pptx
advertisement
CS194-24
Advanced Operating Systems
Structures and Implementation
Lecture 17
Device Drivers
April 8th, 2013
Prof. John Kubiatowicz
http://inst.eecs.berkeley.edu/~cs194-24
Goals for Today
• SLAB allocator
• Devices and Device Drivers
Interactive is important!
Ask Questions!
Note: Some slides and/or pictures in the following are
adapted from slides ©2013
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.2
Review: Clock Algorithm (Not Recently Used)
Single Clock Hand:
Advances only on page fault!
Check for pages not used recently
Mark pages as not used recently
Set of all pages
in Memory
• What if hand moving slowly?
– Good sign or bad sign?
» Not many page faults and/or find page quickly
• What if hand is moving quickly?
– Lots of page faults and/or lots of reference bits set
• One way to view clock algorithm:
– Crude partitioning of pages into two groups: young and old
– Why not partition into more than 2 groups?
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.3
Review: Second-Chance List Algorithm
(VAX/VMS)
Directly
Mapped Pages
LRU victim
Second
Chance List
Marked: RW
List: FIFO
Marked: Invalid
List: LRU
Page-in
From disk
New
Active
Pages
New
SC
Victims
• Split memory in two: Active list (RW), SC list (Invalid)
• Access pages in Active list at full speed
• Otherwise, Page Fault
– Always move overflow page from end of Active list to
front of Second-chance list (SC) and mark invalid
– Desired Page On SC List: move to front of Active list,
mark RW
– Not on SC list: page in to front of Active list, mark RW;
page out LRU victim at end of SC list
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.4
Free List
Single Clock Hand:
Advances as needed to keep
freelist full (“background”)
Set of all pages
in Memory
D
D
Free Pages
For Processes
• Keep set of free pages ready for use in demand paging
– Freelist filled in background by Clock algorithm or other
technique (“Pageout demon”)
– Dirty pages start copying back to disk when enter list
• Like VAX second-chance list
– If page needed before reused, just return to active set
• Advantage: Faster for page fault
– Can always use page (or pages) immediately on fault
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.5
Reverse Page Mapping (Sometimes called “Coremap”)
• Physical page frames often shared by many different
address spaces/page tables
– All children forked from given process
– Shared memory pages between processes
• Whatever reverse mapping mechanism that is in
place must be very fast
– Must hunt down all page tables pointing at given page
frame when freeing a page
– Must hunt down all PTEs when seeing if pages “active”
• Implementation options:
– For every page descriptor, keep linked list of page
table entries that point to it
» Management nightmare – expensive
– Linux 2.6: Object-based reverse mapping
» Link together memory region descriptors instead (much
coarser granularity)
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.6
What Actually Happens in Linux?
• Memory management in Linux considerably more complex
that the previous indications
• Memory Zones: physical memory categories
– ZONE_DMA: < 16MB memory, DMAable on ISA bus
– ZONE_NORMAL: 16MB 896MB (mapped at 0xC0000000)
– ZONE_HIGHMEM: Everything else (> 896MB)
• Each zone has 1 freelist, 2 LRU lists (Active/Inactive)
• Many different types of allocation
– SLAB allocators, per-page allocators, mapped/unmapped
• Many different types of allocated memory:
– Anonymous memory (not backed by a file, heap/stack)
– Mapped memory (backed by a file)
• Allocation priorities
– Is blocking allowed/etc
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.7
Linux Virtual memory map
1GB
896MB
Physical
Kernel
Addresses
0xC0000000
128TiB
0xFFFFFFFFFFFFFFFF
0xFFFFFFFF
64 TiB
Physical
0xFFFF800000000000
3GB Total
“Canonical Hole”
User
Addresses
Empty
Space
128TiB
0x00007FFFFFFFFFFF
User
Addresses
0x0000000000000000
0x00000000
32-Bit Virtual Address Space
4/8/13
Kernel
Addresses
64-Bit Virtual Address Space
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.8
Virtual Map (Details)
• Kernel memory not generally visible to user
– Exception: special VDSO facility that maps kernel code into user
space to aid in system calls (and to provide certain actual
system calls such as gettimeofday().
• Every physical page described by a “page” structure
– Collected together in lower physical memory
– Can be accessed in kernel virtual space
– Linked together in various “LRU” lists
• For 32-bit virtual memory architectures:
– When physical memory < 896MB
» All physical memory mapped at 0xC0000000
– When physical memory >= 896MB
» Not all physical memory mapped in kernel space all the time
» Can be temporarily mapped with addresses > 0xCC000000
• For 64-bit virtual memory architectures:
– All physical memory mapped above 0xFFFF800000000000
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.9
Allocating Memory
• One mechanism for requesting pages: everything else
on top of this mechanism:
– Allocate contiguous group of pages of size 2order bytes
given the specified mask:
struct page * alloc_pages(gfp_t gfp_mask,
unsigned int order)
– Allocate one page:
struct page * alloc_page(gfp_t gfp_mask)
– Convert page to logical address (assuming mapped):
void * page_address(struct page *page)
• Also routines for freeing pages
• Zone allocator uses “buddy” allocator that trys to
keep memory unfragmented
• Allocation routines pick from proper zone, given flags
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.10
Allocation flags
• Possible allocation type flags:
– GFP_ATOMIC:
– GFP_NOWAIT:
– GFP_NOIO:
– GFP_NOFS:
– GFP_KERNEL:
– GFP_USER:
– GFP_HIGHMEM:
– GFP_DMA
4/8/13
Allocation high-priority and must never
sleep. Use in interrupt handlers, top
halves, while holding locks, or other times
cannot sleep
Like GFP_ATOMIC, except call will
not fall back on emergency memory
pools. Increases likely hood of failure
Allocation can block but must not
initiate disk I/O.
Can block, and can initiate disk I/O,
but will not initiate filesystem ops.
Normal allocation, might block. Use in
process context when safe to sleep.
This should be default choice
Normal allocation for processes
Allocation from ZONE_HIGHMEM
Allocation from ZONE_DMA. Use in
combination with a previous flag
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.11
Page Frame Reclaiming Algorithm (PFRA)
• Several entrypoints:
– Low on Memory Reclaiming: The kernel detects a “low on
memory” condition
– Hibernation reclaiming: The kernel must free memory because
it is entering in the suspend-to-disk state
– Periodic reclaiming: A kernel thread is activated periodically
to perform memory reclaiming, if necessary
• Low on Memory reclaiming:
– Start flushing out dirty pages to disk
– Start looping over all memory nodes in the system
» try_to_free_pages()
» shrink_slab()
» pdflush kenel thread writing out dirty pages
• Periodic reclaiming:
– Kswapd kernel threads: checks if number of free page
frames in some zone has fallen below pages_high watermark
– Each zone keeps two LRU lists: Active and Inactive
4/8/13
» Each page has a last-chance algorithm with 2 count
» Active page lists moved to inactive list when they have been
idle for two cycles through the list
» Pages reclaimed from Inactive list
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.12
SLAB Allocator
• Replacement for free-lists that are hand-coded by users
– Consolidation of all of this code under kernel control
– Efficient when objects allocated and freed frequently
Obj 1
SLAB
Obj 2
Obj 3
Cache
Obj 4
SLAB
• Objects segregated into “caches”
Obj 5
– Each cache stores different type of object
– Data inside cache divided into “slabs”, which are continuous
groups of pages (often only 1 page)
– Key idea: avoid memory fragmentation
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.13
SLAB Allocator Details
• Based on algorithm first introduced for SunOS
– Observation: amount of time required to initialize a
regular object in the kernel exceeds the amount of time
required to allocate and deallocate it
– Resolves around object caching
» Allocate once, keep reusing objects
• Avoids memory fragmentation:
– Caching of similarly sized objects, avoid fragmentation
– Similar to custom freelist per object
• Reuse of allocation
– When new object first allocated, constructor runs
– On subsequent free/reallocation, constructor does not
need to be reexecuted
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.14
SLAB Allocator: Cache Construction
• Creation of new Caches:
struct kmem_cache * kem_cache_create(const char *name,
size_t size,
size_t align,
unsigned long flags,
void (*ctor)(void *));
–
–
–
–
name: name of cache
size: size of each element in the cache
align: alignment for each object (often 0)
flags: possible flags about allocation
» SLAB_HWCACHE_ALIGN: Align objects to cache lines
» SLAB_POISON: Fill slabs to known value (0xa5a5a5a5) in
order to catch use of uninitialized memory
» SLAB_RED_ZONE: Insert empty zones around objects to
help detect buffer overruns
» SLAB_PANIC: Allocation layer panics if allocation fails
» SLAB_CACHE_DMA: Allocations from DMA-able memory
» SLAB_NOTRACK: don’t track uninitialized memory
– ctor: called whenever new pages are added to the cache
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.15
SLAB Allocator: Cache Use
• Example:
task_struct_cachep =
kmem_cache_create(“task_struct”,
sizeof(struct task_struct),
ARCH_MIN_TASKALIGN,
SLAB_PANIC | SLAB_NOTRACK,
NULL);
• Use of example:
struct task_struct *tsk;
tsk = kmem_cache_alloc(task_struct_cachep, GFP_KERNEL);
if (!tsk)
return NULL;
kmem_free(task_struct_cachep,tsk);
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.16
SLAB Allocator Details (Con’t)
• Caches can be later destroyed with:
int kmem_cache_destroy(struct kmem_cache *cachep);
– Assuming that all objects freed
– No one ever tries to use cache again
• All caches kept in global list
– Including global caches set up with objects of powers of
2 from 25 to 217
– General kernel allocation (kmalloc/kfree) uses least-fit
for requested cache size
• Reclamation of memory
– Caches keep sorted list of empty, partial, and full slabs
» Easy to manage – slab metadata contains reference count
» Objects within slabs linked together
– Ask individual caches for full slabs for reclamation
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.17
Alternatives for allocation
• A number of options in the kernel for object
allocation:
– SLAB: original allocator based on Bonwick’s paper
from SunOS
– SLUB: Newer allocator with same interface but
better use of metadata
» Keeps SLAB metadata in the page data structure
(for pages that happen to be in kernel caches)
» Debugging options compiled in by default, just need
to be enabled
– SLOB: low-memory footprint allocator for
embedded systems
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.18
Kernel Device Structure
The System Call Interface
Process
Management
Memory
Management
Filesystems
Device
Control
Concurrency,
multitasking
Virtual
memory
Files and dirs:
the VFS
TTYs and
device access
File System
Types
Architecture
Dependent
Code
4/8/13
Memory
Manager
Block
Devices
Networking
Connectivity
Network
Subsystem
Device
Control
Kubiatowicz CS194-24 ©UCB Fall 2013
IF drivers
Lec 17.19
Modern I/O Systems
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.20
Virtual Bus Architecture
Memory
Bus
RAM
CPU
PCI #0
PCI Bridge
PCI #1
PCI Slots
USB
Controller
SCSI
Controller
Root
Hub
Hub
Mouse
4/8/13
Webcam
CD ROM
Scanner
Hard
Disk
Keyboard
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.21
SandyBridge I/O: PCH
• Platform Controller Hub
– Used to be
“SouthBridge,” but no
“NorthBridge” now
– Connected to processor
with proprietary bus
» Direct Media
Interface
– Code name “Cougar
Point” for SandyBridge
processors
• Types of I/O on PCH:
SandyBridge
System Configuration
4/8/13
–
–
–
–
–
USB
Ethernet
Audio
BIOS support
More PCI Express (lower
speed than on Processor)
– Sata (for Disks)
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.22
Why Device Drivers?
• Many different devices, many different properties
– Devices different even within class (i.e. network card)
» DMA vs Programmed I/O
» Processing every packet through device driver vs setup of
packet filters in hardware to sort packets automatically
» Interrupts vs Polling
» On device buffer management, framing options (e.g.
jumbo frames), error management, …
» Authentication mechanism, etc
– Provide standardized interfaces to computer users
» Socked interface with TCP/IP
• Factor portion of codebase specific to a given device
– Device manufacturer can hide complexities of their
device behind standard kernel interfaces
– Also: Device manufacturer can fix quirks/bugs in their
device by providing new driver
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.23
The Goal of the I/O Subsystem
• Provide Uniform Interfaces, Despite Wide Range of
Different Devices
– This code works on many different devices:
FILE fd = fopen(“/dev/something”,”rw”);
for (int i = 0; i < 10; i++) {
fprintf(fd,”Count %d\n”,i);
}
close(fd);
– Why? Because code that controls devices (“device
driver”) implements standard interface.
• We will try to get a flavor for what is involved in
actually controlling devices in rest of lecture
– Can only scratch surface!
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.24
Want Standard Interfaces to Devices
• Block Devices: e.g. disk drives, tape drives, DVD-ROM
–
–
–
–
Access blocks of data
Commands include open(), read(), write(), seek()
Raw I/O or file-system access
Memory-mapped file access possible
• Character Devices: e.g. keyboards, mice, serial ports,
some USB devices
– Single characters at a time
– Commands include get(), put()
– Libraries layered on top allow line editing
• Network Devices: e.g. Ethernet, Wireless, Bluetooth
– Different enough from block/character to have own
interface
– Unix and Windows include socket interface
» Separates network protocol from network operation
» Includes select() functionality
– Usage: pipes, FIFOs, streams, queues, mailboxes
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.25
How Does User Deal with Timing?
• Blocking Interface: “Wait”
– When request data (e.g. read() system call), put
process to sleep until data is ready
– When write data (e.g. write() system call), put process
to sleep until device is ready for data
• Non-blocking Interface: “Don’t Wait”
– Returns quickly from read or write request with count of
bytes successfully transferred
– Read may return nothing, write may write nothing
• Asynchronous Interface: “Tell Me Later”
– When request data, take pointer to user’s buffer, return
immediately; later kernel fills buffer and notifies user
– When send data, take pointer to user’s buffer, return
immediately; later kernel takes data and notifies user
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.26
How does the processor actually talk to the device?
Processor Memory Bus
CPU
Interrupt
Controller
Bus
Adaptor
Other Devices
or Buses
Regular
Memory
Bus
Adaptor
Address+
Data
Interrupt Request
Device
Controller
Bus
Interface
• CPU interacts with a Controller
– Contains a set of registers that
can be read and written
– May contain memory for request
queues or bit-mapped images
Hardware
Controller
read
Addressable
write
Memory
control
status
and/or
Registers
Queues
(port 0x20)
Memory Mapped
Region: 0x8f008020
• Regardless of the complexity of the connections and
buses, processor accesses registers in two ways:
– I/O instructions: in/out instructions
» Example from the Intel architecture: out 0x21,AL
– Memory mapped I/O: load/store instructions
» Registers/memory appear in physical address space
» I/O accomplished with load and store instructions
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.27
Example: Memory-Mapped Display Controller
• Memory-Mapped:
– Hardware maps control registers
and display memory into physical
address space
» Addresses set by hardware jumpers
or programming at boot time
– Simply writing to display memory
(also called the “frame buffer”)
changes image on screen
» Addr: 0x8000F000—0x8000FFFF
– Writing graphics description to
command-queue area
» Say enter a set of triangles that
describe some scene
» Addr: 0x80010000—0x8001FFFF
0x80020000 Graphics
Command
Queue
0x80010000
0x8000F000
0x0007F004 Command
0x0007F000 Status
– Writing to the command register
may cause on-board graphics
hardware to do something
» Say render the above scene
» Addr: 0x0007F004
• Can protect with page tables
4/8/13
Display
Memory
Kubiatowicz CS194-24 ©UCB Fall 2013
Physical Address
Space
Lec 17.28
Transfering Data To/From Controller
• Programmed I/O:
– Each byte transferred via processor in/out or load/store
– Pro: Simple hardware, easy to program
– Con: Consumes processor cycles proportional to data size
• Direct Memory Access:
– Give controller access to memory bus
– Ask it to transfer data to/from memory directly
• Sample interaction with DMA controller (from book):
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.29
I/O Device Notifying the OS
• The OS needs to know when:
– The I/O device has completed an operation
– The I/O operation has encountered an error
• I/O Interrupt:
– Device generates an interrupt whenever it needs service
– Handled in top half of device driver
» Often run on special kernel-level stack
– Pro: handles unpredictable events well
– Con: interrupts relatively high overhead
• Polling:
– OS periodically checks a device-specific status register
» I/O device puts completion information in status register
» Could use timer to invoke lower half of drivers occasionally
– Pro: low overhead
– Con: may waste many cycles on polling if infrequent or
unpredictable I/O operations
• Actual devices combine both polling and interrupts
– For instance: High-bandwidth network device:
» Interrupt for first incoming packet
» Poll for following packets until hardware empty
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.30
Device Drivers
• Device Driver: Device-specific code in the kernel that
interacts directly with the device hardware
– Supports a standard, internal interface
– Same kernel I/O system can interact easily with
different device drivers
– Special device-specific configuration supported with the
ioctl() system call
• Linux Device drivers often installed via a Module
– Interface for dynamically loading code into kernel space
– Modules loaded with the “insmod” command and can
contain parameters
• Driver-specific structure
– One per driver
– Contains a set of standard kernel interface routines
»
»
»
»
»
Open: perform device-specific initialization
Read: perform read
Write: perform write
Release: perform device-specific shutdown
Etc.
– These routines registered at time device registered
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.31
Interrupt handling
• Interrupt routines typically divided into two pieces:
– Top half: run as interrupt routine
»
»
»
»
Gets input or transfers next block of output
Handles any direct access to hardware
Handles any time-sensitive aspects of handling interrupts
Runs in the ATOMIC Context (cannot sleep)
– Bottom half: accessed later to finish processing
» Perform any interrupt-related work not performed by the
interrupt handler itself
» Scheduled “later” with interrupts re-enabled
» Some options for bottom halves can sleep
• Since you typically have two halves of code, must
remember to synchronize shared data
– Since interrupt handler is running in interrupt (ATOMIC)
context, cannot sleep!
– Good choice: spin lock to synchronize data structures
– Must be careful never to hold spinlock for too long
» When non-interrupt code holds a spinlock, must make sure
to disable interrupts!
» Consider “spin_lock_irqsave()” or “spin_lock_bh()” variants
4/8/13
– Consider lock free queue variants as well
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.32
Options for Bottom Half
• Bottom Half used for handling work after interrupt is reenabled (i.e. deferred work):
– Perform any interrupt-related work not performed by the
interrupt handler
– Ideally most of the work
– What to minimize amount of work done in an interrupt
handler because they run with interrupts disabled
• Many different mechanisms for handling bottom halves
– Original “Bottom Half” (deprecated)
– Task Queues
» Put work on a task queue for later execution
– Softirqs are statically defined bottom halves that can run
simultaneously on any processor
– Tasklets: dynamically created bottom halves built on top of
softirq mechanism
» Only one of each type of tasklet can run at given time
» Simplifies synchronization
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.33
Life Cycle of An I/O Request
User
Program
Kernel I/O
Subsystem
Device Driver
Bottom Half
Device Driver
Top Half
Device
Hardware
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.34
Summary (1/2)
• Clock Algorithm: Approximation to LRU
– Arrange all pages in circular list
– Sweep through them, marking as not “in use”
– If page not “in use” for one pass, than can replace
• Nth-chance clock algorithm: Another approx LRU
– Give pages multiple passes of clock hand before replacing
• Second-Chance List algorithm: Yet another approx LRU
– Divide pages into two groups, one of which is truly LRU
and managed on page faults
• Reverse Page Mapping
– Efficient way to hunt down all PTEs associated with given
page frame
• SLAB Allocator: Kernel mechanism for handling efficient
allocation of objects while minimizing initialization
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.35
Summary (2/2)
• I/O Devices Types:
– Many different speeds (0.1 bytes/sec to GBytes/sec)
– Different Access Patterns:
» Block Devices, Character Devices, Network Devices
– Different Access Timing:
» Blocking, Non-blocking, Asynchronous
• I/O Controllers: Hardware that controls actual
device
– Processor Accesses through I/O instructions,
load/store to special physical memory
– Report their results through either interrupts or a
status register that processor looks at occasionally
(polling)
• Notification mechanisms
– Interrupts
– Polling: Report results through status register that
processor looks at periodically
• Device Driver: Code specific to device which handles
unique aspects of device
4/8/13
Kubiatowicz CS194-24 ©UCB Fall 2013
Lec 17.36
