Instruction execution protection

Instruction execution protection allows storage to be allocated in a non-executable state. This helps to protect systems from errors such as stack overflow and malicious attacks. CICS® can use instruction execution protection to protect its dynamic storage areas (DSAs) from instruction execution.

Instruction Execution Protection (IEP) is an IBM Z® hardware function that enables software to mark certain storage areas as non-executable. To use instruction execution protection for DSAs, CICS must run on a level of hardware and operating system that supports IEP. IEP is supported on z/OS® 2.4 and above. z/OS 2.4 and z/OS 2.5 requires APAR PH39134. If the hardware and operating system supports instruction execution protection, message DFHSM0160I is issued during CICS initialization.

By default, protection for CICS DSAs is unavailable even if it is supported by the hardware and operating system in use. You enable it by specifying a feature toggle com.ibm.cics.sm.iep=true (see Specifying feature toggles). If IEP is available and the feature toggle specifies that DSA instruction execution protection is required, message DFHSM0161I is issued during CICS initialization. All DSAs, except those listed below, are protected from instruction execution.

It is still possible to request storage that is not protected from instruction execution, for example:

Work areas for global user exits (GLUE) or task-related user exits (TRUE) by using ENABLE PROGRAM or XPI DFHSMMCX GETMAIN calls. See ENABLE PROGRAM command or The GETMAIN call.
Dynamic storage for assembler programs. See Extending dynamic storage for assembler language programs.

To enable this, some DSAs are never protected from instruction execution. Depending on the attributes of the program, CICS loads the program into one of these unprotected DSAs.

The following DSAs are always created but they are never protected from instruction execution:

PCDSA
PUDSA
EPCDSA
EPUDSA
RDSA (read-only)
ERDSA (read-only)

The following DSAs are not protected from instruction execution if transaction isolation is active:

UDSA
EUDSA

If an attempt is made to execute an instruction in a DSA that is protected from instruction execution (that is, a DSA other than the ones listed above), an 0c4 program interrupt occurs and CICS issues abend AKES. If the program interrupt is caused by application code, the AKES abend is converted into an ASRA abend and presented to the application. Message DFHSR0623 is issued and an exception trace entry is made to help identify the cause of the error. Fields in DSECT DFHTACB and the Program Error Program (PEP) COMMAREA identify the 0c4 program interrupt as a result of instruction execution protection. Diagnostic information, such as dumps of the Storage Manager, indicate whether instruction execution protection is active and the execution protection status of the affected DSA.

Although the allocation of storage used by individual tasks running in the CICS region is not increased by instruction execution protection, the distribution of that storage within the DSAs is changed and you should expect an increase in DSA storage requirements.