-This HOWTO tries to define how parts of the
-Copyright (C) 2000,2001,2002 Roberto Arcomano. This document is free; you
- can redistribute it and/or modify it under the terms of the GNU General Public
- License as published by the Free Software Foundation; either version 2 of the
- License, or (at your option) any later version. This document is distributed
- in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
- the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- See the GNU General Public License for more details. You can get a copy of
- the GNU GPL
-If you want to translate this document you are free to do so. However, - you will need to do the following: +If you want to translate this document you are free to do so. + However, you will need to do the following: +
+
-Warning! You don't have to translate TXT or HTML file, you have to modify
- LYX file, so that it is possible to convert it all other formats (TXT, HTML,
- RIFF, etc.): to do that you can use "LyX" application you download from
-No need to ask me to translate! You just have to let me know (if you want) - about your translation. +No need to ask me to translate! You just have to let me know + (if you want) about your translation. +
Thank you for your translation! +
-Thanks to
+Thanks to Klaas de Waal for his suggestions. +
When speaking about a function, we write: +
+
For example: +
+
tells us that we talk about +
"schedule" +
function retrievable from file +
[ kernel/sched.c ] +
Note: We also assume /usr/src/linux as the starting directory. +
Indentation in source code is 3 blank characters. +
-We use the"InterCallings Analysis "(ICA) to see (in an indented fashion) - how kernel functions call each other. +We use the"InterCallings Analysis "(ICA) to see (in an indented + fashion) how kernel functions call each other. +
For example, the sleep_on command is described in ICA below: +
+
The indented ICA is followed by functions' locations: +
+
-Note: We don't specify anymore file location, if specified just before. +Note: We don't specify anymore file location, if specified just + before. +
In an ICA a line like looks like the following +
+
-means that < function1 > is a generic pointer to another function. - In this case < function1 > points to < function2 >. +means that < function1 > is a generic pointer to another + function. In this case < function1 > points to < function2 + >. +
When we write: +
+
-it means that < function > is not a real function. It is a label - (typically assembler label). +it means that < function > is not a real function. It is + a label (typically assembler label). +
-In many sections we may report a ''C'' code or a ''pseudo-code''. In real - source files, you could use ''assembler'' or ''not structured'' code. This - difference is for learning purposes. +In many sections we may report a ''C'' code or a ''pseudo-code''. + In real source files, you could use ''assembler'' or ''not structured'' + code. This difference is for learning purposes. +
The advantages of using ICA (InterCallings Analysis) are many: +
+
-As all theoretical models, we simplify reality avoiding many details, such - as real source code and special conditions. +As all theoretical models, we simplify reality avoiding many + details, such as real source code and special conditions. +
+
-The kernel is the "core" of any computer system: it is the "software" which - allows users to share computer resources. +The kernel is the "core" of any computer system: it is the "software" + which allows users to share computer resources. +
-The kernel can be thought ofas the main software of the OS (Operating System), - which may also include graphics management. +The kernel can be thought as the main software of the OS (Operating + System), which may also include graphics management. +
-For example, under Linux (like other Unix-like OSs), the XWindow environment - doesn't belong to the Linux Kernel, because it manages only graphical operations - (it uses user mode I/O to access video card devices). +For example, under Linux (like other Unix-like OSs), the XWindow + environment doesn't belong to the Linux Kernel, because it manages + only graphical operations (it uses user mode I/O to access video + card devices). +
-By contrast, Windows environments (Win9x, WinME, WinNT, Win2K, WinXP, and - so on) are a mix between a graphical environment and kernel. +By contrast, Windows environments (Win9x, WinME, WinNT, Win2K, + WinXP, and so on) are a mix between a graphical environment and kernel. +
-Many years ago, when computers were as big as a room, users ran their applications - with much difficulty and, sometimes, their applications crashed the computer. - +Many years ago, when computers were as big as a room, users ran + their applications with much difficulty and, sometimes, their applications + crashed the computer. +
-To avoid having applications that constantly crashed, newer OSs were designed - with 2 different operative modes: +To avoid having applications that constantly crashed, newer OSs + were designed with 2 different operative modes: +
+
-Kernel Mode "prevents" User Mode applications from damaging the system or - its features. +Kernel Mode "prevents" User Mode applications from damaging the + system or its features. +
-Modern microprocessors implement in hardware at least 2 different states. - For example under Intel, 4 states determine the PL (Privilege Level). It is - possible to use 0,1,2,3 states, with 0 used in Kernel Mode. +Modern microprocessors implement in hardware at least 2 different + states. For example under Intel, 4 states determine the PL (Privilege + Level). It is possible to use 0,1,2,3 states, with 0 used in Kernel + Mode. +
-Unix OS requires only 2 privilege levels, and we will use such a paradigm - as point of reference. +Unix OS requires only 2 privilege levels, and we will use such + a paradigm as point of reference. +
-Once we understand that there are 2 different modes, we have to know when - we switch from one to the other. +Once we understand that there are 2 different modes, we have + to know when we switch from one to the other. +
Typically, there are 2 points of switching: +
+
-System calls are like special functions that manage OS routines which live - in Kernel Mode. +System calls are like special functions that manage OS routines + which live in Kernel Mode. +
A system call can be called when we: +
+
-System calls are almost the only interface used by User Mode to talk with - low level resources (hardware). The only exception to this statement is when - a process uses ''ioperm'' system call. In this case a device can be accessed - directly by User Mode process (IRQs cannot be used). +System calls are almost the only interface used by User Mode + to talk with low level resources (hardware). The only exception to + this statement is when a process uses ''ioperm'' system call. In + this case a device can be accessed directly by User Mode process + (IRQs cannot be used). +
-NOTE: Not every ''C'' function is a system call, only some of them. +NOTE: Not every ''C'' function is a system call, only some of + them. +
-Below is a list of System Calls under Linux Kernel 2.4.17, from [ - arch/i386/kernel/entry.S ] +Below is a list of System Calls under Linux Kernel 2.4.17, from + [ arch/i386/kernel/entry.S ] +
+
-When an IRQ comes, the task that is running is interrupted in order to - service the IRQ Handler. +When an IRQ comes, the task that is running is interrupted in + order to service the IRQ Handler. +
-After the IRQ is handled, control returns backs exactly to point of interrupt, - like nothing happened. +After the IRQ is handled, control returns backs exactly to point + of interrupt, like nothing happened. +
+
-The numbered steps below refer to the sequence of events in the diagram - above: +The numbered steps below refer to the sequence of events in the + diagram above: +
+
-Special interest has the Timer IRQ, coming every TIMER ms to manage: +Special interest has the Timer IRQ, coming every TIMER ms to + manage: +
+
-The key point of modern OSs is the "Task". The Task is an application running - in memory sharing all resources (included CPU and Memory) with other Tasks. +The key point of modern OSs is the "Task". The Task is an application + running in memory sharing all resources (included CPU and Memory) + with other Tasks. +
-This "resource sharing" is managed by the "Multitasking Mechanism". The Multitasking - Mechanism switches from one task to another after a "timeslice" time. Users have - the "illusion" that they own all resources. We can also imagine a single user - scenario, where a user can have the "illusion" of running many tasks at the same - time. +This "resource sharing" is managed by the "Multitasking Mechanism". + The Multitasking Mechanism switches from one task to another after + a "timeslice" time. Users have the "illusion" that they own all resources. + We can also imagine a single user scenario, where a user can have + the "illusion" of running many tasks at the same time. +
-To implement this multitasking, the task uses "the state" variable, which - can be: +To implement this multitasking, the task uses "the state" variable, + which can be: +
+
-The task state is managed by its presence in a relative list: READY list - and BLOCKED list. +The task state is managed by its presence in a relative list: + READY list and BLOCKED list. +
-The movement from one task to another is called ''Task Switching''. many - computers have a hardware instruction which automatically performs this operation. - Task Switching occurs in the following cases: +The movement from one task to another is called ''Task Switching''. + many computers have a hardware instruction which automatically performs + this operation. Task Switching occurs in the following cases: +
+
-* We schedule another task to prevent "Busy Form Waiting", which occurs - when we are waiting for a device instead performing other work. +* We schedule another task to prevent "Busy Form Waiting", which + occurs when we are waiting for a device instead performing other + work. +
Task Switching is managed by the "Schedule" entity. +
+
A typical Timeslice for Linux is about 10 ms. +
+
-Until now we viewed so called Monolithic OS, but there is also another - kind of OS: ''Microkernel''. +Until now we viewed so called Monolithic OS, but there is also + another kind of OS: ''Microkernel''. +
-A Microkernel OS uses Tasks, not only for user mode processes, but also - as a real kernel manager, like Floppy-Task, HDD-Task, Net-Task and so on. Some - examples are Amoeba, and Mach. +A Microkernel OS uses Tasks, not only for user mode processes, + but also as a real kernel manager, like Floppy-Task, HDD-Task, Net-Task + and so on. Some examples are Amoeba, and Mach. +
PROS: +
+
CONS: +
+
-My personal opinion is that, Microkernels are a good didactic example (like - Minix) but they are not ''optimal'', so not really suitable. Linux uses a few - Tasks, called "Kernel Threads" to implement a little microkernel structure (like - kswapd, which is used to retrieve memory pages from mass storage). In this - case there are no problems with perfomance because swapping is a very slow - job. +My personal opinion is that, Microkernels are a good didactic + example (like Minix) but they are not ''optimal'', so not really + suitable. Linux uses a few Tasks, called "Kernel Threads" to implement + a little microkernel structure (like kswapd, which is used to retrieve + memory pages from mass storage). In this case there are no problems + with perfomance because swapping is a very slow job. +
-Standard ISO-OSI describes a network architecture with the following levels: +Standard ISO-OSI describes a network architecture with the following + levels: +
+
-The first 2 levels listed above are often implemented in hardware. Next - levels are in software (or firmware for routers). +The first 2 levels listed above are often implemented in hardware. + Next levels are in software (or firmware for routers). +
-Many protocols are used by an OS: one of these is TCP/IP (the most important - living on 3-4 levels). +Many protocols are used by an OS: one of these is TCP/IP (the + most important living on 3-4 levels). +
-The kernel doesn't know anything (only addresses) about first 2 levels - of ISO-OSI. +The kernel doesn't know anything (only addresses) about first + 2 levels of ISO-OSI. +
In RX it: +
+
In TX stage it: +
+
-Segmentation is the first method to solve memory allocation problems: it - allows you to compile source code without caring where the application will - be placed in memory. As a matter of fact, this feature helps applications developers - to develop in a independent fashion from the OS e also from the hardware. +Segmentation is the first method to solve memory allocation problems: + it allows you to compile source code without caring where the application + will be placed in memory. As a matter of fact, this feature helps + applications developers to develop in a independent fashion from + the OS e also from the hardware. +
+
