pgrep can help you learn about the processes running on your system. Sometimes, the next step in getting a report on processes is exploring a single process' memory map. You can use the
pmap command for that.
[Cheat sheet: Old Linux commands and their modern replacements ]
Check a process
Suppose you need to know how the
sshd process is mapped in memory. First, find the process ID (PID) of the process:
$ ps aux | grep sshd root 5484 [...] sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
Use the PID 5484 to explore the process:
$ sudo pmap 5484 | more 5484: sshd: /usr/sbin/sshd -D [listener] 0000560d6317f000 48K r---- sshd 0000560d6318b000 564K r-x-- sshd 0000560d63218000 296K r---- sshd 0000560d63262000 16K r---- sshd 0000560d63266000 4K rw--- sshd 0000560d63267000 16K rw--- [ anon ] 0000560d6502c000 504K rw--- [ anon ] 00007f929fcc8000 12K rw--- [ anon ] 00007f929fccb000 16K r---- libgpg-error.so 00007f929fccf000 88K r-x-- libgpg-error.so 00007f929fce5000 40K r---- libgpg-error.so 00007f929fcef000 4K r---- libgpg-error.so 00007f929fcf0000 4K rw--- libgpg-error.so [...] 00007ffd61ce8000 132K rw--- [ stack ] 00007ffd61d92000 16K r---- [ anon ] 00007ffd61d96000 8K r-x-- [ anon ] ffffffffff600000 4K --x-- [ anon ] total: 15612K
pmap output reports the process' memory usage, including all the components it uses, such as libraries and binary files. The columns include the memory address, offset, permission, and name.
[ No-cost online course: Red Hat Enterprise Linux technical overview. ]
You can run the same command with the
-x flag to get even more detailed output:
Address Kbytes RSS Dirty Mode Mapping 0000560d6317f000 48 48 0 r---- sshd 0000560d6318b000 564 500 0 r-x-- sshd 0000560d63218000 296 160 0 r---- sshd 0000560d63262000 16 16 16 r---- sshd 0000560d63266000 4 4 4 rw--- sshd 0000560d63267000 16 16 16 rw--- [ anon ]
Here's what that information means:
- Address: The beginning memory address allocation
- Kbytes: Memory allocation in kilobytes
- RSS: Resident set size of the process in memory
- Dirty: The status of the memory pages
- Mode: Access mode and privileges
- Mapping: The user-facing name of the application or library
[ Find out what sysadmins need to know about Linux permissions ]
In this case, the binary
sshd is allocated 48 kilobytes from the memory address 0000560d6317f000 to the address 0000560d6317f000. You can test whether this is true using a Python shell. First, subtract the memory address to get the offset. The result is returned in hex:
$ python Python 3.10.7 >>> hex ( 0x0000560d6318b000 -0x0000560d6317f000 ); '0xc000'
Convert the hex value:
>>> int (hex ( 0x0000560d6318b000 -0x0000560d6317f000 ),16); 49152
Finally, divide this result by 1024:
>>> 49152/1024 48
The result is 48 kilobytes.
Mapping with pmap
pmap utility gathers most of its information from the
/proc/PID/smaps file and makes it friendly to humans. The
[ anon ] value is anonymous memory mapping, which is part of the memory populated with data not taken from the filesystem but allocated when needed.
You can use
pmap to monitor the movement of memory across a particular time range. You can also use it to analyze a memory value that always increases and never decreases or to locate the culprit of a memory leak.
This example is a brief overview of what's possible to learn about a single process. Use it well.
[ For more tips on Linux administration, read How to use the lsof command to troubleshoot Linux. ]