Analysis of / proc virtual file system in Linux system

Time:2020-6-29

The Linux kernel provides a mechanism to access the internal data structure of the kernel and change the kernel settings at runtime through the / proc file system. Although the basic concept of the / proc file system of Linux system on various hardware platforms is the same, this paper only discusses the Linux / proc file system based on Intel x86 architecture.

/Proc — a virtual file system
/The proc file system is a mechanism used by the kernel and kernel modules to send information to a process (so called / proc). This pseudo file system allows you to interact with kernel internal data structures, get useful information about processes, and change settings (by changing kernel parameters) during the fly. Unlike other file systems, / proc exists in memory rather than on the hard disk. If you look at the file / proc / mounts (listing all mounted file systems as the mount command), you’ll see a line like this:

Copy code

The code is as follows:

grep proc /proc/mounts
/proc /proc proc rw 0 0

/The proc is controlled by the kernel, and there is no device carrying / proc. Because / proc mainly stores state information controlled by the kernel, the logical location of most of this information is located in the memory controlled by the kernel. If you run ‘LS – L’ on / proc, you can see that most of the files are 0 bytes in size; however, when you look at these files, you can see some information. How could that be possible? This is because the / proc file system, like other regular file systems, registers itself with the virtual file system layer (VFS). However, until VFS calls it and requests i-nodes of files and directories, the / proc file system does not establish the corresponding files and directories according to the information in the kernel.

 
Load proc file system
If the proc file system has not been loaded in the system, you can load the proc file system through the following command:

Copy code

The code is as follows:

mount -t proc proc /proc

The above command will successfully load your proc file system. Read the man page of the mount command for more details.
 

 
View the file for / proc
/The proc file can be used to access information about the state of the kernel, the properties of the computer, and the state of the running process. Most of the files and directories in / proc provide up-to-date information about the system’s physical environment. Although the files in / proc are virtual, they can still be viewed using any file editor or programs like ‘more’, ‘less’, or’ cat ‘. When an editor tries to open a virtual file, the file is created on the fly through information in the kernel. Here are some interesting results I got from my system:

Copy code

The code is as follows:

$ ls -l /proc/cpuinfo
-r–r–r– 1 root root 0 Dec 25 11:01 /proc/cpuinfo
$ file /proc/cpuinfo
/proc/cpuinfo: empty
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 6
cpu MHz : 1000.119
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
sep_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 mmx fxsr xmm
bogomips : 1998.85
processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 6
cpu MHz : 1000.119
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
sep_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 mmx fxsr xmm
bogomips : 1992.29

This is a result from a dual CPU system. Most of the above information clearly shows the useful hardware information of this system. Some / proc files are encoded, and different tools can be used to interpret the encoded information and output it in readable form. Such tools include: ‘top’, ‘PS’,’ APM ‘, etc.
 

 
Get useful system / kernel information

The proc file system can be used to collect useful information about the system and the running kernel. Here are some important documents:

/Proc / cpuinfo – CPU information (model, family, cache size, etc.)
/Proc / meminfo – information about physical memory, swap space, etc
/Proc / mounts – list of mounted file systems
/Proc / devices – list of available devices
/Proc / filesystems – supported filesystems
/Proc / modules – loaded modules
/Proc / version – kernel version
/Proc / CmdLine – kernel command line parameters entered at system startup
There are more files in proc than listed above. Readers who want to know more can ‘more’ each file of / proc or read reference [1] for more information about the files in the / proc directory. I recommend using ‘more’ instead of ‘cat’, unless you know that the file is very small, because some files (such as kcore) can be very long.
 

 
Information about running processes
/The proc file system can be used to obtain information about the running process. Some of the / proc subdirectories are numbered. Each numbered directory corresponds to a process ID (PID). In this way, each running process / proc has a directory named after its PID. These subdirectories contain files that provide important details about the state of the process and the environment. Let’s try to find a running process.

