In what space does the linux driver run?

Linux driver runs in the "kernel" space. Generally, drivers call kmalloc() to allocate memory for data structures, call vmalloc() to allocate data structures for active swap areas, allocate buffers for some I/O drivers, or allocate space for modules; kmalloc and vmalloc allocate kernel memory.

#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.

Linux driver runs in the "kernel" space.

For generally written microcontroller programs, applications and drivers are often mixed. Microcontroller programmers with a certain level of ability can realize the layering of applications and drivers. In Linux systems, applications and drivers have been forced to be layered.

In the microcontroller program, the application can directly operate the underlying registers. However, such behavior is prohibited in Linux systems. For example: The writer of a Linux application deliberately calls the power management driver in the application and shuts down the system. Isn't it worth the gain?

The specific Linux application calls the driver as shown in the figure:

The application runs in the user space, and the driver runs in the kernel space. If an application in user space wants to operate the kernel, it must use a "system call" method to enter the kernel space from user space and operate the underlying layer.

Kernel space in Linux

The kernel is also a program and should also have its own virtual memory space. However, as a program that serves user programs, the kernel space has its own characteristics.

The relationship between kernel space and user space

In a 32-bit system, the maximum virtual space of a program can be 4GB, then the maximum The straightforward approach is to regard the kernel as a program so that it has the same 4GB space as other programs. However, this approach will cause the system to continuously switch the page table of the user program and the kernel page table, thus affecting the efficiency of the computer. The best way to solve this problem is to divide the 4GB space into two parts: one part is user space and the other part is kernel space. This can ensure that the kernel space is fixed and unchanged, and when the program switches, only the The program's page table. The only disadvantage of this approach is that both kernel space and user space become smaller.

For example: On a 32-bit hardware platform such as i386, Linux defines a constant PAGE_OFFSET in the file page.h:

#ifdef CONFIG_MMU
#define __PAGE_OFFSET  (0xC0000000)        //0xC0000000为3GB
#else
#define __PAGE_OFFSET  (0x00000000)
#endif

#define PAGE_OFFSET		((unsigned long)__PAGE_OFFSET)

Linux uses PAGE_OFFSET as the boundary The 4GB virtual memory space is divided into two parts: the low address space at addresses 0~3G-1 is user space, with a size of 3GB; the high address space at addresses 3GB~4GB-1 is kernel space, with a size of 1GB.

When multiple programs are running in the system, the relationship between multiple user spaces and kernel space can be expressed as follows:

As shown in the figure As shown, programs 1, 2...n share the kernel space. Of course, sharing here refers to time-sharing, because at any time, for a single-core processor system, only one program can be running.

The overall layout of the kernel space

In the development process of Linux, with the update of hardware equipment and the improvement of technical level, its kernel space The development of the layout is also a continuous patching process. The consequence of this is that the kernel space is divided into several different areas, and different areas have different mapping methods. Usually, people think that the Linux kernel space has three areas, namely DMA area (ZONE_DMA), normal area (ZONE_NORMAL) and high-end memory area (ZONE_HIGHMEM).

Direct mapping of kernel space when the actual physical memory is small

The actual physical memory configured in early computers is usually only a few MB, so In order to improve the speed of the kernel accessing the physical address memory through the virtual address, the virtual address and the physical memory address of the kernel space adopt a fixed mapping method that corresponds one to one from the low address to the high address. As shown in the figure below Display:

It can be seen that This fixed mapping method makes the relationship between virtual address and physical address very simple, that is, the kernel virtual address and the actual physical address There is only a fixed offset PAGE_OFFSET in value, so when the kernel uses the virtual address to access the physical page frame, it only needs to subtract PAGE_OFFSET from the virtual address to get the actual physical address, which is faster than using the page table. many!

Since this approach is almost to directly use the physical address, this kind of kernel space based on a fixed mapping method is also called "physical memory space", or physical memory for short. In addition, Since the fixed mapping method is a linear mapping, this area is also called the linear mapping area.

Of course, in this case (when the actual physical memory of the computer is small), the kernel fixed mapping space only occupies a part of the entire 1GB kernel space. For example: When configuring an x86 computer system with 32MB of actual physical memory, the fixed mapping area of ​​the kernel is the 32MB space of PAGE_OFFSET~ (PAGE_OFFSET 0x02000000). So what to do with the remaining kernel virtual space in the kernel space?

Of course, physical memory is still used in the non-linear mapping of page tables according to the management method of ordinary virtual space. Specifically, the fixed mapping area is removed from the entire 1GB kernel space, and then an 8MB isolation area at the beginning is removed from the remaining part. The remainder is an ordinary virtual memory mapping area that is mapped in the same way as user space. In this area, there is not only no fixed mapping relationship between virtual addresses and physical addresses, but also dynamic memory is obtained by calling the kernel function vmalloc(), so this area is called the vmalloc allocation area, As shown in the figure below:

For an x86 computer system configured with 32MB of actual physical memory, the starting position of the vmalloc allocation area is PAGE_OFFSET 0x02000000 0x00800000.

Let me explain here: The fixed mapping between the kernel space and the physical page frame mentioned here is essentially a "predetermination" of the kernel page to the physical page frame. It does not mean that these pages "occupy" the physical page frame. ” these physical page frames. That is, the virtual page is bound to the physical page frame only when the virtual page actually needs to access the physical page frame. Normally, when a physical page frame is not used by its corresponding virtual page, the page frame can be used by user space and the kernel kmalloc allocation area introduced later.

In short, in a system with smaller actual physical memory, the size of the actual memory is the boundary between the physical memory area of ​​the kernel space and the vmalloc allocation area.

ZONE_DMA area and ZONE_NORMAL area

For the entire 1GB kernel space, people also call the 16MB at the head of the space DMA Zone, that is, ZONE_DMA zone, because in the past hardware fixed the DMA space in the lower 16MB space of physical memory; the remaining zones are called normal zones, that is, ZONE_NORMAL.

High-end memory of the kernel space

With the development of computer technology, the actual physical memory of the computer is becoming more and more Large, so that the kernel fixed mapping area (linear area) becomes larger and larger. Obviously, if no restrictions are imposed, when the actual physical memory reaches 1GB, the vmalloc allocation area (non-linear area) will no longer exist. Therefore, the previously developed kernel code that called vmalloc() is no longer available. Obviously, in order to be compatible with earlier kernel codes, this is not allowed.

The following figure shows the situation faced by this kernel space:

Obviously, The reason for the above problems is that the actual situation was not anticipated Physical memory can exceed 1GB, so there is no limit set on the boundaries of the kernel's fixed mapping area, which is allowed to grow with the actual physical memory.

The way to solve the above problem is: Limit the upper limit of the fixed mapping area of ​​the kernel space so that it cannot increase arbitrarily with the increase of physical memory. Linux stipulates that the upper boundary value of the kernel mapping area cannot be greater than a constant high_menory that is less than 1G. When the actual physical memory is large, 3G high_memory is used as the boundary to determine the physical memory area.

For example: For x86 systems, the value of high_memory is 896M, so the remaining 128MB of 1GB kernel space is a non-linear mapping area. This ensures that in any case, the kernel has enough non-linear mapping area to be compatible with early code and can access more than 1GB of actual physical memory in a normal virtual memory manner.

In other words, the most basic idea of ​​​​high-end memory: borrow a section of address space to establish a temporary address mapping, and release it after use. When this address space is reached, it can be recycled and access all physical memory. When the computer has a large physical memory, the schematic diagram of the kernel space is as follows:

Traditionally, Linux calls this part of the kernel space 3G high_memory~4G-1 High-end memory zone (ZONE_HIGHMEM).

To summarize: In the kernel space of the x86 structure, the three types of areas (calculated from 3G) are as follows:

• ZONE_DMA: 16MB from the beginning of the kernel space
• ZONE_NORMAL: 16MB~896MB of the kernel space (fixed mapping)
• ZONE_HIGHMEM: Kernel space 896MB ~ end (1G)

According to different application targets, high-end memory is divided into vmalloc area, persistent mapping area and temporary mapping area. The layout of high-end memory in the kernel space is as shown below:

vmalloc mapping area

## The #vmalloc mapping area is the main part of high-end memory. There is an 8MB isolation area between the head of the interval and the kernel linear mapping space, and a 4KB isolation area between the tail and the subsequent persistent mapping area.

The mapping method of vmalloc mapping area is exactly the same as that of user space. The kernel can obtain memory in this area by calling the function vmalloc(). The function of this function is equivalent to malloc() in user space. The provided memory space is continuous at the virtual address (note that the physical address is not guaranteed to be continuous).

Persistent kernel mapping area

If the page corresponding to the high-end memory is obtained through alloc_page(), how to find it? A linear space?

The kernel specially sets aside a linear space for this purpose, starting from PKMAP_BASE, which is used to map high-end memory, which is the durable kernel mapping area.

In the persistent kernel mapping area, you can establish a long-term mapping between the physical page frame and the kernel virtual page by calling the function kmap(). This space is usually 4MB and can map up to 1024 page frames. The number is relatively rare. Therefore, in order to enhance the turnover of page frames, the function kunmap() should be called in time to release the physical page frames that are no longer used.

Temporary mapping area

The temporary mapping area is also called the fixed mapping area and the reserved area. This area is mainly used in multi-processor systems. Because the memory space obtained in this area is not protected, the memory obtained must be used in time; otherwise, once there is a new request, the content on the page frame will be overwritten. , so this area is called the temporary mapping area.

A very good article about the high-end memory area:

linux user space and kernel space-detailed explanation of high-end memory.

Kernel memory allocation modifier gfp

#In order to make the necessary description of the request in the kernel memory request function, Linux defines many A memory allocation modifier gfp. They are behavior modifiers, area modifiers, and type modifiers.

Behavior modifiers

The behavior modifiers in the memory allocation function describe how the kernel should allocate memory. The main behavior modifiers are as follows:

Main kernel memory allocation behavior modifiers for LinuxModifierDescription__GFP_WAITThe allocator can sleep__GFP_HIGHThe allocator can access the emergency buffer pool__GFP_IOThe allocator can start disk IO__GFP_FSThe allocator can start file system IO__GFP_COLDThe allocator should use page frames that are about to be evicted from the cache__GFP_NOWARNThe allocator does not issue WARNING__GFP_REPEATReallocation on allocation failure__GFP_NOFAILTReallocation on allocation failure, Until successful__GFP_NORETRYNo reallocation of the

area when allocation fails Modifier

#The area modifier indicates which area of ​​the kernel space needs to allocate memory. By default, the memory allocator starts from ZONE_NORMAL in the kernel space and gradually allocates the memory area to the memory requester. If the user specifically needs to obtain memory from ZONE_DMA or ZONE_HOGNMEM, then the memory requester needs to use the following two in the memory request function. Area modifier description:

Linux’s main kernel memory allocation area modifier##Modifier__GFP_DMA__GFP_HIGHMEM

类型修饰符

类型修饰符实质上是上述所述修饰符的联合应用。也就是：将上述的某些行为修饰符和区修饰符，用“|”进行连接并另外取名的修饰符。这里就不多介绍了。

内核常用内存分配及地址映射函数

函数vmalloc()

函数vmalloc()在vmalloc分配区分配内存，可获得虚拟地址连续，但并不保证其物理页框连续的较大内存。与物理空间的内存分配函数malloc()有所区别，vmalloc()分配的物理页不会被交换出去。函数vmalloc()的原型如下：

void *vmalloc(unsigned long size)
{
       return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL);
}

void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
{
	return kmalloc(size, (gfp_mask | __GFP_COMP) & ~__GFP_HIGHMEM);
}

