I have recently upgraded kernel hardened-sources from version 2.6.14 to 2.6.16 and I am finding problem with net-misc/ntp-4.2.0.20040617-r3. When I start ntpd, the process freezes and takes all CPU power, next some programs hangs too (for example ps -A -f). It looks like kernel deadlock. With 2.6.14 everything works fine.
(In reply to comment #0) > I have recently upgraded kernel hardened-sources from version 2.6.14 to 2.6.16 > and I am finding problem with net-misc/ntp-4.2.0.20040617-r3. > When I start ntpd, the process freezes and takes all CPU power, next some > programs hangs too (for example ps -A -f). > It looks like kernel deadlock. With 2.6.14 everything works fine. > I am using only PAX, not GRSEC.
just to try and isolate this, can you please try again with a vanilla 2.6.16 kernel?
1. can you attach your .config? 2. per comment #2, please try vanilla as well 3. can you try the latest grsec test patch (from http://grsecurity.net/~spender/)? 4. are there any kernel messages/logs? 5. since it seems to be reproducible, can you run ntp through strace (repeatedly if necessary) until it hangs then attach the output (or the last few lines at least)?
(In reply to comment #3) > 3. can you try the latest grsec test patch (from > http://grsecurity.net/~spender/)? I am not aware of any further grsec changes which aren't already included. Am I missing something? :P > 4. are there any kernel messages/logs? > 5. since it seems to be reproducible, can you run ntp through strace > (repeatedly if necessary) until it hangs then attach the output (or the last > few lines at least)?
(In reply to comment #4) > I am not aware of any further grsec changes which aren't already included. Am I > missing something? :P $ tar tjvf /usr/portage/distfiles/hardened-patches-2.6.16-1.extras.tar.bz2|grep grsec- says 2.6.16/4450_grsec-2.1.9-2.6.16-200603292139.patch whereas current is grsecurity-2.1.9-2.6.16.1-200604041154.patch
Created attachment 84009 [details] straces and .config
Created attachment 84011 [details] straces and .config The error is easily reproductible, I copied .config to my notebook and it works the same way. There was nothing special in dmesg output but I am sory I had dmesg log rewriten so it is not attached. So here is straces and .config, bud lockout of ps -A -f I was unable to trace into file.
Created attachment 84012 [details] gentoo-hardened 2.6.16 .config I have forgotten the .config
I have tried with suspend2-sources 2.6.16-suspend2-r1 without any problem, but with different .config... (In reply to comment #2) > just to try and isolate this, can you please try again with a vanilla 2.6.16 > kernel? >
1. can you use strace -f on ntp please (it forks, and i guess the interesting things happen in the child)? 2. can you post the output of "paxctl -vQ /usr/sbin/ntpd" and "readelf -e /usr/sbin/ntpd"? 3. for kernel logs look at /var/log/messages.
Created attachment 84073 [details] straces, dmesg, ... straces, dmesg, ...
I have tried latest grsec patch with vanilla 2.6.16.1 with the same result. (In reply to comment #3) > 1. can you attach your .config? > 2. per comment #2, please try vanilla as well > 3. can you try the latest grsec test patch (from > http://grsecurity.net/~spender/)? > 4. are there any kernel messages/logs? > 5. since it seems to be reproducible, can you run ntp through strace > (repeatedly if necessary) until it hangs then attach the output (or the last > few lines at least)? >
same here: net-misc/ntp-4.2.0.20050303-r1 sys-kernel/hardened-sources-2.6.16-r2 after running /etc/init.d/ntpd start the system freezes. With 2.6.14-hardened everything was ok.
(In reply to comment #11) > Created an attachment (id=84073) [edit] > straces, dmesg, ... ok, a few comments, some not related to this bug though. 1. your dmesg shows that PaX killed your X server, that's because you're not using the new modular X server, but the old one with the elfloader, you should really upgrade. 2. your ntpd binary has PT_PAX_FLAGS but it lacks PT_GNU_RELRO, i thought the hardened toolchain would enforce that. 3. ntpd apparently hangs in a mmap() call, which at first sight seems completely innocuous, so i don't yet see what the underlying problem is. would be nice if you could check your syslogs for more PaX messages (or any kernel BUG reports, oopses) at that point. 4. for comment #13, can you post an strace as well please?
It were not traces from pax-enabled system, just from my notebook which is used to work with suspend2-sources... Thanks anyway. (In reply to comment #14) > (In reply to comment #11) > > Created an attachment (id=84073) [edit] > > straces, dmesg, ... > > ok, a few comments, some not related to this bug though. > > 1. your dmesg shows that PaX killed your X server, that's because you're not > using the new modular X server, but the old one with the elfloader, you should > really upgrade. > > 2. your ntpd binary has PT_PAX_FLAGS but it lacks PT_GNU_RELRO, i thought the > hardened toolchain would enforce that. > > 3. ntpd apparently hangs in a mmap() call, which at first sight seems > completely innocuous, so i don't yet see what the underlying problem is. would > be nice if you could check your syslogs for more PaX messages (or any kernel > BUG reports, oopses) at that point. > > 4. for comment #13, can you post an strace as well please? >
*** Bug 129944 has been marked as a duplicate of this bug. ***
(In reply to comment #5) > (In reply to comment #4) > > I am not aware of any further grsec changes which aren't already included. Am I > > missing something? :P > > $ tar tjvf /usr/portage/distfiles/hardened-patches-2.6.16-1.extras.tar.bz2|grep > grsec- > > says 2.6.16/4450_grsec-2.1.9-2.6.16-200603292139.patch whereas current is > grsecurity-2.1.9-2.6.16.1-200604041154.patch > very belated reply, but the upstream fix just backed out the i810 fix (which was in genpatches-base). The one I included already did that anyways.
I am sure I remember having this problem before, so I switched to net-misc/openntpd which seems to work fine.
(In reply to comment #18) > I am sure I remember having this problem before, so I switched to > net-misc/openntpd which seems to work fine. > That's no solution here. OpenNTPD doesn't support some of the advanced time services which are very important for me. We're using a radio as a backup time source to keep our kerberos in check. Also, I'd like the ability to use the IPsec features of shorewall which require some of the new functionality in 2.6.16. Anything I can do to help? I don't have much debugging experience but if someone were willing to guide me, I would be more then happy to allocate some brain cycles to this. Thank, Jon
Appears to be a problem in vanilla grsec and was reported upstream. http://grsecurity.net/pipermail/grsecurity/2006-April/000726.html
guys, yesterday i managed to reproduce the hang and am already debugging it. in the meantime you can disable SEGMEXEC on the affected executables and they should be fine (if you have PAGEEXEC enabled in the kernel .config, it will be used as a fall back automatically). the problem affects anything that uses mlockall and vma mirroring (SEGMEXEC), so if you run across similar issues, add them here in the meantime.
i uploaded test6 to http://www.grsecurity.net/~paxguy1/ , please give it a try.
good job, hardened-sources-2.6.16-r6 fixes the ntpd problem for me
If this is still an issue for you with any current version (say 2.6.20-r2), feel free to REOPEN this bug.
