《linux 内核完全剖析》 exit.c 代码分析笔记

exit.c 代码分析笔记

release

释放进程的函数release() 主要根据指定进程的任务数据结构指针,在任务数组中删除指定的进程指针,释放相关内存页,并立刻让内核重新调度进程的运行。

void release(struct task_struct * p) //释放p指向的进程
{
    int i;

    if (!p) //常规检测p是否为0
        return;
    if (p == current) { //不能把自己给释放了
        printk("task releasing itself\n\r");
        return;
    }
    for (i=1 ; i<NR_TASKS ; i++) //扫描所有的进程
        if (task[i]==p) { //找出p进程
            task[i]=NULL; //把p置空
            /* Update links */
            if (p->p_osptr) //调整链表
                p->p_osptr->p_ysptr = p->p_ysptr;
            if (p->p_ysptr)
                p->p_ysptr->p_osptr = p->p_osptr;
            else
                p->p_pptr->p_cptr = p->p_osptr;
            free_page((long)p); //释放p进程占用的内存页
            schedule();//任务调度
            return;
        }
    panic("trying to release non-existent task");
}

bad_task_ptr 和audit_ptree

#ifdef DEBUG_PROC_TREE //下面这部分代码是调试用的
/*
 * Check to see if a task_struct pointer is present in the task[] array
 * Return 0 if found, and 1 if not found.
 */
int bad_task_ptr(struct task_struct *p)
{
    int     i;

    if (!p)
        return 0;
    for (i=0 ; i<NR_TASKS ; i++)
        if (task[i] == p)
            return 0;
    return 1; //如果p不在task数组里面,那这个指针就有问题!
}

/*
 * This routine scans the pid tree and make sure the rep invarient still
 * holds.  Used for debugging only, since it‘s very slow....
 *
 * It looks a lot scarier than it really is.... we‘re doing ?nothing more
 * than verifying the doubly-linked list found?in p_ysptr and p_osptr,
 * and checking it corresponds with the process tree defined by p_cptr and
 * p_pptr;
 */
void audit_ptree() //其实不难,就是打印进程树的相关信息,方便调试用
{
    int    i;

    for (i=1 ; i<NR_TASKS ; i++) {
        if (!task[i])
            continue;
        if (bad_task_ptr(task[i]->p_pptr))
            printk("Warning, pid %d‘s parent link is bad\n",
                task[i]->pid);
        if (bad_task_ptr(task[i]->p_cptr))
            printk("Warning, pid %d‘s child link is bad\n",
                task[i]->pid);
        if (bad_task_ptr(task[i]->p_ysptr))
            printk("Warning, pid %d‘s ys link is bad\n",
                task[i]->pid);
        if (bad_task_ptr(task[i]->p_osptr))
            printk("Warning, pid %d‘s os link is bad\n",
                task[i]->pid);
        if (task[i]->p_pptr == task[i])
            printk("Warning, pid %d parent link points to self\n");
        if (task[i]->p_cptr == task[i])
            printk("Warning, pid %d child link points to self\n");
        if (task[i]->p_ysptr == task[i])
            printk("Warning, pid %d ys link points to self\n");
        if (task[i]->p_osptr == task[i])
            printk("Warning, pid %d os link points to self\n");
        if (task[i]->p_osptr) {
            if (task[i]->p_pptr != task[i]->p_osptr->p_pptr)
                printk(
            "Warning, pid %d older sibling %d parent is %d\n",
                task[i]->pid, task[i]->p_osptr->pid,
                task[i]->p_osptr->p_pptr->pid);
            if (task[i]->p_osptr->p_ysptr != task[i])
                printk(
        "Warning, pid %d older sibling %d has mismatched ys link\n",
                task[i]->pid, task[i]->p_osptr->pid);
        }
        if (task[i]->p_ysptr) {
            if (task[i]->p_pptr != task[i]->p_ysptr->p_pptr)
                printk(
            "Warning, pid %d younger sibling %d parent is %d\n",
                task[i]->pid, task[i]->p_osptr->pid,
                task[i]->p_osptr->p_pptr->pid);
            if (task[i]->p_ysptr->p_osptr != task[i])
                printk(
        "Warning, pid %d younger sibling %d has mismatched os link\n",
                task[i]->pid, task[i]->p_ysptr->pid);
        }
        if (task[i]->p_cptr) {
            if (task[i]->p_cptr->p_pptr != task[i])
                printk(
            "Warning, pid %d youngest child %d has mismatched parent link\n",
                task[i]->pid, task[i]->p_cptr->pid);
            if (task[i]->p_cptr->p_ysptr)
                printk(
            "Warning, pid %d youngest child %d has non-NULL ys link\n",
                task[i]->pid, task[i]->p_cptr->pid);
        }
    }
}
#endif /* DEBUG_PROC_TREE */

send_sig

static inline int send_sig(long sig,struct task_struct * p,int priv) //给进程p,发送信号。priv 是强制发送信号的标识
{
    if (!p) //常规的p非空检测
        return -EINVAL;
    if (!priv && (current->euid!=p->euid) && !suser())
    //如果不具有超级用户权限,又不是当前session里面的进程,且没有强制发送信号,进入if,return
        return -EPERM;
    if ((sig == SIGKILL) || (sig == SIGCONT)) { //如果要发送的信号是SIGKILL或者SIGCONT
        if (p->state == TASK_STOPPED) //如果当前进程处于stop状态,则将其置于TASK_RUNNING状态
            p->state = TASK_RUNNING;
        p->exit_code = 0;
        p->signal &= ~( (1<<(SIGSTOP-1)) | (1<<(SIGTSTP-1)) |
                (1<<(SIGTTIN-1)) | (1<<(SIGTTOU-1)) ); //消除SIGSTOP SIGTSTP SIGTTIN SIGTTOU
    }
    /* If the signal will be ignored, don‘t even post it */
    if ((int) p->sigaction[sig-1].sa_handler == 1) //如果handler是 ignore 就不要送信号鸟。。
        return 0;
    /* Depends on order SIGSTOP, SIGTSTP, SIGTTIN, SIGTTOU */
    if ((sig >= SIGSTOP) && (sig <= SIGTTOU))
    //如果信号含有 SIGSTOP, SIGTSTP, SIGTTIN, SIGTTOU其中任何信号,那么就消除SIGCONT信号
        p->signal &= ~(1<<(SIGCONT-1));
    /* Actually deliver the signal */
    p->signal |= (1<<(sig-1)); //最后这里才把信号写入信号变量
    return 0;
}

session_of_pgrp

int session_of_pgrp(int pgrp) //获取process group的session ID ,没有找到返回-1
{
    struct task_struct **p;

     for (p = &LAST_TASK ; p > &FIRST_TASK ; --p)
        if ((*p)->pgrp == pgrp)
            return((*p)->session);
    return -1;
}

kill_pg

int kill_pg(int pgrp, int sig, int priv) //给指定的进程组发送信号
{
    struct task_struct **p;
    int err,retval = -ESRCH; //指定的进程不存在
    int found = 0;

    if (sig<1 || sig>32 || pgrp<=0)
        return -EINVAL;
     for (p = &LAST_TASK ; p > &FIRST_TASK ; --p)
        if ((*p)->pgrp == pgrp) { //对每一个属于process group的进程发送信号sig
            if (sig && (err = send_sig(sig,*p,priv)))
                retval = err;
            else
                found++;
        }
    return(found ? 0 : retval);
}

kill_proc

int kill_proc(int pid, int sig, int priv) //给指定进程发送信号
{
     struct task_struct **p;

    if (sig<1 || sig>32)
        return -EINVAL;
    for (p = &LAST_TASK ; p > &FIRST_TASK ; --p)
        if ((*p)->pid == pid)
            return(sig ? send_sig(sig,*p,priv) : 0);
    return(-ESRCH);
}

sys_kill

系统调用sys_kill 用于项进程发送任何指定的信号,根据参数pid不同的数值,该系统调用会向不同的进或进程组发送信号。

/*
 * POSIX specifies that kill(-1,sig) is unspecified, but what we have
 * is probably wrong.  Should make it like BSD or SYSV.
 */
int sys_kill(int pid,int sig)
{
    struct task_struct **p = NR_TASKS + task;
    int err, retval = 0;

    if (!pid) //如果是进程0 init ,用最高权限发送信号,将信号发送给当前进程所处进程组的所有进程
        return(kill_pg(current->pid,sig,0));
    if (pid == -1) { //如果 pid是-1,把信号发送到除了init进程外的所有进程!
        while (--p > &FIRST_TASK)
            if (err = send_sig(sig,*p,0))
                retval = err;
        return(retval);
    }
    if (pid < 0) //如果pid<0,发送到|pid| 所处进程组的所有进程
        return(kill_pg(-pid,sig,0));
    /* Normal kill */
    return(kill_proc(pid,sig,0)); //否则,发送到进程pid
}

is_orphaned_pgrp

关于孤儿进程组的探讨

/*
 * Determine if a process group is "orphaned", according to the POSIX
 * definition in 2.2.2.52.  Orphaned process groups are not to be affected
 * by terminal-generated stop signals.  Newly orphaned process groups are
 * to receive a SIGHUP and a SIGCONT.
 *
 * "I ask you, have you ever known what it is to be an orphan?"
 */
int is_orphaned_pgrp(int pgrp) //判断是否为一个孤儿进程组
{
    struct task_struct **p;

    for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) {
        if (!(*p) || //如果进程不存在,下一个
            ((*p)->pgrp != pgrp) ||  // 如果进程所处的进程组不是pgrp,下一个
            ((*p)->state == TASK_ZOMBIE) || // 进程的状态是zombie,下一个
            ((*p)->p_pptr->pid == 1)) //进程parent是init ,下一个
            continue;
        if (((*p)->p_pptr->pgrp != pgrp) && //如果父进程所在的组不在pgrp,但是父进程所在的session存在
            ((*p)->p_pptr->session == (*p)->session))
            return 0;
    }
    return(1);    /* (sighing) "Often!" */
}

has_stopped_jobs

static int has_stopped_jobs(int pgrp) //判断进程组内是否有进程处于TASK_STOPPED状态
{
    struct task_struct ** p;

    for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) {
        if ((*p)->pgrp != pgrp)
            continue;
        if ((*p)->state == TASK_STOPPED)
            return(1);
    }
    return(0);
}

do_exit

volatile void do_exit(long code)
{
    struct task_struct *p;
    int i;

    free_page_tables(get_base(current->ldt[1]),get_limit(0x0f));
    free_page_tables(get_base(current->ldt[2]),get_limit(0x17));
    /*这里采用的两个参数0x0f即1111B,因此他指向的段优先级为3,存储在LDT表中,索引为1。也就是当前任务段的代码段描述符。

另外一个参数0x17即10111B,因此他指向的段优先级为3,存储在LDT表中,索引为2.也就是当前任务的数及堆栈段描述符。

这样,通过get_limit(0x0f)和get_limit(0x17)就得到了当前任务代码段和数据堆栈段的长度。

因此,
free_page_tables(get_base(current->ldt[1]),get_limit(0x0f));
free_page_tables(get_base(current->ldt[2]),get_limit(0x17));就释放了当前任务的代码段和数据堆栈段。*/
    for (i=0 ; i<NR_OPEN ; i++)
        if (current->filp[i]) //filp文件结构指针表,filp[i]就是文件i被打开的ID
            sys_close(i); //关闭进程当前打开的文件
    iput(current->pwd); //和fs inode有关系
    current->pwd = NULL; //当前进程的工作目录置为NULL
    iput(current->root);//和fs inode有关系
    current->root = NULL;//当前进程的根目录置为NULL
    iput(current->executable);//和fs inode有关系
    current->executable = NULL;//当前进程的执行程序文件的i节点置为NULL
    iput(current->library);//和fs inode有关系
    current->library = NULL;//当前进程的库文件置为NULL
    current->state = TASK_ZOMBIE; //状态置为TASK_ZOMBIE
    current->exit_code = code; //设置进程退出码
    /*
     * Check to see if any process groups have become orphaned
     * as a result of our exiting, and if they have any stopped
     * jobs, send them a SIGUP and then a SIGCONT.  (POSIX 3.2.2.2)
     *
     * Case i: Our father is in a different pgrp than we are
     * and we were the only connection outside, so our pgrp
     * is about to become orphaned.
      */
    if ((current->p_pptr->pgrp != current->pgrp) &&
        (current->p_pptr->session == current->session) &&
        is_orphaned_pgrp(current->pgrp) &&
        has_stopped_jobs(current->pgrp)) { //如果当前进程组是个orphaned group
        kill_pg(current->pgrp,SIGHUP,1);
        //用于只是这些进程和当前session 断开联系,我这里不是很明白为什么要发送SIGHUP 和 SIGCONT
        kill_pg(current->pgrp,SIGCONT,1);
    }
    /* Let father know we died */
    current->p_pptr->signal |= (1<<(SIGCHLD-1)); // 告诉parent process 当前进程要挂掉鸟

    /*
     * This loop does two things:
     *
       * A.  Make init inherit all the child processes
     * B.  Check to see if any process groups have become orphaned
     *    as a result of our exiting, and if they have any stopped
     *    jons, send them a SIGUP and then a SIGCONT.  (POSIX 3.2.2.2)
     */
    if (p = current->p_cptr) { //如果当前进程的child process 非空,进入if
        while (1) {
            p->p_pptr = task[1]; //让init进程领养current 进程的child 进程
            if (p->state == TASK_ZOMBIE) //p进程沦为zombie
                task[1]->signal |= (1<<(SIGCHLD-1)); //向init进程发送SIGCHLD信号
            /*
             * process group orphan check
             * Case ii: Our child is in a different pgrp
             * than we are, and it was the only connection
             * outside, so the child pgrp is now orphaned.
             */
            if ((p->pgrp != current->pgrp) &&
                (p->session == current->session) &&
                is_orphaned_pgrp(p->pgrp) &&
                has_stopped_jobs(p->pgrp)) {
                //判断p进程所在进程组是否是orphaned group,如果是。发送SIGHUP和SIGCONT信号
                kill_pg(p->pgrp,SIGHUP,1);
                kill_pg(p->pgrp,SIGCONT,1);
            }
            if (p->p_osptr) { //如果p_osptr非空,则把p->p_osptr赋值给p
                p = p->p_osptr;
                continue; //下一轮循环,知道p_osptr为NULL
            }
            /*
             * This is it; link everything into init‘s children
             * and leave
             */
            p->p_osptr = task[1]->p_cptr;
            task[1]->p_cptr->p_ysptr = p;
            task[1]->p_cptr = current->p_cptr; //这三句把这个child process —— p 更新为 init 进程的 最年轻的child process
            current->p_cptr = 0; //处理完所有的child process ,把 当前进程的p_cptr置为NULL
            break; //处理完了跳出while
        }
    }
    if (current->leader) { //如果当前进程是session leader
        struct task_struct **p;
        struct tty_struct *tty;

        if (current->tty >= 0) { //切断当前进程和terminal 的联系
            tty = TTY_TABLE(current->tty); //tty 还没看布吉岛。。。
            if (tty->pgrp>0)
                kill_pg(tty->pgrp, SIGHUP, 1);
            tty->pgrp = 0;
            tty->session = 0;
        }
         for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) //把所有和当前进程同一个session的进程的tty都置为-1
            if ((*p)->session == current->session)
                (*p)->tty = -1;
    }
    if (last_task_used_math == current)
    //数字协处理器木有看。。。布吉岛,
    //但是语句的意思是上次用过协处理器的进程是当前进程的话酒吧last_task_used_math 置为NULL
        last_task_used_math = NULL;
#ifdef DEBUG_PROC_TREE
    audit_ptree();
#endif
    schedule(); //进程调度
}

sys_exit

int sys_exit(int error_code) //系统调用sys_exit函数,通过调用do_exit 函数来实现
{
    do_exit((error_code&0xff)<<8);
    //error_code是用户程序提供的退出状态信息,只有低字节有效
    //把error_code 左移八位是空出第八位供wait()和waitpid()函数使用
}

sys_waitpid

用于挂起当前进程,知道pid指定的进程退出或者收到要求该进程终止的信号,或者是需要调用一个signal handler。如果pid 所指的进程早已退出(zombie)则本调用立刻返回。子进程的所有资源将被释放。

int sys_waitpid(pid_t pid,unsigned long * stat_addr, int options)

  //其实我一般都木有怎么用stat_addr 这边选项,一般我都NULL了 <—_<—
//waitpid居然放在。。。exit.c 里,木有别的,只有惊奇
{
    int flag;
    struct task_struct *p;
    unsigned long oldblocked;

    verify_area(stat_addr,4); //验证stat_addr 地址处4byte 可写
repeat:
    flag=0;
    for (p = current->p_cptr ; p ; p = p->p_osptr) {
        if (pid>0) {
            if (p->pid != pid) //找到pid描述的child进程的指针
                continue;
        } else if (!pid) { //如果pid等于0, 找到pid 所在的进程组
            if (p->pgrp != current->pgrp)
                continue;
        } else if (pid != -1) {   //如果pid < -1 ,找到|pid|所在的进程组
            if (p->pgrp != -pid)
                continue;
        }
        // 如果以上判断田间都没进if去,pid = -1 ,这里不是很明白,看完fork之后回头再update
        switch (p->state) {
            case TASK_STOPPED: //如果进程p处于TASK_STOPPED状态
                if (!(options & WUNTRACED) ||  //如果option的WUNTRACED 没有置位或者 exit_code 等于0 ,对下一个older child进行检测
                    !p->exit_code)
                    continue;
                put_fs_long((p->exit_code << 8) | 0x7f,
                    stat_addr);//把第一个参数写入第二个参数指向的地址
                p->exit_code = 0; //正常退出
                return p->pid; //返回结束child 的pid
            case TASK_ZOMBIE:
                current->cutime += p->utime;
                current->cstime += p->stime; //更新时间参数
                flag = p->pid;
                put_fs_long(p->exit_code, stat_addr); //把p->exit_code 写入stat_addr
                release(p); //释放进程p占用的内存页
#ifdef DEBUG_PROC_TREE
                audit_ptree();
#endif
                return flag;
            default:
                flag=1;
                continue;
        }
    }
    if (flag) { //存在不处于TASK_STOPPED 和TASK_ZOMBIE状态的进程
        if (options & WNOHANG) //如果WNOHANG(表示若没有子进程处于退出或者终止状态就返回)在options中置位,就立刻返回0;
            return 0; //一般我是不会用WNOHANG的。。。坦白的说我都没用过
        current->state=TASK_INTERRUPTIBLE; //更新进程状态,置为TASK_INTERRUPTIBLE
        oldblocked = current->blocked; //当前进程阻塞的信号储存于oldblocked中
        current->blocked &= ~(1<<(SIGCHLD-1)); //消除当前进程中的SIGCHLD信号
        schedule();//进程调度
        current->blocked = oldblocked; //回复原来的信号图
        if (current->signal & ~(current->blocked | (1<<(SIGCHLD-1))))//如果收到了除了SIGCHLD之外的其他信号,return 挂掉
            return -ERESTARTSYS;
        else
            goto repeat; //否则goto到repeat 继续重复,直到return 出去。。。。。原来是这样waitpid的啊!
    }
    return -ECHILD; //没有找到pid对应的child process,返回错误码
}

《linux 内核完全剖析》 exit.c 代码分析笔记,布布扣,bubuko.com

时间: 05-05

《linux 内核完全剖析》 exit.c 代码分析笔记的相关文章

《linux 内核完全剖析》 void free_page() 分析

最近在做项目开发时用到了MySql数据库,在看了一些有关MySql的文章后,很快就上手使用了.在使用的过程中还是出现了一些问题,因为使用的是绿色免安装版的MySql所以在配置的时候出现了一些问题,该篇文章就主要针对MySql绿色版的配置及其使用进行讨论. 一.MySql概述 MySql数据库是有瑞典MySql AB公司开发,现在该公司被Oracle收购属于Oracle所有.同SQL Server类似,它也是基于关系型数据库的数据库管理系统,在Web应用方面MySQL是最好的RDBMS之一,因为它

