optee内核中malloc函数的原理介绍
生活随笔
收集整理的這篇文章主要介紹了
optee内核中malloc函数的原理介绍
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
文章目錄
- 1、鏈接文件和匯編文件的對比分析
- 2、malloc和calloc
- 3、optee中的內核棧
★★★ 友情鏈接 : 個人博客導讀首頁—點擊此處 ★★★
1、鏈接文件和匯編文件的對比分析
可用查看optee的kern.ld.S文件,和下面的反匯編文件對比.
out/arm-plat-xxxx/core/tee.elf: file format elf64-littleaarch64 out/arm-plat-xxxx/core/tee.elf architecture: aarch64, flags 0x00000112: EXEC_P, HAS_SYMS, D_PAGED start address 0x0000000080020000Program Header:LOAD off 0x0000000000010000 vaddr 0x0000000080020000 paddr 0x0000000080020000 align 2**16filesz 0x0000000000051538 memsz 0x00000000003d0b80 flags rwxSTACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw- private flags = 0:Sections: Idx Name Size VMA LMA File off Algn0 .text 00042e00 0000000080020000 0000000080020000 00010000 2**11 ---------- 代碼段CONTENTS, ALLOC, LOAD, READONLY, CODE1 .rodata 0000bd08 0000000080062e00 0000000080062e00 00052e00 2**3CONTENTS, ALLOC, LOAD, READONLY, DATA2 .data 00002538 000000008006f000 000000008006f000 0005f000 2**3CONTENTS, ALLOC, LOAD, DATA3 .bss 00019270 0000000080071540 0000000080071540 00061538 2**5ALLOC4 .heap1 00301850 000000008008a7b0 000000008008a7b0 00061538 2**0 ---------- 堆,malloc就使用的這里的內存ALLOC5 .nozi 00064b80 000000008038c000 000000008038c000 00061538 2**12 ----------non zero initialized, optee的內核棧在這里ALLOC6 .debug_info 000e1253 0000000000000000 0000000000000000 00061538 2**0CONTENTS, READONLY, DEBUGGING7 .debug_abbrev 00023d00 0000000000000000 0000000000000000 0014278b 2**0CONTENTS, READONLY, DEBUGGING8 .debug_loc 000c0b5d 0000000000000000 0000000000000000 0016648b 2**0CONTENTS, READONLY, DEBUGGING9 .debug_aranges 00008110 0000000000000000 0000000000000000 00226ff0 2**4CONTENTS, READONLY, DEBUGGING10 .debug_ranges 0000da30 0000000000000000 0000000000000000 0022f100 2**4CONTENTS, READONLY, DEBUGGING11 .debug_line 00028b2a 0000000000000000 0000000000000000 0023cb30 2**0CONTENTS, READONLY, DEBUGGING12 .debug_str 0001117d 0000000000000000 0000000000000000 0026565a 2**0CONTENTS, READONLY, DEBUGGING13 .debug_frame 00011998 0000000000000000 0000000000000000 002767d8 2**3CONTENTS, READONLY, DEBUGGING2、malloc和calloc
(1)、malloc和calloc直接調用的mdbg_calloc函數
#define malloc(size) mdbg_malloc(__FILE__, __LINE__, (size)) #define calloc(nmemb, size) \mdbg_calloc(__FILE__, __LINE__, (nmemb), (size))(2)、malloc_poolset是一個鏈表,指向內存池,mdbg_malloc從malloc_poolset鏈表中分配內存
void *mdbg_malloc(const char *fname, int lineno, size_t size) {struct mdbg_hdr *hdr;uint32_t exceptions = malloc_lock();/** Check struct mdbg_hdr doesn't get bad alignment.* This is required by C standard: the buffer returned from* malloc() should be aligned with a fundamental alignment.* For ARM32, the required alignment is 8. For ARM64, it is 16.*/COMPILE_TIME_ASSERT((sizeof(struct mdbg_hdr) % (__alignof(uintptr_t) * 2)) == 0);hdr = raw_malloc(sizeof(struct mdbg_hdr),mdbg_get_ftr_size(size), size, &malloc_poolset);if (hdr) {mdbg_update_hdr(hdr, fname, lineno, size);hdr++;}malloc_unlock(exceptions);return hdr; }(3)、系統開機時,調用malloc_add_pool將堆地址加入到malloc_poolset鏈表(內存池)
void malloc_add_pool(void *buf, size_t len) {void *p;size_t l;uint32_t exceptions;uintptr_t start = (uintptr_t)buf;uintptr_t end = start + len;const size_t min_len = ((sizeof(struct malloc_pool) + (SizeQuant - 1)) &(~(SizeQuant - 1))) +sizeof(struct bhead) * 2;start = ROUNDUP(start, SizeQuant);end = ROUNDDOWN(end, SizeQuant);assert(start < end);if ((end - start) < min_len) {DMSG("Skipping too small pool");return;}exceptions = malloc_lock();tag_asan_free((void *)start, end - start);bpool((void *)start, end - start, &malloc_poolset);l = malloc_pool_len + 1;p = realloc_unlocked(malloc_pool, sizeof(struct malloc_pool) * l);assert(p);malloc_pool = p;malloc_pool[malloc_pool_len].buf = (void *)start;malloc_pool[malloc_pool_len].len = end - start; #ifdef BufStatsmstats.size += malloc_pool[malloc_pool_len].len; #endifmalloc_pool_len = l;malloc_unlock(exceptions); }(4)、系統開機時,將__heap1_start和__heap2_start都加入了malloc_poolset鏈表(內存池)
static void init_runtime(unsigned long pageable_part) {.....malloc_add_pool(__heap1_start, __heap1_end - __heap1_start);malloc_add_pool(__heap2_start, __heap2_end - __heap2_start);..... }(5)、__heap1_start是在kern.ld.S鏈接文件中定義的,在conf.mk中定義CFG_CORE_HEAP_SIZE = 3145728
__heap1_start = .; #ifndef CFG_WITH_PAGER. += CFG_CORE_HEAP_SIZE; #endif. = ALIGN(16 * 1024);__heap1_end = .;}(5)、在創建user線程時,也將userspace的堆地址加入到了malloc_poolset鏈表(內存池)
static TEE_Result init_instance(void) {trace_set_level(tahead_get_trace_level());__utee_gprof_init();malloc_add_pool(ta_heap, ta_heap_size);_TEE_MathAPI_Init();return TA_CreateEntryPoint(); }3、optee中的內核棧
通過上述分析,我們知道malloc從堆中分配內存,且堆的大小是固定的,那么除去代碼端、section段、堆之后,剩余的空間都是什么呢?
剩余的空間都是.nozi段,optee中的棧就定義在此段,包含stack_tmp、stack_abt、stack_thread棧
- DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
static); //aarch32下給atf用的棧 - DECLARE_STACK(stack_abt, CFG_TEE_CORE_NB_CORE, STACK_ABT_SIZE,
static); //異常棧 - DECLARE_STACK(stack_thread, CFG_NUM_THREADS, STACK_THREAD_SIZE,
static); //optee內核棧
該棧定義在nozi_stack棧,而nozi_stack又在nozi段中
#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ linkage uint32_t name[num_stacks] \[ROUNDUP(stack_size + STACK_CANARY_SIZE, STACK_ALIGNMENT) / \sizeof(uint32_t)] \__attribute__((section(".nozi_stack"), \aligned(STACK_ALIGNMENT))) .nozi (NOLOAD) : {__nozi_start = .;ASSERT(!(__nozi_start & (16 * 1024 - 1)), "align nozi to 16kB");KEEP(*(.nozi .nozi.*)). = ALIGN(16);__nozi_end = .;__nozi_stack_start = .;KEEP(*(.nozi_stack)). = ALIGN(8);__nozi_stack_end = .;}總結
以上是生活随笔為你收集整理的optee内核中malloc函数的原理介绍的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: optee对std smc的处理的详解
- 下一篇: optee应用程序中malloc函数的原