Thanks Jim. The need for instructions to be privileged for VM environments makes much sense when you tell it that way.
Peter -----Original Message----- From: IBM Mainframe Assembler List [mailto:ASSEMBLER-LIST@LISTSERV.UGA.EDU] On Behalf Of Jim Mulder Sent: Tuesday, October 27, 2015 1:21 AM To: ASSEMBLER-LIST@LISTSERV.UGA.EDU Subject: Re: Question of curiosity: Why are IVSK and TPROT instrictions privileged? <Snipped> In VM/370 (that is, prior to the invention of SIE in the 370/XA architecture), VM guests always ran in real problem state (even when they were in virtual supervisor state), so that VM could use the privileged-operation exception to intercept instructions which it needed to virtualize. TPROT was certainly an instruction which VM needed to intercept. After SIE in 370/XA, VM would no longer have needed to restrict TPROT to supervisor state. But we would have no way of knowing what other programs might have depended on it. Prior to BAKR/ESTA and EPSW, a program which wanted to determine whether it was running in problem vs. supervisor state might have issued a privileged instruction to see if it caused a privileged-operation exception (which it could intercept in an ESTAE). If the program happened to have chosen TPROT for that purpose, and TPROT had been changed to allow problem state use after SIE came along, that incompatible change to TPROT would have broken the program. I am not aware of any security reasons for restricting TPROT. As someone already posted, z/OS always turns on CR0.36, thus always allowing IVSK in problem state. -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