《linux 内核完全剖析》 keyboard.S 部分代码分析(key_map)

keyboard.S 部分代码分析(key_map) keyboard中间有这么一段,我一开始没看明白,究竟啥意思 key_map: .byte 0,27 .ascii "1234567890-=" .byte 127,9 .ascii "qwertyuiop[]" .byte 13,0 .ascii "asdfghjkl;'" .byte '`,0 .ascii "\\zxcvbnm,./" .byte 0,'*,0,32

《linux 内核完全剖析》 笔记 由逻辑地址转换成线性地址代码分析

一开始由这段代码引发的纠结 get_base(current->ldt[1]) 下面是各个相关的代码,摘自不同的header files... current是指向当前task的指针 struct desc_struct ldt[3]; struct desc_struct { unsigned long a,b; } ; #define _get_base(addr) ({unsigned long __base; __asm__("movb %3,%%dh\n\t" &quo

《linux 内核完全剖析》 fork.c 代码分析笔记

fork.c 代码分析笔记 verifiy_area long last_pid=0; //全局变量,用来记录目前最大的pid数值 void verify_area(void * addr,int size) // addr 是虚拟地址 ,size是需要写入的字节大小 { unsigned long start; start = (unsigned long) addr; //把地址强制类型转换之后,赋值给start size += start & 0xfff; //取addr在当前虚拟地址中4

《linux 内核完全剖析》sched.c sched.h 代码分析笔记

sched.c sched.h 代码分析笔记 首先上header file sched.h #ifndef _SCHED_H #define _SCHED_H #define HZ 100 #define NR_TASKS 64 #define TASK_SIZE 0x04000000 #define LIBRARY_SIZE 0x00400000 #if (TASK_SIZE & 0x3fffff) #error "TASK_SIZE must be multiple of 4M&qu

《linux 内核完全剖析》 signal.c 代码分析笔记

signal.c 代码分析笔记 sgetmask int sys_sgetmask()// 获取当前进程阻塞的信号 { returncurrent->blocked; } sys_ssetmask int sys_ssetmask(int newmask) //设置当前进程阻塞信号,确保SIGKILL 和SIGSTOP不被阻塞 { int old=current->blocked; current->blocked= newmask & ~(1<<(SIGKILL-1

《linux 内核完全剖析》 sys.c 代码分析

sys.c 代码分析 setregid /* * This is done BSD-style, with no consideration of the saved gid, except * that if you set the effective gid, it sets the saved gid too. This * makes it possible for a setgid program to completely drop its privileges, * which i

《linux 内核完全剖析》 笔记 CODE_SPACE 宏定义分析

在memory.c里面,遇到一个宏定义,如下: #define CODE_SPACE(addr) ((((addr)+4095)&~4095) < current->start_code + current->end_code) 看的第一眼,不知道,第二眼,还是不知道,纠结了半天还是不知道. 睡了一晚,今天早上再看,嘿嘿,居然看懂了... 这个宏定义用于判断给定的addr线性地址是否位于当前进程的代码段中. 4095 = 0xFFF; addr+4095的作用是将位于0~4095

《linux 内核完全剖析》 chapter 8 内核代码

求n内与n互质的数有多少个. 欧拉函数就是为这个而生的. 如果对欧拉函数不是很了解的话,可以看看这个http://zh.wikipedia.org/wiki/%E6%AC%A7%E6%8B%89%E5%87%BD%E6%95%B0 我们有了上一篇埃氏筛法求素数之后,我们求这个就简单了. 具体用法就是这个函数 用最后这个公式.n可以写成 我们先来求得2到sqrt(n)的素数然后来将n化成的形式 中间如果n能整除p的话就要带入公式了.这样我们就求得最后结果了. #include<iostream>