Search notes:

Linux process

User vs kernel space

A process is executing either in user space or in kernel space.
When executing in user space, the process can or cannot do certain things according to its privileges.
A process switches to kernel space by calling a syscall.
Exception: iopl
Apparently user space is also called user mode, kernel space is also called kernel mode.
Between user and kernel space «lies» the ABI - Application Binary Interface.
See also: call_usermodehelper.

Process ID (PID)

Each process is identified by a numerical id, the so called process id, sometimes abbreviated as PID.
Process IDs are unique per system at a given time, but an ID might be reused after a process has terminated.

Displaying details about a given process

The shell utility ps allows to print the details of a process given its id: 
$ ps p 894
  PID TTY      STAT   TIME COMMAND
  894 pts/0    S      0:00 -bash

Process 1

The first process that the kernel starts is the process with PID = 1.
This process is the direct or indirect parent for all other processes.
By default, the kernel tries to start /sbin/init as this first process. Historically, this is the init process of System V which in more recent times is replaced with upstart or systemd.

Maximum PID value

The maximum value for a PID is controlled by the kernel parameter kernel.pid_max and can be queried with one of the following two variants: 
# sysctl -a | grep kernel.pid_max
# cat /proc/sys/kernel/pid_max

Threads

Threads are similar to processes but the threads of a given process share one memory address space.
However, each thread has its own sets of registers and its own execution stack and perhaps private memory

Execution domains/personalities

Linux supports different execution domains, or personalities, for each process.
Among other thins, an execution domains (or personality?) tells Linux how to map signal numbers into signal actions.
The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems.
See also:

Membership in a cgroup

Each process belongs to exactly one cgroup (see /proc/$pid/cgroups)

Debugging processes

strace

See also

The kill syscall.
signal
include/linux/sched.h
nproc reports the number of available CPUs to the current process.
fuser identifies processes that are using files or sockets.
prtstat prints statistics about a process.
ps reports a snapshot of the current processes. With pstree, the processes are shown as a tree.
pidof finds a process's PID.
pgrep finds processes by their name and attributes.
A process can be terminated with kill or killall.
pmap reports the memory map of a process. Compare with /proc/$pid/mem and /proc/$pid/maps.
top displays the most CPU intensive processes.
pstack prints a stack trace.
/proc, /proc/$pid and the proc filesystem
In the x86/64 architecture of Linux, a newly forked process context switches to the code defined at the symbol ret_from_fork_asm (source file arch/x86/entry/entry_64.S)
Read and write another process's memory
Windows processes
In Java, a new process can be started with the method exec of the class java.lang.Runtime.
In Python, a new process can be created («spawned») with the standard library module subprocess.

Index