Linux系统分析实验（一）：时间片轮转多道程序内核

Linux系统分析实验

原创作品转载请注明出处https://github.com/mengning/linuxkernel/
sa18225465

实验环境

ubuntu 18.04 虚拟机
VMware workstation 14 Player

实验目的

• 分析进程的启动和进程的切换机制
• 加深对操作系统工作原理的理解
• 动手编写简单的内核

实验步骤

下载并编译内核

下载linux3.9.4内核源码

wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.9.4.tar.xz

下载mykernel补丁

wget https://raw.github.com/mengning/mykernel/master/mykernel_for_linux3.9.4sc.patch

解压

tar -xvf linux-3.9.4.tar

打上补丁

cd linux-3.9.4
patch -p1 < ../mykernel_for_linux3.9.4sc.patch

编译

make allnoconfig
make

报错，缺少一个头文件

进入该目录发现确实没有compiler-gcc5.h

查阅资料，应该是所用的linux版本太高，可以通过把compiler-gcc4.h重命名为compiler-gcc5.h解决

再次编译，成功

make

安装qemu

sudo apt-get install qemu # install QEMU
sudo ln -s /usr/bin/qemu-system-i386 /usr/bin/qemu

使用qemu启动内核

qemu -kernel arch/x86/boot/bzImage

修改mykernel源码，实现时间片轮转多道程序内核

放入mykernel的源码，重新编译

make allnoconfig
make

可以看到此时内核已经在模拟进程运行和切换

代码分析

mypcb.h

#define MAX_TASK_NUM        4
#define KERNEL_STACK_SIZE   1024*2 
/* CPU-specific state of this task */
struct Thread {
    unsigned long       ip;
    unsigned long       sp;
};
typedef struct PCB{
    int pid;
    volatile long state;    /* -1 unrunnable, 0 runnable, >0 stopped */
    unsigned long stack[KERNEL_STACK_SIZE];
    /* CPU-specific state of this task */
    struct Thread thread;
    unsigned long   task_entry;
    struct PCB *next;
}tPCB;
void my_schedule(void);

这个头文件里定义了一些宏和进程的PCB

其中有两个数据结构和一个函数声明

struct Thread {
    unsigned long       ip;
    unsigned long       sp;
};

这个结构体用来存储进程上下文，其中ip用来保存当前指令执行位置，sp用来保存栈顶位置

typedef struct PCB{
    int pid;
    volatile long state;    /* -1 unrunnable, 0 runnable, >0 stopped */
    unsigned long stack[KERNEL_STACK_SIZE];
    /* CPU-specific state of this task */
    struct Thread thread;
    unsigned long   task_entry;
    struct PCB *next;
}tPCB;

这个结构体作为进程控制块，存储了进程id，进程状态，并且有next指针，可以形成进程链表

mymain.c

/*
 *  linux/mykernel/mymain.c
 *
 *  Kernel internal my_start_kernel
 *
 *  Copyright (C) 2013  Mengning
 *
 */
#include <linux/types.h>
#include <linux/string.h>
#include <linux/ctype.h>
#include <linux/tty.h>
#include <linux/vmalloc.h>
#include "mypcb.h"
tPCB task[MAX_TASK_NUM];
tPCB * my_current_task = NULL;
volatile int my_need_sched = 0;
void my_process(void);
void __init my_start_kernel(void)
{
    int pid = 0;
    int i;
    /* Initialize process 0*/
    task[pid].pid = pid;
    task[pid].state = 0;/* -1 unrunnable, 0 runnable, >0 stopped */
    task[pid].task_entry = task[pid].thread.ip = (unsigned long)my_process;
    task[pid].thread.sp = (unsigned long)&task[pid].stack[KERNEL_STACK_SIZE-1];
    task[pid].next = &task[pid];
    /*fork more process */
    for(i=1;i<MAX_TASK_NUM;i++)
    {
        memcpy(&task[i],&task[0],sizeof(tPCB));
        task[i].pid = i;
    //*(&task[i].stack[KERNEL_STACK_SIZE-1] - 1) = (unsigned long)&task[i].stack[KERNEL_STACK_SIZE-1];
    task[i].thread.sp = (unsigned long)(&task[i].stack[KERNEL_STACK_SIZE-1]);
        task[i].next = task[i-1].next;
        task[i-1].next = &task[i];
    }
    /* start process 0 by task[0] */
    pid = 0;
    my_current_task = &task[pid];
    asm volatile(
        "movl %1,%%esp\n\t"     /* set task[pid].thread.sp to esp */
        "pushl %1\n\t"          /* push ebp */
        "pushl %0\n\t"          /* push task[pid].thread.ip */
        "ret\n\t"               /* pop task[pid].thread.ip to eip */
        : 
        : "c" (task[pid].thread.ip),"d" (task[pid].thread.sp)   /* input c or d mean %ecx/%edx*/
    );
} 
int i = 0;
void my_process(void)
{    
    while(1)
    {
        i++;
        if(i%10000000 == 0)
        {
            printk(KERN_NOTICE "this is process %d -\n",my_current_task->pid);
            if(my_need_sched == 1)
            {
                my_need_sched = 0;
                my_schedule();
            }
            printk(KERN_NOTICE "this is process %d +\n",my_current_task->pid);
        }     
    }
}

