CP System PRG006 abend during VM:Account initialization (running with EKG key)
Article ID: 106266
Updated On:
Products
VM:Account
Issue/Introduction
We have an old process that the operator runs on VMOPER called SETEKG.
It gets run during the first IPL of the systems in the BCP (Disaster Recovery) environment.
The person who wrote it is not longer with the company. It verifies we are doing a test recovery, updated the CALMP KEYS file with the EKG code, then recycles all the products.
The last two months we have tested has resulted in a system abend (PRG006). I processed the dump and it says VMACCT was responsible.
Looking at the log I see it ended and started again, but do not see an init complete.
Specification except at 41257043 vmdbk 0AB7D000 VMACCT ilc 0002 int-code 0006 opsw 04040000 80000000 00000000 41257045 exc-addr/moncode 00000000_03320801 data-exc-code 00000000 mon/per/atm id 00070000 per-addr 00000000_00070000
It gets run during the first IPL of the systems in the BCP (Disaster Recovery) environment.
The person who wrote it is not longer with the company. It verifies we are doing a test recovery, updated the CALMP KEYS file with the EKG code, then recycles all the products.
The last two months we have tested has resulted in a system abend (PRG006). I processed the dump and it says VMACCT was responsible.
Looking at the log I see it ended and started again, but do not see an init complete.
Specification except at 41257043 vmdbk 0AB7D000 VMACCT ilc 0002 int-code 0006 opsw 04040000 80000000 00000000 41257045 exc-addr/moncode 00000000_03320801 data-exc-code 00000000 mon/per/atm id 00070000 per-addr 00000000_00070000
Environment
Release:
Component: VMJ
Component: VMJ
Resolution
Provided new PTF SO04402 to correct this CP ABEND. This PTF is marked as HYPER due to the potential for a CP SYSTEM ABEND.
The problem is with VM:Secure and not VM:Account therefore, the PTF needs to be applied to VM:Secure.
The root cause of the problem is the same as what you experienced with the "AT" command, where having a "CPACTION userid ACCEPT" without the NOPASS option ends up with VM:Secure going down the code path to verify the entered password for commands that do not rely on a password for authorization (the password is never obtained or otherwise prompted for).
When the NOPASS option is included, the password verification logic is correctly bypassed for these commands.
This problem has always existed in the code, but it coincidentally never caused a problem because the length of the stored password in the directory was always 8 bytes or less (if you were running with Password Phrases AND encryption that would expose the problem also).
We have also verified we now account for all the commands and situations that go through this ACI "LOGON logic".
They are LOGON, LOGON BY, AUTOLOG, XAUTOLOG, VMRELOCATE, and AT (AT_LOGON).
This PTF is an update to the CP components, so after you have applied and deployed the PTF, you must run VMXCPG to regenerate the updated CP TEXT file replacements, reinstall the LOCALMODs, and regenerate a new CP nucleus.
The problem is with VM:Secure and not VM:Account therefore, the PTF needs to be applied to VM:Secure.
The root cause of the problem is the same as what you experienced with the "AT" command, where having a "CPACTION userid ACCEPT" without the NOPASS option ends up with VM:Secure going down the code path to verify the entered password for commands that do not rely on a password for authorization (the password is never obtained or otherwise prompted for).
When the NOPASS option is included, the password verification logic is correctly bypassed for these commands.
This problem has always existed in the code, but it coincidentally never caused a problem because the length of the stored password in the directory was always 8 bytes or less (if you were running with Password Phrases AND encryption that would expose the problem also).
We have also verified we now account for all the commands and situations that go through this ACI "LOGON logic".
They are LOGON, LOGON BY, AUTOLOG, XAUTOLOG, VMRELOCATE, and AT (AT_LOGON).
This PTF is an update to the CP components, so after you have applied and deployed the PTF, you must run VMXCPG to regenerate the updated CP TEXT file replacements, reinstall the LOCALMODs, and regenerate a new CP nucleus.
Feedback
Yes
No
Powered by
