LXR qemu/target-s390x/kvm.c

   1/*
   2 * QEMU S390x KVM implementation
   3 *
   4 * Copyright (c) 2009 Alexander Graf <agraf@suse.de>
   5 * Copyright IBM Corp. 2012
   6 *
   7 * This library is free software; you can redistribute it and/or
   8 * modify it under the terms of the GNU Lesser General Public
   9 * License as published by the Free Software Foundation; either
  10 * version 2 of the License, or (at your option) any later version.
  11 *
  12 * This library is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15 * Lesser General Public License for more details.
  16 *
  17 * Contributions after 2012-10-29 are licensed under the terms of the
  18 * GNU GPL, version 2 or (at your option) any later version.
  19 *
  20 * You should have received a copy of the GNU (Lesser) General Public
  21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24#include "qemu/osdep.h"
  25#include <sys/ioctl.h>
  26
  27#include <linux/kvm.h>
  28#include <asm/ptrace.h>
  29
  30#include "qemu-common.h"
  31#include "cpu.h"
  32#include "qemu/error-report.h"
  33#include "qemu/timer.h"
  34#include "sysemu/sysemu.h"
  35#include "sysemu/kvm.h"
  36#include "hw/hw.h"
  37#include "sysemu/device_tree.h"
  38#include "qapi/qmp/qjson.h"
  39#include "exec/gdbstub.h"
  40#include "exec/address-spaces.h"
  41#include "trace.h"
  42#include "qapi-event.h"
  43#include "hw/s390x/s390-pci-inst.h"
  44#include "hw/s390x/s390-pci-bus.h"
  45#include "hw/s390x/ipl.h"
  46#include "hw/s390x/ebcdic.h"
  47#include "exec/memattrs.h"
  48#include "hw/s390x/s390-virtio-ccw.h"
  49
  50/* #define DEBUG_KVM */
  51
  52#ifdef DEBUG_KVM
  53#define DPRINTF(fmt, ...) \
  54    do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
  55#else
  56#define DPRINTF(fmt, ...) \
  57    do { } while (0)
  58#endif
  59
  60#define kvm_vm_check_mem_attr(s, attr) \
  61    kvm_vm_check_attr(s, KVM_S390_VM_MEM_CTRL, attr)
  62
  63#define IPA0_DIAG                       0x8300
  64#define IPA0_SIGP                       0xae00
  65#define IPA0_B2                         0xb200
  66#define IPA0_B9                         0xb900
  67#define IPA0_EB                         0xeb00
  68#define IPA0_E3                         0xe300
  69
  70#define PRIV_B2_SCLP_CALL               0x20
  71#define PRIV_B2_CSCH                    0x30
  72#define PRIV_B2_HSCH                    0x31
  73#define PRIV_B2_MSCH                    0x32
  74#define PRIV_B2_SSCH                    0x33
  75#define PRIV_B2_STSCH                   0x34
  76#define PRIV_B2_TSCH                    0x35
  77#define PRIV_B2_TPI                     0x36
  78#define PRIV_B2_SAL                     0x37
  79#define PRIV_B2_RSCH                    0x38
  80#define PRIV_B2_STCRW                   0x39
  81#define PRIV_B2_STCPS                   0x3a
  82#define PRIV_B2_RCHP                    0x3b
  83#define PRIV_B2_SCHM                    0x3c
  84#define PRIV_B2_CHSC                    0x5f
  85#define PRIV_B2_SIGA                    0x74
  86#define PRIV_B2_XSCH                    0x76
  87
  88#define PRIV_EB_SQBS                    0x8a
  89#define PRIV_EB_PCISTB                  0xd0
  90#define PRIV_EB_SIC                     0xd1
  91
  92#define PRIV_B9_EQBS                    0x9c
  93#define PRIV_B9_CLP                     0xa0
  94#define PRIV_B9_PCISTG                  0xd0
  95#define PRIV_B9_PCILG                   0xd2
  96#define PRIV_B9_RPCIT                   0xd3
  97
  98#define PRIV_E3_MPCIFC                  0xd0
  99#define PRIV_E3_STPCIFC                 0xd4
 100
 101#define DIAG_TIMEREVENT                 0x288
 102#define DIAG_IPL                        0x308
 103#define DIAG_KVM_HYPERCALL              0x500
 104#define DIAG_KVM_BREAKPOINT             0x501
 105
 106#define ICPT_INSTRUCTION                0x04
 107#define ICPT_PROGRAM                    0x08
 108#define ICPT_EXT_INT                    0x14
 109#define ICPT_WAITPSW                    0x1c
 110#define ICPT_SOFT_INTERCEPT             0x24
 111#define ICPT_CPU_STOP                   0x28
 112#define ICPT_IO                         0x40
 113
 114#define NR_LOCAL_IRQS 32
 115/*
 116 * Needs to be big enough to contain max_cpus emergency signals
 117 * and in addition NR_LOCAL_IRQS interrupts
 118 */
 119#define VCPU_IRQ_BUF_SIZE (sizeof(struct kvm_s390_irq) * \
 120                           (max_cpus + NR_LOCAL_IRQS))
 121
 122static CPUWatchpoint hw_watchpoint;
 123/*
 124 * We don't use a list because this structure is also used to transmit the
 125 * hardware breakpoints to the kernel.
 126 */
 127static struct kvm_hw_breakpoint *hw_breakpoints;
 128static int nb_hw_breakpoints;
 129
 130const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 131    KVM_CAP_LAST_INFO
 132};
 133
 134static int cap_sync_regs;
 135static int cap_async_pf;
 136static int cap_mem_op;
 137static int cap_s390_irq;
 138static int cap_ri;
 139
 140static void *legacy_s390_alloc(size_t size, uint64_t *align);
 141
 142static int kvm_s390_query_mem_limit(KVMState *s, uint64_t *memory_limit)
 143{
 144    struct kvm_device_attr attr = {
 145        .group = KVM_S390_VM_MEM_CTRL,
 146        .attr = KVM_S390_VM_MEM_LIMIT_SIZE,
 147        .addr = (uint64_t) memory_limit,
 148    };
 149
 150    return kvm_vm_ioctl(s, KVM_GET_DEVICE_ATTR, &attr);
 151}
 152
 153int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t *hw_limit)
 154{
 155    int rc;
 156
 157    struct kvm_device_attr attr = {
 158        .group = KVM_S390_VM_MEM_CTRL,
 159        .attr = KVM_S390_VM_MEM_LIMIT_SIZE,
 160        .addr = (uint64_t) &new_limit,
 161    };
 162
 163    if (!kvm_vm_check_mem_attr(s, KVM_S390_VM_MEM_LIMIT_SIZE)) {
 164        return 0;
 165    }
 166
 167    rc = kvm_s390_query_mem_limit(s, hw_limit);
 168    if (rc) {
 169        return rc;
 170    } else if (*hw_limit < new_limit) {
 171        return -E2BIG;
 172    }
 173
 174    return kvm_vm_ioctl(s, KVM_SET_DEVICE_ATTR, &attr);
 175}
 176
 177void kvm_s390_cmma_reset(void)
 178{
 179    int rc;
 180    struct kvm_device_attr attr = {
 181        .group = KVM_S390_VM_MEM_CTRL,
 182        .attr = KVM_S390_VM_MEM_CLR_CMMA,
 183    };
 184
 185    rc = kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attr);
 186    trace_kvm_clear_cmma(rc);
 187}
 188
 189static void kvm_s390_enable_cmma(KVMState *s)
 190{
 191    int rc;
 192    struct kvm_device_attr attr = {
 193        .group = KVM_S390_VM_MEM_CTRL,
 194        .attr = KVM_S390_VM_MEM_ENABLE_CMMA,
 195    };
 196
 197    if (!kvm_vm_check_mem_attr(s, KVM_S390_VM_MEM_ENABLE_CMMA) ||
 198        !kvm_vm_check_mem_attr(s, KVM_S390_VM_MEM_CLR_CMMA)) {
 199        return;
 200    }
 201
 202    rc = kvm_vm_ioctl(s, KVM_SET_DEVICE_ATTR, &attr);
 203    trace_kvm_enable_cmma(rc);
 204}
 205
 206static void kvm_s390_set_attr(uint64_t attr)
 207{
 208    struct kvm_device_attr attribute = {
 209        .group = KVM_S390_VM_CRYPTO,
 210        .attr  = attr,
 211    };
 212
 213    int ret = kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attribute);
 214
 215    if (ret) {
 216        error_report("Failed to set crypto device attribute %lu: %s",
 217                     attr, strerror(-ret));
 218    }
 219}
 220
 221static void kvm_s390_init_aes_kw(void)
 222{
 223    uint64_t attr = KVM_S390_VM_CRYPTO_DISABLE_AES_KW;
 224
 225    if (object_property_get_bool(OBJECT(qdev_get_machine()), "aes-key-wrap",
 226                                 NULL)) {
 227            attr = KVM_S390_VM_CRYPTO_ENABLE_AES_KW;
 228    }
 229
 230    if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) {
 231            kvm_s390_set_attr(attr);
 232    }
 233}
 234
 235static void kvm_s390_init_dea_kw(void)
 236{
 237    uint64_t attr = KVM_S390_VM_CRYPTO_DISABLE_DEA_KW;
 238
 239    if (object_property_get_bool(OBJECT(qdev_get_machine()), "dea-key-wrap",
 240                                 NULL)) {
 241            attr = KVM_S390_VM_CRYPTO_ENABLE_DEA_KW;
 242    }
 243
 244    if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) {
 245            kvm_s390_set_attr(attr);
 246    }
 247}
 248
 249void kvm_s390_crypto_reset(void)
 250{
 251    kvm_s390_init_aes_kw();
 252    kvm_s390_init_dea_kw();
 253}
 254
 255int kvm_arch_init(MachineState *ms, KVMState *s)
 256{
 257    cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);
 258    cap_async_pf = kvm_check_extension(s, KVM_CAP_ASYNC_PF);
 259    cap_mem_op = kvm_check_extension(s, KVM_CAP_S390_MEM_OP);
 260    cap_s390_irq = kvm_check_extension(s, KVM_CAP_S390_INJECT_IRQ);
 261
 262    if (!mem_path) {
 263        kvm_s390_enable_cmma(s);
 264    }
 265
 266    if (!kvm_check_extension(s, KVM_CAP_S390_GMAP)
 267        || !kvm_check_extension(s, KVM_CAP_S390_COW)) {
 268        phys_mem_set_alloc(legacy_s390_alloc);
 269    }
 270
 271    kvm_vm_enable_cap(s, KVM_CAP_S390_USER_SIGP, 0);
 272    kvm_vm_enable_cap(s, KVM_CAP_S390_VECTOR_REGISTERS, 0);
 273    kvm_vm_enable_cap(s, KVM_CAP_S390_USER_STSI, 0);
 274    if (ri_allowed()) {
 275        if (kvm_vm_enable_cap(s, KVM_CAP_S390_RI, 0) == 0) {
 276            cap_ri = 1;
 277        }
 278    }
 279
 280    return 0;
 281}
 282
 283unsigned long kvm_arch_vcpu_id(CPUState *cpu)
 284{
 285    return cpu->cpu_index;
 286}
 287
 288int kvm_arch_init_vcpu(CPUState *cs)
 289{
 290    S390CPU *cpu = S390_CPU(cs);
 291    kvm_s390_set_cpu_state(cpu, cpu->env.cpu_state);
 292    cpu->irqstate = g_malloc0(VCPU_IRQ_BUF_SIZE);
 293    return 0;
 294}
 295
 296void kvm_s390_reset_vcpu(S390CPU *cpu)
 297{
 298    CPUState *cs = CPU(cpu);
 299
 300    /* The initial reset call is needed here to reset in-kernel
 301     * vcpu data that we can't access directly from QEMU
 302     * (i.e. with older kernels which don't support sync_regs/ONE_REG).
 303     * Before this ioctl cpu_synchronize_state() is called in common kvm
 304     * code (kvm-all) */
 305    if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) {
 306        error_report("Initial CPU reset failed on CPU %i", cs->cpu_index);
 307    }
 308}
 309
 310static int can_sync_regs(CPUState *cs, int regs)
 311{
 312    return cap_sync_regs && (cs->kvm_run->kvm_valid_regs & regs) == regs;
 313}
 314
 315int kvm_arch_put_registers(CPUState *cs, int level)
 316{
 317    S390CPU *cpu = S390_CPU(cs);
 318    CPUS390XState *env = &cpu->env;
 319    struct kvm_sregs sregs;
 320    struct kvm_regs regs;
 321    struct kvm_fpu fpu = {};
 322    int r;
 323    int i;
 324
 325    /* always save the PSW  and the GPRS*/
 326    cs->kvm_run->psw_addr = env->psw.addr;
 327    cs->kvm_run->psw_mask = env->psw.mask;
 328
 329    if (can_sync_regs(cs, KVM_SYNC_GPRS)) {
 330        for (i = 0; i < 16; i++) {
 331            cs->kvm_run->s.regs.gprs[i] = env->regs[i];
 332            cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_GPRS;
 333        }
 334    } else {
 335        for (i = 0; i < 16; i++) {
 336            regs.gprs[i] = env->regs[i];
 337        }
 338        r = kvm_vcpu_ioctl(cs, KVM_SET_REGS, &regs);
 339        if (r < 0) {
 340            return r;
 341        }
 342    }
 343
 344    if (can_sync_regs(cs, KVM_SYNC_VRS)) {
 345        for (i = 0; i < 32; i++) {
 346            cs->kvm_run->s.regs.vrs[i][0] = env->vregs[i][0].ll;
 347            cs->kvm_run->s.regs.vrs[i][1] = env->vregs[i][1].ll;
 348        }
 349        cs->kvm_run->s.regs.fpc = env->fpc;
 350        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_VRS;
 351    } else if (can_sync_regs(cs, KVM_SYNC_FPRS)) {
 352        for (i = 0; i < 16; i++) {
 353            cs->kvm_run->s.regs.fprs[i] = get_freg(env, i)->ll;
 354        }
 355        cs->kvm_run->s.regs.fpc = env->fpc;
 356        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_FPRS;
 357    } else {
 358        /* Floating point */
 359        for (i = 0; i < 16; i++) {
 360            fpu.fprs[i] = get_freg(env, i)->ll;
 361        }
 362        fpu.fpc = env->fpc;
 363
 364        r = kvm_vcpu_ioctl(cs, KVM_SET_FPU, &fpu);
 365        if (r < 0) {
 366            return r;
 367        }
 368    }
 369
 370    /* Do we need to save more than that? */
 371    if (level == KVM_PUT_RUNTIME_STATE) {
 372        return 0;
 373    }
 374
 375    if (can_sync_regs(cs, KVM_SYNC_ARCH0)) {
 376        cs->kvm_run->s.regs.cputm = env->cputm;
 377        cs->kvm_run->s.regs.ckc = env->ckc;
 378        cs->kvm_run->s.regs.todpr = env->todpr;
 379        cs->kvm_run->s.regs.gbea = env->gbea;
 380        cs->kvm_run->s.regs.pp = env->pp;
 381        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_ARCH0;
 382    } else {
 383        /*
 384         * These ONE_REGS are not protected by a capability. As they are only
 385         * necessary for migration we just trace a possible error, but don't
 386         * return with an error return code.
 387         */
 388        kvm_set_one_reg(cs, KVM_REG_S390_CPU_TIMER, &env->cputm);
 389        kvm_set_one_reg(cs, KVM_REG_S390_CLOCK_COMP, &env->ckc);
 390        kvm_set_one_reg(cs, KVM_REG_S390_TODPR, &env->todpr);
 391        kvm_set_one_reg(cs, KVM_REG_S390_GBEA, &env->gbea);
 392        kvm_set_one_reg(cs, KVM_REG_S390_PP, &env->pp);
 393    }
 394
 395    if (can_sync_regs(cs, KVM_SYNC_RICCB)) {
 396        memcpy(cs->kvm_run->s.regs.riccb, env->riccb, 64);
 397        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_RICCB;
 398    }
 399
 400    /* pfault parameters */
 401    if (can_sync_regs(cs, KVM_SYNC_PFAULT)) {
 402        cs->kvm_run->s.regs.pft = env->pfault_token;
 403        cs->kvm_run->s.regs.pfs = env->pfault_select;
 404        cs->kvm_run->s.regs.pfc = env->pfault_compare;
 405        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_PFAULT;
 406    } else if (cap_async_pf) {
 407        r = kvm_set_one_reg(cs, KVM_REG_S390_PFTOKEN, &env->pfault_token);
 408        if (r < 0) {
 409            return r;
 410        }
 411        r = kvm_set_one_reg(cs, KVM_REG_S390_PFCOMPARE, &env->pfault_compare);
 412        if (r < 0) {
 413            return r;
 414        }
 415        r = kvm_set_one_reg(cs, KVM_REG_S390_PFSELECT, &env->pfault_select);
 416        if (r < 0) {
 417            return r;
 418        }
 419    }
 420
 421    /* access registers and control registers*/
 422    if (can_sync_regs(cs, KVM_SYNC_ACRS | KVM_SYNC_CRS)) {
 423        for (i = 0; i < 16; i++) {
 424            cs->kvm_run->s.regs.acrs[i] = env->aregs[i];
 425            cs->kvm_run->s.regs.crs[i] = env->cregs[i];
 426        }
 427        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_ACRS;
 428        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_CRS;
 429    } else {
 430        for (i = 0; i < 16; i++) {
 431            sregs.acrs[i] = env->aregs[i];
 432            sregs.crs[i] = env->cregs[i];
 433        }
 434        r = kvm_vcpu_ioctl(cs, KVM_SET_SREGS, &sregs);
 435        if (r < 0) {
 436            return r;
 437        }
 438    }
 439
 440    /* Finally the prefix */
 441    if (can_sync_regs(cs, KVM_SYNC_PREFIX)) {
 442        cs->kvm_run->s.regs.prefix = env->psa;
 443        cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_PREFIX;
 444    } else {
 445        /* prefix is only supported via sync regs */
 446    }
 447    return 0;
 448}
 449
 450int kvm_arch_get_registers(CPUState *cs)
 451{
 452    S390CPU *cpu = S390_CPU(cs);
 453    CPUS390XState *env = &cpu->env;
 454    struct kvm_sregs sregs;
 455    struct kvm_regs regs;
 456    struct kvm_fpu fpu;
 457    int i, r;
 458
 459    /* get the PSW */
 460    env->psw.addr = cs->kvm_run->psw_addr;
 461    env->psw.mask = cs->kvm_run->psw_mask;
 462
 463    /* the GPRS */
 464    if (can_sync_regs(cs, KVM_SYNC_GPRS)) {
 465        for (i = 0; i < 16; i++) {
 466            env->regs[i] = cs->kvm_run->s.regs.gprs[i];
 467        }
 468    } else {
 469        r = kvm_vcpu_ioctl(cs, KVM_GET_REGS, &regs);
 470        if (r < 0) {
 471            return r;
 472        }
 473         for (i = 0; i < 16; i++) {
 474            env->regs[i] = regs.gprs[i];
 475        }
 476    }
 477
 478    /* The ACRS and CRS */
 479    if (can_sync_regs(cs, KVM_SYNC_ACRS | KVM_SYNC_CRS)) {
 480        for (i = 0; i < 16; i++) {
 481            env->aregs[i] = cs->kvm_run->s.regs.acrs[i];
 482            env->cregs[i] = cs->kvm_run->s.regs.crs[i];
 483        }
 484    } else {
 485        r = kvm_vcpu_ioctl(cs, KVM_GET_SREGS, &sregs);
 486        if (r < 0) {
 487            return r;
 488        }
 489         for (i = 0; i < 16; i++) {
 490            env->aregs[i] = sregs.acrs[i];
 491            env->cregs[i] = sregs.crs[i];
 492        }
 493    }
 494
 495    /* Floating point and vector registers */
 496    if (can_sync_regs(cs, KVM_SYNC_VRS)) {
 497        for (i = 0; i < 32; i++) {
 498            env->vregs[i][0].ll = cs->kvm_run->s.regs.vrs[i][0];
 499            env->vregs[i][1].ll = cs->kvm_run->s.regs.vrs[i][1];
 500        }
 501        env->fpc = cs->kvm_run->s.regs.fpc;
 502    } else if (can_sync_regs(cs, KVM_SYNC_FPRS)) {
 503        for (i = 0; i < 16; i++) {
 504            get_freg(env, i)->ll = cs->kvm_run->s.regs.fprs[i];
 505        }
 506        env->fpc = cs->kvm_run->s.regs.fpc;
 507    } else {
 508        r = kvm_vcpu_ioctl(cs, KVM_GET_FPU, &fpu);
 509        if (r < 0) {
 510            return r;
 511        }
 512        for (i = 0; i < 16; i++) {
 513            get_freg(env, i)->ll = fpu.fprs[i];
 514        }
 515        env->fpc = fpu.fpc;
 516    }
 517
 518    /* The prefix */
 519    if (can_sync_regs(cs, KVM_SYNC_PREFIX)) {
 520        env->psa = cs->kvm_run->s.regs.prefix;
 521    }
 522
 523    if (can_sync_regs(cs, KVM_SYNC_ARCH0)) {
 524        env->cputm = cs->kvm_run->s.regs.cputm;
 525        env->ckc = cs->kvm_run->s.regs.ckc;
 526        env->todpr = cs->kvm_run->s.regs.todpr;
 527        env->gbea = cs->kvm_run->s.regs.gbea;
 528        env->pp = cs->kvm_run->s.regs.pp;
 529    } else {
 530        /*
 531         * These ONE_REGS are not protected by a capability. As they are only
 532         * necessary for migration we just trace a possible error, but don't
 533         * return with an error return code.
 534         */
 535        kvm_get_one_reg(cs, KVM_REG_S390_CPU_TIMER, &env->cputm);
 536        kvm_get_one_reg(cs, KVM_REG_S390_CLOCK_COMP, &env->ckc);
 537        kvm_get_one_reg(cs, KVM_REG_S390_TODPR, &env->todpr);
 538        kvm_get_one_reg(cs, KVM_REG_S390_GBEA, &env->gbea);
 539        kvm_get_one_reg(cs, KVM_REG_S390_PP, &env->pp);
 540    }
 541
 542    if (can_sync_regs(cs, KVM_SYNC_RICCB)) {
 543        memcpy(env->riccb, cs->kvm_run->s.regs.riccb, 64);
 544    }
 545
 546    /* pfault parameters */
 547    if (can_sync_regs(cs, KVM_SYNC_PFAULT)) {
 548        env->pfault_token = cs->kvm_run->s.regs.pft;
 549        env->pfault_select = cs->kvm_run->s.regs.pfs;
 550        env->pfault_compare = cs->kvm_run->s.regs.pfc;
 551    } else if (cap_async_pf) {
 552        r = kvm_get_one_reg(cs, KVM_REG_S390_PFTOKEN, &env->pfault_token);
 553        if (r < 0) {
 554            return r;
 555        }
 556        r = kvm_get_one_reg(cs, KVM_REG_S390_PFCOMPARE, &env->pfault_compare);
 557        if (r < 0) {
 558            return r;
 559        }
 560        r = kvm_get_one_reg(cs, KVM_REG_S390_PFSELECT, &env->pfault_select);
 561        if (r < 0) {
 562            return r;
 563        }
 564    }
 565
 566    return 0;
 567}
 568
 569int kvm_s390_get_clock(uint8_t *tod_high, uint64_t *tod_low)
 570{
 571    int r;
 572    struct kvm_device_attr attr = {
 573        .group = KVM_S390_VM_TOD,
 574        .attr = KVM_S390_VM_TOD_LOW,
 575        .addr = (uint64_t)tod_low,
 576    };
 577
 578    r = kvm_vm_ioctl(kvm_state, KVM_GET_DEVICE_ATTR, &attr);
 579    if (r) {
 580        return r;
 581    }
 582
 583    attr.attr = KVM_S390_VM_TOD_HIGH;
 584    attr.addr = (uint64_t)tod_high;
 585    return kvm_vm_ioctl(kvm_state, KVM_GET_DEVICE_ATTR, &attr);
 586}
 587
 588int kvm_s390_set_clock(uint8_t *tod_high, uint64_t *tod_low)
 589{
 590    int r;
 591
 592    struct kvm_device_attr attr = {
 593        .group = KVM_S390_VM_TOD,
 594        .attr = KVM_S390_VM_TOD_LOW,
 595        .addr = (uint64_t)tod_low,
 596    };
 597
 598    r = kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attr);
 599    if (r) {
 600        return r;
 601    }
 602
 603    attr.attr = KVM_S390_VM_TOD_HIGH;
 604    attr.addr = (uint64_t)tod_high;
 605    return kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attr);
 606}
 607
 608/**
 609 * kvm_s390_mem_op:
 610 * @addr:      the logical start address in guest memory
 611 * @ar:        the access register number
 612 * @hostbuf:   buffer in host memory. NULL = do only checks w/o copying
 613 * @len:       length that should be transferred
 614 * @is_write:  true = write, false = read
 615 * Returns:    0 on success, non-zero if an exception or error occurred
 616 *
 617 * Use KVM ioctl to read/write from/to guest memory. An access exception
 618 * is injected into the vCPU in case of translation errors.
 619 */
 620int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf,
 621                    int len, bool is_write)
 622{
 623    struct kvm_s390_mem_op mem_op = {
 624        .gaddr = addr,
 625        .flags = KVM_S390_MEMOP_F_INJECT_EXCEPTION,
 626        .size = len,
 627        .op = is_write ? KVM_S390_MEMOP_LOGICAL_WRITE
 628                       : KVM_S390_MEMOP_LOGICAL_READ,
 629        .buf = (uint64_t)hostbuf,
 630        .ar = ar,
 631    };
 632    int ret;
 633
 634    if (!cap_mem_op) {
 635        return -ENOSYS;
 636    }
 637    if (!hostbuf) {
 638        mem_op.flags |= KVM_S390_MEMOP_F_CHECK_ONLY;
 639    }
 640
 641    ret = kvm_vcpu_ioctl(CPU(cpu), KVM_S390_MEM_OP, &mem_op);
 642    if (ret < 0) {
 643        error_printf("KVM_S390_MEM_OP failed: %s\n", strerror(-ret));
 644    }
 645    return ret;
 646}
 647
 648/*
 649 * Legacy layout for s390:
 650 * Older S390 KVM requires the topmost vma of the RAM to be
 651 * smaller than an system defined value, which is at least 256GB.
 652 * Larger systems have larger values. We put the guest between
 653 * the end of data segment (system break) and this value. We
 654 * use 32GB as a base to have enough room for the system break
 655 * to grow. We also have to use MAP parameters that avoid
 656 * read-only mapping of guest pages.
 657 */
 658static void *legacy_s390_alloc(size_t size, uint64_t *align)
 659{
 660    void *mem;
 661
 662    mem = mmap((void *) 0x800000000ULL, size,
 663               PROT_EXEC|PROT_READ|PROT_WRITE,
 664               MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
 665    return mem == MAP_FAILED ? NULL : mem;
 666}
 667
 668/* DIAG 501 is used for sw breakpoints */
 669static const uint8_t diag_501[] = {0x83, 0x24, 0x05, 0x01};
 670
 671int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
 672{
 673
 674    if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn,
 675                            sizeof(diag_501), 0) ||
 676        cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)diag_501,
 677                            sizeof(diag_501), 1)) {
 678        return -EINVAL;
 679    }
 680    return 0;
 681}
 682
 683int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
 684{
 685    uint8_t t[sizeof(diag_501)];
 686
 687    if (cpu_memory_rw_debug(cs, bp->pc, t, sizeof(diag_501), 0)) {
 688        return -EINVAL;
 689    } else if (memcmp(t, diag_501, sizeof(diag_501))) {
 690        return -EINVAL;
 691    } else if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn,
 692                                   sizeof(diag_501), 1)) {
 693        return -EINVAL;
 694    }
 695
 696    return 0;
 697}
 698
 699static struct kvm_hw_breakpoint *find_hw_breakpoint(target_ulong addr,
 700                                                    int len, int type)
 701{
 702    int n;
 703
 704    for (n = 0; n < nb_hw_breakpoints; n++) {
 705        if (hw_breakpoints[n].addr == addr && hw_breakpoints[n].type == type &&
 706            (hw_breakpoints[n].len == len || len == -1)) {
 707            return &hw_breakpoints[n];
 708        }
 709    }
 710
 711    return NULL;
 712}
 713
 714static int insert_hw_breakpoint(target_ulong addr, int len, int type)
 715{
 716    int size;
 717
 718    if (find_hw_breakpoint(addr, len, type)) {
 719        return -EEXIST;
 720    }
 721
 722    size = (nb_hw_breakpoints + 1) * sizeof(struct kvm_hw_breakpoint);
 723
 724    if (!hw_breakpoints) {
 725        nb_hw_breakpoints = 0;
 726        hw_breakpoints = (struct kvm_hw_breakpoint *)g_try_malloc(size);
 727    } else {
 728        hw_breakpoints =
 729            (struct kvm_hw_breakpoint *)g_try_realloc(hw_breakpoints, size);
 730    }
 731
 732    if (!hw_breakpoints) {
 733        nb_hw_breakpoints = 0;
 734        return -ENOMEM;
 735    }
 736
 737    hw_breakpoints[nb_hw_breakpoints].addr = addr;
 738    hw_breakpoints[nb_hw_breakpoints].len = len;
 739    hw_breakpoints[nb_hw_breakpoints].type = type;
 740
 741    nb_hw_breakpoints++;
 742
 743    return 0;
 744}
 745
 746int kvm_arch_insert_hw_breakpoint(target_ulong addr,
 747                                  target_ulong len, int type)
 748{
 749    switch (type) {
 750    case GDB_BREAKPOINT_HW:
 751        type = KVM_HW_BP;
 752        break;
 753    case GDB_WATCHPOINT_WRITE:
 754        if (len < 1) {
 755            return -EINVAL;
 756        }
 757        type = KVM_HW_WP_WRITE;
 758        break;
 759    default:
 760        return -ENOSYS;
 761    }
 762    return insert_hw_breakpoint(addr, len, type);
 763}
 764
 765int kvm_arch_remove_hw_breakpoint(target_ulong addr,
 766                                  target_ulong len, int type)
 767{
 768    int size;
 769    struct kvm_hw_breakpoint *bp = find_hw_breakpoint(addr, len, type);
 770
 771    if (bp == NULL) {
 772        return -ENOENT;
 773    }
 774
 775    nb_hw_breakpoints--;
 776    if (nb_hw_breakpoints > 0) {
 777        /*
 778         * In order to trim the array, move the last element to the position to
 779         * be removed - if necessary.
 780         */
 781        if (bp != &hw_breakpoints[nb_hw_breakpoints]) {
 782            *bp = hw_breakpoints[nb_hw_breakpoints];
 783        }
 784        size = nb_hw_breakpoints * sizeof(struct kvm_hw_breakpoint);
 785        hw_breakpoints =
 786             (struct kvm_hw_breakpoint *)g_realloc(hw_breakpoints, size);
 787    } else {
 788        g_free(hw_breakpoints);
 789        hw_breakpoints = NULL;
 790    }
 791
 792    return 0;
 793}
 794
 795void kvm_arch_remove_all_hw_breakpoints(void)
 796{
 797    nb_hw_breakpoints = 0;
 798    g_free(hw_breakpoints);
 799    hw_breakpoints = NULL;
 800}
 801
 802void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg)
 803{
 804    int i;
 805
 806    if (nb_hw_breakpoints > 0) {
 807        dbg->arch.nr_hw_bp = nb_hw_breakpoints;
 808        dbg->arch.hw_bp = hw_breakpoints;
 809
 810        for (i = 0; i < nb_hw_breakpoints; ++i) {
 811            hw_breakpoints[i].phys_addr = s390_cpu_get_phys_addr_debug(cpu,
 812                                                       hw_breakpoints[i].addr);
 813        }
 814        dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP;
 815    } else {
 816        dbg->arch.nr_hw_bp = 0;
 817        dbg->arch.hw_bp = NULL;
 818    }
 819}
 820
 821void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
 822{
 823}
 824
 825MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
 826{
 827    return MEMTXATTRS_UNSPECIFIED;
 828}
 829
 830int kvm_arch_process_async_events(CPUState *cs)
 831{
 832    return cs->halted;
 833}
 834
 835static int s390_kvm_irq_to_interrupt(struct kvm_s390_irq *irq,
 836                                     struct kvm_s390_interrupt *interrupt)
 837{
 838    int r = 0;
 839
 840    interrupt->type = irq->type;
 841    switch (irq->type) {
 842    case KVM_S390_INT_VIRTIO:
 843        interrupt->parm = irq->u.ext.ext_params;
 844        /* fall through */
 845    case KVM_S390_INT_PFAULT_INIT:
 846    case KVM_S390_INT_PFAULT_DONE:
 847        interrupt->parm64 = irq->u.ext.ext_params2;
 848        break;
 849    case KVM_S390_PROGRAM_INT:
 850        interrupt->parm = irq->u.pgm.code;
 851        break;
 852    case KVM_S390_SIGP_SET_PREFIX:
 853        interrupt->parm = irq->u.prefix.address;
 854        break;
 855    case KVM_S390_INT_SERVICE:
 856        interrupt->parm = irq->u.ext.ext_params;
 857        break;
 858    case KVM_S390_MCHK:
 859        interrupt->parm = irq->u.mchk.cr14;
 860        interrupt->parm64 = irq->u.mchk.mcic;
 861        break;
 862    case KVM_S390_INT_EXTERNAL_CALL:
 863        interrupt->parm = irq->u.extcall.code;
 864        break;
 865    case KVM_S390_INT_EMERGENCY:
 866        interrupt->parm = irq->u.emerg.code;
 867        break;
 868    case KVM_S390_SIGP_STOP:
 869    case KVM_S390_RESTART:
 870        break; /* These types have no parameters */
 871    case KVM_S390_INT_IO_MIN...KVM_S390_INT_IO_MAX:
 872        interrupt->parm = irq->u.io.subchannel_id << 16;
 873        interrupt->parm |= irq->u.io.subchannel_nr;
 874        interrupt->parm64 = (uint64_t)irq->u.io.io_int_parm << 32;
 875        interrupt->parm64 |= irq->u.io.io_int_word;
 876        break;
 877    default:
 878        r = -EINVAL;
 879        break;
 880    }
 881    return r;
 882}
 883
 884static void inject_vcpu_irq_legacy(CPUState *cs, struct kvm_s390_irq *irq)
 885{
 886    struct kvm_s390_interrupt kvmint = {};
 887    int r;
 888
 889    r = s390_kvm_irq_to_interrupt(irq, &kvmint);
 890    if (r < 0) {
 891        fprintf(stderr, "%s called with bogus interrupt\n", __func__);
 892        exit(1);
 893    }
 894
 895    r = kvm_vcpu_ioctl(cs, KVM_S390_INTERRUPT, &kvmint);
 896    if (r < 0) {
 897        fprintf(stderr, "KVM failed to inject interrupt\n");
 898        exit(1);
 899    }
 900}
 901
 902void kvm_s390_vcpu_interrupt(S390CPU *cpu, struct kvm_s390_irq *irq)
 903{
 904    CPUState *cs = CPU(cpu);
 905    int r;
 906
 907    if (cap_s390_irq) {
 908        r = kvm_vcpu_ioctl(cs, KVM_S390_IRQ, irq);
 909        if (!r) {
 910            return;
 911        }
 912        error_report("KVM failed to inject interrupt %llx", irq->type);
 913        exit(1);
 914    }
 915
 916    inject_vcpu_irq_legacy(cs, irq);
 917}
 918
 919static void __kvm_s390_floating_interrupt(struct kvm_s390_irq *irq)
 920{
 921    struct kvm_s390_interrupt kvmint = {};
 922    int r;
 923
 924    r = s390_kvm_irq_to_interrupt(irq, &kvmint);
 925    if (r < 0) {
 926        fprintf(stderr, "%s called with bogus interrupt\n", __func__);
 927        exit(1);
 928    }
 929
 930    r = kvm_vm_ioctl(kvm_state, KVM_S390_INTERRUPT, &kvmint);
 931    if (r < 0) {
 932        fprintf(stderr, "KVM failed to inject interrupt\n");
 933        exit(1);
 934    }
 935}
 936
 937void kvm_s390_floating_interrupt(struct kvm_s390_irq *irq)
 938{
 939    static bool use_flic = true;
 940    int r;
 941
 942    if (use_flic) {
 943        r = kvm_s390_inject_flic(irq);
 944        if (r == -ENOSYS) {
 945            use_flic = false;
 946        }
 947        if (!r) {
 948            return;
 949        }
 950    }
 951    __kvm_s390_floating_interrupt(irq);
 952}
 953
 954void kvm_s390_service_interrupt(uint32_t parm)
 955{
 956    struct kvm_s390_irq irq = {
 957        .type = KVM_S390_INT_SERVICE,
 958        .u.ext.ext_params = parm,
 959    };
 960
 961    kvm_s390_floating_interrupt(&irq);
 962}
 963
 964static void enter_pgmcheck(S390CPU *cpu, uint16_t code)
 965{
 966    struct kvm_s390_irq irq = {
 967        .type = KVM_S390_PROGRAM_INT,
 968        .u.pgm.code = code,
 969    };
 970
 971    kvm_s390_vcpu_interrupt(cpu, &irq);
 972}
 973
 974void kvm_s390_access_exception(S390CPU *cpu, uint16_t code, uint64_t te_code)
 975{
 976    struct kvm_s390_irq irq = {
 977        .type = KVM_S390_PROGRAM_INT,
 978        .u.pgm.code = code,
 979        .u.pgm.trans_exc_code = te_code,
 980        .u.pgm.exc_access_id = te_code & 3,
 981    };
 982
 983    kvm_s390_vcpu_interrupt(cpu, &irq);
 984}
 985
 986static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
 987                                 uint16_t ipbh0)
 988{
 989    CPUS390XState *env = &cpu->env;
 990    uint64_t sccb;
 991    uint32_t code;
 992    int r = 0;
 993
 994    cpu_synchronize_state(CPU(cpu));
 995    sccb = env->regs[ipbh0 & 0xf];
 996    code = env->regs[(ipbh0 & 0xf0) >> 4];
 997
 998    r = sclp_service_call(env, sccb, code);
 999    if (r < 0) {
1000        enter_pgmcheck(cpu, -r);

1001    } else {
1002        setcc(cpu, r);
1003    }
1004
1005    return 0;
1006}
1007
1008static int handle_b2(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
1009{
1010    CPUS390XState *env = &cpu->env;
1011    int rc = 0;
1012    uint16_t ipbh0 = (run->s390_sieic.ipb & 0xffff0000) >> 16;
1013
1014    cpu_synchronize_state(CPU(cpu));
1015
1016    switch (ipa1) {
1017    case PRIV_B2_XSCH:
1018        ioinst_handle_xsch(cpu, env->regs[1]);
1019        break;
1020    case PRIV_B2_CSCH:
1021        ioinst_handle_csch(cpu, env->regs[1]);
1022        break;
1023    case PRIV_B2_HSCH:
1024        ioinst_handle_hsch(cpu, env->regs[1]);
1025        break;
1026    case PRIV_B2_MSCH:
1027        ioinst_handle_msch(cpu, env->regs[1], run->s390_sieic.ipb);
1028        break;
1029    case PRIV_B2_SSCH:
1030        ioinst_handle_ssch(cpu, env->regs[1], run->s390_sieic.ipb);
1031        break;
1032    case PRIV_B2_STCRW:
1033        ioinst_handle_stcrw(cpu, run->s390_sieic.ipb);
1034        break;
1035    case PRIV_B2_STSCH:
1036        ioinst_handle_stsch(cpu, env->regs[1], run->s390_sieic.ipb);
1037        break;
1038    case PRIV_B2_TSCH:
1039        /* We should only get tsch via KVM_EXIT_S390_TSCH. */
1040        fprintf(stderr, "Spurious tsch intercept\n");
1041        break;
1042    case PRIV_B2_CHSC:
1043        ioinst_handle_chsc(cpu, run->s390_sieic.ipb);
1044        break;
1045    case PRIV_B2_TPI:
1046        /* This should have been handled by kvm already. */
1047        fprintf(stderr, "Spurious tpi intercept\n");
1048        break;
1049    case PRIV_B2_SCHM:
1050        ioinst_handle_schm(cpu, env->regs[1], env->regs[2],
1051                           run->s390_sieic.ipb);
1052        break;
1053    case PRIV_B2_RSCH:
1054        ioinst_handle_rsch(cpu, env->regs[1]);
1055        break;
1056    case PRIV_B2_RCHP:
1057        ioinst_handle_rchp(cpu, env->regs[1]);
1058        break;
1059    case PRIV_B2_STCPS:
1060        /* We do not provide this instruction, it is suppressed. */
1061        break;
1062    case PRIV_B2_SAL:
1063        ioinst_handle_sal(cpu, env->regs[1]);
1064        break;
1065    case PRIV_B2_SIGA:
1066        /* Not provided, set CC = 3 for subchannel not operational */
1067        setcc(cpu, 3);
1068        break;
1069    case PRIV_B2_SCLP_CALL:
1070        rc = kvm_sclp_service_call(cpu, run, ipbh0);
1071        break;
1072    default:
1073        rc = -1;
1074        DPRINTF("KVM: unhandled PRIV: 0xb2%x\n", ipa1);
1075        break;
1076    }
1077
1078    return rc;
1079}
1080
1081static uint64_t get_base_disp_rxy(S390CPU *cpu, struct kvm_run *run,
1082                                  uint8_t *ar)
1083{
1084    CPUS390XState *env = &cpu->env;
1085    uint32_t x2 = (run->s390_sieic.ipa & 0x000f);
1086    uint32_t base2 = run->s390_sieic.ipb >> 28;
1087    uint32_t disp2 = ((run->s390_sieic.ipb & 0x0fff0000) >> 16) +
1088                     ((run->s390_sieic.ipb & 0xff00) << 4);
1089
1090    if (disp2 & 0x80000) {
1091        disp2 += 0xfff00000;
1092    }
1093    if (ar) {
1094        *ar = base2;
1095    }
1096
1097    return (base2 ? env->regs[base2] : 0) +
1098           (x2 ? env->regs[x2] : 0) + (long)(int)disp2;
1099}
1100
1101static uint64_t get_base_disp_rsy(S390CPU *cpu, struct kvm_run *run,
1102                                  uint8_t *ar)
1103{
1104    CPUS390XState *env = &cpu->env;
1105    uint32_t base2 = run->s390_sieic.ipb >> 28;
1106    uint32_t disp2 = ((run->s390_sieic.ipb & 0x0fff0000) >> 16) +
1107                     ((run->s390_sieic.ipb & 0xff00) << 4);
1108
1109    if (disp2 & 0x80000) {
1110        disp2 += 0xfff00000;
1111    }
1112    if (ar) {
1113        *ar = base2;
1114    }
1115
1116    return (base2 ? env->regs[base2] : 0) + (long)(int)disp2;
1117}
1118
1119static int kvm_clp_service_call(S390CPU *cpu, struct kvm_run *run)
1120{
1121    uint8_t r2 = (run->s390_sieic.ipb & 0x000f0000) >> 16;
1122
1123    return clp_service_call(cpu, r2);
1124}
1125
1126static int kvm_pcilg_service_call(S390CPU *cpu, struct kvm_run *run)
1127{
1128    uint8_t r1 = (run->s390_sieic.ipb & 0x00f00000) >> 20;
1129    uint8_t r2 = (run->s390_sieic.ipb & 0x000f0000) >> 16;
1130
1131    return pcilg_service_call(cpu, r1, r2);
1132}
1133
1134static int kvm_pcistg_service_call(S390CPU *cpu, struct kvm_run *run)
1135{
1136    uint8_t r1 = (run->s390_sieic.ipb & 0x00f00000) >> 20;
1137    uint8_t r2 = (run->s390_sieic.ipb & 0x000f0000) >> 16;
1138
1139    return pcistg_service_call(cpu, r1, r2);
1140}
1141
1142static int kvm_stpcifc_service_call(S390CPU *cpu, struct kvm_run *run)
1143{
1144    uint8_t r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
1145    uint64_t fiba;
1146    uint8_t ar;
1147
1148    cpu_synchronize_state(CPU(cpu));
1149    fiba = get_base_disp_rxy(cpu, run, &ar);
1150
1151    return stpcifc_service_call(cpu, r1, fiba, ar);
1152}
1153
1154static int kvm_sic_service_call(S390CPU *cpu, struct kvm_run *run)
1155{
1156    /* NOOP */
1157    return 0;
1158}
1159
1160static int kvm_rpcit_service_call(S390CPU *cpu, struct kvm_run *run)
1161{
1162    uint8_t r1 = (run->s390_sieic.ipb & 0x00f00000) >> 20;
1163    uint8_t r2 = (run->s390_sieic.ipb & 0x000f0000) >> 16;
1164
1165    return rpcit_service_call(cpu, r1, r2);
1166}
1167
1168static int kvm_pcistb_service_call(S390CPU *cpu, struct kvm_run *run)
1169{
1170    uint8_t r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
1171    uint8_t r3 = run->s390_sieic.ipa & 0x000f;
1172    uint64_t gaddr;
1173    uint8_t ar;
1174
1175    cpu_synchronize_state(CPU(cpu));
1176    gaddr = get_base_disp_rsy(cpu, run, &ar);
1177
1178    return pcistb_service_call(cpu, r1, r3, gaddr, ar);
1179}
1180
1181static int kvm_mpcifc_service_call(S390CPU *cpu, struct kvm_run *run)
1182{
1183    uint8_t r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
1184    uint64_t fiba;
1185    uint8_t ar;
1186
1187    cpu_synchronize_state(CPU(cpu));
1188    fiba = get_base_disp_rxy(cpu, run, &ar);
1189
1190    return mpcifc_service_call(cpu, r1, fiba, ar);
1191}
1192
1193static int handle_b9(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
1194{
1195    int r = 0;
1196
1197    switch (ipa1) {
1198    case PRIV_B9_CLP:
1199        r = kvm_clp_service_call(cpu, run);
1200        break;
1201    case PRIV_B9_PCISTG:
1202        r = kvm_pcistg_service_call(cpu, run);
1203        break;
1204    case PRIV_B9_PCILG:
1205        r = kvm_pcilg_service_call(cpu, run);
1206        break;
1207    case PRIV_B9_RPCIT:
1208        r = kvm_rpcit_service_call(cpu, run);
1209        break;
1210    case PRIV_B9_EQBS:
1211        /* just inject exception */
1212        r = -1;
1213        break;
1214    default:
1215        r = -1;
1216        DPRINTF("KVM: unhandled PRIV: 0xb9%x\n", ipa1);
1217        break;
1218    }
1219
1220    return r;
1221}
1222
1223static int handle_eb(S390CPU *cpu, struct kvm_run *run, uint8_t ipbl)
1224{
1225    int r = 0;
1226
1227    switch (ipbl) {
1228    case PRIV_EB_PCISTB:
1229        r = kvm_pcistb_service_call(cpu, run);
1230        break;
1231    case PRIV_EB_SIC:
1232        r = kvm_sic_service_call(cpu, run);
1233        break;
1234    case PRIV_EB_SQBS:
1235        /* just inject exception */
1236        r = -1;
1237        break;
1238    default:
1239        r = -1;
1240        DPRINTF("KVM: unhandled PRIV: 0xeb%x\n", ipbl);
1241        break;
1242    }
1243
1244    return r;
1245}
1246
1247static int handle_e3(S390CPU *cpu, struct kvm_run *run, uint8_t ipbl)
1248{
1249    int r = 0;
1250
1251    switch (ipbl) {
1252    case PRIV_E3_MPCIFC:
1253        r = kvm_mpcifc_service_call(cpu, run);
1254        break;
1255    case PRIV_E3_STPCIFC:
1256        r = kvm_stpcifc_service_call(cpu, run);
1257        break;
1258    default:
1259        r = -1;
1260        DPRINTF("KVM: unhandled PRIV: 0xe3%x\n", ipbl);
1261        break;
1262    }
1263
1264    return r;
1265}
1266
1267static int handle_hypercall(S390CPU *cpu, struct kvm_run *run)
1268{
1269    CPUS390XState *env = &cpu->env;
1270    int ret;
1271
1272    cpu_synchronize_state(CPU(cpu));
1273    ret = s390_virtio_hypercall(env);
1274    if (ret == -EINVAL) {
1275        enter_pgmcheck(cpu, PGM_SPECIFICATION);
1276        return 0;
1277    }
1278
1279    return ret;
1280}
1281
1282static void kvm_handle_diag_288(S390CPU *cpu, struct kvm_run *run)
1283{
1284    uint64_t r1, r3;
1285    int rc;
1286
1287    cpu_synchronize_state(CPU(cpu));
1288    r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
1289    r3 = run->s390_sieic.ipa & 0x000f;
1290    rc = handle_diag_288(&cpu->env, r1, r3);
1291    if (rc) {
1292        enter_pgmcheck(cpu, PGM_SPECIFICATION);
1293    }
1294}
1295
1296static void kvm_handle_diag_308(S390CPU *cpu, struct kvm_run *run)
1297{
1298    uint64_t r1, r3;
1299
1300    cpu_synchronize_state(CPU(cpu));
1301    r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
1302    r3 = run->s390_sieic.ipa & 0x000f;
1303    handle_diag_308(&cpu->env, r1, r3);
1304}
1305
1306static int handle_sw_breakpoint(S390CPU *cpu, struct kvm_run *run)
1307{
1308    CPUS390XState *env = &cpu->env;
1309    unsigned long pc;
1310
1311    cpu_synchronize_state(CPU(cpu));
1312
1313    pc = env->psw.addr - 4;
1314    if (kvm_find_sw_breakpoint(CPU(cpu), pc)) {
1315        env->psw.addr = pc;
1316        return EXCP_DEBUG;
1317    }
1318
1319    return -ENOENT;
1320}
1321
1322#define DIAG_KVM_CODE_MASK 0x000000000000ffff
1323
1324static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb)
1325{
1326    int r = 0;
1327    uint16_t func_code;
1328
1329    /*
1330     * For any diagnose call we support, bits 48-63 of the resulting
1331     * address specify the function code; the remainder is ignored.
1332     */
1333    func_code = decode_basedisp_rs(&cpu->env, ipb, NULL) & DIAG_KVM_CODE_MASK;
1334    switch (func_code) {
1335    case DIAG_TIMEREVENT:
1336        kvm_handle_diag_288(cpu, run);
1337        break;
1338    case DIAG_IPL:
1339        kvm_handle_diag_308(cpu, run);
1340        break;
1341    case DIAG_KVM_HYPERCALL:
1342        r = handle_hypercall(cpu, run);
1343        break;
1344    case DIAG_KVM_BREAKPOINT:
1345        r = handle_sw_breakpoint(cpu, run);
1346        break;
1347    default:
1348        DPRINTF("KVM: unknown DIAG: 0x%x\n", func_code);
1349        enter_pgmcheck(cpu, PGM_SPECIFICATION);
1350        break;
1351    }
1352
1353    return r;
1354}
1355
1356typedef struct SigpInfo {
1357    S390CPU *cpu;
1358    uint64_t param;
1359    int cc;
1360    uint64_t *status_reg;
1361} SigpInfo;
1362
1363static void set_sigp_status(SigpInfo *si, uint64_t status)
1364{
1365    *si->status_reg &= 0xffffffff00000000ULL;
1366    *si->status_reg |= status;
1367    si->cc = SIGP_CC_STATUS_STORED;
1368}
1369
1370static void sigp_start(void *arg)
1371{
1372    SigpInfo *si = arg;
1373
1374    if (s390_cpu_get_state(si->cpu) != CPU_STATE_STOPPED) {
1375        si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1376        return;
1377    }
1378
1379    s390_cpu_set_state(CPU_STATE_OPERATING, si->cpu);
1380    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1381}
1382
1383static void sigp_stop(void *arg)
1384{
1385    SigpInfo *si = arg;
1386    struct kvm_s390_irq irq = {
1387        .type = KVM_S390_SIGP_STOP,
1388    };
1389
1390    if (s390_cpu_get_state(si->cpu) != CPU_STATE_OPERATING) {
1391        si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1392        return;
1393    }
1394
1395    /* disabled wait - sleeping in user space */
1396    if (CPU(si->cpu)->halted) {
1397        s390_cpu_set_state(CPU_STATE_STOPPED, si->cpu);
1398    } else {
1399        /* execute the stop function */
1400        si->cpu->env.sigp_order = SIGP_STOP;
1401        kvm_s390_vcpu_interrupt(si->cpu, &irq);
1402    }
1403    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1404}
1405
1406#define ADTL_SAVE_AREA_SIZE 1024
1407static int kvm_s390_store_adtl_status(S390CPU *cpu, hwaddr addr)
1408{
1409    void *mem;
1410    hwaddr len = ADTL_SAVE_AREA_SIZE;
1411
1412    mem = cpu_physical_memory_map(addr, &len, 1);
1413    if (!mem) {
1414        return -EFAULT;
1415    }
1416    if (len != ADTL_SAVE_AREA_SIZE) {
1417        cpu_physical_memory_unmap(mem, len, 1, 0);
1418        return -EFAULT;
1419    }
1420
1421    memcpy(mem, &cpu->env.vregs, 512);
1422
1423    cpu_physical_memory_unmap(mem, len, 1, len);
1424
1425    return 0;
1426}
1427
1428#define KVM_S390_STORE_STATUS_DEF_ADDR offsetof(LowCore, floating_pt_save_area)
1429#define SAVE_AREA_SIZE 512
1430static int kvm_s390_store_status(S390CPU *cpu, hwaddr addr, bool store_arch)
1431{
1432    static const uint8_t ar_id = 1;
1433    uint64_t ckc = cpu->env.ckc >> 8;
1434    void *mem;
1435    int i;
1436    hwaddr len = SAVE_AREA_SIZE;
1437
1438    mem = cpu_physical_memory_map(addr, &len, 1);
1439    if (!mem) {
1440        return -EFAULT;
1441    }
1442    if (len != SAVE_AREA_SIZE) {
1443        cpu_physical_memory_unmap(mem, len, 1, 0);
1444        return -EFAULT;
1445    }
1446
1447    if (store_arch) {
1448        cpu_physical_memory_write(offsetof(LowCore, ar_access_id), &ar_id, 1);
1449    }
1450    for (i = 0; i < 16; ++i) {
1451        *((uint64_t *)mem + i) = get_freg(&cpu->env, i)->ll;
1452    }
1453    memcpy(mem + 128, &cpu->env.regs, 128);
1454    memcpy(mem + 256, &cpu->env.psw, 16);
1455    memcpy(mem + 280, &cpu->env.psa, 4);
1456    memcpy(mem + 284, &cpu->env.fpc, 4);
1457    memcpy(mem + 292, &cpu->env.todpr, 4);
1458    memcpy(mem + 296, &cpu->env.cputm, 8);
1459    memcpy(mem + 304, &ckc, 8);
1460    memcpy(mem + 320, &cpu->env.aregs, 64);
1461    memcpy(mem + 384, &cpu->env.cregs, 128);
1462
1463    cpu_physical_memory_unmap(mem, len, 1, len);
1464
1465    return 0;
1466}
1467
1468static void sigp_stop_and_store_status(void *arg)
1469{
1470    SigpInfo *si = arg;
1471    struct kvm_s390_irq irq = {
1472        .type = KVM_S390_SIGP_STOP,
1473    };
1474
1475    /* disabled wait - sleeping in user space */
1476    if (s390_cpu_get_state(si->cpu) == CPU_STATE_OPERATING &&
1477        CPU(si->cpu)->halted) {
1478        s390_cpu_set_state(CPU_STATE_STOPPED, si->cpu);
1479    }
1480
1481    switch (s390_cpu_get_state(si->cpu)) {
1482    case CPU_STATE_OPERATING:
1483        si->cpu->env.sigp_order = SIGP_STOP_STORE_STATUS;
1484        kvm_s390_vcpu_interrupt(si->cpu, &irq);
1485        /* store will be performed when handling the stop intercept */
1486        break;
1487    case CPU_STATE_STOPPED:
1488        /* already stopped, just store the status */
1489        cpu_synchronize_state(CPU(si->cpu));
1490        kvm_s390_store_status(si->cpu, KVM_S390_STORE_STATUS_DEF_ADDR, true);
1491        break;
1492    }
1493    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1494}
1495
1496static void sigp_store_status_at_address(void *arg)
1497{
1498    SigpInfo *si = arg;
1499    uint32_t address = si->param & 0x7ffffe00u;
1500
1501    /* cpu has to be stopped */
1502    if (s390_cpu_get_state(si->cpu) != CPU_STATE_STOPPED) {
1503        set_sigp_status(si, SIGP_STAT_INCORRECT_STATE);
1504        return;
1505    }
1506
1507    cpu_synchronize_state(CPU(si->cpu));
1508
1509    if (kvm_s390_store_status(si->cpu, address, false)) {
1510        set_sigp_status(si, SIGP_STAT_INVALID_PARAMETER);
1511        return;
1512    }
1513    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1514}
1515
1516static void sigp_store_adtl_status(void *arg)
1517{
1518    SigpInfo *si = arg;
1519
1520    if (!kvm_check_extension(kvm_state, KVM_CAP_S390_VECTOR_REGISTERS)) {
1521        set_sigp_status(si, SIGP_STAT_INVALID_ORDER);
1522        return;
1523    }
1524
1525    /* cpu has to be stopped */
1526    if (s390_cpu_get_state(si->cpu) != CPU_STATE_STOPPED) {
1527        set_sigp_status(si, SIGP_STAT_INCORRECT_STATE);
1528        return;
1529    }
1530
1531    /* parameter must be aligned to 1024-byte boundary */
1532    if (si->param & 0x3ff) {
1533        set_sigp_status(si, SIGP_STAT_INVALID_PARAMETER);
1534        return;
1535    }
1536
1537    cpu_synchronize_state(CPU(si->cpu));
1538
1539    if (kvm_s390_store_adtl_status(si->cpu, si->param)) {
1540        set_sigp_status(si, SIGP_STAT_INVALID_PARAMETER);
1541        return;
1542    }
1543    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1544}
1545
1546static void sigp_restart(void *arg)
1547{
1548    SigpInfo *si = arg;
1549    struct kvm_s390_irq irq = {
1550        .type = KVM_S390_RESTART,
1551    };
1552
1553    switch (s390_cpu_get_state(si->cpu)) {
1554    case CPU_STATE_STOPPED:
1555        /* the restart irq has to be delivered prior to any other pending irq */
1556        cpu_synchronize_state(CPU(si->cpu));
1557        do_restart_interrupt(&si->cpu->env);
1558        s390_cpu_set_state(CPU_STATE_OPERATING, si->cpu);
1559        break;
1560    case CPU_STATE_OPERATING:
1561        kvm_s390_vcpu_interrupt(si->cpu, &irq);
1562        break;
1563    }
1564    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1565}
1566
1567int kvm_s390_cpu_restart(S390CPU *cpu)
1568{
1569    SigpInfo si = {
1570        .cpu = cpu,
1571    };
1572
1573    run_on_cpu(CPU(cpu), sigp_restart, &si);
1574    DPRINTF("DONE: KVM cpu restart: %p\n", &cpu->env);
1575    return 0;
1576}
1577
1578static void sigp_initial_cpu_reset(void *arg)
1579{
1580    SigpInfo *si = arg;
1581    CPUState *cs = CPU(si->cpu);
1582    S390CPUClass *scc = S390_CPU_GET_CLASS(si->cpu);
1583
1584    cpu_synchronize_state(cs);
1585    scc->initial_cpu_reset(cs);
1586    cpu_synchronize_post_reset(cs);
1587    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1588}
1589
1590static void sigp_cpu_reset(void *arg)
1591{
1592    SigpInfo *si = arg;
1593    CPUState *cs = CPU(si->cpu);
1594    S390CPUClass *scc = S390_CPU_GET_CLASS(si->cpu);
1595
1596    cpu_synchronize_state(cs);
1597    scc->cpu_reset(cs);
1598    cpu_synchronize_post_reset(cs);
1599    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1600}
1601
1602static void sigp_set_prefix(void *arg)
1603{
1604    SigpInfo *si = arg;
1605    uint32_t addr = si->param & 0x7fffe000u;
1606
1607    cpu_synchronize_state(CPU(si->cpu));
1608
1609    if (!address_space_access_valid(&address_space_memory, addr,
1610                                    sizeof(struct LowCore), false)) {
1611        set_sigp_status(si, SIGP_STAT_INVALID_PARAMETER);
1612        return;
1613    }
1614
1615    /* cpu has to be stopped */
1616    if (s390_cpu_get_state(si->cpu) != CPU_STATE_STOPPED) {
1617        set_sigp_status(si, SIGP_STAT_INCORRECT_STATE);
1618        return;
1619    }
1620
1621    si->cpu->env.psa = addr;
1622    cpu_synchronize_post_init(CPU(si->cpu));
1623    si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;
1624}
1625
1626static int handle_sigp_single_dst(S390CPU *dst_cpu, uint8_t order,
1627                                  uint64_t param, uint64_t *status_reg)
1628{
1629    SigpInfo si = {
1630        .cpu = dst_cpu,
1631        .param = param,
1632        .status_reg = status_reg,
1633    };
1634
1635    /* cpu available? */
1636    if (dst_cpu == NULL) {
1637        return SIGP_CC_NOT_OPERATIONAL;
1638    }
1639
1640    /* only resets can break pending orders */
1641    if (dst_cpu->env.sigp_order != 0 &&
1642        order != SIGP_CPU_RESET &&
1643        order != SIGP_INITIAL_CPU_RESET) {
1644        return SIGP_CC_BUSY;
1645    }
1646
1647    switch (order) {
1648    case SIGP_START:
1649        run_on_cpu(CPU(dst_cpu), sigp_start, &si);
1650        break;
1651    case SIGP_STOP:
1652        run_on_cpu(CPU(dst_cpu), sigp_stop, &si);
1653        break;
1654    case SIGP_RESTART:
1655        run_on_cpu(CPU(dst_cpu), sigp_restart, &si);
1656        break;
1657    case SIGP_STOP_STORE_STATUS:
1658        run_on_cpu(CPU(dst_cpu), sigp_stop_and_store_status, &si);
1659        break;
1660    case SIGP_STORE_STATUS_ADDR:
1661        run_on_cpu(CPU(dst_cpu), sigp_store_status_at_address, &si);
1662        break;
1663    case SIGP_STORE_ADTL_STATUS:
1664        run_on_cpu(CPU(dst_cpu), sigp_store_adtl_status, &si);
1665        break;
1666    case SIGP_SET_PREFIX:
1667        run_on_cpu(CPU(dst_cpu), sigp_set_prefix, &si);
1668        break;
1669    case SIGP_INITIAL_CPU_RESET:
1670        run_on_cpu(CPU(dst_cpu), sigp_initial_cpu_reset, &si);
1671        break;
1672    case SIGP_CPU_RESET:
1673        run_on_cpu(CPU(dst_cpu), sigp_cpu_reset, &si);
1674        break;
1675    default:
1676        DPRINTF("KVM: unknown SIGP: 0x%x\n", order);
1677        set_sigp_status(&si, SIGP_STAT_INVALID_ORDER);
1678    }
1679
1680    return si.cc;
1681}
1682
1683static int sigp_set_architecture(S390CPU *cpu, uint32_t param,
1684                                 uint64_t *status_reg)
1685{
1686    CPUState *cur_cs;
1687    S390CPU *cur_cpu;
1688
1689    /* due to the BQL, we are the only active cpu */
1690    CPU_FOREACH(cur_cs) {
1691        cur_cpu = S390_CPU(cur_cs);
1692        if (cur_cpu->env.sigp_order != 0) {
1693            return SIGP_CC_BUSY;
1694        }
1695        cpu_synchronize_state(cur_cs);
1696        /* all but the current one have to be stopped */
1697        if (cur_cpu != cpu &&
1698            s390_cpu_get_state(cur_cpu) != CPU_STATE_STOPPED) {
1699            *status_reg &= 0xffffffff00000000ULL;
1700            *status_reg |= SIGP_STAT_INCORRECT_STATE;
1701            return SIGP_CC_STATUS_STORED;
1702        }
1703    }
1704
1705    switch (param & 0xff) {
1706    case SIGP_MODE_ESA_S390:
1707        /* not supported */
1708        return SIGP_CC_NOT_OPERATIONAL;
1709    case SIGP_MODE_Z_ARCH_TRANS_ALL_PSW:
1710    case SIGP_MODE_Z_ARCH_TRANS_CUR_PSW:
1711        CPU_FOREACH(cur_cs) {
1712            cur_cpu = S390_CPU(cur_cs);
1713            cur_cpu->env.pfault_token = -1UL;
1714        }
1715        break;
1716    default:
1717        *status_reg &= 0xffffffff00000000ULL;
1718        *status_reg |= SIGP_STAT_INVALID_PARAMETER;
1719        return SIGP_CC_STATUS_STORED;
1720    }
1721
1722    return SIGP_CC_ORDER_CODE_ACCEPTED;
1723}
1724
1725#define SIGP_ORDER_MASK 0x000000ff
1726
1727static int handle_sigp(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
1728{
1729    CPUS390XState *env = &cpu->env;
1730    const uint8_t r1 = ipa1 >> 4;
1731    const uint8_t r3 = ipa1 & 0x0f;
1732    int ret;
1733    uint8_t order;
1734    uint64_t *status_reg;
1735    uint64_t param;
1736    S390CPU *dst_cpu = NULL;
1737
1738    cpu_synchronize_state(CPU(cpu));
1739
1740    /* get order code */
1741    order = decode_basedisp_rs(env, run->s390_sieic.ipb, NULL)
1742        & SIGP_ORDER_MASK;
1743    status_reg = &env->regs[r1];
1744    param = (r1 % 2) ? env->regs[r1] : env->regs[r1 + 1];
1745
1746    switch (order) {
1747    case SIGP_SET_ARCH:
1748        ret = sigp_set_architecture(cpu, param, status_reg);
1749        break;
1750    default:
1751        /* all other sigp orders target a single vcpu */
1752        dst_cpu = s390_cpu_addr2state(env->regs[r3]);
1753        ret = handle_sigp_single_dst(dst_cpu, order, param, status_reg);
1754    }
1755
1756    trace_kvm_sigp_finished(order, CPU(cpu)->cpu_index,
1757                            dst_cpu ? CPU(dst_cpu)->cpu_index : -1, ret);
1758
1759    if (ret >= 0) {
1760        setcc(cpu, ret);
1761        return 0;
1762    }
1763
1764    return ret;
1765}
1766
1767static int handle_instruction(S390CPU *cpu, struct kvm_run *run)
1768{
1769    unsigned int ipa0 = (run->s390_sieic.ipa & 0xff00);
1770    uint8_t ipa1 = run->s390_sieic.ipa & 0x00ff;
1771    int r = -1;
1772
1773    DPRINTF("handle_instruction 0x%x 0x%x\n",
1774            run->s390_sieic.ipa, run->s390_sieic.ipb);
1775    switch (ipa0) {
1776    case IPA0_B2:
1777        r = handle_b2(cpu, run, ipa1);
1778        break;
1779    case IPA0_B9:
1780        r = handle_b9(cpu, run, ipa1);
1781        break;
1782    case IPA0_EB:
1783        r = handle_eb(cpu, run, run->s390_sieic.ipb & 0xff);
1784        break;
1785    case IPA0_E3:
1786        r = handle_e3(cpu, run, run->s390_sieic.ipb & 0xff);
1787        break;
1788    case IPA0_DIAG:
1789        r = handle_diag(cpu, run, run->s390_sieic.ipb);
1790        break;
1791    case IPA0_SIGP:
1792        r = handle_sigp(cpu, run, ipa1);
1793        break;
1794    }
1795
1796    if (r < 0) {
1797        r = 0;
1798        enter_pgmcheck(cpu, 0x0001);
1799    }
1800
1801    return r;
1802}
1803
1804static bool is_special_wait_psw(CPUState *cs)
1805{
1806    /* signal quiesce */
1807    return cs->kvm_run->psw_addr == 0xfffUL;
1808}
1809
1810static void unmanageable_intercept(S390CPU *cpu, const char *str, int pswoffset)
1811{
1812    CPUState *cs = CPU(cpu);
1813
1814    error_report("Unmanageable %s! CPU%i new PSW: 0x%016lx:%016lx",
1815                 str, cs->cpu_index, ldq_phys(cs->as, cpu->env.psa + pswoffset),
1816                 ldq_phys(cs->as, cpu->env.psa + pswoffset + 8));
1817    s390_cpu_halt(cpu);
1818    qemu_system_guest_panicked();
1819}
1820
1821static int handle_intercept(S390CPU *cpu)
1822{
1823    CPUState *cs = CPU(cpu);
1824    struct kvm_run *run = cs->kvm_run;
1825    int icpt_code = run->s390_sieic.icptcode;
1826    int r = 0;
1827
1828    DPRINTF("intercept: 0x%x (at 0x%lx)\n", icpt_code,
1829            (long)cs->kvm_run->psw_addr);
1830    switch (icpt_code) {
1831        case ICPT_INSTRUCTION:
1832            r = handle_instruction(cpu, run);
1833            break;
1834        case ICPT_PROGRAM:
1835            unmanageable_intercept(cpu, "program interrupt",
1836                                   offsetof(LowCore, program_new_psw));
1837            r = EXCP_HALTED;
1838            break;
1839        case ICPT_EXT_INT:
1840            unmanageable_intercept(cpu, "external interrupt",
1841                                   offsetof(LowCore, external_new_psw));
1842            r = EXCP_HALTED;
1843            break;
1844        case ICPT_WAITPSW:
1845            /* disabled wait, since enabled wait is handled in kernel */
1846            cpu_synchronize_state(cs);
1847            if (s390_cpu_halt(cpu) == 0) {
1848                if (is_special_wait_psw(cs)) {
1849                    qemu_system_shutdown_request();
1850                } else {
1851                    qemu_system_guest_panicked();
1852                }
1853            }
1854            r = EXCP_HALTED;
1855            break;
1856        case ICPT_CPU_STOP:
1857            if (s390_cpu_set_state(CPU_STATE_STOPPED, cpu) == 0) {
1858                qemu_system_shutdown_request();
1859            }
1860            if (cpu->env.sigp_order == SIGP_STOP_STORE_STATUS) {
1861                kvm_s390_store_status(cpu, KVM_S390_STORE_STATUS_DEF_ADDR,
1862                                      true);
1863            }
1864            cpu->env.sigp_order = 0;
1865            r = EXCP_HALTED;
1866            break;
1867        case ICPT_SOFT_INTERCEPT:
1868            fprintf(stderr, "KVM unimplemented icpt SOFT\n");
1869            exit(1);
1870            break;
1871        case ICPT_IO:
1872            fprintf(stderr, "KVM unimplemented icpt IO\n");
1873            exit(1);
1874            break;
1875        default:
1876            fprintf(stderr, "Unknown intercept code: %d\n", icpt_code);
1877            exit(1);
1878            break;
1879    }
1880
1881    return r;
1882}
1883
1884static int handle_tsch(S390CPU *cpu)
1885{
1886    CPUState *cs = CPU(cpu);
1887    struct kvm_run *run = cs->kvm_run;
1888    int ret;
1889
1890    cpu_synchronize_state(cs);
1891
1892    ret = ioinst_handle_tsch(cpu, cpu->env.regs[1], run->s390_tsch.ipb);
1893    if (ret < 0) {
1894        /*
1895         * Failure.
1896         * If an I/O interrupt had been dequeued, we have to reinject it.
1897         */
1898        if (run->s390_tsch.dequeued) {
1899            kvm_s390_io_interrupt(run->s390_tsch.subchannel_id,
1900                                  run->s390_tsch.subchannel_nr,
1901                                  run->s390_tsch.io_int_parm,
1902                                  run->s390_tsch.io_int_word);
1903        }
1904        ret = 0;
1905    }
1906    return ret;
1907}
1908
1909static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar)
1910{
1911    struct sysib_322 sysib;
1912    int del;
1913
1914    if (s390_cpu_virt_mem_read(cpu, addr, ar, &sysib, sizeof(sysib))) {
1915        return;
1916    }
1917    /* Shift the stack of Extended Names to prepare for our own data */
1918    memmove(&sysib.ext_names[1], &sysib.ext_names[0],
1919            sizeof(sysib.ext_names[0]) * (sysib.count - 1));
1920    /* First virt level, that doesn't provide Ext Names delimits stack. It is
1921     * assumed it's not capable of managing Extended Names for lower levels.
1922     */
1923    for (del = 1; del < sysib.count; del++) {
1924        if (!sysib.vm[del].ext_name_encoding || !sysib.ext_names[del][0]) {
1925            break;
1926        }
1927    }
1928    if (del < sysib.count) {
1929        memset(sysib.ext_names[del], 0,
1930               sizeof(sysib.ext_names[0]) * (sysib.count - del));
1931    }
1932    /* Insert short machine name in EBCDIC, padded with blanks */
1933    if (qemu_name) {
1934        memset(sysib.vm[0].name, 0x40, sizeof(sysib.vm[0].name));
1935        ebcdic_put(sysib.vm[0].name, qemu_name, MIN(sizeof(sysib.vm[0].name),
1936                                                    strlen(qemu_name)));
1937    }
1938    sysib.vm[0].ext_name_encoding = 2; /* 2 = UTF-8 */
1939    memset(sysib.ext_names[0], 0, sizeof(sysib.ext_names[0]));
1940    /* If hypervisor specifies zero Extended Name in STSI322 SYSIB, it's
1941     * considered by s390 as not capable of providing any Extended Name.
1942     * Therefore if no name was specified on qemu invocation, we go with the
1943     * same "KVMguest" default, which KVM has filled into short name field.
