I don't think you can differentiate between the root cause and the immediate cause when it comes to security and integrity. You may not necessarily be able to detect the root cause, but you must protect the system against the immediate cause if at all possible.
Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Bill Holder > Sent: Thursday, September 17, 2009 10:35 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: VM lockup due to storage typo > > Sure, true enough, but the exposure was not caused by the > guest action. Yes, it wouldn't have happened had the guest > not logged on an IPLed, but that wasn't the root cause, the typo was. > The action of the class G user didn't cause the problem, > therefore it's not a Denial of Service attack case. Note > that I'm not saying it's not APARable, however. > > Regards, > - Bill Holder > > On Thu, 17 Sep 2009 10:21:05 -0700, Schuh, Richard > <rsc...@visa.com> wrot= > e: > > >An IPL isn't an action? True, the guest was not aware that it would > >harm= > > the system, but absent that action by the guest, there would > not have bee= n a problem. The guest was an unwitting agent, > a part of a bot net, as it wer= e. > > > >Regards, > >Richard Schuh > > > > > > > >> -----Original Message----- > >> From: The IBM z/VM Operating System > >> [mailto:ib...@listserv.uark.edu] On Behalf Of Bill Holder > >> Sent: Thursday, September 17, 2009 9:14 AM > >> To: IBMVM@LISTSERV.UARK.EDU > >> Subject: Re: VM lockup due to storage typo > >> > >> I don't entirely agree. The action of the guest did not > cause harm > >> to CP, it was the action of the operations staff which > did. This is > >> not a denial of service case that I can see. > >> > >> Bill Holder > >> z/VM Development, Memory Management team leader, IBM > >> > >> On Tue, 15 Sep 2009 09:59:09 -0700, Schuh, Richard > <rsc...@visa.com> > >> wrot= > >> e: > >> > >> >Maybe CP couldn't know that the guest would do something > bad, but it > >> >= > > >> >sho= > >> uld > >> know that it has opened itself to the possibility that the guest > >> could, i= n normal operation, cause the problem. > >> >One of Alan's first precepts of information security and > >> integrity is > >> >th= > >> at > >> the guest cannot be allowed to harm the CP. This clearly violates > >> that. > >> > > >> >Regards, > >> >Richard Schuh > >> > > >> > > >> > > >> >> -----Original Message----- > >> >> From: The IBM z/VM Operating System > >> >> [mailto:ib...@listserv.uark.edu] On Behalf Of Tom Duerbusch > >> >> Sent: Tuesday, September 15, 2009 9:19 AM > >> >> To: IBMVM@LISTSERV.UARK.EDU > >> >> Subject: Re: VM lockup due to storage typo > >> >> > >> >> CP wouldn't know at IPL time, the guest would, not could, > >> but would > >> >> cause such harm. > >> >> > >> >> Just because you say you can use xxx GB, doesn't mean you would > >> >> actually use them. > >> >> > >> >> When page fills, it over flows to spool. > >> >> When spool fills, CP abends on the next pageout. > >> >> > >> >> Tom Duerbusch > >> >> THD Consulting > >> >> > >> >> >>> Marcy Cortes <marcy.d.cor...@wellsfargo.com> 9/15/2009 > >> >> 11:02 AM >>> > >> >> See a thread on this list with subject "Sanity check?" > >> from Oct 2007 > >> >> for what happened when I did the same thing ;) > >> >> > >> >> You probably filled page space. > >> >> > >> >> I still think IBM should refuse to IPL a guest that will > >> cause such > >> >> harm. > >> >> > >> >> > >> >> Marcy > >> >> > >> >> "This message may contain confidential and/or privileged > >> information. > >> >> If you are not the addressee or authorized to receive > this for the > >> >> = > > >> >> addressee, you must not use, copy, disclose, or take any > >> action based > >> >> on this message or any information herein. If you have > >> received this > >> >> message in error, please advise the sender immediately by reply > >> >> e-mail and delete this message. Thank you for your cooperation." > >> >> > >> >> > >> >> -----Original Message----- > >> >> From: The IBM z/VM Operating System > >> >> [mailto:ib...@listserv.uark.edu] On Behalf Of Lee Stewart > >> >> Sent: Tuesday, September 15, 2009 8:39 AM > >> >> To: IBMVM@LISTSERV.UARK.EDU > >> >> Subject: [IBMVM] VM lockup due to storage typo > >> >> > >> >> Does anyone have an idea of how we might have gotten > out of this > >> >> without an IPL? > >> >> > >> >> VM LPAR has 175G of memory and a flock of Linux Oracle > guests... = > > >> >> Several guests needed more memory added so the directory was > >> >> updated and one by one the guests shutdown, logged off and back > >> >> on. So far, so good. > >> >> > >> >> But... In changing the memory for many guests, and it > being late > >> >> at night after a long day, while meaning to set a > guest's memory > >> >> to 9728M, it got set to 9728G. When that guest was > cycled we see > >> >> the message on the console that it's memory was limited to 8TB > >> >> (HCPLGN093E), then the VM system appeared to freeze. > >> >> > >> >> We couldn't get in via TCP/IP, or the HMC Operating System > >> >> Messages screen, or the HMC Integrated 3270. > >> >> > >> >> Finally had to IPL. Even that was wierd as I'd have > >> >> expected the Load > >> >> Normal to shutdown, it just IPLed. We did NoAutolog, > >> fixed the typo = > >> > >> >> and all came back up ok... > >> >> > >> >> I suspect CP was scrambling paging everything in the > world out as > >> >> Linux > >> >> tried to initialize that 8TB of memory... But I'm surprised > >> >> I couldn't > >> >> even get into the HMC consoles (to kill just that one guest as > >> >> opposed to all of them).. > >> >> > >> >> Any thoughts? > >> >> Lee > >> >> -- > >> >> > >> >> Lee Stewart, Senior SE > >> >> Sirius Computer Solutions > >> >> Phone: (303) 996-7122 > >> >> Email: lee.stew...@siriuscom.com > >> >> Web: www.siriuscom.com > >> >> ======================== > == > >> ========================= > == > >> ======================= > >> >
