转自:http://blog.csdn.net/boymax2/article/details/52550197
版权声明:本文为博主原创文章,未经博主允许不得转载。 Magenta内核支持虚拟地址的配置,依赖于cpu内的mmu模块。 下面会从以下几个方面对Magenta内核内存管理方面的代码进行分析: 1、mmu初始化,也就是硬件mmu的初始化,以底层寄存器操作为主,汇编 2、pmm初始化,也就是代码中物理内存结构的初始化 3、vmm初始化,也就是代码中虚拟内存结构的初始化 mmu初始化 mmu初始化的代码由汇编完成,其中主要涉及了以下几个结构 TLB:内存映射表,其定义位于c代码中 kernel/arch/arm/arm/mmu.c [cpp] view plain copy uint32_t arm_kernel_translation_table[TT_ENTRY_COUNT] __ALIGNED(16384) __SECTION(".bss.prebss.translation_table"); 以及初始化的内存映射关系,以qemu-virt平台 kernel/platform/qemu-virt/platform.c [cpp] view plain copy struct mmu_initial_mapping mmu_initial_mappings[] = { /* all of memory */ { .phys = MEMORY_BASE_PHYS, // 内存物理基地址 .virt = KERNEL_BASE, // 内存虚拟基地址 .size = MEMORY_APERTURE_SIZE,// 虚拟内存大小 .flags = 0, .name = "memory" }, /* 1GB of peripherals */ { .phys = PERIPHERAL_BASE_PHYS, // 外设物理基地址 .virt = PERIPHERAL_BASE_VIRT, // 外设虚拟基地址 .size = PERIPHERAL_BASE_SIZE, // 虚拟内存大小 .flags = MMU_INITIAL_MAPPING_FLAG_DEVICE, .name = "peripherals" }, /* null entry to terminate the list */ { 0 } }; 这两个结构都会在之后的汇编代码中使用。 mmu初始化的汇编代码位于内核的启动文件中,以arm32为例 自己对arm汇编不是很熟悉,在读汇编代码时花费了比较多的时间,希望有错误能指正出来 启动文件中与mmu相关的代码已经提取出来 在其中主要涉及到的操作为以下几个: 1、重置mmu相关寄存器 2、计算物理地址相对虚拟地址的偏移 3、将tlb地址指向空间清零 4、遍历mmu_initial_mappings结构,计算后写入tlb 5、设置mmu相关寄存器 6、跳转至c代码 kernel/arch/arm/arm/start.S [plain] view plain copy #include <asm.h> #include <arch/arm/cores.h> #include <arch/arm/mmu.h> #include <kernel/vm.h> .section ".text.boot" .globl _start _start: b platform_reset b arm_undefined b arm_syscall b arm_prefetch_abort b arm_data_abort b arm_reserved b arm_irq b arm_fiq #if WITH_SMP b arm_reset #endif .weak platform_reset platform_reset: /* Fall through for the weak symbol */ // arm复位处理程序 .globl arm_reset arm_reset: /* do some early cpu setup */ // 读SCTLR寄存器,手册P1711 mrc p15, 0, r12, c1, c0, 0 /* i/d cache disable, mmu disabled */ // cache位与mmu位置0 bic r12, #(1<<12) bic r12, #(1<<2 | 1<<0) #if WITH_KERNEL_VM /* enable caches so atomics and spinlocks work */ // cache位与mmu位置1 orr r12, r12, #(1<<12) orr r12, r12, #(1<<2) #endif // WITH_KERNEL_VM // 写SCTLR寄存器 mcr p15, 0, r12, c1, c0, 0 /* calculate the physical offset from our eventual virtual location */ // 计算物理地址相对虚拟地址的偏移,用于之后的转换 .Lphys_offset: ldr r4, =.Lphys_offset adr r11, .Lphys_offset sub r11, r11, r4 ... #if ARM_WITH_MMU .Lsetup_mmu: /* set up the mmu according to mmu_initial_mappings */ /* load the base of the translation table and clear the table */ // 获取转换表地址 ldr r4, =arm_kernel_translation_table // 获取转换表物理地址 add r4, r4, r11 /* r4 = physical address of translation table */ mov r5, #0 mov r6, #0 /* walk through all the entries in the translation table, setting them up */ // 遍历转换表结构清零 0: str r5, [r4, r6, lsl #2] add r6, #1 cmp r6, #4096 bne 0b /* load the address of the mmu_initial_mappings table and start processing */ // 获取初始映射地址 ldr r5, =mmu_initial_mappings // 获取初始映射物理地址 add r5, r5, r11 /* r5 = physical address of mmu initial mapping table */ // 初始映射遍历绑定至转换表 // 转换表的绑定 转换表中元素的高12位为物理基地址下标,低20位为mmu相关flag .Linitial_mapping_loop: // 把结构体加载到各个通用寄存器中 ldmia r5!, { r6-r10 } /* r6 = phys, r7 = virt, r8 = size, r9 = flags, r10 = name */ /* round size