1944     */
1945    if (qemu_name) {
1946        strncpy((char *)sysib.ext_names[0], qemu_name,
1947                sizeof(sysib.ext_names[0]));
1948    } else {
1949        strcpy((char *)sysib.ext_names[0], "KVMguest");
1950    }
1951    /* Insert UUID */
1952    memcpy(sysib.vm[0].uuid, qemu_uuid, sizeof(sysib.vm[0].uuid));
1953
1954    s390_cpu_virt_mem_write(cpu, addr, ar, &sysib, sizeof(sysib));
1955}
1956
1957static int handle_stsi(S390CPU *cpu)
1958{
1959    CPUState *cs = CPU(cpu);
1960    struct kvm_run *run = cs->kvm_run;
1961
1962    switch (run->s390_stsi.fc) {
1963    case 3:
1964        if (run->s390_stsi.sel1 != 2 || run->s390_stsi.sel2 != 2) {
1965            return 0;
1966        }
1967        /* Only sysib 3.2.2 needs post-handling for now. */
1968        insert_stsi_3_2_2(cpu, run->s390_stsi.addr, run->s390_stsi.ar);
1969        return 0;
1970    default:
1971        return 0;
1972    }
1973}
1974
1975static int kvm_arch_handle_debug_exit(S390CPU *cpu)
1976{
1977    CPUState *cs = CPU(cpu);
1978    struct kvm_run *run = cs->kvm_run;
1979
1980    int ret = 0;
1981    struct kvm_debug_exit_arch *arch_info = &run->debug.arch;
1982
1983    switch (arch_info->type) {
1984    case KVM_HW_WP_WRITE:
1985        if (find_hw_breakpoint(arch_info->addr, -1, arch_info->type)) {
1986            cs->watchpoint_hit = &hw_watchpoint;
1987            hw_watchpoint.vaddr = arch_info->addr;
1988            hw_watchpoint.flags = BP_MEM_WRITE;
1989            ret = EXCP_DEBUG;
1990        }
1991        break;
1992    case KVM_HW_BP:
1993        if (find_hw_breakpoint(arch_info->addr, -1, arch_info->type)) {
1994            ret = EXCP_DEBUG;
1995        }
1996        break;
1997    case KVM_SINGLESTEP:
1998        if (cs->singlestep_enabled) {
1999            ret = EXCP_DEBUG;
2000        }

2001        break;
2002    default:
2003        ret = -ENOSYS;
2004    }
2005
2006    return ret;
2007}
2008
2009int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
2010{
2011    S390CPU *cpu = S390_CPU(cs);
2012    int ret = 0;
2013
2014    qemu_mutex_lock_iothread();
2015
2016    switch (run->exit_reason) {
2017        case KVM_EXIT_S390_SIEIC:
2018            ret = handle_intercept(cpu);
2019            break;
2020        case KVM_EXIT_S390_RESET:
2021            s390_reipl_request();
2022            break;
2023        case KVM_EXIT_S390_TSCH:
2024            ret = handle_tsch(cpu);
2025            break;
2026        case KVM_EXIT_S390_STSI:
2027            ret = handle_stsi(cpu);
2028            break;
2029        case KVM_EXIT_DEBUG:
2030            ret = kvm_arch_handle_debug_exit(cpu);
2031            break;
2032        default:
2033            fprintf(stderr, "Unknown KVM exit: %d\n", run->exit_reason);
2034            break;
2035    }
2036    qemu_mutex_unlock_iothread();
2037
2038    if (ret == 0) {
2039        ret = EXCP_INTERRUPT;
2040    }
2041    return ret;
2042}
2043
2044bool kvm_arch_stop_on_emulation_error(CPUState *cpu)
2045{
2046    return true;
2047}
2048
2049int kvm_arch_on_sigbus_vcpu(CPUState *cpu, int code, void *addr)
2050{
2051    return 1;
2052}
2053
2054int kvm_arch_on_sigbus(int code, void *addr)
2055{
2056    return 1;
2057}
2058
2059void kvm_s390_io_interrupt(uint16_t subchannel_id,
2060                           uint16_t subchannel_nr, uint32_t io_int_parm,
2061                           uint32_t io_int_word)
2062{
2063    struct kvm_s390_irq irq = {
2064        .u.io.subchannel_id = subchannel_id,
2065        .u.io.subchannel_nr = subchannel_nr,
2066        .u.io.io_int_parm = io_int_parm,
2067        .u.io.io_int_word = io_int_word,
2068    };
2069
2070    if (io_int_word & IO_INT_WORD_AI) {
2071        irq.type = KVM_S390_INT_IO(1, 0, 0, 0);
2072    } else {
2073        irq.type = KVM_S390_INT_IO(0, (subchannel_id & 0xff00) >> 8,
2074                                      (subchannel_id & 0x0006),
2075                                      subchannel_nr);
2076    }
2077    kvm_s390_floating_interrupt(&irq);
2078}
2079
2080static uint64_t build_channel_report_mcic(void)
2081{
2082    uint64_t mcic;
2083
2084    /* subclass: indicate channel report pending */
2085    mcic = MCIC_SC_CP |
2086    /* subclass modifiers: none */
2087    /* storage errors: none */
2088    /* validity bits: no damage */
2089        MCIC_VB_WP | MCIC_VB_MS | MCIC_VB_PM | MCIC_VB_IA | MCIC_VB_FP |
2090        MCIC_VB_GR | MCIC_VB_CR | MCIC_VB_ST | MCIC_VB_AR | MCIC_VB_PR |
2091        MCIC_VB_FC | MCIC_VB_CT | MCIC_VB_CC;
2092    if (kvm_check_extension(kvm_state, KVM_CAP_S390_VECTOR_REGISTERS)) {
2093        mcic |= MCIC_VB_VR;
2094    }
2095    return mcic;
2096}
2097
2098void kvm_s390_crw_mchk(void)
2099{
2100    struct kvm_s390_irq irq = {
2101        .type = KVM_S390_MCHK,
2102        .u.mchk.cr14 = 1 << 28,
2103        .u.mchk.mcic = build_channel_report_mcic(),
2104    };
2105    kvm_s390_floating_interrupt(&irq);
2106}
2107
2108void kvm_s390_enable_css_support(S390CPU *cpu)
2109{
2110    int r;
2111
2112    /* Activate host kernel channel subsystem support. */
2113    r = kvm_vcpu_enable_cap(CPU(cpu), KVM_CAP_S390_CSS_SUPPORT, 0);
2114    assert(r == 0);
2115}
2116
2117void kvm_arch_init_irq_routing(KVMState *s)
2118{
2119    /*
2120     * Note that while irqchip capabilities generally imply that cpustates
2121     * are handled in-kernel, it is not true for s390 (yet); therefore, we
2122     * have to override the common code kvm_halt_in_kernel_allowed setting.
2123     */
2124    if (kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
2125        kvm_gsi_routing_allowed = true;
2126        kvm_halt_in_kernel_allowed = false;
2127    }
2128}
2129
2130int kvm_s390_assign_subch_ioeventfd(EventNotifier *notifier, uint32_t sch,
2131                                    int vq, bool assign)
2132{
2133    struct kvm_ioeventfd kick = {
2134        .flags = KVM_IOEVENTFD_FLAG_VIRTIO_CCW_NOTIFY |
2135        KVM_IOEVENTFD_FLAG_DATAMATCH,
2136        .fd = event_notifier_get_fd(notifier),
2137        .datamatch = vq,
2138        .addr = sch,
2139        .len = 8,
2140    };
2141    if (!kvm_check_extension(kvm_state, KVM_CAP_IOEVENTFD)) {
2142        return -ENOSYS;
2143    }
2144    if (!assign) {
2145        kick.flags |= KVM_IOEVENTFD_FLAG_DEASSIGN;
2146    }
2147    return kvm_vm_ioctl(kvm_state, KVM_IOEVENTFD, &kick);
2148}
2149
2150int kvm_s390_get_memslot_count(KVMState *s)
2151{
2152    return kvm_check_extension(s, KVM_CAP_NR_MEMSLOTS);
2153}
2154
2155int kvm_s390_get_ri(void)
2156{
2157    return cap_ri;
2158}
2159
2160int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state)
2161{
2162    struct kvm_mp_state mp_state = {};
2163    int ret;
2164
2165    /* the kvm part might not have been initialized yet */
2166    if (CPU(cpu)->kvm_state == NULL) {
2167        return 0;
2168    }
2169
2170    switch (cpu_state) {
2171    case CPU_STATE_STOPPED:
2172        mp_state.mp_state = KVM_MP_STATE_STOPPED;
2173        break;
2174    case CPU_STATE_CHECK_STOP:
2175        mp_state.mp_state = KVM_MP_STATE_CHECK_STOP;
2176        break;
2177    case CPU_STATE_OPERATING:
2178        mp_state.mp_state = KVM_MP_STATE_OPERATING;
2179        break;
2180    case CPU_STATE_LOAD:
2181        mp_state.mp_state = KVM_MP_STATE_LOAD;
2182        break;
2183    default:
2184        error_report("Requested CPU state is not a valid S390 CPU state: %u",
2185                     cpu_state);
2186        exit(1);
2187    }
2188
2189    ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MP_STATE, &mp_state);
2190    if (ret) {
2191        trace_kvm_failed_cpu_state_set(CPU(cpu)->cpu_index, cpu_state,
2192                                       strerror(-ret));
2193    }
2194
2195    return ret;
2196}
2197
2198void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu)
2199{
2200    struct kvm_s390_irq_state irq_state;
2201    CPUState *cs = CPU(cpu);
2202    int32_t bytes;
2203
2204    if (!kvm_check_extension(kvm_state, KVM_CAP_S390_IRQ_STATE)) {
2205        return;
2206    }
2207
2208    irq_state.buf = (uint64_t) cpu->irqstate;
2209    irq_state.len = VCPU_IRQ_BUF_SIZE;
2210
2211    bytes = kvm_vcpu_ioctl(cs, KVM_S390_GET_IRQ_STATE, &irq_state);
2212    if (bytes < 0) {
2213        cpu->irqstate_saved_size = 0;
2214        error_report("Migration of interrupt state failed");
2215        return;
2216    }
2217
2218    cpu->irqstate_saved_size = bytes;
2219}
2220
2221int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu)
2222{
2223    CPUState *cs = CPU(cpu);
2224    struct kvm_s390_irq_state irq_state;
2225    int r;
2226
2227    if (cpu->irqstate_saved_size == 0) {
2228        return 0;
2229    }
2230
2231    if (!kvm_check_extension(kvm_state, KVM_CAP_S390_IRQ_STATE)) {
2232        return -ENOSYS;
2233    }
2234
2235    irq_state.buf = (uint64_t) cpu->irqstate;
2236    irq_state.len = cpu->irqstate_saved_size;
2237
2238    r = kvm_vcpu_ioctl(cs, KVM_S390_SET_IRQ_STATE, &irq_state);
2239    if (r) {
2240        error_report("Setting interrupt state failed %d", r);
2241    }
2242    return r;
2243}
2244
2245int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
2246                             uint64_t address, uint32_t data, PCIDevice *dev)
2247{
2248    S390PCIBusDevice *pbdev;
2249    uint32_t idx = data >> ZPCI_MSI_VEC_BITS;
2250    uint32_t vec = data & ZPCI_MSI_VEC_MASK;
2251
2252    pbdev = s390_pci_find_dev_by_idx(idx);
2253    if (!pbdev) {
2254        DPRINTF("add_msi_route no dev\n");
2255        return -ENODEV;
2256    }
2257
2258    pbdev->routes.adapter.ind_offset = vec;
2259
2260    route->type = KVM_IRQ_ROUTING_S390_ADAPTER;
2261    route->flags = 0;
2262    route->u.adapter.summary_addr = pbdev->routes.adapter.summary_addr;
2263    route->u.adapter.ind_addr = pbdev->routes.adapter.ind_addr;
2264    route->u.adapter.summary_offset = pbdev->routes.adapter.summary_offset;
2265    route->u.adapter.ind_offset = pbdev->routes.adapter.ind_offset;
2266    route->u.adapter.adapter_id = pbdev->routes.adapter.adapter_id;
2267    return 0;
2268}
2269
2270int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route,
2271                                int vector, PCIDevice *dev)
2272{
2273    return 0;
2274}
2275
2276int kvm_arch_release_virq_post(int virq)
2277{
2278    return 0;
2279}
2280
2281int kvm_arch_msi_data_to_gsi(uint32_t data)
2282{
2283    abort();
2284}
2285