Linux kernel Analysis Week seventh job

How the Linux kernel loads and launches an executable program

With the last lesson, this is done directly with VMware (~￣3￣) ~

First observe the new functions of menuos

1 intExec (intargcChar*argv[])2 {3     intpid;4     /*Fork Another process*/5PID =fork ();6     if(PID <0) 7     { 8         /*error occurred*/9fprintf (stderr,"Fork failed!");TenExit (-1); One     }  A     Else if(PID = =0)  -     { -         /*Child Process*/ theprintf"This is the child process!\n"); -EXECLP ("/hello","Hello", NULL); -     }  -     Else  +     {      -         /*Parent Process*/ +printf"This is the Parent process!\n"); A         /*parent would wait for the*/ at Wait (NULL); -printf"Child complete!\n"); -     } -}

Similar to the last fork, except that EXECLP is called in the sub-process's branch.

Here's to mention the exec family, a total of 6 functions

(1) int execl (const char *path, const char *arg, ...);

(2) int execle (const char *path, const char *arg, ..., char * const envp[]);

(3) int execv (const char *path, char *const argv[]);

(4) int execve (const char *filename, char *const argv[], char *const envp[]);

(5) int EXECVP (const char *file, char * const argv[]);

(6) int EXECLP (const char *file, const char *arg, ...);

Only 4-execve are the main body, others are EXECVE packages. The difference between functions can be seen from the function name:

The first parameter with P's 5 and 6 is the file name, and 1-4 without P is the pathname. 5 and 6 will search for the file name entered in the path system variable

The last parameter of 2 and 4 with E is an array of environment variable strings. The environment variable string is in the form of a key-value pair of "myenv=123". A function without e retains the environment variables of the current process to the new program.

The last is the difference between 345 with V and 126 with L. V is the vector, that is, the argument is passed through a string array. L refers to the list, and the parameters are passed directly through an indeterminate argument, and finally a null is added to the end.

The EXECLP used this time is to specify only the file name, the parameters are passed directly through the function argument list, and the end is terminated with null.

The Exec family calls EXECVE system calls, specifically through the DO_EXECVE function. Do_execve also simply encapsulates the input parameters and environment variables, and invokes the Do_execve_common function.

Do_execve_common function is not long, except for some basic inspection, post-processing code, the core is to create a LINUX_BINPRM structure

Simple padding of information such as file names, file handles, parameters, environment variables, and their number, etc.

Next call EXEC_BINPRM, using the BPRM you prepared earlier to start the program.

Because Linux supports a variety of executable file formats (Elf/a.out/coff, etc.), the kernel first finds the loader to load the program specified in BPRM through Search_binary_handler

All loaders are concatenated on the formats linked list, so you can iterate through the list with list_for_each_entry and try to parse the executable program one at a.

If a parser cannot parse the program, it returns ENOEXEC.

by objdump-f Hello you can know Hello is an elf-formatted executable program

So this program is loaded by the Load_elf_binary function. When the function sets a breakpoint, the breakpoint does trigger.

Load_elf_binary longer. The front is basically a variety of checks and then parse elf file header

Call parameters and system variables are also set on the stack in the Create_elf_tables function

Re-process dynamically linked segments

Next, the individual segments of the executable are mapped into memory

Finally, the starting point for execution is set. If dynamic linking is required, the starting point is given to the loader of the dynamic library. Otherwise, the executable entry position of the Elf file is started directly.

This starting address is finally saved by the Start_thread function in the user-state EIP register, together with the user stack

When the process returns from the EXECVE system call, the user-state registers are restored and run automatically from the specified address. and can take parameters and system variables out of the stack.

Summarize

The process of loading the executable program in Linux is basically to put the program into the virtual address space in a specific format. Finally, using the mechanism of system call, the portal of returning user state is set in the kernel state, so that the newly loaded program starts to run.

Wang Yan

Original works reproduced please indicate the source

"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

Linux kernel Analysis Week seventh job