Re: randomize_va_space

From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Wed, 10 May 2023 14:56:19 -0400
Message-ID: <0bcdf8c1-0986-e6a8-5f3d-703c4bdc6d07_at_gmail.com>

On 5/9/23 18:37, Alan Sterger wrote:
> Hello Listers,
>
> On a multi Oracle homed (12c and 19c) RHEL 7.9 server, have started to
> observe infrequent (every 2 months) 'ORA-00445: background process
> "m001" did not start after 120 seconds' errors from both 12c and 19c
> instances. Seeing the same error from two different Oracle releases
> sort of points to a server kernel issue, specifically
> kernel.randomize_va_space=2.
>
> MOS Note 1345364.1 implies randomize_va_space was a thing in the past
> (11g,12c). However, appears Oracle is still recommending disabling in
> 19c on Oracle Cloud Infrastructure.
>
> What is your on-prem randomize_va_space?
>
> Thanks,
>
> -- Alan Sterger
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
I always set it to 0 on my remaining RHEL 7 installations, regardless of the database version. Address space randomization doesn't look like a useful feature from my perspective. Here is the Linux documentation for the parameter:

randomize_va_space
<https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#id73><https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#randomize-va-space>

This option can be used to select the type of process address space randomization that is used in the system, for architectures that support this feature.

Turn the process address space randomization off. This is the default for architectures that do not support this feature anyways, and kernels that are booted with the "norandmaps" parameter.

Make the addresses of mmap base, stack and VDSO page randomized. This, among other things, implies that shared libraries will be loaded to random addresses. Also for PIE-linked binaries, the location of code start is randomized. This is the default if the |CONFIG_COMPAT_BRK| option is enabled.

Additionally enable heap randomization. This is the default if |CONFIG_COMPAT_BRK| is disabled.

There are a few legacy applications out there (such as some ancient versions of libc.so.5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization.

Systems with ancient and/or broken binaries should be configured with |CONFIG_COMPAT_BRK| enabled, which excludes the heap from process address space randomization.

However, the parameter no longer exists in Oracle Linux 8:

[oracle_at_ora23c ~]$ sudo sysctl -p|grep -i random [oracle_at_ora23c ~]$ cat /etc/oracle-release Oracle Linux Server release 8.7
[oracle_at_ora23c ~]$

And yes, the VM houses Oracle 23c.

[oracle_at_ora23c dbhomeFree]$ sqlplus scott/tiger_at_localhost/freepdb1.home.com

SQL*Plus: Release 23.0.0.0.0 - Developer-Release on Wed May 10 14:55:05 2023 Version 23.2.0.0.0

Last Successful login time: Sat Apr 15 2023 21:49:22 -04:00

Connected to:
Oracle Database 23c Free, Release 23.0.0.0.0 - Developer-Release Version 23.2.0.0.0

SQL>

-- 
Mladen Gogala
Database Consultant
Tel: (347) 321-1217
https://dbwhisperer.wordpress.com

--
http://www.freelists.org/webpage/oracle-l

Received on Wed May 10 2023 - 20:56:19 CEST

This message: [ Message body ]
Next message: Mladen Gogala: "Re: randomize_va_space"
Previous message: Chris Taylor: "Re: randomize_va_space"
In reply to Alan Sterger: "randomize_va_space"
Next in thread: Alan Sterger: "Re: randomize_va_space"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message