search cancel

VERY HIGH consumption of SMF CPU and SMF records 80 AFTER IPL when signing SMF logs

book

Article ID: 243100

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Defined TSS (Top Secret) parameters for activating signing of SMF logs.
All works fine when DYNAMICALLY activation is done with SET SMF=xx , SMFPRMxx contains the RECSIGN parameter .

BUT when this parameter is processed STATICALLY AT IPL TIME , SMF CPUTIME is very high and SMF records 80 counter explodes 
from 1000 by hour to 91,000,00 by hour.


Environment

Release : 16.0

Component : Top Secret for z/OS

Resolution

The calls are  being driven from the SMF address space in cross-memory mode.   The only way to suppress the logging of these smf type=80 events is to code TSSINSTX using the VIOXMEM exit point.

Sample code in order to suppress the logging:

TSSINSTX CSECT                  DO NOT INSERT OR DELETE STATEMENTS HERE
         DC    AL1(#####YES) 84 VIOLATION NOTIFICATION - XMEM   BGS6851

VIOXMEM  DS    0H                                               BGS6851
* USER CODE GOES HERE TO EXAMINE OK+B event from SMF                   
         ICM   R6,15,TXA#FLOG         R6 = Addr Fast Logging Buffer    
         JZ    NOLOG1                                                  
         USING FLOG,R6                                                 
         TM    FLIND1,$FLBYPSS         Bypass Security ?               
         JZ    LOGIT1                  no, log this event              
         ICM   R7,15,TXA#ACID          R7 = Addr Acid                   
         CLC   0(8,R7),=CL8'+SMF'      ACID ID +SMF ?                   
         JE    NOLOG1                  Y, don't log                    
         J     LOGIT1                  N, log it                      
NOLOG1   DS    0H                                                      
         J     EXIT4 Bypass logging                                    
LOGIT1   J     EXIT0 log this event                                    
         DROP  R6                                                      
         EJECT       

 Assemble and link TSSINSTX then set the TSS Parmfile Control Option EXIT(ON).   It can then be activated dynamically via, TSS MODIFY(EXIT(ON)).  Dynamic activation will only be good for the life of the address space so it needs to be in the Parmfile to ensure that it continues to work  after all IPL's/Recycles.