xref: /openbmc/qemu/hw/s390x/s390-pci-bus.c (revision 200280af0e19bfaeb9431eb0ee1ee2d8bf8d3a0a)
1 /*
2  * s390 PCI BUS
3  *
4  * Copyright 2014 IBM Corp.
5  * Author(s): Frank Blaschka <frank.blaschka@de.ibm.com>
6  *            Hong Bo Li <lihbbj@cn.ibm.com>
7  *            Yi Min Zhao <zyimin@cn.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or (at
10  * your option) any later version. See the COPYING file in the top-level
11  * directory.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qapi/error.h"
16 #include "qapi/visitor.h"
17 #include "qemu-common.h"
18 #include "cpu.h"
19 #include "s390-pci-bus.h"
20 #include "s390-pci-inst.h"
21 #include "hw/pci/pci_bus.h"
22 #include "hw/pci/pci_bridge.h"
23 #include "hw/pci/msi.h"
24 #include "qemu/error-report.h"
25 
26 #ifndef DEBUG_S390PCI_BUS
27 #define DEBUG_S390PCI_BUS  0
28 #endif
29 
30 #define DPRINTF(fmt, ...)                                         \
31     do {                                                          \
32         if (DEBUG_S390PCI_BUS) {                                  \
33             fprintf(stderr, "S390pci-bus: " fmt, ## __VA_ARGS__); \
34         }                                                         \
35     } while (0)
36 
37 S390pciState *s390_get_phb(void)
38 {
39     static S390pciState *phb;
40 
41     if (!phb) {
42         phb = S390_PCI_HOST_BRIDGE(
43             object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
44         assert(phb != NULL);
45     }
46 
47     return phb;
48 }
49 
50 int pci_chsc_sei_nt2_get_event(void *res)
51 {
52     ChscSeiNt2Res *nt2_res = (ChscSeiNt2Res *)res;
53     PciCcdfAvail *accdf;
54     PciCcdfErr *eccdf;
55     int rc = 1;
56     SeiContainer *sei_cont;
57     S390pciState *s = s390_get_phb();
58 
59     sei_cont = QTAILQ_FIRST(&s->pending_sei);
60     if (sei_cont) {
61         QTAILQ_REMOVE(&s->pending_sei, sei_cont, link);
62         nt2_res->nt = 2;
63         nt2_res->cc = sei_cont->cc;
64         nt2_res->length = cpu_to_be16(sizeof(ChscSeiNt2Res));
65         switch (sei_cont->cc) {
66         case 1: /* error event */
67             eccdf = (PciCcdfErr *)nt2_res->ccdf;
68             eccdf->fid = cpu_to_be32(sei_cont->fid);
69             eccdf->fh = cpu_to_be32(sei_cont->fh);
70             eccdf->e = cpu_to_be32(sei_cont->e);
71             eccdf->faddr = cpu_to_be64(sei_cont->faddr);
72             eccdf->pec = cpu_to_be16(sei_cont->pec);
73             break;
74         case 2: /* availability event */
75             accdf = (PciCcdfAvail *)nt2_res->ccdf;
76             accdf->fid = cpu_to_be32(sei_cont->fid);
77             accdf->fh = cpu_to_be32(sei_cont->fh);
78             accdf->pec = cpu_to_be16(sei_cont->pec);
79             break;
80         default:
81             abort();
82         }
83         g_free(sei_cont);
84         rc = 0;
85     }
86 
87     return rc;
88 }
89 
90 int pci_chsc_sei_nt2_have_event(void)
91 {
92     S390pciState *s = s390_get_phb();
93 
94     return !QTAILQ_EMPTY(&s->pending_sei);
95 }
96 
97 S390PCIBusDevice *s390_pci_find_next_avail_dev(S390pciState *s,
98                                                S390PCIBusDevice *pbdev)
99 {
100     S390PCIBusDevice *ret = pbdev ? QTAILQ_NEXT(pbdev, link) :
101         QTAILQ_FIRST(&s->zpci_devs);
102 
103     while (ret && ret->state == ZPCI_FS_RESERVED) {
104         ret = QTAILQ_NEXT(ret, link);
105     }
106 
107     return ret;
108 }
109 
110 S390PCIBusDevice *s390_pci_find_dev_by_fid(S390pciState *s, uint32_t fid)
111 {
112     S390PCIBusDevice *pbdev;
113 
114     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
115         if (pbdev->fid == fid) {
116             return pbdev;
117         }
118     }
119 
120     return NULL;
121 }
122 
123 void s390_pci_sclp_configure(SCCB *sccb)
124 {
125     IoaCfgSccb *psccb = (IoaCfgSccb *)sccb;
126     S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(s390_get_phb(),
127                                                        be32_to_cpu(psccb->aid));
128     uint16_t rc;
129 
130     if (!pbdev) {
131         DPRINTF("sclp config no dev found\n");
132         rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
133         goto out;
134     }
135 
136     switch (pbdev->state) {
137     case ZPCI_FS_RESERVED:
138         rc = SCLP_RC_ADAPTER_IN_RESERVED_STATE;
139         break;
140     case ZPCI_FS_STANDBY:
141         pbdev->state = ZPCI_FS_DISABLED;
142         rc = SCLP_RC_NORMAL_COMPLETION;
143         break;
144     default:
145         rc = SCLP_RC_NO_ACTION_REQUIRED;
146     }
147 out:
148     psccb->header.response_code = cpu_to_be16(rc);
149 }
150 
151 void s390_pci_sclp_deconfigure(SCCB *sccb)
152 {
153     IoaCfgSccb *psccb = (IoaCfgSccb *)sccb;
154     S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(s390_get_phb(),
155                                                        be32_to_cpu(psccb->aid));
156     uint16_t rc;
157 
158     if (!pbdev) {
159         DPRINTF("sclp deconfig no dev found\n");
160         rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
161         goto out;
162     }
163 
164     switch (pbdev->state) {
165     case ZPCI_FS_RESERVED:
166         rc = SCLP_RC_ADAPTER_IN_RESERVED_STATE;
167         break;
168     case ZPCI_FS_STANDBY:
169         rc = SCLP_RC_NO_ACTION_REQUIRED;
170         break;
171     default:
172         if (pbdev->summary_ind) {
173             pci_dereg_irqs(pbdev);
174         }
175         if (pbdev->iommu->enabled) {
176             pci_dereg_ioat(pbdev->iommu);
177         }
178         pbdev->state = ZPCI_FS_STANDBY;
179         rc = SCLP_RC_NORMAL_COMPLETION;
180 
181         if (pbdev->release_timer) {
182             qdev_unplug(DEVICE(pbdev->pdev), NULL);
183         }
184     }
185 out:
186     psccb->header.response_code = cpu_to_be16(rc);
187 }
188 
189 static S390PCIBusDevice *s390_pci_find_dev_by_uid(S390pciState *s, uint16_t uid)
190 {
191     S390PCIBusDevice *pbdev;
192 
193     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
194         if (pbdev->uid == uid) {
195             return pbdev;
196         }
197     }
198 
199     return NULL;
200 }
201 
202 S390PCIBusDevice *s390_pci_find_dev_by_target(S390pciState *s,
203                                               const char *target)
204 {
205     S390PCIBusDevice *pbdev;
206 
207     if (!target) {
208         return NULL;
209     }
210 
211     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
212         if (!strcmp(pbdev->target, target)) {
213             return pbdev;
214         }
215     }
216 
217     return NULL;
218 }
219 
220 S390PCIBusDevice *s390_pci_find_dev_by_idx(S390pciState *s, uint32_t idx)
221 {
222     return g_hash_table_lookup(s->zpci_table, &idx);
223 }
224 
225 S390PCIBusDevice *s390_pci_find_dev_by_fh(S390pciState *s, uint32_t fh)
226 {
227     uint32_t idx = FH_MASK_INDEX & fh;
228     S390PCIBusDevice *pbdev = s390_pci_find_dev_by_idx(s, idx);
229 
230     if (pbdev && pbdev->fh == fh) {
231         return pbdev;
232     }
233 
234     return NULL;
235 }
236 
237 static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh,
238                                     uint32_t fid, uint64_t faddr, uint32_t e)
239 {
240     SeiContainer *sei_cont;
241     S390pciState *s = s390_get_phb();
242 
243     sei_cont = g_new0(SeiContainer, 1);
244     sei_cont->fh = fh;
245     sei_cont->fid = fid;
246     sei_cont->cc = cc;
247     sei_cont->pec = pec;
248     sei_cont->faddr = faddr;
249     sei_cont->e = e;
250 
251     QTAILQ_INSERT_TAIL(&s->pending_sei, sei_cont, link);
252     css_generate_css_crws(0);
253 }
254 
255 static void s390_pci_generate_plug_event(uint16_t pec, uint32_t fh,
256                                          uint32_t fid)
257 {
258     s390_pci_generate_event(2, pec, fh, fid, 0, 0);
259 }
260 
261 void s390_pci_generate_error_event(uint16_t pec, uint32_t fh, uint32_t fid,
262                                    uint64_t faddr, uint32_t e)
263 {
264     s390_pci_generate_event(1, pec, fh, fid, faddr, e);
265 }
266 
267 static void s390_pci_set_irq(void *opaque, int irq, int level)
268 {
269     /* nothing to do */
270 }
271 
272 static int s390_pci_map_irq(PCIDevice *pci_dev, int irq_num)
273 {
274     /* nothing to do */
275     return 0;
276 }
277 
278 static uint64_t s390_pci_get_table_origin(uint64_t iota)
279 {
280     return iota & ~ZPCI_IOTA_RTTO_FLAG;
281 }
282 
283 static unsigned int calc_rtx(dma_addr_t ptr)
284 {
285     return ((unsigned long) ptr >> ZPCI_RT_SHIFT) & ZPCI_INDEX_MASK;
286 }
287 
288 static unsigned int calc_sx(dma_addr_t ptr)
289 {
290     return ((unsigned long) ptr >> ZPCI_ST_SHIFT) & ZPCI_INDEX_MASK;
291 }
292 
293 static unsigned int calc_px(dma_addr_t ptr)
294 {
295     return ((unsigned long) ptr >> PAGE_SHIFT) & ZPCI_PT_MASK;
296 }
297 
298 static uint64_t get_rt_sto(uint64_t entry)
299 {
300     return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_RTX)
301                 ? (entry & ZPCI_RTE_ADDR_MASK)
302                 : 0;
303 }
304 
305 static uint64_t get_st_pto(uint64_t entry)
306 {
307     return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_SX)
308             ? (entry & ZPCI_STE_ADDR_MASK)
309             : 0;
310 }
311 
312 static bool rt_entry_isvalid(uint64_t entry)
313 {
314     return (entry & ZPCI_TABLE_VALID_MASK) == ZPCI_TABLE_VALID;
315 }
316 
317 static bool pt_entry_isvalid(uint64_t entry)
318 {
319     return (entry & ZPCI_PTE_VALID_MASK) == ZPCI_PTE_VALID;
320 }
321 
322 static bool entry_isprotected(uint64_t entry)
323 {
324     return (entry & ZPCI_TABLE_PROT_MASK) == ZPCI_TABLE_PROTECTED;
325 }
326 
327 /* ett is expected table type, -1 page table, 0 segment table, 1 region table */
328 static uint64_t get_table_index(uint64_t iova, int8_t ett)
329 {
330     switch (ett) {
331     case ZPCI_ETT_PT:
332         return calc_px(iova);
333     case ZPCI_ETT_ST:
334         return calc_sx(iova);
335     case ZPCI_ETT_RT:
336         return calc_rtx(iova);
337     }
338 
339     return -1;
340 }
341 
342 static bool entry_isvalid(uint64_t entry, int8_t ett)
343 {
344     switch (ett) {
345     case ZPCI_ETT_PT:
346         return pt_entry_isvalid(entry);
347     case ZPCI_ETT_ST:
348     case ZPCI_ETT_RT:
349         return rt_entry_isvalid(entry);
350     }
351 
352     return false;
353 }
354 
355 /* Return true if address translation is done */
356 static bool translate_iscomplete(uint64_t entry, int8_t ett)
357 {
358     switch (ett) {
359     case 0:
360         return (entry & ZPCI_TABLE_FC) ? true : false;
361     case 1:
362         return false;
363     }
364 
365     return true;
366 }
367 
368 static uint64_t get_frame_size(int8_t ett)
369 {
370     switch (ett) {
371     case ZPCI_ETT_PT:
372         return 1ULL << 12;
373     case ZPCI_ETT_ST:
374         return 1ULL << 20;
375     case ZPCI_ETT_RT:
376         return 1ULL << 31;
377     }
378 
379     return 0;
380 }
381 
382 static uint64_t get_next_table_origin(uint64_t entry, int8_t ett)
383 {
384     switch (ett) {
385     case ZPCI_ETT_PT:
386         return entry & ZPCI_PTE_ADDR_MASK;
387     case ZPCI_ETT_ST:
388         return get_st_pto(entry);
389     case ZPCI_ETT_RT:
390         return get_rt_sto(entry);
391     }
392 
393     return 0;
394 }
395 
396 /**
397  * table_translate: do translation within one table and return the following
398  *                  table origin
399  *
400  * @entry: the entry being translated, the result is stored in this.
401  * @to: the address of table origin.
402  * @ett: expected table type, 1 region table, 0 segment table and -1 page table.
403  * @error: error code
404  */
405 static uint64_t table_translate(S390IOTLBEntry *entry, uint64_t to, int8_t ett,
406                                 uint16_t *error)
407 {
408     uint64_t tx, te, nto = 0;
409     uint16_t err = 0;
410 
411     tx = get_table_index(entry->iova, ett);
412     te = address_space_ldq(&address_space_memory, to + tx * sizeof(uint64_t),
413                            MEMTXATTRS_UNSPECIFIED, NULL);
414 
415     if (!te) {
416         err = ERR_EVENT_INVALTE;
417         goto out;
418     }
419 
420     if (!entry_isvalid(te, ett)) {
421         entry->perm &= IOMMU_NONE;
422         goto out;
423     }
424 
425     if (ett == ZPCI_ETT_RT && ((te & ZPCI_TABLE_LEN_RTX) != ZPCI_TABLE_LEN_RTX
426                                || te & ZPCI_TABLE_OFFSET_MASK)) {
427         err = ERR_EVENT_INVALTL;
428         goto out;
429     }
430 
431     nto = get_next_table_origin(te, ett);
432     if (!nto) {
433         err = ERR_EVENT_TT;
434         goto out;
435     }
436 
437     if (entry_isprotected(te)) {
438         entry->perm &= IOMMU_RO;
439     } else {
440         entry->perm &= IOMMU_RW;
441     }
442 
443     if (translate_iscomplete(te, ett)) {
444         switch (ett) {
445         case ZPCI_ETT_PT:
446             entry->translated_addr = te & ZPCI_PTE_ADDR_MASK;
447             break;
448         case ZPCI_ETT_ST:
449             entry->translated_addr = (te & ZPCI_SFAA_MASK) |
450                 (entry->iova & ~ZPCI_SFAA_MASK);
451             break;
452         }
453         nto = 0;
454     }
455 out:
456     if (err) {
457         entry->perm = IOMMU_NONE;
458         *error = err;
459     }
460     entry->len = get_frame_size(ett);
461     return nto;
462 }
463 
464 uint16_t s390_guest_io_table_walk(uint64_t g_iota, hwaddr addr,
465                                   S390IOTLBEntry *entry)
466 {
467     uint64_t to = s390_pci_get_table_origin(g_iota);
468     int8_t ett = 1;
469     uint16_t error = 0;
470 
471     entry->iova = addr & PAGE_MASK;
472     entry->translated_addr = 0;
473     entry->perm = IOMMU_RW;
474 
475     if (entry_isprotected(g_iota)) {
476         entry->perm &= IOMMU_RO;
477     }
478 
479     while (to) {
480         to = table_translate(entry, to, ett--, &error);
481     }
482 
483     return error;
484 }
485 
486 static IOMMUTLBEntry s390_translate_iommu(IOMMUMemoryRegion *mr, hwaddr addr,
487                                           IOMMUAccessFlags flag, int iommu_idx)
488 {
489     S390PCIIOMMU *iommu = container_of(mr, S390PCIIOMMU, iommu_mr);
490     S390IOTLBEntry *entry;
491     uint64_t iova = addr & PAGE_MASK;
492     uint16_t error = 0;
493     IOMMUTLBEntry ret = {
494         .target_as = &address_space_memory,
495         .iova = 0,
496         .translated_addr = 0,
497         .addr_mask = ~(hwaddr)0,
498         .perm = IOMMU_NONE,
499     };
500 
501     switch (iommu->pbdev->state) {
502     case ZPCI_FS_ENABLED:
503     case ZPCI_FS_BLOCKED:
504         if (!iommu->enabled) {
505             return ret;
506         }
507         break;
508     default:
509         return ret;
510     }
511 
512     DPRINTF("iommu trans addr 0x%" PRIx64 "\n", addr);
513 
514     if (addr < iommu->pba || addr > iommu->pal) {
515         error = ERR_EVENT_OORANGE;
516         goto err;
517     }
518 
519     entry = g_hash_table_lookup(iommu->iotlb, &iova);
520     if (entry) {
521         ret.iova = entry->iova;
522         ret.translated_addr = entry->translated_addr;
523         ret.addr_mask = entry->len - 1;
524         ret.perm = entry->perm;
525     } else {
526         ret.iova = iova;
527         ret.addr_mask = ~PAGE_MASK;
528         ret.perm = IOMMU_NONE;
529     }
530 
531     if (flag != IOMMU_NONE && !(flag & ret.perm)) {
532         error = ERR_EVENT_TPROTE;
533     }
534 err:
535     if (error) {
536         iommu->pbdev->state = ZPCI_FS_ERROR;
537         s390_pci_generate_error_event(error, iommu->pbdev->fh,
538                                       iommu->pbdev->fid, addr, 0);
539     }
540     return ret;
541 }
542 
543 static void s390_pci_iommu_replay(IOMMUMemoryRegion *iommu,
544                                   IOMMUNotifier *notifier)
545 {
546     /* It's impossible to plug a pci device on s390x that already has iommu
547      * mappings which need to be replayed, that is due to the "one iommu per
548      * zpci device" construct. But when we support migration of vfio-pci
549      * devices in future, we need to revisit this.
