users and developpers discussion about Grsecurity

Syed Ahemed | 5 Sep 2006 01:21

Picon

Kernel Hangs: Highmem and GRSECURITY

Hello friends.
This has been a tough one to debug.
My linux kernel acting as a router with grsecurity and Highmem enabled
hangs after 3 hours of heavy traffic.
I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
cause of the hang.

The reason i suspect the connection is pretty straight
forward as a configuration.

Highmem has been there in my 1GB ram kernel for ages now.
When PAX is enabled via the grsecurity patch , We actually split the
3GB user space to 1.5-1.5 of exec n no exec memory via the
segmentation feature .Right?
But the statistics drags highmem into this .On a hightraffic load ,The
amount of Highmen available is very less just before the kernel hangs
(It reduces from
15MB available to 2 MB as shown below)

If i disable grsec , the Highmem no longer reduces exponentially at
heavy network activity.

total: used: free: shared: buffers: cached:
Mem: 1057366016 709046272 348319744 0 3854336 610566144
Swap: 0 0 0
MemTotal: 1032584 kB
MemFree: 340156 kB
MemShared: 0 kB
Buffers: 3764 kB
Cached: 596256 kB

(Continue reading)

pageexec | 5 Sep 2006 14:59

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

On 5 Sep 2006 at 4:51, Syed Ahemed wrote:

> My linux kernel acting as a router with grsecurity and Highmem enabled
> hangs after 3 hours of heavy traffic.

what version of linux/grsec is this exactly? if not the latest,
you should at least try to reproduce it with that then. also, are
any other patches applied? if yes, try to reproduce the problem
with grsec applied alone.

> I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> cause of the hang.

is anything logged on the console?

> The reason i suspect the connection is pretty straight
> forward as a configuration.

you could also post your .config.

> Highmem has been there in my 1GB ram kernel for ages now.
> When PAX is enabled via the grsecurity patch , We actually split the
> 3GB user space to 1.5-1.5 of exec n no exec memory via the
> segmentation feature .Right?

that's when you enable SEGMEXEC, PAGEEXEC doesn't do the split.

> But the statistics drags highmem into this .On a hightraffic load ,The
> amount of Highmen available is very less just before the kernel hangs
> (It reduces from 15MB available to 2 MB as shown below)

(Continue reading)

Gladiston Justini | 5 Sep 2006 13:15

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Marcelo,

	Teste agora, já acertei a data e horário.

At.
Gladiston Justini

On Tue, 05 Sep 2006 14:59:53 +0200
pageexec@... wrote:

> On 5 Sep 2006 at 4:51, Syed Ahemed wrote:
> 
> > My linux kernel acting as a router with grsecurity and Highmem enabled
> > hangs after 3 hours of heavy traffic.
> 
> what version of linux/grsec is this exactly? if not the latest,
> you should at least try to reproduce it with that then. also, are
> any other patches applied? if yes, try to reproduce the problem
> with grsec applied alone.
> 
> > I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> > cause of the hang.
> 
> is anything logged on the console?
> 
> > The reason i suspect the connection is pretty straight
> > forward as a configuration.
> 
> you could also post your .config.
>

(Continue reading)

Syed Ahemed | 5 Sep 2006 01:45

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Additional Information

None of the PAX or Grsecurity documents suggests the connection between the two.

Is this a bug or a feature ? Read on ...

Total amount of free Mem is 131 MB as per /proc/meminfo

When SEGMEXEC is enabled the Highmem available at bootup is 11 MB and
increases n decreases as per the load on the system

When SEGMEXEC is disabled in Grsecurity/PAX config , the Highmem
available is 2044 which remains constant no matter what the
traffic/load is

Please explain or send me pointers .

Regards
Kingkhan

On 9/5/06, Syed Ahemed <kingkhan@...> wrote:
> Hello friends.
> This has been a tough one to debug.
> My linux kernel acting as a router with grsecurity and Highmem enabled
> hangs after 3 hours of heavy traffic.
> I have tried Magic-sysrq and KDB debugging unsuccessfully to find the
> cause of the hang.
>
> The reason i suspect the connection is pretty straight
> forward as a configuration.

(Continue reading)

Syed Ahemed | 5 Sep 2006 16:42

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Yes if they are mutually exclusive ,how come i dont see the problem
when i disable SEGMEXEC ?

If you have gone through the grsecurity patch , it makes changes to
include/linux/mm.h (VMA_MIRROR is changed by grseucurity patch )
Dont you see it affecting Highmem?
Read the following link

http://pax.grsecurity.net/docs/vmmirror.txt

Regards
Syed Ahemed

On 9/5/06, Gladiston Justini <gadi@...> wrote:
> Marcelo,
>
>         Teste agora, já acertei a data e horário.
>
>
> At.
> Gladiston Justini
>
> On Tue, 05 Sep 2006 14:59:53 +0200
> pageexec@... wrote:
>
> > On 5 Sep 2006 at 4:51, Syed Ahemed wrote:
> >
> > > My linux kernel acting as a router with grsecurity and Highmem enabled
> > > hangs after 3 hours of heavy traffic.
> >

(Continue reading)

Syed Ahemed | 5 Sep 2006 22:50

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Hello ,
Attached is the kernel config.
Linux 2.4.28
Grsecurity-2.1.0-2.4.28

Memory Info from magic sysrq at the time of the hang

SysRq : Show Memory

Mem-info:

Free pages:      376080kB (  5592kB HighMem)

Zone:DMA freepages: 13884kB

Zone:Normal freepages:356604kB

Zone:HighMem freepages:  5592kB

( Active: 6816, inactive: 150639, free: 94020 )

3*4kB 4*8kB 5*16kB 4*32kB 3*64kB 1*128kB 2*256kB 1*512kB 0*1024kB
0*2048kB 3*4096kB = 13884kB)

153*4kB 35*8kB 24*16kB 248*32kB 0*64kB 0*128kB 1*256kB 0*512kB
1*1024kB 1*2048kB 84*4096kB = 356604kB)

228*4kB 115*8kB 41*16kB 17*32kB 4*64kB 2*128kB 0*256kB 0*512kB
0*1024kB 1*2048kB 0*4096kB = 5592kB)

(Continue reading)

pageexec | 5 Sep 2006 23:22

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

On 6 Sep 2006 at 2:20, Syed Ahemed wrote:
> Hello ,
> Attached is the kernel config.
> Linux 2.4.28
> Grsecurity-2.1.0-2.4.28

thanks, this is a really old version (not to mention it has the
infamous PaX local root bug in it), so you'd first have to update
to the latest linux/grsec version then see if the problem got
solved since.

Syed Ahemed | 5 Sep 2006 23:05

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

None of the PAX or Grsecurity documents suggests the connection
between the two and so did your reply.

Is this a bug  on the part of PAX ?

Total amount of free HIGH Mem is 131 MB as per /proc/meminfo

When SEGMEXEC is enabled the Highmem available at bootup is 11 MB and
increases n decreases as per the load on the system

When SEGMEXEC is disabled in Grsecurity/PAX config , the Highmem
available is 2044 which remains "constant" no matter what the
traffic/load is

Please explain or send me pointers .

On 9/6/06, Syed Ahemed <kingkhan@...> wrote:
> Hello ,
> Attached is the kernel config.
> Linux 2.4.28
> Grsecurity-2.1.0-2.4.28
>
> Memory Info from magic sysrq at the time of the hang
>
> SysRq : Show Memory
>
> Mem-info:
>
> Free pages:      376080kB (  5592kB HighMem)
>

(Continue reading)

Syed Ahemed | 5 Sep 2006 23:39

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Thanks.
I can't change/update the linux kernel  due to some inhouse userland
application dependency.
But i can try out the latest grsec version ,Can you suggest a latest
version that will apply cleanly to linux 2.4.28

On 9/6/06, pageexec@...
<pageexec@...> wrote:
> On 6 Sep 2006 at 2:20, Syed Ahemed wrote:
> > Hello ,
> > Attached is the kernel config.
> > Linux 2.4.28
> > Grsecurity-2.1.0-2.4.28
>
> thanks, this is a really old version (not to mention it has the
> infamous PaX local root bug in it), so you'd first have to update
> to the latest linux/grsec version then see if the problem got
> solved since.
>
>

--

-- 
Azhar khan

I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.

--Linus

(Continue reading)

pageexec | 5 Sep 2006 23:52

Picon

Re: Kernel Hangs: Highmem and GRSECURITY

On 6 Sep 2006 at 3:09, Syed Ahemed wrote:

> Thanks.
> I can't change/update the linux kernel  due to some inhouse userland
> application dependency.
> But i can try out the latest grsec version ,Can you suggest a latest
> version that will apply cleanly to linux 2.4.28

grsec and PaX support only the latest linux versions, so you can
either backport it (not an easy exercise) or you're out of luck...

Group

gmane.linux.kernel.grsecurity.

Project Web Page

users and developpers discussion about Grsecurity

Search Archive

Page

1 | 2 | 3

Articles in period: 28

September 2006

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

The terminal you are using is unsafe for this operation. Use another t (15 May 2013)
Feature suggestion (19 Dec 2012)
Message explanation (10 Dec 2012)
how to check the hardware support of XN/XI bit support on ARM/MIPS pla (3 Jan 2013)
a new plugin: size_overflow (29 Aug 2012)
new gcc plugin: latent entropy extraction (23 Jul 2012)
64bit Debian, Java 1.7 64bit and Bukkit (9 May 2012)
a new plugin: size_overflow (17 Mar 2012)
grsecurity and a minecraft-plugin (java) (2 Dec 2011)
grsecurity and a minecraft-plugin (java) (30 Nov 2011)
TCP Timestamp Randomization (24 Nov 2011)
Cracking attempt? (15 Nov 2011)
Upcoming sponsorship opportunity (29 Jun 2011)
a couple of questions about grsec policies for Tahoe-LAFS (17 Jun 2011)
Patch for CONFIG_NET=n (24 May 2011)
Separate security backports/fixes from main grsec and PaX patches? (11 May 2011)
Can't compile on 2.6.32.39 (26 Apr 2011)
Warnings on uaccess_64.h when compiling the kernel 2.6.38.4 (26 Apr 2011)
problems with latest 38.3 patch (21 Apr 2011)
KVM soft lockup (16 Dec 2010)
Updates for 2.6.32.27 patches, what are they about? (14 Dec 2010)

Archives

2	May 2013
1	January 2013
2	December 2012
1	August 2012
1	July 2012
3	May 2012
1	March 2012
1	December 2011
5	November 2011
3	June 2011
2	May 2011
6	April 2011
1	February 2011
1	January 2011
7	December 2010
5	November 2010
4	October 2010
1	September 2010
4	July 2010
5	June 2010
16	May 2010
8	April 2010
1	March 2010
15	January 2010
7	November 2009
8	October 2009
15	September 2009
15	August 2009
2	July 2009
1	December 2008
2	November 2008
2	October 2008
9	September 2008
7	July 2008
3	June 2008
10	May 2008
9	April 2008
8	March 2008
27	February 2008
4	January 2008
5	October 2007
5	August 2007
5	July 2007
4	May 2007
20	April 2007
1	March 2007
1	February 2007
21	January 2007
8	December 2006
3	November 2006
10	October 2006
28	September 2006
18	August 2006
20	July 2006
6	May 2006
8	April 2006
4	March 2006
15	February 2006
50	January 2006
14	December 2005
28	November 2005
31	October 2005
33	September 2005
43	August 2005
24	July 2005
53	June 2005
50	May 2005
19	April 2005
91	March 2005
47	February 2005
52	January 2005
55	December 2004
43	November 2004
39	October 2004
62	September 2004
24	August 2004
8	July 2004

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template