-We can say that a segment is the logical entity of an application, or the - image of the application in memory. +We can say that a segment is the logical entity of an application, + or the image of the application in memory. +
-When programming, we don't care where our data is put in memory, we only - care about the offset inside our segment (our application). +When programming, we don't care where our data is put in memory, + we only care about the offset inside our segment (our application). +
-We use to assign a Segment to each Process and vice versa. In Linux this - is not true. Linux uses only 4 segments for either Kernel and all Processes. +We use to assign a Segment to each Process and vice versa. In + Linux this is not true. Linux uses only 4 segments for either Kernel + and all Processes. +
-In the diagram above, we want to get exit processes A, and D and enter - process B. As we can see there is enough space for B, but we cannot split it - in 2 pieces, so we CANNOT load it (memory out). +In the diagram above, we want to get exit processes A, and D + and enter process B. As we can see there is enough space for B, but + we cannot split it in 2 pieces, so we CANNOT load it (memory out). +
The reason this problem occurs is because pure segments are continuous areas (because they are logical areas) and cannot be split. +
-Pagination splits memory in "n" pieces, each one with a fixed - length. +Pagination splits memory in "n" pieces, each one with + a fixed length. +
-A process may be loaded in one or more Pages. When memory is freed, all - pages are freed (see Segmentation Problem, before). +A process may be loaded in one or more Pages. When memory is + freed, all pages are freed (see Segmentation Problem, before). +
-Pagination is also used for another important purpose, "Swapping". If a page - is not present in physical memory then it generates an EXCEPTION, that will - make the Kernel search for a new page in storage memory. This mechanism allow - OS to load more applications than the ones allowed by physical memory only. +Pagination is also used for another important purpose, "Swapping". + If a page is not present in physical memory then it generates an + EXCEPTION, that will make the Kernel search for a new page in storage + memory. This mechanism allow OS to load more applications than the + ones allowed by physical memory only. +
-In the diagram above, we can see what is wrong with the pagination policy: - when a Process Y loads into Page X, ALL memory space of the Page is allocated, - so the remaining space at the end of Page is wasted. +In the diagram above, we can see what is wrong with the pagination + policy: when a Process Y loads into Page X, ALL memory space of the + Page is allocated, so the remaining space at the end of Page is wasted. +
-How can we solve segmentation and pagination problems? Using either 2 policies. +How can we solve segmentation and pagination problems? Using + either 2 policies. +
+
-Process X, identified by Segment X, is split in 3 pieces and each of one - is loaded in a page. +Process X, identified by Segment X, is split in 3 pieces and + each of one is loaded in a page. +
We do not have: +
+
We start the Linux kernel first from C code executed from ''startup_32:'' asm label: +
+
The last function ''rest_init'' does the following: +
+
-In fact the start_kernel procedure never ends. It will execute cpu_idle - routine endlessly. +In fact the start_kernel procedure never ends. It will execute + cpu_idle routine endlessly. +
Follows ''init'' description, which is the first Kernel Thread: +
+
-Linux has some peculiarities that distinguish it from other OSs. These - peculiarities include: +Linux has some peculiarities that distinguish it from other OSs. + These peculiarities include: +
+
-Points 4 and 5 give system administrators an enormous flexibility on system - configuration from user mode allowing them to solve also critical kernel bugs - or specific problems without have to reboot the machine. For example, if you - needed to change something on a big server and you didn't want to make a reboot, - you could prepare the kernel to talk with a module, that you'll write. +Points 4 and 5 give system administrators an enormous flexibility + on system configuration from user mode allowing them to solve also + critical kernel bugs or specific problems without have to reboot + the machine. For example, if you needed to change something on a + big server and you didn't want to make a reboot, you could prepare + the kernel to talk with a module, that you'll write. +
-Linux doesn't use segmentation to distinguish Tasks from each other; it - uses pagination. (Only 2 segments are used for all Tasks, CODE and DATA/STACK) - +Linux doesn't use segmentation to distinguish Tasks from each + other; it uses pagination. (Only 2 segments are used for all Tasks, + CODE and DATA/STACK) +
-We can also say that an interTask page fault never occurs, because each - Task uses a set of Page Tables that are different for each Task. These tables - cannot point to the same physical addresses. +We can also say that an interTask page fault never occurs, because + each Task uses a set of Page Tables that are different for each Task. + There are some cases where different Tasks point to same Page Tables, + like shared libraries: this is needed to reduce memory usage; remember + that shared libraries are CODE only cause all datas are stored into + actual Task stack. +
Under the Linux kernel only 4 segments exist: +
+
[syntax is ''Purpose [Segment]''] +
Under Intel architecture, the segment registers used are: +
+
So, every Task uses 0x23 for code and 0x2b for data/stack. +
Under Linux 3 levels of pages are used, depending on the architecture. - Under Intel only 2 levels are supported. Linux also supports Copy on Write - mechanisms (please see Cap.10 for more information). + Under Intel only 2 levels are supported. Linux also supports Copy + on Write mechanisms (please see Cap.10 for more information). +
-The answer is very very simple: interTask address conflicts cannot exist - because they are impossible. Linear -> physical mapping is done by "Pagination", - so it just needs to assign physical pages in an univocal fashion. +The answer is very very simple: interTask address conflicts + cannot exist because they are impossible. Linear -> physical + mapping is done by "Pagination", so it just needs to assign physical + pages in an univocal fashion. +
-No. Page assigning is a dynamic process. We need a page only when a Task - asks for it, so we choose it from free memory paging in an ordered fashion. - When we want to release the page, we only have to add it to the free pages - list. +No. Page assigning is a dynamic process. We need a page only + when a Task asks for it, so we choose it from free memory paging + in an ordered fashion. When we want to release the page, we only + have to add it to the free pages list. +
-Kernel pages have a problem: they can be allocated in a dynamic fashion - but we cannot have a guarantee that they are in contiguous area allocation, - because linear kernel space is equivalent to physical kernel space. +Kernel pages have a problem: they can be allocated in a dynamic + fashion but we cannot have a guarantee that they are in contiguous + area allocation, because linear kernel space is equivalent to physical + kernel space. +
-For Code Segment there is no problem. Boot code is allocated at boot time - (so we have a fixed amount of memory to allocate), and on modules we only have - to allocate a memory area which could contain module code. +For Code Segment there is no problem. Boot code is allocated + at boot time (so we have a fixed amount of memory to allocate), and + on modules we only have to allocate a memory area which could contain + module code. +
-The real problem is the stack segment because each Task uses some kernel - stack pages. Stack segments must be contiguous (according to stack definition), - so we have to establish a maximum limit for each Task's stack dimension. If - we exceed this limit bad things happen. We overwrite kernel mode process data - structures. +The real problem is the stack segment because each Task uses + some kernel stack pages. Stack segments must be contiguous (according + to stack definition), so we have to establish a maximum limit for + each Task's stack dimension. If we exceed this limit bad things happen. + We overwrite kernel mode process data structures. +
-The structure of the Kernel helps us, because kernel functions are never: +The structure of the Kernel helps us, because kernel functions + are never: +
+
-Once we know N, and we know the average of static variables for all kernel - functions, we can estimate a stack limit. +Once we know N, and we know the average of static variables for + all kernel functions, we can estimate a stack limit. +
-If you want to try the problem out, you can create a module with a function - inside calling itself many times. After a fixed number of times, the kernel - module will hang because of a page fault exception handler (typically write - to a read-only page). +If you want to try the problem out, you can create a module with + a function inside calling itself many times. After a fixed number + of times, the kernel module will hang because of a page fault exception + handler (typically write to a read-only page). +
-When an IRQ comes, task switching is deferred until later to get better - performance. Some Task jobs (that could have to be done just after the IRQ - and that could take much CPU in interrupt time, like building up a TCP/IP packet) - are queued and will be done at scheduling time (once a time-slice will end). +When an IRQ comes, task switching is deferred until later to + get better performance. Some Task jobs (that could have to be done + just after the IRQ and that could take much CPU in interrupt time, + like building up a TCP/IP packet) are queued and will be done at + scheduling time (once a time-slice will end). +
-In recent kernels (2.4.x) the softirq mechanisms are given to a kernel_thread: - ''ksoftirqd_CPUn''. n stands for the number of CPU executing kernel_thread - (in a monoprocessor system ''ksoftirqd_CPU0'' uses PID 3). +In recent kernels (2.4.x) the softirq mechanisms are given to + a kernel_thread: ''ksoftirqd_CPUn''. n stands for the number of CPU + executing kernel_thread (in a monoprocessor system ''ksoftirqd_CPU0'' + uses PID 3). +
''cpu_raise_softirq'' is a routine that will wake_up ''ksoftirqd_CPU0'' kernel thread, to let it manage the enqueued job. +
+
-''__cpu_raise_softirq'' routine will set right bit in the vector describing - softirq pending. +''__cpu_raise_softirq'' routine will set right bit in the vector + describing softirq pending. +
''wakeup_softirq'' uses ''wakeup_process'' to wake up ''ksoftirqd_CPU0'' kernel thread. +
TODO: describing data structures involved in softirq mechanism. +
-When kernel thread ''ksoftirqd_CPU0'' has been woken up, it will execute - queued jobs +When kernel thread ''ksoftirqd_CPU0'' has been woken up, it will + execute queued jobs +
The code of ''ksoftirqd_CPU0'' is (main endless loop): +
+
-
--Even though Linux is a monolithic OS, a few ''kernel threads'' exist to - do housekeeping work. +Even though Linux is a monolithic OS, a few ''kernel threads'' + exist to do housekeeping work. +
-These Tasks don't utilize USER memory; they share KERNEL memory. They also - operate at the highest privilege (RING 0 on a i386 architecture) like any other - kernel mode piece of code. +These Tasks don't utilize USER memory; they share KERNEL memory. + They also operate at the highest privilege (RING 0 on a i386 architecture) + like any other kernel mode piece of code. +
Kernel threads are created by ''kernel_thread [arch/i386/kernel/process]'' - function, which calls ''clone'' [arch/i386/kernel/process.c] system - call from assembler (which is a ''fork'' like system call): + function, which calls ''clone'' [arch/i386/kernel/process.c] + system call from assembler (which is a ''fork'' like system call): +
+
-Once called, we have a new Task (usually with very low PID number, like - 2,3, etc.) waiting for a very slow resource, like swap or usb event. A very - slow resource is used because we would have a task switching overhead otherwise. +Once called, we have a new Task (usually with very low PID number, + like 2,3, etc.) waiting for a very slow resource, like swap or usb + event. A very slow resource is used because we would have a task + switching overhead otherwise. +
-Below is a list of most common kernel threads (from ''ps x'' command): +Below is a list of most common kernel threads (from ''ps x'' + command): +
+
-'init' kernel thread is the first process created, at boot time. It will - call all other User Mode Tasks (from file /etc/inittab) like console daemons, - tty daemons and network daemons (''rc'' scripts). +'init' kernel thread is the first process created, at boot time. + It will call all other User Mode Tasks (from file /etc/inittab) like + console daemons, tty daemons and network daemons (''rc'' scripts). +
