LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-04-2006, 06:09 PM   #1
kingkhan2006
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Rep: Reputation: 0
Unhappy KernelHang : PAX and Highmem connection


Hello friends.
This has been a tough one to debug.
My linux kernel acting as a router with grsecurity and Highmem enabled hangs after 3 hours of heavy traffic.
I have tried Magic-sysrq and KDB debugging unsuccessfully to find the cause of the hang.

The reason i suspect the connection is pretty straight
forward as a configuration.

Highmem has been there in my 1GB ram kernel for ages now.
When PAX is enabled via the grsecurity patch , We actually split the 3GB user space to 1.5-1.5 of exec n no exec memory via the segmentation feature .Right?
But the statistics drags highmem into this .On a hightraffic load ,The amount of Highmen available is very less just before the kernel hangs (It reduces from
15MB available to 2 MB as shown below)


If i disable grsec , the Highmem no longer reduces exponentially at heavy network activity.

total: used: free: shared: buffers: cached:
Mem: 1057366016 709046272 348319744 0 3854336 610566144
Swap: 0 0 0
MemTotal: 1032584 kB
MemFree: 340156 kB
MemShared: 0 kB
Buffers: 3764 kB
Cached: 596256 kB
SwapCached: 0 kB
Active: 31352 kB
Inactive: 631796 kB
HighTotal: 131072 kB
HighFree: 2052 kB
LowTotal: 901512 kB
LowFree: 338104 kB
SwapTotal: 0 kB
SwapFree: 0 kB

My questions

1]Is there a connection between Highmem and Segmentation Exec feature of PAX ?

2] Highmem can be disabled but i want to retain Segmentation Exec feature for security concerns.
But Highmem is supposed to be dependent on NVRAM in our device that is mapped to a physical memory range b/w 3GB -4GB ...My software team insists this can't be changed due because they dont want to have a BIOS upgrade which has this range mapped in it.Is there an alternative to this ? or I am speaking absolute crap ?

Please explain ,I am clueless.

Regards
King khan
 
Old 09-04-2006, 06:42 PM   #2
kingkhan2006
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Original Poster
Rep: Reputation: 0
None of the PAX or Grsecurity documents suggests the connection between the two.

Is this a bug or a feature ? Read on ...

Total amount of free Mem is 131 MB as per /proc/meminfo

When SEGMEXEC is enabled the Highmem available at bootup is 11 MB and increases n decreases as per the load on the system

When SEGMEXEC is disabled in Grsecurity/PAX config , the Highmem available is 2044 which remains constant no matter what the traffic/load is

Please explain or send me pointers .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PROPOSAL: glibc with --noexec (new binary breaks PaX) gian2oo1 Slackware 2 01-31-2006 02:08 PM
OpenBSD vs Linux+PaX+SSP+RSBAC jakaro *BSD 3 06-23-2005 07:05 PM
Not all RAM is used - Highmem? Tim Johnson Slackware 6 05-05-2005 08:41 AM
Excluding a file when using pax tobycatlin Linux - General 9 04-28-2005 11:13 AM
How do I enable the kernel for HIGHMEM? Mike Healan Mandriva 5 05-19-2004 12:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration