Saltar a contenido

Week 4 - Processes, Threads, and Signals

4.1 Conceptual Core

  • A process is the unit of resource ownership: address space, file descriptors, credentials, signal handlers.
  • A thread in Linux is a process that shares its address space (and most other resources) with its siblings-the kernel calls them all "tasks." clone(2) with various flags is the underlying syscall; fork() is a special case (clone(SIGCHLD)); pthread_create() is another (clone(CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD | ...)).
  • Signals are the kernel's asynchronous notification mechanism: kill(2), sigaction(2), signal masks, signalfd(2). The most error-prone part of Unix.

4.2 Mechanical Detail

  • task_struct - the kernel's per-task struct, ~3 KB. Readinclude/linux/sched.h`.
  • The PID is the per-namespace task identifier; the TGID (thread-group ID) is what userspace getpid() returns. Threads share TGID, differ in PID.
  • Process tree: /proc/<pid>/task/<tid>/ for each thread; /proc/<pid>/status for credentials, capabilities, OOM score.
  • Signal mechanics:
  • Synchronous signals (SIGSEGV, SIGBUS, SIGFPE)-delivered to the offending thread.
  • Asynchronous signals (SIGTERM, SIGINT, SIGUSR1/2)-delivered to any thread that doesn't block them, usually the main thread.
  • Real-time signals (SIGRTMINSIGRTMAX)-queued (regular signals can be coalesced).
  • The fork-then-exec pattern: fork() is heavy (copy page tables, COW), vfork() is lighter but pauses the parent, posix_spawn() and clone3(CLONE_VFORK | CLONE_VM) are the modern cheaper alternatives.

4.3 Lab-"Process Forensics"

  1. Write a C program that forks 4 children, each computing for 5 s. Use ptrace or strace -f to observe all four.
  2. Add a signal handler that catches SIGTERM and logs cleanly to all children before exit.
  3. Reproduce a classic bug: a parent that ignores SIGCHLD and a child that exits, producing zombies. Verify with ps -ef | grep defunct.
  4. Convert to signalfd + `epoll - the modern signal-handling pattern that integrates with event loops.

4.4 Hardening Drill

  • Set RLIMIT_NPROC and RLIMIT_STACK for your service via LimitNPROC= and LimitSTACK= in the systemd unit. Verify with prlimit -p <pid>.

4.5 Performance Tuning Slice

  • perf record -e sched:sched_switch for 10 seconds of your workload. Analyze with perf sched latency. Identify the top wakeup latencies.

Month 1 Capstone Deliverable

A kernel-foundations/ directory: 1. hardened-echo/ - week 1's echo service with maximal systemd hardening, score documented. 2.syscall-cat/ - week 2's libc-free cat plus a seccomp policy. 3. vfs-explorer/ - week 3'sbpftracerecipes capturing VFS activity. 4.signal-disciplined-server/ - a TCP echo server using signalfd + epoll for graceful shutdown.

A RUNBOOK.md documenting the boot trace, the syscall trace methodology, and the signal-handling decisions.

Comments