I think the reason is "least astonishment." Why would anyone expect that saying
"put me in problem state" or "put me in key 0/my own key" would specifically
and intentionally preclude my ability to put myself in my own key?
Ain't gonna change now. Unless someone wants to do a requirement. (Not I!) At
least I got the RFC to go in.
Actually, I made the argument privately that it seems mighty unlikely that
anyone is depending on the current behavior. ("What happened to my S0C2! OMG!
Production is flat on its back!") I do not think it was sufficiently persuasive.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Tony Harminc
Sent: Wednesday, December 14, 2016 11:35 AM
To: [email protected]
Subject: Re: Question on SPKA and Control Register 3
On 14 December 2016 at 08:38, Peter Relson <[email protected]> wrote:
> No it is not a bug. The "expectation" is incorrect. The updating of
> the PKM is fully documented and is what we wanted it to be.
I'm not saying it's a bug, but it feels immediately wrong for reasons I'm
having trouble articulating. I guess maybe it's this:
PSW key zero is of course not like other PSW keys. If your PSW key is 0, it
doesn't mean that you can access only key 0 storage, but all storage (speaking
here, naturally, only of key-controlled protection).
If you MODESET to problem state and (whether at the same time or
previously) you set a non-zero PSW key, it seems reasonable that you might
intend to limit your program's (perhaps one you will call) ability both to
execute privileged instructions, and to SPKA to storage of other than its PSW
key and perhaps key 9. (Yes, of course this is not a "hard" i.e. system
integrity type of limitation, but more of a "principle of least privilege"
thing, as Charles suggests.) But such a program running with PSW key 0 can
*already* access all storage. Surely prohibiting it from further limiting and
then restoring its own access is not useful, and doesn't align with the
fundamental behaviour of key-controlled protection.
I think the behaviour for PSW key 0 should be different from that for other
keys. Probably MODESET should set the PKM to include 0 and the user key (plus
9, as appropriate) that was in effect before the MODESET to KEY=ZERO.
Yeah, I know, ain't gonna change now...
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
