cs194-24 advanced operating systems structures and implementation lecture 17 device drivers april 8...
TRANSCRIPT
CS194-24Advanced Operating Systems
Structures and Implementation Lecture 17
Device Drivers
April 8th, 2013Prof. John Kubiatowicz
http://inst.eecs.berkeley.edu/~cs194-24
Lec 17.24/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Goals for Today
• SLAB allocator• Devices and Device Drivers
Interactive is important!Ask Questions!
Note: Some slides and/or pictures in the following areadapted from slides ©2013
Lec 17.34/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Review: Clock Algorithm (Not Recently Used)
Set of all pagesin Memory
Single Clock Hand:Advances only on page fault!Check for pages not used recentlyMark pages as not used recently
• What if hand moving slowly?– Good sign or bad sign?
» Not many page faults and/or find page quickly• What if hand is moving quickly?
– Lots of page faults and/or lots of reference bits set
• One way to view clock algorithm: – Crude partitioning of pages into two groups:
young and old– Why not partition into more than 2 groups?
Lec 17.44/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Review: Second-Chance List Algorithm (VAX/VMS)
• Split memory in two: Active list (RW), SC list (Invalid)
• Access pages in Active list at full speed• Otherwise, Page Fault
– Always move overflow page from end of Active list to front of Second-chance list (SC) and mark invalid
– Desired Page On SC List: move to front of Active list, mark RW
– Not on SC list: page in to front of Active list, mark RW; page out LRU victim at end of SC list
DirectlyMapped Pages
Marked: RWList: FIFO
Second Chance List
Marked: InvalidList: LRU
LRU victim
Page-inFrom disk
NewActivePages
Acces
s
NewSCVictims
Overflow
Lec 17.54/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Free List
• Keep set of free pages ready for use in demand paging– Freelist filled in background by Clock algorithm or
other technique (“Pageout demon”)– Dirty pages start copying back to disk when enter
list• Like VAX second-chance list
– If page needed before reused, just return to active set
• Advantage: Faster for page fault– Can always use page (or pages) immediately on
fault
Set of all pagesin Memory
Single Clock Hand:Advances as needed to keep freelist full (“background”)D
D
Free PagesFor Processes
Lec 17.64/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Reverse Page Mapping (Sometimes called “Coremap”)
• Physical page frames often shared by many different address spaces/page tables– All children forked from given process– Shared memory pages between processes
• Whatever reverse mapping mechanism that is in place must be very fast– Must hunt down all page tables pointing at given
page frame when freeing a page– Must hunt down all PTEs when seeing if pages
“active”• Implementation options:
– For every page descriptor, keep linked list of page table entries that point to it
» Management nightmare – expensive– Linux 2.6: Object-based reverse mapping
» Link together memory region descriptors instead (much coarser granularity)
Lec 17.74/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
What Actually Happens in Linux?
• Memory management in Linux considerably more complex that the previous indications
• Memory Zones: physical memory categories– ZONE_DMA: < 16MB memory, DMAable on ISA bus– ZONE_NORMAL: 16MB 896MB (mapped at 0xC0000000)– ZONE_HIGHMEM: Everything else (> 896MB)
• Each zone has 1 freelist, 2 LRU lists (Active/Inactive)• Many different types of allocation
– SLAB allocators, per-page allocators, mapped/unmapped• Many different types of allocated memory:
– Anonymous memory (not backed by a file, heap/stack)– Mapped memory (backed by a file)
• Allocation priorities– Is blocking allowed/etc
Lec 17.84/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Linux Virtual memory map
KernelAddresse
s
EmptySpace
UserAddresse
sUser
Addresses
KernelAddresse
s
0x00000000
0xC0000000
0xFFFFFFFF
0x0000000000000000
0x00007FFFFFFFFFFF
0xFFFF800000000000
0xFFFFFFFFFFFFFFFF
3G
B T
ota
l
128TiB
1G
B
128TiB
896MBPhysical 64 TiB
Physical
32-Bit Virtual Address Space 64-Bit Virtual Address Space
“Canonical Hole”
Lec 17.94/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Virtual Map (Details)
• Kernel memory not generally visible to user– Exception: special VDSO facility that maps kernel code
into user space to aid in system calls (and to provide certain actual system calls such as gettimeofday().
