1
在调用mmap系统调用时,可以指定的标志(flag)参数:
1: #define MAP_SHARED 0x01 /* Share changes */
2: #define MAP_PRIVATE 0x02 /* Changes are private */
3: #define MAP_TYPE 0x0f /* Mask for type of mapping */
4: #define MAP_FIXED 0x10 /* Interpret addr exactly */
5: #define MAP_ANONYMOUS 0x20 /* don't use a file */
6: #ifdef CONFIG_MMAP_ALLOW_UNINITIALIZED
7: # define MAP_UNINITIALIZED 0x4000000 /* For anonymous mmap, memory could be uninitialized */
8: #else
9: # define MAP_UNINITIALIZED 0x0 /* Don't support this flag */
10: #endif
MAP_SHARED
用于多个进程共享对一个文件的访问
MAP_PRIVATE
用于创建一个与数据源分离的私有映射,对区域的写入操作不影响数据源文件中的内容
MAP_FIXED
用于在指定的目标线性地址创建一个映射,不允许调整到其他地址
MAP_ANONYMOUS
用于创建与文件无关的映射,或者说没有数据源的映射
do_anonymous_page会调用alloc_zeroed_user_highpage_movable分配一个初始化为全0的内存页。
2
在vm_area_struct数据结构定义中,有一个双链表结点:anon_vma_chain
1: struct vm_area_struct {
2: ......3: /*
4: * A file's MAP_PRIVATE vma can be in both i_mmap tree and anon_vma
5: * list, after a COW of one of the file pages. A MAP_SHARED vma
6: * can only be in the i_mmap tree. An anonymous MAP_PRIVATE, stack
7: * or brk vma (with NULL file) can only be in an anon_vma list.
8: */
9: struct list_head anon_vma_chain; /* Serialized by mmap_sem &
10: * page_table_lock */
11: struct anon_vma *anon_vma; /* Serialized by page_table_lock */
12: ...... 13: }其中,struct anon_vma定义:
1: /*
2: * The anon_vma heads a list of private "related" vmas, to scan if
3: * an anonymous page pointing to this anon_vma needs to be unmapped:
4: * the vmas on the list will be related by forking, or by splitting.
5: *
6: * Since vmas come and go as they are split and merged (particularly
7: * in mprotect), the mapping field of an anonymous page cannot point
8: * directly to a vma: instead it points to an anon_vma, on whose list
9: * the related vmas can be easily linked or unlinked.
10: *
11: * After unlinking the last vma on the list, we must garbage collect
12: * the anon_vma object itself: we're guaranteed no page can be
13: * pointing to this anon_vma once its vma list is empty.
14: */
15: struct anon_vma {
16: struct anon_vma *root; /* Root of this anon_vma tree */
17: struct mutex mutex; /* Serialize access to vma list */
18: /*
19: * The refcount is taken on an anon_vma when there is no
20: * guarantee that the vma of page tables will exist for
21: * the duration of the operation. A caller that takes
22: * the reference is responsible for clearing up the
23: * anon_vma if they are the last user on release
24: */
25: atomic_t refcount; 26: 27: /*
28: * NOTE: the LSB of the head.next is set by
29: * mm_take_all_locks() _after_ taking the above lock. So the
30: * head must only be read/written after taking the above lock
31: * to be sure to see a valid next pointer. The LSB bit itself
32: * is serialized by a system wide lock only visible to
33: * mm_take_all_locks() (mm_all_locks_mutex).
34: */
35: struct list_head head; /* Chain of private "related" vmas */
36: };3
do_mmap
1: static inline unsigned long do_mmap(struct file *file, unsigned long addr,
2: unsigned long len, unsigned long prot,
3: unsigned long flag, unsigned long offset)
4: {5: unsigned long ret = -EINVAL;
6: if ((offset + PAGE_ALIGN(len)) < offset)
7: goto out;
8: if (!(offset & ~PAGE_MASK))
9: ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT); 10: out:11: return ret;
12: }if ((offset + PAGE_ALIGN(len)) < offset)
/* to align the pointer to the (next) page boundary */
#define PAGE_ALIGN(addr) ALIGN(addr, PAGE_SIZE)
/*
* 'kernel.h' contains some often-used function prototypes etc
*/
#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
#define __ALIGN_KERNEL_MASK(x, mask)
即
if ((offset + (((len) + (PAGE_SIZE)) & ~(PAGE_SIZE-1))) < offset)
表示如果len太长,再进行align to page boundary操作就会溢出了,那么没有那么多的线性地址空间可以给它映射,因此失败。
if (!(offset & ~PAGE_MASK))
如果offset是位于页的边界处,则继续操作
ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT);
其中最后一个参数代表了映射区域在文件中的页序号。
1: /*
2: * The caller must hold down_write(¤t->mm->mmap_sem).
3: */
4: 5: unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
6: unsigned long len, unsigned long prot,
7: unsigned long flags, unsigned long pgoff)
8: {9: struct mm_struct * mm = current->mm;
10: struct inode *inode;
11: vm_flags_t vm_flags;12: int error;
13: unsigned long reqprot = prot;
14: 15: /*
16: * Does the application expect PROT_READ to imply PROT_EXEC?
