| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" |
| "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" []> |
| |
| <book id="lk-hacking-guide"> |
| <bookinfo> |
| <title>Unreliable Guide To Hacking The Linux Kernel</title> |
| |
| <authorgroup> |
| <author> |
| <firstname>Paul</firstname> |
| <othername>Rusty</othername> |
| <surname>Russell</surname> |
| <affiliation> |
| <address> |
| <email>rusty@rustcorp.com.au</email> |
| </address> |
| </affiliation> |
| </author> |
| </authorgroup> |
| |
| <copyright> |
| <year>2001</year> |
| <holder>Rusty Russell</holder> |
| </copyright> |
| |
| <legalnotice> |
| <para> |
| This documentation is free software; you can redistribute |
| it and/or modify it under the terms of the GNU General Public |
| License as published by the Free Software Foundation; either |
| version 2 of the License, or (at your option) any later |
| version. |
| </para> |
| |
| <para> |
| This program is distributed in the hope that it will be |
| useful, but WITHOUT ANY WARRANTY; without even the implied |
| warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU General Public License for more details. |
| </para> |
| |
| <para> |
| You should have received a copy of the GNU General Public |
| License along with this program; if not, write to the Free |
| Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
| MA 02111-1307 USA |
| </para> |
| |
| <para> |
| For more details see the file COPYING in the source |
| distribution of Linux. |
| </para> |
| </legalnotice> |
| |
| <releaseinfo> |
| This is the first release of this document as part of the kernel tarball. |
| </releaseinfo> |
| |
| </bookinfo> |
| |
| <toc></toc> |
| |
| <chapter id="introduction"> |
| <title>Introduction</title> |
| <para> |
| Welcome, gentle reader, to Rusty's Unreliable Guide to Linux |
| Kernel Hacking. This document describes the common routines and |
| general requirements for kernel code: its goal is to serve as a |
| primer for Linux kernel development for experienced C |
| programmers. I avoid implementation details: that's what the |
| code is for, and I ignore whole tracts of useful routines. |
| </para> |
| <para> |
| Before you read this, please understand that I never wanted to |
| write this document, being grossly under-qualified, but I always |
| wanted to read it, and this was the only way. I hope it will |
| grow into a compendium of best practice, common starting points |
| and random information. |
| </para> |
| </chapter> |
| |
| <chapter id="basic-players"> |
| <title>The Players</title> |
| |
| <para> |
| At any time each of the CPUs in a system can be: |
| </para> |
| |
| <itemizedlist> |
| <listitem> |
| <para> |
| not associated with any process, serving a hardware interrupt; |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| not associated with any process, serving a softirq, tasklet or bh; |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| running in kernel space, associated with a process; |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| running a process in user space. |
| </para> |
| </listitem> |
| </itemizedlist> |
| |
| <para> |
| There is a strict ordering between these: other than the last |
| category (userspace) each can only be pre-empted by those above. |
| For example, while a softirq is running on a CPU, no other |
| softirq will pre-empt it, but a hardware interrupt can. However, |
| any other CPUs in the system execute independently. |
| </para> |
| |
| <para> |
| We'll see a number of ways that the user context can block |
| interrupts, to become truly non-preemptable. |
| </para> |
| |
| <sect1 id="basics-usercontext"> |
| <title>User Context</title> |
| |
| <para> |
| User context is when you are coming in from a system call or |
| other trap: you can sleep, and you own the CPU (except for |
| interrupts) until you call <function>schedule()</function>. |
| In other words, user context (unlike userspace) is not pre-emptable. |
| </para> |
| |
| <note> |
| <para> |
| You are always in user context on module load and unload, |
| and on operations on the block device layer. |
| </para> |
| </note> |
| |
| <para> |
| In user context, the <varname>current</varname> pointer (indicating |
| the task we are currently executing) is valid, and |
| <function>in_interrupt()</function> |
| (<filename>include/linux/interrupt.h</filename>) is <returnvalue>false |
| </returnvalue>. |
| </para> |
| |
| <caution> |
| <para> |
| Beware that if you have interrupts or bottom halves disabled |
| (see below), <function>in_interrupt()</function> will return a |
| false positive. |
| </para> |
| </caution> |
| </sect1> |
| |
| <sect1 id="basics-hardirqs"> |
| <title>Hardware Interrupts (Hard IRQs)</title> |
| |
| <para> |
| Timer ticks, <hardware>network cards</hardware> and |
| <hardware>keyboard</hardware> are examples of real |
| hardware which produce interrupts at any time. The kernel runs |
| interrupt handlers, which services the hardware. The kernel |
| guarantees that this handler is never re-entered: if another |
| interrupt arrives, it is queued (or dropped). Because it |
| disables interrupts, this handler has to be fast: frequently it |
| simply acknowledges the interrupt, marks a `software interrupt' |
| for execution and exits. |
| </para> |
| |
| <para> |
| You can tell you are in a hardware interrupt, because |
| <function>in_irq()</function> returns <returnvalue>true</returnvalue>. |
| </para> |
| <caution> |
| <para> |
| Beware that this will return a false positive if interrupts are disabled |
| (see below). |
| </para> |
| </caution> |
| </sect1> |
| |
| <sect1 id="basics-softirqs"> |
