I've several HP ProLiant DL140 G3 servers, with same hardware/configuration/BIOS settings, and same kernel configuration. All work fine with sys-kernel/hardened-sources-2.6.27-r8. All except one work fine with sys-kernel/hardened-sources-2.6.28-r7, but one server hangs after "Freeing unused kernel memory: 2024k freed" message, /sbin/init doesn't start (with init=/bin/bash the bash doesn't start too). I've compared messages printed to console on server which boot and server which hang - there no significant differences. (I'll attach kernel configuration and console messages for both servers.) I'm going to try other kernel versions, especially vanilla ones and will report results here. Any other ideas how to debug it? Reproducible: Always
Created attachment 187072 [details] my .config for 2.6.28-hardened-r7
Created attachment 187074 [details] console output for server1 (hangs)
Created attachment 187076 [details] console output for server2 (works)
Looks like vanilla kernels boot ok (tested 2.6.28.7, 2.6.28.9, 2.6.29), so it looks like hardened issue. Now trying hardened kernel with GrSecurity/PaX switched off...
I've tried to switch on MTRR_SANITIZER - no effect. sys-kernel/hardened-sources-2.6.28-r7 with switched off GrSecurity and PaX boot ok. Console output for kernel which boot and which doesn't boot has no significant differences.
switching off CONFIG_PAX_MPROTECT solve this issue Now I'll try to paxctl -m for /bin/bash and /sbin/runit-init (with switched on CONFIG_PAX_MPROTECT, of course)... yeah, that solves this issue too. So, now we've very strange situation: PaX require -m for process N1. This isn't related to my init (runit-init) because same happens for bash. This happens only on one server - several other servers with exactly same hardware, kernel and gentoo configuration doesn't have this issue.
Please post emerge --info and attach lspci -v output.
Portage 2.1.6.7 (hardened/x86, gcc-3.4.6, glibc-2.8_p20080602-r1, 2.6.28-hardened-r7 i686) ================================================================= System uname: Linux-2.6.28-hardened-r7-i686-Intel-R-_Xeon-R-_CPU_E5310_@_1.60GHz-with-glibc2.3.2 Timestamp of tree: Wed, 01 Apr 2009 16:00:01 +0000 app-shells/bash: 3.2_p39 dev-lang/python: 2.5.2-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.63 sys-devel/automake: 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /service /usr/inferno/keydb /usr/inferno/lib /usr/inferno/services /var/log /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=prescott -O2 -pipe" DISTDIR="/usr/portage-distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.virginmedia.com/ ftp://mirror.qubenet.net/mirror/gentoo/ http://mirror.qubenet.net/mirror/gentoo/" LANG="en_US.UTF-8" LDFLAGS="" MAKEOPTS="-j5" PKGDIR="/usr/portage-packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/powerman /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acpi aim apache2 berkdb bitmap-fonts bzip2 cracklib crypt curl gd gdbm gif gnutls gpgme hardened icq imagemagick imap imlib irc jabber javascript jpeg lm_sensors mailbox mbox midi mmx mng msn mysql ncurses nls nptl nptlonly pam pcre perl pic png pwdb readline rss sse sse2 ssl svg sysfs tcpd tiff truetype truetype-fonts type1-fonts unicode urandom x86 xinetd xorg yahoo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES=" log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif " ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 187105 [details] lspci -v for server with this issue
Is this still an issue for the reporter? Can you try 2.6.32-r9 and see if that gives you any issues on the same box? This will be the next stable release.
(In reply to comment #10) > Is this still an issue for the reporter? Can you try 2.6.32-r9 and see if that > gives you any issues on the same box? This will be the next stable release. No. All servers now use 2.6.28-hardened-r9, and it doesn't has this issue.
Okay moving past this one.
