Auto: Re: Question about IEAMSCHD
Je suis absent du 02 janvier 2024 au 05 janvier 2024 inclus. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
If I were you I wouldn't advertise to the world that I have an integrity exposure. -- Tom Marchant On Sat, 30 Dec 2023 17:25:03 -0600, Steve Beaver wrote: >I have the code to turn on the >JSCBAUTH however it is a SVC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
>Binyamin wrote :> :>What is a "non-authorized" address space? :> :>Everyone I know would consider that to be an address space for which the jobstep program is not both linkedited AC=1 and gotten from an APF-authorized concatenation, and is not a system key address space (as could be defined in such places as the program properties table). In the context of SRB? I'd say "yes" (or "not applicable" since this is about an address space, not about whether a work unit is or is not currently running in a system state - which I would characterize as supervisor state or PSW key 0-7). SRBs (key 0 supervisor state typically) can run in unauthorized address spaces. The authorization of the address space is not related to the authorization of an SRB running within that address space. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
I'm not aware of any IBM documentation that refers to a dispatching unit as authorized or unauthorized. Nor can I imagine any meaning for "unauthorized SRB code". -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר From: IBM Mainframe Discussion List on behalf of Binyamin Dissen Sent: Sunday, December 31, 2023 11:26 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Question about IEAMSCHD On Sun, 31 Dec 2023 14:50:45 + Peter Relson wrote: :>Binyamin wrote :> :>What is a "non-authorized" address space? :> :>Everyone I know would consider that to be an address space for which the jobstep program is not both linkedited AC=1 and gotten from an APF-authorized concatenation, and is not a system key address space (as could be defined in such places as the program properties table). In the context of SRB? -- Binyamin Dissen http://www.dissensoftware.com/ Director, Dissen Software, Bar & Grill - Israel -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
On Sun, 31 Dec 2023 14:50:45 + Peter Relson wrote: :>Binyamin wrote :> :>What is a "non-authorized" address space? :> :>Everyone I know would consider that to be an address space for which the jobstep program is not both linkedited AC=1 and gotten from an APF-authorized concatenation, and is not a system key address space (as could be defined in such places as the program properties table). In the context of SRB? -- Binyamin Dissen http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
Paul D wrote "To run an SRB routine in a different address space from the scheduling code, the SRB routine must be either in a different program that is accessible from the target address space, or in the common storage together with the scheduling code." This is nothing more than a statement that you cannot have the SRB routine be in the private storage of the address space of the scheduler in such a case. The SRB routine has to be addressable in the target address space and thus can be in the private storage of the target address space or can be in common storage. If you want it in private storage, it is up to you go get it loaded there. Steve B wrote I have the code to turn on the JSCBAUTH however it is a SVC I sure hope no one lets you install that SVC on a system that anyone cares much about. Except in a vanishingly small percentage of cases, this is an extreme system integrity violation. Binyamin wrote What is a "non-authorized" address space? Everyone I know would consider that to be an address space for which the jobstep program is not both linkedited AC=1 and gotten from an APF-authorized concatenation, and is not a system key address space (as could be defined in such places as the program properties table). Starting (and even running) in problem state and user key is not enough for the characterization. The user program in a non-authorized address space cannot switch itself to an authorized state. Of course within a non-authorized address space at various points code runs authorized (such as after an SVC or a non-space-switching PC that is defined to execute in supervisor state and/or a system key). Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
On Sat, Dec 30, 2023 at 03:36:44PM +, esst...@juno.com wrote: > Can someone please clarify this statement regarding IEAMSCHD - > . > "To run an SRB routine in a different address space from the > scheduling code, the SRB routine must be either in a different > program that is accessible from the target address space, or > in the common storage together with the scheduling code." An SRB is just a small control block containing the ASID for the SRB routine to run in and the SRB routine entry point address in that address space (plus more). So the entry point has to be either in the system common space which is in all address spaces or else in the target address space (the supplied ASID). The system is just going to branch to the target address you supply in the address space you specified to run the SRB routine. I don't think it means any more than that. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
An SRB is for running privileged code, regardless of whether the jobstep is authorized. . The code has to be at an address that the processor can access within the target address space. That can be in the common area or in the private area. The placement is not an integrity issue. The same rules apply regardless of where the code is. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר From: IBM Mainframe Discussion List on behalf of esst...@juno.com Sent: Saturday, December 30, 2023 10:36 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Question about IEAMSCHD . Hello . Can someone please clarify this statement regarding IEAMSCHD - . "To run an SRB routine in a different address space from the scheduling code, the SRB routine must be either in a different program that is accessible from the target address space, or in the common storage together with the scheduling code." . The above was taken from Example 7 of IEAMSCHD - https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb . It makes no reference to the authorization of the target srb routine. . I would like to schedule an SRB using IEAMSCHD to a non-authorized Address Space - I would prefer not to place the target SRB routine in common storage. . I suspect its implied this is an integrity issue; as the target SRB Routine would be loaded by the Non Authorized Address Space, AND the Target SRB Routine is entered in supervisor state. . . . paul dangelo . . -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
I have the code to turn on the JSCBAUTH however it is a SVC Sent from my iPhone No one said I could type with one thumb > On Dec 30, 2023, at 17:22, Seymour J Metz wrote: > > SRBs do not run under TCBs and the code is privileged. Asynchronous code > under a TCB has an IRB unless SIRB is still a thing for error recovery. > > The key and mode is a separate issue from authorization, which is JSCBAUTH. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > > From: IBM Mainframe Discussion List on behalf of > Jon Perryman > Sent: Saturday, December 30, 2023 2:55 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Question about IEAMSCHD > >> On Sat, 30 Dec 2023 15:36:44 GMT, esst...@juno.com wrote: >> >> I would like to schedule an SRB using IEAMSCHD to a non-authorized >> Address Space - I would prefer not to place the target SRB routine in common >> storage. > > It's important to tell us about the problem you need to solve because you > only told us SRB is how you will solve that problem. Maybe XMEM, PC routine > or ??? is a better solution. SRB routines are required to be in common but > maybe your problem requires the SRB routine be in common. Do you actually > need an SRB because it must execute in that address space? > > You schedule an SRB to a TCB so I'm guessing you meant an unauthorized TCB. > This is irrelevant unless you have code that must run unauthorized as opposed > to running the SRB in problem state. > > If your SRB routine is not in common, then you most likely use XMEM (some > obscure exceptions) where you most likely use primary, secondary, home (again > some obscure exceptions). Learn how to use primary, secondary and home. Most > important, be consistent about how you use it otherwise you could have a mess > on your hands. > >> Can someone please clarify this statement regarding IEAMSCHD - >> . >> "To run an SRB routine in a different address space from the >> scheduling code, the SRB routine must be either in a different >> program that is accessible from the target address space, or >> in the common storage together with the scheduling code." >> . >> The above was taken from Example 7 of IEAMSCHD - >> https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb > > Example 7 specifies ENV=STOKEN which potentially inv -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
SRBs do not run under TCBs and the code is privileged. Asynchronous code under a TCB has an IRB unless SIRB is still a thing for error recovery. The key and mode is a separate issue from authorization, which is JSCBAUTH. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר From: IBM Mainframe Discussion List on behalf of Jon Perryman Sent: Saturday, December 30, 2023 2:55 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Question about IEAMSCHD On Sat, 30 Dec 2023 15:36:44 GMT, esst...@juno.com wrote: >I would like to schedule an SRB using IEAMSCHD to a non-authorized >Address Space - I would prefer not to place the target SRB routine in common >storage. It's important to tell us about the problem you need to solve because you only told us SRB is how you will solve that problem. Maybe XMEM, PC routine or ??? is a better solution. SRB routines are required to be in common but maybe your problem requires the SRB routine be in common. Do you actually need an SRB because it must execute in that address space? You schedule an SRB to a TCB so I'm guessing you meant an unauthorized TCB. This is irrelevant unless you have code that must run unauthorized as opposed to running the SRB in problem state. If your SRB routine is not in common, then you most likely use XMEM (some obscure exceptions) where you most likely use primary, secondary, home (again some obscure exceptions). Learn how to use primary, secondary and home. Most important, be consistent about how you use it otherwise you could have a mess on your hands. >Can someone please clarify this statement regarding IEAMSCHD - >. >"To run an SRB routine in a different address space from the >scheduling code, the SRB routine must be either in a different >program that is accessible from the target address space, or >in the common storage together with the scheduling code." >. >The above was taken from Example 7 of IEAMSCHD - >https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb Example 7 specifies ENV=STOKEN which potentially involves a third address space where the SRB routine must be addressable. The routine cannot be included with the IEAMSCHD because it's not addressable by the SRB. >It makes no reference to the authorization of the target srb routine. SRB's are authorized but that does not prevent your SRB from switching to / from problem state. >I suspect its implied this is an integrity issue; as the target SRB Routine >would be loaded by the Non Authorized Address Space, AND the Target >SRB Routine is entered in supervisor state. This is not an integrity issue because IEAMSCHD specifies the address of the SRB routine and it is your responsibility to ensure this address is for code that does not create an authorization exposure. This is a requirement for running authorized and has nothing to do with SRB. You never allow unauthorized programs to pass an executable address to your program running authorized regardless of the environment you are running.. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
On Sat, 30 Dec 2023 19:52:42 GMT "esst...@juno.com" wrote: :>. :>Binyamin wrote :>What is a "non-authorized" address space? :>Key 8 Problem state job/started task SRBs do not run in/as tasks. They always get control in supervisor state. . :>If you want to run code that should not be in supervisor state, have the SRB :>create an IRB. : :>Can You elaborate on this ? :>Did You mean SRB Routine ? :>How does the SRB create an IRB ? I must have missed something. SCHEDIRB . :>paul :> :>.-- Original Message -- :>From: Binyamin Dissen :>To: IBM-MAIN@LISTSERV.UA.EDU :>Subject: Re: Question about IEAMSCHD :>Date: Sat, 30 Dec 2023 19:28:10 +0200 :> :>On Sat, 30 Dec 2023 15:36:44 GMT "esst...@juno.com" wrote: :> :>::>Can someone please clarify this statement regarding IEAMSCHD - :>: :>:>"To run an SRB routine in a different address space from the :>:>scheduling code, the SRB routine must be either in a different :>:>program that is accessible from the target address space, or :>:>in the common storage together with the scheduling code." :>: :>:>The above was taken from Example 7 of IEAMSCHD - :>:>https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb :>. :> :> :> :> :>>It makes no reference to the authorization of the target srb routine. :> :>Well, the SRB runs in supervisor state. You, as the scheduler, are responsible :>for integrity and not give control to arbitrary routines. :>. :>:>I would like to schedule an SRB using IEAMSCHD to a non-authorized :>:>Address Space - I would prefer not to place the target SRB routine in common storage. :> :>What is a "non-authorized" address space? :>. :>:>I suspect its implied this is an integrity issue; as the target SRB Routine :>:>would be loaded by the Non Authorized Address Space, AND the Target :>:>SRB Routine is entered in supervisor state. :> :>If you want to run code that should not be in supervisor state, have the SRB :>create an IRB. The IRB will not run supervisor state unless you request it. -- Binyamin Dissen http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
On Sat, 30 Dec 2023 19:52:42 GMT, esst...@juno.com wrote: >Binyamin wrote >>What is a "non-authorized" address space? >Key 8 Problem state job/started task He's telling you there is no such thing as a "non-authorized" job/STC. A job/stc does not have a key or state. Running authorized is different from the key and state. An RB (e.g. PRB or IRB) running unauthorized cannot change it's key and state whereas an RB (e.g. PRB or SRB) running authorized can switch key and state. Nothing stops an authorized RB (e.g. SRB or PRB) switching to & from key 8 problem state. >If you want to run code that should not be in supervisor state, have the SRB >create an IRB. >. >Can You elaborate on this ? >Did You mean SRB Routine ? >How does the SRB create an IRB ? I must have missed something. If you have code that must run unauthorized key 8 problem state, then you can use the SCHEDIRB macro that runs an RB called IRB. Chances are this is overkill and switching your SRB to key 8 problem state is probably sufficient. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
On Sat, 30 Dec 2023 15:36:44 GMT, esst...@juno.com wrote: >I would like to schedule an SRB using IEAMSCHD to a non-authorized >Address Space - I would prefer not to place the target SRB routine in common >storage. It's important to tell us about the problem you need to solve because you only told us SRB is how you will solve that problem. Maybe XMEM, PC routine or ??? is a better solution. SRB routines are required to be in common but maybe your problem requires the SRB routine be in common. Do you actually need an SRB because it must execute in that address space? You schedule an SRB to a TCB so I'm guessing you meant an unauthorized TCB. This is irrelevant unless you have code that must run unauthorized as opposed to running the SRB in problem state. If your SRB routine is not in common, then you most likely use XMEM (some obscure exceptions) where you most likely use primary, secondary, home (again some obscure exceptions). Learn how to use primary, secondary and home. Most important, be consistent about how you use it otherwise you could have a mess on your hands. >Can someone please clarify this statement regarding IEAMSCHD - >. >"To run an SRB routine in a different address space from the >scheduling code, the SRB routine must be either in a different >program that is accessible from the target address space, or >in the common storage together with the scheduling code." >. >The above was taken from Example 7 of IEAMSCHD - >https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb Example 7 specifies ENV=STOKEN which potentially involves a third address space where the SRB routine must be addressable. The routine cannot be included with the IEAMSCHD because it's not addressable by the SRB. >It makes no reference to the authorization of the target srb routine. SRB's are authorized but that does not prevent your SRB from switching to / from problem state. >I suspect its implied this is an integrity issue; as the target SRB Routine >would be loaded by the Non Authorized Address Space, AND the Target >SRB Routine is entered in supervisor state. This is not an integrity issue because IEAMSCHD specifies the address of the SRB routine and it is your responsibility to ensure this address is for code that does not create an authorization exposure. This is a requirement for running authorized and has nothing to do with SRB. You never allow unauthorized programs to pass an executable address to your program running authorized regardless of the environment you are running.. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
. Binyamin wrote What is a "non-authorized" address space? Key 8 Problem state job/started task . If you want to run code that should not be in supervisor state, have the SRB create an IRB. . Can You elaborate on this ? Did You mean SRB Routine ? How does the SRB create an IRB ? I must have missed something. . paul .-- Original Message -- From: Binyamin Dissen To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Question about IEAMSCHD Date: Sat, 30 Dec 2023 19:28:10 +0200 On Sat, 30 Dec 2023 15:36:44 GMT "esst...@juno.com" wrote: ::>Can someone please clarify this statement regarding IEAMSCHD - : :>"To run an SRB routine in a different address space from the :>scheduling code, the SRB routine must be either in a different :>program that is accessible from the target address space, or :>in the common storage together with the scheduling code." : :>The above was taken from Example 7 of IEAMSCHD - :>https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb . >It makes no reference to the authorization of the target srb routine. Well, the SRB runs in supervisor state. You, as the scheduler, are responsible for integrity and not give control to arbitrary routines. . :>I would like to schedule an SRB using IEAMSCHD to a non-authorized :>Address Space - I would prefer not to place the target SRB routine in common storage. What is a "non-authorized" address space? . :>I suspect its implied this is an integrity issue; as the target SRB Routine :>would be loaded by the Non Authorized Address Space, AND the Target :>SRB Routine is entered in supervisor state. If you want to run code that should not be in supervisor state, have the SRB create an IRB. The IRB will not run supervisor state unless you request it. -- Binyamin Dissen http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Question about IEAMSCHD
On Sat, 30 Dec 2023 15:36:44 GMT "esst...@juno.com" wrote: ::>Can someone please clarify this statement regarding IEAMSCHD - : :>"To run an SRB routine in a different address space from the :>scheduling code, the SRB routine must be either in a different :>program that is accessible from the target address space, or :>in the common storage together with the scheduling code." : :>The above was taken from Example 7 of IEAMSCHD - :>https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb . :>It makes no reference to the authorization of the target srb routine. Well, the SRB runs in supervisor state. You, as the scheduler, are responsible for integrity and not give control to arbitrary routines. . :>I would like to schedule an SRB using IEAMSCHD to a non-authorized :>Address Space - I would prefer not to place the target SRB routine in common storage. What is a "non-authorized" address space? . :>I suspect its implied this is an integrity issue; as the target SRB Routine :>would be loaded by the Non Authorized Address Space, AND the Target :>SRB Routine is entered in supervisor state. If you want to run code that should not be in supervisor state, have the SRB create an IRB. The IRB will not run supervisor state unless you request it. -- Binyamin Dissen http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Question about IEAMSCHD
. Hello . Can someone please clarify this statement regarding IEAMSCHD - . "To run an SRB routine in a different address space from the scheduling code, the SRB routine must be either in a different program that is accessible from the target address space, or in the common storage together with the scheduling code." . The above was taken from Example 7 of IEAMSCHD - https://www.ibm.com/docs/en/zos/2.4.0?topic=ixg-ieamschd-schedule-srb . It makes no reference to the authorization of the target srb routine. . I would like to schedule an SRB using IEAMSCHD to a non-authorized Address Space - I would prefer not to place the target SRB routine in common storage. . I suspect its implied this is an integrity issue; as the target SRB Routine would be loaded by the Non Authorized Address Space, AND the Target SRB Routine is entered in supervisor state. . . . paul dangelo . . -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
