The previous post explained
how computers boot up right up to the point where the boot loader, after stuffing the kernel image into memory, is about to jump into the kernel entry point. This last post about booting takes a look at the guts of the kernel to see how an operating system starts life. Since I have an
empirical bent I’ll link heavily to the sources for Linux kernel 2.6.25.6 at the
Linux Cross Reference. The sources are very readable if you are familiar with C-like syntax; even if you miss some details you can get the gist of what’s happening. The main obstacle is the lack of context around some of the code, such as when or why it runs or the underlying features of the machine. I hope to provide a bit of that context. Due to brevity (hah!) a lot of fun stuff – like interrupts and memory – gets only a nod for now. The post ends with the highlights for the Windows boot.
At this point in the Intel x86 boot story the processor is running in real-mode, is able to address 1 MB of memory, and RAM looks like this for a modern Linux system:
RAM Contens after BootloaderThe kernel image has been loaded to memory by the boot loader using the BIOS disk I/O services. This image is an exact copy of the file in your hard drive that contains the kernel, e.g.
/boot/vmlinuz-2.6.22-14-server. The image is split into two pieces: a small part containing the real-mode kernel code is loaded below the 640K barrier; the bulk of the kernel, which runs in protected mode, is loaded after the first megabyte of memory.
The action starts in the real-mode kernel header pictured above. This region of memory is used to implement the
Linux boot protocol between the boot loader and the kernel. Some of the values there are read by the boot loader while doing its work. These include amenities such as a human-readable string containing the kernel version, but also crucial information like the size of the real-mode kernel piece. The boot loader also writes values to this region, such as the memory address for the command-line parameters given by the user in the boot menu. Once the boot loader is finished it has filled in all of the parameters required by the kernel header. It’s then time to jump into the kernel entry point. The diagram below shows the code sequence for the kernel initialization, along with source directories, files, and line numbers:
Architecture-specific Linux Kernel InitializationThe early kernel start-up for the Intel architecture is in file
arch/x86/boot/header.S. It’s in assembly language, which is rare for the kernel at large but common for boot code. The start of this file actually contains boot sector code, a left over from the days when Linux could work without a boot loader. Nowadays this boot sector, if executed, only prints a “bugger_off_msg” to the user and reboots. Modern boot loaders ignore this legacy code. After the boot sector code we have the first 15 bytes of the real-mode kernel header; these two pieces together add up to 512 bytes, the size of a typical disk sector on Intel hardware.
After these 512 bytes, at offset 0×200, we find the very first instruction that runs as part of the Linux kernel: the real-mode entry point. It’s in
header.S:110 and it is a 2-byte jump written directly in machine code as 0x3aeb. You can verify this by running hexdump on your kernel image and seeing the bytes at that offset – just a sanity check to make sure it’s not all a dream. The boot loader jumps into this location when it is finished, which in turn jumps to
header.S:229 where we have a regular assembly routine called start_of_setup. This short routine sets up a stack, zeroes the
bss segment (the area that contains static variables, so they start with zero values) for the real-mode kernel and then jumps to good old C code at
arch/x86/boot/main.c:122.
main() does some house keeping like detecting memory layout, setting a video mode, etc. It then calls
go_to_protected_mode(). Before the CPU can be set to protected mode, however, a few tasks must be done. There are two main issues: interrupts and memory. In real-mode the interrupt vector table for the processor is always at memory address 0, whereas in protected mode the location of the
interrupt vector table is stored in a CPU register called IDTR. Meanwhile, the translation of logical memory addresses (the ones programs manipulate) to linear memory addresses (a raw number from 0 to the top of the memory) is different between real-mode and protected mode. Protected mode requires a register called GDTR to be loaded with the address of a
Global Descriptor Table for memory. So go_to_protected_mode() calls
setup_idt() and
setup_gdt() to install a temporary interrupt descriptor table and global descriptor table.
We’re now ready for the plunge into protected mode, which is done by
protected_mode_jump, another assembly routine. This routine enables protected mode by setting the PE bit in the CR0 CPU register. At this point we’re running with
paging disabled; paging is an optional feature of the processor, even in protected mode, and there’s no need for it yet. What’s important is that we’re no longer confined to the 640K barrier and can now address up to 4GB of RAM. The routine then calls the 32-bit kernel entry point, which is
startup_32 for compressed kernels. This routine does some basic register initializations and calls
decompress_kernel(), a C function to do the actual decompression.
decompress_kernel() prints the familiar “Decompressing Linux…” message. Decompression happens in-place and once it’s finished the uncompressed kernel image has overwritten the compressed one pictured in the first diagram. Hence the uncompressed contents also start at 1MB. decompress_kernel() then prints “done.” and the comforting “Booting the kernel.” By “Booting” it means a jump to the final entry point in this whole story, given to Linus by God himself atop
Mountain Halti, which is the protected-mode kernel entry point at the start of the second megabyte of RAM (0×100000). That sacred location contains a routine called, uh,
startup_32. But this one is in a different directory, you see.
The second incarnation of
startup_32 is also an assembly routine, but it contains 32-bit mode initializations. It clears the bss segment for the protected-mode kernel (which is the true kernel that will now run until the machine reboots or shuts down), sets up the final global descriptor table for memory, builds page tables so that paging can be turned on, enables paging, initializes a stack, creates the final interrupt descriptor table, and finally jumps to to the architecture-independent kernel start-up,
start_kernel(). The diagram below shows the code flow for the last leg of the boot:
Architecture-independent Linux Kernel Initializationstart_kernel() looks more like typical kernel code, which is nearly all C and machine independent. The function is a long list of calls to initializations of the various kernel subsystems and data structures. These include the scheduler, memory zones, time keeping, and so on. start_kernel() then calls
rest_init(), at which point things are almost all working. rest_init() creates a kernel thread passing another function,
kernel_init(), as the entry point. rest_init() then calls
schedule() to kickstart task scheduling and goes to sleep by calling
cpu_idle(), which is the idle thread for the Linux kernel. cpu_idle() runs forever and so does process zero, which hosts it. Whenever there is work to do – a runnable process – process zero gets booted out of the CPU, only to return when no runnable processes are available.
But here’s the kicker for us. This idle loop is the end of the long thread we followed since boot, it’s the final descendent of the very first
jump executed by the processor after power up. All of this mess, from reset vector to BIOS to MBR to boot loader to real-mode kernel to protected-mode kernel, all of it leads right here, jump by jump by jump it ends in the idle loop for the boot processor, cpu_idle(). Which is really kind of cool. However, this can’t be the whole story otherwise the computer would do no work.
At this point, the kernel thread started previously is ready to kick in, displacing process 0 and its idle thread. And so it does, at which point kernel_init() starts running since it was given as the thread entry point. kernel_init() is responsible for initializing the remaining CPUs in the system, which have been halted since boot. All of the code we’ve seen so far has been executed in a single CPU, called the boot processor. As the other CPUs, called application processors, are started they come up in real-mode and must run through several initializations as well. Many of the code paths are common, as you can see in the code for
startup_32, but there are slight forks taken by the late-coming application processors. Finally,
kernel_init() calls
init_post(), which tries to execute a user-mode process in the following order: /sbin/init, /etc/init, /bin/init, and /bin/sh. If all fail, the kernel will panic. Luckily init is usually there, and starts running as PID 1. It checks its configuration file to figure out which processes to launch, which might include X11 Windows, programs for logging in on the console, network daemons, and so on. Thus ends the boot process as yet another Linux box starts running somewhere. May your uptime be long and untroubled.
The process for Windows is similar in many ways, given the common architecture. Many of the same problems are faced and similar initializations must be done. When it comes to boot one of the biggest differences is that Windows packs all of the real-mode kernel code, and some of the initial protected mode code, into the boot loader itself (C:\NTLDR). So instead of having 2 regions in the same kernel image, Windows uses different binary images. Plus Linux completely separates boot loader and kernel; in a way this automatically falls out of the open source process. The diagram below shows the main bits for the Windows kernel:
Windows Kernel InitializationThe Windows user-mode start-up is naturally very different. There’s no
/sbin/init, but rather
Csrss.exe and
Winlogon.exe. Winlogon spawns
Services.exe, which starts all of the Windows Services, and
Lsass.exe, the local security authentication subsystem. The classic Windows login dialog runs in the context of Winlogon.
This is the end of this boot series. Thanks everyone for reading and for feedback. I’m sorry some things got superficial treatment; I’ve gotta start somewhere and only so much fits into blog-sized bites. But nothing like a day after the next; my plan is to do regular “Software Illustrated” posts like this series along with other topics. Meanwhile, here are some resources:
■ The best, most important resource, is source code for real kernels, either Linux or one of the BSDs.
■ Intel publishes excellent
Software Developer’s Manuals, which you can download for free.
■
Understanding the Linux Kernel is a good book and walks through a lot of the Linux Kernel sources. It’s getting outdated and it’s dry, but I’d still recommend it to anyone who wants to grok the kernel. Linux Device Drivers is more fun, teaches well, but is limited in scope. Finally, Patrick Moroney suggested
Linux Kernel Development by Robert Love in the comments for this post. I’ve heard other positive reviews for that book, so it sounds worth checking out.
■ For Windows, the best reference by far is
Windows Internals by David Solomon and
Mark Russinovich, the latter of Sysinternals fame. This is a great book, well-written and thorough. The main downside is the lack of source code.
[Update: In a
comment below, Nix covered a lot of ground on the initial root file system that I glossed over. Thanks to
Marius Barbu for catching a mistake where I wrote "CR3" instead of GDTR]
Comments
80 Responses to “The Kernel Boot Process”
1.FAb on June 23rd, 2008 8:40 am
Great article, I loved it. Thanks.
What tool do you use to generate these cute schema and illustrations ?
2.Frank Spychalski on June 23rd, 2008 8:44 am
Excellent article, thanks!
3.xxx on June 23rd, 2008 8:45 am
> Wow, that sounds very complicated. Is the process really that complicated?
No, he made it all up. What were you thinking?!
4.Maurice on June 23rd, 2008 8:45 am
Only for people that spam.
5.Gustavo Duarte on June 23rd, 2008 9:21 am
@FAb: cool, you’re welcome. The diagrams were all done in Visio 2007.
@Frank: thanks for reading.
@xxx: hahaha.
@Maurice: Yea, that comment cum URL is borderline. Sigh.
6.Traverse Davies on June 23rd, 2008 9:34 am
I have been seeing that ultimate anonymity crap come up in so many comment threads lately. Funny, always under different URL’s too. Other than that, great article (although I really could have used it about two weeks ago when trying to fix some weird boot errors, ah well, muddled through them in the end)
7.Gustavo Duarte on June 23rd, 2008 9:39 am
Alright, then I’m deleting it. Thanks for the heads up.
8.Dreamtorrent on June 23rd, 2008 11:26 am
Kick ass article, I enjoyed it!
It fills in a few blanks I got in my vague knowledge of this process, and being pretty humble in my knowledge, don’t think you under-complicated it at all – however I now am curious for more detail.
Oh, yeah. Did an upgrade which crashed and it deleted /sbin/init – at least now I know what step of the process that was … in hindsight. LOL
Keep it up!
H
9.meneame.net on June 23rd, 2008 11:36 am
La secuencia de inicio en el kernel Linux (ingles)…
Gran explicación de cómo se inicia el sistema operativo Linux. Quizá es un poco compleja para los no informático pero me ha parecido interesante….
10.kaizen on June 23rd, 2008 12:26 pm
what software do you use to create those nice diagrams?
11.[FAQ] How the Kernel Starts Up - Overclock.net - Overclocking.net on June 23rd, 2008 1:39 pm
[...] startup of a linux kernel primarily, but describes how the windows kernel is different in the end. Link __ BIG BROTHERWe apologize for the inconvenience IS [...]
12.Marius Barbu on June 23rd, 2008 2:42 pm
Nice writeup, subscribed!
However, there’s a little error in the article:
“Protected mode requires a register called CR3 to be loaded with the address of a Global Descriptor Table for memory”.
CR3 is the PDBR (Page Directory Base Register, holds the physical address of the page directory) so is only needed when paging is enabled. The Global Descriptor Table is loaded into GDTR (special register just like IDTR) by the lgdt instruction.
13.Stop Being Carbon · Things I wanna read in the next few days on June 23rd, 2008 2:55 pm
[...] Kernel Boot Process Diary of a failed Startup Who needs a Computer Science Degree when there’s Wikipedia Programmer Insecurity Metaclass Programming in Python [...]
14.Patrick Moroney on June 23rd, 2008 2:58 pm
I also highly recommend Linux Kernel Development by Robert Love
Much less dry then Understanding the Linux Kernel, and also more recent.
http://www.amazon.com/Linux-Kernel-Development-Novell-Press/dp/067232720115.Gustavo Duarte on June 24th, 2008 12:44 am
@Dreamtorrent: thanks
@kaizen: MS Visio 2007. I use ‘themes’, which make it easy to make decent-looking stuff.
@Marius: thanks for catching it. Fixed in the text.
@Patrick: thanks for the reference, I’ll add it to the text as well.
16.Jeff Moser on June 24th, 2008 9:07 pm
Thanks for the well researched post! I especially liked the links to the specific functions in the Linux kernel source.
I’ve subscribed to your feed and look forward to upcoming posts.
Keep up the great work!
17.pligg.com on June 25th, 2008 6:08 am
The Kernel Boot Process Explained: 2.6.25.6…
The kernel boot process for linux 2.6.25.6 explained…
18.Nikesh on June 25th, 2008 7:50 am
Can not have better then this, awesome !!!
Thanks.
19.The Burgeoning Openly Owned Web » links for 2008-06-28 on June 27th, 2008 7:09 pm
[...] The Kernel Boot Process : Gustavo Duarte the birth of “life” (tags: linux kernel boot bootloader) [...]
20.Sara Eulodue on June 29th, 2008 6:07 pm
This would be infinitely more useful if you showed the Windows boot process first since that is what most computers actually use. And THEN at the end you can use the academic Linux boot process for completeness. Nope, sorry, this gets a thumbs down from me on SU. Next.
21.Kevin DuBois on June 29th, 2008 10:01 pm
Great trifecta of boot-up articles, thanks!
22.Naseer on July 1st, 2008 5:14 am
Awesome article, Thank you !
23.Gustavo Duarte on July 1st, 2008 10:18 am
Thank you all for reading and for the feedback.
24.Justin Blanton | The kernel boot process on July 2nd, 2008 1:16 am
[...] The kernel boot process. [...]
25.Ben Petering on July 7th, 2008 12:40 am
Very good article. I love the ‘illustrated’ style you used.
Incidentally, I’ve just skimmed your entire blog, and I’m rather impressed. Not only is your English quite good (a concern you voiced in one post – IMO, reading TCP/IP Illustrated is a damn good start if you’re doing technical writing , but _every_ post you’ve written so far looks interesting and substantial.
Keep up the good work. I’ll be back.
-ben
26.Linkdump: Teorija kategorija, kako radi kernel… by Nikola Plejić on July 7th, 2008 4:14 am
[...] Chipsets and the Memory Map, How Computers Boot Up i The Kernel Boot Process Za one koje zanima kako računala rade iznutra, Gustavo Duarte je napisao seriju članaka čiji je [...]
27.The Kernel Boot Process « Vietwow’s Weblog on July 8th, 2008 8:09 am
[...] Nguồn : http://duartes.org/gustavo/blog/post/kernel-boot-process [...]
28.Christian on July 8th, 2008 1:59 pm
Muito bom gustavo!
Posso traduzir e colocar no meu blog, e uma referência p/ cá?
[]´s
29.eto demerzel on July 8th, 2008 2:51 pm
It’s fake, photoshopped. Look, you can see the blurred pixel area
Great article, definitely the best explanation about boot up flow I’ve found the graphics are the top.
Good work.
30.Gustavo Duarte on July 9th, 2008 4:56 am
@Ben: thanks a ton I’m a huge fan of the W. Richard Stevens books as well, so I fully agree they’re a damn good start. What I meant by the English comment was that I sometimes feel a lack of non-tech reading has hampered my English. Say, when it’s time to come up with a metaphor or the ‘right word’, that kind of thing. But I’ve been here in the US for a few years now, so it’s less of a problem now.
@Christian: obrigado, e pode traduzir sem problemas, desde que tenha o link. Se vc quiser eu posse te mandar os arquivos Visio 2007 para as imagens ou traduzi-las pra voce.
@eto: hahaha, fake computer pr0n. Anyhow, thanks for the kind words
31.Regular (S)expressions :: Entries :: linkz on July 10th, 2008 7:18 am
[...] linux kernel boot process; http://duartes.org/gustavo/blog/post/kernel-boot-process The previous post explained how computers boot up right up to the point where the boot loader, [...]
32.Christian on July 15th, 2008 8:31 am
Olá Gustavo!
Pode deixar que eu vou colocar o link sim.
Por favor, me envie os arquivos para eu traduzir.
Quando eu terminar de traduzir tudo, eu mando para você dar uma revisada, vc quer?
Obrigado e forte abraço!
Christian
33.Idefix on July 16th, 2008 4:55 am
Excellent article, but I have one question:
If decompression happens in-place, how come the compressed parts don’t get overwritten by uncompressed data before those compressed part are read?
34.Alfredo Reino » Archivo del Blog » Cómo arrancan los ordenadores on July 16th, 2008 8:07 am
[...] The kernel boot process [...]
35.Gustavo Duarte on July 16th, 2008 10:43 am
@Idefix: the compressed image is temporarily moved up in memory a notch, creating a ‘buffer zone’ between the place in memory where uncompressed contents are being written to and the place where compressed contents are read from.
The code is here.
cheers
36.Amjith on July 16th, 2008 11:05 am
Hi Gustavo,
The whole process of computer boot up from memory map to kernel loading was amazing. I linked your articles to http://www.osnews.com/story/20064/Computer_Boot_Up_Process. It is refreshing to see articles that are succinct and resourceful.
37.Mojes on July 16th, 2008 3:24 pm
Thank You!
This three articles show something very complicated in easy way. Good job!
I was looking for such text for a long time.
-mojes
38.Kilian Hekhuis on July 17th, 2008 1:45 am
“In real-mode the interrupt vector table for the processor is always at memory address 0, whereas in protected mode the location of the interrupt vector table is stored in a CPU register called IDTR” – This is not true. Also in real mode, the CPU uses the IDTR to locate the (real mode) IVT. In practice, the IDTR is always set to 0, but it could be changed.
39.Gustavo Duarte on July 17th, 2008 2:01 am
@Amjith: thank you for the kind words and also for the link. I got a ton of traffic from you.
@Mojes: you’re very welcome!
@Kilian: Thanks for noting this. I’ll change the language to be more accurate.
40.nakisa on August 8th, 2008 12:46 am
thanks alot , that was great
i will be so much glad ))))) if you post more and more such sweets.
41.Frederik Braun on August 11th, 2008 8:00 am
Well explained. I think I got it, despite the fact that I didn’t know much about this topic.
So, thank you
Frederik
P.S.: More posts on this topic will be appreciated
42.Memory Translation and Segmentation : Gustavo Duarte on August 12th, 2008 2:33 am
[...] segmentation, protection, and paging in Intel-compatible (x86) computers, in the spirit of the boot series, as the next step down the path of how kernels work. As usual, I’ll link to Linux kernel [...]
43.Kimia on August 26th, 2008 11:20 am
Hi Gustavo,
that was great article, i had a question , is it possible to monitor the boot parameters beacause of finding out if everything is ok or not , such as :
- MBR parameters(of its code and partition table) and their place in memory , and which of them are still in RAM or removed.
actually , I would like to program it under a program to use it as a utility in shell environment , and honestly i don’t khow what must i do , and even i don’t khow that it must be a assembly program or it can be C one,
I really will be so much thankful if you lead me in this way,
thanks a lot,
-Kimia
44.kavitha on August 27th, 2008 11:10 pm
hi duartes
you have done a very good job..
I have few queries : Is there any fixed size in memory reserved for user and kernel space? otherwise how can we know the size of memory used by kernel and user application?
45.Gustavo Duarte on August 28th, 2008 1:05 am
@Kimia: Nearly all of the real-mode data from the kernel is wiped out once the protected mode part starts running, so some of these early parameters are lost.
You can however read the MBR and partition table right off of the disk, by reading for example a device like /dev/hdxx or /dev/sbxx corresponding to your hard disk. It would not be too hard to read the partition table and MBR doing that. You might want to read the source code for fdisk() and other Linux disk utilities.
Does this help?
@kavitha: There is memory that the kernel reserves for itself, yes. But there’s also dynamic memory that the kernel allocates and frees as it runs. The kernel keeps a database of all of the memory and how it has been distributed (which process owns it, etc).
I’ll write a post on memory this weekend that will cover some of this.
46.Kimia on August 28th, 2008 1:48 pm
Hi Gustavo,
first of all , thanks alot of your attention and help.
I see, so as you said i can read from disk , but unfortunetly i don’t know exactly what cammand must be using to read first sector from disk in linux, i’m new to linux system programming and so i need so much help in this field ,
would you please guide me to a good way and reference to know more about this, i just know rare and not implemented khowledge in real systems and i’m new to this world with hungry mind,
best regards,
Kimia
47.Gustavo Duarte on August 28th, 2008 9:01 pm
@Kimia: no problem at all. Regarding reading from the disk, it’s Unix tradition to expose hardware devices as magic files in the filesystem, usually under directory /dev
Many devices are exposed there as files, including disks. The exact name of the file depends on the nature of the device (hard disk, USB disk, scanner, sound card, etc), the bus (ide, scsi, sata, usb, etc), the order of the device (1st hard drive on bus, 2nd, etc).
So to read the hard drive, you’d need to find the right device, and then you can use regular C functions like open(), read() to read raw bytes out of disk.
However, what I _really_ suggest you do is _read source code_. It’s one of the _best_ ways to learn, and in this case there are tools that do exactly what you want (MBR and partition table manipulation) and whose code is open source. So get yourself the code for Linux fdisk, maybe the GRUB configuration installer, and read the code. It can teach you a lot.
Of course, you need some books too. My favorite Unix author was W. Richard Stevens, he’s got some great books, but sadly he died and the books haven’t been updated. Look in Amazon for his books, maybe see what the commenters are saying, and find some 5-star books on Unix programming.
hope this helps,
gustavo
48.Sahaya Darcius on September 10th, 2008 12:00 am
I really enjoyed this article and it is a very good one to understand the kernel boot process. Thank you very much for this wonderful article that too in simplified form.
49.sergio on September 16th, 2008 5:09 am
Hola Gustavo, estaba leyendo tu articulo a ver si me aclaraba algunas cosas sobre el proceso de arranque del kernel, ya que soy un poco nuevo en estos menesteres.
Estoy trabajando con un sistema empotrado y quiero actualizar el kernel. Lo he compilado y se me ha generado una imagen del kernel y otro archivo con el sistema de ficheros rootfs.ext2. Mi pregunta es, ¿es necesario que almacene los dos en la flash de mi sistema empotrado? o basta con la imagen del kernel solo?
He tratado de arrancar mi nuevo kernel y empieza a descomprimir pero de da un panic
Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
A lo mejor me puedes aclarar un poco como funciona esto. Estoy un poco perdido…
Gracias por adelantado
50.Peter Teoh on September 19th, 2008 3:19 am
Fantastic article!!! I love it!!!!
51.ashoka1 on September 23rd, 2008 5:23 am
nice details about kernel boot-up process. Never found better then this. Thank you.
52.dholm.com » Blog Archive » Tumblelog: 080929 on September 29th, 2008 1:06 am
[...] The Kernel Boot Process by Gustavo Duarte explains the Linux kernel boot process on an x86 platform. Very well written with descriptive and good looking diagrams. [...]
53.kimia on November 30th, 2008 1:15 am
Hi Gustavo again,
thanks again and again, this time because of your helpful advices and guideline that helped me alot.
54.Tim on December 9th, 2008 12:57 am
thank you very much !
55.Gautam on December 12th, 2008 6:52 am
Hi, thanks for this great work.
I am trying to read MBR using linux 2.6 kernel.
I need a source code for fdisk utility for intel x86 architecture.
Could you please guide me to the correct link to follow ?
56.Gustavo Duarte on December 12th, 2008 10:28 am
@Gautam:
The easiest way to do it is to just install source packages for the package that contains fdisk. Not sure which distro you have, but you would need to:
1. Find which package fdisk came from (rpm or yum or apt should be able to tell you)
2. Install the source package that corresponds to that package. There’s a 1-to-1 correspondence between binary packages and source packages.
I think in Debian-based distros the package is util-linux, see here:
http://packages.qa.debian.org/u/util-linux.html
The FSF has an fdisk project too, but I’m not sure if it’s the same thing because they say they provide an alternative to util-linux fdisk. The FSF page for their fdisk is here:
http://www.gnu.org/software/fdisk/
But go with the distro’s source.
57.Frank on December 30th, 2008 12:23 pm
Gustavo,
Great article. Any idea where the source code for /sbin/init itself is? I’m also interested in the “events” process that is spawned by the “init” process, and would like to know where the source code for that is as well, if you know.
-thanks
Frank
58.ajit mote on January 19th, 2009 11:40 pm
Thanks Man !!!
Awesome article on boot process !!!
59.Nix on February 5th, 2009 6:14 am
One minor additional complexity. The initial root filesystem is, by default, assembled from the contents of the usr/ subdirectory in the kernel source tree (it’s a compressed cpio archive) and linked into the kernel image; alternatively, a compressed filesystem image can be linked into the kernel image or provided in a separate file. Part of the boot process (in init/main.c:do_basic_setup()) involves executing ‘initcalls’, which are stored in an array of pointers to functions to be called at boot time, constructed by the linker. One of these initcalls is init/initramfs.c:populate_rootfs(), which initializes the nonswappable memory-backed filesystem which is always mounted at / (the *real* root filesystem is mounted over the top of it, later on). The rootfs is never unmounted: you can see it as the first entry in /proc/mounts. Then it uncompresses the cpio archive or arranges for the filesystem to be backed by that compressed filesystem image, if either are present, and executes /init on that filesystem, if present, to complete the boot via an ‘early userspace’, chroot to the real root filesystem once it’s found it, and exec the real init. So the job of finding root filesystems is *completely* customizable. You can assemble it from a RAID array with some components pulled over the network if you like (I’ve done this in extremis as part of disaster recovery).
Finally, if that didn’t work and we still don’t have a useful root filesystem with an /sbin/init on it, just before calling init_post(), the system may call prepare_namespace() in init/do_mounts.c. This can try to dig up a root filesystem in a variety of ways: pausing for a configurable amount of time so the user can do something to provide a filesystem, waiting for delayed device probes in case the root filesystem is on some slow-to-start thing like a SCSI disk or a USB key, doing automated RAID probing (somewhat dangerous because it can’t tell if the array it’s assembling is actually made of pieces that are meant to go together: the recommended way to boot off RAID is to use one of the earlier customizable boot processes and run the mdadm tool in there to do the assembly), mounting a block device specified via root= on the kernel command line, or even asking the user to insert a separate floppy containing the root filesystem (I’m not sure *anyone* does this anymore, even in emergencies).
I haven’t got into the half a dozen horrible ways the various early userspaces can signal their completion (echoing the real device numbers into a file in /proc, executing the horrible ‘pivot_root()’ syscall, or just deleting everything on the rootfs and doing a ‘chroot exec /sbin/init’ into the real root filesystem, which is the modern way to boot up because it doesn’t rely on any horrible early-userspace-specific hacks). For more, see Documentation/filesystems/ramfs-rootfs-initramfs.txt and Documentation/initrd.txt in your favourite Linux kernel tree.
60.Raj on February 13th, 2009 10:46 pm
Gustavo, thanks a ton for this article. Excellent explanation of a really complex process, even a newbie like me have no problems following.
Big thumbs up!!!
61.Ya-tou & me » Blog Archive » Memory Translation and Segmentation on February 19th, 2009 1:47 am
[...] in Intel-compatible (x86) computers, going further down the path of how kernels work. As in the boot series, I’ll link to Linux kernel sources but give Windows examples as well (sorry, I’m ignorant about [...]
62.Ya-tou & me » Blog Archive » The Kernel Boot Process on February 19th, 2009 1:49 am
[...] In a comment below, Nix covered a lot of ground on the initial root file system that I glossed over. Thanks to Marius [...]
63.steampunk.dk » Blog Archive » Nå sådan! on April 22nd, 2009 8:33 pm
[...] The kernel boot process Posted in IT Teknologi | Leave a Comment [...]
64.Andreea Lucau on May 25th, 2009 4:13 pm
I really liked you article. You have a nice Linux-like sense of humor:)
65.Bob Forder on June 5th, 2009 11:53 am
[quote]This would be infinitely more useful if you showed the Windows boot process first since that is what most computers actually use. And THEN at the end you can use the academic Linux boot process for completeness. Nope, sorry, this gets a thumbs down from me on SU. Next.[/quote]
Yeah, all those Windows kernel hackers out there must be disappointed…
66.dp on July 11th, 2009 6:22 pm
This is *easily* the best article on this subject I’ve been able to find on the web. Very clear, right level of detail (for me, at least), and good references. Thanks very much for writing it.
I infer from some prior comments that you aren’t a native English speaker. Fear not — your English is better than most natives’.
Any chance you’ll write something comparable, describing EFI? (For that matter, I’d like coverage of OSX as well, but suppose that’s asking too much.)
I’ve bookmarked your homepage.
67.rajakama on July 28th, 2009 6:49 pm
Nice Article. Thank you
68.Ashoka on August 19th, 2009 10:20 pm
Very good article.
Thanks a lot
69.Naveen on August 20th, 2009 6:41 am
hi Gustavo,
Thanks for the wonderful article but i have question
what is that “0x3aeb”? i found only “0xeb” (unconditional jump) in header.S. what does that “3a” represent? And why do we need this unconditional jump here? why can’t we put the start_of_setup code directly there?
70.The Boot Process of a Computer | From thoughts to text on October 16th, 2009 11:07 am
[...] The Kernel Boot Process [...]
71.dubhe on November 11th, 2009 11:22 am
Great explanation of a difficult process that if not easy to understand, I like to give thanks for this good article
72.Interesting Reading… – The Blogs at HowStuffWorks on January 11th, 2010 11:44 am
[...] The Kernel Boot Process – “The previous post explained how computers boot up right up to the point where the boot loader, after stuffing the kernel image into memory, is about to jump into the kernel entry point. This last post about booting takes a look at the guts of the kernel to see how an operating system starts life…” [...]
73.raj on January 29th, 2010 1:36 am
Thanks for such a wonderful article.Need more of this article in future.
I’ve bookmarked your homepage.
74.pravar on March 23rd, 2010 12:33 am
good job ………
75.mahayodha on November 9th, 2010 6:52 am
Thanks a ton for not only this but other great articles too.
76.Kaiwan on November 18th, 2010 6:41 am
Hi,
Awesome article Gustav, as usual!
On the ref books topic, I highly recommend this book on drivers: “Essential Linux Device Drivers” by S Venkateswaran.
http://www.amazon.com/Essential-Device-Drivers-Sreekrishnan-Venkateswaran/dp/0132396556/ref=sr_1_2?ie=UTF8&qid=1290086793&sr=8-2
It not only covers the “usual” driver-related topics (and plenty of ‘em) but also gives a fantastic quick look at kernel internals topics most relevant to driver authors.
77.pravink.22 on November 28th, 2010 3:23 am
thxs buddy..!!!!
Try this, very easy to understand
http://www.redhatlinux.info/2010/11/steps-of-boot-process.html
78.figaro on February 10th, 2011 6:32 pm
Great article, I loved it. Thanks.
79.Jakub Jankiewicz on February 14th, 2011 8:43 am
Thank a lot for this article.
80.jonny rocket on February 14th, 2011 9:39 am
nice article. thanks.
Sphere: Related Content
As you can see clients are only requesting files to the server and the servers are only serving content to clients.
As human we usually represents concepts with something readable by us like text and symbols and HTML is only another example: we represent web pages with a markup language (HTML). But for machines, parsing text can be a tedious task. To be more efficient, browsers are parsing HTML pages only once after receiving the response from the server. They then transform the text representation of the web page into a data structure in the form of a tree called the DOM (document object model). That way they can also validate the document and have a more flexible rendering engine.
A very very important thing to know is that if the source document contains logical errors (The HTML document is not standard compliant), nobody knows how the DOM will be constructed. Internet Explorer will react differently than Chrome when encountering errors because the standard doesn't define error handling guidelines. Afterwards, you could have surprises using JavaScript or jQuery to manipulate the DOM as it may be different from one browser to another.
Sounds good isn't it? No. The problem is that JavaScript functions and capabilities are implemented differently across browsers vendors. For example, a function to do something could be named differently in two different browsers. How can that be? This is another story.. but for now, your scripts must take this into account and it can be a real pain.
When I see this, two things comes to mind:
Sure sometimes a function in jQuery could be helpful in another context, but that's different than trying to do everything in jQuery. It makes little sense to try to encapsulate a library that already encapsulates your native JavaScript functions.
So what are the benefits? Remember that every JavaScript implementations across browsers are a little different. If the jQuery selector were to return DOM objects, it would have little value as you would have to manipulate those objects just like before. After all, what's the purpose of selecting objects without manipulating them. And jQuery provide a standard way across browsers to do just that and this is where the real power of jQuery sits:
That's it, the jQuery object returned provide manipulation functions that acts on every DOM objects found! Here's an example that would hide every object with the class 'title':
+18.20.50.png)
Blinklist.com
