ari edelkind - custom kernel patches

sponsored by episec: internet security for the paranoid.

ari edelkind - custom kernel patches

penalty-imposing resource limits

Supported kernels: Linux 2.2.13

This patch adds an additional resource limit to the kernel, RLIMIT_TCPU, allowing the user to impose penalties (in jiffies) on a process that reaches a set amount of cpu time (in 1/100 of a cpu second), thus effectively slowing process execution. It uses a simple algorithm; though it could be improved, it functioned well enough at the time.

To install the patch:

        % tar xvzf linux-2.2.13.tar.gz
        % mv linux linux-2.2.13
        % patch -p0 <linux-2.2.13+cpumod.diff

... or equivalent. Configure and compile as normal; the patch does not add any configuration options.

To compile the interface program (harness):

        % gcc -o harness harness.c -s -Wall

Usage of the interface program:

        % harness
        usage: 
           harness [-L m n] <-g|-e <command> [line]>

        -L s j     set limits: for every s frac-cpu seconds, wait j jiffies
        -g         get current limit info
        -e ...     command line to execute follows (last processed option)

Additional notes:

This patch is somewhat dirty and was written quite quickly, without regard for multiprocessor support or additional (other than i386-based) architectures. It functioned as i desired it to function, devoid of gimmicks and supporting only the hardware on which i required it at the time. It does not fry eggs, and only the most creative will manage to use it to keep their toast from burning. That said, it will likely work... acceptably when using multiple processors, however this functionality may not be ideal when used to mitigate heat issues on one specific processor. In regards to porting, modifications of include/asm-i386/resource.h are not processor-specific, and may be easily applied to the resource.h header files of other architectures.
The interface program is even dirtier than the patch, and was written more quickly. It's ugly. It's hideous. It also works well, and i'm not rewriting it.

My original post to the linux kernel mailing list may be found here.

Downloading:

patch: linux-2.2.13+cpumod.diff
interface: harness.c

flowpriv: relinquishing privileges on demand

Supported kernels: FreeBSD 5.1-RELEASE-p2

This is a somewhat larger project, and holds its own page.

ari edelkind - [contact]