''kswapd'' is created by ''clone() [arch/i386/kernel/process.c]'' +
Initialisation routines: +
+
do_initcalls [init/main.c] +
kswapd_init [mm/vmscan.c] +
kernel_thread [arch/i386/kernel/process.c] +
-Linux Kernel modules are pieces of code (examples: fs, net, and hw driver) - running in kernel mode that you can add at runtime. +Linux Kernel modules are pieces of code (examples: fs, net, and + hw driver) running in kernel mode that you can add at runtime. +
-The Linux core cannot be modularized: scheduling and interrupt management - or core network, and so on. +The Linux core cannot be modularized: scheduling and interrupt + management or core network, and so on. +
-Under "/lib/modules/KERNEL_VERSION/" you can find all the modules installed - on your system. +Under "/lib/modules/KERNEL_VERSION/" you can find all the modules + installed on your system. +
To load a module, type the following: +
+
-NOTE: You can use modprobe in place of insmod if you want the kernel automatically - search some parameter (for example when using PCI driver, or if you have specified - parameter under /etc/conf.modules file). +NOTE: You can use modprobe in place of insmod if you want the + kernel automatically search some parameter (for example when using + PCI driver, or if you have specified parameter under /etc/conf.modules + file). +
To unload a module, type the following: +
+
A module always contains: +
+
-If these functions are not in the module, you need to add 2 macros to specify - what functions will act as init and exit module: +If these functions are not in the module, you need to add 2 macros + to specify what functions will act as init and exit module: +
+
-NOTE: a module can "see" a kernel variable only if it has been exported (with - macro EXPORT_SYMBOL). +NOTE: a module can "see" a kernel variable only if it has been + exported (with macro EXPORT_SYMBOL). +
-This simple trick allows you to have very high flexibility in your Kernel, - because only when you load the module you'll make "my_function" routine execute. - This routine will do everything you want to do: for example ''rshaper'' module, - which controls bandwidth input traffic from the network, works in this kind - of matter. +This simple trick allows you to have very high flexibility in + your Kernel, because only when you load the module you'll make "my_function" + routine execute. This routine will do everything you want to do: + for example ''rshaper'' module, which controls bandwidth input traffic + from the network, works in this kind of matter. +
-Notice that the whole module mechanism is possible thanks to some global - variables exported to modules, such as head list (allowing you to extend the - list as much as you want). Typical examples are fs, generic devices (char, - block, net, telephony). You have to prepare the kernel to accept your new module; - in some cases you have to create an infrastructure (like telephony one, that - was recently created) to be as standard as possible. +Notice that the whole module mechanism is possible thanks to + some global variables exported to modules, such as head list (allowing + you to extend the list as much as you want). Typical examples are + fs, generic devices (char, block, net, telephony). You have to prepare + the kernel to accept your new module; in some cases you have to create + an infrastructure (like telephony one, that was recently created) + to be as standard as possible. +
-Proc fs is located in the /proc directory, which is a special directory - allowing you to talk directly with kernel. +Proc fs is located in the /proc directory, which is a special + directory allowing you to talk directly with kernel. +
Linux uses ''proc'' directory to support direct kernel communications: - this is necessary in many cases, for example when you want see main processes - data structures or enable ''proxy-arp'' feature on one interface and not in - others, you want to change max number of threads, or if you want to debug some - bus state, like ISA or PCI, to know what cards are installed and what I/O addresses - and IRQs are assigned to them. + this is necessary in many cases, for example when you want see main + processes data structures or enable ''proxy-arp'' feature on one + interface and not in others, you want to change max number of threads, + or if you want to debug some bus state, like ISA or PCI, to know + what cards are installed and what I/O addresses and IRQs are assigned + to them. +
+
-In the directory there are also all the tasks using PID as file names (you - have access to all Task information, like path of binary file, memory used, - and so on). +In the directory there are also all the tasks using PID as file + names (you have access to all Task information, like path of binary + file, memory used, and so on). +
-The interesting point is that you cannot only see kernel values (for example, - see info about any task or about network options enabled of your TCP/IP stack) - but you are also able to modify some of it, typically that ones under /proc/sys - directory: +The interesting point is that you cannot only see kernel values + (for example, see info about any task or about network options enabled + of your TCP/IP stack) but you are also able to modify some of it, + typically that ones under /proc/sys directory: +
+
-Below are very important and well-know kernel values, ready to be modified: +Below are very important and well-know kernel values, ready to + be modified: +
+
-This can be considered the most useful proc subdirectory. It allows you - to change very important settings for your network kernel configuration. +This can be considered the most useful proc subdirectory. It + allows you to change very important settings for your network kernel + configuration. +
+
-Listed below are general net settings, like "netdev_max_backlog" (typically - 300), the length of all your network packets. This value can limit your network - bandwidth when receiving packets, Linux has to wait up to scheduling time to - flush buffers (due to bottom half mechanism), about 1000/HZ ms +Listed below are general net settings, like "netdev_max_backlog" + (typically 300), the length of all your network packets. This value + can limit your network bandwidth when receiving packets, Linux has + to wait up to scheduling time to flush buffers (due to bottom half + mechanism), about 1000/HZ ms +
+
If you want to get higher throughput, you need to increase netdev_max_backlog, by typing: +
+