其中，参数size为所请求内存的大小，返回值为所获得内存虚拟地址指针。

与vmalloc()配套的释放函数如下：

void vfree(const void *addr)
{
	kfree(addr);
}

其中，参数addr为待释放内存指针。

函数kmalloc()

kmalloc()是内核另一个常用的内核分配函数，它可以分配一段未清零的连续物理内存页，返回值为直接映射地址。由kmalloc()可分配的内存最大不能超过32页。其优点是分配速度快，缺点是不能分配大于128KB的内存页（出于跨平台考虑）。

在linux/slab.h文件中，该函数的原型声明如下：

static __always_inline void *kmalloc(size_t size, gfp_t flags)
{
	struct kmem_cache *cachep;
	void *ret;

	if (__builtin_constant_p(size)) {
		int i = 0;

		if (!size)
			return ZERO_SIZE_PTR;

#define CACHE(x) \
		if (size <= x) \
			goto found; \
		else \
			i++;
#include <linux/kmalloc_sizes.h>
#undef CACHE
		return NULL;
found:
#ifdef CONFIG_ZONE_DMA
		if (flags & GFP_DMA)
			cachep = malloc_sizes[i].cs_dmacachep;
		else
#endif
			cachep = malloc_sizes[i].cs_cachep;

		ret = kmem_cache_alloc_notrace(cachep, flags);

		trace_kmalloc(_THIS_IP_, ret,
			      size, slab_buffer_size(cachep), flags);

		return ret;
	}
	return __kmalloc(size, flags);
}

其中，参数size为以字节为单位表示的所申请空间的大小；参数flags决定了所分配的内存适合什么场合。

与函数kmalloc()对应的释放函数如下：

void kfree(const void *objp)
{
	struct kmem_cache *c;
	unsigned long flags;

	trace_kfree(_RET_IP_, objp);

	if (unlikely(ZERO_OR_NULL_PTR(objp)))
		return;
	local_irq_save(flags);
	kfree_debugcheck(objp);
	c = virt_to_cache(objp);
	debug_check_no_locks_freed(objp, obj_size(c));
	debug_check_no_obj_freed(objp, obj_size(c));
	__cache_free(c, (void *)objp);
	local_irq_restore(flags);
}

小结一下，kmalloc、vmalloc、malloc的区别：

• kmalloc和vmalloc是分配的是内核的内存，malloc分配的是用户的内存；
• kmalloc保证分配的内存在物理上是连续的，vmalloc保证的是在虚拟地址空间上的连续，malloc不保证任何东西；
• kmalloc能分配的大小有限，vmalloc和malloc能分配的大小相对较大；
• vmalloc比kmalloc要慢。

也就是说：kmalloc、vmalloc这两个函数所分配的内存都处于内核空间，即从3GB～4GB；但位置不同，kmalloc()分配的内存处于3GB～high_memory（ZONE_DMA、ZONE_NORMAL）之间，而vmalloc()分配的内存在VMALLOC_START～4GB（ZONE_HIGHMEM）之间，也就是非连续内存区。一般情况下在驱动程序中都是调用kmalloc()来给数据结构分配内存，而vmalloc()用在为活动的交换区分配数据结构，为某些I/O驱动程序分配缓冲区，或为模块分配空间。

可参考文章：Kmalloc和Vmalloc的区别。

函数alloc_pages()

与上述在虚拟空间分配内存的函数不同，alloc_pages()是在物理内存空间分配物理页框的函数，其原型如下：

static inline struct page * alloc_pages(gfp_t gfp_mask, unsigned int order)
{
	if (unlikely(order >= MAX_ORDER))
		return NULL;

	return alloc_pages_current(gfp_mask, order);
}

其中，参数order表示所分配页框的数目，该数目为2^order。order的最大值由include/Linux/Mmzone.h文件中的宏MAX_ORDER决定。参数gfp_mask为说明内存页框分配方式及使用场合。

函数返回值为页框块的第一个页框page结构的地址。

调用下列函数可以获得页框的虚拟地址：

void *page_address(struct page *page)
{
	unsigned long flags;
	void *ret;
	struct page_address_slot *pas;
 
	if (!PageHighMem(page))
		return lowmem_page_address(page);
 
	pas = page_slot(page);
	ret = NULL;
	spin_lock_irqsave(&pas->lock, flags);
	if (!list_empty(&pas->lh)) {
		struct page_address_map *pam;
 
		list_for_each_entry(pam, &pas->lh, list) {
			if (pam->page == page) {
				ret = pam->virtual;
				goto done;
			}
		}
	}
done:
	spin_unlock_irqrestore(&pas->lock, flags);
	return ret;
}

使用函数alloc_pages()获得的内存应该使用下面的函数释放：

void __free_pages(struct page *page, unsigned int order)
{
	if (put_page_testzero(page)) {
		if (order == 0)
			free_hot_page(page);
		else
			__free_pages_ok(page, order);
	}
}

函数kmap()

kmap()是一个映射函数，它可以将一个物理页框映射到内核空间的可持久映射区。这种映射类似于内核ZONE_NORMAL的固定映射，但虚拟地址与物理地址的偏移不一定是PAGE_OFFSET。由于内核可持久映射区的容量有限（总共只有4MB），因此当内存使用完毕后，应该立即释放。

函数kmap()的函数原型如下：

void *kmap(struct page *page)
{
	might_sleep();
	if (!PageHighMem(page))
		return page_address(page);
	return kmap_high(page);
}

小结

由于CPU的地址总线只有32位， 32的地址总线无论是从逻辑上还是从物理上都只能描述4G的地址空间（232=4Gbit），在物理上理论上最多拥有4G内存（除了IO地址空间，实际内存容量小于4G），逻辑空间也只能描述4G的线性地址空间。

为了合理的利用逻辑4G空间，Linux采用了3：1的策略，即内核占用1G的线性地址空间，用户占用3G的线性地址空间。所以用户进程的地址范围从0~3G，内核地址范围从3G~4G，也就是说，内核空间只有1G的逻辑线性地址空间。

If the Linux physical memory is less than 1G of space, usually the kernel linearly maps the physical memory to its address space, that is, one-to-one mapping, which can improve access speed. However, when Linux physical memory exceeds 1G, the linear access mechanism is not enough, because only 1G of memory can be mapped, and the remaining physical memory cannot be managed by the kernel. Therefore, in order to solve this problem, Linux The kernel address is divided into two parts, the linear area and the non-linear area. The linear area is stipulated to be a maximum of 896M, and the remaining 128M is the non-linear area. Therefore, the physical memory mapped by the linear area becomes low-end memory, and the remaining physical memory is called high-end memory. Unlike linear regions, nonlinear regions are not memory mapped ahead of time, but dynamically mapped when used.

Low-end memory is divided into two parts: ZONE_DMA: 16MB starting from the kernel space, ZONE_NORMAL: 16MB~896MB of the kernel space (fixed mapping). The rest is high-end memory: ZONE_HIGHMEM: kernel space 896MB ~ end (1G).

According to different application goals, high-end memory is divided into three parts: vmalloc area, persistent mapping area and temporary mapping area. The vmalloc area is allocated using the vmalloc() function; the persistent mapping area uses allc_pages() to obtain the corresponding page, and is directly mapped using the kmap() function; the temporary mapping area is generally used for special needs.

Description
Allocate memory from ZONE_DMA area
Allocate memory from ZONE_HIGHMEM area

##User Space (0~3G-1)Page Directory-- >Intermediate page directory-->Page table

User space and kernel space

Kernel space (3G~4G)	High-end memory (3G high_memory ~4G) ZONE_HIGHMEM Nonlinear mapping area	Temporary mapping area
		Persistent mapping area
		vmalloc area
	Low-end memory (3G~3G high_memory-1) Linear mapping area (fixed mapping area)	ZONE_NORMAL
		ZONE_DMA

Related recommendations: "

Linux Video Tutorial"

The above is the detailed content of In what space does the linux driver run?. For more information, please follow other related articles on the PHP Chinese website!