Shulou(Shulou.com)06/01 Report--

This article mainly explains "the detailed process of Linux memory allocation". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "the detailed process of Linux memory allocation".

This article uses Linux version 2.6.32 code

Memory partition object

As described in the article "you really understand memory allocation," Linux divides the process virtual memory space into multiple partitions, represented by vm_area_struct objects in the Linux kernel, which are defined as follows:

Struct vm_area_struct {struct mm_struct * vm_mm; / / the memory management object unsigned long vm_start; / / the start address of the partition unsigned long vm_end; / / the end address of the partition struct vm_area_struct * vm_next; / / concatenates all memory partitions of the process into a linked list through this pointer. The node of the struct rb_node vm_rb; / / red-black tree, which is used to save to the memory partition red-black tree.}

We have simplified the vm_area_struct object, leaving only the fields needed for this article.

The kernel uses a vm_area_struct object to record a memory partition (such as code snippet, data segment, heap space, etc.). Here is a description of the role of each field of the vm_area_struct object:

Vm_mm: specifies the memory management object to which the current memory partition belongs.

Vm_start: the start address of the memory partition.

Vm_end: the end address of the memory partition.

Vm_next: use this pointer to connect all memory partitions in the process into a linked list.

Vm_rb: in addition, in order to quickly find memory partitions, the kernel also saves all memory partitions of a process to a red-black tree. Vm_rb is the node of the red-black tree, which is used to save memory partitions to the red-black tree.

If process A now has four memory partitions, their ranges are as follows:

Code snippet: 00400000 ~ 00401000

Data segment: 00600000 ~ 00601000

Heap space: 00983000 ~ 009a4000

Stack space: 7f37ce866000 ~ 7f3fce867000

Then the structure of these four memory partitions in the kernel is shown in figure 1:

In figure 1, we can see that there is an object of mm_struct, which is held by each process and is the management object of the process's virtual memory space and physical memory space. Let's give a brief introduction to this object, which is defined as follows:

Struct mm_struct {struct vm_area_struct * mmap; / / points to the linked list of process memory partitions struct rb_root mm_rb; / / the kernel uses a red-black tree to save all memory partitions of the process, which is the root node unsigned long start_brk of the red-black tree, and the start and end addresses of the brk; / / heap space.}

Let's introduce the role of each field of the mm_struct object:

Mmap: points to a linked list made up of all memory partitions of a process.

Mm_rb: in order to speed up finding memory partitions, the kernel uses a red-black tree to save all memory partitions. This is the root node of the red-black tree.

Start_brk: the starting memory address of the heap space.

Brk: top memory address of the heap space.

Let's review the layout of the process virtual memory space, as shown in figure 2:

The start_brk and brk fields are used to record the range of heap space, as shown in figure 2. In general, start_brk does not change, while brk changes as memory is allocated and freed.

Virtual memory allocation

As mentioned in the article "you really understand memory allocation", when you call malloc to request memory, you will eventually call the brk system call to allocate memory from the heap space. Let's analyze the implementation of the brk system call:

Unsigned long sys_brk (unsigned long brk) {unsigned long rlim, retval; unsigned long newbrk, oldbrk; struct mm_struct * mm = current- > mm;... Down_write (& mm- > mmap_sem); / / A lock is performed on memory management objects to determine whether the size of the heap space exceeds the limit. If the limit is exceeded, rlim = current- > signal- > rlimm [RLIMIT _ DATA] .rlim _ cur; if (rlim) is not processed.

Start_brk) + (mm- > end_data-mm- > start_data) > rlim) goto out; newbrk = PAGE_ALIGN (brk); / / the new brk value oldbrk = PAGE_ALIGN (mm- > brk); / / the old brk value if (oldbrk = = newbrk) / / if the old and new locations are the same, there is no need to process goto set_brk . / / call the do_brk function to proceed to the next step: if (do_brk (oldbrk, newbrk-oldbrk)! = oldbrk) goto out; set_brk: mm- > brk = brk; / / set the top position of the heap space (brk pointer) out: retval = mm- > brk; up_write (& mm- > mmap_sem); return retval;}

To sum up the above code, there are mainly the following steps:

1. Determine whether the size of the heap space exceeds the limit. If the heap space exceeds the limit, no processing will be made and the old brk value will be returned directly.

2. If the new brk value is consistent with the old brk value, it is not used for any processing.

3. If the new brk value changes, the do_brk function is called to proceed to the next step.

4. Set the process's brk pointer (at the top of the heap space) to the value of the new brk.

We see that step 3 uses the do_brk function to deal with it, and the implementation of the do_brk function is a little complicated, so here's an overview of the processing flow:

Hongmeng official Strategic Cooperation to build HarmonyOS Technology Community

The corresponding memory partition object (that is, vm_area_struct) is found in the process memory partition red-black tree through the starting address of the heap space, start_brk.

Set the vm_end field of the memory partition object of the heap space to the new brk value.

At this point, the work of the brk system call is complete (the memory release is not analyzed above). To sum up, the work of the brk system call has two main parts:

Set the process's brk pointer to the new brk value.

Set the vm_end field of the memory partition object of the heap space to the new brk value.

Physical memory allocation

From the above analysis, we know that the brk system call requests virtual memory, but only physical memory can be used to store data. Therefore, virtual memory must be mapped to physical memory before it can be used.

So when is memory mapping going to happen?

As described in the article "you really understand memory allocation", CPU will trigger a page fault exception when reading and writing to a virtual memory address that is not mapped. When the kernel receives the page fault exception, it calls the do_page_fault function to fix it.

Let's analyze the implementation of the do_page_fault function (simplified):

Void do_page_fault (struct pt_regs * regs, unsigned long error_code) {struct vm_area_struct * vma; struct task_struct * tsk; unsigned long address; struct mm_struct * mm; int write; int fault; tsk = current; mm = tsk- > mm; address = read_cr2 (); / / get the virtual memory address that caused the page missing exception. Vma = find_vma (mm, address); / / find the corresponding memory partition object from the process memory partition through the virtual memory address. If (likely (vma- > vm_start vm_page_prot)); Goto setpte;}. / / if the exception is caused by a write operation / / apply for a new physical memory page page = alloc_zeroed_user_highpage_movable (vma, address);. / / generate a mapping relationship entry = mk_pte (page, vma- > vm_page_prot) based on the address of the physical memory page. If (vma- > vm_flags & VM_WRITE) entry = pte_mkwrite (pte_mkdirty (entry)); Setpte: set_pte_at (mm, address, page_table, entry); / / set the page table entry to the new mapping relationship. Return 0;}

The implementation of the do_anonymous_page function is interesting. According to whether the page fault exception is caused by a read operation or a write operation, it is divided into two different processing logic, as follows:

If it is caused by a read operation, then zero pages will be used for mapping (zero pages are a special memory page in the Linux kernel, and all page fault exceptions caused by read operations will point to this page, thus reducing the consumption of physical memory) and set to read-only (because zero pages cannot be written). If you write to this page next time, a page missing exception for the write operation will be triggered and you will proceed to the following steps.

If it is caused by a write operation, apply for a new physical memory page, then generate a mapping based on the address of the physical memory page, and then populate (map) the page table entries.

Thank you for your reading, these are the contents of "the detailed process of Linux memory allocation". After the study of this article, I believe you have a deeper understanding of the detailed process of Linux memory allocation, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.