xref: /openbmc/qemu/hw/s390x/css.c (revision 8cbb4fc12e1d10182cbab93f234510bc616594ca)
1 /*
2  * Channel subsystem base support.
3  *
4  * Copyright 2012 IBM Corp.
5  * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
6  *
7  * This work is licensed under the terms of the GNU GPL, version 2 or (at
8  * your option) any later version. See the COPYING file in the top-level
9  * directory.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "qapi/error.h"
14 #include "qapi/visitor.h"
15 #include "qemu/bitops.h"
16 #include "qemu/error-report.h"
17 #include "exec/address-spaces.h"
18 #include "hw/s390x/ioinst.h"
19 #include "hw/qdev-properties.h"
20 #include "hw/s390x/css.h"
21 #include "trace.h"
22 #include "hw/s390x/s390_flic.h"
23 #include "hw/s390x/s390-virtio-ccw.h"
24 #include "hw/s390x/s390-ccw.h"
25 
26 bool css_migration_enabled = true;
27 
28 typedef struct CrwContainer {
29     CRW crw;
30     QTAILQ_ENTRY(CrwContainer) sibling;
31 } CrwContainer;
32 
33 static const VMStateDescription vmstate_crw = {
34     .name = "s390_crw",
35     .version_id = 1,
36     .minimum_version_id = 1,
37     .fields = (const VMStateField[]) {
38         VMSTATE_UINT16(flags, CRW),
39         VMSTATE_UINT16(rsid, CRW),
40         VMSTATE_END_OF_LIST()
41     },
42 };
43 
44 static const VMStateDescription vmstate_crw_container = {
45     .name = "s390_crw_container",
46     .version_id = 1,
47     .minimum_version_id = 1,
48     .fields = (const VMStateField[]) {
49         VMSTATE_STRUCT(crw, CrwContainer, 0, vmstate_crw, CRW),
50         VMSTATE_END_OF_LIST()
51     },
52 };
53 
54 typedef struct ChpInfo {
55     uint8_t in_use;
56     uint8_t type;
57     uint8_t is_virtual;
58 } ChpInfo;
59 
60 static const VMStateDescription vmstate_chp_info = {
61     .name = "s390_chp_info",
62     .version_id = 1,
63     .minimum_version_id = 1,
64     .fields = (const VMStateField[]) {
65         VMSTATE_UINT8(in_use, ChpInfo),
66         VMSTATE_UINT8(type, ChpInfo),
67         VMSTATE_UINT8(is_virtual, ChpInfo),
68         VMSTATE_END_OF_LIST()
69     }
70 };
71 
72 typedef struct SubchSet {
73     SubchDev *sch[MAX_SCHID + 1];
74     unsigned long schids_used[BITS_TO_LONGS(MAX_SCHID + 1)];
75     unsigned long devnos_used[BITS_TO_LONGS(MAX_SCHID + 1)];
76 } SubchSet;
77 
78 static const VMStateDescription vmstate_scsw = {
79     .name = "s390_scsw",
80     .version_id = 1,
81     .minimum_version_id = 1,
82     .fields = (const VMStateField[]) {
83         VMSTATE_UINT16(flags, SCSW),
84         VMSTATE_UINT16(ctrl, SCSW),
85         VMSTATE_UINT32(cpa, SCSW),
86         VMSTATE_UINT8(dstat, SCSW),
87         VMSTATE_UINT8(cstat, SCSW),
88         VMSTATE_UINT16(count, SCSW),
89         VMSTATE_END_OF_LIST()
90     }
91 };
92 
93 static const VMStateDescription vmstate_pmcw = {
94     .name = "s390_pmcw",
95     .version_id = 1,
96     .minimum_version_id = 1,
97     .fields = (const VMStateField[]) {
98         VMSTATE_UINT32(intparm, PMCW),
99         VMSTATE_UINT16(flags, PMCW),
100         VMSTATE_UINT16(devno, PMCW),
101         VMSTATE_UINT8(lpm, PMCW),
102         VMSTATE_UINT8(pnom, PMCW),
103         VMSTATE_UINT8(lpum, PMCW),
104         VMSTATE_UINT8(pim, PMCW),
105         VMSTATE_UINT16(mbi, PMCW),
106         VMSTATE_UINT8(pom, PMCW),
107         VMSTATE_UINT8(pam, PMCW),
108         VMSTATE_UINT8_ARRAY(chpid, PMCW, 8),
109         VMSTATE_UINT32(chars, PMCW),
110         VMSTATE_END_OF_LIST()
111     }
112 };
113 
114 static const VMStateDescription vmstate_schib = {
115     .name = "s390_schib",
116     .version_id = 1,
117     .minimum_version_id = 1,
118     .fields = (const VMStateField[]) {
119         VMSTATE_STRUCT(pmcw, SCHIB, 0, vmstate_pmcw, PMCW),
120         VMSTATE_STRUCT(scsw, SCHIB, 0, vmstate_scsw, SCSW),
121         VMSTATE_UINT64(mba, SCHIB),
122         VMSTATE_UINT8_ARRAY(mda, SCHIB, 4),
123         VMSTATE_END_OF_LIST()
124     }
125 };
126 
127 
128 static const VMStateDescription vmstate_ccw1 = {
129     .name = "s390_ccw1",
130     .version_id = 1,
131     .minimum_version_id = 1,
132     .fields = (const VMStateField[]) {
133         VMSTATE_UINT8(cmd_code, CCW1),
134         VMSTATE_UINT8(flags, CCW1),
135         VMSTATE_UINT16(count, CCW1),
136         VMSTATE_UINT32(cda, CCW1),
137         VMSTATE_END_OF_LIST()
138     }
139 };
140 
141 static const VMStateDescription vmstate_ciw = {
142     .name = "s390_ciw",
143     .version_id = 1,
144     .minimum_version_id = 1,
145     .fields = (const VMStateField[]) {
146         VMSTATE_UINT8(type, CIW),
147         VMSTATE_UINT8(command, CIW),
148         VMSTATE_UINT16(count, CIW),
149         VMSTATE_END_OF_LIST()
150     }
151 };
152 
153 static const VMStateDescription vmstate_sense_id = {
154     .name = "s390_sense_id",
155     .version_id = 1,
156     .minimum_version_id = 1,
157     .fields = (const VMStateField[]) {
158         VMSTATE_UINT8(reserved, SenseId),
159         VMSTATE_UINT16(cu_type, SenseId),
160         VMSTATE_UINT8(cu_model, SenseId),
161         VMSTATE_UINT16(dev_type, SenseId),
162         VMSTATE_UINT8(dev_model, SenseId),
163         VMSTATE_UINT8(unused, SenseId),
164         VMSTATE_STRUCT_ARRAY(ciw, SenseId, MAX_CIWS, 0, vmstate_ciw, CIW),
165         VMSTATE_END_OF_LIST()
166     }
167 };
168 
169 static const VMStateDescription vmstate_orb = {
170     .name = "s390_orb",
171     .version_id = 1,
172     .minimum_version_id = 1,
173     .fields = (const VMStateField[]) {
174         VMSTATE_UINT32(intparm, ORB),
175         VMSTATE_UINT16(ctrl0, ORB),
176         VMSTATE_UINT8(lpm, ORB),
177         VMSTATE_UINT8(ctrl1, ORB),
178         VMSTATE_UINT32(cpa, ORB),
179         VMSTATE_END_OF_LIST()
180     }
181 };
182 
183 static bool vmstate_schdev_orb_needed(void *opaque)
184 {
185     return css_migration_enabled;
186 }
187 
188 static const VMStateDescription vmstate_schdev_orb = {
189     .name = "s390_subch_dev/orb",
190     .version_id = 1,
191     .minimum_version_id = 1,
192     .needed = vmstate_schdev_orb_needed,
193     .fields = (const VMStateField[]) {
194         VMSTATE_STRUCT(orb, SubchDev, 1, vmstate_orb, ORB),
195         VMSTATE_END_OF_LIST()
196     }
197 };
198 
199 static int subch_dev_post_load(void *opaque, int version_id);
200 static int subch_dev_pre_save(void *opaque);
201 
202 const char err_hint_devno[] = "Devno mismatch, tried to load wrong section!"
203     " Likely reason: some sequences of plug and unplug  can break"
204     " migration for machine versions prior to  2.7 (known design flaw).";
205 
206 const VMStateDescription vmstate_subch_dev = {
207     .name = "s390_subch_dev",
208     .version_id = 1,
209     .minimum_version_id = 1,
210     .post_load = subch_dev_post_load,
211     .pre_save = subch_dev_pre_save,
212     .fields = (const VMStateField[]) {
213         VMSTATE_UINT8_EQUAL(cssid, SubchDev, "Bug!"),
214         VMSTATE_UINT8_EQUAL(ssid, SubchDev, "Bug!"),
215         VMSTATE_UINT16(migrated_schid, SubchDev),
216         VMSTATE_UINT16_EQUAL(devno, SubchDev, err_hint_devno),
217         VMSTATE_BOOL(thinint_active, SubchDev),
218         VMSTATE_STRUCT(curr_status, SubchDev, 0, vmstate_schib, SCHIB),
219         VMSTATE_UINT8_ARRAY(sense_data, SubchDev, 32),
220         VMSTATE_UINT64(channel_prog, SubchDev),
221         VMSTATE_STRUCT(last_cmd, SubchDev, 0, vmstate_ccw1, CCW1),
222         VMSTATE_BOOL(last_cmd_valid, SubchDev),
223         VMSTATE_STRUCT(id, SubchDev, 0, vmstate_sense_id, SenseId),
224         VMSTATE_BOOL(ccw_fmt_1, SubchDev),
225         VMSTATE_UINT8(ccw_no_data_cnt, SubchDev),
226         VMSTATE_END_OF_LIST()
227     },
228     .subsections = (const VMStateDescription * const []) {
229         &vmstate_schdev_orb,
230         NULL
231     }
232 };
233 
234 typedef struct IndAddrPtrTmp {
235     IndAddr **parent;
236     uint64_t addr;
237     int32_t len;
238 } IndAddrPtrTmp;
239 
240 static int post_load_ind_addr(void *opaque, int version_id)
241 {
242     IndAddrPtrTmp *ptmp = opaque;
243     IndAddr **ind_addr = ptmp->parent;
244 
245     if (ptmp->len != 0) {
246         *ind_addr = get_indicator(ptmp->addr, ptmp->len);
247     } else {
248         *ind_addr = NULL;
249     }
250     return 0;
251 }
252 
253 static int pre_save_ind_addr(void *opaque)
254 {
255     IndAddrPtrTmp *ptmp = opaque;
256     IndAddr *ind_addr = *(ptmp->parent);
257 
258     if (ind_addr != NULL) {
259         ptmp->len = ind_addr->len;
260         ptmp->addr = ind_addr->addr;
261     } else {
262         ptmp->len = 0;
263         ptmp->addr = 0L;
264     }
265 
266     return 0;
267 }
268 
269 static const VMStateDescription vmstate_ind_addr_tmp = {
270     .name = "s390_ind_addr_tmp",
271     .pre_save = pre_save_ind_addr,
272     .post_load = post_load_ind_addr,
273 
274     .fields = (const VMStateField[]) {
275         VMSTATE_INT32(len, IndAddrPtrTmp),
276         VMSTATE_UINT64(addr, IndAddrPtrTmp),
277         VMSTATE_END_OF_LIST()
278     }
279 };
280 
281 const VMStateDescription vmstate_ind_addr = {
282     .name = "s390_ind_addr_tmp",
283     .fields = (const VMStateField[]) {
284         VMSTATE_WITH_TMP(IndAddr*, IndAddrPtrTmp, vmstate_ind_addr_tmp),
285         VMSTATE_END_OF_LIST()
286     }
287 };
288 
289 typedef struct CssImage {
290     SubchSet *sch_set[MAX_SSID + 1];
291     ChpInfo chpids[MAX_CHPID + 1];
292 } CssImage;
293 
294 static const VMStateDescription vmstate_css_img = {
295     .name = "s390_css_img",
296     .version_id = 1,
297     .minimum_version_id = 1,
298     .fields = (const VMStateField[]) {
299         /* Subchannel sets have no relevant state. */
300         VMSTATE_STRUCT_ARRAY(chpids, CssImage, MAX_CHPID + 1, 0,
301                              vmstate_chp_info, ChpInfo),
302         VMSTATE_END_OF_LIST()
303     }
304 
305 };
306 
307 typedef struct IoAdapter {
308     uint32_t id;
309     uint8_t type;
310     uint8_t isc;
311     uint8_t flags;
312 } IoAdapter;
313 
314 typedef struct ChannelSubSys {
315     QTAILQ_HEAD(, CrwContainer) pending_crws;
316     bool sei_pending;
317     bool do_crw_mchk;
318     bool crws_lost;
319     uint8_t max_cssid;
320     uint8_t max_ssid;
321     bool chnmon_active;
322     uint64_t chnmon_area;
323     CssImage *css[MAX_CSSID + 1];
324     uint8_t default_cssid;
325     /* don't migrate, see css_register_io_adapters */
326     IoAdapter *io_adapters[CSS_IO_ADAPTER_TYPE_NUMS][MAX_ISC + 1];
327     /* don't migrate, see get_indicator and IndAddrPtrTmp */
328     QTAILQ_HEAD(, IndAddr) indicator_addresses;
329 } ChannelSubSys;
330 
331 static const VMStateDescription vmstate_css = {
332     .name = "s390_css",
333     .version_id = 1,
334     .minimum_version_id = 1,
335     .fields = (const VMStateField[]) {
336         VMSTATE_QTAILQ_V(pending_crws, ChannelSubSys, 1, vmstate_crw_container,
337                          CrwContainer, sibling),
338         VMSTATE_BOOL(sei_pending, ChannelSubSys),
339         VMSTATE_BOOL(do_crw_mchk, ChannelSubSys),
340         VMSTATE_BOOL(crws_lost, ChannelSubSys),
341         /* These were kind of migrated by virtio */
342         VMSTATE_UINT8(max_cssid, ChannelSubSys),
343         VMSTATE_UINT8(max_ssid, ChannelSubSys),
344         VMSTATE_BOOL(chnmon_active, ChannelSubSys),
345         VMSTATE_UINT64(chnmon_area, ChannelSubSys),
346         VMSTATE_ARRAY_OF_POINTER_TO_STRUCT(css, ChannelSubSys, MAX_CSSID + 1,
347                 0, vmstate_css_img, CssImage),
348         VMSTATE_UINT8(default_cssid, ChannelSubSys),
349         VMSTATE_END_OF_LIST()
350     }
351 };
352 
353 static ChannelSubSys channel_subsys = {
354     .pending_crws = QTAILQ_HEAD_INITIALIZER(channel_subsys.pending_crws),
355     .do_crw_mchk = true,
356     .sei_pending = false,
357     .crws_lost = false,
358     .chnmon_active = false,
359     .indicator_addresses =
360         QTAILQ_HEAD_INITIALIZER(channel_subsys.indicator_addresses),
361 };
362 
363 static int subch_dev_pre_save(void *opaque)
364 {
365     SubchDev *s = opaque;
366 
367     /* Prepare remote_schid for save */
368     s->migrated_schid = s->schid;
369 
370     return 0;
371 }
372 
373 static int subch_dev_post_load(void *opaque, int version_id)
374 {
375 
376     SubchDev *s = opaque;
377 
378     /* Re-assign the subchannel to remote_schid if necessary */
379     if (s->migrated_schid != s->schid) {
380         if (css_find_subch(true, s->cssid, s->ssid, s->schid) == s) {
381             /*
382              * Cleanup the slot before moving to s->migrated_schid provided
383              * it still belongs to us, i.e. it was not changed by previous
384              * invocation of this function.
385              */
386             css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, NULL);
387         }
388         /* It's OK to re-assign without a prior de-assign. */
389         s->schid = s->migrated_schid;
390         css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, s);
391     }
392 
393     if (css_migration_enabled) {
394         /* No compat voodoo to do ;) */
395         return 0;
396     }
397     /*
398      * Hack alert. If we don't migrate the channel subsystem status
399      * we still need to find out if the guest enabled mss/mcss-e.
400      * If the subchannel is enabled, it certainly was able to access it,
401      * so adjust the max_ssid/max_cssid values for relevant ssid/cssid
402      * values. This is not watertight, but better than nothing.
403      */
404     if (s->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA) {
405         if (s->ssid) {
406             channel_subsys.max_ssid = MAX_SSID;
407         }
408         if (s->cssid != channel_subsys.default_cssid) {
409             channel_subsys.max_cssid = MAX_CSSID;
410         }
411     }
412     return 0;
413 }
414 
415 void css_register_vmstate(void)
416 {
417     if (css_migration_enabled) {
418         vmstate_register(NULL, 0, &vmstate_css, &channel_subsys);
419     }
420 }
421 
422 IndAddr *get_indicator(hwaddr ind_addr, int len)
423 {
424     IndAddr *indicator;
425 
426     QTAILQ_FOREACH(indicator, &channel_subsys.indicator_addresses, sibling) {
427         if (indicator->addr == ind_addr) {
428             indicator->refcnt++;
429             return indicator;
430         }
431     }
432     indicator = g_new0(IndAddr, 1);
433     indicator->addr = ind_addr;
434     indicator->len = len;
435     indicator->refcnt = 1;
436     QTAILQ_INSERT_TAIL(&channel_subsys.indicator_addresses,
437                        indicator, sibling);
438     return indicator;
439 }
440 
441 static int s390_io_adapter_map(AdapterInfo *adapter, uint64_t map_addr,
442                                bool do_map)
443 {
444     S390FLICState *fs = s390_get_flic();
445     S390FLICStateClass *fsc = s390_get_flic_class(fs);
446 
447     return fsc->io_adapter_map(fs, adapter->adapter_id, map_addr, do_map);
448 }
449 
450 void release_indicator(AdapterInfo *adapter, IndAddr *indicator)
451 {
452     assert(indicator->refcnt > 0);
453     indicator->refcnt--;
454     if (indicator->refcnt > 0) {
455         return;
456     }
457     QTAILQ_REMOVE(&channel_subsys.indicator_addresses, indicator, sibling);
458     if (indicator->map) {
459         s390_io_adapter_map(adapter, indicator->map, false);
460     }
461     g_free(indicator);
462 }
463 
464 int map_indicator(AdapterInfo *adapter, IndAddr *indicator)
465 {
466     int ret;
467 
468     if (indicator->map) {
469         return 0; /* already mapped is not an error */
470     }
471     indicator->map = indicator->addr;
472     ret = s390_io_adapter_map(adapter, indicator->map, true);
473     if ((ret != 0) && (ret != -ENOSYS)) {
474         goto out_err;
475     }
476     return 0;
477 
478 out_err:
479     indicator->map = 0;
480     return ret;
481 }
482 
483 int css_create_css_image(uint8_t cssid, bool default_image)
484 {
485     trace_css_new_image(cssid, default_image ? "(default)" : "");
486     /* 255 is reserved */
487     if (cssid == 255) {
488         return -EINVAL;
489     }
490     if (channel_subsys.css[cssid]) {
491         return -EBUSY;
492     }
493     channel_subsys.css[cssid] = g_new0(CssImage, 1);
494     if (default_image) {
495         channel_subsys.default_cssid = cssid;
496     }
497     return 0;
498 }
499 
500 uint32_t css_get_adapter_id(CssIoAdapterType type, uint8_t isc)
501 {
502     if (type >= CSS_IO_ADAPTER_TYPE_NUMS || isc > MAX_ISC ||
503         !channel_subsys.io_adapters[type][isc]) {
504         return -1;
505     }
506 
507     return channel_subsys.io_adapters[type][isc]->id;
508 }
509 
510 /**
511  * css_register_io_adapters: Register I/O adapters per ISC during init
512  *
513  * @swap: an indication if byte swap is needed.
514  * @maskable: an indication if the adapter is subject to the mask operation.
515  * @flags: further characteristics of the adapter.
516  *         e.g. suppressible, an indication if the adapter is subject to AIS.
517  * @errp: location to store error information.
518  */
519 void css_register_io_adapters(CssIoAdapterType type, bool swap, bool maskable,
520                               uint8_t flags, Error **errp)
521 {
522     uint32_t id;
523     int ret, isc;
524     IoAdapter *adapter;
525     S390FLICState *fs = s390_get_flic();
526     S390FLICStateClass *fsc = s390_get_flic_class(fs);
527 
528     /*
529      * Disallow multiple registrations for the same device type.
530      * Report an error if registering for an already registered type.
531      */
532     if (channel_subsys.io_adapters[type][0]) {
533         error_setg(errp, "Adapters for type %d already registered", type);
534     }
535 
536     for (isc = 0; isc <= MAX_ISC; isc++) {
537         id = (type << 3) | isc;
538         ret = fsc->register_io_adapter(fs, id, isc, swap, maskable, flags);
539         if (ret == 0) {
540             adapter = g_new0(IoAdapter, 1);
541             adapter->id = id;
542             adapter->isc = isc;
543             adapter->type = type;
544             adapter->flags = flags;
545             channel_subsys.io_adapters[type][isc] = adapter;
546         } else {
547             error_setg_errno(errp, -ret, "Unexpected error %d when "
548                              "registering adapter %d", ret, id);
549             break;
550         }
551     }
552 
553     /*
554      * No need to free registered adapters in kvm: kvm will clean up
555      * when the machine goes away.
556      */
557     if (ret) {
558         for (isc--; isc >= 0; isc--) {
559             g_free(channel_subsys.io_adapters[type][isc]);
560             channel_subsys.io_adapters[type][isc] = NULL;
561         }
562     }
563 
564 }
565 
566 static void css_clear_io_interrupt(uint16_t subchannel_id,
567                                    uint16_t subchannel_nr)
568 {
569     Error *err = NULL;
570     static bool no_clear_irq;
571     S390FLICState *fs = s390_get_flic();
572     S390FLICStateClass *fsc = s390_get_flic_class(fs);
573     int r;
574 
575     if (unlikely(no_clear_irq)) {
576         return;
577     }
578     r = fsc->clear_io_irq(fs, subchannel_id, subchannel_nr);
579     switch (r) {
580     case 0:
581         break;
582     case -ENOSYS:
583         no_clear_irq = true;
584         /*
585         * Ignore unavailability, as the user can't do anything
586         * about it anyway.
587         */
588         break;
589     default:
590         error_setg_errno(&err, -r, "unexpected error condition");
591         error_propagate(&error_abort, err);
592     }
593 }
594 
595 static inline uint16_t css_do_build_subchannel_id(uint8_t cssid, uint8_t ssid)
596 {
597     if (channel_subsys.max_cssid > 0) {
598         return (cssid << 8) | (1 << 3) | (ssid << 1) | 1;
599     }
600     return (ssid << 1) | 1;
601 }
602 
603 uint16_t css_build_subchannel_id(SubchDev *sch)
604 {
605     return css_do_build_subchannel_id(sch->cssid, sch->ssid);
606 }
607 
608 void css_inject_io_interrupt(SubchDev *sch)
609 {
610     uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
611 
612     trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
613                            sch->curr_status.pmcw.intparm, isc, "");
614     s390_io_interrupt(css_build_subchannel_id(sch),
615                       sch->schid,
616                       sch->curr_status.pmcw.intparm,
617                       isc << 27);
618 }
619 
620 void css_conditional_io_interrupt(SubchDev *sch)
621 {
622     /*
623      * If the subchannel is not enabled, it is not made status pending
624      * (see PoP p. 16-17, "Status Control").
625      */
626     if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA)) {
627         return;
628     }
629 
630     /*
631      * If the subchannel is not currently status pending, make it pending
632      * with alert status.
633      */
634     if (!(sch->curr_status.scsw.ctrl & SCSW_STCTL_STATUS_PEND)) {
635         uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
636 
637         trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
638                                sch->curr_status.pmcw.intparm, isc,
639                                "(unsolicited)");
640         sch->curr_status.scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
641         sch->curr_status.scsw.ctrl |=
642             SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
643         /* Inject an I/O interrupt. */
644         s390_io_interrupt(css_build_subchannel_id(sch),
645                           sch->schid,
646                           sch->curr_status.pmcw.intparm,
647                           isc << 27);
648     }
649 }
650 
651 int css_do_sic(S390CPU *cpu, uint8_t isc, uint16_t mode)
652 {
653     CPUS390XState *env = &cpu->env;
654     S390FLICState *fs = s390_get_flic();
655     S390FLICStateClass *fsc = s390_get_flic_class(fs);
656     int r;
657 
658     if (env->psw.mask & PSW_MASK_PSTATE) {
659         r = -PGM_PRIVILEGED;
660         goto out;
661     }
662 
663     trace_css_do_sic(mode, isc);
664     switch (mode) {
665     case SIC_IRQ_MODE_ALL:
666     case SIC_IRQ_MODE_SINGLE:
667         break;
668     default:
669         r = -PGM_OPERAND;
670         goto out;
671     }
672 
673     r = fsc->modify_ais_mode(fs, isc, mode) ? -PGM_OPERATION : 0;
674 out:
675     return r;
676 }
677 
678 void css_adapter_interrupt(CssIoAdapterType type, uint8_t isc)
679 {
680     S390FLICState *fs = s390_get_flic();
681     S390FLICStateClass *fsc = s390_get_flic_class(fs);
682     uint32_t io_int_word = (isc << 27) | IO_INT_WORD_AI;
683     IoAdapter *adapter = channel_subsys.io_adapters[type][isc];
684 
685     if (!adapter) {
686         return;
687     }
688 
689     trace_css_adapter_interrupt(isc);
690     if (fs->ais_supported) {
691         if (fsc->inject_airq(fs, type, isc, adapter->flags)) {
692             error_report("Failed to inject airq with AIS supported");
693             exit(1);
694         }
695     } else {
696         s390_io_interrupt(0, 0, 0, io_int_word);
697     }
698 }
699 
700 static void sch_handle_clear_func(SubchDev *sch)
701 {
702     SCHIB *schib = &sch->curr_status;
703     int path;
704 
705     /* Path management: In our simple css, we always choose the only path. */
706     path = 0x80;
707 
708     /* Reset values prior to 'issuing the clear signal'. */
709     schib->pmcw.lpum = 0;
710     schib->pmcw.pom = 0xff;
711     schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
712 
713     /* We always 'attempt to issue the clear signal', and we always succeed. */
714     sch->channel_prog = 0x0;
715     sch->last_cmd_valid = false;
716     schib->scsw.ctrl &= ~SCSW_ACTL_CLEAR_PEND;
717     schib->scsw.ctrl |= SCSW_STCTL_STATUS_PEND;
718 
719     schib->scsw.dstat = 0;
720     schib->scsw.cstat = 0;
721     schib->pmcw.lpum = path;
722 
723 }
724 
725 static void sch_handle_halt_func(SubchDev *sch)
726 {
727     SCHIB *schib = &sch->curr_status;
728     hwaddr curr_ccw = sch->channel_prog;
729     int path;
730 
731     /* Path management: In our simple css, we always choose the only path. */
732     path = 0x80;
733 
734     /* We always 'attempt to issue the halt signal', and we always succeed. */
735     sch->channel_prog = 0x0;
736     sch->last_cmd_valid = false;
737     schib->scsw.ctrl &= ~SCSW_ACTL_HALT_PEND;
738     schib->scsw.ctrl |= SCSW_STCTL_STATUS_PEND;
739 
740     if ((schib->scsw.ctrl & (SCSW_ACTL_SUBCH_ACTIVE |
741                              SCSW_ACTL_DEVICE_ACTIVE)) ||
742         !((schib->scsw.ctrl & SCSW_ACTL_START_PEND) ||
743           (schib->scsw.ctrl & SCSW_ACTL_SUSP))) {
744         schib->scsw.dstat = SCSW_DSTAT_DEVICE_END;
745     }
746     if ((schib->scsw.ctrl & (SCSW_ACTL_SUBCH_ACTIVE |
747                              SCSW_ACTL_DEVICE_ACTIVE)) ||
748         (schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
749         schib->scsw.cpa = curr_ccw + 8;
750     }
751     schib->scsw.cstat = 0;
752     schib->pmcw.lpum = path;
753 
754 }
755 
756 /*
757  * As the SenseId struct cannot be packed (would cause unaligned accesses), we
758  * have to copy the individual fields to an unstructured area using the correct
759  * layout (see SA22-7204-01 "Common I/O-Device Commands").
760  */
761 static void copy_sense_id_to_guest(uint8_t *dest, SenseId *src)
762 {
763     int i;
764 
765     dest[0] = src->reserved;
766     stw_be_p(dest + 1, src->cu_type);
767     dest[3] = src->cu_model;
768     stw_be_p(dest + 4, src->dev_type);
769     dest[6] = src->dev_model;
770     dest[7] = src->unused;
771     for (i = 0; i < ARRAY_SIZE(src->ciw); i++) {
772         dest[8 + i * 4] = src->ciw[i].type;
773         dest[9 + i * 4] = src->ciw[i].command;
774         stw_be_p(dest + 10 + i * 4, src->ciw[i].count);
775     }
776 }
777 
778 static CCW1 copy_ccw_from_guest(hwaddr addr, bool fmt1)
779 {
780     CCW0 tmp0;
781     CCW1 tmp1;
782     CCW1 ret;
783 
784     if (fmt1) {
785         cpu_physical_memory_read(addr, &tmp1, sizeof(tmp1));
786         ret.cmd_code = tmp1.cmd_code;
787         ret.flags = tmp1.flags;
788         ret.count = be16_to_cpu(tmp1.count);
789         ret.cda = be32_to_cpu(tmp1.cda);
790     } else {
791         cpu_physical_memory_read(addr, &tmp0, sizeof(tmp0));
792         if ((tmp0.cmd_code & 0x0f) == CCW_CMD_TIC) {
793             ret.cmd_code = CCW_CMD_TIC;
794             ret.flags = 0;
795             ret.count = 0;
796         } else {
797             ret.cmd_code = tmp0.cmd_code;
798             ret.flags = tmp0.flags;
799             ret.count = be16_to_cpu(tmp0.count);
800         }
801         ret.cda = be16_to_cpu(tmp0.cda1) | (tmp0.cda0 << 16);
802     }
803     return ret;
804 }
805 /**
806  * If out of bounds marks the stream broken. If broken returns -EINVAL,
807  * otherwise the requested length (may be zero)
808  */
809 static inline int cds_check_len(CcwDataStream *cds, int len)
810 {
811     if (cds->at_byte + len > cds->count) {
812         cds->flags |= CDS_F_STREAM_BROKEN;
813     }
814     return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
815 }
816 
817 static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
818 {
819     return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
820 }
821 
822 static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
823                                   CcwDataStreamOp op)
824 {
825     int ret;
826 
827     ret = cds_check_len(cds, len);
828     if (ret <= 0) {
829         return ret;
830     }
831     if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
832         return -EINVAL; /* channel program check */
833     }
834     if (op == CDS_OP_A) {
835         goto incr;
836     }
837     if (!cds->do_skip) {
838         ret = address_space_rw(&address_space_memory, cds->cda,
839                                MEMTXATTRS_UNSPECIFIED, buff, len, op);
840     } else {
841         ret = MEMTX_OK;
842     }
843     if (ret != MEMTX_OK) {
844         cds->flags |= CDS_F_STREAM_BROKEN;
845         return -EINVAL;
846     }
847 incr:
848     cds->at_byte += len;
849     cds->cda += len;
850     return 0;
851 }
852 
853 /* returns values between 1 and bsz, where bsz is a power of 2 */
854 static inline uint16_t ida_continuous_left(hwaddr cda, uint64_t bsz)
855 {
856     return bsz - (cda & (bsz - 1));
857 }
858 
859 static inline uint64_t ccw_ida_block_size(uint8_t flags)
860 {
861     if ((flags & CDS_F_C64) && !(flags & CDS_F_I2K)) {
862         return 1ULL << 12;
863     }
864     return 1ULL << 11;
865 }
866 
867 static inline int ida_read_next_idaw(CcwDataStream *cds)
868 {
869     union {uint64_t fmt2; uint32_t fmt1; } idaw;
870     int ret;
871     hwaddr idaw_addr;
872     bool idaw_fmt2 = cds->flags & CDS_F_C64;
873     bool ccw_fmt1 = cds->flags & CDS_F_FMT;
874 
875     if (idaw_fmt2) {
876         idaw_addr = cds->cda_orig + sizeof(idaw.fmt2) * cds->at_idaw;
877         if (idaw_addr & 0x07 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
878             return -EINVAL; /* channel program check */
879         }
880         ret = address_space_read(&address_space_memory, idaw_addr,
881                                  MEMTXATTRS_UNSPECIFIED, &idaw.fmt2,
882                                  sizeof(idaw.fmt2));
883         cds->cda = be64_to_cpu(idaw.fmt2);
884     } else {
885         idaw_addr = cds->cda_orig + sizeof(idaw.fmt1) * cds->at_idaw;
886         if (idaw_addr & 0x03 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
887             return -EINVAL; /* channel program check */
888         }
889         ret = address_space_read(&address_space_memory, idaw_addr,
890                                  MEMTXATTRS_UNSPECIFIED, &idaw.fmt1,
891                                  sizeof(idaw.fmt1));
892         cds->cda = be64_to_cpu(idaw.fmt1);
893         if (cds->cda & 0x80000000) {
894             return -EINVAL; /* channel program check */
895         }
896     }
897     ++(cds->at_idaw);
898     if (ret != MEMTX_OK) {
899         /* assume inaccessible address */
900         return -EINVAL; /* channel program check */
901     }
902     return 0;
903 }
904 
905 static int ccw_dstream_rw_ida(CcwDataStream *cds, void *buff, int len,
906                               CcwDataStreamOp op)
907 {
908     uint64_t bsz = ccw_ida_block_size(cds->flags);
909     int ret = 0;
910     uint16_t cont_left, iter_len;
911 
912     ret = cds_check_len(cds, len);
913     if (ret <= 0) {
914         return ret;
915     }
916     if (!cds->at_idaw) {
917         /* read first idaw */
918         ret = ida_read_next_idaw(cds);
919         if (ret) {
920             goto err;
921         }
922         cont_left = ida_continuous_left(cds->cda, bsz);
923     } else {
924         cont_left = ida_continuous_left(cds->cda, bsz);
925         if (cont_left == bsz) {
926             ret = ida_read_next_idaw(cds);
927             if (ret) {
928                 goto err;
929             }
930             if (cds->cda & (bsz - 1)) {
931                 ret = -EINVAL; /* channel program check */
932                 goto err;
933             }
934         }
935     }
936     do {
937         iter_len = MIN(len, cont_left);
938         if (op != CDS_OP_A) {
939             if (!cds->do_skip) {
940                 ret = address_space_rw(&address_space_memory, cds->cda,
941                                        MEMTXATTRS_UNSPECIFIED, buff, iter_len,
942                                        op);
943             } else {
944                 ret = MEMTX_OK;
945             }
946             if (ret != MEMTX_OK) {
947                 /* assume inaccessible address */
948                 ret = -EINVAL; /* channel program check */
949                 goto err;
950             }
951         }
952         cds->at_byte += iter_len;
953         cds->cda += iter_len;
954         len -= iter_len;
955         if (!len) {
956             break;
957         }
958         ret = ida_read_next_idaw(cds);
959         if (ret) {
960             goto err;
961         }
962         cont_left = bsz;
963     } while (true);
964     return ret;
965 err:
966     cds->flags |= CDS_F_STREAM_BROKEN;
967     return ret;
968 }
969 
970 void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
971 {
972     /*
973      * We don't support MIDA (an optional facility) yet and we
974      * catch this earlier. Just for expressing the precondition.
975      */
976     g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
977     cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
978                  (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
979                  (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
980                  (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
981 
982     cds->count = ccw->count;
983     cds->cda_orig = ccw->cda;
984     /* skip is only effective for read, read backwards, or sense commands */
985     cds->do_skip = (ccw->flags & CCW_FLAG_SKIP) &&
986         ((ccw->cmd_code & 0x0f) == CCW_CMD_BASIC_SENSE ||
987          (ccw->cmd_code & 0x03) == 0x02 /* read */ ||
988          (ccw->cmd_code & 0x0f) == 0x0c /* read backwards */);
989     ccw_dstream_rewind(cds);
990     if (!(cds->flags & CDS_F_IDA)) {
991         cds->op_handler = ccw_dstream_rw_noflags;
992     } else {
993         cds->op_handler = ccw_dstream_rw_ida;
994     }
995 }
996 
997 static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
998                              bool suspend_allowed)
999 {
1000     int ret;
1001     bool check_len;
1002     int len;
1003     CCW1 ccw;
1004 
1005     if (!ccw_addr) {
1006         return -EINVAL; /* channel-program check */
1007     }
1008     /* Check doubleword aligned and 31 or 24 (fmt 0) bit addressable. */
1009     if (ccw_addr & (sch->ccw_fmt_1 ? 0x80000007 : 0xff000007)) {
1010         return -EINVAL;
1011     }
1012 
1013     /* Translate everything to format-1 ccws - the information is the same. */
1014     ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1);
1015 
1016     /* Check for invalid command codes. */
1017     if ((ccw.cmd_code & 0x0f) == 0) {
1018         return -EINVAL;
1019     }
1020     if (((ccw.cmd_code & 0x0f) == CCW_CMD_TIC) &&
1021         ((ccw.cmd_code & 0xf0) != 0)) {
1022         return -EINVAL;
1023     }
1024     if (!sch->ccw_fmt_1 && (ccw.count == 0) &&
1025         (ccw.cmd_code != CCW_CMD_TIC)) {
1026         return -EINVAL;
1027     }
1028 
1029     /* We don't support MIDA. */
1030     if (ccw.flags & CCW_FLAG_MIDA) {
1031         return -EINVAL;
1032     }
1033 
1034     if (ccw.flags & CCW_FLAG_SUSPEND) {
1035         return suspend_allowed ? -EINPROGRESS : -EINVAL;
1036     }
1037 
1038     check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
1039 
1040     if (!ccw.cda) {
1041         if (sch->ccw_no_data_cnt == 255) {
1042             return -EINVAL;
1043         }
1044         sch->ccw_no_data_cnt++;
1045     }
1046 
1047     /* Look at the command. */
1048     ccw_dstream_init(&sch->cds, &ccw, &(sch->orb));
1049     switch (ccw.cmd_code) {
1050     case CCW_CMD_NOOP:
1051         /* Nothing to do. */
1052         ret = 0;
1053         break;
1054     case CCW_CMD_BASIC_SENSE:
1055         if (check_len) {
1056             if (ccw.count != sizeof(sch->sense_data)) {
1057                 ret = -EINVAL;
1058                 break;
1059             }
1060         }
1061         len = MIN(ccw.count, sizeof(sch->sense_data));
1062         ret = ccw_dstream_write_buf(&sch->cds, sch->sense_data, len);
1063         sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1064         if (!ret) {
1065             memset(sch->sense_data, 0, sizeof(sch->sense_data));
1066         }
1067         break;
1068     case CCW_CMD_SENSE_ID:
1069     {
1070         /* According to SA22-7204-01, Sense-ID can store up to 256 bytes */
1071         uint8_t sense_id[256];
1072 
1073         copy_sense_id_to_guest(sense_id, &sch->id);
1074         /* Sense ID information is device specific. */
1075         if (check_len) {
1076             if (ccw.count != sizeof(sense_id)) {
1077                 ret = -EINVAL;
1078                 break;
1079             }
1080         }
1081         len = MIN(ccw.count, sizeof(sense_id));
1082         /*
1083          * Only indicate 0xff in the first sense byte if we actually
1084          * have enough place to store at least bytes 0-3.
1085          */
1086         if (len >= 4) {
1087             sense_id[0] = 0xff;
1088         } else {
1089             sense_id[0] = 0;
1090         }
1091         ret = ccw_dstream_write_buf(&sch->cds, sense_id, len);
1092         if (!ret) {
1093             sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1094         }
1095         break;
1096     }
1097     case CCW_CMD_TIC:
1098         if (sch->last_cmd_valid && (sch->last_cmd.cmd_code == CCW_CMD_TIC)) {
1099             ret = -EINVAL;
1100             break;
1101         }
1102         if (ccw.flags || ccw.count) {
1103             /* We have already sanitized these if converted from fmt 0. */
1104             ret = -EINVAL;
1105             break;
1106         }
1107         sch->channel_prog = ccw.cda;
1108         ret = -EAGAIN;
1109         break;
1110     default:
1111         if (sch->ccw_cb) {
1112             /* Handle device specific commands. */
1113             ret = sch->ccw_cb(sch, ccw);
1114         } else {
1115             ret = -ENOSYS;
1116         }
1117         break;
1118     }
1119     sch->last_cmd = ccw;
1120     sch->last_cmd_valid = true;
1121     if (ret == 0) {
1122         if (ccw.flags & CCW_FLAG_CC) {
1123             sch->channel_prog += 8;
1124             ret = -EAGAIN;
1125         }
1126     }
1127 
1128     return ret;
1129 }
1130 
1131 static void sch_handle_start_func_virtual(SubchDev *sch)
1132 {
1133     SCHIB *schib = &sch->curr_status;
1134     int path;
1135     int ret;
1136     bool suspend_allowed;
1137 
1138     /* Path management: In our simple css, we always choose the only path. */
1139     path = 0x80;
1140 
1141     if (!(schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
1142         /* Start Function triggered via ssch, i.e. we have an ORB */
1143         ORB *orb = &sch->orb;
1144         schib->scsw.cstat = 0;
1145         schib->scsw.dstat = 0;
1146         /* Look at the orb and try to execute the channel program. */
1147         schib->pmcw.intparm = orb->intparm;
1148         if (!(orb->lpm & path)) {
1149             /* Generate a deferred cc 3 condition. */
1150             schib->scsw.flags |= SCSW_FLAGS_MASK_CC;
1151             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1152             schib->scsw.ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
1153             return;
1154         }
1155         sch->ccw_fmt_1 = !!(orb->ctrl0 & ORB_CTRL0_MASK_FMT);
1156         schib->scsw.flags |= (sch->ccw_fmt_1) ? SCSW_FLAGS_MASK_FMT : 0;
1157         sch->ccw_no_data_cnt = 0;
1158         suspend_allowed = !!(orb->ctrl0 & ORB_CTRL0_MASK_SPND);
1159     } else {
1160         /* Start Function resumed via rsch */
1161         schib->scsw.ctrl &= ~(SCSW_ACTL_SUSP | SCSW_ACTL_RESUME_PEND);
1162         /* The channel program had been suspended before. */
1163         suspend_allowed = true;
1164     }
1165     sch->last_cmd_valid = false;
1166     do {
1167         ret = css_interpret_ccw(sch, sch->channel_prog, suspend_allowed);
1168         switch (ret) {
1169         case -EAGAIN:
1170             /* ccw chain, continue processing */
1171             break;
1172         case 0:
1173             /* success */
1174             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1175             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1176             schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1177                     SCSW_STCTL_STATUS_PEND;
1178             schib->scsw.dstat = SCSW_DSTAT_CHANNEL_END | SCSW_DSTAT_DEVICE_END;
1179             schib->scsw.cpa = sch->channel_prog + 8;
1180             break;
1181         case -EIO:
1182             /* I/O errors, status depends on specific devices */
1183             break;
1184         case -ENOSYS:
1185             /* unsupported command, generate unit check (command reject) */
1186             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1187             schib->scsw.dstat = SCSW_DSTAT_UNIT_CHECK;
1188             /* Set sense bit 0 in ecw0. */
1189             sch->sense_data[0] = 0x80;
1190             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1191             schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1192                     SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1193             schib->scsw.cpa = sch->channel_prog + 8;
1194             break;
1195         case -EINPROGRESS:
1196             /* channel program has been suspended */
1197             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1198             schib->scsw.ctrl |= SCSW_ACTL_SUSP;
1199             break;
1200         default:
1201             /* error, generate channel program check */
1202             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1203             schib->scsw.cstat = SCSW_CSTAT_PROG_CHECK;
1204             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1205             schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1206                     SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1207             schib->scsw.cpa = sch->channel_prog + 8;
1208             break;
1209         }
1210     } while (ret == -EAGAIN);
1211 
1212 }
1213 
1214 static IOInstEnding sch_handle_halt_func_passthrough(SubchDev *sch)
1215 {
1216     int ret;
1217 
1218     ret = s390_ccw_halt(sch);
1219     if (ret == -ENOSYS) {
1220         sch_handle_halt_func(sch);
1221         return IOINST_CC_EXPECTED;
1222     }
1223     /*
1224      * Some conditions may have been detected prior to starting the halt
1225      * function; map them to the correct cc.
1226      * Note that we map both -ENODEV and -EACCES to cc 3 (there's not really
1227      * anything else we can do.)
1228      */
1229     switch (ret) {
1230     case -EBUSY:
1231         return IOINST_CC_BUSY;
1232     case -ENODEV:
1233     case -EACCES:
1234         return IOINST_CC_NOT_OPERATIONAL;
1235     default:
1236         return IOINST_CC_EXPECTED;
1237     }
1238 }
1239 
1240 static IOInstEnding sch_handle_clear_func_passthrough(SubchDev *sch)
1241 {
1242     int ret;
1243 
1244     ret = s390_ccw_clear(sch);
1245     if (ret == -ENOSYS) {
1246         sch_handle_clear_func(sch);
1247         return IOINST_CC_EXPECTED;
1248     }
1249     /*
1250      * Some conditions may have been detected prior to starting the clear
1251      * function; map them to the correct cc.
1252      * Note that we map both -ENODEV and -EACCES to cc 3 (there's not really
1253      * anything else we can do.)
1254      */
1255     switch (ret) {
1256     case -ENODEV:
1257     case -EACCES:
1258         return IOINST_CC_NOT_OPERATIONAL;
1259     default:
1260         return IOINST_CC_EXPECTED;
1261     }
1262 }
1263 
1264 static IOInstEnding sch_handle_start_func_passthrough(SubchDev *sch)
1265 {
1266     SCHIB *schib = &sch->curr_status;
1267     ORB *orb = &sch->orb;
1268     if (!(schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
1269         assert(orb != NULL);
1270         schib->pmcw.intparm = orb->intparm;
1271     }
1272     return s390_ccw_cmd_request(sch);
1273 }
1274 
1275 /*
1276  * On real machines, this would run asynchronously to the main vcpus.
1277  * We might want to make some parts of the ssch handling (interpreting
1278  * read/writes) asynchronous later on if we start supporting more than
1279  * our current very simple devices.
1280  */
1281 IOInstEnding do_subchannel_work_virtual(SubchDev *sch)
1282 {
1283     SCHIB *schib = &sch->curr_status;
1284 
1285     if (schib->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
1286         sch_handle_clear_func(sch);
1287     } else if (schib->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
1288         sch_handle_halt_func(sch);
1289     } else if (schib->scsw.ctrl & SCSW_FCTL_START_FUNC) {
1290         /* Triggered by both ssch and rsch. */
1291         sch_handle_start_func_virtual(sch);
1292     }
1293     css_inject_io_interrupt(sch);
1294     /* inst must succeed if this func is called */
1295     return IOINST_CC_EXPECTED;
1296 }
1297 
1298 IOInstEnding do_subchannel_work_passthrough(SubchDev *sch)
1299 {
1300     SCHIB *schib = &sch->curr_status;
1301 
1302     if (schib->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
1303         return sch_handle_clear_func_passthrough(sch);
1304     } else if (schib->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
1305         return sch_handle_halt_func_passthrough(sch);
1306     } else if (schib->scsw.ctrl & SCSW_FCTL_START_FUNC) {
1307         return sch_handle_start_func_passthrough(sch);
1308     }
1309     return IOINST_CC_EXPECTED;
1310 }
1311 
1312 static IOInstEnding do_subchannel_work(SubchDev *sch)
1313 {
1314     if (!sch->do_subchannel_work) {
1315         return IOINST_CC_STATUS_PRESENT;
1316     }
1317     g_assert(sch->curr_status.scsw.ctrl & SCSW_CTRL_MASK_FCTL);
1318     return sch->do_subchannel_work(sch);
1319 }
1320 
1321 static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
1322 {
1323     int i;
1324 
1325     dest->intparm = cpu_to_be32(src->intparm);
1326     dest->flags = cpu_to_be16(src->flags);
1327     dest->devno = cpu_to_be16(src->devno);
1328     dest->lpm = src->lpm;
1329     dest->pnom = src->pnom;
1330     dest->lpum = src->lpum;
1331     dest->pim = src->pim;
1332     dest->mbi = cpu_to_be16(src->mbi);
1333     dest->pom = src->pom;
1334     dest->pam = src->pam;
1335     for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1336         dest->chpid[i] = src->chpid[i];
1337     }
1338     dest->chars = cpu_to_be32(src->chars);
1339 }
1340 
1341 void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
1342 {
1343     dest->flags = cpu_to_be16(src->flags);
1344     dest->ctrl = cpu_to_be16(src->ctrl);
1345     dest->cpa = cpu_to_be32(src->cpa);
1346     dest->dstat = src->dstat;
1347     dest->cstat = src->cstat;
1348     dest->count = cpu_to_be16(src->count);
1349 }
1350 
1351 static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src)
1352 {
1353     int i;
1354     /*
1355      * We copy the PMCW and SCSW in and out of local variables to
1356      * avoid taking the address of members of a packed struct.
1357      */
1358     PMCW src_pmcw, dest_pmcw;
1359     SCSW src_scsw, dest_scsw;
1360 
1361     src_pmcw = src->pmcw;
1362     copy_pmcw_to_guest(&dest_pmcw, &src_pmcw);
1363     dest->pmcw = dest_pmcw;
1364     src_scsw = src->scsw;
1365     copy_scsw_to_guest(&dest_scsw, &src_scsw);
1366     dest->scsw = dest_scsw;
1367     dest->mba = cpu_to_be64(src->mba);
1368     for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1369         dest->mda[i] = src->mda[i];
1370     }
1371 }
1372 
1373 void copy_esw_to_guest(ESW *dest, const ESW *src)
1374 {
1375     dest->word0 = cpu_to_be32(src->word0);
1376     dest->erw = cpu_to_be32(src->erw);
1377     dest->word2 = cpu_to_be64(src->word2);
1378     dest->word4 = cpu_to_be32(src->word4);
1379 }
1380 
1381 IOInstEnding css_do_stsch(SubchDev *sch, SCHIB *schib)
1382 {
1383     int ret;
1384 
1385     /*
1386      * For some subchannels, we may want to update parts of
1387      * the schib (e.g., update path masks from the host device
1388      * for passthrough subchannels).
1389      */
1390     ret = s390_ccw_store(sch);
1391 
1392     /* Use current status. */
1393     copy_schib_to_guest(schib, &sch->curr_status);
1394     return ret;
1395 }
1396 
1397 static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
1398 {
1399     int i;
1400 
1401     dest->intparm = be32_to_cpu(src->intparm);
1402     dest->flags = be16_to_cpu(src->flags);
1403     dest->devno = be16_to_cpu(src->devno);
1404     dest->lpm = src->lpm;
1405     dest->pnom = src->pnom;
1406     dest->lpum = src->lpum;
1407     dest->pim = src->pim;
1408     dest->mbi = be16_to_cpu(src->mbi);
1409     dest->pom = src->pom;
1410     dest->pam = src->pam;
1411     for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1412         dest->chpid[i] = src->chpid[i];
1413     }
1414     dest->chars = be32_to_cpu(src->chars);
1415 }
1416 
1417 static void copy_scsw_from_guest(SCSW *dest, const SCSW *src)
1418 {
1419     dest->flags = be16_to_cpu(src->flags);
1420     dest->ctrl = be16_to_cpu(src->ctrl);
1421     dest->cpa = be32_to_cpu(src->cpa);
1422     dest->dstat = src->dstat;
1423     dest->cstat = src->cstat;
1424     dest->count = be16_to_cpu(src->count);
1425 }
1426 
1427 static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src)
1428 {
1429     int i;
1430     /*
1431      * We copy the PMCW and SCSW in and out of local variables to
1432      * avoid taking the address of members of a packed struct.
1433      */
1434     PMCW src_pmcw, dest_pmcw;
1435     SCSW src_scsw, dest_scsw;
1436 
1437     src_pmcw = src->pmcw;
1438     copy_pmcw_from_guest(&dest_pmcw, &src_pmcw);
1439     dest->pmcw = dest_pmcw;
1440     src_scsw = src->scsw;
1441     copy_scsw_from_guest(&dest_scsw, &src_scsw);
1442     dest->scsw = dest_scsw;
1443     dest->mba = be64_to_cpu(src->mba);
1444     for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1445         dest->mda[i] = src->mda[i];
1446     }
1447 }
1448 
1449 IOInstEnding css_do_msch(SubchDev *sch, const SCHIB *orig_schib)
1450 {
1451     SCHIB *schib = &sch->curr_status;
1452     uint16_t oldflags;
1453     SCHIB schib_copy;
1454 
1455     if (!(schib->pmcw.flags & PMCW_FLAGS_MASK_DNV)) {
1456         return IOINST_CC_EXPECTED;
1457     }
1458 
1459     if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1460         return IOINST_CC_STATUS_PRESENT;
1461     }
1462 
1463     if (schib->scsw.ctrl &
1464         (SCSW_FCTL_START_FUNC|SCSW_FCTL_HALT_FUNC|SCSW_FCTL_CLEAR_FUNC)) {
1465         return IOINST_CC_BUSY;
1466     }
1467 
1468     copy_schib_from_guest(&schib_copy, orig_schib);
1469     /* Only update the program-modifiable fields. */
1470     schib->pmcw.intparm = schib_copy.pmcw.intparm;
1471     oldflags = schib->pmcw.flags;
1472     schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1473                   PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1474                   PMCW_FLAGS_MASK_MP);
1475     schib->pmcw.flags |= schib_copy.pmcw.flags &
1476             (PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1477              PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1478              PMCW_FLAGS_MASK_MP);
1479     schib->pmcw.lpm = schib_copy.pmcw.lpm;
1480     schib->pmcw.mbi = schib_copy.pmcw.mbi;
1481     schib->pmcw.pom = schib_copy.pmcw.pom;
1482     schib->pmcw.chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1483     schib->pmcw.chars |= schib_copy.pmcw.chars &
1484             (PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1485     schib->mba = schib_copy.mba;
1486 
1487     /* Has the channel been disabled? */
1488     if (sch->disable_cb && (oldflags & PMCW_FLAGS_MASK_ENA) != 0
1489         && (schib->pmcw.flags & PMCW_FLAGS_MASK_ENA) == 0) {
1490         sch->disable_cb(sch);
1491     }
1492     return IOINST_CC_EXPECTED;
1493 }
1494 
1495 IOInstEnding css_do_xsch(SubchDev *sch)
1496 {
1497     SCHIB *schib = &sch->curr_status;
1498 
1499     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1500         return IOINST_CC_NOT_OPERATIONAL;
1501     }
1502 
1503     if (schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) {
1504         return IOINST_CC_STATUS_PRESENT;
1505     }
1506 
1507     if (!(schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) ||
1508         ((schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1509         (!(schib->scsw.ctrl &
1510            (SCSW_ACTL_RESUME_PEND | SCSW_ACTL_START_PEND | SCSW_ACTL_SUSP))) ||
1511         (schib->scsw.ctrl & SCSW_ACTL_SUBCH_ACTIVE)) {
1512         return IOINST_CC_BUSY;
1513     }
1514 
1515     /* Cancel the current operation. */
1516     schib->scsw.ctrl &= ~(SCSW_FCTL_START_FUNC |
1517                  SCSW_ACTL_RESUME_PEND |
1518                  SCSW_ACTL_START_PEND |
1519                  SCSW_ACTL_SUSP);
1520     sch->channel_prog = 0x0;
1521     sch->last_cmd_valid = false;
1522     schib->scsw.dstat = 0;
1523     schib->scsw.cstat = 0;
1524     return IOINST_CC_EXPECTED;
1525 }
1526 
1527 IOInstEnding css_do_csch(SubchDev *sch)
1528 {
1529     SCHIB *schib = &sch->curr_status;
1530     uint16_t old_scsw_ctrl;
1531     IOInstEnding ccode;
1532 
1533     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1534         return IOINST_CC_NOT_OPERATIONAL;
1535     }
1536 
1537     /*
1538      * Save the current scsw.ctrl in case CSCH fails and we need
1539      * to revert the scsw to the status quo ante.
1540      */
1541     old_scsw_ctrl = schib->scsw.ctrl;
1542 
1543     /* Trigger the clear function. */
1544     schib->scsw.ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);
1545     schib->scsw.ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_ACTL_CLEAR_PEND;
1546 
1547     ccode = do_subchannel_work(sch);
1548 
1549     if (ccode != IOINST_CC_EXPECTED) {
1550         schib->scsw.ctrl = old_scsw_ctrl;
1551     }
1552 
1553     return ccode;
1554 }
1555 
1556 IOInstEnding css_do_hsch(SubchDev *sch)
1557 {
1558     SCHIB *schib = &sch->curr_status;
1559     uint16_t old_scsw_ctrl;
1560     IOInstEnding ccode;
1561 
1562     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1563         return IOINST_CC_NOT_OPERATIONAL;
1564     }
1565 
1566     if (((schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_STATUS_PEND) ||
1567         (schib->scsw.ctrl & (SCSW_STCTL_PRIMARY |
1568                     SCSW_STCTL_SECONDARY |
1569                     SCSW_STCTL_ALERT))) {
1570         return IOINST_CC_STATUS_PRESENT;
1571     }
1572 
1573     if (schib->scsw.ctrl & (SCSW_FCTL_HALT_FUNC | SCSW_FCTL_CLEAR_FUNC)) {
1574         return IOINST_CC_BUSY;
1575     }
1576 
1577     /*
1578      * Save the current scsw.ctrl in case HSCH fails and we need
1579      * to revert the scsw to the status quo ante.
1580      */
1581     old_scsw_ctrl = schib->scsw.ctrl;
1582 
1583     /* Trigger the halt function. */
1584     schib->scsw.ctrl |= SCSW_FCTL_HALT_FUNC;
1585     schib->scsw.ctrl &= ~SCSW_FCTL_START_FUNC;
1586     if (((schib->scsw.ctrl & SCSW_CTRL_MASK_ACTL) ==
1587          (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) &&
1588         ((schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) ==
1589          SCSW_STCTL_INTERMEDIATE)) {
1590         schib->scsw.ctrl &= ~SCSW_STCTL_STATUS_PEND;
1591     }
1592     schib->scsw.ctrl |= SCSW_ACTL_HALT_PEND;
1593 
1594     ccode = do_subchannel_work(sch);
1595 
1596     if (ccode != IOINST_CC_EXPECTED) {
1597         schib->scsw.ctrl = old_scsw_ctrl;
1598     }
1599 
1600     return ccode;
1601 }
1602 
1603 static void css_update_chnmon(SubchDev *sch)
1604 {
1605     if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_MME)) {
1606         /* Not active. */
1607         return;
1608     }
1609     /* The counter is conveniently located at the beginning of the struct. */
1610     if (sch->curr_status.pmcw.chars & PMCW_CHARS_MASK_MBFC) {
1611         /* Format 1, per-subchannel area. */
1612         uint32_t count;
1613 
1614         count = address_space_ldl(&address_space_memory,
1615                                   sch->curr_status.mba,
1616                                   MEMTXATTRS_UNSPECIFIED,
1617                                   NULL);
1618         count++;
1619         address_space_stl(&address_space_memory, sch->curr_status.mba, count,
1620                           MEMTXATTRS_UNSPECIFIED, NULL);
1621     } else {
1622         /* Format 0, global area. */
1623         uint32_t offset;
1624         uint16_t count;
1625 
1626         offset = sch->curr_status.pmcw.mbi << 5;
1627         count = address_space_lduw(&address_space_memory,
1628                                    channel_subsys.chnmon_area + offset,
1629                                    MEMTXATTRS_UNSPECIFIED,
1630                                    NULL);
1631         count++;
1632         address_space_stw(&address_space_memory,
1633                           channel_subsys.chnmon_area + offset, count,
1634                           MEMTXATTRS_UNSPECIFIED, NULL);
1635     }
1636 }
1637 
1638 IOInstEnding css_do_ssch(SubchDev *sch, ORB *orb)
1639 {
1640     SCHIB *schib = &sch->curr_status;
1641     uint16_t old_scsw_ctrl, old_scsw_flags;
1642     IOInstEnding ccode;
1643 
1644     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1645         return IOINST_CC_NOT_OPERATIONAL;
1646     }
1647 
1648     if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1649         return IOINST_CC_STATUS_PRESENT;
1650     }
1651 
1652     if (schib->scsw.ctrl & (SCSW_FCTL_START_FUNC |
1653                    SCSW_FCTL_HALT_FUNC |
1654                    SCSW_FCTL_CLEAR_FUNC)) {
1655         return IOINST_CC_BUSY;
1656     }
1657 
1658     /* If monitoring is active, update counter. */
1659     if (channel_subsys.chnmon_active) {
1660         css_update_chnmon(sch);
1661     }
1662     sch->orb = *orb;
1663     sch->channel_prog = orb->cpa;
1664 
1665     /*
1666      * Save the current scsw.ctrl and scsw.flags in case SSCH fails and we need
1667      * to revert the scsw to the status quo ante.
1668      */
1669     old_scsw_ctrl = schib->scsw.ctrl;
1670     old_scsw_flags = schib->scsw.flags;
1671 
1672     /* Trigger the start function. */
1673     schib->scsw.ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
1674     schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1675 
1676     ccode = do_subchannel_work(sch);
1677 
1678     if (ccode != IOINST_CC_EXPECTED) {
1679         schib->scsw.ctrl = old_scsw_ctrl;
1680         schib->scsw.flags = old_scsw_flags;
1681     }
1682 
1683     return ccode;
1684 }
1685 
1686 static void copy_irb_to_guest(IRB *dest, const IRB *src, const PMCW *pmcw,
1687                               int *irb_len)
1688 {
1689     int i;
1690     uint16_t stctl = src->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1691     uint16_t actl = src->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1692 
1693     copy_scsw_to_guest(&dest->scsw, &src->scsw);
1694 
1695     copy_esw_to_guest(&dest->esw, &src->esw);
1696 
1697     for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) {
1698         dest->ecw[i] = cpu_to_be32(src->ecw[i]);
1699     }
1700     *irb_len = sizeof(*dest) - sizeof(dest->emw);
1701 
1702     /* extended measurements enabled? */
1703     if ((src->scsw.flags & SCSW_FLAGS_MASK_ESWF) ||
1704         !(pmcw->flags & PMCW_FLAGS_MASK_TF) ||
1705         !(pmcw->chars & PMCW_CHARS_MASK_XMWME)) {
1706         return;
1707     }
1708     /* extended measurements pending? */
1709     if (!(stctl & SCSW_STCTL_STATUS_PEND)) {
1710         return;
1711     }
1712     if ((stctl & SCSW_STCTL_PRIMARY) ||
1713         (stctl == SCSW_STCTL_SECONDARY) ||
1714         ((stctl & SCSW_STCTL_INTERMEDIATE) && (actl & SCSW_ACTL_SUSP))) {
1715         for (i = 0; i < ARRAY_SIZE(dest->emw); i++) {
1716             dest->emw[i] = cpu_to_be32(src->emw[i]);
1717         }
1718     }
1719     *irb_len = sizeof(*dest);
1720 }
1721 
1722 static void build_irb_sense_data(SubchDev *sch, IRB *irb)
1723 {
1724     int i;
1725 
1726     /* Attention: sense_data is already BE! */
1727     memcpy(irb->ecw, sch->sense_data, sizeof(sch->sense_data));
1728     for (i = 0; i < ARRAY_SIZE(irb->ecw); i++) {
1729         irb->ecw[i] = be32_to_cpu(irb->ecw[i]);
1730     }
1731 }
1732 
1733 void build_irb_passthrough(SubchDev *sch, IRB *irb)
1734 {
1735     /* Copy ESW from hardware */
1736     irb->esw = sch->esw;
1737 
1738     /*
1739      * If (irb->esw.erw & ESW_ERW_SENSE) is true, then the contents
1740      * of the ECW is sense data. If false, then it is model-dependent
1741      * information. Either way, copy it into the IRB for the guest to
1742      * read/decide what to do with.
1743      */
1744     build_irb_sense_data(sch, irb);
1745 }
1746 
1747 void build_irb_virtual(SubchDev *sch, IRB *irb)
1748 {
1749     SCHIB *schib = &sch->curr_status;
1750     uint16_t stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1751 
1752     if (stctl & SCSW_STCTL_STATUS_PEND) {
1753         if (schib->scsw.cstat & (SCSW_CSTAT_DATA_CHECK |
1754                         SCSW_CSTAT_CHN_CTRL_CHK |
1755                         SCSW_CSTAT_INTF_CTRL_CHK)) {
1756             irb->scsw.flags |= SCSW_FLAGS_MASK_ESWF;
1757             irb->esw.word0 = 0x04804000;
1758         } else {
1759             irb->esw.word0 = 0x00800000;
1760         }
1761         /* If a unit check is pending, copy sense data. */
1762         if ((schib->scsw.dstat & SCSW_DSTAT_UNIT_CHECK) &&
1763             (schib->pmcw.chars & PMCW_CHARS_MASK_CSENSE)) {
1764             irb->scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
1765             build_irb_sense_data(sch, irb);
1766             irb->esw.erw = ESW_ERW_SENSE | (sizeof(sch->sense_data) << 8);
1767         }
1768     }
1769 }
1770 
1771 int css_do_tsch_get_irb(SubchDev *sch, IRB *target_irb, int *irb_len)
1772 {
1773     SCHIB *schib = &sch->curr_status;
1774     PMCW p;
1775     uint16_t stctl;
1776     IRB irb;
1777 
1778     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1779         return 3;
1780     }
1781 
1782     stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1783 
1784     /* Prepare the irb for the guest. */
1785     memset(&irb, 0, sizeof(IRB));
1786 
1787     /* Copy scsw from current status. */
1788     irb.scsw = schib->scsw;
1789 
1790     /* Build other IRB data, if necessary */
1791     if (sch->irb_cb) {
1792         sch->irb_cb(sch, &irb);
1793     }
1794 
1795     /* Store the irb to the guest. */
1796     p = schib->pmcw;
1797     copy_irb_to_guest(target_irb, &irb, &p, irb_len);
1798 
1799     return ((stctl & SCSW_STCTL_STATUS_PEND) == 0);
1800 }
1801 
1802 void css_do_tsch_update_subch(SubchDev *sch)
1803 {
1804     SCHIB *schib = &sch->curr_status;
1805     uint16_t stctl;
1806     uint16_t fctl;
1807     uint16_t actl;
1808 
1809     stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1810     fctl = schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL;
1811     actl = schib->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1812 
1813     /* Clear conditions on subchannel, if applicable. */
1814     if (stctl & SCSW_STCTL_STATUS_PEND) {
1815         schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1816         if ((stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) ||
1817             ((fctl & SCSW_FCTL_HALT_FUNC) &&
1818              (actl & SCSW_ACTL_SUSP))) {
1819             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_FCTL;
1820         }
1821         if (stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) {
1822             schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1823             schib->scsw.ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1824                          SCSW_ACTL_START_PEND |
1825                          SCSW_ACTL_HALT_PEND |
1826                          SCSW_ACTL_CLEAR_PEND |
1827                          SCSW_ACTL_SUSP);
1828         } else {
1829             if ((actl & SCSW_ACTL_SUSP) &&
1830                 (fctl & SCSW_FCTL_START_FUNC)) {
1831                 schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1832                 if (fctl & SCSW_FCTL_HALT_FUNC) {
1833                     schib->scsw.ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1834                                  SCSW_ACTL_START_PEND |
1835                                  SCSW_ACTL_HALT_PEND |
1836                                  SCSW_ACTL_CLEAR_PEND |
1837                                  SCSW_ACTL_SUSP);
1838                 } else {
1839                     schib->scsw.ctrl &= ~SCSW_ACTL_RESUME_PEND;
1840                 }
1841             }
1842         }
1843         /* Clear pending sense data. */
1844         if (schib->pmcw.chars & PMCW_CHARS_MASK_CSENSE) {
1845             memset(sch->sense_data, 0 , sizeof(sch->sense_data));
1846         }
1847     }
1848 }
1849 
1850 static void copy_crw_to_guest(CRW *dest, const CRW *src)
1851 {
1852     dest->flags = cpu_to_be16(src->flags);
1853     dest->rsid = cpu_to_be16(src->rsid);
1854 }
1855 
1856 int css_do_stcrw(CRW *crw)
1857 {
1858     CrwContainer *crw_cont;
1859     int ret;
1860 
1861     crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws);
1862     if (crw_cont) {
1863         QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
1864         copy_crw_to_guest(crw, &crw_cont->crw);
1865         g_free(crw_cont);
1866         ret = 0;
1867     } else {
1868         /* List was empty, turn crw machine checks on again. */
1869         memset(crw, 0, sizeof(*crw));
1870         channel_subsys.do_crw_mchk = true;
1871         ret = 1;
1872     }
1873 
1874     return ret;
1875 }
1876 
1877 static void copy_crw_from_guest(CRW *dest, const CRW *src)
1878 {
1879     dest->flags = be16_to_cpu(src->flags);
1880     dest->rsid = be16_to_cpu(src->rsid);
1881 }
1882 
1883 void css_undo_stcrw(CRW *crw)
1884 {
1885     CrwContainer *crw_cont;
1886 
1887     crw_cont = g_try_new0(CrwContainer, 1);
1888     if (!crw_cont) {
1889         channel_subsys.crws_lost = true;
1890         return;
1891     }
1892     copy_crw_from_guest(&crw_cont->crw, crw);
1893 
1894     QTAILQ_INSERT_HEAD(&channel_subsys.pending_crws, crw_cont, sibling);
1895 }
1896 
1897 int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t l_chpid,
1898                          int rfmt, void *buf)
1899 {
1900     int i, desc_size;
1901     uint32_t words[8];
1902     uint32_t chpid_type_word;
1903     CssImage *css;
1904 
1905     if (!m && !cssid) {
1906         css = channel_subsys.css[channel_subsys.default_cssid];
1907     } else {
1908         css = channel_subsys.css[cssid];
1909     }
1910     if (!css) {
1911         return 0;
1912     }
1913     desc_size = 0;
1914     for (i = f_chpid; i <= l_chpid; i++) {
1915         if (css->chpids[i].in_use) {
1916             chpid_type_word = 0x80000000 | (css->chpids[i].type << 8) | i;
1917             if (rfmt == 0) {
1918                 words[0] = cpu_to_be32(chpid_type_word);
1919                 words[1] = 0;
1920                 memcpy(buf + desc_size, words, 8);
1921                 desc_size += 8;
1922             } else if (rfmt == 1) {
1923                 words[0] = cpu_to_be32(chpid_type_word);
1924                 words[1] = 0;
1925                 words[2] = 0;
1926                 words[3] = 0;
1927                 words[4] = 0;
1928                 words[5] = 0;
1929                 words[6] = 0;
1930                 words[7] = 0;
1931                 memcpy(buf + desc_size, words, 32);
1932                 desc_size += 32;
1933             }
1934         }
1935     }
1936     return desc_size;
1937 }
1938 
1939 void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo)
1940 {
1941     /* dct is currently ignored (not really meaningful for our devices) */
1942     /* TODO: Don't ignore mbk. */
1943     if (update && !channel_subsys.chnmon_active) {
1944         /* Enable measuring. */
1945         channel_subsys.chnmon_area = mbo;
1946         channel_subsys.chnmon_active = true;
1947     }
1948     if (!update && channel_subsys.chnmon_active) {
1949         /* Disable measuring. */
1950         channel_subsys.chnmon_area = 0;
1951         channel_subsys.chnmon_active = false;
1952     }
1953 }
1954 
1955 IOInstEnding css_do_rsch(SubchDev *sch)
1956 {
1957     SCHIB *schib = &sch->curr_status;
1958 
1959     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1960         return IOINST_CC_NOT_OPERATIONAL;
1961     }
1962 
1963     if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1964         return IOINST_CC_STATUS_PRESENT;
1965     }
1966 
1967     if (((schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1968         (schib->scsw.ctrl & SCSW_ACTL_RESUME_PEND) ||
1969         (!(schib->scsw.ctrl & SCSW_ACTL_SUSP))) {
1970         return IOINST_CC_BUSY;
1971     }
1972 
1973     /* If monitoring is active, update counter. */
1974     if (channel_subsys.chnmon_active) {
1975         css_update_chnmon(sch);
1976     }
1977 
1978     schib->scsw.ctrl |= SCSW_ACTL_RESUME_PEND;
1979     return do_subchannel_work(sch);
1980 }
1981 
1982 int css_do_rchp(uint8_t cssid, uint8_t chpid)
1983 {
1984     uint8_t real_cssid;
1985 
1986     if (cssid > channel_subsys.max_cssid) {
1987         return -EINVAL;
1988     }
1989     if (channel_subsys.max_cssid == 0) {
1990         real_cssid = channel_subsys.default_cssid;
1991     } else {
1992         real_cssid = cssid;
1993     }
1994     if (!channel_subsys.css[real_cssid]) {
1995         return -EINVAL;
1996     }
1997 
1998     if (!channel_subsys.css[real_cssid]->chpids[chpid].in_use) {
1999         return -ENODEV;
2000     }
2001 
2002     if (!channel_subsys.css[real_cssid]->chpids[chpid].is_virtual) {
2003         fprintf(stderr,
2004                 "rchp unsupported for non-virtual chpid %x.%02x!\n",
2005                 real_cssid, chpid);
2006         return -ENODEV;
2007     }
2008 
2009     /* We don't really use a channel path, so we're done here. */
2010     css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1,
2011                   channel_subsys.max_cssid > 0 ? 1 : 0, chpid);
2012     if (channel_subsys.max_cssid > 0) {
2013         css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1, 0, real_cssid << 8);
2014     }
2015     return 0;
2016 }
2017 
2018 bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid)
2019 {
2020     SubchSet *set;
2021     uint8_t real_cssid;
2022 
2023     real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
2024     if (ssid > MAX_SSID ||
2025         !channel_subsys.css[real_cssid] ||
2026         !channel_subsys.css[real_cssid]->sch_set[ssid]) {
2027         return true;
2028     }
2029     set = channel_subsys.css[real_cssid]->sch_set[ssid];
2030     return schid > find_last_bit(set->schids_used,
2031                                  (MAX_SCHID + 1) / sizeof(unsigned long));
2032 }
2033 
2034 unsigned int css_find_free_chpid(uint8_t cssid)
2035 {
2036     CssImage *css = channel_subsys.css[cssid];
2037     unsigned int chpid;
2038 
2039     if (!css) {
2040         return MAX_CHPID + 1;
2041     }
2042 
2043     for (chpid = 0; chpid <= MAX_CHPID; chpid++) {
2044         /* skip reserved chpid */
2045         if (chpid == VIRTIO_CCW_CHPID) {
2046             continue;
2047         }
2048         if (!css->chpids[chpid].in_use) {
2049             return chpid;
2050         }
2051     }
2052     return MAX_CHPID + 1;
2053 }
2054 
2055 static int css_add_chpid(uint8_t cssid, uint8_t chpid, uint8_t type,
2056                          bool is_virt)
2057 {
2058     CssImage *css;
2059 
2060     trace_css_chpid_add(cssid, chpid, type);
2061     css = channel_subsys.css[cssid];
2062     if (!css) {
2063         return -EINVAL;
2064     }
2065     if (css->chpids[chpid].in_use) {
2066         return -EEXIST;
2067     }
2068     css->chpids[chpid].in_use = 1;
2069     css->chpids[chpid].type = type;
2070     css->chpids[chpid].is_virtual = is_virt;
2071 
2072     css_generate_chp_crws(cssid, chpid);
2073 
2074     return 0;
2075 }
2076 
2077 void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type)
2078 {
2079     SCHIB *schib = &sch->curr_status;
2080     int i;
2081     CssImage *css = channel_subsys.css[sch->cssid];
2082 
2083     assert(css != NULL);
2084     memset(&schib->pmcw, 0, sizeof(PMCW));
2085     schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2086     schib->pmcw.devno = sch->devno;
2087     /* single path */
2088     schib->pmcw.pim = 0x80;
2089     schib->pmcw.pom = 0xff;
2090     schib->pmcw.pam = 0x80;
2091     schib->pmcw.chpid[0] = chpid;
2092     if (!css->chpids[chpid].in_use) {
2093         css_add_chpid(sch->cssid, chpid, type, true);
2094     }
2095 
2096     memset(&schib->scsw, 0, sizeof(SCSW));
2097     schib->mba = 0;
2098     for (i = 0; i < ARRAY_SIZE(schib->mda); i++) {
2099         schib->mda[i] = 0;
2100     }
2101 }
2102 
2103 SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, uint16_t schid)
2104 {
2105     uint8_t real_cssid;
2106 
2107     real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
2108 
2109     if (!channel_subsys.css[real_cssid]) {
2110         return NULL;
2111     }
2112 
2113     if (!channel_subsys.css[real_cssid]->sch_set[ssid]) {
2114         return NULL;
2115     }
2116 
2117     return channel_subsys.css[real_cssid]->sch_set[ssid]->sch[schid];
2118 }
2119 
2120 /**
2121  * Return free device number in subchannel set.
2122  *
2123  * Return index of the first free device number in the subchannel set
2124  * identified by @p cssid and @p ssid, beginning the search at @p
2125  * start and wrapping around at MAX_DEVNO. Return a value exceeding
2126  * MAX_SCHID if there are no free device numbers in the subchannel
2127  * set.
2128  */
2129 static uint32_t css_find_free_devno(uint8_t cssid, uint8_t ssid,
2130                                     uint16_t start)
2131 {
2132     uint32_t round;
2133 
2134     for (round = 0; round <= MAX_DEVNO; round++) {
2135         uint16_t devno = (start + round) % MAX_DEVNO;
2136 
2137         if (!css_devno_used(cssid, ssid, devno)) {
2138             return devno;
2139         }
2140     }
2141     return MAX_DEVNO + 1;
2142 }
2143 
2144 /**
2145  * Return first free subchannel (id) in subchannel set.
2146  *
2147  * Return index of the first free subchannel in the subchannel set
2148  * identified by @p cssid and @p ssid, if there is any. Return a value
2149  * exceeding MAX_SCHID if there are no free subchannels in the
2150  * subchannel set.
2151  */
2152 static uint32_t css_find_free_subch(uint8_t cssid, uint8_t ssid)
2153 {
2154     uint32_t schid;
2155 
2156     for (schid = 0; schid <= MAX_SCHID; schid++) {
2157         if (!css_find_subch(1, cssid, ssid, schid)) {
2158             return schid;
2159         }
2160     }
2161     return MAX_SCHID + 1;
2162 }
2163 
2164 /**
2165  * Return first free subchannel (id) in subchannel set for a device number
2166  *
2167  * Verify the device number @p devno is not used yet in the subchannel
2168  * set identified by @p cssid and @p ssid. Set @p schid to the index
2169  * of the first free subchannel in the subchannel set, if there is
2170  * any. Return true if everything succeeded and false otherwise.
2171  */
2172 static bool css_find_free_subch_for_devno(uint8_t cssid, uint8_t ssid,
2173                                           uint16_t devno, uint16_t *schid,
2174                                           Error **errp)
2175 {
2176     uint32_t free_schid;
2177 
2178     assert(schid);
2179     if (css_devno_used(cssid, ssid, devno)) {
2180         error_setg(errp, "Device %x.%x.%04x already exists",
2181                    cssid, ssid, devno);
2182         return false;
2183     }
2184     free_schid = css_find_free_subch(cssid, ssid);
2185     if (free_schid > MAX_SCHID) {
2186         error_setg(errp, "No free subchannel found for %x.%x.%04x",
2187                    cssid, ssid, devno);
2188         return false;
2189     }
2190     *schid = free_schid;
2191     return true;
2192 }
2193 
2194 /**
2195  * Return first free subchannel (id) and device number
2196  *
2197  * Locate the first free subchannel and first free device number in
2198  * any of the subchannel sets of the channel subsystem identified by
2199  * @p cssid. Return false if no free subchannel / device number could
2200  * be found. Otherwise set @p ssid, @p devno and @p schid to identify
2201  * the available subchannel and device number and return true.
2202  *
2203  * May modify @p ssid, @p devno and / or @p schid even if no free
2204  * subchannel / device number could be found.
2205  */
2206 static bool css_find_free_subch_and_devno(uint8_t cssid, uint8_t *ssid,
2207                                           uint16_t *devno, uint16_t *schid,
2208                                           Error **errp)
2209 {
2210     uint32_t free_schid, free_devno;
2211 
2212     assert(ssid && devno && schid);
2213     for (*ssid = 0; *ssid <= MAX_SSID; (*ssid)++) {
2214         free_schid = css_find_free_subch(cssid, *ssid);
2215         if (free_schid > MAX_SCHID) {
2216             continue;
2217         }
2218         free_devno = css_find_free_devno(cssid, *ssid, free_schid);
2219         if (free_devno > MAX_DEVNO) {
2220             continue;
2221         }
2222         *schid = free_schid;
2223         *devno = free_devno;
2224         return true;
2225     }
2226     error_setg(errp, "Virtual channel subsystem is full!");
2227     return false;
2228 }
2229 
2230 bool css_subch_visible(SubchDev *sch)
2231 {
2232     if (sch->ssid > channel_subsys.max_ssid) {
2233         return false;
2234     }
2235 
2236     if (sch->cssid != channel_subsys.default_cssid) {
2237         return (channel_subsys.max_cssid > 0);
2238     }
2239 
2240     return true;
2241 }
2242 
2243 bool css_present(uint8_t cssid)
2244 {
2245     return (channel_subsys.css[cssid] != NULL);
2246 }
2247 
2248 bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno)
2249 {
2250     if (!channel_subsys.css[cssid]) {
2251         return false;
2252     }
2253     if (!channel_subsys.css[cssid]->sch_set[ssid]) {
2254         return false;
2255     }
2256 
2257     return !!test_bit(devno,
2258                       channel_subsys.css[cssid]->sch_set[ssid]->devnos_used);
2259 }
2260 
2261 void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
2262                       uint16_t devno, SubchDev *sch)
2263 {
2264     CssImage *css;
2265     SubchSet *s_set;
2266 
2267     trace_css_assign_subch(sch ? "assign" : "deassign", cssid, ssid, schid,
2268                            devno);
2269     if (!channel_subsys.css[cssid]) {
2270         fprintf(stderr,
2271                 "Suspicious call to %s (%x.%x.%04x) for non-existing css!\n",
2272                 __func__, cssid, ssid, schid);
2273         return;
2274     }
2275     css = channel_subsys.css[cssid];
2276 
2277     if (!css->sch_set[ssid]) {
2278         css->sch_set[ssid] = g_new0(SubchSet, 1);
2279     }
2280     s_set = css->sch_set[ssid];
2281 
2282     s_set->sch[schid] = sch;
2283     if (sch) {
2284         set_bit(schid, s_set->schids_used);
2285         set_bit(devno, s_set->devnos_used);
2286     } else {
2287         clear_bit(schid, s_set->schids_used);
2288         clear_bit(devno, s_set->devnos_used);
2289     }
2290 }
2291 
2292 void css_crw_add_to_queue(CRW crw)
2293 {
2294     CrwContainer *crw_cont;
2295 
2296     trace_css_crw((crw.flags & CRW_FLAGS_MASK_RSC) >> 8,
2297                   crw.flags & CRW_FLAGS_MASK_ERC,
2298                   crw.rsid,
2299                   (crw.flags & CRW_FLAGS_MASK_C) ? "(chained)" : "");
2300 
2301     /* TODO: Maybe use a static crw pool? */
2302     crw_cont = g_try_new0(CrwContainer, 1);
2303     if (!crw_cont) {
2304         channel_subsys.crws_lost = true;
2305         return;
2306     }
2307 
2308     crw_cont->crw = crw;
2309 
2310     QTAILQ_INSERT_TAIL(&channel_subsys.pending_crws, crw_cont, sibling);
2311 
2312     if (channel_subsys.do_crw_mchk) {
2313         channel_subsys.do_crw_mchk = false;
2314         /* Inject crw pending machine check. */
2315         s390_crw_mchk();
2316     }
2317 }
2318 
2319 void css_queue_crw(uint8_t rsc, uint8_t erc, int solicited,
2320                    int chain, uint16_t rsid)
2321 {
2322     CRW crw;
2323 
2324     crw.flags = (rsc << 8) | erc;
2325     if (solicited) {
2326         crw.flags |= CRW_FLAGS_MASK_S;
2327     }
2328     if (chain) {
2329         crw.flags |= CRW_FLAGS_MASK_C;
2330     }
2331     crw.rsid = rsid;
2332     if (channel_subsys.crws_lost) {
2333         crw.flags |= CRW_FLAGS_MASK_R;
2334         channel_subsys.crws_lost = false;
2335     }
2336 
2337     css_crw_add_to_queue(crw);
2338 }
2339 
2340 void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
2341                            int hotplugged, int add)
2342 {
2343     uint8_t guest_cssid;
2344     bool chain_crw;
2345 
2346     if (add && !hotplugged) {
2347         return;
2348     }
2349     if (channel_subsys.max_cssid == 0) {
2350         /* Default cssid shows up as 0. */
2351         guest_cssid = (cssid == channel_subsys.default_cssid) ? 0 : cssid;
2352     } else {
2353         /* Show real cssid to the guest. */
2354         guest_cssid = cssid;
2355     }
2356     /*
2357      * Only notify for higher subchannel sets/channel subsystems if the
2358      * guest has enabled it.
2359      */
2360     if ((ssid > channel_subsys.max_ssid) ||
2361         (guest_cssid > channel_subsys.max_cssid) ||
2362         ((channel_subsys.max_cssid == 0) &&
2363          (cssid != channel_subsys.default_cssid))) {
2364         return;
2365     }
2366     chain_crw = (channel_subsys.max_ssid > 0) ||
2367             (channel_subsys.max_cssid > 0);
2368     css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, chain_crw ? 1 : 0, schid);
2369     if (chain_crw) {
2370         css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, 0,
2371                       (guest_cssid << 8) | (ssid << 4));
2372     }
2373     /* RW_ERC_IPI --> clear pending interrupts */
2374     css_clear_io_interrupt(css_do_build_subchannel_id(cssid, ssid), schid);
2375 }
2376 
2377 void css_generate_chp_crws(uint8_t cssid, uint8_t chpid)
2378 {
2379     /* TODO */
2380 }
2381 
2382 void css_generate_css_crws(uint8_t cssid)
2383 {
2384     if (!channel_subsys.sei_pending) {
2385         css_queue_crw(CRW_RSC_CSS, CRW_ERC_EVENT, 0, 0, cssid);
2386     }
2387     channel_subsys.sei_pending = true;
2388 }
2389 
2390 void css_clear_sei_pending(void)
2391 {
2392     channel_subsys.sei_pending = false;
2393 }
2394 
2395 int css_enable_mcsse(void)
2396 {
2397     trace_css_enable_facility("mcsse");
2398     channel_subsys.max_cssid = MAX_CSSID;
2399     return 0;
2400 }
2401 
2402 int css_enable_mss(void)
2403 {
2404     trace_css_enable_facility("mss");
2405     channel_subsys.max_ssid = MAX_SSID;
2406     return 0;
2407 }
2408 
2409 void css_reset_sch(SubchDev *sch)
2410 {
2411     SCHIB *schib = &sch->curr_status;
2412 
2413     if ((schib->pmcw.flags & PMCW_FLAGS_MASK_ENA) != 0 && sch->disable_cb) {
2414         sch->disable_cb(sch);
2415     }
2416 
2417     schib->pmcw.intparm = 0;
2418     schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
2419                   PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
2420                   PMCW_FLAGS_MASK_MP | PMCW_FLAGS_MASK_TF);
2421     schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2422     schib->pmcw.devno = sch->devno;
2423     schib->pmcw.pim = 0x80;
2424     schib->pmcw.lpm = schib->pmcw.pim;
2425     schib->pmcw.pnom = 0;
2426     schib->pmcw.lpum = 0;
2427     schib->pmcw.mbi = 0;
2428     schib->pmcw.pom = 0xff;
2429     schib->pmcw.pam = 0x80;
2430     schib->pmcw.chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_XMWME |
2431                   PMCW_CHARS_MASK_CSENSE);
2432 
2433     memset(&schib->scsw, 0, sizeof(schib->scsw));
2434     schib->mba = 0;
2435 
2436     sch->channel_prog = 0x0;
2437     sch->last_cmd_valid = false;
2438     sch->thinint_active = false;
2439 }
2440 
2441 void css_reset(void)
2442 {
2443     CrwContainer *crw_cont;
2444 
2445     /* Clean up monitoring. */
2446     channel_subsys.chnmon_active = false;
2447     channel_subsys.chnmon_area = 0;
2448 
2449     /* Clear pending CRWs. */
2450     while ((crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws))) {
2451         QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
2452         g_free(crw_cont);
2453     }
2454     channel_subsys.sei_pending = false;
2455     channel_subsys.do_crw_mchk = true;
2456     channel_subsys.crws_lost = false;
2457 
2458     /* Reset maximum ids. */
2459     channel_subsys.max_cssid = 0;
2460     channel_subsys.max_ssid = 0;
2461 }
2462 
2463 static void get_css_devid(Object *obj, Visitor *v, const char *name,
2464                           void *opaque, Error **errp)
2465 {
2466     Property *prop = opaque;
2467     CssDevId *dev_id = object_field_prop_ptr(obj, prop);
2468     char buffer[] = "xx.x.xxxx";
2469     char *p = buffer;
2470     int r;
2471 
2472     if (dev_id->valid) {
2473 
2474         r = snprintf(buffer, sizeof(buffer), "%02x.%1x.%04x", dev_id->cssid,
2475                      dev_id->ssid, dev_id->devid);
2476         assert(r == sizeof(buffer) - 1);
2477 
2478         /* drop leading zero */
2479         if (dev_id->cssid <= 0xf) {
2480             p++;
2481         }
2482     } else {
2483         snprintf(buffer, sizeof(buffer), "<unset>");
2484     }
2485 
2486     visit_type_str(v, name, &p, errp);
2487 }
2488 
2489 /*
2490  * parse <cssid>.<ssid>.<devid> and assert valid range for cssid/ssid
2491  */
2492 static void set_css_devid(Object *obj, Visitor *v, const char *name,
2493                           void *opaque, Error **errp)
2494 {
2495     Property *prop = opaque;
2496     CssDevId *dev_id = object_field_prop_ptr(obj, prop);
2497     char *str;
2498     int num, n1, n2;
2499     unsigned int cssid, ssid, devid;
2500 
2501     if (!visit_type_str(v, name, &str, errp)) {
2502         return;
2503     }
2504 
2505     num = sscanf(str, "%2x.%1x%n.%4x%n", &cssid, &ssid, &n1, &devid, &n2);
2506     if (num != 3 || (n2 - n1) != 5 || strlen(str) != n2) {
2507         error_set_from_qdev_prop_error(errp, EINVAL, obj, name, str);
2508         goto out;
2509     }
2510     if ((cssid > MAX_CSSID) || (ssid > MAX_SSID)) {
2511         error_setg(errp, "Invalid cssid or ssid: cssid %x, ssid %x",
2512                    cssid, ssid);
2513         goto out;
2514     }
2515 
2516     dev_id->cssid = cssid;
2517     dev_id->ssid = ssid;
2518     dev_id->devid = devid;
2519     dev_id->valid = true;
2520 
2521 out:
2522     g_free(str);
2523 }
2524 
2525 const PropertyInfo css_devid_propinfo = {
2526     .name = "str",
2527     .description = "Identifier of an I/O device in the channel "
2528                    "subsystem, example: fe.1.23ab",
2529     .get = get_css_devid,
2530     .set = set_css_devid,
2531 };
2532 
2533 const PropertyInfo css_devid_ro_propinfo = {
2534     .name = "str",
2535     .description = "Read-only identifier of an I/O device in the channel "
2536                    "subsystem, example: fe.1.23ab",
2537     .get = get_css_devid,
2538 };
2539 
2540 SubchDev *css_create_sch(CssDevId bus_id, Error **errp)
2541 {
2542     uint16_t schid = 0;
2543     SubchDev *sch;
2544 
2545     if (bus_id.valid) {
2546         if (!channel_subsys.css[bus_id.cssid]) {
2547             css_create_css_image(bus_id.cssid, false);
2548         }
2549 
2550         if (!css_find_free_subch_for_devno(bus_id.cssid, bus_id.ssid,
2551                                            bus_id.devid, &schid, errp)) {
2552             return NULL;
2553         }
2554     } else {
2555         for (bus_id.cssid = channel_subsys.default_cssid;;) {
2556             if (!channel_subsys.css[bus_id.cssid]) {
2557                 css_create_css_image(bus_id.cssid, false);
2558             }
2559 
2560             if   (css_find_free_subch_and_devno(bus_id.cssid, &bus_id.ssid,
2561                                                 &bus_id.devid, &schid,
2562                                                 NULL)) {
2563                 break;
2564             }
2565             bus_id.cssid = (bus_id.cssid + 1) % MAX_CSSID;
2566             if (bus_id.cssid == channel_subsys.default_cssid) {
2567                 error_setg(errp, "Virtual channel subsystem is full!");
2568                 return NULL;
2569             }
2570         }
2571     }
2572 
2573     sch = g_new0(SubchDev, 1);
2574     sch->cssid = bus_id.cssid;
2575     sch->ssid = bus_id.ssid;
2576     sch->devno = bus_id.devid;
2577     sch->schid = schid;
2578     css_subch_assign(sch->cssid, sch->ssid, schid, sch->devno, sch);
2579     return sch;
2580 }
2581 
2582 static int css_sch_get_chpids(SubchDev *sch, CssDevId *dev_id)
2583 {
2584     char *fid_path;
2585     FILE *fd;
2586     uint32_t chpid[8];
2587     int i;
2588     SCHIB *schib = &sch->curr_status;
2589 
2590     fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/chpids",
2591                                dev_id->cssid, dev_id->ssid, dev_id->devid);
2592     fd = fopen(fid_path, "r");
2593     if (fd == NULL) {
2594         error_report("%s: open %s failed", __func__, fid_path);
2595         g_free(fid_path);
2596         return -EINVAL;
2597     }
2598 
2599     if (fscanf(fd, "%x %x %x %x %x %x %x %x",
2600         &chpid[0], &chpid[1], &chpid[2], &chpid[3],
2601         &chpid[4], &chpid[5], &chpid[6], &chpid[7]) != 8) {
2602         fclose(fd);
2603         g_free(fid_path);
2604         return -EINVAL;
2605     }
2606 
2607     for (i = 0; i < ARRAY_SIZE(schib->pmcw.chpid); i++) {
2608         schib->pmcw.chpid[i] = chpid[i];
2609     }
2610 
2611     fclose(fd);
2612     g_free(fid_path);
2613 
2614     return 0;
2615 }
2616 
2617 static int css_sch_get_path_masks(SubchDev *sch, CssDevId *dev_id)
2618 {
2619     char *fid_path;
2620     FILE *fd;
2621     uint32_t pim, pam, pom;
2622     SCHIB *schib = &sch->curr_status;
2623 
2624     fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/pimpampom",
2625                                dev_id->cssid, dev_id->ssid, dev_id->devid);
2626     fd = fopen(fid_path, "r");
2627     if (fd == NULL) {
2628         error_report("%s: open %s failed", __func__, fid_path);
2629         g_free(fid_path);
2630         return -EINVAL;
2631     }
2632 
2633     if (fscanf(fd, "%x %x %x", &pim, &pam, &pom) != 3) {
2634         fclose(fd);
2635         g_free(fid_path);
2636         return -EINVAL;
2637     }
2638 
2639     schib->pmcw.pim = pim;
2640     schib->pmcw.pam = pam;
2641     schib->pmcw.pom = pom;
2642     fclose(fd);
2643     g_free(fid_path);
2644 
2645     return 0;
2646 }
2647 
2648 static int css_sch_get_chpid_type(uint8_t chpid, uint32_t *type,
2649                                   CssDevId *dev_id)
2650 {
2651     char *fid_path;
2652     FILE *fd;
2653 
2654     fid_path = g_strdup_printf("/sys/devices/css%x/chp0.%02x/type",
2655                                dev_id->cssid, chpid);
2656     fd = fopen(fid_path, "r");
2657     if (fd == NULL) {
2658         error_report("%s: open %s failed", __func__, fid_path);
2659         g_free(fid_path);
2660         return -EINVAL;
2661     }
2662 
2663     if (fscanf(fd, "%x", type) != 1) {
2664         fclose(fd);
2665         g_free(fid_path);
2666         return -EINVAL;
2667     }
2668 
2669     fclose(fd);
2670     g_free(fid_path);
2671 
2672     return 0;
2673 }
2674 
2675 /*
2676  * We currently retrieve the real device information from sysfs to build the
2677  * guest subchannel information block without considering the migration feature.
2678  * We need to revisit this problem when we want to add migration support.
2679  */
2680 int css_sch_build_schib(SubchDev *sch, CssDevId *dev_id)
2681 {
2682     CssImage *css = channel_subsys.css[sch->cssid];
2683     SCHIB *schib = &sch->curr_status;
2684     uint32_t type;
2685     int i, ret;
2686 
2687     assert(css != NULL);
2688     memset(&schib->pmcw, 0, sizeof(PMCW));
2689     schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2690     /* We are dealing with I/O subchannels only. */
2691     schib->pmcw.devno = sch->devno;
2692 
2693     /* Grab path mask from sysfs. */
2694     ret = css_sch_get_path_masks(sch, dev_id);
2695     if (ret) {
2696         return ret;
2697     }
2698 
2699     /* Grab chpids from sysfs. */
2700     ret = css_sch_get_chpids(sch, dev_id);
2701     if (ret) {
2702         return ret;
2703     }
2704 
2705    /* Build chpid type. */
2706     for (i = 0; i < ARRAY_SIZE(schib->pmcw.chpid); i++) {
2707         if (schib->pmcw.chpid[i] && !css->chpids[schib->pmcw.chpid[i]].in_use) {
2708             ret = css_sch_get_chpid_type(schib->pmcw.chpid[i], &type, dev_id);
2709             if (ret) {
2710                 return ret;
2711             }
2712             css_add_chpid(sch->cssid, schib->pmcw.chpid[i], type, false);
2713         }
2714     }
2715 
2716     memset(&schib->scsw, 0, sizeof(SCSW));
2717     schib->mba = 0;
2718     for (i = 0; i < ARRAY_SIZE(schib->mda); i++) {
2719         schib->mda[i] = 0;
2720     }
2721 
2722     return 0;
2723 }
2724