Allocation of JIT memory failed …

  • Hello All,

    I provide hosting for a number of WordPress websites on a CentOS server with the following config.

    CentOS Linux 7.9.2009
    Plesk Obsidian Version 18.0.47
    PHP 7.43
    mySQL 5.5.68-1.el7

    For server security I have Atomic Secured Linux (Atomic Protector) installed that provides Firewall and OSSEC security (full version, not Plesk extension)

    For quite some time, ASL has been reporting the following error code hundreds of times a day …

    60027 : Denied a RWX mmap event. An application just attempted to use the mprotect function to bypass memory protection functions in the kernel.

    I have contacted Atomic support several times over this issue but the problem is not with their software, it is doing what it is supposed to do. ASL uses their own custom kernel that would deny attempts to bypass memory protection.

    So, digging a little deeper, I find this in my server logs at:

    /var/log/plesk-php74-fpm/error.log

    WARNING: [pool xxxxxxxxx.ca] child 23848 said into stderr: “PHP message: PHP Warning: preg_match(): Allocation of JIT memory failed, PCRE JIT will be disabled. This is likely caused by security restrictions. Either grant PHP permission to allocate executable memory, or set pcre.jit=0 in /var/www/vhosts/xxxxxxxxx.ca/httpdocs/wp-includes/load.php on line 43”

    So, every time any of the domains on my server loads, this error is generated.

    Looking at the file wp-includes/load.php, here is the errant code ((note lines 42 and 43 as marked)

    function wp_fix_server_vars() {
	global $PHP_SELF;

	$default_server_values = array(
		'SERVER_SOFTWARE' => '',
		'REQUEST_URI'     => '',
	);

	$_SERVER = array_merge( $default_server_values, $_SERVER );

Line 42	// Fix for IIS when running with PHP ISAPI.
Line 43	if ( empty( $_SERVER['REQUEST_URI'] ) || ( 'cgi-fcgi' !== PHP_SAPI && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {

		if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
			// IIS Mod-Rewrite.
			$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
		} elseif ( isset( $_SERVER['HTTP_X_REWRITE_URL'] ) ) {
			// IIS Isapi_Rewrite.
			$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
		} else {
			// Use ORIG_PATH_INFO if there is no PATH_INFO.
			if ( ! isset( $_SERVER['PATH_INFO'] ) && isset( $_SERVER['ORIG_PATH_INFO'] ) ) {
				$_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
			}

			// Some IIS + PHP configurations put the script-name in the path-info (no need to append it twice).
			if ( isset( $_SERVER['PATH_INFO'] ) ) {
				if ( $_SERVER['PATH_INFO'] == $_SERVER['SCRIPT_NAME'] ) {
					$_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
				} else {
					$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
				}
			}

			// Append the query string if it exists and isn't null.
			if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
				$_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
			}
		}
	}

    Now, looking into the recommended fix of setting pcre.jit=0 in php.ini reveals that this isn’t actually fixing the issue, it only masks the issue.

    Can this be fixed at the source of the issue on line 43 of load.php?

    Thanks,
    Peter

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Allocation of JIT memory failed …’ is closed to new replies.