On 14 December 2016 at 08:38, Peter Relson <rel...@us.ibm.com> wrote:
> No it is not a bug. The "expectation" is incorrect. The updating of the > PKM is fully documented and is what we wanted it to be. I'm not saying it's a bug, but it feels immediately wrong for reasons I'm having trouble articulating. I guess maybe it's this: PSW key zero is of course not like other PSW keys. If your PSW key is 0, it doesn't mean that you can access only key 0 storage, but all storage (speaking here, naturally, only of key-controlled protection). If you MODESET to problem state and (whether at the same time or previously) you set a non-zero PSW key, it seems reasonable that you might intend to limit your program's (perhaps one you will call) ability both to execute privileged instructions, and to SPKA to storage of other than its PSW key and perhaps key 9. (Yes, of course this is not a "hard" i.e. system integrity type of limitation, but more of a "principle of least privilege" thing, as Charles suggests.) But such a program running with PSW key 0 can *already* access all storage. Surely prohibiting it from further limiting and then restoring its own access is not useful, and doesn't align with the fundamental behaviour of key-controlled protection. I think the behaviour for PSW key 0 should be different from that for other keys. Probably MODESET should set the PKM to include 0 and the user key (plus 9, as appropriate) that was in effect before the MODESET to KEY=ZERO. Yeah, I know, ain't gonna change now... Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN