首页 > 代码库 > linux进程调度函数浅析(基于3.16-rc4)
linux进程调度函数浅析(基于3.16-rc4)
众所周知,进程调度使用schedule()函数来完成,下面我们从分析该函数开始,代码如下(kernel/sched/core.c):
1 asmlinkage __visible void __sched schedule(void)2 {3 struct task_struct *tsk = current;4 5 sched_submit_work(tsk);6 __schedule();7 }8 EXPORT_SYMBOL(schedule);
第3行获取当前进程描述符指针,存放在本地变量tsk中。第6行调用__schedule(),代码如下(kernel/sched/core.c)。
1 static void __sched __schedule(void) 2 { 3 struct task_struct *prev, *next; 4 unsigned long *switch_count; 5 struct rq *rq; 6 int cpu; 7 8 need_resched: 9 preempt_disable();10 cpu = smp_processor_id();11 rq = cpu_rq(cpu);12 rcu_note_context_switch(cpu);13 prev = rq->curr;14 15 schedule_debug(prev);16 17 if (sched_feat(HRTICK))18 hrtick_clear(rq);19 20 /*21 * Make sure that signal_pending_state()->signal_pending() below22 * can‘t be reordered with __set_current_state(TASK_INTERRUPTIBLE)23 * done by the caller to avoid the race with signal_wake_up().24 */25 smp_mb__before_spinlock();26 raw_spin_lock_irq(&rq->lock);27 28 switch_count = &prev->nivcsw;29 if (prev->state && !(preempt_count() & PREEMPT_ACTIVE)) {30 if (unlikely(signal_pending_state(prev->state, prev))) {31 prev->state = TASK_RUNNING;32 } else {33 deactivate_task(rq, prev, DEQUEUE_SLEEP);34 prev->on_rq = 0;35 36 /*37 * If a worker went to sleep, notify and ask workqueue38 * whether it wants to wake up a task to maintain39 * concurrency.40 */41 if (prev->flags & PF_WQ_WORKER) {42 struct task_struct *to_wakeup;43 44 to_wakeup = wq_worker_sleeping(prev, cpu);45 if (to_wakeup)46 try_to_wake_up_local(to_wakeup);47 }48 }49 switch_count = &prev->nvcsw;50 }51 52 if (prev->on_rq || rq->skip_clock_update < 0)53 update_rq_clock(rq);54 55 next = pick_next_task(rq, prev);56 clear_tsk_need_resched(prev);57 clear_preempt_need_resched();58 rq->skip_clock_update = 0;59 60 if (likely(prev != next)) {61 rq->nr_switches++;62 rq->curr = next;63 ++*switch_count;64 65 context_switch(rq, prev, next); /* unlocks the rq */66 /*67 * The context switch have flipped the stack from under us68 * and restored the local variables which were saved when69 * this task called schedule() in the past. prev == current70 * is still correct, but it can be moved to another cpu/rq.71 */72 cpu = smp_processor_id();73 rq = cpu_rq(cpu);74 } else75 raw_spin_unlock_irq(&rq->lock);76 77 post_schedule(rq);78 79 sched_preempt_enable_no_resched();80 if (need_resched())81 goto need_resched;82 }
第9行禁止内核抢占。第10行获取当前的cpu号。第11行获取当前cpu的进程运行队列。第13行将当前进程的描述符指针保存在prev变量中。第55行将下一个被调度的进程描述符指针存放在next变量中。第56行清除当前进程的内核抢占标记。第60行判断当前进程和下一个调度的是不是同一个进程,如果不是的话,就要进行调度。第65行,对当前进程和下一个进程的上下文进行切换(调度之前要先切换上下文)。下面看看该函数(kernel/sched/core.c):
1 context_switch(struct rq *rq, struct task_struct *prev, 2 struct task_struct *next) 3 { 4 struct mm_struct *mm, *oldmm; 5 6 prepare_task_switch(rq, prev, next); 7 8 mm = next->mm; 9 oldmm = prev->active_mm;10 /*11 * For paravirt, this is coupled with an exit in switch_to to12 * combine the page table reload and the switch backend into13 * one hypercall.14 */15 arch_start_context_switch(prev);16 17 if (!mm) {18 next->active_mm = oldmm;19 atomic_inc(&oldmm->mm_count);20 enter_lazy_tlb(oldmm, next);21 } else22 switch_mm(oldmm, mm, next);23 24 if (!prev->mm) {25 prev->active_mm = NULL;26 rq->prev_mm = oldmm;27 }28 /*29 * Since the runqueue lock will be released by the next30 * task (which is an invalid locking op but in the case31 * of the scheduler it‘s an obvious special-case), so we32 * do an early lockdep release here:33 */34 #ifndef __ARCH_WANT_UNLOCKED_CTXSW35 spin_release(&rq->lock.dep_map, 1, _THIS_IP_);36 #endif37 38 context_tracking_task_switch(prev, next);39 /* Here we just switch the register state and the stack. */40 switch_to(prev, next, prev);41 42 barrier();43 /*44 * this_rq must be evaluated again because prev may have moved45 * CPUs since it called schedule(), thus the ‘rq‘ on its stack46 * frame will be invalid.47 */48 finish_task_switch(this_rq(), prev);49 }
上下文切换一般分为两个,一个是硬件上下文切换(指的是cpu寄存器,要把当前进程使用的寄存器内容保存下来,再把下一个程序的寄存器内容恢复),另一个是切换进程的地址空间(说白了就是程序代码)。进程的地址空间(程序代码)主要保存在进程描述符中的struct mm_struct结构体中,因此该函数主要是操作这个结构体。第17行如果被调度的下一个进程地址空间mm为空,也说明这个进程是个线程,没有独立的地址空间,共用所属进程的地址空间,因此第18行将上个进程所使用的地址空间active_mm指针赋给下一个进程的该域,下一个进程也使用这个地址空间。第22行,如果下个进程地址空间不为空,说明下个进程有自己的地址空间,那么执行switch_mm切换进程页表。第40行切换进程的硬件上下文。 switch_to函数代码如下(arch/x86/include/asm/switch_to.h):
1 #define switch_to(prev, next, last) 2 do { 3 /* 4 * Context-switching clobbers all registers, so we clobber 5 * them explicitly, via unused output variables. 6 * (EAX and EBP is not listed because EBP is saved/restored 7 * explicitly for wchan access and EAX is the return value of 8 * __switch_to()) 9 */ 10 unsigned long ebx, ecx, edx, esi, edi; 11 12 asm volatile("pushfl\n\t" /* save flags */ 13 "pushl %%ebp\n\t" /* save EBP */ 14 "movl %%esp,%[prev_sp]\n\t" /* save ESP */ 15 "movl %[next_sp],%%esp\n\t" /* restore ESP */ 16 "movl $1f,%[prev_ip]\n\t" /* save EIP */ 17 "pushl %[next_ip]\n\t" /* restore EIP */ 18 __switch_canary 19 "jmp __switch_to\n" /* regparm call */ 20 "1:\t" 21 "popl %%ebp\n\t" /* restore EBP */ 22 "popfl\n" /* restore flags */ 23 24 /* output parameters */ 25 : [prev_sp] "=m" (prev->thread.sp), 26 [prev_ip] "=m" (prev->thread.ip), 27 "=a" (last), 28 29 /* clobbered output registers: */ 30 "=b" (ebx), "=c" (ecx), "=d" (edx), 31 "=S" (esi), "=D" (edi) 32 33 __switch_canary_oparam 34 35 /* input parameters: */ 36 : [next_sp] "m" (next->thread.sp), 37 [next_ip] "m" (next->thread.ip), 38 39 /* regparm parameters for __switch_to(): */ 40 [prev] "a" (prev), 41 [next] "d" (next) 42 43 __switch_canary_iparam 44 45 : /* reloaded segment registers */ 46 "memory"); 47 } while (0)
该函数中使用了内联汇编来完成进程的硬件上下文切换。第12-13行将eflags和ebp寄存器的值压栈,因为当进程再次切换回来后要用到这两个寄存器的值。第14行将当前进程的栈顶指针保存到进程的thread_info.sp中。第15行将下个进程的thread_info.sp中的值恢复到esp寄存器中,切换到下个进程的内核栈,至此,进程切换就完成了(进程的内核栈的切换是进程切换的标志),后边代码的执行就是在新进程中进行。第16行将标号1所代表的地址存放到上个进程的thread_info.ip中,以后如果切换到上个进程,就从thread_info.ip所指向的代码处执行(实际上,你想让上个进程再次被切换到时从哪个指令开始执行,就将该指令的地址保存在上个进程的thread_info.ip中,进程的现场保护和函数调用时候的现场保护是有区别的,函数调用的现场保护是将寄存器的值压栈(毕竟堆栈没有切换),然后恢复现场时再将寄存器的值弹出来;进程切换的现场保护是将寄存器的值存入进程的thread_info结构中,当被切换掉的进程再次执行时,再从thread_info结构中恢复现场,毕竟进程切换了连内核堆栈都一同换掉了,所以必定要将进程的资源保存在和进程相关的数据结构中,才不会丢失而且容易被恢复)。第17行将当前进程的thread_info.ip压入内核栈中,一会要从这个ip指向的指令开始执行。第19行跳入到__switch_to函数中。下面看下__switch_to函数代码(arch/x86/kernel/process_32.c):
