Lab: system calls

此实验分为两部分:分别是使用 gdb 调试内核以及向内核中添加两个系统调用。事实上,阅读手册中涉及到的内容更为重要 —— 手册中对 xv6 的进程结构、从上电到运行第一个用户态进程、RISC-V 涉及到的模式切换等进行了简要的介绍,可以说是实验中正式深入内核的第一步。

Using gdb

本部分是为了熟悉使用 GDB 等外部工具对内核运行进行调试。截至目前,调试内核似乎并没有难度,然而在涉及到并发与不可控的外部中断 (如时钟中断) 相结合时,调试难度会呈指数速率骤增,更加可怕的是,你甚至不能保证通过测试的内核代码具有正确性 —— 未完善处理的临界区存在但在绝大多数情况下不会出现如此凑巧的情况使错误出现。我们唯一能做的就是在 code 前反复思考,像处理定时炸弹一般谨慎处理每个疑似临界区的部分,模拟每一种微妙又可能发生的调度。

  • vscode 中提供了便捷的终端分屏功能,但依然推荐学习使用 Tmux。
  • 对于实验中涉及到的 RISC-V 硬件相关信息,请查阅手册 The RISC-V Instruction Set Manual

问题回答如下:

1
2
3
4
5
6
7
8
9
10
11
12
1. Looking at the backtrace output, which function called syscall?
function usertrap()
2. What is the value of p->trapframe->a7 and what does that value represent?
7, SYS_exec
3. What was the previous mode that the CPU was in?
user mode(SPP = 0)
4. Write down the assembly instruction the kernel is panicing at. Which register corresponds to the variable num?
lw  a3,0(zero) # 0 <_entry-0x80000000>, a3
5. Why does the kernel crash? Hint: look at figure 3-3 in the text; is address 0 mapped in the kernel address space? Is that confirmed by the value in scause above?
Load page fault, nop, scause = 13
6. What is the name of the binary that was running when the kernel paniced? What is its process id (pid)?
"initcode\000\000\000\000\000\000\000", 1

System call tracing

In this assignment you will add a system call tracing feature that may help you when debugging later labs. You’ll create a new trace system call that will control tracing. It should take one argument, an integer “mask”, whose bits specify which system calls to trace. For example, to trace the fork system call, a program calls trace(1 << SYS_fork), where SYS_fork is a syscall number from kernel/syscall.h. You have to modify the xv6 kernel to print out a line when each system call is about to return, if the system call’s number is set in the mask. The line should contain the process id, the name of the system call and the return value; you don’t need to print the system call arguments. The trace system call should enable tracing for the process that calls it and any children that it subsequently forks, but should not affect other processes.

该部分实验主要涉及到内核中的 syscall 函数,需在 proc 结构体定义中添加名为 mask 的整型并在输出时判断是否需要打印相关信息,主要实现如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
void
syscall(void)
{
  ...
  if(num > 0 && num < NELEM(syscalls) && syscalls[num]) {
    ...
    
    // Print syscall trace
    if (p->mask & (1 << num))
        printf("%d: syscall %s -> %d\n", p->pid, syscalls_name[num], p->trapframe->a0);
  } else {
    ...
  }
}

而 sys_trace 函数只需将用户传入的整型参数作为掩码 mask,实现如下:

1
2
3
4
5
6
7
uint64 sys_trace(void)
{
  int mask;
  argint(0, &mask);
  myproc()->mask = mask;
  return 0;
}

通关阅读源码不难发现,argint、argaddr 等函数均通过调用 argraw 函数访问当前进程 trapframe 中存储的,用户态系统调用时的 a0 ~ a5 寄存器。xv6 通过将寄存器中值压入内核栈以保存现场,同时方便内核访问。

Tips:最后一个测试用例 Time out 可以适当修改测试代码的时间限制。

Sysinfo

In this assignment you will add a system call, sysinfo, that collects information about the running system. The system call takes one argument: a pointer to a struct sysinfo (see kernel/sysinfo.h). The kernel should fill out the fields of this struct: the freemem field should be set to the number of bytes of free memory, and the nproc field should be set to the number of processes whose state is not UNUSED. We provide a test program sysinfotest; you pass this assignment if it prints “sysinfotest: OK”.

这部分的关键,在于如何将内核中的函数返回值赋值到用户态的结构体。sysinfo 将用户态的结构体指针作为参数传入,而用户态的地址是该进程的虚拟地址,陷入内核后使用直接映射的内核页表,因此需要使用提供的 copyin、copyout 等函数进行内核态与用户态间数据传输。深入源码可以发现,copyout 将虚拟地址转化为物理地址,由于内核页表是直接映射的,故直接对物理地址进行数据拷贝。内核代码 sys_sysinfo 实现如下:

1
2
3
4
5
6
7
8
9
10
11
12
uint64 sys_sysinfo(void)
{
  uint64 p;
  argaddr(0, &p);
  
  struct sysinfo info;
  info.freemem = freemem_count();
  info.nproc = (uint64)proc_count();
  if(copyout(myproc()->pagetable, p, (char *)&info, sizeof(struct sysinfo)) < 0)
    return -1;
  return 0;
}

其中 freemem_count 和 proc_count 分别对当前空闲内存和进程数进行统计,xv6 使用链表索引内核中的空闲页表,使用数组索引内核中进程信息,统计函数实现如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// Colloect the amount of free memory(Bytes)
uint64 freemem_count(void)
{
  struct run *r;
  uint64 freepage = 0;

  acquire(&kmem.lock);
  r = kmem.freelist;
  while(r)
  {
    freepage++;
    r = r->next;
  }
  release(&kmem.lock);

  return freepage*PGSIZE;
}

// Collect the number of processes
int proc_count(void)
{
  struct proc *p;
  int count = 0;

  for(p = proc; p < &proc[NPROC]; p++){
    acquire(&p->lock);
    if(p->state != UNUSED)
      count++;
    release(&p->lock);
  }

  return count;
}

Tips:用例中有非法地址的测试,sysinfo 需考虑对非法地址的处理。