Understanding Linux Process Creation: Kernel and User Space APIs

In Linux, a process is the fundamental execution entity of a multitasking operating system, often referred to as a thread or task. The article explores why processes are sometimes called threads and how they are created and destroyed in both kernel and user space.

1. Kernel‑mode process creation entry points

The first kernel processes are created during system boot via reset_init calling kernel_thread, which spawns kernel_init and kthreadd.

1.1 kernel_thread prototype

Defined in kernel/fork.c, kernel_thread invokes _do_fork. The source code is shown in the accompanying diagram.

1.2 kthread_create prototype

Declared as a macro in include/linux/kthread.h. Its implementation resides in kernel/kthread.c, calling __kthread_create_on_node. The function is exported for use by all kernel code.

1.3 kthread_run prototype

Also a macro in include/linux/kthread.h, it wraps kthread_create and immediately wakes the new thread.

1.4 Comparison of kernel creation functions

kernel_thread

directly calls _do_fork but is not exported. kthread_create creates a process via the internal kthread helper, indirectly using _do_fork, and is exported. kthread_run calls kthread_create and then wakes the thread.

2. User‑space process creation

Applications typically use three system calls: fork, vfork, and pthread_create. These cannot call kernel‑mode creation functions directly; they rely on the system‑call mechanism.

2.1 fork

fork

invokes _do_fork to duplicate the calling process.

2.2 vfork

vfork

also calls _do_fork but sets additional flags in the argument structure.

2.3 clone

clone

is another wrapper around _do_fork that allows specifying extra flags for fine‑grained control.

2.4 Summary of creation interfaces

Kernel‑mode creation functions: kernel_thread, kthread_create, kthread_run. User‑mode creation functions: fork, vfork, pthread_create. All ultimately rely on _do_fork.

3. Implementation of _do_fork

Both user and kernel process creation converge on _do_fork, which calls copy_process to allocate a struct task_struct (the process descriptor) and set up necessary data structures for the new task.

4. The process descriptor: struct task_struct

Defined in include/linux/sched.h, struct task_struct holds all state information for a process. The article shows a simplified view of its members.

5. Process termination

When a process finishes or aborts, user space calls exit, while kernel space invokes do_exit(). This function releases resources and re‑parents child processes, effectively reversing the creation steps.

6. Conclusion and next steps

The article covered kernel and user interfaces for creating and destroying processes, emphasizing the central role of _do_fork. The next article will delve into the system‑call mechanism that bridges user‑space requests to these kernel functions.