poll(2) 源码分析
- 2019 年 10 月 12 日
- 笔记
poll(2)
poll(2) 系统调用的功能和 select(2) 类似:等待一个文件集合中的文件描述符就绪进行I/O操作。
select(2) 的局限性:
- 关注的文件描述符集合大小最大只有 1024
- 文件描述符集合为顺序的,不能任意指定 fd,浪费占用的fd
poll(2) 对 select(2) 的改进,关注的文件描述符集合为动态大小,文件描述可以任意指定。
struct pollfd { int fd; /* file descriptor */ short events; /* requested events */ short revents; /* returned events */ }; - fd 为关注的文件描述符 - events 为关注的事件(输入),使用位掩码来表示事件 - revents 为就绪的事件(输出),同样使用位掩码表示 #include <poll.h> int poll(struct pollfd *fds, nfds_t nfds, int timeout); - fds 为文件描述符集合的地址 - nfds 为文件描述符集合的长度 - timeout 为超时的时间,单位为 毫秒 返回值为 revents 不为 0 的个数,出错返回 -1一个简单的例子:等待标准输入就绪,超时时间为3s。
#include <poll.h> #include <unistd.h> #include <stdio.h> int main() { int timeout = 3000; struct pollfd fds = {0}; fds.events |= POLLIN; // fd = 0 等待标准输入 int ret = poll(&fds, 1, timeout); if (ret == -1) printf("error polln"); else if (ret) printf("data is avaliable now.n"); else printf("no data within 3000 ms.n"); }实现
代码位于在 fs/select.c 中,参考中的链接有一些关于文件回调和poll结构的说明
poll()
SYSCALL_DEFINE3(poll, struct pollfd __user *, ufds, unsigned int, nfds, int, timeout_msecs) { struct timespec64 end_time, *to = NULL; int ret; if (timeout_msecs >= 0) { to = &end_time; poll_select_set_timeout(to, timeout_msecs / MSEC_PER_SEC, NSEC_PER_MSEC * (timeout_msecs % MSEC_PER_SEC)); } ret = do_sys_poll(ufds, nfds, to); if (ret == -EINTR) { struct restart_block *restart_block; restart_block = ¤t->restart_block; restart_block->fn = do_restart_poll; restart_block->poll.ufds = ufds; restart_block->poll.nfds = nfds; if (timeout_msecs >= 0) { restart_block->poll.tv_sec = end_time.tv_sec; restart_block->poll.tv_nsec = end_time.tv_nsec; restart_block->poll.has_timeout = 1; } else restart_block->poll.has_timeout = 0; ret = -ERESTART_RESTARTBLOCK; } return ret; }poll() 代码很简单:
- 处理超时时间
- 实现 poll(2)
- 处理后事:判断是否超时或者重新调用。
do_sys_poll()
static int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, struct timespec64 *end_time) { struct poll_wqueues table; int err = -EFAULT, fdcount, len, size; /* Allocate small arguments on the stack to save memory and be faster - use long to make sure the buffer is aligned properly on 64 bit archs to avoid unaligned access */ long stack_pps[POLL_STACK_ALLOC/sizeof(long)]; // 256 字节大小 struct poll_list *const head = (struct poll_list *)stack_pps; struct poll_list *walk = head; unsigned long todo = nfds; if (nfds > rlimit(RLIMIT_NOFILE)) // 最大打开的文件数量限制 return -EINVAL; // N_STACK_PPS = (256 - 16) / 8 = 30, 栈空间可以保存 30 个pollfd结构 // 将用户空间的 struct pollfd 部分移动至栈空间内的数组中 len = min_t(unsigned int, nfds, N_STACK_PPS); for (;;) { walk->next = NULL; walk->len = len; if (!len) break; if (copy_from_user(walk->entries, ufds + nfds-todo, sizeof(struct pollfd) * walk->len)) goto out_fds; todo -= walk->len; if (!todo) break; // POLLFD_PER_PAGE = (4096 - 16) / 8 = 510 // 申请页,每页可容纳 510 个 pollfd 结构 len = min(todo, POLLFD_PER_PAGE); size = sizeof(struct poll_list) + sizeof(struct pollfd) * len; walk = walk->next = kmalloc(size, GFP_KERNEL); if (!walk) { err = -ENOMEM; goto out_fds; } } // 将所有的pollfd 结构移动至以 head 为首地址的内核空间中 poll_initwait(&table); // 初始化 table,详见 select 中的分析,见下参考 fdcount = do_poll(head, &table, end_time); poll_freewait(&table); // 释放 table // 将 revents 复制到用户空间 for (walk = head; walk; walk = walk->next) { struct pollfd *fds = walk->entries; int j; for (j = 0; j < walk->len; j++, ufds++) if (__put_user(fds[j].revents, &ufds->revents)) goto out_fds; } err = fdcount; out_fds: walk = head->next; while (walk) { struct poll_list *pos = walk; walk = walk->next; kfree(pos); } return err; }do_sys_poll() 函数也是分为三步实现
- 将用户空间的数据复制到内核空间
- 调用核心实现 do_poll()
- 将就绪的事件数据从内核空间复制到用户空间
do_poll()
static int do_poll(struct poll_list *list, struct poll_wqueues *wait, struct timespec64 *end_time) { poll_table* pt = &wait->pt; ktime_t expire, *to = NULL; int timed_out = 0, count = 0; u64 slack = 0; __poll_t busy_flag = net_busy_loop_on() ? POLL_BUSY_LOOP : 0; unsigned long busy_start = 0; /* Optimise the no-wait case */ if (end_time && !end_time->tv_sec && !end_time->tv_nsec) { pt->_qproc = NULL; timed_out = 1; } if (end_time && !timed_out) slack = select_estimate_accuracy(end_time); // 估算进程等待的时间,函数返回 纳秒 for (;;) { struct poll_list *walk; bool can_busy_loop = false; for (walk = list; walk != NULL; walk = walk->next) { struct pollfd * pfd, * pfd_end; pfd = walk->entries; pfd_end = pfd + walk->len; for (; pfd != pfd_end; pfd++) { // 对所有的 struct pollfd 遍历处理,do_pollfd 为单独处理一个 fd 的函数 /* * Fish for events. If we found one, record it * and kill poll_table->_qproc, so we don't * needlessly register any other waiters after * this. They'll get immediately deregistered * when we break out and return. */ if (do_pollfd(pfd, pt, &can_busy_loop, busy_flag)) { count++; pt->_qproc = NULL; /* found something, stop busy polling */ busy_flag = 0; can_busy_loop = false; } } } /* * All waiters have already been registered, so don't provide * a poll_table->_qproc to them on the next loop iteration. */ pt->_qproc = NULL; if (!count) { count = wait->error; if (signal_pending(current)) count = -EINTR; } if (count || timed_out) break; /* only if found POLL_BUSY_LOOP sockets && not out of time */ if (can_busy_loop && !need_resched()) { if (!busy_start) { busy_start = busy_loop_current_time(); continue; } if (!busy_loop_timeout(busy_start)) continue; } busy_flag = 0; /* * If this is the first loop and we have a timeout * given, then we convert to ktime_t and set the to * pointer to the expiry value. */ if (end_time && !to) { expire = timespec64_to_ktime(*end_time); to = &expire; } if (!poll_schedule_timeout(wait, TASK_INTERRUPTIBLE, to, slack)) // 调度直到超时 timed_out = 1; } return count; }这个函数写的很清楚了,也有很多注释
- can_busy_loop 是和 CONFIG_NET_RX_BUSY_POLL 配置相关的,不算通用处理情况,先忽略不考虑
- count 为函数的返回值,在 do_pollfd 有返回匹配的掩码时递增,为就绪的文件描述符数量,无就绪文件的时候为等待队列中的错误码
pt->_qproc为文件poll操作调用的函数,= NULL的操作在注释中已经说明,函数已经注册到队列中,不必再次注册. 这个函数相关的内容可以在另外一篇 select(2) 找到具体的说明
