Modifying the CVT to perform intercepts is definitely very easy but also extremely risky. Modifying the CVT affects the entire system. All it takes is the mishandling of a single caller, particularly one critical to an address space and all hell breaks loose. I tried it once. I modified the PC number in the SVT for a key system PC. A simple programming error caused system wide havoc. I'll never do anything that has global system affects again. Any intercept must be designed to provide isolation, at least for testing.
On the other hand, PCs are managed at the address space level by Z/Architecture. So provided you have the capabilities to create the necessary PC data structures required by the hardware in real, fixed storage, you can intercept PC calls. It takes a lot of code and definitely not recommended for faint of heart. Once a PC intercept is created, its simple to pass the call to the original PC routine by simply branch entering the original code with the state set by the PC call. You already have the stacked entry . If you require both a front and back end intercept, this can easily be accomplished by creating "bypass" PC definitions that mimic the original Pc definition. But from experience, unless you're willing to write and debug a lot of code, I'd get what I need from SMF. Kenneth From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Harminc Sent: Tuesday, December 17, 2013 2:25 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Intercept USS calls On 17 December 2013 14:38, Don Poitras <poit...@pobox.com> wrote: > I don't see why someone couldn't install their own table in place of > the pointed to by the CVT. See > > http://pic.dhe.ibm.com/infocenter/zos/v2r1/index.jsp?topic=%2Fcom.ibm. > zos.v2r1.bpxb100%2Fbpx2cr_Example.htm Sure - I agree that that's not hard. But, as with SVC screening, you have to eventually pass control on to the real routine (or conceivably fail the call or implement a different version yourself). If all you want to do is log the calls, well it's probably not too hard, though you might have to be aware of the caller's environment. If you want to do all this without introducing security or integrity exposures, you may have to analyze each call you want to capture. It may also be the case that some software "just knows" the PC numbers for certain routines, and doesn't go through the CSR table at all. Not a good practice, but I'd be surprised if it doesn't exist. And who knows what recovery and repair there may be in the UNIX kernel, or if those tables are dynamically updated as a matter of routine. This would be fun to experiment with on your own private LPAR or zPDT, and I'm not saying it can't or even shouldn't be done, but is anyone really going to install such a change into their production systems? That's why I said it falls into the "not for the faint of heart" category. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
