Wednesday Sep 08, 2010

Oracle Solaris 10 Update 9: FMA Fixes

It's been a long time since my last blog on FMA - I've since moved into another technology area. Maybe someday I'll garner enough knowledge there to start blogging. In the meantime, with the release of Oracle Solaris 10 Update 9 today, I thought I'd reprise my "favorite FMA fixes" blog entry for this release. So here's my (thankfully short :) list of my favorites:

6627041 Add a PSN nv-pair to the authority portion of the FMRI scheme

This may be less exciting to the end users, but my top favorite. This fix includes the product serial number (PSN) into the FMA fault telemetry. It's a key piece of information to improve the Oracle Auto Service Request (ASR) program. With the PSN, the "Auto" part of ASR is sped up. Hmm...maybe this is exciting for customers - you'll get a faster turn around time on parts servicing.

6502086 DBU errors should be diagnosed as HV defect/fault
6502089 ferg.invalid errors should be diagnosed as a fault

These two CRs provide a level of diagnosis for firmware issues on the sun4v systems. The first covers an error that should not happen unless there's a bug in the hypervisor. The second warrants a little explanation. On CMT systems, FMA telemetry is sourced in the SP - the hardware error is collected in the SP, packaged into an ereport, and provided to Solaris. If the error bits collected can't be mapped to a defined ereport, a "ferg.invalid" ereport is produced. Basically saying "There's been an error, but can't determine what kind". This shouldn't happen outside the lab. If it does, it indicates a logic flaw in the firmware on the SP.

6764337 Needs level 2 FMA compliance for chipset 5100 MCH
6889350 fma fails if DIMM sizes are mixed

A couple of fixes for various Intel configurations. The first enhancing FMA support to include another memory controller chipset. Oracle's CP3250 blades use the 5100 chipset. The second here fixes up a bug - the bug description is self explanatory.

6860401 FMA CPU Topology & Memory Topology needs to support Magny Cours(Multi chip Module)
6812502 Enable Generic-AMD FMA memory topology for Istanbul

These fixes enable CPU and memory diagnosis for the more recent AMD processor offerings. Beyond the typical changes of new model numbers, these processors have a more interesting topology with multiple processing nodes within a single package. Solaris 10 Update 9 understands these chips and creates the correct topology to support FMA diagnosis.


Thursday Jun 17, 2010

SPARC and Oracle Solaris

A new whitepaper discussing how Oracle Solaris has been highly optimized for the SPARC processor family has just been posted. Nice read, check it out.


Thursday Mar 25, 2010

skipfish on OpenSolaris

There's been several articles about skipfish, a web application recon tool from Google. Ignoring the documentation that called for glibc to be present, I tried the compile anyway. Aside from environment variable adjustments and an include file or two, the primary obstacle is the use of glibc's malloc_usable_size() - its primary apparent usage is to assist in zeroing out malloc'd memory.

I'd done some testing with pulling out malloc_usable_size and the tool would run, but bail when writing out final results (see the comments). I've since went the route of modifying skipfish to use Doug Lea's malloc library, which includes an implementation of malloc_usable_size(). And that's been working great.

initial allocations). I've uploaded a patch for the necessary changes. The patch is based on v1.26b of skipfish.

The basic steps:

Ensure you have the IDN library installed $ pkg list |grep idn library/idnkit ( 0.5.11-0.134 installed ----- library/libidn ( 1.9-0.134 installed ----- Download and unpack skipfish Copy the patch into the unpacked skipfish directory. $ cd skipfish $ patch -p1 < skipfish.1.26b.solaris.dmalloc.patch patching file alloc-inl.h patching file dlmalloc.c patching file dlmalloc.h patching file Makefile patching file report.c $ CC="/usr/bin/gcc" CFLAGS="-I/usr/include/idn -DUSE_LOCKS" \\ LIBS="-lsocket -lnsl -lpthread" make

From there, read the skipfish wiki for details on running the tool. Also check out the known issues. The item I hit immediately was not having a terminal size of at least 100x35. Things run fine, but the output to the terminal can get munged at smaller sizes.

If you do any testing of skipfish running on OpenSolaris, let me know how it goes. May look at getting this into the SourceJuicer. And by the way, I'm not a web-security expert. While I'm happy to (try to) answer questions about why skipfish may not compile on OpenSolaris, I cannot answer questions about the results the tool returns.





« April 2014