Restricted environments

Specifying LOCAL for the MODE parameter on SETFRR indicates to the system that the FRR can run in either a normal environment or a restricted environment. When an FRR is entered in a restricted environment, it is often called a resource manager because its only purpose is to recover resources. These resources are critical address space resources. Requesting to be able to run in a restricted environment is advantageous when the address space under which the unit of work was running terminates. When you specify MODE=LOCAL, the FRR can run in a different address space, and thus can have the opportunity to clean up the critical resource. The system does not allow FRRs entered in a restricted environment to retry.

MODE=LOCAL should be used by services that need to clean up critical address space related resources serialized by means of a local lock (including the CML lock). When LOCAL is specified and the system cannot enter the FRR in its normal mode, it enters the FRR in the restricted LOCAL mode as long as a local lock is held, and the address space whose lock is held has not terminated or suffered a DAT error.

If it is possible for the FRR to get control in one address space in normal mode and in another address space in restricted mode, the FRR must reside in commonly addressable storage.

The system enters an FRR defined with the LOCAL parameter in LOCAL restricted mode for two different reasons:
  1. The system tried to establish the environment required to enter the FRR in normal mode but could not; this problem can occur, for example, when the SASN is no longer valid.
  2. An address space is terminating and at least one unit of work in that address space is holding the local lock for another address space (CML lock).
    In both cases, the entry environment is:
    • Primary mode, the home address space can be any address space, and the PASN and SASN are the same as the ASN of the locked address space.
    • The system turns on the SDWALCL bit to indicate that the system is entering the routine in LOCAL restricted mode (otherwise, this bit is turned off).
    • The system turns on the SDWACLUP bit to indicate that the routine is not allowed to retry, although, if system conditions permit, nested FRRs are permitted to retry. See Providing recovery for recovery routines for an explanation of nested recovery routines.
The following considerations apply when the system enters the FRR in LOCAL restricted mode as a result of reason 2:
  • If the FRR issues a SETRP macro to request that the system free the CML lock, subsequent FRRs are not entered because the resources in the address space are no longer serialized and therefore no further LOCAL resource clean up can be done.
  • The FRR must not depend on running in task mode because, even though the SETFRR macro was issued in task mode, an FRR entered in LOCAL restricted mode runs in SRB mode. In this case, the information in the SDWA reflects the interrupted process that originally held the CML lock, and the FRR is not permitted to retry.
  • The FRR created with the LOCAL parameter must be prepared to be suspended during its normal mode recovery processing and then be entered a second time in LOCAL restricted mode to recover critical address space resources. If the FRR that is running has defined another FRR, specifying MODE=LOCAL, the newer FRR gets control in LOCAL restricted mode followed by the FRR that was in control at the time of suspension.
Parent topic: Environment on entry to an FRR