headers
Syed Ahemed | 5 Sep 2006 23:39
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Thanks.
I can't change/update the linux kernel  due to some inhouse userland
application dependency.
But i can try out the latest grsec version ,Can you suggest a latest
version that will apply cleanly to linux 2.4.28

On 9/6/06, pageexec@...
<pageexec@...> wrote:
> On 6 Sep 2006 at 2:20, Syed Ahemed wrote:
> > Hello ,
> > Attached is the kernel config.
> > Linux 2.4.28
> > Grsecurity-2.1.0-2.4.28
>
> thanks, this is a really old version (not to mention it has the
> infamous PaX local root bug in it), so you'd first have to update
> to the latest linux/grsec version then see if the problem got
> solved since.
>
>

--

-- 
Azhar khan

I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
	
--Linus
(Continue reading)

Permalink | Reply |
headers
pageexec | 5 Sep 2006 23:52
Picon
Favicon

Re: Kernel Hangs: Highmem and GRSECURITY

On 6 Sep 2006 at 3:09, Syed Ahemed wrote:

> Thanks.
> I can't change/update the linux kernel  due to some inhouse userland
> application dependency.
> But i can try out the latest grsec version ,Can you suggest a latest
> version that will apply cleanly to linux 2.4.28

grsec and PaX support only the latest linux versions, so you can
either backport it (not an easy exercise) or you're out of luck...
Permalink | Reply |
headers
Syed Ahemed | 9 Sep 2006 02:33
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Hello ,
In the excerpts 2.1.9 grsecurity patch , kmem_cache_free is called
when kmem_cache_alloc fails (returns 0)   .Isn't this a case of
dereferencing a Null pointer.
The kernel code without the Patch  otherwise is filled with calls to
kmem_cache_alloc that just returns -ENOMEM in case of failure.

Could you please explain the reason ?

+#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
+   if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (VM_STACK_FLAGS
& VM_MAYEXEC)) {
+       mpnt_m = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
+       if (!mpnt_m) {
+           kmem_cache_free(vm_area_cachep, mpnt);
+           return -ENOMEM;
+       }
+   }
+#endif
+

Regards
Syed Ahemed

On 9/6/06, pageexec@...
<pageexec@...> wrote:
> On 6 Sep 2006 at 3:09, Syed Ahemed wrote:
>
> > Thanks.
> > I can't change/update the linux kernel  due to some inhouse userland
(Continue reading)

Permalink | Reply |
headers
pageexec | 9 Sep 2006 09:29
Picon
Favicon

Re: Kernel Hangs: Highmem and GRSECURITY

On 9 Sep 2006 at 6:03, Syed Ahemed wrote:

> Hello ,
> In the excerpts 2.1.9 grsecurity patch , kmem_cache_free is called
> when kmem_cache_alloc fails (returns 0)   .Isn't this a case of
> dereferencing a Null pointer.

notice that what we free is 'mpnt', not 'mpnt_m', that is, we just
prevent leaking a previously allocated item, i don't see where the
NULL ptr is dereferenced.

> The kernel code without the Patch  otherwise is filled with calls to
> kmem_cache_alloc that just returns -ENOMEM in case of failure.
> 
> Could you please explain the reason ?
> 
> +#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
> +   if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (VM_STACK_FLAGS
> & VM_MAYEXEC)) {
> +       mpnt_m = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
> +       if (!mpnt_m) {
> +           kmem_cache_free(vm_area_cachep, mpnt);
> +           return -ENOMEM;
> +       }
> +   }
> +#endif
> +
Permalink | Reply |
headers
Syed Ahemed | 9 Sep 2006 18:48
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Cool ,Thanks a lot .
In a hurry to get my 15 minutes of fame ,I missed the apparent difference:-)
Will be extra careful the next time around.Regret wasting your time sir.

On 9/9/06, pageexec@...
<pageexec@...> wrote:
> On 9 Sep 2006 at 6:03, Syed Ahemed wrote:
>
> > Hello ,
> > In the excerpts 2.1.9 grsecurity patch , kmem_cache_free is called
> > when kmem_cache_alloc fails (returns 0)   .Isn't this a case of
> > dereferencing a Null pointer.
>
> notice that what we free is 'mpnt', not 'mpnt_m', that is, we just
> prevent leaking a previously allocated item, i don't see where the
> NULL ptr is dereferenced.
>
> > The kernel code without the Patch  otherwise is filled with calls to
> > kmem_cache_alloc that just returns -ENOMEM in case of failure.
> >
> > Could you please explain the reason ?
> >
> > +#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
> > +   if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (VM_STACK_FLAGS
> > & VM_MAYEXEC)) {
> > +       mpnt_m = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
> > +       if (!mpnt_m) {
> > +           kmem_cache_free(vm_area_cachep, mpnt);
> > +           return -ENOMEM;
> > +       }
(Continue reading)

Permalink | Reply |
headers
Syed Ahemed | 14 Sep 2006 21:16
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Hello ,
I wonder if you remeber this problem i was facing a couple of days
back about the kernel hang i noticed.
As per your suggestion i have upgraded to the latest 2.1.9 grsecurity
patch and i dont any longer see the issue.
But for sake of my learning n curiosity , I tried looking at the
difference between 2.1.0 and 2.1.9 patch .

I noticed the following based on my month long analysis.
Since it was evident from /proc/meminfo i was running out of either
physical or virtual memory during the hang i tried to dig into the
source code and found the following code , which after commenting out
i no longer see the hang .This is what is exactly done in 2.1.9
patch.My question to the community is related to this code.
Can you throw me some light or pointers where i can find the changelog
 or the reason why this change was made .

In the following excerpts of the code the IFDEFINED PAXSEGMEXEC code
was removed and the kernel hang is no longer seen.In the 2.1.9 patch
this code is not added .From my understanding if vm_flags & VM_MIRROR
results to 0 only then the "if" statements are executed , else it is
skipped.My analysis shows it is skipped and so the kernel hangs
subsequently.

Why was this code added and why is it removed

/usr/src/linux-2.4/mm/mmap.c

    /* Check against address space limit. */
#if defined(CONFIG_GRKERNSEC_PAX_SEGMEXEC) ||
(Continue reading)

Permalink | Reply |
headers
pageexec | 18 Sep 2006 23:32
Picon
Favicon

Re: Kernel Hangs: Highmem and GRSECURITY

On 15 Sep 2006 at 0:46, Syed Ahemed wrote:

> I noticed the following based on my month long analysis.
> Since it was evident from /proc/meminfo i was running out of either
> physical or virtual memory during the hang

/proc/slabinfo can also be useful if the leaked memory structure
is allocated in the slab.

> i tried to dig into the source code and found the following code ,
> which after commenting out i no longer see the hang .This is what is
> exactly done in 2.1.9 patch.My question to the community is related to
> this code. Can you throw me some light or pointers where i can find the
> changelog or the reason why this change was made . 

i doubt this chunk can cause the hang directly given that all it
does is to check/enforce the address space size resource limit.
the reason grsec had this chunk at all was a disagreement between
me/spender back then as to how to account for the vma mirrors.

from my point of view, they consume virtual address space, so they
should be accounted, from his point of view they don't consume
extra physical memory so they should not be accounted (the normal
use of the AS limit is to limit physical memory usage by limiting
the size of the virtual mappings, not an exact science even without
vma mirroring).

this is a tricky situation because some apps try/tried to do precise
accounting and set their own AS limit and ran out of it when run under 
SEGMEXEC, so as the easier fix, spender removed the mirrors from AS
(Continue reading)

Permalink | Reply |
headers
Syed Ahemed | 19 Sep 2006 01:24
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Classic explanation, I shall work on  the app that is trying to set
limits for itself because this does seem to happen when Highmem
available drops down to 2044kb ,while the lowmem is still a whopping
350 MB (/proc/meminfo reports).

Delayed reply but thanks a lot :-)

On 9/19/06, pageexec@...
<pageexec@...> wrote:
> On 15 Sep 2006 at 0:46, Syed Ahemed wrote:
>
> > I noticed the following based on my month long analysis.
> > Since it was evident from /proc/meminfo i was running out of either
> > physical or virtual memory during the hang
>
> /proc/slabinfo can also be useful if the leaked memory structure
> is allocated in the slab.
>
> > i tried to dig into the source code and found the following code ,
> > which after commenting out i no longer see the hang .This is what is
> > exactly done in 2.1.9 patch.My question to the community is related to
> > this code. Can you throw me some light or pointers where i can find the
> > changelog or the reason why this change was made .
>
> i doubt this chunk can cause the hang directly given that all it
> does is to check/enforce the address space size resource limit.
> the reason grsec had this chunk at all was a disagreement between
> me/spender back then as to how to account for the vma mirrors.
>
> from my point of view, they consume virtual address space, so they
(Continue reading)

Permalink | Reply |
headers
Syed Ahemed | 25 Sep 2006 02:30
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Hi,
I don't know if this is the right forum to address this issue , But
here is it ....

I need grsecurity patches for all the linux kernel version starting
2.4.28 to 2.4.33.

Since the download repository has link only to grsec 2.1.9 , I tried
the cvs option only to find an administrative issue on the cvs server.
Error:
root]# cvs -z3 -d :pserver:anonymous@...:/home/cvs co grsecurity2
can't create temporary directory /tmp/cvs-serv13214
No space left on device

Please solve the problem for me on your server or point me to a
relevant cvs server.

Regards
King khan

On 9/19/06, Syed Ahemed <kingkhan@...> wrote:
> Classic explanation, I shall work on  the app that is trying to set
> limits for itself because this does seem to happen when Highmem
> available drops down to 2044kb ,while the lowmem is still a whopping
> 350 MB (/proc/meminfo reports).
>
> Delayed reply but thanks a lot :-)
>
>
>
(Continue reading)

Permalink | Reply |
headers
Peter Kosinar | 4 Oct 2006 00:57
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

> Since the download repository has link only to grsec 2.1.9 , I tried
> the cvs option only to find an administrative issue on the cvs server.
> Error:
> root]# cvs -z3 -d :pserver:anonymous@...:/home/cvs co grsecurity2
> can't create temporary directory /tmp/cvs-serv13214
> No space left on device

Looks more like your local problem, not the grsecurity's server's one. You 
don't happen to have /tmp full, do you?

Peter

--

-- 
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278
Permalink | Reply |
headers
Syed Ahemed | 4 Oct 2006 02:33
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

nope /tmp is not full and am sure its a server problem.
If you are administering the server please send across the grsecurity
patch for 2.4.29 kernel

On 10/4/06, Peter Kosinar <goober@...> wrote:
> > Since the download repository has link only to grsec 2.1.9 , I tried
> > the cvs option only to find an administrative issue on the cvs server.
> > Error:
> > root]# cvs -z3 -d :pserver:anonymous@...:/home/cvs co grsecurity2
> > can't create temporary directory /tmp/cvs-serv13214
> > No space left on device
>
> Looks more like your local problem, not the grsecurity's server's one. You
> don't happen to have /tmp full, do you?
>
> Peter
>
> --
> [Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278
>
>
>

--

-- 
Azhar khan

I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
(Continue reading)

Permalink | Reply |
headers
pageexec | 25 Sep 2006 08:55
Picon
Favicon

Re: Kernel Hangs: Highmem and GRSECURITY

On 25 Sep 2006 at 6:00, Syed Ahemed wrote:

> I don't know if this is the right forum to address this issue , But
> here is it ....
> 
> I need grsecurity patches for all the linux kernel version starting
> 2.4.28 to 2.4.33.

you won't find such an old grsec in cvs, however pax exists since 2.4.26.
the full list of module names:

linux_pax_2_4_26
linux_pax_2_4_27
linux_pax_2_4_28
linux_pax_2_4_29
linux_pax_2_4_30
linux_pax_2_4_31
linux_pax_2_4_32
linux_pax_2_4_33

if you want grsec, i have an archive of all released versions so far, let
me know if you want that.

> root]# cvs -z3 -d :pserver:anonymous@...:/home/cvs co grsecurity2
> can't create temporary directory /tmp/cvs-serv13214
> No space left on device
> 
> Please solve the problem for me on your server or point me to a
> relevant cvs server.
(Continue reading)

Permalink | Reply |
headers
Syed Ahemed | 14 Sep 2006 21:20
Picon

Re: Kernel Hangs: Highmem and GRSECURITY

Kernel version i am addressing the problem is
2.4.28 and the grsecurity patch is 2.1.0

On 9/15/06, Syed Ahemed <kingkhan@...> wrote:
> Hello ,
> I wonder if you remeber this problem i was facing a couple of days
> back about the kernel hang i noticed.
> As per your suggestion i have upgraded to the latest 2.1.9 grsecurity
> patch and i dont any longer see the issue.
> But for sake of my learning n curiosity , I tried looking at the
> difference between 2.1.0 and 2.1.9 patch .
>
> I noticed the following based on my month long analysis.
> Since it was evident from /proc/meminfo i was running out of either
> physical or virtual memory during the hang i tried to dig into the
> source code and found the following code , which after commenting out
> i no longer see the hang .This is what is exactly done in 2.1.9
> patch.My question to the community is related to this code.
> Can you throw me some light or pointers where i can find the changelog
>  or the reason why this change was made .
>
> In the following excerpts of the code the IFDEFINED PAXSEGMEXEC code
> was removed and the kernel hang is no longer seen.In the 2.1.9 patch
> this code is not added .From my understanding if vm_flags & VM_MIRROR
> results to 0 only then the "if" statements are executed , else it is
> skipped.My analysis shows it is skipped and so the kernel hangs
> subsequently.
>
> Why was this code added and why is it removed
>
(Continue reading)

Permalink | Reply |

Gmane