在bootloader过程中,内核会被调入到物理地址0x100000(1M),开始执行的是head.S,在这段指令的执行中,Paging会被激活,之后内核跳到PAGE_OFFSET+some_address,开始执行start_kernel(start_kernel()将不会执行,直到Paging被激活??)。start_kernel()会初始化所有的内核数据,并且开始init内核线程的运行。对MMU的初始化,是在setup_arch()里完成的,这个函数是平台相关的,主要完成底层的初始化,首先,此函数会计算总共的Low-memory和High-memory的页数(在setup_memory()里完成),接下来,setup_arch()调用init_bootmem()来初始化boot-time内存分配器(也称之为bootmem分配器),此分配器的工作是为内核的初始化和永久数据提供内存页,在boot之后,这些页是不参与MMU的管理的。 (如果这些页是固定地址的,地址是如何分配的??)
在setup_arch()里,内核页表的初始化是调用paging_init()完成的。首先,内核尽可能地将所有的物理内存影射到PAGE_OFFSET(3G)与4G之间。内核页表是存在于swapper_pg_dir,是表示一种影射关系,也称之为内核页目录。目录里的页主要用于初始化Paging,在系统启动的时候。
接一下来,内核调用fixrange_init()来分配一些页表给预编译阶段就所需的虚存,其方法是set_fixmap(). 这些fixmap表会在运行时被影射到物理页上。
初始化fixmaps后,如果CONFIG_HIGHMEM被设置,内核会分配一些页表给kmap()分配器。kmap()分配器可以让内核映射任意物理页到内核虚拟地址空间,作为临时使用。
fixmap和kmap页表占据了内核虚拟空间里最顶端的部分,有最大128M在内核虚空间的顶部将为此保留。所以,所有物理页其被映射后的虚存地址如果高于4G-128M(即如果访问大于896M的物理内存),将会当作HIGHMEMzone的操作来处理(当然,前提是CONFIG_HIGMEM开关被打开)。内核访问HIGHMEM的页,需要通过kmap()来存取。如果CONFIG_HIGMEM开关未打开,这部分物理页将访问不到,只是浪费而已,对2.4的最近版本,此开关是缺省打开的。
最后,对kmap/zone分配器进行初始化,然后是调用free_area_init()建立mem_map和Buddy free_lists, 此时,所有的free_list项都被初始化成空,并且标记为保留(即暂时VM还不能存取??)
3.setup_arch()是在start_kernel()里被调用的,paging_init()是在setup_arch()被调用,当paging_init()结束后,其他的一些内核子系统会继续用bootmem分配器申请一些内核内存段...,之后,Buddyfree_lists的保留状态标记将被清除,并释放所有可用的内存页在他们相应的Zone里,最后,free_all_bootmem()被调用,所有被bootmem分配器申请的虚拟页将释放到他们相应的Zone里去。
4. Page Swap and Cache
A user process page is kept in either the page cache or the swapcache, the kernel tries to keep as much as pages remain in the memory,so that page faults can be serviced quickly, but, physical memory isalways limited resources, thus, swap cache can be a better-than-nonereplacement.
Logically, the cache is a layer between the kernel memorymanagement code and the disk I/O code. Practically, the cache heremeans, only freeing the memory has to be necessary, we swap the pagesto disk, otherwize, keeping the pages as long as they can.
The kernel maintains several page lists which comprise the whole page cache:
1. active_list: pages on the list have page->age > 0, may beclean or dirty, and may be mapped by process page-table entries.
2. inactive_dirty_list: pages on the list have page->age == 0, may be clean or dirty, and are not mapped by any process PTE.
3. inactive_clean_list: each zone has its own inactive_clean_list,which contains clean pages whose age == 0, not mapped by any processPTE.
When a page fault is occurred, the kernel first looks for thefault page in the page cache, if found, it can be moved directly to theactive_list.
Overall, the kernel performs the page replacement more like "notrecently used", rather than strict LRU. Furthermore, each page eitherfor an executable image or mmap()ed file is associated with a per-inodecache, allowing the disk file to be used as backing storage for thepage. For those anonymous pages(i.e. the pages like malloc()ed memory)are assigned an entry in the system swap file, and those pages aremaintained in the swap cache.