• Every physical page described by a “page” structure– Collected together in lower physical memory– Can be accessed in kernel virtual space– Linked together in various “LRU” lists
• For 32-bit virtual memory architectures:– When physical memory < 896MB
» All physical memory mapped at 0xC0000000– When physical memory >= 896MB
» Not all physical memory mapped in kernel space all the time
» Can be temporarily mapped with addresses > 0xCC000000• For 64-bit virtual memory architectures:
– All physical memory mapped above 0xFFFF800000000000
Lec 17.104/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Allocating Memory
• One mechanism for requesting pages: everything else on top of this mechanism:– Allocate contiguous group of pages of size 2order bytes
given the specified mask:
struct page * alloc_pages(gfp_t gfp_mask, unsigned int order)
– Allocate one page:
struct page * alloc_page(gfp_t gfp_mask)
– Convert page to logical address (assuming mapped):
void * page_address(struct page *page)
• Also routines for freeing pages• Zone allocator uses “buddy” allocator that trys to
keep memory unfragmented• Allocation routines pick from proper zone, given
flags
Lec 17.114/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Allocation flags• Possible allocation type flags:
– GFP_ATOMIC: Allocation high-priority and must never sleep. Use in interrupt
handlers, top halves, while holding locks, or other times cannot sleep
– GFP_NOWAIT: Like GFP_ATOMIC, except call will not fall back on emergency memory pools. Increases likely hood of
failure– GFP_NOIO: Allocation can block but must not
initiate disk I/O. – GFP_NOFS: Can block, and can initiate disk I/O,
but will not initiate filesystem ops.– GFP_KERNEL: Normal allocation, might block. Use
in process context when safe to sleep. This should be default choice
– GFP_USER: Normal allocation for processes– GFP_HIGHMEM: Allocation from ZONE_HIGHMEM– GFP_DMA Allocation from ZONE_DMA. Use in
combination with a previous flag
Lec 17.124/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Page Frame Reclaiming Algorithm (PFRA)
• Several entrypoints:– Low on Memory Reclaiming: The kernel detects a “low on
memory” condition– Hibernation reclaiming: The kernel must free memory
because it is entering in the suspend-to-disk state– Periodic reclaiming: A kernel thread is activated periodically
to perform memory reclaiming, if necessary• Low on Memory reclaiming:
– Start flushing out dirty pages to disk– Start looping over all memory nodes in the system
» try_to_free_pages()» shrink_slab()» pdflush kenel thread writing out dirty pages
• Periodic reclaiming:– Kswapd kernel threads: checks if number of free page
frames in some zone has fallen below pages_high watermark
– Each zone keeps two LRU lists: Active and Inactive» Each page has a last-chance algorithm with 2 count» Active page lists moved to inactive list when they have been
idle for two cycles through the list» Pages reclaimed from Inactive list
Lec 17.134/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
SLAB Allocator
• Replacement for free-lists that are hand-coded by users– Consolidation of all of this code under kernel control– Efficient when objects allocated and freed frequently
• Objects segregated into “caches”– Each cache stores different type of object– Data inside cache divided into “slabs”, which are
continuous groups of pages (often only 1 page)– Key idea: avoid memory fragmentation
Cache
SLAB
SLAB
Obj 1
Obj 2
Obj 3
Obj 5
Obj 4
Lec 17.144/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
SLAB Allocator Details
• Based on algorithm first introduced for SunOS– Observation: amount of time required to
initialize a regular object in the kernel exceeds the amount of time required to allocate and deallocate it
– Resolves around object caching» Allocate once, keep reusing objects
• Avoids memory fragmentation:– Caching of similarly sized objects, avoid
fragmentation – Similar to custom freelist per object
• Reuse of allocation– When new object first allocated, constructor runs– On subsequent free/reallocation, constructor
does not need to be reexecuted
Lec 17.154/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
SLAB Allocator: Cache Construction• Creation of new Caches:struct kmem_cache * kem_cache_create(const char *name,
size_t size, size_t align, unsigned long flags, void (*ctor)(void *));
– name: name of cache– size: size of each element in the cache– align: alignment for each object (often 0)– flags: possible flags about allocation
» SLAB_HWCACHE_ALIGN: Align objects to cache lines» SLAB_POISON: Fill slabs to known value (0xa5a5a5a5) in
order to catch use of uninitialized memory» SLAB_RED_ZONE: Insert empty zones around objects to
help detect buffer overruns» SLAB_PANIC: Allocation layer panics if allocation fails» SLAB_CACHE_DMA: Allocations from DMA-able memory» SLAB_NOTRACK: don’t track uninitialized memory
– ctor: called whenever new pages are added to the cache
Lec 17.164/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
SLAB Allocator: Cache Use
• Example:task_struct_cachep =
kmem_cache_create(“task_struct”, sizeof(struct task_struct),
ARCH_MIN_TASKALIGN, SLAB_PANIC | SLAB_NOTRACK, NULL);
• Use of example:struct task_struct *tsk;
tsk = kmem_cache_alloc(task_struct_cachep, GFP_KERNEL);if (!tsk)
return NULL;
kmem_free(task_struct_cachep,tsk);
Lec 17.174/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
SLAB Allocator Details (Con’t)
• Caches can be later destroyed with: int kmem_cache_destroy(struct kmem_cache *cachep);– Assuming that all objects freed– No one ever tries to use cache again
• All caches kept in global list– Including global caches set up with objects of
powers of 2 from 25 to 217 – General kernel allocation (kmalloc/kfree) uses
least-fit for requested cache size• Reclamation of memory
– Caches keep sorted list of empty, partial, and full slabs
» Easy to manage – slab metadata contains reference count
» Objects within slabs linked together– Ask individual caches for full slabs for reclamation
Lec 17.184/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Alternatives for allocation
• A number of options in the kernel for object allocation:– SLAB: original allocator based on Bonwick’s
paper from SunOS– SLUB: Newer allocator with same interface
but better use of metadata» Keeps SLAB metadata in the page data
structure (for pages that happen to be in kernel caches)
» Debugging options compiled in by default, just need to be enabled
– SLOB: low-memory footprint allocator for embedded systems
Lec 17.194/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Kernel Device Structure
The System Call Interface
ProcessManagemen
t
MemoryManagemen
tFilesystems
DeviceControl
Networking
ArchitectureDependent
Code
MemoryManager
DeviceControl
NetworkSubsystem
File System Types
BlockDevices
IF drivers
Concurrency,multitasking
Virtualmemory
Files and dirs:the VFS
TTYs anddevice access Connectivity
Lec 17.204/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Modern I/O Systems
Lec 17.214/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Virtual Bus Architecture
CPURAMMemory
Bus
USBControlle
r
SCSIControlle
r
Scanner
Hard DiskCD
ROM
Root Hub
HubWebca
m
MouseKeyboar
d
PCI #1
PCI #0
PCI Bridge
PCI Slots
Lec 17.224/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
SandyBridge I/O: PCH
• Platform Controller Hub– Used to be
“SouthBridge,” but no “NorthBridge” now
– Connected to processor with proprietary bus
» Direct Media Interface– Code name “Cougar
Point” for SandyBridge processors
• Types of I/O on PCH:– USB– Ethernet– Audio– BIOS support– More PCI Express (lower
speed than on Processor)
– Sata (for Disks)
SandyBridge System Configuration
Lec 17.234/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Why Device Drivers?
• Many different devices, many different properties– Devices different even within class (i.e. network
card)» DMA vs Programmed I/O» Processing every packet through device driver vs setup
of packet filters in hardware to sort packets automatically
» Interrupts vs Polling» On device buffer management, framing options (e.g.
jumbo frames), error management, …» Authentication mechanism, etc
– Provide standardized interfaces to computer users» Socked interface with TCP/IP
• Factor portion of codebase specific to a given device– Device manufacturer can hide complexities of their
device behind standard kernel interfaces– Also: Device manufacturer can fix quirks/bugs in their
device by providing new driver
Lec 17.244/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
The Goal of the I/O Subsystem
• Provide Uniform Interfaces, Despite Wide Range of Different Devices– This code works on many different devices:
FILE fd = fopen(“/dev/something”,”rw”);
for (int i = 0; i < 10; i++) {fprintf(fd,”Count %d\n”,i);
}close(fd);
– Why? Because code that controls devices (“device driver”) implements standard interface.
