Home > Article > System Tutorial > A brief analysis of the files in the /proc/[pid] directory in Linux
The Linux kernel provides a mechanism to access the kernel's internal data structures and change kernel settings at runtime through the proc file system. The proc file system is a pseudo file system that only exists in memory and does not occupy external memory space. It provides an interface for accessing system kernel data in the form of a file system.
Users and applications can obtain system information through proc and change some parameters of the kernel. Since system information, such as processes, changes dynamically, when a user or application reads a proc file, the proc file system dynamically reads the required information from the system kernel and submits it.
Not all of the files or subfolders listed below exist in your system, depending on your kernel configuration and loaded modules. In addition, there are three very important directories under proc: net, scsi and sys. The sys directory is writable and can be used to access or modify kernel parameters, while net and scsi depend on the kernel configuration. For example, if the system does not support scsi, the scsi directory does not exist.
In addition to the ones introduced above, there are also some directories named with numbers, which are process directories. Each process currently running in the system has a corresponding directory under proc, with the PID number of the process as the directory name. They are the interfaces for reading process information. The self directory is the information interface for reading the process itself, and is a link.
/proc/[pid]/auxv contains the ELF interpreter information passed to the process. The format is that each item is an unsigned long length ID plus an unsigned long length value. The last item starts with two 0x00s in a row. Examples are as follows:
$ hexdump -x /proc/2406/auxv 0000000 0021 0000 0000 0000 f000 f7fa 7fff 0000 0000010 0010 0000 0000 0000 fbff 1f8b 0000 0000 0000020 0006 0000 0000 0000 1000 0000 0000 0000 0000030 0011 0000 0000 0000 0064 0000 0000 0000 0000040 0003 0000 0000 0000 0040 0040 0000 0000 0000050 0004 0000 0000 0000 0038 0000 0000 0000 0000060 0005 0000 0000 0000 0007 0000 0000 0000 0000070 0007 0000 0000 0000 0000 0000 0000 0000 0000080 0008 0000 0000 0000 0000 0000 0000 0000 0000090 0009 0000 0000 0000 55e0 0045 0000 0000 00000a0 000b 0000 0000 0000 0000 0000 0000 0000 00000b0 000c 0000 0000 0000 0000 0000 0000 0000 00000c0 000d 0000 0000 0000 0000 0000 0000 0000 00000d0 000e 0000 0000 0000 0000 0000 0000 0000 00000e0 0017 0000 0000 0000 0000 0000 0000 0000 00000f0 0019 0000 0000 0000 f079 f7f6 7fff 0000 0000100 001f 0000 0000 0000 ffea f7f6 7fff 0000 0000110 000f 0000 0000 0000 f089 f7f6 7fff 0000 0000120 0000 0000 0000 0000 0000 0000 0000 0000 0000130
/proc/[pid]/cmdline is a read-only file that contains the complete command line information of the process. If the process has been swapped out of memory or the process is a zombie process, this file will have no content. The file ends with the null character instead of a newline character. Examples are as follows:
$ ps aux|grep frps root 2406 0.1 0.1 54880 10524 ? Sl Dec11 21:30 frps -c ./frps.ini $ cat /proc/2406/cmdline frps-c./frps.ini
/proc/[pid]/comm contains the command name of the process. Examples are as follows:
$ cat /proc/2406/comm frps
/proc/[pid]/cwd is a symbolic link to the current working directory of the process. Examples are as follows:
$ ls -lt /proc/2406/cwd lrwxrwxrwx 1 root root 0 Dec 12 20:39 /proc/2406/cwd -> /home/mike/frp_0.13.0_linux_amd64
/proc/[pid]/environ Displays the environment variables of the process. Examples are as follows:
$ strings /proc/2406/environ SUPERVISOR_GROUP_NAME=ssh TERM=linux SUPERVISOR_SERVER_URL=unix:///var/run/supervisor.sock SUPERVISOR_PROCESS_NAME=ssh RUNLEVEL=2 UPSTART_EVENTS=runlevel PREVLEVEL=N PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin UPSTART_INSTANCE= UPSTART_JOB=rc SUPERVISOR_ENABLED=1 runlevel=2 PWD=/ previous=N
/proc/[pid]/exe is the symbolic link to the actual running program. Examples are as follows:
$ ls -lt /proc/2406/exe lrwxrwxrwx 1 root root 0 Dec 11 19:00 /proc/2406/exe -> /usr/bin/frps
/proc/[pid]/fd is a directory containing files opened by a process. Examples are as follows:
$ ls -lt /proc/2406/fd lrwx------ 1 root root 64 Dec 24 09:39 77 -> socket:[44377722] lrwx------ 1 root root 64 Dec 17 15:07 47 -> socket:[29482617] lr-x------ 1 root root 64 Dec 12 20:18 0 -> pipe:[13282] l-wx------ 1 root root 64 Dec 12 20:18 1 -> pipe:[13283] lrwx------ 1 root root 64 Dec 12 20:18 10 -> socket:[12238218] lrwx------ 1 root root 64 Dec 12 20:18 4 -> anon_inode:[eventpoll] lrwx------ 1 root root 64 Dec 12 20:18 40 -> socket:[19378614]
Each item in the directory is a symbolic link pointing to the open file, and the number represents the file descriptor.
/proc/[pid]/latency displays which codes cause larger delays. If you want to use this feature, you need to execute:
$ echo 1 > /proc/sys/kernel/latencytop
Examples are as follows
$ cat /proc/2406/latency Latency Top version : v0.1 30667 10650491 4891 poll_schedule_timeout do_sys_poll SyS_poll system_call_fastpath 0x7f636573dc1d 8 105 44 futex_wait_queue_me futex_wait do_futex SyS_futex system_call_fastpath 0x7f6365a167bc
The first three numbers in each line are the number of times the following code is executed, the total execution delay time (unit is microseconds) and the maximum execution delay time (unit is microseconds). What follows is the complete call stack of the code.
/proc/[pid]/maps Displays the memory area mapping information of the process. Examples are as follows:
$ cat /proc/2406/maps 00400000-006ea000 r-xp 00000000 fd:01 1727569 /usr/bin/frps 006ea000-00a6c000 r--p 002ea000 fd:01 1727569 /usr/bin/frps 00a6c000-00ab1000 rw-p 0066c000 fd:01 1727569 /usr/bin/frps 00ab1000-00ad4000 rw-p 00000000 00:00 0 c000000000-c00000b000 rw-p 00000000 00:00 0 c41feac000-c420000000 rw-p 00000000 00:00 0 c420000000-c420400000 rw-p 00000000 00:00 0 c420400000-c420700000 rw-p 00000000 00:00 0 c420700000-c420800000 rw-p 00000000 00:00 0 c420800000-c420900000 rw-p 00000000 00:00 0 c420900000-c420a00000 rw-p 00000000 00:00 0 c420a00000-c421ea0000 rw-p 00000000 00:00 0 c421ea0000-c422a00000 rw-p 00000000 00:00 0 c422a00000-c422a60000 rw-p 00000000 00:00 0 7f0418c01000-7f0418ee1000 rw-p 00000000 00:00 0 7ffff7f4f000-7ffff7f70000 rw-p 00000000 00:00 0 [stack:5121] 7ffff7fad000-7ffff7faf000 r--p 00000000 00:00 0 [vvar] 7ffff7faf000-7ffff7fb1000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
One thing to note is that [stack:] is the stack information of the thread, corresponding to the /proc/[pid]/task/[tid]/ path.
/proc/[pid]/root is a symbolic link to the process root directory. Examples are as follows:
$ ls -lt /proc/2406/root lrwxrwxrwx 1 root root 0 Dec 12 20:39 /proc/2406/root -> /
/proc/[pid]/stack shows the kernel call stack information of the current process. This file will be generated only if the CONFIG_STACKTRACE compilation option is turned on during kernel compilation. Examples are as follows:
$ cat /proc/2406/stack [<ffffffff810fa996>] futex_wait_queue_me 0xc6/0x130 [<ffffffff810fb05d>] futex_wait 0x17d/0x270 [<ffffffff810fd2d5>] do_futex 0xd5/0x520 [<ffffffff810fd791>] SyS_futex 0x71/0x150 [<ffffffff8180cc76>] entry_SYSCALL_64_fastpath 0x16/0x75 [<ffffffffffffffff>] 0xffffffffffffffff </ffffffffffffffff></ffffffff8180cc76></ffffffff810fd791></ffffffff810fd2d5></ffffffff810fb05d></ffffffff810fa996>
/proc/[pid]/statm Displays statistical information on the memory size occupied by the process. Contains seven values, and the unit of measurement is page (the page size can be obtained through getconf PAGESIZE). Examples are as follows:
$ cat /proc/2406/statm 13720 2617 493 746 0 12007 0
The meaning of each value:
a) The total memory occupied by the process b) The physical memory occupied by the process at the current moment c) Memory shared with other processes d) Code segment of the process e) Shared library (from version 2.6 onwards, this value is 0) f) Stack of the process g) dirty pages (from version 2.6 onwards, this value is 0)
/proc/[pid]/status contains status information of the process. Much of its content is the same as /proc/[pid]/stat and /proc/[pid]/statm, but presented in a clearer way. Examples are as follows:
$ cat /proc/2406/status Name: frps State: S (sleeping) Tgid: 2406 Ngid: 0 ID: 2406 PPid: 2130 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 128 Groups: 0 NStgid: 2406 NSpid: 2406 NSpgid: 2406 NSsid: 2130 VmPeak: 54880 kB VmSize: 54880 kB VmLck: 0 kB VmPin: 0 kB VmHWM: 34872 kB VmRSS: 10468 kB VmData: 47896 kB VmStk: 132 kB VmExe: 2984 kB VmLib: 0 kB VmPTE: 68 kB VmPMD: 20 kB VmSwap: 0 kB HugetlbPages: 0 kB Threads: 11 SigQ: 0/31834 SigPnd: 0000000000000000 ShdPnd: 0000000000000000 SigBlk: 0000000000000000 SigIgn: 0000000000000000 SigCgt: fffffffe7fc1feff CapInh: 0000000000000000 CapPrm: 0000003ffffffffff CapEff: 0000003ffffffffff CapBnd: 0000003ffffffffff CapAmb: 0000000000000000 Seccomp: 0 Cpus_allowed: f Cpus_allowed_list: 0-3 Mems_allowed: 00000000,00000001 Mems_allowed_list: 0 voluntary_ctxt_switches: 2251028 nonvoluntary_ctxt_switches: 18031
Information about signals: SigQ is divided into two parts (for example, 0/31834). The former indicates the signal currently in the queue (0), and the latter indicates how many signals the queue can store in total (31834); SigPnd Represents the pending signal of the current thread, while ShdPnd indicates the pending signal of the entire process; SigBlk, SigIgn and SigCgt respectively indicate whether the signal processing is blocked, ignored, or captured. (For relevant knowledge about Unix signals, please refer to Unix: Dealing with signals).
/proc/[pid]/syscall displays the system calls being executed by the current process. Examples are as follows:
$ cat /proc/2406/syscall 202 0xab3730 0x0 0x0 0x0 0x0 0x0 0x7ffff7f6ec68 0x455bb3
The first value is the system call number (202 represents poll), followed by the parameter values of 6 system calls (located in registers), and the last two values are the stack pointer and instruction counter values. If the current process is blocked, but the blocking function is not a system call, the value of the system call number is -1, followed by the values of the stack pointer and instruction counter. If the process is not blocked, the file will only have a running string.
This file will be generated only when the CONFIG_HAVE_ARCH_TRACEHOOK compilation option is turned on during kernel compilation.
/proc/[pid]/wchan Displays the functions currently running by the kernel when the process sleeps. Examples are as follows:
$ cat /proc/2406/wchan futex_wait_queue_meadmin
The above is the detailed content of A brief analysis of the files in the /proc/[pid] directory in Linux. For more information, please follow other related articles on the PHP Chinese website!