[grsec] Kernel Hangs: Highmem and GRSECURITY

[Syed Ahemed]

Hello friends.
This has been a tough one to debug.
My linux kernel acting as a router with grsecurity and Highmem enabled
hangs after 3 hours of heavy traffic.
I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
cause of the hang.

The reason i suspect the connection is pretty straight
forward as a configuration.

Highmem has been there in my 1GB ram kernel for ages now.
When PAX is enabled via the grsecurity patch , We actually split the
3GB user space to 1.5-1.5 of exec n no exec memory via the
segmentation feature .Right?
But the statistics drags highmem into this .On a hightraffic load ,The
amount of Highmen available is very less just before the kernel hangs
(It reduces from
15MB available to 2 MB as shown below)


If i disable grsec , the Highmem no longer reduces exponentially at
heavy network activity.

total: used: free: shared: buffers: cached:
Mem: 1057366016 709046272 348319744 0 3854336 610566144
Swap: 0 0 0
MemTotal: 1032584 kB
MemFree: 340156 kB
MemShared: 0 kB
Buffers: 3764 kB
Cached: 596256 kB
SwapCached: 0 kB
Active: 31352 kB
Inactive: 631796 kB
HighTotal: 131072 kB
HighFree: 2052 kB
LowTotal: 901512 kB
LowFree: 338104 kB
SwapTotal: 0 kB
SwapFree: 0 kB

My questions

1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?

2] Highmem can be disabled but i want to retain Segmentation Exec
feature for security concerns.
But Highmem is supposed to be dependent on NVRAM in our device that is
mapped to a physical memory range b/w 3GB -4GB ...My software team
insists this can't be changed due because they dont want to have a
BIOS upgrade which has this range mapped in it.Is there an alternative
to this ? or I am speaking absolute crap ?

Please explain ,I am clueless.

Regards
King khan

-- 
Azhar khan

I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
	
--Linus