linux-vybrid_public/Documentation/DocBook/kernel-hacking.tmpl

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
	"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" []>

<book id="lk-hacking-guide">
 <bookinfo>
  <title>Unreliable Guide To Hacking The Linux Kernel</title>
  
  <authorgroup>
   <author>
    <firstname>Paul</firstname>
    <othername>Rusty</othername>
    <surname>Russell</surname>
    <affiliation>
     <address>
      <email>rusty@rustcorp.com.au</email>
     </address>
    </affiliation>
   </author>
  </authorgroup>

  <copyright>
   <year>2001</year>
   <holder>Rusty Russell</holder>
  </copyright>

  <legalnotice>
   <para>
    This documentation is free software; you can redistribute
    it and/or modify it under the terms of the GNU General Public
    License as published by the Free Software Foundation; either
    version 2 of the License, or (at your option) any later
    version.
   </para>
   
   <para>
    This program is distributed in the hope that it will be
    useful, but WITHOUT ANY WARRANTY; without even the implied
    warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    See the GNU General Public License for more details.
   </para>
   
   <para>
    You should have received a copy of the GNU General Public
    License along with this program; if not, write to the Free
    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
    MA 02111-1307 USA
   </para>
   
   <para>
    For more details see the file COPYING in the source
    distribution of Linux.
   </para>
  </legalnotice>

  <releaseinfo>
   This is the first release of this document as part of the kernel tarball.
  </releaseinfo>

 </bookinfo>

 <toc></toc>

 <chapter id="introduction">
  <title>Introduction</title>
  <para>
   Welcome, gentle reader, to Rusty's Unreliable Guide to Linux
   Kernel Hacking.  This document describes the common routines and
   general requirements for kernel code: its goal is to serve as a
   primer for Linux kernel development for experienced C
   programmers.  I avoid implementation details: that's what the
   code is for, and I ignore whole tracts of useful routines.
  </para>
  <para>
   Before you read this, please understand that I never wanted to
   write this document, being grossly under-qualified, but I always
   wanted to read it, and this was the only way.  I hope it will
   grow into a compendium of best practice, common starting points
   and random information.
  </para>
 </chapter>

 <chapter id="basic-players">
  <title>The Players</title>

  <para>
   At any time each of the CPUs in a system can be:
  </para>

  <itemizedlist>
   <listitem>
    <para>
     not associated with any process, serving a hardware interrupt;
    </para>
   </listitem>

   <listitem>
    <para>
     not associated with any process, serving a softirq, tasklet or bh;
    </para>
   </listitem>

   <listitem>
    <para>
     running in kernel space, associated with a process;
    </para>
   </listitem>

   <listitem>
    <para>
     running a process in user space.
    </para>
   </listitem>
  </itemizedlist>

  <para>
   There is a strict ordering between these: other than the last
   category (userspace) each can only be pre-empted by those above.
   For example, while a softirq is running on a CPU, no other
   softirq will pre-empt it, but a hardware interrupt can.  However,
   any other CPUs in the system execute independently.
  </para>

  <para>
   We'll see a number of ways that the user context can block
   interrupts, to become truly non-preemptable.
  </para>
  
  <sect1 id="basics-usercontext">
   <title>User Context</title>

   <para>
    User context is when you are coming in from a system call or
    other trap: you can sleep, and you own the CPU (except for
    interrupts) until you call <function>schedule()</function>.  
    In other words, user context (unlike userspace) is not pre-emptable.
   </para>

   <note>
    <para>
     You are always in user context on module load and unload,
     and on operations on the block device layer.
    </para>
   </note>

   <para>
    In user context, the <varname>current</varname> pointer (indicating 
    the task we are currently executing) is valid, and
    <function>in_interrupt()</function>
    (<filename>include/linux/interrupt.h</filename>) is <returnvalue>false
    </returnvalue>.  
   </para>

   <caution>
    <para>
     Beware that if you have interrupts or bottom halves disabled 
     (see below), <function>in_interrupt()</function> will return a 
     false positive.
    </para>
   </caution>
  </sect1>

  <sect1 id="basics-hardirqs">
   <title>Hardware Interrupts (Hard IRQs)</title>

   <para>
    Timer ticks, <hardware>network cards</hardware> and 
    <hardware>keyboard</hardware> are examples of real
    hardware which produce interrupts at any time.  The kernel runs
    interrupt handlers, which services the hardware.  The kernel
    guarantees that this handler is never re-entered: if another
    interrupt arrives, it is queued (or dropped).  Because it
    disables interrupts, this handler has to be fast: frequently it
    simply acknowledges the interrupt, marks a `software interrupt'
    for execution and exits.
   </para>

   <para>
    You can tell you are in a hardware interrupt, because 
    <function>in_irq()</function> returns <returnvalue>true</returnvalue>.  
   </para>
   <caution>
    <para>
     Beware that this will return a false positive if interrupts are disabled 
     (see below).
    </para>
   </caution>
  </sect1>

  <sect1 id="basics-softirqs">
   <title>Software Interrupt Context: Bottom Halves, Tasklets, softirqs</title>

