Search notes:

Linux process

User vs kernel space

A process is executing either in user space or in kernel space.
When executing in user space, the process can or cannot do certain things according to its privileges.
A process switches to kernel space by calling a syscall.
Exception: iopl
Apparently user space is also called user mode, kernel space is also called kernel mode.
Between user and kernel space «lies» the ABI - Application Binary Interface.
See also: call_usermodehelper.

Process ID (PID)

Each process is identified by a numerical id, the so called process id, sometimes abbreviated as PID.
Process IDs are unique per system at a given time, but an ID might be reused after a process has terminated.

Displaying details about a given process

The shell utility ps allows to print the details of a process given its id: 
$ ps p 894
  PID TTY      STAT   TIME COMMAND
  894 pts/0    S      0:00 -bash

Process 1

The first process that the kernel starts is the process with PID = 1.
This process is the direct or indirect parent for all other processes.
By default, the kernel tries to start /sbin/init as this first process. Historically, this is the init process of System V which in more recent times is replaced with upstart or systemd.

Maximum PID value

The maximum value for a PID is controlled by the kernel parameter kernel.pid_max and can be queried with one of the following two variants: 
# sysctl -a | grep kernel.pid_max
# cat /proc/sys/kernel/pid_max

Membership in a cgroup

Each process belongs to exactly one cgroup (see /proc/$pid/cgroups)

Debugging processes

strace

See also

The kill syscall.
signal
include/linux/sched.h
nproc reports the number of available CPUs to the current process.
fuser identifies processes that are using files or sockets.
prtstat prints statistics about a process.
ps reports a snapshot of the current processes. With pstree, the processes are shown as a tree.
pidof finds a process's PID.
pgrep finds processes by their name and attributes.
A process can be terminated with kill or killall.
pmap reports the memory map of a process. Compare with /proc/$pid/mem and /proc/$pid/maps.
top displays the most CPU intensive processes.
pstack prints a stack trace.
/proc, /proc/$pid and the proc filesystem
In the x86/64 architecture of Linux, a newly forked process context switches to the code defined at the symbol ret_from_fork_asm (source file arch/x86/entry/entry_64.S)
Read and write another process's memory
Windows processes
In Java, a new process can be started with the method exec of the class java.lang.Runtime.
In Python, a new process can be created («spawned») with the standard library module subprocess.

Index