Experiment six ——— analyze the process of creating a new process for the Linux kernel

Analyzing the process of creating a new process for the Linux kernel

Grasping Writer: Li Pengju No.: 20132201

(* Original works reproduced please specify the source *)

(Study course: "Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000)

Request this week:

1. Reading comprehension task_struct data structure http://codelab.shiyanlou.com/xref/linux-3.18.6/include/linux/sched.h#1235;

2. Analyze the kernel processing process of the fork function Sys_clone, understand how to create a new process and how to create and modify task_struct data structure;

3. Using the GDB trace to analyze a fork system calling the kernel handler Sys_clone, verifying your understanding of creating a new process for the Linux system, it is recommended to complete the experiment in the lab Building Linux virtual Machine environment.

4. Paying special attention to where the new process starts? Why does it go smoothly? That is, the execution starting point is consistent with how the kernel stack is guaranteed.

Process Management Summary:

Linux creates a new process by copying the parent process

The fork function, the specific process:

Copy a pcb--task_struct to assign a new kernel stack to the new process,

TI = Alloc_thread_info_node (tsk, node); T

Sk->stack = Ti;

Setup_thread_stack (tsk, orig); This is just a copy of the Thread_info, not the copy kernel stack to modify the copied process data, such as PID, process chain list, see copy_process inside.

*childregs = *current_pt_regs (); Copy the kernel stack
Childregs->ax = 0; Fork of child process returns 0

P->THREAD.SP = (unsigned long) childregs; Top of the kernel stack when dispatched to a child process
P->thread.ip = (unsigned long) ret_from_fork; The address of the first instruction when dispatched to a child process

System calls kernel processing function sys_fork,sys_vfrok,sys_clone, in fact, the final execution is do_fork

There are: Do_fork.

Copy_process

Dup_task_struct//Copy PCB

Alloc_thread_info_node//Creating a page is actually the effect of allocating kernel stack space.

Setup_thread_stack//Copy the Thread_info and initialize the child process.

Where does the new process of creation start--"ret_from_fork" (this is the weight of the week)
*childregs = *current_pt_regs (); Copy the kernel stack (the copied pt_regs is the part of the system call stack in Save_all. ）
Childregs->ax = 0; Fork of child process returns 0
P->THREAD.SP = (unsigned long) childregs; Top of the kernel stack when dispatched to a child process
P->thread.ip = (unsigned long) ret_from_fork; The address of the first instruction when dispatched to a child process
IP is pointing to ret_from_fork, so it starts here.

Experimental process:

1. Delete the original menu, and clone the new menu, with TEST_FORK.C overlay test.c

2.make Rootfs After the new kernel starts, test the fork function:

3. Use the-s-s frozen core to prepare for commissioning:

4. Debug the GDB distribution:

After that, the final result is obtained by debugging step-by-step.

Experiment Summary:

The most important part of this week's course is the management of the process, and Do_fork is one of the most critical macros.

Do_fork handles the following:

1. 调用copy_process，将当期进程复制一份出来为子进程，并且为子进程设置相应地上下文信息。2. 初始化vfork的完成处理信息（如果是vfork调用）3. 调用wake_up_new_task，将子进程放入调度器的队列中，此时的子进程就可以被调度进程选中，得以运行。4. 如果是vfork调用，需要阻塞父进程，知道子进程执行exec。

进程创建的关键copy_process：

The general flow of copy_process:

 检查各种标志位（已经省略） 调用dup_task_struct复制一份task_struct结构体，作为子进程的进程描述符。 检查进程的数量限制。 初始化定时器、信号和自旋锁。 初始化与调度有关的数据结构，调用了sched_fork，这里将子进程的state设置为TASK_RUNNING。 复制所有的进程信息，包括fs、信号处理函数、信号、内存空间（包括写时复制）等。 调用copy_thread，这又是关键的一步，这里设置了子进程的堆栈信息。 为子进程分配一个pid 设置子进程与其他进程的关系，以及pid、tgid等。这里主要是对线程做一些区分。

In copy_process, the Copy_thread function prepares the context stack information for the child process

The copy_thread process is as follows:

1. 获取子进程寄存器信息的存放位置2. 对子进程的thread.sp赋值，将来子进程运行，这就是子进程的esp寄存器的值。3. 如果是创建内核线程，那么它的运行位置是ret_from_kernel_thread，将这段代码的地址赋给thread.ip，之后准备其他寄存器信息，退出4. 将父进程的寄存器信息复制给子进程。5. 将子进程的eax寄存器值设置为0，所以fork调用在子进程中的返回值为0.6. 子进程从ret_from_fork开始执行，所以它的地址赋给thread.ip，也就是将来的eip寄存器。
（这就是我所了解到的全部的流程，本来应该画个流程图的，但是作图太困难了，还是直接文字说明一下吧）

Experiment six ——— analyze the process of creating a new process for the Linux kernel