX计时器列表。每个计时器都列出一行,以字符串“ID”开头
ID: 1
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 0
ID: 0
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 1
timerslack_ns
此文件公开进程的“当前”计时器时差值,以纳秒表示。该文件是可写的,允许更改进程的计时器时隙值
sh@tencent_cloud:/proc/1 $ sudo cat timerslack_ns
50000
uid_map
uid_map 与 user_namespaces 相关
类似 gid_map
sh@tencent_cloud:/proc/1 $ cat uid_map
0 0 4294967295
wchan
对应于进程在内核中睡眠的位置的符号名
sh@tencent_cloud:/proc/1 $ cat wchan
0
sh@tencent_cloud:/proc/1 $