Linux security strategy-zombie process-general Linux technology-Linux programming and kernel information. The following is a detailed description. I. Process concept:
When running any UNIX/Linux Command, shell will create at least one process to run the command (this process is also called the parent process ), therefore, any program running in UNIX/Linux systems can be called a process. But the process is not a program, the process is dynamic, and the program is static, in addition, multiple processes (except the parent process and other sub-processes) can concurrently call the same program.
Every process in the system contains a task_struct data structure. All pointers to the data structure form a process Vector Array. The default process vector data size is 512, indicates that the system can accommodate 512 processes at the same time. The task_struct data structure of a process includes the status, scheduling information, process identifier, and other information of the process.
Because a UNIX system is a multi-process operating system, every process is independent and has its own permissions and tasks. Therefore, when a process fails, no other process will fail. The system uses process identifiers to identify different processes. Process identifiers are non-negative Positive numbers and are unique at any time. When a process ends, the process identifier can be assigned to another new process. The system assigns identifier 0 to the scheduling process, and identifier 1 to the initialization process.
Birth: fork () in programming. Mom and Dad (parent process) Let the child (child process) be born and inherit everything from the parent. We can also regard it as a clone.
Life: With exec (), a child grows up (new process), and is independent from home, started a career serving the people.
Death: a person is dead, and the process is the same. It can be a natural death, that is, the last "}" that runs to the main function. It can also be a suicide, there are two ways to commit suicide. One is to call the exit function, and the other is to use return in the main function. Either way, it can leave a suicide note, stored in the returned value; it can even be murdered and ended by another process in another way (this is a little different from the human, in the process, if the parent process is dead, all the sub-processes created by him will also die together ).
Burial method after death: this process is also necessary. It cannot be said that a person does not care about him or move the body away after death! :) After the process dies, a zombie will be left behind. The wait () function acts as a zombie and pushes the zombie to the cremation, making it invisible.
This is the complete life of the process.
A process uses many resources, including the most valuable CPU resources, during running. When a process occupies CPU resources, other processes must wait for the idle CPU of the running process to run, because many processes are waiting, the kernel uses the scheduling algorithm to determine which process the CPU is allocated. After the concept is clear, let's take a look at the several States of processes in Linux.
Ii. Basic Process status in Linux:
1. Execution (R) status: the CPU is being executed, that is, the process is occupying the CPU.
2. Ready (W) Status: all conditions for the execution of the Process, waiting for the CPU to be allocated to the processing time slice.
3. Stop (S) status: the process cannot use the CPU.
We can see that in Linux, the process has three States normally, but there will be one more State under special circumstances. This is what we will talk about: Zombie) ". Next, we will explain the process management carefully.
3. Process Management in Linux
There are two management methods: how to start a process and how to schedule a process.
1. Start the process
Enter the program name of the program to be run and execute a program. In fact, a process is started. In Linux, each process has a PID for system identification and scheduling. There are two main ways to start a process: Manual start and scheduling start. The latter is set in advance and started according to user requirements. If you run a command to directly start a process, you can manually start the process. However, manual process startup can be divided into many types. The actual results vary depending on the type and nature of the started process.
(1) Foreground startup
Foreground startup is the most common way to manually start a process. Generally, the user enters a command "test", which starts a process on the foreground. At this time, the system is already in a multi-process state. Many processes running in the background and automatically started at system startup are quietly running. If a user enters the "test" command and then uses "ps-x" to check the process, but does not find it because the process ends too fast, when you use ps to view the progress, the process has ended. So if you want to see the process, you have to enter a time-consuming program, which we will talk about below.
(2) Background startup
Manual start of a process from the background is rarely used, unless the process is time-consuming and the user is not in a rush to get results. Assume that you want to start a process that requires a long time to run to format text files. To prevent the entire shell from being paralyzed during the formatting process, it is wise to start the process from the background.
2. Process Scheduling
When a foreground process needs to be interrupted, the Ctrl + c key combination is usually used. However, a background process cannot be solved by a key combination. In this case, the kill command must be used. this command can terminate background processes. there are many reasons for terminating the background process, maybe the process takes too much CPU time, or the process has crashed. this situation often occurs. The operating principle of the Kill command is to send a system operation signal and the process ID of a program to the Linux kernel, and then the system kernel can operate the process specified by the process ID number.
Now that you are familiar with the basic concepts of processes, you will ask what the so-called "zombie process" is "?, Under what circumstances will a zombie process be generated, and how can we kill it? Don't worry. Let's get familiar with programming about Linux processes first.
First, I will introduce several very important functions:
