IBM Support

VM66500: RALTER ADDMEM CAN CAUSE USERSEL PROFILE CORRUPTION

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • RALTER ADDMEM can cause USERSEL profile corruption when
command issuer does not have AUDITOR attribute.

A RALTER command with the ADDMEM parameter to alter a
USERSEL profile in the VMXEVENT class can cause corruption in
the USERSEL profile when the issuer of the RALTER command does
not have the AUDITOR attribute.  RLIST output shows the
corruption as:

CLASS      NAME
-----      ----
VMXEVENT   USERSEL.xxxxxxxx

MEMBER CLASS NAME
------ ----- ----
VXMBR

OPTION  VM EVENT AUDIT AND/OR CONTROL MEMBERS
------  -------------------------------------
"""CTL     DIAG0A0""CTL   DIAG0D4""CTL   DIAG0E4""CT
""CTL     DIAG0A0""CTL   DIAG0D4""CTL   DIAG0E4""CTL
"CTL     DIAG0A0""CTL   DIAG0D4""CTL   DIAG0E4""CTL
CTL     APPCPWVL
CTL     COUPLE.G
""""""  CTL   DIAG0A0""CTL   DIAG0D4""CTL   DIAG0E4"
CTL     DIAG0A0
CTL     DIAG0D4
CTL     DIAG0E4
CTL     DIAG088
CTL     DIAG280
NOCTL   FOR.C
CTL     FOR.G
""""CT  L   DIAG0A0""CTL   DIAG0D4""CTL   DIAG0E4""C
CTL     LINK
AUDIT   LOCK
CTL     MDISK
CTL     RDEVCTRL
AUDIT   SHUTDOWN
CTL     STORE.C
NOCTL   TAG
"""""C  TL   DIAG0A0""CTL   DIAG0D4""CTL   DIAG0E4""
NOCTL   TRANSFER.D
NOCTL   TRANSFER.G
CTL     TRSOURCE
AUDIT   XAUTOLOG.A
""""""  """"""""""""""""""""""""""""""""""""""""""""
""""""  """"""""""""""""""""""""""""""""""""""""""""
""""""  """"""""""""""""""""""""""""""""""""""""""""
""""""  """"""""""""""""""""""""""""""""""""""""""""
""""""  """"""""""""""""""""""""""""""""""""""""""""
""""""  """"""""""""""""""""""""""""""""""""""""""""
""""""  """"""""""""""""""""""""""""""""""""""""""""
...
This sort of corruption of a USERSEL profile can cause various
problems when the userid for the USERSEL profile attempts to
logon.  These problems include:

- Messages on the RACFVM server console including:

RPISEL107W USERSEL PROFILE FOR USER xxxxxxxx CONTAINS AT LEAST
ONE
           INVALID MEMBER.
RPISEL108W FOR USER xxxxxxxx CONTROL WAS TURNED ON AUTOMATICALLY
           FOR AT LEAST ONE CONTROLLABLE VM EVENT.

- The RACFVM server ABENDs with messages similar to:

DMSFRO163S User key pointers have been destroyed (internal error
           code 85
DMSFRM165S Chain header at address: 00EF2E98, Page address:
           00BA4000
DMSFRM165S Chain header contents: 00EF2DC0 00EF4C38 E0810080
           00BA4000 00EFFC40 00000000
DMSFRM817S Subpool name: USER Subbk address: 00EFFC40
DMSABE2047I AUTODUMP dump started; please wait
DMSABE1297I Dump has been taken
CMS
DMSITP144T Operation exception occurred at 0000001C in routine
           SVC 6 while UFDBUSY = 02; re-IPL CMS
DMSABE2047I AUTODUMP dump started; please wait
DMSABE1297I Dump has been taken
19:09:39  * MSG FROM RACFVM  : DMSDIE3550I All APPC/VM and IUCV
paths have  been severed.
HCPMFS057I RACFVM not receiving; disconnected

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All customers that use the RACF Security     *
*                 Server for z/VM.                             *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION: APPLY PTF                                    *
****************************************************************
RALTER and RDEFINE commands with the ADDMEM parameter can cause
corruption of a USERSEL profile in the VMXEVENT class when the
command issuer does not have the AUDITOR attribute.

    



Problem conclusion


    

  • Module IRRCBR00 has been updated to prevent corruption of the
USERSEL profile when using the RALTER or RDEFINE command.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    VM66500
    • 

  • Reported component name
    RACF/VM SUPPORT
    • 

  • Reported component ID
    576700201
    • 

  • Reported release
    710
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-02-12
    • 

  • Closed date
    2021-05-04
    • 

  • Last modified date
    2022-12-13
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UV99399 UV99400
    

    • 



Modules/Macros


    

  • IRRCBR00

    



Fix information


    

  • Fixed component name
    RACF/VM SUPPORT
    • 

  • Fixed component ID
    576700201
    • 



Applicable component levels


    

  • R710  PSY  UV99399
       UP21/05/19  P  2201
    • 

  • R720  PSY  UV99400
       UP21/05/19  I  1000
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"710"}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            13 December 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback