The Linux kernel is the heart of the operating system. It is the layer between the user who works with Linux from a shell environment and the hardware that is available in the computer on which the user is working. The kernel is doing so by managing the I/O instructions it receives from the software and translating those to processing instructions that are to be executed by the central processing unit and other hardware in the computer. The kernel also takes care of handling essential operating system tasks. One example of such a task is the scheduler that makes sure that processes that are started on the operating system are handled by the CPU.The operating system tasks that are performed by the kernel are implemented by different kernel threads.
查看系统内核进程: [root@rhel7 ~]# ps aux | head -n 20USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 126560 7264 ? Ss 02:23 0:04 /usr/lib/systemd/systemd --switched-root --system --deserialize 20
root 2 0.0 0.0 0 0 ? S 02:23 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 02:23 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 02:23 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S 02:23 0:00 [migration/0]
root 8 0.0 0.0 0 0 ? S 02:23 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S 02:23 0:00 [rcuob/0]
root 10 0.0 0.0 0 0 ? S 02:23 0:00 [rcuob/1]
root 11 0.0 0.0 0 0 ? S 02:23 0:01 [rcu_sched]
root 12 0.0 0.0 0 0 ? S 02:23 0:00 [rcuos/0]
root 13 0.0 0.0 0 0 ? S 02:23 0:01 [rcuos/1]
root 14 0.0 0.0 0 0 ? S 02:23 0:00 [watchdog/0]
root 15 0.0 0.0 0 0 ? S 02:23 0:00 [watchdog/1]
root 16 0.0 0.0 0 0 ? S 02:23 0:00 [migration/1]
root 17 0.0 0.0 0 0 ? S 02:23 0:00 [ksoftirqd/1]
root 19 0.0 0.0 0 0 ? S< 02:23 0:00 [kworker/1:0H]
root 20 0.0 0.0 0 0 ? S< 02:23 0:00 [khelper]
root 21 0.0 0.0 0 0 ? S 02:23 0:00 [kdevtmpfs]
root 22 0.0 0.0 0 0 ? S< 02:23 0:00 [netns]
The kernel thread names are listed between square brackets.
Hardware Initialization --内核的一个重要工作就是硬件初始化The loading of drivers is an automated process that roughly goes like this:
1. During boot, the kernel probes available hardware.
2. Upon detection of a hardware component, the systemd-udevd process takes care of loading the appropriate driver and making the hardware device available.
3. To decide how the devices are initialized, systemd-udevd reads rules files in / usr/lib/udev/rules.d. These are system provided udev rules files that should not be modified.
4. After processing the system provided udev rules files, systemd-udevd goes to the /etc/udev/rules.d directory to read any custom rules if these are available.
5. As a result, required kernel modules are loaded automatically and status about the kernel modules and associated hardware is written to the sysfs file system which is mounted on the /sys directory.
[root@rhel7 rules.d]# udevadm monitormonitor will print the received events for:
UDEV - the event which udev sends out after rule processing
KERNEL - the kernel uevent
KERNEL[26762.720715] change /devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 (block) --挂载光驱
UDEV [26762.780435] change /devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 (block)
KERNEL[26781.664833] change /devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 (block) --卸载光驱
UDEV [26781.767169] change /devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 (block)
In this command, you can see how features that are offered by the hardware are discovered automatically by the kernel and udev working together. Each phase of the hardware probing is concluded by the creation of a file in the /sys file system. Once the hardware has been fully initialized, you can also see that some kernel modules are loaded.
Analyzing What the Kernel Is DoingTo help analyze what the kernel is doing, some tools are provided by the Linux operating systems:
■ The dmesg utility -- journalctl --dmesg或者journalctl -k
■ The /proc file system
■ The uname utility
[root@rhel7 ~]# journalctl --dmesg-- Logs begin at Sat 2016-08-13 02:23:44 EDT, end at Sat 2016-08-13 10:01:01 EDT. --
Aug 13 02:23:44 localhost.localdomain kernel: Initializing cgroup subsys cpuset
Aug 13 02:23:44 localhost.localdomain kernel: Initializing cgroup subsys cpu
Aug 13 02:23:44 localhost.localdomain kernel: Initializing cgroup subsys cpuacct
Aug 13 02:23:44 localhost.localdomain kernel: Linux version 3.10.0-327.el7.x86_64 (mockbuild@x86-034.build.eng.bos.redhat.com) (gcc versio
Aug 13 02:23:44 localhost.localdomain kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-327.el7.x86_64 root=/dev/mapper/rhel-root ro crashk
Aug 13 02:23:44 localhost.localdomain kernel: e820: BIOS-provided physical RAM map:
Aug 13 02:23:44 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
Aug 13 02:23:44 localhost.localdomain kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
Aug 13 02:23:44 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
Aug 13 02:23:44 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000100000-0x000000007ffeffff] usable
Aug 13 02:23:44 localhost.localdomain kernel: BIOS-e820: [mem 0x000000007fff0000-0x000000007fffffff] ACPI data
Aug 13 02:23:44 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
Aug 13 02:23:44 localhost.localdomain kernel: NX (Execute Disable) protection: active
Aug 13 02:23:44 localhost.localdomain kernel: SMBIOS 2.5 present.
Aug 13 02:23:44 localhost.localdomain kernel: DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Aug 13 02:23:44 localhost.localdomain kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
In the dmesg output, all kernel-related messages are shown. Each message starts with a time indicator that shows at which specific second the event was logged. This time indicator is relative to the start of the kernel, which allows you to see exactly how many seconds have passed between the start of the kernel and a particular event. (Notice that the journalctl -k / --dmesg commands show clock time, instead of time that is relative to the start of the kernel.) This time indicator gives a clear indication of what has been happening and at which time it has happened.
Another valuable source of information is the /proc file system. The /proc file system is an interface to the Linux kernel, and it contains files with detailed actual status information on what is happening on your server. Many of the performancerelated tools mine the /proc file system for more information.
As an administrator, you will find that some of the files in /proc are very readable and contain actual status information about CPU, memory, mounts, and more. Take a look, for instance, at /proc/meminfo, which gives detailed information about each memory segment and what exactly is happening in these memory segments.
A last useful source of information that should be mentioned here is the uname command. This command gives different kinds of information about your operating system. Type, for instance, uname -a for an over