-Note: Warning for some HZ values: under some architecture (like alpha or - arm-tbox) it is 1000, so you can have 300 MBytes/s of average throughput. +Note: Warning for some HZ values: under some architecture (like + alpha or arm-tbox) it is 1000, so you can have 300 MBytes/s of average + throughput. +
-"ip_forward", enables or disables ip forwarding in your Linux box. This is - a generic setting for all devices, you can specify each device you choose. +"ip_forward", enables or disables ip forwarding in your Linux box. + This is a generic setting for all devices, you can specify each + device you choose. +
-I think this is the most useful /proc entry, because it allows you to change
- some net settings to support wireless networks (see
Here are some examples of when you could use this setting: +
+
-This section will analyze data structures--the mechanism used to manage - multitasking environment under Linux. +This section will analyze data structures--the mechanism used + to manage multitasking environment under Linux. +
-A Linux Task can be one of the following states (according to [include/linux.h]): +A Linux Task can be one of the following states (according to + [include/linux.h]): +
+
-Each 10 ms (depending on HZ value) an IRQ0 comes, which helps us in a multitasking - environment. This signal comes from PIC 8259 (in arch 386+) which is connected - to PIT 8253 with a clock of 1.19318 MHz. +Each 10 ms (depending on HZ value) an IRQ0 comes, which helps + us in a multitasking environment. This signal comes from PIC 8259 + (in arch 386+) which is connected to PIT 8253 with a clock of 1.19318 + MHz. +
+
-So we program 8253 (PIT, Programmable Interval Timer) with LATCH = (1193180/HZ) - = 11931.8 when HZ=100 (default). LATCH indicates the frequency divisor factor. +So we program 8253 (PIT, Programmable Interval Timer) with LATCH + = (1193180/HZ) = 11931.8 when HZ=100 (default). LATCH indicates the + frequency divisor factor. +
-LATCH = 11931.8 gives to 8253 (in output) a frequency of 1193180 / 11931.8 - = 100 Hz, so period = 10ms +LATCH = 11931.8 gives to 8253 (in output) a frequency of 1193180 + / 11931.8 = 100 Hz, so period = 10ms +
So Timeslice = 1/HZ. +
-With each Timeslice we temporarily interrupt current process execution - (without task switching), and we do some housekeeping work, after which we'll - return back to our previous process. +With each Timeslice we temporarily interrupt current process + execution (without task switching), and we do some housekeeping work, + after which we'll return back to our previous process. +
Functions can be found under: +
+
Notes: +
+
Description: +
-To manage Multitasking, Linux (like every other Unix) uses a ''counter'' - variable to keep track of how much CPU was used by the task. So, on each IRQ - 0, the counter is decremented (point 4) and, when it reaches 0, we need to - switch task to manage timesharing (point 4 "need_resched" variable is set to - 1, then, in point 5 assembler routines control "need_resched" and call, if needed, - "schedule" [kernel/sched.c]). +To manage Multitasking, Linux (like every other Unix) uses a + ''counter'' variable to keep track of how much CPU was used by the + task. So, on each IRQ 0, the counter is decremented (point 4) and, + when it reaches 0, we need to switch task to manage timesharing (point + 4 "need_resched" variable is set to 1, then, in point 5 assembler routines + control "need_resched" and call, if needed, "schedule" [kernel/sched.c]). +
-The scheduler is the piece of code that chooses what Task has to be executed - at a given time. +The scheduler is the piece of code that chooses what Task has + to be executed at a given time. +
-Any time you need to change running task, select a candidate. Below is - the ''schedule [kernel/sched.c]'' function. +Any time you need to change running task, select a candidate. + Below is the ''schedule [kernel/sched.c]'' function. +
+
-In classic Unix, when an IRQ comes (from a device), Unix makes "task switching" - to interrogate the task that requested the device. +In classic Unix, when an IRQ comes (from a device), Unix makes + "task switching" to interrogate the task that requested the device. +
-To improve performance, Linux can postpone the non-urgent work until later, - to better manage high speed event. +To improve performance, Linux can postpone the non-urgent work + until later, to better manage high speed event. +
-This feature is managed since kernel 1.x by the "bottom half" (BH). The irq - handler "marks" a bottom half, to be executed later, in scheduling time. +This feature is managed since kernel 1.x by the "bottom half" (BH). + The irq handler "marks" a bottom half, to be executed later, in scheduling + time. +
-In the latest kernels there is a "task queue"that is more dynamic than BH - and there is also a "tasklet" to manage multiprocessor environments. +In the latest kernels there is a "task queue"that is more dynamic + than BH and there is also a "tasklet" to manage multiprocessor environments. +
BH schema is: +
+
-"DECLARE_TASK_QUEUE(q)" macro is used to declare a structure named "q" managing - task queue. +"DECLARE_TASK_QUEUE(q)" macro is used to declare a structure named + "q" managing task queue. +
Here is the ICA schema for "mark_bh" [include/linux/interrupt.h] function: +
+
-For example, when an IRQ handler wants to "postpone" some work, it would - "mark_bh(NUMBER)", where NUMBER is a BH declarated (see section before). +For example, when an IRQ handler wants to "postpone" some work, + it would "mark_bh(NUMBER)", where NUMBER is a BH declarated (see section + before). +
We can see this calling from "do_IRQ" [arch/i386/kernel/irq.c] function: +
+
"h->action(h);" is the function has been previously queued. +
set_intr_gate +
set_trap_gate +
set_task_gate (not used). +
-(*interrupt)[NR_IRQS](void) = { IRQ0x00_interrupt, IRQ0x01_interrupt, - ..} +(*interrupt)[NR_IRQS](void) = { IRQ0x00_interrupt, + IRQ0x01_interrupt, ..} +
NR_IRQS = 224 [kernel 2.4.2] +
Now we'll see how the Linux Kernel switchs from one task to another. +
Task Switching is needed in many cases, such as the following: +
+
Trick is here: +
+
-Fork is used to create another task. We start from a Task Parent, and we - copy many data structures to Task Child. +Fork is used to create another task. We start from a Task Parent, + and we copy many data structures to Task Child. +
+
-New Task just created (''Task Child'') is almost equal to Parent (''Task - Parent''), there are only few differences: +New Task just created (''Task Child'') is almost equal to Parent + (''Task Parent''), there are only few differences: +
+
To implement Copy on Write for Linux: +
