Linux Kernel Learning notes-2. Process Management

Some of the content is from: Linux Kernel Development (third Edition), Robert love, Chen Li June and other translations.

1. Process

A process is a real-time result of an executing program code that contains an open file, a pending signal, and so on. A thread is an active object in a process, and the kernel dispatches an object that is a thread. The Linux kernel does not differentiate between threads and processes, and threads are simply a special process.

2. Process Descriptor

The kernel stores the process information in a doubly-linked list of task lists, and each item in the list is a structure of type task_struct, a process description Fu, and contains all the information for a specific process. Linux allocates the TASK_STRUCT structure through the slab allocator to achieve object reuse and cache coloring, at which point only a thread_info structure is created at the top or bottom of the stack to hold the task_struct pointer.

The kernel identifies each process through a unique process identifier PID (represented as an pid_t implicit type), which is of type int, and for compatibility with older versions of UNIX and Linux, the maximum value is set to 32768 (the maximum value of short int), which can be set.

In the kernel, access tasks typically require pointers to task_struct, and the current macro looks for a pointer to the currently running process description Fu, which is only available in kernel space, where the kernel is in the process context. The implementation of the current macro is related to the hardware architecture, some hardware architectures have special registers to save the present task_struct pointer, but such as x86, and there is no such register, you can only at the end of the kernel stack to create thread_info structure, Find the task_struct pointer by calculating the offset introduction. The method is to mask the second 13 significant bits of the stack pointer (assuming the stack is 8KB):

MOVL $-8192,%eax

Andl%esp,%eax

3. Process status, context, family tree

The state in task_struct describes the current status of the process, and the value must be one of the following five states:

1.task_running

Running: Executing or waiting for execution in the run queue, which is the only possible state of the process in user space.

2.task_interruptible

Interruptible: The process is blocked, and the process can be run at any time when certain conditions of the process are reached or received and the signal is awakened in advance.

3.task_uninterruptible

Non-interruptible: The process is blocked, but the process receives a signal that does not wake up, must wait without interference, or waits for the event to occur quickly.

4.task_traced

Trace: A process that is tracked by another process.

5.task_stopped

Stop: The process stops running.

The kernel sets the process state through Set_task_state (task,state).

There is a clear inheritance between Linux processes, which are descendants of the init process with PID 1. Each task_struct contains a pointer to its parent process named parent, and also contains a list of child processes named children.

4. Process creation

UNIX decomposes the creation of a process into two separate function executions: fork () and exec ().

First, fork () creates a child process by copying the current process, the difference between the child process and the parent process is only the statistics of the PID, Ppid, and some resources (for the parent process, the fork function returns the subroutine's process number, and for the subroutine, the fork function returns 0).

The role of the EXEC function family is to locate the executable file according to the specified file name and use it to replace the contents of the calling process. Once a process calls the Exec class function, it is itself "dead", the system replaces the code snippet with the new program's code, discards the original data segment and stack segment, and assigns new data segments and stack segments to the new program, the only one left is the process number.

There are two main cases of using the EXEC function family in Linux:

1. When the process thinks it can no longer make any contribution to the system and users, it can invoke any exec function family to regenerate itself.

2. If a process wants to execute another program, it can call the fork function to create a new process and then call any exec, which looks like a new process is generated by executing the application. (This is a very common situation).

The fork () of Linux is implemented using a write-time copy (Copy-on-write). The kernel does not replicate the entire process address space, but instead allows the parent and child processes to share a copy, and the replication of the resource only takes place when it needs to be written, before which it is shared in a read-only manner. If the page is not written at all (call exec () immediately after fork ()), it is not necessary to replicate.

5. Threads

From the kernel's point of view, it does not have a thread concept, and Linux treats all threads as processes and specifies that they share some resources.

5. Process termination

The process's destruction occurs when the process calls the exit () system call, and it is most likely to call this system call explicitly or from the main function of a program (the C language compiler will call exit () after the return point of the main function. The end task is mostly done by Do_exit (). Do_exit () completes a series of tedious work, and after execution, the process does not disappear immediately.

The parent process exits before the child process and needs to ensure that these child processes find a new parent. The workaround is to have the child process find a thread within the current thread group as the father, and if not, let the init process adopt.

Cleanup work at the end of the process and deletion of the process descriptor are performed separately. The deletion of a process descriptor occurs after the parent process has obtained information about the child process that has been terminated, or notifies the kernel that it is not following the information.

The wait () system call family is implemented through a unique system call, WAIT4 (), which suspends the process that invokes it, parses whether a child process of the current process exits with wait (), and then collects information about the process, destroys it and returns it, and if not found, the parent process blocks Until one appears.

Linux Kernel Learning notes-2. Process Management