DSP

《linux 内核完全剖析》 exit.c 代码分析笔记

2019-07-13 15:05发布

站内文章 / DSP
14803 0 1436
 

  exit.c 代码分析笔记

 release

          释放进程的函数release() 主要根据指定进程的任务数据结构指针,在任务数组中删除指定的进程指针,释放相关内存页,并立刻让内核重新调度进程的运行。

void release(struct task_struct * p) //释放p指向的进程 { int i; if (!p) //常规检测p是否为0 return; if (p == current) { //不能把自己给释放了 printk("task releasing itself "); return; } for (i=1 ; ip_osptr) //调整链表 p->p_osptr->p_ysptr = p->p_ysptr; if (p->p_ysptr) p->p_ysptr->p_osptr = p->p_osptr; else p->p_pptr->p_cptr = p->p_osptr; free_page((long)p); //释放p进程占用的内存页 schedule();//任务调度 return; } panic("trying to release non-existent task"); }

bad_task_ptr 和audit_ptree


#ifdef DEBUG_PROC_TREE //下面这部分代码是调试用的 /* * Check to see if a task_struct pointer is present in the task[] array * Return 0 if found, and 1 if not found. */ int bad_task_ptr(struct task_struct *p) { int i; if (!p) return 0; for (i=0 ; ip_pptr)) printk("Warning, pid %d's parent link is bad ", task[i]->pid); if (bad_task_ptr(task[i]->p_cptr)) printk("Warning, pid %d's child link is bad ", task[i]->pid); if (bad_task_ptr(task[i]->p_ysptr)) printk("Warning, pid %d's ys link is bad ", task[i]->pid); if (bad_task_ptr(task[i]->p_osptr)) printk("Warning, pid %d's os link is bad ", task[i]->pid); if (task[i]->p_pptr == task[i]) printk("Warning, pid %d parent link points to self "); if (task[i]->p_cptr == task[i]) printk("Warning, pid %d child link points to self "); if (task[i]->p_ysptr == task[i]) printk("Warning, pid %d ys link points to self "); if (task[i]->p_osptr == task[i]) printk("Warning, pid %d os link points to self "); if (task[i]->p_osptr) { if (task[i]->p_pptr != task[i]->p_osptr->p_pptr) printk( "Warning, pid %d older sibling %d parent is %d ", task[i]->pid, task[i]->p_osptr->pid, task[i]->p_osptr->p_pptr->pid); if (task[i]->p_osptr->p_ysptr != task[i]) printk( "Warning, pid %d older sibling %d has mismatched ys link ", task[i]->pid, task[i]->p_osptr->pid); } if (task[i]->p_ysptr) { if (task[i]->p_pptr != task[i]->p_ysptr->p_pptr) printk( "Warning, pid %d younger sibling %d parent is %d ", task[i]->pid, task[i]->p_osptr->pid, task[i]->p_osptr->p_pptr->pid); if (task[i]->p_ysptr->p_osptr != task[i]) printk( "Warning, pid %d younger sibling %d has mismatched os link ", task[i]->pid, task[i]->p_ysptr->pid); } if (task[i]->p_cptr) { if (task[i]->p_cptr->p_pptr != task[i]) printk( "Warning, pid %d youngest child %d has mismatched parent link ", task[i]->pid, task[i]->p_cptr->pid); if (task[i]->p_cptr->p_ysptr) printk( "Warning, pid %d youngest child %d has non-NULL ys link ", task[i]->pid, task[i]->p_cptr->pid); } } } #endif /* DEBUG_PROC_TREE */

send_sig

static inline int send_sig(long sig,struct task_struct * p,int priv) //给进程p,发送信号。priv 是强制发送信号的标识 { if (!p) //常规的p非空检测 return -EINVAL; if (!priv && (current->euid!=p->euid) && !suser()) //如果不具有超级用户权限,又不是当前session里面的进程,且没有强制发送信号,进入if,return return -EPERM; if ((sig == SIGKILL) || (sig == SIGCONT)) { //如果要发送的信号是SIGKILL或者SIGCONT if (p->state == TASK_STOPPED) //如果当前进程处于stop状态,则将其置于TASK_RUNNING状态 p->state = TASK_RUNNING; p->exit_code = 0; p->signal &= ~( (1<<(SIGSTOP-1)) | (1<<(SIGTSTP-1)) | (1<<(SIGTTIN-1)) | (1<<(SIGTTOU-1)) ); //消除SIGSTOP SIGTSTP SIGTTIN SIGTTOU } /* If the signal will be ignored, don't even post it */ if ((int) p->sigaction[sig-1].sa_handler == 1) //如果handler是 ignore 就不要送信号鸟。。 return 0; /* Depends on order SIGSTOP, SIGTSTP, SIGTTIN, SIGTTOU */ if ((sig >= SIGSTOP) && (sig <= SIGTTOU)) //如果信号含有 SIGSTOP, SIGTSTP, SIGTTIN, SIGTTOU其中任何信号,那么就消除SIGCONT信号 p->signal &= ~(1<<(SIGCONT-1)); /* Actually deliver the signal */ p->signal |= (1<<(sig-1)); //最后这里才把信号写入信号变量 return 0; }

session_of_pgrp

int session_of_pgrp(int pgrp) //获取process group的session ID ,没有找到返回-1 { struct task_struct **p; for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) if ((*p)->pgrp == pgrp) return((*p)->session); return -1; }

kill_pg

int kill_pg(int pgrp, int sig, int priv) //给指定的进程组发送信号 { struct task_struct **p; int err,retval = -ESRCH; //指定的进程不存在 int found = 0; if (sig<1 || sig>32 || pgrp<=0) return -EINVAL; for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) if ((*p)->pgrp == pgrp) { //对每一个属于process group的进程发送信号sig if (sig && (err = send_sig(sig,*p,priv))) retval = err; else found++; } return(found ? 0 : retval); }

kill_proc

int kill_proc(int pid, int sig, int priv) //给指定进程发送信号 { struct task_struct **p; if (sig<1 || sig>32) return -EINVAL; for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) if ((*p)->pid == pid) return(sig ? send_sig(sig,*p,priv) : 0); return(-ESRCH); }

sys_kill


        系统调用sys_kill 用于项进程发送任何指定的信号,根据参数pid不同的数值,该系统调用会向不同的进或进程组发送信号。

/* * POSIX specifies that kill(-1,sig) is unspecified, but what we have * is probably wrong. Should make it like BSD or SYSV. */ int sys_kill(int pid,int sig) { struct task_struct **p = NR_TASKS + task; int err, retval = 0; if (!pid) //如果是进程0 init ,用最高权限发送信号,将信号发送给当前进程所处进程组的所有进程 return(kill_pg(current->pid,sig,0)); if (pid == -1) { //如果 pid是-1,把信号发送到除了init进程外的所有进程! while (--p > &FIRST_TASK) if (err = send_sig(sig,*p,0)) retval = err; return(retval); } if (pid < 0) //如果pid<0,发送到|pid| 所处进程组的所有进程 return(kill_pg(-pid,sig,0)); /* Normal kill */ return(kill_proc(pid,sig,0)); //否则,发送到进程pid }

is_orphaned_pgrp

关于孤儿进程组的探讨

/* * Determine if a process group is "orphaned", according to the POSIX * definition in 2.2.2.52. Orphaned process groups are not to be affected * by terminal-generated stop signals. Newly orphaned process groups are * to receive a SIGHUP and a SIGCONT. * * "I ask you, have you ever known what it is to be an orphan?" */ int is_orphaned_pgrp(int pgrp) //判断是否为一个孤儿进程组 { struct task_struct **p; for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) { if (!(*p) || //如果进程不存在,下一个 ((*p)->pgrp != pgrp) || // 如果进程所处的进程组不是pgrp,下一个 ((*p)->state == TASK_ZOMBIE) || // 进程的状态是zombie,下一个 ((*p)->p_pptr->pid == 1)) //进程parent是init ,下一个 continue; if (((*p)->p_pptr->pgrp != pgrp) && //如果父进程所在的组不在pgrp,但是父进程所在的session存在 ((*p)->p_pptr->session == (*p)->session)) return 0; } return(1); /* (sighing) "Often!" */ }

has_stopped_jobs

static int has_stopped_jobs(int pgrp) //判断进程组内是否有进程处于TASK_STOPPED状态 { struct task_struct ** p; for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) { if ((*p)->pgrp != pgrp) continue; if ((*p)->state == TASK_STOPPED) return(1); } return(0); }

do_exit

volatile void do_exit(long code) { struct task_struct *p; int i; free_page_tables(get_base(current->ldt[1]),get_limit(0x0f)); free_page_tables(get_base(current->ldt[2]),get_limit(0x17)); /*这里采用的两个参数0x0f即1111B,因此他指向的段优先级为3,存储在LDT表中,索引为1。也就是当前任务段的代码段描述符。 另外一个参数0x17即10111B,因此他指向的段优先级为3,存储在LDT表中,索引为2.也就是当前任务的数及堆栈段描述符。 这样,通过get_limit(0x0f)和get_limit(0x17)就得到了当前任务代码段和数据堆栈段的长度。 因此, free_page_tables(get_base(current->ldt[1]),get_limit(0x0f)); free_page_tables(get_base(current->ldt[2]),get_limit(0x17));就释放了当前任务的代码段和数据堆栈段。*/ for (i=0 ; ifilp[i]) //filp文件结构指针表,filp[i]就是文件i被打开的ID sys_close(i); //关闭进程当前打开的文件 iput(current->pwd); //和fs inode有关系 current->pwd = NULL; //当前进程的工作目录置为NULL iput(current->root);//和fs inode有关系 current->root = NULL;//当前进程的根目录置为NULL iput(current->executable);//和fs inode有关系 current->executable = NULL;//当前进程的执行程序文件的i节点置为NULL iput(current->library);//和fs inode有关系 current->library = NULL;//当前进程的库文件置为NULL current->state = TASK_ZOMBIE; //状态置为TASK_ZOMBIE current->exit_code = code; //设置进程退出码 /* * Check to see if any process groups have become orphaned * as a result of our exiting, and if they have any stopped * jobs, send them a SIGUP and then a SIGCONT. (POSIX 3.2.2.2) * * Case i: Our father is in a different pgrp than we are * and we were the only connection outside, so our pgrp * is about to become orphaned. */ if ((current->p_pptr->pgrp != current->pgrp) && (current->p_pptr->session == current->session) && is_orphaned_pgrp(current->pgrp) && has_stopped_jobs(current->pgrp)) { //如果当前进程组是个orphaned group kill_pg(current->pgrp,SIGHUP,1); //用于只是这些进程和当前session 断开联系,我这里不是很明白为什么要发送SIGHUP 和 SIGCONT kill_pg(current->pgrp,SIGCONT,1); } /* Let father know we died */ current->p_pptr->signal |= (1<<(SIGCHLD-1)); // 告诉parent process 当前进程要挂掉鸟 /* * This loop does two things: * * A. Make init inherit all the child processes * B. Check to see if any process groups have become orphaned * as a result of our exiting, and if they have any stopped * jons, send them a SIGUP and then a SIGCONT. (POSIX 3.2.2.2) */ if (p = current->p_cptr) { //如果当前进程的child process 非空,进入if while (1) { p->p_pptr = task[1]; //让init进程领养current 进程的child 进程 if (p->state == TASK_ZOMBIE) //p进程沦为zombie task[1]->signal |= (1<<(SIGCHLD-1)); //向init进程发送SIGCHLD信号 /* * process group orphan check * Case ii: Our child is in a different pgrp * than we are, and it was the only connection * outside, so the child pgrp is now orphaned. */ if ((p->pgrp != current->pgrp) && (p->session == current->session) && is_orphaned_pgrp(p->pgrp) && has_stopped_jobs(p->pgrp)) { //判断p进程所在进程组是否是orphaned group,如果是。发送SIGHUP和SIGCONT信号 kill_pg(p->pgrp,SIGHUP,1); kill_pg(p->pgrp,SIGCONT,1); } if (p->p_osptr) { //如果p_osptr非空,则把p->p_osptr赋值给p p = p->p_osptr; continue; //下一轮循环,知道p_osptr为NULL } /* * This is it; link everything into init's children * and leave */ p->p_osptr = task[1]->p_cptr; task[1]->p_cptr->p_ysptr = p; task[1]->p_cptr = current->p_cptr; //这三句把这个child process —— p 更新为 init 进程的 最年轻的child process current->p_cptr = 0; //处理完所有的child process ,把 当前进程的p_cptr置为NULL break; //处理完了跳出while } } if (current->leader) { //如果当前进程是session leader struct task_struct **p; struct tty_struct *tty; if (current->tty >= 0) { //切断当前进程和terminal 的联系 tty = TTY_TABLE(current->tty); //tty 还没看布吉岛。。。 if (tty->pgrp>0) kill_pg(tty->pgrp, SIGHUP, 1); tty->pgrp = 0; tty->session = 0; } for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) //把所有和当前进程同一个session的进程的tty都置为-1 if ((*p)->session == current->session) (*p)->tty = -1; } if (last_task_used_math == current) //数字协处理器木有看。。。布吉岛, //但是语句的意思是上次用过协处理器的进程是当前进程的话酒吧last_task_used_math 置为NULL last_task_used_math = NULL; #ifdef DEBUG_PROC_TREE audit_ptree(); #endif schedule(); //进程调度 }

