[wp-trac] [WordPress Trac] #57050: Allocation of JIT memory failed …
WordPress Trac
noreply at wordpress.org
Wed Nov 9 21:19:13 UTC 2022
#57050: Allocation of JIT memory failed …
----------------------------+------------------------------
Reporter: petroski | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bootstrap/Load | Version: 3.0
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Changes (by costdev):
* keywords: changes-requested =>
* focuses: coding-standards =>
* component: Security => Bootstrap/Load
* version: 6.1 => 3.0
Old description:
> Hello All,
>
> I provide hosting for a number of WordPress websites on a CentOS server
> with the following config.
>
> CentOS Linux 7.9.2009
> Plesk Obsidian Version 18.0.47
> PHP 7.43
> mySQL 5.5.68-1.el7
>
> For server security I have Atomic Secured Linux (Atomic Protector)
> installed that provides Firewall and OSSEC security (full version, not
> Plesk extension)
>
> For quite some time, ASL has been reporting the following error code
> hundreds of times a day …
>
> 60027 : Denied a RWX mmap event. An application just attempted to use the
> mprotect function to bypass memory protection functions in the kernel.
>
> I have contacted Atomic support several times over this issue but the
> problem is not with their software, it is doing what it is supposed to
> do. ASL uses their own custom kernel that would deny attempts to bypass
> memory protection.
>
> So, digging a little deeper, I find this in my server logs at:
>
> /var/log/plesk-php74-fpm/error.log
>
> WARNING: [pool xxxxxxxxx.ca] child 23848 said into stderr: “PHP message:
> PHP Warning: preg_match(): Allocation of JIT memory failed, PCRE JIT will
> be disabled. This is likely caused by security restrictions. Either grant
> PHP permission to allocate executable memory, or set pcre.jit=0 in
> /var/www/vhosts/xxxxxxxxx.ca/httpdocs/wp-includes/load.php on line 43”
>
> So, every time any of the domains on my server loads, this error is
> generated.
>
> Looking at the file wp-includes/load.php, here is the errant code ((note
> lines 42 and 43 as marked)
>
> function wp_fix_server_vars() {
> global $PHP_SELF;
>
> $default_server_values = array(
> 'SERVER_SOFTWARE' => '',
> 'REQUEST_URI' => '',
> );
>
> $_SERVER = array_merge( $default_server_values, $_SERVER );
>
> Line 42 // Fix for IIS when running with PHP ISAPI.
> Line 43 if ( empty( $_SERVER['REQUEST_URI'] ) || ( 'cgi-fcgi' !==
> PHP_SAPI && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE']
> ) ) ) {
>
> if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
> // IIS Mod-Rewrite.
> $_SERVER['REQUEST_URI'] =
> $_SERVER['HTTP_X_ORIGINAL_URL'];
> } elseif ( isset( $_SERVER['HTTP_X_REWRITE_URL'] ) ) {
> // IIS Isapi_Rewrite.
> $_SERVER['REQUEST_URI'] =
> $_SERVER['HTTP_X_REWRITE_URL'];
> } else {
> // Use ORIG_PATH_INFO if there is no PATH_INFO.
> if ( ! isset( $_SERVER['PATH_INFO'] ) && isset(
> $_SERVER['ORIG_PATH_INFO'] ) ) {
> $_SERVER['PATH_INFO'] =
> $_SERVER['ORIG_PATH_INFO'];
> }
>
> // Some IIS + PHP configurations put the script-
> name in the path-info (no need to append it twice).
> if ( isset( $_SERVER['PATH_INFO'] ) ) {
> if ( $_SERVER['PATH_INFO'] ==
> $_SERVER['SCRIPT_NAME'] ) {
> $_SERVER['REQUEST_URI'] =
> $_SERVER['PATH_INFO'];
> } else {
> $_SERVER['REQUEST_URI'] =
> $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
> }
> }
>
> // Append the query string if it exists and isn't
> null.
> if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
> $_SERVER['REQUEST_URI'] .= '?' .
> $_SERVER['QUERY_STRING'];
> }
> }
New description:
Hello All,
I provide hosting for a number of WordPress websites on a CentOS server
with the following config.
CentOS Linux 7.9.2009
Plesk Obsidian Version 18.0.47
PHP 7.43
mySQL 5.5.68-1.el7
For server security I have Atomic Secured Linux (Atomic Protector)
installed that provides Firewall and OSSEC security (full version, not
Plesk extension)
For quite some time, ASL has been reporting the following error code
hundreds of times a day …
60027 : Denied a RWX mmap event. An application just attempted to use
the mprotect function to bypass memory protection functions in the kernel.
I have contacted Atomic support several times over this issue but the
problem is not with their software, it is doing what it is supposed to do.
ASL uses their own custom kernel that would deny attempts to bypass memory
protection.
So, digging a little deeper, I find this in my server logs at `/var/log
/plesk-php74-fpm/error.log`:
WARNING: [pool xxxxxxxxx.ca] child 23848 said into stderr: “PHP message:
PHP Warning: preg_match(): Allocation of JIT memory failed, PCRE JIT will
be disabled. This is likely caused by security restrictions. Either grant
PHP permission to allocate executable memory, or set pcre.jit=0 in
/var/www/vhosts/xxxxxxxxx.ca/httpdocs/wp-includes/load.php on line 43”
So, every time any of the domains on my server loads, this error is
generated.
Looking at `wp_fix_server_vars()` in [https://github.com/WordPress
/wordpress-develop/blob/trunk/src/wp-includes/load.php#L42-L43 wp-
includes/load.php], here is the errant code at lines 42-43:
{{{#!php
<?php
// Fix for IIS when running with PHP ISAPI.
if ( empty( $_SERVER['REQUEST_URI'] ) || ( 'cgi-fcgi' !== PHP_SAPI &&
preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {
}}}
--
Comment:
Thanks for the ticket @petroski!
Just cleaning up some ticket properties and noting that this
`preg_match()` call has existed since WordPress 3.0 in changeset [12732].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57050#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list