LXR qemu/hw/s390x/css.c

   1/*
   2 * Channel subsystem base support.
   3 *
   4 * Copyright 2012 IBM Corp.
   5 * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
   6 *
   7 * This work is licensed under the terms of the GNU GPL, version 2 or (at
   8 * your option) any later version. See the COPYING file in the top-level
   9 * directory.
  10 */
  11
  12#include "qemu/osdep.h"
  13#include "qapi/error.h"
  14#include "qapi/visitor.h"
  15#include "hw/qdev.h"
  16#include "qemu/bitops.h"
  17#include "exec/address-spaces.h"
  18#include "cpu.h"
  19#include "hw/s390x/ioinst.h"
  20#include "hw/s390x/css.h"
  21#include "trace.h"
  22#include "hw/s390x/s390_flic.h"
  23
  24typedef struct CrwContainer {
  25    CRW crw;
  26    QTAILQ_ENTRY(CrwContainer) sibling;
  27} CrwContainer;
  28
  29typedef struct ChpInfo {
  30    uint8_t in_use;
  31    uint8_t type;
  32    uint8_t is_virtual;
  33} ChpInfo;
  34
  35typedef struct SubchSet {
  36    SubchDev *sch[MAX_SCHID + 1];
  37    unsigned long schids_used[BITS_TO_LONGS(MAX_SCHID + 1)];
  38    unsigned long devnos_used[BITS_TO_LONGS(MAX_SCHID + 1)];
  39} SubchSet;
  40
  41typedef struct CssImage {
  42    SubchSet *sch_set[MAX_SSID + 1];
  43    ChpInfo chpids[MAX_CHPID + 1];
  44} CssImage;
  45
  46typedef struct IoAdapter {
  47    uint32_t id;
  48    uint8_t type;
  49    uint8_t isc;
  50    QTAILQ_ENTRY(IoAdapter) sibling;
  51} IoAdapter;
  52
  53typedef struct ChannelSubSys {
  54    QTAILQ_HEAD(, CrwContainer) pending_crws;
  55    bool sei_pending;
  56    bool do_crw_mchk;
  57    bool crws_lost;
  58    uint8_t max_cssid;
  59    uint8_t max_ssid;
  60    bool chnmon_active;
  61    uint64_t chnmon_area;
  62    CssImage *css[MAX_CSSID + 1];
  63    uint8_t default_cssid;
  64    QTAILQ_HEAD(, IoAdapter) io_adapters;
  65    QTAILQ_HEAD(, IndAddr) indicator_addresses;
  66} ChannelSubSys;
  67
  68static ChannelSubSys channel_subsys = {
  69    .pending_crws = QTAILQ_HEAD_INITIALIZER(channel_subsys.pending_crws),
  70    .do_crw_mchk = true,
  71    .sei_pending = false,
  72    .do_crw_mchk = true,
  73    .crws_lost = false,
  74    .chnmon_active = false,
  75    .io_adapters = QTAILQ_HEAD_INITIALIZER(channel_subsys.io_adapters),
  76    .indicator_addresses =
  77        QTAILQ_HEAD_INITIALIZER(channel_subsys.indicator_addresses),
  78};
  79
  80IndAddr *get_indicator(hwaddr ind_addr, int len)
  81{
  82    IndAddr *indicator;
  83
  84    QTAILQ_FOREACH(indicator, &channel_subsys.indicator_addresses, sibling) {
  85        if (indicator->addr == ind_addr) {
  86            indicator->refcnt++;
  87            return indicator;
  88        }
  89    }
  90    indicator = g_new0(IndAddr, 1);
  91    indicator->addr = ind_addr;
  92    indicator->len = len;
  93    indicator->refcnt = 1;
  94    QTAILQ_INSERT_TAIL(&channel_subsys.indicator_addresses,
  95                       indicator, sibling);
  96    return indicator;
  97}
  98
  99static int s390_io_adapter_map(AdapterInfo *adapter, uint64_t map_addr,
 100                               bool do_map)
 101{
 102    S390FLICState *fs = s390_get_flic();
 103    S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
 104
 105    return fsc->io_adapter_map(fs, adapter->adapter_id, map_addr, do_map);
 106}
 107
 108void release_indicator(AdapterInfo *adapter, IndAddr *indicator)
 109{
 110    assert(indicator->refcnt > 0);
 111    indicator->refcnt--;
 112    if (indicator->refcnt > 0) {
 113        return;
 114    }
 115    QTAILQ_REMOVE(&channel_subsys.indicator_addresses, indicator, sibling);
 116    if (indicator->map) {
 117        s390_io_adapter_map(adapter, indicator->map, false);
 118    }
 119    g_free(indicator);
 120}
 121
 122int map_indicator(AdapterInfo *adapter, IndAddr *indicator)
 123{
 124    int ret;
 125
 126    if (indicator->map) {
 127        return 0; /* already mapped is not an error */
 128    }
 129    indicator->map = indicator->addr;
 130    ret = s390_io_adapter_map(adapter, indicator->map, true);
 131    if ((ret != 0) && (ret != -ENOSYS)) {
 132        goto out_err;
 133    }
 134    return 0;
 135
 136out_err:
 137    indicator->map = 0;
 138    return ret;
 139}
 140
 141int css_create_css_image(uint8_t cssid, bool default_image)
 142{
 143    trace_css_new_image(cssid, default_image ? "(default)" : "");
 144    /* 255 is reserved */
 145    if (cssid == 255) {
 146        return -EINVAL;
 147    }
 148    if (channel_subsys.css[cssid]) {
 149        return -EBUSY;
 150    }
 151    channel_subsys.css[cssid] = g_malloc0(sizeof(CssImage));
 152    if (default_image) {
 153        channel_subsys.default_cssid = cssid;
 154    }
 155    return 0;
 156}
 157
 158int css_register_io_adapter(uint8_t type, uint8_t isc, bool swap,
 159                            bool maskable, uint32_t *id)
 160{
 161    IoAdapter *adapter;
 162    bool found = false;
 163    int ret;
 164    S390FLICState *fs = s390_get_flic();
 165    S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
 166
 167    *id = 0;
 168    QTAILQ_FOREACH(adapter, &channel_subsys.io_adapters, sibling) {
 169        if ((adapter->type == type) && (adapter->isc == isc)) {
 170            *id = adapter->id;
 171            found = true;
 172            ret = 0;
 173            break;
 174        }
 175        if (adapter->id >= *id) {
 176            *id = adapter->id + 1;
 177        }
 178    }
 179    if (found) {
 180        goto out;
 181    }
 182    adapter = g_new0(IoAdapter, 1);
 183    ret = fsc->register_io_adapter(fs, *id, isc, swap, maskable);
 184    if (ret == 0) {
 185        adapter->id = *id;
 186        adapter->isc = isc;
 187        adapter->type = type;
 188        QTAILQ_INSERT_TAIL(&channel_subsys.io_adapters, adapter, sibling);
 189    } else {
 190        g_free(adapter);
 191        fprintf(stderr, "Unexpected error %d when registering adapter %d\n",
 192                ret, *id);
 193    }
 194out:
 195    return ret;
 196}
 197
 198static void css_clear_io_interrupt(uint16_t subchannel_id,
 199                                   uint16_t subchannel_nr)
 200{
 201    Error *err = NULL;
 202    static bool no_clear_irq;
 203    S390FLICState *fs = s390_get_flic();
 204    S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
 205    int r;
 206
 207    if (unlikely(no_clear_irq)) {
 208        return;
 209    }
 210    r = fsc->clear_io_irq(fs, subchannel_id, subchannel_nr);
 211    switch (r) {
 212    case 0:
 213        break;
 214    case -ENOSYS:
 215        no_clear_irq = true;
 216        /*
 217        * Ignore unavailability, as the user can't do anything
 218        * about it anyway.
 219        */
 220        break;
 221    default:
 222        error_setg_errno(&err, -r, "unexpected error condition");
 223        error_propagate(&error_abort, err);
 224    }
 225}
 226
 227static inline uint16_t css_do_build_subchannel_id(uint8_t cssid, uint8_t ssid)
 228{
 229    if (channel_subsys.max_cssid > 0) {
 230        return (cssid << 8) | (1 << 3) | (ssid << 1) | 1;
 231    }
 232    return (ssid << 1) | 1;
 233}
 234
 235uint16_t css_build_subchannel_id(SubchDev *sch)
 236{
 237    return css_do_build_subchannel_id(sch->cssid, sch->ssid);
 238}
 239
 240static void css_inject_io_interrupt(SubchDev *sch)
 241{
 242    uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
 243
 244    trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
 245                           sch->curr_status.pmcw.intparm, isc, "");
 246    s390_io_interrupt(css_build_subchannel_id(sch),
 247                      sch->schid,
 248                      sch->curr_status.pmcw.intparm,
 249                      isc << 27);
 250}
 251
 252void css_conditional_io_interrupt(SubchDev *sch)
 253{
 254    /*
 255     * If the subchannel is not currently status pending, make it pending
 256     * with alert status.
 257     */
 258    if (!(sch->curr_status.scsw.ctrl & SCSW_STCTL_STATUS_PEND)) {
 259        uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
 260
 261        trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
 262                               sch->curr_status.pmcw.intparm, isc,
 263                               "(unsolicited)");
 264        sch->curr_status.scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
 265        sch->curr_status.scsw.ctrl |=
 266            SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
 267        /* Inject an I/O interrupt. */
 268        s390_io_interrupt(css_build_subchannel_id(sch),
 269                          sch->schid,
 270                          sch->curr_status.pmcw.intparm,
 271                          isc << 27);
 272    }
 273}
 274
 275void css_adapter_interrupt(uint8_t isc)
 276{
 277    uint32_t io_int_word = (isc << 27) | IO_INT_WORD_AI;
 278
 279    trace_css_adapter_interrupt(isc);
 280    s390_io_interrupt(0, 0, 0, io_int_word);
 281}
 282
 283static void sch_handle_clear_func(SubchDev *sch)
 284{
 285    PMCW *p = &sch->curr_status.pmcw;
 286    SCSW *s = &sch->curr_status.scsw;
 287    int path;
 288
 289    /* Path management: In our simple css, we always choose the only path. */
 290    path = 0x80;
 291
 292    /* Reset values prior to 'issuing the clear signal'. */
 293    p->lpum = 0;
 294    p->pom = 0xff;
 295    s->flags &= ~SCSW_FLAGS_MASK_PNO;
 296
 297    /* We always 'attempt to issue the clear signal', and we always succeed. */
 298    sch->channel_prog = 0x0;
 299    sch->last_cmd_valid = false;
 300    s->ctrl &= ~SCSW_ACTL_CLEAR_PEND;
 301    s->ctrl |= SCSW_STCTL_STATUS_PEND;
 302
 303    s->dstat = 0;
 304    s->cstat = 0;
 305    p->lpum = path;
 306
 307}
 308
 309static void sch_handle_halt_func(SubchDev *sch)
 310{
 311
 312    PMCW *p = &sch->curr_status.pmcw;
 313    SCSW *s = &sch->curr_status.scsw;
 314    hwaddr curr_ccw = sch->channel_prog;
 315    int path;
 316
 317    /* Path management: In our simple css, we always choose the only path. */
 318    path = 0x80;
 319
 320    /* We always 'attempt to issue the halt signal', and we always succeed. */
 321    sch->channel_prog = 0x0;
 322    sch->last_cmd_valid = false;
 323    s->ctrl &= ~SCSW_ACTL_HALT_PEND;
 324    s->ctrl |= SCSW_STCTL_STATUS_PEND;
 325
 326    if ((s->ctrl & (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) ||
 327        !((s->ctrl & SCSW_ACTL_START_PEND) ||
 328          (s->ctrl & SCSW_ACTL_SUSP))) {
 329        s->dstat = SCSW_DSTAT_DEVICE_END;
 330    }
 331    if ((s->ctrl & (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) ||
 332        (s->ctrl & SCSW_ACTL_SUSP)) {
 333        s->cpa = curr_ccw + 8;
 334    }
 335    s->cstat = 0;
 336    p->lpum = path;
 337
 338}
 339
 340static void copy_sense_id_to_guest(SenseId *dest, SenseId *src)
 341{
 342    int i;
 343
 344    dest->reserved = src->reserved;
 345    dest->cu_type = cpu_to_be16(src->cu_type);
 346    dest->cu_model = src->cu_model;
 347    dest->dev_type = cpu_to_be16(src->dev_type);
 348    dest->dev_model = src->dev_model;
 349    dest->unused = src->unused;
 350    for (i = 0; i < ARRAY_SIZE(dest->ciw); i++) {
 351        dest->ciw[i].type = src->ciw[i].type;
 352        dest->ciw[i].command = src->ciw[i].command;
 353        dest->ciw[i].count = cpu_to_be16(src->ciw[i].count);
 354    }
 355}
 356
 357static CCW1 copy_ccw_from_guest(hwaddr addr, bool fmt1)
 358{
 359    CCW0 tmp0;
 360    CCW1 tmp1;
 361    CCW1 ret;
 362
 363    if (fmt1) {
 364        cpu_physical_memory_read(addr, &tmp1, sizeof(tmp1));
 365        ret.cmd_code = tmp1.cmd_code;
 366        ret.flags = tmp1.flags;
 367        ret.count = be16_to_cpu(tmp1.count);
 368        ret.cda = be32_to_cpu(tmp1.cda);
 369    } else {
 370        cpu_physical_memory_read(addr, &tmp0, sizeof(tmp0));
 371        ret.cmd_code = tmp0.cmd_code;
 372        ret.flags = tmp0.flags;
 373        ret.count = be16_to_cpu(tmp0.count);
 374        ret.cda = be16_to_cpu(tmp0.cda1) | (tmp0.cda0 << 16);
 375        if ((ret.cmd_code & 0x0f) == CCW_CMD_TIC) {
 376            ret.cmd_code &= 0x0f;
 377        }
 378    }
 379    return ret;
 380}
 381
 382static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
 383                             bool suspend_allowed)
 384{
 385    int ret;
 386    bool check_len;
 387    int len;
 388    CCW1 ccw;
 389
 390    if (!ccw_addr) {
 391        return -EIO;
 392    }
 393
 394    /* Translate everything to format-1 ccws - the information is the same. */
 395    ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1);
 396
 397    /* Check for invalid command codes. */
 398    if ((ccw.cmd_code & 0x0f) == 0) {
 399        return -EINVAL;
 400    }
 401    if (((ccw.cmd_code & 0x0f) == CCW_CMD_TIC) &&
 402        ((ccw.cmd_code & 0xf0) != 0)) {
 403        return -EINVAL;
 404    }
 405    if (!sch->ccw_fmt_1 && (ccw.count == 0) &&
 406        (ccw.cmd_code != CCW_CMD_TIC)) {
 407        return -EINVAL;
 408    }
 409
 410    if (ccw.flags & CCW_FLAG_SUSPEND) {
 411        return suspend_allowed ? -EINPROGRESS : -EINVAL;
 412    }
 413
 414    check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
 415
 416    if (!ccw.cda) {
 417        if (sch->ccw_no_data_cnt == 255) {
 418            return -EINVAL;
 419        }
 420        sch->ccw_no_data_cnt++;
 421    }
 422
 423    /* Look at the command. */
 424    switch (ccw.cmd_code) {
 425    case CCW_CMD_NOOP:
 426        /* Nothing to do. */
 427        ret = 0;
 428        break;
 429    case CCW_CMD_BASIC_SENSE:
 430        if (check_len) {
 431            if (ccw.count != sizeof(sch->sense_data)) {
 432                ret = -EINVAL;
 433                break;
 434            }
 435        }
 436        len = MIN(ccw.count, sizeof(sch->sense_data));
 437        cpu_physical_memory_write(ccw.cda, sch->sense_data, len);
 438        sch->curr_status.scsw.count = ccw.count - len;
 439        memset(sch->sense_data, 0, sizeof(sch->sense_data));
 440        ret = 0;
 441        break;
 442    case CCW_CMD_SENSE_ID:
 443    {
 444        SenseId sense_id;
 445
 446        copy_sense_id_to_guest(&sense_id, &sch->id);
 447        /* Sense ID information is device specific. */
 448        if (check_len) {
 449            if (ccw.count != sizeof(sense_id)) {
 450                ret = -EINVAL;
 451                break;
 452            }
 453        }
 454        len = MIN(ccw.count, sizeof(sense_id));
 455        /*
 456         * Only indicate 0xff in the first sense byte if we actually
 457         * have enough place to store at least bytes 0-3.