   <para>
    Whenever a system call is about to return to userspace, or a
    hardware interrupt handler exits, any `software interrupts'
    which are marked pending (usually by hardware interrupts) are
    run (<filename>kernel/softirq.c</filename>).
   </para>

   <para>
    Much of the real interrupt handling work is done here.  Early in
    the transition to <acronym>SMP</acronym>, there were only `bottom 
    halves' (BHs), which didn't take advantage of multiple CPUs.  Shortly 
    after we switched from wind-up computers made of match-sticks and snot,
    we abandoned this limitation.
   </para>

   <para>
    <filename class="headerfile">include/linux/interrupt.h</filename> lists the
    different BH's.  No matter how many CPUs you have, no two BHs will run at 
    the same time. This made the transition to SMP simpler, but sucks hard for
    scalable performance.  A very important bottom half is the timer
    BH (<filename class="headerfile">include/linux/timer.h</filename>): you
    can register to have it call functions for you in a given length of time.
   </para>

   <para>
    2.3.43 introduced softirqs, and re-implemented the (now
    deprecated) BHs underneath them.  Softirqs are fully-SMP
    versions of BHs: they can run on as many CPUs at once as
    required.  This means they need to deal with any races in shared
    data using their own locks.  A bitmask is used to keep track of
    which are enabled, so the 32 available softirqs should not be
    used up lightly.  (<emphasis>Yes</emphasis>, people will
    notice).
   </para>

   <para>
    tasklets (<filename class="headerfile">include/linux/interrupt.h</filename>)
    are like softirqs, except they are dynamically-registrable (meaning you 
    can have as many as you want), and they also guarantee that any tasklet 
    will only run on one CPU at any time, although different tasklets can 
    run simultaneously (unlike different BHs).  
   </para>
   <caution>
    <para>
     The name `tasklet' is misleading: they have nothing to do with `tasks', 
     and probably more to do with some bad vodka Alexey Kuznetsov had at the 
     time.
    </para>
   </caution>

   <para>
    You can tell you are in a softirq (or bottom half, or tasklet)
    using the <function>in_softirq()</function> macro 
    (<filename class="headerfile">include/linux/interrupt.h</filename>).
   </para>
   <caution>
    <para>
     Beware that this will return a false positive if a bh lock (see below)
     is held.
    </para>
   </caution>
  </sect1>
 </chapter>

 <chapter id="basic-rules">
  <title>Some Basic Rules</title>

  <variablelist>
   <varlistentry>
    <term>No memory protection</term>
    <listitem>
     <para>
      If you corrupt memory, whether in user context or
      interrupt context, the whole machine will crash.  Are you
      sure you can't do what you want in userspace?
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>No floating point or <acronym>MMX</acronym></term>
    <listitem>
     <para>
      The <acronym>FPU</acronym> context is not saved; even in user
      context the <acronym>FPU</acronym> state probably won't
      correspond with the current process: you would mess with some
      user process' <acronym>FPU</acronym> state.  If you really want
      to do this, you would have to explicitly save/restore the full
      <acronym>FPU</acronym> state (and avoid context switches).  It
      is generally a bad idea; use fixed point arithmetic first.
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>A rigid stack limit</term>
    <listitem>
     <para>
      The kernel stack is about 6K in 2.2 (for most
      architectures: it's about 14K on the Alpha), and shared
      with interrupts so you can't use it all.  Avoid deep
      recursion and huge local arrays on the stack (allocate
      them dynamically instead).
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>The Linux kernel is portable</term>
    <listitem>
     <para>
      Let's keep it that way.  Your code should be 64-bit clean,
      and endian-independent.  You should also minimize CPU
      specific stuff, e.g. inline assembly should be cleanly
      encapsulated and minimized to ease porting.  Generally it
      should be restricted to the architecture-dependent part of
      the kernel tree.
     </para>
    </listitem>
   </varlistentry>
  </variablelist>
 </chapter>

 <chapter id="ioctls">
  <title>ioctls: Not writing a new system call</title>

  <para>
   A system call generally looks like this
  </para>

  <programlisting>
asmlinkage long sys_mycall(int arg)
{
        return 0; 
}
  </programlisting>

  <para>
   First, in most cases you don't want to create a new system call.
   You create a character device and implement an appropriate ioctl
   for it.  This is much more flexible than system calls, doesn't have
   to be entered in every architecture's
   <filename class="headerfile">include/asm/unistd.h</filename> and
   <filename>arch/kernel/entry.S</filename> file, and is much more
   likely to be accepted by Linus.
  </para>

  <para>
   If all your routine does is read or write some parameter, consider
   implementing a <function>sysctl</function> interface instead.
  </para>

  <para>
   Inside the ioctl you're in user context to a process.  When a
   error occurs you return a negated errno (see
   <filename class="headerfile">include/linux/errno.h</filename>),
   otherwise you return <returnvalue>0</returnvalue>.
  </para>

  <para>
   After you slept you should check if a signal occurred: the
   Unix/Linux way of handling signals is to temporarily exit the
   system call with the <constant>-ERESTARTSYS</constant> error.  The
   system call entry code will switch back to user context, process
   the signal handler and then your system call will be restarted
   (unless the user disabled that).  So you should be prepared to
   process the restart, e.g. if you're in the middle of manipulating
   some data structure.
  </para>

  <programlisting>
if (signal_pending()) 
        return -ERESTARTSYS;
  </programlisting>

  <para>
   If you're doing longer computations: first think userspace. If you
   <emphasis>really</emphasis> want to do it in kernel you should
   regularly check if you need to give up the CPU (remember there is
   cooperative multitasking per CPU).  Idiom:
  </para>

  <programlisting>
cond_resched(); /* Will sleep */ 
  </programlisting>

  <para>
   A short note on interface design: the UNIX system call motto is
   "Provide mechanism not policy".
  </para>
 </chapter>

 <chapter id="deadlock-recipes">
  <title>Recipes for Deadlock</title>

  <para>
   You cannot call any routines which may sleep, unless:
  </para>
  <itemizedlist>
   <listitem>
    <para>
     You are in user context.
    </para>
   </listitem>

   <listitem>
    <para>
     You do not own any spinlocks.
    </para>
   </listitem>

   <listitem>
    <para>
     You have interrupts enabled (actually, Andi Kleen says
     that the scheduling code will enable them for you, but
     that's probably not what you wanted).
    </para>
   </listitem>
  </itemizedlist>

  <para>
   Note that some functions may sleep implicitly: common ones are
   the user space access functions (*_user) and memory allocation
   functions without <symbol>GFP_ATOMIC</symbol>.
  </para>

  <para>
   You will eventually lock up your box if you break these rules.  
  </para>

  <para>
   Really.
  </para>
 </chapter>

 <chapter id="common-routines">
  <title>Common Routines</title>

  <sect1 id="routines-printk">
   <title>
    <function>printk()</function>
    <filename class="headerfile">include/linux/kernel.h</filename>
   </title>

   <para>
    <function>printk()</function> feeds kernel messages to the
    console, dmesg, and the syslog daemon.  It is useful for debugging
    and reporting errors, and can be used inside interrupt context,
    but use with caution: a machine which has its console flooded with
    printk messages is unusable.  It uses a format string mostly
    compatible with ANSI C printf, and C string concatenation to give
    it a first "priority" argument:
   </para>

   <programlisting>
printk(KERN_INFO "i = %u\n", i);
   </programlisting>

   <para>
    See <filename class="headerfile">include/linux/kernel.h</filename>;
    for other KERN_ values; these are interpreted by syslog as the
    level.  Special case: for printing an IP address use
   </para>

   <programlisting>
__u32 ipaddress;
printk(KERN_INFO "my ip: %d.%d.%d.%d\n", NIPQUAD(ipaddress));
   </programlisting>

   <para>
    <function>printk()</function> internally uses a 1K buffer and does
    not catch overruns.  Make sure that will be enough.
   </para>

   <note>
    <para>
     You will know when you are a real kernel hacker
     when you start typoing printf as printk in your user programs :)
    </para>
   </note>

   <!--- From the Lions book reader department --> 

   <note>
    <para>
     Another sidenote: the original Unix Version 6 sources had a
     comment on top of its printf function: "Printf should not be
     used for chit-chat".  You should follow that advice.
    </para>
   </note>
  </sect1>

  <sect1 id="routines-copy">
   <title>
    <function>copy_[to/from]_user()</function>
    /
    <function>get_user()</function>
    /
    <function>put_user()</function>
    <filename class="headerfile">include/asm/uaccess.h</filename>
   </title>  

   <para>
    <emphasis>[SLEEPS]</emphasis>
   </para>

   <para>
    <function>put_user()</function> and <function>get_user()</function>
    are used to get and put single values (such as an int, char, or
    long) from and to userspace.  A pointer into userspace should
    never be simply dereferenced: data should be copied using these
    routines.  Both return <constant>-EFAULT</constant> or 0.
   </para>
   <para>
    <function>copy_to_user()</function> and
    <function>copy_from_user()</function> are more general: they copy
    an arbitrary amount of data to and from userspace.
    <caution>
     <para>
      Unlike <function>put_user()</function> and
      <function>get_user()</function>, they return the amount of
      uncopied data (ie. <returnvalue>0</returnvalue> still means
      success).
     </para>
    </caution>
    [Yes, this moronic interface makes me cringe.  Please submit a
    patch and become my hero --RR.]
   </para>
   <para>
    The functions may sleep implicitly. This should never be called
    outside user context (it makes no sense), with interrupts
    disabled, or a spinlock held.
   </para>
  </sect1>

  <sect1 id="routines-kmalloc">
   <title><function>kmalloc()</function>/<function>kfree()</function>
    <filename class="headerfile">include/linux/slab.h</filename></title>

   <para>
    <emphasis>[MAY SLEEP: SEE BELOW]</emphasis>
   </para>

   <para>
    These routines are used to dynamically request pointer-aligned
    chunks of memory, like malloc and free do in userspace, but
    <function>kmalloc()</function> takes an extra flag word.
    Important values:
   </para>

