Mark, I should have read a little more closely. Your R15 and R0 still contain the return and reason codes. Let the RESTORE and RETURN be L R13,4(R13) L R14,12(R13) LM R1,R12,24(R13) That will leave R15 and R0 as is without restoring the caller's content. Looks like you are destroying your return code with the L R15,RC statement.
Ramsey On Tue, Jul 15, 2025 at 2:25 PM Ramsey Hallman <[email protected]> wrote: > Mark, in your assembler code, you've "reverted" back to the callers R13 > and reloaded your registers prior to loading R15 with your return code. So > you are picking up something in the caller's storage area. Move your L > R15,RC to before the L and LM instruction in the RESTORE and RETURN code. > > On Tue, Jul 15, 2025 at 1:54 PM Steely.Mark < > [email protected]> wrote: > >> I did use the double parentheses and now I am getting RC 70 - which I am >> told is a denied request. >> I still don’t see the denied request in the TSS reports. I have contacted >> Broadcom to see if they can provide anymore insight. >> >> Thanks >> >> -----Original Message----- >> From: IBM Mainframe Discussion List <[email protected]> On Behalf >> Of Rupert Reynolds >> Sent: Tuesday, July 15, 2025 1:18 PM >> To: [email protected] >> Subject: Re: TSS Resource Class >> >> ! >> >> CAUTION! EXTERNAL SENDER! STOP, ASSESS, AND VERIFY Do you know this >> person? Were you expecting this email? If not, report it using the Report >> Phishing Button! >> >> Fishing way back in my memory, but I'd expect ENTITY to be padded with a >> blank x'40', or possibly even up to maximum length (44?). >> >> Back in the old days, passing via a register sometimes required double >> parentheses as in ENTITY=((R1)). If in doubt, coding ENTITY=ENTITY should >> work. >> >> And I'm interested how RACROUTE encodes CLASS='UR2'. Don't trust my >> memory, but questions worth asking, perhaps? >> >> Roops >> >> On Tue, 15 Jul 2025, 18:21 Steve Beaver, < >> [email protected]> wrote: >> >> > Your WORKAREA needs to be 512 >> > >> > >> > >> > >> > -----Original Message----- >> > From: IBM Mainframe Discussion List [mailto:[email protected]] >> > On Behalf Of Steely.Mark >> > Sent: Tuesday, July 15, 2025 11:53 AM >> > To: [email protected] >> > Subject: TSS Resource Class >> > >> > I've identified several UR1 and UR2 resource classes defined within >> > Broadcom Top Secret (TSS), and they appear to be configured for use. >> > I'd like to confirm whether these resources are actually being >> > accessed. >> > >> > I reached out to Broadcom, and they provided guidance on enabling >> > audit tracking and generating reports using TSSUTIL. According to >> > those reports, there is no indication that the >> > UR1/UR2 classes are currently >> > being used-but I'd like independent verification. >> > >> > To test this, I've obtained a sample program that is intended to >> > access a >> > UR1 or UR2 resource. The >> > expectation is that executing this program would trigger a security >> > access attempt (either permitted or denied), which should then appear >> > in the TSSUTIL report. >> > >> > However, the program is abending with an S0C4, and my assembler >> > experience is limited-I can't determine the root cause. I suspect the >> > issue may lie in the RACROUTE setup or how the parameters are being >> > passed. >> > >> > Would someone be able to review the program and verify whether the >> > RACROUTE is defined correctly or if any required setup is missing? >> > >> > Any assistance would be greatly appreciated. >> > >> > Sample Program: >> > >> > //ASM EXEC PGM=ASMA90,PARM=OBJ >> > //SYSLIB DD DSN=SYS1.MACLIB,DISP=SHR >> > // DD DSN=SYS1.MODGEN,DISP=SHR >> > // DD DSN=SYSI.TSS16.CAKOMAC0,DISP=SHR >> > // DD DSN=SYS2.XXXXXX.MACLIB,DISP=SHR >> > //SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1700,(600,100)) >> > //SYSUT2 DD DSN=&&SYSUT2,UNIT=SYSDA,SPACE=(1700,(300,50)) >> > //SYSUT3 DD DSN=&&SYSUT3,UNIT=SYSDA,SPACE=(1700,(300,50)) >> > //SYSPRINT DD SYSOUT=* >> > //SYSPUNCH DD DUMMY >> > //SYSLIN DD DSN=&&OBJSET,UNIT=SYSDA,SPACE=(80,(200,50)), >> > // DISP=(MOD,PASS) >> > //SYSIN DD * >> > URTEST CSECT >> > URTEST AMODE 31 >> > URTEST RMODE ANY >> > R0 EQU 0 >> > R1 EQU 1 >> > R2 EQU 2 >> > R3 EQU 3 >> > R4 EQU 4 >> > R5 EQU 5 >> > R6 EQU 6 >> > R7 EQU 7 >> > R8 EQU 8 >> > R9 EQU 9 >> > R10 EQU 10 >> > R11 EQU 11 >> > R12 EQU 12 >> > R13 EQU 13 >> > R14 EQU 14 >> > R15 EQU 15 >> > STM 14,12,12(13) SAVE CALLER'S REGISTERS >> > LR R12,R15 >> > USING URTEST,R12 >> > LA R3,SAVEAREA POINT TO OUR SAVEAREA >> > ST R13,4(R3) BACK-CHAIN >> > ST R3,8(R13) FORWARD-CHAIN >> > LR R13,R3 SET R13 = OUR SAVEAREA >> > >> > *-- SET POINTER TO ENTITY (FIXED) >> > LA R1,ENTITY >> > RACROUTE REQUEST=AUTH,ENTITY=(R1),CLASS='UR2',ATTR=READ, X >> > WORKA=WORKAREA >> > * STATUS=ACCESS,WORKA=WORKAREA >> > >> > *-- SAVE RETURN AND REASON CODES >> > ST R15,RC >> > ST R0,RSN >> > >> > *-- RESTORE AND RETURN >> > L R13,4(R13) >> > LM 14,12,12(13) >> > L R15,RC >> > BR R14 >> > >> > *------------------------------------------------------------------- >> > SAVEAREA DS 18F STANDARD 72-BYTE SAVEAREA >> > RC DC F'0' >> > RSN DC F'0' >> > WORKAREA DS CL100 RACROUTE WORKAREA >> > >> > ENTITY DC C'APP.DATA' RESOURCE NAME >> > DC X'00' NULL TERMINATOR (OPTIONAL) >> > >> > ENTPTR DC A(ENTITY) POINTER TO ENTITY NAME >> > >> > LTORG >> > END >> > //* >> > //LINK EXEC PGM=IEWL,PARM=('AMODE=31','RMODE=ANY') >> > //SYSLIN DD DSN=&&OBJSET,DISP=(OLD,DELETE) >> > // DD DDNAME=SYSIN >> > //SYSLMOD DD DISP=SHR,DSN=XXXXXX.LINKLIB >> > //* >> > //SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1024,(50,20)) >> > //SYSPRINT DD SYSOUT=* >> > //* >> > //SYSIN DD * >> > NAME TSSUSR12(R) >> > //* >> > //JS020 EXEC PGM=TSSUSR12 >> > //*ABNLIGNR DD DUMMY >> > //STEPLIB DD DISP=SHR,DSN=XXXXXX.LINKLIB //SYSUDUMP DD SYSOUT=* >> > //SYSPRINT DD SYSOUT=* // >> > >> > Thank You >> > >> > >> > ---------------------------------------------------------------------- >> > For IBM-MAIN subscribe / signoff / archive access instructions, send >> > email to [email protected] with the message: INFO IBM-MAIN >> > >> > ---------------------------------------------------------------------- >> > For IBM-MAIN subscribe / signoff / archive access instructions, send >> > email to [email protected] with the message: INFO IBM-MAIN >> > >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
