MDDIAG8 - issue CP command from guest MVS3.8J system using Diag8
Most Turnkey3 users will be using the HERCCMD program written by Grzes Plucinski to issue commands the the hercules CP.
As that is provided in object only form and I like source code I have written my own implementation of that utility program provided here as source code. The reference source used for the diagnode 8 instruction and register usage was was IBM manual GC20-1807-7 VM370 System Programmers Guide Rel 6.4-81 available on the bitsavers.org site; and various abend codes during implementation until it was working :-)
As shipped it expects a security product (only tested using RAKF) installed to control access using the FACILITY option DIAG8.
If you do not have any security product installed change the &USERAKF flag
in the source code from 1 to 0, and all the security code will be
removed from the assembled object deck. Not really recomended but if you are
a TK3 user allowing no external access to your system you can remove the
checks for a security product by changing that toggle.
FYI: RAKF is available on CBT tapes now at www.cbttape.org if you want
to install RAKF.
My MDDIAG8 program is available here if you are interested in downloading a DIAG8 guest program you can tweak for your own needs.
RAKF entries expected
If you are using RAKF you should by default prevent all access to FACILITY class object DIAG8, then add only the groups you want to use it with READ access.
For example (colums not correct or course) I use the below to limit access to STCs as my automation is done via a STC and batch jobs and other users should not have access.
FACILITYDIAG8 NONE FACILITYDIAG8 STCGROUPREAD
If you are not using a security product then you can just change the toggle in the source code to assemble it without any security checking. However as RAKF is available on CBT tape now as a fairly simple SMP install and a few batch jobs you really should install it.
Maintenance Notes
The manual advises to always test if the program is running as a
guest VM under a CP (hypervisor/control-program). According to
the manual the cpuid version field byte 1 should be X'FF' if
running under a CP.
MVS3.8J running under hercules does not set that indicator,
the code testing that is available here
if you want to try for yourself, so I do not test for it.
Example console outputs from running it are below
And yes I was lazy, I had left the AWS tape I was testing the command against mounted each time, hence the closed message produced as part of the response as hercules releases the already allocated virtual tape file.
With RAKF not protecting the resource.
$HASP373 MARKA STARTED - INIT 1 - CLASS A - SYS MID1 IEFACTRT - Stepname Procstep Program Retcode MARKA ASMLKD ASM IFOX00 RC= 0000 MARKA ASMLKD LKED IEWL RC= 0000 RAKF0008 UNDEFINED RESOURCE - ACCESS ALLOWED RAKF000B MARK ,MARKA ,FACILITY,DIAG8 MDDIAG8:devinit 480 tapes/MARK01.aws MDDIAG8:HHCTA101I 0480: AWS Tape tapes/MARK01.aws closed MDDIAG8:HHCTA004I 0480: tapes/MARK01.aws is a AWS Format tape file MDDIAG8:HHCPN098I Device 0:0480 initialized a AWS Format tape file MARKA TESTCODE MDDIAG8 RC= 0000 $HASP395 MARKA ENDED
With RAKF denying access to the resource
$HASP373 MARKA STARTED - INIT 1 - CLASS A - SYS MID1 RAKF0005 INVALID ATTEMPT TO ACCESS RESOURCE RAKF000A MARK ,MARKA ,FACILITY,DIAG8 MDDIAG8:YOU ARE NOT AUTHORISED FOR THIS RESOURCE MARKA TESTCODE MDDIAG8 RC= 0004 $HASP395 MARKA ENDED
And with RAKF allowing my group access to the resource
$HASP373 MARKA STARTED - INIT 1 - CLASS A - SYS MID1 MDDIAG8:devinit 480 tapes/MARK01.aws MDDIAG8:HHCTA101I 0480: AWS Tape tapes/MARK01.aws closed MDDIAG8:HHCTA004I 0480: tapes/MARK01.aws is a AWS Format tape file MDDIAG8:HHCPN098I Device 0:0480 initialized a AWS Format tape file MARKA TESTCODE MDDIAG8 RC= 0000 $HASP395 MARKA ENDED