RE: MATCTX (was Detecting changing objects...) -- MI400




        [Leif Svalgaard]  Bruce, I've left the entire thread in this posting
to have
        the complete context. 
        Here is first the C-program MATCTX:

        #include <qusmiapi.h>

        void main(int argc, char *argv[]) {
        typedef struct {
          _SYSPTR SystemPtr;
        } s; s* SysPtr;
        SysPtr = (s*) argv[2];
        QusMaterializeContext((_SPCPTR) argv[1],
                                SysPtr->SystemPtr,
                              ( void *) argv[3]);
        }

        [Leif Svalgaard]  this is compiled etc into the *PGM MATCTX which
        I will call later on.

        Here is then the MI-program that calls it (and also tries to execute
        the MI-instruction MATCTX directly). If the program is called with
the
        parameter C it calls the C-program, if called with any other
parameter
        (e.g. M) it executes MATCTX as an MI-instruction.

        DCL SPCPTR .LIB-OPTIONS INIT(LIB-OPTIONS);
        DCL DD      LIB-OPTIONS CHAR(44) BDRY(16);
            DCL DD LIB-INFO-REQD CHAR(1)  DEF(LIB-OPTIONS) POS( 1)
INIT(X'0F');
            DCL DD LIB-SELECTION CHAR(1)  DEF(LIB-OPTIONS) POS( 2)
INIT(X'10');
            DCL DD LIB-NAME-SIZE  BIN(2)  DEF(LIB-OPTIONS) POS( 3) INIT(30);
            DCL DD LIB-SEL-TYPE  CHAR(1)  DEF(LIB-OPTIONS) POS( 5);
            DCL DD LIB-SEL-STYPE CHAR(1)  DEF(LIB-OPTIONS) POS( 6);
            DCL DD LIB-SEL-NAME  CHAR(30) DEF(LIB-OPTIONS) POS( 7);
            DCL DD LIB-SEL-TSTMP CHAR(8)  DEF(LIB-OPTIONS) POS(37);
                DCL DD * CHAR(4) DEF(LIB-SEL-TSTMP) POS(1)
INIT(X'00000000');
                DCL DD * CHAR(4) DEF(LIB-SEL-TSTMP) POS(5)
INIT(X'00000000');

        DCL SPCPTR .LIB-SPACE;
        DCL DD      LIB-SPACE (10000)CHAR(48) BDRY(16) AUTO;
            DCL DD LIB-BYTES-PRV    BIN(4)  DEF(LIB-SPACE) POS(  1);
            DCL DD LIB-BYTES-AVL    BIN(4)  DEF(LIB-SPACE) POS(  5);
            DCL DD LIB-OBJ-TYPE    CHAR(1)  DEF(LIB-SPACE) POS(  9);
            DCL DD LIB-OBJ-STYPE   CHAR(1)  DEF(LIB-SPACE) POS( 10);
            DCL DD LIB-OBJ-NAME    CHAR(30) DEF(LIB-SPACE) POS( 11);
            DCL DD LIB-OBJ-OPTIONS CHAR(4)  DEF(LIB-SPACE) POS( 41);
            DCL DD LIB-RCV-OPTIONS CHAR(4)  DEF(LIB-SPACE) POS( 45);
            DCL DD LIB-SPC-SIZE     BIN(4)  DEF(LIB-SPACE) POS( 49);
            DCL DD LIB-SPC-INIT    CHAR(1)  DEF(LIB-SPACE) POS( 53);
            DCL DD LIB-PRFM-CLASS  CHAR(4)  DEF(LIB-SPACE) POS( 54);
            DCL DD *               CHAR(7)  DEF(LIB-SPACE) POS( 58);
            DCL SYSPTR *                    DEF(LIB-SPACE) POS( 65);
            DCL SYSPTR LIB-ACS-GRP          DEF(LIB-SPACE) POS( 81);
            DCL DD LIB-EXTND-ATTR  CHAR(1)  DEF(LIB-SPACE) POS( 97);
            DCL DD *               CHAR(7)  DEF(LIB-SPACE) POS( 98);
            DCL DD LIB-OBJ-TSTAMP  CHAR(8)  DEF(LIB-SPACE) POS(105);

        DCL DD LIB-HDR-SIZE       BIN(4) INIT(112);
        DCL DD LIB-ENTRY-SIZE     BIN(4) INIT(48);
        DCL DD LIB-NBR-OF-ENTRIES BIN(4);
        DCL SPCPTR .LIB-ENTRY;
        DCL DD      LIB-ENTRY CHAR(48) BAS(.LIB-ENTRY);
            DCL DD  LIB-ENTRY-TYPE  CHAR(2)  DEF(LIB-ENTRY) POS( 1);
            DCL DD  LIB-ENTRY-NAME  CHAR(30) DEF(LIB-ENTRY) POS( 3);
            DCL SYSPTR .LIB-OBJ-PTR          DEF(LIB-ENTRY) POS(33);
            DCL DD      LIB-OBJ-PTR CHAR(8)  DEF(LIB-ENTRY) POS(41);

        DCL SPCPTR .OBJ-OPTIONS INIT(OBJ-OPTIONS);
        DCL DD      OBJ-OPTIONS CHAR(44) BDRY(16);
            DCL DD OBJ-INFO-REQD CHAR(1)  DEF(OBJ-OPTIONS) POS( 1)
INIT(X'0F');
            DCL DD OBJ-SELECTION CHAR(1)  DEF(OBJ-OPTIONS) POS( 2)
INIT(X'10');
            DCL DD OBJ-NAME-SIZE  BIN(2)  DEF(OBJ-OPTIONS) POS( 3) INIT(30);
            DCL DD OBJ-SEL-TYPE  CHAR(1)  DEF(OBJ-OPTIONS) POS( 5);
            DCL DD OBJ-SEL-STYPE CHAR(1)  DEF(OBJ-OPTIONS) POS( 6);
            DCL DD OBJ-SEL-NAME  CHAR(30) DEF(OBJ-OPTIONS) POS( 7);
            DCL DD OBJ-SEL-TSTMP CHAR(8)  DEF(OBJ-OPTIONS) POS(37);

        DCL SPCPTR .OBJ-SPACE;
        DCL DD      OBJ-SPACE (100000)CHAR(48) BDRY(16) AUTO;
            DCL DD OBJ-BYTES-PRV    BIN(4)  DEF(OBJ-SPACE) POS(  1);
            DCL DD OBJ-BYTES-AVL    BIN(4)  DEF(OBJ-SPACE) POS(  5);
            DCL DD OBJ-OBJ-TYPE    CHAR(1)  DEF(OBJ-SPACE) POS(  9);
            DCL DD OBJ-OBJ-STYPE   CHAR(1)  DEF(OBJ-SPACE) POS( 10);
            DCL DD OBJ-OBJ-NAME    CHAR(30) DEF(OBJ-SPACE) POS( 11);
            DCL DD OBJ-OBJ-OPTIONS CHAR(4)  DEF(OBJ-SPACE) POS( 41);
            DCL DD OBJ-RCV-OPTIONS CHAR(4)  DEF(OBJ-SPACE) POS( 45);
            DCL DD OBJ-SPC-SIZE     BIN(4)  DEF(OBJ-SPACE) POS( 49);
            DCL DD OBJ-SPC-INIT    CHAR(1)  DEF(OBJ-SPACE) POS( 53);
            DCL DD OBJ-PRFM-CLASS  CHAR(4)  DEF(OBJ-SPACE) POS( 54);
            DCL DD *               CHAR(7)  DEF(OBJ-SPACE) POS( 58);
            DCL SYSPTR *                    DEF(OBJ-SPACE) POS( 65);
            DCL SYSPTR OBJ-ACS-GRP          DEF(OBJ-SPACE) POS( 81);
            DCL DD OBJ-EXTND-ATTR  CHAR(1)  DEF(OBJ-SPACE) POS( 97);
            DCL DD *               CHAR(7)  DEF(OBJ-SPACE) POS( 98);
            DCL DD OBJ-OBJ-TSTAMP  CHAR(8)  DEF(OBJ-SPACE) POS(105);

        DCL DD OBJ-HDR-SIZE       BIN(4) INIT(112);
        DCL DD OBJ-ENTRY-SIZE     BIN(4) INIT(48);
        DCL DD OBJ-NBR-OF-ENTRIES BIN(4);
        DCL SPCPTR .OBJ-ENTRY;
        DCL DD      OBJ-ENTRY CHAR(48) BAS(.OBJ-ENTRY);
            DCL DD  OBJ-ENTRY-TYPE  CHAR(2)  DEF(OBJ-ENTRY) POS( 1);
            DCL DD  OBJ-ENTRY-NAME  CHAR(30) DEF(OBJ-ENTRY) POS( 3);
            DCL SYSPTR .OBJ-OBJ-PTR          DEF(OBJ-ENTRY) POS(33);
            DCL DD      OBJ-OBJ-PTR CHAR(8)  DEF(OBJ-ENTRY) POS(41);

        DCL DD CUR-OFFSET BIN(4);

        DCL SPCPTR .PARM1 PARM;
        DCL DD CHOICE CHAR(1) BAS(.PARM1);
        DCL OL *ENTRY(.PARM1) PARM EXT MIN(1);

        DCL DD RESOLVE CHAR(34) AUTO;
            DCL DD RESOLVE-TYPE CHAR( 2) DEF(RESOLVE) POS( 1);
            DCL DD RESOLVE-NAME CHAR(30) DEF(RESOLVE) POS( 3);
            DCL DD RESOLVE-AUTH CHAR( 2) DEF(RESOLVE) POS(33) INIT(X'0000');

        DCL SYSPTR .MATCTX;

        
/*******************************************************************/

        ENTRY * (*ENTRY) EXT;
            CPYBLA     RESOLVE-TYPE, X'0201';
            CPYBLAP    RESOLVE-NAME, "MATCTX", " ";
            RSLVSP    .MATCTX, RESOLVE, *, *;

            SETSPP    .LIB-SPACE, LIB-SPACE;
            SETSPP    .OBJ-SPACE, OBJ-SPACE;

            CPYBLA     YYYYMMDDHHMMSS, "19991123120000";
            CALLI      CONVERT-TO-TIMESTAMP, *, .DATE-TIME;
            CPYBLA     OBJ-SEL-TSTMP, TIMESTAMP;

            CPYNV      LIB-BYTES-PRV, LIB-ENTRY-SIZE;
            MULT(S)    LIB-BYTES-PRV,  10000;

            CPYNV      OBJ-BYTES-PRV, OBJ-ENTRY-SIZE;
            MULT(S)    OBJ-BYTES-PRV, 100000;

        MATERIALIZE-LIBRARIES:
            CALLI      GET-LIBS, *, .GET-LIBS;
            ADDSPP    .LIB-ENTRY, .LIB-SPACE, LIB-HDR-SIZE;
            SUBN       LIB-NBR-OF-ENTRIES, LIB-BYTES-AVL, LIB-HDR-SIZE;
            DIV(SB)    LIB-NBR-OF-ENTRIES, LIB-ENTRY-SIZE/ZER(DONE-LIBS);
        HAVE-LIBRARY:
            CMPBLA(B)  LIB-ENTRY-TYPE, X'0401'/NEQ(DONE-OBJS);

        MATERIALIZE-OBJECTS:
            CALLI      GET-OBJS, *, .GET-OBJS;
            ADDSPP    .OBJ-ENTRY, .OBJ-SPACE, OBJ-HDR-SIZE;
            SUBN(B)    OBJ-NBR-OF-ENTRIES, OBJ-BYTES-AVL, OBJ-HDR-SIZE
                                                         /NEG(DONE-OBJS);
            DIV(SB)    OBJ-NBR-OF-ENTRIES, OBJ-ENTRY-SIZE/ZER(DONE-OBJS);
        HAVE-OBJECT:
            BRK "OBJ";

        DONE-DESCR:
            ADDSPP    .OBJ-ENTRY, .OBJ-ENTRY, OBJ-ENTRY-SIZE;
            SUBN(SB)   OBJ-NBR-OF-ENTRIES, 1/NZER(HAVE-OBJECT);

        DONE-OBJS:
            ADDSPP    .LIB-ENTRY, .LIB-ENTRY, LIB-ENTRY-SIZE;
            SUBN(SB)   LIB-NBR-OF-ENTRIES, 1/NZER(HAVE-LIBRARY);

        DONE-LIBS:
            RTX        *;

        DCL INSPTR .GET-LIBS;
        ENTRY       GET-LIBS INT;
            MATCTX    .LIB-SPACE, *, LIB-OPTIONS;
            B         .GET-LIBS;

        DCL INSPTR .GET-OBJS;
        ENTRY       GET-OBJS INT;
            CMPBLA(B)  CHOICE, "C"/EQ(CALL-C-PGM);
            MATCTX    .OBJ-SPACE, .LIB-OBJ-PTR, OBJ-OPTIONS;
            B         .GET-OBJS;

        DCL SPCPTR .MAT-API INIT(MAT-API);
        DCL DD      MAT-API CHAR(16)  BDRY(16);
            DCL SYSPTR .MAT-OBJ DEF(MAT-API) POS(1);

        DCL OL MATCTX-OBJ (.OBJ-SPACE, .MAT-API, .OBJ-OPTIONS);

        CALL-C-PGM:
            CPYBWP    .MAT-OBJ, .LIB-OBJ-PTR;
            CALLX     .MATCTX,   MATCTX-OBJ, *;
            B         .GET-OBJS;

        
/*******************************************************************/
        /* TIMESTAMP AND DATE CONVERSIONS */
        DCL DD TIMESTAMP CHAR(8);
            DCL DD TIMESTAMP-HI-BITS BIN(4) UNSGND DEF(TIMESTAMP) POS(1);
            DCL DD TIMESTAMP-LO-BITS BIN(4) UNSGND DEF(TIMESTAMP) POS(5);

        DCL DD TIMESTAMP-64  PKD(21,0); /* CAN HOLD 64-BIT UNSIGNED */
        DCL DD TIMESTAMP-HI  PKD(11,0);
        DCL DD TIMESTAMP-LO  PKD(11,0);
        DCL DD TWO**32       PKD(11,0) INIT(P'4294967296');
        DCL DD NBR-SECONDS   PKD(15,0);
        DCL DD NBR-DAYS      BIN(4);
        DCL DD NBR-YEARS     BIN(4);
        DCL DD ADD-YEARS     BIN(4);
        DCL DD NBR-PERIODS   BIN(4);
        DCL DD DAY-MONTH     BIN(4);
        DCL DD S             BIN(4);
        DCL DD D             BIN(4);
        DCL DD M             BIN(4);
                  /* DAY BASE FOR: JanFebMarAprMayJunJulAugSepOctNovDec*/
        DCL DD DAYS CHAR(36) INIT("000031059090120151181212243273304334");
        DCL DD DAYS-ACCUM (12)ZND(3,0) DEF(DAYS) POS(1);

        DCL DD YYYYMMDDHHMMSS CHAR(14);
            DCL DD YEAR  ZND(4,0) DEF(YYYYMMDDHHMMSS) POS( 1);
            DCL DD MONTH ZND(2,0) DEF(YYYYMMDDHHMMSS) POS( 5);
            DCL DD DAY   ZND(2,0) DEF(YYYYMMDDHHMMSS) POS( 7);
            DCL DD HOUR  ZND(2,0) DEF(YYYYMMDDHHMMSS) POS( 9);
            DCL DD MIN   ZND(2,0) DEF(YYYYMMDDHHMMSS) POS(11);
            DCL DD SEC   ZND(2,0) DEF(YYYYMMDDHHMMSS) POS(13);

        DCL INSPTR .DATE-TIME;
        ENTRY CONVERT-TO-TIMESTAMP INT;
            SUBN       NBR-YEARS, YEAR, 1925;
            DIVREM     NBR-PERIODS, NBR-YEARS, 4, ADD-YEARS;
            MULT       NBR-DAYS, NBR-PERIODS, 1461;
            MULT       D, ADD-YEARS, 365;
            ADDN(S)    NBR-DAYS, D;         /* ONE TOO LARGE */
            CPYNV      M, MONTH;
            ADDN(S)    NBR-DAYS, DAYS-ACCUM(M);
            ADDN(S)    NBR-DAYS, DAY;
            CMPNV(B)   ADD-YEARS, 3/NEQ(A); /* LEAP YEAR ADJUST: */
            CMPNV(B)   MONTH,     2/HI (C); /* IF LATER THAN FEB */
        A:  SUBN(S)    NBR-DAYS, 1;
        C:  MULT       NBR-SECONDS, NBR-DAYS, 86400;
            MULT       S, HOUR, 60;
            ADDN(S)    S, MIN;
            MULT(S)    S, 60;
            ADDN(S)    S, SEC;
            ADDN(S)    NBR-SECONDS, S;
            SUBN(S)    NBR-SECONDS, 114955386; /* AUG 23, 1928, 12:03:06 */
            MULT       TIMESTAMP-64, NBR-SECONDS, 4096000000;
            DIVREM     TIMESTAMP-HI-BITS, TIMESTAMP-64, TWO**32,
                       TIMESTAMP-LO-BITS;
            B         .DATE-TIME;

        PEND;

        call rtvobjs c       works
        call rtvobjs m      bombs with 'hardware protection violation'

        When the c-version is running the call stack obviously bottoms
        out with QusMaterializeContext. Since this program is a system
        state program we have no problem.

        V4R2 SL40: MI-program OK,  C-progam OK
        V4R3 SL40: MI-program NFG, C-program OK
        V4R3 SL50: MI-program NFG, C-program OK

        If I use SST to change the MI-program to system state 
        everything works, of course. 

> I am unable to recreate this exposure (on V4R4 at 50 anyway), and am not
> sure I understand your exact environment.  The two builtins I looked
> at (_MATCTX1 and _MATCTX2) are system builtins that map directly to
> the MI instruction so I'm not clear on what system state program you
> are seeing on the stack.
> 
> I can also think of scenarios where C runtime is simply doing the same
> checking (if not actually using) as the QusMaterializeContext API and
> so no breach necessarily exists (though in my test environment I got
> MCH6801 with the C builtin _MATCTX2 which suggests the runtime isn't
> using the API so one scenario may be scratched...).
> 
> Could you send me a quick test case and what release/security level you
> are seeing the successful run on?
> 
> Thanks,
> Bruce
> 
> >
> >The V4R2 functional reference manual does not mention any
> >restrictions. Anyway, I still don't have a *rationale* for why
> >an obvious security breach is allowed in C and not in MI.
> >
> >As I mentioned in my post it is*obvious* that it would work
> >with the C-program because at the bottom of the API it
> >is a system state program that executes the MATCTX.
> >What is not obvious is why *this* breach is allowed.
> >So my question still stands. It is not about "how",
> >but about "why"?
> >
> >> -----Original Message-----
> >> From: bvining@VNET.IBM.COM [SMTP:bvining@VNET.IBM.COM]
> >> Sent: Friday, November 19, 1999 10:21 AM
> >> To:   MI400@midrange.com
> >> Subject:        MATCTX (was Detecting changing objects...)
> >>
> >> If MATCTX was working prior to V4R3 for explicit libraries then the
> >> bug is in the previous releases and not V4R3.  For many releases
> >> there has been a restriction concerning passing system pointers to
> >> system domain objects from user state programs (at higher security
> >> levels); I suspect it is this restriction (the explict system pointer
> >> to the context/library) that is causing the failure.
> >>
> >> Because of this IBM provided the API QusMaterializeContext (you can
> >> probably guess what it does based on the name) back in one of the V3
> >> releases (it's in the V3R7 manual anyway).  This API is documented in
> >> the Object APIs chapter of the System API Reference (though it
> basically
> >> points you to the MI Functional Reference as the API is just a front
> end
> >> to MATCTX that puts you into the proper state).  Other front ends of
> >> this type exist, such as QusMaterializeJournalPortAttr in the Journal
> >> and Commit APIs chapter).
> >>
> >> Bruce
> >>
> >> >
> >> >A problem with MATCTX is that from V4R3M0 it seems to be
> >> >a restricted operation (except when materializing the machine
> >> >context - * ) and gives you a protection violation at security
> >> >level 40 and above if your program is a user state program.
> >> >Interestingly enough, the C function matctx does not have
> >> >that problem. (I can hear the C-bigots snicker already).
> >> >This is because the C interface goes through a service
> >> >program that is not a user state program. As far as I am
> >> >concerned thus is a bug. It does not make sense to
> >> >have a restriction that is that easily circumvented. Maybe
> >> >the bug has already been fixed in V4R4M0. If not, it
> >> >either should be fixed or it should not be a restricted
> >> >operation.
> >> >
> >>
> 
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---