[LINUX] Read all the contents of proc / [pid] ~ From map_files to numa_maps ~

Overview

I would appreciate it if you could take a look at the details here.

Read all the contents of proc / [pid] Read all the contents of proc / [pid] ~ from attr to cpuset ~ Read all the contents of proc / [pid] ~ from cwd to loginuid ~

Wrong, you can find more information here, that directory is no longer in use, I would appreciate it if you could comment if you have any information.

# sleep 365d > /dev/null &
[1] 3792

# ls /proc/3792
attr             cwd       map_files   oom_adj        schedstat  task
autogroup        environ   maps        oom_score      sessionid  timers
auxv             exe       mem         oom_score_adj  setgroups  uid_map
cgroup           fd        mountinfo   pagemap        smaps      wchan
clear_refs       fdinfo    mounts      patch_state    stack
cmdline          gid_map   mountstats  personality    stat
comm             io        net         projid_map     statm
coredump_filter  limits    ns          root           status
cpuset           loginuid  numa_maps   sched          syscall

# cd /proc/3792

map_files

# ll map_files/
total 0
lr--------. 1 root root 64 Jan 12 04:15 400000-406000 -> /usr/bin/sleep
lr--------. 1 root root 64 Jan 12 04:15 606000-607000 -> /usr/bin/sleep
lr--------. 1 root root 64 Jan 12 04:15 607000-608000 -> /usr/bin/sleep
lr--------. 1 root root 64 Jan 12 04:15 7f8cfbd49000-7f8d02273000 -> /usr/lib/locale/locale-archive
lr--------. 1 root root 64 Jan 12 04:15 7f8d02273000-7f8d02436000 -> /usr/lib64/libc-2.17.so
lr--------. 1 root root 64 Jan 12 04:15 7f8d02436000-7f8d02636000 -> /usr/lib64/libc-2.17.so
lr--------. 1 root root 64 Jan 12 04:15 7f8d02636000-7f8d0263a000 -> /usr/lib64/libc-2.17.so
lr--------. 1 root root 64 Jan 12 04:15 7f8d0263a000-7f8d0263c000 -> /usr/lib64/libc-2.17.so
lr--------. 1 root root 64 Jan 12 04:15 7f8d02641000-7f8d02663000 -> /usr/lib64/ld-2.17.so
lr--------. 1 root root 64 Jan 12 04:15 7f8d02862000-7f8d02863000 -> /usr/lib64/ld-2.17.so
lr--------. 1 root root 64 Jan 12 04:15 7f8d02863000-7f8d02864000 -> /usr/lib64/ld-2.17.so

Memory area allocation. This file corresponds to the memory from here to here. I think that is the information. maps

# cat maps
00400000-00406000 r-xp 00000000 08:01 16801948                           /usr/bin/sleep
00606000-00607000 r--p 00006000 08:01 16801948                           /usr/bin/sleep
00607000-00608000 rw-p 00007000 08:01 16801948                           /usr/bin/sleep
007aa000-007cb000 rw-p 00000000 00:00 0                                  [heap]
7f8cfbd49000-7f8d02273000 r--p 00000000 08:01 25166854                   /usr/lib/locale/locale-archive
7f8d02273000-7f8d02436000 r-xp 00000000 08:01 25166795                   /usr/lib64/libc-2.17.so
7f8d02436000-7f8d02636000 ---p 001c3000 08:01 25166795                   /usr/lib64/libc-2.17.so
7f8d02636000-7f8d0263a000 r--p 001c3000 08:01 25166795                   /usr/lib64/libc-2.17.so
7f8d0263a000-7f8d0263c000 rw-p 001c7000 08:01 25166795                   /usr/lib64/libc-2.17.so
7f8d0263c000-7f8d02641000 rw-p 00000000 00:00 0
7f8d02641000-7f8d02663000 r-xp 00000000 08:01 25166788                   /usr/lib64/ld-2.17.so
7f8d02859000-7f8d0285c000 rw-p 00000000 00:00 0
7f8d02861000-7f8d02862000 rw-p 00000000 00:00 0
7f8d02862000-7f8d02863000 r--p 00021000 08:01 25166788                   /usr/lib64/ld-2.17.so
7f8d02863000-7f8d02864000 rw-p 00022000 08:01 25166788                   /usr/lib64/ld-2.17.so
7f8d02864000-7f8d02865000 rw-p 00000000 00:00 0
7fff9fb35000-7fff9fb56000 rw-p 00000000 00:00 0                          [stack]
7fff9fbb0000-7fff9fbb2000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

