qemu/hw/s390x/css.c
<<
>>
Prefs
   1/*
   2 * Channel subsystem base support.
   3 *
   4 * Copyright 2012 IBM Corp.
   5 * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
   6 *
   7 * This work is licensed under the terms of the GNU GPL, version 2 or (at
   8 * your option) any later version. See the COPYING file in the top-level
   9 * directory.
  10 */
  11
  12#include "qemu/osdep.h"
  13#include "qapi/error.h"
  14#include "qapi/visitor.h"
  15#include "qemu/bitops.h"
  16#include "qemu/error-report.h"
  17#include "exec/address-spaces.h"
  18#include "cpu.h"
  19#include "hw/s390x/ioinst.h"
  20#include "hw/qdev-properties.h"
  21#include "hw/s390x/css.h"
  22#include "trace.h"
  23#include "hw/s390x/s390_flic.h"
  24#include "hw/s390x/s390-virtio-ccw.h"
  25#include "hw/s390x/s390-ccw.h"
  26
  27typedef struct CrwContainer {
  28    CRW crw;
  29    QTAILQ_ENTRY(CrwContainer) sibling;
  30} CrwContainer;
  31
  32static const VMStateDescription vmstate_crw = {
  33    .name = "s390_crw",
  34    .version_id = 1,
  35    .minimum_version_id = 1,
  36    .fields = (VMStateField[]) {
  37        VMSTATE_UINT16(flags, CRW),
  38        VMSTATE_UINT16(rsid, CRW),
  39        VMSTATE_END_OF_LIST()
  40    },
  41};
  42
  43static const VMStateDescription vmstate_crw_container = {
  44    .name = "s390_crw_container",
  45    .version_id = 1,
  46    .minimum_version_id = 1,
  47    .fields = (VMStateField[]) {
  48        VMSTATE_STRUCT(crw, CrwContainer, 0, vmstate_crw, CRW),
  49        VMSTATE_END_OF_LIST()
  50    },
  51};
  52
  53typedef struct ChpInfo {
  54    uint8_t in_use;
  55    uint8_t type;
  56    uint8_t is_virtual;
  57} ChpInfo;
  58
  59static const VMStateDescription vmstate_chp_info = {
  60    .name = "s390_chp_info",
  61    .version_id = 1,
  62    .minimum_version_id = 1,
  63    .fields = (VMStateField[]) {
  64        VMSTATE_UINT8(in_use, ChpInfo),
  65        VMSTATE_UINT8(type, ChpInfo),
  66        VMSTATE_UINT8(is_virtual, ChpInfo),
  67        VMSTATE_END_OF_LIST()
  68    }
  69};
  70
  71typedef struct SubchSet {
  72    SubchDev *sch[MAX_SCHID + 1];
  73    unsigned long schids_used[BITS_TO_LONGS(MAX_SCHID + 1)];
  74    unsigned long devnos_used[BITS_TO_LONGS(MAX_SCHID + 1)];
  75} SubchSet;
  76
  77static const VMStateDescription vmstate_scsw = {
  78    .name = "s390_scsw",
  79    .version_id = 1,
  80    .minimum_version_id = 1,
  81    .fields = (VMStateField[]) {
  82        VMSTATE_UINT16(flags, SCSW),
  83        VMSTATE_UINT16(ctrl, SCSW),
  84        VMSTATE_UINT32(cpa, SCSW),
  85        VMSTATE_UINT8(dstat, SCSW),
  86        VMSTATE_UINT8(cstat, SCSW),
  87        VMSTATE_UINT16(count, SCSW),
  88        VMSTATE_END_OF_LIST()
  89    }
  90};
  91
  92static const VMStateDescription vmstate_pmcw = {
  93    .name = "s390_pmcw",
  94    .version_id = 1,
  95    .minimum_version_id = 1,
  96    .fields = (VMStateField[]) {
  97        VMSTATE_UINT32(intparm, PMCW),
  98        VMSTATE_UINT16(flags, PMCW),
  99        VMSTATE_UINT16(devno, PMCW),
 100        VMSTATE_UINT8(lpm, PMCW),
 101        VMSTATE_UINT8(pnom, PMCW),
 102        VMSTATE_UINT8(lpum, PMCW),
 103        VMSTATE_UINT8(pim, PMCW),
 104        VMSTATE_UINT16(mbi, PMCW),
 105        VMSTATE_UINT8(pom, PMCW),
 106        VMSTATE_UINT8(pam, PMCW),
 107        VMSTATE_UINT8_ARRAY(chpid, PMCW, 8),
 108        VMSTATE_UINT32(chars, PMCW),
 109        VMSTATE_END_OF_LIST()
 110    }
 111};
 112
 113static const VMStateDescription vmstate_schib = {
 114    .name = "s390_schib",
 115    .version_id = 1,
 116    .minimum_version_id = 1,
 117    .fields = (VMStateField[]) {
 118        VMSTATE_STRUCT(pmcw, SCHIB, 0, vmstate_pmcw, PMCW),
 119        VMSTATE_STRUCT(scsw, SCHIB, 0, vmstate_scsw, SCSW),
 120        VMSTATE_UINT64(mba, SCHIB),
 121        VMSTATE_UINT8_ARRAY(mda, SCHIB, 4),
 122        VMSTATE_END_OF_LIST()
 123    }
 124};
 125
 126
 127static const VMStateDescription vmstate_ccw1 = {
 128    .name = "s390_ccw1",
 129    .version_id = 1,
 130    .minimum_version_id = 1,
 131    .fields = (VMStateField[]) {
 132        VMSTATE_UINT8(cmd_code, CCW1),
 133        VMSTATE_UINT8(flags, CCW1),
 134        VMSTATE_UINT16(count, CCW1),
 135        VMSTATE_UINT32(cda, CCW1),
 136        VMSTATE_END_OF_LIST()
 137    }
 138};
 139
 140static const VMStateDescription vmstate_ciw = {
 141    .name = "s390_ciw",
 142    .version_id = 1,
 143    .minimum_version_id = 1,
 144    .fields = (VMStateField[]) {
 145        VMSTATE_UINT8(type, CIW),
 146        VMSTATE_UINT8(command, CIW),
 147        VMSTATE_UINT16(count, CIW),
 148        VMSTATE_END_OF_LIST()
 149    }
 150};
 151
 152static const VMStateDescription vmstate_sense_id = {
 153    .name = "s390_sense_id",
 154    .version_id = 1,
 155    .minimum_version_id = 1,
 156    .fields = (VMStateField[]) {
 157        VMSTATE_UINT8(reserved, SenseId),
 158        VMSTATE_UINT16(cu_type, SenseId),
 159        VMSTATE_UINT8(cu_model, SenseId),
 160        VMSTATE_UINT16(dev_type, SenseId),
 161        VMSTATE_UINT8(dev_model, SenseId),
 162        VMSTATE_UINT8(unused, SenseId),
 163        VMSTATE_STRUCT_ARRAY(ciw, SenseId, MAX_CIWS, 0, vmstate_ciw, CIW),
 164        VMSTATE_END_OF_LIST()
 165    }
 166};
 167
 168static const VMStateDescription vmstate_orb = {
 169    .name = "s390_orb",
 170    .version_id = 1,
 171    .minimum_version_id = 1,
 172    .fields = (VMStateField[]) {
 173        VMSTATE_UINT32(intparm, ORB),
 174        VMSTATE_UINT16(ctrl0, ORB),
 175        VMSTATE_UINT8(lpm, ORB),
 176        VMSTATE_UINT8(ctrl1, ORB),
 177        VMSTATE_UINT32(cpa, ORB),
 178        VMSTATE_END_OF_LIST()
 179    }
 180};
 181
 182static bool vmstate_schdev_orb_needed(void *opaque)
 183{
 184    return css_migration_enabled();
 185}
 186
 187static const VMStateDescription vmstate_schdev_orb = {
 188    .name = "s390_subch_dev/orb",
 189    .version_id = 1,
 190    .minimum_version_id = 1,
 191    .needed = vmstate_schdev_orb_needed,
 192    .fields = (VMStateField[]) {
 193        VMSTATE_STRUCT(orb, SubchDev, 1, vmstate_orb, ORB),
 194        VMSTATE_END_OF_LIST()
 195    }
 196};
 197
 198static int subch_dev_post_load(void *opaque, int version_id);
 199static int subch_dev_pre_save(void *opaque);
 200
 201const char err_hint_devno[] = "Devno mismatch, tried to load wrong section!"
 202    " Likely reason: some sequences of plug and unplug  can break"
 203    " migration for machine versions prior to  2.7 (known design flaw).";
 204
 205const VMStateDescription vmstate_subch_dev = {
 206    .name = "s390_subch_dev",
 207    .version_id = 1,
 208    .minimum_version_id = 1,
 209    .post_load = subch_dev_post_load,
 210    .pre_save = subch_dev_pre_save,
 211    .fields = (VMStateField[]) {
 212        VMSTATE_UINT8_EQUAL(cssid, SubchDev, "Bug!"),
 213        VMSTATE_UINT8_EQUAL(ssid, SubchDev, "Bug!"),
 214        VMSTATE_UINT16(migrated_schid, SubchDev),
 215        VMSTATE_UINT16_EQUAL(devno, SubchDev, err_hint_devno),
 216        VMSTATE_BOOL(thinint_active, SubchDev),
 217        VMSTATE_STRUCT(curr_status, SubchDev, 0, vmstate_schib, SCHIB),
 218        VMSTATE_UINT8_ARRAY(sense_data, SubchDev, 32),
 219        VMSTATE_UINT64(channel_prog, SubchDev),
 220        VMSTATE_STRUCT(last_cmd, SubchDev, 0, vmstate_ccw1, CCW1),
 221        VMSTATE_BOOL(last_cmd_valid, SubchDev),
 222        VMSTATE_STRUCT(id, SubchDev, 0, vmstate_sense_id, SenseId),
 223        VMSTATE_BOOL(ccw_fmt_1, SubchDev),
 224        VMSTATE_UINT8(ccw_no_data_cnt, SubchDev),
 225        VMSTATE_END_OF_LIST()
 226    },
 227    .subsections = (const VMStateDescription * []) {
 228        &vmstate_schdev_orb,
 229        NULL
 230    }
 231};
 232
 233typedef struct IndAddrPtrTmp {
 234    IndAddr **parent;
 235    uint64_t addr;
 236    int32_t len;
 237} IndAddrPtrTmp;
 238
 239static int post_load_ind_addr(void *opaque, int version_id)
 240{
 241    IndAddrPtrTmp *ptmp = opaque;
 242    IndAddr **ind_addr = ptmp->parent;
 243
 244    if (ptmp->len != 0) {
 245        *ind_addr = get_indicator(ptmp->addr, ptmp->len);
 246    } else {
 247        *ind_addr = NULL;
 248    }
 249    return 0;
 250}
 251
 252static int pre_save_ind_addr(void *opaque)
 253{
 254    IndAddrPtrTmp *ptmp = opaque;
 255    IndAddr *ind_addr = *(ptmp->parent);
 256
 257    if (ind_addr != NULL) {
 258        ptmp->len = ind_addr->len;
 259        ptmp->addr = ind_addr->addr;
 260    } else {
 261        ptmp->len = 0;
 262        ptmp->addr = 0L;
 263    }
 264
 265    return 0;
 266}
 267
 268const VMStateDescription vmstate_ind_addr_tmp = {
 269    .name = "s390_ind_addr_tmp",
 270    .pre_save = pre_save_ind_addr,
 271    .post_load = post_load_ind_addr,
 272
 273    .fields = (VMStateField[]) {
 274        VMSTATE_INT32(len, IndAddrPtrTmp),
 275        VMSTATE_UINT64(addr, IndAddrPtrTmp),
 276        VMSTATE_END_OF_LIST()
 277    }
 278};
 279
 280const VMStateDescription vmstate_ind_addr = {
 281    .name = "s390_ind_addr_tmp",
 282    .fields = (VMStateField[]) {
 283        VMSTATE_WITH_TMP(IndAddr*, IndAddrPtrTmp, vmstate_ind_addr_tmp),
 284        VMSTATE_END_OF_LIST()
 285    }
 286};
 287
 288typedef struct CssImage {
 289    SubchSet *sch_set[MAX_SSID + 1];
 290    ChpInfo chpids[MAX_CHPID + 1];
 291} CssImage;
 292
 293static const VMStateDescription vmstate_css_img = {
 294    .name = "s390_css_img",
 295    .version_id = 1,
 296    .minimum_version_id = 1,
 297    .fields = (VMStateField[]) {
 298        /* Subchannel sets have no relevant state. */
 299        VMSTATE_STRUCT_ARRAY(chpids, CssImage, MAX_CHPID + 1, 0,
 300                             vmstate_chp_info, ChpInfo),
 301        VMSTATE_END_OF_LIST()
 302    }
 303
 304};
 305
 306typedef struct IoAdapter {
 307    uint32_t id;
 308    uint8_t type;
 309    uint8_t isc;
 310    uint8_t flags;
 311} IoAdapter;
 312
 313typedef struct ChannelSubSys {
 314    QTAILQ_HEAD(, CrwContainer) pending_crws;
 315    bool sei_pending;
 316    bool do_crw_mchk;
 317    bool crws_lost;
 318    uint8_t max_cssid;
 319    uint8_t max_ssid;
 320    bool chnmon_active;
 321    uint64_t chnmon_area;
 322    CssImage *css[MAX_CSSID + 1];
 323    uint8_t default_cssid;
 324    /* don't migrate, see css_register_io_adapters */
 325    IoAdapter *io_adapters[CSS_IO_ADAPTER_TYPE_NUMS][MAX_ISC + 1];
 326    /* don't migrate, see get_indicator and IndAddrPtrTmp */
 327    QTAILQ_HEAD(, IndAddr) indicator_addresses;
 328} ChannelSubSys;
 329
 330static const VMStateDescription vmstate_css = {
 331    .name = "s390_css",
 332    .version_id = 1,
 333    .minimum_version_id = 1,
 334    .fields = (VMStateField[]) {
 335        VMSTATE_QTAILQ_V(pending_crws, ChannelSubSys, 1, vmstate_crw_container,
 336                         CrwContainer, sibling),
 337        VMSTATE_BOOL(sei_pending, ChannelSubSys),
 338        VMSTATE_BOOL(do_crw_mchk, ChannelSubSys),
 339        VMSTATE_BOOL(crws_lost, ChannelSubSys),
 340        /* These were kind of migrated by virtio */
 341        VMSTATE_UINT8(max_cssid, ChannelSubSys),
 342        VMSTATE_UINT8(max_ssid, ChannelSubSys),
 343        VMSTATE_BOOL(chnmon_active, ChannelSubSys),
 344        VMSTATE_UINT64(chnmon_area, ChannelSubSys),
 345        VMSTATE_ARRAY_OF_POINTER_TO_STRUCT(css, ChannelSubSys, MAX_CSSID + 1,
 346                0, vmstate_css_img, CssImage),
 347        VMSTATE_UINT8(default_cssid, ChannelSubSys),
 348        VMSTATE_END_OF_LIST()
 349    }
 350};
 351
 352static ChannelSubSys channel_subsys = {
 353    .pending_crws = QTAILQ_HEAD_INITIALIZER(channel_subsys.pending_crws),
 354    .do_crw_mchk = true,
 355    .sei_pending = false,
 356    .do_crw_mchk = true,
 357    .crws_lost = false,
 358    .chnmon_active = false,
 359    .indicator_addresses =
 360        QTAILQ_HEAD_INITIALIZER(channel_subsys.indicator_addresses),
 361};
 362
 363static int subch_dev_pre_save(void *opaque)
 364{
 365    SubchDev *s = opaque;
 366
 367    /* Prepare remote_schid for save */
 368    s->migrated_schid = s->schid;
 369
 370    return 0;
 371}
 372
 373static int subch_dev_post_load(void *opaque, int version_id)
 374{
 375
 376    SubchDev *s = opaque;
 377
 378    /* Re-assign the subchannel to remote_schid if necessary */
 379    if (s->migrated_schid != s->schid) {
 380        if (css_find_subch(true, s->cssid, s->ssid, s->schid) == s) {
 381            /*
 382             * Cleanup the slot before moving to s->migrated_schid provided
 383             * it still belongs to us, i.e. it was not changed by previous
 384             * invocation of this function.
 385             */
 386            css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, NULL);
 387        }
 388        /* It's OK to re-assign without a prior de-assign. */
 389        s->schid = s->migrated_schid;
 390        css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, s);
 391    }
 392
 393    if (css_migration_enabled()) {
 394        /* No compat voodoo to do ;) */
 395        return 0;
 396    }
 397    /*
 398     * Hack alert. If we don't migrate the channel subsystem status
 399     * we still need to find out if the guest enabled mss/mcss-e.
 400     * If the subchannel is enabled, it certainly was able to access it,
 401     * so adjust the max_ssid/max_cssid values for relevant ssid/cssid
 402     * values. This is not watertight, but better than nothing.
 403     */
 404    if (s->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA) {
 405        if (s->ssid) {
 406            channel_subsys.max_ssid = MAX_SSID;
 407        }
 408        if (s->cssid != channel_subsys.default_cssid) {
 409            channel_subsys.max_cssid = MAX_CSSID;
 410        }
 411    }
 412    return 0;
 413}
 414
 415void css_register_vmstate(void)
 416{
 417    vmstate_register(NULL, 0, &vmstate_css, &channel_subsys);
 418}
 419
 420IndAddr *get_indicator(hwaddr ind_addr, int len)
 421{
 422    IndAddr *indicator;
 423
 424    QTAILQ_FOREACH(indicator, &channel_subsys.indicator_addresses, sibling) {
 425        if (indicator->addr == ind_addr) {
 426            indicator->refcnt++;
 427            return indicator;
 428        }
 429    }
 430    indicator = g_new0(IndAddr, 1);
 431    indicator->addr = ind_addr;
 432    indicator->len = len;
 433    indicator->refcnt = 1;
 434    QTAILQ_INSERT_TAIL(&channel_subsys.indicator_addresses,
 435                       indicator, sibling);
 436    return indicator;
 437}
 438
 439static int s390_io_adapter_map(AdapterInfo *adapter, uint64_t map_addr,
 440                               bool do_map)
 441{
 442    S390FLICState *fs = s390_get_flic();
 443    S390FLICStateClass *fsc = s390_get_flic_class(fs);
 444
 445    return fsc->io_adapter_map(fs, adapter->adapter_id, map_addr, do_map);
 446}
 447
 448void release_indicator(AdapterInfo *adapter, IndAddr *indicator)
 449{
 450    assert(indicator->refcnt > 0);
 451    indicator->refcnt--;
 452    if (indicator->refcnt > 0) {
 453        return;
 454    }
 455    QTAILQ_REMOVE(&channel_subsys.indicator_addresses, indicator, sibling);
 456    if (indicator->map) {
 457        s390_io_adapter_map(adapter, indicator->map, false);
 458    }
 459    g_free(indicator);
 460}
 461
 462int map_indicator(AdapterInfo *adapter, IndAddr *indicator)
 463{
 464    int ret;
 465
 466    if (indicator->map) {
 467        return 0; /* already mapped is not an error */
 468    }
 469    indicator->map = indicator->addr;
 470    ret = s390_io_adapter_map(adapter, indicator->map, true);
 471    if ((ret != 0) && (ret != -ENOSYS)) {
 472        goto out_err;
 473    }
 474    return 0;
 475
 476out_err:
 477    indicator->map = 0;
 478    return ret;
 479}
 480
 481int css_create_css_image(uint8_t cssid, bool default_image)
 482{
 483    trace_css_new_image(cssid, default_image ? "(default)" : "");
 484    /* 255 is reserved */
 485    if (cssid == 255) {
 486        return -EINVAL;
 487    }
 488    if (channel_subsys.css[cssid]) {
 489        return -EBUSY;
 490    }
 491    channel_subsys.css[cssid] = g_new0(CssImage, 1);
 492    if (default_image) {
 493        channel_subsys.default_cssid = cssid;
 494    }
 495    return 0;
 496}
 497
 498uint32_t css_get_adapter_id(CssIoAdapterType type, uint8_t isc)
 499{
 500    if (type >= CSS_IO_ADAPTER_TYPE_NUMS || isc > MAX_ISC ||
 501        !channel_subsys.io_adapters[type][isc]) {
 502        return -1;
 503    }
 504
 505    return channel_subsys.io_adapters[type][isc]->id;
 506}
 507
 508/**
 509 * css_register_io_adapters: Register I/O adapters per ISC during init
 510 *
 511 * @swap: an indication if byte swap is needed.
 512 * @maskable: an indication if the adapter is subject to the mask operation.
 513 * @flags: further characteristics of the adapter.
 514 *         e.g. suppressible, an indication if the adapter is subject to AIS.
 515 * @errp: location to store error information.
 516 */
 517void css_register_io_adapters(CssIoAdapterType type, bool swap, bool maskable,
 518                              uint8_t flags, Error **errp)
 519{
 520    uint32_t id;
 521    int ret, isc;
 522    IoAdapter *adapter;
 523    S390FLICState *fs = s390_get_flic();
 524    S390FLICStateClass *fsc = s390_get_flic_class(fs);
 525
 526    /*
 527     * Disallow multiple registrations for the same device type.
 528     * Report an error if registering for an already registered type.
 529     */
 530    if (channel_subsys.io_adapters[type][0]) {
 531        error_setg(errp, "Adapters for type %d already registered", type);
 532    }
 533
 534    for (isc = 0; isc <= MAX_ISC; isc++) {
 535        id = (type << 3) | isc;
 536        ret = fsc->register_io_adapter(fs, id, isc, swap, maskable, flags);
 537        if (ret == 0) {
 538            adapter = g_new0(IoAdapter, 1);
 539            adapter->id = id;
 540            adapter->isc = isc;
 541            adapter->type = type;
 542            adapter->flags = flags;
 543            channel_subsys.io_adapters[type][isc] = adapter;
 544        } else {
 545            error_setg_errno(errp, -ret, "Unexpected error %d when "
 546                             "registering adapter %d", ret, id);
 547            break;
 548        }
 549    }
 550
 551    /*
 552     * No need to free registered adapters in kvm: kvm will clean up
 553     * when the machine goes away.
 554     */
 555    if (ret) {
 556        for (isc--; isc >= 0; isc--) {
 557            g_free(channel_subsys.io_adapters[type][isc]);
 558            channel_subsys.io_adapters[type][isc] = NULL;
 559        }
 560    }
 561
 562}
 563
 564static void css_clear_io_interrupt(uint16_t subchannel_id,
 565                                   uint16_t subchannel_nr)
 566{
 567    Error *err = NULL;
 568    static bool no_clear_irq;
 569    S390FLICState *fs = s390_get_flic();
 570    S390FLICStateClass *fsc = s390_get_flic_class(fs);
 571    int r;
 572
 573    if (unlikely(no_clear_irq)) {
 574        return;
 575    }
 576    r = fsc->clear_io_irq(fs, subchannel_id, subchannel_nr);
 577    switch (r) {
 578    case 0:
 579        break;
 580    case -ENOSYS:
 581        no_clear_irq = true;
 582        /*
 583        * Ignore unavailability, as the user can't do anything
 584        * about it anyway.
 585        */
 586        break;
 587    default:
 588        error_setg_errno(&err, -r, "unexpected error condition");
 589        error_propagate(&error_abort, err);
 590    }
 591}
 592
 593static inline uint16_t css_do_build_subchannel_id(uint8_t cssid, uint8_t ssid)
 594{
 595    if (channel_subsys.max_cssid > 0) {
 596        return (cssid << 8) | (1 << 3) | (ssid << 1) | 1;
 597    }
 598    return (ssid << 1) | 1;
 599}
 600
 601uint16_t css_build_subchannel_id(SubchDev *sch)
 602{
 603    return css_do_build_subchannel_id(sch->cssid, sch->ssid);
 604}
 605
 606void css_inject_io_interrupt(SubchDev *sch)
 607{
 608    uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
 609
 610    trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
 611                           sch->curr_status.pmcw.intparm, isc, "");
 612    s390_io_interrupt(css_build_subchannel_id(sch),
 613                      sch->schid,
 614                      sch->curr_status.pmcw.intparm,
 615                      isc << 27);
 616}
 617
 618void css_conditional_io_interrupt(SubchDev *sch)
 619{
 620    /*
 621     * If the subchannel is not enabled, it is not made status pending
 622     * (see PoP p. 16-17, "Status Control").
 623     */
 624    if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA)) {
 625        return;
 626    }
 627
 628    /*
 629     * If the subchannel is not currently status pending, make it pending
 630     * with alert status.
 631     */
 632    if (!(sch->curr_status.scsw.ctrl & SCSW_STCTL_STATUS_PEND)) {
 633        uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
 634
 635        trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
 636                               sch->curr_status.pmcw.intparm, isc,
 637                               "(unsolicited)");
 638        sch->curr_status.scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
 639        sch->curr_status.scsw.ctrl |=
 640            SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
 641        /* Inject an I/O interrupt. */
 642        s390_io_interrupt(css_build_subchannel_id(sch),
 643                          sch->schid,
 644                          sch->curr_status.pmcw.intparm,
 645                          isc << 27);
 646    }
 647}
 648
 649int css_do_sic(CPUS390XState *env, uint8_t isc, uint16_t mode)
 650{
 651    S390FLICState *fs = s390_get_flic();
 652    S390FLICStateClass *fsc = s390_get_flic_class(fs);
 653    int r;
 654
 655    if (env->psw.mask & PSW_MASK_PSTATE) {
 656        r = -PGM_PRIVILEGED;
 657        goto out;
 658    }
 659
 660    trace_css_do_sic(mode, isc);
 661    switch (mode) {
 662    case SIC_IRQ_MODE_ALL:
 663    case SIC_IRQ_MODE_SINGLE:
 664        break;
 665    default:
 666        r = -PGM_OPERAND;
 667        goto out;
 668    }
 669
 670    r = fsc->modify_ais_mode(fs, isc, mode) ? -PGM_OPERATION : 0;
 671out:
 672    return r;
 673}
 674
 675void css_adapter_interrupt(CssIoAdapterType type, uint8_t isc)
 676{
 677    S390FLICState *fs = s390_get_flic();
 678    S390FLICStateClass *fsc = s390_get_flic_class(fs);
 679    uint32_t io_int_word = (isc << 27) | IO_INT_WORD_AI;
 680    IoAdapter *adapter = channel_subsys.io_adapters[type][isc];
 681
 682    if (!adapter) {
 683        return;
 684    }
 685
 686    trace_css_adapter_interrupt(isc);
 687    if (fs->ais_supported) {
 688        if (fsc->inject_airq(fs, type, isc, adapter->flags)) {
 689            error_report("Failed to inject airq with AIS supported");
 690            exit(1);
 691        }
 692    } else {
 693        s390_io_interrupt(0, 0, 0, io_int_word);
 694    }
 695}
 696
 697static void sch_handle_clear_func(SubchDev *sch)
 698{
 699    SCHIB *schib = &sch->curr_status;
 700    int path;
 701
 702    /* Path management: In our simple css, we always choose the only path. */
 703    path = 0x80;
 704
 705    /* Reset values prior to 'issuing the clear signal'. */
 706    schib->pmcw.lpum = 0;
 707    schib->pmcw.pom = 0xff;
 708    schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
 709
 710    /* We always 'attempt to issue the clear signal', and we always succeed. */
 711    sch->channel_prog = 0x0;
 712    sch->last_cmd_valid = false;
 713    schib->scsw.ctrl &= ~SCSW_ACTL_CLEAR_PEND;
 714    schib->scsw.ctrl |= SCSW_STCTL_STATUS_PEND;
 715
 716    schib->scsw.dstat = 0;
 717    schib->scsw.cstat = 0;
 718    schib->pmcw.lpum = path;
 719
 720}
 721
 722static void sch_handle_halt_func(SubchDev *sch)
 723{
 724    SCHIB *schib = &sch->curr_status;
 725    hwaddr curr_ccw = sch->channel_prog;
 726    int path;
 727
 728    /* Path management: In our simple css, we always choose the only path. */
 729    path = 0x80;
 730
 731    /* We always 'attempt to issue the halt signal', and we always succeed. */
 732    sch->channel_prog = 0x0;
 733    sch->last_cmd_valid = false;
 734    schib->scsw.ctrl &= ~SCSW_ACTL_HALT_PEND;
 735    schib->scsw.ctrl |= SCSW_STCTL_STATUS_PEND;
 736
 737    if ((schib->scsw.ctrl & (SCSW_ACTL_SUBCH_ACTIVE |
 738                             SCSW_ACTL_DEVICE_ACTIVE)) ||
 739        !((schib->scsw.ctrl & SCSW_ACTL_START_PEND) ||
 740          (schib->scsw.ctrl & SCSW_ACTL_SUSP))) {
 741        schib->scsw.dstat = SCSW_DSTAT_DEVICE_END;
 742    }
 743    if ((schib->scsw.ctrl & (SCSW_ACTL_SUBCH_ACTIVE |
 744                             SCSW_ACTL_DEVICE_ACTIVE)) ||
 745        (schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
 746        schib->scsw.cpa = curr_ccw + 8;
 747    }
 748    schib->scsw.cstat = 0;
 749    schib->pmcw.lpum = path;
 750
 751}
 752
 753/*
 754 * As the SenseId struct cannot be packed (would cause unaligned accesses), we
 755 * have to copy the individual fields to an unstructured area using the correct
 756 * layout (see SA22-7204-01 "Common I/O-Device Commands").
 757 */
 758static void copy_sense_id_to_guest(uint8_t *dest, SenseId *src)
 759{
 760    int i;
 761
 762    dest[0] = src->reserved;
 763    stw_be_p(dest + 1, src->cu_type);
 764    dest[3] = src->cu_model;
 765    stw_be_p(dest + 4, src->dev_type);
 766    dest[6] = src->dev_model;
 767    dest[7] = src->unused;
 768    for (i = 0; i < ARRAY_SIZE(src->ciw); i++) {
 769        dest[8 + i * 4] = src->ciw[i].type;
 770        dest[9 + i * 4] = src->ciw[i].command;
 771        stw_be_p(dest + 10 + i * 4, src->ciw[i].count);
 772    }
 773}
 774
 775static CCW1 copy_ccw_from_guest(hwaddr addr, bool fmt1)
 776{
 777    CCW0 tmp0;
 778    CCW1 tmp1;
 779    CCW1 ret;
 780
 781    if (fmt1) {
 782        cpu_physical_memory_read(addr, &tmp1, sizeof(tmp1));
 783        ret.cmd_code = tmp1.cmd_code;
 784        ret.flags = tmp1.flags;
 785        ret.count = be16_to_cpu(tmp1.count);
 786        ret.cda = be32_to_cpu(tmp1.cda);
 787    } else {
 788        cpu_physical_memory_read(addr, &tmp0, sizeof(tmp0));
 789        if ((tmp0.cmd_code & 0x0f) == CCW_CMD_TIC) {
 790            ret.cmd_code = CCW_CMD_TIC;
 791            ret.flags = 0;
 792            ret.count = 0;
 793        } else {
 794            ret.cmd_code = tmp0.cmd_code;
 795            ret.flags = tmp0.flags;
 796            ret.count = be16_to_cpu(tmp0.count);
 797        }
 798        ret.cda = be16_to_cpu(tmp0.cda1) | (tmp0.cda0 << 16);
 799    }
 800    return ret;
 801}
 802/**
 803 * If out of bounds marks the stream broken. If broken returns -EINVAL,
 804 * otherwise the requested length (may be zero)
 805 */
 806static inline int cds_check_len(CcwDataStream *cds, int len)
 807{
 808    if (cds->at_byte + len > cds->count) {
 809        cds->flags |= CDS_F_STREAM_BROKEN;
 810    }
 811    return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
 812}
 813
 814static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
 815{
 816    return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
 817}
 818
 819static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
 820                                  CcwDataStreamOp op)
 821{
 822    int ret;
 823
 824    ret = cds_check_len(cds, len);
 825    if (ret <= 0) {
 826        return ret;
 827    }
 828    if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
 829        return -EINVAL; /* channel program check */
 830    }
 831    if (op == CDS_OP_A) {
 832        goto incr;
 833    }
 834    if (!cds->do_skip) {
 835        ret = address_space_rw(&address_space_memory, cds->cda,
 836                               MEMTXATTRS_UNSPECIFIED, buff, len, op);
 837    } else {
 838        ret = MEMTX_OK;
 839    }
 840    if (ret != MEMTX_OK) {
 841        cds->flags |= CDS_F_STREAM_BROKEN;
 842        return -EINVAL;
 843    }
 844incr:
 845    cds->at_byte += len;
 846    cds->cda += len;
 847    return 0;
 848}
 849
 850/* returns values between 1 and bsz, where bsz is a power of 2 */
 851static inline uint16_t ida_continuous_left(hwaddr cda, uint64_t bsz)
 852{
 853    return bsz - (cda & (bsz - 1));
 854}
 855
 856static inline uint64_t ccw_ida_block_size(uint8_t flags)
 857{
 858    if ((flags & CDS_F_C64) && !(flags & CDS_F_I2K)) {
 859        return 1ULL << 12;
 860    }
 861    return 1ULL << 11;
 862}
 863
 864static inline int ida_read_next_idaw(CcwDataStream *cds)
 865{
 866    union {uint64_t fmt2; uint32_t fmt1; } idaw;
 867    int ret;
 868    hwaddr idaw_addr;
 869    bool idaw_fmt2 = cds->flags & CDS_F_C64;
 870    bool ccw_fmt1 = cds->flags & CDS_F_FMT;
 871
 872    if (idaw_fmt2) {
 873        idaw_addr = cds->cda_orig + sizeof(idaw.fmt2) * cds->at_idaw;
 874        if (idaw_addr & 0x07 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
 875            return -EINVAL; /* channel program check */
 876        }
 877        ret = address_space_read(&address_space_memory, idaw_addr,
 878                                 MEMTXATTRS_UNSPECIFIED, &idaw.fmt2,
 879                                 sizeof(idaw.fmt2));
 880        cds->cda = be64_to_cpu(idaw.fmt2);
 881    } else {
 882        idaw_addr = cds->cda_orig + sizeof(idaw.fmt1) * cds->at_idaw;
 883        if (idaw_addr & 0x03 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
 884            return -EINVAL; /* channel program check */
 885        }
 886        ret = address_space_read(&address_space_memory, idaw_addr,
 887                                 MEMTXATTRS_UNSPECIFIED, &idaw.fmt1,
 888                                 sizeof(idaw.fmt1));
 889        cds->cda = be64_to_cpu(idaw.fmt1);
 890        if (cds->cda & 0x80000000) {
 891            return -EINVAL; /* channel program check */
 892        }
 893    }
 894    ++(cds->at_idaw);
 895    if (ret != MEMTX_OK) {
 896        /* assume inaccessible address */
 897        return -EINVAL; /* channel program check */
 898    }
 899    return 0;
 900}
 901
 902static int ccw_dstream_rw_ida(CcwDataStream *cds, void *buff, int len,
 903                              CcwDataStreamOp op)
 904{
 905    uint64_t bsz = ccw_ida_block_size(cds->flags);
 906    int ret = 0;
 907    uint16_t cont_left, iter_len;
 908
 909    ret = cds_check_len(cds, len);
 910    if (ret <= 0) {
 911        return ret;
 912    }
 913    if (!cds->at_idaw) {
 914        /* read first idaw */
 915        ret = ida_read_next_idaw(cds);
 916        if (ret) {
 917            goto err;
 918        }
 919        cont_left = ida_continuous_left(cds->cda, bsz);
 920    } else {
 921        cont_left = ida_continuous_left(cds->cda, bsz);
 922        if (cont_left == bsz) {
 923            ret = ida_read_next_idaw(cds);
 924            if (ret) {
 925                goto err;
 926            }
 927            if (cds->cda & (bsz - 1)) {
 928                ret = -EINVAL; /* channel program check */
 929                goto err;
 930            }
 931        }
 932    }
 933    do {
 934        iter_len = MIN(len, cont_left);
 935        if (op != CDS_OP_A) {
 936            if (!cds->do_skip) {
 937                ret = address_space_rw(&address_space_memory, cds->cda,
 938                                       MEMTXATTRS_UNSPECIFIED, buff, iter_len,
 939                                       op);
 940            } else {
 941                ret = MEMTX_OK;
 942            }
 943            if (ret != MEMTX_OK) {
 944                /* assume inaccessible address */
 945                ret = -EINVAL; /* channel program check */
 946                goto err;
 947            }
 948        }
 949        cds->at_byte += iter_len;
 950        cds->cda += iter_len;
 951        len -= iter_len;
 952        if (!len) {
 953            break;
 954        }
 955        ret = ida_read_next_idaw(cds);
 956        if (ret) {
 957            goto err;
 958        }
 959        cont_left = bsz;
 960    } while (true);
 961    return ret;
 962err:
 963    cds->flags |= CDS_F_STREAM_BROKEN;
 964    return ret;
 965}
 966
 967void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
 968{
 969    /*
 970     * We don't support MIDA (an optional facility) yet and we
 971     * catch this earlier. Just for expressing the precondition.
 972     */
 973    g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
 974    cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
 975                 (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
 976                 (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
 977                 (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
 978
 979    cds->count = ccw->count;
 980    cds->cda_orig = ccw->cda;
 981    /* skip is only effective for read, read backwards, or sense commands */
 982    cds->do_skip = (ccw->flags & CCW_FLAG_SKIP) &&
 983        ((ccw->cmd_code & 0x0f) == CCW_CMD_BASIC_SENSE ||
 984         (ccw->cmd_code & 0x03) == 0x02 /* read */ ||
 985         (ccw->cmd_code & 0x0f) == 0x0c /* read backwards */);
 986    ccw_dstream_rewind(cds);
 987    if (!(cds->flags & CDS_F_IDA)) {
 988        cds->op_handler = ccw_dstream_rw_noflags;
 989    } else {
 990        cds->op_handler = ccw_dstream_rw_ida;
 991    }
 992}
 993
 994static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
 995                             bool suspend_allowed)
 996{
 997    int ret;
 998    bool check_len;
 999    int len;
1000    CCW1 ccw;
1001
1002    if (!ccw_addr) {
1003        return -EINVAL; /* channel-program check */
1004    }
1005    /* Check doubleword aligned and 31 or 24 (fmt 0) bit addressable. */
1006    if (ccw_addr & (sch->ccw_fmt_1 ? 0x80000007 : 0xff000007)) {
1007        return -EINVAL;
1008    }
1009
1010    /* Translate everything to format-1 ccws - the information is the same. */
1011    ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1);
1012
1013    /* Check for invalid command codes. */
1014    if ((ccw.cmd_code & 0x0f) == 0) {
1015        return -EINVAL;
1016    }
1017    if (((ccw.cmd_code & 0x0f) == CCW_CMD_TIC) &&
1018        ((ccw.cmd_code & 0xf0) != 0)) {
1019        return -EINVAL;
1020    }
1021    if (!sch->ccw_fmt_1 && (ccw.count == 0) &&
1022        (ccw.cmd_code != CCW_CMD_TIC)) {
1023        return -EINVAL;
1024    }
1025
1026    /* We don't support MIDA. */
1027    if (ccw.flags & CCW_FLAG_MIDA) {
1028        return -EINVAL;
1029    }
1030
1031    if (ccw.flags & CCW_FLAG_SUSPEND) {
1032        return suspend_allowed ? -EINPROGRESS : -EINVAL;
1033    }
1034
1035    check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
1036
1037    if (!ccw.cda) {
1038        if (sch->ccw_no_data_cnt == 255) {
1039            return -EINVAL;
1040        }
1041        sch->ccw_no_data_cnt++;
1042    }
1043
1044    /* Look at the command. */
1045    ccw_dstream_init(&sch->cds, &ccw, &(sch->orb));
1046    switch (ccw.cmd_code) {
1047    case CCW_CMD_NOOP:
1048        /* Nothing to do. */
1049        ret = 0;
1050        break;
1051    case CCW_CMD_BASIC_SENSE:
1052        if (check_len) {
1053            if (ccw.count != sizeof(sch->sense_data)) {
1054                ret = -EINVAL;
1055                break;
1056            }
1057        }
1058        len = MIN(ccw.count, sizeof(sch->sense_data));
1059        ccw_dstream_write_buf(&sch->cds, sch->sense_data, len);
1060        sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1061        memset(sch->sense_data, 0, sizeof(sch->sense_data));
1062        ret = 0;
1063        break;
1064    case CCW_CMD_SENSE_ID:
1065    {
1066        /* According to SA22-7204-01, Sense-ID can store up to 256 bytes */
1067        uint8_t sense_id[256];
1068
1069        copy_sense_id_to_guest(sense_id, &sch->id);
1070        /* Sense ID information is device specific. */
1071        if (check_len) {
1072            if (ccw.count != sizeof(sense_id)) {
1073                ret = -EINVAL;
1074                break;
1075            }
1076        }
1077        len = MIN(ccw.count, sizeof(sense_id));
1078        /*
1079         * Only indicate 0xff in the first sense byte if we actually
1080         * have enough place to store at least bytes 0-3.
1081         */
1082        if (len >= 4) {
1083            sense_id[0] = 0xff;
1084        } else {
1085            sense_id[0] = 0;
1086        }
1087        ccw_dstream_write_buf(&sch->cds, sense_id, len);
1088        sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1089        ret = 0;
1090        break;
1091    }
1092    case CCW_CMD_TIC:
1093        if (sch->last_cmd_valid && (sch->last_cmd.cmd_code == CCW_CMD_TIC)) {
1094            ret = -EINVAL;
1095            break;
1096        }
1097        if (ccw.flags || ccw.count) {
1098            /* We have already sanitized these if converted from fmt 0. */
1099            ret = -EINVAL;
1100            break;
1101        }
1102        sch->channel_prog = ccw.cda;
1103        ret = -EAGAIN;
1104        break;
1105    default:
1106        if (sch->ccw_cb) {
1107            /* Handle device specific commands. */
1108            ret = sch->ccw_cb(sch, ccw);
1109        } else {
1110            ret = -ENOSYS;
1111        }
1112        break;
1113    }
1114    sch->last_cmd = ccw;
1115    sch->last_cmd_valid = true;
1116    if (ret == 0) {
1117        if (ccw.flags & CCW_FLAG_CC) {
1118            sch->channel_prog += 8;
1119            ret = -EAGAIN;
1120        }
1121    }
1122
1123    return ret;
1124}
1125
1126static void sch_handle_start_func_virtual(SubchDev *sch)
1127{
1128    SCHIB *schib = &sch->curr_status;
1129    int path;
1130    int ret;
1131    bool suspend_allowed;
1132
1133    /* Path management: In our simple css, we always choose the only path. */
1134    path = 0x80;
1135
1136    if (!(schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
1137        /* Start Function triggered via ssch, i.e. we have an ORB */
1138        ORB *orb = &sch->orb;
1139        schib->scsw.cstat = 0;
1140        schib->scsw.dstat = 0;
1141        /* Look at the orb and try to execute the channel program. */
1142        schib->pmcw.intparm = orb->intparm;
1143        if (!(orb->lpm & path)) {
1144            /* Generate a deferred cc 3 condition. */
1145            schib->scsw.flags |= SCSW_FLAGS_MASK_CC;
1146            schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1147            schib->scsw.ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
1148            return;
1149        }
1150        sch->ccw_fmt_1 = !!(orb->ctrl0 & ORB_CTRL0_MASK_FMT);
1151        schib->scsw.flags |= (sch->ccw_fmt_1) ? SCSW_FLAGS_MASK_FMT : 0;
1152        sch->ccw_no_data_cnt = 0;
1153        suspend_allowed = !!(orb->ctrl0 & ORB_CTRL0_MASK_SPND);
1154    } else {
1155        /* Start Function resumed via rsch */
1156        schib->scsw.ctrl &= ~(SCSW_ACTL_SUSP | SCSW_ACTL_RESUME_PEND);
1157        /* The channel program had been suspended before. */
1158        suspend_allowed = true;
1159    }
1160    sch->last_cmd_valid = false;
1161    do {
1162        ret = css_interpret_ccw(sch, sch->channel_prog, suspend_allowed);
1163        switch (ret) {
1164        case -EAGAIN:
1165            /* ccw chain, continue processing */
1166            break;
1167        case 0:
1168            /* success */
1169            schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1170            schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1171            schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1172                    SCSW_STCTL_STATUS_PEND;
1173            schib->scsw.dstat = SCSW_DSTAT_CHANNEL_END | SCSW_DSTAT_DEVICE_END;
1174            schib->scsw.cpa = sch->channel_prog + 8;
1175            break;
1176        case -EIO:
1177            /* I/O errors, status depends on specific devices */
1178            break;
1179        case -ENOSYS:
1180            /* unsupported command, generate unit check (command reject) */
1181            schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1182            schib->scsw.dstat = SCSW_DSTAT_UNIT_CHECK;
1183            /* Set sense bit 0 in ecw0. */
1184            sch->sense_data[0] = 0x80;
1185            schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1186            schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1187                    SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1188            schib->scsw.cpa = sch->channel_prog + 8;
1189            break;
1190        case -EINPROGRESS:
1191            /* channel program has been suspended */
1192            schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1193            schib->scsw.ctrl |= SCSW_ACTL_SUSP;
1194            break;
1195        default:
1196            /* error, generate channel program check */
1197            schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1198            schib->scsw.cstat = SCSW_CSTAT_PROG_CHECK;
1199            schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1200            schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1201                    SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1202            schib->scsw.cpa = sch->channel_prog + 8;
1203            break;
1204        }
1205    } while (ret == -EAGAIN);
1206
1207}
1208
1209static void sch_handle_halt_func_passthrough(SubchDev *sch)
1210{
1211    int ret;
1212
1213    ret = s390_ccw_halt(sch);
1214    if (ret == -ENOSYS) {
1215        sch_handle_halt_func(sch);
1216    }
1217}
1218
1219static void sch_handle_clear_func_passthrough(SubchDev *sch)
1220{
1221    int ret;
1222
1223    ret = s390_ccw_clear(sch);
1224    if (ret == -ENOSYS) {
1225        sch_handle_clear_func(sch);
1226    }
1227}
1228
1229static IOInstEnding sch_handle_start_func_passthrough(SubchDev *sch)
1230{
1231    SCHIB *schib = &sch->curr_status;
1232    ORB *orb = &sch->orb;
1233    if (!(schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
1234        assert(orb != NULL);
1235        schib->pmcw.intparm = orb->intparm;
1236    }
1237    return s390_ccw_cmd_request(sch);
1238}
1239
1240/*
1241 * On real machines, this would run asynchronously to the main vcpus.
1242 * We might want to make some parts of the ssch handling (interpreting
1243 * read/writes) asynchronous later on if we start supporting more than
1244 * our current very simple devices.