1 __visible __notrace_funcgraph struct task_struct * 2 __switch_to(struct task_struct *prev_p, struct task_struct *next_p) 3 { 4 struct thread_struct *prev = &prev_p->thread, 5 *next = &next_p->thread; 6 int cpu = smp_processor_id(); 7 struct tss_struct *tss = &per_cpu(init_tss, cpu); 8 fpu_switch_t fpu; 9 10 /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */11 12 fpu = switch_fpu_prepare(prev_p, next_p, cpu);13 14 /*15 * Reload esp0.16 */17 load_sp0(tss, next);18 19 /*20 * Save away %gs. No need to save %fs, as it was saved on the21 * stack on entry. No need to save %es and %ds, as those are22 * always kernel segments while inside the kernel. Doing this23 * before setting the new TLS descriptors avoids the situation24 * where we temporarily have non-reloadable segments in %fs25 * and %gs. This could be an issue if the NMI handler ever26 * used %fs or %gs (it does not today), or if the kernel is27 * running inside of a hypervisor layer.28 */29 lazy_save_gs(prev->gs);30 31 /*32 * Load the per-thread Thread-Local Storage descriptor.33 */34 load_TLS(next, cpu);35 36 /*37 * Restore IOPL if needed. In normal use, the flags restore38 * in the switch assembly will handle this. But if the kernel39 * is running virtualized at a non-zero CPL, the popf will40 * not restore flags, so it must be done in a separate step.41 */42 if (get_kernel_rpl() && unlikely(prev->iopl != next->iopl))43 set_iopl_mask(next->iopl);44 45 /*46 * If it were not for PREEMPT_ACTIVE we could guarantee that the47 * preempt_count of all tasks was equal here and this would not be48 * needed.49 */50 task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count);51 this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count);52 53 /*54 * Now maybe handle debug registers and/or IO bitmaps55 */56 if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV ||57 task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT))58 __switch_to_xtra(prev_p, next_p, tss);59 60 /*61 * Leave lazy mode, flushing any hypercalls made here.62 * This must be done before restoring TLS segments so63 * the GDT and LDT are properly updated, and must be64 * done before math_state_restore, so the TS bit is up65 * to date.66 */67 arch_end_context_switch(next_p);68 69 this_cpu_write(kernel_stack,70 (unsigned long)task_stack_page(next_p) +71 THREAD_SIZE - KERNEL_STACK_OFFSET);72 73 /*74 * Restore %gs if needed (which is common)75 */76 if (prev->gs | next->gs)77 lazy_load_gs(next->gs);78 79 switch_fpu_finish(next_p, fpu);80 81 this_cpu_write(current_task, next_p);82 83 return prev_p;84 }
该函数主要是对刚切换过来的新进程进一步做些初始化工作。比如第34将该进程使用的线程局部存储段(TLS)装入本地cpu的全局描述符表。第84行返回语句会被编译成两条汇编指令,一条是将返回值prev_p保存到eax寄存器,另外一个是ret指令,将内核栈顶的元素弹出eip寄存器,从这个eip指针处开始执行,也就是上个函数第17行所压入的那个指针。一般情况下,被压入的指针是上个函数第20行那个标号1所代表的地址,那么从__switch_to函数返回后,将从标号1处开始运行。
需要注意的是,对于已经被调度过的进程而言,从__switch_to函数返回后,将从标号1处开始运行;但是对于用fork(),clone()等函数刚创建的新进程(未调度过),将进入ret_from_fork()函数,因为do_fork()函数在创建好进程之后,会给进程的thread_info.ip赋予ret_from_fork函数的地址,而不是标号1的地址,因此它会跳入ret_from_fork函数。后边我们在分析fork系统调用的时候,就会看到。
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。