linux 1.0 内核注解 linux/mm/memory.c
时间:2009-03-15 来源:taozhijiangscu
/********************************************
*Created By: 陶治江
*Date: 2009-3-15
********************************************/
#include <asm/system.h>
#include <linux/config.h> #include <linux/signal.h>
#include <linux/sched.h>
#include <linux/head.h>
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/types.h>
#include <linux/ptrace.h>
#include <linux/mman.h> unsigned long high_memory = 0; extern unsigned long pg0[1024]; /* page table for 0-4MB for everybody */ extern void sound_mem_init(void);
extern void die_if_kernel(char *,struct pt_regs *,long); int nr_swap_pages = 0;
int nr_free_pages = 0;
unsigned long free_page_list = 0;
/*
* The secondary free_page_list is used for malloc() etc things that
* may need pages during interrupts etc. Normal get_free_page() operations
* don't touch it, so it stays as a kind of "panic-list", that can be
* accessed when all other mm tricks have failed.
*/
int nr_secondary_pages = 0;
unsigned long secondary_page_list = 0; //页复制
#define copy_page(from,to) \
__asm__("cld ; rep ; movsl"
:
:"S" (from),"D" (to),"c" (1024)
:"cx","di","si") //进行内存位图的设置,这里升级为了short类型了!
unsigned short * mem_map = NULL; //检测addr是否在任务p的代码段中
#define CODE_SPACE(addr,p) ((addr) < (p)->end_code) //没有内存,进程失败
void oom(struct task_struct * task)
{
printk("\nout of memory\n");
task->sigaction[SIGKILL-1].sa_handler = NULL;
task->blocked &= ~(1<<(SIGKILL-1)); //屏蔽所有的信号(当然SIGKILL除外)
send_sig(SIGKILL,task,1); //强制发送杀死信号杀死该进程
} //#define MAP_NR(addr) ((addr) >> PAGE_SHIFT)
//PAGE_SHIFT=12 //释放一个目录项对应的整个页表
static void free_one_table(unsigned long * page_dir)
{
int j;
unsigned long pg_table = *page_dir;
unsigned long * page_table; if (!pg_table)
return;
*page_dir = 0; //释放本目录项,并查看页是否存在
//需要搞清楚的概念是页目录项的P和页表项的P位是不同的含义的
//页目录项的P表示是否下一级的页表是否合法,而页表的P表示
//页是否被交换到了硬盘中了
if (pg_table >= high_memory || !(pg_table & PAGE_PRESENT)) {
printk("Bad page table: [%p]=%08lx\n",page_dir,pg_table);
return;
}
//MAP_NR就是将地址进行页对齐得到的索引号
if (mem_map[MAP_NR(pg_table)] & MAP_PAGE_RESERVED)
return;
page_table = (unsigned long *) (pg_table & PAGE_MASK); //页表都是一页的,所以要页对齐
for (j = 0 ; j < PTRS_PER_PAGE ; j++,page_table++) { //1024项
unsigned long pg = *page_table;
if (!pg)
continue;
*page_table = 0;
if (pg & PAGE_PRESENT)
free_page(PAGE_MASK & pg);
else
swap_free(pg); //可能是交换到物理内存中再释放
}
free_page(PAGE_MASK & pg_table);//本身页表进行释放
} //?
void clear_page_tables(struct task_struct * tsk)
{
int i;
unsigned long pg_dir;
unsigned long * page_dir;
if (!tsk)
return;
if (tsk == task[0])
panic("task[0] (swapper) doesn't support exec()\n");
//用户的任务的页目录基址寄存器,资料说最后的256项都是一样的,
//指向的是内核的页表,而内核的页表只有一份
pg_dir = tsk->tss.cr3;
page_dir = (unsigned long *) pg_dir;
if (!page_dir || page_dir == swapper_pg_dir) {
printk("Trying to clear kernel page-directory: not good\n");
return;
}
if (mem_map[MAP_NR(pg_dir)] > 1) { //表示被多个进程所共享
unsigned long * new_pg; if (!(new_pg = (unsigned long*) get_free_page(GFP_KERNEL))) {
oom(tsk);
return;
}
//前面的注视说:“it just removes the user pages”
//或许这里就是保留了内核的页表,而用户的页表被抛弃了
for (i = 768 ; i < 1024 ; i++)
new_pg[i] = page_dir[i];
free_page(pg_dir);
tsk->tss.cr3 = (unsigned long) new_pg; //就是将前768项全部清空吧
return;
}
//这里表示没有被共享,那么就直接对用户空间的页表的内存进行释放
for (i = 0 ; i < 768 ; i++,page_dir++)
free_one_table(page_dir);
invalidate();
return;
}
//??
//释放一个任务的页目录中的所有的页表,特别是在进程退出的时候
void free_page_tables(struct task_struct * tsk)
{
int i;
unsigned long pg_dir;
unsigned long * page_dir; if (!tsk)
return;
if (tsk == task[0]) {
printk("task[0] (swapper) killed: unable to recover\n");
panic("Trying to free up swapper memory space");
}
pg_dir = tsk->tss.cr3;
if (!pg_dir || pg_dir == (unsigned long) swapper_pg_dir) {
printk("Trying to free kernel page-directory: not good\n");
return;
}
//临时页全局目录,呃,或许这就是一个媒介的作用
//这个函数的参数可以传递的任务可能是current
tsk->tss.cr3 = (unsigned long) swapper_pg_dir;
if (tsk == current)
__asm__ __volatile__
("movl %0,%%cr3" //如果是当前目录,就需要加载cr3寄存器了
:
:"a" (tsk->tss.cr3));
if (mem_map[MAP_NR(pg_dir)] > 1) { //共享
free_page(pg_dir);
return;
}
page_dir = (unsigned long *) pg_dir;
for (i = 0 ; i < PTRS_PER_PAGE ; i++,page_dir++)
free_one_table(page_dir); //释放一个页目录项所指向的整个页表的地址
free_page(pg_dir); //本页目录页面
invalidate();
} //将当前进程的页目录地址复制给tsk进程
int clone_page_tables(struct task_struct * tsk)
{
unsigned long pg_dir; pg_dir = current->tss.cr3;
mem_map[MAP_NR(pg_dir)]++; //只是进行共享操作啦
tsk->tss.cr3 = pg_dir;
return 0;
} //将当前任务的页目录的所有的页表拷贝给tsk任务
int copy_page_tables(struct task_struct * tsk)
{
int i;
unsigned long old_pg_dir, *old_page_dir;
unsigned long new_pg_dir, *new_page_dir; if (!(new_pg_dir = get_free_page(GFP_KERNEL)))
return -ENOMEM;
old_pg_dir = current->tss.cr3;
tsk->tss.cr3 = new_pg_dir;
old_page_dir = (unsigned long *) old_pg_dir;
new_page_dir = (unsigned long *) new_pg_dir;
for (i = 0 ; i < PTRS_PER_PAGE ; i++,old_page_dir++,new_page_dir++) {
int j;
unsigned long old_pg_table, *old_page_table;
unsigned long new_pg_table, *new_page_table; old_pg_table = *old_page_dir; //取得页目录项指向的页表的地址
if (!old_pg_table)
continue;
//呃,页目录项显示存在但是页表不存在
if (old_pg_table >= high_memory || !(old_pg_table & PAGE_PRESENT)) {
printk("copy_page_tables: bad page table: "
"probable memory corruption");
*old_page_dir = 0;
continue;
}
if (mem_map[MAP_NR(old_pg_table)] & MAP_PAGE_RESERVED) {
//MAP_PAGE_RESERVED,说明是共享的页表,这里就不复制而直接共享了
*new_page_dir = old_pg_table;
continue;
}
//这里说明需要分配一块新的内存来存放复制的页表了
if (!(new_pg_table = get_free_page(GFP_KERNEL))) {
free_page_tables(tsk);
return -ENOMEM;
}
old_page_table = (unsigned long *) (PAGE_MASK & old_pg_table);
new_page_table = (unsigned long *) (PAGE_MASK & new_pg_table);
//进行页表数据的复制了
for (j = 0 ; j < PTRS_PER_PAGE ; j++,old_page_table++,new_page_table++) {
unsigned long pg;
pg = *old_page_table;
if (!pg)
continue;
if (!(pg & PAGE_PRESENT)) { //这里不存在,说明是被交换出内存了
//就调用特定的复制方法了
*new_page_table = swap_duplicate(pg);
continue;
}
//这里可能就是进行了写保护机制的,当对不可写的页面进行写入操作的时候
//就会导致异常,然后异常中进行处理
if ((pg & (PAGE_RW | PAGE_COW)) == (PAGE_RW | PAGE_COW))
pg &= ~PAGE_RW;
//复制了,这里只是页表项的简单赋值,是否真的要复制内容,需要以后再看
*new_page_table = pg;
//保留的,共享类型的
if (mem_map[MAP_NR(pg)] & MAP_PAGE_RESERVED)
continue;
//呃,怎么说呢,上面可能对pg进行了改变了,这里需要进行还原吧
*old_page_table = pg;
mem_map[MAP_NR(pg)]++;
}
*new_page_dir = new_pg_table | PAGE_TABLE;
}
invalidate();
return 0;
} /*
* a more complete version of free_page_tables which performs with page
* granularity.
*/
//传递的参数from必须是页对齐的
int unmap_page_range(unsigned long from, unsigned long size)
{
unsigned long page, page_dir;
unsigned long *page_table, *dir;
unsigned long poff, pcnt, pc; if (from & ~PAGE_MASK) {
printk("unmap_page_range called with wrong alignment\n");
return -EINVAL;
}
size = (size + ~PAGE_MASK) >> PAGE_SHIFT; //将尺寸转换为页面数
// to find an entry in a page-table-directory
//#define PAGE_DIR_OFFSET(base,address) ((unsigned long*)((base)+\
//((unsigned long)(address)>>(PAGE_SHIFT-SIZEOF_PTR_LOG2)*2&PTR_MASK&~PAGE_MASK)))
//base + from>>((12-2)*2) & (~3) & (0xfff)
//from>>20位,剩12位,&~3,刚好是一页中的页表项的偏移啊
//注意的是页目录项的索引的索取方式同页表项的索取方式是不一样的~~~
dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
//得到具体的项的索引值
poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
//这里的pcnt就是一个页面中的可以剩余的项
if ((pcnt = PTRS_PER_PAGE - poff) > size)
pcnt = size; //可能不足一页就进行整页的操作 for ( ; size > 0; ++dir, size -= pcnt,
pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size)) {
if (!(page_dir = *dir)) {
poff = 0;
continue;
}
if (!(page_dir & PAGE_PRESENT)) {
printk("unmap_page_range: bad page directory.");
continue;
}
page_table = (unsigned long *)(PAGE_MASK & page_dir); //页目录项得到的也表地址
if (poff) { //poff是在页表中的偏移地址,当然如果是整个页表的话就是0了
page_table += poff;
poff = 0;
}
//下面进行释放操作了
for (pc = pcnt; pc--; page_table++) {
if ((page = *page_table) != 0) {
*page_table = 0; //页表项先复位
//存在
if (1 & page) {
if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED)) //可能这里表示能实际的释放
//内存页面了,进行计数的减少
// unsigned short rss; /* number of resident pages */
if (current->rss > 0)
--current->rss;
free_page(PAGE_MASK & page);
} else //不在物理内存
swap_free(page);
}
}
if (pcnt == PTRS_PER_PAGE) { //如果是整个页表的释放,页目录项也要释放!!