1245 */
1246IOInstEnding do_subchannel_work_virtual(SubchDev *sch)
1247{
1248    SCHIB *schib = &sch->curr_status;
1249
1250    if (schib->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
1251        sch_handle_clear_func(sch);
1252    } else if (schib->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
1253        sch_handle_halt_func(sch);
1254    } else if (schib->scsw.ctrl & SCSW_FCTL_START_FUNC) {
1255        /* Triggered by both ssch and rsch. */
1256        sch_handle_start_func_virtual(sch);
1257    }
1258    css_inject_io_interrupt(sch);
1259    /* inst must succeed if this func is called */
1260    return IOINST_CC_EXPECTED;
1261}
1262
1263IOInstEnding do_subchannel_work_passthrough(SubchDev *sch)
1264{
1265    SCHIB *schib = &sch->curr_status;
1266
1267    if (schib->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
1268        sch_handle_clear_func_passthrough(sch);
1269    } else if (schib->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
1270        sch_handle_halt_func_passthrough(sch);
1271    } else if (schib->scsw.ctrl & SCSW_FCTL_START_FUNC) {
1272        return sch_handle_start_func_passthrough(sch);
1273    }
1274    return IOINST_CC_EXPECTED;
1275}
1276
1277static IOInstEnding do_subchannel_work(SubchDev *sch)
1278{
1279    if (!sch->do_subchannel_work) {
1280        return IOINST_CC_STATUS_PRESENT;
1281    }
1282    g_assert(sch->curr_status.scsw.ctrl & SCSW_CTRL_MASK_FCTL);
1283    return sch->do_subchannel_work(sch);
1284}
1285
1286static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
1287{
1288    int i;
1289
1290    dest->intparm = cpu_to_be32(src->intparm);
1291    dest->flags = cpu_to_be16(src->flags);
1292    dest->devno = cpu_to_be16(src->devno);
1293    dest->lpm = src->lpm;
1294    dest->pnom = src->pnom;
1295    dest->lpum = src->lpum;
1296    dest->pim = src->pim;
1297    dest->mbi = cpu_to_be16(src->mbi);
1298    dest->pom = src->pom;
1299    dest->pam = src->pam;
1300    for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1301        dest->chpid[i] = src->chpid[i];
1302    }
1303    dest->chars = cpu_to_be32(src->chars);
1304}
1305
1306void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
1307{
1308    dest->flags = cpu_to_be16(src->flags);
1309    dest->ctrl = cpu_to_be16(src->ctrl);
1310    dest->cpa = cpu_to_be32(src->cpa);
1311    dest->dstat = src->dstat;
1312    dest->cstat = src->cstat;
1313    dest->count = cpu_to_be16(src->count);
1314}
1315
1316static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src)
1317{
1318    int i;
1319    /*
1320     * We copy the PMCW and SCSW in and out of local variables to
1321     * avoid taking the address of members of a packed struct.
1322     */
1323    PMCW src_pmcw, dest_pmcw;
1324    SCSW src_scsw, dest_scsw;
1325
1326    src_pmcw = src->pmcw;
1327    copy_pmcw_to_guest(&dest_pmcw, &src_pmcw);
1328    dest->pmcw = dest_pmcw;
1329    src_scsw = src->scsw;
1330    copy_scsw_to_guest(&dest_scsw, &src_scsw);
1331    dest->scsw = dest_scsw;
1332    dest->mba = cpu_to_be64(src->mba);
1333    for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1334        dest->mda[i] = src->mda[i];
1335    }
1336}
1337
1338int css_do_stsch(SubchDev *sch, SCHIB *schib)
1339{
1340    /* Use current status. */
1341    copy_schib_to_guest(schib, &sch->curr_status);
1342    return 0;
1343}
1344
1345static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
1346{
1347    int i;
1348
1349    dest->intparm = be32_to_cpu(src->intparm);
1350    dest->flags = be16_to_cpu(src->flags);
1351    dest->devno = be16_to_cpu(src->devno);
1352    dest->lpm = src->lpm;
1353    dest->pnom = src->pnom;
1354    dest->lpum = src->lpum;
1355    dest->pim = src->pim;
1356    dest->mbi = be16_to_cpu(src->mbi);
1357    dest->pom = src->pom;
1358    dest->pam = src->pam;
1359    for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1360        dest->chpid[i] = src->chpid[i];
1361    }
1362    dest->chars = be32_to_cpu(src->chars);
1363}
1364
1365static void copy_scsw_from_guest(SCSW *dest, const SCSW *src)
1366{
1367    dest->flags = be16_to_cpu(src->flags);
1368    dest->ctrl = be16_to_cpu(src->ctrl);
1369    dest->cpa = be32_to_cpu(src->cpa);
1370    dest->dstat = src->dstat;
1371    dest->cstat = src->cstat;
1372    dest->count = be16_to_cpu(src->count);
1373}
1374
1375static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src)
1376{
1377    int i;
1378    /*
1379     * We copy the PMCW and SCSW in and out of local variables to
1380     * avoid taking the address of members of a packed struct.
1381     */
1382    PMCW src_pmcw, dest_pmcw;
1383    SCSW src_scsw, dest_scsw;
1384
1385    src_pmcw = src->pmcw;
1386    copy_pmcw_from_guest(&dest_pmcw, &src_pmcw);
1387    dest->pmcw = dest_pmcw;
1388    src_scsw = src->scsw;
1389    copy_scsw_from_guest(&dest_scsw, &src_scsw);
1390    dest->scsw = dest_scsw;
1391    dest->mba = be64_to_cpu(src->mba);
1392    for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1393        dest->mda[i] = src->mda[i];
1394    }
1395}
1396
1397IOInstEnding css_do_msch(SubchDev *sch, const SCHIB *orig_schib)
1398{
1399    SCHIB *schib = &sch->curr_status;
1400    uint16_t oldflags;
1401    SCHIB schib_copy;
1402
1403    if (!(schib->pmcw.flags & PMCW_FLAGS_MASK_DNV)) {
1404        return IOINST_CC_EXPECTED;
1405    }
1406
1407    if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1408        return IOINST_CC_STATUS_PRESENT;
1409    }
1410
1411    if (schib->scsw.ctrl &
1412        (SCSW_FCTL_START_FUNC|SCSW_FCTL_HALT_FUNC|SCSW_FCTL_CLEAR_FUNC)) {
1413        return IOINST_CC_BUSY;
1414    }
1415
1416    copy_schib_from_guest(&schib_copy, orig_schib);
1417    /* Only update the program-modifiable fields. */
1418    schib->pmcw.intparm = schib_copy.pmcw.intparm;
1419    oldflags = schib->pmcw.flags;
1420    schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1421                  PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1422                  PMCW_FLAGS_MASK_MP);
1423    schib->pmcw.flags |= schib_copy.pmcw.flags &
1424            (PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1425             PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1426             PMCW_FLAGS_MASK_MP);
1427    schib->pmcw.lpm = schib_copy.pmcw.lpm;
1428    schib->pmcw.mbi = schib_copy.pmcw.mbi;
1429    schib->pmcw.pom = schib_copy.pmcw.pom;
1430    schib->pmcw.chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1431    schib->pmcw.chars |= schib_copy.pmcw.chars &
1432            (PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1433    schib->mba = schib_copy.mba;
1434
1435    /* Has the channel been disabled? */
1436    if (sch->disable_cb && (oldflags & PMCW_FLAGS_MASK_ENA) != 0
1437        && (schib->pmcw.flags & PMCW_FLAGS_MASK_ENA) == 0) {
1438        sch->disable_cb(sch);
1439    }
1440    return IOINST_CC_EXPECTED;
1441}
1442
1443IOInstEnding css_do_xsch(SubchDev *sch)
1444{
1445    SCHIB *schib = &sch->curr_status;
1446
1447    if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1448        return IOINST_CC_NOT_OPERATIONAL;
1449    }
1450
1451    if (schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) {
1452        return IOINST_CC_STATUS_PRESENT;
1453    }
1454
1455    if (!(schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) ||
1456        ((schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1457        (!(schib->scsw.ctrl &
1458           (SCSW_ACTL_RESUME_PEND | SCSW_ACTL_START_PEND | SCSW_ACTL_SUSP))) ||
1459        (schib->scsw.ctrl & SCSW_ACTL_SUBCH_ACTIVE)) {
1460        return IOINST_CC_BUSY;
1461    }
1462
1463    /* Cancel the current operation. */
1464    schib->scsw.ctrl &= ~(SCSW_FCTL_START_FUNC |
1465                 SCSW_ACTL_RESUME_PEND |
1466                 SCSW_ACTL_START_PEND |
1467                 SCSW_ACTL_SUSP);
1468    sch->channel_prog = 0x0;
1469    sch->last_cmd_valid = false;
1470    schib->scsw.dstat = 0;
1471    schib->scsw.cstat = 0;
1472    return IOINST_CC_EXPECTED;
1473}
1474
1475IOInstEnding css_do_csch(SubchDev *sch)
1476{
1477    SCHIB *schib = &sch->curr_status;
1478
1479    if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1480        return IOINST_CC_NOT_OPERATIONAL;
1481    }
1482
1483    /* Trigger the clear function. */
1484    schib->scsw.ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);
1485    schib->scsw.ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_ACTL_CLEAR_PEND;
1486
1487    return do_subchannel_work(sch);
1488}
1489
1490IOInstEnding css_do_hsch(SubchDev *sch)
1491{
1492    SCHIB *schib = &sch->curr_status;
1493
1494    if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1495        return IOINST_CC_NOT_OPERATIONAL;
1496    }
1497
1498    if (((schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_STATUS_PEND) ||
1499        (schib->scsw.ctrl & (SCSW_STCTL_PRIMARY |
1500                    SCSW_STCTL_SECONDARY |
1501                    SCSW_STCTL_ALERT))) {
1502        return IOINST_CC_STATUS_PRESENT;
1503    }
1504
1505    if (schib->scsw.ctrl & (SCSW_FCTL_HALT_FUNC | SCSW_FCTL_CLEAR_FUNC)) {
1506        return IOINST_CC_BUSY;
1507    }
1508
1509    /* Trigger the halt function. */
1510    schib->scsw.ctrl |= SCSW_FCTL_HALT_FUNC;
1511    schib->scsw.ctrl &= ~SCSW_FCTL_START_FUNC;
1512    if (((schib->scsw.ctrl & SCSW_CTRL_MASK_ACTL) ==
1513         (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) &&
1514        ((schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) ==
1515         SCSW_STCTL_INTERMEDIATE)) {
1516        schib->scsw.ctrl &= ~SCSW_STCTL_STATUS_PEND;
1517    }
1518    schib->scsw.ctrl |= SCSW_ACTL_HALT_PEND;
1519
1520    return do_subchannel_work(sch);
1521}
1522
1523static void css_update_chnmon(SubchDev *sch)
1524{
1525    if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_MME)) {
1526        /* Not active. */
1527        return;
1528    }
1529    /* The counter is conveniently located at the beginning of the struct. */
1530    if (sch->curr_status.pmcw.chars & PMCW_CHARS_MASK_MBFC) {
1531        /* Format 1, per-subchannel area. */
1532        uint32_t count;
1533
1534        count = address_space_ldl(&address_space_memory,
1535                                  sch->curr_status.mba,
1536                                  MEMTXATTRS_UNSPECIFIED,
1537                                  NULL);
1538        count++;
1539        address_space_stl(&address_space_memory, sch->curr_status.mba, count,
1540                          MEMTXATTRS_UNSPECIFIED, NULL);
1541    } else {
1542        /* Format 0, global area. */
1543        uint32_t offset;
1544        uint16_t count;
1545
1546        offset = sch->curr_status.pmcw.mbi << 5;
1547        count = address_space_lduw(&address_space_memory,
1548                                   channel_subsys.chnmon_area + offset,
1549                                   MEMTXATTRS_UNSPECIFIED,
1550                                   NULL);
1551        count++;
1552        address_space_stw(&address_space_memory,
1553                          channel_subsys.chnmon_area + offset, count,
1554                          MEMTXATTRS_UNSPECIFIED, NULL);
1555    }
1556}
1557
1558IOInstEnding css_do_ssch(SubchDev *sch, ORB *orb)
1559{
1560    SCHIB *schib = &sch->curr_status;
1561
1562    if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1563        return IOINST_CC_NOT_OPERATIONAL;
1564    }
1565
1566    if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1567        return IOINST_CC_STATUS_PRESENT;
1568    }
1569
1570    if (schib->scsw.ctrl & (SCSW_FCTL_START_FUNC |
1571                   SCSW_FCTL_HALT_FUNC |
1572                   SCSW_FCTL_CLEAR_FUNC)) {
1573        return IOINST_CC_BUSY;
1574    }
1575
1576    /* If monitoring is active, update counter. */
1577    if (channel_subsys.chnmon_active) {
1578        css_update_chnmon(sch);
1579    }
1580    sch->orb = *orb;
1581    sch->channel_prog = orb->cpa;
1582    /* Trigger the start function. */
1583    schib->scsw.ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
1584    schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1585
1586    return do_subchannel_work(sch);
1587}
1588
1589static void copy_irb_to_guest(IRB *dest, const IRB *src, const PMCW *pmcw,
1590                              int *irb_len)
1591{
1592    int i;
1593    uint16_t stctl = src->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1594    uint16_t actl = src->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1595
1596    copy_scsw_to_guest(&dest->scsw, &src->scsw);
1597
1598    for (i = 0; i < ARRAY_SIZE(dest->esw); i++) {
1599        dest->esw[i] = cpu_to_be32(src->esw[i]);
1600    }
1601    for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) {
1602        dest->ecw[i] = cpu_to_be32(src->ecw[i]);
1603    }
1604    *irb_len = sizeof(*dest) - sizeof(dest->emw);
1605
1606    /* extended measurements enabled? */
1607    if ((src->scsw.flags & SCSW_FLAGS_MASK_ESWF) ||
1608        !(pmcw->flags & PMCW_FLAGS_MASK_TF) ||
1609        !(pmcw->chars & PMCW_CHARS_MASK_XMWME)) {
1610        return;
1611    }
1612    /* extended measurements pending? */
1613    if (!(stctl & SCSW_STCTL_STATUS_PEND)) {
1614        return;
1615    }
1616    if ((stctl & SCSW_STCTL_PRIMARY) ||
1617        (stctl == SCSW_STCTL_SECONDARY) ||
1618        ((stctl & SCSW_STCTL_INTERMEDIATE) && (actl & SCSW_ACTL_SUSP))) {
1619        for (i = 0; i < ARRAY_SIZE(dest->emw); i++) {
1620            dest->emw[i] = cpu_to_be32(src->emw[i]);
1621        }
1622    }
1623    *irb_len = sizeof(*dest);
1624}
1625
1626int css_do_tsch_get_irb(SubchDev *sch, IRB *target_irb, int *irb_len)
1627{
1628    SCHIB *schib = &sch->curr_status;
1629    PMCW p;
1630    uint16_t stctl;
1631    IRB irb;
1632
1633    if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1634        return 3;
1635    }
1636
1637    stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1638
1639    /* Prepare the irb for the guest. */
1640    memset(&irb, 0, sizeof(IRB));
1641
1642    /* Copy scsw from current status. */
1643    irb.scsw = schib->scsw;
1644    if (stctl & SCSW_STCTL_STATUS_PEND) {
1645        if (schib->scsw.cstat & (SCSW_CSTAT_DATA_CHECK |
1646                        SCSW_CSTAT_CHN_CTRL_CHK |
1647                        SCSW_CSTAT_INTF_CTRL_CHK)) {
1648            irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF;
1649            irb.esw[0] = 0x04804000;
1650        } else {
1651            irb.esw[0] = 0x00800000;
1652        }
1653        /* If a unit check is pending, copy sense data. */
1654        if ((schib->scsw.dstat & SCSW_DSTAT_UNIT_CHECK) &&
1655            (schib->pmcw.chars & PMCW_CHARS_MASK_CSENSE)) {
1656            int i;
1657
1658            irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
1659            /* Attention: sense_data is already BE! */
1660            memcpy(irb.ecw, sch->sense_data, sizeof(sch->sense_data));
1661            for (i = 0; i < ARRAY_SIZE(irb.ecw); i++) {
1662                irb.ecw[i] = be32_to_cpu(irb.ecw[i]);
1663            }
1664            irb.esw[1] = 0x01000000 | (sizeof(sch->sense_data) << 8);
1665        }
1666    }
1667    /* Store the irb to the guest. */
1668    p = schib->pmcw;
1669    copy_irb_to_guest(target_irb, &irb, &p, irb_len);
1670
1671    return ((stctl & SCSW_STCTL_STATUS_PEND) == 0);
1672}
1673
1674void css_do_tsch_update_subch(SubchDev *sch)
1675{
1676    SCHIB *schib = &sch->curr_status;
1677    uint16_t stctl;
1678    uint16_t fctl;
1679    uint16_t actl;
1680
1681    stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1682    fctl = schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL;
1683    actl = schib->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1684
1685    /* Clear conditions on subchannel, if applicable. */
1686    if (stctl & SCSW_STCTL_STATUS_PEND) {
1687        schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1688        if ((stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) ||
1689            ((fctl & SCSW_FCTL_HALT_FUNC) &&
1690             (actl & SCSW_ACTL_SUSP))) {
1691            schib->scsw.ctrl &= ~SCSW_CTRL_MASK_FCTL;
1692        }
1693        if (stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) {
1694            schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1695            schib->scsw.ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1696                         SCSW_ACTL_START_PEND |
1697                         SCSW_ACTL_HALT_PEND |
1698                         SCSW_ACTL_CLEAR_PEND |
1699                         SCSW_ACTL_SUSP);
1700        } else {
1701            if ((actl & SCSW_ACTL_SUSP) &&
1702                (fctl & SCSW_FCTL_START_FUNC)) {
1703                schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1704                if (fctl & SCSW_FCTL_HALT_FUNC) {
1705                    schib->scsw.ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1706                                 SCSW_ACTL_START_PEND |
1707                                 SCSW_ACTL_HALT_PEND |
1708                                 SCSW_ACTL_CLEAR_PEND |
1709                                 SCSW_ACTL_SUSP);
1710                } else {
1711                    schib->scsw.ctrl &= ~SCSW_ACTL_RESUME_PEND;
1712                }
1713            }
1714        }
1715        /* Clear pending sense data. */
1716        if (schib->pmcw.chars & PMCW_CHARS_MASK_CSENSE) {
1717            memset(sch->sense_data, 0 , sizeof(sch->sense_data));
1718        }
1719    }
1720}
1721
1722static void copy_crw_to_guest(CRW *dest, const CRW *src)
1723{
1724    dest->flags = cpu_to_be16(src->flags);
1725    dest->rsid = cpu_to_be16(src->rsid);
1726}
1727
1728int css_do_stcrw(CRW *crw)
1729{
1730    CrwContainer *crw_cont;
1731    int ret;
1732
1733    crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws);
1734    if (crw_cont) {
1735        QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
1736        copy_crw_to_guest(crw, &crw_cont->crw);
1737        g_free(crw_cont);
1738        ret = 0;
1739    } else {
1740        /* List was empty, turn crw machine checks on again. */
1741        memset(crw, 0, sizeof(*crw));
1742        channel_subsys.do_crw_mchk = true;
1743        ret = 1;
1744    }
1745
1746    return ret;
1747}
1748
1749static void copy_crw_from_guest(CRW *dest, const CRW *src)
1750{
1751    dest->flags = be16_to_cpu(src->flags);
1752    dest->rsid = be16_to_cpu(src->rsid);
1753}
1754
1755void css_undo_stcrw(CRW *crw)
1756{
1757    CrwContainer *crw_cont;
1758
1759    crw_cont = g_try_new0(CrwContainer, 1);
1760    if (!crw_cont) {
1761        channel_subsys.crws_lost = true;
1762        return;
1763    }
1764    copy_crw_from_guest(&crw_cont->crw, crw);
1765
1766    QTAILQ_INSERT_HEAD(&channel_subsys.pending_crws, crw_cont, sibling);
1767}
1768
1769int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t l_chpid,
1770                         int rfmt, void *buf)
1771{
1772    int i, desc_size;
1773    uint32_t words[8];
1774    uint32_t chpid_type_word;
1775    CssImage *css;
1776
1777    if (!m && !cssid) {
1778        css = channel_subsys.css[channel_subsys.default_cssid];
1779    } else {
1780        css = channel_subsys.css[cssid];
1781    }
1782    if (!css) {
1783        return 0;
1784    }
1785    desc_size = 0;
1786    for (i = f_chpid; i <= l_chpid; i++) {
1787        if (css->chpids[i].in_use) {
1788            chpid_type_word = 0x80000000 | (css->chpids[i].type << 8) | i;
1789            if (rfmt == 0) {
1790                words[0] = cpu_to_be32(chpid_type_word);
1791                words[1] = 0;
1792                memcpy(buf + desc_size, words, 8);
1793                desc_size += 8;
1794            } else if (rfmt == 1) {
1795                words[0] = cpu_to_be32(chpid_type_word);
1796                words[1] = 0;
1797                words[2] = 0;
1798                words[3] = 0;
1799                words[4] = 0;
1800                words[5] = 0;
1801                words[6] = 0;
1802                words[7] = 0;
1803                memcpy(buf + desc_size, words, 32);
1804                desc_size += 32;
1805            }
1806        }
1807    }
1808    return desc_size;
1809}
1810
1811void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo)
1812{
1813    /* dct is currently ignored (not really meaningful for our devices) */
1814    /* TODO: Don't ignore mbk. */
1815    if (update && !channel_subsys.chnmon_active) {
1816        /* Enable measuring. */
1817        channel_subsys.chnmon_area = mbo;
1818        channel_subsys.chnmon_active = true;
1819    }
1820    if (!update && channel_subsys.chnmon_active) {
1821        /* Disable measuring. */
1822        channel_subsys.chnmon_area = 0;
1823        channel_subsys.chnmon_active = false;
1824    }
1825}
1826
1827IOInstEnding css_do_rsch(SubchDev *sch)
1828{
1829    SCHIB *schib = &sch->curr_status;
1830
1831    if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1832        return IOINST_CC_NOT_OPERATIONAL;
1833    }
1834
1835    if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1836        return IOINST_CC_STATUS_PRESENT;
1837    }
1838
1839    if (((schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1840        (schib->scsw.ctrl & SCSW_ACTL_RESUME_PEND) ||
1841        (!(schib->scsw.ctrl & SCSW_ACTL_SUSP))) {
1842        return IOINST_CC_BUSY;
1843    }
1844
1845    /* If monitoring is active, update counter. */
1846    if (channel_subsys.chnmon_active) {
1847        css_update_chnmon(sch);
1848    }
1849
1850    schib->scsw.ctrl |= SCSW_ACTL_RESUME_PEND;
1851    return do_subchannel_work(sch);
1852}
1853
1854int css_do_rchp(uint8_t cssid, uint8_t chpid)
1855{
1856    uint8_t real_cssid;
1857
1858    if (cssid > channel_subsys.max_cssid) {
1859        return -EINVAL;
1860    }
1861    if (channel_subsys.max_cssid == 0) {
1862        real_cssid = channel_subsys.default_cssid;
1863    } else {
1864        real_cssid = cssid;
1865    }
1866    if (!channel_subsys.css[real_cssid]) {
1867        return -EINVAL;
1868    }
1869
1870    if (!channel_subsys.css[real_cssid]->chpids[chpid].in_use) {
1871        return -ENODEV;
1872    }
1873
1874    if (!channel_subsys.css[real_cssid]->chpids[chpid].is_virtual) {
1875        fprintf(stderr,
1876                "rchp unsupported for non-virtual chpid %x.%02x!\n",
1877                real_cssid, chpid);
1878        return -ENODEV;
1879    }
1880
1881    /* We don't really use a channel path, so we're done here. */
1882    css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1,
1883                  channel_subsys.max_cssid > 0 ? 1 : 0, chpid);
1884    if (channel_subsys.max_cssid > 0) {
1885        css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1, 0, real_cssid << 8);
1886    }
1887    return 0;
1888}
1889
1890bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1891{
1892    SubchSet *set;
1893    uint8_t real_cssid;
1894
1895    real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1896    if (ssid > MAX_SSID ||
1897        !channel_subsys.css[real_cssid] ||
1898        !channel_subsys.css[real_cssid]->sch_set[ssid]) {
1899        return true;
1900    }
1901    set = channel_subsys.css[real_cssid]->sch_set[ssid];
1902    return schid > find_last_bit(set->schids_used,
1903                                 (MAX_SCHID + 1) / sizeof(unsigned long));
1904}
1905
1906unsigned int css_find_free_chpid(uint8_t cssid)
1907{
1908    CssImage *css = channel_subsys.css[cssid];
1909    unsigned int chpid;
1910
1911    if (!css) {
1912        return MAX_CHPID + 1;
1913    }
1914
1915    for (chpid = 0; chpid <= MAX_CHPID; chpid++) {
1916        /* skip reserved chpid */
1917        if (chpid == VIRTIO_CCW_CHPID) {
1918            continue;
1919        }
1920        if (!css->chpids[chpid].in_use) {
1921            return chpid;
1922        }
1923    }
1924    return MAX_CHPID + 1;
1925}
1926
1927static int css_add_chpid(uint8_t cssid, uint8_t chpid, uint8_t type,
1928                         bool is_virt)
1929{
1930    CssImage *css;
1931
1932    trace_css_chpid_add(cssid, chpid, type);
1933    css = channel_subsys.css[cssid];
1934    if (!css) {
1935        return -EINVAL;
1936    }
1937    if (css->chpids[chpid].in_use) {
1938        return -EEXIST;
1939    }
1940    css->chpids[chpid].in_use = 1;
1941    css->chpids[chpid].type = type;
1942    css->chpids[chpid].is_virtual = is_virt;
1943
1944    css_generate_chp_crws(cssid, chpid);
1945
1946    return 0;
1947}
1948
1949void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type)
1950{
1951    SCHIB *schib = &sch->curr_status;
1952    int i;
1953    CssImage *css = channel_subsys.css[sch->cssid];
1954
1955    assert(css != NULL);
1956    memset(&schib->pmcw, 0, sizeof(PMCW));
1957    schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
1958    schib->pmcw.devno = sch->devno;
1959    /* single path */
1960    schib->pmcw.pim = 0x80;
1961    schib->pmcw.pom = 0xff;
1962    schib->pmcw.pam = 0x80;
1963    schib->pmcw.chpid[0] = chpid;
1964    if (!css->chpids[chpid].in_use) {
1965        css_add_chpid(sch->cssid, chpid, type, true);
1966    }
1967
1968    memset(&schib->scsw, 0, sizeof(SCSW));
1969    schib->mba = 0;
1970    for (i = 0; i < ARRAY_SIZE(schib->mda); i++) {
1971        schib->mda[i] = 0;
1972    }
1973}
1974
1975SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1976{
1977    uint8_t real_cssid;
1978
1979    real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1980
1981    if (!channel_subsys.css[real_cssid]) {
1982        return NULL;
1983    }
1984
1985    if (!channel_subsys.css[real_cssid]->sch_set[ssid]) {
1986        return NULL;
1987    }
1988
1989    return channel_subsys.css[real_cssid]->sch_set[ssid]->sch[schid];
1990}
1991
1992/**
1993 * Return free device number in subchannel set.
