IBM AIX Continuous Availability Features - IBM Redbooks

More documents

Recommendations

Info

2.2.1 Error checking Run-Time Error Checking The Run-Time Error Checking (RTEC) facility provides service personnel with a method to manipulate debug capabilities that are already built into product binaries. RTEC provides powerful first failure data capture and second failure data capture error detection features. The basic RTEC framework is introduced in AIX V5.3 TL3, and has now been extended with additional features. RTEC features include the Consistency Checker and Xmalloc Debug features. Features are generally tunable with the errctrl command. Some features also have attributes or commands specific to a given subsystem, such as the sodebug command associated with new socket debugging capabilities. The enhanced socket debugging facilities are described in the AIX publications, which can be found online at the following site: http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp Kernel stack overflow detection Beginning with the AIX V5.3 TL5 package, the kernel provides enhanced logic to detect stack overflows. All running AIX code maintains an area of memory called a stack, which is used to store data necessary for the execution of the code. As the code runs, this stack grows and shrinks. It is possible for a stack to grow beyond its maximum size and overwrite other data. These problems can be difficult to service. AIX V5.3 TL5 introduces an asynchronous run-time error checking capability to examine if certain kernel stacks have overflowed. The default action upon overflow detection is to log an entry in the AIX error log. The stack overflow run-time error checking feature is controlled by the ml.stack_overflow component. AIX V6.1 improves kernel stack overflow detection so that some stacks are guarded with a synchronous overflow detection capability. Additionally, when the recovery framework is enabled, some kernel stack overflows that previously were fatal are now fully recoverable. Kernel no-execute protection Also introduced in the AIX V5.3 TL5 package, no-execute protection is set for various kernel data areas that should never be treated as executable code. This exploits the page-level execution enable/disable hardware feature. The benefit is immediate detection if erroneous device driver or kernel code inadvertently make a stray branch onto one of these pages. Previously the behavior would likely lead to a crash, but was undefined. This enhancement improves kernel reliability and serviceability by catching attempts to execute invalid addresses immediately, before they have a chance to cause further damage or create a difficult-to-debug secondary failure. This feature is largely transparent to the user, because most of the data areas being protected should clearly be non-executable. 2.2.2 Extended Error Handling In 2001, IBM introduced a methodology that uses a combination of system firmware and Extended Error Handling (EEH) device drivers that allow recovery from intermittent PCI bus errors. This approach works by recovering and resetting the adapter, thereby initiating system recovery for a permanent PCI bus error. Rather than failing immediately, the faulty device is “frozen” and restarted, preventing a machine check. POWER6 technology extends this capability to PCIe bus errors. 20 IBM AIX Continuous Availability Features
2.2.3 Paging space verification 2.2.4 Storage keys Finding the root cause of system crashes, hangs or other symptoms when that root cause is data corruption can be difficult, because the symptoms can appear far downstream from where the corruption was observed. The page space verification design is intended to improve First Failure Data Capture (FFDC) of problems caused by paging space data corruption by checking that the data read in from paging space matches the data that was written out. When a page is paged out, a checksum will be computed on the data in the page and saved in a pinned array associated with the paging device. If and when it is paged back in, a new checksum will be computed on the data that is read in from paging space and compared to the value in the array. If the values do not match, the kernel will log an error and halt (if the error occurred in system memory), or send an exception to the application (if it occurred in user memory). Paging space verification can be enabled or disabled, on a per-paging space basis, by using the mkps and chps commands. The details of these commands can be found in their corresponding AIX man pages. Most application programmers have experienced the inadvertent memory overlay problem where a piece of code accidentally wrote to a memory location that is not part of the component’s memory domain. The new hardware feature, called storage protection keys, and referred to as storage keys in this paper, assists application programmers in locating these inadvertent memory overlays. Memory overlays and addressing errors are among the most difficult problems to diagnose and service. The problem is compounded by growing software size and increased complexity. Under AIX, a large global address space is shared among a variety of software components. This creates a serviceability issue for both applications and the AIX kernel. The AIX 64-bit kernel makes extensive use of a large flat address space by design. This is important in order to avoid costly MMU operations on POWER processors. Although this design does produce a significant performance advantage, it also adds reliability, availability and serviceability (RAS) costs. Large 64-bit applications, such as DB2®, use a global address space for similar reasons and also face issues with memory overlays. Storage keys were introduced in PowerPC® architecture to provide memory isolation, while still permitting software to maintain a flat address space. The concept was adopted from the System z and IBM 390 systems. Storage keys allow an address space to be assigned context-specific protection. Access to the memory regions can be limited to prevent, and catch, illegal storage references. A new CPU facility, Authority Mask Register (AMR), has been added to define the key set that the CPU has access to. The AMR is implemented as bit pairs vector indexed by key number, with distinct bits to control read and write access for each key. The key protection is in addition to the existing page protection bits. For any load or store process, the CPU retrieves the memory key assigned to the targeted page during the translation process. The key number is used to select the bit pair in the AMR that defines if an access is permitted. A data storage interrupt occurs when this check fails. The AMR is a per-context register that can be updated efficiently. The TLB/ERAT contains storage key values for each virtual page. This allows AMR updates to be efficient, since they do not require TLB/ERAT invalidation. Chapter 2. AIX continuous availability features 21
Page 1: Front cover IBM AIX Continuous Avai
Page 4 and 5: Note: Before using this information
Page 6 and 7: 2.3.7 Minidump . . . . . . . . . .
Page 8 and 9: vi IBM AIX Continuous Availability
Page 10 and 11: Trademarks The following terms are
Page 12 and 13: Engineering degree in Computer Scie
Page 14 and 15: Find out more about the residency p
Page 16 and 17: 1.1 Overview In May 2007, IBM intro
Page 18 and 19: 1.5 Continuous operations Continuou
Page 20 and 21: 1.6.2 Availability 1.6.3 Serviceabi
Page 22 and 23: IBM has tried to enhance FFDC featu
Page 24 and 25: 10 IBM AIX Continuous Availability
Page 26 and 27: 2.1 System availability AIX is buil
Page 28 and 29: On AIX 5.3, the only way to persist
Page 30 and 31: When used on a standalone server (s
Page 32 and 33: mirrored volume group on the client
Page 36 and 37: The PowerPC hardware gives software
Page 38 and 39: System dumps can also be user-initi
Page 40 and 41: Live dumps are small dumps that do
Page 42 and 43: Trace is a valuable tool for observ
Page 44 and 45: Component Trace uses mechanisms sim
Page 46 and 47: 2.3.14 syslog To display the boot l
Page 48 and 49: Logging can be added to many of the
Page 50 and 51: compression: on path specification:
Page 52 and 53: 2.4.4 EtherChannel network traffic
Page 54 and 55: 2.4.6 2-Port Adapter-based Ethernet
Page 56 and 57: operations) without affecting produ
Page 58 and 59: Quorum A quorum is a vote of the nu
Page 60 and 61: 2.5.8 Journaled File System-related
Page 62 and 63: Fast I/O failure is controlled by a
Page 64 and 65: display its output in a format suit
Page 66 and 67: For more detailed information about
Page 68 and 69: 54 IBM AIX Continuous Availability
Page 70 and 71: 3.1 AIX Reliability, Availability,
Page 72 and 73: This means that traditional AIX sys
Page 74 and 75: used by IBM service personnel, so t
Page 76 and 77: also be used to obtain a snapshot o
Page 78 and 79: 3.5 Live dump and component dump Li
Page 80 and 81: lfs filesystem ._0 | NO | ON/3 | OF
Page 82 and 83: .vmker | YES | ON/3 | OFF/3 .vmpool
Page 84 and 85:
The output of Start a Live Dump is
Page 86 and 87:
Table 3-3 Concurrent update termino
Page 88 and 89:
We tested the installation of an ef
Page 90 and 91:
Setting efix state to: STABLE +----
Page 92 and 93:
mode, storage keys are called user
Page 94 and 95:
Example 3-19 shows the SMIT menu fo
Page 96 and 97:
might share a given hardware key. M
Page 98 and 99:
KKEY_UPUBLIC, KKEY_FILE_DATA KKEY_U
Page 100 and 101:
Note: Kernel keys and keysets, whic
Page 102 and 103:
extension key-aware is determining
Page 104 and 105:
added a protection gate for the int
Page 106 and 107:
} printf("hardware keyset after KER
Page 108 and 109:
} param=atoi(*(argv+1)); printf("Te
Page 110 and 111:
Load the kernel extension so that a
Page 112 and 113:
3 : 000000000000000A r4 : F10006C00
Page 114 and 115:
3.7.7 User mode protection keys Use
Page 116 and 117:
► The APIs provided by the system
Page 118 and 119:
if (!strcmp(*(argv+1),"read")){ if
Page 120 and 121:
strlen() at 0xd010da00 _doprnt(??,
Page 122 and 123:
int pthread_attr_setukeyset_np (pth
Page 124 and 125:
Machine State Save Area iar : 00000
Page 126 and 127:
As a consequence, determining the r
Page 128 and 129:
A Vue script or Vue program is a pr
Page 130 and 131:
► An optional predicate The predi
Page 132 and 133:
3. Interval probe manager The inter
Page 134 and 135:
{ int count; count = count +1; prin
Page 136 and 137:
► Errno names ► Signal names
Page 138 and 139:
* will result in error out of read(
Page 140 and 141:
This places a large part of the bur
Page 142 and 143:
Note: The frequency of checks made
Page 144 and 145:
Non-fragments 00000066 Promotions 0
Page 146 and 147:
immediately after the returned stor
Page 148 and 149:
This option should be used with car
Page 150 and 151:
3.9.6 KDB commands for XMDBG ► xm
Page 152 and 153:
138 IBM AIX Continuous Availability
Page 154 and 155:
Name AIX version Hardware required
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Online resources These Web sites ar
Page 162 and 163:
sysdumpdev 27 tprof 28 trace 28 trc
Page 164:
subsequent reboot 71, 133 SUE 18 Sy
show all

IBM AIX Continuous Availability Features - IBM Redbooks

Create successful ePaper yourself

Delete template?

Save as template?