 458         */
 459        if (len >= 4) {
 460            sense_id.reserved = 0xff;
 461        } else {
 462            sense_id.reserved = 0;
 463        }
 464        cpu_physical_memory_write(ccw.cda, &sense_id, len);
 465        sch->curr_status.scsw.count = ccw.count - len;
 466        ret = 0;
 467        break;
 468    }
 469    case CCW_CMD_TIC:
 470        if (sch->last_cmd_valid && (sch->last_cmd.cmd_code == CCW_CMD_TIC)) {
 471            ret = -EINVAL;
 472            break;
 473        }
 474        if (ccw.flags & (CCW_FLAG_CC | CCW_FLAG_DC)) {
 475            ret = -EINVAL;
 476            break;
 477        }
 478        sch->channel_prog = ccw.cda;
 479        ret = -EAGAIN;
 480        break;
 481    default:
 482        if (sch->ccw_cb) {
 483            /* Handle device specific commands. */
 484            ret = sch->ccw_cb(sch, ccw);
 485        } else {
 486            ret = -ENOSYS;
 487        }
 488        break;
 489    }
 490    sch->last_cmd = ccw;
 491    sch->last_cmd_valid = true;
 492    if (ret == 0) {
 493        if (ccw.flags & CCW_FLAG_CC) {
 494            sch->channel_prog += 8;
 495            ret = -EAGAIN;
 496        }
 497    }
 498
 499    return ret;
 500}
 501
 502static void sch_handle_start_func(SubchDev *sch, ORB *orb)
 503{
 504
 505    PMCW *p = &sch->curr_status.pmcw;
 506    SCSW *s = &sch->curr_status.scsw;
 507    int path;
 508    int ret;
 509    bool suspend_allowed;
 510
 511    /* Path management: In our simple css, we always choose the only path. */
 512    path = 0x80;
 513
 514    if (!(s->ctrl & SCSW_ACTL_SUSP)) {
 515        /* Start Function triggered via ssch, i.e. we have an ORB */
 516        s->cstat = 0;
 517        s->dstat = 0;
 518        /* Look at the orb and try to execute the channel program. */
 519        assert(orb != NULL); /* resume does not pass an orb */
 520        p->intparm = orb->intparm;
 521        if (!(orb->lpm & path)) {
 522            /* Generate a deferred cc 3 condition. */
 523            s->flags |= SCSW_FLAGS_MASK_CC;
 524            s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
 525            s->ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
 526            return;
 527        }
 528        sch->ccw_fmt_1 = !!(orb->ctrl0 & ORB_CTRL0_MASK_FMT);
 529        s->flags |= (sch->ccw_fmt_1) ? SCSW_FLAGS_MASK_FMT : 0;
 530        sch->ccw_no_data_cnt = 0;
 531        suspend_allowed = !!(orb->ctrl0 & ORB_CTRL0_MASK_SPND);
 532    } else {
 533        /* Start Function resumed via rsch, i.e. we don't have an
 534         * ORB */
 535        s->ctrl &= ~(SCSW_ACTL_SUSP | SCSW_ACTL_RESUME_PEND);
 536        /* The channel program had been suspended before. */
 537        suspend_allowed = true;
 538    }
 539    sch->last_cmd_valid = false;
 540    do {
 541        ret = css_interpret_ccw(sch, sch->channel_prog, suspend_allowed);
 542        switch (ret) {
 543        case -EAGAIN:
 544            /* ccw chain, continue processing */
 545            break;
 546        case 0:
 547            /* success */
 548            s->ctrl &= ~SCSW_ACTL_START_PEND;
 549            s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
 550            s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
 551                    SCSW_STCTL_STATUS_PEND;
 552            s->dstat = SCSW_DSTAT_CHANNEL_END | SCSW_DSTAT_DEVICE_END;
 553            s->cpa = sch->channel_prog + 8;
 554            break;
 555        case -ENOSYS:
 556            /* unsupported command, generate unit check (command reject) */
 557            s->ctrl &= ~SCSW_ACTL_START_PEND;
 558            s->dstat = SCSW_DSTAT_UNIT_CHECK;
 559            /* Set sense bit 0 in ecw0. */
 560            sch->sense_data[0] = 0x80;
 561            s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
 562            s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
 563                    SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
 564            s->cpa = sch->channel_prog + 8;
 565            break;
 566        case -EFAULT:
 567            /* memory problem, generate channel data check */
 568            s->ctrl &= ~SCSW_ACTL_START_PEND;
 569            s->cstat = SCSW_CSTAT_DATA_CHECK;
 570            s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
 571            s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
 572                    SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
 573            s->cpa = sch->channel_prog + 8;
 574            break;
 575        case -EBUSY:
 576            /* subchannel busy, generate deferred cc 1 */
 577            s->flags &= ~SCSW_FLAGS_MASK_CC;
 578            s->flags |= (1 << 8);
 579            s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
 580            s->ctrl |= SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
 581            break;
 582        case -EINPROGRESS:
 583            /* channel program has been suspended */
 584            s->ctrl &= ~SCSW_ACTL_START_PEND;
 585            s->ctrl |= SCSW_ACTL_SUSP;
 586            break;
 587        default:
 588            /* error, generate channel program check */
 589            s->ctrl &= ~SCSW_ACTL_START_PEND;
 590            s->cstat = SCSW_CSTAT_PROG_CHECK;
 591            s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
 592            s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
 593                    SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
 594            s->cpa = sch->channel_prog + 8;
 595            break;
 596        }
 597    } while (ret == -EAGAIN);
 598
 599}
 600
 601/*
 602 * On real machines, this would run asynchronously to the main vcpus.
 603 * We might want to make some parts of the ssch handling (interpreting
 604 * read/writes) asynchronous later on if we start supporting more than
 605 * our current very simple devices.
 606 */
 607static void do_subchannel_work(SubchDev *sch, ORB *orb)
 608{
 609
 610    SCSW *s = &sch->curr_status.scsw;
 611
 612    if (s->ctrl & SCSW_FCTL_CLEAR_FUNC) {
 613        sch_handle_clear_func(sch);
 614    } else if (s->ctrl & SCSW_FCTL_HALT_FUNC) {
 615        sch_handle_halt_func(sch);
 616    } else if (s->ctrl & SCSW_FCTL_START_FUNC) {
 617        /* Triggered by both ssch and rsch. */
 618        sch_handle_start_func(sch, orb);
 619    } else {
 620        /* Cannot happen. */
 621        return;
 622    }
 623    css_inject_io_interrupt(sch);
 624}
 625
 626static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
 627{
 628    int i;
 629
 630    dest->intparm = cpu_to_be32(src->intparm);
 631    dest->flags = cpu_to_be16(src->flags);
 632    dest->devno = cpu_to_be16(src->devno);
 633    dest->lpm = src->lpm;
 634    dest->pnom = src->pnom;
 635    dest->lpum = src->lpum;
 636    dest->pim = src->pim;
 637    dest->mbi = cpu_to_be16(src->mbi);
 638    dest->pom = src->pom;
 639    dest->pam = src->pam;
 640    for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
 641        dest->chpid[i] = src->chpid[i];
 642    }
 643    dest->chars = cpu_to_be32(src->chars);
 644}
 645
 646static void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
 647{
 648    dest->flags = cpu_to_be16(src->flags);
 649    dest->ctrl = cpu_to_be16(src->ctrl);
 650    dest->cpa = cpu_to_be32(src->cpa);
 651    dest->dstat = src->dstat;
 652    dest->cstat = src->cstat;
 653    dest->count = cpu_to_be16(src->count);
 654}
 655
 656static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src)
 657{
 658    int i;
 659
 660    copy_pmcw_to_guest(&dest->pmcw, &src->pmcw);
 661    copy_scsw_to_guest(&dest->scsw, &src->scsw);
 662    dest->mba = cpu_to_be64(src->mba);
 663    for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
 664        dest->mda[i] = src->mda[i];
 665    }
 666}
 667
 668int css_do_stsch(SubchDev *sch, SCHIB *schib)
 669{
 670    /* Use current status. */
 671    copy_schib_to_guest(schib, &sch->curr_status);
 672    return 0;
 673}
 674
 675static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
 676{
 677    int i;
 678
 679    dest->intparm = be32_to_cpu(src->intparm);
 680    dest->flags = be16_to_cpu(src->flags);
 681    dest->devno = be16_to_cpu(src->devno);
