> I am trying to avoid running key 0 or supervisor state to the extent possible.
I support that. ("I agree.") Least privilege and all that. Of course, least
privilege and "doing it the most efficient (at run time) way" (even as a
learning exercise) are sometimes mutually exclusive.
> LOCHIH REG,VALUE yes, load max
Yeah, jumps are cache-killers. LOCxxx is goodness.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of John McKown
Sent: Friday, June 7, 2019 10:38 AM
To: [email protected]
Subject: Re: dumb STORAGE OBTAIN question.
On Fri, Jun 7, 2019 at 12:15 PM Charles Mills <[email protected]> wrote:
> I am by no means an expert on this stuff. Whenever I have to touch my code
> I have the MVS and PoOp manuals open, close at hand, and in some cases,
> printed out and highlighted.
>
> > not fetch protected
>
> Not fetch protected has fallen way out of fashion! It is generally
> considered a security no-no these days. Look at all of the recent MVS APAR
> activity in that regard. In "version 1" of my product I buffered SMF
> records in non-fetch-protected storage. What's the big deal? The data was
> only there for a few seconds at most. It's not like SMF records have credit
> card numbers in them or anything. Wrong! But no one ever complained.
> Nonetheless, "version 2" moved the buffering to fetch-protected storage. I
> don't know what MVSCPCMD does (I can guess!) but I suspect again it is "not
> like it contains credit card numbers or anything" but who knows what some
> bad guy find useful for a hack, or some customer will find offends their
> sense of security?
>
> I don't have that subpool table in front of me but I assume you have
> looked through it and considered every pool.
>
> Wouldn't running in supervisor state solve the PKM problem? (And I don't
> have the PoOp open in front of me, so perhaps I am off base.)
>
I figure key 8 in private is fairly secure. This is not shared memory. Key
8 in common is stupid, of course. key 8 fetch protected seems silly because
most user code runs in key 8, so it's like a locked door where everybody
has a key. Yes, supervisor state allows any source key, regardless of PKM.
I am trying to avoid running key 0 or supervisor state to the extent
possible. In this case, most likely more overkill. If I could run entirely
in key 8, problem state, by having the proper APF authorization, I would be
happiest. I am really over optimising the code. But, then again, this is
for my learning, not for "get something running now". So I am rewriting
common instructions [ reg=min(reg,value) ] to use more "recent"
instructions.
Example:
CLI REG,VALUE too high?
JL LOWER no
LHI REG,VALUE yes, set to max
LOWER DS 0H
with
CLI REG,VALUE too high?
LOCHIH REG,VALUE yes, load max
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
