How Linux Works

Kernel is responsible for determining which processes are allowed to use the CPU. The system appears to be running multiple processes at the same time (a capability known as multitasking), but only one process may actually use the CPU at any given time.

Each piece of time is called a time slice. The act of one process giving up control of the CPU to another process is called a context switch. The kernel is responsible for context switching. Context switch answers the important question of when the kernel runs: it runs between process time slices during a context switch.

For example, a situation in which a process is running in user mode but its time slice is up:

1. CPU interrupts the current process based on an internal timer, switches into kernel mode, and hands control back to kernel.
2. Kernel records the current state of CPU and memory, which will be essential to resuming the process.
3. Kernel performs any tasks that might have come up during the preceding time slice, such as collecting data from input and output, or I/O, operations.
4. Kernel analyzes the list of processes that are ready to run and chooses one.
5. Kernel prepares the memory and CPU for this new process.
6. Kernel tells CPU how long the time slice for the new process will last.
7. Kernel switches CPU into user mode and hands control of CPU to the process.

Kernel splits memory into subdivisions and maintains state information of the subdivisions. It keeps track of what is currently allocated to a particular process, what might be shared between processes, and what is free:

• Each user process needs its own section of memory.
• One user process may not access the private memory of another process.
• User processes can share memory.
• Some memory in user processes can be read-only.
• Kernel must have its own private area in memory that user processes can't access.
• The system can use more memory than is physically present by using disk space as auxiliary.

Modern CPUs include a memory management unit (MMU) that enables a memory access scheme called virtual memory. A process does not directly access the memory by its physical location in the hardware. Instead, the kernel sets up each process to act as if it had an entire machine to itself. When the process accesses some of its memory, the MMU intercepts the access and uses a memory address map to translate the memory location from the process into an actual physical memory location on the machine. The implementation of a memory address map is called a page table.

Kernel acts as an interface between hardware and processes.It's usually the kernel's job to operate the hardware. A device is typically accessible only in kernel mode because improper access could crash the machine.

Different devices rarely have the same programming interface, even if the devices do the same thing. Therefore, device drivers have traditionally been part of the kernel, and they strive to present a uniform interface to user processes in order to simplify the software developer's job.

Processes normally use system calls to communicate with the kernel. System calls perform specifc tasks that a user process alone cannot do, for example, the acts of opening, reading, and writing files.

2 system calls, fork() and exec(), are important to understanding how processes start up:

• fork(): Kernel creates a nearly identical copy of the process. All user processes except init start as a result of fork().
• exec(program): Kernel starts program, replacing the current process. exec() is used to start a new program instead of running a copy of an existing process.

For example, for any program that you run at the command line, the shell that's running inside the terminal window calls fork() to create a copy of the shell, and then the new copy of the shell calls exec(program) to run it.

Kernel also supports pseudodevices, which look like devices to user processes, but implemented purely in software. For example, the kernel random number generator device /dev/random.