task_struct

task_struct结构体定义在include/linux/sched.h

任务状态

unsigned int			__state;
int				exit_state;
int				exit_code;
int				exit_signal;

__state成员可能的取值如下：

/*
 * Task state bitmask. NOTE! These bits are also
 * encoded in fs/proc/array.c: get_task_state().
 *
 * We have two separate sets of flags: task->state
 * is about runnability, while task->exit_state are
 * about the task exiting. Confusing, but this way
 * modifying one set can't modify the other one by
 * mistake.
 */

/* Used in tsk->state: */
#define TASK_RUNNING			0x0000
#define TASK_INTERRUPTIBLE		0x0001
#define TASK_UNINTERRUPTIBLE		0x0002
#define __TASK_STOPPED			0x0004
#define __TASK_TRACED			0x0008
/* Used in tsk->exit_state: */
#define EXIT_DEAD			0x0010
#define EXIT_ZOMBIE			0x0020
#define EXIT_TRACE			(EXIT_ZOMBIE | EXIT_DEAD)
/* Used in tsk->state again: */
#define TASK_PARKED			0x0040
#define TASK_DEAD			0x0080
#define TASK_WAKEKILL			0x0100
#define TASK_WAKING			0x0200
#define TASK_NOLOAD			0x0400
#define TASK_NEW			0x0800
/* RT specific auxilliary flag to mark RT lock waiters */
#define TASK_RTLOCK_WAIT		0x1000
#define TASK_STATE_MAX			0x2000

/* Convenience macros for the sake of set_current_state: */
#define TASK_KILLABLE			(TASK_WAKEKILL | TASK_UNINTERRUPTIBLE)
#define TASK_STOPPED			(TASK_WAKEKILL | __TASK_STOPPED)
#define TASK_TRACED			(TASK_WAKEKILL | __TASK_TRACED)

#define TASK_IDLE			(TASK_UNINTERRUPTIBLE | TASK_NOLOAD)
/* Convenience macros for the sake of wake_up(): */
#define TASK_NORMAL			(TASK_INTERRUPTIBLE | TASK_UNINTERRUPTIBLE)
/* get_task_state(): */
#define TASK_REPORT			(TASK_RUNNING | TASK_INTERRUPTIBLE | \
					 TASK_UNINTERRUPTIBLE | __TASK_STOPPED | \
					 __TASK_TRACED | EXIT_DEAD | EXIT_ZOMBIE | \
					 TASK_PARKED)

__state可以取值5个互斥状态：

TASK_RUNNING：标志进程要么正在执行，要么正准备执行（已经就绪），正在等待CPU时间片。
TASK_INTERRUPTIBLE：进程因为等待一些条件而被挂起（阻塞）而所处的状态。
TASK_UNINTERRUPTIBLE：与TASK_INTERRUPTIBLE类似，但是不能通过接受一个信号或者一个外部中断来唤醒。只有等待的资源可用时，才能被唤醒。
__TASK_STOPPED：停止执行，当进程接收到SIGSTOP、SIGTIN、SIGTTIN或SIGOUT信号之后就会进入该状态。
__TASK_TRACED：表示进程被debug等进程监视，进程执行被调试所停止，当一个进程被另外的进程所监视，每一个信号都会让进程进入该状态。

exit_state在进程终止的时候可以达到这两种状态：

EXIT_ZOMBIE：进程的执行被终止，但是父进程还没有使用wait()等系统调用来获取它的终止信息，此进程成为僵尸进程。
EXIT_DEAD：进程的最终状态。

将进程置为睡眠状态

普通方法是将进程状态设置为TASK_INTERRUPTIBLE 或 TASK_UNINTERRUPTIBLE，并调用调度程序的schedule() 函数，这样会将进程中CPU运行队列中移除：

如果进程出于可中断模式的睡眠状态（通过将其状态设置为TASK_INTERRUPTIBLE），那么可以通过显式唤醒呼叫或需要处理的信号来唤醒它。
如果进程出于非可中断模式的睡眠状态（通过将其状态设置为TASK_UNINTERRUPTIBLE），那么只能通过显式的呼叫唤醒。除非万不得已，不然不建议将进程置为不可中断模式（比如在设备IO期间，处理信号非常困难时）。

新的睡眠方法：

TASK_KILLABLE：当进程处于这种可以终止的新睡眠状态中，它的运行原理类似于 TASK_UNINTERRUPTIBLE，只不过可以响应致命信号。

定义如下：

#define TASK_WAKEKILL			0x0100

/* Convenience macros for the sake of set_current_state: */
#define TASK_KILLABLE			(TASK_WAKEKILL | TASK_UNINTERRUPTIBLE)
#define TASK_STOPPED			(TASK_WAKEKILL | __TASK_STOPPED)
#define TASK_TRACED			(TASK_WAKEKILL | __TASK_TRACED)

换句话说，TASK_UNINTERRUPTIBLE + TASK_WAKEKILL = TASK_KILLABLE。

而TASK_WAKEKILL 用于在接收到致命信号时唤醒进程

新的睡眠状态允许 TASK_UNINTERRUPTIBLE 响应致命信号

进程状态转换图

任务ID

1 2	pid_t pid; pid_t tgid;

Unix系统通过pid来标识进程，linux把不同的pid与系统中每个进程或轻量级线程关联，而unix程序员希望同一组线程具有共同的pid，遵照这个标准linux引入线程组的概念。一个线程组所有线程与领头线程具有相同的pid，存入tgid字段，getpid()返回当前进程的tgid值而不是pid的值。

1	#define PID_MAX_DEFAULT (CONFIG_BASE_SMALL ? 0x1000 : 0x8000)

在CONFIG_BASE_SMALL配置为0的情况下，PID的取值范围是0到32767，即系统中的进程数最大为32768个。

任务标记

1 2	/* Per task flags (PF_), defined further below: / unsigned int flags;

反应进程状态信息，但不是运行状态，用于内核标识进程当前状态。

flags可能取值如下：

/*
 * Per process flags
 */
#define PF_VCPU			0x00000001	/* I'm a virtual CPU */
#define PF_IDLE			0x00000002	/* I am an IDLE thread */
#define PF_EXITING		0x00000004	/* Getting shut down */
#define PF_POSTCOREDUMP		0x00000008	/* Coredumps should ignore this task */
#define PF_IO_WORKER		0x00000010	/* Task is an IO worker */
#define PF_WQ_WORKER		0x00000020	/* I'm a workqueue worker */
#define PF_FORKNOEXEC		0x00000040	/* Forked but didn't exec */
#define PF_MCE_PROCESS		0x00000080      /* Process policy on mce errors */
#define PF_SUPERPRIV		0x00000100	/* Used super-user privileges */
#define PF_DUMPCORE		0x00000200	/* Dumped core */
#define PF_SIGNALED		0x00000400	/* Killed by a signal */
#define PF_MEMALLOC		0x00000800	/* Allocating memory */
#define PF_NPROC_EXCEEDED	0x00001000	/* set_user() noticed that RLIMIT_NPROC was exceeded */
#define PF_USED_MATH		0x00002000	/* If unset the fpu must be initialized before use */
#define PF_NOFREEZE		0x00008000	/* This thread should not be frozen */
#define PF_FROZEN		0x00010000	/* Frozen for system suspend */
#define PF_KSWAPD		0x00020000	/* I am kswapd */
#define PF_MEMALLOC_NOFS	0x00040000	/* All allocation requests will inherit GFP_NOFS */
#define PF_MEMALLOC_NOIO	0x00080000	/* All allocation requests will inherit GFP_NOIO */
#define PF_LOCAL_THROTTLE	0x00100000	/* Throttle writes only against the bdi I write to,
						 * I am cleaning dirty pages from some other bdi. */
#define PF_KTHREAD		0x00200000	/* I am a kernel thread */
#define PF_RANDOMIZE		0x00400000	/* Randomize virtual address space */
#define PF_SWAPWRITE		0x00800000	/* Allowed to write to swap */
#define PF_NO_SETAFFINITY	0x04000000	/* Userland is not allowed to meddle with cpus_mask */
#define PF_MCE_EARLY		0x08000000      /* Early kill for mce process policy */
#define PF_MEMALLOC_PIN		0x10000000	/* Allocation context constrained to zones which allow long term pinning. */
#define PF_FREEZER_SKIP		0x40000000	/* Freezer should not count it as freezable */
#define PF_SUSPEND_TASK		0x80000000      /* This thread called freeze_processes() and should not be frozen */

常用状态：

PF_FORKNOEXEC：进程刚被创建，但还没有执行
PF_SUPERPRIV：进程拥有超级用户特权
PF_SIGNALED：进程被信号杀出
PF_EXITING：进程开始关闭

任务亲属关系

/*
* Pointers to the (original) parent process, youngest child, younger sibling,
* older sibling, respectively.  (p->father can be replaced with
* p->real_parent->pid)
*/

/* Real parent process: */
struct task_struct __rcu	*real_parent;

/* Recipient of SIGCHLD, wait4() reports: */
struct task_struct __rcu	*parent;

/*
* Children/sibling form the list of natural children:
*/
struct list_head		children;
struct list_head		sibling;
struct task_struct		*group_leader;

在Linux系统中，所有进程之间都有着直接或间接地联系，每个进程都有其父进程，也可能有零个或多个子进程。拥有同一父进程的所有进程具有兄弟关系。

real_parent：指向其父进程，如果创建它的父进程不再存在，则指向PID为1的init进程
parent：指向其父进程，当它终止时，必须向它的父进程发送信号。它的值通常与real_parent相同
children：表示链表的头部，链表中的所有元素都是它的子进程
sibling：用于把当前进程插入到兄弟链表中
group_leader：指向其所在进程组的领头进程

ptrace系统调用

ptrace主要用于实现断点调试。一个被跟踪的进程运行中，直到发生一个信号。则进程被中止，并且通知其父进程。在进程中止的状态下，进程的内存空间可以被读写。父进程还可以使子进程继续执行，并选择是否是否忽略引起中止的信号。

unsigned int			ptrace;
/*
* 'ptraced' is the list of tasks this task is using ptrace() on.
*
* This includes both natural children and PTRACE_ATTACH targets.
* 'ptrace_entry' is this task's link on the p->parent->ptraced list.
*/
struct list_head		ptraced;
struct list_head		ptrace_entry;
/* Ptrace state: */
unsigned long			ptrace_message;
kernel_siginfo_t		*last_siginfo;

成员ptrace被设置为0时表示不需要被跟踪，可能取值如下：

/*
 * Ptrace flags
 *
 * The owner ship rules for task->ptrace which holds the ptrace
 * flags is simple.  When a task is running it owns it's task->ptrace
 * flags.  When the a task is stopped the ptracer owns task->ptrace.
 */

#define PT_SEIZED	0x00010000	/* SEIZE used, enable new behavior */
#define PT_PTRACED	0x00000001
#define PT_DTRACE	0x00000002	/* delayed trace (used on m68k, i386) */

#define PT_OPT_FLAG_SHIFT	3
/* PT_TRACE_* event enable flags */
#define PT_EVENT_FLAG(event)	(1 << (PT_OPT_FLAG_SHIFT + (event)))
#define PT_TRACESYSGOOD		PT_EVENT_FLAG(0)
#define PT_TRACE_FORK		PT_EVENT_FLAG(PTRACE_EVENT_FORK)
#define PT_TRACE_VFORK		PT_EVENT_FLAG(PTRACE_EVENT_VFORK)
#define PT_TRACE_CLONE		PT_EVENT_FLAG(PTRACE_EVENT_CLONE)
#define PT_TRACE_EXEC		PT_EVENT_FLAG(PTRACE_EVENT_EXEC)
#define PT_TRACE_VFORK_DONE	PT_EVENT_FLAG(PTRACE_EVENT_VFORK_DONE)
#define PT_TRACE_EXIT		PT_EVENT_FLAG(PTRACE_EVENT_EXIT)
#define PT_TRACE_SECCOMP	PT_EVENT_FLAG(PTRACE_EVENT_SECCOMP)

#define PT_EXITKILL		(PTRACE_O_EXITKILL << PT_OPT_FLAG_SHIFT)
#define PT_SUSPEND_SECCOMP	(PTRACE_O_SUSPEND_SECCOMP << PT_OPT_FLAG_SHIFT)

/* single stepping state bits (used on ARM and PA-RISC) */
#define PT_SINGLESTEP_BIT	31
#define PT_SINGLESTEP		(1<<PT_SINGLESTEP_BIT)
#define PT_BLOCKSTEP_BIT	30
#define PT_BLOCKSTEP		(1<<PT_BLOCKSTEP_BIT)

Performance Event

Performance Event是一款随 Linux 内核代码一同发布和维护的性能诊断工具。这些成员用于帮助PerformanceEvent分析进程的性能问题。

#ifdef CONFIG_PERF_EVENTS
	struct perf_event_context	*perf_event_ctxp[perf_nr_task_contexts];
	struct mutex			perf_event_mutex;
	struct list_head		perf_event_list;
#endif

进程调度

优先级

int				prio;
int				static_prio;
int				normal_prio;
unsigned int			rt_priority;

prio：动态优先级
static_prio：静态优先级，可以通过nice系统的调用来修改
rt_priority：实时优先级
normal_prio：取决于静态优先级和调度策略

实时优先级的取值范围是0-MAX_RT_PRIO-1(0-99)，普通进程的静态优先级范围是从MAX_RT_PRIO到MAX_PRIO-1（100-192）。值越大静态优先级越低。

/*
 * Priority of a process goes from 0..MAX_PRIO-1, valid RT
 * priority is 0..MAX_RT_PRIO-1, and SCHED_NORMAL/SCHED_BATCH
 * tasks are in the range MAX_RT_PRIO..MAX_PRIO-1. Priority
 * values are inverted: lower p->prio value means higher priority.
 */

#define MAX_RT_PRIO		100

#define MAX_PRIO		(MAX_RT_PRIO + NICE_WIDTH)
#define DEFAULT_PRIO		(MAX_RT_PRIO + NICE_WIDTH / 2)

调度策略

unsigned int			policy;
int				nr_cpus_allowed;
const cpumask_t			*cpus_ptr;
cpumask_t			*user_cpus_ptr;
cpumask_t			cpus_mask;
struct sched_entity		se;
struct sched_rt_entity		rt;
struct sched_dl_entity		dl;
const struct sched_class	*sched_class;

nr_cpus_allowed：允许使用的CPU数量
policy：调度策略
sched_class：调度类
se：普通进程的调用实体，每个进程都有其中之一的实体
rt：实时进程的调用实体，每个进程都有其中之一的实体

policy表示进程调度策略，目前只有以下五种：

/*
 * Scheduling policies
 */
#define SCHED_NORMAL		0
#define SCHED_FIFO		1
#define SCHED_RR		2
#define SCHED_BATCH		3
/* SCHED_ISO: reserved but not implemented yet */
#define SCHED_IDLE		5
#define SCHED_DEADLINE		6

SCHED_NORMAL：用于普通进程，通过CFS调度器实现。SCHED_BATCH用于非交互的处理器消耗性进程。SCHED_BATCH是在系统负载很低时使用。
SCHED_BATCH：CFS调度器。SCHED_NORMAL普通进程策略的分化版本。采用分时策略，根据动态优先级（可用nice()设置），分配CPU运算资源。这类进程比上述两类优先级低，在有实时进程存在时，实时进程优先调度。但针对吞吐量优化。
SCHED_IDLE：CFS调度器。优先级最低，在系统空闲时才跑这类进程。
SCHED_FIFO：RT调度器。先入先出调度算法（实时调度策略），相同优先级的任务先到先服务，高优先级的任务可以抢占低优先级的任务。
SCHED_RR：RT调度器。轮流调度算法（实时调度），相同优先级的任务先到先服务，高优先级的任务可以抢占低优先级任务。
SCHED_DEADLINE：新支持的实时进程调度策略，针对突发型计算，且对延迟和完成时间高敏感度的任务。基于Earliest Deadline First (EDF) 调度算法。

调度类

sched_class结构体表示调度类，目前内核中有实现以下四种：

extern const struct sched_class stop_sched_class;
extern const struct sched_class dl_sched_class;
extern const struct sched_class rt_sched_class;
extern const struct sched_class fair_sched_class;
extern const struct sched_class idle_sched_class;

idle_sched_class：每个cup的第一个pid=0线程：swapper，是一个静态线程。调度类属于：idel_sched_class，所以在ps里面是看不到的。一般运行在开机过程和cpu异常的时候做dump
stop_sched_class：优先级最高的线程，会中断所有其他线程，且不会被其他任务打断。作用：1.发生在cpu_stop_cpu_callback 进行cpu之间任务migration；2.HOTPLUG_CPU的情况下关闭任务。
rt_sched_class：RT，作用：实时线程
fair_sched_class：CFS（公平），作用：一般常规线程

目前系統中,Scheduling Class的优先级顺序为StopTask > RealTime > Fair > IdleTask

进程地址空间

	struct mm_struct		*mm;
	struct mm_struct		*active_mm;
#ifdef SPLIT_RSS_COUNTING
	struct task_rss_stat		rss_stat;
#endif
#ifdef CONFIG_COMPAT_BRK
	unsigned			brk_randomized:1;
#endif

mm：进程所拥有的用户空间内存描述符，内核线程无的mm为NULL
active_mm：active_mm指向进程运行时所使用的内存描述符，相对于普通进程而言，用户mm指针变量相同。但是内核线程kernel thread没有进程地址空间，所以mm域为NULL。但是内核空间必须知道用户空间包含什么，因此active_mm被初始化为每一个运行进程的active_mm值。
rss_stat：用来记录缓冲信息
brk_randomized：用来确定对随机堆内存的探测

如果当前内核线程被调度之前运行的也是另外一个内核线程时候，那么其mm和avtive_mm都是NULL

判断标志

int				exit_state;
int				exit_code;
int				exit_signal;
/* The signal sent when the parent dies: */
int				pdeath_signal;
/* JOBCTL_*, siglock protected: */
unsigned long			jobctl;

/* Used for emulating ABI behavior of previous Linux versions: */
unsigned int			personality;

/* Scheduler bits, serialized by scheduler locks: */
unsigned			sched_reset_on_fork:1;
unsigned			sched_contributes_to_load:1;
unsigned			sched_migrated:1;
#ifdef CONFIG_PSI
	unsigned			sched_psi_wake_requeue:1;
#endif

/* Force alignment to the next boundary: */
unsigned			:0;

/* Unserialized, strictly 'current' */

/*
 * This field must not be in the scheduler word above due to wakelist
 * queueing no longer being serialized by p->on_cpu. However:
 *
 * p->XXX = X;			ttwu()
 * schedule()			  if (p->on_rq && ..) // false
 *   smp_mb__after_spinlock();	  if (smp_load_acquire(&p->on_cpu) && //true
 *   deactivate_task()		      ttwu_queue_wakelist())
 *     p->on_rq = 0;			p->sched_remote_wakeup = Y;
 *
 * guarantees all stores of 'current' are visible before
 * ->sched_remote_wakeup gets used, so it can be in this word.
 */
unsigned			sched_remote_wakeup:1;

/* Bit to tell LSMs we're in execve(): */
unsigned			in_execve:1;
unsigned			in_iowait:1;

exit_code：用于设置进程的终止代号，这个值要么是_exit()或exit_group()系统调用参数（正常终止），要么是由内核提供的一个错误代号（异常终止）。
exit_signal：被置为-1时表示是某个线程组中的一员。只有当线程组的最后一个成员终止时，才会产生一个信号，以通知线程组的领头进程的父进程。
pdeath_signal：用于判断父进程终止时发送信号。
personality：用于处理不同的ABI
in_execve：用于通知LSM是否被do_execve()函数所调用。
in_iowait：用于判断是否进行iowait计数
sched_reset_on_fork：用于判断是否恢复默认的优先级或调度策略

进程时间

u64				utime;
u64				stime;
#ifdef CONFIG_ARCH_HAS_SCALED_CPUTIME
	u64				utimescaled;
	u64				stimescaled;
#endif
u64				gtime;
struct prev_cputime		prev_cputime;
#ifdef CONFIG_VIRT_CPU_ACCOUNTING_GEN
	struct vtime			vtime;
#endif

/* Context switch counts: */
unsigned long			nvcsw;
unsigned long			nivcsw;

/* Monotonic time in nsecs: */
u64				start_time;

/* Boot based time in nsecs: */
u64				start_boottime;

/* MM fault and swap info: this can arguably be seen as either mm-specific or thread-specific: */
unsigned long			min_flt;
unsigned long			maj_flt;

/* Objective and real subjective task credentials (COW): */
const struct cred __rcu		*real_cred;

/* Effective (overridable) subjective task credentials (COW): */
const struct cred __rcu		*cred;

/*
 * executable name, excluding path.
 *
 * - normally initialized setup_new_exec()
 * - access it with [gs]et_task_comm()
 * - lock it with task_lock()
 */
char				comm[TASK_COMM_LEN];

struct nameidata		*nameidata;

