(一)实验目的
理解 Linux 的进程创建和文件执行相关系统调用,掌握操作系统(内核初始化以后的)的启动过程,掌握基本的内核调试技术。
(二)实验内容
通过调试,找出操作系统启动过程中由0号进程、1号进程和普通进程创建的所有进程的进程号,并找出1号进程和每个普通进程执行过的可执行程序。
二、操作方法与实验步骤
(一)实验步骤
(1)启动内核调试,跟踪到内核初始化以后(函数rest_init的入口处)。此时只有一个进程,即0号进程,内核已完成初始化,即将创建1号和2号进程。
(2)首先设置断点跟踪由0号进程、1号进程和普通进程创建的所有进程,同时设置断点跟踪1号进程和普通进程执行过的可执行文件,然后继续调试分析,直到系统启动完成、并出现命令提示符“/#”。提示:
a)所有内核线程的task_struct结构的成员mm的值都是0;如果该值非0,则说明是普通进程。
b)所有的进程创建(包括内核线程)都会最后调用函数_do_fork,新创建的子进程的pid记录在该函数的局部变量p的pid成员中,p指向新进程的进程控制块。
c)所有可执行文件的执行都会通过内核函数do_execve,该函数的参数filename中记录的就是被执行文件的名字。可通过条件断点缩小跟踪范围。
(二)调试流程
加入断点,设置要显示的变量
开始调试,先跳转到了rest_init,此时是0号进程
继续执行,到了0号进程的_do_fork函数,开始单步执行
直到出现了新的进程p=…,用p p->pid查看进程号为1,这说明创建了1号进程
继续执行,到达下一个fork
出现的新进程为进程2
到达下一个断点,用x/s filename->name查看1号进程执行的可执行文件,为sbin/init
继续调试,看到1号进程创建了961号进程
961号进程的可执行文件为/etc/init.d/rcS
961号进程创建了962号进程
962号进程执行可执行文件/bin/mount
961号进程创建963号进程
963号进程执行/bin/mount
961号创建964号,
964执行/sbin/mdev,
回到1号进程,创建965号进程
1号进程创建966号进程
1号进程创建968号进程
1号创建970号进程,
此时qume虚拟机到达如下状态,
在此终端回车后,在qdb界面可以看到965号进程执行的文件,/bin/sh,此时初始化完毕,
代码执行过程如下(没有体现设置断点和显示变量)
(gdb) target remote localhost:1234 Remote debugging using localhost:1234 0x0000fff0 in ?? () 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = '\000'4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = '\000' 1: $lx_current().pid = 0 (gdb) c Continuing. Breakpoint 9, rest_init () at init/main.c:387 387 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) c Continuing. Breakpoint 10, _do_fork (clone_flags=8389376, stack_start=3245147192, stack_size=0, parent_tidptr=0x0, child_tidptr=0x0, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) s 1710 int trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) p p->pid $31 = 1 (gdb) c Continuing. Breakpoint 10, _do_fork (clone_flags=8390400, stack_start=3238405155, stack_size=0, parent_tidptr=0x0, child_tidptr=0x0, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) n 1710 int trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 0 (gdb) p p $32 = (struct task_struct *) 0xc74fef00 (gdb) p p->pid $33 = 2 (gdb) c Continuing. Breakpoint 14, do_execve (filename=0xc7534300, __argv=0xc191a800 , __envp=0xc191a760 ) at fs/exec.c:1643 1643 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0x0 2: $lx_current().comm = "swapper/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) x/s filename->name 0xc7534310: "sbin/init" (gdb) c Continuing. Breakpoint 11, _do_fork (clone_flags=16657, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x0, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) s 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1721 trace = PTRACE_EVENT_VFORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) p p->pid $34 = 961 (gdb) c Continuing. Breakpoint 15, do_execve (filename=0xc7534300, __argv=0xbffffcdc, __envp=0x828fa00) at fs/exec.c:1643 1643 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) x/s filename->name 0xc7534310: "/etc/init.d/rcS" (gdb) c Continuing. Breakpoint 12, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) p p->pid $35 = 962 (gdb) c Continuing. Breakpoint 15, do_execve (filename=0xc7534300, __argv=0x828fcd0, __envp=0x828fcec) at fs/exec.c:1643 1643 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007c000 5: $lx_current().parent->comm = "rcS\000\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 961 3: $lx_current().mm = (struct mm_struct *) 0xc007da40 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 962 (gdb) x/s filename->name 0xc7534310: "/bin/mount" (gdb) c Continuing. Breakpoint 12, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) p p->pid $36 = 963 (gdb) c Continuing. Breakpoint 15, do_execve (filename=0xc7534300, __argv=0x828fcd0, __envp=0x828fcec) at fs/exec.c:1643 1643 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007c000 5: $lx_current().parent->comm = "rcS\000\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 961 3: $lx_current().mm = (struct mm_struct *) 0xc007c2a0 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 963 (gdb) x/s filename->name 0xc7534310: "/bin/mount" (gdb) c Continuing. Breakpoint 12, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 961 (gdb) p p->pid $37 = 964 (gdb) c Continuing. Breakpoint 15, do_execve (filename=0xc7534300, __argv=0x828fc68, __envp=0x828fc74) at fs/exec.c:1643 1643 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007c000 5: $lx_current().parent->comm = "rcS\000\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 961 3: $lx_current().mm = (struct mm_struct *) 0xc007c540 2: $lx_current().comm = "rcS\000\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 964 (gdb) x/s filename->name 0xc7534310: "/sbin/mdev" (gdb) c Continuing. Breakpoint 11, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) p p->pid $38 = 965 (gdb) c Continuing. Breakpoint 11, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) p p->pid $39 = 966 (gdb) c Continuing. Breakpoint 11, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) p p->pid $40 = 968 (gdb) c Continuing. Breakpoint 11, _do_fork (clone_flags=18874385, stack_start=0, stack_size=0, parent_tidptr=0x0, child_tidptr=0x828e8e8, tls=0) at kernel/fork.c:1708 1708 { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) s 1719 if (!(clone_flags & CLONE_UNTRACED)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1720 if (clone_flags & CLONE_VFORK) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1722 else if ((clone_flags & CSIGNAL) != SIGCHLD) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1725 trace = PTRACE_EVENT_FORK; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1727 if (likely(!ptrace_event_enabled(current, trace))) 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1728 trace = 0; 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1731 p = copy_process(clone_flags, stack_start, stack_size, 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) n 1737 if (!IS_ERR(p)) { 6: $lx_current().parent->mm = (struct mm_struct *) 0x0 5: $lx_current().parent->comm = "swapper/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 0 3: $lx_current().mm = (struct mm_struct *) 0xc007dce0 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 1 (gdb) p p->pid $41 = 970 (gdb) c Continuing. Breakpoint 15, do_execve (filename=0xc7533240, __argv=0xbffffcf0, __envp=0x828fa00) at fs/exec.c:1643 1643 { 6: $lx_current().parent->mm = (struct mm_struct *) 0xc007dce0 5: $lx_current().parent->comm = "init\000er/0\000\000\000\000\000\000" 4: $lx_current().parent->pid = 1 3: $lx_current().mm = (struct mm_struct *) 0xc007c000 2: $lx_current().comm = "init\000er/0\000\000\000\000\000\000" 1: $lx_current().pid = 965 (gdb) x/s filename->name 0xc7533250: "/bin/sh" (gdb) c Continuing.
三、实验结果与分析
(一)实验结果
(1)0号进程创建了1号进程和2号进程。
(2)1号进程创建了961、965、966、968、970号进程, 961号进程执行的文件为“etc/init.d/rcS”,966号进程执行的文件为“?/bin/sh”。
(3)961号进程分别创建了962、963、964号进程。其中962号、963号进程执行的文件为"/bin/mount",964号进程执行的文件为"/sbin/mdev"。
(4)。
(二)实验分析
0号进程是系统创建的第一个进程,也是唯一一个没有通过fork或者kernel_thread产生的进程。0号进程在rest_init中分别通过kernel_init和kthreadd创建了1号进程和2号进程。
1号进程由0号进程通过kernel_init创建,所有用户进程的都是1号进程或该进程的子孙进程创建。在初始化过程中1号进程先是创建了961号进程,再由961号进程创建962、963和964号进程,从而完成了mount和mdev的调用。初始化完毕以后,1号进程创建了965、966、968、970号进程。
四、问题与建议
1.多次实验做的结果不一样,第一次的从962号开始的,后面几次做进程号整体大1,不知道是差别在哪。
2.与同学交流结果也不同,他们最大到了966号进程。
五、老师讲评
0号进程创建了1号和2号线程。
1号进程最开始运行时作为内核线程开始运行的,执行了“kernel_init”函数。
2号线程是专门管理内核线程的线程,所以可以看到所有的内核线程都是2号线程创建的。2号监控链表kthread_create_list,即内核函数入口链表,一旦链表中出现新的函数,2号线程就会创建出新的内核线程来运行,2号干这个事情。
链表稳定后,1号线程先有个同步操作,再执行“init”可执行文件,执行完之后1号就从内核线程变成普通进程,完成转换。962号运行“rcS”,966号运行“sh”,即运行命令解释器,尔后输入什么命令就会创建新的子进程来执行命令。同时967、968、970是与966相似的三个终端。
要求:把内核源代码看一下,kernel_init,kthreadd