The life cycle of a user page:
1. Page loading, there are three ways that can lead to a page loaded from the disk.
a. The process attempts to access the page, it is then read inby the page-fault handler and added to the page cache and to theprocess page table.
b. The page is read in during a swap read-ahead operation. Thereason is simple as a cluster of blocks on disk is easy to readsequentially.
c. The page is read in during a mmap cluster read-aheadoperation, in which case a sequential of adjacent pages following thefault page in a mmaped file is read.
2. when the page is written by the process, it becomes dirty. At this point, the page is still on the active_list.
3. suppose the page is not used for a while, thus the page->agecount is gradually reduced by the periodic invocations(actually, theprime is refill_inactive()) of the kernel swap daemon kswapd(). Thefrequence of kswapd() invocations will increase as the memory pressureincreases.
4. if the physical memory is tight, kswapd() will call swap_out()to try to evict pages from the process's virtual address space.Sincethe page hasn't been referenced and has age 0, the PTE will be dropped,and the only remaining reference to the page is the one resulting fromits presence in the page cache (assuming, of course, that no otherprocess has mapped the file in the meantime). swap_out() does notactually swap the page out; rather, it simply removes the process'sreference to the page, and depends upon the page cache and swapmachinery to ensure the page gets written to disk if necessary. (If aPTE has been referenced when swap_out() examines it, the mapped page isaged up - made younger - rather than being unmapped.)
5. Time passes... a little or a lot, depending on memory demand.
6. refill_inactive_scan() comes along, trying to find pages thatcan be moved to the inactive_dirty list. Since the page is not mappedby any process and has age 0, it is moved from the active_list to theinactive_dirty list.
7. Process A attempts to access the page, but it's not present inthe process VM since the PTE has been cleared by swap_out(). The faulthandler calls __find_page_nolock() to try to locate the page in thepage cache, and lo and behold, it's there, so the PTE can beimmediately restored, and the page is moved to the active_list, whereit remains as long as it is actively used by the process.
8. More time passes... swap_out() clears the process 's PTE forthe page, refill_inactive_scan() deactivates the page, moving it to theinactive_dirty list.
9. More time passes... memory gets low.
10. page_launder() is invoked to clean some dirty pages. It findsP on the inactive_dirty_list, notices that it's actually dirty, andattempts to write it out to the disk. When the page has been written,it can then be moved to the inactive_clean_list. The following sequenceof events occurs when page_launder() actually decides to write out apage:
* Lock the page.
* We determine the page needs to be written, so we call the writepagemethod of the page's mapping. That call invokes somefilesystem-specific code to perform an asynchronous write to disk withthe page locked. At that point, page_launder() is finished with thepage: it remains on the inactive_dirty_list, and will be unlocked oncethe async write completes.
* Next time page_launder() is called it will find the page cleanand move it to the inactive_clean_list, assuming no process has foundit in the pagecache and started using it in the meantime.
11. page_launder() runs again, finds the page unused and clean, and moves it to the inactive_clean_list of the page's zone.
12. An attempt is made by someone to allocate a single free pagefrom the page's zone. Since the request is for a single page, it can besatisfied by reclaiming an inactive_clean page; The page is chosen forreclamation. reclaim_page() removes the page from the page cache(thereby ensuring that no other process will be able to gain areference to it during page fault handling), and it is given to thecaller as a free page.
Or:
kreclaimd comes along trying to create free memory. It reclaims the page and then frees it.
Note that this is only one possible sequence of events: a page canlive in the page cache for a long time, aging, being deactivated, beingrecovered by processes during page fault handling and therebyreactivated, aging, being deactivated, being laundered, being recoveredand reactivated...
Pages can be recovered from the inactive_clean and active lists aswell as from the inactive_dirty list. Read-only pages, naturally, arenever dirty, so page_launder() can move them from theinactive_dirty_list to the inactive_clean_list "for free," so to speak.
Pages on the inactive_clean list are periodically examined by thekreclaimd kernel thread and freed. The purpose of this is to try toproduce larger contiguous free memory blocks, which are needed in somesituations.
Finally, note that the page is in essence a logic page, though of course it is instantiated by some particular physical page.
