|
midrange.com
[Leif Svalgaard] Bruce, I've left the entire thread in this posting
to have
the complete context.
Here is first the C-program MATCTX:
#include <qusmiapi.h>
void main(int argc, char *argv[]) {
typedef struct {
_SYSPTR SystemPtr;
} s; s* SysPtr;
SysPtr = (s*) argv[2];
QusMaterializeContext((_SPCPTR) argv[1],
SysPtr->SystemPtr,
( void *) argv[3]);
}
[Leif Svalgaard] this is compiled etc into the *PGM MATCTX which
I will call later on.
Here is then the MI-program that calls it (and also tries to execute
the MI-instruction MATCTX directly). If the program is called with
the
parameter C it calls the C-program, if called with any other
parameter
(e.g. M) it executes MATCTX as an MI-instruction.
DCL SPCPTR .LIB-OPTIONS INIT(LIB-OPTIONS);
DCL DD LIB-OPTIONS CHAR(44) BDRY(16);
DCL DD LIB-INFO-REQD CHAR(1) DEF(LIB-OPTIONS) POS( 1)
INIT(X'0F');
DCL DD LIB-SELECTION CHAR(1) DEF(LIB-OPTIONS) POS( 2)
INIT(X'10');
DCL DD LIB-NAME-SIZE BIN(2) DEF(LIB-OPTIONS) POS( 3) INIT(30);
DCL DD LIB-SEL-TYPE CHAR(1) DEF(LIB-OPTIONS) POS( 5);
DCL DD LIB-SEL-STYPE CHAR(1) DEF(LIB-OPTIONS) POS( 6);
DCL DD LIB-SEL-NAME CHAR(30) DEF(LIB-OPTIONS) POS( 7);
DCL DD LIB-SEL-TSTMP CHAR(8) DEF(LIB-OPTIONS) POS(37);
DCL DD * CHAR(4) DEF(LIB-SEL-TSTMP) POS(1)
INIT(X'00000000');
DCL DD * CHAR(4) DEF(LIB-SEL-TSTMP) POS(5)
INIT(X'00000000');
DCL SPCPTR .LIB-SPACE;
DCL DD LIB-SPACE (10000)CHAR(48) BDRY(16) AUTO;
DCL DD LIB-BYTES-PRV BIN(4) DEF(LIB-SPACE) POS( 1);
DCL DD LIB-BYTES-AVL BIN(4) DEF(LIB-SPACE) POS( 5);
DCL DD LIB-OBJ-TYPE CHAR(1) DEF(LIB-SPACE) POS( 9);
DCL DD LIB-OBJ-STYPE CHAR(1) DEF(LIB-SPACE) POS( 10);
DCL DD LIB-OBJ-NAME CHAR(30) DEF(LIB-SPACE) POS( 11);
DCL DD LIB-OBJ-OPTIONS CHAR(4) DEF(LIB-SPACE) POS( 41);
DCL DD LIB-RCV-OPTIONS CHAR(4) DEF(LIB-SPACE) POS( 45);
DCL DD LIB-SPC-SIZE BIN(4) DEF(LIB-SPACE) POS( 49);
DCL DD LIB-SPC-INIT CHAR(1) DEF(LIB-SPACE) POS( 53);
DCL DD LIB-PRFM-CLASS CHAR(4) DEF(LIB-SPACE) POS( 54);
DCL DD * CHAR(7) DEF(LIB-SPACE) POS( 58);
DCL SYSPTR * DEF(LIB-SPACE) POS( 65);
DCL SYSPTR LIB-ACS-GRP DEF(LIB-SPACE) POS( 81);
DCL DD LIB-EXTND-ATTR CHAR(1) DEF(LIB-SPACE) POS( 97);
DCL DD * CHAR(7) DEF(LIB-SPACE) POS( 98);
DCL DD LIB-OBJ-TSTAMP CHAR(8) DEF(LIB-SPACE) POS(105);
DCL DD LIB-HDR-SIZE BIN(4) INIT(112);
DCL DD LIB-ENTRY-SIZE BIN(4) INIT(48);
DCL DD LIB-NBR-OF-ENTRIES BIN(4);
DCL SPCPTR .LIB-ENTRY;
DCL DD LIB-ENTRY CHAR(48) BAS(.LIB-ENTRY);
DCL DD LIB-ENTRY-TYPE CHAR(2) DEF(LIB-ENTRY) POS( 1);
DCL DD LIB-ENTRY-NAME CHAR(30) DEF(LIB-ENTRY) POS( 3);
DCL SYSPTR .LIB-OBJ-PTR DEF(LIB-ENTRY) POS(33);
DCL DD LIB-OBJ-PTR CHAR(8) DEF(LIB-ENTRY) POS(41);
DCL SPCPTR .OBJ-OPTIONS INIT(OBJ-OPTIONS);
DCL DD OBJ-OPTIONS CHAR(44) BDRY(16);
DCL DD OBJ-INFO-REQD CHAR(1) DEF(OBJ-OPTIONS) POS( 1)
INIT(X'0F');
DCL DD OBJ-SELECTION CHAR(1) DEF(OBJ-OPTIONS) POS( 2)
INIT(X'10');
DCL DD OBJ-NAME-SIZE BIN(2) DEF(OBJ-OPTIONS) POS( 3) INIT(30);
DCL DD OBJ-SEL-TYPE CHAR(1) DEF(OBJ-OPTIONS) POS( 5);
DCL DD OBJ-SEL-STYPE CHAR(1) DEF(OBJ-OPTIONS) POS( 6);
DCL DD OBJ-SEL-NAME CHAR(30) DEF(OBJ-OPTIONS) POS( 7);
DCL DD OBJ-SEL-TSTMP CHAR(8) DEF(OBJ-OPTIONS) POS(37);
DCL SPCPTR .OBJ-SPACE;
DCL DD OBJ-SPACE (100000)CHAR(48) BDRY(16) AUTO;
DCL DD OBJ-BYTES-PRV BIN(4) DEF(OBJ-SPACE) POS( 1);
DCL DD OBJ-BYTES-AVL BIN(4) DEF(OBJ-SPACE) POS( 5);
DCL DD OBJ-OBJ-TYPE CHAR(1) DEF(OBJ-SPACE) POS( 9);
DCL DD OBJ-OBJ-STYPE CHAR(1) DEF(OBJ-SPACE) POS( 10);
DCL DD OBJ-OBJ-NAME CHAR(30) DEF(OBJ-SPACE) POS( 11);
DCL DD OBJ-OBJ-OPTIONS CHAR(4) DEF(OBJ-SPACE) POS( 41);
DCL DD OBJ-RCV-OPTIONS CHAR(4) DEF(OBJ-SPACE) POS( 45);
DCL DD OBJ-SPC-SIZE BIN(4) DEF(OBJ-SPACE) POS( 49);
DCL DD OBJ-SPC-INIT CHAR(1) DEF(OBJ-SPACE) POS( 53);
DCL DD OBJ-PRFM-CLASS CHAR(4) DEF(OBJ-SPACE) POS( 54);
DCL DD * CHAR(7) DEF(OBJ-SPACE) POS( 58);
DCL SYSPTR * DEF(OBJ-SPACE) POS( 65);
DCL SYSPTR OBJ-ACS-GRP DEF(OBJ-SPACE) POS( 81);
DCL DD OBJ-EXTND-ATTR CHAR(1) DEF(OBJ-SPACE) POS( 97);
DCL DD * CHAR(7) DEF(OBJ-SPACE) POS( 98);
DCL DD OBJ-OBJ-TSTAMP CHAR(8) DEF(OBJ-SPACE) POS(105);
DCL DD OBJ-HDR-SIZE BIN(4) INIT(112);
DCL DD OBJ-ENTRY-SIZE BIN(4) INIT(48);
DCL DD OBJ-NBR-OF-ENTRIES BIN(4);
DCL SPCPTR .OBJ-ENTRY;
DCL DD OBJ-ENTRY CHAR(48) BAS(.OBJ-ENTRY);
DCL DD OBJ-ENTRY-TYPE CHAR(2) DEF(OBJ-ENTRY) POS( 1);
DCL DD OBJ-ENTRY-NAME CHAR(30) DEF(OBJ-ENTRY) POS( 3);
