xref: /openbmc/qemu/hw/s390x/css.c (revision 5ade579b)
1 /*
2  * Channel subsystem base support.
3  *
4  * Copyright 2012 IBM Corp.
5  * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
6  *
7  * This work is licensed under the terms of the GNU GPL, version 2 or (at
8  * your option) any later version. See the COPYING file in the top-level
9  * directory.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "qapi/error.h"
14 #include "qapi/visitor.h"
15 #include "qemu/bitops.h"
16 #include "qemu/error-report.h"
17 #include "exec/address-spaces.h"
18 #include "cpu.h"
19 #include "hw/s390x/ioinst.h"
20 #include "hw/qdev-properties.h"
21 #include "hw/s390x/css.h"
22 #include "trace.h"
23 #include "hw/s390x/s390_flic.h"
24 #include "hw/s390x/s390-virtio-ccw.h"
25 #include "hw/s390x/s390-ccw.h"
26 
27 typedef struct CrwContainer {
28     CRW crw;
29     QTAILQ_ENTRY(CrwContainer) sibling;
30 } CrwContainer;
31 
32 static const VMStateDescription vmstate_crw = {
33     .name = "s390_crw",
34     .version_id = 1,
35     .minimum_version_id = 1,
36     .fields = (VMStateField[]) {
37         VMSTATE_UINT16(flags, CRW),
38         VMSTATE_UINT16(rsid, CRW),
39         VMSTATE_END_OF_LIST()
40     },
41 };
42 
43 static const VMStateDescription vmstate_crw_container = {
44     .name = "s390_crw_container",
45     .version_id = 1,
46     .minimum_version_id = 1,
47     .fields = (VMStateField[]) {
48         VMSTATE_STRUCT(crw, CrwContainer, 0, vmstate_crw, CRW),
49         VMSTATE_END_OF_LIST()
50     },
51 };
52 
53 typedef struct ChpInfo {
54     uint8_t in_use;
55     uint8_t type;
56     uint8_t is_virtual;
57 } ChpInfo;
58 
59 static const VMStateDescription vmstate_chp_info = {
60     .name = "s390_chp_info",
61     .version_id = 1,
62     .minimum_version_id = 1,
63     .fields = (VMStateField[]) {
64         VMSTATE_UINT8(in_use, ChpInfo),
65         VMSTATE_UINT8(type, ChpInfo),
66         VMSTATE_UINT8(is_virtual, ChpInfo),
67         VMSTATE_END_OF_LIST()
68     }
69 };
70 
71 typedef struct SubchSet {
72     SubchDev *sch[MAX_SCHID + 1];
73     unsigned long schids_used[BITS_TO_LONGS(MAX_SCHID + 1)];
74     unsigned long devnos_used[BITS_TO_LONGS(MAX_SCHID + 1)];
75 } SubchSet;
76 
77 static const VMStateDescription vmstate_scsw = {
78     .name = "s390_scsw",
79     .version_id = 1,
80     .minimum_version_id = 1,
81     .fields = (VMStateField[]) {
82         VMSTATE_UINT16(flags, SCSW),
83         VMSTATE_UINT16(ctrl, SCSW),
84         VMSTATE_UINT32(cpa, SCSW),
85         VMSTATE_UINT8(dstat, SCSW),
86         VMSTATE_UINT8(cstat, SCSW),
87         VMSTATE_UINT16(count, SCSW),
88         VMSTATE_END_OF_LIST()
89     }
90 };
91 
92 static const VMStateDescription vmstate_pmcw = {
93     .name = "s390_pmcw",
94     .version_id = 1,
95     .minimum_version_id = 1,
96     .fields = (VMStateField[]) {
97         VMSTATE_UINT32(intparm, PMCW),
98         VMSTATE_UINT16(flags, PMCW),
99         VMSTATE_UINT16(devno, PMCW),
100         VMSTATE_UINT8(lpm, PMCW),
101         VMSTATE_UINT8(pnom, PMCW),
102         VMSTATE_UINT8(lpum, PMCW),
103         VMSTATE_UINT8(pim, PMCW),
104         VMSTATE_UINT16(mbi, PMCW),
105         VMSTATE_UINT8(pom, PMCW),
106         VMSTATE_UINT8(pam, PMCW),
107         VMSTATE_UINT8_ARRAY(chpid, PMCW, 8),
108         VMSTATE_UINT32(chars, PMCW),
109         VMSTATE_END_OF_LIST()
110     }
111 };
112 
113 static const VMStateDescription vmstate_schib = {
114     .name = "s390_schib",
115     .version_id = 1,
116     .minimum_version_id = 1,
117     .fields = (VMStateField[]) {
118         VMSTATE_STRUCT(pmcw, SCHIB, 0, vmstate_pmcw, PMCW),
119         VMSTATE_STRUCT(scsw, SCHIB, 0, vmstate_scsw, SCSW),
120         VMSTATE_UINT64(mba, SCHIB),
121         VMSTATE_UINT8_ARRAY(mda, SCHIB, 4),
122         VMSTATE_END_OF_LIST()
123     }
124 };
125 
126 
127 static const VMStateDescription vmstate_ccw1 = {
128     .name = "s390_ccw1",
129     .version_id = 1,
130     .minimum_version_id = 1,
131     .fields = (VMStateField[]) {
132         VMSTATE_UINT8(cmd_code, CCW1),
133         VMSTATE_UINT8(flags, CCW1),
134         VMSTATE_UINT16(count, CCW1),
135         VMSTATE_UINT32(cda, CCW1),
136         VMSTATE_END_OF_LIST()
137     }
138 };
139 
140 static const VMStateDescription vmstate_ciw = {
141     .name = "s390_ciw",
142     .version_id = 1,
143     .minimum_version_id = 1,
144     .fields = (VMStateField[]) {
145         VMSTATE_UINT8(type, CIW),
146         VMSTATE_UINT8(command, CIW),
147         VMSTATE_UINT16(count, CIW),
148         VMSTATE_END_OF_LIST()
149     }
150 };
151 
152 static const VMStateDescription vmstate_sense_id = {
153     .name = "s390_sense_id",
154     .version_id = 1,
155     .minimum_version_id = 1,
156     .fields = (VMStateField[]) {
157         VMSTATE_UINT8(reserved, SenseId),
158         VMSTATE_UINT16(cu_type, SenseId),
159         VMSTATE_UINT8(cu_model, SenseId),
160         VMSTATE_UINT16(dev_type, SenseId),
161         VMSTATE_UINT8(dev_model, SenseId),
162         VMSTATE_UINT8(unused, SenseId),
163         VMSTATE_STRUCT_ARRAY(ciw, SenseId, MAX_CIWS, 0, vmstate_ciw, CIW),
164         VMSTATE_END_OF_LIST()
165     }
166 };
167 
168 static const VMStateDescription vmstate_orb = {
169     .name = "s390_orb",
170     .version_id = 1,
171     .minimum_version_id = 1,
172     .fields = (VMStateField[]) {
173         VMSTATE_UINT32(intparm, ORB),
174         VMSTATE_UINT16(ctrl0, ORB),
175         VMSTATE_UINT8(lpm, ORB),
176         VMSTATE_UINT8(ctrl1, ORB),
177         VMSTATE_UINT32(cpa, ORB),
178         VMSTATE_END_OF_LIST()
179     }
180 };
181 
182 static bool vmstate_schdev_orb_needed(void *opaque)
183 {
184     return css_migration_enabled();
185 }
186 
187 static const VMStateDescription vmstate_schdev_orb = {
188     .name = "s390_subch_dev/orb",
189     .version_id = 1,
190     .minimum_version_id = 1,
191     .needed = vmstate_schdev_orb_needed,
192     .fields = (VMStateField[]) {
193         VMSTATE_STRUCT(orb, SubchDev, 1, vmstate_orb, ORB),
194         VMSTATE_END_OF_LIST()
195     }
196 };
197 
198 static int subch_dev_post_load(void *opaque, int version_id);
199 static int subch_dev_pre_save(void *opaque);
200 
201 const char err_hint_devno[] = "Devno mismatch, tried to load wrong section!"
202     " Likely reason: some sequences of plug and unplug  can break"
203     " migration for machine versions prior to  2.7 (known design flaw).";
204 
205 const VMStateDescription vmstate_subch_dev = {
206     .name = "s390_subch_dev",
207     .version_id = 1,
208     .minimum_version_id = 1,
209     .post_load = subch_dev_post_load,
210     .pre_save = subch_dev_pre_save,
211     .fields = (VMStateField[]) {
212         VMSTATE_UINT8_EQUAL(cssid, SubchDev, "Bug!"),
213         VMSTATE_UINT8_EQUAL(ssid, SubchDev, "Bug!"),
214         VMSTATE_UINT16(migrated_schid, SubchDev),
215         VMSTATE_UINT16_EQUAL(devno, SubchDev, err_hint_devno),
216         VMSTATE_BOOL(thinint_active, SubchDev),
217         VMSTATE_STRUCT(curr_status, SubchDev, 0, vmstate_schib, SCHIB),
218         VMSTATE_UINT8_ARRAY(sense_data, SubchDev, 32),
219         VMSTATE_UINT64(channel_prog, SubchDev),
220         VMSTATE_STRUCT(last_cmd, SubchDev, 0, vmstate_ccw1, CCW1),
221         VMSTATE_BOOL(last_cmd_valid, SubchDev),
222         VMSTATE_STRUCT(id, SubchDev, 0, vmstate_sense_id, SenseId),
223         VMSTATE_BOOL(ccw_fmt_1, SubchDev),
224         VMSTATE_UINT8(ccw_no_data_cnt, SubchDev),
225         VMSTATE_END_OF_LIST()
226     },
227     .subsections = (const VMStateDescription * []) {
228         &vmstate_schdev_orb,
229         NULL
230     }
231 };
232 
233 typedef struct IndAddrPtrTmp {
234     IndAddr **parent;
235     uint64_t addr;
236     int32_t len;
237 } IndAddrPtrTmp;
238 
239 static int post_load_ind_addr(void *opaque, int version_id)
240 {
241     IndAddrPtrTmp *ptmp = opaque;
242     IndAddr **ind_addr = ptmp->parent;
243 
244     if (ptmp->len != 0) {
245         *ind_addr = get_indicator(ptmp->addr, ptmp->len);
246     } else {
247         *ind_addr = NULL;
248     }
249     return 0;
250 }
251 
252 static int pre_save_ind_addr(void *opaque)
253 {
254     IndAddrPtrTmp *ptmp = opaque;
255     IndAddr *ind_addr = *(ptmp->parent);
256 
257     if (ind_addr != NULL) {
258         ptmp->len = ind_addr->len;
259         ptmp->addr = ind_addr->addr;
260     } else {
261         ptmp->len = 0;
262         ptmp->addr = 0L;
263     }
264 
265     return 0;
266 }
267 
268 const VMStateDescription vmstate_ind_addr_tmp = {
269     .name = "s390_ind_addr_tmp",
270     .pre_save = pre_save_ind_addr,
271     .post_load = post_load_ind_addr,
272 
273     .fields = (VMStateField[]) {
274         VMSTATE_INT32(len, IndAddrPtrTmp),
275         VMSTATE_UINT64(addr, IndAddrPtrTmp),
276         VMSTATE_END_OF_LIST()
277     }
278 };
279 
280 const VMStateDescription vmstate_ind_addr = {
281     .name = "s390_ind_addr_tmp",
282     .fields = (VMStateField[]) {
283         VMSTATE_WITH_TMP(IndAddr*, IndAddrPtrTmp, vmstate_ind_addr_tmp),
284         VMSTATE_END_OF_LIST()
285     }
286 };
287 
288 typedef struct CssImage {
289     SubchSet *sch_set[MAX_SSID + 1];
290     ChpInfo chpids[MAX_CHPID + 1];
291 } CssImage;
292 
293 static const VMStateDescription vmstate_css_img = {
294     .name = "s390_css_img",
295     .version_id = 1,
296     .minimum_version_id = 1,
297     .fields = (VMStateField[]) {
298         /* Subchannel sets have no relevant state. */
299         VMSTATE_STRUCT_ARRAY(chpids, CssImage, MAX_CHPID + 1, 0,
300                              vmstate_chp_info, ChpInfo),
301         VMSTATE_END_OF_LIST()
302     }
303 
304 };
305 
306 typedef struct IoAdapter {
307     uint32_t id;
308     uint8_t type;
309     uint8_t isc;
310     uint8_t flags;
311 } IoAdapter;
312 
313 typedef struct ChannelSubSys {
314     QTAILQ_HEAD(, CrwContainer) pending_crws;
315     bool sei_pending;
316     bool do_crw_mchk;
317     bool crws_lost;
318     uint8_t max_cssid;
319     uint8_t max_ssid;
320     bool chnmon_active;
321     uint64_t chnmon_area;
322     CssImage *css[MAX_CSSID + 1];
323     uint8_t default_cssid;
324     /* don't migrate, see css_register_io_adapters */
325     IoAdapter *io_adapters[CSS_IO_ADAPTER_TYPE_NUMS][MAX_ISC + 1];
326     /* don't migrate, see get_indicator and IndAddrPtrTmp */
327     QTAILQ_HEAD(, IndAddr) indicator_addresses;
328 } ChannelSubSys;
329 
330 static const VMStateDescription vmstate_css = {
331     .name = "s390_css",
332     .version_id = 1,
333     .minimum_version_id = 1,
334     .fields = (VMStateField[]) {
335         VMSTATE_QTAILQ_V(pending_crws, ChannelSubSys, 1, vmstate_crw_container,
336                          CrwContainer, sibling),
337         VMSTATE_BOOL(sei_pending, ChannelSubSys),
338         VMSTATE_BOOL(do_crw_mchk, ChannelSubSys),
339         VMSTATE_BOOL(crws_lost, ChannelSubSys),
340         /* These were kind of migrated by virtio */
341         VMSTATE_UINT8(max_cssid, ChannelSubSys),
342         VMSTATE_UINT8(max_ssid, ChannelSubSys),
343         VMSTATE_BOOL(chnmon_active, ChannelSubSys),
344         VMSTATE_UINT64(chnmon_area, ChannelSubSys),
345         VMSTATE_ARRAY_OF_POINTER_TO_STRUCT(css, ChannelSubSys, MAX_CSSID + 1,
346                 0, vmstate_css_img, CssImage),
347         VMSTATE_UINT8(default_cssid, ChannelSubSys),
348         VMSTATE_END_OF_LIST()
349     }
350 };
351 
352 static ChannelSubSys channel_subsys = {
353     .pending_crws = QTAILQ_HEAD_INITIALIZER(channel_subsys.pending_crws),
354     .do_crw_mchk = true,
355     .sei_pending = false,
356     .crws_lost = false,
357     .chnmon_active = false,
358     .indicator_addresses =
359         QTAILQ_HEAD_INITIALIZER(channel_subsys.indicator_addresses),
360 };
361 
362 static int subch_dev_pre_save(void *opaque)
363 {
364     SubchDev *s = opaque;
365 
366     /* Prepare remote_schid for save */
367     s->migrated_schid = s->schid;
368 
369     return 0;
370 }
371 
372 static int subch_dev_post_load(void *opaque, int version_id)
373 {
374 
375     SubchDev *s = opaque;
376 
377     /* Re-assign the subchannel to remote_schid if necessary */
378     if (s->migrated_schid != s->schid) {
379         if (css_find_subch(true, s->cssid, s->ssid, s->schid) == s) {
380             /*
381              * Cleanup the slot before moving to s->migrated_schid provided
382              * it still belongs to us, i.e. it was not changed by previous
383              * invocation of this function.
384              */
385             css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, NULL);
386         }
387         /* It's OK to re-assign without a prior de-assign. */
388         s->schid = s->migrated_schid;
389         css_subch_assign(s->cssid, s->ssid, s->schid, s->devno, s);
390     }
391 
392     if (css_migration_enabled()) {
393         /* No compat voodoo to do ;) */
394         return 0;
395     }
396     /*
397      * Hack alert. If we don't migrate the channel subsystem status
398      * we still need to find out if the guest enabled mss/mcss-e.
399      * If the subchannel is enabled, it certainly was able to access it,
400      * so adjust the max_ssid/max_cssid values for relevant ssid/cssid
401      * values. This is not watertight, but better than nothing.
402      */
403     if (s->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA) {
404         if (s->ssid) {
405             channel_subsys.max_ssid = MAX_SSID;
406         }
407         if (s->cssid != channel_subsys.default_cssid) {
408             channel_subsys.max_cssid = MAX_CSSID;
409         }
410     }
411     return 0;
412 }
413 
414 void css_register_vmstate(void)
415 {
416     vmstate_register(NULL, 0, &vmstate_css, &channel_subsys);
417 }
418 
419 IndAddr *get_indicator(hwaddr ind_addr, int len)
420 {
421     IndAddr *indicator;
422 
423     QTAILQ_FOREACH(indicator, &channel_subsys.indicator_addresses, sibling) {
424         if (indicator->addr == ind_addr) {
425             indicator->refcnt++;
426             return indicator;
427         }
428     }
429     indicator = g_new0(IndAddr, 1);
430     indicator->addr = ind_addr;
431     indicator->len = len;
432     indicator->refcnt = 1;
433     QTAILQ_INSERT_TAIL(&channel_subsys.indicator_addresses,
434                        indicator, sibling);
435     return indicator;
436 }
437 
438 static int s390_io_adapter_map(AdapterInfo *adapter, uint64_t map_addr,
439                                bool do_map)
440 {
441     S390FLICState *fs = s390_get_flic();
442     S390FLICStateClass *fsc = s390_get_flic_class(fs);
443 
444     return fsc->io_adapter_map(fs, adapter->adapter_id, map_addr, do_map);
445 }
446 
447 void release_indicator(AdapterInfo *adapter, IndAddr *indicator)
448 {
449     assert(indicator->refcnt > 0);
450     indicator->refcnt--;
451     if (indicator->refcnt > 0) {
452         return;
453     }
454     QTAILQ_REMOVE(&channel_subsys.indicator_addresses, indicator, sibling);
455     if (indicator->map) {
456         s390_io_adapter_map(adapter, indicator->map, false);
457     }
458     g_free(indicator);
459 }
460 
461 int map_indicator(AdapterInfo *adapter, IndAddr *indicator)
462 {
463     int ret;
464 
465     if (indicator->map) {
466         return 0; /* already mapped is not an error */
467     }
468     indicator->map = indicator->addr;
469     ret = s390_io_adapter_map(adapter, indicator->map, true);
470     if ((ret != 0) && (ret != -ENOSYS)) {
471         goto out_err;
472     }
473     return 0;
474 
475 out_err:
476     indicator->map = 0;
477     return ret;
478 }
479 
480 int css_create_css_image(uint8_t cssid, bool default_image)
481 {
482     trace_css_new_image(cssid, default_image ? "(default)" : "");
483     /* 255 is reserved */
484     if (cssid == 255) {
485         return -EINVAL;
486     }
487     if (channel_subsys.css[cssid]) {
488         return -EBUSY;
489     }
490     channel_subsys.css[cssid] = g_new0(CssImage, 1);
491     if (default_image) {
492         channel_subsys.default_cssid = cssid;
493     }
494     return 0;
495 }
496 
497 uint32_t css_get_adapter_id(CssIoAdapterType type, uint8_t isc)
498 {
499     if (type >= CSS_IO_ADAPTER_TYPE_NUMS || isc > MAX_ISC ||
500         !channel_subsys.io_adapters[type][isc]) {
501         return -1;
502     }
503 
504     return channel_subsys.io_adapters[type][isc]->id;
505 }
506 
507 /**
508  * css_register_io_adapters: Register I/O adapters per ISC during init
509  *
510  * @swap: an indication if byte swap is needed.
511  * @maskable: an indication if the adapter is subject to the mask operation.
512  * @flags: further characteristics of the adapter.
513  *         e.g. suppressible, an indication if the adapter is subject to AIS.
514  * @errp: location to store error information.
515  */
516 void css_register_io_adapters(CssIoAdapterType type, bool swap, bool maskable,
517                               uint8_t flags, Error **errp)
518 {
519     uint32_t id;
520     int ret, isc;
521     IoAdapter *adapter;
522     S390FLICState *fs = s390_get_flic();
523     S390FLICStateClass *fsc = s390_get_flic_class(fs);
524 
525     /*
526      * Disallow multiple registrations for the same device type.
527      * Report an error if registering for an already registered type.
528      */
529     if (channel_subsys.io_adapters[type][0]) {
530         error_setg(errp, "Adapters for type %d already registered", type);
531     }
532 
533     for (isc = 0; isc <= MAX_ISC; isc++) {
534         id = (type << 3) | isc;
535         ret = fsc->register_io_adapter(fs, id, isc, swap, maskable, flags);
536         if (ret == 0) {
537             adapter = g_new0(IoAdapter, 1);
538             adapter->id = id;
539             adapter->isc = isc;
540             adapter->type = type;
541             adapter->flags = flags;
542             channel_subsys.io_adapters[type][isc] = adapter;
543         } else {
544             error_setg_errno(errp, -ret, "Unexpected error %d when "
545                              "registering adapter %d", ret, id);
546             break;
547         }
548     }
549 
550     /*
551      * No need to free registered adapters in kvm: kvm will clean up
552      * when the machine goes away.
553      */
554     if (ret) {
555         for (isc--; isc >= 0; isc--) {
556             g_free(channel_subsys.io_adapters[type][isc]);
557             channel_subsys.io_adapters[type][isc] = NULL;
558         }
559     }
560 
561 }
562 
563 static void css_clear_io_interrupt(uint16_t subchannel_id,
564                                    uint16_t subchannel_nr)
565 {
566     Error *err = NULL;
567     static bool no_clear_irq;
568     S390FLICState *fs = s390_get_flic();
569     S390FLICStateClass *fsc = s390_get_flic_class(fs);
570     int r;
571 
572     if (unlikely(no_clear_irq)) {
573         return;
574     }
575     r = fsc->clear_io_irq(fs, subchannel_id, subchannel_nr);
576     switch (r) {
577     case 0:
578         break;
579     case -ENOSYS:
580         no_clear_irq = true;
581         /*
582         * Ignore unavailability, as the user can't do anything
583         * about it anyway.
584         */
585         break;
586     default:
587         error_setg_errno(&err, -r, "unexpected error condition");
588         error_propagate(&error_abort, err);
589     }
590 }
591 
592 static inline uint16_t css_do_build_subchannel_id(uint8_t cssid, uint8_t ssid)
593 {
594     if (channel_subsys.max_cssid > 0) {
595         return (cssid << 8) | (1 << 3) | (ssid << 1) | 1;
596     }
597     return (ssid << 1) | 1;
598 }
599 
600 uint16_t css_build_subchannel_id(SubchDev *sch)
601 {
602     return css_do_build_subchannel_id(sch->cssid, sch->ssid);
603 }
604 
605 void css_inject_io_interrupt(SubchDev *sch)
606 {
607     uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
608 
609     trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
610                            sch->curr_status.pmcw.intparm, isc, "");
611     s390_io_interrupt(css_build_subchannel_id(sch),
612                       sch->schid,
613                       sch->curr_status.pmcw.intparm,
614                       isc << 27);
615 }
616 
617 void css_conditional_io_interrupt(SubchDev *sch)
618 {
619     /*
620      * If the subchannel is not enabled, it is not made status pending
621      * (see PoP p. 16-17, "Status Control").
622      */
623     if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ENA)) {
624         return;
625     }
626 
627     /*
628      * If the subchannel is not currently status pending, make it pending
629      * with alert status.
630      */
631     if (!(sch->curr_status.scsw.ctrl & SCSW_STCTL_STATUS_PEND)) {
632         uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
633 
634         trace_css_io_interrupt(sch->cssid, sch->ssid, sch->schid,
635                                sch->curr_status.pmcw.intparm, isc,
636                                "(unsolicited)");
637         sch->curr_status.scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
638         sch->curr_status.scsw.ctrl |=
639             SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
640         /* Inject an I/O interrupt. */
641         s390_io_interrupt(css_build_subchannel_id(sch),
642                           sch->schid,
643                           sch->curr_status.pmcw.intparm,
644                           isc << 27);
645     }
646 }
647 
648 int css_do_sic(CPUS390XState *env, uint8_t isc, uint16_t mode)
649 {
650     S390FLICState *fs = s390_get_flic();
651     S390FLICStateClass *fsc = s390_get_flic_class(fs);
652     int r;
653 
654     if (env->psw.mask & PSW_MASK_PSTATE) {
655         r = -PGM_PRIVILEGED;
656         goto out;
657     }
658 
659     trace_css_do_sic(mode, isc);
660     switch (mode) {
661     case SIC_IRQ_MODE_ALL:
662     case SIC_IRQ_MODE_SINGLE:
663         break;
664     default:
665         r = -PGM_OPERAND;
666         goto out;
667     }
668 
669     r = fsc->modify_ais_mode(fs, isc, mode) ? -PGM_OPERATION : 0;
670 out:
671     return r;
672 }
673 
674 void css_adapter_interrupt(CssIoAdapterType type, uint8_t isc)
675 {
676     S390FLICState *fs = s390_get_flic();
677     S390FLICStateClass *fsc = s390_get_flic_class(fs);
678     uint32_t io_int_word = (isc << 27) | IO_INT_WORD_AI;
679     IoAdapter *adapter = channel_subsys.io_adapters[type][isc];
680 
681     if (!adapter) {
682         return;
683     }
684 
685     trace_css_adapter_interrupt(isc);
686     if (fs->ais_supported) {
687         if (fsc->inject_airq(fs, type, isc, adapter->flags)) {
688             error_report("Failed to inject airq with AIS supported");
689             exit(1);
690         }
691     } else {
692         s390_io_interrupt(0, 0, 0, io_int_word);
693     }
694 }
695 
696 static void sch_handle_clear_func(SubchDev *sch)
697 {
698     SCHIB *schib = &sch->curr_status;
699     int path;
700 
701     /* Path management: In our simple css, we always choose the only path. */
702     path = 0x80;
703 
704     /* Reset values prior to 'issuing the clear signal'. */
705     schib->pmcw.lpum = 0;
706     schib->pmcw.pom = 0xff;
707     schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
708 
709     /* We always 'attempt to issue the clear signal', and we always succeed. */
710     sch->channel_prog = 0x0;
711     sch->last_cmd_valid = false;
712     schib->scsw.ctrl &= ~SCSW_ACTL_CLEAR_PEND;
713     schib->scsw.ctrl |= SCSW_STCTL_STATUS_PEND;
714 
715     schib->scsw.dstat = 0;
716     schib->scsw.cstat = 0;
717     schib->pmcw.lpum = path;
718 
719 }
720 
721 static void sch_handle_halt_func(SubchDev *sch)
722 {
723     SCHIB *schib = &sch->curr_status;
724     hwaddr curr_ccw = sch->channel_prog;
725     int path;
726 
727     /* Path management: In our simple css, we always choose the only path. */
728     path = 0x80;
729 
730     /* We always 'attempt to issue the halt signal', and we always succeed. */
731     sch->channel_prog = 0x0;
732     sch->last_cmd_valid = false;
733     schib->scsw.ctrl &= ~SCSW_ACTL_HALT_PEND;
734     schib->scsw.ctrl |= SCSW_STCTL_STATUS_PEND;
735 
736     if ((schib->scsw.ctrl & (SCSW_ACTL_SUBCH_ACTIVE |
737                              SCSW_ACTL_DEVICE_ACTIVE)) ||
738         !((schib->scsw.ctrl & SCSW_ACTL_START_PEND) ||
739           (schib->scsw.ctrl & SCSW_ACTL_SUSP))) {
740         schib->scsw.dstat = SCSW_DSTAT_DEVICE_END;
741     }
742     if ((schib->scsw.ctrl & (SCSW_ACTL_SUBCH_ACTIVE |
743                              SCSW_ACTL_DEVICE_ACTIVE)) ||
744         (schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
745         schib->scsw.cpa = curr_ccw + 8;
746     }
747     schib->scsw.cstat = 0;
748     schib->pmcw.lpum = path;
749 
750 }
751 
752 /*
753  * As the SenseId struct cannot be packed (would cause unaligned accesses), we
754  * have to copy the individual fields to an unstructured area using the correct
755  * layout (see SA22-7204-01 "Common I/O-Device Commands").