1994 *
1995 * Return index of the first free device number in the subchannel set
1996 * identified by @p cssid and @p ssid, beginning the search at @p
1997 * start and wrapping around at MAX_DEVNO. Return a value exceeding
1998 * MAX_SCHID if there are no free device numbers in the subchannel
1999 * set.
2000 */
2001static uint32_t css_find_free_devno(uint8_t cssid, uint8_t ssid,
2002                                    uint16_t start)
2003{
2004    uint32_t round;
2005
2006    for (round = 0; round <= MAX_DEVNO; round++) {
2007        uint16_t devno = (start + round) % MAX_DEVNO;
2008
2009        if (!css_devno_used(cssid, ssid, devno)) {
2010            return devno;
2011        }
2012    }
2013    return MAX_DEVNO + 1;
2014}
2015
2016/**
2017 * Return first free subchannel (id) in subchannel set.
2018 *
2019 * Return index of the first free subchannel in the subchannel set
2020 * identified by @p cssid and @p ssid, if there is any. Return a value
2021 * exceeding MAX_SCHID if there are no free subchannels in the
2022 * subchannel set.
2023 */
2024static uint32_t css_find_free_subch(uint8_t cssid, uint8_t ssid)
2025{
2026    uint32_t schid;
2027
2028    for (schid = 0; schid <= MAX_SCHID; schid++) {
2029        if (!css_find_subch(1, cssid, ssid, schid)) {
2030            return schid;
2031        }
2032    }
2033    return MAX_SCHID + 1;
2034}
2035
2036/**
2037 * Return first free subchannel (id) in subchannel set for a device number
2038 *
2039 * Verify the device number @p devno is not used yet in the subchannel
2040 * set identified by @p cssid and @p ssid. Set @p schid to the index
2041 * of the first free subchannel in the subchannel set, if there is
2042 * any. Return true if everything succeeded and false otherwise.
2043 */
2044static bool css_find_free_subch_for_devno(uint8_t cssid, uint8_t ssid,
2045                                          uint16_t devno, uint16_t *schid,
2046                                          Error **errp)
2047{
2048    uint32_t free_schid;
2049
2050    assert(schid);
2051    if (css_devno_used(cssid, ssid, devno)) {
2052        error_setg(errp, "Device %x.%x.%04x already exists",
2053                   cssid, ssid, devno);
2054        return false;
2055    }
2056    free_schid = css_find_free_subch(cssid, ssid);
2057    if (free_schid > MAX_SCHID) {
2058        error_setg(errp, "No free subchannel found for %x.%x.%04x",
2059                   cssid, ssid, devno);
2060        return false;
2061    }
2062    *schid = free_schid;
2063    return true;
2064}
2065
2066/**
2067 * Return first free subchannel (id) and device number
2068 *
2069 * Locate the first free subchannel and first free device number in
2070 * any of the subchannel sets of the channel subsystem identified by
2071 * @p cssid. Return false if no free subchannel / device number could
2072 * be found. Otherwise set @p ssid, @p devno and @p schid to identify
2073 * the available subchannel and device number and return true.
2074 *
2075 * May modify @p ssid, @p devno and / or @p schid even if no free
2076 * subchannel / device number could be found.
2077 */
2078static bool css_find_free_subch_and_devno(uint8_t cssid, uint8_t *ssid,
2079                                          uint16_t *devno, uint16_t *schid,
2080                                          Error **errp)
2081{
2082    uint32_t free_schid, free_devno;
2083
2084    assert(ssid && devno && schid);
2085    for (*ssid = 0; *ssid <= MAX_SSID; (*ssid)++) {
2086        free_schid = css_find_free_subch(cssid, *ssid);
2087        if (free_schid > MAX_SCHID) {
2088            continue;
2089        }
2090        free_devno = css_find_free_devno(cssid, *ssid, free_schid);
2091        if (free_devno > MAX_DEVNO) {
2092            continue;
2093        }
2094        *schid = free_schid;
2095        *devno = free_devno;
2096        return true;
2097    }
2098    error_setg(errp, "Virtual channel subsystem is full!");
2099    return false;
2100}
2101
2102bool css_subch_visible(SubchDev *sch)
2103{
2104    if (sch->ssid > channel_subsys.max_ssid) {
2105        return false;
2106    }
2107
2108    if (sch->cssid != channel_subsys.default_cssid) {
2109        return (channel_subsys.max_cssid > 0);
2110    }
2111
2112    return true;
2113}
2114
2115bool css_present(uint8_t cssid)
2116{
2117    return (channel_subsys.css[cssid] != NULL);
2118}
2119
2120bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno)
2121{
2122    if (!channel_subsys.css[cssid]) {
2123        return false;
2124    }
2125    if (!channel_subsys.css[cssid]->sch_set[ssid]) {
2126        return false;
2127    }
2128
2129    return !!test_bit(devno,
2130                      channel_subsys.css[cssid]->sch_set[ssid]->devnos_used);
2131}
2132
2133void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
2134                      uint16_t devno, SubchDev *sch)
2135{
2136    CssImage *css;
2137    SubchSet *s_set;
2138
2139    trace_css_assign_subch(sch ? "assign" : "deassign", cssid, ssid, schid,
2140                           devno);
2141    if (!channel_subsys.css[cssid]) {
2142        fprintf(stderr,
2143                "Suspicious call to %s (%x.%x.%04x) for non-existing css!\n",
2144                __func__, cssid, ssid, schid);
2145        return;
2146    }
2147    css = channel_subsys.css[cssid];
2148
2149    if (!css->sch_set[ssid]) {
2150        css->sch_set[ssid] = g_new0(SubchSet, 1);
2151    }
2152    s_set = css->sch_set[ssid];
2153
2154    s_set->sch[schid] = sch;
2155    if (sch) {
2156        set_bit(schid, s_set->schids_used);
2157        set_bit(devno, s_set->devnos_used);
2158    } else {
2159        clear_bit(schid, s_set->schids_used);
2160        clear_bit(devno, s_set->devnos_used);
2161    }
2162}
2163
2164void css_queue_crw(uint8_t rsc, uint8_t erc, int solicited,
2165                   int chain, uint16_t rsid)
2166{
2167    CrwContainer *crw_cont;
2168
2169    trace_css_crw(rsc, erc, rsid, chain ? "(chained)" : "");
2170    /* TODO: Maybe use a static crw pool? */
2171    crw_cont = g_try_new0(CrwContainer, 1);
2172    if (!crw_cont) {
2173        channel_subsys.crws_lost = true;
2174        return;
2175    }
2176    crw_cont->crw.flags = (rsc << 8) | erc;
2177    if (solicited) {
2178        crw_cont->crw.flags |= CRW_FLAGS_MASK_S;
2179    }
2180    if (chain) {
2181        crw_cont->crw.flags |= CRW_FLAGS_MASK_C;
2182    }
2183    crw_cont->crw.rsid = rsid;
2184    if (channel_subsys.crws_lost) {
2185        crw_cont->crw.flags |= CRW_FLAGS_MASK_R;
2186        channel_subsys.crws_lost = false;
2187    }
2188
2189    QTAILQ_INSERT_TAIL(&channel_subsys.pending_crws, crw_cont, sibling);
2190
2191    if (channel_subsys.do_crw_mchk) {
2192        channel_subsys.do_crw_mchk = false;
2193        /* Inject crw pending machine check. */
2194        s390_crw_mchk();
2195    }
2196}
2197
2198void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
2199                           int hotplugged, int add)
2200{
2201    uint8_t guest_cssid;
2202    bool chain_crw;
2203
2204    if (add && !hotplugged) {
2205        return;
2206    }
2207    if (channel_subsys.max_cssid == 0) {
2208        /* Default cssid shows up as 0. */
2209        guest_cssid = (cssid == channel_subsys.default_cssid) ? 0 : cssid;
2210    } else {
2211        /* Show real cssid to the guest. */
2212        guest_cssid = cssid;
2213    }
2214    /*
2215     * Only notify for higher subchannel sets/channel subsystems if the
2216     * guest has enabled it.