#ifdef CONFIG_SYSVIPC
	struct sysv_sem			sysvsem;
	struct sysv_shm			sysvshm;
#endif
#ifdef CONFIG_DETECT_HUNG_TASK
	unsigned long			last_switch_count;
	unsigned long			last_switch_time;
#endif

utime/stime：用于记录进程在用户态/内核态下所经过的节拍数（定时器）
utimescaled/stimescaled：用于记录进程在用户态/内核态的运行时间，但它们以处理器的频率为刻度
gtime：以节拍计数的虚拟机运行时间（guest time）
nvcsw/nivcsw：是自愿（voluntary）/非自愿（involuntary）上下文切换计数
last_switch_count：nvcsw和nivcsw的总和
start_time/start_boottime：进程创建时间，start_boottime还包含了进程睡眠时间，常用于/proc/pid/stat
utime/stime：

信号处理

/* Signal handlers: */
struct signal_struct		*signal;
struct sighand_struct __rcu		*sighand;
sigset_t			blocked;
sigset_t			real_blocked;
/* Restored if set_restore_sigmask() was used: */
sigset_t			saved_sigmask;
struct sigpending		pending;
unsigned long			sas_ss_sp;
size_t				sas_ss_size;
unsigned int			sas_ss_flags;

signal：指向进程的信号描述符
sighand：指向进程的信号处理程序描述符
blocked：表示被阻塞信号的掩码，real_blocked表示临时掩码
pending：存放私有挂起信号的数据结构
sas_ss_sp：是信号处理程序备用堆栈的地址，sas_ss_size表示堆栈的大小

其他

用于保护资源分配或释放的自旋锁

/* Protection against (de-)allocation: mm, files, fs, tty, keyrings, mems_allowed, mempolicy: */
spinlock_t			alloc_lock;
/* Protection of the PI data structures: */
raw_spinlock_t			pi_lock;

进程描述符使用计数，被置为2时，表示进程描述符正在被使用而且其相应的进程处于活动状态

1	refcount_t usage;

用于表示获取大内核锁的次数，如果进程未获得过锁，则置为-1

#ifdef CONFIG_LOCKDEP
# define MAX_LOCK_DEPTH			48UL
	u64				curr_chain_key;
	int				lockdep_depth;
	unsigned int			lockdep_recursion;
	struct held_lock		held_locks[MAX_LOCK_DEPTH];
#endif

在SMP上帮助实现无加锁进程的切换(unlocked context switches)

#ifdef CONFIG_SMP
	int				on_cpu;
	struct __call_single_node	wake_entry;
	unsigned int			wakee_flips;
	unsigned long			wakee_flip_decay_ts;
	struct task_struct		*last_wakee;

	/*
	 * recent_used_cpu is initially set as the last CPU used by a task
	 * that wakes affine another task. Waker/wakee relationships can
	 * push tasks around a CPU where each wakeup moves to the next one.
	 * Tracking a recently used CPU allows a quick search for a recently
	 * used CPU that may be idle.
	 */
	int				recent_used_cpu;
	int				wake_cpu;
#endif

prempt_notifier结构体链表

#ifdef CONFIG_PREEMPT_NOTIFIERS
	/* List of struct preempt_notifier: */
	struct hlist_head		preempt_notifiers;
#endif

blktrace是一个针对Linux内核中块设备I/O层的跟踪工具

1
2
3

#ifdef CONFIG_BLK_DEV_IO_TRACE
	unsigned int			btrace_seq;
#endif

RCU同步原语

#ifdef CONFIG_PREEMPT_RCU
	int				rcu_read_lock_nesting;
	union rcu_special		rcu_read_unlock_special;
	struct list_head		rcu_node_entry;
	struct rcu_node			*rcu_blocked_node;
#endif /* #ifdef CONFIG_PREEMPT_RCU */

#ifdef CONFIG_TASKS_RCU
	unsigned long			rcu_tasks_nvcsw;
	u8				rcu_tasks_holdout;
	u8				rcu_tasks_idx;
	int				rcu_tasks_idle_cpu;
	struct list_head		rcu_tasks_holdout_list;
#endif /* #ifdef CONFIG_TASKS_RCU */

#ifdef CONFIG_TASKS_TRACE_RCU
	int				trc_reader_nesting;
	int				trc_ipi_to_cpu;
	union rcu_special		trc_reader_special;
	bool				trc_reader_checked;
	struct list_head		trc_holdout_list;
#endif /* #ifdef CONFIG_TASKS_TRACE_RCU */

用于调度器统计进程的运行信息

1	struct sched_info sched_info;

用于构建进程链表

1	struct list_head tasks;

to limit pushing to one attempt

#ifdef CONFIG_SMP
	struct plist_node		pushable_tasks;
	struct rb_node			pushable_dl_tasks;
#endif

防止内核堆栈溢出

#ifdef CONFIG_STACKPROTECTOR
	/* Canary value for the -fstack-protector GCC feature: */
	unsigned long			stack_canary;
#endif

PID散列表和链表

/* PID/PID hash table linkage. */
struct pid			*thread_pid;
struct hlist_node		pid_links[PIDTYPE_MAX];
struct list_head		thread_group; // 线程组中所有进程的链表
struct list_head		thread_node;

do_fork函数

在执行do_fork时，如果给定特别的标志，则vfork_done会指向一个特殊的地址。

如果copy_process函数的clone_flags参数的值被置为CLONE_CHILD_SETTID或CLONE_CHILD_CLEARID，则会吧child_tidptr参数的值分别复制到set_child_tid和clear_child_tid成员。这些标志说明必须改变子进程用户态地址空间的child_tidptr所指向的变量的值。

struct completion		*vfork_done;

/* CLONE_CHILD_SETTID: */
int __user			*set_child_tid;

/* CLONE_CHILD_CLEARTID: */
int __user			*clear_child_tid;

缺页统计

1
2
3

/* MM fault and swap info: this can arguably be seen as either mm-specific or thread-specific: */
unsigned long			min_flt;
unsigned long			maj_flt;

进程权能

/* Process credentials: */

/* Tracer's credentials at attach: */
const struct cred __rcu		*ptracer_cred;

/* Objective and real subjective task credentials (COW): */
const struct cred __rcu		*real_cred;

/* Effective (overridable) subjective task credentials (COW): */
const struct cred __rcu		*cred;

相应的程序名

/*
 * executable name, excluding path.
 *
 * - normally initialized setup_new_exec()
 * - access it with [gs]et_task_comm()
 * - lock it with task_lock()
 */
char				comm[TASK_COMM_LEN];

struct nameidata		*nameidata;

文件

fs表示进程与文件系统的联系，包括当前目录和根目录

files表示进程当前打开的文件

/* Filesystem information: */
struct fs_struct		*fs;

/* Open file information: */
struct files_struct		*files;

进程通信

#ifdef CONFIG_SYSVIPC
	struct sysv_sem			sysvsem;
	struct sysv_shm			sysvshm;
#endif

处理器特有数据

1 2	/* CPU-specific state of this task: */ struct thread_struct thread;

命名空间

1 2	/* Namespaces: / struct nsproxy nsproxy;

进程审计

#ifdef CONFIG_AUDIT
#ifdef CONFIG_AUDITSYSCALL
	struct audit_context		*audit_context;
#endif
	kuid_t				loginuid;
	unsigned int			sessionid;
#endif

secure computing

1	struct seccomp seccomp;

**用于copy_process函数使用CLONE_PARENT 标记时 **

1
2
3

/* Thread group tracking: */
u64				parent_exec_id;
u64				self_exec_id;

中断

#ifdef CONFIG_TRACE_IRQFLAGS
	struct irqtrace_events		irqtrace;
	unsigned int			hardirq_threaded;
	u64				hardirq_chain_key;
	int				softirqs_enabled;
	int				softirq_context;
	int				irq_config;
#endif
#ifdef CONFIG_TRACE_IRQFLAGS
	struct irqtrace_events		kcsan_save_irqtrace;
#endif

task_rq_lock函数所使用的锁

1 2	/* Protection of the PI data structures: */ raw_spinlock_t pi_lock;

**基于PI协议的等待互斥锁，其中PI指的是priority inheritance（优先级继承） **

#ifdef CONFIG_RT_MUTEXES
	/* PI waiters blocked on a rt_mutex held by this task: */
	struct rb_root_cached		pi_waiters;
	/* Updated under owner's pi_lock and rq lock */
	struct task_struct		*pi_top_task;
	/* Deadlock detection and priority inheritance handling: */
	struct rt_mutex_waiter		*pi_blocked_on;
#endif

死锁检测

#ifdef CONFIG_DEBUG_MUTEXES
	/* Mutex deadlock detection: */
	struct mutex_waiter		*blocked_on;
#endif

lockdep

#ifdef CONFIG_LOCKDEP
# define MAX_LOCK_DEPTH			48UL
	u64				curr_chain_key;
	int				lockdep_depth;
	unsigned int			lockdep_recursion;
	struct held_lock		held_locks[MAX_LOCK_DEPTH];
#endif

JFS文件系统

1 2	/* Journalling filesystem info: / void journal_info;

块设备链表

1 2	/* Stacked block device info: / struct bio_list bio_list;

内存回收

1 2	/* VM state: / struct reclaim_state reclaim_state;

存放块设备I/O数据流量信息

1	struct backing_dev_info *backing_dev_info;

I/O调度器所使用的信息

1	struct io_context *io_context;

记录进程的I/O计数

struct task_io_accounting	ioac;

#ifdef CONFIG_TASK_XACCT
	/* Accumulated RSS usage: */
	u64				acct_rss_mem1;
	/* Accumulated virtual memory usage: */
	u64				acct_vm_mem1;
	/* stime + utime since last update: */
	u64				acct_timexpd;
#endif

CPUSET功能

#ifdef CONFIG_CPUSETS
	/* Protected by ->alloc_lock: */
	nodemask_t			mems_allowed;
	/* Sequence number to catch updates: */
	seqcount_spinlock_t		mems_allowed_seq;
	int				cpuset_mem_spread_rotor;
	int				cpuset_slab_spread_rotor;
#endif

Control Groups

#ifdef CONFIG_CGROUPS
	/* Control Group info protected by css_set_lock: */
	struct css_set __rcu		*cgroups;
	/* cg_list protected by css_set_lock and tsk->alloc_lock: */
	struct list_head		cg_list;
#endif

futex同步机制

#ifdef CONFIG_FUTEX
	struct robust_list_head __user	*robust_list;
#ifdef CONFIG_COMPAT
	struct compat_robust_list_head __user *compat_robust_list;
#endif
	struct list_head		pi_state_list;
	struct futex_pi_state		*pi_state_cache;
	struct mutex			futex_exit_mutex;
	unsigned int			futex_state;
#endif

非一致内存访问(NUMA Non-Uniform Memory Access)

#ifdef CONFIG_NUMA
	/* Protected by alloc_lock: */
	struct mempolicy		*mempolicy;
	short				il_prev;
	short				pref_node_fork;
#endif

RCU链表

union {
	refcount_t		rcu_users;
	struct rcu_head		rcu;
};

管道

1 2	/* Cache last used pipe for splice(): / struct pipe_inode_info splice_pipe;

延迟计数

1
2
3

#ifdef CONFIG_TASK_DELAY_ACCT
	struct task_delay_info		*delays;
#endif

fault injection

#ifdef CONFIG_FAULT_INJECTION
	int				make_it_fail;
	unsigned int			fail_nth;
#endif

Infrastructure for displayinglatency

#ifdef CONFIG_LATENCYTOP
	int				latency_record_count;
	struct latency_record		latency_record[LT_SAVECOUNT];
#endif

tim slack values 常用于poll和select函数

/*
 * Time slack values; these are used to round up poll() and
 * select() etc timeout values. These are in nanoseconds.
 */
u64				timer_slack_ns;
u64				default_timer_slack_ns;

ftrace跟踪器

#ifdef CONFIG_FUNCTION_GRAPH_TRACER
	/* Index of current stored address in ret_stack: */
	int				curr_ret_stack;
	int				curr_ret_depth;

	/* Stack of return addresses for return function tracing: */
	struct ftrace_ret_stack		*ret_stack;

	/* Timestamp for last schedule: */
	unsigned long long		ftrace_timestamp;

	/*
	 * Number of functions that haven't been traced
	 * because of depth overrun:
	 */
	atomic_t			trace_overrun;

	/* Pause tracing: */
	atomic_t			tracing_graph_pause;
#endif

#ifdef CONFIG_TRACING
	/* State flags for use by tracers: */
	unsigned long			trace;

	/* Bitmask and counter of trace recursion: */
	unsigned long			trace_recursion;
#endif /* CONFIG_TRACING */