SAFEOEACC - Question on LOCK escalation and zIIP spill over
Article ID: 113008
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
Issue/Introduction
IBM Reviewed dumps and showed the following statistics.
# zSUSPs|#LOCL| L-DBG2DIST| #CMLs| CML-ZFS
dump1| 278 | 90 | 87 | 188 | 186
dump2| 245 | 59 | 57 | 187 | 185
dump3| 487 | 52 | 49 | 434 | 433
#zSUSPs: number of SUSPend zIIP SYSTRACE entries in the complete data
#LOCL : number of complete zIIP SYSTRACE LOCL lock SUSPends
L-DBG2DIST: #LOCL entries that were for DBG2DIST's local lock.
#CMLs : number of complete zIIP SYSTRACE CML lock SUSPends.
CML-ZFS: #CMLs entries that were for ZFS's local lock.
The CML suspends are for a PC 30B
"storage obtain" from PSW 2C1E7D36 or PC 311 "Storage Release" from
PSW 2C1E6CAC, for x'270' bytes of subpool zero storage in ASID
x'000F': ZFS. The obtain and release PSWs appear to be in CA-SAF
mod SAFOEACC.
Environment
Release:
Component: ACF2MS
Component: ACF2MS
Resolution
RO64671 (ACF2 r15) states the following...
This CA ACF2 solution adds a new GSO UNIXOPTS record field called BYP-FSA that allows
customers to disable FASTAUTH calls for FSACCESS class resources.
USS applications that leverage the zFS CML Lock, such as Websphere (WAS) servers,
may experience poor performance (response times impacted) when maintenance for FSACCESS
support (IBM and CA) is installed.
IBM added a new security check for the FSACCESS resource class to verify a user's authority to
access the file system objects on z/OS UNIX zFS.
This support was added by IBM APARS OA35970/OA35974 at z/OS 1.12.
This support is included at base z/OS 1.13 and base z/OS 2.1.
With the IBM FSACCESS support in place, ACF2 r15 processing for zFS file authentication issues
RACROUTE FASTAUTH calls against resources in the FSACCESS class.
The issuance of the FSACCESS FASTAUTH calls may increase CML lock contention leading to
application performance degradation and increased server startup times.
This solution adds a mechanism to disable FASTAUTH calls for FSACCESS resources,
thereby alleviating CML lock contention issues.
To resolve lock issues - ignore the FSACCESS calls by setting BYP-FSA in GSO UNIXOPTS record.
This CA ACF2 solution adds a new GSO UNIXOPTS record field called BYP-FSA that allows
customers to disable FASTAUTH calls for FSACCESS class resources.
USS applications that leverage the zFS CML Lock, such as Websphere (WAS) servers,
may experience poor performance (response times impacted) when maintenance for FSACCESS
support (IBM and CA) is installed.
IBM added a new security check for the FSACCESS resource class to verify a user's authority to
access the file system objects on z/OS UNIX zFS.
This support was added by IBM APARS OA35970/OA35974 at z/OS 1.12.
This support is included at base z/OS 1.13 and base z/OS 2.1.
With the IBM FSACCESS support in place, ACF2 r15 processing for zFS file authentication issues
RACROUTE FASTAUTH calls against resources in the FSACCESS class.
The issuance of the FSACCESS FASTAUTH calls may increase CML lock contention leading to
application performance degradation and increased server startup times.
This solution adds a mechanism to disable FASTAUTH calls for FSACCESS resources,
thereby alleviating CML lock contention issues.
To resolve lock issues - ignore the FSACCESS calls by setting BYP-FSA in GSO UNIXOPTS record.
Feedback
Yes
No
Powered by
