Understanding the Linux Operating System

The Linux kernel consists of five major sub-systems:
1. Process Scheduler (SCHED):

As you know, the PC is basically a single-processor system that only has one executable at a time. However, multi-tasking systems such as Windows, Linux etc. allow multiple programs to run at the same time. How do they do it? By passing the executable back and forth between programs so fast that we have the feeling that programs are running at the same time. For example, if you just hit Winword and play Winamp, then SCHED will run Winword 5.10 command is finished, go to Winamp 5.10 command and switch back and forth. This is extremely fast so you have no feeling.
The old MSDOS operating system was actually a single operating system, but you could still interrupt 1Ch (hook interrupt) to simulate multitasking. Interrupt 1Ch is actually IRQ Timer (6 or 8 forget it) call. IRQ Timer is a hard interrupt, ie the signal sent by the pulse to the CPU. The default is 1/13 second once the transmitter sends an IRQ signal to the CPU. Then the CPU will stop the command being executed by switching the interrupt handler. The IRQ timer will then call the 1Ch interrupt. If you write a hook int 1Ch subroutine, you will have the feeling that it runs parallel to the main program (actually 1 / 13s it ran once). In this application I write a banner run program in the DOS screen, or one or more ping pong games that hit the sides of the screen while running DOS.
Multitasking operating systems later used this principle to make SCHED. However, 1 / 13s is not fast enough to switch through many processes but using the BIOS function can speed up the SCHED 1 / 100s once.

2. Memory Manager (MM):

The conventional memory of the PC is only 640K. As the BIOS program can only be managed to FFFFF, high memory (A0000 or higher memory) is used to map BIOS, video card memory and other peripherals. memory is 9FFFF or lower. Using calculator to change 9FFFF to decimal you will have 640K right :)). Perhaps you are surprised to know that the 512M RAM bought $ 70 of my lost? Hihihi it now shrinks to a 64K page in high memory. However, you can change the mapping to 512M. RAM video card is similar. In protect mode of the 32-bit CPU, the concept of virtual memory. At this point, each process is allocated to 4G virtual memory from 00000000-FFFFFFFF. But the kernel will keep a table describing each page of virtual memory with physical memory. Physical memory now includes RAM and swap disk space. Of course, 4G virtual memory is never fully mapped (mapped to what other processes are running). Most of the addresses are typed, but only if you read or write them, the new kernel allocates from physical memory.

Virtual File System (VFS)

This system not only provides access to the file system on the hard disk, but also to all peripherals. If Triump is all fashionable, we can say in Linux all the files. This idea comes from Unix and later operating systems are set up in that direction. Do not forget that in DOS you use copy xxx to print the xxx file to the screen. Then "child" is the filehandler for the console.

4. Network Interface (NET).

Linux built in TCP / IP in the kernel. Do not have this DOS so the author does not understand very well.

Inter-process communication (IPC)

Provides media between processes in the same Linux system. We will find out later.


System data structures.
Linux operating systems rely on these data
1. Task list
SCHED stores a set of data for each active process. These data sets make up a list of links called task lists. SCHED also has a current pointer to indicate which actions are active. As far as I'm concerned, this data must have the values ​​of the process's registers at the time of the switch. When a process is activated, SCHED will restore these values.

2. Memory map
As explained above, MM needs 1 mapping from physical memory to 4G virtual memory of each process. There is also information on how to get and replace specific pages. All this information is contained in the memory map and memory map contained in the task list.

3. I-nodes
VFS uses i-nodes to locate files. The i-nodes data structure is used to map block files to physical addresses where hard disks and floppy disks are sectors, cyclinder, and head.

4. Data connection
Description of network connection is open

All of these data structures are derived from the task list. Each process has a pointer to the memory map structure, a pointer to the list of i-nodes of the open files for that particular process, and a pointer to the list of data connections for all. network connection is open.

1 AzSoft_watermark_small.png cong-nghe? P = 1 en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com. com
Structure of SCHED
Everyone knows that this is the central part of the operating system. It is responsible for sharing CPU utilization time for all normal processes as well as sub-systems.

SCHED is divided into 4 modules
1. Scheduling module: It is responsible for determining which processes are allowed to access the CPU. The system works smoothly or not thanks to this rule, avoiding the case that a process takes advantage of the loopholes of the rule that takes up the system time through many other processes that freeze (freeze)
2. Architeture-specific module: This module consists of assembly code that depends on the type of CPU used to suspend or assume process.
3. Architeture-independent module: The module calls functions from the architecture-dependent module and the rules module to switch between processes. It also calls the functions in MM to set virtual memory for the processes to be resumed. Remember that the architecture dependency module will differ in each CPU (eg, 386, apha, etc.), but the architecture independent module does not change this technique. Any object oriented programmer will know it's abstract.
System call system (system call) . Includes functions that the user can use to interact with SCHED. Linux and Unix programmers will be familiar with these system calls.

Data structure
Task list: contains enough data to suspend and resume a process. There are also data used to statistically state the system. These data are public. You can use it to analyze the system running

Structure MM
MM is responsible for controlling the process of accessing memory resources. The CPU itself also has a physical memory management system that allows the memory process to be mapped to physical memory. MM must store this mapping for each process. In addition, MM also allows swaps; It will move unused memory pages to allow the PC to use free RAM.

MM has 3 modules
1. Architecture dependent module: The code calls the commands of the CPU's memory management system
2. Architectural standalone module: mapped to each process and virtual memory swap. It also decides what page to remove, which page load. Linux programmers do not design a separate policy module because the policy for MM will not change.
System call allows processes to affect MM including the allocation of memory

VFS structure

VFS is designed to unify how to access all hardware devices. VFS is also responsible for loading executable programs.

Modules
1. Controller modules, each of which has its own controller module, which is usually called a driver. Linux as well as other operating systems allow the addition of a new driver.
2. Module-independent device. This is the abstract for all drivers
Logical File System Modules: Actually there are many different systems, each with its own control module.
4. File system independent module: This is an abstract not only for file system types but also for all drivers. Who can program the driver for DOS probably remember all drivers refer to the two types of block type each read or write are followed by block data such as but the disk and character type each read and write 1 character as keyboard printers and so on
Finally, system call system call functions for VFS

NET structure

NET allows Linux to connect to other systems by networking. Everyone knows the network is a lot of devices and network protocols. NET abstract all allow other parts to be accessible over the network without regard to the devices and protocols used

NET has 5 modules
1. Drivers for network devices, per module for each type of device
2. Module-independent device: abstract all network devices
3. Network protocol modules: each module for each type of transmission protocol
4. Stand-alone network protocol module: abstract for all network protocol modules and drivers.
5. System call

Booting Here we analyze only the i386 PC system and the other is unknown :)
There are 6 steps to start the computer
1. The BIOS program selects the boot device
2. The BIOS program reads bootsector from boot device to memory
3. Transfer control over to the bootsector program, which reads the setup, the extracted programs, and the compressed kernel image.
4. The kernel will be unzipped in protected mode
Low level start by assembly code
6. Boot high level for C code

Step 1: BIOS POST (BIOS Boot)
According to the first design of the computer - Turing machine, a computer is a device that allows running the right program. Casio calculators also run a calculator program. The tape machines run the same paper so you load the program manually into the end run and then reload other programs. The very latest Pent4 PCs also allow only one program to run. However, this program is capable of loading other, more complex programs (as opposed to older handloads) and then passing control over them to continue executing commands until the computer shuts down. calculated. This initial program is called a boot program, so it is convenient to load it into the BIOS and attach it to the PC system.
The purpose of the boot program is to load the operating system program (OS). OS will be infinite loop program waiting for the user's command to load the application, when the application ends, the right to return to the OS ... OS is still waiting to load other programs. From the ability to run only one program was invented the operating system is a program that allows automatic loading of other programs to help computers have greater capacity.
BIOS ----- & gt; OS -------- & gt; Application
................... | ____________ |

a. When power is turned on, the power supply will run the pulse generator (the rhythm meter - the membrane's Hetz speed depends on the meter), and the POWERGOOD signal is sent to the bus informing the devices in the PC.
b. At the same time #RESET line of CPU on, CPU boot in real mode (8086)
c. Registers% ds =% es =% fs =% gs = 0,% cs = 0xFFFF,% ip = FFF0
d. Device running test program (RAM value running on the screen)
e. The interrupt table is started at 0
f. The Bootstrap Loader BIOS program runs through int 0x19% dl = boot drive letter. This program loads track 0 sector 1 (boot sector) to address 0x7C00


Conclude:

But Linux is built on the usual operating system concepts, but Linux programmers try to split into multiple classes. The following class is abstract for the previous class. This allows many different people to work together on different sections where the system remains consistent and stable.

This part is mainly from the Conceptual Architecture of the Linux Kernel http://plg.uwaterloo.ca/~itbowman/CS746G/a1/. That is the conceptual structure. We will go into the details in later sections. I do not see anyone read and have comments that I can say right hixhixhix, this is a bit difficult.

Favorites:
Here are the technical terms of computer structure, I can not explain thoroughly because it will take a lot of time.

Bootsector and setup part Hard disk and floppy disk write data in tracks are concentric circles. The drive's discourse does not read or write a bit or 1 byte of data but rather a segment of a track, learning geometry that knows a segment on a circle called a sector. Each sector usually stores 512 bytes.
The first track, called track 0 on a floppy disk, is located in a large round hole. The first sector of sector 0 of track 0 (number slightly but remembered) called bootsector because it will be BIOS load when boot. The entire soft startup program 512bytes is in this sector.

Now download the source code of linux kernel 2.4 from the 34k irrevocable www.kernel.org site from the Linux installation disk.
Open file: arch / i386 / boot / bootsect.S. This is the source code written in assembly language for Linux bootsector.

Here the Linux programmer notes quite well (unlike the source code of Vietnam :)).
1. Copy the 512 bytes bootsector from the starting position that the BIOS POST uploads to 0x7C0: 0 to the final location of the conventional memory area 0x9000: 0, then jmp to it. This site does not understand the intent of the programmer because the DOS boot program does not do so. Perhaps the fast 0x7C00 memory space will be overwritten by later uploads.
2. Stack is removed from the middle of segment 0x9000
3. Initialize the disk parameters table. The hardware of the active disk depends on this parameter table. By default, there is a parameter table in the BIOS, but many BIOSes only set the read sector by bit. Linux programmer sets up multiple sector reads at the same time to speed up the OS load. This parameter table is copied just below the stack (the stack is upside down, ensuring no rows are present), including 12 bytes. Bytes 0x4 is the data that contains the number of sectors maxium read at the same time to be patched 36-36 is the number of sectors in a track of the 2.88M drive, so high set but the type of drive the actual value will be different; Extracted from the developer's note "high does not hurt but low does."
Calculates the number of sectors on a track. In the past, this was a headache for bootvirus writers. There is almost no exact way this with the FAT12 and FAT16 definitions. But how to solve the Linux programmer this is also good. Reads the highest sectors of a drive. 36 is 2.88M. 18 is commonly used. 15 is as big as rice paper and 9 is 760K also so big as only 1 face only. There is a 1.44M disk error in sector 18, Linux does not understand it is 1.2M star :), which ruins any sector in track 0 is considered thrown.
At this point Linux will print the text: "Loading" on the screen
5. The Linux setup program in the next bootsector sector will be loaded immediately after the bootsector: 0x90200. The number of sectors for the default setup is 4. Each time a track reads the dot, it prints the dot to the screen.
Next, the compressed kernel image system will load at 0x10000 - leaving 64K low memory. The default size is 0x7F00 in 16-bytes = 508K. Linux also has a big kernel configuration, where the kernel image will exceed 640K conventional memory. Then, in the setup code, the bootsect_kludge function located at offset 0x220 is responsible for loading the kernel into high memory.
Finish the download of the setup and the system, and the setup program will be run at segment 0x9020

Open file: arch / i386 / boot / setup.S. This is the source code written in assembly language for Linux setup.
1. This setup can be loaded by different loader boots. It is just the standard loader of Linux, but LILO or Loadin. Start the setup check to see if it is fully loaded. Should not it will try to reload enough. If it still does not get it error "wrong loader. Can not do ..."
2. Check the memory size. But we mentioned high memory of the computer (from 640K up) is quite complex. Linux uses three different ways to detect. The first is E820h, using the function ax = E820, int 15h to test. If we use the function ax = E801h, int 15h. Finally, using the ax = 8800h, int 15h this is the classic way for memory under 64M.
3. Next setup calls the video function in the video file. Here is the assembly code to detect the graphics mode
Get the harddisks disk parameter table. These tables are in the BIOS, during the BIOS detecting device or you manually set the BIOS table. After BIOS POST process, the position of the tables are located at 0: (4 1 AzSoft_watermark_big.png AzSoft_watermark_small.png curved-listening? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink. txt imglist.txt img.AzSoft.com label: Some Text link_original.txt LINK.txt log.txt name.txt news meta_desc.txt t-142 619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg testimg3.jpg. jpg thumb heart-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult .txt tmptrans.txt transresult.txt 41h wm.AzSoft.com www.mailenable.com www.microsoft.com) for hd0 and 0: (4 1 AzSoft_watermark_big.png AzSoft_watermark_small.png curved-listening? p = 1 des.txt en_metadesc .txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt LINK.txt log.txt name.txt news meta_desc.txt t-142 619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg thumb testimg.jpg heart-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc7 tmpdesc6.txt. tmp tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www.microsoft.com 46h) for hd1.
5. Check MCA bus by c0h function of int 15h
6. Check PS / 2 mouse for int 11h
7. Check APM bios: this way do not know
8. Set protected mode. Switch from real mode to protected mode


Protected mode.
It is difficult to define what is protected mode. We return to the 8086 CPU era. The 8086 includes 16-bit registers (2 bytes).
AX: Accumulate - accumulates because ax usually stores the result of mathematical calculations.
BX: Base - base register because bx is usually used to locate [bx + ??]
CX: Count - register counts because cx usually contains counts in loop rep commands
DX: Data - data register because dx usually contains data in mathematical calculations
SI, DI: source index, destination index-index register the source address and destination address
SP: stack pointer: stack pointer register
IP: intruction pointer: pointer register pointer
BP: base pointer: base pointer register that uses stack frame in higher level language structure.
CS: code segment: command register
DS: data segment: data segment register
ES: extra segment: data segment register
SS: stack segment: register stack

To identify a location in memory requires two pairs of seg and index registers:
CS: IP pointer to the code to execute
DS: SI: Pointer data source address
ES: DI: pointer to the destination data
SS: SP: Stack pointer
SS: BP: stack frame pointer

8086 will not distinguish between memory, data, or stack. If CS = DS then the code is also the data whose data is also the code. Also, there is no limit to what you can do to read, execute, or modify code and data all in memory. DOS kernel instance uploaded to memory area 0x40000, Interupt table 0x0, can be changed by any normal program. Obviously, 8086 is only suitable for one user system.

Starting from 80286 16 bit protected mode and 80386 CPU 32 bit protected mode. All future Intel CPUs to Pent IVs share the same protected architecture, which is called the i386.

In protected mode, computer memory is strictly protected from accessing controlled CPU hardware. At this point 1 address is defined by a 16-bit segment selector register and a 32-bit index. There are 6 segment selector registers cs, ss, ds, es, gs, fs. write the segment at 8086 in the segment register that directly determines the memory area and the segment selector registers a segment descriptor in the descriptor table. Then the value in the new descriptor segment helps us to determine the physical memory.
Memory table:
Computer memory is broken down into sections. The way to divide the memory is described in a description table. (If you can not figure it out, remember to split the hard drive into multiple logical disks that need the partion table, which describes how to split the disk.) There are two types of descriptors - the Global Descriptor Table (GDT) and the LDT (Local Descriptor Table). Only one GDT table is built in memory and the location of this table is contained in the gdtr register of the CPU. Each process will have its own LDT table describing how to allocate it to the process itself - of course, the memory area that it reserves. The LDT address is in the ldtr register. Every time the swap process just load ldtr then there will be a memory partition for that process ...
Each paragraph is described by 8 bytes in the description. Include:
32 bits Base: is the flat address of the first byte of the segment in the 4G memory
G 1-bit flag: These are the dimensions of segment 0 in bytes, 1 in by 4096 bytes
20 bits Limit: is the segment size if G = 0, the segment size = 1bytes-1Mbyte (2 ^ 20) if G = 1, the segment size = 4K-4G
4. One S flag: S = 0: kernel section, S = 1: normal segment
Type 4: The following types of code are available: Code, Data, Task State. This is a special section only in GDT that refers to where the data is associated with the task. When SCHED wants the swap task to be read here is to restore the values ​​of the task. The Local Descriptor Table is also a special section on LDTs ​​of tasks and is only available in GDT.
6. 2 bits DPL: Lowest access to this segment. The i386 CPU for the 4 levels of 0 is the highest equivalent of the kernel. The other 3 are User Application. If DPL for a segment is 0 then the application user can not access this segment.
7. The remaining bits are not used.
The segment selector registers (cs, ds, ss, es, gs, fs)
Whenever a value is set in a segment selector register, the CPU will find the corresponding 8 bytes of the selector loaded into the internal register. Therefore, addressing does not require frequent access to GDT or LDT. Each segment selector has 16 bits in it:
1. 13 bits of index: only 1 item in GDT or LDT
2. flag 1 bit TI: 0: this paragraph in GDT, 1: this paragraph in LDT
2 bits RPL: ​​0-3 is only required to access this segment only works with CS According to Intel documentation, when a process set CS register, RPL can load at lower or equal level process has rights. As far as I understand, a process kernel can run a code with lower privileges such as set RPL = 3.

So one address will be the Base of that segment + the value of the index register (ebx, esi, edi etc.) but I usually see 32bit programs usually set the base of all the segments = 0 out.
The first item of the description table is always 0, so if a segment selector = 0 then it will be invalid. Because 1 selector segment has 13 bit indices, the maximum number of segments in the descriptor table is 2 ^ 13 -1 = 8191.

Linux Protected Mode.
If you stumble upon the complexity of the protected mode mode, it's a blessing for you and for the Linux programmer that nobody will implement it. Like Windows, Linux also offers simple mode protection only two levels of 0 for the kernel and 3 for the user application. The problem is compatible with other CPU architectures too. All Linux distributions using GDT do not need LDT. There is only one GDT table including:
1. Null
2. Kernel Code Segment: Contains the kernel code. Base = 0. Limit = 0xFFFF. G = 1. S = 1. Type = A can read and execute (not modify). DPL = 0 Kernel mode only.
3. Kernel Data Segment: Contains kernel data. Base = 0. Limit = 0xFFFF.G = 1.S = 1. Type = 2 can read and write (not executable). DPL = 0
User Code Segment: Contains a code segment for all user progroups. Base = 0. Limit = 0xFFFF.G = 1.S = 1. Type = A. DPL = 3
User Data Segment: Contains data segment for all user processes. Base = 0. Limit = 0xFFFF.G = 1.S = 1. Type = 2. DPL = 3
6. Default null LDT
There are also 4 segments for APM (advenced power mangement), 4 segments for sale.
Each process will have a TSS Segment here: Base will now be the address of the process table. G = 0. Limit = 236 so that each segment will have 236 bytes. DPL = 0 Kernel only. Each process has an LDT segment. Default is null to indicate that LDT is not used. If you like it, you have to write it yourself. GDT has a maximum of 2 ^ 13 of 8192 entries. Except for 14 system entries, 8178/2 = 4089 processes. So Linux can not have more than 4089 proccess.

copy right: vol2 & nbsp; - ThanBai777