LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   KernelHang : PAX and Highmem connection (http://www.linuxquestions.org/questions/linux-security-4/kernelhang-pax-and-highmem-connection-480417/)

kingkhan2006 09-04-2006 07:09 PM

KernelHang : PAX and Highmem connection
 
Hello friends.
This has been a tough one to debug.
My linux kernel acting as a router with grsecurity and Highmem enabled hangs after 3 hours of heavy traffic.
I have tried Magic-sysrq and KDB debugging unsuccessfully to find the cause of the hang.

The reason i suspect the connection is pretty straight
forward as a configuration.

Highmem has been there in my 1GB ram kernel for ages now.
When PAX is enabled via the grsecurity patch , We actually split the 3GB user space to 1.5-1.5 of exec n no exec memory via the segmentation feature .Right?
But the statistics drags highmem into this .On a hightraffic load ,The amount of Highmen available is very less just before the kernel hangs (It reduces from
15MB available to 2 MB as shown below)


If i disable grsec , the Highmem no longer reduces exponentially at heavy network activity.

total: used: free: shared: buffers: cached:
Mem: 1057366016 709046272 348319744 0 3854336 610566144
Swap: 0 0 0
MemTotal: 1032584 kB
MemFree: 340156 kB
MemShared: 0 kB
Buffers: 3764 kB
Cached: 596256 kB
SwapCached: 0 kB
Active: 31352 kB
Inactive: 631796 kB
HighTotal: 131072 kB
HighFree: 2052 kB
LowTotal: 901512 kB
LowFree: 338104 kB
SwapTotal: 0 kB
SwapFree: 0 kB

My questions

1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?

2] Highmem can be disabled but i want to retain Segmentation Exec feature for security concerns.
But Highmem is supposed to be dependent on NVRAM in our device that is mapped to a physical memory range b/w 3GB -4GB ...My software team insists this can't be changed due because they dont want to have a BIOS upgrade which has this range mapped in it.Is there an alternative to this ? or I am speaking absolute crap ?

Please explain ,I am clueless.

Regards
King khan

kingkhan2006 09-04-2006 07:42 PM

None of the PAX or Grsecurity documents suggests the connection between the two.

Is this a bug or a feature ? Read on ...

Total amount of free Mem is 131 MB as per /proc/meminfo

When SEGMEXEC is enabled the Highmem available at bootup is 11 MB and increases n decreases as per the load on the system

When SEGMEXEC is disabled in Grsecurity/PAX config , the Highmem available is 2044 which remains constant no matter what the traffic/load is

Please explain or send me pointers .


All times are GMT -5. The time now is 10:46 PM.