Copy code

The code is as follows:

$ ps -aef | grep mozilla
root 32558 32425 8 22:53 pts/1 00:01:23 /usr/bin/mozilla

The above command shows that there is a running Mozilla process with a PID of 32558. Correspondingly, there should be a directory named 32558 in / proc

Copy code

The code is as follows:

$ ls -l /proc/32558
total 0
-r–r–r– 1 root root 0 Dec 25 22:59 cmdline
-r–r–r– 1 root root 0 Dec 25 22:59 cpu
lrwxrwxrwx 1 root root 0 Dec 25 22:59 cwd -> /proc/
-r——– 1 root root 0 Dec 25 22:59 environ
lrwxrwxrwx 1 root root 0 Dec 25 22:59 exe -> /usr/bin/mozilla*
dr-x—— 2 root root 0 Dec 25 22:59 fd/
-r–r–r– 1 root root 0 Dec 25 22:59 maps
-rw——- 1 root root 0 Dec 25 22:59 mem
-r–r–r– 1 root root 0 Dec 25 22:59 mounts
lrwxrwxrwx 1 root root 0 Dec 25 22:59 root -> //
-r–r–r– 1 root root 0 Dec 25 22:59 stat
-r–r–r– 1 root root 0 Dec 25 22:59 statm
-r–r–r– 1 root root 0 Dec 25 22:59 status

The file “CmdLine” contains the command line that is called when the process is started. The environment of the “envir” process changes. “Status” is the status information of the process, including the user ID (uid) and group ID (GID) of the user who started the process, the parent process ID (PPID), and the current status of the process, such as “sleeping” and “running”. Each process directory has several symbolic links, “CWD” refers to the symbolic link to the current working directory of the process, “exe” refers to the executable program of the running process, “root” refers to the directory that is regarded as the root directory by this process (usually “/”). The directory “FD” contains a link to the file descriptor used by the process. “CPU” only appears when running the SMP kernel, which is the process time divided by CPU.
 

/Proc / self is an interesting subdirectory, which makes it easy for programs to use / proc to find the information of this process. /Proc / self is a symbolic link to the directory of the PID corresponding to the process accessing / proc in / proc.

 
Interact with kernel through / proc

Most of the / proc files discussed above are read-only. In fact, the / proc file system provides an interactive mechanism for the kernel through the readable and writable files in / proc. Writing these files can change the state of the kernel, so be careful about changing them. /The proc / sys directory is the directory where all the read and write files are stored. It can be used to change the kernel behavior.

/Proc / sys / kernel – this directory contains information about anti generic kernel behavior. /Proc / sys / kernel / {domainname, hostname} holds the domain name and hostname of the machine / network. These files can be used to modify these names.

Copy code

The code is as follows:

$ hostname
machinename.domainname.com
$ cat /proc/sys/kernel/domainname
domainname.com
$ cat /proc/sys/kernel/hostname
machinename
$ echo “new-machinename” > /proc/sys/kernel/hostname
$ hostname
new-machinename.domainname.com

In this way, by modifying the files in the / proc file system, we can change the host name. Many other configurable files exist in / proc / sys / kernel /. It’s impossible to list all of these files here. Readers can go to this directory for more details.
Another configurable directory is / proc / sys / net. The files in this directory can be used to modify the network properties of the machine / network. For example, by simply modifying a file, you can be addicted to a hidden computer on the Internet.

Copy code

The code is as follows:

$ echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

This will hide your machine on the Internet because it doesn’t respond to ICMP_ echo。 The host will not respond to Ping queries from other hosts.

Copy code

The code is as follows:

$ ping machinename.domainname.com
no answer from machinename.domainname.com

To change back to the default settings, simply

Copy code

The code is as follows:

$ echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

/There are many other things under proc / sys that can be used to change kernel properties. Readers can get more information through reference [1], [2].
 

conclusion
/The proc file system provides a file based Linux internal interface. It can be used to determine the status of various devices and processes in the system. Configure them. Therefore, understanding and applying knowledge about this file system is the key to understanding your Linux system.