up to 1MB alignment */ // 上调size对齐1MB ubfx r10, r6, #0, #20 add r8, r8, r10 add r8, r8, #(1 << 20) sub r8, r8, #1 /* mask all the addresses and sizes to 1MB boundaries */ // 物理地址 虚拟地址 大小 右移20位 取高12位 lsr r6, #20 /* r6 = physical address / 1MB */ lsr r7, #20 /* r7 = virtual address / 1MB */ lsr r8, #20 /* r8 = size in 1MB chunks */ /* if size == 0, end of list */ // 循环边界判断 cmp r8, #0 beq .Linitial_mapping_done /* set up the flags */ // 设置mmu相关flag,放置在r10 ldr r10, =MMU_KERNEL_L1_PTE_FLAGS teq r9, #MMU_INITIAL_MAPPING_FLAG_UNCACHED ldreq r10, =MMU_INITIAL_MAP_STRONGLY_ORDERED beq 0f teq r9, #MMU_INITIAL_MAPPING_FLAG_DEVICE ldreq r10, =MMU_INITIAL_MAP_DEVICE /* r10 = mmu entry flags */ 0: // 计算translation_table元素的值 // r10:mmu相关flag r6:物理地址高12位 // r12 = r10 | (r6 << 20) // 高20位为物理地址,低12位为mmu相关flag orr r12, r10, r6, lsl #20 /* r12 = phys addr | flags */ /* store into appropriate translation table entry */ // r4:转换表物理基地址 r7:虚拟地址对应的section // r12 -> [r4 + r7 << 2] str r12, [r4, r7, lsl #2] /* loop until we're done */ // 准备下一个转换表元素的填充 add r6, #1 add r7, #1 subs r8, #1 bne 0b b .Linitial_mapping_loop .Linitial_mapping_done: ... /* set up the mmu */ bl .Lmmu_setup #endif // WITH_KERNEL_VM ... // 跳转至c程序 bl lk_main b . #if WITH_KERNEL_VM /* per cpu mmu setup, shared between primary and secondary cpus args: r4 == translation table physical r8 == final translation table physical (if using trampoline) */ // 设置mmu相关寄存器 // r4:转换表物理基地址 // mmu相关寄存器 手册P1724 .Lmmu_setup: /* Invalidate TLB */ mov r12, #0 mcr p15, 0, r12, c8, c7, 0 isb /* Write 0 to TTBCR */ // ttbcr写0 mcr p15, 0, r12, c2, c0, 2 isb /* Set cacheable attributes on translation walk */ // 宏MMU_TTBRx_FLAGS为 (1 << 3) | (1 << 6) orr r12, r4, #MMU_TTBRx_FLAGS /* Write ttbr with phys addr of the translation table */ // 写入ttbr0 mcr p15, 0, r12, c2, c0, 0 isb /* Write DACR */ // 写DACR cache相关 mov r12, #0x1 mcr p15, 0, r12, c3, c0, 0 isb /* Read SCTLR into r12 */ // 读SCTLR寄存器,手册P1711 mrc p15, 0, r12, c1, c0, 0 /* Disable TRE/AFE */ // 禁用TRE和AFE标志位 bic r12, #(1<<29 | 1<<28) /* Turn on the MMU */ // MMU使能标志位 orr r12, #0x1 /* Write back SCTLR */ // 写入SCTLR // MMU打开 mcr p15, 0, r12, c1, c0, 0 isb /* Jump to virtual code address */ // 跳转 ldr pc, =1f 1: ... /* Invalidate TLB */ mov r12, #0 mcr p15, 0, r12, c8, c7, 0 isb /* assume lr was in physical memory, adjust it before returning */ // 计算跳转点的虚拟地址,跳转,之后会调用lk_main sub lr, r11 bx lr #endif ... 硬件层的内存管理相关的初始化基本完成后,会跳转到c代码 位于kernel/top/main.c 其中有关内存管理的函数调用顺序为: 1、pmm_add_arena 将物理内存加入pmm结构 2、vm_init_preheap 堆初始化前的准备工作(钩子) 3、heap_init 堆的初始化 4、vm_init_postheap 堆初始化后的工作(钩子) 5、arm_mmu_init mmu相关的调整 首先要完成pmm初始化工作 pmm初始化主要分为以下几步: 1、通过fdt库从bootloader中获取物理内存的长度 2、在pmm中加入物理内存 3、标记fdt结构的空间 4、标记bootloader相关的空间 pmm中比较重要的一个结构体,pmm_arena_t代表着一块物理内存的抽象 kernel/include/kernel/vm.h [cpp] view plain copy typedef struct pmm_arena { struct list_node node; // 节点,物理内存链表 const char* name; // 名称 uint flags; uint priority; paddr_t base; // 物理内存基地址 size_t size; // 物理内存长度 size_t free_count; // 空闲的页数 struct vm_page* page_array; // 页结构数组 struct list_node free_list; // 节点,该内存中空闲空间的链表 } pmm_arena_t; 接着以qemu-virt的platform为例,分析pmm初始化的过程 kernel/platform/qemu-virt.c [cpp] view plain copy // 全局物理内存结构体 static pmm_arena_t arena = { .name = "ram", .base = MEMORY_BASE_PHYS, .size = DEFAULT_MEMORY_SIZE, .flags = PMM_ARENA_FLAG_KMAP, }; ... // 该函数为平台的早期初始化,在内核启动时调用 void platform_early_init(void) { ... /* look for a flattened device tree just before the kernel */ // 获取fdt结构 const void *fdt = (void *)KERNEL_BASE; int err = fdt_check_header(fdt); if (err >= 0) { /* walk the nodes, looking for 'memory' and 'chosen' */ int depth = 0; int offset = 0; for (;;) { offset = fdt_next_node(fdt, offset, &depth); if (offset < 0) break; /* get the name */ const char *name = fdt_get_name(fdt, offset, NULL); if (!name) continue; /* look for the properties we care about */ // 从fdt中查找到内存信息 if (strcmp(name, "memory") == 0) { int lenp; const void *prop_ptr = fdt_getprop(fdt, offset, "reg", &lenp); if (prop_ptr && lenp == 0x10) { /* we're looking at a memory descriptor */ //uint64_t base = fdt64_to_cpu(*(uint64_t *)prop_ptr); // 获取内存长度 uint64_t len = fdt64_to_cpu(*((const uint64_t *)prop_ptr + 1)); /* trim size on certain platforms */ #if ARCH_ARM // 如果是32位arm,只使用内存前1GB if (len > 1024*1024*1024U) { len = 1024*1024*1024; /* only use the first 1GB on ARM32 */ printf("trimming memory to 1GB "); } #endif /* set the size in the pmm arena */ // 保存内存长度 arena.size = len; } } else if (strcmp(name, "chosen") == 0) { ... } } } /* add the main memory arena */ // 将改内存区域加入到pmm中 pmm_add_arena(&arena); /* reserve the first 64k of ram, which should be holding the fdt */ // 标记fdt区域 pmm_alloc_range(MEMBASE, 0x10000 / PAGE_SIZE, NULL); // 标记bootloader_ramdisk区域 platform_preserve_ramdisk(); ... } 内核在接下来初始化堆之前会在内存中构造出出一个VmAspace对象,其代表的是内核空间的抽象 kernel/kernel/vm/vm.cpp [cpp] view plain copy void vm_init_preheap(uint level) { LTRACE_ENTRY; // allow the vmm a shot at initializing some of its data structures // 构造代表内核空间的VmAspace对象 VmAspace::KernelAspaceInitPreHeap(); // mark all of the kernel pages in use LTRACEF("marking all kernel pages as used "); // 标记内核代码所用内存 mark_pages_in_use((vaddr_t)&_start, ((uintptr_t)&_end - (uintptr_t)&_start)); // mark the physical pages used by the boot time allocator // 标记boot time allocator代码所用内存 if (boot_alloc_end != boot_alloc_start) { LTRACEF("marking boot alloc used from 0x%lx to 0x%lx ", boot_alloc_start, boot_alloc_end); mark_pages_in_use(boot_alloc_start, boot_alloc_end - boot_alloc_start); } } kernel/kernel/vm/vm_aspace.cpp [cpp] view plain copy void VmAspace::KernelAspaceInitPreHeap() { // the singleton kernel address space // 构造一个内核空间单例,因为这个函数只会在启动时调用,所以是这个对象是单例 static VmAspace _kernel_aspace(KERNEL_ASPACE_BASE, KERNEL_ASPACE_SIZE, VmAspace::TYPE_KERNEL, "kernel"); // 初始化 auto err = _kernel_aspace.Init(); ASSERT(err >= 0); // save a pointer to the singleton kernel address space // 保存单例指针 VmAspace::kernel_aspace_ = &_kernel_aspace; } VmAspace::VmAspace(vaddr_t base, size_t size, uint32_t flags, const char* name) : base_(base), size_(size), flags_(flags) { DEBUG_ASSERT(size != 0); DEBUG_ASSERT(base + size - 1 >= base); Rename(name); LTRACEF("%p '%s' ", this, name_); } status_t VmAspace::Init() { DEBUG_ASSERT(magic_ == MAGIC); LTRACEF("%p '%s' ", this, name_); // intialize the architectually specific part // 标记为内核的空间 bool is_high_kernel = (flags_ & TYPE_MASK) == TYPE_KERNEL; uint arch_aspace_flags = is_high_kernel ? ARCH_ASPACE_FLAG_KERNEL : 0; // 调用mmu相关的函数 return arch_mmu_init_aspace(&arch_aspace_, base_, size_, arch_aspace_flags); } kernel/arch/arm/arm/mmu.c [cpp] view plain copy status_t arch_mmu_init_aspace(arch_aspace_t *aspace, vaddr_t base, size_t size, uint flags) { LTRACEF("aspace %p, base 0x%lx, size 0x%zx, flags 0x%x ", aspace, base, size, flags); DEBUG_ASSERT(aspace); DEBUG_ASSERT(aspace->magic != ARCH_ASPACE_MAGIC); /* validate that the base + size is sane and doesn't wrap */ DEBUG_ASSERT(size > PAGE_SIZE); DEBUG_ASSERT(base + size - 1 > base); // 初始化内核空间中页的链表 list_initialize(&aspace->pt_page_list); aspace->magic = ARCH_ASPACE_MAGIC; if (flags & ARCH_ASPACE_FLAG_KERNEL) { // 设置结构内相关参数,其中转换表的物理内存通过vaddr_to_paddr获取 // 该函数不详细分析了,实质就是通过转换表进行查询得到的物理地址 aspace->base = base; aspace->size = size; aspace->tt_virt = arm_kernel_translation_table; aspace->tt_phys = vaddr_to_paddr(aspace->tt_virt); } else { ... } LTRACEF("tt_phys 0x%lx tt_virt %p ", aspace->tt_phys, aspace->tt_virt); return NO_ERROR; } 到此内核空间的结构初始化完成 接下来进行内核堆的初始化,Magenta内核中提供了两种堆的实现miniheap以及cmpctmalloc,用户可以自己进行配置。 堆的具体实现方法会在之后进行具体的分析 堆的初始化完成以后,会调用相应的钩子函数,该函数的主要的作用如下: 1、在vmm结构中标记内核已使用的虚拟地址 2、根据内核使用的地址的区域,分别设置内存的保护 [cpp] view plain copy void vm_init_postheap(uint level) { LTRACE_ENTRY; vmm_aspace_t* aspace = vmm_get_kernel_aspace(); // we expect the kernel to be in a temporary mapping, define permanent // regions for those now struct temp_region { const char* name; vaddr_t base; size_t size; uint arch_mmu_flags; } regions[] = { { .name = "kernel_code", .base = (vaddr_t)&__code_start, .size = ROUNDUP((size_t)&__code_end - (size_t)&__code_start, PAGE_SIZE), .arch_mmu_flags = ARCH_MMU_FLAG_PERM_READ | ARCH_MMU_FLAG_PERM_EXECUTE, }, { .name = "kernel_rodata", .base = (vaddr_t)&__rodata_start, .size = ROUNDUP((size_t)&__rodata_end - (size_t)&__rodata_start, PAGE_SIZE), .arch_mmu_flags = ARCH_MMU_FLAG_PERM_READ, }, { .name = "kernel_data", .base = (vaddr_t)&__data_start, .size = ROUNDUP((size_t)&__data_end - (size_t)&__data_start, PAGE_SIZE), .arch_mmu_flags = ARCH_MMU_FLAG_PERM_READ | ARCH_MMU_FLAG_PERM_WRITE, }, { .name = "kernel_bss", .base = (vaddr_t)&__bss_start, .size = ROUNDUP((size_t)&__bss_end - (size_t)&__bss_start, PAGE_SIZE), .arch_mmu_flags = ARCH_MMU_FLAG_PERM_READ | ARCH_MMU_FLAG_PERM_WRITE, }, { .name = "kernel_bootalloc", .base = (vaddr_t)boot_alloc_start, .size = ROUNDUP(boot_alloc_end - boot_alloc_start, PAGE_SIZE), .arch_mmu_flags = ARCH_MMU_FLAG_PERM_READ | ARCH_MMU_FLAG_PERM_WRITE, }, }; for (uint i = 0; i < countof(regions); ++i) { temp_region* region = ®ions[i]; ASSERT(IS_PAGE_ALIGNED(region->base)); status_t status = vmm_reserve_space(aspace, region->name, region->size, region->base); ASSERT(status == NO_ERROR); status = vmm_protect_region(aspace, region->base, region->arch_mmu_flags); ASSERT(status == NO_ERROR); } // mmu_initial_mappings should reflect where we are now, use it to construct the actual // mappings. We will carve out the kernel code/data from any mappings and // unmap any temporary ones. const struct mmu_initial_mapping* map = mmu_initial_mappings; for (map = mmu_initial_mappings; map->size > 0; ++map) { LTRACEF("looking at mapping %p (%s) ", map, map->name); // Unmap temporary mappings except where they intersect with the // kernel code/data regions. vaddr_t vaddr = map->virt; LTRACEF("vaddr 0x%lx, virt + size 0x%lx ", vaddr, map->virt + map->size); while (vaddr != map->virt + map->size) { vaddr_t next_kernel_region = map->virt + map->size; vaddr_t next_kernel_region_end = map->virt + map->size; // Find the kernel code/data region with the lowest start address // that is within this mapping. for (uint i = 0; i < countof(regions); ++i) { temp_region* region = ®ions[i]; if (region->base >= vaddr && region->base < map->virt + map->size && region->base < next_kernel_region) { next_kernel_region = region->base; next_kernel_region_end = region->base + region->size; } } // If vaddr isn't the start of a kernel code/data region, then we should make // a mapping between it and the next closest one. if (next_kernel_region != vaddr) { status_t status = vmm_reserve_space(aspace, map->name, next_kernel_region - vaddr, vaddr); ASSERT(status == NO_ERROR); if (map->flags & MMU_INITIAL_MAPPING_TEMPORARY) { // If the region is part of a temporary mapping, immediately unmap it LTRACEF("Freeing region [%016lx, %016lx) ", vaddr, next_kernel_region); status = vmm_free_region(aspace, vaddr); ASSERT(status == NO_ERROR); } else { // Otherwise, mark it no-exec since it's not explicitly code status = vmm_protect_region( aspace, vaddr, ARCH_MMU_FLAG_PERM_READ | ARCH_MMU_FLAG_PERM_WRITE); ASSERT(status == NO_ERROR); } } vaddr = next_kernel_region_end; } } } 以上代码中涉及到的几个函数,只是做下简单的介绍,不具体分析: vmm_reserve_space:在vmm中标记一块虚拟内存,这块虚拟内存抽象为VmRegion类,拥有自己的底层mmu相关的配置 vmm_protect_region:对某VmRegion对应的虚拟内存设置内存保护的相关参数 mmu相关的调整 mmu相关的调整,由内核新建的bootstrap2线程进行调用arch_init完成 kernel/arch/arm/arm/arch.c [cpp] view plain copy void arch_init(void) { ... #if ARM_WITH_MMU /* finish intializing the mmu */ arm_mmu_init(); #endif } kernel/arch/arm/arm/mmu.c [cpp] view plain copy void arm_mmu_init(void) { /* unmap the initial mapings that are marked temporary */ // 解除具有MMU_INITIAL_MAPPING_TEMPORARY标志的内存映射 struct mmu_initial_mapping *map = mmu_initial_mappings; while (map->size > 0) { if (map->flags & MMU_INITIAL_MAPPING_TEMPORARY) { vaddr_t va = map->virt; size_t size = map->size; DEBUG_ASSERT(IS_SECTION_ALIGNED(size)); while (size > 0) { arm_mmu_unmap_l1_entry(arm_kernel_translation_table, va / SECTION_SIZE); va += MB; size -= MB; } } map++; } arm_after_invalidate_tlb_barrier(); #if KERNEL_ASPACE_BASE != 0 /* bounce the ttbr over to ttbr1 and leave 0 unmapped */ // 重新设置mmu相关的寄存器,禁用ttbcr0,将原先ttbr0的映射移动到ttbr1 // ttbr1为内核空间使用的寄存器 uint32_t n = __builtin_clz(KERNEL_ASPACE_BASE) + 1; DEBUG_ASSERT(n <= 7); uint32_t ttbcr = (1<<4) | n; /* disable TTBCR0 and set the split between TTBR0 and TTBR1 */ arm_write_ttbr1(arm_read_ttbr0()); ISB; arm_write_ttbcr(ttbcr); ISB; arm_write_ttbr0(0); ISB; #endif } 至此Magenta内核有关内存管理的初始化完成。