*dir = 0;
free_page(PAGE_MASK & page_dir);
}
}
invalidate();
return 0;
} //就是将from-size范围的内存进行释放,然后设置原先映射的页表
//的页表项为mask + ZERO_PAGE,好像mask的
//值只能是PAGE_PRESENT哦 :-(
//估计这个函数的作用就是将页目录项设置成存在,但是对应的
//页表的项全部清空吧
int zeromap_page_range(unsigned long from, unsigned long size, int mask)
{
unsigned long *page_table, *dir;
unsigned long poff, pcnt;
unsigned long page; if (mask) {
if ((mask & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT) { //存在,但是不能有其他标志
printk("zeromap_page_range: mask = %08x\n",mask);
return -EINVAL;
}
mask |= ZERO_PAGE;
}
if (from & ~PAGE_MASK) { //需要页对齐
printk("zeromap_page_range: from = %08lx\n",from);
return -EINVAL;
}
//下面的定位方法基本同上面差不多
dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if ((pcnt = PTRS_PER_PAGE - poff) > size)
pcnt = size; while (size > 0) {
if (!(PAGE_PRESENT & *dir))
{ //没有进行页表映射,分配新的页表
/* clear page needed here? SRB. */
if (!(page_table = (unsigned long*) get_free_page(GFP_KERNEL))) {
invalidate();
return -ENOMEM;
}
if (PAGE_PRESENT & *dir) { //呃,能被执行到吗??
free_page((unsigned long) page_table);
page_table = (unsigned long *)(PAGE_MASK & *dir++);
} else //OK set it
//#define PAGE_TABLE (PAGE_PRESENT | PAGE_RW | PAGE_USER | PAGE_ACCESSED)
*dir++ = ((unsigned long) page_table) | PAGE_TABLE;
}
else //原来的页表存在的,取值
page_table = (unsigned long *)(PAGE_MASK & *dir++);
page_table += poff;
poff = 0;
for (size -= pcnt; pcnt-- ;)
{
//页表项对应的页面,如果存在,就进行释放!
if ((page = *page_table) != 0)
{
*page_table = 0;
if (page & PAGE_PRESENT)
{
if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
if (current->rss > 0)
--current->rss;
free_page(PAGE_MASK & page);
} else
swap_free(page);
}
*page_table++ = mask; //将页表项设置为mask值
}
pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size);
}
invalidate();
return 0;
} //把size大小的内存从from映射到to,原先的映射将被删除调
int remap_page_range(unsigned long from, unsigned long to, unsigned long size, int mask)
{
unsigned long *page_table, *dir;
unsigned long poff, pcnt;
unsigned long page; if (mask) {
if ((mask & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT) {
printk("remap_page_range: mask = %08x\n",mask);
return -EINVAL;
}
}
//看来这里的from和to都必须进行页对齐啊!!
//因为下面的size也进行“页对齐”了
if ((from & ~PAGE_MASK) || (to & ~PAGE_MASK)) {
printk("remap_page_range: from = %08lx, to=%08lx\n",from,to);
return -EINVAL;
}
dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if ((pcnt = PTRS_PER_PAGE - poff) > size)
pcnt = size; while (size > 0)
{
//页目录项不存在,分配一块内存作为页表
if (!(PAGE_PRESENT & *dir)) {
/* clearing page here, needed? SRB. */
if (!(page_table = (unsigned long*) get_free_page(GFP_KERNEL))) {
invalidate();
return -1;
}
*dir++ = ((unsigned long) page_table) | PAGE_TABLE;
}
else
page_table = (unsigned long *)(PAGE_MASK & *dir++);
if (poff) {
page_table += poff;
poff = 0;
} //老样子,内存的释放!!
//这里是老的映射关系的解除
for (size -= pcnt; pcnt-- ;) {
if ((page = *page_table) != 0)
{
*page_table = 0;
if (PAGE_PRESENT & page) {
if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
if (current->rss > 0)
--current->rss;
free_page(PAGE_MASK & page);
} else
swap_free(page);
} /*
* the first condition should return an invalid access
* when the page is referenced. current assumptions
* cause it to be treated as demand allocation in some
* cases.
*/
if (!mask) //mask==0
*page_table++ = 0; /* not present */
else if (to >= high_memory)
*page_table++ = (to | mask);
else if (!mem_map[MAP_NR(to)])
*page_table++ = 0; /* not present */
else {
*page_table++ = (to | mask);
if (!(mem_map[MAP_NR(to)] & MAP_PAGE_RESERVED)) { //呃,如果不是共享的
++current->rss; //就是活动的页面了啊!
mem_map[MAP_NR(to)]++;
}
}
to += PAGE_SIZE; //这里to需要手动设置,而from只是指明开始~~
}
pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size);
}
invalidate();
return 0;
} //将线性地址(address)一页的内存放到指定的主存区,返回的是实际得到的页的物理地址(page)
//主要是对映射关系进行设置,返回0表示失败
unsigned long put_page(struct task_struct * tsk,unsigned long page,
unsigned long address,int prot)
{
unsigned long *page_table; if ((prot & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT)
printk("put_page: prot = %08x\n",prot);
if (page >= high_memory) { //destination
printk("put_page: trying to put page %08lx at %08lx\n",page,address);
return 0; //err
}
page_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
//源线性地址的页面对应的页表必须存在
if ((*page_table) & PAGE_PRESENT)
page_table = (unsigned long *) (PAGE_MASK & *page_table);
else {
printk("put_page: bad page directory entry\n");
oom(tsk);
*page_table = BAD_PAGETABLE | PAGE_TABLE;
return 0;
}
//页表了,得到具体的页表中的地址
page_table += (address >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if (*page_table) { //the destination should be clear!!
printk("put_page: page already exists\n");
*page_table = 0;
invalidate();
}
*page_table = page | prot;
/* no need for invalidate */ //无效的地址是不会被缓存的,所以不需要刷新
return page; //返回物理地址
} //这个函数基本同put_page()是一致的,注意的是上面的函数的参数prot
//是不允许设置脏标志的,这里可以的
//呃,不过映射的改变还是有区别的:
//上面的函数要求address对应的线性地址的页表必须存在,而
//这里允许不存在,可以在函数中进行临时的设置的
unsigned long put_dirty_page(struct task_struct * tsk, unsigned long page, unsigned long address)
{
unsigned long tmp, *page_table; if (page >= high_memory)
printk("put_dirty_page: trying to put page %08lx at %08lx\n",page,address);
if (mem_map[MAP_NR(page)] != 1)
printk("mem_map disagrees with %08lx at %08lx\n",page,address);
page_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
if (PAGE_PRESENT & *page_table)
page_table = (unsigned long *) (PAGE_MASK & *page_table); //page_table是页表了
else {
if (!(tmp = get_free_page(GFP_KERNEL)))
return 0;
//感觉这个人有毛病,不是刚检测过了嘛!!
if (PAGE_PRESENT & *page_table) {
free_page(tmp);
page_table = (unsigned long *) (PAGE_MASK & *page_table);
} else {
*page_table = tmp | PAGE_TABLE;
page_table = (unsigned long *) tmp;
}
}
page_table += (address >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if (*page_table) {
printk("put_dirty_page: page already exists\n");
*page_table = 0;
invalidate();
}
*page_table = page | (PAGE_DIRTY | PAGE_PRIVATE);
/* no need for invalidate */
return page;
} //这是一个被do_wp_page调用的底层函数
//address是源
//其实这个函数真的看的很晕,都不知道怎么样是正确执行的~~~
static void __do_wp_page(unsigned long error_code, unsigned long address,
struct task_struct * tsk, unsigned long user_esp)
{
unsigned long *pde, pte, old_page, prot;
unsigned long new_page; new_page = __get_free_page(GFP_KERNEL);
pde = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
pte = *pde;
if (!(pte & PAGE_PRESENT)) //不存在的页表不进行分配
goto end_wp_page;
//页目录项指向的页表的属性不合法
if ((pte & PAGE_TABLE) != PAGE_TABLE || pte >= high_memory)
goto bad_wp_pagetable;
pte &= PAGE_MASK;
pte += PAGE_PTR(address);
old_page = *(unsigned long *) pte; //页表
if (!(old_page & PAGE_PRESENT)) //页表项不存在
goto end_wp_page;
if (old_page >= high_memory)
goto bad_wp_page;
if (old_page & PAGE_RW) //这里可以读写,就不用进行写保护了
goto end_wp_page;
tsk->min_flt++; //增加缺页次数的计数
prot = (old_page & ~PAGE_MASK) | PAGE_RW; //复原可写的标志
old_page &= PAGE_MASK;
//.11的内核注释说的是:这里表示的是页面的共享的次数
//如果说这样的话,那么这里表示页可能被共享了,页被共享
//才是我们真正需要的,只有共享的页才会COW啊
if (mem_map[MAP_NR(old_page)] != 1)
{
if (new_page) //进行新页面的设置
{
if (mem_map[MAP_NR(old_page)] & MAP_PAGE_RESERVED)
++tsk->rss;
copy_page(old_page,new_page);
*(unsigned long *) pte = new_page | prot; //可写哦
free_page(old_page); //一切都是好好的啊,为什么要把旧页面释放?
//可能的解释是对它的引用次数进行减吧 :-)
invalidate();
return;
}
free_page(old_page);
oom(tsk);
*(unsigned long *) pte = BAD_PAGE | prot;
invalidate();
return;
}
//可能没有被共享,那么就恢复它写的权利吧!!!
*(unsigned long *) pte |= PAGE_RW; //old_page if now changed
invalidate();
if (new_page)
free_page(new_page);
return;
bad_wp_page:
printk("do_wp_page: bogus page at address %08lx (%08lx)\n",address,old_page);
*(unsigned long *) pte = BAD_PAGE | PAGE_SHARED;
send_sig(SIGKILL, tsk, 1);
goto end_wp_page;
bad_wp_pagetable:
printk("do_wp_page: bogus page-table at address %08lx (%08lx)\n",address,pte);
*pde = BAD_PAGETABLE | PAGE_TABLE;
send_sig(SIGKILL, tsk, 1); //呃 kill !
end_wp_page:
if (new_page)
free_page(new_page);
return;
} /*
* check that a page table change is actually needed, and call
* the low-level function only in that case..
*/
void do_wp_page(unsigned long error_code, unsigned long address,
struct task_struct * tsk, unsigned long user_esp)
{
unsigned long page;
unsigned long * pg_table; pg_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
page = *pg_table;
if (!page)
return;
//this should be normal
if ((page & PAGE_PRESENT) && page < high_memory)
{
pg_table = (unsigned long *) ((page & PAGE_MASK) + PAGE_PTR(address));
page = *pg_table;
//对应的页表是不存在的或者是可以写入的,就直接返回
if (!(page & PAGE_PRESENT))
return;
if (page & PAGE_RW)
return;
//PAGE_COW 这里检测到没有进行写入复制的机制
//就发送段错误信号,否则进行写入保护的底层调用
if (!(page & PAGE_COW)) {
if (user_esp && tsk == current) {
current->tss.cr2 = address; //发生缺页故障的地址
current->tss.error_code = error_code;
current->tss.trap_no = 14; //陷阱门故障,14号页故障
send_sig(SIGSEGV, tsk, 1);
return;
}
}
//没有被共享,脏了~~~
if (mem_map[MAP_NR(page)] == 1) {
*pg_table |= PAGE_RW | PAGE_DIRTY;
invalidate();
return;
}
//进行写保护的底层调用
__do_wp_page(error_code, address, tsk, user_esp);
return;
}
printk("bad page directory entry %08lx\n",page);
*pg_table = 0;
} //写入验证
int __verify_write(unsigned long start, unsigned long size)
{
size--; //注意尺寸和偏移之间的区别
//将size转成页面数,其实怎么说呢,这里也是一个
//很简单的逻辑问题,既然将start进行了页面的
//起始的对其,那么检查的size也是应该进行增加的啊
size += start & ~PAGE_MASK; //start&0xfff
size >>= PAGE_SHIFT;
start &= PAGE_MASK; //start进行页对齐
do {
do_wp_page(1,start,current,0);
start += PAGE_SIZE;
} while (size--);
return 0;
} static inline void get_empty_page(struct task_struct * tsk, unsigned long address)
{
unsigned long tmp; //申请一页物理内存
if (!(tmp = get_free_page(GFP_KERNEL))) {
oom(tsk);
tmp = BAD_PAGE;
}
//这里得到了tmp的页面,下面就将这个物理页面进行映射到
//address的线性地址了
if (!put_page(tsk,tmp,address,PAGE_PRIVATE))
free_page(tmp);
} //这里将指定进程p(假定p!=current)的在address处的页面进行检查,如果存在并且
//它是干净的,就同进行进行共享
//或许tsk的进程调用的时候传递的就是current吧
//这里的参数还传递了newpage,可能是供给如果共享不行就复制的页面的
//可以用来对fork产生的代码段进行共享啊~~~
//return 1 if success!
static int try_to_share(unsigned long address, struct task_struct * tsk,
struct task_struct * p, unsigned long error_code, unsigned long newpage)
{
unsigned long from;
unsigned long to;
unsigned long from_page;
unsigned long to_page; //获得address线性地址分别在两个任务中的页目录表中的项
from_page = (unsigned long)PAGE_DIR_OFFSET(p->tss.cr3,address);
to_page = (unsigned long)PAGE_DIR_OFFSET(tsk->tss.cr3,address);
/* is there a page-directory at from? */
from = *(unsigned long *) from_page;
if (!(from & PAGE_PRESENT))
return 0;
from &= PAGE_MASK;
from_page = from + PAGE_PTR(address); //页表的项
from = *(unsigned long *) from_page; //获得页表项的内容
/* is the page clean and present? */
if ((from & (PAGE_PRESENT | PAGE_DIRTY)) != PAGE_PRESENT) //存在,干净?
return 0;
//存在、干净
if (from >= high_memory)
return 0;
if (mem_map[MAP_NR(from)] & MAP_PAGE_RESERVED)
return 0;
/* is the destination ok? */
to = *(unsigned long *) to_page;
if (!(to & PAGE_PRESENT))
return 0;
to &= PAGE_MASK;
to_page = to + PAGE_PTR(address);
if (*(unsigned long *) to_page) //说明目标的线性地址已经被占用了,返回
return 0;
/* share them if read - do COW immediately otherwise */
if (error_code & PAGE_RW) {
if(!newpage) /* did the page exist? SRB. */
return 0;
copy_page((from & PAGE_MASK),newpage); //复制
to = newpage | PAGE_PRIVATE;
} else {
mem_map[MAP_NR(from)]++;
from &= ~PAGE_RW; //不可写,进行共享
to = from;
if(newpage) /* only if it existed. SRB. */
free_page(newpage); //do not need it,release it!
}
//设置相应的页表项
*(unsigned long *) from_page = from;
*(unsigned long *) to_page = to;
invalidate();
return 1;
} /*
* share_page() tries to find a process that could share a page with
* the current one. Address is the address of the wanted page relative
* to the current data space.
*
* We first check if it is at all feasible by checking executable->i_count.
* It should be >1 if there are other tasks sharing this inode.
*/
//寻找一个进程来进行页面的共享,可能是对相同执行程序的
//代码段进行共享吧~~~
int share_page(struct vm_area_struct * area, struct task_struct * tsk,
struct inode * inode,
unsigned long address, unsigned long error_code, unsigned long newpage)
{
struct task_struct ** p; //在缺页的时候进行尝试进行执行代码段的共享操作
if (!inode || inode->i_count < 2 || !area->vm_ops) //?
return 0;
//寻找符合条件的进程
for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) {
if (!*p)
continue;
if (tsk == *p)
continue;
//??
if (inode != (*p)->executable)
{
if(!area)
continue;
/* Now see if there is something in the VMM that
we can share pages with */
if(area)
{
struct vm_area_struct * mpnt;
for (mpnt = (*p)->mmap; mpnt; mpnt = mpnt->vm_next)
{
if (mpnt->vm_ops == area->vm_ops &&
mpnt->vm_inode->i_ino == area->vm_inode->i_ino&&
mpnt->vm_inode->i_dev == area->vm_inode->i_dev)
{
if (mpnt->vm_ops->share(mpnt, area, address))
break;
};
};
if (!mpnt)
continue; /* Nope. Nuthin here */
};
}
//inode == (*p)->executable,尝试进行共享操作了
if (try_to_share(address,tsk,*p,error_code,newpage)) //1 if success
return 1;
}
return 0;
} //获得页表,如果不存在就分配一个空的
static inline unsigned long get_empty_pgtable(struct task_struct * tsk,unsigned long address)
{
unsigned long page;
unsigned long *p; p = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
if (PAGE_PRESENT & *p)
return *p;
//I think this should be an error!
if (*p) {
printk("get_empty_pgtable: bad page-directory entry \n");
*p = 0;
}
//*p == 0 空余的页目录项
page = get_free_page(GFP_KERNEL);
//just check in case?I think it is redundancy.
p = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
if (PAGE_PRESENT & *p) {
free_page(page);
return *p;
}
if (*p) {
printk("get_empty_pgtable: bad page-directory entry \n");
*p = 0;
}
if (page) {
*p = page | PAGE_TABLE;
return *p; // this should be good!
}
oom(current);
*p = BAD_PAGETABLE | PAGE_TABLE;
return 0;
} //??
//缺页处理(应该就是将磁盘中的页面调度到内存中吧),如果没有
//就分配一块新的内存吧
void do_no_page(unsigned long error_code, unsigned long address,
struct task_struct *tsk, unsigned long user_esp)
{
unsigned long tmp;
unsigned long page;
struct vm_area_struct * mpnt; page = get_empty_pgtable(tsk,address);
if (!page)
return;
page &= PAGE_MASK;
page += PAGE_PTR(address);
tmp = *(unsigned long *) page; //页表项
if (tmp & PAGE_PRESENT) //页表项存在,存在与物理内存中,返回
return;
++tsk->rss;
if (tmp) {
++tsk->maj_flt;
swap_in((unsigned long *) page);
return;
}
address &= 0xfffff000;
tmp = 0;
//这里的链表是有顺序的插入的,所以可以搜素的
for (mpnt = tsk->mmap; mpnt != NULL; mpnt = mpnt->vm_next)
{
if (address < mpnt->vm_start)
break;
if (address >= mpnt->vm_end)
{
tmp = mpnt->vm_end; //保存前一个的地址
continue;
}
//没有处理函数,就使用默认的函数来分配一块内存返回好了
if (!mpnt->vm_ops || !mpnt->vm_ops->nopage) {
++tsk->min_flt;
get_empty_page(tsk,address);
return;
}
mpnt->vm_ops->nopage(error_code, mpnt, address);
return;
}
if (tsk != current)
goto ok_no_page;
if (address >= tsk->end_data && address < tsk->brk)
goto ok_no_page;
if (mpnt && mpnt == tsk->stk_vma &&
address - tmp > mpnt->vm_start - address &&
tsk->rlim[RLIMIT_STACK].rlim_cur > mpnt->vm_end - address)
{
mpnt->vm_start = address;
goto ok_no_page;
}
tsk->tss.cr2 = address;
current->tss.error_code = error_code;
current->tss.trap_no = 14;
send_sig(SIGSEGV,tsk,1);
if (error_code & 4) /* user level access? */
return;
ok_no_page:
++tsk->min_flt;
get_empty_page(tsk,address);
} //页故障处理函数,并根据故障的类型进行相应的处理
asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
unsigned long address;
unsigned long user_esp = 0;
unsigned int bit; /* get the address */
__asm__("movl %%cr2,%0":"=r" (address)); //将出现页故障的地址(线性地址吧)(CR2)加载到address中
//用户地址空间的正常处理
if (address < TASK_SIZE)
{
if (error_code & 4)
{ /* user mode access? */
if (regs->eflags & VM_MASK) {
bit = (address - 0xA0000) >> PAGE_SHIFT;
if (bit < 32)
current->screen_bitmap |= 1 << bit;
} else
user_esp = regs->esp;
}
if (error_code & 1) //写保护
do_wp_page(error_code, address, current, user_esp);
else //缺页
do_no_page(error_code, address, current, user_esp);
return;
}
//否则是高端地址的内核空间的页故障,似乎内核的故障是严重的!!!
address -= TASK_SIZE;
//应该就是对于高特权级不可以向低特权任意写东西吧
if (wp_works_ok < 0 && address == 0 && (error_code & PAGE_PRESENT))
{
wp_works_ok = 1; ///* set if paging hardware honours WP */
pg0[0] = PAGE_SHARED;
printk("This processor honours the WP bit even when in supervisor mode. Good.\n");
return;
}
//bad things here
if (address < PAGE_SIZE)
{
printk("Unable to handle kernel NULL pointer dereference");
pg0[0] = PAGE_SHARED;
} else
printk("Unable to handle kernel paging request");
printk(" at address %08lx\n",address);
die_if_kernel("Oops", regs, error_code);
do_exit(SIGKILL);
} /*
* BAD_PAGE is the page that is used for page faults when linux
* is out-of-memory. Older versions of linux just did a
* do_exit(), but using this instead means there is less risk
* for a process dying in kernel mode, possibly leaving a inode
* unused etc..
*
* BAD_PAGETABLE is the accompanying page-table: it is initialized
* to point to BAD_PAGE entries.
*
* ZERO_PAGE is a special page that is used for zero-initialized
* data and COW.
*/ //将数据BAD_PAGE + PAGE_TABLE的数据放入一页(一个页表)中
unsigned long __bad_pagetable(void)
{
extern char empty_bad_page_table[PAGE_SIZE]; //1<<12 __asm__ __volatile__("cld ; rep ; stosl":
:"a" (BAD_PAGE + PAGE_TABLE),
"D" ((long) empty_bad_page_table),
"c" (PTRS_PER_PAGE)
:"di","cx");
return (unsigned long) empty_bad_page_table;
} unsigned long __bad_page(void)
{
extern char empty_bad_page[PAGE_SIZE]; __asm__ __volatile__("cld ; rep ; stosl":
:"a" (0),
"D" ((long) empty_bad_page),
"c" (PTRS_PER_PAGE)
:"di","cx");
return (unsigned long) empty_bad_page;
} unsigned long __zero_page(void)
{
extern char empty_zero_page[PAGE_SIZE]; __asm__ __volatile__("cld ; rep ; stosl":
:"a" (0),
"D" ((long) empty_zero_page),
"c" (PTRS_PER_PAGE)
:"di","cx");
return (unsigned long) empty_zero_page;
} //对内存使用的统计信息进行显示
void show_mem(void)
{
int i,free = 0,total = 0,reserved = 0;
int shared = 0; printk("Mem-info:\n");
printk("Free pages: %6dkB\n",nr_free_pages<<(PAGE_SHIFT-10));
printk("Secondary pages: %6dkB\n",nr_secondary_pages<<(PAGE_SHIFT-10));
printk("Free swap: %6dkB\n",nr_swap_pages<<(PAGE_SHIFT-10));
//对高端内存进行统计
i = high_memory >> PAGE_SHIFT;
while (i-- > 0) {
total++;
if (mem_map[i] & MAP_PAGE_RESERVED)
reserved++;
else if (!mem_map[i])
free++;
else
shared += mem_map[i]-1;
}
printk("%d pages of RAM\n",total);
printk("%d free pages\n",free);
printk("%d reserved pages\n",reserved);
printk("%d pages shared\n",shared);
show_buffers();
} /*
* paging_init() sets up the page tables - note that the first 4MB are
* already mapped by head.S.
*
* This routines also unmaps the page at virtual kernel address 0, so
* that we can trap those pesky NULL-reference errors in the kernel.
*/
unsigned long paging_init(unsigned long start_mem, unsigned long end_mem)
{
unsigned long * pg_dir;
unsigned long * pg_table;
unsigned long tmp;
unsigned long address; /*
* Physical page 0 is special; it's not touched by Linux since BIOS
* and SMM (for laptops with [34]86/SL chips) may need it. It is read
* and write protected to detect null pointer references in the
* kernel.
*/
#if 0
memset((void *) 0, 0, PAGE_SIZE);
#endif start_mem = PAGE_ALIGN(start_mem);
address = 0;
pg_dir = swapper_pg_dir;
//这个大循环将所有的内存进行了映射了
while (address < end_mem)
{
//可能从768项后面的页目录项都给了内核了
tmp = *(pg_dir + 768); /* at virtual addr 0xC0000000 */
if (!tmp) { //first ,it is zeor!
tmp = start_mem | PAGE_TABLE; //算是第一个页表吧,注意此后的start_mem也开始变了
//页表映射的内存是从0-end线性映射的,而页目录映射的
//页表是从start_mem开始的,而且start_mem也在不断改变
*(pg_dir + 768) = tmp;
start_mem += PAGE_SIZE; //分配出一页出来吧
}
*pg_dir = tmp; /* also map it in at 0x0000000 for init */
//记住这里的0x0000000是线性地址了哦
pg_dir++;
pg_table = (unsigned long *) (tmp & PAGE_MASK);
//对新得到的pg_table进行初始化操作,最多也就能映射4M内存吧
for (tmp = 0 ; tmp < PTRS_PER_PAGE ; tmp++,pg_table++)
{
//address是从0开始的哦
if (address < end_mem)
// #define PAGE_SHARED (PAGE_PRESENT | PAGE_RW | PAGE_USER | PAGE_ACCESSED)
*pg_table = address | PAGE_SHARED;
else //没有空间了就映射为0(空)
*pg_table = 0;
address += PAGE_SIZE;
}
}
invalidate();
return start_mem; //次start_mem同传递进来的肯定不同了!!
} void mem_init(unsigned long start_low_mem,
unsigned long start_mem, unsigned long end_mem)
{
int codepages = 0;
int reservedpages = 0;
int datapages = 0;
unsigned long tmp;
unsigned short * p;
extern int etext; cli();
end_mem &= PAGE_MASK;
high_memory = end_mem;
//对齐
start_mem += 0x0000000f;
start_mem &= ~0x0000000f;
tmp = MAP_NR(end_mem); //应该是最大的内存页数
//将start_mem到end_mem之间的内存的mem_map数组的数
//设置为MAP_PAGE_RESERVED
mem_map = (unsigned short *) start_mem;
p = mem_map + tmp;
start_mem = (unsigned long) p;
while (p > mem_map)
*--p = MAP_PAGE_RESERVED;
//如果内核的代码段大于1M,那么start_mem就是代码段结束而start_low_mem就是4K
//否则start_mem就是1M,而start_low_mem就是代码段结束
//对于这个内存布局感到很晕啊
start_low_mem = PAGE_ALIGN(start_low_mem);
start_mem = PAGE_ALIGN(start_mem);
while (start_low_mem < 0xA0000) { //640K的内存
mem_map[MAP_NR(start_low_mem)] = 0;
start_low_mem += PAGE_SIZE;
}
while (start_mem < end_mem) {
mem_map[MAP_NR(start_mem)] = 0;
start_mem += PAGE_SIZE;
}
#ifdef CONFIG_SOUND
sound_mem_init();
#endif free_page_list = 0;
nr_free_pages = 0;
//对内存信息进行初始统计
for (tmp = 0 ; tmp < end_mem ; tmp += PAGE_SIZE)
{
if (mem_map[MAP_NR(tmp)]) {
if (tmp >= 0xA0000 && tmp < 0x100000) //640K~1M
reservedpages++;
else if (tmp < (unsigned long) &etext) //对内核的信息统计
codepages++;
else
datapages++;
continue;
}
//空闲的内存页面
*(unsigned long *) tmp = free_page_list;
free_page_list = tmp;
nr_free_pages++;
}
tmp = nr_free_pages << PAGE_SHIFT;
printk("Memory: %luk/%luk available (%dk kernel code, %dk reserved, %dk data)\n",
tmp >> 10,
end_mem >> 10,
codepages << (PAGE_SHIFT-10),
reservedpages << (PAGE_SHIFT-10),
datapages << (PAGE_SHIFT-10));
/* test if the WP bit is honoured in supervisor mode */
wp_works_ok = -1; //会被改动一次的!!
pg0[0] = PAGE_READONLY;
invalidate();
//以我感觉呢,这里可能是进行一个写入的测试吧,看
//先前设置的wp_works_ok经过这样的一个异常之后是否被重新设置了
__asm__ __volatile__("movb 0,%%al ; movb %%al,0": : :"ax", "memory");
pg0[0] = 0;
invalidate();
if (wp_works_ok < 0)
wp_works_ok = 0;
return;
} //进行系统信息的内存信息的统计
void si_meminfo(struct sysinfo *val)
{
int i; i = high_memory >> PAGE_SHIFT;
val->totalram = 0;
val->freeram = 0;
val->sharedram = 0;
val->bufferram = buffermem;
while (i-- > 0)
{
if (mem_map[i] & MAP_PAGE_RESERVED)
continue;
val->totalram++;
if (!mem_map[i])
{
val->freeram++;
continue;
}
//呃,可能这里是统计的共享的页面的,会不会有计数啊?
val->sharedram += mem_map[i]-1;
}
val->totalram <<= PAGE_SHIFT;
val->freeram <<= PAGE_SHIFT;
val->sharedram <<= PAGE_SHIFT;
return;
}
/* This handles a generic mmap of a disk file */
//对磁盘的普通文件进行映射操作
//还是比较麻烦的,起码同文件系统进行交互操作了
void file_mmap_nopage(int error_code, struct vm_area_struct * area, unsigned long address)
{
struct inode * inode = area->vm_inode;
unsigned int block;
unsigned long page;
int nr[8];
int i, j;
int prot = area->vm_page_prot; //计算文件的块大小
address &= PAGE_MASK;
block = address - area->vm_start + area->vm_offset;
block >>= inode->i_sb->s_blocksize_bits; page = get_free_page(GFP_KERNEL);
//看原来的文件是否已经被映射而可以被共享
if (share_page(area, area->vm_task, inode, address, error_code, page)) {
++area->vm_task->min_flt;
return;
} ++area->vm_task->maj_flt;
if (!page) {
oom(current);
//#define BAD_PAGE __bad_page()
put_page(area->vm_task, BAD_PAGE, address, PAGE_PRIVATE);
return;
}
for (i=0, j=0; i< PAGE_SIZE ; j++, block++, i += inode->i_sb->s_blocksize)
nr[j] = bmap(inode,block);
if (error_code & PAGE_RW)
prot |= PAGE_RW | PAGE_DIRTY;
page = bread_page(page, inode->i_dev, nr, inode->i_sb->s_blocksize, prot); if (!(prot & PAGE_RW)) { //不可写
if (share_page(area, area->vm_task, inode, address, error_code, page))
return;
}
//将address映射到物理地址page处,返回page表示成功
if (put_page(area->vm_task,page,address,prot))
return;
free_page(page);
oom(current);
} void file_mmap_free(struct vm_area_struct * area)
{
if (area->vm_inode)
iput(area->vm_inode);
#if 0
if (area->vm_inode)
printk("Free inode %x:%d (%d)\n",area->vm_inode->i_dev,
area->vm_inode->i_ino, area->vm_inode->i_count);
#endif
} //对mmap entries进行检查,如果area1 area2对应的指标相等,就可以共享页了
//返回1
int file_mmap_share(struct vm_area_struct * area1,
struct vm_area_struct * area2,
unsigned long address)
{
if (area1->vm_inode != area2->vm_inode)
return 0;
if (area1->vm_start != area2->vm_start)
return 0;
if (area1->vm_end != area2->vm_end)
return 0;
if (area1->vm_offset != area2->vm_offset)
return 0;
if (area1->vm_page_prot != area2->vm_page_prot)
return 0;
return 1;
} //操作类型
struct vm_operations_struct file_mmap = {
NULL, /* open */
file_mmap_free, /* close */
file_mmap_nopage, /* nopage */
NULL, /* wppage */
file_mmap_share, /* share */
NULL, /* unmap */
};
文档地址:http://blogimg.chinaunix.net/blog/upfile2/090315232249.pdf
*Created By: 陶治江
*Date: 2009-3-15
********************************************/
#include <asm/system.h>
#include <linux/config.h> #include <linux/signal.h>
#include <linux/sched.h>
#include <linux/head.h>
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <linux/types.h>
#include <linux/ptrace.h>
#include <linux/mman.h> unsigned long high_memory = 0; extern unsigned long pg0[1024]; /* page table for 0-4MB for everybody */ extern void sound_mem_init(void);
extern void die_if_kernel(char *,struct pt_regs *,long); int nr_swap_pages = 0;
int nr_free_pages = 0;
unsigned long free_page_list = 0;
/*
* The secondary free_page_list is used for malloc() etc things that
* may need pages during interrupts etc. Normal get_free_page() operations
* don't touch it, so it stays as a kind of "panic-list", that can be
* accessed when all other mm tricks have failed.
*/
int nr_secondary_pages = 0;
unsigned long secondary_page_list = 0; //页复制
#define copy_page(from,to) \
__asm__("cld ; rep ; movsl"
:
:"S" (from),"D" (to),"c" (1024)
:"cx","di","si") //进行内存位图的设置,这里升级为了short类型了!
unsigned short * mem_map = NULL; //检测addr是否在任务p的代码段中
#define CODE_SPACE(addr,p) ((addr) < (p)->end_code) //没有内存,进程失败
void oom(struct task_struct * task)
{
printk("\nout of memory\n");
task->sigaction[SIGKILL-1].sa_handler = NULL;
task->blocked &= ~(1<<(SIGKILL-1)); //屏蔽所有的信号(当然SIGKILL除外)
send_sig(SIGKILL,task,1); //强制发送杀死信号杀死该进程
} //#define MAP_NR(addr) ((addr) >> PAGE_SHIFT)
//PAGE_SHIFT=12 //释放一个目录项对应的整个页表
static void free_one_table(unsigned long * page_dir)
{
int j;
unsigned long pg_table = *page_dir;
unsigned long * page_table; if (!pg_table)
return;
*page_dir = 0; //释放本目录项,并查看页是否存在
//需要搞清楚的概念是页目录项的P和页表项的P位是不同的含义的
//页目录项的P表示是否下一级的页表是否合法,而页表的P表示
//页是否被交换到了硬盘中了
if (pg_table >= high_memory || !(pg_table & PAGE_PRESENT)) {
printk("Bad page table: [%p]=%08lx\n",page_dir,pg_table);
return;
}
//MAP_NR就是将地址进行页对齐得到的索引号
if (mem_map[MAP_NR(pg_table)] & MAP_PAGE_RESERVED)
return;
page_table = (unsigned long *) (pg_table & PAGE_MASK); //页表都是一页的,所以要页对齐
for (j = 0 ; j < PTRS_PER_PAGE ; j++,page_table++) { //1024项
unsigned long pg = *page_table;
if (!pg)
continue;
*page_table = 0;
if (pg & PAGE_PRESENT)
free_page(PAGE_MASK & pg);
else
swap_free(pg); //可能是交换到物理内存中再释放
}
free_page(PAGE_MASK & pg_table);//本身页表进行释放
} //?
void clear_page_tables(struct task_struct * tsk)
{
int i;
unsigned long pg_dir;
unsigned long * page_dir;
if (!tsk)
return;
if (tsk == task[0])
panic("task[0] (swapper) doesn't support exec()\n");
//用户的任务的页目录基址寄存器,资料说最后的256项都是一样的,
//指向的是内核的页表,而内核的页表只有一份
pg_dir = tsk->tss.cr3;
page_dir = (unsigned long *) pg_dir;
if (!page_dir || page_dir == swapper_pg_dir) {
printk("Trying to clear kernel page-directory: not good\n");
return;
}
if (mem_map[MAP_NR(pg_dir)] > 1) { //表示被多个进程所共享
unsigned long * new_pg; if (!(new_pg = (unsigned long*) get_free_page(GFP_KERNEL))) {
oom(tsk);
return;
}
//前面的注视说:“it just removes the user pages”
//或许这里就是保留了内核的页表,而用户的页表被抛弃了
for (i = 768 ; i < 1024 ; i++)
new_pg[i] = page_dir[i];
free_page(pg_dir);
tsk->tss.cr3 = (unsigned long) new_pg; //就是将前768项全部清空吧
return;
}
//这里表示没有被共享,那么就直接对用户空间的页表的内存进行释放
for (i = 0 ; i < 768 ; i++,page_dir++)
free_one_table(page_dir);
invalidate();
return;
}
//??
//释放一个任务的页目录中的所有的页表,特别是在进程退出的时候
void free_page_tables(struct task_struct * tsk)
{
int i;
unsigned long pg_dir;
unsigned long * page_dir; if (!tsk)
return;
if (tsk == task[0]) {
printk("task[0] (swapper) killed: unable to recover\n");
panic("Trying to free up swapper memory space");
}
pg_dir = tsk->tss.cr3;
if (!pg_dir || pg_dir == (unsigned long) swapper_pg_dir) {
printk("Trying to free kernel page-directory: not good\n");
return;
}
//临时页全局目录,呃,或许这就是一个媒介的作用
//这个函数的参数可以传递的任务可能是current
tsk->tss.cr3 = (unsigned long) swapper_pg_dir;
if (tsk == current)
__asm__ __volatile__
("movl %0,%%cr3" //如果是当前目录,就需要加载cr3寄存器了
:
:"a" (tsk->tss.cr3));
if (mem_map[MAP_NR(pg_dir)] > 1) { //共享
free_page(pg_dir);
return;
}
page_dir = (unsigned long *) pg_dir;
for (i = 0 ; i < PTRS_PER_PAGE ; i++,page_dir++)
free_one_table(page_dir); //释放一个页目录项所指向的整个页表的地址
free_page(pg_dir); //本页目录页面
invalidate();
} //将当前进程的页目录地址复制给tsk进程
int clone_page_tables(struct task_struct * tsk)
{
unsigned long pg_dir; pg_dir = current->tss.cr3;
mem_map[MAP_NR(pg_dir)]++; //只是进行共享操作啦
tsk->tss.cr3 = pg_dir;
return 0;
} //将当前任务的页目录的所有的页表拷贝给tsk任务
int copy_page_tables(struct task_struct * tsk)
{
int i;
unsigned long old_pg_dir, *old_page_dir;
unsigned long new_pg_dir, *new_page_dir; if (!(new_pg_dir = get_free_page(GFP_KERNEL)))
return -ENOMEM;
old_pg_dir = current->tss.cr3;
tsk->tss.cr3 = new_pg_dir;
old_page_dir = (unsigned long *) old_pg_dir;
new_page_dir = (unsigned long *) new_pg_dir;
for (i = 0 ; i < PTRS_PER_PAGE ; i++,old_page_dir++,new_page_dir++) {
int j;
unsigned long old_pg_table, *old_page_table;
unsigned long new_pg_table, *new_page_table; old_pg_table = *old_page_dir; //取得页目录项指向的页表的地址
if (!old_pg_table)
continue;
//呃,页目录项显示存在但是页表不存在
if (old_pg_table >= high_memory || !(old_pg_table & PAGE_PRESENT)) {
printk("copy_page_tables: bad page table: "
"probable memory corruption");
*old_page_dir = 0;
continue;
}
if (mem_map[MAP_NR(old_pg_table)] & MAP_PAGE_RESERVED) {
//MAP_PAGE_RESERVED,说明是共享的页表,这里就不复制而直接共享了
*new_page_dir = old_pg_table;
continue;
}
//这里说明需要分配一块新的内存来存放复制的页表了
if (!(new_pg_table = get_free_page(GFP_KERNEL))) {
free_page_tables(tsk);
return -ENOMEM;
}
old_page_table = (unsigned long *) (PAGE_MASK & old_pg_table);
new_page_table = (unsigned long *) (PAGE_MASK & new_pg_table);
//进行页表数据的复制了
for (j = 0 ; j < PTRS_PER_PAGE ; j++,old_page_table++,new_page_table++) {
unsigned long pg;
pg = *old_page_table;
if (!pg)
continue;
if (!(pg & PAGE_PRESENT)) { //这里不存在,说明是被交换出内存了
//就调用特定的复制方法了
*new_page_table = swap_duplicate(pg);
continue;
}
//这里可能就是进行了写保护机制的,当对不可写的页面进行写入操作的时候
//就会导致异常,然后异常中进行处理
if ((pg & (PAGE_RW | PAGE_COW)) == (PAGE_RW | PAGE_COW))
pg &= ~PAGE_RW;
//复制了,这里只是页表项的简单赋值,是否真的要复制内容,需要以后再看
*new_page_table = pg;
//保留的,共享类型的
if (mem_map[MAP_NR(pg)] & MAP_PAGE_RESERVED)
continue;
//呃,怎么说呢,上面可能对pg进行了改变了,这里需要进行还原吧
*old_page_table = pg;
mem_map[MAP_NR(pg)]++;
}
*new_page_dir = new_pg_table | PAGE_TABLE;
}
invalidate();
return 0;
} /*
* a more complete version of free_page_tables which performs with page
* granularity.
*/
//传递的参数from必须是页对齐的
int unmap_page_range(unsigned long from, unsigned long size)
{
unsigned long page, page_dir;
unsigned long *page_table, *dir;
unsigned long poff, pcnt, pc; if (from & ~PAGE_MASK) {
printk("unmap_page_range called with wrong alignment\n");
return -EINVAL;
}
size = (size + ~PAGE_MASK) >> PAGE_SHIFT; //将尺寸转换为页面数
// to find an entry in a page-table-directory
//#define PAGE_DIR_OFFSET(base,address) ((unsigned long*)((base)+\
//((unsigned long)(address)>>(PAGE_SHIFT-SIZEOF_PTR_LOG2)*2&PTR_MASK&~PAGE_MASK)))
//base + from>>((12-2)*2) & (~3) & (0xfff)
//from>>20位,剩12位,&~3,刚好是一页中的页表项的偏移啊
//注意的是页目录项的索引的索取方式同页表项的索取方式是不一样的~~~
dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
//得到具体的项的索引值
poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
//这里的pcnt就是一个页面中的可以剩余的项
if ((pcnt = PTRS_PER_PAGE - poff) > size)
pcnt = size; //可能不足一页就进行整页的操作 for ( ; size > 0; ++dir, size -= pcnt,
pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size)) {
if (!(page_dir = *dir)) {
poff = 0;
continue;
}
if (!(page_dir & PAGE_PRESENT)) {
printk("unmap_page_range: bad page directory.");
continue;
}
page_table = (unsigned long *)(PAGE_MASK & page_dir); //页目录项得到的也表地址
if (poff) { //poff是在页表中的偏移地址,当然如果是整个页表的话就是0了
page_table += poff;
poff = 0;
}
//下面进行释放操作了
for (pc = pcnt; pc--; page_table++) {
if ((page = *page_table) != 0) {
*page_table = 0; //页表项先复位
//存在
if (1 & page) {
if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED)) //可能这里表示能实际的释放
//内存页面了,进行计数的减少
// unsigned short rss; /* number of resident pages */
if (current->rss > 0)
--current->rss;
free_page(PAGE_MASK & page);
} else //不在物理内存
swap_free(page);
}
}
if (pcnt == PTRS_PER_PAGE) { //如果是整个页表的释放,页目录项也要释放!!
*dir = 0;
free_page(PAGE_MASK & page_dir);
}
}
invalidate();
return 0;
} //就是将from-size范围的内存进行释放,然后设置原先映射的页表
//的页表项为mask + ZERO_PAGE,好像mask的
//值只能是PAGE_PRESENT哦 :-(
//估计这个函数的作用就是将页目录项设置成存在,但是对应的
//页表的项全部清空吧
int zeromap_page_range(unsigned long from, unsigned long size, int mask)
{
unsigned long *page_table, *dir;
unsigned long poff, pcnt;
unsigned long page; if (mask) {
if ((mask & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT) { //存在,但是不能有其他标志
printk("zeromap_page_range: mask = %08x\n",mask);
return -EINVAL;
}
mask |= ZERO_PAGE;
}
if (from & ~PAGE_MASK) { //需要页对齐
printk("zeromap_page_range: from = %08lx\n",from);
return -EINVAL;
}
//下面的定位方法基本同上面差不多
dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if ((pcnt = PTRS_PER_PAGE - poff) > size)
pcnt = size; while (size > 0) {
if (!(PAGE_PRESENT & *dir))
{ //没有进行页表映射,分配新的页表
/* clear page needed here? SRB. */
if (!(page_table = (unsigned long*) get_free_page(GFP_KERNEL))) {
invalidate();
return -ENOMEM;
}
if (PAGE_PRESENT & *dir) { //呃,能被执行到吗??
free_page((unsigned long) page_table);
page_table = (unsigned long *)(PAGE_MASK & *dir++);
} else //OK set it
//#define PAGE_TABLE (PAGE_PRESENT | PAGE_RW | PAGE_USER | PAGE_ACCESSED)
*dir++ = ((unsigned long) page_table) | PAGE_TABLE;
}
else //原来的页表存在的,取值
page_table = (unsigned long *)(PAGE_MASK & *dir++);
page_table += poff;
poff = 0;
for (size -= pcnt; pcnt-- ;)
{
//页表项对应的页面,如果存在,就进行释放!
if ((page = *page_table) != 0)
{
*page_table = 0;
if (page & PAGE_PRESENT)
{
if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
if (current->rss > 0)
--current->rss;
free_page(PAGE_MASK & page);
} else
swap_free(page);
}
*page_table++ = mask; //将页表项设置为mask值
}
pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size);
}
invalidate();
return 0;
} //把size大小的内存从from映射到to,原先的映射将被删除调
int remap_page_range(unsigned long from, unsigned long to, unsigned long size, int mask)
{
unsigned long *page_table, *dir;
unsigned long poff, pcnt;
unsigned long page; if (mask) {
if ((mask & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT) {
printk("remap_page_range: mask = %08x\n",mask);
return -EINVAL;
}
}
//看来这里的from和to都必须进行页对齐啊!!
//因为下面的size也进行“页对齐”了
if ((from & ~PAGE_MASK) || (to & ~PAGE_MASK)) {
printk("remap_page_range: from = %08lx, to=%08lx\n",from,to);
return -EINVAL;
}
dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if ((pcnt = PTRS_PER_PAGE - poff) > size)
pcnt = size; while (size > 0)
{
//页目录项不存在,分配一块内存作为页表
if (!(PAGE_PRESENT & *dir)) {
/* clearing page here, needed? SRB. */
if (!(page_table = (unsigned long*) get_free_page(GFP_KERNEL))) {
invalidate();
return -1;
}
*dir++ = ((unsigned long) page_table) | PAGE_TABLE;
}
else
page_table = (unsigned long *)(PAGE_MASK & *dir++);
if (poff) {
page_table += poff;
poff = 0;
} //老样子,内存的释放!!
//这里是老的映射关系的解除
for (size -= pcnt; pcnt-- ;) {
if ((page = *page_table) != 0)
{
*page_table = 0;
if (PAGE_PRESENT & page) {
if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
if (current->rss > 0)
--current->rss;
free_page(PAGE_MASK & page);
} else
swap_free(page);
} /*
* the first condition should return an invalid access
* when the page is referenced. current assumptions
* cause it to be treated as demand allocation in some
* cases.
*/
if (!mask) //mask==0
*page_table++ = 0; /* not present */
else if (to >= high_memory)
*page_table++ = (to | mask);
else if (!mem_map[MAP_NR(to)])
*page_table++ = 0; /* not present */
else {
*page_table++ = (to | mask);
if (!(mem_map[MAP_NR(to)] & MAP_PAGE_RESERVED)) { //呃,如果不是共享的
++current->rss; //就是活动的页面了啊!
mem_map[MAP_NR(to)]++;
}
}
to += PAGE_SIZE; //这里to需要手动设置,而from只是指明开始~~
}
pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size);
}
invalidate();
return 0;
} //将线性地址(address)一页的内存放到指定的主存区,返回的是实际得到的页的物理地址(page)
//主要是对映射关系进行设置,返回0表示失败
unsigned long put_page(struct task_struct * tsk,unsigned long page,
unsigned long address,int prot)
{
unsigned long *page_table; if ((prot & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT)
printk("put_page: prot = %08x\n",prot);
if (page >= high_memory) { //destination
printk("put_page: trying to put page %08lx at %08lx\n",page,address);
return 0; //err
}
page_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
//源线性地址的页面对应的页表必须存在
if ((*page_table) & PAGE_PRESENT)
page_table = (unsigned long *) (PAGE_MASK & *page_table);
else {
printk("put_page: bad page directory entry\n");
oom(tsk);
*page_table = BAD_PAGETABLE | PAGE_TABLE;
return 0;
}
//页表了,得到具体的页表中的地址
page_table += (address >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if (*page_table) { //the destination should be clear!!
printk("put_page: page already exists\n");
*page_table = 0;
invalidate();
}
*page_table = page | prot;
/* no need for invalidate */ //无效的地址是不会被缓存的,所以不需要刷新
return page; //返回物理地址
} //这个函数基本同put_page()是一致的,注意的是上面的函数的参数prot
//是不允许设置脏标志的,这里可以的
//呃,不过映射的改变还是有区别的:
//上面的函数要求address对应的线性地址的页表必须存在,而
//这里允许不存在,可以在函数中进行临时的设置的
unsigned long put_dirty_page(struct task_struct * tsk, unsigned long page, unsigned long address)
{
unsigned long tmp, *page_table; if (page >= high_memory)
printk("put_dirty_page: trying to put page %08lx at %08lx\n",page,address);
if (mem_map[MAP_NR(page)] != 1)
printk("mem_map disagrees with %08lx at %08lx\n",page,address);
page_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
if (PAGE_PRESENT & *page_table)
page_table = (unsigned long *) (PAGE_MASK & *page_table); //page_table是页表了
else {
if (!(tmp = get_free_page(GFP_KERNEL)))
return 0;
//感觉这个人有毛病,不是刚检测过了嘛!!
if (PAGE_PRESENT & *page_table) {
free_page(tmp);
page_table = (unsigned long *) (PAGE_MASK & *page_table);
} else {
*page_table = tmp | PAGE_TABLE;
page_table = (unsigned long *) tmp;
}
}
page_table += (address >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
if (*page_table) {
printk("put_dirty_page: page already exists\n");
*page_table = 0;
invalidate();
}
*page_table = page | (PAGE_DIRTY | PAGE_PRIVATE);
/* no need for invalidate */
return page;
} //这是一个被do_wp_page调用的底层函数
//address是源
//其实这个函数真的看的很晕,都不知道怎么样是正确执行的~~~
static void __do_wp_page(unsigned long error_code, unsigned long address,
struct task_struct * tsk, unsigned long user_esp)
{
unsigned long *pde, pte, old_page, prot;
unsigned long new_page; new_page = __get_free_page(GFP_KERNEL);
pde = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
pte = *pde;
if (!(pte & PAGE_PRESENT)) //不存在的页表不进行分配
goto end_wp_page;
//页目录项指向的页表的属性不合法
if ((pte & PAGE_TABLE) != PAGE_TABLE || pte >= high_memory)
goto bad_wp_pagetable;
pte &= PAGE_MASK;
pte += PAGE_PTR(address);
old_page = *(unsigned long *) pte; //页表
if (!(old_page & PAGE_PRESENT)) //页表项不存在
goto end_wp_page;
if (old_page >= high_memory)
goto bad_wp_page;
if (old_page & PAGE_RW) //这里可以读写,就不用进行写保护了
goto end_wp_page;
tsk->min_flt++; //增加缺页次数的计数
prot = (old_page & ~PAGE_MASK) | PAGE_RW; //复原可写的标志
old_page &= PAGE_MASK;
//.11的内核注释说的是:这里表示的是页面的共享的次数
//如果说这样的话,那么这里表示页可能被共享了,页被共享
//才是我们真正需要的,只有共享的页才会COW啊
if (mem_map[MAP_NR(old_page)] != 1)
{
if (new_page) //进行新页面的设置
{
if (mem_map[MAP_NR(old_page)] & MAP_PAGE_RESERVED)
++tsk->rss;
copy_page(old_page,new_page);
*(unsigned long *) pte = new_page | prot; //可写哦
free_page(old_page); //一切都是好好的啊,为什么要把旧页面释放?
//可能的解释是对它的引用次数进行减吧 :-)
invalidate();
return;
}
free_page(old_page);
oom(tsk);
*(unsigned long *) pte = BAD_PAGE | prot;
invalidate();
return;
}
//可能没有被共享,那么就恢复它写的权利吧!!!
*(unsigned long *) pte |= PAGE_RW; //old_page if now changed
invalidate();
if (new_page)
free_page(new_page);
return;
bad_wp_page:
printk("do_wp_page: bogus page at address %08lx (%08lx)\n",address,old_page);
*(unsigned long *) pte = BAD_PAGE | PAGE_SHARED;
send_sig(SIGKILL, tsk, 1);
goto end_wp_page;
bad_wp_pagetable:
printk("do_wp_page: bogus page-table at address %08lx (%08lx)\n",address,pte);
*pde = BAD_PAGETABLE | PAGE_TABLE;
send_sig(SIGKILL, tsk, 1); //呃 kill !
end_wp_page:
if (new_page)
free_page(new_page);
return;
} /*
* check that a page table change is actually needed, and call
* the low-level function only in that case..
*/
void do_wp_page(unsigned long error_code, unsigned long address,
struct task_struct * tsk, unsigned long user_esp)
{
unsigned long page;
unsigned long * pg_table; pg_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
page = *pg_table;
if (!page)
return;
//this should be normal
if ((page & PAGE_PRESENT) && page < high_memory)
{
pg_table = (unsigned long *) ((page & PAGE_MASK) + PAGE_PTR(address));
page = *pg_table;
//对应的页表是不存在的或者是可以写入的,就直接返回
if (!(page & PAGE_PRESENT))
return;
if (page & PAGE_RW)
return;
//PAGE_COW 这里检测到没有进行写入复制的机制
//就发送段错误信号,否则进行写入保护的底层调用
if (!(page & PAGE_COW)) {
if (user_esp && tsk == current) {
current->tss.cr2 = address; //发生缺页故障的地址
current->tss.error_code = error_code;
current->tss.trap_no = 14; //陷阱门故障,14号页故障
send_sig(SIGSEGV, tsk, 1);
return;
}
}
//没有被共享,脏了~~~
if (mem_map[MAP_NR(page)] == 1) {
*pg_table |= PAGE_RW | PAGE_DIRTY;
invalidate();
return;
}
//进行写保护的底层调用
__do_wp_page(error_code, address, tsk, user_esp);
return;
}
printk("bad page directory entry %08lx\n",page);
*pg_table = 0;
} //写入验证
int __verify_write(unsigned long start, unsigned long size)
{
size--; //注意尺寸和偏移之间的区别
//将size转成页面数,其实怎么说呢,这里也是一个
//很简单的逻辑问题,既然将start进行了页面的
//起始的对其,那么检查的size也是应该进行增加的啊
size += start & ~PAGE_MASK; //start&0xfff
size >>= PAGE_SHIFT;
start &= PAGE_MASK; //start进行页对齐
do {
do_wp_page(1,start,current,0);
start += PAGE_SIZE;
} while (size--);
return 0;
} static inline void get_empty_page(struct task_struct * tsk, unsigned long address)
{
unsigned long tmp; //申请一页物理内存
if (!(tmp = get_free_page(GFP_KERNEL))) {
oom(tsk);
tmp = BAD_PAGE;
}
//这里得到了tmp的页面,下面就将这个物理页面进行映射到
//address的线性地址了
if (!put_page(tsk,tmp,address,PAGE_PRIVATE))
free_page(tmp);
} //这里将指定进程p(假定p!=current)的在address处的页面进行检查,如果存在并且
//它是干净的,就同进行进行共享
//或许tsk的进程调用的时候传递的就是current吧
//这里的参数还传递了newpage,可能是供给如果共享不行就复制的页面的
//可以用来对fork产生的代码段进行共享啊~~~
//return 1 if success!
static int try_to_share(unsigned long address, struct task_struct * tsk,
struct task_struct * p, unsigned long error_code, unsigned long newpage)
{
unsigned long from;
unsigned long to;
unsigned long from_page;
unsigned long to_page; //获得address线性地址分别在两个任务中的页目录表中的项
from_page = (unsigned long)PAGE_DIR_OFFSET(p->tss.cr3,address);
to_page = (unsigned long)PAGE_DIR_OFFSET(tsk->tss.cr3,address);
/* is there a page-directory at from? */
from = *(unsigned long *) from_page;
if (!(from & PAGE_PRESENT))
return 0;
from &= PAGE_MASK;
from_page = from + PAGE_PTR(address); //页表的项
from = *(unsigned long *) from_page; //获得页表项的内容
/* is the page clean and present? */
if ((from & (PAGE_PRESENT | PAGE_DIRTY)) != PAGE_PRESENT) //存在,干净?
return 0;
//存在、干净
if (from >= high_memory)
return 0;
if (mem_map[MAP_NR(from)] & MAP_PAGE_RESERVED)
return 0;
/* is the destination ok? */
to = *(unsigned long *) to_page;
if (!(to & PAGE_PRESENT))
return 0;
to &= PAGE_MASK;
to_page = to + PAGE_PTR(address);
if (*(unsigned long *) to_page) //说明目标的线性地址已经被占用了,返回
return 0;
/* share them if read - do COW immediately otherwise */
if (error_code & PAGE_RW) {
if(!newpage) /* did the page exist? SRB. */
return 0;
copy_page((from & PAGE_MASK),newpage); //复制
to = newpage | PAGE_PRIVATE;
} else {
mem_map[MAP_NR(from)]++;
from &= ~PAGE_RW; //不可写,进行共享
to = from;
if(newpage) /* only if it existed. SRB. */
free_page(newpage); //do not need it,release it!
}
//设置相应的页表项
*(unsigned long *) from_page = from;
*(unsigned long *) to_page = to;
invalidate();
return 1;
} /*
* share_page() tries to find a process that could share a page with
* the current one. Address is the address of the wanted page relative
* to the current data space.
*
* We first check if it is at all feasible by checking executable->i_count.
* It should be >1 if there are other tasks sharing this inode.
*/
//寻找一个进程来进行页面的共享,可能是对相同执行程序的
//代码段进行共享吧~~~
int share_page(struct vm_area_struct * area, struct task_struct * tsk,
struct inode * inode,
unsigned long address, unsigned long error_code, unsigned long newpage)
{
struct task_struct ** p; //在缺页的时候进行尝试进行执行代码段的共享操作
if (!inode || inode->i_count < 2 || !area->vm_ops) //?
return 0;
//寻找符合条件的进程
for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) {
if (!*p)
continue;
if (tsk == *p)
continue;
//??
if (inode != (*p)->executable)
{
if(!area)
continue;
/* Now see if there is something in the VMM that
we can share pages with */
if(area)
{
struct vm_area_struct * mpnt;
for (mpnt = (*p)->mmap; mpnt; mpnt = mpnt->vm_next)
{
if (mpnt->vm_ops == area->vm_ops &&
mpnt->vm_inode->i_ino == area->vm_inode->i_ino&&
mpnt->vm_inode->i_dev == area->vm_inode->i_dev)
{
if (mpnt->vm_ops->share(mpnt, area, address))
break;
};
};
if (!mpnt)
continue; /* Nope. Nuthin here */
};
}
//inode == (*p)->executable,尝试进行共享操作了
if (try_to_share(address,tsk,*p,error_code,newpage)) //1 if success
return 1;
}
return 0;
} //获得页表,如果不存在就分配一个空的
static inline unsigned long get_empty_pgtable(struct task_struct * tsk,unsigned long address)
{
unsigned long page;
unsigned long *p; p = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
if (PAGE_PRESENT & *p)
return *p;
//I think this should be an error!
if (*p) {
printk("get_empty_pgtable: bad page-directory entry \n");
*p = 0;
}
//*p == 0 空余的页目录项
page = get_free_page(GFP_KERNEL);
//just check in case?I think it is redundancy.
p = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
if (PAGE_PRESENT & *p) {
free_page(page);
return *p;
}
if (*p) {
printk("get_empty_pgtable: bad page-directory entry \n");
*p = 0;
}
if (page) {
*p = page | PAGE_TABLE;
return *p; // this should be good!
}
oom(current);
*p = BAD_PAGETABLE | PAGE_TABLE;
return 0;
} //??
//缺页处理(应该就是将磁盘中的页面调度到内存中吧),如果没有
//就分配一块新的内存吧
void do_no_page(unsigned long error_code, unsigned long address,
struct task_struct *tsk, unsigned long user_esp)
{
unsigned long tmp;
unsigned long page;
struct vm_area_struct * mpnt; page = get_empty_pgtable(tsk,address);
if (!page)
return;
page &= PAGE_MASK;
page += PAGE_PTR(address);
tmp = *(unsigned long *) page; //页表项
if (tmp & PAGE_PRESENT) //页表项存在,存在与物理内存中,返回
return;
++tsk->rss;
if (tmp) {
++tsk->maj_flt;
swap_in((unsigned long *) page);
return;
}
address &= 0xfffff000;
tmp = 0;
//这里的链表是有顺序的插入的,所以可以搜素的
for (mpnt = tsk->mmap; mpnt != NULL; mpnt = mpnt->vm_next)
{
if (address < mpnt->vm_start)
break;
if (address >= mpnt->vm_end)
{
tmp = mpnt->vm_end; //保存前一个的地址
continue;
}
//没有处理函数,就使用默认的函数来分配一块内存返回好了
if (!mpnt->vm_ops || !mpnt->vm_ops->nopage) {
++tsk->min_flt;
get_empty_page(tsk,address);
return;
}
mpnt->vm_ops->nopage(error_code, mpnt, address);
return;
}
if (tsk != current)
goto ok_no_page;
if (address >= tsk->end_data && address < tsk->brk)
goto ok_no_page;
if (mpnt && mpnt == tsk->stk_vma &&
address - tmp > mpnt->vm_start - address &&
tsk->rlim[RLIMIT_STACK].rlim_cur > mpnt->vm_end - address)
{
mpnt->vm_start = address;
goto ok_no_page;
}
tsk->tss.cr2 = address;
current->tss.error_code = error_code;
current->tss.trap_no = 14;
send_sig(SIGSEGV,tsk,1);
if (error_code & 4) /* user level access? */
return;
ok_no_page:
++tsk->min_flt;
get_empty_page(tsk,address);
} //页故障处理函数,并根据故障的类型进行相应的处理
asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
unsigned long address;
unsigned long user_esp = 0;
unsigned int bit; /* get the address */
__asm__("movl %%cr2,%0":"=r" (address)); //将出现页故障的地址(线性地址吧)(CR2)加载到address中
//用户地址空间的正常处理
if (address < TASK_SIZE)
{
if (error_code & 4)
{ /* user mode access? */
if (regs->eflags & VM_MASK) {
bit = (address - 0xA0000) >> PAGE_SHIFT;
if (bit < 32)
current->screen_bitmap |= 1 << bit;
} else
user_esp = regs->esp;
}
if (error_code & 1) //写保护
do_wp_page(error_code, address, current, user_esp);
else //缺页
do_no_page(error_code, address, current, user_esp);
return;
}
//否则是高端地址的内核空间的页故障,似乎内核的故障是严重的!!!
address -= TASK_SIZE;
//应该就是对于高特权级不可以向低特权任意写东西吧
if (wp_works_ok < 0 && address == 0 && (error_code & PAGE_PRESENT))
{
wp_works_ok = 1; ///* set if paging hardware honours WP */
pg0[0] = PAGE_SHARED;
printk("This processor honours the WP bit even when in supervisor mode. Good.\n");
return;
}
//bad things here
if (address < PAGE_SIZE)
{
printk("Unable to handle kernel NULL pointer dereference");
pg0[0] = PAGE_SHARED;
} else
printk("Unable to handle kernel paging request");
printk(" at address %08lx\n",address);
die_if_kernel("Oops", regs, error_code);
do_exit(SIGKILL);
} /*
* BAD_PAGE is the page that is used for page faults when linux
* is out-of-memory. Older versions of linux just did a
* do_exit(), but using this instead means there is less risk
* for a process dying in kernel mode, possibly leaving a inode
* unused etc..
*
* BAD_PAGETABLE is the accompanying page-table: it is initialized
* to point to BAD_PAGE entries.
*
* ZERO_PAGE is a special page that is used for zero-initialized
* data and COW.
*/ //将数据BAD_PAGE + PAGE_TABLE的数据放入一页(一个页表)中
unsigned long __bad_pagetable(void)
{
extern char empty_bad_page_table[PAGE_SIZE]; //1<<12 __asm__ __volatile__("cld ; rep ; stosl":
:"a" (BAD_PAGE + PAGE_TABLE),
"D" ((long) empty_bad_page_table),
"c" (PTRS_PER_PAGE)
:"di","cx");
return (unsigned long) empty_bad_page_table;
} unsigned long __bad_page(void)
{
extern char empty_bad_page[PAGE_SIZE]; __asm__ __volatile__("cld ; rep ; stosl":
:"a" (0),
"D" ((long) empty_bad_page),
"c" (PTRS_PER_PAGE)
:"di","cx");
return (unsigned long) empty_bad_page;
} unsigned long __zero_page(void)
{
extern char empty_zero_page[PAGE_SIZE]; __asm__ __volatile__("cld ; rep ; stosl":
:"a" (0),
"D" ((long) empty_zero_page),
"c" (PTRS_PER_PAGE)
:"di","cx");
return (unsigned long) empty_zero_page;
} //对内存使用的统计信息进行显示
void show_mem(void)
{
int i,free = 0,total = 0,reserved = 0;
int shared = 0; printk("Mem-info:\n");
printk("Free pages: %6dkB\n",nr_free_pages<<(PAGE_SHIFT-10));
printk("Secondary pages: %6dkB\n",nr_secondary_pages<<(PAGE_SHIFT-10));
printk("Free swap: %6dkB\n",nr_swap_pages<<(PAGE_SHIFT-10));
//对高端内存进行统计
i = high_memory >> PAGE_SHIFT;
while (i-- > 0) {
total++;
if (mem_map[i] & MAP_PAGE_RESERVED)
reserved++;
else if (!mem_map[i])
free++;
else
shared += mem_map[i]-1;
}
printk("%d pages of RAM\n",total);
printk("%d free pages\n",free);
printk("%d reserved pages\n",reserved);
printk("%d pages shared\n",shared);
show_buffers();
} /*
* paging_init() sets up the page tables - note that the first 4MB are
* already mapped by head.S.
*
* This routines also unmaps the page at virtual kernel address 0, so
* that we can trap those pesky NULL-reference errors in the kernel.
*/
unsigned long paging_init(unsigned long start_mem, unsigned long end_mem)
{
unsigned long * pg_dir;
unsigned long * pg_table;
unsigned long tmp;
unsigned long address; /*
* Physical page 0 is special; it's not touched by Linux since BIOS
* and SMM (for laptops with [34]86/SL chips) may need it. It is read
* and write protected to detect null pointer references in the
* kernel.
*/
#if 0
memset((void *) 0, 0, PAGE_SIZE);
#endif start_mem = PAGE_ALIGN(start_mem);
address = 0;
pg_dir = swapper_pg_dir;
//这个大循环将所有的内存进行了映射了
while (address < end_mem)
{
//可能从768项后面的页目录项都给了内核了
tmp = *(pg_dir + 768); /* at virtual addr 0xC0000000 */
if (!tmp) { //first ,it is zeor!
tmp = start_mem | PAGE_TABLE; //算是第一个页表吧,注意此后的start_mem也开始变了
//页表映射的内存是从0-end线性映射的,而页目录映射的
//页表是从start_mem开始的,而且start_mem也在不断改变
*(pg_dir + 768) = tmp;
start_mem += PAGE_SIZE; //分配出一页出来吧
}
*pg_dir = tmp; /* also map it in at 0x0000000 for init */
//记住这里的0x0000000是线性地址了哦
pg_dir++;
pg_table = (unsigned long *) (tmp & PAGE_MASK);
//对新得到的pg_table进行初始化操作,最多也就能映射4M内存吧
for (tmp = 0 ; tmp < PTRS_PER_PAGE ; tmp++,pg_table++)
{
//address是从0开始的哦
if (address < end_mem)
// #define PAGE_SHARED (PAGE_PRESENT | PAGE_RW | PAGE_USER | PAGE_ACCESSED)
*pg_table = address | PAGE_SHARED;
else //没有空间了就映射为0(空)
*pg_table = 0;
address += PAGE_SIZE;
}
}
invalidate();
return start_mem; //次start_mem同传递进来的肯定不同了!!
} void mem_init(unsigned long start_low_mem,
unsigned long start_mem, unsigned long end_mem)
{
int codepages = 0;
int reservedpages = 0;
int datapages = 0;
unsigned long tmp;
unsigned short * p;
extern int etext; cli();
end_mem &= PAGE_MASK;
high_memory = end_mem;
//对齐
start_mem += 0x0000000f;
start_mem &= ~0x0000000f;
tmp = MAP_NR(end_mem); //应该是最大的内存页数
//将start_mem到end_mem之间的内存的mem_map数组的数
//设置为MAP_PAGE_RESERVED
mem_map = (unsigned short *) start_mem;
p = mem_map + tmp;
start_mem = (unsigned long) p;
while (p > mem_map)
*--p = MAP_PAGE_RESERVED;
//如果内核的代码段大于1M,那么start_mem就是代码段结束而start_low_mem就是4K
//否则start_mem就是1M,而start_low_mem就是代码段结束
//对于这个内存布局感到很晕啊
start_low_mem = PAGE_ALIGN(start_low_mem);
start_mem = PAGE_ALIGN(start_mem);
while (start_low_mem < 0xA0000) { //640K的内存
mem_map[MAP_NR(start_low_mem)] = 0;
start_low_mem += PAGE_SIZE;
}
while (start_mem < end_mem) {
mem_map[MAP_NR(start_mem)] = 0;
start_mem += PAGE_SIZE;
}
#ifdef CONFIG_SOUND
sound_mem_init();
#endif free_page_list = 0;
nr_free_pages = 0;
//对内存信息进行初始统计
for (tmp = 0 ; tmp < end_mem ; tmp += PAGE_SIZE)
{
if (mem_map[MAP_NR(tmp)]) {
if (tmp >= 0xA0000 && tmp < 0x100000) //640K~1M
reservedpages++;
else if (tmp < (unsigned long) &etext) //对内核的信息统计
codepages++;
else
datapages++;
continue;
}
//空闲的内存页面
*(unsigned long *) tmp = free_page_list;
free_page_list = tmp;
nr_free_pages++;
}
tmp = nr_free_pages << PAGE_SHIFT;
printk("Memory: %luk/%luk available (%dk kernel code, %dk reserved, %dk data)\n",
tmp >> 10,
end_mem >> 10,
codepages << (PAGE_SHIFT-10),
reservedpages << (PAGE_SHIFT-10),
datapages << (PAGE_SHIFT-10));
/* test if the WP bit is honoured in supervisor mode */
wp_works_ok = -1; //会被改动一次的!!
pg0[0] = PAGE_READONLY;
invalidate();
//以我感觉呢,这里可能是进行一个写入的测试吧,看
//先前设置的wp_works_ok经过这样的一个异常之后是否被重新设置了
__asm__ __volatile__("movb 0,%%al ; movb %%al,0": : :"ax", "memory");
pg0[0] = 0;
invalidate();
if (wp_works_ok < 0)
wp_works_ok = 0;
return;
} //进行系统信息的内存信息的统计
void si_meminfo(struct sysinfo *val)
{
int i; i = high_memory >> PAGE_SHIFT;
val->totalram = 0;
val->freeram = 0;
val->sharedram = 0;
val->bufferram = buffermem;
while (i-- > 0)
{
if (mem_map[i] & MAP_PAGE_RESERVED)
continue;
val->totalram++;
if (!mem_map[i])
{
val->freeram++;
continue;
}
//呃,可能这里是统计的共享的页面的,会不会有计数啊?
val->sharedram += mem_map[i]-1;
}
val->totalram <<= PAGE_SHIFT;
val->freeram <<= PAGE_SHIFT;
val->sharedram <<= PAGE_SHIFT;
return;
}
/* This handles a generic mmap of a disk file */
//对磁盘的普通文件进行映射操作
//还是比较麻烦的,起码同文件系统进行交互操作了
void file_mmap_nopage(int error_code, struct vm_area_struct * area, unsigned long address)
{
struct inode * inode = area->vm_inode;
unsigned int block;
unsigned long page;
int nr[8];
int i, j;
int prot = area->vm_page_prot; //计算文件的块大小
address &= PAGE_MASK;
block = address - area->vm_start + area->vm_offset;
block >>= inode->i_sb->s_blocksize_bits; page = get_free_page(GFP_KERNEL);
//看原来的文件是否已经被映射而可以被共享
if (share_page(area, area->vm_task, inode, address, error_code, page)) {
++area->vm_task->min_flt;
return;
} ++area->vm_task->maj_flt;
if (!page) {
oom(current);
//#define BAD_PAGE __bad_page()
put_page(area->vm_task, BAD_PAGE, address, PAGE_PRIVATE);
return;
}
for (i=0, j=0; i< PAGE_SIZE ; j++, block++, i += inode->i_sb->s_blocksize)
nr[j] = bmap(inode,block);
if (error_code & PAGE_RW)
prot |= PAGE_RW | PAGE_DIRTY;
page = bread_page(page, inode->i_dev, nr, inode->i_sb->s_blocksize, prot); if (!(prot & PAGE_RW)) { //不可写
if (share_page(area, area->vm_task, inode, address, error_code, page))
return;
}
//将address映射到物理地址page处,返回page表示成功
if (put_page(area->vm_task,page,address,prot))
return;
free_page(page);
oom(current);
} void file_mmap_free(struct vm_area_struct * area)
{
if (area->vm_inode)
iput(area->vm_inode);
#if 0
if (area->vm_inode)
printk("Free inode %x:%d (%d)\n",area->vm_inode->i_dev,
area->vm_inode->i_ino, area->vm_inode->i_count);
#endif
} //对mmap entries进行检查,如果area1 area2对应的指标相等,就可以共享页了
//返回1
int file_mmap_share(struct vm_area_struct * area1,
struct vm_area_struct * area2,
unsigned long address)
{
if (area1->vm_inode != area2->vm_inode)
return 0;
if (area1->vm_start != area2->vm_start)
return 0;
if (area1->vm_end != area2->vm_end)
return 0;
if (area1->vm_offset != area2->vm_offset)
return 0;
if (area1->vm_page_prot != area2->vm_page_prot)
return 0;
return 1;
} //操作类型
struct vm_operations_struct file_mmap = {
NULL, /* open */
file_mmap_free, /* close */
file_mmap_nopage, /* nopage */
NULL, /* wppage */
file_mmap_share, /* share */
NULL, /* unmap */
};
文档地址:http://blogimg.chinaunix.net/blog/upfile2/090315232249.pdf
相关阅读 更多 +
