The authorization mechanisms which are described in this section permit the control program to estab-lish the degree of function which is provided to a particular semiprivileged program. (A summary of the authorization mechanisms is given in Figure 5-5 on page 5-19. The authorization ~ech
anisms are intended for use by programs conSidered to be semiprivileged, that is, programs which are executed in the problem state but which may be
Chapter 5. Program Execution
5-15
authorized to use additional capabilities. With these authorization controls, a hierarchy of pro-grams may be established, with propro-grams at a higher level having a greater degree of privilege or authority than programs at a lower level. The range of functions available at each level, and the ability to transfer control from a lower to a higher level, are specified in tables which are managed by the control program. When the linkage stack is used, a nonhierarchical transfer of control also can be specified.
A semiprivileged instruction is one which can be executed in the problem state, but which is subject to the control of one or lnore of the authorization mechanisms described in this section. There are 21 semiprivileged instructions and also the privileged LOAD ADDRESS SPACE PARAMETERS instruction that are controlled by the authorization mech-anisms. All semiprivileged and privileged instructions are described in Chapter 10, "Control Instructions. "
The instructions controlled by the authorization mechanisms are listed in Figure 5-5 on page 5-19.
The figure also shows additional authorization mechanisms that do not control specifically semi-privileged instructions; they control implicit access-register translation (access-access-register translation as part of an instruction making a storage reference) and also access-register translation in the LOAD REAL ADDRESS, TEST ACCESS, and TEST PRO-TECTION instructions. These additional mech-anisms (the extended authorization index, ALE sequence number, and ASTE sequence number) are described in the section'" Access- Register-Specified Address Spaces" in this chapter.
Mode Requirements
Most of the semiprivileged instructions can be exe-cuted only with OAT on. Basic PROGRAM CALL, and PROGRAM TRANSFER, are valid only in the primary-space mode. (Basic PROGRAM CALL is the PROGRAM CALL operation when the linkage stack is not used. When the linkage stack is used, the PROG RAM CALL operation is called stacking PROGRAM CALL). MOVE TO PRIMARY and MOVE TO SECONDARY are valid only in the primary-space and secondary-space modes. BRANCH AND STACK, stacking PROGRAM CALL, and PROGRAM RETURN are valid only in the primary-space and access-register modes. EXTRACT STACKED REGISTERS, EXTRACT STACKED STATE, and MODIFY STACKED STATE are valid only in the primary-space, access-register, and home-space modes. When a semipriv-ileged instruction is executed in an invalid trans-5-16 ESAj370 Principles of Operation
lation mode, a special-operation exception is recognized.
PROGRAM TRANSFER specifies a new value for the problem-state bit in the psw. If a program in the problem state attempts to execute PROGRAM TRANSFER and set the supervisor state, a privileged-operation exception is recognized. A privileged-operation exception is also recognized on an attempt to use SET ADDRESS SPACE CONTROL to set the home-space mode in the problem state.
Extraction-Authority Control
The extraction-authority-control bit is located in bit position 4 of control register O. In the problem state, bit 4 must be one to allow completion of these instructions:
• EXTRACT PRIMARY ASN
• EXTRACT SECONDARY ASN
• INSERT ADDRESS SPACE CONTROL
• INSERT PSW KEY
• INSERT VIRTUAL STORAGE KEY
Otherwise, a· privileged-operation exception is recognized. The extraction-authority control is not examined in the supervisor state.
PSW-Key Mask
The psw-key mask consists of bits 0-15 in control register 3. These bits are used in the problem state to control which keys and entry points are author-ized for the program. The psw-key mask is modi-fied by PROGRAM TRANSFER, is modimodi-fied or loaded by PROGRAM CALL, and is loaded by PROGRAM RETURN and LOAD ADDRESS SPACE PARAMETERS.
The psw-key mask is used in the problem state to control the following:
• The psw-key values that can be set by means of the instruction SET psw KEY FROM ADDRESS.
• The psw-key values that are valid for the five move instructions that specify a second access key: MOVE TO PRIMARY, MOVE TO SEC-ONDARY, MOVE WITH KEY, MOVE WITH SOURCE KEY, and MOVE WITH DESTINATION KEY.
• The entry points which can be called by means of PROGRAM CALL. In this case, the psw-key mask is ANDed with the authorization key mask in the entry-table entry, and, if the result is zero, the program is not authorized.
When an instruction in the problem state attempts to use a key not authorized by the psw-key mask, a
privileged-operation exception is recognized. The same action is taken when an instruction in the problem state attempts to call an entry not author-ized by the psw-key mask. The psw-key mask is not examined in the supervisor state, all keys and entry points being valid.
Secondary-Space Control
Bit 5 of control register 0 is the secondary-space-control bit. This bit provides a mechanism whereby the control program can indicate whether or not the secondary segment table has been estab-lished. Bit 5 must be one to allow completion of these instructions:
• MOVE TO PRIMARY
• MOVE TO SECONDARY
• SET ADDRESS SPACE CONTROL
Otherwise, a special-operation exception is recog-nized. The secondary-space control is examined in .~
both the problem and supervisor states.
Subsystem-Linkage Control
When the address-space-function (ASF) control, bit 15 of control register 0, is zero, bit 0 of control reg-ister 5 is the subsystem-linkage-control bit. When the ASF control is one, bit 96 of the primary ASN-second-table entry is the subsystem-linkage-control bit. The subsystem-linkage subsystem-linkage-control must be one to allow completion of these instructions:
• PROGRAM CALL
• PROGRAM TRANSFER
Otherwise, a special-operation exception is recog-nized. The subsystem-linkage control is examined in both the problem and supervisor states and con-troIs both the space-switching and current-primary versions of the instructions.
ASN· Translation Control
Bit 12 of control register 14 is the ASN-translation-control bit. This bit· provides a mechanism whereby the control program can indicate whether ASN translation may occur while a particular program is being executed. Bit 12 must be one to allow completion of these instructions:
• LOAD ADDRESS SPACE PARAMETERS
• SET SECONDARY ASN
• PROGRAM CALL with space switching
• PROGRAM RETURN with space switching and also J'hen the restored secondary ASN is not equal to the restored primary ASN
• PROGRAM TRANSFER with space switching
Otherwise, a special-operation exception is recog-nized. The ASN-translation control is examined in both the problem and supervisor states. The ASN-translation control is examined by PROGRAM CALL even when PROGRAM CALL obtains the address of the ASN-second-table entry directly from the entry-table entry, instead of by performing ASN translation.
Authorization Index
The authorization index is contained in bits 0-15 of control register 4. The authorization index is asso-ciated with the primary address space and is loaded along with the PASN when PROGRAM CALL with space switching, PROGRAM RETURN with space switching, PROGRAM TRANSFER with space switching, or LOAD ADDRESS SPACE PARAMETERS is executed. The authorization index is used to determine whether a program is authorized to establish a particular address space. A program may be authorized to establi~h the address space as a secondary-address space, as a primary-address space, or both. The authorization index is exam-ined in both the problem and supervisor states.
Associated with each address space is an authority table. The authorization index is used to select an entry in the authority table. Each entry contains two bits, which indicate whether the program with that authorization index is permitted to establish the address space as a primary address space, as a secondary address space, or both.
The instruction SET SECONDARY ASN with space switching, and the instruction PROGRAM RETURN when the restored secondary ASN is not equal to the restored primary ASN, use the authorization index to test the secondary -authority bit in the authority-table entry to determine if the address space can be established as a secondary address space. The tested bit must be one; otherwise, a secondary-authority exception is recognized.
The instruction PROGRAM TRANSFER with space switching uses the authorization index to test the primary-authority bit in the authority-table entry to determine if the address space can be established as a primary address space. The tested bit must be one; otherwise, a primary-authority exception is recognized.
The instruction PROG RAM CALL with space switching causes a new authorization index to be loaded from the ASN-second-table entry. This permits the program which is called to be given an
Chapter 5. Program Execution 5-17
authorization index which authorizes it to access more or different address spaces than those author-ized for the calling program. The instructions PROGRAM RETURN with space switching and PROGRAM TRANSFER with space switching restore the authorization index that is associated with the returned-to address space.
The secondary-authority bit in the authority-table entry may also be used, along with the extended authorization index, to determine if the program is authorized to use an list entry in access-register translation. This is described in the section
"Access-Register-Specified Address Spaces" in this chapter.
Access-Register and Linkage-Stack Mechanisms
Bit 15 of control register 0 is the address-space-function (ASF) control bit. Bit 15 must be one to allow completion of these instructions:
• BRANCH AND STACK
• EXTRACT STACKED REGISTERS
• EXTRACTSTACKEDSTATE
• MODIFY STACKED STATE
• PROGRAM RETURN
• TEST ACCESS
Otherwise, a special-operation exception is recog-nized. The ASF control is examined in both the
5-18
ESA/370 Principles of Operationproblem and supervisor states and controls both the space-switching and current-primary forms of PROGRAM RETURN.
Under certain circumstances when the ASF control is or has been zero,erroneous entries may exist in the ART-Iookaside buffer (ALB), and this can cause erroneous access-register translation. A description of the circumstances and of how to remove the erroneous entries from the ALB appears in the section "Formation of ALB Entries" in this chapter.
