服务器评测
一: Linux kernel内存存布局
在ARM平台中zImage.bin是一个压缩镜像,它用于将被压缩的kernel解压缩到KERNEL_RAM_PADDR开始的一段内存中,接着跳进真正的kernel去执行。该kernel的执行起点是stext函数,定义于arch/arm/kernel/head.S。在分析ENTRY(stext)前,先介绍此时内存的布局如下图所示:
图一:内存布局[此处借用下网络上已有的图片,自己不想弄图片了]
在我的YL-E2410的平台上,SDRAM的开始内存地址是0x30000000,大小为64M,即0x20000000。 Linux2.6.38.8 ARM kernel将SDRAM的开始地址定义为PHYS_OFFSET。经bootloader加载kernel并由自解压部分代码运行后,最终kernel被放置到KERNEL_RAM_PADDR(=PHYS_OFFSET + TEXT_OFFSET,即0x30008000)地址上的一段内存,经此放置后,kernel代码以后均不会被移动。在arch\arm\mach-s3c2410\Makefile.boot文件,其内容如下:
zreladdr-y := 0x30008000
params_phys-y := 0x30000100
这也验证了为什么内核会被放置在0x30008000的地方了,这个地址必须由Makefile.boot指定。而params_phys-y则是linux Kernel的taglist等参数的起始地址。在进入kernel代码前,即自解压缩阶段,ARM未开启MMU功能。因此启动代码一个重要功能是设置好相应的页表,并开启MMU功能。为了支持MMU功能,kernel镜像中的所有符号,包括代码段和数据段的符号,在链接时都生成了它在开启MMU时,所在物理内存地址映射到的虚拟内存地址。Kernel第一个符号stext为例,在编译链接,它生成的虚拟地址是0xc0008000,而放置它的物理地址为0x30008000。实际上这个变换可以利用简单的公式进行表示:va = pa – PHYS_OFFSET + PAGE_OFFSET。Arm linux最终的kernel空间的页表,就是按照这个关系来建立。之所提及linux的内存映射,原因是在进入kernel代码,里面所有符号地址值为0xCxxxxxxx地址,而此时ARM未开启MMU功能,故在执行stext函数第一条执行时,它的PC值就是stext所在的内存地址(即物理地址,0x30008000)。
二:stext函数详解
stext函数定义在arch/arm/kernel/head.S,它的功能是获取处理器类型和机器类型信息,并创建临时的页表,然后开启MMU功能,并跳进第一个C语言函数start_kernel。stext函数的在前置条件是:MMU, D-cache, 关闭; r0 = 0, r1 = machine nr, r2 = atags prointer.
[cpp]
- /*
- * This program is free software; you can Redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Kernel startup code for all 32-bit CPUs
- */
- #include <linux/linkage.h>
- #include <linux/init.h>
- #include <asm/assembler.h>
- #include <asm/domain.h>
- #include <asm/ptrace.h>
- #include <asm/asm-offsets.h>
- #include <asm/memory.h>
- #include <asm/thread_info.h>
- #include <asm/system.h>
- #ifdef CONFIG_DEBUG_LL
- #include <mach/debug-macro.S>
- #endif
- #if (PHYS_OFFSET & 0x001fffff)
- #error “PHYS_OFFSET must be at an even 2MiB boundary!”
- #endif
- #define KERNEL_RAM_VADDR (PAGE_OFFSET + TEXT_OFFSET)
- #define KERNEL_RAM_PADDR (PHYS_OFFSET + TEXT_OFFSET)
- /*
- * swapper_pg_dir is the virtual address of the initial page table.
- * We place the page tables 16K below KERNEL_RAM_VADDR. Therefore, we must
- * make sure that KERNEL_RAM_VADDR is correctly set. Currently, we expect
- * the least significant 16 bits to be 0x8000, but we could probably
- * relax this restriction to KERNEL_RAM_VADDR >= PAGE_OFFSET + 0x4000.
- */
- #if (KERNEL_RAM_VADDR & 0xffff) != 0x8000
- #error KERNEL_RAM_VADDR must start at 0xXXXX8000
- #endif
- .globl swapper_pg_dir
- .equ swapper_pg_dir, KERNEL_RAM_VADDR – 0x4000
- .macro pgtbl, rd
- ldr \rd, =(KERNEL_RAM_PADDR – 0x4000)
- .endm
- #ifdef CONFIG_XIP_KERNEL
- #define KERNEL_START XIP_VIRT_ADDR(CONFIG_XIP_PHYS_ADDR)
- #define KERNEL_END _edata_loc
- #else
- #define KERNEL_START KERNEL_RAM_VADDR
- #define KERNEL_END _end
- #endif
- /*
- * Kernel startup entry point.
- * —————————
- *
- * This is normally called from the decompressor code. The requirements
- * are: MMU = off, D-cache = off, I-cache = dont care, r0 = 0,
- * r1 = machine nr, r2 = atags pointer.
- *
- * This code is mostly position independent, so if you link the kernel at
- * 0xc0008000, you call this at __pa(0xc0008000).
- *
- * See linux/arch/arm/tools/mach-types for the complete list of machine
- * numbers for r1.
- *
- * We’re trying to keep crap to a minimum; DO NOT add any machine specific
- * crap here – that’s what the boot loader (or in extreme, well justified
- * circumstances, zImage) is for.
- */
- __HEAD
- ENTRY(stext)
- /* 设置CPU运行模式为SVC,并关中断 */
- setmode PSR_F_BIT | PSR_I_BIT | SVC_MODE, r9 @ ensure svc mode
- @ and irqs disabled
- mrc p15, 0, r9, c0, c0 @ get processor id
- bl __lookup_processor_type @ r5=procinfo r9=cpuid
- * r10指向cpu对应的proc_info记录 */
- movs r10, r5 @ invalid processor (r5=0)?
- THUMB( it eq ) @ force fixup-able long branch encoding
- beq __error_p @ yes, error ‘p’
- bl __lookup_machine_type @ r5=machinfo
- /* r8 指向开发板对应的arch_info记录 */
- movs r8, r5 @ invalid machine (r5=0)?
- THUMB( it eq ) @ force fixup-able long branch encoding
- beq __error_a @ yes, error ‘a’
- /* __vet_atags函数涉及bootloader造知kernel物理内存的情况 */
- /*
- * r1 = machine no, r2 = atags,
- * r8 = machinfo, r9 = cpuid, r10 = procinfo
- */
- bl __vet_atags
- #ifdef CONFIG_SMP_ON_UP
- bl __fixup_smp
- #endif
- /* 创建临时页表 */
- bl __create_page_tables
- /*
- * The following calls CPU specific code in a position independent
- * manner. See arch/arm/mm/proc-*.S for details. r10 = base of
- * xxx_proc_info structure selected by __lookup_machine_type
- * above. On return, the CPU will be ready for the MMU to be
- * turned on, and r0 will hold the CPU control register value.
- * 这里的逻辑关系相当复杂,先是从proc_info结构中的中跳进__arm920_setup函数,
- * 然后执__enable_mmu 函数。最后在__enable_mmu函数通过mov pc, r13来执行__mmap_switched,
- * __mmap_switched函数在最后一条语句,鱼跃龙门,跳进第一个C语言函数start_kernel
- */
- ldr r13, =__mmap_switched @ address to jump to after
- @ mmu has been enabled
- adr lr, BSYM(1f) @ return (PIC) address
- ARM( add pc, r10, #PROCINFO_INITFUNC )
- THUMB( add r12, r10, #PROCINFO_INITFUNC )
- THUMB( mov pc, r12 )
- 1: b __enable_mmu
- ENDPROC(stext)
- .ltorg
三:__lookup_processor_type函数
__lookup_processor_type函数是一个非常讲究技巧的函数,Kernel代码将所有CPU信息的定义都放到.proc.info.init段中,因此可以认为.proc.info.init段就是一个数组,每个元素都定义了一个或一种CPU的信息。目前__lookup_processor_type使用该元素的前两个字段cpuid和mask来匹配当前CPUID,如果满足CPUID & mask == cpuid,则找到当前cpu的定义并返回。
[cpp]
- /*
- * Read processor ID register (CP#15, CR0), and look up in the linker-built
- * supported processor list. Note that we can’t use the absolute addresses
- * for the __proc_info lists since we aren’t running with the MMU on
- * (and therefore, we are not in the correct address space). We have to
- * calculate the offset.
- *
- * r9 = cpuid
- * Returns:
- * r3, r4, r6 corrupted
- * r5 = proc_info pointer in physical address space
- * r9 = cpuid (preserved)
- */
- __CPUINIT
- __lookup_processor_type:
- /* adr 是相对寻址,它的寻计算结果是将当前PC值加上__lookup_processor_type_data符号与PC的偏移量,
- * 而PC是物理地址,因此r3的结果也是__lookup_processor_type_data符号的物理地址 */
- adr r3, __lookup_processor_type_data
- ldmia r3, {r4 – r6}
- sub r3, r3, r4 @ get offset between virt&phys
- add r5, r5, r3 @ convert virt addresses to
- add r6, r6, r3 @ physical address space
- 1: ldmia r5, {r3, r4} @ value, mask
- /* 将当前CPUID和mask相与,并与数组元素中的CPUID比较是否相同
- * 若相同,则找到当前CPU的__proc_info定义,r5指向访元素并返回。
- */
- and r4, r4, r9 @ mask wanted bits
- teq r3, r4
- beq 2f
- /* r5指向下一个__proc_info元素 */
- add r5, r5, #PROC_INFO_SZ @ sizeof(proc_info_list)
- /* 是否遍历完所有__proc_info元素 */
- cmp r5, r6
- blo 1b
- /* 找不到则返回NULL */
- mov r5, #0 @ unknown processor
- 2: mov pc, lr
- ENDPROC(__lookup_processor_type)
四:__lookup_machine_type 函数
__lookup_machine_type 和__lookup_processor_type像对孪生兄弟,它们的行为都是很类似的:__lookup_machine_type根据r1寄存器的机器编号到.arch.info.init段的数组中依次查找机器编号与r1相同的记录。它使了与它孪生兄弟同样的手法进行虚拟地址到物理地址的转换计算。
[cpp]
- /*
- * Lookup machine architecture in the linker-build list of architectures.
- * Note that we can’t use the absolute addresses for the __arch_info
- * lists since we aren’t running with the MMU on (and therefore, we are
- * not in the correct address space). We have to calculate the offset.
- *
- * r1 = machine architecture number
- * Returns:
- * r3, r4, r6 corrupted
- * r5 = mach_info pointer in physical address space
- */
- __lookup_machine_type:
- adr r3, __lookup_machine_type_data
- ldmia r3, {r4, r5, r6}
- sub r3, r3, r4 @ get offset between virt&phys
- add r5, r5, r3 @ convert virt addresses to
- add r6, r6, r3 @ physical address space
- 1: ldr r3, [r5, #MACHINFO_TYPE] @ get machine type
- teq r3, r1 @ matches loader number?
- beq 2f @ found
- add r5, r5, #SIZEOF_MACHINE_DESC @ next machine_desc
- cmp r5, r6
- blo 1b
- mov r5, #0 @ unknown machine
- 2: mov pc, lr
- ENDPROC(__lookup_machine_type)
具体的请看:MACHINE_START and MACHINE_END Macro define 见 http://www.linuxidc.com/Linux/2012-02/54648.htm
五:为kernel建立临时页表
前面提及到,kernel里面的所有符号在链接时,都使用了虚拟地址值。在完成基本的初始化后,kernel代码将跳到第一个C语言函数start_kernl来执行,在哪个时候,这些虚拟地址必须能够对它所存放在真正内存位置,否则运行将为出错。为此,CPU必须开启MMU,但在开启MMU前,必须为虚拟地址到物理地址的映射建立相应的面表。在开启MMU后,kernel指并不马上将PC值指向start_kernl,而是要做一些C语言运行期的设置,如堆栈,重定义等工作后才跳到start_kernel去执行。在此过程中,PC值还是物理地址,因此还需要为这段内存空间建立va = pa的内存映射关系。当然,本函数建立的所有页表都会在将来paging_init销毁再重建,这是临时过度性的映射关系和页表。
在介绍__create_table_pages前,先认识一个macro pgtbl,它将KERNL_RAM_PADDR – 0x4000的值赋给rd寄存器,从下面的使用中可以看它,该值是页表在物理内存的基础,也即页表放在kernel开始地址下的16K的地方。
.macro pgtbl, rd
ldr \rd, =(KERNEL_RAM_PADDR – 0x4000)
.endm
[cpp]
- /*
- * Setup the initial page tables. We only setup the barest
- * amount which are required to get the kernel running, which
- * generally means mapping in the kernel code.
- *
- * r8 = machinfo
- * r9 = cpuid
- * r10 = procinfo
- *
- * Returns:
- * r0, r3, r5-r7 corrupted
- * r4 = physical page table address
- */
- __create_page_tables:
- pgtbl r4 @ page table address
- /*
- * Clear the 16K level 1 swapper page table
- */
- mov r0, r4
- mov r3, #0
- add r6, r0, #0x4000
- 1: str r3, [r0], #4
- str r3, [r0], #4
- str r3, [r0], #4
- str r3, [r0], #4
- teq r0, r6
- bne 1b
- ldr r7, [r10, #PROCINFO_MM_MMUFLAGS] @ mm_mmuflags
- /*
- * Create identity mapping to cater for __enable_mmu.
- * This identity mapping will be removed by paging_init().
- */
- adr r0, __enable_mmu_loc
- ldmia r0, {r3, r5, r6}
- sub r0, r0, r3 @ virt->phys offset
- add r5, r5, r0 @ phys __enable_mmu
- add r6, r6, r0 @ phys __enable_mmu_end
- mov r5, r5, lsr #20
- mov r6, r6, lsr #20
- 1: orr r3, r7, r5, lsl #20 @ flags + kernel base
- str r3, [r4, r5, lsl #2] @ identity mapping
- teq r5, r6
- addne r5, r5, #1 @ next section
- bne 1b
- /*
- * Now setup the pagetables for our kernel direct
- * mapped region.
- */
- mov r3, pc
- mov r3, r3, lsr #20
- orr r3, r7, r3, lsl #20
- add r0, r4, #(KERNEL_START & 0xff000000) >> 18
- str r3, [r0, #(KERNEL_START & 0x00f00000) >> 18]!
- ldr r6, =(KERNEL_END – 1)
- add r0, r0, #4
- add r6, r4, r6, lsr #18
- 1: cmp r0, r6
- add r3, r3, #1 << 20
- strls r3, [r0], #4
- bls 1b
- #ifdef CONFIG_XIP_KERNEL
- /*
- * Map some ram to cover our .data and .bss areas.
- */
- orr r3, r7, #(KERNEL_RAM_PADDR & 0xff000000)
- .if (KERNEL_RAM_PADDR & 0x00f00000)
- orr r3, r3, #(KERNEL_RAM_PADDR & 0x00f00000)
- .endif
- add r0, r4, #(KERNEL_RAM_VADDR & 0xff000000) >> 18
- str r3, [r0, #(KERNEL_RAM_VADDR & 0x00f00000) >> 18]!
- ldr r6, =(_end – 1)
- add r0, r0, #4
- add r6, r4, r6, lsr #18
- 1: cmp r0, r6
- add r3, r3, #1 << 20
- strls r3, [r0], #4
- bls 1b
- #endif
- /*
- * Then map first 1MB of ram in case it contains our boot params.
- */
- add r0, r4, #PAGE_OFFSET >> 18
- orr r6, r7, #(PHYS_OFFSET & 0xff000000)
- .if (PHYS_OFFSET & 0x00f00000)
- orr r6, r6, #(PHYS_OFFSET & 0x00f00000)
- .endif
- str r6, [r0]
- #ifdef CONFIG_DEBUG_LL
- #ifndef CONFIG_DEBUG_ICEDCC
- /*
- * Map in IO space for serial debugging.
- * This allows debug messages to be output
- * via a serial console before paging_init.
- */
- addruart r7, r3
- mov r3, r3, lsr #20
- mov r3, r3, lsl #2
- add r0, r4, r3
- rsb r3, r3, #0x4000 @ PTRS_PER_PGD*sizeof(long)
- cmp r3, #0x0800 @ limit to 512MB
- movhi r3, #0x0800
- add r6, r0, r3
- mov r3, r7, lsr #20
- ldr r7, [r10, #PROCINFO_IO_MMUFLAGS] @ io_mmuflags
- orr r3, r7, r3, lsl #20
- 1: str r3, [r0], #4
- add r3, r3, #1 << 20
- teq r0, r6
- bne 1b
- #else /* CONFIG_DEBUG_ICEDCC */
- /* we don’t need any serial debugging mappings for ICEDCC */
- ldr r7, [r10, #PROCINFO_IO_MMUFLAGS] @ io_mmuflags
- #endif /* !CONFIG_DEBUG_ICEDCC */
- #if defined(CONFIG_ARCH_NETWINDER) || defined(CONFIG_ARCH_CATS)
- /*
- * If we’re using the NetWinder or CATS, we also need to map
- * in the 16550-type serial port for the debug messages
- */
- add r0, r4, #0xff000000 >> 18
- orr r3, r7, #0x7c000000
- str r3, [r0]
- #endif
- #ifdef CONFIG_ARCH_RPC
- /*
- * Map in screen at 0x02000000 & SCREEN2_BASE
- * Similar reasons here – for debug. This is
- * only for Acorn RiscPC architectures.
- */
- add r0, r4, #0x02000000 >> 18
- orr r3, r7, #0x02000000
- str r3, [r0]
- add r0, r4, #0xd8000000 >> 18
- str r3, [r0]
- #endif
- #endif
- mov pc, lr
- ENDPROC(__create_page_tables)
里面涉及的代码主要就是建立虚拟地址与物理地址的转换,尤其是右移20位和18位两个地方与页表目录项的地址关系比较复杂。执行完该函数后,虚拟内存和物理内存的映射关系如下图所示:
