Linux - 用户态内存映射 和 内核态内存映射

*** 作系统的内存管理，主要分为三个方面。

第一，物理内存的管理，相当于会议室管理员管理会议室。

第二，虚拟地址的管理，也即在项目组的视角，会议室的虚拟地址应该如何组织。

第三，虚拟地址和物理地址如何映射，也即会议室管理员如果管理映射表。

那么虚拟地址和物理地址如何映射呢？

每一个进程都有一个列表vm_area_struct，指向虚拟地址空间的不同的内存块，这个变量的名字叫mmap。

其实内存映射不仅仅是物理内存和虚拟内存之间的映射，还包括将文件中的内容映射到虚拟内存空间。这个时候，访问内存空间就能够访问到文件里面的数据。而仅有物理内存和虚拟内存的映射，是一种特殊情况。

如果我们要申请小块内存，就用brk。brk函数之前已经解析过了，这里就不多说了。如果申请一大块内存，就要用mmap。对于堆的申请来讲，mmap是映射内存空间到物理内存。

另外，如果一个进程想映射一个文件到自己的虚拟内存空间，也要通过mmap系统调用。这个时候mmap是映射内存空间到物理内存再到文件。可见mmap这个系统调用是核心，我们现在来看mmap这个系统调用。

用户态的内存映射机制包含以下几个部分。

物理内存根据NUMA架构分节点。每个节点里面再分区域。每个区域里面再分页。

物理页面通过伙伴系统进行分配。分配的物理页面要变成虚拟地址让上层可以访问，kswapd可以根据物理页面的使用情况对页面进行换入换出。

对于内存的分配需求，可能来自内核态，也可能来自用户态。

对于内核态，kmalloc在分配大内存的时候，以及vmalloc分配不连续物理页的时候，直接使用伙伴系统，分配后转换为虚拟地址，访问的时候需要通过内核页表进行映射。

对于kmem_cache以及kmalloc分配小内存，则使用slub分配器，将伙伴系统分配出来的大块内存切成一小块一小块进行分配。

kmem_cache和kmalloc的部分不会被换出，因为用这两个函数分配的内存多用于保持内核关键的数据结构。内核态中vmalloc分配的部分会被换出，因而当访问的时候，发现不在，就会调用do_page_fault。

对于用户态的内存分配，或者直接调用mmap系统调用分配，或者调用malloc。调用malloc的时候，如果分配小的内存，就用sys_brk系统调用；如果分配大的内存，还是用sys_mmap系统调用。正常情况下，用户态的内存都是可以换出的，因而一旦发现内存中不存在，就会调用do_page_fault。

一般情况下，用户空间是不可能也不应该直接访问设备的，但是，设备驱动程序中可实现mmap ()函数，这个函数可使得用户空间能直接访问设备的物理地址。实际上，mmap ()实现了这样的一个映射过程:它将用户空间的一段内存与设备内存关联，当用户访问用户空间的这段地址范围时，实际上会转化为对设备的访问。

这种能力对于显示适配器一类的设备非常有意义，如果用户空间可直接通过内存映射访问显存的话，屏幕帧的各点像素将不再需要一个从用户空间到内核空间的复制的过程。

mmap ()必须以PAGE_SIZE为单位进行映射，实际上，内存只能以页为单位进行映射，若要映射非PAGE_SIZE整数倍的地址范围，要先进行页对齐，强行以PAGE_SIZE的倍数大小进行映射。

从file_operations文件 *** 作结构体可以看出，驱动中mmap ()函数的原型如下:

int ( *mmap)(struct file *, struct vm_area_struct* )

驱动中的mmap (） 函数将在用户进行mmap (）系统调用时最终被调用，mmap (）系统调用的原型与file_operations中mmap (）的原型区别很大，如下所示:

caddr_t mmap (caddr_t addr，size_t len，int prot，int flags，int fd，off_t offset)

参数fd为文件描述符，一般由open ()返回，fd也可以指定为-1，此时需指定flags参数中的MAP_ANON，表明进行的是匿名映射。

len是映射到调用用户空间的字节数，它从被映射文件开头offset个字节开始算起，offset参数一般设为0，表示从文件头开始映射。

prot参数指定访问权限，可取如下几个值的“或”:PROT_READ(可读)、PROT_WRITE(可写)、PROT_EXEC(可执行）和PROT_NONE（不可访问)。

参数addr指定文件应被映射到用户空间的起始地址，一般被指定为NULL，这样，选择起始地址的任务将由内核完成，而函数的返回值就是映射到用户空间的地址。其类型caddr_t实际上就是void*。

当用户调用mmap ()）的时候，内核会进行如下处理。

1）在进程的虚拟空间查找一块VMA。

2）将这块VMA进行映射。

3）如果设备驱动程序或者文件系统的file_operations定义了mmap () *** 作，则调用它。

4）将这个VMA插入进程的VMA链表中。

file_operations中mmap (）函数的第一个参数就是步骤1）找到的VMA。

由mmap ()系统调用映射的内存可由munmap (）解除映射，这个函数的原型如下:

int munmap(caddr_t addr, size_t len )

驱动程序中mmap ()的实现机制是建立页表，并填充VMA结构体中vm_operations_struct指针。

[global]

# ----------------------- Network Related Options-------------------------

#

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH

#

# server string is the equivalent of the NT Description field

#

# netbios name can be used to specify a server name not tied to thehostname

#

# Interfaces lets you configure Samba to use multiple interfaces

# If you have multiple network interfaces then you can list the ones

# you want to listen on (never omit localhost)

#

# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can

# specifiy it as a per share option as well

#

workgroup = MYGROUP

server string = Samba Server Version%v

netbios name = MYSERVER

interfaces = lo eth0

hosts allow = 192.168.1.

user map =/etc/samba/smbusermap

# --------------------------- Logging Options-----------------------------

#

# Log File let you specify where to put logs and how to split them up.

#

# Max Log Size let you specify the max size log files should reach

# logs split per machine

log file = /var/log/samba/log.%m

# max 50KB per log file, thenrotate

max log size = 50

# ----------------------- Standalone Server Options------------------------

#

# Scurity can be set to user, share(deprecated) or server(deprecated)

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

security = user

passdb backend = tdbsam

# ----------------------- Domain Members Options ------------------------

#

# Security must be set to domain or ads

#

# Use the realm option only with security = ads

# Specifies the Active Directory realm the host is part of

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

#

# Use password server option only with security = server or if you can't

# use the DNS to locate Domain Controllers

# The argument list may include:

# password server = My_PDC_Name[My_BDC_Name] [My_Next_BDC_Name]

# or to auto-locate the domain controller/s

# password server = *

security = domain

passdb backend = tdbsam

realm = MY_REALM

password server =<NT-Server-Name>

# ----------------------- Domain Controller Options------------------------

#

# Security must be set to user for domain controllers

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

#

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

#

# Domain Logons let Samba be a domain logon server for Windows workstations.

#

# Logon Scrpit let yuou specify a script to be run at login time on theclient

# You need to provide it in a share called NETLOGON

#

# Logon Path let you specify where user profiles are stored (UNC path)

#

# Various scripts can be used on a domain controller or stand-alone

# machine to add or delete corresponding unix accounts

#

security = user

passdb backend = tdbsam

domain master = yes

domain logons = yes

# the login script name depends on themachine name

logon script = %m.bat

# the login script name depends on theunix user used

logon script = %u.bat

logon path = \\%L\Profiles\%u

# disables profiles support byspecifing an empty path

logon path =

add user script = /usr/sbin/useradd"%u" -n -g users

add group script = /usr/sbin/groupadd"%g"

add machine script = /usr/sbin/useradd-n -c "Workstation (%u)" -M -d /nohome -s /bin/false"%u"

delete user script = /usr/sbin/userdel"%u"

delete user from group script =/usr/sbin/userdel "%u" "%g"

delete group script =/usr/sbin/groupdel "%g"

# ----------------------- Browser Control Options----------------------------

#

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

#

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

#

# Preferred Master causes Samba to force a local browser election onstartup

# and gives it a slightly higher chance of winning the election

local master = no

os level = 33

preferred master = yes

#----------------------------- Name Resolution -------------------------------

# Windows Internet Name Serving Support Section:

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

#

# - WINS Support: Tells the NMBD component of Samba to enable it's WINSServer

#

# - WINS Server: Tells the NMBD components of Samba to be a WINS Client

#

# - WINS Proxy: Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client,for this to work there must be

# at least oneWINS Server on the network. The default is NO.

#

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups.

wins support = yes

wins server = w.x.y.z

wins proxy = yes

dns proxy = yes

# --------------------------- Printing Options-----------------------------

#

# Load Printers let you load automatically the list of printers rather

# than setting them up individually

#

# Cups Options let you pass the cups libs custom options, setting it toraw

# for example will let you use drivers on your Windows clients

#

# Printcap Name let you specify an alternative printcap file

#

# You can choose a non default printing system using the Printing option

load printers = no

cups options = raw

printcap name = /etc/printcap

#obtain list of printers automaticallyon SystemV

printcap name = lpstat

printing = cups

# --------------------------- Filesystem Options---------------------------

#

# The following options can be uncommented if the filesystem supports

# Extended Attributes and they are enabled (usually by the mount option

# user_xattr). Thess options will let the admin store the DOS attributes

# in an EA and make samba not mess with the permission bits.

#

# Note: these options can also be set just per share, setting them inglobal

# makes them the default for all shares

map archive = no

map hidden = no

map read only = no

map system = no

store dos attributes = yes

#============================ Share Definitions==============================

[homes]

comment = Home Directories

browseable = no

writable = yes

valid users = %S

valid users = MYDOMAIN\%S

[sales]

comment = Home Directories

path=/var/samba/sales

browseable = no

writable = yes

valid users = %S

valid users = MYDOMAIN\%S

[finance]

comment = Home Directories

browseable = yes

path=/var/samba/finance

writable = yes

valid users = %S

valid users = MYDOMAIN\%S

[printers]

comment = All Printers

path = /var/spool/samba

browseable = no

guest ok = no

writable = no

printable = yes

# Un-comment the following and create the netlogon directory for DomainLogons

[netlogon]

comment = Network Logon Service

path = /var/lib/samba/netlogon

guest ok = yes

writable = no

share modes = no

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

[Profiles]

path = /var/lib/samba/profiles

browseable = no

guest ok = yes

# A publicly accessible directory, but read only, except for people in

# the "staff" group

[public]

comment = Public Stuff

path = /home/samba

public = yes

writable = yes

printable = no

write list = +staff

以上是smb.conf内的配置。

增加用户和组，并设置好用户组的隶属关系。

用smbpasswd -a 增加smb访问密码。

---