xref: /openbmc/qemu/hw/s390x/css.c (revision 083fab02)
1 /*
2  * Channel subsystem base support.
3  *
4  * Copyright 2012 IBM Corp.
5  * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
6  *
7  * This work is licensed under the terms of the GNU GPL, version 2 or (at
8  * your option) any later version. See the COPYING file in the top-level
9  * directory.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "qapi/error.h"
14 #include "qapi/visitor.h"
15 #include "hw/qdev.h"
16 #include "qemu/error-report.h"
17 #include "qemu/bitops.h"
18 #include "qemu/error-report.h"
19 #include "exec/address-spaces.h"
20 #include "cpu.h"
21 #include "hw/s390x/ioinst.h"
22 #include "hw/s390x/css.h"
23 #include "trace.h"
24 #include "hw/s390x/s390_flic.h"
25 #include "hw/s390x/s390-virtio-ccw.h"
26 
27 typedef struct CrwContainer {
28     CRW crw;
29     QTAILQ_ENTRY(CrwContainer) sibling;
30 } CrwContainer;
31 
32 static const VMStateDescription vmstate_crw = {
33     .name = "s390_crw",
34     .version_id = 1,
35     .minimum_version_id = 1,
36     .fields = (VMStateField[]) {
37         VMSTATE_UINT16(flags, CRW),
38         VMSTATE_UINT16(rsid, CRW),
39         VMSTATE_END_OF_LIST()
40     },
41 };
42 
43 static const VMStateDescription vmstate_crw_container = {
44     .name = "s390_crw_container",
45     .version_id = 1,
46     .minimum_version_id = 1,
47     .fields = (VMStateField[]) {
48         VMSTATE_STRUCT(crw, CrwContainer, 0, vmstate_crw, CRW),
49         VMSTATE_END_OF_LIST()
50     },
51 };
52 
53 typedef struct ChpInfo {
54     uint8_t in_use;
55     uint8_t type;
56     uint8_t is_virtual;
57 } ChpInfo;
58 
59 static const VMStateDescription vmstate_chp_info = {
60     .name = "s390_chp_info",
61     .version_id = 1,
62     .minimum_version_id = 1,
63     .fields = (VMStateField[]) {
64         VMSTATE_UINT8(in_use, ChpInfo),
65         VMSTATE_UINT8(type, ChpInfo),
66         VMSTATE_UINT8(is_virtual, ChpInfo),
67         VMSTATE_END_OF_LIST()
68     }
69 };
70 
71 typedef struct SubchSet {
72     SubchDev *sch[MAX_SCHID + 1];
73     unsigned long schids_used[BITS_TO_LONGS(MAX_SCHID + 1)];
74     unsigned long devnos_used[BITS_TO_LONGS(MAX_SCHID + 1)];
75 } SubchSet;
76 
77 static const VMStateDescription vmstate_scsw = {
78     .name = "s390_scsw",
79     .version_id = 1,
80     .minimum_version_id = 1,
81     .fields = (VMStateField[]) {
82         VMSTATE_UINT16(flags, SCSW),
83         VMSTATE_UINT16(ctrl, SCSW),
84         VMSTATE_UINT32(cpa, SCSW),
85         VMSTATE_UINT8(dstat, SCSW),
86         VMSTATE_UINT8(cstat, SCSW),
87         VMSTATE_UINT16(count, SCSW),
88         VMSTATE_END_OF_LIST()
89     }
90 };
91 
92 static const VMStateDescription vmstate_pmcw = {
93     .name = "s390_pmcw",
94     .version_id = 1,
95     .minimum_version_id = 1,
96     .fields = (VMStateField[]) {
97         VMSTATE_UINT32(intparm, PMCW),
98         VMSTATE_UINT16(flags, PMCW),
99         VMSTATE_UINT16(devno, PMCW),
100         VMSTATE_UINT8(lpm, PMCW),
101         VMSTATE_UINT8(pnom, PMCW),
102         VMSTATE_UINT8(lpum, PMCW),
103         VMSTATE_UINT8(pim, PMCW),
104         VMSTATE_UINT16(mbi, PMCW),
105         VMSTATE_UINT8(pom, PMCW),
106         VMSTATE_UINT8(pam, PMCW),
107         VMSTATE_UINT8_ARRAY(chpid, PMCW, 8),
108         VMSTATE_UINT32(chars, PMCW),
109         VMSTATE_END_OF_LIST()
110     }
111 };
112 
113 static const VMStateDescription vmstate_schib = {
114     .name = "s390_schib",
115     .version_id = 1,
116     .minimum_version_id = 1,
117     .fields = (VMStateField[]) {
118         VMSTATE_STRUCT(pmcw, SCHIB, 0, vmstate_pmcw, PMCW),
119         VMSTATE_STRUCT(scsw, SCHIB, 0, vmstate_scsw, SCSW),
120         VMSTATE_UINT64(mba, SCHIB),
121         VMSTATE_UINT8_ARRAY(mda, SCHIB, 4),
122         VMSTATE_END_OF_LIST()
123     }
124 };
125 
126 
127 static const VMStateDescription vmstate_ccw1 = {
128     .name = "s390_ccw1",
129     .version_id = 1,
130     .minimum_version_id = 1,
131     .fields = (VMStateField[]) {
132         VMSTATE_UINT8(cmd_code, CCW1),
133         VMSTATE_UINT8(flags, CCW1),
134         VMSTATE_UINT16(count, CCW1),
135         VMSTATE_UINT32(cda, CCW1),
136         VMSTATE_END_OF_LIST()
137     }
138 };
139 
140 static const VMStateDescription vmstate_ciw = {
141     .name = "s390_ciw",
142     .version_id = 1,
143     .minimum_version_id = 1,
144     .fields = (VMStateField[]) {
145         VMSTATE_UINT8(type, CIW),
146         VMSTATE_UINT8(command, CIW),
147         VMSTATE_UINT16(count, CIW),
148         VMSTATE_END_OF_LIST()
149     }
150 };
151 
152 static const VMStateDescription vmstate_sense_id = {
153     .name = "s390_sense_id",
154     .version_id = 1,
155     .minimum_version_id = 1,
156     .fields = (VMStateField[]) {
157         VMSTATE_UINT8(reserved, SenseId),
158         VMSTATE_UINT16(cu_type, SenseId),
159         VMSTATE_UINT8(cu_model, SenseId),
160         VMSTATE_UINT16(dev_type, SenseId),
161         VMSTATE_UINT8(dev_model, SenseId),
162         VMSTATE_UINT8(unused, SenseId),
163         VMSTATE_STRUCT_ARRAY(ciw, SenseId, MAX_CIWS, 0, vmstate_ciw, CIW),
164         VMSTATE_END_OF_LIST()
165     }
166 };
167 
168 static const VMStateDescription vmstate_orb = {
169     .name = "s390_orb",
170     .version_id = 1,
171     .minimum_version_id = 1,
172     .fields = (VMStateField[]) {
173         VMSTATE_UINT32(intparm, ORB),
174         VMSTATE_UINT16(ctrl0, ORB),
175         VMSTATE_UINT8(lpm, ORB),
176         VMSTATE_UINT8(ctrl1, ORB),
177         VMSTATE_UINT32(cpa, ORB),
178         VMSTATE_END_OF_LIST()
179     }
180 };
181 
182 static bool vmstate_schdev_orb_needed(void *opaque)
183 {
184     return css_migration_enabled();
185 }
186 
187 static const VMStateDescription vmstate_schdev_orb = {
188     .name = "s390_subch_dev/orb",
189     .version_id = 1,
190     .minimum_version_id = 1,
191     .needed = vmstate_schdev_orb_needed,
192     .fields = (VMStateField[]) {
193         VMSTATE_STRUCT(orb, SubchDev, 1, vmstate_orb, ORB),
194         VMSTATE_END_OF_LIST()
195     }
196 };
197 
198 static int subch_dev_post_load(void *opaque, int version_id);
199 static int subch_dev_pre_save(void *opaque);
200 
201 const char err_hint_devno[] = "Devno mismatch, tried to load wrong section!"
202     " Likely reason: some sequences of plug and unplug  can break"
203     " migration for machine versions prior to  2.7 (known design flaw).";
204 
205 const VMStateDescription vmstate_subch_dev = {
206     .name = "s390_subch_dev",
207     .version_id = 1,
208     .minimum_version_id = 1,
209     .post_load = subch_dev_post_load,
210     .pre_save = subch_dev_pre_save,
211     .fields = (VMStateField[]) {
212         VMSTATE_UINT8_EQUAL(cssid, SubchDev, "Bug!"),
213         VMSTATE_UINT8_EQUAL(ssid, SubchDev, "Bug!"),
214         VMSTATE_UINT16(migrated_schid, SubchDev),
215         VMSTATE_UINT16_EQUAL(devno, SubchDev, err_hint_devno),
216         VMSTATE_BOOL(thinint_active, SubchDev),
217         VMSTATE_STRUCT(curr_status, SubchDev, 0, vmstate_schib, SCHIB),
218         VMSTATE_UINT8_ARRAY(sense_data, SubchDev, 32),
219         VMSTATE_UINT64(channel_prog, SubchDev),
220         VMSTATE_STRUCT(last_cmd, SubchDev, 0, vmstate_ccw1, CCW1),
221         VMSTATE_BOOL(last_cmd_valid, SubchDev),
222         VMSTATE_STRUCT(id, SubchDev, 0, vmstate_sense_id, SenseId),
223         VMSTATE_BOOL(ccw_fmt_1, SubchDev),
224         VMSTATE_UINT8(ccw_no_data_cnt, SubchDev),
225         VMSTATE_END_OF_LIST()
226     },
227     .subsections = (const VMStateDescription * []) {
228         &vmstate_schdev_orb,
229         NULL
230     }
231 };
232 
233 typedef struct IndAddrPtrTmp {
234     IndAddr **parent;
235     uint64_t addr;
236     int32_t len;
237 } IndAddrPtrTmp;
238 
239 static int post_load_ind_addr(void *opaque, int version_id)
240 {
241     IndAddrPtrTmp *ptmp = opaque;
242     IndAddr **ind_addr = ptmp->parent;
243 
244     if (ptmp->len != 0) {
245         *ind_addr = get_indicator(ptmp->addr, ptmp->len);
246     } else {
247         *ind_addr = NULL;
248     }
249     return 0;
250 }
251 
252 static int pre_save_ind_addr(void *opaque)
253 {
254     IndAddrPtrTmp *ptmp = opaque;
255     IndAddr *ind_addr = *(ptmp->parent);
256 
257     if (ind_addr != NULL) {
258         ptmp->len = ind_addr->len;
259         ptmp->addr = ind_addr->addr;
260     } else {
261         ptmp->len = 0;
262         ptmp->addr = 0L;
263     }
264 
265     return 0;
266 }
267 
268 const VMStateDescription vmstate_ind_addr_tmp = {
269     .name = "s390_ind_addr_tmp",
270     .pre_save = pre_save_ind_addr,
271     .post_load = post_load_ind_addr,
272 
273     .fields = (VMStateField[]) {
274         VMSTATE_INT32(len, IndAddrPtrTmp),
275         VMSTATE_UINT64(addr, IndAddrPtrTmp),
276         VMSTATE_END_OF_LIST()
277     }
278 };
279 
280 const VMStateDescription vmstate_ind_addr = {
281     .name = "s390_ind_addr_tmp",
282     .fields = (VMStateField[]) {
283         VMSTATE_WITH_TMP(IndAddr*, IndAddrPtrTmp, vmstate_ind_addr_tmp),
284         VMSTATE_END_OF_LIST()
285     }
286 };
287 
288 typedef struct CssImage {
289     SubchSet *sch_set[MAX_SSID + 1];
290     ChpInfo chpids[MAX_CHPID + 1];
291 } CssImage;
292 
293 static const VMStateDescription vmstate_css_img = {
294     .name = "s390_css_img",
295     .version_id = 1,
296     .minimum_version_id = 1,
297     .fields = (VMStateField[]) {
298         /* Subchannel sets have no relevant state. */
299         VMSTATE_STRUCT_ARRAY(chpids, CssImage, MAX_CHPID + 1, 0,
300                              vmstate_chp_info, ChpInfo),
301         VMSTATE_END_OF_LIST()
302     }
303 
304 };
305 
306 typedef struct IoAdapter {
307     uint32_t id;
308     uint8_t type;
309     uint8_t isc;
310     uint8_t flags;
311 } IoAdapter;
312 
313 typedef struct ChannelSubSys {
314     QTAILQ_HEAD(, CrwContainer) pending_crws;
315     bool sei_pending;
316     bool do_crw_mchk;
317     bool crws_lost;
318     uint8_t max_cssid;
319     uint8_t max_ssid;
320     bool chnmon_active;
321     uint64_t chnmon_area;
322     CssImage *css[MAX_CSSID + 1];
323     uint8_t default_cssid;
324     /* don't migrate, see css_register_io_adapters */
325     IoAdapter *io_adapters[CSS_IO_ADAPTER_TYPE_NUMS][MAX_ISC + 1];
326     /* don't migrate, see get_indicator and IndAddrPtrTmp */
327     QTAILQ_HEAD(, IndAddr) indicator_addresses;
328 } ChannelSubSys;
329 
330 static const VMStateDescription vmstate_css = {
331     .name = "s390_css",
332     .version_id = 1,
333     .minimum_version_id = 1,
334     .fields = (VMStateField[]) {
335         VMSTATE_QTAILQ_V(pending_crws, ChannelSubSys, 1, vmstate_crw_container,
336                          CrwContainer, sibling),
337         VMSTATE_BOOL(sei_pending, ChannelSubSys),
338         VMSTATE_BOOL(do_crw_mchk, ChannelSubSys),
339         VMSTATE_BOOL(crws_lost, ChannelSubSys),
340         /* These were kind of migrated by virtio */
341         VMSTATE_UINT8(max_cssid, ChannelSubSys),
342         VMSTATE_UINT8(max_ssid, ChannelSubSys),
343         VMSTATE_BOOL(chnmon_active, ChannelSubSys),
344         VMSTATE_UINT64(chnmon_area, ChannelSubSys),
345         VMSTATE_ARRAY_OF_POINTER_TO_STRUCT(css, ChannelSubSys, MAX_CSSID + 1,
346                 0, vmstate_css_img, CssImage),
347         VMSTATE_UINT8(default_cssid, ChannelSubSys),
348         VMSTATE_END_OF_LIST()
349     }
350 };
351 
352 static ChannelSubSys channel_subsys = {
353     .pending_crws = QTAILQ_HEAD_INITIALIZER(channel_subsys.pending_crws),
354     .do_crw_mchk = true,
355     .sei_pending = false,
356     .do_crw_mchk = true,
357     .crws_lost = false,
358     .chnmon_active = false,
359     .indicator_addresses =
360         QTAILQ_HEAD_INITIALIZER(channel_subsys.indicator_addresses),
361 };
362 
363 static int subch_dev_pre_save(void *opaque)
364 {
365     SubchDev *s = opaque;
366 
367     /* Prepare remote_schid for save */
368     s->migrated_schid = s->schid;
369 
370     return 0;
371 }
372 
373 static int subch_dev_post_load(void *opaque, int version_id)
374 {
375 
376     SubchDev *s = opaque;
377 
378     /* Re-assign the subchannel to remote_schid if necessary */
379     if (s->migrated_schid != s->schid) {
380         if (css_find_subch(true, s->cssid, s->ssid, s->schid) == s) {
381             /*
382              * Cleanup the slot before moving to s->migrated_schid provided
383              * it still belongs to us, i.e. it was not changed by previous
384              * invocation of this function.
385              */
386             css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, NULL);
387         }
388         /* It's OK to re-assign without a prior de-assign. */
389         s->schid = s->migrated_schid;
390         css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, s);
391     }
392 
393     if (css_migration_enabled()) {
394         /* No compat voodoo to do ;) */
395         return 0;
396     }
397     /*
398      * Hack alert. If we don't migrate the channel subsystem status
399      * we still need to find out if the guest enabled mss/mcss-e.
400      * If the subchannel is enabled, it certainly was able to access it,
401      * so adjust the max_ssid/max_cssid values for relevant ssid/cssid
402      * values. This is not watertight, but better than nothing.
403      */
404     if (s->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA) {
405         if (s->ssid) {
406             channel_subsys.max_ssid = MAX_SSID;
407         }
408         if (s->cssid != channel_subsys.default_cssid) {
409             channel_subsys.max_cssid = MAX_CSSID;
410         }
411     }
412     return 0;
413 }
414 
415 void css_register_vmstate(void)
416 {
417     vmstate_register(NULL, 0, &vmstate_css, &channel_subsys);
418 }
419 
420 IndAddr *get_indicator(hwaddr ind_addr, int len)
421 {
422     IndAddr *indicator;
423 
424     QTAILQ_FOREACH(indicator, &channel_subsys.indicator_addresses, sibling) {
425         if (indicator->addr == ind_addr) {
426             indicator->refcnt++;
427             return indicator;
428         }
429     }
430     indicator = g_new0(IndAddr, 1);
431     indicator->addr = ind_addr;
432     indicator->len = len;
433     indicator->refcnt = 1;
434     QTAILQ_INSERT_TAIL(&channel_subsys.indicator_addresses,
435                        indicator, sibling);
436     return indicator;
437 }
438 
439 static int s390_io_adapter_map(AdapterInfo *adapter, uint64_t map_addr,
440                                bool do_map)
441 {
442     S390FLICState *fs = s390_get_flic();
443     S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
444 
445     return fsc->io_adapter_map(fs, adapter->adapter_id, map_addr, do_map);
446 }
447 
448 void release_indicator(AdapterInfo *adapter, IndAddr *indicator)
449 {
450     assert(indicator->refcnt > 0);
451     indicator->refcnt--;
452     if (indicator->refcnt > 0) {
453         return;
454     }
455     QTAILQ_REMOVE(&channel_subsys.indicator_addresses, indicator, sibling);
456     if (indicator->map) {
457         s390_io_adapter_map(adapter, indicator->map, false);
458     }
459     g_free(indicator);
460 }
461 
462 int map_indicator(AdapterInfo *adapter, IndAddr *indicator)
463 {
464     int ret;
465 
466     if (indicator->map) {
467         return 0; /* already mapped is not an error */
468     }
469     indicator->map = indicator->addr;
470     ret = s390_io_adapter_map(adapter, indicator->map, true);
471     if ((ret != 0) && (ret != -ENOSYS)) {
472         goto out_err;
473     }
474     return 0;
475 
476 out_err:
477     indicator->map = 0;
478     return ret;
479 }
480 
481 int css_create_css_image(uint8_t cssid, bool default_image)
482 {
483     trace_css_new_image(cssid, default_image ? "(default)" : "");
484     /* 255 is reserved */
485     if (cssid == 255) {
486         return -EINVAL;
487     }
488     if (channel_subsys.css[cssid]) {
489         return -EBUSY;
490     }
491     channel_subsys.css[cssid] = g_malloc0(sizeof(CssImage));
492     if (default_image) {
493         channel_subsys.default_cssid = cssid;
494     }
495     return 0;
496 }
497 
498 uint32_t css_get_adapter_id(CssIoAdapterType type, uint8_t isc)
499 {
500     if (type >= CSS_IO_ADAPTER_TYPE_NUMS || isc > MAX_ISC ||
501         !channel_subsys.io_adapters[type][isc]) {
502         return -1;
503     }
504 
505     return channel_subsys.io_adapters[type][isc]->id;
506 }
507 
508 /**
509  * css_register_io_adapters: Register I/O adapters per ISC during init
510  *
511  * @swap: an indication if byte swap is needed.
512  * @maskable: an indication if the adapter is subject to the mask operation.
513  * @flags: further characteristics of the adapter.
514  *         e.g. suppressible, an indication if the adapter is subject to AIS.
515  * @errp: location to store error information.
516  */
517 void css_register_io_adapters(CssIoAdapterType type, bool swap, bool maskable,
518                               uint8_t flags, Error **errp)
519 {
520     uint32_t id;
521     int ret, isc;
522     IoAdapter *adapter;
523     S390FLICState *fs = s390_get_flic();
524     S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
525 
526     /*
527      * Disallow multiple registrations for the same device type.
528      * Report an error if registering for an already registered type.
529      */
530     if (channel_subsys.io_adapters[type][0]) {
531         error_setg(errp, "Adapters for type %d already registered", type);
532     }
533 
534     for (isc = 0; isc <= MAX_ISC; isc++) {
535         id = (type << 3) | isc;
536         ret = fsc->register_io_adapter(fs, id, isc, swap, maskable, flags);
537         if (ret == 0) {
538             adapter = g_new0(IoAdapter, 1);
539             adapter->id = id;
540             adapter->isc = isc;
541             adapter->type = type;
542             adapter->flags = flags;
543             channel_subsys.io_adapters[type][isc] = adapter;
544         } else {
545             error_setg_errno(errp, -ret, "Unexpected error %d when "
546                              "registering adapter %d", ret, id);
547             break;
548         }
549     }
550 
551     /*
552      * No need to free registered adapters in kvm: kvm will clean up
553      * when the machine goes away.
554      */
555     if (ret) {
556         for (isc--; isc >= 0; isc--) {
557             g_free(channel_subsys.io_adapters[type][isc]);
558             channel_subsys.io_adapters[type][isc] = NULL;
559         }
560     }
561 
562 }
563 
564 static void css_clear_io_interrupt(uint16_t subchannel_id,
565                                    uint16_t subchannel_nr)
566 {
567     Error *err = NULL;
568     static bool no_clear_irq;
569     S390FLICState *fs = s390_get_flic();
570     S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
571     int r;
572 
573     if (unlikely(no_clear_irq)) {
574         return;
575     }
576     r = fsc->clear_io_irq(fs, subchannel_id, subchannel_nr);
577     switch (r) {
578     case 0:
579         break;
580     case -ENOSYS:
581         no_clear_irq = true;
582         /*
583         * Ignore unavailability, as the user can't do anything
584         * about it anyway.
585         */
586         break;
587     default:
588         error_setg_errno(&err, -r, "unexpected error condition");
589         error_propagate(&error_abort, err);
590     }
591 }
592 
593 static inline uint16_t css_do_build_subchannel_id(uint8_t cssid, uint8_t ssid)
594 {
595     if (channel_subsys.max_cssid > 0) {
596         return (cssid << 8) | (1 << 3) | (ssid << 1) | 1;
597     }
598     return (ssid << 1) | 1;
599 }
600 
601 uint16_t css_build_subchannel_id(SubchDev *sch)
602 {
603     return css_do_build_subchannel_id(sch->cssid, sch->ssid);
604 }
605 
606 void css_inject_io_interrupt(SubchDev *sch)
607 {
608     uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
609 
610     trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
611                            sch->curr_status.pmcw.intparm, isc, "");
612     s390_io_interrupt(css_build_subchannel_id(sch),
613                       sch->schid,
614                       sch->curr_status.pmcw.intparm,
615                       isc << 27);
616 }
617 
618 void css_conditional_io_interrupt(SubchDev *sch)
619 {
620     /*
621      * If the subchannel is not currently status pending, make it pending
622      * with alert status.
623      */
624     if (!(sch->curr_status.scsw.ctrl & SCSW_STCTL_STATUS_PEND)) {
625         uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
626 
627         trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
628                                sch->curr_status.pmcw.intparm, isc,
629                                "(unsolicited)");
630         sch->curr_status.scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
631         sch->curr_status.scsw.ctrl |=
632             SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
633         /* Inject an I/O interrupt. */
634         s390_io_interrupt(css_build_subchannel_id(sch),
635                           sch->schid,
636                           sch->curr_status.pmcw.intparm,
637                           isc << 27);
638     }
639 }
640 
641 int css_do_sic(CPUS390XState *env, uint8_t isc, uint16_t mode)
642 {
643     S390FLICState *fs = s390_get_flic();
644     S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
645     int r;
646 
647     if (env->psw.mask & PSW_MASK_PSTATE) {
648         r = -PGM_PRIVILEGED;
649         goto out;
650     }
651 
652     trace_css_do_sic(mode, isc);
653     switch (mode) {
654     case SIC_IRQ_MODE_ALL:
655     case SIC_IRQ_MODE_SINGLE:
656         break;
657     default:
658         r = -PGM_OPERAND;
659         goto out;
660     }
661 
662     r = fsc->modify_ais_mode(fs, isc, mode) ? -PGM_OPERATION : 0;
663 out:
664     return r;
665 }
666 
667 void css_adapter_interrupt(CssIoAdapterType type, uint8_t isc)
668 {
669     S390FLICState *fs = s390_get_flic();
670     S390FLICStateClass *fsc = S390_FLIC_COMMON_GET_CLASS(fs);
671     uint32_t io_int_word = (isc << 27) | IO_INT_WORD_AI;
672     IoAdapter *adapter = channel_subsys.io_adapters[type][isc];
673 
674     if (!adapter) {
675         return;
676     }
677 
678     trace_css_adapter_interrupt(isc);
679     if (fs->ais_supported) {
680         if (fsc->inject_airq(fs, type, isc, adapter->flags)) {
681             error_report("Failed to inject airq with AIS supported");
682             exit(1);
683         }
684     } else {
685         s390_io_interrupt(0, 0, 0, io_int_word);
686     }
687 }
688 
689 static void sch_handle_clear_func(SubchDev *sch)
690 {
691     PMCW *p = &sch->curr_status.pmcw;
692     SCSW *s = &sch->curr_status.scsw;
693     int path;
694 
695     /* Path management: In our simple css, we always choose the only path. */
696     path = 0x80;
697 
698     /* Reset values prior to 'issuing the clear signal'. */
699     p->lpum = 0;
700     p->pom = 0xff;
701     s->flags &= ~SCSW_FLAGS_MASK_PNO;
702 
703     /* We always 'attempt to issue the clear signal', and we always succeed. */
704     sch->channel_prog = 0x0;
705     sch->last_cmd_valid = false;
706     s->ctrl &= ~SCSW_ACTL_CLEAR_PEND;
707     s->ctrl |= SCSW_STCTL_STATUS_PEND;
708 
709     s->dstat = 0;
710     s->cstat = 0;
711     p->lpum = path;
712 
713 }
714 
715 static void sch_handle_halt_func(SubchDev *sch)
716 {
717 
718     PMCW *p = &sch->curr_status.pmcw;
719     SCSW *s = &sch->curr_status.scsw;
720     hwaddr curr_ccw = sch->channel_prog;
721     int path;
722 
723     /* Path management: In our simple css, we always choose the only path. */
724     path = 0x80;
725 
726     /* We always 'attempt to issue the halt signal', and we always succeed. */
727     sch->channel_prog = 0x0;
728     sch->last_cmd_valid = false;
729     s->ctrl &= ~SCSW_ACTL_HALT_PEND;
730     s->ctrl |= SCSW_STCTL_STATUS_PEND;
731 
732     if ((s->ctrl & (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) ||
733         !((s->ctrl & SCSW_ACTL_START_PEND) ||
734           (s->ctrl & SCSW_ACTL_SUSP))) {
735         s->dstat = SCSW_DSTAT_DEVICE_END;
736     }
737     if ((s->ctrl & (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) ||
738         (s->ctrl & SCSW_ACTL_SUSP)) {
739         s->cpa = curr_ccw + 8;
740     }
741     s->cstat = 0;
742     p->lpum = path;
743 
744 }
745 
746 static void copy_sense_id_to_guest(SenseId *dest, SenseId *src)
747 {
748     int i;
749 
750     dest->reserved = src->reserved;
751     dest->cu_type = cpu_to_be16(src->cu_type);
752     dest->cu_model = src->cu_model;
753     dest->dev_type = cpu_to_be16(src->dev_type);
754     dest->dev_model = src->dev_model;
755     dest->unused = src->unused;
756     for (i = 0; i < ARRAY_SIZE(dest->ciw); i++) {
757         dest->ciw[i].type = src->ciw[i].type;
758         dest->ciw[i].command = src->ciw[i].command;
759         dest->ciw[i].count = cpu_to_be16(src->ciw[i].count);
760     }
761 }
762 
763 static CCW1 copy_ccw_from_guest(hwaddr addr, bool fmt1)
764 {
765     CCW0 tmp0;
766     CCW1 tmp1;
767     CCW1 ret;
768 
769     if (fmt1) {
770         cpu_physical_memory_read(addr, &tmp1, sizeof(tmp1));
771         ret.cmd_code = tmp1.cmd_code;
772         ret.flags = tmp1.flags;
773         ret.count = be16_to_cpu(tmp1.count);
774         ret.cda = be32_to_cpu(tmp1.cda);
775     } else {
776         cpu_physical_memory_read(addr, &tmp0, sizeof(tmp0));
777         if ((tmp0.cmd_code & 0x0f) == CCW_CMD_TIC) {
778             ret.cmd_code = CCW_CMD_TIC;
779             ret.flags = 0;
780             ret.count = 0;
781         } else {
782             ret.cmd_code = tmp0.cmd_code;
783             ret.flags = tmp0.flags;
784             ret.count = be16_to_cpu(tmp0.count);
785         }
786         ret.cda = be16_to_cpu(tmp0.cda1) | (tmp0.cda0 << 16);
787     }
788     return ret;
789 }
790 /**
791  * If out of bounds marks the stream broken. If broken returns -EINVAL,
792  * otherwise the requested length (may be zero)
793  */
794 static inline int cds_check_len(CcwDataStream *cds, int len)
795 {
796     if (cds->at_byte + len > cds->count) {
797         cds->flags |= CDS_F_STREAM_BROKEN;
798     }
799     return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
800 }
801 
802 static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
803 {
804     return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
805 }
806 
807 static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
808                                   CcwDataStreamOp op)
809 {
810     int ret;
811 
812     ret = cds_check_len(cds, len);
813     if (ret <= 0) {
814         return ret;
815     }
816     if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
817         return -EINVAL; /* channel program check */
818     }
819     if (op == CDS_OP_A) {
820         goto incr;
821     }
822     ret = address_space_rw(&address_space_memory, cds->cda,
823                            MEMTXATTRS_UNSPECIFIED, buff, len, op);
824     if (ret != MEMTX_OK) {
825         cds->flags |= CDS_F_STREAM_BROKEN;
826         return -EINVAL;
827     }
828 incr:
829     cds->at_byte += len;
830     cds->cda += len;
831     return 0;
832 }
833 
834 /* returns values between 1 and bsz, where bsz is a power of 2 */
835 static inline uint16_t ida_continuous_left(hwaddr cda, uint64_t bsz)
836 {
837     return bsz - (cda & (bsz - 1));
838 }
839 
840 static inline uint64_t ccw_ida_block_size(uint8_t flags)
841 {
842     if ((flags & CDS_F_C64) && !(flags & CDS_F_I2K)) {
843         return 1ULL << 12;
844     }
845     return 1ULL << 11;
846 }
847 
848 static inline int ida_read_next_idaw(CcwDataStream *cds)
849 {
850     union {uint64_t fmt2; uint32_t fmt1; } idaw;
851     int ret;
852     hwaddr idaw_addr;
853     bool idaw_fmt2 = cds->flags & CDS_F_C64;
854     bool ccw_fmt1 = cds->flags & CDS_F_FMT;
855 
856     if (idaw_fmt2) {
857         idaw_addr = cds->cda_orig + sizeof(idaw.fmt2) * cds->at_idaw;
858         if (idaw_addr & 0x07 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
859             return -EINVAL; /* channel program check */
860         }
861         ret = address_space_rw(&address_space_memory, idaw_addr,
862                                MEMTXATTRS_UNSPECIFIED, (void *) &idaw.fmt2,
863                                sizeof(idaw.fmt2), false);
864         cds->cda = be64_to_cpu(idaw.fmt2);
865     } else {
866         idaw_addr = cds->cda_orig + sizeof(idaw.fmt1) * cds->at_idaw;
867         if (idaw_addr & 0x03 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
868             return -EINVAL; /* channel program check */
869         }
870         ret = address_space_rw(&address_space_memory, idaw_addr,
871                                MEMTXATTRS_UNSPECIFIED, (void *) &idaw.fmt1,
872                                sizeof(idaw.fmt1), false);
873         cds->cda = be64_to_cpu(idaw.fmt1);
874         if (cds->cda & 0x80000000) {
875             return -EINVAL; /* channel program check */
876         }
877     }
878     ++(cds->at_idaw);
879     if (ret != MEMTX_OK) {
880         /* assume inaccessible address */
881         return -EINVAL; /* channel program check */
882     }
883     return 0;
884 }
885 
886 static int ccw_dstream_rw_ida(CcwDataStream *cds, void *buff, int len,
887                               CcwDataStreamOp op)
888 {
889     uint64_t bsz = ccw_ida_block_size(cds->flags);
890     int ret = 0;
891     uint16_t cont_left, iter_len;
892 
893     ret = cds_check_len(cds, len);
894     if (ret <= 0) {
895         return ret;
896     }
897     if (!cds->at_idaw) {
898         /* read first idaw */
899         ret = ida_read_next_idaw(cds);
900         if (ret) {
901             goto err;
902         }
903         cont_left = ida_continuous_left(cds->cda, bsz);
904     } else {
905         cont_left = ida_continuous_left(cds->cda, bsz);
906         if (cont_left == bsz) {
907             ret = ida_read_next_idaw(cds);
908             if (ret) {
909                 goto err;
910             }
911             if (cds->cda & (bsz - 1)) {
912                 ret = -EINVAL; /* channel program check */
913                 goto err;
914             }
915         }
916     }
917     do {
918         iter_len = MIN(len, cont_left);
919         if (op != CDS_OP_A) {
920             ret = address_space_rw(&address_space_memory, cds->cda,
921                                    MEMTXATTRS_UNSPECIFIED, buff, iter_len, op);
922             if (ret != MEMTX_OK) {
923                 /* assume inaccessible address */
924                 ret = -EINVAL; /* channel program check */
925                 goto err;
926             }
927         }
928         cds->at_byte += iter_len;
929         cds->cda += iter_len;
930         len -= iter_len;
931         if (!len) {
932             break;
933         }
934         ret = ida_read_next_idaw(cds);
935         if (ret) {
936             goto err;
937         }
938         cont_left = bsz;
939     } while (true);
940     return ret;
941 err:
942     cds->flags |= CDS_F_STREAM_BROKEN;
943     return ret;
944 }
945 
946 void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
947 {
948     /*
949      * We don't support MIDA (an optional facility) yet and we
950      * catch this earlier. Just for expressing the precondition.
