Oracle Database on Solaris: Known Issue when ASLR is enabled
Last updated on AUGUST 19, 2017
Applies to:Oracle Database - Enterprise Edition - Version 188.8.131.52 and later
Oracle Solaris on x86-64 (64-bit)
Oracle Solaris on SPARC (64-bit)
Issues are noticed with Oracle Database which is using fixed addresses when attaching shared memory segments, which causes issues with ASLR is enabled.
Solaris has an ability to tag binaries in order to enable or disable ASLR, per binary.
localhost # elfdump /opt/Alliance/Access/database/bin/oracle | grep ASLR
/opt/Alliance/Access/database/bin/oracle: .SUNW_version: zero sh_entsize information, expected 0x1
OracleDB should make use of the tagging and disable ASLR, as this would allow for ASLR to be enabled globally otherwise.
- saa_control wakes up every 60s and runs a variety of checks
One of the test is it tries to connect to the database by running:
Each time the Oracle process starts (once a minute) it tries to attach to multiple SHM segments by calling shmat(). It usually works fine, but once or twice a day shmat() returns with errno 22. The SHM segment does exist, as after shmat() fails it calls shmctl(IPC_STAT) which confirms the SHM ID is valid.
It turned out that the issue is that the Oracle database calls shmat(48, 0x3c0000000, SHM_PAGEABLE) – notice that it explicitly specifies virtual address where it wants the SHM segment to be mapped at. But ASLR also enabled globally, so it seems from time to time, when the process starts and before it calls shmat() some other allocations might already use the portion of the address-space it will try to shmat() a moment later, so it fails with EINVAL.
Once global ASLR was disabled the problem went away.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms