Creating zombies Flashcards
Processes are a very complex but important topic for…?
understanding how Linux works.
Most people think init is the mother of all processes, but that’s…?
not 100% correct.
(init is created by a process, which is called the idle process or swapper process. This process 0 actually is a kernel thread, which is created once the kernel enters its initialization phase. This process initializes data structures needed by the kernel and then creates a new kernel thread called process 1, which is the init process. Once this is done, process 0 executes cpu_idle(), henceforth it’s only executed by the scheduler when no other process is running.)
the new kernel thread shares all data structures with process 0.The following call of the init() function finishes initialization of the kernel and loads the init executable from disk into the current process invoking the execve() system call. Once the current process’s data structure is replaced with the new program, it becomes a regular process with….?
PID 1, known as process 1 or init, respectively.
Linux distinguishes between…?
programs and processes.
A process is a…?
slot for executing a program. Therefore, it’s a program in execution whereas a program is just a set of commands, which can be executed in a process. This also means that a process doesn’t have to belong to one specific program and actually, new processes are always created by copying it and replacing the program of the new child process.
New processes are children of…?
init, but also each other program can create its own children. A new program can be loaded into the new process by execve().
To span new processes, three main syscalls are used:
- vfork(): This creates a copy of the current process, which shares all data structures with the parent process. The parent process itself is suspended until the child terminates. This syscall is hardly used because it blocks the parent process and can lead to data inconsistencies due to data sharing.
- clone(): clone() creates a new “lightweight” process. Lightweight processes are Linux’s implementation of multithreading. With clone() a new process is created within a thread group. All processes within this group synchronize their data with each other and can be executed concurrently. Technically, lightweight processes have different PIDs, but due to the UNIX standard the PID returned by getpid() is the thread group ID which is equal to the PID of the first lightweight process in that group.
- fork(): This syscall is mostly used for spawning new processes. Created children are more or less independent from their parent processes and have their own memory pages. fork() returns 0 if the current execution flow is in the child process otherwise the child’s PID.
Copying processes can be very expensive and therefore Linux uses….?
copy-on-write mechanisms.
Once a new process is created, both, parent and child, share the same physical memory until one of them does…?
some modification.
The modified data is then written to…?
new physical memory pages, so the data remains unchanged for the second process.
When a process has finished, it dies. That means that the kernel can…?
reuse all the memory used by that process. But the process does not vanish immediately. Its process descriptor (which contains information about this process) is still kept in memory.
When a process dies, its process status is set to….?
EXIT_ZOMBIE and the parent is notified with a SIGCHLD signal that one of its children has died.
. The zombie process will remain in memory until the parent reacts with a…?
wait4() or wait()/waitpid() syscall. Normally, this happens immediately, so the kernel knows that everything is fine, the parent has noticed and got all information it probably needs and the process can be cleaned up. Such a process is then set to EXIT_DEAD and cleaned up. But in some situation the parent doesn’t invoke a wait4() syscall. In that case the zombie process will stay in memory forever. Most of the time this happens due to faulty programming. You can examine zombie processes on your system with top. The number of zombies in memory is listed in the upper right corner. Another way is to use ps, which lists all processes running right at the moment. Zombie processes are marked with Z in the STAT column and have appended to their command listing. To list all zombies, run
ps axo user,pid,ppid,command,s | grep -w Z$
how to clean up zombie processes. Well, you can’t kill them since they’re already dead. There are only two ways to get rid of those…..?
The first is to send a SIGCHLD signal manually to the parent:
kill -CHLD
but in most cases this is not successful because the parent just ignores the signal. Another way is to make the zombie an orphan. Orphan processes are processes which don’t have parents anymore. Those processes are then assigned to init, which becomes their new parent. init regularly invokes wait() calls and cleans up all orphan processes. So when you kill the parent process, you kill all zombie children indirectly.
Zombies shouldn’t be a big problem since they hardly consume memory because…?
only the process descriptor is kept in memory.
(However, if, e.g., a server program creates zombies, they could become a real danger if your system is flooded with requests.)
