[grsec] Kernel Hangs: Highmem and GRSECURITY
Syed Ahemed
kingkhan at gmail.com
Mon Sep 4 19:45:19 EDT 2006
Additional Information
None of the PAX or Grsecurity documents suggests the connection between the two.
Is this a bug or a feature ? Read on ...
Total amount of free Mem is 131 MB as per /proc/meminfo
When SEGMEXEC is enabled the Highmem available at bootup is 11 MB and
increases n decreases as per the load on the system
When SEGMEXEC is disabled in Grsecurity/PAX config , the Highmem
available is 2044 which remains constant no matter what the
traffic/load is
Please explain or send me pointers .
Regards
Kingkhan
On 9/5/06, Syed Ahemed <kingkhan at gmail.com> wrote:
> Hello friends.
> This has been a tough one to debug.
> My linux kernel acting as a router with grsecurity and Highmem enabled
> hangs after 3 hours of heavy traffic.
> I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> cause of the hang.
>
> The reason i suspect the connection is pretty straight
> forward as a configuration.
>
> Highmem has been there in my 1GB ram kernel for ages now.
> When PAX is enabled via the grsecurity patch , We actually split the
> 3GB user space to 1.5-1.5 of exec n no exec memory via the
> segmentation feature .Right?
> But the statistics drags highmem into this .On a hightraffic load ,The
> amount of Highmen available is very less just before the kernel hangs
> (It reduces from
> 15MB available to 2 MB as shown below)
>
>
> If i disable grsec , the Highmem no longer reduces exponentially at
> heavy network activity.
>
> total: used: free: shared: buffers: cached:
> Mem: 1057366016 709046272 348319744 0 3854336 610566144
> Swap: 0 0 0
> MemTotal: 1032584 kB
> MemFree: 340156 kB
> MemShared: 0 kB
> Buffers: 3764 kB
> Cached: 596256 kB
> SwapCached: 0 kB
> Active: 31352 kB
> Inactive: 631796 kB
> HighTotal: 131072 kB
> HighFree: 2052 kB
> LowTotal: 901512 kB
> LowFree: 338104 kB
> SwapTotal: 0 kB
> SwapFree: 0 kB
>
> My questions
>
> 1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?
>
> 2] Highmem can be disabled but i want to retain Segmentation Exec
> feature for security concerns.
> But Highmem is supposed to be dependent on NVRAM in our device that is
> mapped to a physical memory range b/w 3GB -4GB ...My software team
> insists this can't be changed due because they dont want to have a
> BIOS upgrade which has this range mapped in it.Is there an alternative
> to this ? or I am speaking absolute crap ?
>
> Please explain ,I am clueless.
>
> Regards
> King khan
>
> --
> Azhar khan
>
> I'm afraid that I've seen too many people fix bugs by looking at
> debugger output, and that almost inevitably leads to fixing the
> symptoms rather than the underlying problems.
>
> --Linus
>
--
Azhar khan
I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
--Linus
More information about the grsecurity
mailing list