Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
LVM tools on hardened gentoo - mlock error
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Tue Aug 24, 2010 4:55 am    Post subject: LVM tools on hardened gentoo - mlock error Reply with quote

After installation of lvm2 on a hardened gentoo server, any lvm command causes this error list and does its function at the end.
Code:

# lvcreate -L10G -ntest  A
  7412b000-741dd000 r-xp 00000000 08:03 98631      /sbin/lvm: mlock failed: Invalid argument
  aba7a000-abbbf000 r-xp 00000000 08:03 90688      /lib/libc-2.11.2.so: mlock failed: Invalid argument
  abbc5000-abbcf000 r-xp 00000000 08:03 987368     /lib/libudev.so.0.6.1: mlock failed: Invalid argument
  abc06000-abc28000 r-xp 00000000 08:03 98632      /lib/libdevmapper.so.1.02: mlock failed: Invalid argument
  abc2b000-abc2f000 r-xp 00000000 08:03 98714      /lib/libdevmapper-event.so.1.02: mlock failed: Invalid argument
  abc3d000-abc5a000 r-xp 00000000 08:03 90905      /lib/ld-2.11.2.so: mlock failed: Invalid argument
  7412b000-741dd000 r-xp 00000000 08:03 98631      /sbin/lvm: munlock failed: Invalid argument
  aba7a000-abbbf000 r-xp 00000000 08:03 90688      /lib/libc-2.11.2.so: munlock failed: Invalid argument
  abbc5000-abbcf000 r-xp 00000000 08:03 987368     /lib/libudev.so.0.6.1: munlock failed: Invalid argument
  abc06000-abc28000 r-xp 00000000 08:03 98632      /lib/libdevmapper.so.1.02: munlock failed: Invalid argument
  abc2b000-abc2f000 r-xp 00000000 08:03 98714      /lib/libdevmapper-event.so.1.02: munlock failed: Invalid argument
  abc3d000-abc5a000 r-xp 00000000 08:03 90905      /lib/ld-2.11.2.so: munlock failed: Invalid argument
  Logical volume "test" created


This is the first time that I use lvm on hardened gentoo. It works with no problems on desktop profiles.

Any ideas?


Last edited by yzg on Thu Aug 26, 2010 1:37 am; edited 2 times in total
Back to top
View user's profile Send private message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Tue Aug 24, 2010 11:11 am    Post subject: Reply with quote

Updates:

1- I installed lvm on another gentoo hardened computer and I got the same error.

2- The error disappeared when I modified "use_mlockall" from the default "0" to "1" in /etc/lvm/lvm.conf file.
Code:

    # Set to 1 to revert to the default behaviour prior to version 2.02.62
    # which used mlockall() to pin the whole process's memory while activating
    # devices.
    use_mlockall = 1


3- On a third computer running gentoo desktop profile, "use_mlockall=0" does not cause the error.

Is this a bug or I'm missing something?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14159

PostPosted: Tue Aug 24, 2010 10:31 pm    Post subject: Reply with quote

I would consider it a bug, but it is not clear whether the problem is because lvm2 reacts badly to something in the hardened kernel or because the hardened kernel is malfunctioning. Have you enabled any features that change the format of text in /proc/self/maps?
Back to top
View user's profile Send private message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Tue Aug 24, 2010 11:44 pm    Post subject: Reply with quote

No I did not intentionally enable any feature which will change the format of text in /proc/self/maps.

What are these features? and to check if they changed?

I did not have much lately of opening bugs in gentoo. All the bugs that I reported did not even get a reply for six month!

So I want to find as much as I can before submitting a bug.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14159

PostPosted: Wed Aug 25, 2010 3:12 am    Post subject: Reply with quote

If I recall correctly, some of the PaX options add some extra information. Just take the maps file for a simple process like cat and compare it between the hardened and non-hardened kernels. Ignore the difference in virtual addresses. That part is expected.
Back to top
View user's profile Send private message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Wed Aug 25, 2010 10:04 am    Post subject: Reply with quote

On hardened computer:

Code:

~ # cat /proc/self/maps
13384000-1338e000 r-xp 00000000 08:03 810005     /bin/cat
1338e000-1338f000 r--p 00009000 08:03 810005     /bin/cat
1338f000-13390000 rw-p 0000a000 08:03 810005     /bin/cat
13390000-133bb000 rw-p 00000000 00:00 0          [heap]
50c31000-50c32000 rw-p 00000000 00:00 0
50c32000-50d77000 r-xp 00000000 08:03 890430     /lib/libc-2.11.2.so
50d77000-50d78000 ---p 00145000 08:03 890430     /lib/libc-2.11.2.so
50d78000-50d7a000 r--p 00145000 08:03 890430     /lib/libc-2.11.2.so
50d7a000-50d7b000 rw-p 00147000 08:03 890430     /lib/libc-2.11.2.so
50d7b000-50d7e000 rw-p 00000000 00:00 0
50d83000-50d84000 rw-p 00000000 00:00 0
50d84000-50d85000 r-xp 00000000 00:00 0          [vdso]
50d85000-50da2000 r-xp 00000000 08:03 888844     /lib/ld-2.11.2.so
50da2000-50da3000 r--p 0001c000 08:03 888844     /lib/ld-2.11.2.so
50da3000-50da4000 rw-p 0001d000 08:03 888844     /lib/ld-2.11.2.so
5fb7b000-5fb91000 rw-p 00000000 00:00 0          [stack]
73384000-7338e000 r-xp 00000000 08:03 810005     /bin/cat
b0c32000-b0d77000 r-xp 00000000 08:03 890430     /lib/libc-2.11.2.so
b0d84000-b0d85000 r-xp 00000000 00:00 0          [vdso]
b0d85000-b0da2000 r-xp 00000000 08:03 888844     /lib/ld-2.11.2.so


On non-hardened computer:
Code:

# cat /proc/self/maps
08048000-08050000 r-xp 00000000 08:03 261168     /bin/cat
08050000-08051000 r--p 00008000 08:03 261168     /bin/cat
08051000-08052000 rw-p 00009000 08:03 261168     /bin/cat
08052000-08073000 rw-p 00000000 00:00 0          [heap]
b74b7000-b76b7000 r--p 00000000 08:03 301606     /usr/lib/locale/locale-archive
b76b7000-b76b8000 rw-p 00000000 00:00 0
b76b8000-b77f8000 r-xp 00000000 08:03 106277     /lib/libc-2.11.2.so
b77f8000-b77fa000 r--p 0013f000 08:03 106277     /lib/libc-2.11.2.so
b77fa000-b77fb000 rw-p 00141000 08:03 106277     /lib/libc-2.11.2.so
b77fb000-b77fe000 rw-p 00000000 00:00 0
b781d000-b781e000 r--p 00e19000 08:03 301606     /usr/lib/locale/locale-archive
b781e000-b781f000 rw-p 00000000 00:00 0
b781f000-b783b000 r-xp 00000000 08:03 106270     /lib/ld-2.11.2.so
b783b000-b783c000 r--p 0001b000 08:03 106270     /lib/ld-2.11.2.so
b783c000-b783d000 rw-p 0001c000 08:03 106270     /lib/ld-2.11.2.so
bfc19000-bfc3a000 rw-p 00000000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14159

PostPosted: Wed Aug 25, 2010 10:42 pm    Post subject: Reply with quote

I see nothing obviously wrong with that output. If you can switch out kernels, please try a kernel with the hardened patches, but none of the optional hardened features. This will reduce the number of changes effective in the hardened kernel versus the regular one.
Back to top
View user's profile Send private message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Thu Aug 26, 2010 1:35 am    Post subject: Reply with quote

I will see how to do this on a spare computer.

I can not believe that no one saw this problem before.
Back to top
View user's profile Send private message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Fri Aug 27, 2010 12:26 am    Post subject: Reply with quote

Here the results:

I installed hardened kernel on a "desktop profile" computer using the computer's non hardened ".config".
It did not give the error. So it is NOT the hardened kernel patches and it is NOT LVM version because both are at
the same version sys-fs/lvm2-2.02.73.

Any suggestions?

desktop profile + hardened kernel:
Code:

# uname -r
2.6.32-hardened-r9
# pvcreate /dev/sdb8
  Physical volume "/dev/sdb8" successfully created
# vgcreate A /dev/sdb8
  Volume group "A" successfully created
# lvcreate -L10G -ntest A
  Logical volume "test" created
# emerge --info lvm2
Portage 2.1.8.3 (default/linux/x86/10.0/desktop, gcc-4.4.3, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.32-hardened-r9-i686-Intel-R-_Pentium-R-_D_CPU_3.20GHz-with-gentoo-1.12.13
Timestamp of tree: Thu, 26 Aug 2010 23:00:17 +0000
app-shells/bash:     4.0_p37
dev-java/java-config: 2.1.11
dev-lang/python:     2.6.5-r3, 3.1.2-r4
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.3-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="*"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config"                                                                                                                                                                   
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"                                                                                                       
CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer"                                                                                                                                                                     
DISTDIR="/opt/portage/distfiles"                                                                                                                                                                                             
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"                                                                               
GENTOO_MIRRORS="http://distfiles.gentoo.org"                                                                                                                                                                                 
LANG="en_GB"                                                                                                                                                                                                                 
LC_ALL="en_GB"                                                                                                                                                                                                               
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en_GB"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/opt/tmp"
PORTDIR="/opt/portage"
PORTDIR_OVERLAY="/opt/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa berkdb bluetooth branding bzip2 cairo cdr cli consolekit cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode exif extras fam firefox flac fortran gd gdbm ggi gif gpm graphics graphviz gtk hal iconv icu ieee1394 ipv6 java jpeg kde kerberos kpathsea latex lcms ldap libnotify lightning live mad mikmod mng modules mp3 mp4 mpeg mudflap multislot mysql ncurses nls nptl nptlonly ogg opengl openmp pam pango pcre pdf perl plotutils png ppds pppd pstricks publishers python qt qt3support qt4 rdesktop readline reflection samba science sdl session spell spl sql sqlite ssl startup-notification svg svgai sysfs tcpd threads tiff truetype unicode usb v4l v4l2 vorbis webkit wxwindows x264 x86 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa vga radeonhd radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

sys-fs/lvm2-2.02.73 was built with the following:
USE="lvm1 readline static -clvm (-cman) (-selinux)"




hardened profile:
Code:

# emerge --info lvm2
Portage 2.1.8.3 (hardened/linux/x86/10.0, gcc-4.3.4, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.32-hardened-r9-i686-Intel-R-_Xeon-R-_CPU_3050_@_2.13GHz-with-gentoo-1.12.13
Timestamp of tree: Tue, 24 Aug 2010 03:30:01 +0000
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.5-r2, 3.1.2-r3
dev-util/cmake:      2.6.4-r3
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.65
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
sys-devel/make:      3.81
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fforce-addr"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en_GB"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"                                                                                                                                                                                                     
PORTDIR="/usr/portage"                                                                                                                                                                                                       
SYNC="rsync://rsync.gentoo.org/gentoo-portage"                                                                                                                                                                               
USE="acl ads berkdb bzip2 cli cracklib crypt cups cxx dbus dri gdbm gpm hal hardened iconv kerberos ldap modules mudflap ncurses nptl nptlonly oav openmp pam pcre perl pic pppd python readline reflection samba session spl ssl sysfs tcpd threads urandom usb winbind x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1   emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m       maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="xgi sis vesa vga" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

=================================================================
                        Package Settings
=================================================================

sys-fs/lvm2-2.02.73 was built with the following:
USE="lvm1 readline static -clvm (-cman) (-selinux)"
Back to top
View user's profile Send private message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 472

PostPosted: Wed Sep 01, 2010 9:51 am    Post subject: Reply with quote

Submitted Bug https://bugs.gentoo.org/show_bug.cgi?id=335492
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum