Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 411521 - app-arch/zpaq-4.04 execution attempt in: <anonymous mapping>
Summary: app-arch/zpaq-4.04 execution attempt in: <anonymous mapping>
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michał Górny
Depends on:
Reported: 2012-04-10 21:31 UTC by Marcin Mirosław
Modified: 2016-07-03 14:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcin Mirosław 2012-04-10 21:31:57 UTC
[288680.068215] PAX: From 31.135.xx.xx: execution attempt in: <anonymous mapping>, 325515a6000-32557178000 325515a6000
[288680.068218] PAX: terminating task: /usr/bin/zpaq(zpaq):40061, uid/euid: 0/0, PC: 00000325515a6000, SP: 000003255815dbc8
[288680.068221] PAX: bytes at PC: e9 05 00 00 00 e9 e2 00 00 00 53 55 56 57 48 8b b7 50 08 00
[288680.068228] PAX: bytes at SP-8: 000003255815dda0 0000032559107a8e 0000000000f42400 b12163efac005e3f 0000000000001000 0000
0058013c64bb 000003255815dcd0 000003255815dd90 0000000000f42400 0000032559107ec6 0000000000001000

(gdb) bt
#0  0x00000325515a6000 in ?? ()
#1  0x0000032559107a8e in libzpaq::Encoder::compress(int) () from /usr/lib64/
#2  0x0000032559107ec6 in libzpaq::Compressor::postProcess(char const*, int) () from /usr/lib64/
#3  0x00000058013b4703 in compress (job=...) at /var/tmp/portage/app-arch/zpaq-4.04/work/zpaq.cpp:789
#4  0x00000058013b511a in thread (arg=0x58041eed20) at /var/tmp/portage/app-arch/zpaq-4.04/work/zpaq.cpp:900
#5  0x000003255878ec5c in start_thread (arg=0x32558179700) at pthread_create.c:301
#6  0x00000325584d59cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Comment 1 Marcin Mirosław 2012-04-10 21:33:09 UTC
# emerge --info
FEATURES variable contains unknown value(s): Xkeepwork, Xprofile, Xtest, profile-use
Portage 2.2.0_alpha100 (hardened/linux/amd64, gcc-4.5.3, glibc-2.13-r4, 3.3.1-hardened x86_64)
System uname: Linux-3.3.1-hardened-x86_64-Intel-R-_Core-TM-_i7_CPU_930_@_2.80GHz-with-gentoo-2.0.3
Timestamp of tree: Tue, 10 Apr 2012 21:00:01 +0000
ccache version 3.1.7 [enabled]
app-shells/bash:          4.2_p20
dev-lang/python:          2.7.2-r3, 3.2.2
dev-util/ccache:          3.1.7
dev-util/cmake:           2.8.6-r4
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.68
sys-devel/automake:       1.11.1
sys-devel/binutils:       2.21.1-r1
sys-devel/gcc:            4.5.3-r2
sys-devel/gcc-config:     1.5-r2
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc:           2.13-r4
Repositories: gentoo
Installed sets:
CFLAGS="-march=native -O0 -g -pipe"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O0 -g -pipe"
EMERGE_DEFAULT_OPTS=" --quiet-build=n"
FEATURES="Xkeepwork Xprofile Xtest assume-digests binpkg-logs ccache collision-protect distlocks ebuild-locks fail-clean fixlafiles news parallel-fetch preserve-libs profile-use protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="pl en"
MAKEOPTS="-j2 -l2"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="acpi amd64 apache2 bash-completion caps hardened idn iproute2 ipv6 mmap mmx mmxext modules multilib nls openmp openssl smp sse sse2 sse3 sse4 sse4a ssse3 syslog threads threadsafe unicode urandom vhosts vim-syntax xtpax" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon auth_digest authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user cache cgid dav dav_fs dav_lock dir env expires ext_filter filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif status unique_id usertrack vhost_alias" APACHE2_MPMS="prefork" ELIBC="glibc" KERNEL="linux" LINGUAS="pl en" NGINX_MODULES_HTTP="access browser charset gzip map limit_zone proxy rewrite stub_status" PHP_TARGETS="php5-3" USERLAND="GNU" XTABLES_ADDONS="geoip ipset6 psd sysrq tarpit"
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2012-04-11 07:18:28 UTC
I'll probably just add USE=jit for it.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2012-04-11 19:05:52 UTC
Ok, libzpaq now has USE=jit. I dunno how to handle Hardened issues, I guess either package has to get some special powers or they could just mask libzpaq[jit] in Hardened profile.
Comment 4 Magnus Granberg gentoo-dev 2013-01-12 16:41:39 UTC
Marcin did it work with the jit flag of?
Comment 5 Marcin Mirosław 2013-01-12 17:31:30 UTC
Yes, zpaq (libzpaq) with "-jit" works on hardened system.
Comment 6 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-05-24 09:51:56 UTC
Could someone retry with the current 7.* version, and see if pax-marking helps?
Comment 7 Marcin Mirosław 2016-05-24 10:32:10 UTC
(In reply to Michał Górny from comment #6)
> Could someone retry with the current 7.* version, and see if pax-marking
> helps?

Yes, someone can retry;)
It works almost good. On hardened kernel, using lipzpaq[-jit] it looks that works correctly:
(readding the same file):
$ zpaq add test  /usr/portage/distfiles/mysql-5.6.30.tar.gz 
zpaq v7.04 journaling archiver, compiled May 24 2016
test.zpaq: 4 versions, 1 files, 484 fragments, 30.829637 MB
Adding 0.000000 MB in 0 files -method 14 -threads 4 at 2016-05-24 10:28:13.
0 +added, 0 -removed.

30.829637 + (0.000000 -> 0.000000 -> 0.000104) = 30.829741 MB
0.035 seconds (all OK)

When libzpaq is compiled with USE=jit then I'm getting:
$ zpaq add test  /usr/portage/distfiles/mysql-5.6.30.tar.gz 
zpaq v7.04 journaling archiver, compiled May 24 2016
test.zpaq: Skipping block at 30827124: allocx failed
5 versions, 0 files, 484 fragments, 30.829741 MB
Adding 32.223818 MB in 1 files -method 14 -threads 4 at 2016-05-24 10:31:29.
100.00% 0:00:00 + /usr/portage/distfiles/mysql-5.6.30.tar.gz 32223818 -> 0
1 +added, 0 -removed.

30.829741 + (32.223818 -> 0.000000 -> 0.002513) = 30.832254 MB
0.871 seconds (with errors)

and kernel throws:
2016-05-24T12:31:29.852459+02:00 jowisz kernel: [432572.787418] grsec: From 194.zz.xx.yy: denied RWX mmap of <anonymous mapping> by /usr/bin/zpaq[zpaq:19569] uid/euid:1000/1000 gid/egid:1000/1000, parent /b
in/bash[bash:14229] uid/euid:1000/1000 gid/egid:1000/1000
Comment 8 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-05-24 11:18:56 UTC
Could you try to play a bit with PaX flags to see which ones make jit work?
Comment 9 Marcin Mirosław 2016-05-24 11:57:57 UTC
With "-m disable  MPROTECT" on /usr/bin/zpaq zpaq works with app-arch/libzpaq[jit]
Comment 10 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-07-03 13:30:56 UTC
commit 2c9e3ae1f1afaf8eefb25ed43ba4a077eab3d92f
Author:     Michał Górny <>
AuthorDate: Sun Jul 3 15:27:43 2016
Commit:     Michał Górny <>
CommitDate: Sun Jul 3 15:29:24 2016

    app-arch/zpaq: Fix Hardened w/ USE=jit, #411521

Should be fixed now (in 7.13-r1).
Comment 11 Marcin Mirosław 2016-07-03 14:27:24 UTC
Thank you.