   <variablelist>
    <varlistentry>
     <term>
      <constant>
       GFP_KERNEL
      </constant>
     </term>
     <listitem>
      <para>
       May sleep and swap to free memory. Only allowed in user
       context, but is the most reliable way to allocate memory.
      </para>
     </listitem>
    </varlistentry>
    
    <varlistentry>
     <term>
      <constant>
       GFP_ATOMIC
      </constant>
     </term>
     <listitem>
      <para>
       Don't sleep. Less reliable than <constant>GFP_KERNEL</constant>,
       but may be called from interrupt context. You should
       <emphasis>really</emphasis> have a good out-of-memory
       error-handling strategy.
      </para>
     </listitem>
    </varlistentry>
    
    <varlistentry>
     <term>
      <constant>
       GFP_DMA
      </constant>
     </term>
     <listitem>
      <para>
       Allocate ISA DMA lower than 16MB. If you don't know what that
       is you don't need it.  Very unreliable.
      </para>
     </listitem>
    </varlistentry>
   </variablelist>

   <para>
    If you see a <errorname>kmem_grow: Called nonatomically from int
    </errorname> warning message you called a memory allocation function
    from interrupt context without <constant>GFP_ATOMIC</constant>.
    You should really fix that.  Run, don't walk.
   </para>

   <para>
    If you are allocating at least <constant>PAGE_SIZE</constant>
    (<filename class="headerfile">include/asm/page.h</filename>) bytes,
    consider using <function>__get_free_pages()</function>

    (<filename class="headerfile">include/linux/mm.h</filename>).  It
    takes an order argument (0 for page sized, 1 for double page, 2
    for four pages etc.) and the same memory priority flag word as
    above.
   </para>

   <para>
    If you are allocating more than a page worth of bytes you can use
    <function>vmalloc()</function>.  It'll allocate virtual memory in
    the kernel map.  This block is not contiguous in physical memory,
    but the <acronym>MMU</acronym> makes it look like it is for you
    (so it'll only look contiguous to the CPUs, not to external device
    drivers).  If you really need large physically contiguous memory
    for some weird device, you have a problem: it is poorly supported
    in Linux because after some time memory fragmentation in a running
    kernel makes it hard.  The best way is to allocate the block early
    in the boot process via the <function>alloc_bootmem()</function>
    routine.
   </para>

   <para>
    Before inventing your own cache of often-used objects consider
    using a slab cache in
    <filename class="headerfile">include/linux/slab.h</filename>
   </para>
  </sect1>

  <sect1 id="routines-current">
   <title><function>current</function>
    <filename class="headerfile">include/asm/current.h</filename></title>

   <para>
    This global variable (really a macro) contains a pointer to
    the current task structure, so is only valid in user context.
    For example, when a process makes a system call, this will
    point to the task structure of the calling process.  It is
    <emphasis>not NULL</emphasis> in interrupt context.
   </para>
  </sect1>

  <sect1 id="routines-udelay">
   <title><function>udelay()</function>/<function>mdelay()</function>
     <filename class="headerfile">include/asm/delay.h</filename>
     <filename class="headerfile">include/linux/delay.h</filename>
   </title>

   <para>
    The <function>udelay()</function> function can be used for small pauses.
    Do not use large values with <function>udelay()</function> as you risk
    overflow - the helper function <function>mdelay()</function> is useful
    here, or even consider <function>schedule_timeout()</function>.
   </para> 
  </sect1>
 
  <sect1 id="routines-endian">
   <title><function>cpu_to_be32()</function>/<function>be32_to_cpu()</function>/<function>cpu_to_le32()</function>/<function>le32_to_cpu()</function>
     <filename class="headerfile">include/asm/byteorder.h</filename>
   </title>

   <para>
    The <function>cpu_to_be32()</function> family (where the "32" can
    be replaced by 64 or 16, and the "be" can be replaced by "le") are
    the general way to do endian conversions in the kernel: they
    return the converted value.  All variations supply the reverse as
    well: <function>be32_to_cpu()</function>, etc.
   </para>

   <para>
    There are two major variations of these functions: the pointer
    variation, such as <function>cpu_to_be32p()</function>, which take
    a pointer to the given type, and return the converted value.  The
    other variation is the "in-situ" family, such as
    <function>cpu_to_be32s()</function>, which convert value referred
    to by the pointer, and return void.
   </para> 
  </sect1>

  <sect1 id="routines-local-irqs">
   <title><function>local_irq_save()</function>/<function>local_irq_restore()</function>
    <filename class="headerfile">include/asm/system.h</filename>
   </title>

   <para>
    These routines disable hard interrupts on the local CPU, and
    restore them.  They are reentrant; saving the previous state in
    their one <varname>unsigned long flags</varname> argument.  If you
    know that interrupts are enabled, you can simply use
    <function>local_irq_disable()</function> and
    <function>local_irq_enable()</function>.
   </para>
  </sect1>

  <sect1 id="routines-softirqs">
   <title><function>local_bh_disable()</function>/<function>local_bh_enable()</function>
    <filename class="headerfile">include/linux/interrupt.h</filename></title>

   <para>
    These routines disable soft interrupts on the local CPU, and
    restore them.  They are reentrant; if soft interrupts were
    disabled before, they will still be disabled after this pair
    of functions has been called.  They prevent softirqs, tasklets
    and bottom halves from running on the current CPU.
   </para>
  </sect1>

  <sect1 id="routines-processorids">
   <title><function>smp_processor_id</function>()
    <filename class="headerfile">include/asm/smp.h</filename></title>
   
   <para>
    <function>smp_processor_id()</function> returns the current
    processor number, between 0 and <symbol>NR_CPUS</symbol> (the
    maximum number of CPUs supported by Linux, currently 32).  These
    values are not necessarily continuous.
   </para>
  </sect1>

  <sect1 id="routines-init">
   <title><type>__init</type>/<type>__exit</type>/<type>__initdata</type>
    <filename class="headerfile">include/linux/init.h</filename></title>

   <para>
    After boot, the kernel frees up a special section; functions
    marked with <type>__init</type> and data structures marked with
    <type>__initdata</type> are dropped after boot is complete (within
    modules this directive is currently ignored).  <type>__exit</type>
    is used to declare a function which is only required on exit: the
    function will be dropped if this file is not compiled as a module.
    See the header file for use. Note that it makes no sense for a function
    marked with <type>__init</type> to be exported to modules with 
    <function>EXPORT_SYMBOL()</function> - this will break.
   </para>
   <para>
   Static data structures marked as <type>__initdata</type> must be initialised
   (as opposed to ordinary static data which is zeroed BSS) and cannot be 
   <type>const</type>.
   </para> 

  </sect1>

  <sect1 id="routines-init-again">
   <title><function>__initcall()</function>/<function>module_init()</function>
    <filename class="headerfile">include/linux/init.h</filename></title>
   <para>
    Many parts of the kernel are well served as a module
    (dynamically-loadable parts of the kernel).  Using the
    <function>module_init()</function> and
    <function>module_exit()</function> macros it is easy to write code
    without #ifdefs which can operate both as a module or built into
    the kernel.
   </para>

   <para>
    The <function>module_init()</function> macro defines which
    function is to be called at module insertion time (if the file is
    compiled as a module), or at boot time: if the file is not
    compiled as a module the <function>module_init()</function> macro
    becomes equivalent to <function>__initcall()</function>, which
    through linker magic ensures that the function is called on boot.
   </para>

   <para>
    The function can return a negative error number to cause
    module loading to fail (unfortunately, this has no effect if
    the module is compiled into the kernel).  For modules, this is
    called in user context, with interrupts enabled, and the
    kernel lock held, so it can sleep.
   </para>
  </sect1>
  
  <sect1 id="routines-moduleexit">
   <title> <function>module_exit()</function>
    <filename class="headerfile">include/linux/init.h</filename> </title>

   <para>
    This macro defines the function to be called at module removal
    time (or never, in the case of the file compiled into the
    kernel).  It will only be called if the module usage count has
    reached zero.  This function can also sleep, but cannot fail:
    everything must be cleaned up by the time it returns.
   </para>
  </sect1>

 <!-- add info on new-style module refcounting here -->
 </chapter>

 <chapter id="queues">
  <title>Wait Queues
   <filename class="headerfile">include/linux/wait.h</filename>
  </title>
  <para>
   <emphasis>[SLEEPS]</emphasis>
  </para>

  <para>
   A wait queue is used to wait for someone to wake you up when a
   certain condition is true.  They must be used carefully to ensure
   there is no race condition.  You declare a
   <type>wait_queue_head_t</type>, and then processes which want to
   wait for that condition declare a <type>wait_queue_t</type>
   referring to themselves, and place that in the queue.
  </para>

  <sect1 id="queue-declaring">
   <title>Declaring</title>
   
   <para>
    You declare a <type>wait_queue_head_t</type> using the
    <function>DECLARE_WAIT_QUEUE_HEAD()</function> macro, or using the
    <function>init_waitqueue_head()</function> routine in your
    initialization code.
   </para>
  </sect1>
  
  <sect1 id="queue-waitqueue">
   <title>Queuing</title>
   
   <para>
    Placing yourself in the waitqueue is fairly complex, because you
    must put yourself in the queue before checking the condition.
    There is a macro to do this:
    <function>wait_event_interruptible()</function>

    <filename class="headerfile">include/linux/sched.h</filename> The
    first argument is the wait queue head, and the second is an
    expression which is evaluated; the macro returns
    <returnvalue>0</returnvalue> when this expression is true, or
    <returnvalue>-ERESTARTSYS</returnvalue> if a signal is received.
    The <function>wait_event()</function> version ignores signals.
   </para>
   <para>
   Do not use the <function>sleep_on()</function> function family -
   it is very easy to accidentally introduce races; almost certainly
   one of the <function>wait_event()</function> family will do, or a
   loop around <function>schedule_timeout()</function>. If you choose
   to loop around <function>schedule_timeout()</function> remember
   you must set the task state (with 
   <function>set_current_state()</function>) on each iteration to avoid
   busy-looping.
   </para>
 
