PH67494: DFHAP0001 ABEND0C4 IN DFHTMP01 AFTER TURNING ON SECURITY DISCOVERY AFTER FAILURE DFHXS1605 RECORD TOO LONG FOR BLOCK

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• After turning on security discovery, you may see the following
  errors:
  DFHXS1603  Security Discovery is active. Access requests
            are being discovered for the following
            resource classes: XTRAN.
  DFHLG0302  Journal name DFHSECD has been installed.
            Journal type: MVS DFHSECD.STREAM.NAME.
  DFHLG0742  Log record too long for block.
            Record size 32,258 bytes.
            Block size 32,000 bytes.
            MVS log stream DFHSECD.STREAM.NAME.
  DFHXS1605 Failed to write the Security Discovery Data
           to the DFHSECD logstream.
           Reason: Journal DFHSECD log stream length error
  
  In this case, CICS is adding data to a buffer in storage
  going past the end of it.This causes storage following it
  to be overlaid. In this case it overlaid
  control blocks in the directory domain that caused the
  following program check:
  DFHAP0001  An abend (code 0C4/AKEA) has occurred at
            offset x'00001CF8'in module DFHTMP01
  
  Additional symptoms: KIXREVVG
  SECDISCOVERY overlay program check 0C4
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS users.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: Storage overlay caused by CICS          *
  *                      security discovery data.                *
  ****************************************************************
  CICS has been set up with security discovery. An SPI command to
  write this data, or the regular interval occurs. CICS security
  discovery GETMAINs an area of storage (XSDCLOGB) which is used
  as a buffer to hold CICS security discovery records.
  
  Because the DFHSECD logstream was defined with a blocksize that
  was smaller than the size of the XSDCLOGB, DFHLG0742 is issued.
  
  A DFHXS1605 failure occurs and this prevents
  the buffer from being reset. CICS then continues to try and
  write to this buffer which causes it to go over its defined
  length. As a result, a storage overlay occurs as it accesses
  storage outside of its GETMAIN area.
  
  In the reported case, this led to the following failure:
  
  DFHAP0001  An abend (code 0C4/AKEA) has occurred at
            offset x'00001CF8'in module DFHTMP01
  

Problem conclusion

• CICS has been updated to ensure CICS security discovery does not
  continue to add to its buffer if a DFHXS1605 failure occurs.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UO05236 UO05237

Modules/Macros

• DFHXSDC
  

Fix information

• Fixed component name

  CICS TS Z/OS V6

• Fixed component ID

  5655YA100

Applicable component levels

• R500 PSY UO05237

     UP25/10/09 P F510

• R600 PSY UO05236

     UP25/10/09 P F510

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.