550      */
551     return;
552 }
553 
554 static S390PCIIOMMU *s390_pci_get_iommu(S390pciState *s, PCIBus *bus,
555                                         int devfn)
556 {
557     uint64_t key = (uintptr_t)bus;
558     S390PCIIOMMUTable *table = g_hash_table_lookup(s->iommu_table, &key);
559     S390PCIIOMMU *iommu;
560 
561     if (!table) {
562         table = g_new0(S390PCIIOMMUTable, 1);
563         table->key = key;
564         g_hash_table_insert(s->iommu_table, &table->key, table);
565     }
566 
567     iommu = table->iommu[PCI_SLOT(devfn)];
568     if (!iommu) {
569         iommu = S390_PCI_IOMMU(object_new(TYPE_S390_PCI_IOMMU));
570 
571         char *mr_name = g_strdup_printf("iommu-root-%02x:%02x.%01x",
572                                         pci_bus_num(bus),
573                                         PCI_SLOT(devfn),
574                                         PCI_FUNC(devfn));
575         char *as_name = g_strdup_printf("iommu-pci-%02x:%02x.%01x",
576                                         pci_bus_num(bus),
577                                         PCI_SLOT(devfn),
578                                         PCI_FUNC(devfn));
579         memory_region_init(&iommu->mr, OBJECT(iommu), mr_name, UINT64_MAX);
580         address_space_init(&iommu->as, &iommu->mr, as_name);
581         iommu->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
582                                              NULL, g_free);
583         table->iommu[PCI_SLOT(devfn)] = iommu;
584 
585         g_free(mr_name);
586         g_free(as_name);
587     }
588 
589     return iommu;
590 }
591 
592 static AddressSpace *s390_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
593 {
594     S390pciState *s = opaque;
595     S390PCIIOMMU *iommu = s390_pci_get_iommu(s, bus, devfn);
596 
597     return &iommu->as;
598 }
599 
600 static uint8_t set_ind_atomic(uint64_t ind_loc, uint8_t to_be_set)
601 {
602     uint8_t ind_old, ind_new;
603     hwaddr len = 1;
604     uint8_t *ind_addr;
605 
606     ind_addr = cpu_physical_memory_map(ind_loc, &len, 1);
607     if (!ind_addr) {
608         s390_pci_generate_error_event(ERR_EVENT_AIRERR, 0, 0, 0, 0);
609         return -1;
610     }
611     do {
612         ind_old = *ind_addr;
613         ind_new = ind_old | to_be_set;
614     } while (atomic_cmpxchg(ind_addr, ind_old, ind_new) != ind_old);
615     cpu_physical_memory_unmap(ind_addr, len, 1, len);
616 
617     return ind_old;
618 }
619 
620 static void s390_msi_ctrl_write(void *opaque, hwaddr addr, uint64_t data,
621                                 unsigned int size)
622 {
623     S390PCIBusDevice *pbdev = opaque;
624     uint32_t vec = data & ZPCI_MSI_VEC_MASK;
625     uint64_t ind_bit;
626     uint32_t sum_bit;
627 
628     assert(pbdev);
629     DPRINTF("write_msix data 0x%" PRIx64 " idx %d vec 0x%x\n", data,
630             pbdev->idx, vec);
631 
632     if (pbdev->state != ZPCI_FS_ENABLED) {
633         return;
634     }
635 
636     ind_bit = pbdev->routes.adapter.ind_offset;
637     sum_bit = pbdev->routes.adapter.summary_offset;
638 
639     set_ind_atomic(pbdev->routes.adapter.ind_addr + (ind_bit + vec) / 8,
640                    0x80 >> ((ind_bit + vec) % 8));
641     if (!set_ind_atomic(pbdev->routes.adapter.summary_addr + sum_bit / 8,
642                                        0x80 >> (sum_bit % 8))) {
643         css_adapter_interrupt(CSS_IO_ADAPTER_PCI, pbdev->isc);
644     }
645 }
646 
647 static uint64_t s390_msi_ctrl_read(void *opaque, hwaddr addr, unsigned size)
648 {
649     return 0xffffffff;
650 }
651 
652 static const MemoryRegionOps s390_msi_ctrl_ops = {
653     .write = s390_msi_ctrl_write,
654     .read = s390_msi_ctrl_read,
655     .endianness = DEVICE_LITTLE_ENDIAN,
656 };
657 
658 void s390_pci_iommu_enable(S390PCIIOMMU *iommu)
659 {
660     char *name = g_strdup_printf("iommu-s390-%04x", iommu->pbdev->uid);
661     memory_region_init_iommu(&iommu->iommu_mr, sizeof(iommu->iommu_mr),
662                              TYPE_S390_IOMMU_MEMORY_REGION, OBJECT(&iommu->mr),
663                              name, iommu->pal - iommu->pba + 1);
664     iommu->enabled = true;
665     memory_region_add_subregion(&iommu->mr, 0, MEMORY_REGION(&iommu->iommu_mr));
666     g_free(name);
667 }
668 
669 void s390_pci_iommu_disable(S390PCIIOMMU *iommu)
670 {
671     iommu->enabled = false;
672     g_hash_table_remove_all(iommu->iotlb);
673     memory_region_del_subregion(&iommu->mr, MEMORY_REGION(&iommu->iommu_mr));
674     object_unparent(OBJECT(&iommu->iommu_mr));
675 }
676 
677 static void s390_pci_iommu_free(S390pciState *s, PCIBus *bus, int32_t devfn)
678 {
679     uint64_t key = (uintptr_t)bus;
680     S390PCIIOMMUTable *table = g_hash_table_lookup(s->iommu_table, &key);
681     S390PCIIOMMU *iommu = table ? table->iommu[PCI_SLOT(devfn)] : NULL;
682 
683     if (!table || !iommu) {
684         return;
685     }
686 
687     table->iommu[PCI_SLOT(devfn)] = NULL;
688     g_hash_table_destroy(iommu->iotlb);
689     address_space_destroy(&iommu->as);
690     object_unparent(OBJECT(&iommu->mr));