| <title>Software Interrupt Context: Bottom Halves, Tasklets, softirqs</title> |
| |
| <para> |
| Whenever a system call is about to return to userspace, or a |
| hardware interrupt handler exits, any `software interrupts' |
| which are marked pending (usually by hardware interrupts) are |
| run (<filename>kernel/softirq.c</filename>). |
| </para> |
| |
| <para> |
| Much of the real interrupt handling work is done here. Early in |
| the transition to <acronym>SMP</acronym>, there were only `bottom |
| halves' (BHs), which didn't take advantage of multiple CPUs. Shortly |
| after we switched from wind-up computers made of match-sticks and snot, |
| we abandoned this limitation. |
| </para> |
| |
| <para> |
| <filename class="headerfile">include/linux/interrupt.h</filename> lists the |
| different BH's. No matter how many CPUs you have, no two BHs will run at |
| the same time. This made the transition to SMP simpler, but sucks hard for |
| scalable performance. A very important bottom half is the timer |
| BH (<filename class="headerfile">include/linux/timer.h</filename>): you |
| can register to have it call functions for you in a given length of time. |
| </para> |
| |
| <para> |
| 2.3.43 introduced softirqs, and re-implemented the (now |
| deprecated) BHs underneath them. Softirqs are fully-SMP |
| versions of BHs: they can run on as many CPUs at once as |
| required. This means they need to deal with any races in shared |
| data using their own locks. A bitmask is used to keep track of |
| which are enabled, so the 32 available softirqs should not be |
| used up lightly. (<emphasis>Yes</emphasis>, people will |
| notice). |
| </para> |
| |
| <para> |
| tasklets (<filename class="headerfile">include/linux/interrupt.h</filename>) |
| are like softirqs, except they are dynamically-registrable (meaning you |
| can have as many as you want), and they also guarantee that any tasklet |
| will only run on one CPU at any time, although different tasklets can |
| run simultaneously (unlike different BHs). |
| </para> |
| <caution> |
| <para> |
| The name `tasklet' is misleading: they have nothing to do with `tasks', |
| and probably more to do with some bad vodka Alexey Kuznetsov had at the |
| time. |
| </para> |
| </caution> |
| |
| <para> |
| You can tell you are in a softirq (or bottom half, or tasklet) |
| using the <function>in_softirq()</function> macro |
| (<filename class="headerfile">include/linux/interrupt.h</filename>). |
| </para> |
| <caution> |
| <para> |
| Beware that this will return a false positive if a bh lock (see below) |
| is held. |
| </para> |
| </caution> |
| </sect1> |
| </chapter> |
| |
| <chapter id="basic-rules"> |
| <title>Some Basic Rules</title> |
| |
| <variablelist> |
| <varlistentry> |
| <term>No memory protection</term> |
| <listitem> |
| <para> |
| If you corrupt memory, whether in user context or |
| interrupt context, the whole machine will crash. Are you |
| sure you can't do what you want in userspace? |
| </para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term>No floating point or <acronym>MMX</acronym></term> |
| <listitem> |
| <para> |
| The <acronym>FPU</acronym> context is not saved; even in user |
| context the <acronym>FPU</acronym> state probably won't |
| correspond with the current process: you would mess with some |
| user process' <acronym>FPU</acronym> state. If you really want |
| to do this, you would have to explicitly save/restore the full |
| <acronym>FPU</acronym> state (and avoid context switches). It |
| is generally a bad idea; use fixed point arithmetic first. |
| </para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term>A rigid stack limit</term> |
| <listitem> |
| <para> |
| The kernel stack is about 6K in 2.2 (for most |
| architectures: it's about 14K on the Alpha), and shared |
| with interrupts so you can't use it all. Avoid deep |
| recursion and huge local arrays on the stack (allocate |
| them dynamically instead). |
| </para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term>The Linux kernel is portable</term> |
| <listitem> |
| <para> |
| Let's keep it that way. Your code should be 64-bit clean, |
| and endian-independent. You should also minimize CPU |
| specific stuff, e.g. inline assembly should be cleanly |
| encapsulated and minimized to ease porting. Generally it |
| should be restricted to the architecture-dependent part of |
| the kernel tree. |
| </para> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </chapter> |
| |
| <chapter id="ioctls"> |
| <title>ioctls: Not writing a new system call</title> |
| |
| <para> |
| A system call generally looks like this |
| </para> |
| |
| <programlisting> |
| asmlinkage long sys_mycall(int arg) |
| { |
| return 0; |
| } |
| </programlisting> |
| |
| <para> |
| First, in most cases you don't want to create a new system call. |
| You create a character device and implement an appropriate ioctl |
| for it. This is much more flexible than system calls, doesn't have |
| to be entered in every architecture's |
| <filename class="headerfile">include/asm/unistd.h</filename> and |
| <filename>arch/kernel/entry.S</filename> file, and is much more |
| likely to be accepted by Linus. |
| </para> |
| |
| <para> |
| If all your routine does is read or write some parameter, consider |
| implementing a <function>sysctl</function> interface instead. |
| </para> |
| |
| <para> |
| Inside the ioctl you're in user context to a process. When a |
| error occurs you return a negated errno (see |
| <filename class="headerfile">include/linux/errno.h</filename>), |
| otherwise you return <returnvalue>0</returnvalue>. |
| </para> |
| |
| <para> |
| After you slept you should check if a signal occurred: the |
| Unix/Linux way of handling signals is to temporarily exit the |
| system call with the <constant>-ERESTARTSYS</constant> error. The |
| system call entry code will switch back to user context, process |
| the signal handler and then your system call will be restarted |
| (unless the user disabled that). So you should be prepared to |
| process the restart, e.g. if you're in the middle of manipulating |
| some data structure. |
| </para> |
| |
| <programlisting> |
| if (signal_pending()) |
| return -ERESTARTSYS; |
| </programlisting> |
| |
| <para> |
| If you're doing longer computations: first think userspace. If you |
| <emphasis>really</emphasis> want to do it in kernel you should |
| regularly check if you need to give up the CPU (remember there is |
| cooperative multitasking per CPU). Idiom: |
| </para> |
| |
| <programlisting> |
| cond_resched(); /* Will sleep */ |
| </programlisting> |
| |
| <para> |
| A short note on interface design: the UNIX system call motto is |
| "Provide mechanism not policy". |
| </para> |
| </chapter> |
| |
| <chapter id="deadlock-recipes"> |
| <title>Recipes for Deadlock</title> |
| |
| <para> |
| You cannot call any routines which may sleep, unless: |
| </para> |
| <itemizedlist> |
| <listitem> |
| <para> |
| You are in user context. |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| You do not own any spinlocks. |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| You have interrupts enabled (actually, Andi Kleen says |
| that the scheduling code will enable them for you, but |
| that's probably not what you wanted). |
| </para> |
| </listitem> |
| </itemizedlist> |
| |
| <para> |
| Note that some functions may sleep implicitly: common ones are |
| the user space access functions (*_user) and memory allocation |
| functions without <symbol>GFP_ATOMIC</symbol>. |
| </para> |
| |
| <para> |
| You will eventually lock up your box if you break these rules. |
| </para> |
| |
| <para> |
| Really. |
| </para> |
| </chapter> |
| |
| <chapter id="common-routines"> |
| <title>Common Routines</title> |
| |
| <sect1 id="routines-printk"> |
| <title> |
| <function>printk()</function> |
| <filename class="headerfile">include/linux/kernel.h</filename> |
| </title> |
| |
| <para> |
| <function>printk()</function> feeds kernel messages to the |
| console, dmesg, and the syslog daemon. It is useful for debugging |
| and reporting errors, and can be used inside interrupt context, |
| but use with caution: a machine which has its console flooded with |
| printk messages is unusable. It uses a format string mostly |
| compatible with ANSI C printf, and C string concatenation to give |
| it a first "priority" argument: |
| </para> |
| |
| <programlisting> |
| printk(KERN_INFO "i = %u\n", i); |
| </programlisting> |
| |
| <para> |
| See <filename class="headerfile">include/linux/kernel.h</filename>; |
| for other KERN_ values; these are interpreted by syslog as the |
| level. Special case: for printing an IP address use |
| </para> |
| |
| <programlisting> |
| __u32 ipaddress; |
| printk(KERN_INFO "my ip: %d.%d.%d.%d\n", NIPQUAD(ipaddress)); |
| </programlisting> |
| |
| <para> |
| <function>printk()</function> internally uses a 1K buffer and does |
| not catch overruns. Make sure that will be enough. |
| </para> |
| |
| <note> |
| <para> |
| You will know when you are a real kernel hacker |
| when you start typoing printf as printk in your user programs :) |
| </para> |
| </note> |
| |
| <!--- From the Lions book reader department --> |
| |
| <note> |
| <para> |
| Another sidenote: the original Unix Version 6 sources had a |
| comment on top of its printf function: "Printf should not be |
| used for chit-chat". You should follow that advice. |
| </para> |
| </note> |
| </sect1> |
| |
| <sect1 id="routines-copy"> |
| <title> |
| <function>copy_[to/from]_user()</function> |
| / |
| <function>get_user()</function> |
| / |
| <function>put_user()</function> |
| <filename class="headerfile">include/asm/uaccess.h</filename> |
| </title> |
| |
| <para> |
| <emphasis>[SLEEPS]</emphasis> |
| </para> |
| |
| <para> |
| <function>put_user()</function> and <function>get_user()</function> |
| are used to get and put single values (such as an int, char, or |
| long) from and to userspace. A pointer into userspace should |
| never be simply dereferenced: data should be copied using these |
| routines. Both return <constant>-EFAULT</constant> or 0. |
| </para> |
| <para> |
| <function>copy_to_user()</function> and |
| <function>copy_from_user()</function> are more general: they copy |
| an arbitrary amount of data to and from userspace. |
| <caution> |
| <para> |
| Unlike <function>put_user()</function> and |
| <function>get_user()</function>, they return the amount of |
| uncopied data (ie. <returnvalue>0</returnvalue> still means |
| success). |
| </para> |
| </caution> |
| [Yes, this moronic interface makes me cringe. Please submit a |
| patch and become my hero --RR.] |
| </para> |
| <para> |
| The functions may sleep implicitly. This should never be called |
| outside user context (it makes no sense), with interrupts |
| disabled, or a spinlock held. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-kmalloc"> |
| <title><function>kmalloc()</function>/<function>kfree()</function> |
| <filename class="headerfile">include/linux/slab.h</filename></title> |
| |
| <para> |
| <emphasis>[MAY SLEEP: SEE BELOW]</emphasis> |
| </para> |
| |
| <para> |
| These routines are used to dynamically request pointer-aligned |