/* * Fish for events. If we found one, record it and kill poll_table->_qproc, so we don't * needlessly register any other waiters after this. They'll get immediately deregistered * when we break out and return. */ /* * All waiters have already been registered, so don't provide a poll_table->_qproc to them on the next loop iteration. */do_pollfd()
/* * Fish for pollable events on the pollfd->fd file descriptor. We're only * interested in events matching the pollfd->events mask, and the result * matching that mask is both recorded in pollfd->revents and returned. The * pwait poll_table will be used by the fd-provided poll handler for waiting, * if pwait->_qproc is non-NULL. */ static inline __poll_t do_pollfd(struct pollfd *pollfd, poll_table *pwait, bool *can_busy_poll, __poll_t busy_flag) { __poll_t mask; int fd; mask = 0; fd = pollfd->fd; if (fd >= 0) { struct fd f = fdget(fd); mask = EPOLLNVAL; // 0x20 if (f.file) { /* userland u16 ->events contains POLL... bitmap */ // 设置关注的事件 __poll_t filter = demangle_poll(pollfd->events) | EPOLLERR | EPOLLHUP; mask = DEFAULT_POLLMASK; // (EPOLLIN | EPOLLOUT | EPOLLRDNORM | EPOLLWRNORM) if (f.file->f_op->poll) { pwait->_key = filter; pwait->_key |= busy_flag; // key 在唤醒函数的时候用到 mask = f.file->f_op->poll(f.file, pwait); // 获取就绪的文件掩码 if (mask & busy_flag) *can_busy_poll = true; } /* Mask out unneeded events. */ mask &= filter; // 将文件返回的事件掩码与关注的事件做与操作得到 关注的就绪事件掩码 fdput(f); } } /* ... and so does ->revents */ pollfd->revents = mangle_poll(mask); // 设置就绪掩码 return mask; }讨论在不考虑错误的情况下,
poll(2) 返回的是revents 非 0 的个数,在 do_pollfd() 中返回一个非 0 的 mask,poll(2) 返回的 count 就 +1。
mask = 0 有两种可能:
- 和 filter 做与运算,但是这样做有一个前提就是可以取到 fd
- fd < 0,这种属于无意义的fd了,属于用户的问题
在已了解的fd中: eventfd 和普通的文件poll函数返回情况
- EPOLLIN 或者 EPOLLOUT 或两个都存在
- (EPOLLIN | EPOLLOUT | EPOLLRDNORM | EPOLLWRNORM)
当关注的事件不在以上事件中,是可能返回 0,而count不增加的
struct pollfd fds[n]; rn = poll(fds, n, 0); for (int i = 0; i < rn; ++i) if (fds[i].revents ...)像上面这种操作是有风险的,会访问不到rn之后的fd。
mangle_poll() 设置就绪掩码
展开一下 就绪掩码的设置函数, __MAP 函数有点绕, 大概就是将 v & from 转换至靠近 to 大小的数值,没太明白为什么这么做。在 4.17 内核中 POLLIN 和 EPOLLIN 这类宏定义大小是一样的。
#define __MAP(v, from, to) (from < to ? (v & from) * (to/from) : (v & from) / (from/to)) static inline __poll_t demangle_poll(u16 val) { return (__force __poll_t)__MAP(val, POLLIN, (__force __u16)EPOLLIN) | (__force __poll_t)__MAP(val, POLLOUT, (__force __u16)EPOLLOUT) | (__force __poll_t)__MAP(val, POLLPRI, (__force __u16)EPOLLPRI) | (__force __poll_t)__MAP(val, POLLERR, (__force __u16)EPOLLERR) | (__force __poll_t)__MAP(val, POLLNVAL, (__force __u16)EPOLLNVAL) | (__force __poll_t)__MAP(val, POLLRDNORM, (__force __u16)EPOLLRDNORM) | (__force __poll_t)__MAP(val, POLLRDBAND, (__force __u16)EPOLLRDBAND) | (__force __poll_t)__MAP(val, POLLWRNORM, (__force __u16)EPOLLWRNORM) | (__force __poll_t)__MAP(val, POLLWRBAND, (__force __u16)EPOLLWRBAND) | (__force __poll_t)__MAP(val, POLLHUP, (__force __u16)EPOLLHUP) | (__force __poll_t)__MAP(val, POLLRDHUP, (__force __u16)EPOLLRDHUP) | (__force __poll_t)__MAP(val, POLLMSG, (__force __u16)EPOLLMSG); }参考
select 源码分析,上一篇写的关于 select 的分析,有一些关于 poll 结构和文件回调的分析。
