i386: vm.pmap kernel local race condition
Eugene Grosbein
eugen at grosbein.pp.ru
Thu Feb 14 13:55:32 UTC 2013
Hi!
I've got FreeBSD 8.3-STABLE/i386 server that can be reliably panicked
using just 'squid -k rotatelog' command. It seems the system suffers
from the problem described here:
http://cxsecurity.com/issue/WLB-2010090156
I could not find any FreeBSD Security Advisory containing a fix.
My server has 4G physical RAM (about 3.2G available) and runs
squid (about 110M VSS) with 500 ntlm_auth subprocesses.
Lesser number of ntlm_auth sometimes results in squid crash
as it sometimes has several hundreds requests per second to authorize
and is intolerant to exhaustion of free ntlm_auth.
"squid -k rotatelog" at midnight results in crash:
Feb 14 00:03:00 irl savecore: reboot after panic: get_pv_entry: increase vm.pmap.shpgperproc
Feb 14 00:03:00 irl savecore: writing core to vmcore.1
Btw, I have coredump.
vm.pmap.shpgperproc has default value (200) here, as well as m.v_free_min,
vm.v_free_reserved, and vm.v_free_target and KVA_PAGES.
These crashes are pretty regular
# last|fgrep reboot
reboot ~ Thu Feb 14 00:03
reboot ~ Wed Feb 13 19:08
reboot ~ Wed Feb 13 10:40
reboot ~ Wed Feb 13 00:04
reboot ~ Tue Feb 12 00:09
reboot ~ Mon Feb 11 00:03
reboot ~ Sun Feb 10 00:03
reboot ~ Thu Feb 7 00:03
reboot ~ Wed Feb 6 10:52
reboot ~ Sun Feb 3 00:03
reboot ~ Sat Feb 2 00:03
May this be considered as security problem?
Can it be fixed without switch to amd64?
I have only remote access to this production server, no serial console.
Eugene Grosbein
More information about the freebsd-stable
mailing list