VM has a system directory option that is designed to improve system performance. This option, known as V=F on VM systems, designates a virtual machine as the owner of real storage; it is specified in the system directory for a given virtual machine with OPTION VIRT=REAL (Virtual=Real) or OPTION VIRT=FIXED (Virtual=Fixed).
A guest operating system usually generates vast amounts of I/O operations for its own paging and application program processing. Not surprisingly, there is an accompaniment to the V=R option that shortens the path of Input/Output (I/O) processing in a V=R guest machine. This accompaniment is implemented with the CP command SET NOTRANS ON.
Normally, when a V=R guest requests some I/O operation, a string of commands is passed to the I/O device informing it what and how much data to read or write. CP scans, checks, and translates the string of commands, making sure the I/O operation request is valid for the guest. This validation checks to make certain that the return area for the data from a read I/O operation is in the virtual machine’s storage. This check prevents one virtual machine from reading data into another virtual machine’s storage.
This scanning and checking involves considerable overhead on the part of CP. Because a guest V=F operating system is generally considered a trusted guest (its integrity as a functional operating system can be trusted), it can avoid the translational overhead through the CP SET NOTRANS ON command. This command skips the translation process, trusting the guest to ensure that the I/O command strings are correct.
The CP SET NOTRANS ON command represents an integrity exposure. By manipulating the I/O request command string, the guest can alter the pages of real storage outside the realm of the V=R area (circumvent hardware and software storage protection mechanisms). Therefore, a V=R guest could be prevented from issuing a SET NOTRANS ON command. Obviously, you must consider the extra overhead that is incurred if you prevent SET NOTRANS ON.
You can use command limiting to prevent SET NOTRANS ON and allow other forms of the CP SET command. Create a CP SET command limiting rule with a $KEY of SET.
$KEY(SET) NOTRANS ON UID(-) PREVENT - UID(-) ALLOW
Here, all forms of the CP SET command are allowed except SET NOTRANS ON.
When the IBM SYSRES macro SYSCLR keyword is set to YES in HCPSYS, native VM CP code automatically clears temporary disk space when a user allocates it. IBM lets Class B users turn off TDISK clearing with the CP SET TDISKCLR OFF command. To avoid this integrity exposure, we strongly recommend you limit the use of this command:
$KEY(SET) TDISKCLR OFF UID(-) PREVENT
In the rule above, all users are prevented from executing the SET TDISKCLR OFF command.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|