CON6083 Yznaga CON6083 SSM and Oracle DB

OpenWorld
2015
Silicon Secured Memory in SPARC
Unparalleled Security and Performance
for Oracle Database

October 25-29, 2015

San Francisco
Anthony Yznaga
Principal So@ware Engineer
Solaris PlaDorm Engineering

Ravi Thammaiah
Director of Development
Database Systems Technology
October 29, 2015
Copyright 2015, Oracle and/or its aliates. All rights reserved. | Oracle CondenMal Internal/Restricted/Highly Restricted
Copyright 2015, Oracle and/or its aliates. All rights reserved. |
Safe Harbor Statement

The following is intended to outline our general product direcMon. It is intended for
informaMon purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or funcMonality, and should not be relied upon
in making purchasing decisions. The development, release, and Mming of any features or
funcMonality described for Oracles products remains at the sole discreMon of Oracle.
Program Agenda
1
What is Silicon Secured Memory?
How does it work?
Solaris ApplicaMon Support
Oracle Database Architecture
Oracle Database and Silicon Secured Memory
Program Agenda
1
How does it work?

One of the So@ware in Silicon features of the Oracle SPARC M7 processor
Hardware capability for detecMng common memory access errors
Buer overruns, use a@er free errors, stale pointer errors
Improves applicaMon reliability and security

Fast, no instrumentaMon of code
Errors can be caught in produc>on code with low impact on performance
Run more tests, faster, to nd and x more bugs before product release
Can remain acMve in producMon environments for ongoing protec>on
Find more potenMal a\ack vectors before release
Catch potenMal a\ack vectors a@er release
Program Agenda
1
How does it work?
How does Silicon Secured Memory work?

M7
Memory & Caches

version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
Pointers
version
address
version
address
Associate a pointer with the

object it points to with a 4 bit
version number
Store a version with every 64 bytes
of data
Replace the top bits of a 64-bit
pointer with a version
Hardware validates each memory

access by comparing the pointer
version with the in-memory
version
How does Silicon Secured Memory work?

M7
Memory & Caches

version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
version
64Bytes
Pointers
version
address
Hardware throws a trap if a

mismatch is detected
Precise trap for loads
FaulMng PC, memory address, and inmemory version available
DisrupMng trap for stores

version
address
Address of store instrucMon available

Can enable precise traps for stores at the
cost of performance
Solaris delivers a SEGV signal

Mismatch informaMon available to
applicaMon and debuggers
Program Agenda
1
How does it work?

Solaris support for SSM is known as ApplicaMon Data Integrity (ADI)
Support provided through a set of APIs, libraries, and enhanced
development tools
Can enable protecMon on heap memory and some forms of private and
shared memory
OpMons for enabling protecMon without recompiling
Only available to 64-bit applicaMons
Copyright 2015, Oracle and/or its aliates. All rights reserved. | Oracle CondenMal Internal/Restricted/Highly Restricted
12

Requirements
SPARC M7-based plaDorm

Solaris 11.3
APIs
libadimalloc
Oracle Solaris Studio 12.4

Discover tool
dbx


Solaris
libadimalloc
Drop-in replacement for the malloc(3C) family of funcMons
No recompile necessary
Link directly or load at run-Mme via LD_PRELOAD
Debugging and logging opMons available via environment variables

Turn ADI features on or o, for example.
See adimalloc_debug(3MALLOC)
Not suitable for some applicaMons

32-bit, custom memory allocator, etc..
See libadimalloc(3LIB)

Oracle Solaris Studio 12.4
Discover ADI
Enhancement of the Discover memory access checking toolset
Uses ADI for faster detecMon of heap memory violaMons
Collects and provides detailed informaMon to help resolve bugs found
ADI errors classied (buer overrun, use a@er free, etc)
AllocaMon and freed stack traces referencing source code
No recompile or code instrumentaMon

Use via discover tool or load at run-Mme via LD_PRELOAD
Drop-in replacement for the malloc(3C) family of funcMons
Less Mme spent in the edit-build-test development cycle


APIs
Updated system calls
New system calls
New libc func>ons
Enable / disable ADI for

regions of memory
Enable, disable, get

system characterisMcs
Get / set ADI versions,

get / set precise trapping
mode
mmap(MAP_ADI)
memcntl(MC_ENABLE_ADI,
MC_DISABLE_ADI)
ADI enabled or disabled

for an address?
meminfo(MEMINFO_VADI)

adi_set_enabled()
adi_get_enabled()
adi_version_max()
adi_version_nbits()
adi_blksz()
adi_set_version()
adi_get_version()
adi_clr_version()
adi_memset()
adi_set_precise()
adi_get_precise()


Virtual Memory
Supports SysV and BSD shared and non-shared memory

ISM: shmget()/shmat(SHM_SHARE_MMU)
OSM: shmget_osm()/shmat()
Anonymous private: mmap(MAP_ANON)
Anonymous shared: mmap(MAP_ANON|MAP_SHARED)
Supports paging and swapping

Versions are saved in memory on page-out and restored on page-in.

Future
Enable ADI on the stack

Detect stack buer overruns that corrupt funcMon call registers saved on the stack
Speedier diagnosis of bugs from subtle stack corrupMon
Prevent stack-based buer overrun a\acks, return-oriented programming
A\empt to alter saved funcMon registers (e.g. the return address) causes a SEGV
Enable ADI on memory backed by les

Use ADI with POSIX Shared Memory

Debugging
dbx support in Oracle Solaris Studio 12.4. Similar support in mdb.

Print detailed status for ADI excepMons, for live process and corele.
signal SEGV (ADI version 13 mismatch for VA 0x1234) in main at 0x5678
signal SEGV (ADI deferred mismatch from PC 0x1234) in main at 0x5678
signal SEGV (ADI disabled for VA 0x1234) in main at 0x5678
dbx adi examine and adi assign commands

pmap shows ranges with ADI enabled:
% pmap 9644
FFFFFFFF7D400000 24K rw---i
[ anon ]
Program Agenda with Highlight

1
How does it work?
Database Architecture
Database Architecture
MulM-process MulM-threaded Architecture
MulMple execuMon models
Dedicated Servers, Shared Servers, Pooled Servers
SPMT Single Process MulM Threaded, MPST MulM Process Single Threaded, MPMT MulM
Process MulM Threaded
CDB Pluggable Database
Memory
Shared memory
ASMM Automated Shared Memory Management
AMM Automated Memory Management
Process private memory
Database Memory Layout
Database Memory Architecture

SGA is allocated at startup and is of xed size
sga_target
PGA is dynamically allocated on demand and is of elasMc size

pga_aggregate_limit
Memory Manager
Controls allocaMons across various SGA and PGA pools
Heap Manager
Component memory allocaMons
Database Memory Usage

ASMM
Memory is transferred between components
Buer Cache to Shared Pool or vice versa
Shared Pool
Pools and Heaps
Sub heaps
AllocaMons
Fixed, variable, small, large
permanent, mark, free-able, recreate-able
Database ExecuMon
Hundreds of new features every release
Large binary
Trusted code
Database TesMng
Daily runs on test cloud
Stress and System tesMng
ConstrucMve and DestrucMve
Customer workloads
Memory debugging and proling tools
In-house, valgrind, forMfy
Memory CorrupMons
Memory Overwrites
Head or tail overwrites by n bytes
Stale Pointer CorrupMons

FMW
Stray Pointer
UniniMalized
Bad arithmeMc
OS, libraries, drivers and hardware bugs

Fencing issues
Database diagnosMcs
On errors, asserts and excepMons
Extensive tracing and diagnosMcs
Stack dumps
Memory dumps
Hardest
problem
Finding the PC/Source Line
Program Agenda with Highlight

1
How does it work?
Silicon Secured Memory in Oracle RDBMS

Oracle RDBMS uses SPARC ADI to protect shared memory (SGA)
Database treats an ADI error as an illegal memory access (ORA-7445)
Collects stack and memory traces before terminaMng the process
On by default for producMon databases

Available in 12.1.0.2 (BP10 and later)
Benets of Silicon Secured Memory

Catch memory corrupMons
Overwrites, Stray and Stale pointers
No performance degradaMon
On by default
Catch corrupMon at execuMon
Prevent corrupMon
Stores do not make it to memory
Save Cost and Time

Development
Support
Keep Learning with Oracle University
Classroom Training
Cloud
Learning SubscripMon
Technology
Live Virtual Class
ApplicaMons
Training On Demand
Industries
educa>on.oracle.com
Session Surveys
Help us help you!!
The organizing commi\ee would like to invite you to take a moment to
give us your session feedback. Your feedback will help us to improve your
conference.
Please be sure to add your feedback for your a\ended sessions by using
the Mobile Survey or in Schedule Builder.


CON6083 Yznaga CON6083 SSM and Oracle DB

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CON6083 Yznaga CON6083 SSM and Oracle DB

Transféré par

Droits d'auteur :

Formats disponibles

OpenWorld

October 25-29, 2015

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

Safe Harbor Statement

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

What is Silicon Secured Memory?

How does it work?

Solaris ApplicaMon Support

Oracle Database Architecture

Oracle Database and Silicon Secured Memory

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

What is Silicon Secured Memory?

How does it work?

Solaris ApplicaMon Support

Oracle Database Architecture

Oracle Database and Silicon Secured Memory

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

What is Silicon Secured Memory?

Improves applicaMon reliability and security

What is Silicon Secured Memory?

How does it work?

Solaris ApplicaMon Support

Oracle Database Architecture

Oracle Database and Silicon Secured Memory

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

How does Silicon Secured Memory work?

Associate a pointer with the

Hardware validates each memory

How does Silicon Secured Memory work?

Hardware throws a trap if a

DisrupMng trap for stores

Address of store instrucMon available

Solaris delivers a SEGV signal

What is Silicon Secured Memory?

How does it work?

Solaris ApplicaMon Support

Oracle Database Architecture

Oracle Database and Silicon Secured Memory

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

Solaris ApplicaMon Support

Solaris ApplicaMon Support

SPARC M7-based plaDorm

Oracle Solaris Studio 12.4

Solaris ApplicaMon Support

Debugging and logging opMons available via environment variables

Not suitable for some applicaMons

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

Solaris ApplicaMon Support

No recompile or code instrumentaMon

Less Mme spent in the edit-build-test development cycle

Solaris ApplicaMon Support

New system calls

New libc func>ons

Enable / disable ADI for

Enable, disable, get

Get / set ADI versions,

ADI enabled or disabled

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

Solaris ApplicaMon Support

Supports SysV and BSD shared and non-shared memory

Supports paging and swapping

Copyright 2015, Oracle and/or its aliates. All rights reserved. |

Solaris ApplicaMon Support