malloc 期间内核会发生什么? [英] what happens in the kernel during malloc?

问题描述

我在一次采访中被问到这个问题.他们想知道的是，当用户调用 malloc(4) 分配 4 个字节的内存时，操作系统 (Linux) 如何响应?哪个子系统响应这个系统调用?

I was asked this question during an interview. What they wanted to know was when the user calls malloc(4) to allocate 4 bytes of memory how does the operating system (Linux) respond? Which subsystem responds to this system call?

我告诉他 malloc() 将由内存管理子系统提供服务.malloc() 的实现会遍历空闲内存(物理内存)的列表，我们称之为空闲列表，并找到一个合适的大于或等于 4 字节的块.一旦找到这样的块，它将从空闲列表中删除并添加到已使用列表中.然后该物理内存将映射到进程堆 vma 结构.他似乎对这个回答不太满意，好友系统是怎么适应的?任何帮助将不胜感激.

I told him that malloc() will be serviced by the memory management subsystem. The malloc() implementation will go through the list of free memory(physical memory), we will call it free list, and find an appropriate chunk that is greater than or equal to 4 Bytes. Once it finds such a chunk, it will be deleted from free list and added to a used list. Then that physical memory will be mapped to the process heap vma struct. He didn't seem to be quite satisfied with this answer.How does the buddy system fit into this? Any help would be greatly appreciated.

推荐答案

当用户空间应用程序调用 malloc() 时，该调用未在内核中实现.相反，它是一个库调用(实现了 glibc 或类似的).

When user space applications call malloc(), that call isn't implemented in the kernel. Instead, it's a library call (implemented glibc or similar).

简短的版本是 glibc 中的 malloc 实现要么从 brk()/sbrk() 系统调用或匿名获取内存内存通过 mmap().这为 glibc 提供了一个大的连续(关于虚拟内存地址)内存块，malloc 实现进一步将其切成更小的块并分发给您的应用程序.

The short version is that the malloc implementation in glibc either obtains memory from the brk()/sbrk() system call or anonymous memory via mmap(). This gives glibc a big contiguous (regarding virtual memory addresses) chunk of memory, which the malloc implementation further slices and dices in smaller chunks and hands out to your application.

这里是一个小的 malloc 实现，它将给你一个想法，以及很多很多链接.

Here's a small malloc implementation that'll give you the idea, along with many, many links.

请注意，目前还没有任何东西关心物理内存——当进程数据段通过 brk()/sbrk() 改变时，它由内核虚拟内存系统处理或 mmap()，以及当内存被引用时(通过读取或写入内存).

Note that nothing cares about physical memory yet -- that's handled by the kernel virtual memory system when the process data segment is altered via brk()/sbrk() or mmap(), and when the memory is referenced (by a read or write to the memory).

总结:

1. malloc() 将搜索它的托管内存块，看看是否有一块未使用的内存满足分配要求.
2. 如果失败，malloc() 将尝试扩展进程数据段(通过 sbrk()/brk() 或在某些案例 mmap()).sbrk() 在内核中结束.
3. 内核中的brk()/sbrk()调用调整了进程struct mm_struct中的一些偏移量，所以流程数据段会更大.起初，不会有物理内存映射到扩展数据段给出的额外虚拟地址.
4. 当第一次触及未映射的内存时(可能是 malloc 实现的读/写)，故障处理程序将启动并捕获到内核，内核将在那里将物理内存分配给未映射的内存.

1. malloc() will search its managed pieces of memory to see if there's a piece of unused memory that satisfy the allocation requirements.
2. Failing that, malloc() will try to extend the process data segment(via sbrk()/brk() or in some cases mmap()). sbrk() ends up in the kernel.
3. The brk()/sbrk() calls in the kernel adjust some of the offsets in the struct mm_struct of the process, so the process data segment will be larger. At first, there will be no physical memory mapped to the additional virtual addresses which extending the data segment gave.
4. When that unmapped memory is first touched (likely a read/write by the malloc implementation) a fault handler will kick in and trap down to the kernel, where the kernel will assign physical memory to the unmapped memory.

这篇关于malloc 期间内核会发生什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！