![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2021-11-25
介紹
ps works by reading the virtual files in /proc
注意
ps 的 %cpu 不是你所想那樣
percentage of time spent running during the entire lifetime of a process.
meaning
If suddenly process would became CPU intensive (constantly consuming 100%) 不會立即反映出來
top 的 %CPU
The task's share of the elapsed CPU time since the last screen update
Standard Syntax
-e Select all processes # Identical to -A
ps -e
PID TTY TIME CMD
Display Format
-f Do full-format listing
ps -ef # 所有 process 以 full-format 顯示
UID PID PPID C STIME TTY TIME CMD
-F Extra full format (有 memory usage)
ps -eF
UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
username 6608 21141 0 28860 2100 0 13:43 pts/8 00:00:00 /bin/bash-
SZ Size in physical pages of the core image of the process.
(This includes text, data, and stack space.) - RSS The non-swapped physical memory that a task has used (KiB)
- VSZ virtual memory size of the process(KiB)
- PSR processor that process is currently assigned to
-l Long format (displays the nice values)
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 12279 12278 0 80 0 - 28889 do_wai pts/1 00:00:00 bash
0 R 0 12320 12279 0 80 0 - 38309 - pts/1 00:00:00 ps
- PRI priority of the process. Higher number means lower priority.
- NI nice value. This ranges from 19 (nicest) to -20 (not nice to others)
-H Show process hierarchy (forest)
ps -eH
BSD-style
ps aux
- a # Lift the BSD-style "only yourself" restriction
- u # Display user-oriented format.
- x # Lift the BSD-style "must have a tty" restriction
filter
- p pidlist # Select by process ID
- U userlist # Select by effective user ID (EUID) or name
- o format # Like -o, but preloaded with some default columns
- k spec # Specify sorting order. syntax: [+|-]key[,[+|-]key[,...]]
- w # Wide output
- PID # Identical to "p PID"
- c # Show the command name without args
i.e.
# show user for a user
ps U datahunter
# sort by cpu usage
ps auxk -%cpu
Output Info.
START
time the command started.
If the process was started less than 24 hours ago, the output format is " HH:MM",
else it is " Mmm:SS" (Mmm is the three letters of the month)
TIME
Accumulated cpu time, user + system.
The display format is usually "MMM:SS",
but can be shifted to the right if the process used more than 999 minutes of cpu time.
設定要顯示的 Column
ps -eo pid,user,%cpu --sort user
-o format # User-defined format
format:
- pid
-
comm # only the executable name (HEADER: COMMAND)
# A process marked <defunct> is partly dead, waiting to be fully destroyed by its parent. - args # command with all its arguments as a string [alias: cmd, command] (HEADER: COMMAND)
- %mem # ratio to the physical memory on the machine
- %cpu
- vsz # virtual memory size of the process in KiB (1024-byte units)
- cgroup
-w # Wide output (Use this option twice for unlimited width)
--sort spec # syntax is [+|-]key[,[+|-]key[,...]]
# i.e. ps jax --sort=uid,-ppid,+pid
sort key
- %cpu
- %mem
- cgroup
- cmd
- ...
Example
多個 Column
ps -eo cgroup,pid,comm,%cpu --sort cgroup | less
CGROUP PID COMMAND %CPU - 2 kthreadd 0.0 ... 12:perf_event:/lxc/chia,11: 16903 systemd 0.0 ...
在以上例子, CGROUP 係顯示不齊的, 可以用 -w 來完整顥示
Check process run time
# etime Display elapsed time since the process was started, in the form [[DD-]hh:]mm:ss.
ps -p 6176 -o etime
"[]" Bracket meaning
Square brackets are used for processes that do not have an associated command line
(mostly kernel threads and some system services)
They are created using kthread_create() or kernel_thread() functions in kernel.
ps x | grep [k]worker
4 ? S< 0:00 [kworker/0:0H] 5 ? S 0:00 [kworker/u4:0] 16 ? S< 0:00 [kworker/1:0H] 269 ? S 0:00 [kworker/u4:2] 292 ? S< 0:00 [kworker/0:1H] 326 ? S 0:00 [kworker/1:2] 405 ? S< 0:00 [kworker/1:1H] 1124 ? S 0:00 [kworker/0:2] 1125 ? S 0:00 [kworker/1:1] 1128 ? S 0:00 [kworker/0:1] 1132 ? S 0:00 [kworker/1:0]
Security Context
# Display security context format (NSA SELinux, etc.)
# --context
ps -we --context | grep ssh
PID CONTEXT COMMAND 1 unconfined /sbin/init ...
Select by CMD / PID / User
By CMD
# -C cmdlist
ps -C php-cgi
PID TTY TIME CMD 415 ? 00:00:00 php-cgi 421 ? 00:00:00 php-cgi 422 ? 00:00:00 php-cgi 423 ? 00:00:00 php-cgi 424 ? 00:00:00 php-cgi
By PID
# --pid PID
ps -F --pid 10654
By User
- -U userlist # effective user ID (EUID) or name
- -u userlist # user ID (RUID) or name
Threads
To get info about threads
-L # Show threads, possibly with LWP and NLWP columns
- LWP (thread ID)
- NLWP (number of threads)
ps -LC chia_plot
PID LWP TTY TIME CMD 1570 1570 pts/5 00:02:29 chia_plot 1570 1571 pts/5 00:00:00 final/copy 1570 18016 pts/5 00:00:07 phase3/buffer 1570 18017 pts/5 00:00:00 phase3/filter/0 1570 18018 pts/5 00:00:42 phase3/add/0 1570 18019 pts/5 00:00:41 phase3/add/1 1570 18020 pts/5 00:00:48 phase3/merge/0 1570 18021 pts/5 00:00:01 chia_plot 1570 18022 pts/5 00:00:52 Disk/sort/0 1570 18023 pts/5 00:00:20 Table/read/0 1570 18024 pts/5 00:00:51 Disk/sort/1 1570 18025 pts/5 00:00:20 Table/read/1 1570 18026 pts/5 00:00:51 Disk/sort/2 1570 18027 pts/5 00:00:52 Disk/sort/3 1570 18028 pts/5 00:00:00 Disk/sort 1570 18029 pts/5 00:00:35 Disk/read/0 1570 18030 pts/5 00:00:36 Disk/read/1
ps -eLf
-f # Do full-format listing.
-L # When used with -L, the NLWP (number of threads) and LWP (thread ID) columns will be added.
Process State Codes
FLAG:
D uninterruptible sleep (usually IO)
R running or runnable (on run queue)
S interruptible sleep (waiting for an event to complete)
T stopped, either by a job control signal or because it is being traced.
W paging (not valid since the 2.6.xx kernel)
X dead (should never be seen)
Z defunct ("zombie") process, terminated but not reaped by its parent.
For BSD formats and when the stat keyword is used, additional characters may be displayed:
< high-priority (not nice to other users)
N low-priority (nice to other users)
L has pages locked into memory (for real-time and custom IO)
s is a session leader
l is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group.
e.g.
clamav 6549 1.7 91.4 438936 352540 ? Dl 12:43 0:23 /usr/sbin/clamd
D State
D state => * non-inturuptable sleep states
(often related to waiting for data from hardware such as a hard disk. )
D 後面的 + / -
+ = in foreground process group
stuck on D state
This is the dreaded un-interruptible (TASK_UNINTERRUPTIBLE) state of a process. This is the state where the process doesn't react to signals until what it started to wait for, gets done.
An uninterruptable process is a process which happens to be in a system call (kernel function) that cannot be interrupted by a signal.
The classic example is read(). This is a system call that can take a long time (seconds) since it can potentially involve spinning up a hard drive, or moving heads. During most of this time, the process will be sleeping, blocking on the hardware.
While the process is sleeping in the system call, it can receive a unix asynchronous signal
INTERRUPTIBLE 與 UNINTERRUPTIBLE
TASK_INTERRUPTIBLE, the interruptible sleep. If a task is marked with this flag, it is sleeping, but can be woken by signals. This means the code which marked the task as sleeping is expecting a possible signal, and after it wakes up will check for it and return from the system call. After the signal is handled, the system call can potentially be automatically restarted
TASK_UNINTERRUPTIBLE, the uninterruptible sleep. If a task is marked with this flag, it is not expecting to be woken up by anything other than whatever it is waiting for, either because it cannot easily be restarted, or because programs are expecting the system call to be atomic.
hard disk error => sync 都有事 ..
其他