| chunks of memory, like malloc and free do in userspace, but |
| <function>kmalloc()</function> takes an extra flag word. |
| Important values: |
| </para> |
| |
| <variablelist> |
| <varlistentry> |
| <term> |
| <constant> |
| GFP_KERNEL |
| </constant> |
| </term> |
| <listitem> |
| <para> |
| May sleep and swap to free memory. Only allowed in user |
| context, but is the most reliable way to allocate memory. |
| </para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term> |
| <constant> |
| GFP_ATOMIC |
| </constant> |
| </term> |
| <listitem> |
| <para> |
| Don't sleep. Less reliable than <constant>GFP_KERNEL</constant>, |
| but may be called from interrupt context. You should |
| <emphasis>really</emphasis> have a good out-of-memory |
| error-handling strategy. |
| </para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term> |
| <constant> |
| GFP_DMA |
| </constant> |
| </term> |
| <listitem> |
| <para> |
| Allocate ISA DMA lower than 16MB. If you don't know what that |
| is you don't need it. Very unreliable. |
| </para> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| |
| <para> |
| If you see a <errorname>kmem_grow: Called nonatomically from int |
| </errorname> warning message you called a memory allocation function |
| from interrupt context without <constant>GFP_ATOMIC</constant>. |
| You should really fix that. Run, don't walk. |
| </para> |
| |
| <para> |
| If you are allocating at least <constant>PAGE_SIZE</constant> |
| (<filename class="headerfile">include/asm/page.h</filename>) bytes, |
| consider using <function>__get_free_pages()</function> |
| |
| (<filename class="headerfile">include/linux/mm.h</filename>). It |
| takes an order argument (0 for page sized, 1 for double page, 2 |
| for four pages etc.) and the same memory priority flag word as |
| above. |
| </para> |
| |
| <para> |
| If you are allocating more than a page worth of bytes you can use |
| <function>vmalloc()</function>. It'll allocate virtual memory in |
| the kernel map. This block is not contiguous in physical memory, |
| but the <acronym>MMU</acronym> makes it look like it is for you |
| (so it'll only look contiguous to the CPUs, not to external device |
| drivers). If you really need large physically contiguous memory |
| for some weird device, you have a problem: it is poorly supported |
| in Linux because after some time memory fragmentation in a running |
| kernel makes it hard. The best way is to allocate the block early |
| in the boot process via the <function>alloc_bootmem()</function> |
| routine. |
| </para> |
| |
| <para> |
| Before inventing your own cache of often-used objects consider |
| using a slab cache in |
| <filename class="headerfile">include/linux/slab.h</filename> |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-current"> |
| <title><function>current</function> |
| <filename class="headerfile">include/asm/current.h</filename></title> |
| |
| <para> |
| This global variable (really a macro) contains a pointer to |
| the current task structure, so is only valid in user context. |
| For example, when a process makes a system call, this will |
| point to the task structure of the calling process. It is |
| <emphasis>not NULL</emphasis> in interrupt context. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-udelay"> |
| <title><function>udelay()</function>/<function>mdelay()</function> |
| <filename class="headerfile">include/asm/delay.h</filename> |
| <filename class="headerfile">include/linux/delay.h</filename> |
| </title> |
| |
| <para> |
| The <function>udelay()</function> function can be used for small pauses. |
| Do not use large values with <function>udelay()</function> as you risk |
| overflow - the helper function <function>mdelay()</function> is useful |
| here, or even consider <function>schedule_timeout()</function>. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-endian"> |
| <title><function>cpu_to_be32()</function>/<function>be32_to_cpu()</function>/<function>cpu_to_le32()</function>/<function>le32_to_cpu()</function> |
| <filename class="headerfile">include/asm/byteorder.h</filename> |
| </title> |
| |
| <para> |
| The <function>cpu_to_be32()</function> family (where the "32" can |
| be replaced by 64 or 16, and the "be" can be replaced by "le") are |
| the general way to do endian conversions in the kernel: they |
| return the converted value. All variations supply the reverse as |
| well: <function>be32_to_cpu()</function>, etc. |
| </para> |
| |
| <para> |
| There are two major variations of these functions: the pointer |
| variation, such as <function>cpu_to_be32p()</function>, which take |
| a pointer to the given type, and return the converted value. The |
| other variation is the "in-situ" family, such as |
| <function>cpu_to_be32s()</function>, which convert value referred |
| to by the pointer, and return void. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-local-irqs"> |
| <title><function>local_irq_save()</function>/<function>local_irq_restore()</function> |
| <filename class="headerfile">include/asm/system.h</filename> |
| </title> |
| |
| <para> |
| These routines disable hard interrupts on the local CPU, and |
| restore them. They are reentrant; saving the previous state in |
| their one <varname>unsigned long flags</varname> argument. If you |
| know that interrupts are enabled, you can simply use |
| <function>local_irq_disable()</function> and |
| <function>local_irq_enable()</function>. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-softirqs"> |
| <title><function>local_bh_disable()</function>/<function>local_bh_enable()</function> |
| <filename class="headerfile">include/linux/interrupt.h</filename></title> |