• We will try to get a flavor for what is involved in actually controlling devices in rest of lecture– Can only scratch surface!
Lec 17.254/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Want Standard Interfaces to Devices
• Block Devices: e.g. disk drives, tape drives, DVD-ROM– Access blocks of data– Commands include open(), read(), write(), seek()
– Raw I/O or file-system access– Memory-mapped file access possible
• Character Devices: e.g. keyboards, mice, serial ports, some USB devices– Single characters at a time– Commands include get(), put()– Libraries layered on top allow line editing
• Network Devices: e.g. Ethernet, Wireless, Bluetooth– Different enough from block/character to have
own interface– Unix and Windows include socket interface
» Separates network protocol from network operation
» Includes select() functionality– Usage: pipes, FIFOs, streams, queues, mailboxes
Lec 17.264/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
How Does User Deal with Timing?
• Blocking Interface: “Wait”– When request data (e.g. read() system call), put
process to sleep until data is ready– When write data (e.g. write() system call), put
process to sleep until device is ready for data• Non-blocking Interface: “Don’t Wait”
– Returns quickly from read or write request with count of bytes successfully transferred
– Read may return nothing, write may write nothing• Asynchronous Interface: “Tell Me Later”
– When request data, take pointer to user’s buffer, return immediately; later kernel fills buffer and notifies user
– When send data, take pointer to user’s buffer, return immediately; later kernel takes data and notifies user
Lec 17.274/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
How does the processor actually talk to the device?
DeviceController
readwritecontrolstatus
AddressableMemoryand/orQueuesRegisters
(port 0x20)
HardwareController
Memory MappedRegion: 0x8f008020
BusInterface
• CPU interacts with a Controller– Contains a set of registers that
can be read and written– May contain memory for request
queues or bit-mapped images • Regardless of the complexity of the connections
and buses, processor accesses registers in two ways: – I/O instructions: in/out instructions
» Example from the Intel architecture: out 0x21,AL– Memory mapped I/O: load/store instructions
» Registers/memory appear in physical address space» I/O accomplished with load and store instructions
Address+Data
Interrupt Request
Processor Memory Bus
CPU
RegularMemory
InterruptController
BusAdaptor
BusAdaptor
Other Devicesor Buses
Lec 17.284/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Example: Memory-Mapped Display Controller• Memory-Mapped:
– Hardware maps control registers and display memory into physical address space
» Addresses set by hardware jumpers or programming at boot time
– Simply writing to display memory (also called the “frame buffer”) changes image on screen
» Addr: 0x8000F000—0x8000FFFF
– Writing graphics description to command-queue area
» Say enter a set of triangles that describe some scene
» Addr: 0x80010000—0x8001FFFF
– Writing to the command register may cause on-board graphics hardware to do something
» Say render the above scene» Addr: 0x0007F004
• Can protect with page tables
DisplayMemory
0x8000F000
0x80010000
Physical AddressSpace
Status0x0007F000
Command0x0007F004
GraphicsCommandQueue
0x80020000
Lec 17.294/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Transfering Data To/From Controller• Programmed I/O:
– Each byte transferred via processor in/out or load/store
– Pro: Simple hardware, easy to program– Con: Consumes processor cycles proportional to
data size• Direct Memory Access:
– Give controller access to memory bus– Ask it to transfer data to/from memory directly
• Sample interaction with DMA controller (from book):
Lec 17.304/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
I/O Device Notifying the OS• The OS needs to know when:
–The I/O device has completed an operation–The I/O operation has encountered an error
• I/O Interrupt:–Device generates an interrupt whenever it needs service
–Handled in top half of device driver» Often run on special kernel-level stack
–Pro: handles unpredictable events well–Con: interrupts relatively high overhead
• Polling:–OS periodically checks a device-specific status register» I/O device puts completion information in status
register» Could use timer to invoke lower half of drivers
occasionally–Pro: low overhead–Con: may waste many cycles on polling if infrequent or unpredictable I/O operations
• Actual devices combine both polling and interrupts–For instance: High-bandwidth network device:
» Interrupt for first incoming packet» Poll for following packets until hardware empty
Lec 17.314/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Device Drivers• Device Driver: Device-specific code in the kernel
that interacts directly with the device hardware– Supports a standard, internal interface– Same kernel I/O system can interact easily with
different device drivers– Special device-specific configuration supported with
the ioctl() system call• Linux Device drivers often installed via a Module
– Interface for dynamically loading code into kernel space
– Modules loaded with the “insmod” command and can contain parameters
• Driver-specific structure– One per driver– Contains a set of standard kernel interface routines
» Open: perform device-specific initialization» Read: perform read» Write: perform write» Release: perform device-specific shutdown» Etc.