+
-Linux uses segmentation + pagination, which simplifies notation. +Linux uses segmentation + pagination, which simplifies notation. + +
Linux uses only 4 segments: +
+
-Again, Linux implements Pagination using 3 Levels of Paging, but in i386 - architecture only 2 of them are really used: +Again, Linux implements Pagination using 3 Levels of Paging, + but in i386 architecture only 2 of them are really used: +
+
-Linux manages Access Control with Pagination only, so different Tasks will - have the same segment addresses, but different CR3 (register used to store - Directory Page Address), pointing to different Page Entries. +Linux manages Access Control with Pagination only, so different + Tasks will have the same segment addresses, but different CR3 (register + used to store Directory Page Address), pointing to different Page + Entries. +
-In User mode a task cannot overcome 3 GB limit (0 x C0 00 00 00), so only - the first 768 page directory entries are meaningful (768*4MB = 3GB). +In User mode a task cannot overcome 3 GB limit (0 x C0 00 00 + 00), so only the first 768 page directory entries are meaningful + (768*4MB = 3GB). +
-When a Task goes in Kernel Mode (by System call or by IRQ) the other 256 - pages directory entries become important, and they point to the same page files - as all other Tasks (which are the same as the Kernel). +When a Task goes in Kernel Mode (by System call or by IRQ) the + other 256 pages directory entries become important, and they point + to the same page files as all other Tasks (which are the same as + the Kernel). +
-Note that Kernel (and only kernel) Linear Space is equal to Kernel Physical - Space, so: +Note that Kernel (and only kernel) Linear Space is equal to Kernel + Physical Space, so: +
+
-Linear Kernel Space corresponds to Physical Kernel Space translated 3 - GB down (in fact page tables are something like { "00000000", "00000001" }, - so they operate no virtualization, they only report physical addresses they - take from linear ones). +Linear Kernel Space corresponds to Physical Kernel Space translated + 3 GB down (in fact page tables are something like { "00000000", + "00000001" }, so they operate no virtualization, they only report + physical addresses they take from linear ones). +
-Notice that you'll not have an "addresses conflict" between Kernel and User - spaces because we can manage physical addresses with Page Tables. +Notice that you'll not have an "addresses conflict" between Kernel + and User spaces because we can manage physical addresses with Page + Tables. +
We start from kmem_cache_init (launched by start_kernel [init/main.c] at boot up). +
+
kmem_cache_init [mm/slab.c] +
kmem_cache_estimate +
Now we continue with mem_init (also launched by start_kernel[init/main.c]) +
+
mem_init [arch/i386/mm/init.c] +
free_all_bootmem [mm/bootmem.c] +
free_all_bootmem_core +
-Under Linux, when we want to allocate memory, for example during "copy_on_write" - mechanism (see Cap.10), we call: +Under Linux, when we want to allocate memory, for example during + "copy_on_write" mechanism (see Cap.10), we call: +
+
Functions can be found under: +
+
TODO: Understand Zones +
Swap is managed by the kswapd daemon (kernel thread). +
-As other kernel threads, kswapd has a main loop that wait to wake up. +As other kernel threads, kswapd has a main loop that wait to + wake up. +
+
-Swapping is needed when we have to access a page that is not in physical - memory. +Swapping is needed when we have to access a page that is not + in physical memory. +
-Linux uses ''kswapd'' kernel thread to carry out this purpose. When the - Task receives a page fault exception we do the following: +Linux uses ''kswapd'' kernel thread to carry out this purpose. + When the Task receives a page fault exception we do the following: +
+
-There exists a device driver for each kind of NIC. Inside it, Linux will - ALWAYS call a standard high level routing: "netif_rx [net/core/dev.c]", - which will controls what 3 level protocol the frame belong to, and it will - call the right 3 level function (so we'll use a pointer to the function to - determine which is right). +There exists a device driver for each kind of NIC. Inside it, + Linux will ALWAYS call a standard high level routing: "netif_rx [net/core/dev.c]", + which will controls what 3 level protocol the frame belong to, and + it will call the right 3 level function (so we'll use a pointer to + the function to determine which is right). +
-We'll see now an example of what happens when we send a TCP packet to Linux, - starting from ''netif_rx [net/core/dev.c]'' call. +We'll see now an example of what happens when we send a TCP packet + to Linux, starting from ''netif_rx [net/core/dev.c]'' call. +
Functions: +
+
-Once IRQ interaction is ended, we need to follow the next part of the frame - life and examine what NET_RX_SOFTIRQ does. +Once IRQ interaction is ended, we need to follow the next part + of the frame life and examine what NET_RX_SOFTIRQ does. +
-We will next call ''net_rx_action [net/core/dev.c]'' according - to "net_dev_init [net/core/dev.c]". +We will next call ''net_rx_action [net/core/dev.c]'' + according to "net_dev_init [net/core/dev.c]". +
+
Functions can be found under: +
+
Description: +
+
TODO +
Here we view how "stack" and "heap" are allocated in memory +
-Memory address values start from 00.. (which is also where Stack Segment - begins) and they grow going toward FF.. value. +Memory address values start from 00.. (which is also where Stack + Segment begins) and they grow going toward FF.. value. +
XX.. is the actual value of the Stack Pointer. +
Stack is used by functions for: +
+
For example, for a classical function: +
+
We have to distinguish 2 concepts: +
+
Often Process is also called Task or Thread. +
2 kind of locks: +
+
-Copy_on_write is a mechanism used to reduce memory usage. It postpones - memory allocation until the memory is really needed. +Copy_on_write is a mechanism used to reduce memory usage. It + postpones memory allocation until the memory is really needed. +
-For example, when a task executes the "fork()" system call (to create another - task), we still use the same memory pages as the parent, in read only mode. - When the new task WRITES into the old page, it causes an exception and the - page is copied and marked "rw" (read, write). +For example, when a task executes the "fork()" system call (to + create another task), we still use the same memory pages as the + parent, in read only mode. When a task WRITES into the page, it causes + an exception and the page is copied and marked "rw" (read, write). +
