SAFEOEACC - Question on LOCK escalation and zIIP spill over

Document ID : KB000113008
Last Modified Date : 04/09/2018
Show Technical Document Details
IBM Reviewed dumps and showed the following statistics.                                                        
 #          zSUSPs|#LOCL| L-DBG2DIST|   #CMLs|  CML-ZFS                         
  dump1|  278   |      90  |    87               | 188        | 186                            
  dump2|  245   |     59   |    57               | 187        | 185                            
  dump3|  487   |     52   |    49               | 434         | 433                            
 #zSUSPs: number of SUSPend zIIP SYSTRACE entries in the complete data  
 #LOCL  : number of complete zIIP SYSTRACE LOCL lock SUSPends           
 L-DBG2DIST: #LOCL entries that were for DBG2DIST's local lock.         
 #CMLs  : number of complete zIIP SYSTRACE CML lock SUSPends.           
 CML-ZFS: #CMLs entries that were for ZFS's local lock.                 
  The CML suspends are for a PC 30B    
  "storage obtain" from PSW 2C1E7D36 or PC 311 "Storage  Release" from  
  PSW 2C1E6CAC, for x'270' bytes of subpool zero storage in ASID        
  x'000F': ZFS. The obtain and release PSWs appear to be in CA-SAF      
RO64671  (ACF2 r15) states the following...
This CA ACF2 solution adds a new GSO UNIXOPTS record field called BYP-FSA that allows
customers to disable FASTAUTH calls for FSACCESS class resources.
USS applications that leverage the zFS CML Lock, such as Websphere (WAS) servers,
may experience poor performance (response times impacted) when maintenance for FSACCESS
support (IBM and CA) is installed.
IBM added a new security check for the FSACCESS resource class to verify a user's authority to
access the file system objects on z/OS UNIX zFS.
This support was added by IBM APARS OA35970/OA35974 at z/OS 1.12.
This support is included at base z/OS 1.13 and base z/OS 2.1.
With the IBM FSACCESS support in place, ACF2 r15 processing for zFS file authentication issues
RACROUTE FASTAUTH calls against resources in the FSACCESS class.
The issuance of the FSACCESS FASTAUTH calls may increase CML lock contention leading to
application performance degradation and increased server startup times.
This solution adds a mechanism to disable FASTAUTH calls for FSACCESS resources,
thereby alleviating CML lock contention issues.

To resolve lock issues - ignore the FSACCESS calls by setting BYP-FSA in GSO UNIXOPTS record.