IBM Support

Oracle RAC/Linux cluster can potentially cause a server crash with Guardium STAP 8.2 [ Republished from May 2012]

Flashes (Alerts)


Abstract

Guardium Development have identified an issue with STAP 8.2 running in Oracle RAC/Linux which has a potential to cause a server crash.

[]Latest update:

This update is from September 23, 2014 to the document originally published in May, 2012.
The purpose of this update is to clarify:
[]
[]The code to address server crash is present in the original version of STAP v9 and in all subsequent revisions therefore all v9 STAP revisions (and future versions) are not exposed to this crash.
[]The recommendation regarding unix_domain_socket_marker to filter out unusable inter-cluster communication is relevant to all versions of STAP.
[][]

Content


The guard_tap.ini of every cluster node should be changed immediately to reduce the chances of a server failure to ‘very low’. There are two options to do this below - Manual Correction or Automatic Script

Tab navigation


The original manual method for changing the configuration is as follows.

It is recommended to perform both steps 1. and 2. below independently. The configuration change to the guard_tap.ini is important to filter out unusable inter cluster communication.

  1. Please make the following change in guard_tap.ini

    unix_domain_socket_marker=
    where value can be found in listener.ora in the IPC protocol definition

    Example 1:
    If the following is a description in the listener.ora

    LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=ORCL))))

    then change the following parameter accordingly
    unix_domain_socket_marker=ORCL

    Example 2:
    In the case where there is more than one IPC line in listener.orause a common denominator of all the key

    LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER))))
    LISTENER_SCAN1=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1))))
    LISTENER_SCAN2=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN2))))
    LISTENER_SCAN3=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN3))))

    Guardium uses a string search in the path so "LISTENER" will work for all 4 and should be used in this case:
    unix_domain_socket_marker=LISTENER


    run "/ktap/current/guard_ktap_stat get" and look for "khash entry count" - it shows the number of available entries in the hash (out of what was configured in guard_tap.ini, the default is 8K).
    • If the number of entries is less than 2024, stop stap until Oracle can be restarted or the server can be rebooted.
    • If the number of entries is more than 2024, restart stap so that the new configuration takes effect. (no need to bounce Oracle or reboot the system)

    Example 3:
    In the case where there is no common denominator create inspection engines with unix_domain_socket_marker
    corresponding to the specific IPC key(s). For example the guard_tap.ini may look similar to this example in the end :

    [DB_0]
    ...
    unix_domain_socket_marker=EXTPROC1522
    ...
    [DB_1]
    ...
    unix_domain_socket_marker=REGISTER
    ...
2. Please download from Fix Central and install the Linux installer corresponding to your flavour of Linux - revision 41382 or later for version 8.2.
The code to address server crash is present in the original version of STAP v9 and in all subsequent revisions therefore all v9 STAP revisions (and future versions) are not exposed to this crash.


Reboot your server at your earliest convenience after making the above changes.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.1;9.0;8.2;8.1;8.0.1;8.0","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
25 September 2022

UID

swg21596526

Page Feedback