本文平臺是 x86虛擬雲服務器,kernel版本時 4.15
主要分析 /proc/[pid]/下的 節點信息
sh@tencent_cloud:/proc/1 $ sudo ls -al
total 0
dr-xr-xr-x 9 root root 0 Mar 28 00:38 .
dr-xr-xr-x 195 root root 0 Mar 28 00:38 ..
dr-xr-xr-x 2 root root 0 Apr 7 15:00 attr
-rw-r--r-- 1 root root 0 Apr 11 15:38 autogroup
-r-------- 1 root root 0 Apr 11 15:38 auxv
-r--r--r-- 1 root root 0 Apr 7 15:00 cgroup
--w------- 1 root root 0 Apr 11 15:38 clear_refs
-r--r--r-- 1 root root 0 Mar 28 02:08 cmdline
-rw-r--r-- 1 root root 0 Apr 7 15:00 comm
-rw-r--r-- 1 root root 0 Apr 11 15:38 coredump_filter
-r--r--r-- 1 root root 0 Apr 11 15:38 cpuset
lrwxrwxrwx 1 root root 0 Mar 30 02:10 cwd -> /
-r-------- 1 root root 0 Apr 11 15:38 environ
lrwxrwxrwx 1 root root 0 Mar 28 02:08 exe -> /lib/systemd/systemd
dr-x------ 2 root root 0 Mar 28 02:08 fd
dr-x------ 2 root root 0 Apr 11 15:38 fdinfo
-rw-r--r-- 1 root root 0 Apr 11 15:38 gid_map
-r-------- 1 root root 0 Apr 11 15:38 io
-r--r--r-- 1 root root 0 Mar 28 02:09 limits
-rw-r--r-- 1 root root 0 Apr 7 15:00 loginuid
dr-x------ 2 root root 0 Apr 11 15:38 map_files
-r--r--r-- 1 root root 0 Apr 11 15:38 maps
-rw------- 1 root root 0 Apr 11 15:38 mem
-r--r--r-- 1 root root 0 Mar 28 00:38 mountinfo
-r--r--r-- 1 root root 0 Apr 11 15:38 mounts
-r-------- 1 root root 0 Apr 11 15:38 mountstats
dr-xr-xr-x 5 root root 0 Apr 11 15:38 net
dr-x--x--x 2 root root 0 Apr 11 15:38 ns
-r--r--r-- 1 root root 0 Apr 11 15:38 numa_maps
-rw-r--r-- 1 root root 0 Apr 11 15:38 oom_adj
-r--r--r-- 1 root root 0 Apr 11 15:38 oom_score
-rw-r--r-- 1 root root 0 Mar 29 00:08 oom_score_adj
-r-------- 1 root root 0 Apr 11 15:38 pagemap
-r-------- 1 root root 0 Apr 11 15:38 patch_state
-r-------- 1 root root 0 Apr 11 15:38 personality
-rw-r--r-- 1 root root 0 Apr 11 15:38 projid_map
lrwxrwxrwx 1 root root 0 Apr 11 15:38 root -> /
-rw-r--r-- 1 root root 0 Apr 11 15:38 sched
-r--r--r-- 1 root root 0 Apr 11 15:38 schedstat
-r--r--r-- 1 root root 0 Apr 7 15:00 sessionid
-rw-r--r-- 1 root root 0 Apr 11 15:38 setgroups
-r--r--r-- 1 root root 0 Apr 11 15:38 smaps
-r--r--r-- 1 root root 0 Apr 11 15:38 smaps_rollup
-r-------- 1 root root 0 Apr 11 15:38 stack
-r--r--r-- 1 root root 0 Mar 28 02:08 stat
-r--r--r-- 1 root root 0 Apr 11 15:38 statm
-r--r--r-- 1 root root 0 Mar 28 02:08 status
-r-------- 1 root root 0 Apr 11 15:38 syscall
dr-xr-xr-x 3 root root 0 Apr 11 15:38 task
-r--r--r-- 1 root root 0 Apr 11 15:38 timers
-rw-rw-rw- 1 root root 0 Apr 11 15:38 timerslack_ns
-rw-r--r-- 1 root root 0 Apr 11 15:38 uid_map
-r--r--r-- 1 root root 0 Apr 11 15:38 wchan
comm
進程的名字,common 在 task_struct中只有 16 byte,所以進程名字最多織女顯示15個字符
sh@tencent_cloud:/proc/1 $ cat comm
systemd
cmdline
進程 啓動的時候帶的 參數
sh@tencent_cloud:/proc/1 $ cat cmdline
/sbin/init
coredump_filter
coredump是抓取進程空間內的內存並保存到文件上,並不是所有內存都需要保存的,你可以通過設置/proc/$pid/coredump_filter參數過濾,
只抓取部分內存。該參數是一個值,每個bit位都有對應的含義用來表示是否抓取這部分內:
bit0: 私有匿名
bit1: 共享匿名
bit2: 有底層文件的私有映射
bit3: 有底層文件共享映射
bit4: ELF頭
bit5: 私有大尺寸頁
bit6: 共享大尺寸頁
sh@tencent_cloud:/proc/1 $ cat coredump_filter
00000033
可以參考 https://www.cnblogs.com/YYPapa/p/7011241.html
cwd
這是一個軟連接,鏈接到進程 work的目錄
sh@tencent_cloud:/proc/1 $ sudo ls cwd
bin dev imgcreate_linux_install_0.1.23 lib media proc sbin sys var www
boot etc initrd.img lib64 mnt root snap tmp vmlinuz
data home initrd.img.old lost+found opt run srv usr vmlinuz.old
environ
進程 啓動時的環境變量值
sh@tencent_cloud:/proc/1 $ sudo cat environ
biosdevname=0HOME=/init=/sbin/initNETWORK_SKIP_ENSLAVED=recovery=TERM=linuxdrop_caps=BOOT_IMAGE=/boot/vmlinuz-4.15.0-54-genericPATH=/sbin:/usr/sbin:/bin:/usr/bincrashkernel=1800M-64G:160M,64G-:512MPWD=/rootmnt=/root
exe
這是這個進程的bin文件內容
cwd
這是一個軟連接,鏈接到進程 work的目錄
sh@tencent_cloud:/proc/1 $ sudo ls cwd
bin dev imgcreate_linux_install_0.1.23 lib media proc sbin sys var www
boot etc initrd.img lib64 mnt root snap tmp vmlinuz
data home initrd.img.old lost+found opt run srv usr vmlinuz.old
fd
fd 是 進程 打開的文件描述 符號,一般會 自動 繼承 0號進程打開的
三個文件描述符 0 1 2 對應是 stdin stdout stderr
fdinfo
fdinfo 類似於 fd
sh@tencent_cloud:/proc/1 $ sudo cat fdinfo/96
pos: 0
flags: 02004002
mnt_id: 9
gid_map
沒看懂。。 與 user_namespaces 有關
sh@tencent_cloud:/proc/1 $ cat gid_map
0 0 4294967295
io
包含進程的I/O統計信息
sh@tencent_cloud:/proc/1 $ sudo cat io
rchar: 88297651287
wchar: 209116207766
syscr: 111187165
syscw: 96765943
read_bytes: 64498747392
write_bytes: 14568419328
cancelled_write_bytes: 623161344
limits
顯示了 此進程的 軟限制、硬限制
sh@tencent_cloud:/proc/1 $ cat limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 7063 7063 processes
Max open files 1048576 1048576 files
Max locked memory 16777216 16777216 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 7063 7063 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
map_files
這是文件映射的虛擬地址,用mmap映射的文件
sh@tencent_cloud:/proc/1 $ sudo ls map_files/
56008724e000-56008739d000 7f5e10f79000-7f5e10f7a000 7f5e12092000-7f5e12093000 7f5e13267000-7f5e132ae000
56008759c000-5600875d7000 7f5e10f7a000-7f5e10f7b000 7f5e12093000-7f5e121a7000 7f5e132ae000-7f5e134ae000
5600875d7000-5600875d8000 7f5e10f7b000-7f5e10f81000 7f5e121a7000-7f5e123a7000 7f5e134ae000-7f5e134b2000
7f5e0fd21000-7f5e0febe000 7f5e10f81000-7f5e11180000 7f5e123a7000-7f5e123a9000 7f5e134b2000-7f5e134b3000
7f5e0febe000-7f5e100bd000 7f5e11180000-7f5e11181000 7f5e123a9000-7f5e123ae000 7f5e134b4000-7f5e13505000
7f5e100bd000-7f5e100be000 7f5e11181000-7f5e11182000 7f5e123af000-7f5e123b3000 7f5e13505000-7f5e13704000
7f5e100be000-7f5e100bf000 7f5e11182000-7f5e11185000 7f5e123b3000-7f5e125b3000 7f5e13704000-7f5e13706000
map
進程的地址空間 task_struct->mm mm->vma
smaps 提供了更詳細的信息
sh@tencent_cloud:/proc/1 $ sudo cat maps
56008724e000-56008739d000 r-xp 00000000 fc:01 138786 /lib/systemd/systemd
56008759c000-5600875d7000 r--p 0014e000 fc:01 138786 /lib/systemd/systemd
5600875d7000-5600875d8000 rw-p 00189000 fc:01 138786 /lib/systemd/systemd
560088f7d000-56008913b000 rw-p 00000000 00:00 0 [heap]
7f5e08000000-7f5e08021000 rw-p 00000000 00:00 0
7f5e08021000-7f5e0c000000 ---p 00000000 00:00 0
7f5e0ed1f000-7f5e0ed20000 ---p 00000000 00:00 0
7f5e0ed20000-7f5e0f520000 rw-p 00000000 00:00 0
7f5e0f520000-7f5e0f521000 ---p 00000000 00:00 0
7f5e0f521000-7f5e0fd21000 rw-p 00000000 00:00 0
7f5e0fd21000-7f5e0febe000 r-xp 00000000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e0febe000-7f5e100bd000 ---p 0019d000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e100bd000-7f5e100be000 r--p 0019c000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e100be000-7f5e100bf000 rw-p 0019d000 fc:01 131667 /lib/x86_64-linux-gnu/libm-2.27.so
7f5e100bf000-7f5e100dc000 r-xp 00000000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
7f5e100dc000-7f5e102db000 ---p 0001d000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
7f5e102db000-7f5e102dc000 r--p 0001c000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
7f5e102dc000-7f5e102dd000 rw-p 0001d000 fc:01 131552 /lib/x86_64-linux-gnu/libudev.so.1.6.9
mem
此文件可用於通過"open()"訪問進程的內存頁
mounts
mountinfo
mountstats
與文件系統掛載有關係,存儲了文件系統掛載的所有信息
sh@tencent_cloud:/proc/1 $ sudo cat mounts
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,nosuid,relatime,size=904116k,nr_inodes=226029,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=187752k,mode=755 0 0
/dev/vda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/unified cgroup2 rw,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,name=systemd 0 0
net
網絡相關,參考/proc/net
ns
和 user_namespace有關
numa_maps
和 numa架構有關
oom_adj oom_score oom_score_adj
oom killer相關
oom_adj: 給一些 重要 或者不重要進程的 acore 人爲調整的一個值(-1000 ~ 1000)
oom_score: 根據進程創建的線程數量、佔用內存等計算的一個得分
oom_score_adj: 實際得分 = oom_score + oom_adj
sh@tencent_cloud:/proc/1 $ sudo cat oom_adj
0
sh@tencent_cloud:/proc/1 $ sudo cat oom_score
0
sh@tencent_cloud:/proc/1 $ sudo cat oom_score_adj
0
pagemap
此文件顯示進程的每個虛擬頁到物理頁框架或交換區域的映射。它爲每個虛擬頁包含一個64位值,位設置如下
root
root 目錄的軟鏈接
sh@tencent_cloud:/proc/1 $ sudo ls root
bin dev imgcreate_linux_install_0.1.23 lib media proc sbin sys var www
boot etc initrd.img lib64 mnt root snap tmp vmlinuz
data home initrd.img.old lost+found opt run srv usr vmlinuz.old
sched
sched 進程的調度信息
schedstat 也是類似
sh@tencent_cloud:/proc/1 $ sudo cat sched
systemd (1, #threads: 1)
-------------------------------------------------------------------
se.exec_start : 1277231851.645603
se.vruntime : 55879.680770
se.sum_exec_runtime : 57044.673679
se.nr_migrations : 0
nr_switches : 459725
nr_voluntary_switches : 451299
nr_involuntary_switches : 8426
se.load.weight : 1048576
se.runnable_weight : 1048576
se.avg.load_sum : 143
se.avg.runnable_load_sum : 143
se.avg.util_sum : 142336
se.avg.load_avg : 3
se.avg.runnable_load_avg : 3
se.avg.util_avg : 3
se.avg.last_update_time : 1277231851644928
policy : 0
prio : 120
clock-delta : 79
mm->numa_scan_seq : 0
numa_pages_migrated : 0
numa_preferred_nid : -1
total_numa_faults : 0
current_node=0, numa_group_id=0
numa_faults node=0 task_private=0 task_shared=0 group_private=0 group_shared=0
smaps_rollup
smaps_rollup 目錄的軟鏈接
sh@tencent_cloud:/proc/1 $ sudo cat smaps_rollup
56008724e000-ffffffffff601000 ---p 00000000 00:00 0 [rollup]
Rss: 5376 kB
Pss: 2748 kB
Shared_Clean: 3256 kB
Shared_Dirty: 0 kB
Private_Clean: 920 kB
Private_Dirty: 1200 kB
Referenced: 5268 kB
Anonymous: 1892 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 684 kB
SwapPss: 282 kB
Locked: 0 kB
stack
stack 提供此進程內核堆棧中函數調用的符號跟蹤。僅當內核是使用 CONFIG_STACKTRACE 配置選項構建時,才提供此文件
sh@tencent_cloud:/proc/1 $ sudo cat stack
[<0>] ep_poll+0x29c/0x3a0
[<0>] SyS_epoll_wait+0xc6/0xe0
