To grasp the inner workings of processes in Linux, macOS, or BSD, we must delve into their lifecycle and the critical role of the fork() system call in generating new processes. This exploration will highlight key distinctions from Windows, with a focus on the fundamental mechanics of process creation in Unix-like systems.
How Process Creation works in Linux/macOS/BSD
- Initial
Process (init or systemd)
- The
first user-space process is typically init or systemd in Linux and macOS.
It's started by the kernel after bootstrapping the system.
- On Linux:
Modern distributions often use systemd, which is responsible for
initializing the system.
- On macOS:
launchd acts similarly to init or systemd.
- The
Role of fork()
- In
Unix-like systems, process creation relies on fork():
- fork():
Creates a new process by cloning the current process (parent process).
- The
new process (child) gets its own PID but shares the same memory layout
as the parent until memory writes occur (Copy-On-Write mechanism).
- After
the child is created, the parent and child processes can execute
concurrently.
- Followed
by:
- exec():
The child process often calls exec() to replace its memory space with a
new program.
Example Workflow:
pid_t pid = fork();
if (pid == 0) {
// Child process
execlp("program",
"program", (char *)NULL);
} else if (pid > 0) {
// Parent process
wait(NULL); // Wait for the child to finish
}
- Kernel
Process and Cloning
- Unix
systems have kernel processes that run in the background, such as:
- kthreadd:
The kernel thread manager.
- kworker:
Handles asynchronous tasks in the kernel.
- Kernel
processes like kthreadd are cloned to create new kernel-level threads or
processes.
- clone():
- Linux-specific
system call for process/thread creation.
- More
flexible than fork() as it allows sharing of resources (e.g., memory,
file descriptors).
- User-Space
Processes
- Once
the kernel spawns init or systemd, it creates all other user-space
processes, including:
- Login
shells (getty, bash, zsh).
- Daemons
(background services like cron, sshd).
Comparison with Windows Process Creation
Feature |
Linux/macOS/BSD |
Windows |
Initial Process |
init/systemd/launchd |
System (PID 4) |
Process Creation |
fork() followed by exec() |
CreateProcess() API |
Kernel Involvement |
kthreadd, kernel forks/clones process |
smss.exe handles session/process management |
Service Manager |
Daemons managed by init/system |
svchost.exe |
Threading |
clone() for threads and processes |
Windows Threads |
Things we need to look up for future blogposts:
- Fork
Mechanism
- Explore
the fork() and exec() workflow.
- Understand
Copy-On-Write memory management.
- Kernel
Processes
- Study
kernel-level threads (kthreadd, kworker).
- Learn
about process scheduling and task switching.
- System
Calls for Process Management
- Linux:
fork(), execve(), clone(), wait(), exit().
- macOS/BSD:
Similar process creation APIs with slight differences in syscall
conventions.
- Process
States
- Linux/macOS:
Process states (Running, Sleeping, Zombie).
- Check
the /proc filesystem for process information.
- Process
Tree Visualization
- Tools:
pstree, htop, ps.
- Understand
parent-child relationships in the process tree.
- Init
Systems
- Systemd:
Unit files, dependency handling.
- Launchd:
Service management on macOS.
- Thread
Management
- Difference
between kernel threads and user threads.
- Use
of pthread library in Linux.
My suggestion on enhancing the understanding of these
discussed concepts, please follow up on the given exercises:
- Fork
and Exec Programming
- Write
a program that forks a child, where the child runs a new command using exec().
- Process
Tree Exploration
- Use pstree
to view the relationship between init/systemd and other processes.
- Kernel
Process Monitoring
- Use top
or htop to observe kernel threads (use k option in htop).
- MacOS
Daemon Study
- Use launchctl
to view and manage launchd processes.