结论
节省大家时间,抛出结论:
[ ]括起来的进程属于内核进程,无cmdline无[ ] 为用户进程,有cmdline
缘起
在我们用ps/top查看进程的时候在COMMAND一列,会发现有些进程被[ ]括起来或者kwork/0:,而有些没有。 具体如下: ![在这里插入图片描述](https://img-blog.csdnimg.cn/20200701141901612.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NDIwNzk4NQ==,size_16,color_FFFFFF,t_70) ![在这里插入图片描述](https://img-blog.csdnimg.cn/20200701141953247.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NDIwNzk4NQ==,size_16,color_FFFFFF,t_70)
直接原因
man top查看下说明 man ps 查看一下 意思就是:因为没有command line所以才会用[ ]括起来 以进程1和2为例 直接看就是cmdline这个文件没有内容
root@tty-Ubuntu:/proc# cat 1/cmdline
/sbin/initsplashroot@tty-Ubuntu:/proc# cat 2/c
cgroup clear_refs cmdline comm coredump_filter cpuset cwd/
root@tty-Ubuntu:/proc# cat 2/cmdline
root@tty-Ubuntu:/proc#
打印深入追究
利用busybox的源码进行分析 ![在这里插入图片描述](https://img-blog.csdnimg.cn/20200701150658393.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NDIwNzk4NQ==,size_16,color_FFFFFF,t_70) ![在这里插入图片描述](https://img-blog.csdnimg.cn/20200701151225414.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NDIwNzk4NQ==,size_16,color_FFFFFF,t_70)
遍历了所有进程,并构建描述结构体在display_process_list中遍历描述结构体,并依序打印通过read_cmdline,获取并打印进程名
void FAST_FUNC read_cmdline(char *buf, int col, unsigned pid, const char *comm)
{
int sz;
char filename[sizeof("/proc/%u/cmdline") + sizeof(int)*3];
sprintf(filename, "/proc/%u/cmdline", pid);
sz = open_read_close(filename, buf, col - 1);
if (sz > 0) {
const char *base;
int comm_len;
buf[sz] = '\0';
while (--sz >= 0 && buf[sz] == '\0')
continue;
/* Prevent basename("process foo/bar") = "bar" */
strchrnul(buf, ' ')[0] = '\0';
base = bb_basename(buf); /* before we replace argv0's NUL with space */
while (sz >= 0) {
if ((unsigned char)(buf[sz]) < ' ')
buf[sz] = ' ';
sz--;
}
if (base[0] == '-') /* "-sh" (login shell)? */
base++;
/* If comm differs from argv0, prepend "{comm} ".
* It allows to see thread names set by prctl(PR_SET_NAME).
*/
if (!comm)
return;
comm_len = strlen(comm);
/* Why compare up to comm_len, not COMM_LEN-1?
* Well, some processes rewrite argv, and use _spaces_ there
* while rewriting. (KDE is observed to do it).
* I prefer to still treat argv0 "process foo bar"
* as 'equal' to comm "process".
*/
if (strncmp(base, comm, comm_len) != 0) {
comm_len += 3;
if (col > comm_len)
memmove(buf + comm_len, buf, col - comm_len);
snprintf(buf, col, "{%s}", comm);
if (col |