x86_64 HLFS

Valter Douglas Lisbôa Jr. douglas at trenix.com.br
Fri Aug 1 04:18:41 PDT 2008


On Friday 01 August 2008 03:56:49 Jan Dvorak wrote:
> On Thursday 31 July 2008 17:12:31 Valter Douglas Jr. wrote:
> > Aside 64 bits system has more bugs than 32, it could
> > be a good candidate to not have throubles (except when you mix it with
> > Xen, nasty thing). [talking about PaX]
>
> Can you go more into details? 
Of course. Like PaX is a kernel patch and does not depend (entirely) by user 
space recompilation, it flows its securitiy tricks very softly on the system. 
Of course, there are applications (In top of my head by now, X and Java) that 
rely some memory behaviour, which cause PaX to bring it down of memory. But, 
paxutils can overcome this removing it from system checks.

I always heard that 64bits system has unstable issues, I not test it 
personally, but I thing it's a matter of time of adjusting the new systems. 
Really, all new machines have 64bits CPU, we do not use all power on it!

But like you say, the authors claims it function really well on 64bits. But 
the same has been saying that 2.6.x patches can be broken because it's in 
test yet. The only thing we can make is test it.

NOTE: I question myself, when will they admit that PaX is stable on 2.6.x? I 
cannot use 2.4.x kernels because new drivers is only added to 2.6.x, and I 
guess other peoples (include all participants of LFS projects) use 2.6 
kernels. Almost all major distros has 2.6.x kernels too. :-)

> I only found some information about 
> potential problems on non-hardware-emulated systems. I don't plan on
> using Xen, but the main reason I'm going for x86_64 HLFS is KVM/QEMU with
>4G memory and ability to run x86_64 guests.
The big problem is the patching, Xen patchs modify heavely some parts of the 
kernel, and one of this parts is heavely modified by PaX. I try for two weeks 
to merge both patches on Kernel 2.6.18 without success (I'm not a kernel 
hacker, yet), I can not just make it compile. I'll try to mix it again using 
a 2.6.26.x kernel like a DOMU with the PaX patches.

QEMU, Virtual Box and other user space virtualization have less chance to 
generate bugs. I try to compile and run a LFS on QEMU long time ago, like the 
system is a 32bits and very basic I was sucefull. 

KVM is hardware depent (I know, the 2.6.26.x KVM have paravirtualization, but 
it's a very new thing on it and not well tested) and I don't tested it yet. 

All modern CPU has the NX bit, try to google about it and kernel. PaX has a 
perform improvement on PAGE_EXEC protection if it uses NX.

-- 
Valter Douglas Lisbôa Jr.
Sócio-Diretor
Trenix - IT Solutions
"Nossas Idéias, suas Soluções!"
www.trenix.com.br
contato at trenix.com.br
Tel. +55 19 3402.2957
Cel. +55 19 9183.4244



More information about the hlfs-dev mailing list