在程序开头声明了进程数组、指向当前进程的指针，和指示当前进程是否需要被调度的变量

tPCB task[MAX_TASK_NUM];
tPCB * my_current_task = NULL;
volatile int my_need_sched = 0;

此外，还有两个函数，一个是内核被加载时进行初始化的函数，另一个为运行进程的函数

void __init my_start_kernel(void)
{
    int pid = 0;
    int i;
    /* Initialize process 0*/
    task[pid].pid = pid;
    task[pid].state = 0;/* -1 unrunnable, 0 runnable, >0 stopped */
    task[pid].task_entry = task[pid].thread.ip = (unsigned long)my_process;
    task[pid].thread.sp = (unsigned long)&task[pid].stack[KERNEL_STACK_SIZE-1];
    task[pid].next = &task[pid];
    /*fork more process */
    for(i=1;i<MAX_TASK_NUM;i++)
    {
        memcpy(&task[i],&task[0],sizeof(tPCB));
        task[i].pid = i;
    //*(&task[i].stack[KERNEL_STACK_SIZE-1] - 1) = (unsigned long)&task[i].stack[KERNEL_STACK_SIZE-1];
    task[i].thread.sp = (unsigned long)(&task[i].stack[KERNEL_STACK_SIZE-1]);
        task[i].next = task[i-1].next;
        task[i-1].next = &task[i];
    }
    /* start process 0 by task[0] */
    pid = 0;
    my_current_task = &task[pid];
    asm volatile(
        "movl %1,%%esp\n\t"     /* set task[pid].thread.sp to esp */
        "pushl %1\n\t"          /* push ebp */
        "pushl %0\n\t"          /* push task[pid].thread.ip */
        "ret\n\t"               /* pop task[pid].thread.ip to eip */
        : 
        : "c" (task[pid].thread.ip),"d" (task[pid].thread.sp)   /* input c or d mean %ecx/%edx*/
    );
} 

一步步分析 my_start_kernel()干了些什么

首先初始化了一个pid为0的进程，作为内核中的第一个进程，该进程状态为0，即runnable，然后task_entry指向my_process，即指向my_process()函数的地址，然后thread.sp指向stack[]的最尾地址，最后将next指向自己，因为此时系统中只有自己一个进程

接下来由for循环创建三个进程，并将这总共四个进程使用循环链表的结构连接在一起

最后一段汇编代码作用是启动0号进程

第一步：将task[pid].thread.sp中的值即栈尾地址赋给esp

第二步：将task[pid].thread.sp压栈

第三步：将task[pid].thread.ip压栈

第四步：将task[pid].thread.ip即myprocess函数地址出栈并赋给eip

接下来程序便会执行myprocess()函数，开始循环0号进程

void my_process(void)
{    
    while(1)
    {
        i++;
        if(i%10000000 == 0)
        {
            printk(KERN_NOTICE "this is process %d -\n",my_current_task->pid);
            if(my_need_sched == 1)
            {
                my_need_sched = 0;
                my_schedule();
            }
            printk(KERN_NOTICE "this is process %d +\n",my_current_task->pid);
        }     
    }
}

myinterrupt.c

/*
 *  linux/mykernel/myinterrupt.c
 *
 *  Kernel internal my_timer_handler
 *
 *  Copyright (C) 2013  Mengning
 *
 */
#include <linux/types.h>
#include <linux/string.h>
#include <linux/ctype.h>
#include <linux/tty.h>
#include <linux/vmalloc.h>
#include "mypcb.h"
extern tPCB task[MAX_TASK_NUM];
extern tPCB * my_current_task;
extern volatile int my_need_sched;
volatile int time_count = 0;
/*
 * Called by timer interrupt.
 * it runs in the name of current running process,
 * so it use kernel stack of current running process
 */
void my_timer_handler(void)
{
#if 1
    if(time_count%1000 == 0 && my_need_sched != 1)
    {
        printk(KERN_NOTICE ">>>my_timer_handler here<<<\n");
        my_need_sched = 1;
    } 
    time_count ++ ;  
#endif
    return;     
}
void my_schedule(void)
{
    tPCB * next;
    tPCB * prev;
    if(my_current_task == NULL 
        || my_current_task->next == NULL)
    {
        return;
    }
    printk(KERN_NOTICE ">>>my_schedule<<<\n");
    /* schedule */
    next = my_current_task->next;
    prev = my_current_task;
    if(next->state == 0)/* -1 unrunnable, 0 runnable, >0 stopped */
    {        
        my_current_task = next; 
        printk(KERN_NOTICE ">>>switch %d to %d<<<\n",prev->pid,next->pid);  
        /* switch to next process */
        asm volatile(   
            "pushl %%ebp\n\t"       /* save ebp */
            "movl %%esp,%0\n\t"     /* save esp */
            "movl %2,%%esp\n\t"     /* restore  esp */
            "movl $1f,%1\n\t"       /* save eip */ 
            "pushl %3\n\t" 
            "ret\n\t"               /* restore  eip */
            "1:\t"                  /* next process start here */
            "popl %%ebp\n\t"
            : "=m" (prev->thread.sp),"=m" (prev->thread.ip)
            : "m" (next->thread.sp),"m" (next->thread.ip)
        ); 
    }  
    return; 
}

myinterrupt.c文件中有两个函数，一个用来响应时钟中断，一个用来处理进程切换

void my_timer_handler(void)
{
#if 1
    if(time_count%1000 == 0 && my_need_sched != 1)
    {
        printk(KERN_NOTICE ">>>my_timer_handler here<<<\n");
        my_need_sched = 1;
    } 
    time_count ++ ;  
#endif
    return;     
}

当系统发生时钟中断时，该函数被调用，并设置变量my_need_sched = 1，导致在mymain.c中的myprocess()函数调用my_schedule()函数

void my_schedule(void)
{
    tPCB * next;
    tPCB * prev;
    if(my_current_task == NULL 
        || my_current_task->next == NULL)
    {
        return;
    }
    printk(KERN_NOTICE ">>>my_schedule<<<\n");
    /* schedule */
    next = my_current_task->next;
    prev = my_current_task;
    if(next->state == 0)/* -1 unrunnable, 0 runnable, >0 stopped */
    {        
        my_current_task = next; 
        printk(KERN_NOTICE ">>>switch %d to %d<<<\n",prev->pid,next->pid);  
        /* switch to next process */
        asm volatile(   
            "pushl %%ebp\n\t"       /* save ebp */
            "movl %%esp,%0\n\t"     /* save esp */
            "movl %2,%%esp\n\t"     /* restore  esp */
            "movl $1f,%1\n\t"       /* save eip */ 
            "pushl %3\n\t" 
            "ret\n\t"               /* restore  eip */
            "1:\t"                  /* next process start here */
            "popl %%ebp\n\t"
            : "=m" (prev->thread.sp),"=m" (prev->thread.ip)
            : "m" (next->thread.sp),"m" (next->thread.ip)
        ); 
    }  
    return; 
}

该函数主要完成进程切换的过程，prev和next分别存储当前进程和下一个进程的PCB

切换过程由汇编代码完成

第一步：将ebp压栈

第二步：将当前esp的值赋给prev->thread.sp

第三步：将esp指向next->thread.sp即下个进程栈尾

第四步：将prev->thread.ip的值赋为1f

第五步：将next->thread.ip压栈，此时如果是第一次执行该进程，会指向myprocess()函数而不是1f

第六步：next->thread.ip出栈并赋给eip

第七步：如果是第一次执行该进程，则执行myprocess()函数，如果不是第一次执行该进程，则执行

            "1:\t"                  /* next process start here */
            "popl %%ebp\n\t"

进行复位

这样一来，就可以完成进程的切换并且能够保证进程的上下文的正确性

实验总结

实验需要用到基本X86汇编知识和对计算机体系结构的基本了解。通过实现这个简单的时间片轮转多道程序内核，能够加深对计算机操作系统工作原理的了解

操作系统在初始化时只有一个0号进程，之后的所有进程都由该进程fork而来，而进程的切换由时钟中断完成。