On 13-06-22 08:46 PM, Randy MacLeod wrote:
http://unix.stackexchange.com/questions/22121/what-do-the-brackets-around-processes-mean
mentioned the man page is useful:
Sometimes the process args will be unavailable; when this happens,
ps will instead print the executable name in brackets. (alias cmd,
command).
I guess that doesn't really answer what ps is _doing_ so let's see...
Some other sites suggested that kernel threads can be identified by
following the ppid
until you get to 1 (init) user thread or 0 kernel.
looking at the output of:
strace -f -o /tmp/ps ps -p 2 u
wasn't much help and neither was:
ltrace -f -o /tmp/lps ps -p 2 u
so I guess the next step would be to download procps
http://procps.sourceforge.net/download.html
compile it in debug mode and set some breakpoints.
// Randy
On Sat, Jun 22, 2013 at 7:09 PM, Robert P. J. Day <rpjday [ at ] crashcourse [ dot ] ca>wrote:
standard ps output identifies kernel threads by putting them in
square brackets, as in:
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Jun21 ? 00:00:01 /sbin/init
root 2 0 0 Jun21 ? 00:00:00 [kthreadd]
root 3 2 0 Jun21 ? 00:00:39 [ksoftirqd/0]
root 5 2 0 Jun21 ? 00:00:00 [kworker/0:0H]
root 7 2 0 Jun21 ? 00:00:10 [migration/0]
root 8 2 0 Jun21 ? 00:00:00 [rcu_bh]
root 9 2 0 Jun21 ? 00:06:52 [rcu_sched]
... snip ...
but what *exactly* does the ps command test to see if a task is a
kernel thread? i'm poking through the code for ps right now and it's
not obvious.
it so happens that the parent [kthreadd] always has PID 2, and all
subsequent kernel threads have a PPID of 2, so maybe it's that simple.
or is it checking some field in the task struct? anyone?
rday
--
Randy is on the right track.
/proc/<pid>/cmdline is empty for kernel threads and I believe that's
what the ps and top commands use.
Also, the /proc/<pid>/exe symlink doesn't exist for kernel threads
because there is no executable in the user space associated with them.
Cheers,
--
Pedro