[grsec] Kernel Hangs: Highmem and GRSECURITY
pageexec at freemail.hu
pageexec at freemail.hu
Tue Sep 5 08:59:53 EDT 2006
On 5 Sep 2006 at 4:51, Syed Ahemed wrote:
> My linux kernel acting as a router with grsecurity and Highmem enabled
> hangs after 3 hours of heavy traffic.
what version of linux/grsec is this exactly? if not the latest,
you should at least try to reproduce it with that then. also, are
any other patches applied? if yes, try to reproduce the problem
with grsec applied alone.
> I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> cause of the hang.
is anything logged on the console?
> The reason i suspect the connection is pretty straight
> forward as a configuration.
you could also post your .config.
> Highmem has been there in my 1GB ram kernel for ages now.
> When PAX is enabled via the grsecurity patch , We actually split the
> 3GB user space to 1.5-1.5 of exec n no exec memory via the
> segmentation feature .Right?
that's when you enable SEGMEXEC, PAGEEXEC doesn't do the split.
> But the statistics drags highmem into this .On a hightraffic load ,The
> amount of Highmen available is very less just before the kernel hangs
> (It reduces from 15MB available to 2 MB as shown below)
i don't see what highmem has to do with this, but what you describe
above could be the result of some OOM situation the kernel can't
recover from, or some memory leak, etc. to determine whether any of
this is our fault or not we need more information from you as stated
above.
> My questions
>
> 1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?
they're independent.
> 2] Highmem can be disabled but i want to retain Segmentation Exec
> feature for security concerns.
are you saying that if you disable highmem but keep the rest of your
grsec config, the problem doesn't manifest?
More information about the grsecurity
mailing list