  </sect1>

  <sect1 id="queue-waking">
   <title>Waking Up Queued Tasks</title>
   
   <para>
    Call <function>wake_up()</function>

    <filename class="headerfile">include/linux/sched.h</filename>;,
    which will wake up every process in the queue.  The exception is
    if one has <constant>TASK_EXCLUSIVE</constant> set, in which case
    the remainder of the queue will not be woken.
   </para>
  </sect1>
 </chapter>

 <chapter id="atomic-ops">
  <title>Atomic Operations</title>

  <para>
   Certain operations are guaranteed atomic on all platforms.  The
   first class of operations work on <type>atomic_t</type>

   <filename class="headerfile">include/asm/atomic.h</filename>; this
   contains a signed integer (at least 24 bits long), and you must use
   these functions to manipulate or read atomic_t variables.
   <function>atomic_read()</function> and
   <function>atomic_set()</function> get and set the counter,
   <function>atomic_add()</function>,
   <function>atomic_sub()</function>,
   <function>atomic_inc()</function>,
   <function>atomic_dec()</function>, and
   <function>atomic_dec_and_test()</function> (returns
   <returnvalue>true</returnvalue> if it was decremented to zero).
  </para>

  <para>
   Yes.  It returns <returnvalue>true</returnvalue> (i.e. != 0) if the
   atomic variable is zero.
  </para>

  <para>
   Note that these functions are slower than normal arithmetic, and
   so should not be used unnecessarily.  On some platforms they
   are much slower, like 32-bit Sparc where they use a spinlock.
  </para>

  <para>
   The second class of atomic operations is atomic bit operations on a
   <type>long</type>, defined in

   <filename class="headerfile">include/linux/bitops.h</filename>.  These
   operations generally take a pointer to the bit pattern, and a bit
   number: 0 is the least significant bit.
   <function>set_bit()</function>, <function>clear_bit()</function>
   and <function>change_bit()</function> set, clear, and flip the
   given bit.  <function>test_and_set_bit()</function>,
   <function>test_and_clear_bit()</function> and
   <function>test_and_change_bit()</function> do the same thing,
   except return true if the bit was previously set; these are
   particularly useful for very simple locking.
  </para>
  
  <para>
   It is possible to call these operations with bit indices greater
   than BITS_PER_LONG.  The resulting behavior is strange on big-endian
   platforms though so it is a good idea not to do this.
  </para>

  <para>
   Note that the order of bits depends on the architecture, and in
   particular, the bitfield passed to these operations must be at
   least as large as a <type>long</type>.
  </para>
 </chapter>

 <chapter id="symbols">
  <title>Symbols</title>

  <para>
   Within the kernel proper, the normal linking rules apply
   (ie. unless a symbol is declared to be file scope with the
   <type>static</type> keyword, it can be used anywhere in the
   kernel).  However, for modules, a special exported symbol table is
   kept which limits the entry points to the kernel proper.  Modules
   can also export symbols.
  </para>

  <sect1 id="sym-exportsymbols">
   <title><function>EXPORT_SYMBOL()</function>
    <filename class="headerfile">include/linux/module.h</filename></title>

   <para>
    This is the classic method of exporting a symbol, and it works
    for both modules and non-modules.  In the kernel all these
    declarations are often bundled into a single file to help
    genksyms (which searches source files for these declarations).
    See the comment on genksyms and Makefiles below.
   </para>
  </sect1>

  <sect1 id="sym-exportsymbols-gpl">
   <title><function>EXPORT_SYMBOL_GPL()</function>
    <filename class="headerfile">include/linux/module.h</filename></title>

   <para>
    Similar to <function>EXPORT_SYMBOL()</function> except that the
    symbols exported by <function>EXPORT_SYMBOL_GPL()</function> can
    only be seen by modules with a
    <function>MODULE_LICENSE()</function> that specifies a GPL
    compatible license.
   </para>
  </sect1>
 </chapter>

 <chapter id="conventions">
  <title>Routines and Conventions</title>

  <sect1 id="conventions-doublelinkedlist">
   <title>Double-linked lists
    <filename class="headerfile">include/linux/list.h</filename></title>

   <para>
    There are three sets of linked-list routines in the kernel
    headers, but this one seems to be winning out (and Linus has
    used it).  If you don't have some particular pressing need for
    a single list, it's a good choice.  In fact, I don't care
    whether it's a good choice or not, just use it so we can get
    rid of the others.
   </para>
  </sect1>

  <sect1 id="convention-returns">
   <title>Return Conventions</title>

   <para>
    For code called in user context, it's very common to defy C
    convention, and return <returnvalue>0</returnvalue> for success,
    and a negative error number
    (eg. <returnvalue>-EFAULT</returnvalue>) for failure.  This can be
    unintuitive at first, but it's fairly widespread in the networking
    code, for example.
   </para>

   <para>
    The filesystem code uses <function>ERR_PTR()</function>

    <filename class="headerfile">include/linux/fs.h</filename>; to
    encode a negative error number into a pointer, and
    <function>IS_ERR()</function> and <function>PTR_ERR()</function>
    to get it back out again: avoids a separate pointer parameter for
    the error number.  Icky, but in a good way.
   </para>
  </sect1>

  <sect1 id="conventions-borkedcompile">
   <title>Breaking Compilation</title>

   <para>
    Linus and the other developers sometimes change function or
    structure names in development kernels; this is not done just to
    keep everyone on their toes: it reflects a fundamental change
    (eg. can no longer be called with interrupts on, or does extra
    checks, or doesn't do checks which were caught before).  Usually
    this is accompanied by a fairly complete note to the linux-kernel
    mailing list; search the archive.  Simply doing a global replace
    on the file usually makes things <emphasis>worse</emphasis>.
   </para>
  </sect1>

  <sect1 id="conventions-initialising">
   <title>Initializing structure members</title>

   <para>
    The preferred method of initializing structures is to use
    designated initialisers, as defined by ISO C99, eg:
   </para>
   <programlisting>
static struct block_device_operations opt_fops = {
        .open               = opt_open,
        .release            = opt_release,
        .ioctl              = opt_ioctl,
        .check_media_change = opt_media_change,
};
   </programlisting>
   <para>
    This makes it easy to grep for, and makes it clear which
    structure fields are set.  You should do this because it looks
    cool.
   </para>
  </sect1>

  <sect1 id="conventions-gnu-extns">
   <title>GNU Extensions</title>

   <para>
    GNU Extensions are explicitly allowed in the Linux kernel.
    Note that some of the more complex ones are not very well
    supported, due to lack of general use, but the following are
    considered standard (see the GCC info page section "C
    Extensions" for more details - Yes, really the info page, the
    man page is only a short summary of the stuff in info):
   </para>
   <itemizedlist>
    <listitem>
     <para>
      Inline functions
     </para>
    </listitem>
    <listitem>
     <para>
      Statement expressions (ie. the ({ and }) constructs).
     </para>
    </listitem>
    <listitem>
     <para>
      Declaring attributes of a function / variable / type
      (__attribute__)
     </para>
    </listitem>
    <listitem>
     <para>
      typeof
     </para>
    </listitem>
    <listitem>
     <para>
      Zero length arrays
     </para>
    </listitem>
    <listitem>
     <para>
      Macro varargs
     </para>
    </listitem>
    <listitem>
     <para>
      Arithmetic on void pointers
     </para>
    </listitem>
    <listitem>
     <para>
      Non-Constant initializers
     </para>
    </listitem>
    <listitem>
     <para>
      Assembler Instructions (not outside arch/ and include/asm/)
     </para>
    </listitem>
    <listitem>
     <para>
      Function names as strings (__FUNCTION__)
     </para>
    </listitem>
    <listitem>
     <para>
      __builtin_constant_p()
     </para>
    </listitem>
   </itemizedlist>

   <para>
    Be wary when using long long in the kernel, the code gcc generates for
    it is horrible and worse: division and multiplication does not work
    on i386 because the GCC runtime functions for it are missing from
    the kernel environment.
   </para>

    <!-- FIXME: add a note about ANSI aliasing cleanness -->
  </sect1>

  <sect1 id="conventions-cplusplus">
   <title>C++</title>
   
   <para>
    Using C++ in the kernel is usually a bad idea, because the
    kernel does not provide the necessary runtime environment
    and the include files are not tested for it.  It is still
    possible, but not recommended.  If you really want to do
    this, forget about exceptions at least.
   </para>
  </sect1>

  <sect1 id="conventions-ifdef">
   <title>&num;if</title>
   
   <para>
    It is generally considered cleaner to use macros in header files
    (or at the top of .c files) to abstract away functions rather than
    using `#if' pre-processor statements throughout the source code.
   </para>
  </sect1>
 </chapter>

 <chapter id="submitting">
  <title>Putting Your Stuff in the Kernel</title>

  <para>
   In order to get your stuff into shape for official inclusion, or
   even to make a neat patch, there's administrative work to be
   done:
  </para>
  <itemizedlist>
   <listitem>
    <para>
     Figure out whose pond you've been pissing in.  Look at the top of
     the source files, inside the <filename>MAINTAINERS</filename>
     file, and last of all in the <filename>CREDITS</filename> file.
     You should coordinate with this person to make sure you're not
     duplicating effort, or trying something that's already been
     rejected.
    </para>

    <para>
     Make sure you put your name and EMail address at the top of
     any files you create or mangle significantly.  This is the
     first place people will look when they find a bug, or when
     <emphasis>they</emphasis> want to make a change.
    </para>
   </listitem>

   <listitem>
    <para>
     Usually you want a configuration option for your kernel hack.
     Edit <filename>Config.in</filename> in the appropriate directory
     (but under <filename>arch/</filename> it's called
     <filename>config.in</filename>).  The Config Language used is not
     bash, even though it looks like bash; the safe way is to use only
     the constructs that you already see in
     <filename>Config.in</filename> files (see
     <filename>Documentation/kbuild/kconfig-language.txt</filename>).
     It's good to run "make xconfig" at least once to test (because
     it's the only one with a static parser).
    </para>

    <para>
     Variables which can be Y or N use <type>bool</type> followed by a
     tagline and the config define name (which must start with
     CONFIG_).  The <type>tristate</type> function is the same, but
     allows the answer M (which defines
     <symbol>CONFIG_foo_MODULE</symbol> in your source, instead of
     <symbol>CONFIG_FOO</symbol>) if <symbol>CONFIG_MODULES</symbol>
     is enabled.
    </para>