sys_exit

int sys_exit(int error_code) //系统调用sys_exit函数,通过调用do_exit 函数来实现 { do_exit((error_code&0xff)<<8); //error_code是用户程序提供的退出状态信息,只有低字节有效 //把error_code 左移八位是空出第八位供wait()和waitpid()函数使用 }

sys_waitpid


              用于挂起当前进程,知道pid指定的进程退出或者收到要求该进程终止的信号,或者是需要调用一个signal handler。如果pid 所指的进程早已退出(zombie)则本调用立刻返回。子进程的所有资源将被释放。

int sys_waitpid(pid_t pid,unsigned long * stat_addr, int options) //其实我一般都木有怎么用stat_addr 这边选项,一般我都NULL了 <—_<— //waitpid居然放在。。。exit.c 里,木有别的,只有惊奇 { int flag; struct task_struct *p; unsigned long oldblocked; verify_area(stat_addr,4); //验证stat_addr 地址处4byte 可写 repeat: flag=0; for (p = current->p_cptr ; p ; p = p->p_osptr) { if (pid>0) { if (p->pid != pid) //找到pid描述的child进程的指针 continue; } else if (!pid) { //如果pid等于0, 找到pid 所在的进程组 if (p->pgrp != current->pgrp) continue; } else if (pid != -1) { //如果pid < -1 ,找到|pid|所在的进程组 if (p->pgrp != -pid) continue; } // 如果以上判断田间都没进if去,pid = -1 ,这里不是很明白,看完fork之后回头再update switch (p->state) { case TASK_STOPPED: //如果进程p处于TASK_STOPPED状态 if (!(options & WUNTRACED) || //如果option的WUNTRACED 没有置位或者 exit_code 等于0 ,对下一个older child进行检测 !p->exit_code) continue; put_fs_long((p->exit_code << 8) | 0x7f, stat_addr);//把第一个参数写入第二个参数指向的地址 p->exit_code = 0; //正常退出 return p->pid; //返回结束child 的pid case TASK_ZOMBIE: current->cutime += p->utime; current->cstime += p->stime; //更新时间参数 flag = p->pid; put_fs_long(p->exit_code, stat_addr); //把p->exit_code 写入stat_addr release(p); //释放进程p占用的内存页 #ifdef DEBUG_PROC_TREE audit_ptree(); #endif return flag; default: flag=1; continue; } } if (flag) { //存在不处于TASK_STOPPED 和TASK_ZOMBIE状态的进程 if (options & WNOHANG) //如果WNOHANG(表示若没有子进程处于退出或者终止状态就返回)在options中置位,就立刻返回0; return 0; //一般我是不会用WNOHANG的。。。坦白的说我都没用过 current->state=TASK_INTERRUPTIBLE; //更新进程状态,置为TASK_INTERRUPTIBLE oldblocked = current->blocked; //当前进程阻塞的信号储存于oldblocked中 current->blocked &= ~(1<<(SIGCHLD-1)); //消除当前进程中的SIGCHLD信号 schedule();//进程调度 current->blocked = oldblocked; //回复原来的信号图 if (current->signal & ~(current->blocked | (1<<(SIGCHLD-1))))//如果收到了除了SIGCHLD之外的其他信号,return 挂掉 return -ERESTARTSYS; else goto repeat; //否则goto到repeat 继续重复,直到return 出去。。。。。原来是这样waitpid的啊! } return -ECHILD; //没有找到pid对应的child process,返回错误码 }



热门文章