The Linux Kernel Hearbeat
by: cr0security

First One to Know -> jiffies the kernel heartbeat

Talking about kernel heartbeat we'll talk about jiffies. Jiffies is a variable in kernel space, a jiffie refer to a time measurement, it refer to the duration of one tick of
the system timer interrupt. For more understanding, here's the description about jiffies based on "Understanding the Linux Kernel - 3rd edition"

"The jiffies variable is a counter that stores the number of elapsed ticks since the system was started. It is
increased by one when a timer interrupt occurs that is, on every tick."

The jiffies variable is a counter that stores the number of elapsed ticks since the system was started, It is increased by one when a timer interrupt occurs that is, on
every tick. Where the timer of interrupt already programmed at boot time and defined by the value of HZ (see /usr/include/asm/param.h)

========
#ifndef HZ
#define HZ 100
#endif
=======

One thing to remember is that this jiffies counter is 64 bit variable called jiffies_64 (on 32 bit and 64 bit machines running linux) (check: /usr/include/linux/jiffies.h).
Let's have a check on what we've said above.

Checking current jiffies value

jiffies.c

============================
#include <linux/kernel.h>
#include <linux/jiffies.h>
#include <linux/timer.h>
#include <linux/module.h>
int init_module(void)
{
       unsigned long j;
       j = jiffies;
       printk("\ncurrent jiffies  value :  %lu\n",j);
       return 0;
}

void cleanup_module(void)
{
       printk("\nfinish lkm\n");
}
===========================

Let's make it and check using dmesg.

==========================
/home/cr0security/lkm/jiffies#make
make -C /lib/modules/2.6.35-22-generic/build M=/home/cr0security/lkm/jiffies modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.35-22-generic'
 Building modules, stage 2.
 MODPOST 1 modules
make[1]: Leaving directory `/usr/src/linux-headers-2.6.35-22-generic'
/home/cr0security/lkm/jiffies#insmod jiffies.ko
/home/cr0security/lkm/jiffies#dmesg | tail
[ 3694.258877]
[ 3694.258880] current jiffies value :  848564
/home/cr0security/lkm/jiffies#
======================

we got current jiffies counter value : 848564 , well just for note the initial value of this jiffies is programmed to be 0 at the boot time.
Getting confused already ???? what does 848564 means ?? 848564 ticks of the system timer interrupt. don't forget that the timer defined at HZ value.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.