– These routines registered at time device registered
Lec 17.324/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Interrupt handling• Interrupt routines typically divided into two pieces:
– Top half: run as interrupt routine» Gets input or transfers next block of output» Handles any direct access to hardware» Handles any time-sensitive aspects of handling interrupts» Runs in the ATOMIC Context (cannot sleep)
– Bottom half: accessed later to finish processing» Perform any interrupt-related work not performed by the
interrupt handler itself» Scheduled “later” with interrupts re-enabled» Some options for bottom halves can sleep
• Since you typically have two halves of code, must remember to synchronize shared data– Since interrupt handler is running in interrupt (ATOMIC)
context, cannot sleep!– Good choice: spin lock to synchronize data structures– Must be careful never to hold spinlock for too long
» When non-interrupt code holds a spinlock, must make sure to disable interrupts!
» Consider “spin_lock_irqsave()” or “spin_lock_bh()” variants
– Consider lock free queue variants as well
Lec 17.334/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Options for Bottom Half
• Bottom Half used for handling work after interrupt is re-enabled (i.e. deferred work):– Perform any interrupt-related work not performed by
the interrupt handler– Ideally most of the work– What to minimize amount of work done in an interrupt
handler because they run with interrupts disabled• Many different mechanisms for handling bottom
halves– Original “Bottom Half” (deprecated)– Task Queues
» Put work on a task queue for later execution– Softirqs are statically defined bottom halves that can
run simultaneously on any processor– Tasklets: dynamically created bottom halves built on
top of softirq mechanism» Only one of each type of tasklet can run at given time» Simplifies synchronization
Lec 17.344/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Life Cycle of An I/O Request
Device DriverBottom Half
Device DriverTop Half
DeviceHardware
Kernel I/OSubsystem
UserProgram
Lec 17.354/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Summary (1/2)• Clock Algorithm: Approximation to LRU
– Arrange all pages in circular list– Sweep through them, marking as not “in use”– If page not “in use” for one pass, than can replace
• Nth-chance clock algorithm: Another approx LRU– Give pages multiple passes of clock hand before
replacing• Second-Chance List algorithm: Yet another
approx LRU– Divide pages into two groups, one of which is truly
LRU and managed on page faults• Reverse Page Mapping
– Efficient way to hunt down all PTEs associated with given page frame
• SLAB Allocator: Kernel mechanism for handling efficient allocation of objects while minimizing initialization
Lec 17.364/8/13 Kubiatowicz CS194-24 ©UCB Fall 2013
Summary (2/2)
• I/O Devices Types:– Many different speeds (0.1 bytes/sec to
GBytes/sec)– Different Access Patterns:
» Block Devices, Character Devices, Network Devices– Different Access Timing:
» Blocking, Non-blocking, Asynchronous• I/O Controllers: Hardware that controls actual
device– Processor Accesses through I/O instructions,
load/store to special physical memory– Report their results through either interrupts or a
status register that processor looks at occasionally (polling)
• Notification mechanisms– Interrupts– Polling: Report results through status register that
processor looks at periodically• Device Driver: Code specific to device which
handles unique aspects of device