Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
This has been a tough one to debug.
My linux kernel acting as a router with grsecurity and Highmem enabled hangs after 3 hours of heavy traffic.
I have tried Magic-sysrq and KDB debugging unsuccessfully to find the cause of the hang.
The reason i suspect the connection is pretty straight
forward as a configuration.
Highmem has been there in my 1GB ram kernel for ages now.
When PAX is enabled via the grsecurity patch , We actually split the 3GB user space to 1.5-1.5 of exec n no exec memory via the segmentation feature .Right?
But the statistics drags highmem into this .On a hightraffic load ,The amount of Highmen available is very less just before the kernel hangs (It reduces from
15MB available to 2 MB as shown below)
If i disable grsec , the Highmem no longer reduces exponentially at heavy network activity.
1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?
2] Highmem can be disabled but i want to retain Segmentation Exec feature for security concerns.
But Highmem is supposed to be dependent on NVRAM in our device that is mapped to a physical memory range b/w 3GB -4GB ...My software team insists this can't be changed due because they dont want to have a BIOS upgrade which has this range mapped in it.Is there an alternative to this ? or I am speaking absolute crap ?