The details of map_files. rwxp seems to represent read, write, excv, shared / private respectively. It seems that it can be used for assembly analysis. mem cat mem resulted in cat: mem: Input / output error. It seems to be used when accessing memory using functions such as ʻopen (2), read (2)`.

mountinfo

# cat mountinfo
18 39 0:18 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
19 39 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
20 39 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=292992k,nr_inodes=73248,mode=755
21 18 0:17 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
22 20 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
23 20 0:12 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
24 39 0:20 / /run rw,nosuid,nodev shared:23 - tmpfs tmpfs rw,seclabel,mode=755
25 18 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
   ...

It seems that the detailed information of the mounted file is described. There were 30 lines of mount information even though it was just a sleep process. I also want to make an article to read this kind of thing.

mounts

# cat mounts
rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
devtmpfs /dev devtmpfs rw,seclabel,nosuid,size=292992k,nr_inodes=73248,mode=755 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0
devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,seclabel,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
    ...

Information similar to mountinfo. mountstats

# cat mountstats
device rootfs mounted on / with fstype rootfs
device sysfs mounted on /sys with fstype sysfs
device proc mounted on /proc with fstype proc
device devtmpfs mounted on /dev with fstype devtmpfs
device securityfs mounted on /sys/kernel/security with fstype securityfs
device tmpfs mounted on /dev/shm with fstype tmpfs
device devpts mounted on /dev/pts with fstype devpts
    ...

Mount information. Is there 3 files?

net

# ls net/
anycast6   fib_triestat   ip6_mr_vif          ip_tables_names    netstat              raw        snmp6         udp
arp        icmp           ip6_tables_matches  ip_tables_targets  nf_conntrack         raw6       sockstat      udp6
connector  if_inet6       ip6_tables_names    ipv6_route         nf_conntrack_expect  route      sockstat6     udplite
dev        igmp           ip6_tables_targets  mcfilter           packet               rt6_stats  softnet_stat  udplite6
dev_mcast  igmp6          ip_mr_cache         mcfilter6          protocols            rt_acct    stat          unix
dev_snmp6  ip6_flowlabel  ip_mr_vif           netfilter          psched               rt_cache   tcp           wireless
fib_trie   ip6_mr_cache   ip_tables_matches   netlink            ptype                snmp       tcp6          xfrm_stat

It contained information about networking. Since the PPID was 1, it was forked from systemd, so All of this information seems to be a copy of the systemd information. There is a theory that I should have read / proc / 1 from the beginning.

ns

# ll ns
total 0
lrwxrwxrwx. 1 root root 0 Jan 12 04:48 ipc -> ipc:[4026531839]
lrwxrwxrwx. 1 root root 0 Jan 12 04:48 mnt -> mnt:[4026531840]
lrwxrwxrwx. 1 root root 0 Jan 12 04:48 net -> net:[4026531956]
lrwxrwxrwx. 1 root root 0 Jan 12 04:48 pid -> pid:[4026531836]
lrwxrwxrwx. 1 root root 0 Jan 12 04:48 user -> user:[4026531837]
lrwxrwxrwx. 1 root root 0 Jan 12 04:48 uts -> uts:[4026531838]

It's like a place to make a note of the namespace for this process.