2217     */
2218    if ((ssid > channel_subsys.max_ssid) ||
2219        (guest_cssid > channel_subsys.max_cssid) ||
2220        ((channel_subsys.max_cssid == 0) &&
2221         (cssid != channel_subsys.default_cssid))) {
2222        return;
2223    }
2224    chain_crw = (channel_subsys.max_ssid > 0) ||
2225            (channel_subsys.max_cssid > 0);
2226    css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, chain_crw ? 1 : 0, schid);
2227    if (chain_crw) {
2228        css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, 0,
2229                      (guest_cssid << 8) | (ssid << 4));
2230    }
2231    /* RW_ERC_IPI --> clear pending interrupts */
2232    css_clear_io_interrupt(css_do_build_subchannel_id(cssid, ssid), schid);
2233}
2234
2235void css_generate_chp_crws(uint8_t cssid, uint8_t chpid)
2236{
2237    /* TODO */
2238}
2239
2240void css_generate_css_crws(uint8_t cssid)
2241{
2242    if (!channel_subsys.sei_pending) {
2243        css_queue_crw(CRW_RSC_CSS, CRW_ERC_EVENT, 0, 0, cssid);
2244    }
2245    channel_subsys.sei_pending = true;
2246}
2247
2248void css_clear_sei_pending(void)
2249{
2250    channel_subsys.sei_pending = false;
2251}
2252
2253int css_enable_mcsse(void)
2254{
2255    trace_css_enable_facility("mcsse");
2256    channel_subsys.max_cssid = MAX_CSSID;
2257    return 0;
2258}
2259
2260int css_enable_mss(void)
2261{
2262    trace_css_enable_facility("mss");
2263    channel_subsys.max_ssid = MAX_SSID;
2264    return 0;
2265}
2266
2267void css_reset_sch(SubchDev *sch)
2268{
2269    SCHIB *schib = &sch->curr_status;
2270
2271    if ((schib->pmcw.flags & PMCW_FLAGS_MASK_ENA) != 0 && sch->disable_cb) {
2272        sch->disable_cb(sch);
2273    }
2274
2275    schib->pmcw.intparm = 0;
2276    schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
2277                  PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
2278                  PMCW_FLAGS_MASK_MP | PMCW_FLAGS_MASK_TF);
2279    schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2280    schib->pmcw.devno = sch->devno;
2281    schib->pmcw.pim = 0x80;
2282    schib->pmcw.lpm = schib->pmcw.pim;
2283    schib->pmcw.pnom = 0;
2284    schib->pmcw.lpum = 0;
2285    schib->pmcw.mbi = 0;
2286    schib->pmcw.pom = 0xff;
2287    schib->pmcw.pam = 0x80;
2288    schib->pmcw.chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_XMWME |
2289                  PMCW_CHARS_MASK_CSENSE);
2290
2291    memset(&schib->scsw, 0, sizeof(schib->scsw));
2292    schib->mba = 0;
2293
2294    sch->channel_prog = 0x0;
2295    sch->last_cmd_valid = false;
2296    sch->thinint_active = false;
2297}
2298
2299void css_reset(void)
2300{
2301    CrwContainer *crw_cont;
2302
2303    /* Clean up monitoring. */
2304    channel_subsys.chnmon_active = false;
2305    channel_subsys.chnmon_area = 0;
2306
2307    /* Clear pending CRWs. */
2308    while ((crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws))) {
2309        QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
2310        g_free(crw_cont);
2311    }
2312    channel_subsys.sei_pending = false;
2313    channel_subsys.do_crw_mchk = true;
2314    channel_subsys.crws_lost = false;
2315
2316    /* Reset maximum ids. */
2317    channel_subsys.max_cssid = 0;
2318    channel_subsys.max_ssid = 0;
2319}
2320
2321static void get_css_devid(Object *obj, Visitor *v, const char *name,
2322                          void *opaque, Error **errp)
2323{
2324    DeviceState *dev = DEVICE(obj);
2325    Property *prop = opaque;
2326    CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
2327    char buffer[] = "xx.x.xxxx";
2328    char *p = buffer;
2329    int r;
2330
2331    if (dev_id->valid) {
2332
2333        r = snprintf(buffer, sizeof(buffer), "%02x.%1x.%04x", dev_id->cssid,
2334                     dev_id->ssid, dev_id->devid);
2335        assert(r == sizeof(buffer) - 1);
2336
2337        /* drop leading zero */
2338        if (dev_id->cssid <= 0xf) {
2339            p++;
2340        }
2341    } else {
2342        snprintf(buffer, sizeof(buffer), "<unset>");
2343    }
2344
2345    visit_type_str(v, name, &p, errp);
2346}
2347
2348/*
2349 * parse <cssid>.<ssid>.<devid> and assert valid range for cssid/ssid
2350 */
2351static void set_css_devid(Object *obj, Visitor *v, const char *name,
2352                          void *opaque, Error **errp)
2353{
2354    DeviceState *dev = DEVICE(obj);
2355    Property *prop = opaque;
2356    CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
2357    Error *local_err = NULL;
2358    char *str;
2359    int num, n1, n2;
2360    unsigned int cssid, ssid, devid;
2361
2362    if (dev->realized) {
2363        qdev_prop_set_after_realize(dev, name, errp);
2364        return;
2365    }
2366
2367    visit_type_str(v, name, &str, &local_err);
2368    if (local_err) {
2369        error_propagate(errp, local_err);
2370        return;
2371    }
2372
2373    num = sscanf(str, "%2x.%1x%n.%4x%n", &cssid, &ssid, &n1, &devid, &n2);
2374    if (num != 3 || (n2 - n1) != 5 || strlen(str) != n2) {
2375        error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
2376        goto out;
2377    }
2378    if ((cssid > MAX_CSSID) || (ssid > MAX_SSID)) {
2379        error_setg(errp, "Invalid cssid or ssid: cssid %x, ssid %x",
2380                   cssid, ssid);
2381        goto out;
2382    }
2383
2384    dev_id->cssid = cssid;
2385    dev_id->ssid = ssid;
2386    dev_id->devid = devid;
2387    dev_id->valid = true;
2388
2389out:
2390    g_free(str);
2391}
2392
2393const PropertyInfo css_devid_propinfo = {
2394    .name = "str",
2395    .description = "Identifier of an I/O device in the channel "
2396                   "subsystem, example: fe.1.23ab",
2397    .get = get_css_devid,
2398    .set = set_css_devid,
2399};
2400
2401const PropertyInfo css_devid_ro_propinfo = {
2402    .name = "str",
2403    .description = "Read-only identifier of an I/O device in the channel "
2404                   "subsystem, example: fe.1.23ab",
2405    .get = get_css_devid,
2406};
2407
2408SubchDev *css_create_sch(CssDevId bus_id, Error **errp)
2409{
2410    uint16_t schid = 0;
2411    SubchDev *sch;
2412
2413    if (bus_id.valid) {
2414        if (!channel_subsys.css[bus_id.cssid]) {
2415            css_create_css_image(bus_id.cssid, false);
2416        }
2417
2418        if (!css_find_free_subch_for_devno(bus_id.cssid, bus_id.ssid,
2419                                           bus_id.devid, &schid, errp)) {
2420            return NULL;
2421        }
2422    } else {
2423        for (bus_id.cssid = channel_subsys.default_cssid;;) {
2424            if (!channel_subsys.css[bus_id.cssid]) {
2425                css_create_css_image(bus_id.cssid, false);
2426            }
2427
2428            if   (css_find_free_subch_and_devno(bus_id.cssid, &bus_id.ssid,
2429                                                &bus_id.devid, &schid,
2430                                                NULL)) {
2431                break;
2432            }
2433            bus_id.cssid = (bus_id.cssid + 1) % MAX_CSSID;
2434            if (bus_id.cssid == channel_subsys.default_cssid) {
2435                error_setg(errp, "Virtual channel subsystem is full!");
2436                return NULL;
2437            }
2438        }
2439    }
2440
2441    sch = g_new0(SubchDev, 1);
2442    sch->cssid = bus_id.cssid;
2443    sch->ssid = bus_id.ssid;
2444    sch->devno = bus_id.devid;
2445    sch->schid = schid;
2446    css_subch_assign(sch->cssid, sch->ssid, schid, sch->devno, sch);
2447    return sch;
2448}
2449
2450static int css_sch_get_chpids(SubchDev *sch, CssDevId *dev_id)
2451{
2452    char *fid_path;
2453    FILE *fd;
2454    uint32_t chpid[8];
2455    int i;
2456    SCHIB *schib = &sch->curr_status;
2457
2458    fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/chpids",
2459                               dev_id->cssid, dev_id->ssid, dev_id->devid);
2460    fd = fopen(fid_path, "r");
2461    if (fd == NULL) {
2462        error_report("%s: open %s failed", __func__, fid_path);
2463        g_free(fid_path);
2464        return -EINVAL;
2465    }
2466
2467    if (fscanf(fd, "%x %x %x %x %x %x %x %x",
2468        &chpid[0], &chpid[1], &chpid[2], &chpid[3],
2469        &chpid[4], &chpid[5], &chpid[6], &chpid[7]) != 8) {
2470        fclose(fd);
2471        g_free(fid_path);
2472        return -EINVAL;
2473    }
2474
2475    for (i = 0; i < ARRAY_SIZE(schib->pmcw.chpid); i++) {
2476        schib->pmcw.chpid[i] = chpid[i];
2477    }
2478
2479    fclose(fd);
2480    g_free(fid_path);
2481
2482    return 0;
2483}
2484
2485static int css_sch_get_path_masks(SubchDev *sch, CssDevId *dev_id)
2486{
2487    char *fid_path;
2488    FILE *fd;
2489    uint32_t pim, pam, pom;
2490    SCHIB *schib = &sch->curr_status;
2491
2492    fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/pimpampom",
2493                               dev_id->cssid, dev_id->ssid, dev_id->devid);
2494    fd = fopen(fid_path, "r");
2495    if (fd == NULL) {
2496        error_report("%s: open %s failed", __func__, fid_path);
2497        g_free(fid_path);
2498        return -EINVAL;
2499    }
2500
2501    if (fscanf(fd, "%x %x %x", &pim, &pam, &pom) != 3) {
2502        fclose(fd);
2503        g_free(fid_path);
2504        return -EINVAL;
2505    }
2506
2507    schib->pmcw.pim = pim;
2508    schib->pmcw.pam = pam;
2509    schib->pmcw.pom = pom;
2510    fclose(fd);
2511    g_free(fid_path);
2512
2513    return 0;
2514}
2515
2516static int css_sch_get_chpid_type(uint8_t chpid, uint32_t *type,
2517                                  CssDevId *dev_id)
2518{
2519    char *fid_path;
2520    FILE *fd;
2521
2522    fid_path = g_strdup_printf("/sys/devices/css%x/chp0.%02x/type",
2523                               dev_id->cssid, chpid);
2524    fd = fopen(fid_path, "r");
2525    if (fd == NULL) {
2526        error_report("%s: open %s failed", __func__, fid_path);
2527        g_free(fid_path);
2528        return -EINVAL;
2529    }
2530
2531    if (fscanf(fd, "%x", type) != 1) {
2532        fclose(fd);
2533        g_free(fid_path);
2534        return -EINVAL;
2535    }
2536
2537    fclose(fd);
2538    g_free(fid_path);
2539
2540    return 0;
2541}
2542
2543/*
2544 * We currently retrieve the real device information from sysfs to build the
2545 * guest subchannel information block without considering the migration feature.
2546 * We need to revisit this problem when we want to add migration support.
2547 */
2548int css_sch_build_schib(SubchDev *sch, CssDevId *dev_id)
2549{
2550    CssImage *css = channel_subsys.css[sch->cssid];
2551    SCHIB *schib = &sch->curr_status;
2552    uint32_t type;
2553    int i, ret;
2554
2555    assert(css != NULL);
2556    memset(&schib->pmcw, 0, sizeof(PMCW));
2557    schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2558    /* We are dealing with I/O subchannels only. */
2559    schib->pmcw.devno = sch->devno;
2560
2561    /* Grab path mask from sysfs. */
2562    ret = css_sch_get_path_masks(sch, dev_id);
2563    if (ret) {
2564        return ret;
2565    }
2566
2567    /* Grab chpids from sysfs. */
2568    ret = css_sch_get_chpids(sch, dev_id);
2569    if (ret) {
2570        return ret;
2571    }
2572
2573   /* Build chpid type. */
2574    for (i = 0; i < ARRAY_SIZE(schib->pmcw.chpid); i++) {
2575        if (schib->pmcw.chpid[i] && !css->chpids[schib->pmcw.chpid[i]].in_use) {
2576            ret = css_sch_get_chpid_type(schib->pmcw.chpid[i], &type, dev_id);
2577            if (ret) {
2578                return ret;
2579            }
2580            css_add_chpid(sch->cssid, schib->pmcw.chpid[i], type, false);
2581        }
2582    }
2583
2584    memset(&schib->scsw, 0, sizeof(SCSW));
2585    schib->mba = 0;
2586    for (i = 0; i < ARRAY_SIZE(schib->mda); i++) {
2587        schib->mda[i] = 0;
2588    }
2589
2590    return 0;
2591}
2592