Page 1 of 1

grsecurit 2.1.8 and RHEL kernel 2.4.21 and ./kernel/timer.c

PostPosted: Wed Jun 21, 2006 4:28 am
by 0xA
Hello
I working on grsecurity patch an kernel 2.4.21

My ./kernel/timer.c
is

static inline void do_process_times(struct task_struct *p,
struct kernel_stat_tick_times *time)
{
struct kernel_timeval psecs;

kernel_timeval_add_usec(&p->utime, time->u_usec + time->n_usec);
kernel_timeval_add_usec(&p->group_leader->group_utime, time->u_usec +
time->n_usec);
kernel_timeval_add_usec(&p->stime, time->s_usec);
kernel_timeval_add_usec(&p->group_leader->group_stime, time->s_usec);
kernel_timeval_add(&psecs, &p->utime, &p->stime);

if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_cur &&
psecs.tv_sec != p->last_sigxcpu) {
/* Send SIGXCPU every second.. */
send_sig(SIGXCPU, p, 1);
p->last_sigxcpu = psecs.tv_sec;
/* and SIGKILL when we go over max.. */
if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_max)
send_sig(SIGKILL, p, 1);
}
}

and in 2.4.32

static inline void do_process_times(struct task_struct *p,
unsigned long user, unsigned long system)
{
unsigned long psecs;

psecs = (p->times.tms_utime += user);
psecs += (p->times.tms_stime += system);
if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
/* Send SIGXCPU every second.. */
if (!(psecs % HZ))
send_sig(SIGXCPU, p, 1);
/* and SIGKILL when we go over max.. */
if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_max)
send_sig(SIGKILL, p, 1);
}
}

and grsecurity patch said:

--- linux-2.4.32/kernel/timer.c 2002-11-28 18:53:15.000000000 -0500
+++ linux-2.4.32/kernel/timer.c 2006-01-21 16:36:59.979176040 -0500
@@ -541,6 +541,9 @@ static inline void do_process_times(stru

psecs = (p->times.tms_utime += user);
psecs += (p->times.tms_stime += system);
+
+ gr_learn_resource(p, RLIMIT_CPU, psecs / HZ, 1);
+
if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
/* Send SIGXCPU every second.. */
if (!(psecs % HZ))



How I can make this change in this function?

and in redhat patch

PostPosted: Wed Jun 21, 2006 4:38 am
by 0xA
static inline void do_process_times(struct task_struct *p,
- unsigned long user, unsigned long system)
+ struct kernel_stat_tick_times *time)
{
- unsigned long psecs;
+ struct kernel_timeval psecs;
+
+ kernel_timeval_add_usec(&p->utime, time->u_usec + time->n_usec);
+ kernel_timeval_add_usec(&p->group_leader->group_utime, time->u_usec +
+ time->n_usec);
+ kernel_timeval_add_usec(&p->stime, time->s_usec);
+ kernel_timeval_add_usec(&p->group_leader->group_stime, time->s_usec);
+ kernel_timeval_add(&psecs, &p->utime, &p->stime);

- psecs = (p->times.tms_utime += user);
- p->group_leader->group_times.tms_utime += user;
- psecs += (p->times.tms_stime += system);
- p->group_leader->group_times.tms_stime += system;
- if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_cur) {
+ if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_cur &&
+ psecs.tv_sec != p->last_sigxcpu) {
/* Send SIGXCPU every second.. */
- if (!(psecs % HZ))
- send_sig(SIGXCPU, p, 1);
+ send_sig(SIGXCPU, p, 1);
+ p->last_sigxcpu = psecs.tv_sec;
/* and SIGKILL when we go over max.. */
- if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_max)
+ if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_max)
send_sig(SIGKILL, p, 1);
}
}

PostPosted: Wed Jun 21, 2006 5:36 am
by 0xA
Can I use
from :
- if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_max)
+ if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_max) ( redhat patch )

this
org: + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ, 1);

my :+ gr_learn_resource(p, RLIMIT_CPU, psecs.tv_sec, 1);


unsigned long psecs;

struct kernel_timeval {
unsigned int tv_sec;
unsigned int tv_usec;
};
* or I need this
unsigned long psecsmy;
psecsmy = (unsigned long ) psecs.tv_sec;
gr_learn_resource(p, RLIMIT_CPU, psecsmy, 1);
-------------------------------------------------------------------------------------------------------
static inline void do_process_times(struct task_struct *p,
struct kernel_stat_tick_times *time)
{
struct kernel_timeval psecs;

kernel_timeval_add_usec(&p->utime, time->u_usec + time->n_usec);
kernel_timeval_add_usec(&p->group_leader->group_utime, time->u_usec +
time->n_usec);
kernel_timeval_add_usec(&p->stime, time->s_usec);
kernel_timeval_add_usec(&p->group_leader->group_stime, time->s_usec);
kernel_timeval_add(&psecs, &p->utime, &p->stime);

gr_learn_resource(p, RLIMIT_CPU, psecs.tv_sec, 1);

if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_cur &&
psecs.tv_sec != p->last_sigxcpu) {
/* Send SIGXCPU every second.. */
send_sig(SIGXCPU, p, 1);
p->last_sigxcpu = psecs.tv_sec;
/* and SIGKILL when we go over max.. */
if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_max)
send_sig(SIGKILL, p, 1);
}
}

PostPosted: Wed Jun 21, 2006 6:15 pm
by Kp
Is there a reason you cannot use 2.4.32 directly? Moving a patch across 11 kernel releases is no small task, especially for one who lacks a background in kernel hacking.

PostPosted: Thu Jun 22, 2006 4:08 am
by 0xA
for redhat kernel is for example FastTrek driver for RAID, and better suport for my RHEL3

PostPosted: Sun Jun 25, 2006 8:31 am
by PaX Team
0xA wrote:Can I use
from :
- if (psecs / HZ > p->rlim[RLIMIT_CPU].rlim_max)
+ if (psecs.tv_sec > p->rlim[RLIMIT_CPU].rlim_max) ( redhat patch )

this
org: + gr_learn_resource(p, RLIMIT_CPU, psecs / HZ, 1);

my :+ gr_learn_resource(p, RLIMIT_CPU, psecs.tv_sec, 1);
yes, this looks like a reasonable adaptation.