# readlink -f ns/ipc
/proc/3792/ns/ipc:[4026531839]

It seems that it is a symbolic link, but I could not go to the link destination, so I searched for a reference destination, but it seems that it is here. I'm not sure, but it will be used via kernel functions during virtualization and container technology.

numa_maps

# cat numa_maps
00400000 default file=/usr/bin/sleep
00606000 default file=/usr/bin/sleep anon=1 dirty=1 N0=1 kernelpagesize_kB=4
00607000 default file=/usr/bin/sleep anon=1 dirty=1 N0=1 kernelpagesize_kB=4
007aa000 default heap anon=2 dirty=2 N0=2 kernelpagesize_kB=4
7f8cfbd49000 default file=/usr/lib/locale/locale-archive mapped=1 mapmax=11 N0=1 kernelpagesize_kB=4
7f8d02273000 default file=/usr/lib64/libc-2.17.so mapped=79 mapmax=35 N0=79 kernelpagesize_kB=4
7f8d02436000 default file=/usr/lib64/libc-2.17.so
7f8d02636000 default file=/usr/lib64/libc-2.17.so anon=4 dirty=4 N0=4 kernelpagesize_kB=4

It's similar to the information in maps. Probably such a guy.

Impressions

There was a lot of information about mount. I don't know the mount and file system, so I'll study it soon. I think symbolic links are fine.

reference

https://linuxjm.osdn.jp/html/LDP_man-pages/man5/proc.5.html http://man7.org/linux/man-pages/man5/proc.5.html https://linuxjm.osdn.jp/html/LDP_man-pages/man7/numa.7.html

Recommended Posts

Read all the contents of proc / [pid] ~ From map_files to numa_maps ~
Read all the contents of proc / [pid] ~ From setgroups to wchan ~
Read all the contents of proc / [pid] ~ From oom_adj to sessionid ~
Read all the contents of proc / [pid] ~ from attr to cpuset ~
Read all the contents of proc / [pid]
Template of python script to read the contents of the file
After all, the story of returning from Linux to Windows
Get the contents of git diff from python
From the introduction of pyethapp to the execution of contract
The story of moving from Pipenv to Poetry
[Bash] While read, pass the contents of the file to variables for each column
The wall of changing the Django service from Python 2.7 to Python 3
Try to get the contents of Word with Golang
DataNitro, implementation of function to read data from sheet
Also read the contents of arch / arm / kernel / swp_emulate.c
I read the Chainer reference (updated from time to time)
[Ubuntu] How to delete the entire contents of a directory
Analyzing user dissatisfaction very easily from the contents of inquiries
How to calculate the amount of calculation learned from ABC134-D
Settings to debug the contents of the library with VS Code
[Introduction to matplotlib] Read the end time from COVID-19 data ♬
Deploy Django + React from scratch to GKE: Table of Contents
How to see the contents of the Jupyter notebook ipynb file
The story of copying data from S3 to Google's TeamDrive
How to connect the contents of a list into a string
Simulation of the contents of the wallet
[Python] Try to graph from the image of Ring Fit [OCR]
I want to read the html version of "OpenCV-Python Tutorials" OpenCV 3.1 version
[EC2] How to install chrome and the contents of each command
Output the contents of ~ .xlsx in the folder to HTML with Python
[TensorFlow 2] How to check the contents of Tensor in graph mode
From the introduction of JUMAN ++ to morphological analysis of Japanese with Python
Create a function to get the contents of the database in Go
Find all patterns to extract a specific number from the set
[Python] A program that rotates the contents of the list to the left
Understand the contents of sklearn's pipeline
Existence from the viewpoint of Python
How to read the SNLI dataset
See the contents of Kumantic Segumantion
Supplement to the explanation of vscode
From the introduction of GoogleCloudPlatform Natural Language API to how to use it
About the order of learning programming languages (from beginner to intermediate) Part 2
Wikipedia goes from the era of writing to the era of creation ~ Automatic generation from Twitter
[Introduction to Python] How to sort the contents of a list efficiently with list sort
[Image recognition] How to read the result of automatic annotation with VoTT
How to compare if the contents of the objects in scipy.sparse.csr_matrix are the same
Setting to debug test by entering the contents of the library with pytest
Download all the images attached to the body of the pull request on Github
Get the song name from the title of the video you tried to sing
Use python's pixivpy to download all the works of a specific user from pixiv at once (including moving)