一个完整的mach子系统
mach子系统包括了很多内核功能的实现,比如VM子系统(内存管理)、host子系统(主机硬件信息的处理)、thread子系统(thread相关实现)、exc子系统(异常处理相关);现在拿thread_act为例来跟踪一下代码,希望能够简单地了解vm子系统的概况。
(1)thread_act子系统的实现分为两部分:
thread_actServer.c和thread_actUser.c,分别实现了内核中mach msg消息接收和发送的各个API。
基本逻辑是:调用thread_actUser.c实现的API,接收到消息后thread_actServer.c的对应函数被调用,真正完成一些事情。
说明一下,所有子系统的***Server.c和***User.c代码都是通过MIG由***.defs生成。
(2)mach msg消息发送:
下面是一个“类似系统调用”的函数(或者某个系统调用会间接调用这个函数),用于向thread_act子系统发送mach msg消息请求某个服务(可以当作RPC)。
------ xnu/osfmk/mach/thread_actUser.c ------
/* Routine act_get_state */ mig_external kern_return_t act_get_state ( thread_act_t target_act, int flavor, thread_state_t old_state, mach_msg_type_number_t *old_stateCnt ) { #ifdef __MigPackStructs #pragma pack(4) #endif typedef struct { mach_msg_header_t Head; NDR_record_t NDR; int flavor; mach_msg_type_number_t old_stateCnt; } Request; #ifdef __MigPackStructs #pragma pack() #endif #ifdef __MigPackStructs #pragma pack(4) #endif typedef struct { mach_msg_header_t Head; NDR_record_t NDR; kern_return_t RetCode; mach_msg_type_number_t old_stateCnt; natural_t old_state[224]; mach_msg_trailer_t trailer; } Reply; #ifdef __MigPackStructs #pragma pack() #endif #ifdef __MigPackStructs #pragma pack(4) #endif typedef struct { mach_msg_header_t Head; NDR_record_t NDR; kern_return_t RetCode; mach_msg_type_number_t old_stateCnt; natural_t old_state[224]; } __Reply; #ifdef __MigPackStructs #pragma pack() #endif /* * typedef struct { * mach_msg_header_t Head; * NDR_record_t NDR; * kern_return_t RetCode; * } mig_reply_error_t; */ union { Request In; Reply Out; } Mess; Request *InP = &Mess.In; Reply *Out0P = &Mess.Out; mach_msg_return_t msg_result; #ifdef __MIG_check__Reply__act_get_state_t__defined kern_return_t check_result; #endif /* __MIG_check__Reply__act_get_state_t__defined */ __DeclareSendRpc(3601, "act_get_state") InP->NDR = NDR_record; InP->flavor = flavor; if (*old_stateCnt < 224) InP->old_stateCnt = *old_stateCnt; else InP->old_stateCnt = 224; InP->Head.msgh_bits = MACH_MSGH_BITS(19, MACH_MSG_TYPE_MAKE_SEND_ONCE); /* msgh_size passed as argument */ InP->Head.msgh_request_port = target_act; InP->Head.msgh_reply_port = mig_get_reply_port(); InP->Head.msgh_id = 3601; __BeforeSendRpc(3601, "act_get_state") msg_result = mach_msg(&InP->Head, MACH_SEND_MSG|MACH_RCV_MSG|MACH_MSG_OPTION_NONE, (mach_msg_size_t)sizeof(Request), (mach_msg_size_t)sizeof(Reply), InP->Head.msgh_reply_port, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); __AfterSendRpc(3601, "act_get_state") if (msg_result != MACH_MSG_SUCCESS) { __MachMsgErrorWithoutTimeout(msg_result); { return msg_result; } }
(3)thread_actServer.c中的mach msg消息接收:
------ xnu/osfmk/mach/thread_actServer.c ------
/* Description of this subsystem, for use in direct RPC */ const struct thread_act_subsystem { mig_server_routine_t server; /* Server routine */ mach_msg_id_t start; /* Min routine number */ mach_msg_id_t end; /* Max routine number + 1 */ unsigned int maxsize; /* Max msg size */ vm_address_t reserved; /* Reserved */ struct routine_descriptor /*Array of routine descriptors */ routine[25]; } thread_act_subsystem = { thread_act_server_routine, 3600, 3625, (mach_msg_size_t)sizeof(union __ReplyUnion__thread_act_subsystem), (vm_address_t)0, { { (mig_impl_routine_t) 0, (mig_stub_routine_t) _Xthread_terminate, 1, 0, (routine_arg_descriptor_t)0, (mach_msg_size_t)sizeof(__Reply__thread_terminate_t)}, { (mig_impl_routine_t) 0, (mig_stub_routine_t) _Xact_get_state, 4, 0, (routine_arg_descriptor_t)0, (mach_msg_size_t)sizeof(__Reply__act_get_state_t)}, { (mig_impl_routine_t) 0, (mig_stub_routine_t) _Xact_set_state, 4, 0, (routine_arg_descriptor_t)0, (mach_msg_size_t)sizeof(__Reply__act_set_state_t)}, { (mig_impl_routine_t) 0, (mig_stub_routine_t) _Xthread_get_state, 4, 0, (routine_arg_descriptor_t)0, (mach_msg_size_t)sizeof(__Reply__thread_get_state_t)}, { (mig_impl_routine_t) 0, (mig_stub_routine_t) _Xthread_set_state, 4, 0, (routine_arg_descriptor_t)0, (mach_msg_size_t)sizeof(__Reply__thread_set_state_t)}, { (mig_impl_routine_t) 0, (mig_stub_routine_t) _Xthre ......
解释一下上面的代码,声明并且实现了数据结构thread_act_subsystem,其中第6个成员是一个数组,数组的元素是一个结构 ---routine_descriptor;routine_descriptor声明如下:
------ xnu/osfmk/mach/mig.h ------
struct routine_descriptor { mig_impl_routine_t impl_routine; /* Server work func pointer */ mig_stub_routine_t stub_routine; /* Unmarshalling func pointer */ unsigned int argc; /* Number of argument words */ unsigned int descr_count; /* Number complex descriptors */ routine_arg_descriptor_t arg_descr; /* pointer to descriptor array*/ unsigned int max_reply_msg; /* Max size for reply msg */ }; typedef struct routine_descriptor *routine_descriptor_t; typedef struct routine_descriptor mig_routine_descriptor; typedef mig_routine_descriptor *mig_routine_descriptor_t;
(4)跟踪thread_act_subsystem中_Xthread_get_state的实现
------ xnu/osfmk/mach/thread_actServer.c ------
/* Routine act_get_state */ mig_internal novalue _Xact_get_state (mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) { #ifdef __MigPackStructs #pragma pack(4) #endif typedef struct { mach_msg_header_t Head; NDR_record_t NDR; int flavor; mach_msg_type_number_t old_stateCnt; mach_msg_trailer_t trailer; } Request; #ifdef __MigPackStructs #pragma pack() #endif typedef __Request__act_get_state_t __Request; typedef __Reply__act_get_state_t Reply; /* * typedef struct { * mach_msg_header_t Head; * NDR_record_t NDR; * kern_return_t RetCode; * } mig_reply_error_t; */ Request *In0P = (Request *) InHeadP; Reply *OutP = (Reply *) OutHeadP; #ifdef __MIG_check__Request__act_get_state_t__defined kern_return_t check_result; #endif /* __MIG_check__Request__act_get_state_t__defined */ __DeclareRcvRpc(3601, "act_get_state") __BeforeRcvRpc(3601, "act_get_state") #if defined(__MIG_check__Request__act_get_state_t__defined) check_result = __MIG_check__Request__act_get_state_t((__Request *)In0P); if (check_result != MACH_MSG_SUCCESS) { MIG_RETURN_ERROR(OutP, check_result); } #endif /* defined(__MIG_check__Request__act_get_state_t__defined) */ OutP->old_stateCnt = 224; if (In0P->old_stateCnt < OutP->old_stateCnt) OutP->old_stateCnt = In0P->old_stateCnt; OutP->RetCode = act_get_state(In0P->Head.msgh_request_port, In0P->flavor, OutP->old_state, &OutP->old_stateCnt); if (OutP->RetCode != KERN_SUCCESS) { MIG_RETURN_ERROR(OutP, OutP->RetCode); } OutP->NDR = NDR_record; OutP->Head.msgh_size = (mach_msg_size_t)(sizeof(Reply) - 896) + (((4 * OutP->old_stateCnt))); __AfterRcvRpc(3601, "act_get_state") }
为什么以thread_act为例呢?因为其他子系统比如vm,其中没有类似调用,感觉走到这里就是死胡同,没下文了。
麻雀虽小,五脏俱全;thread_act虽然简单,但是结构很完整。注意上面有对函数act_get_state的调用,继续跟踪这个函数。
(5)最终实现在这里
------ xnu/osfmk/kern/thread_act.c ------
kern_return_t act_get_state( thread_t thread, int flavor, thread_state_t state, mach_msg_type_number_t *count) { if (thread == current_thread()) return (KERN_INVALID_ARGUMENT); return (thread_get_state(thread, flavor, state, count)); }
其中调用的函数thread_get_state也有实现如下,可以函数调用到了最终的那个:
------ xnu/osfmk/kern/thread_act.c ------
kern_return_t thread_get_state( register thread_t thread, int flavor, thread_state_t state, /* pointer to OUT array */ mach_msg_type_number_t *state_count) /*IN/OUT*/ { kern_return_t result = KERN_SUCCESS; if (thread == THREAD_NULL) return (KERN_INVALID_ARGUMENT); thread_mtx_lock(thread); if (thread->active) { if (thread != current_thread()) { thread_hold(thread); thread_mtx_unlock(thread); if (thread_stop(thread, FALSE)) { thread_mtx_lock(thread); result = machine_thread_get_state( thread, flavor, state, state_count); thread_unstop(thread); } else { thread_mtx_lock(thread); result = KERN_ABORTED; } thread_release(thread); } else result = machine_thread_get_state( thread, flavor, state, state_count); } else result = KERN_TERMINATED; thread_mtx_unlock(thread); return (result);