335492 – LVM tools on hardened kernel caused mlock error

Bug 335492 - LVM tools on hardened kernel caused mlock error

Summary: LVM tools on hardened kernel caused mlock error

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-09-01 09:37 UTC by email200202
Modified:	2014-08-30 23:56 UTC (History)
CC List:	8 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
reduced testcase (testcase.c,1.72 KB, text/plain) 2010-09-06 21:48 UTC, Diego Elio Pettenò (RETIRED)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description email200202 2010-09-01 09:37:17 UTC

After installation of lvm2 on a hardened gentoo server, any lvm command causes this error and does its function at the end.
# lvcreate -L10G -ntest  A 
  7412b000-741dd000 r-xp 00000000 08:03 98631      /sbin/lvm: mlock failed: Invalid argument 
  aba7a000-abbbf000 r-xp 00000000 08:03 90688      /lib/libc-2.11.2.so: mlock failed: Invalid argument 
  abbc5000-abbcf000 r-xp 00000000 08:03 987368     /lib/libudev.so.0.6.1: mlock failed: Invalid argument 
  abc06000-abc28000 r-xp 00000000 08:03 98632      /lib/libdevmapper.so.1.02: mlock failed: Invalid argument 
  abc2b000-abc2f000 r-xp 00000000 08:03 98714      /lib/libdevmapper-event.so.1.02: mlock failed: Invalid argument 
  abc3d000-abc5a000 r-xp 00000000 08:03 90905      /lib/ld-2.11.2.so: mlock failed: Invalid argument 
  7412b000-741dd000 r-xp 00000000 08:03 98631      /sbin/lvm: munlock failed: Invalid argument 
  aba7a000-abbbf000 r-xp 00000000 08:03 90688      /lib/libc-2.11.2.so: munlock failed: Invalid argument 
  abbc5000-abbcf000 r-xp 00000000 08:03 987368     /lib/libudev.so.0.6.1: munlock failed: Invalid argument 
  abc06000-abc28000 r-xp 00000000 08:03 98632      /lib/libdevmapper.so.1.02: munlock failed: Invalid argument 
  abc2b000-abc2f000 r-xp 00000000 08:03 98714      /lib/libdevmapper-event.so.1.02: munlock failed: Invalid argument 
  abc3d000-abc5a000 r-xp 00000000 08:03 90905      /lib/ld-2.11.2.so: munlock failed: Invalid argument 
  Logical volume "test" created 
This is the first time that I use lvm on hardened gentoo. It works with no problems on desktop profiles.

The error disappeared when I modified "use_mlockall" from the default "0" to "1" in /etc/lvm/lvm.conf file.
    # Set to 1 to revert to the default behaviour prior to version 2.02.62 
    # which used mlockall() to pin the whole process's memory while activating 
    # devices. 
    use_mlockall = 1 

I installed hardened kernel on a "desktop profile" computer using the computer's non hardened ".config". 
It did not give the error. So it is NOT the hardened kernel patches and it is NOT LVM version because both are at 
the same version sys-fs/lvm2-2.02.73. 

desktop profile + hardened kernel: 

