[grsec] Kernel Hangs: Highmem and GRSECURITY

Syed Ahemed kingkhan at gmail.com
Tue Sep 5 17:05:02 EDT 2006 

None of the PAX or Grsecurity documents suggests the connection
between the two and so did your reply.

Is this a bug  on the part of PAX ?

Total amount of free HIGH Mem is 131 MB as per /proc/meminfo

When SEGMEXEC is enabled the Highmem available at bootup is 11 MB and
increases n decreases as per the load on the system

When SEGMEXEC is disabled in Grsecurity/PAX config , the Highmem
available is 2044 which remains "constant" no matter what the
traffic/load is

Please explain or send me pointers .

On 9/6/06, Syed Ahemed <kingkhan at gmail.com> wrote:
> Hello ,
> Attached is the kernel config.
> Linux 2.4.28
> Grsecurity-2.1.0-2.4.28
>
> Memory Info from magic sysrq at the time of the hang
>
> SysRq : Show Memory
>
> Mem-info:
>
> Free pages:      376080kB (  5592kB HighMem)
>
> Zone:DMA freepages: 13884kB
>
> Zone:Normal freepages:356604kB
>
> Zone:HighMem freepages:  5592kB
>
> ( Active: 6816, inactive: 150639, free: 94020 )
>
> 3*4kB 4*8kB 5*16kB 4*32kB 3*64kB 1*128kB 2*256kB 1*512kB 0*1024kB
> 0*2048kB 3*4096kB = 13884kB)
>
> 153*4kB 35*8kB 24*16kB 248*32kB 0*64kB 0*128kB 1*256kB 0*512kB
> 1*1024kB 1*2048kB 84*4096kB = 356604kB)
>
> 228*4kB 115*8kB 41*16kB 17*32kB 4*64kB 2*128kB 0*256kB 0*512kB
> 0*1024kB 1*2048kB 0*4096kB = 5592kB)
>
> Swap cache: add 0, delete 0, find 0/0, race 0+0
>
> Free swap:            0kB
>
> 262144 pages of RAM
>
> 32768 pages of HIGHMEM
>
> 4990 reserved pages
>
> 69817 pages shared
>
> 0 pages swap cached
>
> 15 pages in page table cache
>
> Buffer memory:     3308kB
>
> Cache memory:   559648kB
>
> Current Process active after the hang Magicsysrq
> ------------------------------------------------------------------------
> SysRq : Show Regs
>
>
> Pid: 26602, comm:                   sh
>
> EIP: 0010:[<c0123a1e>] CPU: 0 EFLAGS: 00000202    Tainted: PF
>
> EAX: f70ebb44 EBX: f70ea000 ECX: 00000018 EDX: ffffe000
>
> ESI: 5826066d EDI: c0123a00 EBP: f70ebb34 DS: 0018 ES: 0018
>
> CR0: 8005003b CR2: 5826066d CR3: 37122000 CR4: 000006d0
>
> Call Trace:
>
>  [<c0130a06>] E del_timer+0x3c6/0xfffe9780
>
>  [<c0131000>] E del_timer+0x9c0/0xfffe9780
>
>  [<c012ce22>] E tasklet_kill+0xb2/0x130
>
>  [<c012cd16>] E __tasklet_hi_schedule+0x106/0x18b3f0
>
>  [<c0119d8d>] E enable_irq+0x14d/0xffffff90
>
>  [<c0123a00>] E __verify_write+0x3b0/0xffff32d0
>
>  [<c011c368>] E disable_irq_nosync+0x1f18/0xfffffc10
>
>  [<c0123a00>] E __verify_write+0x3b0/0xffff32d0
>
>  [<c0123a00>] E __verify_write+0x3b0/0xffff32d0
>
>  [<c0118294>] E __up_wakeup+0x1374/0x11a60c
>
>  [<c016b92c>] E init_dquot_operations+0x102c/0x162018
>
>  [<c015484a>] E compute_creds+0x16a/0x230
>
>  [<c016c930>] E init_dquot_operations+0x2030/0x162018
>
>  [<c0153a98>] E unregister_binfmt+0x378/0x12f0
>
>  [<c016c350>] E init_dquot_operations+0x1a50/0x162018
>
>  [<c0154b0c>] E search_binary_handler+0xfc/0xfffffb90
>
>  [<c0154ec5>] E do_execve+0x335/0xfffff730
>
>  [<c01459e2>] E __alloc_pages+0x62/0x23c0
>
>  [<c0116c2d>] E dump_thread+0x30d/0x8200
>
>  [<c0118173>] E __up_wakeup+0x1253/0x11a60c
>
> Regards
> kingkhan
>
> On 9/5/06, pageexec at freemail.hu <pageexec at freemail.hu> wrote:
> > On 5 Sep 2006 at 4:51, Syed Ahemed wrote:
> >
> > > My linux kernel acting as a router with grsecurity and Highmem enabled
> > > hangs after 3 hours of heavy traffic.
> >
> > what version of linux/grsec is this exactly? if not the latest,
> > you should at least try to reproduce it with that then. also, are
> > any other patches applied? if yes, try to reproduce the problem
> > with grsec applied alone.
> >
> > > I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> > > cause of the hang.
> >
> > is anything logged on the console?
> >
> > > The reason i suspect the connection is pretty straight
> > > forward as a configuration.
> >
> > you could also post your .config.
> >
> > > Highmem has been there in my 1GB ram kernel for ages now.
> > > When PAX is enabled via the grsecurity patch , We actually split the
> > > 3GB user space to 1.5-1.5 of exec n no exec memory via the
> > > segmentation feature .Right?
> >
> > that's when you enable SEGMEXEC, PAGEEXEC doesn't do the split.
> >
> > > But the statistics drags highmem into this .On a hightraffic load ,The
> > > amount of Highmen available is very less just before the kernel hangs
> > > (It reduces from 15MB available to 2 MB as shown below)
> >
> > i don't see what highmem has to do with this, but what you describe
> > above could be the result of some OOM situation the kernel can't
> > recover from, or some memory leak, etc. to determine whether any of
> > this is our fault or not we need more information from you as stated
> > above.
> >
> > > My questions
> > >
> > > 1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?
> >
> > they're independent.
> >
> > > 2] Highmem can be disabled but i want to retain Segmentation Exec
> > > feature for security concerns.
> >
> > are you saying that if you disable highmem but keep the rest of your
> > grsec config, the problem doesn't manifest?
> >
> >
>
>
> --
> Azhar khan
>
> I'm afraid that I've seen too many people fix bugs by looking at
> debugger output, and that almost inevitably leads to fixing the
> symptoms rather than the underlying problems.
>
> --Linus
>
>
>


-- 
Azhar khan

I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
	
--Linus

More information about the grsecurity mailing list