[grsec] Kernel Hangs: Highmem and GRSECURITY

Syed Ahemed kingkhan at gmail.com
Tue Sep 5 10:42:59 EDT 2006 

Yes if they are mutually exclusive ,how come i dont see the problem
when i disable SEGMEXEC ?

If you have gone through the grsecurity patch , it makes changes to
include/linux/mm.h (VMA_MIRROR is changed by grseucurity patch )
Dont you see it affecting Highmem?
Read the following link

http://pax.grsecurity.net/docs/vmmirror.txt

Regards
Syed Ahemed


On 9/5/06, Gladiston Justini <gadi at justisecure.com.br> wrote:
> Marcelo,
>
>         Teste agora, já acertei a data e horário.
>
>
> At.
> Gladiston Justini
>
> On Tue, 05 Sep 2006 14:59:53 +0200
> pageexec at freemail.hu wrote:
>
> > On 5 Sep 2006 at 4:51, Syed Ahemed wrote:
> >
> > > My linux kernel acting as a router with grsecurity and Highmem enabled
> > > hangs after 3 hours of heavy traffic.
> >
> > what version of linux/grsec is this exactly? if not the latest,
> > you should at least try to reproduce it with that then. also, are
> > any other patches applied? if yes, try to reproduce the problem
> > with grsec applied alone.
> >
> > > I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> > > cause of the hang.
> >
> > is anything logged on the console?
> >
> > > The reason i suspect the connection is pretty straight
> > > forward as a configuration.
> >
> > you could also post your .config.
> >
> > > Highmem has been there in my 1GB ram kernel for ages now.
> > > When PAX is enabled via the grsecurity patch , We actually split the
> > > 3GB user space to 1.5-1.5 of exec n no exec memory via the
> > > segmentation feature .Right?
> >
> > that's when you enable SEGMEXEC, PAGEEXEC doesn't do the split.
> >
> > > But the statistics drags highmem into this .On a hightraffic load ,The
> > > amount of Highmen available is very less just before the kernel hangs
> > > (It reduces from 15MB available to 2 MB as shown below)
> >
> > i don't see what highmem has to do with this, but what you describe
> > above could be the result of some OOM situation the kernel can't
> > recover from, or some memory leak, etc. to determine whether any of
> > this is our fault or not we need more information from you as stated
> > above.
> >
> > > My questions
> > >
> > > 1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?
> >
> > they're independent.
> >
> > > 2] Highmem can be disabled but i want to retain Segmentation Exec
> > > feature for security concerns.
> >
> > are you saying that if you disable highmem but keep the rest of your
> > grsec config, the problem doesn't manifest?
> >
> > _______________________________________________
> > grsecurity mailing list
> > grsecurity at grsecurity.net
> > http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>


-- 
Azhar khan

I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
	
--Linus

More information about the grsecurity mailing list