ps

最後更新: 2018-12-12

 

 


SIMPLE PROCESS SELECTION

 

x          Lift the BSD-style

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
    2 ?        S      0:00 [kthreadd]
    3 ?        S      0:02 [ksoftirqd/0]
    5 ?        S<     0:00 [kworker/0:0H]
...

 


設定顯示的 colume

 

ps -eo pid,user,%cpu --sort user

  • -o format       User-defined format.
  • -w              Wide output.

comm            COMMAND command name (only the executable name).

args              command with all its arguments as a string.

%mem          ratio to the physical memory on the machine

vsz        VSZ      virtual memory size of the process in KiB (1024-byte units).

e.g.

ps -eo pid,comm,%cpu,cgroup --sort cgroup | grep lxc

30883 apache2          0.0  8:perf_event:/lxc/lamp?7:blkio:/lxc/lamp?6:freezer:/lxc/lamp?5:devices:/lxc/lamp?4:memory:
 /lxc/lamp?3:cpuacct:/lxc/lamp?2:cpu:/lxc/lamp?1:cpuset:/lxc/lamp
31406 apache2          0.0  8:perf_event:/lxc/lamp?7:blkio:/lxc/lamp?6:freezer:/lxc/lamp?5:devices:/lxc/lamp?4:memory:
 /lxc/lamp?3:cpuacct:/lxc/lamp?2:cpu:/lxc/lamp?1:cpuset:/lxc/lamp

ps -eo cgroup,pid,comm --sort cgroup | grep smbd

-                            9624 smbd
-                            9626 smbd
-                            9628 smbd

 


Useful opts

 

# display security context format (NSA SELinux, etc.)

# -Z

ps -weZ | grep ssh

user_u:system_r:initrc_t        10506 ?        00:00:00 sshd
user_u:system_r:initrc_t        11067 ?        00:00:00 sshd
user_u:system_r:initrc_t        11069 ?        00:00:00 sshd

# Select by command name

# -C cmdlist

ps -C php-cgi

  PID TTY          TIME CMD
  415 ?        00:00:00 php-cgi
  421 ?        00:00:00 php-cgi
  422 ?        00:00:00 php-cgi
  423 ?        00:00:00 php-cgi
  424 ?        00:00:00 php-cgi

 


PROCESS STATE CODES

 

FLAG:

D    uninterruptible sleep (usually IO)
R    running or runnable (on run queue)
S    interruptible sleep (waiting for an event to complete)
T    stopped, either by a job control signal or because it is being traced.
W    paging (not valid since the 2.6.xx kernel)
X    dead (should never be seen)
Z    defunct ("zombie") process, terminated but not reaped by its parent.

For BSD formats and when the stat keyword is used, additional characters may be displayed:

<    high-priority (not nice to other users)
N    low-priority (nice to other users)
L    has pages locked into memory (for real-time and custom IO)
s    is a session leader
l    is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+    is in the foreground process group.

e.g.

clamav    6549  1.7 91.4 438936 352540 ?       Dl   12:43   0:23 /usr/sbin/clamd

 


Threads

 

To get info about threads:

   ps -eLf
   ps axms

THREAD DISPLAY

-L # Show threads, possibly with LWP and NLWP columns

-m # Show threads after processes

 

 


D state

 

D state => * non-inturuptable sleep states
(often related to waiting for data from hardware such as a hard disk. )

D 後面的 + / -

+ = in foreground process group

stuck on D state

This is the dreaded un-interruptible (TASK_UNINTERRUPTIBLE) state of a process. This is the state where the process doesn't react to signals until what it started to wait for, gets done.

An uninterruptable process is a process which happens to be in a system call (kernel function) that cannot be interrupted by a signal.

The classic example is read(). This is a system call that can take a long time (seconds) since it can potentially involve spinning up a hard drive, or moving heads. During most of this time, the process will be sleeping, blocking on the hardware.

While the process is sleeping in the system call, it can receive a unix asynchronous signal

INTERRUPTIBLE 與 UNINTERRUPTIBLE

TASK_INTERRUPTIBLE, the interruptible sleep. If a task is marked with this flag, it is sleeping, but can be woken by signals. This means the code which marked the task as sleeping is expecting a possible signal, and after it wakes up will check for it and return from the system call. After the signal is handled, the system call can potentially be automatically restarted

TASK_UNINTERRUPTIBLE, the uninterruptible sleep. If a task is marked with this flag, it is not expecting to be woken up by anything other than whatever it is waiting for, either because it cannot easily be restarted, or because programs are expecting the system call to be atomic.

hard disk error => sync 都有事 ..

 


有用的 opts

 

-e     Select all processes.  (Identical to -A)( # PID TTY TIME CMD )

ps -e

-f     Do full-format listing. (# UID PID PPID C STIME TTY TIME CMD)

         ps -ef

-F     Extra full format. ( # UID PID PPID C SZ RSS PSR STIME TTY TIME CMD)

          ps -eF

-l     Long format (displays the nice values)

F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0 12279 12278  0  80   0 - 28889 do_wai pts/1    00:00:00 bash
0 R     0 12320 12279  0  80   0 - 38309 -      pts/1    00:00:00 ps
  • PRI      priority of the process.  Higher number means lower priority.
  • NI       nice value. This ranges from 19 (nicest) to -20 (not nice to others)

-y    Do not show flags (WCHAN); show rss in place of addr(ADDR).

          ps -ely

-j     Jobs format. (PGID(process group leader ID) SID(session leader ID))

-H    Show process hierarchy (forest).

          ps -ejH

i.e.

ps -eo euser,ruser,suser,fuser,f,comm,label

ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm