Subscribe: Mandalika's scratchpad
http://technopark02.blogspot.com/feeds/posts/default
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
>>> record  >>>  configuration  list  memory  oracle  osc setcoremem  osc  record  setcoremem  solaris  supercluster  system 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Mandalika's scratchpad

Mandalika's scratchpad



Share



Updated: 2018-04-12T02:15:31.491-07:00

 



Solaris 11.4: Brief Introduction to Solaris Analytics

2018-03-25T18:49:34.742-07:00

This is something I can take some credit for even though I haven't contributed in any significant way other than filing a timely enhancement request. :-) Overview On a high level: Solaris has quite a few observability and diagnostic tools and utilities such as vmstat, mprstat, iostat, prstat, pgstat, lockstat, dtrace to observe and diagnose CPU/Core/memory/disk IO/network utilization, locks, busy processes and threads, interrupts and so on. However except for power users, majority of normal users and application & system administrators are not much familiar with those tools, or savvy enough to read man pages and documentation to figure the best ways to extract diagnostic or performance data/information that they want or need (this is likely the case across all operating environments not just Solaris). Solaris 11.4 attempts to improve the usability of these tools and utilities by providing an interactive browser user interface (BUI) called "Oracle Solaris Analytics". Solaris Analytics gather event information and data samples from a variety of system & application sources. Consolidated view of the statistics, faults and administrative change requests are presented in a simple easy-to-digest manner. Users will be guided through health and performance analysis to diagnose problems. Ultimately OS users, application and system administrators benefit with the visual representation of performance and diagnostic data, and system events. For instance, with the help of Solaris Analytics users will be able to view historical information about system performance, contrast it with current performance, and correlate statistics and events from multiple sources. Check Using Oracle Solaris 11.4 Analytics for more information and details. Accessing the Analytics BUI Analytics services are enabled by default, and the Solaris Web UI can be accessed on ports 443 and 6787. Access Analytics BUI at https://:/solaris/ where "s11.4host" is the hostname of the system running Solaris 11.4 and port=[443|6787]. Log in as any Solaris user that is configured to log into "s11.4host". Those who are familiar with the Oracle ZFS Storage Appliance BUI may find some similarities between these two browser interfaces. Troubleshooting: Unable to access Analytics BUI? Make sure that: webui-server package was installed on target host pkg list webui-server svc:/system/webui/server:default and svc:/system/sstore:default services are online svcs webui/server sstore Screenshots Note that the system is almost idle to show any interesting data. Click on each image to see the image in original size. Default Dashboard Home Available Views Sample View - SMF Services [...]



Steps to Upgrade from Solaris 11.3 to 11.4 Beta

2018-02-27T18:37:04.860-08:00

Recently I updated one of our lab systems running Solaris 11.3 SRU 16 to Solaris 11.4 beta. Just wanted to share my experience along with the steps I ran and the outputs/stdout/stderr messages that I captured. I followed Updating Your Operating System to Oracle Solaris 11.4 document in Solaris 11.4 documentation library and the instructions worked flawlessly without a hitch. My target system has one non-global zone running, and it took a little over one hour to complete the upgrade from start to finish. I recommend setting at least couple of hours aside for this upgrade as various factors such as the current Solaris 11.3 SRU, number of non-global zones running, and how Solaris 11.4 Beta packages are being accessed have a direct impact on the overall time it takes to complete the upgrade exercise. Step 1: Prepare the System for Upgrade Oracle recommends that the target system is at least at Solaris 11.3 SRU 23 level for the upgrade to succeed so the first step is to make sure that the system is running Solaris 11.3 SRU 23 or later. eg., # pkg info entire | grep -i branch Branch: 0.175.3.16.0.3.0 The above output indicates that my lab system is running Solaris 11.3 SRU 16 - so, I have no choice but to upgrade 11.3 SRU first. Those with systems already at 11.3 SRU 23 or later can skip to Step 2: Get access to Solaris 11.4 Beta packages. Following listing indicates that existing/configured publishers allow me to upgrade 11.3 to the latest SRU (which is 29). # pkg list -af entire@0.5.11-0.175.3NAME (PUBLISHER) VERSION IFOentire (solaris) 0.5.11-0.175.3.29.0.5.0 ---entire (solaris) 0.5.11-0.175.3.28.0.4.0 ---... An attempt to update my system to the latest SRU met with a failure. # pkg update --be-name s11.3.sru29 pkg:/entire@0.5.11-0.175.3.29.0.5.0 Packages to remove: 37 Packages to install: 12 Packages to update: 510 Create boot environment: YesCreate backup boot environment: NoPlanning linked: 0/1 done; 1 working: zone:some-ngzLinked progress: /pkg: update failed (linked image exception(s)):A 'sync-linked' operation failed for child 'zone:some-ngz' with an unexpected return value of 1 and generated the following output:pkg sync-linked: One or more client key and certificate files have expired. Please update the configuration for the publishers or origins listed below:Publisher: solarisstudio Origin URI: https://pkg.oracle.com/solarisstudio/release/ ... Root cause of this failure is that a seperate repo for Solaris Studio has been configured in the non-global zone. Fixed it by removing associated publisher from the non-global zone. root@some-ngz:~# pkg publisherPUBLISHER TYPE STATUS P LOCATIONsolaris (syspub) origin online T solarisstudio (syspub) origin online T solarisstudio (syspub) origin online F https://pkg.oracle.com/solarisstudio/release/root@some-ngz:~# pkg set-publisher -G https://pkg.oracle.com/solarisstudio/release/ solarisstudio SRU update has no problem afterward. # pkg update --be-name s11.3.sru29 pkg:/entire@0.5.11-0.175.3.29.0.5.0 Packages to remove: 37 Packages to install: 12 Packages to update: 510 Create boot environment: YesCreate backup boot environment: NoPlanning linked: 0/1 done; 1 working: zone:some-ngzLinked image 'zone:some-ngz' output:| Packages to remove: 25| Packages to install: 12| Packages to update: 237| Services to change: 9`...Updating image state DoneCreating fast lookup database DoneExecuting linked: 0/1 done; 1 working: zone:some-ngzExecuting linked: 1/1 doneUpdating package cache 3/3A clone of s11.3.sru.16.3.0 exists and has been updated and activated.On the next boot the Boot Environment s11.3.sru29 will bemounted on '/'. Reboot when ready to switch to this updated BE. Now that the system was upgraded to 11.3 SRU 29, it is time to boot the new boot environment (BE) in prepa[...]



Random Solaris Tips: 11.4 Beta, LDoms 3.5, Privileges, File Attributes & Disk Block Size

2018-01-31T19:34:28.542-08:00

* { box-sizing: border-box; } .event { border-radius: 4px; width: 800px; height: 110px; margin: 10px auto 0; margin-left: 0cm; } .event-side { padding: 10px; border-radius: 8px; float: left; height: 100%; width: calc(15% - 1px); box-shadow: 1px 2px 2px 1px #888; background: white; position: relative; overflow: hidden; font-size: 0.8em; text-align: right; } .event-date, .event-time { position: absolute; width: calc(90% - 20px); } .event-date { top: 30px; font: bold 24px Garamond, Georgia, serif; } .dotted-line-separator { right: -2px; position: absolute; background: #fff; width: 5px; top: 8px; bottom: 8px; } .dotted-line-separator .line { /*border-right: 1px dashed #ccc;*/ transform: rotate(90deg); } .event-body { border-radius: 8px; float: left; height: 100%; width: 65%; line-height: 22px; box-shadow: 0 2px 2px -1px #888; background: white; padding-right: 9px; font: bold 16px Garamond, Georgia, serif; } .event-title, .event-location, .event-details { float: left; width: 60%; padding: 15px; height: 33%; } .event-title, .event-location { border-bottom: 1px solid #ccc; } .event-details2 { float: left; width: 60%; padding: 15px; height: 23%; font: bold 24px Garamond, Georgia, serif; } Solaris OS Beta 11.4 Download Location & Documentation Recently Solaris 11.4 hit the web as a public beta product meaning anyone can download and use it in non-production environments. This is a major Solaris milestone since the release of Solaris 11.3 GA back in 2015. Few interesting pages: Solaris 11.4 Beta Downloads page for SPARC and x86 What's New in Oracle Solaris 11.4 Solaris 11.4 Release NotesSolaris 11.4 Documentation Logical Domains Dynamic Reconfiguration Blacklisted Resources Command History Dynamic Reconfiguration of Named Resources Starting with the release of Oracle VM Server for SPARC 3.5 (aka LDoms) it is possible to dynamically reconfigure domains that have named resources assigned. Named resources are the resources that are assigned explicitly to domains. Assigning core ids 10 & 11 and a 32 GB block of memory at physical address 0x50000000 to some domain X is an example of named resource assignment. SuperCluster Engineered System is one example where named resources are explicitly assigned to guest domains. Be aware that depending on the state of the system, domains and resources, some of the dynamic reconfiguration operations may or may not succeed. Here are few examples that show DR functionality with named resources. ldm remove-core cid=66,67,72,73 primaryldm add-core cid=66,67 guest1ldm add-mem mblock=17664M:16G,34048M:16G,50432M:16G guest2 Listing Blacklisted Resources When FMA detects faulty resource(s), Logical Domains Manager attempts to stop using those faulty core and memory resources (no I/O resources at the moment) in all running domains. Also those faulty resources will be preemptively blacklisted so they don't get assigned to any domain. However if the faulty resource is currently in use, Logical Domains Manager attempts to use core or memory DR to evacuate the resource. If the attempt fails, the faulty resource is marked as "evacuation pending". All such pending faulty resources are removed and moved to blacklist when the affected guest domain is stopped or rebooted. Starting with the release of LDoms software 3.5, blacklisted and evacuation pending resources (faulty resources) can be examined with the help of ldm's -B option. eg., # ldm list-devices -BCOREID STATUS DOMAIN1 Blacklisted2 Evac_pending ldg1MEMORYPA SIZE STATUS DOMAIN0xa30000000 87G Blacklisted0x80000000000 128G Evac_pending ldg1 Check this page for some more information. LDoms Command History Recent releases of LDoms Manager can show the history of recently executed ldm commands with the list-history subcommand. # ldm historyJan 31 19:01:18 ldm ls -o domain -pJan 3[...]



Blast from the Past : The Weekend Playlist #14

2017-12-30T10:25:46.600-08:00

Previous playlists:

    #1    #8 (50s, 60s and 70s)    |    #2    #3    #4    #5 (80s)    |    #6    #7    #9 (90s)    |    #11    #12 (00s)    |    #13 (10s) |    #10 (Instrumental)

Another 50s, 60s and 70s playlist. Audio & Widget courtesy: Spotify

src="https://open.spotify.com/embed/user/giri04/playlist/2v8fkmK0RZ49FAzPWJvFEy" width="500" height="580" frameborder="0" allowtransparency="true" style="border:none; overflow:hidden;">



osc-setcoremem: Simulation on SuperCluster Nodes

2017-12-13T17:28:41.109-08:00

Running the osc-setcoremem simulator on live SuperCluster nodes is very similar to running it on Non-SuperCluster nodes with the exception of setting a shell variable SSC_SCM_SIMULATE to differentiate simulated actions from normal processing. Any SuperCluster configuration can be simulated on a live SuperCluster node including its own configuration. Please check the first two blog posts in this series too for some information related to osc-setcoremem simulator. Oracle SuperCluster: osc-setcoremem simulator osc-setcoremem: Simulation on Non-SuperCluster Nodes Reproducing all high-level steps below for the sake of completeness (highlighted new text in blue color for convenience). Copy osc-setcoremem v2.4 or later executable binary from any live SuperCluster environment onto the target SuperCluster SPARC system running Solaris 11.3 or later Generate base configuration file in the original live SuperCluster environment that you wish to simulate elsewhere eg., # /opt/oracle.supercluster/bin/osc-setcoremem -g [OK] simulator config file generated location: /var/tmp/oscsetcorememcfg.txt    For the argument list, check "SIMULATOR ARGUMENTS" section in the output of "osc-setcoremem -h|-help" If you do not have access to the live SuperCluster environment that you wish to simulate, generate base configuration file template and edit it manually to populate base configuration of the SuperCluster environment to be simulated. Base configuration file template can be generated on any SPARC node running Solaris 11.3. And this step does not require root privileges. eg., To generate a base configuration containing 4 domains, run:% ./osc-setcoremem -g -dc 4 [OK] simulator config file generated location: /var/tmp/oscsetcorememcfg.txt% cat /var/tmp/oscsetcorememcfg.txt#DOMAIN ROOT SERVICE SOCKET CORE MEMORY HCA# NAME DOMAIN DOMAIN COUNT COUNT GB COUNT#--------------------------------------------------------------------------------------------------------------------------primary YES|NO YES|NO 1|2ssccn-dom1 YES|NO YES|NO 1|2ssccn-dom2 YES|NO YES|NO 1|2ssccn-dom3 YES|NO YES|NO 1|2    Check the Guidelines page for the manual editing of base configuration file Kick off simulation with the help of the base configuration file populated in either of the last two steps. osc-setcoremem's non-interactive mode can be activated too by supplying non-interactive arguments. Syntax: osc-setcoremem -p -c [] It is not necessary to set the shell variable SSC_SCM_SIMULATE when starting a new simulation from scratch with the help of a base configuration file. The presence of simulator specific options such as -p and -c eliminate the need for any hints about the simulation on a live SuperCluster system. eg., % ./osc-setcoremem -p m8 -c ./oscsetcorememcfg.txt -type core -res 16/480:16/480:16/480 osc-setcoremem simulator (non-interactive) v2.5 built on Oct 13 2017 11:33:52 Current Configuration: SuperCluster M8 +----------------------------------+-------+--------+-----------+--- MINIMUM ----+ | DOMAIN | CORES | MEM GB | TYPE | CORES | MEM GB | +----------------------------------+-------+--------+-----------+-------+--------+ | primary | 32 | 960 | Dedicated | 2 | 32 | | ssccn1-dom1 [...]



osc-setcoremem: Simulation on Non-SuperCluster Nodes

2017-10-18T00:03:39.147-07:00

.. simulation of domain CPU and memory configuration changes, that is. Please check the first blog post in this series too - Oracle SuperCluster: osc-setcoremem simulator. Keep in mind that fresh/new simulations should always start with configurations representing the base configuration of a SuperCluster node (PDom) to be simulated. Base configuration is the compute server CPU and memory resources that are initially allocated during a SuperCluster installation. High-level steps: Copy osc-setcoremem v2.4 or later executable binary from any live SuperCluster environment onto the target non-supercluster SPARC system running Solaris 11.3 or later Generate base configuration file in the original live SuperCluster environment that you wish to simulate elsewhere eg., # /opt/oracle.supercluster/bin/osc-setcoremem -g [OK] simulator config file generated location: /var/tmp/oscsetcorememcfg.txt    For the argument list, check "SIMULATOR ARGUMENTS" section in the output of "osc-setcoremem -h|-help" If you do not have access to the live SuperCluster environment (that you wish to simulate), generate base configuration file template and edit it manually to populate base configuration of the SuperCluster environment to be simulated. Base configuration file template can be generated on any SPARC node running Solaris 11.3. And this step does not require root privileges. eg., To generate a base configuration containing 4 domains, run:% ./osc-setcoremem -g -dc 4 [OK] simulator config file generated location: /var/tmp/oscsetcorememcfg.txt% cat /var/tmp/oscsetcorememcfg.txt#DOMAIN ROOT SERVICE SOCKET CORE MEMORY HCA# NAME DOMAIN DOMAIN COUNT COUNT GB COUNT#--------------------------------------------------------------------------------------------------------------------------primary YES|NO YES|NO 1|2ssccn-dom1 YES|NO YES|NO 1|2ssccn-dom2 YES|NO YES|NO 1|2ssccn-dom3 YES|NO YES|NO 1|2    Check the Guidelines page for the manual editing of base configuration file Kick off simulation with the help of the base configuration file populated in either of the last two steps. osc-setcoremem's non-interactive mode can be activated too by supplying non-interactive arguments. Syntax: osc-setcoremem -p -c []eg., % ./osc-setcoremem -p m8 -c ./oscsetcorememcfg.txt -type core -res 16/480:16/480:16/480 osc-setcoremem simulator v2.5 built on Oct 13 2017 11:33:52 Current Configuration: SuperCluster M8 +----------------------------------+-------+--------+-----------+--- MINIMUM ----+ | DOMAIN | CORES | MEM GB | TYPE | CORES | MEM GB | +----------------------------------+-------+--------+-----------+-------+--------+ | primary | 32 | 960 | Dedicated | 2 | 32 | | ssccn1-dom1 | 32 | 960 | Dedicated | 2 | 32 | | ssccn1-dom2 | 32 | 960 | Dedicated | 2 | 32 | | ssccn1-dom3 | 2 | 32 | Root | 2 | 32 | +----------------------------------+-------+--------+-----------+-------+--------+ | Parked Resources (Approx) | 30 | 928 | -- | -- | -- | +----------------------------------+-------+--------+-----------+-------+--------+ [ I[...]



Oracle SuperCluster: osc-setcoremem simulator

2017-09-19T21:34:28.309-07:00

Target Audience: Oracle SuperCluster customers and Oracle technical support Is it possible to use setcoremem to achieve my desired configuration? Why setcoremem is behaving differently than the way I expected it to be? Why can't I add more memory to a particular domain? .. are some of the common/recurring questions that I've heard in the last several years. Unfortunately in most cases questions like "Is it possible to use setcoremem to achieve my desired configuration?" won't arise until after the customer had their hands on the SuperCluster configuration they ordered. If the customer has a way of figuring out what combinations of core/memory configurations are possible in the planned SuperCluster configuration beforehand, it'd help them tremendously in planning; and likely minimize frustrations and service requests later on if the tool shows different possible combinations than the ones they'd prefer. To address some of the questions and concerns that are similar to the ones mentioned above, osc-setcoremem simulator was introduced in SuperCluster Exafamily update 2.4.x. The self-contained osc-setcoremem binary from Exafamily update 2.4.x can be used to run simulations on any SPARC hardware not necessarily on SuperCluster SPARC hardware alone as long as the target SPARC hardware has Solaris 11 or later running. While normal execution (non-simulation) of osc-setcoremem requires root privileges to make the intended core/memory configuration changes in one or more logical domains (LDoms), it is not necessary to use root privileges to run the simulator. In other words, normal users with limited privileges can run osc-setcoremem on any SPARC hardware including non-SuperCluster hardware to simulate the behavior of osc-setcoremem on a variety of SuperCluster T4/T5/M6/M7/M8 supported configurations such as fully/half/quarter populated configurations. Few things to keep in mind: Simulator functionality was embedded in the Exafamily osc-setcoremem utility. Same self-contained osc-setcoremem executable binary can be used to simulate in addition to reconfiguring core and memory of one or more logical domains on a live SuperCluster. On non-SuperCluster SPARC hardware, osc-setcoremem runs in simulation mode by default. On SuperCluster nodes, normal execution (non-simulation) is the default. Simulation mode can be enabled by setting the shell variable SSC_SCM_SIMULATE to any value before invoking osc-setcoremem. It is unlikely that the simulator will answer or address all questions and concerns that customers might have. The main objective of the simulator is to provide some insight into the behavior of the utility (what works and what doesn't) by simulating the SuperCluster configuration that the customer is planning to deploy or already have access to. The main advantage is that the customers do not need to have the actual hardware in their data centers before they can plan and finalize their domain configurations. Even though some additional information is shown in simulation mode such as the resource distribution among locality groups, the utility won't show anything much descriptive during simulations so it is still up to the user to run multiple simulations to understand the tool behavior and to figure out what works and what does not. We will explore the simulator in the next few blog posts. Meanwhile please check the official documentation pages out at Configuring CPU and Memory Resources (osc-setcoremem) and Run a Simulation to learn more about the functionality of osc-setcoremem and for the instructions to run the simulator. ALSO SEE: osc-setcoremem: A Brief Introduction Non-Interactive osc-setcoremem (To be continued ..)[...]



Python Lists in 5 Minutes or Less .. Part 2

2017-08-16T23:12:43.261-07:00

SEE ALSO: Python Lists in 5 Minutes or Less .. Part 1 Extracting Part of a List (sublist) Lists can be sliced using [:] construction. list[start:end] (slicing) returns a new list containing elements in the original list from index position "start" to "(end-1)". Index starts at 0. "start" and "end" positions are optional. When "start" position was omitted, start of the list is assumed. When "end" position was omitted, end of the list is assumed. If both are omitted, entire list is returned as is. eg., >>> record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371']>>> record[4:7][140.32, '925-93-2176', 'John']>>> record[:4]['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201']>>> record[4:][140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371']>>> record[:]['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371'] Negative index counts back from the end of the list (right-to-left). -1 refers to the right most (last) element in the list. eg., Extract last 3 elements in the list using negative index.>>> record[-3:]['John', 'Keats', 'Sears Tower, Chicago, IL 46371']Extract all elements except the last 3.>>> record[:-3]['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176'] An optional "step" parameter can be specified to skip few elements from the list, or put another way to get every nth element from the list. Syntax: list[start:end:step] eg., Fetch every alternate element from the beginning of the list. >>> record[::2]['Gary', 25, 140.32, 'John', 'Sears Tower, Chicago, IL 46371']Reverse the list.>>> record[::-1]['Sears Tower, Chicago, IL 46371', 'Keats', 'John', '925-93-2176', 140.32, 'Network Ct, Twin Peaks, WA 90201', 25, 'Doe', 'Gary'] Note that the new lists returned from slicing a list are in reality shallow copies so contain references to elements from the original list. Sorting a List sort() method of the list object returns nothing (None) but modifies the original list by sorting in place. sort method supports 3 optional parameters -- method to be used for sorting (cmp), function to be executed with key element (key) and the reverse option. Syntax: sort(cmp, key, reserve). eg., >>> record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371']>>> record.sort()>>> record[25, 140.32, '925-93-2176', 'Doe', 'Gary', 'John', 'Keats', 'Network Ct, Twin Peaks, WA 90201', 'Sears Tower, Chicago, IL 46371']>>> record=['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371']>>> record.sort(reverse=True)>>> record['Sears Tower, Chicago, IL 46371', 'Network Ct, Twin Peaks, WA 90201', 'Keats', 'John', 'Gary', 'Doe', '925-93-2176', 140.32, 25] If you don't want the original list to be modified, one option is to make a copy of the list and call sort() on the copy. Another option is to use the built-in sorted() function. The sorted() function returns the sorted list. It also accepts reverse parameter similar to sort() of the list. eg., >>> record=['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371']>>> import copy>>> recorddup = copy.copy(record)>>> recorddup.sort()>>> recorddup[25, 140.32, '925-93-2176', 'Doe', 'Gary', 'John', 'Keats', 'Network Ct, Twin Peaks, WA 90201', 'Sears Tower, Chicago, IL 46371']>>> record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371']>>> sorted(record)[25, 140.32, '925-93-2176', 'Doe', 'Gary', 'John', 'Keats', 'Network Ct, Twin Peaks, WA 90201', 'Sears Tower, Chicago, IL 46371']>>> sorted(record, reverse=True)['Sears Tower, Chicago, [...]



Word List #3

2017-08-07T21:51:59.738-07:00

Prior lists:    #1    #2   WORDMEANING   convalescent(of a person) recovering from an illness or operation   forlornpitifully sad and abandoned or lonely   insouciantshowing a casual lack of concern; indifferent   groundswella buildup of opinion or feeling in a large section of the population   blustertalk in a loud, aggressive, or indignant way with little effect  inchoatejust begun and so not fully formed or developed; rudimentary  exultshow or feel elation or jubilation esp as the result of a success  bleatspeak or complain in a weak, querulous, or foolish way  hearkenlisten  finagleobtain something by devious or dishonest means  cruftbadly designed, unnecessarily complicated, or unwanted code or software  corralgather together and confine (a group of people or things)  throbfeel pain in a series of regular beats  recalcitranthaving an obstinately uncooperative attitude toward authority or discipline  prescienthaving or showing knowledge of events before they take place  newspeakambiguous euphemistic language used chiefly in political propaganda  apparatchikan official in a large political organization  twaddletrivial or foolish speech or writing; nonsense  imbroglioan extremely confused, complicated, or embarrassing situation  serenadea piece of music sung or played in the open air, typically by a man at night under the window of his lover  trenchantvigorous or incisive in expression or style  kerfufflea commotion or fuss, especially one caused by conflicting views  denouementthe final part of a play, movie, or narrative in which the strands of the plot are drawn together and matters are explained or resolved  flagrant(of something considered wrong or immoral) shockingly noticeable or evident; obvious; glaring  perp walkan act of walking into or out of a police station, courthouse, etc., that a person in police custody is made to perform for the benefit of the media  25 words[...]



Python Lists in 5 Minutes or Less .. Part 1

2017-08-14T19:57:48.136-07:00

Key Points: A list is a collection of values stored in order -- that is, a list is an ordered group of items or elementsLists can have elements of different types (not necessarily items of the same data type)A list can have duplicate elementsIt is not necessary to specify the size of the list when declaredThe list can grow or shrink dynamically during runtime List Creation Create an empty list >>> record = [] Create and initialize a list >>> record = ['Gary', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, 'Hardhat Worker'] Initialize a list to a size with an initial value of any data type for each element. eg.,Create an array list containing 10 elements each initialized to zero >>> array = [0]*10>>> print array[0, 0, 0, 0, 0, 0, 0, 0, 0, 0] Accessing Elements Access or modify elements by their position. First element is at position (index) zero. >>> print record['Gary', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, 'Hardhat Worker']>>> print record[4]Hardhat Worker>>> record[4] = 'Mailman' Adding Elements Add a single item to the end of a list with the help of append() method. The item can be any data type or another list. >>> record.append('925-93-2176') Use insert() method to add an item at a certain position in the list. First argument specifies the position. >>> record.insert(1, 'Doe')>>> print record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, 'Mailman', '925-93-2176'] Combining Lists One way is to add a list to another. >>> record2 = ['John', 'Keats', 52]>>> record += record2>>> print record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, 'Mailman', '925-93-2176', 'John', 'Keats', 52] Another way is to use extend() method combine one list with another. >>> record3 = ['Sears Tower, Chicago, IL 46371', 'Senator']>>> record.extend(record3)>>> print record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, 'Mailman', '925-93-2176', 'John', 'Keats', 52, 'Sears Tower, Chicago, IL 46371', 'Senator'] Removing Elements pop() method removes and returns the element from a specific position if the position was specified. Otherwise, last element of the list will be removed, and returned to the caller. >>> record.pop()'Senator'>>> record.pop(5)'Mailman' del list[idx] is an alternative to calling list.pop(idx). >>> del record[5]>>> print record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 52, 'Sears Tower, Chicago, IL 46371'] remove() method removes an element by value. In case of duplicates, this method removes only the first occurrence of the element. >>> record.remove(52)>>> print record['Gary', 'Doe', 25, 'Network Ct, Twin Peaks, WA 90201', 140.32, '925-93-2176', 'John', 'Keats', 'Sears Tower, Chicago, IL 46371'] List Size (length) The built-in len() method returns the length of a list. >>> len(record)9[...]



Blast from the Past : The Weekend Playlist #13

2017-07-14T22:41:37.078-07:00

Previous playlists:

    #1    #8 (50s, 60s and 70s)    |    #2    #3    #4    #5 (80s)    |    #6    #7    #9 (90s)    |    #11    #12 (00s)    |    #10 (Instrumental)

New category: "10s" (2010s) playlist. Audio & Widget courtesy: Spotify

src="https://open.spotify.com/embed/user/giri04/playlist/1TpKaU7g0q8cTCSIPEcj0e" width="500" height="580" frameborder="0" allowtransparency="true" style="border:none; overflow:hidden;">



Oracle SuperCluster: A Brief Introduction to osc-resalloc

2017-06-30T21:56:55.929-07:00

Target Audience: Oracle SuperCluster Customers

The primary objective of this blog post is to provide some related information on this obscure tool to inquisitive users/customers as they might have noticed the osc-resalloc binary and the namesake package and wondered what is it for at some point.

On a high-level, osc-resalloc is a SuperCluster internal tool that acts like a plug-in for customer visible SuperCluster Virtual Assistant (SVA). SVA and osc-resalloc work in tandem while assigning core, memory and network resources for IO Domains. Optimal allocation of resources [wherever possible] is one of the major functions of osc-resalloc.

osc-resalloc is a command line tool that gets invoked [by SVA] on-demand, does its work for few seconds (maximum 1-2s) and quits. It is a non-intrusive and non-disruptive tool -- meaning the tool won't consume much resources on the host where it runs (usually Control Domain) and it won't make any destructive changes on its own.

End-users / Customers are generally prohibited from invoking this tool directly from command line as it won't serve any meaningful purpose; and in some cases doing so might even impact SVA functionality negatively. This is the main reason there is no mention of osc-resalloc in SuperCluster Documentation Set. And the tool won't show any help on command line either.


# /opt/oracle.supercluster/bin/osc-resalloc

OSC : Resource Allocation Engine
v2.3 built on Nov 4 2016 11:45:47

# /opt/oracle.supercluster/bin/osc-resalloc -h
# /opt/oracle.supercluster/bin/osc-resalloc -help
# /opt/oracle.supercluster/bin/osc-resalloc -?
#

I guess that's all there is to it.

Related:




Blast from the Past : The Weekend Playlist #12

2017-06-10T00:54:28.667-07:00

Previous playlists:

    #1    #8 (50s, 60s and 70s)    |    #2    #3    #4    #5 (80s)    |    #6    #7    #9 (90s)    |    #11 (00s)    |    #10 (Instrumental)

Another 00s playlist. Audio & Widget courtesy: Spotify

src="https://embed.spotify.com/?uri=spotify%3Auser%3Agiri04%3Aplaylist%3A1lL9hedBwxoxz0MGcYH6Ui" width="500" height="580" frameborder="0" allowtransparency="true" style="border:none; overflow:hidden;">



Non-Interactive osc-setcoremem

2017-05-01T19:11:59.492-07:00

Target Audience: Oracle SuperCluster Customers By default osc-setcoremem runs in interactive mode prompting and waiting for critical user inputs. In a way it makes sense as the core count and memory options for the remaining logical domains in input screens depend entirely on the cores and memory chosen for the domains that user already provided input for. In other words, available core count and memory capacity for some of the domains dynamically change based on the user selection of resources for some of the other domains on the target system. If the customer is pretty comfortable with the tool and knows ahead the combination of core/memory inputs for each of the logical domains that the tool would accept without complaining, they can probably run the tool in non-interactive mode for convenience. Non-interactive mode can be used to perform all operations that are supported by interactive mode. Tool's functional behavior is the same irrespective of how the core/memory inputs were provided for each of the logical domains -- interactively or non-interactively. Non-interactive mode has been introduced in the 2.3 release of osc-setcoremem tool. This mode can be triggered by a combination of -type and -res options. An optional -y flag would skip the prompt for confirmation. Supported options in non-interactive mode:-type socket|core -res [min|max|current|x_sockets|x_cores/x_memgb]:[...]:[min|max|current|x_sockets|x_cores/x_memgb] [-y|-n] [-h|-help] -type specifies the type of granularity to be used for resource allocations -- socket or core. -res specifies the socket or core/memory resource assignment to all logical domains that are eligible for resource reconfiguration; and each resource assignment is separated by a ':' (colon ). The order of resource assignments matches the order shown in the output from osc-setcoremem -list. In addition to the integer values for socket count, core count and memory capacity in gigabytes, tool accepts symbolic values like min, max and current. min/MIN and max/MAX specify the minimum and maximum possible resource assignment whereas current/CURRENT indicates the tool to retain the current value as is. If it is not possible to retain the current value, a value that is as close as possible to the current value will automatically be used. -h|-help option provides on-screen help with few example input strings. Please review the Change CPU/Memory Allocations Non-Interactively section in Oracle SuperCluster M7 Series Administration Guide for additional details. Example: Here is an example osc-setcoremem session showing the non-interactive mode in action. Once user provides all required inputs on a single line, the tool shows the interactive screens and auto-fills the inputs as if user entered those inputs. This gives the user a chance to compare what was provided as inputs against what is being used by the tool. # cd /opt/oracle.supercluster/bin# ./osc-setcoremem -list osc-setcoremem (non-interactive) v2.4 built on April 23 2017 17:12:01 Current Configuration: SuperCluster Full-Rack T5-8 +-----+----------------------------------+---- CURRENT ---+-----------+--- MIN REQD ---+ | ID | DOMAIN | CORES | MEM GB | TYPE | CORES | MEM GB | +-----+----------------------------------+-------+--------+-----------+-------+--------+ | 1 | primary | 32 | 512 | Dedicated | 8 | 64 | | 2 | ssccn1-dom1 | 16 | 256 | Dedicated | 4 | 32 | | 3 | ssccn1-dom3 | 16 | 256 | Dedicated | 4 | 32 | | 4 | ssccn1-dom4 | 16 | 256 | Dedicated | 4 | 32 | +-----+----[...]



OnePlus X: Windows Won't Auto-Mount as Storage Drive When Connected via USB cable

2017-04-15T15:57:02.574-07:00

Here's one way to check and fix. Of course it works only if the USB option was misconfigured.

Step 1: pull down the notification bar from the top of the display. Click on "USB for Charging - Touch for more options"

Step 2: select "File transfers" option under USB options if not selected and check again




osc-setcoremem: A Brief Introduction

2017-04-01T01:18:27.996-07:00

Target Audience: Oracle SuperCluster Customers On a high-level, osc-setcoremem is a SuperCluster tool that assists in making changes to the CPU and memory configurations of one or more dedicated domains running on a SuperCluster compute node. osc-setcoremem helps in removing (park) resources from dedicated domains for licensing purposes. Also using osc-setcoremem, some of the CPU and memory resources can be removed from one dedicated domain and added to remaining dedicated domains. Root domains are ignored by default. Any user with no prior knowledge of Oracle VM Server for SPARC (also known as Logical Domains) administration, and how the operating system organizes CPU and memory resources into different locality groups (lgroups) can easily reconfigure the dedicated domains to achieve desired (or in some cases close to the desired) CPU, memory configurations. Only those users with root privileges can run the tool. osc-setcoremem is currently supported on all SuperCluster platforms -- T4-4, T5-8, M6-32 and M7. User can change the CPU, memory configurations at Socket or Core granularity. For the complete list of supported functionality along with known limitations, please review the Configuring CPU and Memory Resources section in Oracle SuperCluster M7 Series Administration Guide. Here is a sample interactive osc-setcoremem session that changes the CPU, memory configuration of couple of dedicated domains on a SuperCluster M6-32 compute node. # /opt/oracle.supercluster/bin/osc-setcoremem osc-setcoremem v2.3 built on Jan 30 2017 11:48:13 Current Configuration: SuperCluster Fully-Populated M6-32 Base +----------------------------------+-------+--------+-----------+--- MINIMUM ----+ | DOMAIN | CORES | MEM GB | TYPE | CORES | MEM GB | +----------------------------------+-------+--------+-----------+-------+--------+ | primary | 24 | 2048 | Dedicated | 2 | 32 | | ssccn1-dom1 | 24 | 2048 | Dedicated | 2 | 32 | | ssccn1-dom2 | 24 | 2048 | Dedicated | 2 | 32 | | ssccn1-dom3 | 2 | 32 | Root | 2 | 32 | +----------------------------------+-------+--------+-----------+-------+--------+ | Parked Resources (Approx) | 22 | 2016 | -- | -- | -- | | Memory in Use by _sys_ Pool | -- | 1.25 | -- | -- | -- | +----------------------------------+-------+--------+-----------+-------+--------+ [ INFO ] following domains will be ignored in this session. Root Domains ------------ ssccn1-dom3 CPU Granularity Preference: 1. Socket 2. Core In case of Socket granularity, proportional memory capacity is automatically selected for you. Choose Socket or Core [S or C] C Step 1 of 2: Core Count primary : specify number of cores [min: 2, max: 68. default: 24] : 30 you chose [30] cores for primary domain ssccn1-dom1 : specify number of cores [min: 2, max: 40. default: 24] : you chose [24] cores for ssccn1-dom1 domain ssccn1-dom2 : specify number of cores [min: 2, max: 18. default: 18] : 12 you chose [12] cores for ssccn1-dom2 domain Configuration In Progress After Core Count Selection: +----------------------------------+-------+--------+-----------+--- MINIMUM ----+ | DOMAIN | CORES | MEM GB | TYPE | CORES | MEM GB | +----------------------------------+-------+--------+-----------+-------+--------+ | primary | 30 | 2048 | Dedicated | 2 | 128 | | ssccn1[...]



Word List #2

2017-04-01T01:21:06.843-07:00

WORDMEANING
 
polemica strong verbal or written attack on someone or something
 
emeritushaving retired but allowed to retain their title as an honor
 
yank(short for yankee) slang for someone of American origin or heritage
 
pejorativeexpressing contempt or disapproval
 
ganderlook or glance at something (eg., take a gander at sth)
 
valiantshowing courage or determination (eg., a valiant effort to do sth)
 
recuseto remove (oneself) from participation to avoid a conflict of interest
 
consiglierean adviser esp to a crime boss
 
hankeringa strong desire to have or do something
 
cribcopy (another person's work) illicitly or without acknowledgment
 
flummoxperplex (someone) greatly; bewilder
 
ensconceestablish or settle (someone) in a comfortable, safe, or secret place
 
ad hominem(of an argument or reaction) directed against a person rather than the position they are maintaining
 
vis-a-visin relation to; with regard to
 
nascent(esp of a process or organization) just coming into existence and beginning to display signs of future potential
 
forage(of a person or animal) search widely for food or provisions
 
amblewalk or move at a slow, relaxed pace
 
brooka small stream
 
compunctiona feeling of guilt or moral scruple that prevents or follows the doing of something bad
 
vacuoushaving or showing a lack of thought or intelligence; mindless
 
metedispense or allot justice, a punishment, or harsh treatment
 
glowerhave an angry or sullen look on one's face; scowl
 
disseminatespread or disperse (something, esp information) widely
 
germanerelevant to a subject under consideration
 
veritableused as an intensifier, often to qualify a metaphor
 

25 words




Blast from the Past : The Weekend Playlist #11

2017-03-04T00:16:44.691-08:00

Previous playlists:

    #1    #8 (50s, 60s and 70s)    |    #2    #3    #4    #5 (80s)    |    #6    #7    #9 (90s)    |    #10 (Instrumental)

New category: "00s" (2000s) playlist. Audio & Widget courtesy: Spotify

src="https://embed.spotify.com/?uri=spotify%3Auser%3Agiri04%3Aplaylist%3A6C8yJNecVspYDNz60fkppg" width="500" height="580" frameborder="0" allowtransparency="true" style="border:none; overflow:hidden;">



Word List #1

2017-03-01T23:37:15.495-08:00

WORDMEANING
 
groundswella buildup of opinion or feeling in a large section of the population
 
cock-a-hoopextremely and obviously pleased esp about a triumph or success
 
besetto attack on all sides; assail; harass
 
tawdryshowy but cheap and of poor quality
 
cordonprevent access to or from (an area or building) by surrounding it with police or other guards (think of "do not cross" yellow tape)
 
daftsilly, foolish
 
ratched(same as wretched) of poor quality; shabby or filthy in appearance; unfortunate conditions or circumstances. 'hot mess'
 
beckonmake a gesture with the hand, arm, or head to encourage someone to come nearer or follow
 
sidleto move close to someone in a quiet or secret way
 
detentethe easing of hostility or strained relations, esp between countries
 
emissarya person sent on a special mission, usually as a diplomatic representative (a messenger)
 
gingerlyin a careful or cautious manner
 
svelte(of a person) slender or graceful in figure or outline; slim
 
gagglea disorderly or noisy group of people
 
daylighta perceptible space, gap, or difference
 
revelenjoy oneself in a lively and noisy way, esp with drinking and dancing
 
quaintattractively unusual or old-fashioned
 
capricea sudden and unaccountable change of mood or behavior
 
salvoa simultaneous discharge of artillery or other guns in a battle
 
despondentin low spirits from loss of hope or courage
 
insinuatesuggest or hint (something bad or reprehensible) in an indirect and unpleasant way
 
confluencean act or process of merging (eg., rivers)
 
decorumbehavior in keeping with good taste and propriety (etiquette)
 
drudgeryhard, menial, or dull work
 
exegesiscritical explanation or interpretation of a text, esp of scripture
 

25 words




C, Solaris & SPARC M7: Get Defensive with Few Techniques .. Part 3/3

2017-01-31T23:44:51.335-08:00

SPARC: Silicon Secured Memory (SSM) Silicon Secured Memory (SSM) is a hardware feature available on the latest Oracle SPARC M7/T7/S7 platform that is designed to protect against invalid data accesses such as freed memory accesses, stale pointer references and buffer overflows real-time. It stops unauthorized access to memory whether that access is due to a programming error or a malicious attempt to exploit buffer overruns. This feature is designed to help prevent security vulnerabilities such as Heartbleed ♡. The hardware does it by comparing the version number stored in software managed pointer with the version number maintained in the memory cache lines§. A mismatch leads to a hardware trap that ultimately turns to an error. This feature can be used during application development as well as in production to detect potential memory corruption issues. Applications written in programming languages such as C/C++ benefit the most as manual memory management plays an important role in those applications making them vulnerable to memory corruption triggered by programming errors. Existing applications can be enabled with SSM [without recompiling] by linking with a Oracle Solaris library during runtime. The overhead incurred by enabling this feature is minimal as the hardware has to generate a trap to report the error only when there is a memory access error. As of now only 64-bit binaries can take advantage of SSM feature. One requirement is that allocated memory (target memory area for checking memory errors) needs to be 64-byte aligned and its size must be multiple of 64. Also watchout for other requirements and limitations that were outlined in some of the documents listed at the bottom of this post. Rest of this blog post uses the following buggy code to demonstrate Silicon Secured Memory (SSM) feature. % cat -n memerr.c 1 #include 2 #include 3 #include 4 5 void main(int argc, char *argv[]) 6 { 7 char *longstr = malloc( sizeof(char) * 64 ); 8 char *longstr2 = malloc( sizeof(char) * 64 ); 9 10 strcpy( longstr , argv[1] ); 11 strcpy( longstr2, argv[2] ); 12 13 for (int i = 0; i < 96; ++i) 14 printf( "%c ", longstr[i] ); /* read beyond boundary */ 15 printf( "\n" ); 16 17 free( longstr ); 18 free( longstr2 ); 19 20 strcpy( longstr , argv[2] ); /* freed memory access */ 21 strcpy( longstr2, argv[1] ); /* freed memory access */ 22 23 for (int i = 0; i < 96; ++i) 24 printf( "%c ", longstr[i] ); 25 printf( "\n" ); 26 27 free( longstr ); /* double free */ 28 free( longstr2 ); /* double free */ 29 }% cc -g -m64 -o memerr memerr.c SSM in Development Environment Rely on Oracle Solaris Studio Code Analyzer and SSM to find and fix memory access errors. Couple of options here. Both options require access to Oracle Solaris Studio 12.4 4/15 Platform Specific Enhancement (PSE) or later software. Preload libdiscoverADI library and run the application. This will run all 64-bit binaries in the application in SSM mode. % LD_PRELOAD_64=/lib/compilers/sparcv9/libdiscoverADI.so ./memerr Enable discover utility to detect and understand runtime memory access errors identified by ADI. This can be done on a per binary basis in a large application. .. on build system ..% discover -i adi -A on -P on -w meme[...]



Blast from the Past : The Weekend Playlist #10

2016-12-31T00:30:22.103-08:00

Previous playlists:

    #1    #8 (50s, 60s and 70s)    |    #2    #3    #4    #5 (80s)    |    #6    #7    #9 (90s)

New category: "instrumental" playlist. Audio & Widget courtesy: Spotify

src="https://embed.spotify.com/?uri=spotify%3Auser%3Agiri04%3Aplaylist%3A5ttDZm2sb1ZEj3LqobAd3w" width="500" height="580" frameborder="0" allowtransparency="true" style="border:none; overflow:hidden;">



C, Solaris & SPARC M7: Get Defensive with Few Techniques .. Part 2/3

2016-12-13T22:20:39.934-08:00

Solaris: Address Space Layout Randomization (ASLR) Address Space Layout Randomization is a security defense mechanism against attacks like buffer overflow or Return Oriented Programming (ROP) attacks that exploit software vulnerabilities. An attacker gaining control of the call stack of a process at runtime to manipulate program control flow to execute instructions of choice is an ROP attack. All major operating systems including Solaris support Address Space Layout Randomization to minimize the risk of such attacks. In general, user land processes place the starting address of key areas at a known place. ASLR randomizes the starting address of the key areas of the proces address space such as the base of the executable, stack, brk-based heap, memory mappings including the mapping of libraries. On Solaris, ASLR is configurable at the system level (global & local zones) and at the binary and process level with the help of sxadm command line utility. It is possible to enable or disable ASLR for all processes; or selectively enable/disable ASLR for certain applications by tagging related binaries. Tagging is just a special ELF entry inside target binary's dynamic section that explicitly tells whether or not to enable the defense mechanism. Binary tagging has precedence over the system-level configuration. Out of the box, many of userland binaries are tagged on Solaris to enable ASLR; and by default, Solaris boots the global and all non-global zones with ASLR enabled only for those binaries that are explicitly marked (tagged) to support it. Rest of the post demonstrates ASLR configuration with few examples. Current ASLR Settings % sxadm info aslrEXTENSION STATUS CONFIGURATIONaslr enabled (tagged-files) default (default) Above output shows that ASLR is currently enabled for tagged binaries, which is the default behavior on recent Solaris 11 updates. Tag a Specific Userland Binary to Enable ASLR Developers can rely on link-editor's "-z aslr=.." option to selectively tag certain dynamic executables and position-independent executables to enable or disable ASLR for those binaries. % elfdump -d | grep -i aslr% ^^^^ binary not tagged for ASLR .. tag to enable ASLR ..% cc -z aslr -o % elfdump -d | grep -i aslr [34] SUNW_ASLR 0x2 ENABLE ^^^^^^ binary tagged to enable ASLR .. tag to disable ASLR ..% cc -z aslr=disable -o % elfdump -d | grep -i aslr [34] SUNW_ASLR 0x1 DISABLE ^^^^^^ binary tagged to disable ASLR System-wide ASLR Configuration ASLR is managed as a security extension by the sxadm command line utility. sxadm command configures and controls Solaris security extensions both at the system level (global zone, non-global zone) and at the process level. The enable and disable subcommands enable and disable ASLR system-wide, and the delcust subcommand resets custom ASLR configuration to the out-of-the-box default configuration. Please check the man page of sxadm(1M) for detailed information about all supported options. % sxadm info aslrEXTENSION STATUS CONFIGURATIONaslr enabled (tagged-files) default (default) .. enable ASLR system-wide .. # sxadm enable -c model=all aslr# sxadm info aslrEXTENSION STATUS CONFIGU[...]



C, Solaris & SPARC M7 : Get Defensive with Few Techniques .. Part 1/3

2017-01-03T17:38:01.480-08:00

table { border: none; border-collapse: collapse; width: 100%; table-layout: fixed; } This post is related to security defense (sort of). C: Buffer Overflows C programming language has no built-in protection against accessing or overwriting data in any part of memory. Also C doesn't check whether the data written to an array is within the boundaries of that array. Consequently erroneous C code can easily trigger buffer overflows/overruns by writing more data to a buffer than it can hold. In other words, by putting data in a memory area past a buffer. Writing beyond the bounds of a block of allocated memory (buffer) is a security vulnerability that can corrupt data, crash the application, or may cause the execution of malicious code. Now let's have a look at few examples using some of the unbounded and bounded string functions. strcpy vs strncpy vs strlcpy strcpy()strcpy() does not check buffer lengths (hence unbounded function) and may overwrite memory zone contiguous to the intended destination (buffer) if not careful. strcpy() automatically includes the terminating null byte ('\0'). The programmer has to ensure that the copied string is within the bounds of the destination buffer. eg.,// no overflowchar word[5];strcpy(word, "best");// overflowchar word[5];strcpy(word, "utopia");PS:strcpy(), strcat() and strcmp() functions in the same family are similarly vulnerable. strncpy()strncpy() is a bounded string function that prevents buffer overflows by accepting a buffer size argument and not writing past that boundary. This function copies at most bytes equal to the buffer size from source string to destination buffer. However unlike strcpy(), strncpy() does not guarantee null terminated string. Initially all characters in the buffer are set to null bytes ('\0'). If the length of the source string is less than the buffer size argument, strncpy() overwrites the '\0' characters in the buffer only until the length of the source string. In this case, the copied string remains null terminated. If the source string is equal to the size of buffer, all the '\0' characters in destination buffer will be overwritten and the copied string will be non-null terminated. Similarly if the source string is longer than the size of buffer, all the '\0' characters in destination buffer will be overwritten and the copy will be non-null terminated and truncated resulting in data loss. In all cases, it is the responsibility of the programmer to check for and include the terminating null byte if missing. Non-null terminated strings may exhibit undefined behavior that can potentially lead to incorrect program execution, and the hosting application is still vulnerable to attacks. For example, in case of non-null terminated strings, strlen() will keep searching memory until it finds a null character or hits an address that causes a memory protection fault of some sort. eg.,// ok. null terminated stringchar word[6];strncpy(word, "best", 6);// not ok. non-null terminated stringchar word[6];strncpy(word, "utopia", 6);// null terminated but truncated string// atleast we avoid the undefined behaviorchar word[6];strncpy(word, "utopia", 5); // leave last byte for '\0'    -or-strncpy(word, "utopia", 6);word[5] = '\0';strlcpy()strlcpy() is another bounded string function that prevents buffer overflows and avoids non-null terminated strings by copying at most bytes equal to the buffer size [argument] from source string to destination buffer, and b[...]



[Solaris] Memory Leak Checking with libumem

2016-09-01T00:16:35.674-07:00

libumem is a userland memory allocator (a library) with some debugging features that enable easy identification and troubleshooting of process memory leaks and memory access errors. Apparently target application must either be linked with the library, or the library must be preloaded into the address space of the target process before users can take advantage of the diagnostic features offered by libumem. Besides the diagnostic support, libumem strives to improve the memory allocation performance by creating and managing multiple independent caches each with a different buffer size. This results in good scaling due to reduced lock contention especially in multi-threaded applications with many threads allocating and deallocating memory concurrently. Evidently there will be a tradeoff somewhere that achieves better scalability; and the tradeoff in this case is a slight memory overhead. Keep in mind that some of this additional memory will be accounted for when examining the process for memory leaks. Rest of this post details the steps involved in examining memory leaks with a simple native process as an example. High-Level Steps: Runtime debugging features such as memory leak detection, buffer overflows can be controlled by UMEM_* environment variables. Check umem_debug(3MALLOC) man page for the complete list of environment variables along with brief description. Check if the target application was linked with libumem library (-lumem). If not, preload /usr/lib/libumem.so.* before running the application. eg., 1) Executable linked with libumem library % cc -g -o mleak -lumem leak.c% ldd mleak libumem.so.1 => /lib/libumem.so.1 libc.so.1 => /lib/libc.so.1 2) Executable not linked with libumem library % cc -g -o mleak leak.c% ldd mleak libc.so.1 => /lib/libc.so.1% export LD_PRELOAD_32=/usr/lib/libumem.so.1% export UMEM_DEBUG=default% ./mleak Memory leaks can be examined with the help of modular debugger, mdb. Couple of possibilities. attach a live process to the mdb debugger and run relevant dcmds such as ::findleaks # echo ::findleaks | mdb -p `pgrep mleak` generate a core image of the running process and examine the core file for memory leaks # gcore `pgrep mleak`gcore: core.7487 dumped# echo ::findleaks | mdb core.7487 Complete Example: % cat -n leak.c 1 #include 2 #include 3 #include 4 5 int *intblk() 6 { 7 int *someint = malloc( sizeof(int) * 2 ); 8 return malloc( sizeof(int) ); 9 } 10 11 void main() 12 { 13 int i = 0; 14 while ( 1 ) { 15 int *ptr = intblk(); 16 *ptr = (++i * 2); 17 if ( !(*ptr % 3) ) { 18 continue; 19 } 20 if ( *ptr > 500 ) { 21 abort(); 22 } 23 free( ptr ); 24 sleep( 1 ); 25 } 26 }% cc -g -o mleak leak.c# export UMEM_DEBUG=default# export LD_PRELOAD_32=/usr/lib/libumem.so.1# ./mleak &[1] 22427 High level summary memory leak report mdb's findleaks dcmd displays the potential memory leaks. The summary leak report shows the bufctl address along with the topmost stack frame at the point when the memory was allocated. eg., contd.,# mdb -p `pgrep mleak`Loading modules: [ ld.so.1 libumem.so[...]



New Article on OTN: Oracle Solaris Tools for Locality Observability

2016-08-09T22:13:01.516-07:00

Oracle Solaris provides a variety of tools and APIs to observe, diagnose, control, and even fix issues related to locality and latency. A brand new technical article describing some of the tools and APIs that can be used to examine the locality of CPUs, memory and I/O devices is currently available on Oracle Technology Network (OTN) at the following URL.

      Oracle Solaris Tools for Locality Observability

Knowledge of these commands and tools is especially beneficial when planning and maintaining virtualized environments.

Target audience: application developers, system administrators, and application administrators.