 682    dest->lpm = src->lpm;
 683    dest->pnom = src->pnom;
 684    dest->lpum = src->lpum;
 685    dest->pim = src->pim;
 686    dest->mbi = be16_to_cpu(src->mbi);
 687    dest->pom = src->pom;
 688    dest->pam = src->pam;
 689    for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
 690        dest->chpid[i] = src->chpid[i];
 691    }
 692    dest->chars = be32_to_cpu(src->chars);
 693}
 694
 695static void copy_scsw_from_guest(SCSW *dest, const SCSW *src)
 696{
 697    dest->flags = be16_to_cpu(src->flags);
 698    dest->ctrl = be16_to_cpu(src->ctrl);
 699    dest->cpa = be32_to_cpu(src->cpa);
 700    dest->dstat = src->dstat;
 701    dest->cstat = src->cstat;
 702    dest->count = be16_to_cpu(src->count);
 703}
 704
 705static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src)
 706{
 707    int i;
 708
 709    copy_pmcw_from_guest(&dest->pmcw, &src->pmcw);
 710    copy_scsw_from_guest(&dest->scsw, &src->scsw);
 711    dest->mba = be64_to_cpu(src->mba);
 712    for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
 713        dest->mda[i] = src->mda[i];
 714    }
 715}
 716
 717int css_do_msch(SubchDev *sch, const SCHIB *orig_schib)
 718{
 719    SCSW *s = &sch->curr_status.scsw;
 720    PMCW *p = &sch->curr_status.pmcw;
 721    uint16_t oldflags;
 722    int ret;
 723    SCHIB schib;
 724
 725    if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_DNV)) {
 726        ret = 0;
 727        goto out;
 728    }
 729
 730    if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
 731        ret = -EINPROGRESS;
 732        goto out;
 733    }
 734
 735    if (s->ctrl &
 736        (SCSW_FCTL_START_FUNC|SCSW_FCTL_HALT_FUNC|SCSW_FCTL_CLEAR_FUNC)) {
 737        ret = -EBUSY;
 738        goto out;
 739    }
 740
 741    copy_schib_from_guest(&schib, orig_schib);
 742    /* Only update the program-modifiable fields. */
 743    p->intparm = schib.pmcw.intparm;
 744    oldflags = p->flags;
 745    p->flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
 746                  PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
 747                  PMCW_FLAGS_MASK_MP);
 748    p->flags |= schib.pmcw.flags &
 749            (PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
 750             PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
 751             PMCW_FLAGS_MASK_MP);
 752    p->lpm = schib.pmcw.lpm;
 753    p->mbi = schib.pmcw.mbi;
 754    p->pom = schib.pmcw.pom;
 755    p->chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
 756    p->chars |= schib.pmcw.chars &
 757            (PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
 758    sch->curr_status.mba = schib.mba;
 759
 760    /* Has the channel been disabled? */
 761    if (sch->disable_cb && (oldflags & PMCW_FLAGS_MASK_ENA) != 0
 762        && (p->flags & PMCW_FLAGS_MASK_ENA) == 0) {
 763        sch->disable_cb(sch);
 764    }
 765
 766    ret = 0;
 767
 768out:
 769    return ret;
 770}
 771
 772int css_do_xsch(SubchDev *sch)
 773{
 774    SCSW *s = &sch->curr_status.scsw;
 775    PMCW *p = &sch->curr_status.pmcw;
 776    int ret;
 777
 778    if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
 779        ret = -ENODEV;
 780        goto out;
 781    }
 782
 783    if (!(s->ctrl & SCSW_CTRL_MASK_FCTL) ||
 784        ((s->ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
 785        (!(s->ctrl &
 786           (SCSW_ACTL_RESUME_PEND | SCSW_ACTL_START_PEND | SCSW_ACTL_SUSP))) ||
 787        (s->ctrl & SCSW_ACTL_SUBCH_ACTIVE)) {
 788        ret = -EINPROGRESS;
 789        goto out;
 790    }
 791
 792    if (s->ctrl & SCSW_CTRL_MASK_STCTL) {
 793        ret = -EBUSY;
 794        goto out;
 795    }
 796
 797    /* Cancel the current operation. */
 798    s->ctrl &= ~(SCSW_FCTL_START_FUNC |
 799                 SCSW_ACTL_RESUME_PEND |
 800                 SCSW_ACTL_START_PEND |
 801                 SCSW_ACTL_SUSP);
 802    sch->channel_prog = 0x0;
 803    sch->last_cmd_valid = false;
 804    s->dstat = 0;
 805    s->cstat = 0;
 806    ret = 0;
 807
 808out:
 809    return ret;
 810}
 811
 812int css_do_csch(SubchDev *sch)
 813{
 814    SCSW *s = &sch->curr_status.scsw;
 815    PMCW *p = &sch->curr_status.pmcw;
 816    int ret;
 817
 818    if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
 819        ret = -ENODEV;
 820        goto out;
 821    }
 822
 823    /* Trigger the clear function. */
 824    s->ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);
 825    s->ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_ACTL_CLEAR_PEND;
 826
 827    do_subchannel_work(sch, NULL);
 828    ret = 0;
 829
 830out:
 831    return ret;
 832}
 833
 834int css_do_hsch(SubchDev *sch)
 835{
 836    SCSW *s = &sch->curr_status.scsw;
 837    PMCW *p = &sch->curr_status.pmcw;
 838    int ret;
 839
 840    if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
 841        ret = -ENODEV;
 842        goto out;
 843    }
 844
 845    if (((s->ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_STATUS_PEND) ||
 846        (s->ctrl & (SCSW_STCTL_PRIMARY |
 847                    SCSW_STCTL_SECONDARY |
 848                    SCSW_STCTL_ALERT))) {
 849        ret = -EINPROGRESS;
 850        goto out;
 851    }
 852
 853    if (s->ctrl & (SCSW_FCTL_HALT_FUNC | SCSW_FCTL_CLEAR_FUNC)) {
 854        ret = -EBUSY;
 855        goto out;
 856    }
 857
 858    /* Trigger the halt function. */
 859    s->ctrl |= SCSW_FCTL_HALT_FUNC;
 860    s->ctrl &= ~SCSW_FCTL_START_FUNC;
 861    if (((s->ctrl & SCSW_CTRL_MASK_ACTL) ==
 862         (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) &&
 863        ((s->ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_INTERMEDIATE)) {
 864        s->ctrl &= ~SCSW_STCTL_STATUS_PEND;
 865    }
 866    s->ctrl |= SCSW_ACTL_HALT_PEND;
 867
 868    do_subchannel_work(sch, NULL);
 869    ret = 0;
 870
 871out:
 872    return ret;
 873}
 874
 875static void css_update_chnmon(SubchDev *sch)
 876{
 877    if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_MME)) {
 878        /* Not active. */
 879        return;
 880    }
 881    /* The counter is conveniently located at the beginning of the struct. */
 882    if (sch->curr_status.pmcw.chars & PMCW_CHARS_MASK_MBFC) {
 883        /* Format 1, per-subchannel area. */
 884        uint32_t count;
 885
 886        count = address_space_ldl(&address_space_memory,
 887                                  sch->curr_status.mba,
 888                                  MEMTXATTRS_UNSPECIFIED,
 889                                  NULL);
 890        count++;
 891        address_space_stl(&address_space_memory, sch->curr_status.mba, count,
 892                          MEMTXATTRS_UNSPECIFIED, NULL);
 893    } else {
 894        /* Format 0, global area. */
 895        uint32_t offset;
 896        uint16_t count;
 897
 898        offset = sch->curr_status.pmcw.mbi << 5;
 899        count = address_space_lduw(&address_space_memory,
 900                                   channel_subsys.chnmon_area + offset,
 901                                   MEMTXATTRS_UNSPECIFIED,
 902                                   NULL);
 903        count++;
 904        address_space_stw(&address_space_memory,
 905                          channel_subsys.chnmon_area + offset, count,
 906                          MEMTXATTRS_UNSPECIFIED, NULL);
 907    }
 908}
 909
 910int css_do_ssch(SubchDev *sch, ORB *orb)
 911{
 912    SCSW *s = &sch->curr_status.scsw;
 913    PMCW *p = &sch->curr_status.pmcw;
 914    int ret;
 915
 916    if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
 917        ret = -ENODEV;
 918        goto out;
 919    }
 920
 921    if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
 922        ret = -EINPROGRESS;
 923        goto out;
 924    }
 925
 926    if (s->ctrl & (SCSW_FCTL_START_FUNC |
 927                   SCSW_FCTL_HALT_FUNC |
 928                   SCSW_FCTL_CLEAR_FUNC)) {
 929        ret = -EBUSY;
 930        goto out;
 931    }
 932
 933    /* If monitoring is active, update counter. */
 934    if (channel_subsys.chnmon_active) {
 935        css_update_chnmon(sch);
 936    }
 937    sch->channel_prog = orb->cpa;
 938    /* Trigger the start function. */
 939    s->ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
 940    s->flags &= ~SCSW_FLAGS_MASK_PNO;
 941
 942    do_subchannel_work(sch, orb);
 943    ret = 0;
 944
 945out:
 946    return ret;
 947}
 948
 949static void copy_irb_to_guest(IRB *dest, const IRB *src, PMCW *pmcw,
 950                              int *irb_len)
 951{
 952    int i;
 953    uint16_t stctl = src->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
 954    uint16_t actl = src->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
 955
 956    copy_scsw_to_guest(&dest->scsw, &src->scsw);
 957
 958    for (i = 0; i < ARRAY_SIZE(dest->esw); i++) {
 959        dest->esw[i] = cpu_to_be32(src->esw[i]);
 960    }
 961    for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) {
 962        dest->ecw[i] = cpu_to_be32(src->ecw[i]);
 963    }
 964    *irb_len = sizeof(*dest) - sizeof(dest->emw);
 965
 966    /* extended measurements enabled? */
 967    if ((src->scsw.flags & SCSW_FLAGS_MASK_ESWF) ||
 968        !(pmcw->flags & PMCW_FLAGS_MASK_TF) ||
 969        !(pmcw->chars & PMCW_CHARS_MASK_XMWME)) {
 970        return;
 971    }
 972    /* extended measurements pending? */
 973    if (!(stctl & SCSW_STCTL_STATUS_PEND)) {
 974        return;
 975    }
 976    if ((stctl & SCSW_STCTL_PRIMARY) ||
 977        (stctl == SCSW_STCTL_SECONDARY) ||
 978        ((stctl & SCSW_STCTL_INTERMEDIATE) && (actl & SCSW_ACTL_SUSP))) {
 979        for (i = 0; i < ARRAY_SIZE(dest->emw); i++) {
 980            dest->emw[i] = cpu_to_be32(src->emw[i]);
 981        }
 982    }
 983    *irb_len = sizeof(*dest);
 984}
 985
 986int css_do_tsch_get_irb(SubchDev *sch, IRB *target_irb, int *irb_len)
 987{
 988    SCSW *s = &sch->curr_status.scsw;
 989    PMCW *p = &sch->curr_status.pmcw;
 990    uint16_t stctl;
 991    IRB irb;
 992
 993    if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
 994        return 3;
 995    }
 996
 997    stctl = s->ctrl & SCSW_CTRL_MASK_STCTL;
 998
 999    /* Prepare the irb for the guest. */
1000    memset(&irb, 0, sizeof(IRB));

1001
1002    /* Copy scsw from current status. */
1003    memcpy(&irb.scsw, s, sizeof(SCSW));
1004    if (stctl & SCSW_STCTL_STATUS_PEND) {
1005        if (s->cstat & (SCSW_CSTAT_DATA_CHECK |
1006                        SCSW_CSTAT_CHN_CTRL_CHK |
1007                        SCSW_CSTAT_INTF_CTRL_CHK)) {
1008            irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF;
1009            irb.esw[0] = 0x04804000;
1010        } else {
1011            irb.esw[0] = 0x00800000;
1012        }
1013        /* If a unit check is pending, copy sense data. */
1014        if ((s->dstat & SCSW_DSTAT_UNIT_CHECK) &&
1015            (p->chars & PMCW_CHARS_MASK_CSENSE)) {
1016            int i;
1017
1018            irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
1019            /* Attention: sense_data is already BE! */
1020            memcpy(irb.ecw, sch->sense_data, sizeof(sch->sense_data));
1021            for (i = 0; i < ARRAY_SIZE(irb.ecw); i++) {
1022                irb.ecw[i] = be32_to_cpu(irb.ecw[i]);
1023            }
1024            irb.esw[1] = 0x01000000 | (sizeof(sch->sense_data) << 8);
1025        }
1026    }
1027    /* Store the irb to the guest. */
1028    copy_irb_to_guest(target_irb, &irb, p, irb_len);
1029
1030    return ((stctl & SCSW_STCTL_STATUS_PEND) == 0);
1031}
1032
1033void css_do_tsch_update_subch(SubchDev *sch)
1034{
1035    SCSW *s = &sch->curr_status.scsw;
1036    PMCW *p = &sch->curr_status.pmcw;
1037    uint16_t stctl;
1038    uint16_t fctl;
1039    uint16_t actl;
1040
1041    stctl = s->ctrl & SCSW_CTRL_MASK_STCTL;
1042    fctl = s->ctrl & SCSW_CTRL_MASK_FCTL;
1043    actl = s->ctrl & SCSW_CTRL_MASK_ACTL;
1044
1045    /* Clear conditions on subchannel, if applicable. */
1046    if (stctl & SCSW_STCTL_STATUS_PEND) {
1047        s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
1048        if ((stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) ||
1049            ((fctl & SCSW_FCTL_HALT_FUNC) &&
1050             (actl & SCSW_ACTL_SUSP))) {
1051            s->ctrl &= ~SCSW_CTRL_MASK_FCTL;
1052        }
1053        if (stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) {
1054            s->flags &= ~SCSW_FLAGS_MASK_PNO;
1055            s->ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1056                         SCSW_ACTL_START_PEND |
1057                         SCSW_ACTL_HALT_PEND |
1058                         SCSW_ACTL_CLEAR_PEND |
1059                         SCSW_ACTL_SUSP);
1060        } else {
1061            if ((actl & SCSW_ACTL_SUSP) &&
1062                (fctl & SCSW_FCTL_START_FUNC)) {
1063                s->flags &= ~SCSW_FLAGS_MASK_PNO;
1064                if (fctl & SCSW_FCTL_HALT_FUNC) {
1065                    s->ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1066                                 SCSW_ACTL_START_PEND |
1067                                 SCSW_ACTL_HALT_PEND |
1068                                 SCSW_ACTL_CLEAR_PEND |
1069                                 SCSW_ACTL_SUSP);
1070                } else {
1071                    s->ctrl &= ~SCSW_ACTL_RESUME_PEND;
1072                }
1073            }
1074        }
1075        /* Clear pending sense data. */
1076        if (p->chars & PMCW_CHARS_MASK_CSENSE) {
1077            memset(sch->sense_data, 0 , sizeof(sch->sense_data));
1078        }
1079    }
1080}
1081
1082static void copy_crw_to_guest(CRW *dest, const CRW *src)
1083{
1084    dest->flags = cpu_to_be16(src->flags);
1085    dest->rsid = cpu_to_be16(src->rsid);
1086}
1087
1088int css_do_stcrw(CRW *crw)
1089{
1090    CrwContainer *crw_cont;
1091    int ret;
1092
1093    crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws);
1094    if (crw_cont) {
1095        QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
1096        copy_crw_to_guest(crw, &crw_cont->crw);
1097        g_free(crw_cont);
1098        ret = 0;
1099    } else {
1100        /* List was empty, turn crw machine checks on again. */
1101        memset(crw, 0, sizeof(*crw));
1102        channel_subsys.do_crw_mchk = true;
1103        ret = 1;
1104    }
1105
1106    return ret;
1107}
1108
1109static void copy_crw_from_guest(CRW *dest, const CRW *src)
1110{
1111    dest->flags = be16_to_cpu(src->flags);
1112    dest->rsid = be16_to_cpu(src->rsid);
1113}
1114
1115void css_undo_stcrw(CRW *crw)
1116{
1117    CrwContainer *crw_cont;
1118
1119    crw_cont = g_try_malloc0(sizeof(CrwContainer));
1120    if (!crw_cont) {
1121        channel_subsys.crws_lost = true;
1122        return;
1123    }
1124    copy_crw_from_guest(&crw_cont->crw, crw);
1125
1126    QTAILQ_INSERT_HEAD(&channel_subsys.pending_crws, crw_cont, sibling);
1127}
1128
1129int css_do_tpi(IOIntCode *int_code, int lowcore)
1130{
1131    /* No pending interrupts for !KVM. */
1132    return 0;
1133 }
1134
1135int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t l_chpid,
1136                         int rfmt, void *buf)
1137{
1138    int i, desc_size;
1139    uint32_t words[8];
1140    uint32_t chpid_type_word;
1141    CssImage *css;
1142
1143    if (!m && !cssid) {
1144        css = channel_subsys.css[channel_subsys.default_cssid];
1145    } else {
1146        css = channel_subsys.css[cssid];
1147    }
1148    if (!css) {
1149        return 0;
1150    }
1151    desc_size = 0;
1152    for (i = f_chpid; i <= l_chpid; i++) {
1153        if (css->chpids[i].in_use) {
1154            chpid_type_word = 0x80000000 | (css->chpids[i].type << 8) | i;
1155            if (rfmt == 0) {
1156                words[0] = cpu_to_be32(chpid_type_word);
1157                words[1] = 0;
1158                memcpy(buf + desc_size, words, 8);
1159                desc_size += 8;
1160            } else if (rfmt == 1) {
1161                words[0] = cpu_to_be32(chpid_type_word);
1162                words[1] = 0;
1163                words[2] = 0;
1164                words[3] = 0;
1165                words[4] = 0;
1166                words[5] = 0;
1167                words[6] = 0;
1168                words[7] = 0;
1169                memcpy(buf + desc_size, words, 32);
1170                desc_size += 32;
1171            }
1172        }
1173    }
1174    return desc_size;
1175}
1176
1177void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo)
1178{
1179    /* dct is currently ignored (not really meaningful for our devices) */
1180    /* TODO: Don't ignore mbk. */
1181    if (update && !channel_subsys.chnmon_active) {
1182        /* Enable measuring. */
1183        channel_subsys.chnmon_area = mbo;
1184        channel_subsys.chnmon_active = true;
1185    }
1186    if (!update && channel_subsys.chnmon_active) {
1187        /* Disable measuring. */
1188        channel_subsys.chnmon_area = 0;
1189        channel_subsys.chnmon_active = false;
1190    }
1191}
1192
1193int css_do_rsch(SubchDev *sch)
1194{
1195    SCSW *s = &sch->curr_status.scsw;
1196    PMCW *p = &sch->curr_status.pmcw;
1197    int ret;
1198
1199    if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1200        ret = -ENODEV;
1201        goto out;
1202    }
1203
1204    if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
1205        ret = -EINPROGRESS;
1206        goto out;
1207    }
1208
1209    if (((s->ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1210        (s->ctrl & SCSW_ACTL_RESUME_PEND) ||
1211        (!(s->ctrl & SCSW_ACTL_SUSP))) {
1212        ret = -EINVAL;
1213        goto out;
1214    }
1215
1216    /* If monitoring is active, update counter. */
1217    if (channel_subsys.chnmon_active) {
1218        css_update_chnmon(sch);
1219    }
1220
1221    s->ctrl |= SCSW_ACTL_RESUME_PEND;
1222    do_subchannel_work(sch, NULL);
1223    ret = 0;
1224
1225out:
1226    return ret;
1227}
1228
1229int css_do_rchp(uint8_t cssid, uint8_t chpid)
1230{
1231    uint8_t real_cssid;
1232
1233    if (cssid > channel_subsys.max_cssid) {
1234        return -EINVAL;
1235    }
1236    if (channel_subsys.max_cssid == 0) {
1237        real_cssid = channel_subsys.default_cssid;
1238    } else {
1239        real_cssid = cssid;
1240    }
1241    if (!channel_subsys.css[real_cssid]) {
1242        return -EINVAL;
1243    }
1244
1245    if (!channel_subsys.css[real_cssid]->chpids[chpid].in_use) {
1246        return -ENODEV;
1247    }
1248
1249    if (!channel_subsys.css[real_cssid]->chpids[chpid].is_virtual) {
1250        fprintf(stderr,
1251                "rchp unsupported for non-virtual chpid %x.%02x!\n",
1252                real_cssid, chpid);
1253        return -ENODEV;
1254    }
1255
1256    /* We don't really use a channel path, so we're done here. */
1257    css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT,
1258                  channel_subsys.max_cssid > 0 ? 1 : 0, chpid);
1259    if (channel_subsys.max_cssid > 0) {
1260        css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 0, real_cssid << 8);
1261    }
1262    return 0;
1263}
1264
1265bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1266{
1267    SubchSet *set;
1268    uint8_t real_cssid;
1269
1270    real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1271    if (ssid > MAX_SSID ||
1272        !channel_subsys.css[real_cssid] ||
1273        !channel_subsys.css[real_cssid]->sch_set[ssid]) {
1274        return true;
1275    }
1276    set = channel_subsys.css[real_cssid]->sch_set[ssid];
1277    return schid > find_last_bit(set->schids_used,
1278                                 (MAX_SCHID + 1) / sizeof(unsigned long));
1279}
1280
1281static int css_add_virtual_chpid(uint8_t cssid, uint8_t chpid, uint8_t type)
1282{
1283    CssImage *css;
1284
1285    trace_css_chpid_add(cssid, chpid, type);
1286    css = channel_subsys.css[cssid];
1287    if (!css) {
1288        return -EINVAL;
1289    }
1290    if (css->chpids[chpid].in_use) {
1291        return -EEXIST;
1292    }
1293    css->chpids[chpid].in_use = 1;
1294    css->chpids[chpid].type = type;
1295    css->chpids[chpid].is_virtual = 1;
1296
1297    css_generate_chp_crws(cssid, chpid);
1298
1299    return 0;
1300}
1301
1302void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type)
1303{
1304    PMCW *p = &sch->curr_status.pmcw;
1305    SCSW *s = &sch->curr_status.scsw;
1306    int i;
1307    CssImage *css = channel_subsys.css[sch->cssid];
1308
1309    assert(css != NULL);
1310    memset(p, 0, sizeof(PMCW));
1311    p->flags |= PMCW_FLAGS_MASK_DNV;
1312    p->devno = sch->devno;
1313    /* single path */
1314    p->pim = 0x80;
1315    p->pom = 0xff;
1316    p->pam = 0x80;
1317    p->chpid[0] = chpid;
1318    if (!css->chpids[chpid].in_use) {
1319        css_add_virtual_chpid(sch->cssid, chpid, type);
1320    }
1321
1322    memset(s, 0, sizeof(SCSW));
1323    sch->curr_status.mba = 0;
1324    for (i = 0; i < ARRAY_SIZE(sch->curr_status.mda); i++) {
1325        sch->curr_status.mda[i] = 0;
1326    }
1327}
1328
1329SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1330{
1331    uint8_t real_cssid;
1332
1333    real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1334
1335    if (!channel_subsys.css[real_cssid]) {
1336        return NULL;
1337    }
1338
1339    if (!channel_subsys.css[real_cssid]->sch_set[ssid]) {
1340        return NULL;
1341    }
1342
1343    return channel_subsys.css[real_cssid]->sch_set[ssid]->sch[schid];
1344}
1345
1346/**
1347 * Return free device number in subchannel set.
1348 *
1349 * Return index of the first free device number in the subchannel set
1350 * identified by @p cssid and @p ssid, beginning the search at @p
1351 * start and wrapping around at MAX_DEVNO. Return a value exceeding
1352 * MAX_SCHID if there are no free device numbers in the subchannel
1353 * set.
1354 */
1355static uint32_t css_find_free_devno(uint8_t cssid, uint8_t ssid,
1356                                    uint16_t start)
1357{
1358    uint32_t round;
1359
1360    for (round = 0; round <= MAX_DEVNO; round++) {
1361        uint16_t devno = (start + round) % MAX_DEVNO;
1362
1363        if (!css_devno_used(cssid, ssid, devno)) {
1364            return devno;
1365        }
1366    }
1367    return MAX_DEVNO + 1;
1368}
1369
1370/**
1371 * Return first free subchannel (id) in subchannel set.
1372 *
1373 * Return index of the first free subchannel in the subchannel set
1374 * identified by @p cssid and @p ssid, if there is any. Return a value
1375 * exceeding MAX_SCHID if there are no free subchannels in the
1376 * subchannel set.
1377 */
1378static uint32_t css_find_free_subch(uint8_t cssid, uint8_t ssid)
1379{
1380    uint32_t schid;
1381
1382    for (schid = 0; schid <= MAX_SCHID; schid++) {
1383        if (!css_find_subch(1, cssid, ssid, schid)) {
1384            return schid;
1385        }
1386    }
1387    return MAX_SCHID + 1;
1388}
1389
1390/**
1391 * Return first free subchannel (id) in subchannel set for a device number
1392 *
1393 * Verify the device number @p devno is not used yet in the subchannel
1394 * set identified by @p cssid and @p ssid. Set @p schid to the index
1395 * of the first free subchannel in the subchannel set, if there is
1396 * any. Return true if everything succeeded and false otherwise.
1397 */
1398static bool css_find_free_subch_for_devno(uint8_t cssid, uint8_t ssid,
1399                                          uint16_t devno, uint16_t *schid,
1400                                          Error **errp)
1401{
1402    uint32_t free_schid;
1403
1404    assert(schid);
1405    if (css_devno_used(cssid, ssid, devno)) {
1406        error_setg(errp, "Device %x.%x.%04x already exists",
1407                   cssid, ssid, devno);
1408        return false;
1409    }
1410    free_schid = css_find_free_subch(cssid, ssid);
1411    if (free_schid > MAX_SCHID) {
1412        error_setg(errp, "No free subchannel found for %x.%x.%04x",
1413                   cssid, ssid, devno);
1414        return false;
1415    }
1416    *schid = free_schid;
1417    return true;
1418}
1419
1420/**
1421 * Return first free subchannel (id) and device number
1422 *
1423 * Locate the first free subchannel and first free device number in
1424 * any of the subchannel sets of the channel subsystem identified by
1425 * @p cssid. Return false if no free subchannel / device number could
1426 * be found. Otherwise set @p ssid, @p devno and @p schid to identify
1427 * the available subchannel and device number and return true.
1428 *
1429 * May modify @p ssid, @p devno and / or @p schid even if no free
1430 * subchannel / device number could be found.
1431 */
1432static bool css_find_free_subch_and_devno(uint8_t cssid, uint8_t *ssid,
1433                                          uint16_t *devno, uint16_t *schid,
1434                                          Error **errp)
1435{
1436    uint32_t free_schid, free_devno;
1437
1438    assert(ssid && devno && schid);
1439    for (*ssid = 0; *ssid <= MAX_SSID; (*ssid)++) {
1440        free_schid = css_find_free_subch(cssid, *ssid);
1441        if (free_schid > MAX_SCHID) {
1442            continue;
1443        }
1444        free_devno = css_find_free_devno(cssid, *ssid, free_schid);
1445        if (free_devno > MAX_DEVNO) {
1446            continue;
1447        }
1448        *schid = free_schid;
1449        *devno = free_devno;
1450        return true;
1451    }
1452    error_setg(errp, "Virtual channel subsystem is full!");
1453    return false;
1454}
1455
1456bool css_subch_visible(SubchDev *sch)
1457{
1458    if (sch->ssid > channel_subsys.max_ssid) {
1459        return false;
1460    }
1461
1462    if (sch->cssid != channel_subsys.default_cssid) {
1463        return (channel_subsys.max_cssid > 0);
1464    }
1465
1466    return true;
1467}
1468
1469bool css_present(uint8_t cssid)
1470{
1471    return (channel_subsys.css[cssid] != NULL);
1472}
1473
1474bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno)
1475{
1476    if (!channel_subsys.css[cssid]) {
1477        return false;
1478    }
1479    if (!channel_subsys.css[cssid]->sch_set[ssid]) {
1480        return false;
1481    }
1482
1483    return !!test_bit(devno,
1484                      channel_subsys.css[cssid]->sch_set[ssid]->devnos_used);
1485}
1486
1487void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
1488                      uint16_t devno, SubchDev *sch)
1489{
1490    CssImage *css;
1491    SubchSet *s_set;
1492
1493    trace_css_assign_subch(sch ? "assign" : "deassign", cssid, ssid, schid,
1494                           devno);
1495    if (!channel_subsys.css[cssid]) {
1496        fprintf(stderr,
1497                "Suspicious call to %s (%x.%x.%04x) for non-existing css!\n",
1498                __func__, cssid, ssid, schid);
1499        return;
1500    }
1501    css = channel_subsys.css[cssid];
1502
1503    if (!css->sch_set[ssid]) {
1504        css->sch_set[ssid] = g_malloc0(sizeof(SubchSet));
1505    }
1506    s_set = css->sch_set[ssid];
1507
1508    s_set->sch[schid] = sch;
1509    if (sch) {
1510        set_bit(schid, s_set->schids_used);
1511        set_bit(devno, s_set->devnos_used);
1512    } else {
1513        clear_bit(schid, s_set->schids_used);
1514        clear_bit(devno, s_set->devnos_used);
1515    }
1516}
1517
1518void css_queue_crw(uint8_t rsc, uint8_t erc, int chain, uint16_t rsid)
1519{
1520    CrwContainer *crw_cont;
1521
1522    trace_css_crw(rsc, erc, rsid, chain ? "(chained)" : "");
1523    /* TODO: Maybe use a static crw pool? */
1524    crw_cont = g_try_malloc0(sizeof(CrwContainer));
1525    if (!crw_cont) {
1526        channel_subsys.crws_lost = true;
1527        return;
1528    }
1529    crw_cont->crw.flags = (rsc << 8) | erc;
1530    if (chain) {
1531        crw_cont->crw.flags |= CRW_FLAGS_MASK_C;
1532    }
1533    crw_cont->crw.rsid = rsid;
1534    if (channel_subsys.crws_lost) {
1535        crw_cont->crw.flags |= CRW_FLAGS_MASK_R;
1536        channel_subsys.crws_lost = false;
1537    }
1538
1539    QTAILQ_INSERT_TAIL(&channel_subsys.pending_crws, crw_cont, sibling);
1540
1541    if (channel_subsys.do_crw_mchk) {
1542        channel_subsys.do_crw_mchk = false;
1543        /* Inject crw pending machine check. */
1544        s390_crw_mchk();
1545    }
1546}
1547
1548void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
1549                           int hotplugged, int add)
1550{
1551    uint8_t guest_cssid;
1552    bool chain_crw;
1553
1554    if (add && !hotplugged) {
1555        return;
1556    }
1557    if (channel_subsys.max_cssid == 0) {
1558        /* Default cssid shows up as 0. */
1559        guest_cssid = (cssid == channel_subsys.default_cssid) ? 0 : cssid;
1560    } else {
1561        /* Show real cssid to the guest. */
1562        guest_cssid = cssid;
1563    }
1564    /*
1565     * Only notify for higher subchannel sets/channel subsystems if the
1566     * guest has enabled it.
1567     */
1568    if ((ssid > channel_subsys.max_ssid) ||
1569        (guest_cssid > channel_subsys.max_cssid) ||
1570        ((channel_subsys.max_cssid == 0) &&
1571         (cssid != channel_subsys.default_cssid))) {
1572        return;
1573    }
1574    chain_crw = (channel_subsys.max_ssid > 0) ||
1575            (channel_subsys.max_cssid > 0);
1576    css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, chain_crw ? 1 : 0, schid);
1577    if (chain_crw) {
1578        css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0,
1579                      (guest_cssid << 8) | (ssid << 4));
1580    }
1581    /* RW_ERC_IPI --> clear pending interrupts */
1582    css_clear_io_interrupt(css_do_build_subchannel_id(cssid, ssid), schid);
1583}
1584
1585void css_generate_chp_crws(uint8_t cssid, uint8_t chpid)
1586{
1587    /* TODO */
1588}
1589
1590void css_generate_css_crws(uint8_t cssid)
1591{
1592    if (!channel_subsys.sei_pending) {
1593        css_queue_crw(CRW_RSC_CSS, 0, 0, cssid);
1594    }
1595    channel_subsys.sei_pending = true;
1596}
1597
1598void css_clear_sei_pending(void)
1599{
1600    channel_subsys.sei_pending = false;
1601}
1602
1603int css_enable_mcsse(void)
1604{
1605    trace_css_enable_facility("mcsse");
1606    channel_subsys.max_cssid = MAX_CSSID;
1607    return 0;
1608}
1609
1610int css_enable_mss(void)
1611{
1612    trace_css_enable_facility("mss");
1613    channel_subsys.max_ssid = MAX_SSID;
1614    return 0;
1615}
1616
1617void subch_device_save(SubchDev *s, QEMUFile *f)
1618{
1619    int i;
1620
1621    qemu_put_byte(f, s->cssid);
1622    qemu_put_byte(f, s->ssid);
1623    qemu_put_be16(f, s->schid);
1624    qemu_put_be16(f, s->devno);
1625    qemu_put_byte(f, s->thinint_active);
1626    /* SCHIB */
1627    /*     PMCW */
1628    qemu_put_be32(f, s->curr_status.pmcw.intparm);
1629    qemu_put_be16(f, s->curr_status.pmcw.flags);
1630    qemu_put_be16(f, s->curr_status.pmcw.devno);
1631    qemu_put_byte(f, s->curr_status.pmcw.lpm);
1632    qemu_put_byte(f, s->curr_status.pmcw.pnom);
1633    qemu_put_byte(f, s->curr_status.pmcw.lpum);
1634    qemu_put_byte(f, s->curr_status.pmcw.pim);
1635    qemu_put_be16(f, s->curr_status.pmcw.mbi);
1636    qemu_put_byte(f, s->curr_status.pmcw.pom);
1637    qemu_put_byte(f, s->curr_status.pmcw.pam);
1638    qemu_put_buffer(f, s->curr_status.pmcw.chpid, 8);
1639    qemu_put_be32(f, s->curr_status.pmcw.chars);
1640    /*     SCSW */
1641    qemu_put_be16(f, s->curr_status.scsw.flags);
1642    qemu_put_be16(f, s->curr_status.scsw.ctrl);
1643    qemu_put_be32(f, s->curr_status.scsw.cpa);
1644    qemu_put_byte(f, s->curr_status.scsw.dstat);
1645    qemu_put_byte(f, s->curr_status.scsw.cstat);
1646    qemu_put_be16(f, s->curr_status.scsw.count);
1647    qemu_put_be64(f, s->curr_status.mba);
1648    qemu_put_buffer(f, s->curr_status.mda, 4);
1649    /* end SCHIB */
1650    qemu_put_buffer(f, s->sense_data, 32);
1651    qemu_put_be64(f, s->channel_prog);
1652    /* last cmd */
1653    qemu_put_byte(f, s->last_cmd.cmd_code);
1654    qemu_put_byte(f, s->last_cmd.flags);
1655    qemu_put_be16(f, s->last_cmd.count);
1656    qemu_put_be32(f, s->last_cmd.cda);
1657    qemu_put_byte(f, s->last_cmd_valid);
1658    qemu_put_byte(f, s->id.reserved);
1659    qemu_put_be16(f, s->id.cu_type);
1660    qemu_put_byte(f, s->id.cu_model);
1661    qemu_put_be16(f, s->id.dev_type);
1662    qemu_put_byte(f, s->id.dev_model);
1663    qemu_put_byte(f, s->id.unused);
1664    for (i = 0; i < ARRAY_SIZE(s->id.ciw); i++) {
1665        qemu_put_byte(f, s->id.ciw[i].type);
1666        qemu_put_byte(f, s->id.ciw[i].command);
1667        qemu_put_be16(f, s->id.ciw[i].count);
1668    }
1669    qemu_put_byte(f, s->ccw_fmt_1);
1670    qemu_put_byte(f, s->ccw_no_data_cnt);
1671}
1672
1673int subch_device_load(SubchDev *s, QEMUFile *f)
1674{
1675    SubchDev *old_s;
1676    uint16_t old_schid = s->schid;
1677    int i;
1678
1679    s->cssid = qemu_get_byte(f);
1680    s->ssid = qemu_get_byte(f);
1681    s->schid = qemu_get_be16(f);
1682    s->devno = qemu_get_be16(f);
1683    /* Re-assign subch. */
1684    if (old_schid != s->schid) {
1685        old_s = channel_subsys.css[s->cssid]->sch_set[s->ssid]->sch[old_schid];
1686        /*
1687         * (old_s != s) means that some other device has its correct
1688         * subchannel already assigned (in load).
1689         */
1690        if (old_s == s) {
1691            css_subch_assign(s->cssid, s->ssid, old_schid, s->devno, NULL);
1692        }
1693        /* It's OK to re-assign without a prior de-assign. */
1694        css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, s);
1695    }
1696    s->thinint_active = qemu_get_byte(f);
1697    /* SCHIB */
1698    /*     PMCW */
1699    s->curr_status.pmcw.intparm = qemu_get_be32(f);
1700    s->curr_status.pmcw.flags = qemu_get_be16(f);
1701    s->curr_status.pmcw.devno = qemu_get_be16(f);
1702    s->curr_status.pmcw.lpm = qemu_get_byte(f);
1703    s->curr_status.pmcw.pnom  = qemu_get_byte(f);
1704    s->curr_status.pmcw.lpum = qemu_get_byte(f);
1705    s->curr_status.pmcw.pim = qemu_get_byte(f);
1706    s->curr_status.pmcw.mbi = qemu_get_be16(f);
1707    s->curr_status.pmcw.pom = qemu_get_byte(f);
1708    s->curr_status.pmcw.pam = qemu_get_byte(f);
1709    qemu_get_buffer(f, s->curr_status.pmcw.chpid, 8);
1710    s->curr_status.pmcw.chars = qemu_get_be32(f);
1711    /*     SCSW */
1712    s->curr_status.scsw.flags = qemu_get_be16(f);
1713    s->curr_status.scsw.ctrl = qemu_get_be16(f);
1714    s->curr_status.scsw.cpa = qemu_get_be32(f);
1715    s->curr_status.scsw.dstat = qemu_get_byte(f);
1716    s->curr_status.scsw.cstat = qemu_get_byte(f);
1717    s->curr_status.scsw.count = qemu_get_be16(f);
1718    s->curr_status.mba = qemu_get_be64(f);
1719    qemu_get_buffer(f, s->curr_status.mda, 4);
1720    /* end SCHIB */
1721    qemu_get_buffer(f, s->sense_data, 32);
1722    s->channel_prog = qemu_get_be64(f);
1723    /* last cmd */
1724    s->last_cmd.cmd_code = qemu_get_byte(f);
1725    s->last_cmd.flags = qemu_get_byte(f);
1726    s->last_cmd.count = qemu_get_be16(f);
1727    s->last_cmd.cda = qemu_get_be32(f);
1728    s->last_cmd_valid = qemu_get_byte(f);
1729    s->id.reserved = qemu_get_byte(f);
1730    s->id.cu_type = qemu_get_be16(f);
1731    s->id.cu_model = qemu_get_byte(f);
1732    s->id.dev_type = qemu_get_be16(f);
1733    s->id.dev_model = qemu_get_byte(f);
1734    s->id.unused = qemu_get_byte(f);
1735    for (i = 0; i < ARRAY_SIZE(s->id.ciw); i++) {
1736        s->id.ciw[i].type = qemu_get_byte(f);
1737        s->id.ciw[i].command = qemu_get_byte(f);
1738        s->id.ciw[i].count = qemu_get_be16(f);
1739    }
1740    s->ccw_fmt_1 = qemu_get_byte(f);
1741    s->ccw_no_data_cnt = qemu_get_byte(f);
1742    /*
1743     * Hack alert. We don't migrate the channel subsystem status (no
1744     * device!), but we need to find out if the guest enabled mss/mcss-e.
1745     * If the subchannel is enabled, it certainly was able to access it,
1746     * so adjust the max_ssid/max_cssid values for relevant ssid/cssid
1747     * values. This is not watertight, but better than nothing.
1748     */
1749    if (s->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA) {
1750        if (s->ssid) {
1751            channel_subsys.max_ssid = MAX_SSID;
1752        }
1753        if (s->cssid != channel_subsys.default_cssid) {
1754            channel_subsys.max_cssid = MAX_CSSID;
1755        }
1756    }
1757    return 0;
1758}
1759
1760void css_reset_sch(SubchDev *sch)
1761{
1762    PMCW *p = &sch->curr_status.pmcw;
1763
1764    if ((p->flags & PMCW_FLAGS_MASK_ENA) != 0 && sch->disable_cb) {
1765        sch->disable_cb(sch);
1766    }
1767
1768    p->intparm = 0;
1769    p->flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1770                  PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1771                  PMCW_FLAGS_MASK_MP | PMCW_FLAGS_MASK_TF);
1772    p->flags |= PMCW_FLAGS_MASK_DNV;
1773    p->devno = sch->devno;
1774    p->pim = 0x80;
1775    p->lpm = p->pim;
1776    p->pnom = 0;
1777    p->lpum = 0;
1778    p->mbi = 0;
1779    p->pom = 0xff;
1780    p->pam = 0x80;
1781    p->chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_XMWME |
1782                  PMCW_CHARS_MASK_CSENSE);
1783
1784    memset(&sch->curr_status.scsw, 0, sizeof(sch->curr_status.scsw));
1785    sch->curr_status.mba = 0;
1786
1787    sch->channel_prog = 0x0;
1788    sch->last_cmd_valid = false;
1789    sch->thinint_active = false;
1790}
1791
1792void css_reset(void)
1793{
1794    CrwContainer *crw_cont;
1795
1796    /* Clean up monitoring. */
1797    channel_subsys.chnmon_active = false;
1798    channel_subsys.chnmon_area = 0;
1799
1800    /* Clear pending CRWs. */
1801    while ((crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws))) {
1802        QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
1803        g_free(crw_cont);
1804    }
1805    channel_subsys.sei_pending = false;
1806    channel_subsys.do_crw_mchk = true;
1807    channel_subsys.crws_lost = false;
1808
1809    /* Reset maximum ids. */
1810    channel_subsys.max_cssid = 0;
1811    channel_subsys.max_ssid = 0;
1812}
1813
1814static void get_css_devid(Object *obj, Visitor *v, const char *name,
1815                          void *opaque, Error **errp)
1816{
1817    DeviceState *dev = DEVICE(obj);
1818    Property *prop = opaque;
1819    CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
1820    char buffer[] = "xx.x.xxxx";
1821    char *p = buffer;
1822    int r;
1823
1824    if (dev_id->valid) {
1825
1826        r = snprintf(buffer, sizeof(buffer), "%02x.%1x.%04x", dev_id->cssid,
1827                     dev_id->ssid, dev_id->devid);
1828        assert(r == sizeof(buffer) - 1);
1829
1830        /* drop leading zero */
1831        if (dev_id->cssid <= 0xf) {
1832            p++;
1833        }
1834    } else {
1835        snprintf(buffer, sizeof(buffer), "<unset>");
1836    }
1837
1838    visit_type_str(v, name, &p, errp);
1839}
1840
1841/*
1842 * parse <cssid>.<ssid>.<devid> and assert valid range for cssid/ssid
1843 */
1844static void set_css_devid(Object *obj, Visitor *v, const char *name,
1845                          void *opaque, Error **errp)
1846{
1847    DeviceState *dev = DEVICE(obj);
1848    Property *prop = opaque;
1849    CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
1850    Error *local_err = NULL;
1851    char *str;
1852    int num, n1, n2;
1853    unsigned int cssid, ssid, devid;
1854
1855    if (dev->realized) {
1856        qdev_prop_set_after_realize(dev, name, errp);
1857        return;
1858    }
1859
1860    visit_type_str(v, name, &str, &local_err);
1861    if (local_err) {
1862        error_propagate(errp, local_err);
1863        return;
1864    }
1865
1866    num = sscanf(str, "%2x.%1x%n.%4x%n", &cssid, &ssid, &n1, &devid, &n2);
1867    if (num != 3 || (n2 - n1) != 5 || strlen(str) != n2) {
1868        error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
1869        goto out;
1870    }
1871    if ((cssid > MAX_CSSID) || (ssid > MAX_SSID)) {
1872        error_setg(errp, "Invalid cssid or ssid: cssid %x, ssid %x",
1873                   cssid, ssid);
1874        goto out;
1875    }
1876
1877    dev_id->cssid = cssid;
1878    dev_id->ssid = ssid;
1879    dev_id->devid = devid;
1880    dev_id->valid = true;
1881
1882out:
1883    g_free(str);
1884}
1885
1886PropertyInfo css_devid_propinfo = {
1887    .name = "str",
1888    .description = "Identifier of an I/O device in the channel "
1889                   "subsystem, example: fe.1.23ab",
1890    .get = get_css_devid,
1891    .set = set_css_devid,
1892};
1893
1894SubchDev *css_create_virtual_sch(CssDevId bus_id, Error **errp)
1895{
1896    uint16_t schid = 0;
1897    SubchDev *sch;
1898
1899    if (bus_id.valid) {
1900        /* Enforce use of virtual cssid. */
1901        if (bus_id.cssid != VIRTUAL_CSSID) {
1902            error_setg(errp, "cssid %hhx not valid for virtual devices",
1903                       bus_id.cssid);
1904            return NULL;
1905        }
1906        if (!css_find_free_subch_for_devno(bus_id.cssid, bus_id.ssid,
1907                                           bus_id.devid, &schid, errp)) {
1908            return NULL;
1909        }
1910    } else {
1911        bus_id.cssid = VIRTUAL_CSSID;
1912        if (!css_find_free_subch_and_devno(bus_id.cssid, &bus_id.ssid,
1913                                           &bus_id.devid, &schid, errp)) {
1914            return NULL;
1915        }
1916    }
1917
1918    sch = g_malloc0(sizeof(*sch));
1919    sch->cssid = bus_id.cssid;
1920    sch->ssid = bus_id.ssid;
1921    sch->devno = bus_id.devid;
1922    sch->schid = schid;
1923    css_subch_assign(sch->cssid, sch->ssid, schid, sch->devno, sch);
1924    return sch;
1925}
1926