    <para>
     You may well want to make your CONFIG option only visible if
     <symbol>CONFIG_EXPERIMENTAL</symbol> is enabled: this serves as a
     warning to users.  There many other fancy things you can do: see
     the various <filename>Config.in</filename> files for ideas.
    </para>
   </listitem>

   <listitem>
    <para>
     Edit the <filename>Makefile</filename>: the CONFIG variables are
     exported here so you can conditionalize compilation with `ifeq'.
     If your file exports symbols then add the names to
     <varname>export-objs</varname> so that genksyms will find them.
     <caution>
      <para>
       There is a restriction on the kernel build system that objects
       which export symbols must have globally unique names.
       If your object does not have a globally unique name then the
       standard fix is to move the
       <function>EXPORT_SYMBOL()</function> statements to their own
       object with a unique name.
       This is why several systems have separate exporting objects,
       usually suffixed with ksyms.
      </para>
     </caution>
    </para>
   </listitem>

   <listitem>
    <para>
     Document your option in Documentation/Configure.help.  Mention
     incompatibilities and issues here.  <emphasis> Definitely
     </emphasis> end your description with <quote> if in doubt, say N
     </quote> (or, occasionally, `Y'); this is for people who have no
     idea what you are talking about.
    </para>
   </listitem>

   <listitem>
    <para>
     Put yourself in <filename>CREDITS</filename> if you've done
     something noteworthy, usually beyond a single file (your name
     should be at the top of the source files anyway).
     <filename>MAINTAINERS</filename> means you want to be consulted
     when changes are made to a subsystem, and hear about bugs; it
     implies a more-than-passing commitment to some part of the code.
    </para>
   </listitem>
   
   <listitem>
    <para>
     Finally, don't forget to read <filename>Documentation/SubmittingPatches</filename>
     and possibly <filename>Documentation/SubmittingDrivers</filename>.
    </para>
   </listitem>
  </itemizedlist>
 </chapter>

 <chapter id="cantrips">
  <title>Kernel Cantrips</title>

  <para>
   Some favorites from browsing the source.  Feel free to add to this
   list.
  </para>

  <para>
   <filename>include/linux/brlock.h:</filename>
  </para>
  <programlisting>
extern inline void br_read_lock (enum brlock_indices idx)
{
        /*
         * This causes a link-time bug message if an
         * invalid index is used:
         */
        if (idx >= __BR_END)
                __br_lock_usage_bug();

        read_lock(&amp;__brlock_array[smp_processor_id()][idx]);
}
  </programlisting>

  <para>
   <filename>include/linux/fs.h</filename>:
  </para>
  <programlisting>
/*
 * Kernel pointers have redundant information, so we can use a
 * scheme where we can return either an error code or a dentry
 * pointer with the same return value.
 *
 * This should be a per-architecture thing, to allow different
 * error and pointer decisions.
 */
 #define ERR_PTR(err)    ((void *)((long)(err)))
 #define PTR_ERR(ptr)    ((long)(ptr))
 #define IS_ERR(ptr)     ((unsigned long)(ptr) > (unsigned long)(-1000))
</programlisting>

  <para>
   <filename>include/asm-i386/uaccess.h:</filename>
  </para>

  <programlisting>
#define copy_to_user(to,from,n)                         \
        (__builtin_constant_p(n) ?                      \
         __constant_copy_to_user((to),(from),(n)) :     \
         __generic_copy_to_user((to),(from),(n)))
  </programlisting>

  <para>
   <filename>arch/sparc/kernel/head.S:</filename>
  </para>

  <programlisting>
/*
 * Sun people can't spell worth damn. "compatability" indeed.
 * At least we *know* we can't spell, and use a spell-checker.
 */

/* Uh, actually Linus it is I who cannot spell. Too much murky
 * Sparc assembly will do this to ya.
 */
C_LABEL(cputypvar):
        .asciz "compatability"

/* Tested on SS-5, SS-10. Probably someone at Sun applied a spell-checker. */
        .align 4
C_LABEL(cputypvar_sun4m):
        .asciz "compatible"
  </programlisting>

  <para>
   <filename>arch/sparc/lib/checksum.S:</filename>
  </para>

  <programlisting>
        /* Sun, you just can't beat me, you just can't.  Stop trying,
         * give up.  I'm serious, I am going to kick the living shit
         * out of you, game over, lights out.
         */
  </programlisting>
 </chapter>

 <chapter id="credits">
  <title>Thanks</title>

  <para>
   Thanks to Andi Kleen for the idea, answering my questions, fixing
   my mistakes, filling content, etc.  Philipp Rumpf for more spelling
   and clarity fixes, and some excellent non-obvious points.  Werner
   Almesberger for giving me a great summary of
   <function>disable_irq()</function>, and Jes Sorensen and Andrea
   Arcangeli added caveats. Michael Elizabeth Chastain for checking
   and adding to the Configure section. <!-- Rusty insisted on this
   bit; I didn't do it! --> Telsa Gwynne for teaching me DocBook. 
  </para>
 </chapter>
</book>