Indeed, as pointed out by other folks this "feature" was introduced in our
very early days, when clients started to install Linux into LPARs with
possibly tens of thousands of devices they would need if IPLing z/OS into
it. Not only did it take long to boot, but we initially only operated on
the first 1024 devices found, and didn't have plugging rules yet. And other
z/OS holding permanent RESERVEs on shared ECKD devices it owned didn't help
much either. We'd discussed whether to introduce black lists or white lists
addressing the challenges at hand and eventually implemented both.
Much has changed since then and whether it should be a default or not is a
valid discussion to have. You may consider it paranoia but its introduction
served a purpose - and still does. If running under z/VM and/or if using
Linux in LPAR with your IODF written in a way that only devices the LPAR is
supposed to operate on are configured to it you can presumably safely turn
it off.
Best regards
Ingo
Ingo Adlung IBM Deutschland Research &
IBM Distinguished Engineer Development GmbH
Chief Architect, System z Vorsitzender des Aufsichtsrats:
Virtualization & Linux Martina Koederitz
mail: adl...@de.ibm.com Geschäftsführung: Dirk Wittkopp
phone: +49-7031-16-4263 Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht
Stuttgart, HRB 243294
Linux on 390 Port <LINUX-390@VM.MARIST.EDU> wrote on 12.01.2015 20:43:00:
> From: Mike Walter <mike.wal...@aon.com>
> To: LINUX-390@VM.MARIST.EDU
> Date: 12.01.2015 20:43
> Subject: Re: [LINUX-390] cio_ignore vs Linux in System z
> Sent by: Linux on 390 Port <LINUX-390@VM.MARIST.EDU>
>
> Thanks, Sam, Jay, Jim, Harley, and Mark (and anyone else who may
> have replied since I looked at the log),
>
> There are no LPAR-only Linux servers running here, only those
> running (RHEL) under z/VM. I suspected that cio_ignore was
> something related to security (perhaps an auditor fearing that an
> errant z/VM sysprog might attach a wrong device address to a guest,
> or poor security rules coupled with use of VMCP would let the wrong
> Linux user access the wrong devices), or performance. It appears
> that the performance issue was the culprit, but not one of concern
> for me with only z/VM guests.
>
> I've shared the suggestions with our zLinux admins, who will
> probably make dynamic updates for the few PoC guests currently
> running, and the next Golden Image(s).
>
> Have to love this list, thanks again!
>
> Mike Walter
> Aon Corporation
> The opinions expressed herein are mine alone, not necessarily those
> of my employer.
>
>
>
>
>
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------------------------------------------------------------------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
