Notes (detailed process)-deep understanding of Linux kernel

I. process switching and hardware context

1. process switching: to control the execution of processes, the kernel must be able to suspend processes running on the CPU and resume a previously suspended process, this capability is called process switching, task switching, or context switching.

2. hardware context:

Although each process can have its own address space, all processes must share the CPU register. Therefore, before resuming a process, the kernel must ensure that each register is loaded with the value of the suspended process.

The group of data in the register must be loaded into the hardware context before the process resumes execution.

Process switching can be expressed as follows: Save the hardware context of the process to be switched, and replace it with the hardware context of the process to be switched in. Linux2.6 use the software for process switching.

Process switching only occurs in the kernel state.

Ii. switch_to macro

Switch_to macro is used for process switching. Given the previous process struct pointer Prev, and the process struct pointer to be switched to next, switch_to macro switches from Prev to next.
However, the switch_to macro has three parameters. Besides the two parameters mentioned above, there is also a last parameter. when switch_to macro is used, both the prev and last values are the same. For example, this macro is called as follows:
Switch_to (prev, next, Prev ).

Consider a scenario where process a switches to process B. Because the space of each process is different, Prev = A, next = B in the space of process a before switching, last =.
After a period of time, you need to switch back to process a. If the current process is C, for C, Prev = C, next = A, last = C.

Two scenarios before and after comparison:
Before process a switchover: Prev = A, next = B, last =
Before switching process C: Prev = C, next = A, last = C

Switch from process C to process a. Note that the switch_to macro stores the prev in the eax register before the switch, that is, before process C switches to process a, eax = C
After the switchover, it is obvious that the space of process a is reached. Therefore, the prev, next, and last pointers must return to the point before process a is switched out. Therefore, Prev = A, next = B, last = A, while eax data remains unchanged.
Before the switch_to macro returns, store the eax register data to the last. Therefore, last = eax = C.
In this case, after process a is switched back, Prev = A, next = B, last = C

From the above analysis, we can see that, in fact, Prev points to the process pointer that was switched before the process switch, and last points to the process from which the switch was made.
The meaning of the two is not the same, except that the original Prev is useless after the switchover. It can be used to save the process from which the switchover was made after the switchover, so the prev and last are the same when switch_to macro is called.

 

3. Create a process

Process Creation: the traditional UNIX operating system treats all processes in a unified manner, and the child process copies all the resources of the parent process. This method makes Process Creation very slow. In fact, a child process does not need to read or write all resources owned by the parent process.

Now the Unix kernel uses three different mechanisms to solve this problem:

1. The copy-on-write technology allows the Parent and Child processes to read the same physical page.

2. Lightweight processes allow Parent and Child processes to share many data structures in the kernel, such as page tables, open file tables, and process signals.

3. The process created by the vfork () system call can share the memory address of the parent process. To prevent the parent process from overwriting the data required by the child process, the execution of the parent process must be blocked, until the sub-process exits or executes a new program.

Iv. Linux clone () function

Int clone (INT (* fN) (void *), void * child_stack, int flags, void * Arg );

Here FN is the function pointer. We know the four elements of the process. This is the pointer to the program, which is the so-called "script ", child_stack obviously allocates system stack space for sub-processes (in Linux, the system stack space is 2 pages, that is, 8 KB of memory. In this memory, values are placed on the low address, this value is the value of the process control block task_struct). Flags is the identifier used to describe the resources that you need to inherit from the parent process. Arg is the parameter passed to the child process ). The following are values that flags can fetch.

Logo meaning

The parent process of the child process created by clone_parent is the parent process of the caller. The new process and the process that created it become "brother" rather than "Parent and Child"

The clone_fs sub-process shares the same file system with the parent process, including root, current directory, and umask

The clone_files sub-process shares the same file descriptor with the parent process.

Clone_newns in the new namespace promoter process, namespace describes the process File hierarchy

The clone_sighand sub-process shares the same signal processing (signal handler) table with the parent process.

Clone_ptrace if the parent process is traced, the child process is also traced

The clone_vfork parent process is suspended until the child process releases virtual memory resources.

Clone_vm sub-processes and parent processes run in the same memory space

When the clone_pid sub-process is created, the PID is consistent with the parent process.

Added in clone_thread linux2.4 to support POSIX thread standards. The sub-process shares the same thread group with the parent process.

5. do_fork () function

The do_fork () function uses the Helper function copy_process () to create process descriptors and all other kernel data structures required for sub-process execution. The following are the main steps for do_fork:

Find the pidmap_array bitmap and assign a new PID to the sub-process.

Check the ptrace field (current-> ptrace) of the parent process: if its value is not equal to 0, another process is tracking the parent process. Therefore, do_fork () check whether the debugger program wants to track sub-processes (independent of the value of the clone_ptrace flag specified by the parent process ). In this case, if the sub-process is not a kernel thread (the clone_untraced flag is cleared 0), the do_fork () function sets the clone_ptrace flag.

Call copy_process () to copy the process descriptor. If all required resources are available, this function returns the address of the newly created task_struct descriptor. This is a key step in the creation process and will be described after do_fork.

If the clone_stopped flag is set, or the sub-process must be tracked, that is, the pt_ptraced flag is set in P-> ptrace, the sub-process status is set to task_stopped, and add a pending sigstop signal to the sub-process. In another process (assuming it is a tracing process or a parent process) that restores the sub-process status to task_running (usually by sending a sigcont signal), the sub-process will remain in the task_stopped state.

If the clone_stopped flag is not set, call the wake_up_new_task () function to perform the following operations:

A. Adjust the scheduling parameters of the Parent and Child Processes

B. if the child process runs on the same CPU as the parent process (when the kernel creates a new process, the parent process may be transferred to another CPU for execution ), in addition, the parent process and the child process cannot share the same page table (the clone_vm mark is cleared). Then, the child process is inserted into the parent process running queue, so that the child process is in front of the parent process, therefore, the sub-process is forced to run before the parent process. If a child process refreshes its address space and executes a new program after it is created, this simple processing will produce better performance. If we let the parent process run first, the copy mechanism will execute a series of unnecessary page copies during writing.

C. otherwise, if the child process and the parent process run on different CPUs, or the parent process and the child process share the same group of page tables (the clone_vm mark is set ), insert the child process to the end of the parent process running queue.

If the clone_stopped flag is set to a bit, the sub-process is set to task_stopped.

If the parent process is tracked, the child process PID is saved to the current ptrace_message field and ptrace_policy () is called (). Ptrace_notify () indicates that the current process stops running and sends a sigchld signal to the parent process of the current process. The child process's grandfather process is the debugger process that tracks the parent process. Sigchld signal notifies the debugger process: current has created a sub-process. You can find the current-> ptrace_message field to obtain the PID of the sub-process.

If the clone_vfork flag is set, the parent process is inserted into the waiting queue and the parent process is suspended until the child process releases its memory address space (that is, until the child process ends or executes a new program ).

The PID of the child process.

Vi. copy_process () function

The work completed by the copy_process () function is very interesting:
. Call dup_task_struct () to create a kernel stack, thread_info structure, and task_struct for the new process. These values are the same as those of the current process. In this case, the descriptor of the child process and the parent process is identical.
After checking the newly created sub-process, the number of processes owned by the current user does not exceed the resource limit allocated to him.
. Now, the child process starts to distinguish itself from the parent process. Many members in the process descriptor must be cleared by 0 or set as the initial value. The value of a process descriptor is not inherited, but mainly statistical information. Most data in the process descriptor is shared.
. Then, the sub-process status is set to task_uninterruptible to ensure that it will not be put into operation.
. Copy_process () calls copy_flag () to update the flags member of task_struct. The pf_superpriv flag indicating whether the process has superuser permissions is cleared. The pf_forknoexec flag indicating that the process has not called the exec () function is set.
. Call get_pid () to obtain a valid PID for the new process.
According to the parameter flag passed to clone (), copy_process copies or shares opened files, file system information, signal processing functions, process address spaces and namespaces. In general, these resources will be shared by all threads of the given process; otherwise, these resources are different for each process and therefore copied here.
. Finally, copy_process () is used to scan the tail and returns a pointer to the child process.
Return to the do_fork () function. If the copy_process () function is returned successfully, the newly created sub-process is awakened and put into operation. The kernel intentionally selects sub-process execution. Therefore, generally, sub-processes call the exec () function immediately to avoid additional overhead of copy during write. If the parent process is executed first, it may start to write data to the address space.