What are background processes
-
are all the processes on the Linux machine in the background
-
the program that helps to send mail
-
the program that is running to accept the ssh commands
How to start a background process
Starting a background process with Linux is the same as starting a normal process, but just add a space and an ampersand ( &) to the end of the line. The kernel will respond with a so called PID (process id). A number with identifies the process by that number.
How to kill a background process
You can use the kill command to terminate a background process.
$ kill <pid>
$ kill <signal> <pid>$ kill 1345 # kills process 1345 with default signal SIGTERM (Signal Terminate)
$ kill -9 1345 # kills process 1345 with the very hard signal SIGKILL (Signal KILL) which means it stops the process even if it is stuck or hanging. Use it only if all else failsHow to view all background processes
$ ps -ef
$ ps -aux
#both dependeing on your Linux version
$ pstree (might not be available on your Linux distro)
# show a very nice tree overview of processesSwitching between foreground and background processes
-
Ctrl-Z
-
bg
-
fg
Background processes overview
Use the command top to view the _T_able _O_f _P_rocesses
NB: Some processes below might be multiple-occuring processes
In that list / matrix you see all your current processes from all the owners which are running
Tasks: 244 total, 1 running, 243 sleeping, 0 stopped, 0 zombie
%Cpu(s): 2,4 us, 0,7 sy, 0,0 ni, 96,9 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem: 8076792 total, 7765476 used, 311316 free, 804044 buffers
KiB Swap: 8288252 total, 464 used, 8287788 free. 1640592 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
9463 rloman 20 0 1389236 360868 78524 S 8,0 4,5 1:16.70 chrome
4294 rloman 20 0 4651320 956896 38108 S 1,3 11,8 10:12.79 java
1704 rloman 20 0 1539520 183052 57508 S 1,0 2,3 3:18.82 cinnamon
3272 rloman 20 0 538768 29768 21872 S 0,7 0,4 0:04.25 gnome-terminal
1751 rloman 20 0 3192240 171692 54948 S 0,3 2,1 0:08.83 dropbox
1882 www-data 20 0 5238736 696392 16832 S 0,3 8,6 0:34.19 java
10102 root 20 0 0 0 0 S 0,3 0,0 0:00.11 kworker/u8:0
10472 rloman 20 0 25108 3228 2592 R 0,3 0,0 0:00.01 top
1 root 20 0 34080 4468 2756 S 0,0 0,1 0:01.18 init
2 root 20 0 0 0 0 S 0,0 0,0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0,0 0,0 0:00.12 ksoftirqd/0
11 root rt 0 0 0 0 S 0,0 0,0 0:00.00 migration/0
12 root rt 0 0 0 0 S 0,0 0,0 0:00.02 watchdog/0
13 root rt 0 0 0 0 S 0,0 0,0 0:00.02 watchdog/1
14 root rt 0 0 0 0 S 0,0 0,0 0:00.00 migration/1
15 root 20 0 0 0 0 S 0,0 0,0 0:00.03 ksoftirqd/1
17 root 0 -20 0 0 0 S 0,0 0,0 0:00.00 kworker/1:0H
18 root 20 0 0 0 0 S 0,0 0,0 0:01.41 rcuos/1
19 root 20 0 0 0 0 S 0,0 0,0 0:00.00 rcuob/1
20 root rt 0 0 0 0 S 0,0 0,0 0:00.02 watchdog/2
33 root 20 0 0 0 0 S 0,0 0,0 0:00.00 rcuob/3
34 root 0 -20 0 0 0 S 0,0 0,0 0:00.00 khelper
35 root 20 0 0 0 0 S 0,0 0,0 0:00.00 kdevtmpfs
38 root 20 0 0 0 0 S 0,0 0,0 0:00.00 khungtaskd
39 root 0 -20 0 0 0 S 0,0 0,0 0:00.00 writeback
40 root 25 5 0 0 0 S 0,0 0,0 0:00.00 ksmd
41 root 39 19 0 0 0 S 0,0 0,0 0:01.36 khugepaged
42 root 0 -20 0 0 0 S 0,0 0,0 0:00.00 crypto
43 root 0 -20 0 0 0 S 0,0 0,0 0:00.00 kintegrityd
45 root 0 -20 0 0 0 S 0,0 0,0 0:00.00 kblockdExplaining these processes
-
kworker" is a placeholder process for kernel worker threads, which perform most of the actual processing for the kernel, especially in cases where there are interrupts, timers, I/O, etc. These typically correspond to the vast majority of any allocated "system" time to running processes.
-
The process showing this
-
the mother of all processes. The init process starts all the processes in your machine when you boot up your machine
-
The kernel thread daemon
Kernel threads are not children of init because they can be started before all the userspace processes. They are typically used to manage hardware that’s why they are directly handled by the kernel and have high priority. For a process to be child of init it needs to be cloned from init and Kthreads aren’t that’s why their parent PID is 0 meaning "no-one". All userspace processes have typically a PID superior to 1000, only kernel threads are allowed to have PID inferior to 1000.
-
Kernel healper thread to handle softirqs that can’t be handled immediately
-
ksoftirqd is a per-cpu kernel thread that runs when the machine is under heavy soft-interrupt load. Soft interrupts are normally serviced on return from a hard interrupt, but it’s possible for soft interrupts to be triggered more quickly than they can be serviced.
Alsom sometimes called the bottom-halve of an hardware-interrupt-handler
The top-halve of the handler will finish of the interrupt whilst the bottom-handler will receive the interrupt handler and say to the hardware that his interrupt has been taken notice of.
-
Used to move processes between CPUs - for load balancing
-
migration is the kernel process that handles moving processes from one CPU to another. So, for some reason your Linux scheduler decides that processes need moving to another CPU, and the migration process eats the CPU time. You could try pinning processes to specific CPUs, or try different schedulers with your kernel.
-
Notices if the system appears to be hung
-
The kernel watchdog; it is a running process with checkes, at least once per minute, if the kernel is running fine. If not, the kernel is reset
-
Is the process table full?
-
Is there enough free memory?
-
Are some files accessible?
-
Have some files changed within a given interval?
-
Is the average work load too high?
-
Has a file table overflow occurred?
-
Is a process still running? The process is specified by a pid file.
-
Do some IP addresses answer to ping?
-
Do network interfaces receive traffic?
-
Is the temperature too high? (Temperature data not always available.)
-
Execute a user defined command to do arbitrary tests.
-
Execute one or more test/repair commands found in /etc/watchdog.d. These commands are called with the argument test or repair.
-
If any of these checks fail watchdog will cause a shutdown. Should any of these tests except the user defined binary last longer than one minute the machine will be rebooted, too.
-
used as a schedulable context for stuff that call_user_mode_helper wants to run – like /sbin/hotplug or modprobe
-
Responsable for sending out kernel information using the /procfs filesystem
On the filesystem information regarding kernel state and such can be fetched
It contains a lot of info regarding the Linux Kernel. Be aware of getting in the so called musquito on the beach syndrom. If you enter it you don’t know where to start :-)
Click here for more information regarding procfs
-
khungtaskd: used for detecting hung tasks
-
khungtaskd is special kernel thread which gets scheduled every 120 seconds and check status of all process
-
Check if task is not been switched out by scheduler at least once in last 120 sec.
-
If yes then dump that hung task’s call stack
-
if CONFIG_LOCKDEP is enabled in kernel’s conf file then also show locks the hung task is holding.
When the Linux Kernel is updating a page in the page cache (in memory) that page is not immediately written out to disk. Instead … the writeback process watches so called dirty pages periodically and writes the data to disk when it is necessary or timely
The process of deciding decision when to write back a dirty based is called cache eviction and there is so much to tell about that again the dirty musquito comes along :-)
Anyway … read this for yourself if you are more interested …
KSM is a memory-saving de-duplication feature, enabled by CONFIG_KSM=y, added to the Linux kernel in 2.6.32.
The KSM daemon ksmd periodically scans those areas of user memory which have been registered with it, looking for pages of identical content which can be replaced by a single write-protected page (which is automatically copied if a process later wants to update its content).
Transparent Huge Pages (THP) are enabled by default in RHEL (Red Hat Enterprise Linux) 6 for all applications.
The kernel attempts to allocate hugepages whenever possible and any Linux process will receive 2MB pages if the mmap region is 2MB naturally aligned. The main kernel address space itself is mapped with hugepages, reducing TLB (Translation Lookaside Buffer) pressure from kernel code. For general information on Hugepages, see: What are Huge Pages and what are the advantages of using them?
The kernel will always attempt to satisfy a memory allocation using hugepages. If no hugepages are available (due to non availability of physically continuous memory for example) the kernel will fall back to the regular 4KB pages. THP are also swappable (unlike hugetlbfs). This is achieved by breaking the huge page to smaller 4KB pages, which are then swapped out normally.
But to use hugepages effectively, the kernel must find physically continuous areas of memory big enough to satisfy the request, and also properly aligned.
For this, a khugepaged kernel thread has been added. This thread will occasionally attempt to substitute smaller pages being used currently with a hugepage allocation, thus maximizing THP usage.
It is where cryptographic functions live that are used by kernel modules.
Kernel modules are kernel processes that manage your hardware, or filesystems. Most filesystems that use cryptographic functions, use the kernel crypto functions.
This is for some security software that lets the Linux kernel manage keys and keyrings for encryption and decryption, and it will get increasingly relevant as trusted computing evolves and computer hardware can fulfil more and more security functions.
its a workqueue (kernel thread + queue for bottom half processing) responsible for creating a payload for block devices integrity mean when you write data and want to be sure it will not change by mistake (hardware fail, bug, …) you write also some extra data (payload) to check its integrity, this is done in parallel using this thread
-
used for running low-level disk operations
-
In a general, the kblockd kernel threads are responsible for performing low-level disk operations.
More interesting stuff regarding kblockd is found here
-
kswapd: swaps processes to disk
-
helper thread for striped volumes
-
helper thread for handling filesystem journals
-
As to the question about the semantic differences between the different ways of adding numbers… The ones that have /number at the end are one per core. The other numbering is up to the code that creates the thread.
Exercise background processes
To get familiar with working with background processes using ps, top and the kill command
During this exercise we will be working with the ps, pstree, top and the kill command to work with background-processes and we will be using the '&'-operator
-
Login in again to the Digital Ocean VM angrynerds.carpago.nl with your userid and password using SSH
-
Show all processes on the machine which are running. Hint: use [ps with some option]
-
Show all processes using the table of processes command
-
What is the most CPU using process? (also called utilization)
-
-
Show a list of the files using the ls command
-
In foreground
-
In background
-
What is the main difference here???
-
-
-
Get an overview of your currently running processes. Hint: use [ps]
-
What do you see? What is funny on this process overview?
-
What happens when you kill the running shell / bash using the kill command? :-)
-
Something should happen; if not using the SIGTERM command to kill the process ($ kill -9 <pid>) which is rough
-
-
Write down the number of the init process
-
Is there a number 0 PID?
-
If not, are there processes with a parent process id of 0 ???
-
-
Invoke pstree command