IBM Support

OA56180: NEW FUNCTION - ADDITIONAL USERKEY COMMON MIGRATION SUPPORT

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • New Function
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    *  All users running z/OS V2R1 and above  that use user key    *
    * CSA storage.                                                 *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Unrestricted user key CSA usage will                         *
    * not be supported after z/OS V2R3.                            *
    * This APAR provides a way to support                          *
    * restricted user key CSA usage with                           *
    * SAF security protection until the                            *
    * user key CSA usage can be removed.                           *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Allowing programs to obtain user key common storage creates
    a security risk because the storage can then be modified by
    any unauthorized program.  Therefore, the allocation,
    obtaining and changing of unrestricted common areas of
    virtual storage, such that the storage is in user key
    (8-15), will not be supported after z/OS V2R3.
    
    APAR OA53355 provided the means to identify all user
    key common allocations via a migration health check,
    ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM.  IBM strongly recommends
    eliminating all user key common usage identified by this
    health check.
    
    Note that with APAR OA53355, ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM
    identifies all allocations of user key CSA, but not all users
    once it is allocated.
    

Problem conclusion

Temporary fix

Comments

  • This APAR provides the means to identify all accesses of
    user key CSA subpools, as well as support restricted user
    key CSA usage with SAF security protection until the user
    key CSA usage can be removed.
    
    Note: This APAR only applies to user key CSA storage.  Both
    user key (8-15) SCOPE=COMMON data spaces and the usage of
    the CHANGKEY service to change the storage key of common
    storage to a key of 8-15 are not affected by this APAR,
    and will no longer be supported after z/OS V2R3.
    
    For systems with no user key CSA usage, there are no
    additional planning considerations.  For systems with user
    key CSA usage, you will need to define a restricted use CSA
    (RUCSA) to identify all accesses to allocated user key CSA.
    This area will allow auditing of all user key CSA accesses,
    as well as reduce (but not eliminate) the inherent security
    risk.  Once defined, existing user key CSA allocation
    requests will transparently obtain storage from RUCSA and
    the ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM health check will detect
    all accesses to allocated user key CSA.
    
    For complete instructions on how to define a RUCSA, refer
    to the 'Migrating to RUCSA' subsection of the z/OS MVS
    Initialization and Tuning Guide section in pdf file,
    OA56180.pdf, available at:
    - http://publibz.boulder.ibm.com/zoslib/pdf/OA56180.pdf
    
    APAR OA56180 also includes the following list of
    corrections to APAR OA53355:
    - APAR OA53355 only set the SMF30_USERKEYCOMMONAUDITENABLED
      bit for certain jobs/address spaces.  This APAR ensures
      that the SMF30_USERKEYCOMMONAUDITENABLED bit is set for
      all jobs/address spaces.
    
    The following publications are updated to support the APAR:
    
    - z/OS Migration (GA32-0889)
      The 'Prepare for the removal of support for user key common
      areas' section is updated to mention this solution.
    
    - z/OS MVS Diagnosis: Reference (GA32-0904)
      The Storage Summary section is updated to document
      the subpool characteristics associated with RUCSA.
      The VSMDATA CONTROLBLOCKS and OWNCOMM sections are
      updated to explain the changes to the reports when RUCSA
      is defined.
    
    - z/OS MVS Data Areas Volume 1 (GA32-0935)
      The GDA mapping is updated to document the new
      GDA fields associated with RUCSA.
    
    - z/OS MVS Data Areas Volume 2 (GA32-0936)
      The IGVCAUB mapping is updated to document the
      new CAUB fields associated with RUCSA.
    
    - z/OS MVS Programming: Assembler Services Guide (SA23-1371)
      The 'Virtual Storage Management' section is updated
      to describe the changes to VSMLIST as a result of RUCSA.
      The 'Sharing data in virtual storage (IARVSERV macro)'
      section is updated to describe the changes to
      IARVSERV as a result of RUCSA.
    
    - z/OS MVS Initialization and Tuning Guide (SA23-1379)
      The Storage Management Overview section is updated
      to describe the RUCSA.
    
    - z/OS MVS Initialization and Tuning Reference (SA23-1380)
      A new IEASYSxx parameter section is included to
      describe the RUCSA parameter.
    
    - z/OS MVS IPCS Commands (SA23-1382)
      The VSMDATA subcommand section is updated to
      document how the RUCSA output is reported.
    
    - z/OS MVS System Codes (SA38-0665)
      The following sections are updated to mention that the
      below codes can be issued when attempting to use the RUCSA:
      0Cx, 18A, 6C5, B04, B0A, B78
    
    - z/OS MVS System Management Facilities (SMF) (SA38-0667)
      The SMF type 30 record section is updated to
      describe the new audit flag, SMF30_UserKeyRucsaUsage.
    
    - z/OS MVS System Messages, Vol 6 (GOS-IEA) (SA38-0673)
      The following messages have been updated to support
      the specification of a IEASYSxx RUCSA parameter:
      IEA321I, IEA909I, IEA907W
    
    Documentation updates for the above publications are located
    in a pdf file, OA56180.pdf, available at:
    - http://publibz.boulder.ibm.com/zoslib/pdf/OA56180.pdf
    
    KEYWORDS: MSGIEA321I
              MSGIEA909I
              MSGIEA907W
    

APAR Information

  • APAR number

    OA56180

  • Reported component name

    VSM - VIRT STOR

  • Reported component ID

    5752SC1CH

  • Reported release

    790

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2018-09-18

  • Closed date

    2019-03-15

  • Last modified date

    2019-04-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA98722 UA98723 UA98724

Modules/Macros

  • IGVFSQA  IGVVSHEN IEAVNPIL BLSAIPIN IGVSFOWN IHAPVT   IGVIVGDA
    IAXMD    IAXXL    IAXMA    IHAGDA   IAXDK    IAXMB    IARRAX
    IGVFCSA  IAXMJ    IGVCAUB  IGVRSRTN IAXMP    IAXIS    IARMN
    IEAVEPC  IAXZIFTE IGVSFMAN IAXIX    IGVNIPCR IARVB    IGVSFGLB
    IGVHCHK1 IARRCE   IEECB985 IGVRVSM  IGVRQVR2 IEAVNPCF IFASMFR3
    IARVSERV IEFTB721 IGVRCSA  IGVVSMRF IAXRI    IEAIPL14 IAXFS
    IGVSLIS1 IAXZTRID IGVMGDA  IAXVG    IGVVSCEL IEAIPAMD IGVVSMRT
    IGVSFSRT IEAVNIPX IGVSFBTB IAXGT    IGVSLIST IGVGCAS  IEAIPL04
    IEFSMFIE IGVGCSA  IHAIPA   IGVFVIRT IEAVNP03 IGVGSQA  IGVSFLCL
    IGVHCMSG IAXZITBL IGVVSERR IEFSD162 IEAIPASR IEAVNP08 IAXPY
    IAXZSTK2 IGVDIPR
    

Publications Referenced
GA320889XXGA320904XXGA320935XXGA320936XXSA231371XX
SA231379XXSA231380XXSA231382XXSA380665XXSA380667XX
SA380673XX    

Fix information

  • Fixed component name

    VSM - VIRT STOR

  • Fixed component ID

    5752SC1CH

Applicable component levels

  • R790 PSY UA98722

       UP19/03/28 P F903  

  • R7A0 PSY UA98723

       UP19/03/28 P F903  

  • R7B0 PSY UA98724

       UP19/03/28 P F903  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"790","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"790","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
22 April 2019