PaX issues:
Posted: Thu Nov 01, 2007 10:25 am
Hardware: Dual Pentium 4 Xeon(Irwindale) 2.8GHz, 2GB ECC RAM.
With grsecurity 10/31/07, and also on earlier 2.6.23 patches applied against 2.6.23.1, with PaX enabled, the error logs(and consoles) fill up with these messages, and the machine slowly becomes unusable afterwards:
This is with Apache 2.0.61 with the worker MPM. Booting the kernel with nosmp "solves" this problem, but obviously isn't a real solution.
(I didn't include the backtrace, as it would be meaningless, as I've compiled the kernel with kernel symbols disabled, and since it's a fairly heavily-loaded production machine, I really can't do a ton of testing)
I also disabled PaX using chpax for mysql(4.0.24):
...but the mysqld process' virtual memory usage grows and grows and grows over time, eventually causing it to seg fault. This doesn't happen when PaX is disabled at kernel configuration/compilation time.
I'll post the kernel .config file and more information later when I have time...
With grsecurity 10/31/07, and also on earlier 2.6.23 patches applied against 2.6.23.1, with PaX enabled, the error logs(and consoles) fill up with these messages, and the machine slowly becomes unusable afterwards:
kernel: Bad page state in process 'httpd'
kernel: page:c186aae0 flags:0x80000001 mapping:00000000 mapcount:0 count:0
kernel: Trying to fix it up, but a reboot is needed
This is with Apache 2.0.61 with the worker MPM. Booting the kernel with nosmp "solves" this problem, but obviously isn't a real solution.
(I didn't include the backtrace, as it would be meaningless, as I've compiled the kernel with kernel symbols disabled, and since it's a fairly heavily-loaded production machine, I really can't do a ton of testing)
I also disabled PaX using chpax for mysql(4.0.24):
chpax -v /usr/sbin/mysqld
----[ chpax 0.7 : Current flags for /usr/sbin/mysqld (peMrxs) ]----
* Paging based PAGE_EXEC : disabled
* Trampolines : not emulated
* mprotect() : restricted
* mmap() base : not randomized
* ET_EXEC base : not randomized
* Segmentation based PAGE_EXEC : disabled
...but the mysqld process' virtual memory usage grows and grows and grows over time, eventually causing it to seg fault. This doesn't happen when PaX is disabled at kernel configuration/compilation time.
I'll post the kernel .config file and more information later when I have time...