Introduction to Linux kernel (csdn)

For many Linux enthusiasts who are interested in the kernel, this article aims to introduce an entry method for interpreting the Linux kernel source code, rather than explaining the complex Linux Kernel Mechanism. (Reference Source: feiling http://www.witech.com.cn /)
I. Core sources Program File organization:
1. the Linux core source code is usually installed in/usr/src/Linux, and it has a very simple numbering Convention: Any even core (such as 2.0.30) is the core of a stable release, and any odd core (such as 2.1.42) is the core of development.
This article is based on stable 2.2.5 Source code The second part of the implementation platform is RedHat Linux 6.0.
2. The core source program files are organized in a tree structure. At the top of the source program tree, you will see the following directories:
● Arch: the arch sub-directory contains all the core related to the architecture. Code . Each of its subdirectories represents a supported architecture. For example, i386 is a subdirectory about Intel cpu and its compatible architecture. Generally, PCs are based on this directory;
● Include: The include sub-Directory includes most of the header files required for compiling the core. Platform-independent header files are in the include/Linux subdirectory, Intel CPU-related header files are in the include/asm-i386 subdirectory, And the include/SCSI directory is the header file directory of the SCSI device;
● Init: This directory contains the core initialization code (Note: it is not the System Boot Code) and contains two main files. C and version. c. This is a very good starting point for studying how the core works.
● Mm: This Directory includes all memory management code independent of the CPU architecture, such as page-based storage management memory allocation and release; the Memory Management Code related to the architecture is located at ARCH/*/MM/, for example, arch/i386/MM/fault. c
● Kernel: the main core code. The files in this directory implement the kernel functions of most Linux systems. The most important file is sched. c; similarly, the architecture-related code is in arch/*/kernel;
● Drivers: Place all the device drivers in the system. Each driver occupies a sub-directory, for example, block device drivers under/block, such as IDE. C ). If you want to check how all devices that may contain a file system are initialized, you can check device_setup () in drivers/block/genhd. C (). It not only initializes the hard disk, but also initializes the network, because when installing the NFS file system, it requires other network resources: for example, the library code where Lib is placed as the core; net, network-related code as the core; IPC, this directory contains the code for communication between core processes; FS, all File System Code and various types of file operation code. Each of its subdirectories supports a file system, such as fat and ext2;
Scripts, which contains the script files used to configure the core.
Generally, there is. the depend file and a MAKEFILE file are both auxiliary files used for compilation. reading these two files carefully is helpful for figuring out the relationship and dependency between each file. Moreover, there are also readme files in some directories, which are descriptions of the files in this directory, which is also conducive to our understanding of the kernel source code;
2. interpreting practice: Add a system call for your Kernel
Although the Linux kernel source code is organized reasonably and scientifically in a tree structure, all files associated with functions are placed under the same subdirectory, which makes the program more readable. However, the Linux kernel source code is too large and complex. Even if a reasonable file organization method is adopted, there are still many associations between files under different directories, some code at the analysis core usually needs to view several other related files, and these files may not be in the same subdirectory.
The complexity of the system and the complexity of the association between documents may be the main reason why many people are afraid of it. Of course, the return of this daunting labor is also fascinating: You can not only learn a lot of underlying computer knowledge (such as the system guidance described below ), understanding the subtlety of the entire operating system architecture and solving a specific problem in detail, Algorithm And more importantly, in the process of source code analysis, you will be specialized by 1.1 points, imperceptible; or even, after analyzing the code of points, you will deeply understand what kind of code is written by a professional programmer and what kind of code is written by a hobbyist.
In order to allow readers to better understand this feature, the following describes a specific Kernel Analysis instance, this gives readers some specific understanding of the Linux kernel organization, from which they can also learn some kernel analysis methods.
The following is an analysis instance:
[1] operating platform:
Hardware: CPU Intel Pentium II
Software: RedHat Linux 6.0; kernel version 2.2.5 [2] kernel source code analysis:
1. System Boot and initialization: There are several boot methods for Linux systems: Lilo, loadin, and Linux Bootstrap
(Bootsect-loader), and the source code of the latter is arch/i386/boot/bootsect. s, which is an assembly program in the real mode. The length is not analyzed here. No matter which boot mode is used, the system will jump to arch/i386/kernel/setup. s, setup. S is the initialization in the progressive mode to prepare the system for entering the protection mode. After that, the system executes ARCH/i386/kernel/head. S (perform ARCH/i386/boot/compressed/head for the compressed kernel. s); head. setup_idt, an assembly program defined in s, is responsible for creating an IDT table with 256 Items (Interrupt Descriptor Table). This table stores all the inactive and interrupted entry addresses; this includes the entry address of system_call, the general control program of the system call. Of course, in addition, head. s also needs to do some initialization work;
2. The first kernel program asmlinkage void _ init start_kernel (void) that runs after system initialization is defined in
In/usr/src/Linux/init/Main. C, it calls a function in usr/src/Linux/ARCH/i386/kernel/traps. C.
Void _ init trap_init (void) sets the entry addresses of their respective trapped and interrupted service programs to the IDT table. The system calls the Master Control Program system_cal, which is one of the interrupted service programs; the void _ init trap_init (void) function calls a macro set_system_gate (syscall_vector, & system_call), and hangs the entry of the System Call Control Program on the interrupt 0x80; syscall_vector is defined in/usr/src/Linux/ARCH/i386/kernel/IRQ. A constant of 0x80 in H, and system_call is the entry address for interrupting the Master Control Program; the interrupt control program is defined in/usr/src/Linux/ARCH/i386/kernel/entry. s;
3. the interrupt control program is mainly responsible for storing the status before the processor executes the system call, checking whether the current call is legal, and according to the system call vector, redirect the processor to the entry of the corresponding system service routine saved in the sys_call_table table; restore the processor status and return it to the user program after the system service routine returns;
The system call vector is defined in/usr/src/Linux/include/asm-386/unistd. the sys_call_table table is defined in/usr/src/Linux/ARCH/i386/kernel/entry. at the same time in/usr/src/Linux/include/asm-386/unistd. H also defines the User Programming Interface called by the system;
4. it can be seen that the Linux system call is also like the DOS system's int 21 h interrupt service, it uses 0x80 interrupt as the total entry, go to the entry addresses of various interrupt service routines saved in the sys_call_table table to form different types of interrupt services;
According to the source code analysis above, to add a system call, you must add an item to the sys_call_table table, save the entry address of your system service routine, and re-compile the kernel. Of course, system service routines are essential.
It can be seen that in the Linux kernel source program of this version, the source program files related to system calls include the following:
1. Arch/i386/boot/bootsect. s
2. Arch/i386/kernel/setup. s
3. Arch/i386/boot/compressed/head. s
4. Arch/i386/kernel/head. s
5. init/Main. c
6. Arch/i386/kernel/traps. c
7. Arch/i386/kernel/entry. s
8. Arch/i386/kernel/IRQ. h
9. Include/asm-386/unistd. h
Of course, this is only a few of the main files involved. In fact, adding a system call really wants to modify the file only include/asm-386/unistd. h and arch/i386/kernel/entry. S;
[3] modify the kernel source code:
1. Add the system service routine in kernel/sys. C as follows:
Asmlinkage int sys_addtotal (INT numdata)
{
Int I = 0, enddata = 0;
While (I <= numdata)
Enddata + = I ++;
Return enddata;
}
This function has an int-type entry parameter numdata and returns the accumulated value from 0 to numdata. Of course, you can also place the system service routine in a custom file or other file, only necessary instructions should be made in the corresponding file;
2. Add the entry address of asmlinkage int sys_addtotal (INT) to the sys_call_table table:
The last few lines of source code in arch/i386/kernel/entry. s are changed:
......
. Long symbol_name (sys_sendfile)
. Long symbol_name (sys_ni_syscall)/* streams1 */
. Long symbol_name (sys_ni_syscall)/* streams2 */
. Long symbol_name (sys_vfork)/* 190 */
. Rept NR_syscalls-190
. Long symbol_name (sys_ni_syscall)
. Endr
Modified :......
. Long symbol_name (sys_sendfile)
. Long symbol_name (sys_ni_syscall)/* streams1 */
. Long symbol_name (sys_ni_syscall)/* streams2 */
. Long symbol_name (sys_vfork)/* 190 */
/* Add By I */
. Long symbol_name (sys_addtotal)
. Rept NR_syscalls-191
. Long symbol_name (sys_ni_syscall)
. Endr
3. Make necessary declarations in include/asm-386/unistd. h for user processes and other system processes to query or call the vectors corresponding to the added sys_call_table table item:
The added part of the/usr/src/Linux/include/asm-386/unistd. h file is as follows:
......
# DEFINE _ nr_sendfile 187
# DEFINE _ nr_getpmsg 188
# DEFINE _ nr_putpmsg 189
# DEFINE _ nr_vfork 190
/* Add By I */
# DEFINE _ nr_addtotal 191
4. The test program (test. c) is as follows:
# Include
# Include
_ Syscall1 (INT, addtotal, Int, num)
Main ()
{
Int I, J;
Do
Printf ("Please input a numbern ");
While (scanf ("D", & I) = EOF );
If (j = addtotal (I) =-1)
Printf ("error occurred in syscall-addtotal (); N ");
Printf ("Total from 0 to D is d N", I, j );
}
Compile the new kernel after modification and guide it as a new operating system. After running several programs, you can see that everything is normal; compile the test program in the new system (* Note: because the original kernel does not provide this system call, only in the new kernel after compilation, this test program can be compiled and passed). The running conditions are as follows:
$ Gcc-O test. c
$./Test
Please input a number
36
Total from 0 to 36 is 666
Visible, modification successful;
Further analysis of the source code shows that in the kernel of this version, from/usr/src/Linux/ARCH/i386/kernel/entry. s
The settings of the sys_call_table table in the file show that the service routines called by several systems are defined in the same function in/usr/src/Linux/kernel/sys. C:
Asmlinkage int sys_ni_syscall (void)
{
Return-enosys;
}
For example, this is true for items 188th and 189th:
......
. Long symbol_name (sys_sendfile)
. Long symbol_name (sys_ni_syscall)/* streams1 */
. Long symbol_name (sys_ni_syscall)/* streams2 */
. Long symbol_name (sys_vfork)/* 190 */
......
The two items are declared in the file/usr/src/Linux/include/asm-386/unistd. h as follows:
......
# DEFINE _ nr_sendfile 187
# DEFINE _ nr_getpmsg 188/* Some people actually want streams */
# DEFINE _ nr_putpmsg 189/* Some people actually want streams */
# DEFINE _ nr_vfork 190
It can be seen that in the kernel source code of this version, the asmlinkage int sys_ni_syscall (void) function does not perform any operation, so several system calls, including getpmsg and putpmsg, do not perform any operation, that is, the air conditioners to be expanded are used, but they still occupy the sys_call_table table items. It is estimated that they are arranged by the designers to facilitate the expansion of system calls; therefore, you only need to add the corresponding service routines (for example, add the service routines getmsg or putpmsg) to increase system calls.
Conclusion: Of course, for a huge and complex Linux kernel Article It is far from enough, and the Code related to system calls is only an extremely small part of the kernel; but it is important to have a good grasp of the analysis method; therefore, the analysis is only a guiding function, and the readers still need to make their own efforts. :)