How To Create a kernel thread

kernel_thread() -->
do_fork(flags|CLONE_VM|CLONE_UNTRACED, 0, pregs, 0, NULL, NULL);

The CLONE_VM flag avoids the duplication of the page tables of the calling process: this duplication would be a waste of time and memory, because the new kernel thread will not access the User Mode address space anyway.

The CLONE_UNTRACED flag ensures that no process will be able to trace the new kernel thread, even if the calling process is being traced.

The kernel_thread() function builds up the Kernel Mode Stack area ,so that:

• The ebx and edx registers will be set by copy_thread() to the values of the parameters fn and arg, respectively.

• The eip register will be set to the address of the following assembly language fragment:

movl %edx,%eax
pushl %edx
call *%ebx
pushl %eax
call do_exit

Therefore, the new kernel thread starts by executing the fn(arg) function. If this function terminates, the kernel thread executes the _exit() system call passing to it the return value of fn().

From：《Understanding The Linux Kernel》3rd Edition.