17: *
18: * (the exception is when the underlying filesystem is noexec
19: * mounted, in which case we dont add PROT_EXEC.)
20: */
21: if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
22: if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
23: prot |= PROT_EXEC; 24: 25: if (!len)
26: return -EINVAL;
27: 28: if (!(flags & MAP_FIXED))
29: addr = round_hint_to_min(addr); 30: 31: /* Careful about overflows.. */
32: len = PAGE_ALIGN(len);33: if (!len)
34: return -ENOMEM;
35: 36: /* offset overflow? */
37: if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
38: return -EOVERFLOW;
39: 40: /* Too many mappings? */
41: if (mm->map_count > sysctl_max_map_count)
42: return -ENOMEM;
43: 44: /* Obtain the address to map to. we verify (or select) it and ensure
45: * that it represents a valid section of the address space.
46: */
47: addr = get_unmapped_area(file, addr, len, pgoff, flags);48: if (addr & ~PAGE_MASK)
49: return addr;
50: 51: /* Do simple checking here so the lower-level routines won't have
52: * to. we assume access permissions have been handled by the open
53: * of the memory object, so we don't do any here.
54: */
55: vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | 56: mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; 57: 58: if (flags & MAP_LOCKED)
59: if (!can_do_mlock())
60: return -EPERM;
61: 62: /* mlock MCL_FUTURE? */
63: if (vm_flags & VM_LOCKED) {
64: unsigned long locked, lock_limit;
65: locked = len >> PAGE_SHIFT; 66: locked += mm->locked_vm; 67: lock_limit = rlimit(RLIMIT_MEMLOCK); 68: lock_limit >>= PAGE_SHIFT;69: if (locked > lock_limit && !capable(CAP_IPC_LOCK))
70: return -EAGAIN;
71: } 72: 73: inode = file ? file->f_path.dentry->d_inode : NULL; 74: 75: if (file) {
76: switch (flags & MAP_TYPE) {
77: case MAP_SHARED:
78: if ((prot&PROT_WRITE) && !(file->f_mode&FMODE_WRITE))
79: return -EACCES;
80: 81: /*
82: * Make sure we don't allow writing to an append-only
83: * file..
84: */
85: if (IS_APPEND(inode) && (file->f_mode & FMODE_WRITE))
86: return -EACCES;
87: 88: /*
89: * Make sure there are no mandatory locks on the file.
90: */
91: if (locks_verify_locked(inode))
92: return -EAGAIN;
93: 94: vm_flags |= VM_SHARED | VM_MAYSHARE;95: if (!(file->f_mode & FMODE_WRITE))
96: vm_flags &= ~(VM_MAYWRITE | VM_SHARED); 97: 98: /* fall through */
99: case MAP_PRIVATE:
100: if (!(file->f_mode & FMODE_READ))
101: return -EACCES;
102: if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) {
103: if (vm_flags & VM_EXEC)
104: return -EPERM;
105: vm_flags &= ~VM_MAYEXEC; 106: } 107: 108: if (!file->f_op || !file->f_op->mmap)
109: return -ENODEV;
110: break;
111: 112: default:
113: return -EINVAL;
114: }115: } else {
116: switch (flags & MAP_TYPE) {
117: case MAP_SHARED:
118: /*
119: * Ignore pgoff.
120: */
121: pgoff = 0; 122: vm_flags |= VM_SHARED | VM_MAYSHARE;123: break;
124: case MAP_PRIVATE:
125: /*
126: * Set pgoff according to addr for anon_vma.
127: */
128: pgoff = addr >> PAGE_SHIFT;129: break;
130: default:
131: return -EINVAL;
132: } 133: } 134: 135: error = security_file_mmap(file, reqprot, prot, flags, addr, 0);136: if (error)
137: return error;
138: 139: return mmap_region(file, addr, len, flags, vm_flags, pgoff);
140: } 141: EXPORT_SYMBOL(do_mmap_pgoff);/* Obtain the address to map to. we verify (or select) it and ensure
* that it represents a valid section of the address space.
*/
addr = get_unmapped_area(file, addr, len, pgoff, flags);
if (addr & ~PAGE_MASK)
return addr;
get_unmapped_area函数用于查找到一个可以安放请求的这么长的一个vma的线性地址范围,返回这个范围的起始地址。如果这个起始地址不是从页对齐处开始的,代表找到的这个地址是不符合要求的,因此也不再往下走了,直接返回。
但是是问题是,如果直接返回了,那么调用都会不会不做检查,直接认为内核已经完成了mmap的操作,而尝试去读写这块还没有与文件建立起关联的内存区域呢,会发生什么不可知的事?
【根据http://www.cnblogs.com/long123king/p/3502170.html中的思想,当进程真正需要访问页时,会触发Page Fault,那么这一步关键是设置好相应的Page Fault handler以及相应struct的指针成员】