+
-Descriptors are data structure used by Intel microprocessor i386+ to virtualize - memory. +Descriptors are data structure used by Intel microprocessor i386+ + to virtualize memory. +
-IRQ is an asyncronous signal sent to microprocessor to advertise a requested - work is completed +IRQ is an asyncronous signal sent to microprocessor to advertise + a requested work is completed +
-A typical O.S. uses many IRQ signals to interrupt normal process execution - and does some housekeeping work. So: +A typical O.S. uses many IRQ signals to interrupt normal process + execution and does some housekeeping work. So: +
+
-Under Linux, when an IRQ comes, first the IRQ wrapper routine (named "interrupt0x??") - is called, then the "official" IRQ(i)_handler will be executed. This allows some - duties like timeslice preemption. +Under Linux, when an IRQ comes, first the IRQ wrapper routine + (named "interrupt0x??") is called, then the "official" IRQ(i)_handler + will be executed. This allows some duties like timeslice preemption. +
Definition: +
+
Meaning: +
-"list_entry" macro is used to retrieve a parent struct pointer, by using - only one of internal struct pointer. +"list_entry" macro is used to retrieve a parent struct pointer, + by using only one of internal struct pointer. +
Example: +
+
-So, in this case, by means of *tmp pointer [list_head] we retrieve - an *out pointer [wait_queue_t]. +So, in this case, by means of *tmp pointer [list_head] + we retrieve an *out pointer [wait_queue_t]. +
+
Files: +
+
Functions: +
+
Called functions: +
+
InterCallings Analysis: +
+
Description: +
-Under Linux each resource (ideally an object shared between many users - and many processes), , has a queue to manage ALL tasks requesting it. +Under Linux each resource (ideally an object shared between many + users and many processes), , has a queue to manage ALL tasks requesting + it. +
-This queue is called "wait queue" and it consists of many items we'll call - the"wait queue element": +This queue is called "wait queue" and it consists of many items + we'll call the"wait queue element": +
+
Graphic working: +
+
-"wait queue head" point to first (with next *) and last (with prev *) elements - of the "wait queue list". +"wait queue head" point to first (with next *) and last (with prev + *) elements of the "wait queue list". +
When a new element has to be added, "__add_wait_queue" [include/linux/wait.h] is called, after which the generic routine "list_add" [include/linux/wait.h], will be executed: +
+
To complete the description, we see also "__list_del" [include/linux/list.h] - function called by "list_del" [include/linux/list.h] inside "remove_wait_queue" - [include/linux/wait.h]: + function called by "list_del" [include/linux/list.h] inside + "remove_wait_queue" [include/linux/wait.h]: +
+
-A typical list (or queue) is usually managed allocating it into the Heap - (see Cap.10 for Heap and Stack definition and about where variables are allocated). - Otherwise here, we statically allocate Wait Queue data in a local variable - (Stack), then function is interrupted by scheduling, in the end, (returning - from scheduling) we'll erase local variable. +A typical list (or queue) is usually managed allocating it into + the Heap (see Cap.10 for Heap and Stack definition and about where + variables are allocated). Otherwise here, we statically allocate + Wait Queue data in a local variable (Stack), then function is interrupted + by scheduling, in the end, (returning from scheduling) we'll erase + local variable. +
+
-Linux is written in ''C'' language, and as every application has: +Linux is written in ''C'' language, and as every application + has: +
+
-When a Static variable is modified by a module, all other modules will - see the new value. +When a Static variable is modified by a module, all other modules + will see the new value. +
-Static variables under Linux are very important, cause they are the only - kind to add new support to kernel: they typically are pointers to the head - of a list of registered elements, which can be: +Static variables under Linux are very important, cause they are + the only kind to add new support to kernel: they typically are pointers + to the head of a list of registered elements, which can be: +
+
-Current points to ''task_struct'' structure, which contains all data about - a process like: +Current points to ''task_struct'' structure, which contains all + data about a process like: +
+
Current is not a real variable, it is +
+
-Above lines just takes value of ''esp'' register (stack pointer) and get - it available like a variable, from which we can point to our task_struct structure. -
--From ''current'' element we can access directly to any other process (ready, - stopped or in any other state) kernel data structure, for example changing - STATE (like a I/O driver does), PID, presence in ready list or blocked list, - etc. +Above lines just takes value of ''esp'' register (stack pointer) + and get it available like a variable, from which we can point to + our task_struct structure. +
+From ''current'' element we can access directly to any other + process (ready, stopped or in any other state) kernel data structure, + for example changing STATE (like a I/O driver does), PID, presence + in ready list or blocked list, etc.
-When you use command like ''modprobe some_fs'' you will add a new entry - to file systems list, while removing it (by using ''rmmod'') will delete it. +When you use command like ''modprobe some_fs'' you will add a + new entry to file systems list, while removing it (by using ''rmmod'') + will delete it. +
-When you use ''mount'' command to add a fs, the new entry will be inserted - in the list, while an ''umount'' command will delete the entry. +When you use ''mount'' command to add a fs, the new entry will + be inserted in the list, while an ''umount'' command will delete + the entry. +
-For example, if you add support for IPv6 (loading relative module) a new - entry will be added in the list. +For example, if you add support for IPv6 (loading relative module) + a new entry will be added in the list. +
-Also others packet type have many internal protocols in each list (like - IPv6). +Also others packet type have many internal protocols in each + list (like IPv6). +
+
-''chrdevs'' is not a pointer to a real list, but it is a standard vector. +''chrdevs'' is not a pointer to a real list, but it is a standard + vector. +
''bdev_hashtable'' is an hash vector. +
-