SecureOS와 AIX 6.1의 Storage Key Protection 옵션의 충돌 해결하기

aix6-intro.pdf

Power 6 CPU 이상이 설치된 AIX 6.1 머신에 SecureOS S/W를 설치하는 도중 서버가 Panic 이 발생하는 경우가 있다. 이 문제는 확인결과 AIX 6.1 이상 Power 6 CPU 이상이 설치된 서버에서만 발생하며 AIX 6.1에 새롭게 추가된 Storage Key Protection 기능 대문인 것으로 확인되었다.

해결방법은 운영체제의 해당 기능을 Off 하는 것이며 이 기능을 Off 했을 때 성능 혹은 안정성의 변화는 없다고 되어 있다.

OS : AIX 6.1 (Power 6 CPU)

Storage Key Protection 옵션 Disable하기

smitty -> Problem Determination -> Storage Protection Keys -> Change/Show 메뉴에서 확인 가능하며

변경 후 리부팅해야 적용됨.

커맨드라인

# skeyctl -k off

—- AIX 6.1 TL3 이상에서는 다음과 같이 한단계를 더 거쳐야 하는 듯. (확인 요망)
Or there is a work around:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A temporary workaround is to turn off storage keys feature on the customer systems that are panicking. However, a rebuild of the kernel image and subsequent reboot of the systems will be required after turning off storage keys. There are 2 ways in which this can be done:
(1) smitty (recommended way):
=============================
smitty -> Problem Determination -> Storage Protection Keys -> Change/Show Kernel
Storage Protection Keys State -> Change Next Boot Kernel Storage Protection Keys
State -> Next Boot Kernel Storage Protection Keys State
Now press so that setting now says ‘disabled’. Also, set “Run bosboot
automatically” to ‘yes’. Press Enter and then exit smitty after changes are applied and bosboot has completed.
Reboot the system.
(2) skeyctl command:
====================
Run the skeyctl on one of the systems. It should display output similar to the
following:
[/]# skeyctl
Storage Key attributes for current boot session:
Number of hardware keys = 8
Number of user keys = 2
Kernel keys = enabled
Exclusive kernel key value = disabled
If the ‘Kernel keys’ says ‘enabled’, then the storage keys feature is enabled on
the system. This may be disabled and settings for next boot may be viewed using
following commands:
[/]# skeyctl -k off
[/]# skeyctl -v boot
Storage Key attributes for next boot session:
Number of hardware keys = default
Number of user keys = default
Kernel keys = disabled
Exclusive kernel key value = disabled
Build kernel image using bosboot.
Reboot the system now.
The storage keys feature was added by IBM with the intent of being able to catch illegal memory accesses across different kernel modules. The advantage of this is the ability to pinpoint the exact memory reference causing the problem and hence faster debugging when a problem occurs in the system (such as a system crash). In other words, having this feature enabled is a sort of an extra aid in problem determination when a problem occurs in the system (that is why it is located under the “Problem Determination” menu in smit/smitty).
Turning off this feature will have no side impact as such and definitely no performance deterioration.