Linux Kernel Analysis Summary

Zhang Yu + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

Learning directory:

(1) How the computer works http://www.cnblogs.com/20135131zxy/p/5224486.html

(2) How the operating system works http://www.cnblogs.com/20135131zxy/p/5248343.html

(3) Linux system boot process http://www.cnblogs.com/20135131zxy/p/5272607.html

(4) Method of system call http://www.cnblogs.com/20135131zxy/p/5297795.html

(5) Analysis System-call interrupt processing process http://www.cnblogs.com/20135131zxy/p/5315514.html

(6) Analyzing the process of creating a new process in the Linux kernel http://www.cnblogs.com/20135131zxy/p/5340944.html

(7) How Linux loads and launches an executable program http://www.cnblogs.com/20135131zxy/p/5371904.html

(8) Understand the process of process scheduling and process switching during time tracking analysis process http://www.cnblogs.com/20135131zxy/p/5390502.html

Learning Summary:

In the Linux kernel these weeks of learning, I learned a lot of knowledge that I have never known before.

about how the computer works:

The computer system consists of two parts: hardware and software system. von Neumann (Johnvon Neumann) lays the basic structure of modern computers, also known as the von Neumann structure, which is characterized by:

1) The use of a single processing unit to complete the calculation, storage and communication work.

2) The storage unit is a fixed-length linear organization.

3) The unit of storage space is addressed directly.

4) Use the low-level machine language, instruction through the operation code to complete the simple operation.

5) centralized sequential control of the calculations.

6) The computer hardware system is composed of five components of the arithmetic, memory, controller, input device and output device, and stipulates their basic functions.

7) Use binary form to represent data and instructions.

I think that when the computer is running, it takes the first instruction from memory, and then according to the requirements of the instruction, takes the data out of the memory for the specified operation and logic operation, and then sends the result to the memory by the address. Next, take out the second instruction, complete the specified operation under the command of the controller, which is equivalent to the for loop in C language, and proceed accordingly. Until a stop command is encountered.

about how the operating system works:

When a process executes a program, an interrupt comes in, the CPU first presses the current EIP,ESP into the kernel stack, then points the ESP to the kernel stack, and the EIP points to the ingress of interrupt processing, the most critical of which is TSS, because the TSS stores information about the various registers in the user state, Therefore, the user-state EIP and ESP into the stack, it is equivalent to a state before the process of saving, in order to continue to perform the previous task after returning from the interrupt, and then kernel call Save_all to save the other register information in the stack, and then according to the CS Eip point to the interrupt program, The interrupt is processed. When an interrupt is executed, it is dispatched via schedule, the most important of which is SwitchTo, which calls the switch to function to dispatch. When the interrupt is finished, to return to the user state, you need to go back to the beginning of the initial outage to continue to perform the previous task, which requires that restore all stack the values previously saved in the kernel stack, and then restore the state of their calculators through iret, so that we are back to the user state, Resumes execution of a task that was paused due to an outage.

I think the core of the operating system is the process, and many operating systems have their own core processes, the process is the dynamic execution of the program. The most important operation of the system is to complete the core process, while the other program is the derivative of its core process, it can control the process of the derivation process start and switch can even terminate the process, when the core system ends, will affect the operation of the entire operating system.

about the Linux system Start-up process:

First find the MAIN.C in Startkernel, regardless of which part of the analysis kernel to call Startkernel.

Arch/x86 in Trap init, a lot of interrupts are set, and system calls are also interrupts. Initprocess is a process in the Linux system, when no process in the system needs to be executed, it will be dispatched to the idle process, startkernel from the beginning of the kernel will always exist, this is the No. 0 process, then No. 0 process created 1th process is init, So the system started up. This is the boot process of the kernel.  Init_task is the process descriptor used by process 0 and the first process descriptor in the Linux system, the process descriptor is defined in ARCH/POWERPC/KERNEL/INIT_TASK.C and the code snippet is as follows: struct TASK_STRUCT Init_task =init_task (init_task); Init_task Descriptor initializes the Init_task process descriptor using the macro Init_task in Init_task Task.h file, Init_task is the first thread in the Linux kernel that runs through the initialization of the entire Linux system, which is the only process in the Linux system that is not created with the Kernel_thread () function, in Init_ When the task process executes late, it calls the Kernel_thread () function to create the first core process kernel_init, while the init_task process continues to initialize the Linux system. After initialization is complete, the init_task is degraded to the cpu_idle process, which will get CPU run when there are no other processes in the Core0 ready queue. The newly created 1th process Kernel_init will start the secondary CPU one by one and eventually create the user process.

