Hardware and the Kernel
The part of the system that probably causes the most problems and results in the
greatest number of calls to Linux hotlines is hardware,
For those of you who have watched the system boot,
you may already be familiar with what I call the hardware or boot screen
(which actually consists of several screens). This gives you a good overview to
what kind of hardware you have on your system and how it is configured. Because
many hardware problems are the result of misconfigured hardware, knowing what
the system thinks about your hardware configuration is very useful.
Fortunately, we don't need to boot
every time we want access to this information. As the system boots (as well as
at other times), the kernel writes to system log files. In
the case of the messages you see at boot, this file might be /var/log/messages,
/usr/adm/messages, or /usr/var/messages. You can also get a dump of these messages using the dmesg command.
Supplementary to this are the files under /proc. If you look at your
mount table (using the mount command), you will see that
this is a mounted file system. However, you will also note that no physical
device is associated with it. However, it behaves just like a normal file
system, with a number of directories and files, even though none of the files
actually exist. When someone accesses this "file system," the appropriate VFS
structures are filled and the appropriate information is delivered.
You find two basic types of information via the files in /proc. First, you
can get a lot of kernel information by reading the files in
this directory. On many systems, the only way to access this information is to
read the device /dev/kmem (the kernel memory device) directly. Here, all you
need to do is run
to be able to read the various information.
In addition to these files, there is one subdirectory
for each process on the system. The name of the directory is the process ID of
the respective process.
- cpuinfo: Various information about the CPU,
such as the manufacturer, model (SX/DX), integrated NPU, etc.
- devices: A list of block and character devices configured into the
along with their major number.
- dma: Devices and their dma channels.
- filesystem: File system drivers in the kernel.
- interrupts: A list of interrupts and the total number of interrupts on that
- kcore: The physical memory
of the system. Same format as a core file. The size of this file is the same as
physical memory, plus a 4Kb header to make it look like a
- kmsg: Often used instead of the
syslog() system call to log kernel messages.
To access this file, a process must have
root privileges. If the syslog process is running, this file should not
- ksysms: A list of kernel symbols.
- loadavg: Load average. This is the same information produced by uptime.
- meminfo: Memory information in
bytes including free memory, user memory, and swap.
- module: An ASCII list of kernel modules.
- net: Subdirectory containing information about the network
- self: The process currently accessing the /proc FS and is linked to directory with the
- stat: Various statistics about the system, including time CPU spent in
pages brought in and out from the disk, number of swap pages brought in and out, number of
interrupts since boot, number of context switches and the boot time.
- uptime: Amount of time system has been up and time spent in the idle process.
- version: Version information.
In each process subdirectory
are several files and one directory.
- cmdline: Complete command line
for the process.
- cwd: Current working directory of the process.
- environ: Environment for the process.
- exe: A link to the executable that started that process.
- fd: A subdirectory that contains one entry for each file that the process
has opened. Each entry i s the file descriptor that the
process is using.
- maps: Memory mappings the process uses.
- mem: Memory of the process.
- root: Pointer to the root directory of the process.
- stat: Status information about the process. This file is mostly just
numbers (with the exception of the executables name and the status). In
general, this is the same information you would get from running ps, with
- pid: The process ID.
- comm: The commands (executables)
- state: Process state, such as R, running; S, sleeping in an
interruptible wait; D, sleeping in an uninterruptible wait or swapping; Z,
zombie; and T, traced or stopped (on a signal).
PID of the parent.
- pgrp: Process group ID of the
- session: Session ID of the process.
- tty: The tty the process
- tpgid: Process group ID of the process that currently owns the tty to
which the process is connected.
- flags: Flags of the process.
- minflt: Number of minor faults (i.e., those that have not required loading a
memory page from disk).
- cminflt: Number of minor faults that the process and
it's children have made.
- majflt: Number of major faults (i.e., those that
require loading a memory page from disk).
- cmajflt: Number of major faults
that the process and it's children have made.
- utime: Number of jiffies (10 milliseconds) that this process has
been scheduled in user mode.
- stime: Number of jiffies that this process has been scheduled in
- cutime: Number of jiffies that this process and it's children have been
scheduled in user mode.
- cstime: Number of jiffies that this process and it's
children have been scheduled in kernel mode.
- counter: Current maximum size in jiffies of the process's next
time slice, of what is currently left of its current time
slice, if it is the currently running process.
- priority: Standard
nice value, plus 15. The value is never negative in the
- timeout: Time in jiffies of the process's next timeout.
- itrealvalue: Time in jiffies before the next SIGALRM is sent to the process
due to an interval timer.
- starttime: Time the process started in jiffies
after system boot.
- vsize: Virtual memory size.
- rss: (Resident set size) Number of pages the process has in
physical memory, minus three for administrative purposes.
- rlim: Current limit in bytes on the RSS of the process (usually 2,147,483,647).
- startcode: Address above which program text
- endcode: Address below which program text can run.
- startstack: Address of the start of the stack.
- kstkesp: Current value of esp (32-bit stack pointer), as found in the kernel
stack page for the process.
- kstkeip: Current EIP
(32-bit instruction pointer).
- signal: Bitmap of pending signals.
- blocked: Bitmap of blocked signals (usually 0; 2 for shells).
- sigignore: Bitmap of ignored signals.
- sigcatch: Bitmap of catched signals.
- wchan: The wait channel
of the process.
- statm: Additional status information that takes longer to gather and is
used less often.
- size: Total number of pages that the process has
mapped in virtual memory (whether or not they are in
- resident: Total number of pages the process has in memory;
should equal the RSS field from the stat file.
- shared: Total number of pages
that this process shares with at least one other process.
- trs: (Text
Resident Size) Total number of text pages the process has in physical memory.
(Does not include any shared library. )
- lrs: (Library
Resident Size) Total number of library pages the process has in physical memory.
- drs: (Data Resident Size) Total number of data pages the process has in
- dt: Number of library pages that have been accessed.
Access to this information is useful when you run into problems on your
system. System slowdowns, for example, are difficult to track down. Using ps,
you can get a feel for what is on your system. Sometimes, ps will show you what process is running but not what it is doing. With a little practice, the files
and directories in /proc can.