Featured image of post Understand Linux Kernel
Basic Concept Research

Understand Linux Kernel

This blog is my learning notes while reading Linux Kernel Development. I’m using it to understand how Linux works under the hood and to keep track of what I learn along the way.

Process Management

The process

  • Linux does not differentiate between threads and process.
  • Processes provide two virtualizations, a virtualized processor and virtual memory.
  • Execution Workflow:
    • fork(): creates a new process by duplicating an existing one
    • exec(): creates a new address space and loads a new program into it
    • exit(): terminates the process and frees all its resources. When a process exits, it is placed into a special zombie state until the parent calls wait() or waitpid().
    • wait4(): enables a process to wait for the termination of a specific process

Allocating the Process Descriptor

  • The kernel stores the list of processes in a circular doubly linked list called the task list. Each element in the task list is a process descriptor of the type struct task_struct.
  • The process descriptor (struct task_struct) contains all the information about a specific process.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

High address
+--------------------+  ← start of kernel stack
|                    |
|   kernel stack     |  ← function calls, locals
|                    |
|        ↓           |
+--------------------+
|  thread_info       |  which points to task_struct
+--------------------+
Low address

Manipulating the Current Process State

  • set_task_state(task, state) sets a process’s state.
    • On single-CPU systems, it’s just task->state = state.
    • On multi-CPU (SMP) systems, it also includes a memory barrier to ensure other CPUs see previous memory writes before the state change.

The Process Family Tree

  • All processes are descendants of the init process, whose PID is one.
  • Every process on the system has exactly one parent. Likewise, every process has zero or more children.

Copy-on-write

  • Copy-on-write (or COW) is a technique to delay or altogether prevent copying of the data.

  • The duplication of resources occurs only when they are written.

  • The only overhead incurred by fork() is the duplication of the parent’s page tables and the creation of a unique process descriptor for the child.

vfork()

  • The vfork() system call has the same effect as fork(), except that the page table entries of the parent process are not copied.

  • vfork() temporarily allows the child to share the parent’s address space, but the parent’s address space is preserved intact because the parent is suspended and the child either calls exec() (creating a new address space) or _exit().

Kernel Threads

  • A kernel-level process that runs entirely in kernel mode.

  • No user address space (mm_struct = NULL).

  • Used for internal OS tasks like scheduling, memory management, and background work.

Process Termination

  • do_exit() kills the process and turns it into a zombie for the parent to collect

  • release_task() is the final step that frees the task_struct and completely removes the process from the kernel.

Reference

  1. Love, Robert. Linux Kernel Development. 3rd ed., Addison-Wesley Professional, 2010.
© 2022 - 2026 Jason's blog
Kernel panic - not syncing: footer overloaded
Built with Hugo
Theme Stack designed by Jimmy