691     object_unparent(OBJECT(iommu));
692     object_unref(OBJECT(iommu));
693 }
694 
695 static void s390_pcihost_realize(DeviceState *dev, Error **errp)
696 {
697     PCIBus *b;
698     BusState *bus;
699     PCIHostState *phb = PCI_HOST_BRIDGE(dev);
700     S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
701     Error *local_err = NULL;
702 
703     DPRINTF("host_init\n");
704 
705     b = pci_register_root_bus(dev, NULL, s390_pci_set_irq, s390_pci_map_irq,
706                               NULL, get_system_memory(), get_system_io(), 0,
707                               64, TYPE_PCI_BUS);
708     pci_setup_iommu(b, s390_pci_dma_iommu, s);
709 
710     bus = BUS(b);
711     qbus_set_hotplug_handler(bus, dev, &local_err);
712     if (local_err) {
713         error_propagate(errp, local_err);
714         return;
715     }
716     phb->bus = b;
717 
718     s->bus = S390_PCI_BUS(qbus_create(TYPE_S390_PCI_BUS, dev, NULL));
719     qbus_set_hotplug_handler(BUS(s->bus), dev, &local_err);
720     if (local_err) {
721         error_propagate(errp, local_err);
722         return;
723     }
724 
725     s->iommu_table = g_hash_table_new_full(g_int64_hash, g_int64_equal,
726                                            NULL, g_free);
727     s->zpci_table = g_hash_table_new_full(g_int_hash, g_int_equal, NULL, NULL);
728     s->bus_no = 0;
729     QTAILQ_INIT(&s->pending_sei);
730     QTAILQ_INIT(&s->zpci_devs);
731 
732     css_register_io_adapters(CSS_IO_ADAPTER_PCI, true, false,
733                              S390_ADAPTER_SUPPRESSIBLE, &local_err);
734     error_propagate(errp, local_err);
735 }
736 
737 static int s390_pci_msix_init(S390PCIBusDevice *pbdev)
738 {
739     char *name;
740     uint8_t pos;
741     uint16_t ctrl;
742     uint32_t table, pba;
743 
744     pos = pci_find_capability(pbdev->pdev, PCI_CAP_ID_MSIX);
745     if (!pos) {
746         return -1;
747     }
748 
749     ctrl = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_FLAGS,
750              pci_config_size(pbdev->pdev), sizeof(ctrl));
751     table = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_TABLE,
752              pci_config_size(pbdev->pdev), sizeof(table));
753     pba = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_PBA,
754              pci_config_size(pbdev->pdev), sizeof(pba));
755 
756     pbdev->msix.table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
757     pbdev->msix.table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
758     pbdev->msix.pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
759     pbdev->msix.pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
760     pbdev->msix.entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
761 
762     name = g_strdup_printf("msix-s390-%04x", pbdev->uid);
763     memory_region_init_io(&pbdev->msix_notify_mr, OBJECT(pbdev),
764                           &s390_msi_ctrl_ops, pbdev, name, PAGE_SIZE);
765     memory_region_add_subregion(&pbdev->iommu->mr, ZPCI_MSI_ADDR,
766                                 &pbdev->msix_notify_mr);
767     g_free(name);
768 
769     return 0;
770 }
771 
772 static void s390_pci_msix_free(S390PCIBusDevice *pbdev)
773 {
774     memory_region_del_subregion(&pbdev->iommu->mr, &pbdev->msix_notify_mr);
775     object_unparent(OBJECT(&pbdev->msix_notify_mr));
776 }
777 
778 static S390PCIBusDevice *s390_pci_device_new(S390pciState *s,
779                                              const char *target, Error **errp)
780 {
781     Error *local_err = NULL;
782     DeviceState *dev;
783 
784     dev = qdev_try_create(BUS(s->bus), TYPE_S390_PCI_DEVICE);
785     if (!dev) {
786         error_setg(errp, "zPCI device could not be created");
787         return NULL;
788     }
789 
790     object_property_set_str(OBJECT(dev), target, "target", &local_err);
791     if (local_err) {
792         object_unparent(OBJECT(dev));
793         error_propagate_prepend(errp, local_err,
794                                 "zPCI device could not be created: ");
795         return NULL;
796     }
797     object_property_set_bool(OBJECT(dev), true, "realized", &local_err);
798     if (local_err) {
799         object_unparent(OBJECT(dev));
800         error_propagate_prepend(errp, local_err,
801                                 "zPCI device could not be created: ");
802         return NULL;
803     }
804 
805     return S390_PCI_DEVICE(dev);
806 }
807 
808 static bool s390_pci_alloc_idx(S390pciState *s, S390PCIBusDevice *pbdev)
809 {
810     uint32_t idx;
811 
812     idx = s->next_idx;
813     while (s390_pci_find_dev_by_idx(s, idx)) {
814         idx = (idx + 1) & FH_MASK_INDEX;
815         if (idx == s->next_idx) {
816             return false;
817         }
818     }
819 
820     pbdev->idx = idx;
821     return true;
822 }
823 
824 static void s390_pcihost_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
825                                    Error **errp)
826 {
827     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
828 
829     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
830         PCIDevice *pdev = PCI_DEVICE(dev);
831 
832         if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
833             error_setg(errp, "multifunction not supported in s390");
834             return;
835         }
836     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
837         S390PCIBusDevice *pbdev = S390_PCI_DEVICE(dev);
838 
839         if (!s390_pci_alloc_idx(s, pbdev)) {
840             error_setg(errp, "no slot for plugging zpci device");
841             return;
842         }
843     }
844 }
845 
846 static void s390_pcihost_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
847                               Error **errp)
848 {
849     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
850     PCIDevice *pdev = NULL;
851     S390PCIBusDevice *pbdev = NULL;
852 
853     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) {
854         BusState *bus;
855         PCIBridge *pb = PCI_BRIDGE(dev);
856         PCIDevice *pdev = PCI_DEVICE(dev);
857 
858         pci_bridge_map_irq(pb, dev->id, s390_pci_map_irq);
859         pci_setup_iommu(&pb->sec_bus, s390_pci_dma_iommu, s);
860 
861         bus = BUS(&pb->sec_bus);
862         qbus_set_hotplug_handler(bus, DEVICE(s), errp);
863 
864         if (dev->hotplugged) {
865             pci_default_write_config(pdev, PCI_PRIMARY_BUS, s->bus_no, 1);
866             s->bus_no += 1;
867             pci_default_write_config(pdev, PCI_SECONDARY_BUS, s->bus_no, 1);
868             do {
869                 pdev = pci_get_bus(pdev)->parent_dev;
870                 pci_default_write_config(pdev, PCI_SUBORDINATE_BUS,
871                                          s->bus_no, 1);
872             } while (pci_get_bus(pdev) && pci_dev_bus_num(pdev));
873         }
874     } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
875         pdev = PCI_DEVICE(dev);
876 
877         if (!dev->id) {
878             /* In the case the PCI device does not define an id */
879             /* we generate one based on the PCI address         */
880             dev->id = g_strdup_printf("auto_%02x:%02x.%01x",
881                                       pci_dev_bus_num(pdev),
882                                       PCI_SLOT(pdev->devfn),
883                                       PCI_FUNC(pdev->devfn));
884         }
885 
886         pbdev = s390_pci_find_dev_by_target(s, dev->id);
887         if (!pbdev) {
888             pbdev = s390_pci_device_new(s, dev->id, errp);
889             if (!pbdev) {
890                 return;
891             }
892         }
893 
894         if (object_dynamic_cast(OBJECT(dev), "vfio-pci")) {
895             pbdev->fh |= FH_SHM_VFIO;
896         } else {
897             pbdev->fh |= FH_SHM_EMUL;
898         }
899 
900         pbdev->pdev = pdev;
901         pbdev->iommu = s390_pci_get_iommu(s, pci_get_bus(pdev), pdev->devfn);
902         pbdev->iommu->pbdev = pbdev;
903         pbdev->state = ZPCI_FS_DISABLED;
904 
905         if (s390_pci_msix_init(pbdev)) {
906             error_setg(errp, "MSI-X support is mandatory "
907                        "in the S390 architecture");
908             return;
909         }
910 
911         if (dev->hotplugged) {
912             s390_pci_generate_plug_event(HP_EVENT_TO_CONFIGURED ,
913                                          pbdev->fh, pbdev->fid);
914         }
915     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
916         pbdev = S390_PCI_DEVICE(dev);
917 
918         /* the allocated idx is actually getting used */
919         s->next_idx = (pbdev->idx + 1) & FH_MASK_INDEX;
920         pbdev->fh = pbdev->idx;
921         QTAILQ_INSERT_TAIL(&s->zpci_devs, pbdev, link);
922         g_hash_table_insert(s->zpci_table, &pbdev->idx, pbdev);
923     } else {
924         g_assert_not_reached();
925     }
926 }
927 
928 static void s390_pcihost_timer_cb(void *opaque)
929 {
930     S390PCIBusDevice *pbdev = opaque;
931 
932     if (pbdev->summary_ind) {
933         pci_dereg_irqs(pbdev);
934     }
935     if (pbdev->iommu->enabled) {
936         pci_dereg_ioat(pbdev->iommu);
937     }
938 
939     pbdev->state = ZPCI_FS_STANDBY;
940     s390_pci_generate_plug_event(HP_EVENT_CONFIGURED_TO_STBRES,
941                                  pbdev->fh, pbdev->fid);
942     qdev_unplug(DEVICE(pbdev), NULL);
943 }
944 
945 static void s390_pcihost_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
946                                 Error **errp)
947 {
948     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
949     PCIDevice *pci_dev = NULL;
950     PCIBus *bus;
951     int32_t devfn;
952     S390PCIBusDevice *pbdev = NULL;
953 
954     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) {
955         error_setg(errp, "PCI bridge hot unplug currently not supported");
956         return;
957     } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
958         pci_dev = PCI_DEVICE(dev);
959 
960         QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
961             if (pbdev->pdev == pci_dev) {
962                 break;
963             }
964         }
965         assert(pbdev != NULL);
966     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
967         pbdev = S390_PCI_DEVICE(dev);
968         pci_dev = pbdev->pdev;
969     } else {
970         g_assert_not_reached();
971     }
972 
973     switch (pbdev->state) {
974     case ZPCI_FS_RESERVED:
975         goto out;
976     case ZPCI_FS_STANDBY:
977         break;
978     default:
979         if (pbdev->release_timer) {
980             return;
981         }
982         s390_pci_generate_plug_event(HP_EVENT_DECONFIGURE_REQUEST,
983                                      pbdev->fh, pbdev->fid);
984         pbdev->release_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
985                                             s390_pcihost_timer_cb,
986                                             pbdev);
987         timer_mod(pbdev->release_timer,
988                   qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + HOT_UNPLUG_TIMEOUT);
989         return;
990     }
991 
992     if (pbdev->release_timer) {
993         timer_del(pbdev->release_timer);
994         timer_free(pbdev->release_timer);
995         pbdev->release_timer = NULL;
996     }
997 
998     s390_pci_generate_plug_event(HP_EVENT_STANDBY_TO_RESERVED,
999                                  pbdev->fh, pbdev->fid);
1000     bus = pci_get_bus(pci_dev);
1001     devfn = pci_dev->devfn;
1002     object_unparent(OBJECT(pci_dev));
1003     fmb_timer_free(pbdev);
1004     s390_pci_msix_free(pbdev);
1005     s390_pci_iommu_free(s, bus, devfn);
1006     pbdev->pdev = NULL;
1007     pbdev->state = ZPCI_FS_RESERVED;
1008 out:
1009     pbdev->fid = 0;
1010     QTAILQ_REMOVE(&s->zpci_devs, pbdev, link);
1011     g_hash_table_remove(s->zpci_table, &pbdev->idx);
1012     object_unparent(OBJECT(pbdev));
1013 }
1014 
1015 static void s390_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
1016                                       void *opaque)
1017 {
1018     S390pciState *s = opaque;
1019     unsigned int primary = s->bus_no;
1020     unsigned int subordinate = 0xff;
1021     PCIBus *sec_bus = NULL;
1022 
1023     if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
1024          PCI_HEADER_TYPE_BRIDGE)) {
1025         return;
1026     }
1027 
1028     (s->bus_no)++;
1029     pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
1030     pci_default_write_config(pdev, PCI_SECONDARY_BUS, s->bus_no, 1);
1031     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, s->bus_no, 1);
1032 
1033     sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
1034     if (!sec_bus) {
1035         return;
1036     }
1037 
1038     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, subordinate, 1);
1039     pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
1040                         s390_pci_enumerate_bridge, s);
1041     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, s->bus_no, 1);
1042 }
1043 
1044 static void s390_pcihost_reset(DeviceState *dev)
1045 {
1046     S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
1047     PCIBus *bus = s->parent_obj.bus;
1048 
1049     s->bus_no = 0;
1050     pci_for_each_device(bus, pci_bus_num(bus), s390_pci_enumerate_bridge, s);
1051 }
1052 
1053 static void s390_pcihost_class_init(ObjectClass *klass, void *data)
1054 {
1055     DeviceClass *dc = DEVICE_CLASS(klass);
1056     HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
1057 
1058     dc->reset = s390_pcihost_reset;
1059     dc->realize = s390_pcihost_realize;
1060     hc->pre_plug = s390_pcihost_pre_plug;
1061     hc->plug = s390_pcihost_plug;
1062     hc->unplug = s390_pcihost_unplug;
1063     msi_nonbroken = true;
1064 }
1065 
1066 static const TypeInfo s390_pcihost_info = {
1067     .name          = TYPE_S390_PCI_HOST_BRIDGE,
1068     .parent        = TYPE_PCI_HOST_BRIDGE,
1069     .instance_size = sizeof(S390pciState),
1070     .class_init    = s390_pcihost_class_init,
1071     .interfaces = (InterfaceInfo[]) {
1072         { TYPE_HOTPLUG_HANDLER },
1073         { }
1074     }
1075 };
1076 
1077 static const TypeInfo s390_pcibus_info = {
1078     .name = TYPE_S390_PCI_BUS,
1079     .parent = TYPE_BUS,
1080     .instance_size = sizeof(S390PCIBus),
1081 };
1082 
1083 static uint16_t s390_pci_generate_uid(S390pciState *s)
1084 {
1085     uint16_t uid = 0;
1086 
1087     do {
1088         uid++;
1089         if (!s390_pci_find_dev_by_uid(s, uid)) {
1090             return uid;
1091         }
1092     } while (uid < ZPCI_MAX_UID);
1093 
1094     return UID_UNDEFINED;
1095 }
1096 
1097 static uint32_t s390_pci_generate_fid(S390pciState *s, Error **errp)
1098 {
1099     uint32_t fid = 0;
1100 
1101     do {
1102         if (!s390_pci_find_dev_by_fid(s, fid)) {
1103             return fid;
1104         }
1105     } while (fid++ != ZPCI_MAX_FID);
1106 
1107     error_setg(errp, "no free fid could be found");
1108     return 0;
1109 }
1110 
1111 static void s390_pci_device_realize(DeviceState *dev, Error **errp)
1112 {
1113     S390PCIBusDevice *zpci = S390_PCI_DEVICE(dev);
1114     S390pciState *s = s390_get_phb();
1115 
1116     if (!zpci->target) {
1117         error_setg(errp, "target must be defined");
1118         return;
1119     }
1120 
1121     if (s390_pci_find_dev_by_target(s, zpci->target)) {
1122         error_setg(errp, "target %s already has an associated zpci device",
1123                    zpci->target);
1124         return;
1125     }
1126 
1127     if (zpci->uid == UID_UNDEFINED) {
1128         zpci->uid = s390_pci_generate_uid(s);
1129         if (!zpci->uid) {
1130             error_setg(errp, "no free uid could be found");
1131             return;
1132         }
1133     } else if (s390_pci_find_dev_by_uid(s, zpci->uid)) {
1134         error_setg(errp, "uid %u already in use", zpci->uid);
1135         return;
1136     }
1137 
1138     if (!zpci->fid_defined) {
1139         Error *local_error = NULL;
1140 
1141         zpci->fid = s390_pci_generate_fid(s, &local_error);
1142         if (local_error) {
1143             error_propagate(errp, local_error);
1144             return;
1145         }
1146     } else if (s390_pci_find_dev_by_fid(s, zpci->fid)) {
1147         error_setg(errp, "fid %u already in use", zpci->fid);
1148         return;
1149     }
1150 
1151     zpci->state = ZPCI_FS_RESERVED;
1152     zpci->fmb.format = ZPCI_FMB_FORMAT;
1153 }
1154 
1155 static void s390_pci_device_reset(DeviceState *dev)
1156 {
1157     S390PCIBusDevice *pbdev = S390_PCI_DEVICE(dev);
1158 
1159     switch (pbdev->state) {
1160     case ZPCI_FS_RESERVED:
1161         return;
1162     case ZPCI_FS_STANDBY:
1163         break;
1164     default:
1165         pbdev->fh &= ~FH_MASK_ENABLE;
1166         pbdev->state = ZPCI_FS_DISABLED;
1167         break;
1168     }
1169 
1170     if (pbdev->summary_ind) {
1171         pci_dereg_irqs(pbdev);
1172     }
1173     if (pbdev->iommu->enabled) {
1174         pci_dereg_ioat(pbdev->iommu);
1175     }
1176 
1177     fmb_timer_free(pbdev);
1178 }
1179 
1180 static void s390_pci_get_fid(Object *obj, Visitor *v, const char *name,
1181                          void *opaque, Error **errp)
1182 {
1183     Property *prop = opaque;
1184     uint32_t *ptr = qdev_get_prop_ptr(DEVICE(obj), prop);
1185 
1186     visit_type_uint32(v, name, ptr, errp);
1187 }
1188 
1189 static void s390_pci_set_fid(Object *obj, Visitor *v, const char *name,
1190                          void *opaque, Error **errp)
1191 {
1192     DeviceState *dev = DEVICE(obj);
1193     S390PCIBusDevice *zpci = S390_PCI_DEVICE(obj);
1194     Property *prop = opaque;
1195     uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
1196 
1197     if (dev->realized) {
1198         qdev_prop_set_after_realize(dev, name, errp);
1199         return;
1200     }
1201 
1202     visit_type_uint32(v, name, ptr, errp);
1203     zpci->fid_defined = true;
1204 }
1205 
1206 static const PropertyInfo s390_pci_fid_propinfo = {
1207     .name = "zpci_fid",
1208     .get = s390_pci_get_fid,
1209     .set = s390_pci_set_fid,
1210 };
1211 
1212 #define DEFINE_PROP_S390_PCI_FID(_n, _s, _f) \
1213     DEFINE_PROP(_n, _s, _f, s390_pci_fid_propinfo, uint32_t)
1214 
1215 static Property s390_pci_device_properties[] = {
1216     DEFINE_PROP_UINT16("uid", S390PCIBusDevice, uid, UID_UNDEFINED),
1217     DEFINE_PROP_S390_PCI_FID("fid", S390PCIBusDevice, fid),
1218     DEFINE_PROP_STRING("target", S390PCIBusDevice, target),
1219     DEFINE_PROP_END_OF_LIST(),
1220 };
1221 
1222 static void s390_pci_device_class_init(ObjectClass *klass, void *data)
1223 {
1224     DeviceClass *dc = DEVICE_CLASS(klass);
1225 
1226     dc->desc = "zpci device";
1227     set_bit(DEVICE_CATEGORY_MISC, dc->categories);
1228     dc->reset = s390_pci_device_reset;
1229     dc->bus_type = TYPE_S390_PCI_BUS;
1230     dc->realize = s390_pci_device_realize;
1231     dc->props = s390_pci_device_properties;
1232 }
1233 
1234 static const TypeInfo s390_pci_device_info = {
1235     .name = TYPE_S390_PCI_DEVICE,
1236     .parent = TYPE_DEVICE,
1237     .instance_size = sizeof(S390PCIBusDevice),
1238     .class_init = s390_pci_device_class_init,
1239 };
1240 
1241 static TypeInfo s390_pci_iommu_info = {
1242     .name = TYPE_S390_PCI_IOMMU,
1243     .parent = TYPE_OBJECT,
1244     .instance_size = sizeof(S390PCIIOMMU),
1245 };
1246 
1247 static void s390_iommu_memory_region_class_init(ObjectClass *klass, void *data)
1248 {
1249     IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
1250 
1251     imrc->translate = s390_translate_iommu;
1252     imrc->replay = s390_pci_iommu_replay;
1253 }
1254 
1255 static const TypeInfo s390_iommu_memory_region_info = {
1256     .parent = TYPE_IOMMU_MEMORY_REGION,
1257     .name = TYPE_S390_IOMMU_MEMORY_REGION,
1258     .class_init = s390_iommu_memory_region_class_init,
1259 };
1260 
1261 static void s390_pci_register_types(void)
1262 {
1263     type_register_static(&s390_pcihost_info);
1264     type_register_static(&s390_pcibus_info);
1265     type_register_static(&s390_pci_device_info);
1266     type_register_static(&s390_pci_iommu_info);
1267     type_register_static(&s390_iommu_memory_region_info);
1268 }
1269 
1270 type_init(s390_pci_register_types)
1271