[<0>] do_syscall_64+0x73/0x130
[<0>] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[<0>] 0xffffffffffffffff
stat
stat 進程的狀態信息。這是ps使用的。它在內核源文件fs/proc/array.c中定義
sh@tencent_cloud:/proc/1 $ sudo cat stat
1 (systemd) S 0 1 1 0 -1 4194560 99843 75073438 8000 454965 2592 3113 338565 142342 20 0 1 0 2 163827712 1344 18446744073709551615 94560267329536 94560268700040 140734543024416 0 0 0 671173123 4096 1260 1 0 0 17 0 0 0 4164 0 0 94560270798448 94560271036736 94560297930752 140734543032063 140734543032074 140734543032074 140734543032301 0
statm
statm 提供有關內存使用情況的信息(以頁爲單位)。這些列是
size (1) total program size
(same as VmSize in /proc/[pid]/status)
resident (2) resident set size
(same as VmRSS in /proc/[pid]/status)
shared (3) number of resident shared pages (i.e., backed by a file)
(same as RssFile+RssShmem in /proc/[pid]/status)
text (4) text (code)
lib (5) library (unused since Linux 2.6; always 0)
data (6) data + stack
dt (7) dirty pages (unused since Linux 2.6; always 0)
sh@tencent_cloud:/proc/1 $ sudo cat statm
39997 1344 871 335 0 4693 0
status
status 提供了/proc/[pid]/stat和/proc/[pid]/statm中的大部分信息,其格式更便於人類分析
sh@tencent_cloud:/proc/1 $ sudo cat status
Name: systemd
Umask: 0000
State: S (sleeping)
Tgid: 1
Ngid: 0
Pid: 1
PPid: 0
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups:
NStgid: 1
NSpid: 1
NSpgid: 1
NSsid: 1
VmPeak: 225448 kB
VmSize: 159988 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 9064 kB
VmRSS: 5376 kB
RssAnon: 1892 kB
RssFile: 3484 kB
RssShmem: 0 kB
VmData: 18640 kB
VmStk: 132 kB
VmExe: 1340 kB
VmLib: 10020 kB
VmPTE: 200 kB
VmSwap: 684 kB
HugetlbPages: 0 kB
CoreDumping: 0
Threads: 1
SigQ: 0/7063
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 7be3c0fe28014a03
SigIgn: 0000000000001000
SigCgt: 00000001800004ec
CapInh: 0000000000000000
CapPrm: 0000003fffffffff
CapEff: 0000003fffffffff
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: vulnerable
Cpus_allowed: 1
Cpus_allowed_list: 0
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 451433
nonvoluntary_ctxt_switches: 8426
syscall
syscall 配置了 CONFIG_HAVE_ARCH_TRACEHOOK 纔會有這個文件
sh@tencent_cloud:/proc/1 $ sudo cat syscall
232 0x4 0x7fff5071c400 0xaa 0xffffffff 0x0 0x7465677261742e79 0x7fff5071c3c0 0x7f5e142e3bb7
task
task 配置了 CONFIG_HAVE_ARCH_TRACEHOOK 纔會有這個文件
sh@tencent_cloud:/proc/1/task/1 $ sudo ls
attr cmdline exe limits mounts oom_score projid_map setgroups statm
auxv comm fd loginuid net oom_score_adj root smaps status
cgroup cpuset fdinfo maps ns pagemap sched smaps_rollup syscall
children cwd gid_map mem numa_maps patch_state schedstat stack uid_map
clear_refs environ io mountinfo oom_adj personality sessionid stat wchan
timers
此進程的POSIX計時器列表。每個計時器都列出一行,以字符串“ID”開頭
ID: 1
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 0
ID: 0
signal: 60/00007fff86e452a8
notify: signal/pid.2634
ClockID: 1
timerslack_ns
此文件公開進程的“當前”計時器時差值,以納秒錶示。該文件是可寫的,允許更改進程的計時器時隙值
sh@tencent_cloud:/proc/1 $ sudo cat timerslack_ns
50000
uid_map
uid_map 與 user_namespaces 相關
類似 gid_map
sh@tencent_cloud:/proc/1 $ cat uid_map
0 0 4294967295
wchan
對應於進程在內核中睡眠的位置的符號名
sh@tencent_cloud:/proc/1 $ cat wchan
0
sh@tencent_cloud:/proc/1 $