Bug 342425

This is on an x86 hardened system (a Pentium III that serves as a routing firewall, and has only 128 MiB of RAM, of which 24 are typically in use).

I don't know if this is a bug, misconfiguration on my part, or merely a symptom of the small amount of RAM in this machine.  It's a new problem on a machine that's been running fine as configured for years.  I also apologize if I've incorrectly attributed it to dev-libs/ppl.

While updating ppl, upon reaching this line of the build:

-------------------------------------------------------------------
libtool: compile:  i686-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../.. -I../../interfaces -I../../interfaces/C -I../../src -frounding-math -O2 -march=pentium3 -pipe -fomit-frame-pointer -W -Wall -MT ppl_c_Octagonal_Shape_mpq_class.lo -MD -MP -MF .deps/ppl_c_Octagonal_Shape_mpq_class.Tpo -c ppl_c_Octagonal_Shape_mpq_class.cc -o ppl_c_Octagonal_Shape_mpq_class.o >/dev/null 2>&1
-------------------------------------------------------------------------

the compilation seemed to hang (in fact, after numerous attempts, and even adding another 64 MiB of RAM to the system, that line did complete, after an hour or two or grinding on it, and the compilation of the rest of the library seems to be proceeding at a crawl).

Checking logs, I discovered a series of resource overstep denials in my grsec log that appear to be related (occurred at about the same time).  The commands appear to have been 'conftest' trying to set various resource limits.  The RLIMIT_DATA and RLIMIT_AS do not appear to match the output of 'ulimit', so I'm beyond my understanding as to where these are being set and why they are binding constraints here.  I'm wondering if this is what is slowing the compilation process to such a degree.  The machine is swapping, but it's not maxed out its swap space, so I'm thinking it's not just a lack of RAM (also, I've not seen this happen before).

Perhaps there is a compile-time option for libtool or a related component that is by default set to a percentage of the available RAM, and I need to set it manually?  Or are the rlimits improperly set somehow by the ebuild?  I know there's not much RAM in the machine, but it's been working flawlessly as currently configured for two years, including regular updates.

These are the grsec log entries:
--------------------------------------------------------------------------
Oct 24 02:40:05 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:9615] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:9614] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:25 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:10113] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:10112] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:47 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 151896 for RLIMIT_DATA against limit 10000 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:10937] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:10936] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:47 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 3993600 for RLIMIT_AS against limit 10000 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:10937] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:10936] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:47 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 5042176 for RLIMIT_AS against limit 10000 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:10937] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:10936] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:47 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 3993600 for RLIMIT_AS against limit 10000 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:10937] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:10936] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:47 twister kernel: grsec: From 192.168.0.24: denied resource overstep by requesting 5042176 for RLIMIT_AS against limit 10000 for /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/conftest[conftest:10937] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/dev-libs/ppl-0.10.2-r1/work/ppl-0.10.2/configure[configure:10936] uid/euid:0/0 gid/egid:0/0

Oct 24 02:40:47 twister kernel: grsec: more alerts, logging disabled for 10 seconds
----------------------------------------------------------------------------

These are the resource limits on the machine:
----------------------------------------------------------------------------
twister log # ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1376
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1376
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
-------------------------------------------------------------------------

Thank you.



Reproducible: Always

Steps to Reproduce:
1.  emerge -uavDN world (with the ppl update pending)


Actual Results:  
The emerge activities proceed normally, until reaching dev-libs/ppl (specifically, the production of object "ppl_c_Octagonal_Shape_mpq_class.o" (as indicated at the top of "Description" above).  At this point, compilation apparently slows to a crawl (literally taking about two hours to complete that object).

Also, at about the same time, a number of "resource overstep denials" were emitted by Grsec (as indicated above).



Expected Results:  
This machine has been running as currently configured for over two years, including processing updates regularly.  This is the first time this problem has been encountered.  So, I expected it to build as usual, without slowing to a crawl, and completely (it remains to be seen if the build of the library will complete, as it is still building, slowly, as I type this).



twister ~ # emerge --info
Portage 2.1.8.3 (hardened/linux/x86/10.0, gcc-4.3.4, glibc-2.11.2-r0, 2.6.32-hardened-r22 i686)
=================================================================
System uname: Linux-2.6.32-hardened-r22-i686-Pentium_III_-Coppermine-with-gentoo-1.12.13
Timestamp of tree: Sun, 24 Oct 2010 03:15:03 +0000
ccache version 2.4 [enabled]
app-shells/bash:     4.1_p7
dev-lang/python:     2.6.5-r3, 3.1.2-r4
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://ftp.gtlib.gatech.edu/pub/gentoo http://open-systems.ufl.edu/mirrors/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,--hash-style=gnu,-O1 -Wl,--as-needed"
LINGUAS="en_US en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="acl berkdb bzip2 caps cli cracklib crypt cxx dri gdbm gpm hardened iconv mmx modules mudflap ncurses nls nptl nptlonly openmp pam pcre perl pic python readline samba session sse ssl sysfs unicode urandom userlocales x86 xorg zlib" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en_US en" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="i810" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS