Linux implementation features based on the i386 architecture-memory and process

Article title: Linux implementation features based on the i386 architecture-memory and process. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Summary
?? The Linux kernel design should take into account the implementation on a variety of different microprocessor, as well as the implementation on 64-bit microprocessor (such as Alpha ).
IV. Memory management
1. Basic Framework
?? The Linux kernel design should take into account the implementation on a variety of different micro-processors, as well as the implementation on 64-bit micro-processors (such as Alpha, therefore, it is not necessary to design its ing mechanism for the i386 structure, but based on the hypothetical, virtual microprocessor and MMU (memory management unit, design a general model, and then implement it on a specific microprocessor. Therefore, the ing mechanism of Linux kernel is designed as three layers, and an "intermediate directory" is added between the page Directory and the page table ". In the code, the page directory is called PGD, the intermediate directory is called PMD, and the page table is called PT. The table item of PT is called PTE. PGD, PMD, and PT are Arrays. correspondingly, linear addresses are logically divided into four segments from high to low, which occupy several places, it is used as the subscript of the directory PGD, the subscript of the Center Directory PMD, the subscript in the page table, and the displacement in the physical page respectively.
?? For the i386 microprocessor, the CPU does not actually map addresses based on three layers but on two-layer models. Therefore, the Virtual Layer-3 ING needs to be implemented to the specific layer-2 ING, skip the center's PMD hierarchy.
2. the whole process of address ing
?? The i386 microprocessor first performs segment ING on the addresses in the program before page ING. However, the method used by Linux does not actually play a role in the process of segment ING.
?? The following describes the whole process of address ing in Linux through a simple program:
# Include
Greeting ()
{
Printf ("Hello world!
");
}
Main ()
{
Greeing ();
}
?? This program calls greeting in the main function to display "Hello world !", After compilation and disassembly, we get the result of disassembly.
08048568:
8048568: 55 push1 % ebp
8048856b: 89 e5 mov1 % esp, % ebp
804856b: 68 04 94 04 08 push1 $0x8048404
8048570: e8 ff fe ff call 8048474 <_ init + 0x84>
8048575: 83 c4 04 add1 $0x4, % esp
8048578: c9 leave
8048579: c3 ret
804857a: 89 f6 mov1 % esi, % esi
0804857c:
804857c: 55 push1 % ebp
804857d: 89 e5 mov1 % esp, % ebp
804857f: e8 e4 ff call 8048568
8048584: c9 leave
8048585: c3 ret
8048586: 90 nop
8048587: 90 nop
?? As shown above, the address of greeting () is 0x8048568. In the executable code in elf format, the program's "code segment" is always arranged at 0x8000000, which is true for each program.
?? When the program executes the "call 8048568" command in main, it will be transferred to the virtual address 8048568.
?? The first step is the segment ing stage. Address 8048568 is the entry of a program. More importantly, there is an EIP pointing to the CPU during execution, so it is in the code segment. I386cpu uses the current CS value as the selection child of segment ING.
?? When the kernel creates a process, it must set its segment registers, set DS, ES, and SS to _ USER_DS, and set CS to _ USER_CS. that is to say, in the Linux kernel, the stack segment and the code segment are separated.
Index TI DPL
# Define_KERNEL_CS 0x10 0000 0000 0001 0 | 0 | 00
# Define_KERNEL_DS 0x18 0000 0000 0001 1 | 0 | 00
# Define_USER_CS 0x23 0000 0000 0010 0 | 0 | 11
# Define_USER_DS 0x2B 0000 0000 0010 1 | 0 | 11
_ KERNEL_CS: index = 2, TI = 0, DPL = 0
_ KERNEL_DS: index = 3, TI = 0, DPL = 0
_ USERL_CS: index = 4, TI = 0, DPL = 3
_ USERL_DS: index = 5, TI = 0, DPL = 3
?? All TI instances are 0, and global descriptions are used. The DPL of the kernel is 0, the highest level; the DPL of the user is 3, the lowest level. _ USER_CS is 4th items in the GDT table. the code for initializing GDT content is as follows:
ENTRY (gdt-table)
. Quactive 0x0000000000000000/* NULL descriptor */
. Quactive 0x0000000000000000/* not used */
. Quad 0x00cf9a00000ffff/* 0x10 kernel 4 GB code at 0x00000000 */
. Quad 0x00cf9200000ffff/* 0x18 kernel 4 GB data at 0x00000000 */
. Quad 0x00cffa00000ffff/* 0x23 user 4 GB code at 0x00000000 */
. Quad 0x00cff200000ffff/* 0x2b user 4 GB data at 0x00000000 */
The first and second items in the GDT table are not required. The third and fifth items correspond to the values of the previous four register segments.
Expand the content of the four descriptions:
K_CS: 0000 0000 1100 1111 1001 1010 0000 0000
0000 0000 0000 0000 1111 1111 1111
K_DS: 0000 0000 1100 1111 1001 0010 0000 0000
0000 0000 0000 0000 1111 1111 1111
U_CS: 0000 0000 1100 1111 11111 1010 0000 0000
0000 0000 0000 0000 1111 1111 1111
U_DS: 0000 0000 1100 1111 1111 0010 0000 0000
0000 0000 0000 0000 1111 1111 1111
?? The following content of the four descriptions is the same.
· BO-B15/B16-B31 is 0 base address all 0
· LO-L15, L16-L19 is a segment of the boundaries are all 0 xfffff
· G-bits are all 1-segment long and all are 4 KB
· All D-bit commands are 1 32-bit
· All the four P-bits are in the memory.
The difference is that the permission level is different, the kernel level is 0, and the user level is 3.
?? It can be seen that each segment is an entire 4 GB space from address 0, and the ing between virtual addresses and linear addresses remains unchanged.
?? Return to the greeting program and map the address 8048568 to itself through the segment ING to get a linear address.
?? Each process has its own page directory PGD. every time a process is scheduled to run, the kernel must set the control register of the process to be run, while the MMU hardware always gets the page directory pointer of the current process from S3.
?? When the program is going to go to the address 0x8048568, the process is running, and the process has been set up to point to the page Directory of the process.
8048568: 0000 1000 0000 0100 1000 0101 0110
?? According to the linear address format, the maximum 10-bit 0000100000, 32 in decimal format, the following standard 32 goes to the page directory table to find its page Directory items. Add 12 zeros after the 20-bit height of the directory item on this page to get the pointer of the page table. Find the page table, and then look at the 10-digit 001001000 in the middle of the linear address, 72 in decimal format. The corresponding table items are found in the found page table with the subscript 72. The base address of the physical memory page is obtained after 12 zeros are added to the 20-bit high of the page table item. The base 12 bits of the linear address and the base address of the physical page are added to obtain the physical address to be accessed.
3. efficiency analysis of address ing
?? In the page ing process, the CPU needs to access the memory three times. The first is the page Directory, the second is the page table, and the third is the real target. In this way, the target that can be obtained by one access to the memory without the paging mechanism is changed to three access to the memory. Obviously, the efficiency of the paging mechanism is greatly reduced.
?? To reduce this overhead, the recently executed address translation results are stored in the MMU conversion backup cache (TLB. Although it is necessary to read the specific page directory and page table in the memory for the first time, once it is loaded into TLB, it does not need to be read in the memory, and these are all completed by hardware, so the speed is very fast.
?? TLB is invisible to programs with higher permissions than Level 0. only programs at Level 0 of the system can operate on them.
?? When the content of the content changes, all content in the TLB will automatically become invalid. In Linux, the _ flush_tlb macro is used. _ Flush_tlb is only two Assembly commands. it stores the value of in the temporary variable tmpreg and immediately copies the value of tmpreg back to the temporary variable tmpreg. in this way, all content in TLB is set to invalid. In addition to invalid content in all TLB instances, you can select an invalid TLB record. This requires the INVLPG command.
5. Process Management
1. I386 hardware task switching mechanism
?? In the i386 system design, Intel considers process management and scheduling, and supports switching between tasks on the hardware. To this end, Intel added a new segment "task status segment" TSS in the i386 system structure. Although a TSS is like a code segment or data segment, it is actually a 104-byte data structure that records the critical state information of a task.
?? Like other segments, TSS also needs to have a table item in the segment description table. However, TSS can only be in GDT, but not in any LDT or IDT. If you access a TSS instance using a segment selection item and the TI bit in the selection item is 1, a GP exception occurs.
?? In addition, a task register TR is added to the CPU to point to the TSS of the current task. Correspondingly, a command LTR is added to load the TR Register. Like CS and DS, TR also has an invisible part of the program. whenever a segment selection code is loaded into TR, the CPU automatically finds the selected TSS description and loads it into the invisible part of the TR program to accelerate future access to the TSS segment.
?? In addition to the interrupt door, trap door, and call door, the IDT table also defines a task door. The task contains a TSS segment selection code. When the CPU passes through a task door due to interruption, the selection code in the task door is automatically loaded into TR, so that TR points to the new TSS, and the task switching is completed. The CPU can also implement task switching through the JMP and CALL commands. when the jump or CALL target segment actually points to a TSS description in the GDT table, a task switching will occur.
2. Linux task switching and field protection
?? Intel is well-designed for task switching and provides a simple task switching mechanism. However, Linux does not use the task switching mechanism provided by the i386 hardware. The reason why Linux does this is largely from the perspective of efficiency. The task switching that has been automatically completed by the CPU is not just a single command. In fact, in i386, the process of switching tasks through JMP or CALL commands is quite complex, and its execution process is more than 300 CPU clock cycles. In the execution process, the CPU actually does all the things that need to be done, and some of the things are under certain conditions.