DCL SYSPTR .OBJ-OBJ-PTR DEF(OBJ-ENTRY) POS(33);
DCL DD OBJ-OBJ-PTR CHAR(8) DEF(OBJ-ENTRY) POS(41);
DCL DD CUR-OFFSET BIN(4);
DCL SPCPTR .PARM1 PARM;
DCL DD CHOICE CHAR(1) BAS(.PARM1);
DCL OL *ENTRY(.PARM1) PARM EXT MIN(1);
DCL DD RESOLVE CHAR(34) AUTO;
DCL DD RESOLVE-TYPE CHAR( 2) DEF(RESOLVE) POS( 1);
DCL DD RESOLVE-NAME CHAR(30) DEF(RESOLVE) POS( 3);
DCL DD RESOLVE-AUTH CHAR( 2) DEF(RESOLVE) POS(33) INIT(X'0000');
DCL SYSPTR .MATCTX;
/*******************************************************************/
ENTRY * (*ENTRY) EXT;
CPYBLA RESOLVE-TYPE, X'0201';
CPYBLAP RESOLVE-NAME, "MATCTX", " ";
RSLVSP .MATCTX, RESOLVE, *, *;
SETSPP .LIB-SPACE, LIB-SPACE;
SETSPP .OBJ-SPACE, OBJ-SPACE;
CPYBLA YYYYMMDDHHMMSS, "19991123120000";
CALLI CONVERT-TO-TIMESTAMP, *, .DATE-TIME;
CPYBLA OBJ-SEL-TSTMP, TIMESTAMP;
CPYNV LIB-BYTES-PRV, LIB-ENTRY-SIZE;
MULT(S) LIB-BYTES-PRV, 10000;
CPYNV OBJ-BYTES-PRV, OBJ-ENTRY-SIZE;
MULT(S) OBJ-BYTES-PRV, 100000;
MATERIALIZE-LIBRARIES:
CALLI GET-LIBS, *, .GET-LIBS;
ADDSPP .LIB-ENTRY, .LIB-SPACE, LIB-HDR-SIZE;
SUBN LIB-NBR-OF-ENTRIES, LIB-BYTES-AVL, LIB-HDR-SIZE;
DIV(SB) LIB-NBR-OF-ENTRIES, LIB-ENTRY-SIZE/ZER(DONE-LIBS);
HAVE-LIBRARY:
CMPBLA(B) LIB-ENTRY-TYPE, X'0401'/NEQ(DONE-OBJS);
MATERIALIZE-OBJECTS:
CALLI GET-OBJS, *, .GET-OBJS;
ADDSPP .OBJ-ENTRY, .OBJ-SPACE, OBJ-HDR-SIZE;
SUBN(B) OBJ-NBR-OF-ENTRIES, OBJ-BYTES-AVL, OBJ-HDR-SIZE
/NEG(DONE-OBJS);
DIV(SB) OBJ-NBR-OF-ENTRIES, OBJ-ENTRY-SIZE/ZER(DONE-OBJS);
HAVE-OBJECT:
BRK "OBJ";
DONE-DESCR:
ADDSPP .OBJ-ENTRY, .OBJ-ENTRY, OBJ-ENTRY-SIZE;
SUBN(SB) OBJ-NBR-OF-ENTRIES, 1/NZER(HAVE-OBJECT);
DONE-OBJS:
ADDSPP .LIB-ENTRY, .LIB-ENTRY, LIB-ENTRY-SIZE;
SUBN(SB) LIB-NBR-OF-ENTRIES, 1/NZER(HAVE-LIBRARY);
DONE-LIBS:
RTX *;
DCL INSPTR .GET-LIBS;
ENTRY GET-LIBS INT;
MATCTX .LIB-SPACE, *, LIB-OPTIONS;
B .GET-LIBS;
DCL INSPTR .GET-OBJS;
ENTRY GET-OBJS INT;
CMPBLA(B) CHOICE, "C"/EQ(CALL-C-PGM);
MATCTX .OBJ-SPACE, .LIB-OBJ-PTR, OBJ-OPTIONS;
B .GET-OBJS;
DCL SPCPTR .MAT-API INIT(MAT-API);
DCL DD MAT-API CHAR(16) BDRY(16);
DCL SYSPTR .MAT-OBJ DEF(MAT-API) POS(1);
DCL OL MATCTX-OBJ (.OBJ-SPACE, .MAT-API, .OBJ-OPTIONS);
CALL-C-PGM:
CPYBWP .MAT-OBJ, .LIB-OBJ-PTR;
CALLX .MATCTX, MATCTX-OBJ, *;
B .GET-OBJS;
/*******************************************************************/
/* TIMESTAMP AND DATE CONVERSIONS */
DCL DD TIMESTAMP CHAR(8);
DCL DD TIMESTAMP-HI-BITS BIN(4) UNSGND DEF(TIMESTAMP) POS(1);
DCL DD TIMESTAMP-LO-BITS BIN(4) UNSGND DEF(TIMESTAMP) POS(5);
DCL DD TIMESTAMP-64 PKD(21,0); /* CAN HOLD 64-BIT UNSIGNED */
DCL DD TIMESTAMP-HI PKD(11,0);
DCL DD TIMESTAMP-LO PKD(11,0);
DCL DD TWO**32 PKD(11,0) INIT(P'4294967296');
DCL DD NBR-SECONDS PKD(15,0);
DCL DD NBR-DAYS BIN(4);
DCL DD NBR-YEARS BIN(4);
DCL DD ADD-YEARS BIN(4);
DCL DD NBR-PERIODS BIN(4);
DCL DD DAY-MONTH BIN(4);
DCL DD S BIN(4);
DCL DD D BIN(4);
DCL DD M BIN(4);
/* DAY BASE FOR: JanFebMarAprMayJunJulAugSepOctNovDec*/
DCL DD DAYS CHAR(36) INIT("000031059090120151181212243273304334");
DCL DD DAYS-ACCUM (12)ZND(3,0) DEF(DAYS) POS(1);
DCL DD YYYYMMDDHHMMSS CHAR(14);
DCL DD YEAR ZND(4,0) DEF(YYYYMMDDHHMMSS) POS( 1);
DCL DD MONTH ZND(2,0) DEF(YYYYMMDDHHMMSS) POS( 5);
DCL DD DAY ZND(2,0) DEF(YYYYMMDDHHMMSS) POS( 7);
DCL DD HOUR ZND(2,0) DEF(YYYYMMDDHHMMSS) POS( 9);
DCL DD MIN ZND(2,0) DEF(YYYYMMDDHHMMSS) POS(11);
DCL DD SEC ZND(2,0) DEF(YYYYMMDDHHMMSS) POS(13);
DCL INSPTR .DATE-TIME;
ENTRY CONVERT-TO-TIMESTAMP INT;
SUBN NBR-YEARS, YEAR, 1925;
DIVREM NBR-PERIODS, NBR-YEARS, 4, ADD-YEARS;
MULT NBR-DAYS, NBR-PERIODS, 1461;
MULT D, ADD-YEARS, 365;
ADDN(S) NBR-DAYS, D; /* ONE TOO LARGE */
CPYNV M, MONTH;
ADDN(S) NBR-DAYS, DAYS-ACCUM(M);
ADDN(S) NBR-DAYS, DAY;
CMPNV(B) ADD-YEARS, 3/NEQ(A); /* LEAP YEAR ADJUST: */
CMPNV(B) MONTH, 2/HI (C); /* IF LATER THAN FEB */
A: SUBN(S) NBR-DAYS, 1;
C: MULT NBR-SECONDS, NBR-DAYS, 86400;
MULT S, HOUR, 60;
ADDN(S) S, MIN;
MULT(S) S, 60;
ADDN(S) S, SEC;
ADDN(S) NBR-SECONDS, S;
SUBN(S) NBR-SECONDS, 114955386; /* AUG 23, 1928, 12:03:06 */
MULT TIMESTAMP-64, NBR-SECONDS, 4096000000;
DIVREM TIMESTAMP-HI-BITS, TIMESTAMP-64, TWO**32,
TIMESTAMP-LO-BITS;
B .DATE-TIME;
PEND;
call rtvobjs c works
call rtvobjs m bombs with 'hardware protection violation'
When the c-version is running the call stack obviously bottoms
out with QusMaterializeContext. Since this program is a system
state program we have no problem.
V4R2 SL40: MI-program OK, C-progam OK
V4R3 SL40: MI-program NFG, C-program OK
V4R3 SL50: MI-program NFG, C-program OK
If I use SST to change the MI-program to system state
everything works, of course.
> I am unable to recreate this exposure (on V4R4 at 50 anyway), and am not
> sure I understand your exact environment. The two builtins I looked
> at (_MATCTX1 and _MATCTX2) are system builtins that map directly to
> the MI instruction so I'm not clear on what system state program you
> are seeing on the stack.
>
> I can also think of scenarios where C runtime is simply doing the same
> checking (if not actually using) as the QusMaterializeContext API and
> so no breach necessarily exists (though in my test environment I got
> MCH6801 with the C builtin _MATCTX2 which suggests the runtime isn't
> using the API so one scenario may be scratched...).
>
> Could you send me a quick test case and what release/security level you
> are seeing the successful run on?
>
> Thanks,
> Bruce
>
> >
> >The V4R2 functional reference manual does not mention any
> >restrictions. Anyway, I still don't have a *rationale* for why
> >an obvious security breach is allowed in C and not in MI.
> >
> >As I mentioned in my post it is*obvious* that it would work
> >with the C-program because at the bottom of the API it
> >is a system state program that executes the MATCTX.
> >What is not obvious is why *this* breach is allowed.
> >So my question still stands. It is not about "how",
> >but about "why"?
> >
> >> -----Original Message-----
> >> From: bvining@VNET.IBM.COM [SMTP:bvining@VNET.IBM.COM]
> >> Sent: Friday, November 19, 1999 10:21 AM
> >> To: MI400@midrange.com
> >> Subject: MATCTX (was Detecting changing objects...)
> >>
> >> If MATCTX was working prior to V4R3 for explicit libraries then the
> >> bug is in the previous releases and not V4R3. For many releases
> >> there has been a restriction concerning passing system pointers to
> >> system domain objects from user state programs (at higher security
> >> levels); I suspect it is this restriction (the explict system pointer
> >> to the context/library) that is causing the failure.
> >>
> >> Because of this IBM provided the API QusMaterializeContext (you can
> >> probably guess what it does based on the name) back in one of the V3
> >> releases (it's in the V3R7 manual anyway). This API is documented in
> >> the Object APIs chapter of the System API Reference (though it
> basically
> >> points you to the MI Functional Reference as the API is just a front
> end
> >> to MATCTX that puts you into the proper state). Other front ends of
> >> this type exist, such as QusMaterializeJournalPortAttr in the Journal
> >> and Commit APIs chapter).
> >>
> >> Bruce
> >>
> >> >
> >> >A problem with MATCTX is that from V4R3M0 it seems to be
> >> >a restricted operation (except when materializing the machine
> >> >context - * ) and gives you a protection violation at security
> >> >level 40 and above if your program is a user state program.
> >> >Interestingly enough, the C function matctx does not have
> >> >that problem. (I can hear the C-bigots snicker already).
> >> >This is because the C interface goes through a service
> >> >program that is not a user state program. As far as I am
> >> >concerned thus is a bug. It does not make sense to
> >> >have a restriction that is that easily circumvented. Maybe
> >> >the bug has already been fixed in V4R4M0. If not, it
> >> >either should be fixed or it should not be a restricted
> >> >operation.
> >> >
> >>
>
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
