1 / 20

Observing Linux Behavior

Observing Linux Behavior. Goals: learn to use the /proc system understand how to read kernel data. Kernel Data. Kernel is a collection of data structures and functions Collective kernel variables define state of OS Each externally invoked function (sys call)

kellsie
Download Presentation

Observing Linux Behavior

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Observing LinuxBehavior Goals: learn to use the /proc system understand how to read kernel data

  2. Kernel Data • Kernel is a collection of data structures and functions • Collective kernel variables define state of OS • Each externally invoked function (sys call) • Provides a prescribed service • Causes the system state to change (kernel variables change)

  3. Kernel Data • Kernel variables • Include structures that represent processes, files, allocated memory, CPU info • May be on system stack or in static memory • Many variables are global • Most are C struct’s • All kernel variables mentioned here are from kernel version 2.2.12. Most recent version of the kernel is 2.6.x

  4. Kernel Data • Kernel variables • Most are defined in C header files (include or .h) in the Linux source code tree • Conventional location for kernel source is: /usr/src/linux • Most include files in …./linux/include • Contents of the include directory include directories: asm-generic, asm-i386, linux, net, scsi, video, … • All machine-independent include files kept in the linux subdirectory • Most machine-dependent include files kept in asm-i386

  5. Kernel Data • Kernel variables • Data structure for process descriptor (in include/linux/sched.h): struct task_struct{ /* these are hardcoded – don’t touch */ volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ … int pid; … uid_t uid, …; gid_t gid, …; … } Volaitile means that the variable is changed by other code; don’t optimize this variable! Uid is the id of the user that owns this process.

  6. Kernel Data • Kernel variables • Source code file kernel/sched.c contains a declaration: struct task_struct *task[NR_TASKS] = {&init_task,}; • The task kernel array variable is the pointer to all of the process descriptors. • If you could access kernel data structures, could search for the record of process 1234 by finding task[i]->pid == 1234

  7. Kernel Data • Kernel variables • Other declarations in include/kernel/sched.c: • long tick which defines the amount of time between timer interrupts • struct timeval xtime which is the current system time • Other declarations in include/kernel/fork.c: • int nr_tasks number of tasks in existence • int nr_running number of tasks in running state

  8. Last time file was accessed Last time file was modified Time file was created Kernel Data • Kernel variables • declarations in .../linux/fs/buffer.c: • hash_table keeps the file descriptors (inodes) • Each hash table entry includes a struct inode *inode field which is defined in …/linux/include/fs.h as: struct inode{ … uid_t i_uid; gid_t i_gid; … time_t i_atime; time_t i_mtime; time_t i_ctime; };

  9. Kernel Data • Kernel variables • declarations in .../linux/fs/file_table.c: • Static struct file *inuse_filps points to a list of all file descriptors in the system. • The struct file definition appears in …/linux/include/fs.h as: struct file{ struct file *f_next, *f_prev; … mode_t f_mode; … struct dentry *f_dentry; struct file_operations *f_op; … };

  10. Kernel Data • Kernel variables • declarations in .../linux/fs/file_table.c: • Static struct file *inuse_filps points to a list of all file descriptors in the system. • You can follow the f_next pointer and inspect each file descriptor in the system. • Each pointer keeps • the protection mode (f_mode), • A pointer to the indone (via the f_dentry pointer) • And the list of routines to operate on the file

  11. Kernel Data • Kernel variables • declarations in .../linux/mm/…: • contain code and declarations of kernel variables used to implement the memory manager. • Declareations in …/linux/fs/… • Contain code and declarations of kernel variables used to implement the file manager.

  12. /proc • the /proc file system • available in Linux, Solaris, other UNIX • allows easy inspection of kernel variables • means of inspecting the address space of a child process • the child process address space is mapped into the kernel • your parent process can then examine the kernel space • /proc can also be used to collect information about processes (not in 4.4 BSD, however)

  13. /proc • the /proc file system • is an OS mechanism • its interface appears as a directory in the UNIX file system (its in the / directory) • you can change to this directory using cd • can list the contents of /proc using ls • you can “read” a file using cat • you can find out what files are available by searching the man pages: man proc

  14. /proc • the /proc file system • a file in the /proc directory is actually a program that reads kernel variables and returns them as ASCII strings • some of these routines read kernel tables only when the routine is opened • others read the tables each time the file is read

  15. /proc • the /proc file system • each file in /proc reads one or more kernel variable • the subdirectories with numeric names contain more pseudo files • the files provide info about the process whose PID is the same as the directory name • the subdirectory self contains process-specific info for the process that is using /proc

  16. /proc • the /proc file system • Read files in /proc just like an ordinary ASCII file • Example: bash$ cat /proc/version Linux version 2.2.12 (gcc version egcs-2.91.66 … • To read a file, open the file and then use stdio library functions like fgets( ) or fscanf( ) to read the file.

  17. project 2 • Write a program • that receives 1, 2, or 4 command line parameters (including the program name). • your program will open and read the /proc file system and write out data • what is written depends on the command line parameters • if there are 4 command line parameters have to calculate a load average

  18. project 2 • Organization of the solution • Read in the command line parameters and determine what information you need • Print the time of day and hostname • Read the /proc file system and obtain the necessary information • Print the information • If necessary, compute a load average

  19. project 2 • printing out time and the host name of the machine #include <sys/time.h> … struct timeval now; … // determine the number of command line args … gettimeofday(&now,NULL) // Get the time of day printf(“Status report type %s at %s \n”, repTypename, ctime(&(now.tv_sec))); // Get the host filename and print it thisProcFile = fopen(“/proc/sys/kernel/hostname”, “r”); fgets(lineBuf, LB_SIZE + 1, thisProcFile); printf(“Machine hostname: %s\n”,lineBuf); fclose(thisProcFile); defined in sys/time.h: struct timeval{ long tv_sec; long tv_usec; }; ctime is a system call that takes a pointer to a time_t (which is a long) and returns the date and time in readable format. See BLP book.

  20. project 2 • Next, read /proc and print out the proper information. • If necessary, compute load average • sleep for a while • wake up and sample the current load average • go back to sleep • use the command line parameters: ksamp -l 2 60 • means sample the kernel table every 2 seconds • continue this sampling for 60 seconds • the machine must be doing some work; icsun should be busy already, you’ll have to do some work while sampling on a Linux box. • print out the load

More Related