[grsec] The 2.4.27 and onwards SMP? freezes

[Johan Martensson]

Hi all,

some of our boxes suffers random lockups. The problem could be the same as
this one : http://forums.grsecurity.net/viewtopic.php?t=1179.

Any help or suggestions are most welcome.

What I know:

2.4.26 with grsecurity is rock solid. 2.4.27 and up to 2.4.30 (we haven't
tested 2.4.31) with grsesurity is not. We only experience freezes on a few
machines though (most of them webservers). The machines that hang most
frequently are the production webservers. They certainly don't do the most
work but maybe the chaotic nature of the Internet is playing it's role.

The kernel config is the one andutt posted in the forum thread above.
Basically SMP,grsecurity without pax features. grsec uses sysctl and the
hang appears without enabling the acl system or any sysctl controlled
options.

The machines are completely locked up. Not even magic-sysrq works. I've
enabled spinlock debugging and nmi-watchdog on a couple of the machines
today but I don't expect a freeze for some days yet.

I din't think that the problem was related to grsecurity but the forum
thread indicates that there is a grsec related freeze (i.e. grsec patch
from 2.4.26 with kernel 2.4.28 is stable according to the poster).

What I would need help with:

A patch from Brad that fixes the problem:).

Suggestions for recreating the hang. For us it only occurs on some servers
and even the affected servers can run fine for days or weeks.

I'd also be interested in a forward ported 2.4.26 grsec patch. Maybe it's
really easy to do it but just in case someone has it laying around. I'd
like to try wether the problem goes away when using the 2.4.26 grsec
patch.

So, Brad and others, any suggestions?

BTW, I've been away from grsecurity for almost a year, hence this rather
late problem report...

Regards,
 Johan