# uname -r 
2.6.32-hardened-r9 
# pvcreate /dev/sdb8 
  Physical volume "/dev/sdb8" successfully created 
# vgcreate A /dev/sdb8 
  Volume group "A" successfully created 
# lvcreate -L10G -ntest A 
  Logical volume "test" created 
# emerge --info lvm2 
Portage 2.1.8.3 (default/linux/x86/10.0/desktop, gcc-4.4.3, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686) 
================================================================= 
                        System Settings 
================================================================= 
System uname: Linux-2.6.32-hardened-r9-i686-Intel-R-_Pentium-R-_D_CPU_3.20GHz-with-gentoo-1.12.13 
Timestamp of tree: Thu, 26 Aug 2010 23:00:17 +0000 
app-shells/bash:     4.0_p37 
dev-java/java-config: 2.1.11 
dev-lang/python:     2.6.5-r3, 3.1.2-r4 
dev-util/cmake:      2.8.1-r2 
sys-apps/baselayout: 1.12.13 
sys-apps/sandbox:    1.6-r2 
sys-devel/autoconf:  2.13, 2.65 
sys-devel/automake:  1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1 
sys-devel/binutils:  2.20.1-r1 
sys-devel/gcc:       4.4.3-r2 
sys-devel/gcc-config: 1.4.1 
sys-devel/libtool:   2.2.6b 
sys-devel/make:      3.81-r2 
virtual/os-headers:  2.6.30-r1 
ACCEPT_KEYWORDS="x86" 
ACCEPT_LICENSE="*" 
CBUILD="i686-pc-linux-gnu" 
CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" 
CHOST="i686-pc-linux-gnu" 
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config"                                                                                                                                                                    
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"                                                                                                        
CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer"                                                                                                                                                                      
DISTDIR="/opt/portage/distfiles"                                                                                                                                                                                              
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"                                                                                
GENTOO_MIRRORS="http://distfiles.gentoo.org"                                                                                                                                                                                  
LANG="en_GB"                                                                                                                                                                                                                  
LC_ALL="en_GB"                                                                                                                                                                                                                
LDFLAGS="-Wl,-O1 -Wl,--as-needed" 
LINGUAS="en_GB" 
MAKEOPTS="-j3" 
PKGDIR="/usr/portage/packages" 
PORTAGE_CONFIGROOT="/" 
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" 
PORTAGE_TMPDIR="/opt/tmp" 
PORTDIR="/opt/portage" 
PORTDIR_OVERLAY="/opt/local/portage" 
SYNC="rsync://rsync.gentoo.org/gentoo-portage" 
USE="X a52 aac acl acpi alsa berkdb bluetooth branding bzip2 cairo cdr cli consolekit cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode exif extras fam firefox flac fortran gd gdbm ggi gif gpm graphics graphviz gtk hal iconv icu ieee1394 ipv6 java jpeg kde kerberos kpathsea latex lcms ldap libnotify lightning live mad mikmod mng modules mp3 mp4 mpeg mudflap multislot mysql ncurses nls nptl nptlonly ogg opengl openmp pam pango pcre pdf perl plotutils png ppds pppd pstricks publishers python qt qt3support qt4 rdesktop readline reflection samba science sdl session spell spl sql sqlite ssl startup-notification svg svgai sysfs tcpd threads tiff truetype unicode usb v4l v4l2 vorbis webkit wxwindows x264 x86 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa vga radeonhd radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS 

================================================================= 
                        Package Settings 
================================================================= 

sys-fs/lvm2-2.02.73 was built with the following: 
USE="lvm1 readline static -clvm (-cman) (-selinux)" 

hardened profile:
 emerge --info lvm2 
Portage 2.1.8.3 (hardened/linux/x86/10.0, gcc-4.3.4, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686) 
================================================================= 
                        System Settings 
================================================================= 
System uname: Linux-2.6.32-hardened-r9-i686-Intel-R-_Xeon-R-_CPU_3050_@_2.13GHz-with-gentoo-1.12.13 
Timestamp of tree: Tue, 24 Aug 2010 03:30:01 +0000 
app-shells/bash:     4.0_p37 
dev-lang/python:     2.6.5-r2, 3.1.2-r3 
dev-util/cmake:      2.6.4-r3 
sys-apps/baselayout: 1.12.13 
sys-apps/sandbox:    1.6-r2 
sys-devel/autoconf:  2.65 
sys-devel/automake:  1.11.1 
sys-devel/binutils:  2.20.1-r1 
sys-devel/gcc:       4.3.4 
sys-devel/gcc-config: 1.4.1 
sys-devel/libtool:   2.2.6b 
sys-devel/make:      3.81 
virtual/os-headers:  2.6.30-r1 
ACCEPT_KEYWORDS="x86" 
ACCEPT_LICENSE="* -@EULA" 
CBUILD="i686-pc-linux-gnu" 
CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fforce-addr" 
CHOST="i686-pc-linux-gnu" 
CONFIG_PROTECT="/etc" 
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" 
CXXFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fforce-addr" 
DISTDIR="/usr/portage/distfiles" 
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" 
GENTOO_MIRRORS="http://distfiles.gentoo.org" 
LDFLAGS="-Wl,-O1 -Wl,--as-needed" 
LINGUAS="en_GB" 
MAKEOPTS="-j3" 
PKGDIR="/usr/portage/packages" 
PORTAGE_CONFIGROOT="/" 
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" 
PORTAGE_TMPDIR="/var/tmp"                                                                                                                                                                                                      
PORTDIR="/usr/portage"                                                                                                                                                                                                        
SYNC="rsync://rsync.gentoo.org/gentoo-portage"                                                                                                                                                                                
USE="acl ads berkdb bzip2 cli cracklib crypt cups cxx dbus dri gdbm gpm hal hardened iconv kerberos ldap modules mudflap ncurses nptl nptlonly oav openmp pam pcre perl pic pppd python readline reflection samba session spl ssl sysfs tcpd threads urandom usb winbind x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1   emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m       maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="xgi sis vesa vga" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY 

================================================================= 
                        Package Settings 
================================================================= 

sys-fs/lvm2-2.02.73 was built with the following: 
USE="lvm1 readline static -clvm (-cman) (-selinux)"

Comment 1 Christian Ruppert (idl0r) gentoo-dev

2010-09-01 19:04:39 UTC

Can confirm..
I get it e.g. when rebooting or during shutdown.

emerge --info lvm2
Portage 2.1.8.3 (hardened/linux/x86/10.0, gcc-4.3.4, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.32-hardened-r9-i686-AMD_Athlon-tm-_XP-with-gentoo-2.0.1
Timestamp of tree: Tue, 31 Aug 2010 18:30:13 +0000
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.5-r3, 3.1.2-r4
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.65
sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y --columns"
FEATURES="assume-digests distlocks fakeroot fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp6.uni-muenster.de/pub/linux/distributions/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gentoo.mneisen.org/ http://de-mirror.org/distro/gentoo/ ftp://de-mirror.org/distro/gentoo/ http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ ftp://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ http://mirror.netcologne.de/gentoo/ ftp://mirror.netcologne.de/gentoo/"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,now -Wl,--sort-common"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude lost+found"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/hardened-development /usr/local/portage"
SYNC="rsync://10.8.6.1/gentoo-portage"
USE="3dnow 3dnowext X509 acl animgif apache2 audit bash-completion berkdb blksha1 bzip2 chroot cleartype cli cracklib crypt cscope ctype curl curlwrappers cxx dbus dhcp extensions extras fontconfig fts3 gcrypt gd gdbm gif git gmp gnutls gpgme hardened hpn iconv idn iproute2 ipv6 ithreads jpeg libedit libssh2 lzma lzo maildir mmx mmxext mudflap mysql ncurses net network-cron nfsv3 nptl nptlonly openmp pam pcre perl pic plugins png pppd python readline reflection rrdtool secure-delete session sha512 smime snmp sockets spl spoof-source sqlite sqlite3 sse ssl suexec svg sysfs syslog threads threadsafe tordns truetype unicode urandom vim-syntax webdav-neon x86 xattr xml zlib zsh-completion" APACHE2_MODULES="alias authz_host cgid dir env mime" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" RUBY_TARGETS="ruby18" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS

=================================================================
                        Package Settings
=================================================================

sys-fs/lvm2-2.02.73 was built with the following:
USE="readline static -clvm (-cman) -lvm1 (-selinux)"

Comment 2 Magnus Granberg gentoo-dev

2010-09-01 21:00:13 UTC

It works fine for me
sys-fs/lvm2-2.02.73-r1  USE="lvm1 readline static (-clvm) (-cman) (-selinux)"
laptop1 ~ # lvcreate -L100M -ntest ssd
  Logical volume "test" created
Portage 2.2_rc72 (hardened/linux/amd64/10.0, gcc-4.4.4, glibc-2.11.2-r0, 2.6.34-gentoo-r1 x86_64)
=================================================================
System uname: Linux-2.6.34-gentoo-r1-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T7700_@_2.40GHz-with-gentoo-2.0.1
Timestamp of tree: Wed, 01 Sep 2010 19:45:01 +0000
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.5-r2, 3.1.2-r3
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.8.5-r4, 1.9.6-r3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4, 4.4.4-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
sys-devel/make:      3.81
virtual/os-headers:  2.6.34 (sys-kernel/linux-headers)

Comment 3 Anthony Basile gentoo-dev

2010-09-01 22:45:29 UTC

Works for me too.  My profile is even closer to the first two that hit the bug.

[ebuild   R   ] sys-fs/lvm2-2.02.73  USE="lvm1 readline static -clvm (-cman) (-selinux)" 0 kB

lvcreate -L10G -ntest  test 
  Logical volume "test" created

Portage 2.1.8.3 (hardened/linux/x86/10.0, gcc-4.3.4, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686)
=================================================================
System uname: Linux-2.6.32-hardened-r9-i686-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-1.12.13
Timestamp of tree: Wed, 25 Aug 2010 22:00:01 +0000
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.5-r3, 3.1.2-r4
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1

Comment 4 Anthony Basile gentoo-dev

2010-09-04 00:46:39 UTC

I think this is a repeat of bug #333477.  See also

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.32.y.git;a=commit;h=e4599a4a45259b9cfb0942d36f6f35f3dca1d893

If that's the case, then it should be fixed in hardened-sources-2.6.32-r15 and probably -r14 (via the grsec patch).

@reporter and idl0r.  If you can test upgrading to h-s-.2.6.32-r15 and see if the problem goes away.

Comment 5 email200202 2010-09-05 05:52:56 UTC

Updated the kernel to 2.6.34-hardened-r3. It did not fix the lvm2 problem.

# uname -r
2.6.34-hardened-r3
# lvcreate -L10G -ntest  test
  778b2000-77964000 r-xp 00000000 08:03 972466     /sbin/lvm: mlock failed: Invalid argument
  b6c41000-b6d86000 r-xp 00000000 08:03 890430     /lib/libc-2.11.2.so: mlock failed: Invalid argument
  b6d8d000-b6d97000 r-xp 00000000 08:03 873143     /lib/libudev.so.0.6.1: mlock failed: Invalid argument
  b6dce000-b6df0000 r-xp 00000000 08:03 972531     /lib/libdevmapper.so.1.02: mlock failed: Invalid argument
  b6df3000-b6df7000 r-xp 00000000 08:03 972529     /lib/libdevmapper-event.so.1.02: mlock failed: Invalid argument
  b6e04000-b6e21000 r-xp 00000000 08:03 888844     /lib/ld-2.11.2.so: mlock failed: Invalid argument
  778b2000-77964000 r-xp 00000000 08:03 972466     /sbin/lvm: munlock failed: Invalid argument
  b6c41000-b6d86000 r-xp 00000000 08:03 890430     /lib/libc-2.11.2.so: munlock failed: Invalid argument
  b6d8d000-b6d97000 r-xp 00000000 08:03 873143     /lib/libudev.so.0.6.1: munlock failed: Invalid argument
  b6dce000-b6df0000 r-xp 00000000 08:03 972531     /lib/libdevmapper.so.1.02: munlock failed: Invalid argument
  b6df3000-b6df7000 r-xp 00000000 08:03 972529     /lib/libdevmapper-event.so.1.02: munlock failed: Invalid argument
  b6e04000-b6e21000 r-xp 00000000 08:03 888844     /lib/ld-2.11.2.so: munlock failed: Invalid argument
  Logical volume "test" created

Comment 6 Anthony Basile gentoo-dev

2010-09-05 10:59:47 UTC

(In reply to comment #5)
> Updated the kernel to 2.6.34-hardened-r3. It did not fix the lvm2 problem.
> 

This is not stack guard page issue then.  I also realized after posting Comment #4 that 2.6.32-hardened-r9 would be too early for that issue.  I still can't seem to trigger it at my end, which makes it hard to debug.

Comment 7 Diego Elio Pettenò (RETIRED) gentoo-dev

2010-09-06 21:48:39 UTC

Created attachment 246310 [details]
reduced testcase

After a bit of Nancy-Drewing around, we got some juicier details:

 - I can reproduce the problem if I enable SEGMEXEC, it goes away if I disable SEGMEXEC and leave just PAGEEXEC;
 - when SEGMEXEC there are _two_ executable mappings per ELF file loaded in memory;
 - the second mapping seems to always be _after_ the stack;
 - that second mapping is the one that cannot be mlock'd

The attached file is the source of the reduced tescase that uses the same logic as LVM2 but away from all the rest of the library and stuff.

Comment 8 PaX Team 2010-09-06 23:36:35 UTC

(In reply to comment #7)
>  - I can reproduce the problem if I enable SEGMEXEC, it goes away if I disable
> SEGMEXEC and leave just PAGEEXEC;
>  - when SEGMEXEC there are _two_ executable mappings per ELF file loaded in
> memory;
>  - the second mapping seems to always be _after_ the stack;
>  - that second mapping is the one that cannot be mlock'd

the basis for SEGMEXEC is called vma mirroring, see http://pax.grsecurity.net/docs/vmmirror.txt for the gory details. the problem you're seeing is due to PaX explicitly denying mlock requests on the mirror regions, i'll see if i can relax it.

PS: how about you guys CC me on PaX related issues vs. me having to find about them from 3rd parties? i wouldn't be complaining if this was the first time only...

Comment 9 PaX Team 2012-07-28 23:55:45 UTC

the latest grsec/pax patches should fix this for real now.

Comment 10 MCassaniti 2013-02-04 04:19:57 UTC

This issue is occurring on my PandaBoard (armv7a_hardfp) with a hardened kernel. The appropriate kernel options are:

Enforce non-executable pages
Paging based non-executable pages
Restrict mprotect()

Kernel version is Linux-3.3.6-hardened (i.e.: hardened-sources-3.6.6)

Comment 11 PaX Team 2013-02-04 12:34:22 UTC

(In reply to comment #10)
> This issue is occurring on my PandaBoard (armv7a_hardfp) with a hardened
> kernel. The appropriate kernel options are:
> 
> Enforce non-executable pages
> Paging based non-executable pages
> Restrict mprotect()
> 
> Kernel version is Linux-3.3.6-hardened (i.e.: hardened-sources-3.6.6)

this bug was about an i386 specific problem, so please open a new bug for this. also 3.3 (or 3.6) is not a supported kernel version, try 3.2 or 3.7 at least and post more details.

Comment 12 Alex Brandt (RETIRED) gentoo-dev

2014-08-30 21:26:47 UTC

With the addition of the grsec/pax patches, is this issue solved?  It's been sitting in confirmed for some time now without resolution.  I can go ahead and close this if it's appropriate but I don't see anything confirming the fix.