| |
| <para> |
| These routines disable soft interrupts on the local CPU, and |
| restore them. They are reentrant; if soft interrupts were |
| disabled before, they will still be disabled after this pair |
| of functions has been called. They prevent softirqs, tasklets |
| and bottom halves from running on the current CPU. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-processorids"> |
| <title><function>smp_processor_id</function>() |
| <filename class="headerfile">include/asm/smp.h</filename></title> |
| |
| <para> |
| <function>smp_processor_id()</function> returns the current |
| processor number, between 0 and <symbol>NR_CPUS</symbol> (the |
| maximum number of CPUs supported by Linux, currently 32). These |
| values are not necessarily continuous. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-init"> |
| <title><type>__init</type>/<type>__exit</type>/<type>__initdata</type> |
| <filename class="headerfile">include/linux/init.h</filename></title> |
| |
| <para> |
| After boot, the kernel frees up a special section; functions |
| marked with <type>__init</type> and data structures marked with |
| <type>__initdata</type> are dropped after boot is complete (within |
| modules this directive is currently ignored). <type>__exit</type> |
| is used to declare a function which is only required on exit: the |
| function will be dropped if this file is not compiled as a module. |
| See the header file for use. Note that it makes no sense for a function |
| marked with <type>__init</type> to be exported to modules with |
| <function>EXPORT_SYMBOL()</function> - this will break. |
| </para> |
| <para> |
| Static data structures marked as <type>__initdata</type> must be initialised |
| (as opposed to ordinary static data which is zeroed BSS) and cannot be |
| <type>const</type>. |
| </para> |
| |
| </sect1> |
| |
| <sect1 id="routines-init-again"> |
| <title><function>__initcall()</function>/<function>module_init()</function> |
| <filename class="headerfile">include/linux/init.h</filename></title> |
| <para> |
| Many parts of the kernel are well served as a module |
| (dynamically-loadable parts of the kernel). Using the |
| <function>module_init()</function> and |
| <function>module_exit()</function> macros it is easy to write code |
| without #ifdefs which can operate both as a module or built into |
| the kernel. |
| </para> |
| |
| <para> |
| The <function>module_init()</function> macro defines which |
| function is to be called at module insertion time (if the file is |
| compiled as a module), or at boot time: if the file is not |
| compiled as a module the <function>module_init()</function> macro |
| becomes equivalent to <function>__initcall()</function>, which |
| through linker magic ensures that the function is called on boot. |
| </para> |
| |
| <para> |
| The function can return a negative error number to cause |
| module loading to fail (unfortunately, this has no effect if |
| the module is compiled into the kernel). For modules, this is |
| called in user context, with interrupts enabled, and the |
| kernel lock held, so it can sleep. |
| </para> |
| </sect1> |
| |
| <sect1 id="routines-moduleexit"> |
| <title> <function>module_exit()</function> |
| <filename class="headerfile">include/linux/init.h</filename> </title> |
| |
| <para> |
| This macro defines the function to be called at module removal |
| time (or never, in the case of the file compiled into the |
| kernel). It will only be called if the module usage count has |
| reached zero. This function can also sleep, but cannot fail: |
| everything must be cleaned up by the time it returns. |
| </para> |
| </sect1> |
| |
| <!-- add info on new-style module refcounting here --> |
| </chapter> |
| |
| <chapter id="queues"> |
| <title>Wait Queues |
| <filename class="headerfile">include/linux/wait.h</filename> |
| </title> |
| <para> |
| <emphasis>[SLEEPS]</emphasis> |
| </para> |
| |
| <para> |
| A wait queue is used to wait for someone to wake you up when a |
| certain condition is true. They must be used carefully to ensure |
| there is no race condition. You declare a |
| <type>wait_queue_head_t</type>, and then processes which want to |
| wait for that condition declare a <type>wait_queue_t</type> |
| referring to themselves, and place that in the queue. |
| </para> |
| |
| <sect1 id="queue-declaring"> |
| <title>Declaring</title> |
| |
| <para> |
| You declare a <type>wait_queue_head_t</type> using the |
| <function>DECLARE_WAIT_QUEUE_HEAD()</function> macro, or using the |
| <function>init_waitqueue_head()</function> routine in your |
| initialization code. |
| </para> |
| </sect1> |
| |
| <sect1 id="queue-waitqueue"> |
| <title>Queuing</title> |
| |
| <para> |
| Placing yourself in the waitqueue is fairly complex, because you |
| must put yourself in the queue before checking the condition. |
| There is a macro to do this: |
| <function>wait_event_interruptible()</function> |
| |
| <filename class="headerfile">include/linux/sched.h</filename> The |
| first argument is the wait queue head, and the second is an |
| expression which is evaluated; the macro returns |
| <returnvalue>0</returnvalue> when this expression is true, or |
| <returnvalue>-ERESTARTSYS</returnvalue> if a signal is received. |
| The <function>wait_event()</function> version ignores signals. |
| </para> |
| <para> |
| Do not use the <function>sleep_on()</function> function family - |
| it is very easy to accidentally introduce races; almost certainly |
| one of the <function>wait_event()</function> family will do, or a |
| loop around <function>schedule_timeout()</function>. If you choose |
| to loop around <function>schedule_timeout()</function> remember |
| you must set the task state (with |
| <function>set_current_state()</function>) on each iteration to avoid |
| busy-looping. |
| </para> |
| |
| </sect1> |
| |
| <sect1 id="queue-waking"> |
| <title>Waking Up Queued Tasks</title> |
| |
| <para> |
| Call <function>wake_up()</function> |
| |
| <filename class="headerfile">include/linux/sched.h</filename>;, |
| which will wake up every process in the queue. The exception is |
| if one has <constant>TASK_EXCLUSIVE</constant> set, in which case |
| the remainder of the queue will not be woken. |
| </para> |
| </sect1> |
| </chapter> |
| |
| <chapter id="atomic-ops"> |
| <title>Atomic Operations</title> |
| |
| <para> |
| Certain operations are guaranteed atomic on all platforms. The |
| first class of operations work on <type>atomic_t</type> |
| |
| <filename class="headerfile">include/asm/atomic.h</filename>; this |
| contains a signed integer (at least 24 bits long), and you must use |
| these functions to manipulate or read atomic_t variables. |
| <function>atomic_read()</function> and |
| <function>atomic_set()</function> get and set the counter, |
| <function>atomic_add()</function>, |
| <function>atomic_sub()</function>, |
| <function>atomic_inc()</function>, |
| <function>atomic_dec()</function>, and |
| <function>atomic_dec_and_test()</function> (returns |
| <returnvalue>true</returnvalue> if it was decremented to zero). |
| </para> |
| |
| <para> |
| Yes. It returns <returnvalue>true</returnvalue> (i.e. != 0) if the |
| atomic variable is zero. |
| </para> |
| |
| <para> |
| Note that these functions are slower than normal arithmetic, and |
| so should not be used unnecessarily. On some platforms they |
| are much slower, like 32-bit Sparc where they use a spinlock. |
| </para> |
| |
| <para> |
| The second class of atomic operations is atomic bit operations on a |
| <type>long</type>, defined in |
| |
| <filename class="headerfile">include/linux/bitops.h</filename>. These |
| operations generally take a pointer to the bit pattern, and a bit |
| number: 0 is the least significant bit. |
| <function>set_bit()</function>, <function>clear_bit()</function> |
| and <function>change_bit()</function> set, clear, and flip the |
| given bit. <function>test_and_set_bit()</function>, |
| <function>test_and_clear_bit()</function> and |
| <function>test_and_change_bit()</function> do the same thing, |
| except return true if the bit was previously set; these are |
| particularly useful for very simple locking. |
| </para> |
| |
| <para> |
| It is possible to call these operations with bit indices greater |
| than BITS_PER_LONG. The resulting behavior is strange on big-endian |
| platforms though so it is a good idea not to do this. |
| </para> |
| |
| <para> |
| Note that the order of bits depends on the architecture, and in |
| particular, the bitfield passed to these operations must be at |
| least as large as a <type>long</type>. |
| </para> |
| </chapter> |
| |
| <chapter id="symbols"> |
| <title>Symbols</title> |
| |
| <para> |
| Within the kernel proper, the normal linking rules apply |
| (ie. unless a symbol is declared to be file scope with the |
| <type>static</type> keyword, it can be used anywhere in the |
| kernel). However, for modules, a special exported symbol table is |
| kept which limits the entry points to the kernel proper. Modules |
| can also export symbols. |
| </para> |
| |
| <sect1 id="sym-exportsymbols"> |
| <title><function>EXPORT_SYMBOL()</function> |
| <filename class="headerfile">include/linux/module.h</filename></title> |
| |
| <para> |
| This is the classic method of exporting a symbol, and it works |
| for both modules and non-modules. In the kernel all these |
| declarations are often bundled into a single file to help |
| genksyms (which searches source files for these declarations). |
| See the comment on genksyms and Makefiles below. |
| </para> |
| </sect1> |
| |
| <sect1 id="sym-exportsymbols-gpl"> |
| <title><function>EXPORT_SYMBOL_GPL()</function> |
| <filename class="headerfile">include/linux/module.h</filename></title> |
| |
| <para> |
| Similar to <function>EXPORT_SYMBOL()</function> except that the |
| symbols exported by <function>EXPORT_SYMBOL_GPL()</function> can |
| only be seen by modules with a |
| <function>MODULE_LICENSE()</function> that specifies a GPL |
| compatible license. |
| </para> |
| </sect1> |
| </chapter> |
| |
| <chapter id="conventions"> |
| <title>Routines and Conventions</title> |
| |
| <sect1 id="conventions-doublelinkedlist"> |
| <title>Double-linked lists |
| <filename class="headerfile">include/linux/list.h</filename></title> |
| |
| <para> |
| There are three sets of linked-list routines in the kernel |
| headers, but this one seems to be winning out (and Linus has |
| used it). If you don't have some particular pressing need for |
| a single list, it's a good choice. In fact, I don't care |
| whether it's a good choice or not, just use it so we can get |
| rid of the others. |
| </para> |
| </sect1> |
| |
| <sect1 id="convention-returns"> |
| <title>Return Conventions</title> |
| |
| <para> |
| For code called in user context, it's very common to defy C |
| convention, and return <returnvalue>0</returnvalue> for success, |
| and a negative error number |
| (eg. <returnvalue>-EFAULT</returnvalue>) for failure. This can be |
| unintuitive at first, but it's fairly widespread in the networking |
| code, for example. |
| </para> |
| |
| <para> |
| The filesystem code uses <function>ERR_PTR()</function> |
| |
| <filename class="headerfile">include/linux/fs.h</filename>; to |
| encode a negative error number into a pointer, and |
| <function>IS_ERR()</function> and <function>PTR_ERR()</function> |
| to get it back out again: avoids a separate pointer parameter for |
| the error number. Icky, but in a good way. |
| </para> |
| </sect1> |
| |
| <sect1 id="conventions-borkedcompile"> |
| <title>Breaking Compilation</title> |
| |
| <para> |
| Linus and the other developers sometimes change function or |
| structure names in development kernels; this is not done just to |
| keep everyone on their toes: it reflects a fundamental change |
| (eg. can no longer be called with interrupts on, or does extra |
| checks, or doesn't do checks which were caught before). Usually |
| this is accompanied by a fairly complete note to the linux-kernel |
| mailing list; search the archive. Simply doing a global replace |
| on the file usually makes things <emphasis>worse</emphasis>. |
| </para> |
| </sect1> |
| |
| <sect1 id="conventions-initialising"> |
| <title>Initializing structure members</title> |
| |
| <para> |
| The preferred method of initializing structures is to use |
| designated initialisers, as defined by ISO C99, eg: |
| </para> |
| <programlisting> |
| static struct block_device_operations opt_fops = { |
| .open = opt_open, |
| .release = opt_release, |
| .ioctl = opt_ioctl, |
| .check_media_change = opt_media_change, |
| }; |
| </programlisting> |
| <para> |
| This makes it easy to grep for, and makes it clear which |
| structure fields are set. You should do this because it looks |
| cool. |
| </para> |
| </sect1> |
| |
| <sect1 id="conventions-gnu-extns"> |
| <title>GNU Extensions</title> |
| |
| <para> |
| GNU Extensions are explicitly allowed in the Linux kernel. |
| Note that some of the more complex ones are not very well |
| supported, due to lack of general use, but the following are |
| considered standard (see the GCC info page section "C |
| Extensions" for more details - Yes, really the info page, the |
| man page is only a short summary of the stuff in info): |
| </para> |
| <itemizedlist> |
| <listitem> |
| <para> |
| Inline functions |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Statement expressions (ie. the ({ and }) constructs). |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Declaring attributes of a function / variable / type |
| (__attribute__) |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| typeof |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Zero length arrays |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Macro varargs |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Arithmetic on void pointers |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Non-Constant initializers |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Assembler Instructions (not outside arch/ and include/asm/) |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| Function names as strings (__FUNCTION__) |
| </para> |
| </listitem> |
| <listitem> |
| <para> |
| __builtin_constant_p() |
| </para> |
| </listitem> |
| </itemizedlist> |
| |
| <para> |
| Be wary when using long long in the kernel, the code gcc generates for |
| it is horrible and worse: division and multiplication does not work |
| on i386 because the GCC runtime functions for it are missing from |
| the kernel environment. |
| </para> |
| |
| <!-- FIXME: add a note about ANSI aliasing cleanness --> |
| </sect1> |
| |
| <sect1 id="conventions-cplusplus"> |
| <title>C++</title> |
| |
| <para> |
| Using C++ in the kernel is usually a bad idea, because the |
| kernel does not provide the necessary runtime environment |
| and the include files are not tested for it. It is still |
| possible, but not recommended. If you really want to do |
| this, forget about exceptions at least. |
| </para> |
| </sect1> |
| |
| <sect1 id="conventions-ifdef"> |
| <title>#if</title> |
| |
| <para> |
| It is generally considered cleaner to use macros in header files |
| (or at the top of .c files) to abstract away functions rather than |
| using `#if' pre-processor statements throughout the source code. |
| </para> |
| </sect1> |
| </chapter> |
| |
| <chapter id="submitting"> |
| <title>Putting Your Stuff in the Kernel</title> |
| |
| <para> |
| In order to get your stuff into shape for official inclusion, or |
| even to make a neat patch, there's administrative work to be |
| done: |
| </para> |
| <itemizedlist> |
| <listitem> |
| <para> |
| Figure out whose pond you've been pissing in. Look at the top of |
| the source files, inside the <filename>MAINTAINERS</filename> |
| file, and last of all in the <filename>CREDITS</filename> file. |
| You should coordinate with this person to make sure you're not |
| duplicating effort, or trying something that's already been |
| rejected. |
| </para> |
| |
| <para> |
| Make sure you put your name and EMail address at the top of |
| any files you create or mangle significantly. This is the |
| first place people will look when they find a bug, or when |
| <emphasis>they</emphasis> want to make a change. |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| Usually you want a configuration option for your kernel hack. |
| Edit <filename>Config.in</filename> in the appropriate directory |
| (but under <filename>arch/</filename> it's called |
| <filename>config.in</filename>). The Config Language used is not |
| bash, even though it looks like bash; the safe way is to use only |
| the constructs that you already see in |
| <filename>Config.in</filename> files (see |
| <filename>Documentation/kbuild/kconfig-language.txt</filename>). |
| It's good to run "make xconfig" at least once to test (because |
| it's the only one with a static parser). |
| </para> |
| |
| <para> |
| Variables which can be Y or N use <type>bool</type> followed by a |
| tagline and the config define name (which must start with |
| CONFIG_). The <type>tristate</type> function is the same, but |
| allows the answer M (which defines |
| <symbol>CONFIG_foo_MODULE</symbol> in your source, instead of |
| <symbol>CONFIG_FOO</symbol>) if <symbol>CONFIG_MODULES</symbol> |
| is enabled. |
| </para> |
| |
| <para> |
| You may well want to make your CONFIG option only visible if |
| <symbol>CONFIG_EXPERIMENTAL</symbol> is enabled: this serves as a |
| warning to users. There many other fancy things you can do: see |
| the various <filename>Config.in</filename> files for ideas. |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| Edit the <filename>Makefile</filename>: the CONFIG variables are |
| exported here so you can conditionalize compilation with `ifeq'. |
| If your file exports symbols then add the names to |
| <varname>export-objs</varname> so that genksyms will find them. |
| <caution> |
| <para> |
| There is a restriction on the kernel build system that objects |
| which export symbols must have globally unique names. |
| If your object does not have a globally unique name then the |
| standard fix is to move the |
| <function>EXPORT_SYMBOL()</function> statements to their own |
| object with a unique name. |
| This is why several systems have separate exporting objects, |
| usually suffixed with ksyms. |
| </para> |
| </caution> |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| Document your option in Documentation/Configure.help. Mention |
| incompatibilities and issues here. <emphasis> Definitely |
| </emphasis> end your description with <quote> if in doubt, say N |
| </quote> (or, occasionally, `Y'); this is for people who have no |
| idea what you are talking about. |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| Put yourself in <filename>CREDITS</filename> if you've done |
| something noteworthy, usually beyond a single file (your name |
| should be at the top of the source files anyway). |
| <filename>MAINTAINERS</filename> means you want to be consulted |
| when changes are made to a subsystem, and hear about bugs; it |
| implies a more-than-passing commitment to some part of the code. |
| </para> |
| </listitem> |
| |
| <listitem> |
| <para> |
| Finally, don't forget to read <filename>Documentation/SubmittingPatches</filename> |
| and possibly <filename>Documentation/SubmittingDrivers</filename>. |
| </para> |
| </listitem> |
| </itemizedlist> |
| </chapter> |
| |
| <chapter id="cantrips"> |
| <title>Kernel Cantrips</title> |
| |
| <para> |
| Some favorites from browsing the source. Feel free to add to this |
| list. |
| </para> |
| |
| <para> |
| <filename>include/linux/brlock.h:</filename> |
| </para> |
| <programlisting> |
| extern inline void br_read_lock (enum brlock_indices idx) |
| { |
| /* |
| * This causes a link-time bug message if an |
| * invalid index is used: |
| */ |
| if (idx >= __BR_END) |
| __br_lock_usage_bug(); |
| |
| read_lock(&__brlock_array[smp_processor_id()][idx]); |
| } |
| </programlisting> |
| |
| <para> |
| <filename>include/linux/fs.h</filename>: |
| </para> |
| <programlisting> |
| /* |
| * Kernel pointers have redundant information, so we can use a |
| * scheme where we can return either an error code or a dentry |
| * pointer with the same return value. |
| * |
| * This should be a per-architecture thing, to allow different |
| * error and pointer decisions. |
| */ |
| #define ERR_PTR(err) ((void *)((long)(err))) |
| #define PTR_ERR(ptr) ((long)(ptr)) |
| #define IS_ERR(ptr) ((unsigned long)(ptr) > (unsigned long)(-1000)) |
| </programlisting> |
| |
| <para> |
| <filename>include/asm-i386/uaccess.h:</filename> |
| </para> |
| |
| <programlisting> |
| #define copy_to_user(to,from,n) \ |
| (__builtin_constant_p(n) ? \ |
| __constant_copy_to_user((to),(from),(n)) : \ |
| __generic_copy_to_user((to),(from),(n))) |
| </programlisting> |
| |
| <para> |
| <filename>arch/sparc/kernel/head.S:</filename> |
| </para> |
| |
| <programlisting> |
| /* |
| * Sun people can't spell worth damn. "compatability" indeed. |
| * At least we *know* we can't spell, and use a spell-checker. |
| */ |
| |
| /* Uh, actually Linus it is I who cannot spell. Too much murky |
| * Sparc assembly will do this to ya. |
| */ |
| C_LABEL(cputypvar): |
| .asciz "compatability" |
| |
| /* Tested on SS-5, SS-10. Probably someone at Sun applied a spell-checker. */ |
| .align 4 |
| C_LABEL(cputypvar_sun4m): |
| .asciz "compatible" |
| </programlisting> |
| |
| <para> |
| <filename>arch/sparc/lib/checksum.S:</filename> |
| </para> |
| |
| <programlisting> |
| /* Sun, you just can't beat me, you just can't. Stop trying, |
| * give up. I'm serious, I am going to kick the living shit |
| * out of you, game over, lights out. |
| */ |
| </programlisting> |
| </chapter> |
| |
| <chapter id="credits"> |
| <title>Thanks</title> |
| |
| <para> |
| Thanks to Andi Kleen for the idea, answering my questions, fixing |
| my mistakes, filling content, etc. Philipp Rumpf for more spelling |
| and clarity fixes, and some excellent non-obvious points. Werner |
| Almesberger for giving me a great summary of |
| <function>disable_irq()</function>, and Jes Sorensen and Andrea |
| Arcangeli added caveats. Michael Elizabeth Chastain for checking |
| and adding to the Configure section. <!-- Rusty insisted on this |
| bit; I didn't do it! --> Telsa Gwynne for teaching me DocBook. |
| </para> |
| </chapter> |
| </book> |
| |