Identifying kernel threads

Question

I\'d like to know how I can distinguish a kernel-thread from a user-thread for a process-scanner I\'m building. I\'m having a hard time finding a good definition of both typ

Answer 1

As you pointed out in your own comment above, all user processes are descendants of the init process (pid=1). Kernel threads are not descendants of the init process, since init is a user process, and user processes cannot create kernel threads. Therefore, to check if process p is a user process and not a kernel thread, one needs to operate on the process graph and evaluate if init dom p where dom is the Dominator operator. Concretely in Python:

def is_user_process(p):
  if (p=='1'):
    print 'User process'
  else:
    pstat = open('/proc/%s/stat'%p).read().split()
    parent = pstat[3]
    if (parent=='1'):
      print 'User process'
    elif (parent=='0'):
      print 'Kernel thread'
    else:
      is_user_process(parent)