Todo #12004
closed
Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems
100%
Description
Currently, PHP crashes on multi-core 32-bit ARM systems (SG-3100) with certain PCRE calls, as documented on #11466, #11605, and #11551.
Disabling PCRE JIT works around the crashes, but is not a permanent solution to the problem.
The attached patch disables PCRE JIT and can be applied to affected systems using the System Patches package to work around the problem until a proper long-term fix is identified.
I have already committed a variation of the patch which specifically disables JIT only on multi-core 32-bit ARM systems, this issue is for tracking and so it can be shown in release notes.
When using the System Patches package to apply the fix, use the direct URL to download the patch file: https://redmine.pfsense.org/attachments/download/3715/patch-disable-pcrejit-arm.diff . After fetching and applying the patch, reboot the unit.
Files
Related issues
Updated by Jim Pingle almost 3 years ago
- Description updated (diff)
- % Done changed from 0 to 100
Updated by Jim Pingle almost 3 years ago
- Related to Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions added
Updated by Jim Pingle almost 3 years ago
Packages and other scripts could use ini_set("pcre.jit", "0"); to disable PCRE JIT on systems without the patch to avoid the problem on unpatched systems until the next update.
Updated by Steve Wheeler over 2 years ago
Testing against the current 21.09 snapshot the disable-pcrejit patch is no longer required.
21.09-DEVELOPMENT (arm) built on Thu Jul 22 01:10:26 EDT 2021 FreeBSD 12.2-STABLE
That patch is in that snapshot but after reverting it the following test code returns successfully.
$rule1 = 'alert ( msg:"DECODE_NOT_IPV4_DGRAM"; sid:1; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode;)';
$matches = array();
if (preg_match('/\bmsg\s*:\s*"(.+?)"\s*;/i', $rule1, $matches))
$msg = trim($matches[1]);
if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule1, $matches))
$sid = trim($matches[1]);
if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule1, $matches))
$gid = trim($matches[1]);
if (preg_match('/\brev\s*:\s*([^\;]+)/i', $rule1, $matches))
$rev = trim($matches[1]);
if (preg_match('/\bclasstype\s*:\s*([^\;]+)/i', $rule1, $matches))
$classtype = trim($matches[1]);
print $msg . "\n";
print $sid . "\n";
print $gid . "\n";
print $rev . "\n";
print $classtype . "\n";
That code coredumps PHP in 21.05 without the patch.
Updated by Jim Pingle over 2 years ago
I reverted the relevant commits since this is no longer necessary.
Updated by Jim Pingle over 2 years ago
- Target version changed from 64 to 21.05.1