2. PERFORMANCE REPORTING ANALYSIS2.5 Virtual Storage Management Analysis2.5.4 Virtual Storage Concepts in MVS/XA › 2.5.4.5 Storage Protection

Previous Topic: 2.5.4.4 Virtual Storage Subpools

Next Topic: 2.5.4.6 Virtual Storage Measurement by RMF

2.5.4.5 Storage Protection


There are three mechanisms used for protecting memory from
unauthorized fetching and storing:  page protection, low
address protection, and key-controlled protection.  Only one
of these, key controlled protection, relates to the areas of
memory that are actively managed by VSM.  However, we will
briefly summarize the other two mechanisms.

PAGE PROTECTION

The page protection mechanism controls against improper
storing by any reference using a virtual address.  It is
managed by the use of the page-protection bit which exists
for each page in its corresponding page table entry.  This
type of protection is normally reserved for the PLPA,
read-only portions of the nucleus surrounding the 16MB line,
and optionally the FLPA and MLPA.  It is designed to protect
those portions of virtual storage which are shared among
address spaces, but are meant to contain read-only modules.

LOW ADDRESS PROTECTION

The low address protection mechanism protects against any
program storing into addresses 0-511, where the processor and
other hardware maintain status information.  It can be turned
on and off by manipulating a bit in one of the processor's
control registers.  Manipulation of this bit is usually
reserved for functions like interrupt processing.

KEY-CONTROLLED PROTECTION

Storage keys have been a part of the 360/370 architecture
since its inception several decades ago.  They were initially
the only protection mechanism available to shield one user's
storage from another user's instructions.  The multiple
address space architecture introduced with MVS/370 largely
supplanted the need for a protection key mechanism.  However,
it is still important for helping isolate various subsystems'
code and data in areas like the CSA, where all users share a
common addressing scheme, and, without protect keys, would
have no means of assuring subsystem isolation.

Until recently, protect keys and virtual memory could be
oriented toward either 2KB or 4KB page sizes.  For each 2 or
4 KB block of memory, the operating system would assign a
particular protect key.  Subsequent attempts to access a
block of memory would be permitted only by either the
operating system or by a program operating with a protect key
that matched the memory being accessed.

With the advent of larger memory, the option to use 2KB pages
and protect keys based upon them has been eliminated from the
corresponding hardware.  The 2KB protection option was
eliminated early in the 308x series of processors.

The key-controlled protection mechanism works in this way:
Each 4KB block of storage is assigned a 4-bit protection key
and a fetch-protection bit.  Any program will be assigned a
4-bit access key.  If a program's access key is zero, it will
bypass all key-controlled validity checks done by the
hardware.  If a program is attempting to fetch from a page
whose fetch protection bit is off, the hardware will permit
this, even if the program's access key is non-zero.  If,
however, a program whose access key is non-zero is attempting
to store into the page, or the page's fetch protection bit is
set on, then the program's access key must match the
protection key of that page of memory.  If it does not, the
access will be prevented.
Figure 2-177 shows the protect keys normally used.

           +-------+-------------------------------+
           |Storage| Storage                       |
           |Protect| Protect Key                   |
           |Key    | Normally  Used by             |
           +=======+===============================+
           |   0   | MVS/XA System Control Program |
           +-------+-------------------------------+
           |   1   | Job Scheduler/JES2/JES3       |
           +-------+-------------------------------+
           |   2   | VSPC                          |
           +-------+-------------------------------+
           |  3-4  | Reserved                      |
           +-------+-------------------------------+
           |   5   | Data Management               |
           +-------+-------------------------------+
           |   6   | TCAM/VTAM                     |
           +-------+-------------------------------+
           |   7   | IMS                           |
           +-------+-------------------------------+
           |   8   | V=V Problem Programs          |
           +-------+-------------------------------+
           |  9-F  | V=R Problem Programs          |
           +-------+-------------------------------+


 Figure 2-177. Protect Keys