About the system call method:

User program------>C library (i.e. API): int0x80----->system_call-------> System invoke Service Routines--------> Kernel programs

First of all, we often say that the user API is actually a system-provided C library.

The system call is implemented through the soft interrupt instruction INT 0x80, and this int0x80 instruction is encapsulated in the function of the C library.

(soft interrupts differ from what we often call hard interrupts in that soft interrupts are triggered by instructions, not by hardware peripherals.) ）

INT 0x80 The execution of this instruction will cause the system to jump to a preset kernel space address, which points to the system call handler, the System_call function.

(NOTE:!!!) System call handler System_call is not a system invoke service routine, the system invoke service routine is a kernel implementation function for a specific system call, and the system call handler is a boot process before the system invokes the service routine, which is for the INT0X80 directive. For all system calls. To put it simply, any system call is done first by invoking the function in library C, where there will be a soft interrupt int0x80 statement, and then go to execute system call handler System_call,

The system_call then goes to the execution of the specific system invocation service routine based on the specific system call number. ）

The system_call function looks up the system call table through the system call number sys_call_table! when the soft interrupt instruction INT0X80 executes, the system call number is placed in the EAX register, the System_call function can read the EAX register fetch, multiply it by 4, generate an offset address, and then use sys_call_table as the base address, You can get the address of the specific system call service routine!

then the system invokes the service routine . It is necessary to note that the system invoke service routine takes only the parameters from the stack, so the parameters are stored in the registers before the System_call executes, and the registers are first pressed into the stack when System_call executes. After the system_call exits, the user can obtain (modified) parameters from the register.

In addition: The system call int0x80 into the kernel through the soft interrupt, jump to the system call handler System_call function, and then execute the corresponding service routine. However, because it represents the user process, the execution process is not part of the interrupt context, but the process context. Therefore, during system call execution, many of the information that can be accessed by the user process can be preempted by other processes and can hibernate.

Once the system call is complete, the kernel will be dispatched once the control is handed back to the user process that initiated the call. If you find that a higher priority process or the current process has run out of time slices, you will select a higher priority process or re-select the process execution.

about the System-call Interrupt Handling Process:

The system call is implemented through the soft interrupt instruction int 0x80, and this INT 0x80 directive is encapsulated in the function of the C library. INT 0x80 The execution of this instruction will cause the system to jump to a preset kernel space address, which points to the system call handler, the System_call function. System call handler System_call is not a system invoke service routine, the system invoke service routine is a kernel implementation function for a specific system call, and the system call handler is a boot process before the system invokes the service routine, which is for the INT0X80 directive. For all system calls. To put it simply, any system call is performed first by invoking the function in library C, where there will be a soft interrupt int0x80 statement, and then go to execute system call handler System_call, system_ Call then goes to perform a specific system call service routine based on the specific system invocation number.

The System_call function finds the system call table through the system call number sys_call_table! the soft interrupt instruction INT0X80 executes, the system call number is put into the EAX register, the System_call function can read the EAX register and multiply it by 4. Generate an offset address, and then take sys_call_table as the base address, the base address plus the offset addresses, you can get the specific system call service routine addresses!

Then the system invokes the service routine. It is necessary to note that the system call service routine only takes parameters in the stack, so the parameters are stored in the register before System_call executes, and the registers are first pressed into the stack when executed System_call. After the system_call exits, the user can obtain (modified) parameters from the register.

In addition: The system call int0x80 into the kernel through the soft interrupt, jump to the system call handler System_call function, and then execute the corresponding service routine. However, because it represents the user process, the execution process is not part of the interrupt context, but the process context. Therefore, during system call execution, many of the information that can be accessed by the user process can be preempted by other processes and can hibernate.

Once the system call is complete, the kernel will be dispatched once the control is handed back to the user process that initiated the call. If you find that a higher priority process or the current process has run out of time slices, the higher priority process or the re-select Process Execution is selected

about the Linux the process by which the kernel creates a new process

The only way to create a new process in Linux is to use the fork function, where fork () executes once but has two return values.

In the parent process, the return value is the process number of the child process, and in the child process, the return value is 0. The return value can therefore be used to determine whether the current process is a parent or child process.

At the end of the fork is the task is set to a ready state, because fork () is a system call, in the system call section SYSTEM_CALL.S, you can see after the system function returns, call the Dispatch function schedule (), in schedule (), The ready state of the new process is detected and switched to the new process with switch_to () to execute.