The ASF control also controls the setting of the access-register mode by SET ADDRESS SPACE CO NTRO L, the availability of the stacking PROGRAM CALL operation, control-register con-tents, the sizes of the entry-table entry and ASN-second-table entry, and other functions. A complete description of the effects of the ASF control is in the section "Address-Space-Function Control" in this chapter.
The use of access registers also involves the extended authorization index, ALE sequence number, and ASTE sequence number as authori-zation mechanisms. These are described in the section "Access-Register-Specified Address Spaces"
in this chapter.
.
~Authorization Mechanism
Func- Space
tion Mode PSW- Ext.-
Sw.-or Requirement Sec.- ASN- Extr. Key Auth. Auth. Event
In- Subs. Space Trans. Auth. Mask Index Index ALE ASTE ASF Ctl.
struc- Pro Trans. Link. Ctl. Ctl. Ctl. (3.0- (4.0- (8.0- Seq. Seq. Ctl. (1. 0, tion Ope Mode Ctl.7 (0.5) (14.12) (0.4) 3.15) 4.15) 8.15) No.8 No.9 (0.15) 13.0)
Implic. A EA ALQ ASQ EALB
AR trans.
BAKR SO-PA SO
EPAR SO-PSAH Q
EREG SO-PAH SO
ESAR SO-PSAH Q
ESTA SO-PAH SO
lAC SO-PSAH Q
IPK Q
IVSK SO-PSAH Q
LRA P CCA CCA CCA
LASP P SO CC Y CC
MSTA SO-PAH SO
MVCDK Q
MVCP SO-PS SO Q
~
...
MVCS SO-PSso
QMVCSK Q
MVCK Q
bPC-cp SO-P SO Q1 Y
sPC-cp SO-PA SO Q1 Z
bPC-ss SO-P SO SO Q1 Y Xl
sPC-ss SO-PA SO SO Q1 Z Xl
PR-cp SO-PA S04 SA6 SO
PR-ss SO-PA SO PASA6 SO Xl
PT-cp Q2 SO-P SO
PT-ss Q2 SO-P SO SO PA Y Xl
SAC Q3 SO-PSAH SO S05 X2
SPKA Q
SSAR-cp SO-PSAH SO
SSAR-ss SO-PSAH SO SA Y
TAR CC CC CC SO
TPROT P CC CC CC
Figure 5-5. Summary of Authorization Mechanisms
Chapter 5. Program Execution 5-19
Explanation for Summary of Authorization authorization key mask in the entry-table entry. when in the problem state.
ASN translation is performed for the new SASN, and the exception may be recog-nized, only when the new SASN is not equal to the new PASN.
The exception is recognized on an attempt to set the access-register mode.
Secondary authority is checked for the new SASN, and the exception may be recognized, only when the new SASN is not equal to the new PASN.
Subsystem-linkage control is bit 0 of control register 5 if the address-space-function (ASF) control, bit 15 of control register 0, is zero; or it is bit 96 of the primary ASN-second-table entry if the ASF control is one.
ALE sequence number is bits 8-15 of the access-list-entry token and bits 8-15 of the access-list entry.
ASTE sequence number is bits 96-127 of the access-list entry and bits 160-191 of the ASN-second-table entry.
Access-register translation occurs only in the access-register mode.
ALE-sequence exception.
ASTE-sequence exception.
Basic (nonstacking) PROGRAM CALL.
Test results in setting a condition code.
Test results in setting a condition code.
The test occurs only in the access-register mode.
Control register x, bit position y.
Extended-authority exception.
5-20
ESAj370 Principles of OperationEALB exist under certain circumstances. See the section "Formation of ALB Entries" in ' ....
this chapter.
Privileged~operation exception for privi-leged instruction.
Primary-authority exception.
Primary-authority exception or secondary -authority exception.
Privileged-operation exception for semi-privileged instruction. Authority checked _ only in the problem state.
Secondary-authority exception.
SO Special-operation exception.
sO-P CPU must be in the primary-space mode;
special-operation exception if the CPU is in the secondary-space, access-register, home-space, or real mode.
SO-PA CPU must be in the primary-space or access-register mode; special-operation exception if the CPU is in the secondary-space, home-secondary-space, or real mode.
SO-PAH CPU must be in the primary-space, access-..;'1IIrIIII register, or home-space mode; special-operation exception if the CPU is in the secondary-space or real mode.
so-ps CPU must be in the primary-space or secondary-space mode; special-operation exception if the CPU is in the home-space, access-register, or real mode.
SO-PSAH CPU must be in the primary-space, secondary-space, access-register, or home-space mode; special-operation exception if the CPU is in the real mode. space-switch event is recognized. The operation is completed.
When bit 0 of control register 1 or 13 is one and the instruction space is changed to or from the home address space, a space-switch event is recognized. The operation is completed.
The bit is tested to determine the size of the ASTE and/or the E T E . · . . .., ~