951      */
952     g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
953     cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
954                  (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
955                  (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
956                  (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
957 
958     cds->count = ccw->count;
959     cds->cda_orig = ccw->cda;
960     ccw_dstream_rewind(cds);
961     if (!(cds->flags & CDS_F_IDA)) {
962         cds->op_handler = ccw_dstream_rw_noflags;
963     } else {
964         cds->op_handler = ccw_dstream_rw_ida;
965     }
966 }
967 
968 static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
969                              bool suspend_allowed)
970 {
971     int ret;
972     bool check_len;
973     int len;
974     CCW1 ccw;
975 
976     if (!ccw_addr) {
977         return -EINVAL; /* channel-program check */
978     }
979     /* Check doubleword aligned and 31 or 24 (fmt 0) bit addressable. */
980     if (ccw_addr & (sch->ccw_fmt_1 ? 0x80000007 : 0xff000007)) {
981         return -EINVAL;
982     }
983 
984     /* Translate everything to format-1 ccws - the information is the same. */
985     ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1);
986 
987     /* Check for invalid command codes. */
988     if ((ccw.cmd_code & 0x0f) == 0) {
989         return -EINVAL;
990     }
991     if (((ccw.cmd_code & 0x0f) == CCW_CMD_TIC) &&
992         ((ccw.cmd_code & 0xf0) != 0)) {
993         return -EINVAL;
994     }
995     if (!sch->ccw_fmt_1 && (ccw.count == 0) &&
996         (ccw.cmd_code != CCW_CMD_TIC)) {
997         return -EINVAL;
998     }
999 
1000     /* We don't support MIDA. */
1001     if (ccw.flags & CCW_FLAG_MIDA) {
1002         return -EINVAL;
1003     }
1004 
1005     if (ccw.flags & CCW_FLAG_SUSPEND) {
1006         return suspend_allowed ? -EINPROGRESS : -EINVAL;
1007     }
1008 
1009     check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
1010 
1011     if (!ccw.cda) {
1012         if (sch->ccw_no_data_cnt == 255) {
1013             return -EINVAL;
1014         }
1015         sch->ccw_no_data_cnt++;
1016     }
1017 
1018     /* Look at the command. */
1019     ccw_dstream_init(&sch->cds, &ccw, &(sch->orb));
1020     switch (ccw.cmd_code) {
1021     case CCW_CMD_NOOP:
1022         /* Nothing to do. */
1023         ret = 0;
1024         break;
1025     case CCW_CMD_BASIC_SENSE:
1026         if (check_len) {
1027             if (ccw.count != sizeof(sch->sense_data)) {
1028                 ret = -EINVAL;
1029                 break;
1030             }
1031         }
1032         len = MIN(ccw.count, sizeof(sch->sense_data));
1033         ccw_dstream_write_buf(&sch->cds, sch->sense_data, len);
1034         sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1035         memset(sch->sense_data, 0, sizeof(sch->sense_data));
1036         ret = 0;
1037         break;
1038     case CCW_CMD_SENSE_ID:
1039     {
1040         SenseId sense_id;
1041 
1042         copy_sense_id_to_guest(&sense_id, &sch->id);
1043         /* Sense ID information is device specific. */
1044         if (check_len) {
1045             if (ccw.count != sizeof(sense_id)) {
1046                 ret = -EINVAL;
1047                 break;
1048             }
1049         }
1050         len = MIN(ccw.count, sizeof(sense_id));
1051         /*
1052          * Only indicate 0xff in the first sense byte if we actually
1053          * have enough place to store at least bytes 0-3.
1054          */
1055         if (len >= 4) {
1056             sense_id.reserved = 0xff;
1057         } else {
1058             sense_id.reserved = 0;
1059         }
1060         ccw_dstream_write_buf(&sch->cds, &sense_id, len);
1061         sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1062         ret = 0;
1063         break;
1064     }
1065     case CCW_CMD_TIC:
1066         if (sch->last_cmd_valid && (sch->last_cmd.cmd_code == CCW_CMD_TIC)) {
1067             ret = -EINVAL;
1068             break;
1069         }
1070         if (ccw.flags || ccw.count) {
1071             /* We have already sanitized these if converted from fmt 0. */
1072             ret = -EINVAL;
1073             break;
1074         }
1075         sch->channel_prog = ccw.cda;
1076         ret = -EAGAIN;
1077         break;
1078     default:
1079         if (sch->ccw_cb) {
1080             /* Handle device specific commands. */
1081             ret = sch->ccw_cb(sch, ccw);
1082         } else {
1083             ret = -ENOSYS;
1084         }
1085         break;
1086     }
1087     sch->last_cmd = ccw;
1088     sch->last_cmd_valid = true;
1089     if (ret == 0) {
1090         if (ccw.flags & CCW_FLAG_CC) {
1091             sch->channel_prog += 8;
1092             ret = -EAGAIN;
1093         }
1094     }
1095 
1096     return ret;
1097 }
1098 
1099 static void sch_handle_start_func_virtual(SubchDev *sch)
1100 {
1101 
1102     PMCW *p = &sch->curr_status.pmcw;
1103     SCSW *s = &sch->curr_status.scsw;
1104     int path;
1105     int ret;
1106     bool suspend_allowed;
1107 
1108     /* Path management: In our simple css, we always choose the only path. */
1109     path = 0x80;
1110 
1111     if (!(s->ctrl & SCSW_ACTL_SUSP)) {
1112         /* Start Function triggered via ssch, i.e. we have an ORB */
1113         ORB *orb = &sch->orb;
1114         s->cstat = 0;
1115         s->dstat = 0;
1116         /* Look at the orb and try to execute the channel program. */
1117         p->intparm = orb->intparm;
1118         if (!(orb->lpm & path)) {
1119             /* Generate a deferred cc 3 condition. */
1120             s->flags |= SCSW_FLAGS_MASK_CC;
1121             s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
1122             s->ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
1123             return;
1124         }
1125         sch->ccw_fmt_1 = !!(orb->ctrl0 & ORB_CTRL0_MASK_FMT);
1126         s->flags |= (sch->ccw_fmt_1) ? SCSW_FLAGS_MASK_FMT : 0;
1127         sch->ccw_no_data_cnt = 0;
1128         suspend_allowed = !!(orb->ctrl0 & ORB_CTRL0_MASK_SPND);
1129     } else {
1130         /* Start Function resumed via rsch */
1131         s->ctrl &= ~(SCSW_ACTL_SUSP | SCSW_ACTL_RESUME_PEND);
1132         /* The channel program had been suspended before. */
1133         suspend_allowed = true;
1134     }
1135     sch->last_cmd_valid = false;
1136     do {
1137         ret = css_interpret_ccw(sch, sch->channel_prog, suspend_allowed);
1138         switch (ret) {
1139         case -EAGAIN:
1140             /* ccw chain, continue processing */
1141             break;
1142         case 0:
1143             /* success */
1144             s->ctrl &= ~SCSW_ACTL_START_PEND;
1145             s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
1146             s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1147                     SCSW_STCTL_STATUS_PEND;
1148             s->dstat = SCSW_DSTAT_CHANNEL_END | SCSW_DSTAT_DEVICE_END;
1149             s->cpa = sch->channel_prog + 8;
1150             break;
1151         case -EIO:
1152             /* I/O errors, status depends on specific devices */
1153             break;
1154         case -ENOSYS:
1155             /* unsupported command, generate unit check (command reject) */
1156             s->ctrl &= ~SCSW_ACTL_START_PEND;
1157             s->dstat = SCSW_DSTAT_UNIT_CHECK;
1158             /* Set sense bit 0 in ecw0. */
1159             sch->sense_data[0] = 0x80;
1160             s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
1161             s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1162                     SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1163             s->cpa = sch->channel_prog + 8;
1164             break;
1165         case -EINPROGRESS:
1166             /* channel program has been suspended */
1167             s->ctrl &= ~SCSW_ACTL_START_PEND;
1168             s->ctrl |= SCSW_ACTL_SUSP;
1169             break;
1170         default:
1171             /* error, generate channel program check */
1172             s->ctrl &= ~SCSW_ACTL_START_PEND;
1173             s->cstat = SCSW_CSTAT_PROG_CHECK;
1174             s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
1175             s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1176                     SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1177             s->cpa = sch->channel_prog + 8;
1178             break;
1179         }
1180     } while (ret == -EAGAIN);
1181 
1182 }
1183 
1184 static int sch_handle_start_func_passthrough(SubchDev *sch)
1185 {
1186 
1187     PMCW *p = &sch->curr_status.pmcw;
1188     SCSW *s = &sch->curr_status.scsw;
1189     int ret;
1190 
1191     ORB *orb = &sch->orb;
1192     if (!(s->ctrl & SCSW_ACTL_SUSP)) {
1193         assert(orb != NULL);
1194         p->intparm = orb->intparm;
1195     }
1196 
1197     /*
1198      * Only support prefetch enable mode.
1199      * Only support 64bit addressing idal.
1200      */
1201     if (!(orb->ctrl0 & ORB_CTRL0_MASK_PFCH) ||
1202         !(orb->ctrl0 & ORB_CTRL0_MASK_C64)) {
1203         return -EINVAL;
1204     }
1205 
1206     ret = s390_ccw_cmd_request(orb, s, sch->driver_data);
1207     switch (ret) {
1208     /* Currently we don't update control block and just return the cc code. */
1209     case 0:
1210         break;
1211     case -EBUSY:
1212         break;
1213     case -ENODEV:
1214         break;
1215     case -EACCES:
1216         /* Let's reflect an inaccessible host device by cc 3. */
1217         ret = -ENODEV;
1218         break;
1219     default:
1220        /*
1221         * All other return codes will trigger a program check,
1222         * or set cc to 1.
1223         */
1224        break;
1225     };
1226 
1227     return ret;
1228 }
1229 
1230 /*
1231  * On real machines, this would run asynchronously to the main vcpus.
1232  * We might want to make some parts of the ssch handling (interpreting
1233  * read/writes) asynchronous later on if we start supporting more than
1234  * our current very simple devices.
1235  */
1236 int do_subchannel_work_virtual(SubchDev *sch)
1237 {
1238 
1239     SCSW *s = &sch->curr_status.scsw;
1240 
1241     if (s->ctrl & SCSW_FCTL_CLEAR_FUNC) {
1242         sch_handle_clear_func(sch);
1243     } else if (s->ctrl & SCSW_FCTL_HALT_FUNC) {
1244         sch_handle_halt_func(sch);
1245     } else if (s->ctrl & SCSW_FCTL_START_FUNC) {
1246         /* Triggered by both ssch and rsch. */
1247         sch_handle_start_func_virtual(sch);
1248     } else {
1249         /* Cannot happen. */
1250         return 0;
1251     }
1252     css_inject_io_interrupt(sch);
1253     return 0;
1254 }
1255 
1256 int do_subchannel_work_passthrough(SubchDev *sch)
1257 {
1258     int ret;
1259     SCSW *s = &sch->curr_status.scsw;
1260 
1261     if (s->ctrl & SCSW_FCTL_CLEAR_FUNC) {
1262         /* TODO: Clear handling */
1263         sch_handle_clear_func(sch);
1264         ret = 0;
1265     } else if (s->ctrl & SCSW_FCTL_HALT_FUNC) {
1266         /* TODO: Halt handling */
1267         sch_handle_halt_func(sch);
1268         ret = 0;
1269     } else if (s->ctrl & SCSW_FCTL_START_FUNC) {
1270         ret = sch_handle_start_func_passthrough(sch);
1271     } else {
1272         /* Cannot happen. */
1273         return -ENODEV;
1274     }
1275 
1276     return ret;
1277 }
1278 
1279 static int do_subchannel_work(SubchDev *sch)
1280 {
1281     if (sch->do_subchannel_work) {
1282         return sch->do_subchannel_work(sch);
1283     } else {
1284         return -EINVAL;
1285     }
1286 }
1287 
1288 static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
1289 {
1290     int i;
1291 
1292     dest->intparm = cpu_to_be32(src->intparm);
1293     dest->flags = cpu_to_be16(src->flags);
1294     dest->devno = cpu_to_be16(src->devno);
1295     dest->lpm = src->lpm;
1296     dest->pnom = src->pnom;
1297     dest->lpum = src->lpum;
1298     dest->pim = src->pim;
1299     dest->mbi = cpu_to_be16(src->mbi);
1300     dest->pom = src->pom;
1301     dest->pam = src->pam;
1302     for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1303         dest->chpid[i] = src->chpid[i];
1304     }
1305     dest->chars = cpu_to_be32(src->chars);
1306 }
1307 
1308 void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
1309 {
1310     dest->flags = cpu_to_be16(src->flags);
1311     dest->ctrl = cpu_to_be16(src->ctrl);
1312     dest->cpa = cpu_to_be32(src->cpa);
1313     dest->dstat = src->dstat;
1314     dest->cstat = src->cstat;
1315     dest->count = cpu_to_be16(src->count);
1316 }
1317 
1318 static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src)
1319 {
1320     int i;
1321 
1322     copy_pmcw_to_guest(&dest->pmcw, &src->pmcw);
1323     copy_scsw_to_guest(&dest->scsw, &src->scsw);
1324     dest->mba = cpu_to_be64(src->mba);
1325     for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1326         dest->mda[i] = src->mda[i];
1327     }
1328 }
1329 
1330 int css_do_stsch(SubchDev *sch, SCHIB *schib)
1331 {
1332     /* Use current status. */
1333     copy_schib_to_guest(schib, &sch->curr_status);
1334     return 0;
1335 }
1336 
1337 static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
1338 {
1339     int i;
1340 
1341     dest->intparm = be32_to_cpu(src->intparm);
1342     dest->flags = be16_to_cpu(src->flags);
1343     dest->devno = be16_to_cpu(src->devno);
1344     dest->lpm = src->lpm;
1345     dest->pnom = src->pnom;
1346     dest->lpum = src->lpum;
1347     dest->pim = src->pim;
1348     dest->mbi = be16_to_cpu(src->mbi);
1349     dest->pom = src->pom;
1350     dest->pam = src->pam;
1351     for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1352         dest->chpid[i] = src->chpid[i];
1353     }
1354     dest->chars = be32_to_cpu(src->chars);
1355 }
1356 
1357 static void copy_scsw_from_guest(SCSW *dest, const SCSW *src)
1358 {
1359     dest->flags = be16_to_cpu(src->flags);
1360     dest->ctrl = be16_to_cpu(src->ctrl);
1361     dest->cpa = be32_to_cpu(src->cpa);
1362     dest->dstat = src->dstat;
1363     dest->cstat = src->cstat;
1364     dest->count = be16_to_cpu(src->count);
1365 }
1366 
1367 static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src)
1368 {
1369     int i;
1370 
1371     copy_pmcw_from_guest(&dest->pmcw, &src->pmcw);
1372     copy_scsw_from_guest(&dest->scsw, &src->scsw);
1373     dest->mba = be64_to_cpu(src->mba);
1374     for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1375         dest->mda[i] = src->mda[i];
1376     }
1377 }
1378 
1379 int css_do_msch(SubchDev *sch, const SCHIB *orig_schib)
1380 {
1381     SCSW *s = &sch->curr_status.scsw;
1382     PMCW *p = &sch->curr_status.pmcw;
1383     uint16_t oldflags;
1384     int ret;
1385     SCHIB schib;
1386 
1387     if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_DNV)) {
1388         ret = 0;
1389         goto out;
1390     }
1391 
1392     if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
1393         ret = -EINPROGRESS;
1394         goto out;
1395     }
1396 
1397     if (s->ctrl &
1398         (SCSW_FCTL_START_FUNC|SCSW_FCTL_HALT_FUNC|SCSW_FCTL_CLEAR_FUNC)) {
1399         ret = -EBUSY;
1400         goto out;
1401     }
1402 
1403     copy_schib_from_guest(&schib, orig_schib);
1404     /* Only update the program-modifiable fields. */
1405     p->intparm = schib.pmcw.intparm;
1406     oldflags = p->flags;
1407     p->flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1408                   PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1409                   PMCW_FLAGS_MASK_MP);
1410     p->flags |= schib.pmcw.flags &
1411             (PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1412              PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1413              PMCW_FLAGS_MASK_MP);
1414     p->lpm = schib.pmcw.lpm;
1415     p->mbi = schib.pmcw.mbi;
1416     p->pom = schib.pmcw.pom;
1417     p->chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1418     p->chars |= schib.pmcw.chars &
1419             (PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1420     sch->curr_status.mba = schib.mba;
1421 
1422     /* Has the channel been disabled? */
1423     if (sch->disable_cb && (oldflags & PMCW_FLAGS_MASK_ENA) != 0
1424         && (p->flags & PMCW_FLAGS_MASK_ENA) == 0) {
1425         sch->disable_cb(sch);
1426     }
1427 
1428     ret = 0;
1429 
1430 out:
1431     return ret;
1432 }
1433 
1434 int css_do_xsch(SubchDev *sch)
1435 {
1436     SCSW *s = &sch->curr_status.scsw;
1437     PMCW *p = &sch->curr_status.pmcw;
1438     int ret;
1439 
1440     if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1441         ret = -ENODEV;
1442         goto out;
1443     }
1444 
1445     if (s->ctrl & SCSW_CTRL_MASK_STCTL) {
1446         ret = -EINPROGRESS;
1447         goto out;
1448     }
1449 
1450     if (!(s->ctrl & SCSW_CTRL_MASK_FCTL) ||
1451         ((s->ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1452         (!(s->ctrl &
1453            (SCSW_ACTL_RESUME_PEND | SCSW_ACTL_START_PEND | SCSW_ACTL_SUSP))) ||
1454         (s->ctrl & SCSW_ACTL_SUBCH_ACTIVE)) {
1455         ret = -EBUSY;
1456         goto out;
1457     }
1458 
1459     /* Cancel the current operation. */
1460     s->ctrl &= ~(SCSW_FCTL_START_FUNC |
1461                  SCSW_ACTL_RESUME_PEND |
1462                  SCSW_ACTL_START_PEND |
1463                  SCSW_ACTL_SUSP);
1464     sch->channel_prog = 0x0;
1465     sch->last_cmd_valid = false;
1466     s->dstat = 0;
1467     s->cstat = 0;
1468     ret = 0;
1469 
1470 out:
1471     return ret;
1472 }
1473 
1474 int css_do_csch(SubchDev *sch)
1475 {
1476     SCSW *s = &sch->curr_status.scsw;
1477     PMCW *p = &sch->curr_status.pmcw;
1478     int ret;
1479 
1480     if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1481         ret = -ENODEV;
1482         goto out;
1483     }
1484 
1485     /* Trigger the clear function. */
1486     s->ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);
1487     s->ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_ACTL_CLEAR_PEND;
1488 
1489     do_subchannel_work(sch);
1490     ret = 0;
1491 
1492 out:
1493     return ret;
1494 }
1495 
1496 int css_do_hsch(SubchDev *sch)
1497 {
1498     SCSW *s = &sch->curr_status.scsw;
1499     PMCW *p = &sch->curr_status.pmcw;
1500     int ret;
1501 
1502     if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1503         ret = -ENODEV;
1504         goto out;
1505     }
1506 
1507     if (((s->ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_STATUS_PEND) ||
1508         (s->ctrl & (SCSW_STCTL_PRIMARY |
1509                     SCSW_STCTL_SECONDARY |
1510                     SCSW_STCTL_ALERT))) {
1511         ret = -EINPROGRESS;
1512         goto out;
1513     }
1514 
1515     if (s->ctrl & (SCSW_FCTL_HALT_FUNC | SCSW_FCTL_CLEAR_FUNC)) {
1516         ret = -EBUSY;
1517         goto out;
1518     }
1519 
1520     /* Trigger the halt function. */
1521     s->ctrl |= SCSW_FCTL_HALT_FUNC;
1522     s->ctrl &= ~SCSW_FCTL_START_FUNC;
1523     if (((s->ctrl & SCSW_CTRL_MASK_ACTL) ==
1524          (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) &&
1525         ((s->ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_INTERMEDIATE)) {
1526         s->ctrl &= ~SCSW_STCTL_STATUS_PEND;
1527     }
1528     s->ctrl |= SCSW_ACTL_HALT_PEND;
1529 
1530     do_subchannel_work(sch);
1531     ret = 0;
1532 
1533 out:
1534     return ret;
1535 }
1536 
1537 static void css_update_chnmon(SubchDev *sch)
1538 {
1539     if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_MME)) {
1540         /* Not active. */
1541         return;
1542     }
1543     /* The counter is conveniently located at the beginning of the struct. */
1544     if (sch->curr_status.pmcw.chars & PMCW_CHARS_MASK_MBFC) {
1545         /* Format 1, per-subchannel area. */
1546         uint32_t count;
1547 
1548         count = address_space_ldl(&address_space_memory,
1549                                   sch->curr_status.mba,
1550                                   MEMTXATTRS_UNSPECIFIED,
1551                                   NULL);
1552         count++;
1553         address_space_stl(&address_space_memory, sch->curr_status.mba, count,
1554                           MEMTXATTRS_UNSPECIFIED, NULL);
1555     } else {
1556         /* Format 0, global area. */
1557         uint32_t offset;
1558         uint16_t count;
1559 
1560         offset = sch->curr_status.pmcw.mbi << 5;
1561         count = address_space_lduw(&address_space_memory,
1562                                    channel_subsys.chnmon_area + offset,
1563                                    MEMTXATTRS_UNSPECIFIED,
1564                                    NULL);
1565         count++;
1566         address_space_stw(&address_space_memory,
1567                           channel_subsys.chnmon_area + offset, count,
1568                           MEMTXATTRS_UNSPECIFIED, NULL);
1569     }
1570 }
1571 
1572 int css_do_ssch(SubchDev *sch, ORB *orb)
1573 {
1574     SCSW *s = &sch->curr_status.scsw;
1575     PMCW *p = &sch->curr_status.pmcw;
1576     int ret;
1577 
1578     if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1579         ret = -ENODEV;
1580         goto out;
1581     }
1582 
1583     if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
1584         ret = -EINPROGRESS;
1585         goto out;
1586     }
1587 
1588     if (s->ctrl & (SCSW_FCTL_START_FUNC |
1589                    SCSW_FCTL_HALT_FUNC |
1590                    SCSW_FCTL_CLEAR_FUNC)) {
1591         ret = -EBUSY;
1592         goto out;
1593     }
1594 
1595     /* If monitoring is active, update counter. */
1596     if (channel_subsys.chnmon_active) {
1597         css_update_chnmon(sch);
1598     }
1599     sch->orb = *orb;
1600     sch->channel_prog = orb->cpa;
1601     /* Trigger the start function. */
1602     s->ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
1603     s->flags &= ~SCSW_FLAGS_MASK_PNO;
1604 
1605     ret = do_subchannel_work(sch);
1606 
1607 out:
1608     return ret;
1609 }
1610 
1611 static void copy_irb_to_guest(IRB *dest, const IRB *src, PMCW *pmcw,
1612                               int *irb_len)
1613 {
1614     int i;
1615     uint16_t stctl = src->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1616     uint16_t actl = src->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1617 
1618     copy_scsw_to_guest(&dest->scsw, &src->scsw);
1619 
1620     for (i = 0; i < ARRAY_SIZE(dest->esw); i++) {
1621         dest->esw[i] = cpu_to_be32(src->esw[i]);
1622     }
1623     for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) {
1624         dest->ecw[i] = cpu_to_be32(src->ecw[i]);
1625     }
1626     *irb_len = sizeof(*dest) - sizeof(dest->emw);
1627 
1628     /* extended measurements enabled? */
1629     if ((src->scsw.flags & SCSW_FLAGS_MASK_ESWF) ||
1630         !(pmcw->flags & PMCW_FLAGS_MASK_TF) ||
1631         !(pmcw->chars & PMCW_CHARS_MASK_XMWME)) {
1632         return;
1633     }
1634     /* extended measurements pending? */
1635     if (!(stctl & SCSW_STCTL_STATUS_PEND)) {
1636         return;
1637     }
1638     if ((stctl & SCSW_STCTL_PRIMARY) ||
1639         (stctl == SCSW_STCTL_SECONDARY) ||
1640         ((stctl & SCSW_STCTL_INTERMEDIATE) && (actl & SCSW_ACTL_SUSP))) {
1641         for (i = 0; i < ARRAY_SIZE(dest->emw); i++) {
1642             dest->emw[i] = cpu_to_be32(src->emw[i]);
1643         }
1644     }
1645     *irb_len = sizeof(*dest);
1646 }
1647 
1648 int css_do_tsch_get_irb(SubchDev *sch, IRB *target_irb, int *irb_len)
1649 {
1650     SCSW *s = &sch->curr_status.scsw;
1651     PMCW *p = &sch->curr_status.pmcw;
1652     uint16_t stctl;
1653     IRB irb;
1654 
1655     if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1656         return 3;
1657     }
1658 
1659     stctl = s->ctrl & SCSW_CTRL_MASK_STCTL;
1660 
1661     /* Prepare the irb for the guest. */
1662     memset(&irb, 0, sizeof(IRB));
1663 
1664     /* Copy scsw from current status. */
1665     memcpy(&irb.scsw, s, sizeof(SCSW));
1666     if (stctl & SCSW_STCTL_STATUS_PEND) {
1667         if (s->cstat & (SCSW_CSTAT_DATA_CHECK |
1668                         SCSW_CSTAT_CHN_CTRL_CHK |
1669                         SCSW_CSTAT_INTF_CTRL_CHK)) {
1670             irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF;
1671             irb.esw[0] = 0x04804000;
1672         } else {
1673             irb.esw[0] = 0x00800000;
1674         }
1675         /* If a unit check is pending, copy sense data. */
1676         if ((s->dstat & SCSW_DSTAT_UNIT_CHECK) &&
1677             (p->chars & PMCW_CHARS_MASK_CSENSE)) {
1678             int i;
1679 
1680             irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
1681             /* Attention: sense_data is already BE! */
1682             memcpy(irb.ecw, sch->sense_data, sizeof(sch->sense_data));
1683             for (i = 0; i < ARRAY_SIZE(irb.ecw); i++) {
1684                 irb.ecw[i] = be32_to_cpu(irb.ecw[i]);
1685             }
1686             irb.esw[1] = 0x01000000 | (sizeof(sch->sense_data) << 8);
1687         }
1688     }
1689     /* Store the irb to the guest. */
1690     copy_irb_to_guest(target_irb, &irb, p, irb_len);
1691 
1692     return ((stctl & SCSW_STCTL_STATUS_PEND) == 0);
1693 }
1694 
1695 void css_do_tsch_update_subch(SubchDev *sch)
1696 {
1697     SCSW *s = &sch->curr_status.scsw;
1698     PMCW *p = &sch->curr_status.pmcw;
1699     uint16_t stctl;
1700     uint16_t fctl;
1701     uint16_t actl;
1702 
1703     stctl = s->ctrl & SCSW_CTRL_MASK_STCTL;
1704     fctl = s->ctrl & SCSW_CTRL_MASK_FCTL;
1705     actl = s->ctrl & SCSW_CTRL_MASK_ACTL;
1706 
1707     /* Clear conditions on subchannel, if applicable. */
1708     if (stctl & SCSW_STCTL_STATUS_PEND) {
1709         s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
1710         if ((stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) ||
1711             ((fctl & SCSW_FCTL_HALT_FUNC) &&
1712              (actl & SCSW_ACTL_SUSP))) {
1713             s->ctrl &= ~SCSW_CTRL_MASK_FCTL;
1714         }
1715         if (stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) {
1716             s->flags &= ~SCSW_FLAGS_MASK_PNO;
1717             s->ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1718                          SCSW_ACTL_START_PEND |
1719                          SCSW_ACTL_HALT_PEND |
1720                          SCSW_ACTL_CLEAR_PEND |
1721                          SCSW_ACTL_SUSP);
1722         } else {
1723             if ((actl & SCSW_ACTL_SUSP) &&
1724                 (fctl & SCSW_FCTL_START_FUNC)) {
1725                 s->flags &= ~SCSW_FLAGS_MASK_PNO;
1726                 if (fctl & SCSW_FCTL_HALT_FUNC) {
1727                     s->ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1728                                  SCSW_ACTL_START_PEND |
1729                                  SCSW_ACTL_HALT_PEND |
1730                                  SCSW_ACTL_CLEAR_PEND |
1731                                  SCSW_ACTL_SUSP);
1732                 } else {
1733                     s->ctrl &= ~SCSW_ACTL_RESUME_PEND;
1734                 }
1735             }
1736         }
1737         /* Clear pending sense data. */
1738         if (p->chars & PMCW_CHARS_MASK_CSENSE) {
1739             memset(sch->sense_data, 0 , sizeof(sch->sense_data));
1740         }
1741     }
1742 }
1743 
1744 static void copy_crw_to_guest(CRW *dest, const CRW *src)
1745 {
1746     dest->flags = cpu_to_be16(src->flags);
1747     dest->rsid = cpu_to_be16(src->rsid);
1748 }
1749 
1750 int css_do_stcrw(CRW *crw)
1751 {
1752     CrwContainer *crw_cont;
1753     int ret;
1754 
1755     crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws);
1756     if (crw_cont) {
1757         QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
1758         copy_crw_to_guest(crw, &crw_cont->crw);
1759         g_free(crw_cont);
1760         ret = 0;
1761     } else {
1762         /* List was empty, turn crw machine checks on again. */
1763         memset(crw, 0, sizeof(*crw));
1764         channel_subsys.do_crw_mchk = true;
1765         ret = 1;
1766     }
1767 
1768     return ret;
1769 }
1770 
1771 static void copy_crw_from_guest(CRW *dest, const CRW *src)
1772 {
1773     dest->flags = be16_to_cpu(src->flags);
1774     dest->rsid = be16_to_cpu(src->rsid);
1775 }
1776 
1777 void css_undo_stcrw(CRW *crw)
1778 {
1779     CrwContainer *crw_cont;
1780 
1781     crw_cont = g_try_malloc0(sizeof(CrwContainer));
1782     if (!crw_cont) {
1783         channel_subsys.crws_lost = true;
1784         return;
1785     }
1786     copy_crw_from_guest(&crw_cont->crw, crw);
1787 
1788     QTAILQ_INSERT_HEAD(&channel_subsys.pending_crws, crw_cont, sibling);
1789 }
1790 
1791 int css_do_tpi(IOIntCode *int_code, int lowcore)
1792 {
1793     /* No pending interrupts for !KVM. */
1794     return 0;
1795  }
1796 
1797 int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t l_chpid,
1798                          int rfmt, void *buf)
1799 {
1800     int i, desc_size;
1801     uint32_t words[8];
1802     uint32_t chpid_type_word;
1803     CssImage *css;
1804 
1805     if (!m && !cssid) {
1806         css = channel_subsys.css[channel_subsys.default_cssid];
1807     } else {
1808         css = channel_subsys.css[cssid];
1809     }
1810     if (!css) {
1811         return 0;
1812     }
1813     desc_size = 0;
1814     for (i = f_chpid; i <= l_chpid; i++) {
1815         if (css->chpids[i].in_use) {
1816             chpid_type_word = 0x80000000 | (css->chpids[i].type << 8) | i;
1817             if (rfmt == 0) {
1818                 words[0] = cpu_to_be32(chpid_type_word);
1819                 words[1] = 0;
1820                 memcpy(buf + desc_size, words, 8);
1821                 desc_size += 8;
1822             } else if (rfmt == 1) {
1823                 words[0] = cpu_to_be32(chpid_type_word);
1824                 words[1] = 0;
1825                 words[2] = 0;
1826                 words[3] = 0;
1827                 words[4] = 0;
1828                 words[5] = 0;
1829                 words[6] = 0;
1830                 words[7] = 0;
1831                 memcpy(buf + desc_size, words, 32);
1832                 desc_size += 32;
1833             }
1834         }
1835     }
1836     return desc_size;
1837 }
1838 
1839 void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo)
1840 {
1841     /* dct is currently ignored (not really meaningful for our devices) */
1842     /* TODO: Don't ignore mbk. */
1843     if (update && !channel_subsys.chnmon_active) {
1844         /* Enable measuring. */
1845         channel_subsys.chnmon_area = mbo;
1846         channel_subsys.chnmon_active = true;
1847     }
1848     if (!update && channel_subsys.chnmon_active) {
1849         /* Disable measuring. */
1850         channel_subsys.chnmon_area = 0;
1851         channel_subsys.chnmon_active = false;
1852     }
1853 }
1854 
1855 int css_do_rsch(SubchDev *sch)
1856 {
1857     SCSW *s = &sch->curr_status.scsw;
1858     PMCW *p = &sch->curr_status.pmcw;
1859     int ret;
1860 
1861     if (~(p->flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1862         ret = -ENODEV;
1863         goto out;
1864     }
1865 
1866     if (s->ctrl & SCSW_STCTL_STATUS_PEND) {
1867         ret = -EINPROGRESS;
1868         goto out;
1869     }
1870 
1871     if (((s->ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1872         (s->ctrl & SCSW_ACTL_RESUME_PEND) ||
1873         (!(s->ctrl & SCSW_ACTL_SUSP))) {
1874         ret = -EINVAL;
1875         goto out;
1876     }
1877 
1878     /* If monitoring is active, update counter. */
1879     if (channel_subsys.chnmon_active) {
1880         css_update_chnmon(sch);
1881     }
1882 
1883     s->ctrl |= SCSW_ACTL_RESUME_PEND;
1884     do_subchannel_work(sch);
1885     ret = 0;
1886 
1887 out:
1888     return ret;
1889 }
1890 
1891 int css_do_rchp(uint8_t cssid, uint8_t chpid)
1892 {
1893     uint8_t real_cssid;
1894 
1895     if (cssid > channel_subsys.max_cssid) {
1896         return -EINVAL;
1897     }
1898     if (channel_subsys.max_cssid == 0) {
1899         real_cssid = channel_subsys.default_cssid;
1900     } else {
1901         real_cssid = cssid;
1902     }
1903     if (!channel_subsys.css[real_cssid]) {
1904         return -EINVAL;
1905     }
1906 
1907     if (!channel_subsys.css[real_cssid]->chpids[chpid].in_use) {
1908         return -ENODEV;
1909     }
1910 
1911     if (!channel_subsys.css[real_cssid]->chpids[chpid].is_virtual) {
1912         fprintf(stderr,
1913                 "rchp unsupported for non-virtual chpid %x.%02x!\n",
1914                 real_cssid, chpid);
1915         return -ENODEV;
1916     }
1917 
1918     /* We don't really use a channel path, so we're done here. */
1919     css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1,
1920                   channel_subsys.max_cssid > 0 ? 1 : 0, chpid);
1921     if (channel_subsys.max_cssid > 0) {
1922         css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1, 0, real_cssid << 8);
1923     }
1924     return 0;
1925 }
1926 
1927 bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1928 {
1929     SubchSet *set;
1930     uint8_t real_cssid;
1931 
1932     real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1933     if (ssid > MAX_SSID ||
1934         !channel_subsys.css[real_cssid] ||
1935         !channel_subsys.css[real_cssid]->sch_set[ssid]) {
1936         return true;
1937     }
1938     set = channel_subsys.css[real_cssid]->sch_set[ssid];
1939     return schid > find_last_bit(set->schids_used,
1940                                  (MAX_SCHID + 1) / sizeof(unsigned long));
1941 }
1942 
1943 unsigned int css_find_free_chpid(uint8_t cssid)
1944 {
1945     CssImage *css = channel_subsys.css[cssid];
1946     unsigned int chpid;
1947 
1948     if (!css) {
1949         return MAX_CHPID + 1;
1950     }
1951 
1952     for (chpid = 0; chpid <= MAX_CHPID; chpid++) {
1953         /* skip reserved chpid */
1954         if (chpid == VIRTIO_CCW_CHPID) {
1955             continue;
1956         }
1957         if (!css->chpids[chpid].in_use) {
1958             return chpid;
1959         }
1960     }
1961     return MAX_CHPID + 1;
1962 }
1963 
1964 static int css_add_chpid(uint8_t cssid, uint8_t chpid, uint8_t type,
1965                          bool is_virt)
1966 {
1967     CssImage *css;
1968 
1969     trace_css_chpid_add(cssid, chpid, type);
1970     css = channel_subsys.css[cssid];
1971     if (!css) {
1972         return -EINVAL;
1973     }
1974     if (css->chpids[chpid].in_use) {
1975         return -EEXIST;
1976     }
1977     css->chpids[chpid].in_use = 1;
1978     css->chpids[chpid].type = type;
1979     css->chpids[chpid].is_virtual = is_virt;
1980 
1981     css_generate_chp_crws(cssid, chpid);
1982 
1983     return 0;
1984 }
1985 
1986 void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type)
1987 {
1988     PMCW *p = &sch->curr_status.pmcw;
1989     SCSW *s = &sch->curr_status.scsw;
1990     int i;
1991     CssImage *css = channel_subsys.css[sch->cssid];
1992 
1993     assert(css != NULL);
1994     memset(p, 0, sizeof(PMCW));
1995     p->flags |= PMCW_FLAGS_MASK_DNV;
1996     p->devno = sch->devno;
1997     /* single path */
1998     p->pim = 0x80;
1999     p->pom = 0xff;
2000     p->pam = 0x80;
2001     p->chpid[0] = chpid;
2002     if (!css->chpids[chpid].in_use) {
2003         css_add_chpid(sch->cssid, chpid, type, true);
2004     }
2005 
2006     memset(s, 0, sizeof(SCSW));
2007     sch->curr_status.mba = 0;
2008     for (i = 0; i < ARRAY_SIZE(sch->curr_status.mda); i++) {
2009         sch->curr_status.mda[i] = 0;
2010     }
2011 }
2012 
2013 SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, uint16_t schid)
2014 {
2015     uint8_t real_cssid;
2016 
2017     real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
2018 
2019     if (!channel_subsys.css[real_cssid]) {
2020         return NULL;
2021     }
2022 
2023     if (!channel_subsys.css[real_cssid]->sch_set[ssid]) {
2024         return NULL;
2025     }
2026 
2027     return channel_subsys.css[real_cssid]->sch_set[ssid]->sch[schid];
2028 }
2029 
2030 /**
2031  * Return free device number in subchannel set.
2032  *
2033  * Return index of the first free device number in the subchannel set
2034  * identified by @p cssid and @p ssid, beginning the search at @p
2035  * start and wrapping around at MAX_DEVNO. Return a value exceeding
2036  * MAX_SCHID if there are no free device numbers in the subchannel
2037  * set.
2038  */
2039 static uint32_t css_find_free_devno(uint8_t cssid, uint8_t ssid,
2040                                     uint16_t start)
2041 {
2042     uint32_t round;
2043 
2044     for (round = 0; round <= MAX_DEVNO; round++) {
2045         uint16_t devno = (start + round) % MAX_DEVNO;
2046 
2047         if (!css_devno_used(cssid, ssid, devno)) {
2048             return devno;
2049         }
2050     }
2051     return MAX_DEVNO + 1;
2052 }
2053 
2054 /**
2055  * Return first free subchannel (id) in subchannel set.
2056  *
2057  * Return index of the first free subchannel in the subchannel set
2058  * identified by @p cssid and @p ssid, if there is any. Return a value
2059  * exceeding MAX_SCHID if there are no free subchannels in the
2060  * subchannel set.
2061  */
2062 static uint32_t css_find_free_subch(uint8_t cssid, uint8_t ssid)
2063 {
2064     uint32_t schid;
2065 
2066     for (schid = 0; schid <= MAX_SCHID; schid++) {
2067         if (!css_find_subch(1, cssid, ssid, schid)) {
2068             return schid;
2069         }
2070     }
2071     return MAX_SCHID + 1;
2072 }
2073 
2074 /**
2075  * Return first free subchannel (id) in subchannel set for a device number
2076  *
2077  * Verify the device number @p devno is not used yet in the subchannel
2078  * set identified by @p cssid and @p ssid. Set @p schid to the index
2079  * of the first free subchannel in the subchannel set, if there is
2080  * any. Return true if everything succeeded and false otherwise.
2081  */
2082 static bool css_find_free_subch_for_devno(uint8_t cssid, uint8_t ssid,
2083                                           uint16_t devno, uint16_t *schid,
2084                                           Error **errp)
2085 {
2086     uint32_t free_schid;
2087 
2088     assert(schid);
2089     if (css_devno_used(cssid, ssid, devno)) {
2090         error_setg(errp, "Device %x.%x.%04x already exists",
2091                    cssid, ssid, devno);
2092         return false;
2093     }
2094     free_schid = css_find_free_subch(cssid, ssid);
2095     if (free_schid > MAX_SCHID) {
2096         error_setg(errp, "No free subchannel found for %x.%x.%04x",
2097                    cssid, ssid, devno);
2098         return false;
2099     }
2100     *schid = free_schid;
2101     return true;
2102 }
2103 
2104 /**
2105  * Return first free subchannel (id) and device number
2106  *
2107  * Locate the first free subchannel and first free device number in
2108  * any of the subchannel sets of the channel subsystem identified by
2109  * @p cssid. Return false if no free subchannel / device number could
2110  * be found. Otherwise set @p ssid, @p devno and @p schid to identify
2111  * the available subchannel and device number and return true.
2112  *
2113  * May modify @p ssid, @p devno and / or @p schid even if no free
2114  * subchannel / device number could be found.
2115  */
2116 static bool css_find_free_subch_and_devno(uint8_t cssid, uint8_t *ssid,
2117                                           uint16_t *devno, uint16_t *schid,
2118                                           Error **errp)
2119 {
2120     uint32_t free_schid, free_devno;
2121 
2122     assert(ssid && devno && schid);
2123     for (*ssid = 0; *ssid <= MAX_SSID; (*ssid)++) {
2124         free_schid = css_find_free_subch(cssid, *ssid);
2125         if (free_schid > MAX_SCHID) {
2126             continue;
2127         }
2128         free_devno = css_find_free_devno(cssid, *ssid, free_schid);
2129         if (free_devno > MAX_DEVNO) {
2130             continue;
2131         }
2132         *schid = free_schid;
2133         *devno = free_devno;
2134         return true;
2135     }
2136     error_setg(errp, "Virtual channel subsystem is full!");
2137     return false;
2138 }
2139 
2140 bool css_subch_visible(SubchDev *sch)
2141 {
2142     if (sch->ssid > channel_subsys.max_ssid) {
2143         return false;
2144     }
2145 
2146     if (sch->cssid != channel_subsys.default_cssid) {
2147         return (channel_subsys.max_cssid > 0);
2148     }
2149 
2150     return true;
2151 }
2152 
2153 bool css_present(uint8_t cssid)
2154 {
2155     return (channel_subsys.css[cssid] != NULL);
2156 }
2157 
2158 bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno)
2159 {
2160     if (!channel_subsys.css[cssid]) {
2161         return false;
2162     }
2163     if (!channel_subsys.css[cssid]->sch_set[ssid]) {
2164         return false;
2165     }
2166 
2167     return !!test_bit(devno,
2168                       channel_subsys.css[cssid]->sch_set[ssid]->devnos_used);
2169 }
2170 
2171 void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
2172                       uint16_t devno, SubchDev *sch)
2173 {
2174     CssImage *css;
2175     SubchSet *s_set;
2176 
2177     trace_css_assign_subch(sch ? "assign" : "deassign", cssid, ssid, schid,
2178                            devno);
2179     if (!channel_subsys.css[cssid]) {
2180         fprintf(stderr,
2181                 "Suspicious call to %s (%x.%x.%04x) for non-existing css!\n",
2182                 __func__, cssid, ssid, schid);
2183         return;
2184     }
2185     css = channel_subsys.css[cssid];
2186 
2187     if (!css->sch_set[ssid]) {
2188         css->sch_set[ssid] = g_malloc0(sizeof(SubchSet));
2189     }
2190     s_set = css->sch_set[ssid];
2191 
2192     s_set->sch[schid] = sch;
2193     if (sch) {
2194         set_bit(schid, s_set->schids_used);
2195         set_bit(devno, s_set->devnos_used);
2196     } else {
2197         clear_bit(schid, s_set->schids_used);
2198         clear_bit(devno, s_set->devnos_used);
2199     }
2200 }
2201 
2202 void css_queue_crw(uint8_t rsc, uint8_t erc, int solicited,
2203                    int chain, uint16_t rsid)
2204 {
2205     CrwContainer *crw_cont;
2206 
2207     trace_css_crw(rsc, erc, rsid, chain ? "(chained)" : "");
2208     /* TODO: Maybe use a static crw pool? */
2209     crw_cont = g_try_malloc0(sizeof(CrwContainer));
2210     if (!crw_cont) {
2211         channel_subsys.crws_lost = true;
2212         return;
2213     }
2214     crw_cont->crw.flags = (rsc << 8) | erc;
2215     if (solicited) {
2216         crw_cont->crw.flags |= CRW_FLAGS_MASK_S;
2217     }
2218     if (chain) {
2219         crw_cont->crw.flags |= CRW_FLAGS_MASK_C;
2220     }
2221     crw_cont->crw.rsid = rsid;
2222     if (channel_subsys.crws_lost) {
2223         crw_cont->crw.flags |= CRW_FLAGS_MASK_R;
2224         channel_subsys.crws_lost = false;
2225     }
2226 
2227     QTAILQ_INSERT_TAIL(&channel_subsys.pending_crws, crw_cont, sibling);
2228 
2229     if (channel_subsys.do_crw_mchk) {
2230         channel_subsys.do_crw_mchk = false;
2231         /* Inject crw pending machine check. */
2232         s390_crw_mchk();
2233     }
2234 }
2235 
2236 void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
2237                            int hotplugged, int add)
2238 {
2239     uint8_t guest_cssid;
2240     bool chain_crw;
2241 
2242     if (add && !hotplugged) {
2243         return;
2244     }
2245     if (channel_subsys.max_cssid == 0) {
2246         /* Default cssid shows up as 0. */
2247         guest_cssid = (cssid == channel_subsys.default_cssid) ? 0 : cssid;
2248     } else {
2249         /* Show real cssid to the guest. */
2250         guest_cssid = cssid;
2251     }
2252     /*
2253      * Only notify for higher subchannel sets/channel subsystems if the
2254      * guest has enabled it.
2255      */
2256     if ((ssid > channel_subsys.max_ssid) ||
2257         (guest_cssid > channel_subsys.max_cssid) ||
2258         ((channel_subsys.max_cssid == 0) &&
2259          (cssid != channel_subsys.default_cssid))) {
2260         return;
2261     }
2262     chain_crw = (channel_subsys.max_ssid > 0) ||
2263             (channel_subsys.max_cssid > 0);
2264     css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, chain_crw ? 1 : 0, schid);
2265     if (chain_crw) {
2266         css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, 0,
2267                       (guest_cssid << 8) | (ssid << 4));
2268     }
2269     /* RW_ERC_IPI --> clear pending interrupts */
2270     css_clear_io_interrupt(css_do_build_subchannel_id(cssid, ssid), schid);
2271 }
2272 
2273 void css_generate_chp_crws(uint8_t cssid, uint8_t chpid)
2274 {
2275     /* TODO */
2276 }
2277 
2278 void css_generate_css_crws(uint8_t cssid)
2279 {
2280     if (!channel_subsys.sei_pending) {
2281         css_queue_crw(CRW_RSC_CSS, CRW_ERC_EVENT, 0, 0, cssid);
2282     }
2283     channel_subsys.sei_pending = true;
2284 }
2285 
2286 void css_clear_sei_pending(void)
2287 {
2288     channel_subsys.sei_pending = false;
2289 }
2290 
2291 int css_enable_mcsse(void)
2292 {
2293     trace_css_enable_facility("mcsse");
2294     channel_subsys.max_cssid = MAX_CSSID;
2295     return 0;
2296 }
2297 
2298 int css_enable_mss(void)
2299 {
2300     trace_css_enable_facility("mss");
2301     channel_subsys.max_ssid = MAX_SSID;
2302     return 0;
2303 }
2304 
2305 void css_reset_sch(SubchDev *sch)
2306 {
2307     PMCW *p = &sch->curr_status.pmcw;
2308 
2309     if ((p->flags & PMCW_FLAGS_MASK_ENA) != 0 && sch->disable_cb) {
2310         sch->disable_cb(sch);
2311     }
2312 
2313     p->intparm = 0;
2314     p->flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
2315                   PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
2316                   PMCW_FLAGS_MASK_MP | PMCW_FLAGS_MASK_TF);
2317     p->flags |= PMCW_FLAGS_MASK_DNV;
2318     p->devno = sch->devno;
2319     p->pim = 0x80;
2320     p->lpm = p->pim;
2321     p->pnom = 0;
2322     p->lpum = 0;
2323     p->mbi = 0;
2324     p->pom = 0xff;
2325     p->pam = 0x80;
2326     p->chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_XMWME |
2327                   PMCW_CHARS_MASK_CSENSE);
2328 
2329     memset(&sch->curr_status.scsw, 0, sizeof(sch->curr_status.scsw));
2330     sch->curr_status.mba = 0;
2331 
2332     sch->channel_prog = 0x0;
2333     sch->last_cmd_valid = false;
2334     sch->thinint_active = false;
2335 }
2336 
2337 void css_reset(void)
2338 {
2339     CrwContainer *crw_cont;
2340 
2341     /* Clean up monitoring. */
2342     channel_subsys.chnmon_active = false;
2343     channel_subsys.chnmon_area = 0;
2344 
2345     /* Clear pending CRWs. */
2346     while ((crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws))) {
2347         QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
2348         g_free(crw_cont);
2349     }
2350     channel_subsys.sei_pending = false;
2351     channel_subsys.do_crw_mchk = true;
2352     channel_subsys.crws_lost = false;
2353 
2354     /* Reset maximum ids. */
2355     channel_subsys.max_cssid = 0;
2356     channel_subsys.max_ssid = 0;
2357 }
2358 
2359 static void get_css_devid(Object *obj, Visitor *v, const char *name,
2360                           void *opaque, Error **errp)
2361 {
2362     DeviceState *dev = DEVICE(obj);
2363     Property *prop = opaque;
2364     CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
2365     char buffer[] = "xx.x.xxxx";
2366     char *p = buffer;
2367     int r;
2368 
2369     if (dev_id->valid) {
2370 
2371         r = snprintf(buffer, sizeof(buffer), "%02x.%1x.%04x", dev_id->cssid,
2372                      dev_id->ssid, dev_id->devid);
2373         assert(r == sizeof(buffer) - 1);
2374 
2375         /* drop leading zero */
2376         if (dev_id->cssid <= 0xf) {
2377             p++;
2378         }
2379     } else {
2380         snprintf(buffer, sizeof(buffer), "<unset>");
2381     }
2382 
2383     visit_type_str(v, name, &p, errp);
2384 }
2385 
2386 /*
2387  * parse <cssid>.<ssid>.<devid> and assert valid range for cssid/ssid
2388  */
2389 static void set_css_devid(Object *obj, Visitor *v, const char *name,
2390                           void *opaque, Error **errp)
2391 {
2392     DeviceState *dev = DEVICE(obj);
2393     Property *prop = opaque;
2394     CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
2395     Error *local_err = NULL;
2396     char *str;
2397     int num, n1, n2;
2398     unsigned int cssid, ssid, devid;
2399 
2400     if (dev->realized) {
2401         qdev_prop_set_after_realize(dev, name, errp);
2402         return;
2403     }
2404 
2405     visit_type_str(v, name, &str, &local_err);
2406     if (local_err) {
2407         error_propagate(errp, local_err);
2408         return;
2409     }
2410 
2411     num = sscanf(str, "%2x.%1x%n.%4x%n", &cssid, &ssid, &n1, &devid, &n2);
2412     if (num != 3 || (n2 - n1) != 5 || strlen(str) != n2) {
2413         error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
2414         goto out;
2415     }
2416     if ((cssid > MAX_CSSID) || (ssid > MAX_SSID)) {
2417         error_setg(errp, "Invalid cssid or ssid: cssid %x, ssid %x",
2418                    cssid, ssid);
2419         goto out;
2420     }
2421 
2422     dev_id->cssid = cssid;
2423     dev_id->ssid = ssid;
2424     dev_id->devid = devid;
2425     dev_id->valid = true;
2426 
2427 out:
2428     g_free(str);
2429 }
2430 
2431 const PropertyInfo css_devid_propinfo = {
2432     .name = "str",
2433     .description = "Identifier of an I/O device in the channel "
2434                    "subsystem, example: fe.1.23ab",
2435     .get = get_css_devid,
2436     .set = set_css_devid,
2437 };
2438 
2439 const PropertyInfo css_devid_ro_propinfo = {
2440     .name = "str",
2441     .description = "Read-only identifier of an I/O device in the channel "
2442                    "subsystem, example: fe.1.23ab",
2443     .get = get_css_devid,
2444 };
2445 
2446 SubchDev *css_create_sch(CssDevId bus_id, bool is_virtual, bool squash_mcss,
2447                          Error **errp)
2448 {
2449     uint16_t schid = 0;
2450     SubchDev *sch;
2451 
2452     if (bus_id.valid) {
2453         if (is_virtual != (bus_id.cssid == VIRTUAL_CSSID)) {
2454             error_setg(errp, "cssid %hhx not valid for %s devices",
2455                        bus_id.cssid,
2456                        (is_virtual ? "virtual" : "non-virtual"));
2457             return NULL;
2458         }
2459     }
2460 
2461     if (bus_id.valid) {
2462         if (squash_mcss) {
2463             bus_id.cssid = channel_subsys.default_cssid;
2464         } else if (!channel_subsys.css[bus_id.cssid]) {
2465             css_create_css_image(bus_id.cssid, false);
2466         }
2467 
2468         if (!css_find_free_subch_for_devno(bus_id.cssid, bus_id.ssid,
2469                                            bus_id.devid, &schid, errp)) {
2470             return NULL;
2471         }
2472     } else if (squash_mcss || is_virtual) {
2473         bus_id.cssid = channel_subsys.default_cssid;
2474 
2475         if (!css_find_free_subch_and_devno(bus_id.cssid, &bus_id.ssid,
2476                                            &bus_id.devid, &schid, errp)) {
2477             return NULL;
2478         }
2479     } else {
2480         for (bus_id.cssid = 0; bus_id.cssid < MAX_CSSID; ++bus_id.cssid) {
2481             if (bus_id.cssid == VIRTUAL_CSSID) {
2482                 continue;
2483             }
2484 
2485             if (!channel_subsys.css[bus_id.cssid]) {
2486                 css_create_css_image(bus_id.cssid, false);
2487             }
2488 
2489             if   (css_find_free_subch_and_devno(bus_id.cssid, &bus_id.ssid,
2490                                                 &bus_id.devid, &schid,
2491                                                 NULL)) {
2492                 break;
2493             }
2494             if (bus_id.cssid == MAX_CSSID) {
2495                 error_setg(errp, "Virtual channel subsystem is full!");
2496                 return NULL;
2497             }
2498         }
2499     }
2500 
2501     sch = g_malloc0(sizeof(*sch));
2502     sch->cssid = bus_id.cssid;
2503     sch->ssid = bus_id.ssid;
2504     sch->devno = bus_id.devid;
2505     sch->schid = schid;
2506     css_subch_assign(sch->cssid, sch->ssid, schid, sch->devno, sch);
2507     return sch;
2508 }
2509 
2510 static int css_sch_get_chpids(SubchDev *sch, CssDevId *dev_id)
2511 {
2512     char *fid_path;
2513     FILE *fd;
2514     uint32_t chpid[8];
2515     int i;
2516     PMCW *p = &sch->curr_status.pmcw;
2517 
2518     fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/chpids",
2519                                dev_id->cssid, dev_id->ssid, dev_id->devid);
2520     fd = fopen(fid_path, "r");
2521     if (fd == NULL) {
2522         error_report("%s: open %s failed", __func__, fid_path);
2523         g_free(fid_path);
2524         return -EINVAL;
2525     }
2526 
2527     if (fscanf(fd, "%x %x %x %x %x %x %x %x",
2528         &chpid[0], &chpid[1], &chpid[2], &chpid[3],
2529         &chpid[4], &chpid[5], &chpid[6], &chpid[7]) != 8) {
2530         fclose(fd);
2531         g_free(fid_path);
2532         return -EINVAL;
2533     }
2534 
2535     for (i = 0; i < ARRAY_SIZE(p->chpid); i++) {
2536         p->chpid[i] = chpid[i];
2537     }
2538 
2539     fclose(fd);
2540     g_free(fid_path);
2541 
2542     return 0;
2543 }
2544 
2545 static int css_sch_get_path_masks(SubchDev *sch, CssDevId *dev_id)
2546 {
2547     char *fid_path;
2548     FILE *fd;
2549     uint32_t pim, pam, pom;
2550     PMCW *p = &sch->curr_status.pmcw;
2551 
2552     fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/pimpampom",
2553                                dev_id->cssid, dev_id->ssid, dev_id->devid);
2554     fd = fopen(fid_path, "r");
2555     if (fd == NULL) {
2556         error_report("%s: open %s failed", __func__, fid_path);
2557         g_free(fid_path);
2558         return -EINVAL;
2559     }
2560 
2561     if (fscanf(fd, "%x %x %x", &pim, &pam, &pom) != 3) {
2562         fclose(fd);
2563         g_free(fid_path);
2564         return -EINVAL;
2565     }
2566 
2567     p->pim = pim;
2568     p->pam = pam;
2569     p->pom = pom;
2570     fclose(fd);
2571     g_free(fid_path);
2572 
2573     return 0;
2574 }
2575 
2576 static int css_sch_get_chpid_type(uint8_t chpid, uint32_t *type,
2577                                   CssDevId *dev_id)
2578 {
2579     char *fid_path;
2580     FILE *fd;
2581 
2582     fid_path = g_strdup_printf("/sys/devices/css%x/chp0.%02x/type",
2583                                dev_id->cssid, chpid);
2584     fd = fopen(fid_path, "r");
2585     if (fd == NULL) {
2586         error_report("%s: open %s failed", __func__, fid_path);
2587         g_free(fid_path);
2588         return -EINVAL;
2589     }
2590 
2591     if (fscanf(fd, "%x", type) != 1) {
2592         fclose(fd);
2593         g_free(fid_path);
2594         return -EINVAL;
2595     }
2596 
2597     fclose(fd);
2598     g_free(fid_path);
2599 
2600     return 0;
2601 }
2602 
2603 /*
2604  * We currently retrieve the real device information from sysfs to build the
2605  * guest subchannel information block without considering the migration feature.
2606  * We need to revisit this problem when we want to add migration support.
2607  */
2608 int css_sch_build_schib(SubchDev *sch, CssDevId *dev_id)
2609 {
2610     CssImage *css = channel_subsys.css[sch->cssid];
2611     PMCW *p = &sch->curr_status.pmcw;
2612     SCSW *s = &sch->curr_status.scsw;
2613     uint32_t type;
2614     int i, ret;
2615 
2616     assert(css != NULL);
2617     memset(p, 0, sizeof(PMCW));
2618     p->flags |= PMCW_FLAGS_MASK_DNV;
2619     /* We are dealing with I/O subchannels only. */
2620     p->devno = sch->devno;
2621 
2622     /* Grab path mask from sysfs. */
2623     ret = css_sch_get_path_masks(sch, dev_id);
2624     if (ret) {
2625         return ret;
2626     }
2627 
2628     /* Grab chpids from sysfs. */
2629     ret = css_sch_get_chpids(sch, dev_id);
2630     if (ret) {
2631         return ret;
2632     }
2633 
2634    /* Build chpid type. */
2635     for (i = 0; i < ARRAY_SIZE(p->chpid); i++) {
2636         if (p->chpid[i] && !css->chpids[p->chpid[i]].in_use) {
2637             ret = css_sch_get_chpid_type(p->chpid[i], &type, dev_id);
2638             if (ret) {
2639                 return ret;
2640             }
2641             css_add_chpid(sch->cssid, p->chpid[i], type, false);
2642         }
2643     }
2644 
2645     memset(s, 0, sizeof(SCSW));
2646     sch->curr_status.mba = 0;
2647     for (i = 0; i < ARRAY_SIZE(sch->curr_status.mda); i++) {
2648         sch->curr_status.mda[i] = 0;
2649     }
2650 
2651     return 0;
2652 }
2653