The child process that is obtained by using the fork function is a replica of the parent process, which copies the entire process's address space from the parent process, including the process context, process stack, memory information, open file descriptor, signal control setting, process priority, process group number, current working directory, root directory, resource limit, control terminal, and so on. The child process is unique only to its process number, resource usage, and timers. As you can see, the cost of using the fork function is very large, it replicates the code snippet in the parent process, the data segment, and the majority of the stack segment, making the fork function not execute fast. A new process created by the fork () system call is called a child process. The function is called once, but returns two times. If the fork () process call succeeds, the difference between two returns is that the return value of the child process is 0, and the return value of the parent process is the process number of the new child process

about the Linux How to load and start an executable program

In Linux, the parent process is first created, and then a new process is created by calling the fork () system call, and then the new process calls the EXECVE () system call to execute the specified elf file. The main process continues to return waiting for the new process to finish executing, and then waits for the user to enter the command again. The EXECVE () system call is defined in Unistd.h, and its prototype is as follows:

Intexecve (const char *filenarne, char *const argv[], char *constenvp[]);

Its three parameters are executed by the program file name, execution parameters and environment change most. GLIBC EXECVP () system calls are packaged, providing 5 different forms of exec series APIs such as Execl (), EXECLP (), Execle (), Execv (), and EXECVP (), which differ only in the parameters of the call, But it will eventually be called to the Execve () system.

Call the EXECVE () system call, and then call the kernel's ingress Sys_execve (). Sys_execve () calls Do_execve () after some parameters are checked for replication. Because executables are more than just elf, there are Java programs and "#!" Start of the script and so on, so Do_execve () will first check the executed file, read the first 128 bytes, especially the beginning of 4 bytes of magic number, to determine the format of the executable file. If the script is an interpreted language, the first two bytes "#!" It makes up the magic number, and once the system determines the two bytes, the subsequent string is parsed to determine the path of the program interpreter. Environment, the executable file is in the elf format, the file header indicates that the file is loaded into memory necessary information, followed by the form of segments of the code and data, the division is mainly based on the load into memory read and write properties. The system call EXECVE is responsible for the dispatch of the executable file, first carries on the correlation parameter transfer and the pre-call environment processing, then loads the executable file the information, looks for the corresponding executable file parsing module, for the elf format executable file, according to the format request load to the corresponding address space in memory, If it is statically linked, start with the entry address indicated in the header of the file, and if it is an executable file that relies on the dynamic link library, it needs to start with the portal address of the dynamic linker ld. Execve is a special system call in which the total fork of the subprocess returns to a specific point, the current program executes to EXECVE when it falls into the kernel state, when Execve returns is a new executable execution starting point, the shell environment executes EXECVE, When the system call is stuck in the kernel, call Evecve,doexecve, load the header according to the executable file, and look for the kernel module to parse in the list.

On the process of understanding process scheduling and process switching during time tracking analysis

There is a system in the current system is running, which has a user-state process x,x need to switch to user-state Y, from the running x switch to Y

The most common scenario: a running user-state process X switch to run user-state process Y the process

1. Running user-state process X

2. Interrupt--savecs:eip/esp/eflags (current) to kernel Stack,then load Cs:eip (entryof a specific ISR) and SS:ESP (point to Kernel Stack). (Causes it to fall into the kernel state, pressing the CPU process into the kernel stack)

3.save_all//Save site

4. Schedule () is invoked during interrupt processing or before an interrupt is returned, where Switch_to makes a critical process context switch (there is an interrupt processing time during interrupt processing)

5. After the label 1 begins to run the user-state process y (here Y has been switched out through the above steps so you can continue from the label 1)

6.restore_all//Recovery site

7.iret-pop cs:eip/ss:esp/eflags Fromkernel Stack

8. Continue to run the user-state process y

Interrupts and interrupts are returned with a CPU context switch, and process scheduling has a process context switch

is very similar, except that there is no process user-state or kernel-state conversion during kernel thread running;

Several special cases

By interrupting the timing of the processing process, the user-state process and kernel threads switch between each other and the kernel threads switch to each other, very similar to the most common situation, but the kernel thread is running in the process of interruption without process user state and kernel state conversion;

Kernel thread actively calls schedule (), only the process context of the switch, there is no interrupt context switch, and the most general situation is slightly abbreviated;

The system call that creates the child process starts in the subprocess and returns the user state, such as fork;

A situation in which a new executable program is loaded and returned to the user state, such as EXECVE;

About switching relationships for each process state

Linux Kernel Analysis Summary