756  */
757 static void copy_sense_id_to_guest(uint8_t *dest, SenseId *src)
758 {
759     int i;
760 
761     dest[0] = src->reserved;
762     stw_be_p(dest + 1, src->cu_type);
763     dest[3] = src->cu_model;
764     stw_be_p(dest + 4, src->dev_type);
765     dest[6] = src->dev_model;
766     dest[7] = src->unused;
767     for (i = 0; i < ARRAY_SIZE(src->ciw); i++) {
768         dest[8 + i * 4] = src->ciw[i].type;
769         dest[9 + i * 4] = src->ciw[i].command;
770         stw_be_p(dest + 10 + i * 4, src->ciw[i].count);
771     }
772 }
773 
774 static CCW1 copy_ccw_from_guest(hwaddr addr, bool fmt1)
775 {
776     CCW0 tmp0;
777     CCW1 tmp1;
778     CCW1 ret;
779 
780     if (fmt1) {
781         cpu_physical_memory_read(addr, &tmp1, sizeof(tmp1));
782         ret.cmd_code = tmp1.cmd_code;
783         ret.flags = tmp1.flags;
784         ret.count = be16_to_cpu(tmp1.count);
785         ret.cda = be32_to_cpu(tmp1.cda);
786     } else {
787         cpu_physical_memory_read(addr, &tmp0, sizeof(tmp0));
788         if ((tmp0.cmd_code & 0x0f) == CCW_CMD_TIC) {
789             ret.cmd_code = CCW_CMD_TIC;
790             ret.flags = 0;
791             ret.count = 0;
792         } else {
793             ret.cmd_code = tmp0.cmd_code;
794             ret.flags = tmp0.flags;
795             ret.count = be16_to_cpu(tmp0.count);
796         }
797         ret.cda = be16_to_cpu(tmp0.cda1) | (tmp0.cda0 << 16);
798     }
799     return ret;
800 }
801 /**
802  * If out of bounds marks the stream broken. If broken returns -EINVAL,
803  * otherwise the requested length (may be zero)
804  */
805 static inline int cds_check_len(CcwDataStream *cds, int len)
806 {
807     if (cds->at_byte + len > cds->count) {
808         cds->flags |= CDS_F_STREAM_BROKEN;
809     }
810     return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
811 }
812 
813 static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
814 {
815     return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
816 }
817 
818 static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
819                                   CcwDataStreamOp op)
820 {
821     int ret;
822 
823     ret = cds_check_len(cds, len);
824     if (ret <= 0) {
825         return ret;
826     }
827     if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
828         return -EINVAL; /* channel program check */
829     }
830     if (op == CDS_OP_A) {
831         goto incr;
832     }
833     if (!cds->do_skip) {
834         ret = address_space_rw(&address_space_memory, cds->cda,
835                                MEMTXATTRS_UNSPECIFIED, buff, len, op);
836     } else {
837         ret = MEMTX_OK;
838     }
839     if (ret != MEMTX_OK) {
840         cds->flags |= CDS_F_STREAM_BROKEN;
841         return -EINVAL;
842     }
843 incr:
844     cds->at_byte += len;
845     cds->cda += len;
846     return 0;
847 }
848 
849 /* returns values between 1 and bsz, where bsz is a power of 2 */
850 static inline uint16_t ida_continuous_left(hwaddr cda, uint64_t bsz)
851 {
852     return bsz - (cda & (bsz - 1));
853 }
854 
855 static inline uint64_t ccw_ida_block_size(uint8_t flags)
856 {
857     if ((flags & CDS_F_C64) && !(flags & CDS_F_I2K)) {
858         return 1ULL << 12;
859     }
860     return 1ULL << 11;
861 }
862 
863 static inline int ida_read_next_idaw(CcwDataStream *cds)
864 {
865     union {uint64_t fmt2; uint32_t fmt1; } idaw;
866     int ret;
867     hwaddr idaw_addr;
868     bool idaw_fmt2 = cds->flags & CDS_F_C64;
869     bool ccw_fmt1 = cds->flags & CDS_F_FMT;
870 
871     if (idaw_fmt2) {
872         idaw_addr = cds->cda_orig + sizeof(idaw.fmt2) * cds->at_idaw;
873         if (idaw_addr & 0x07 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
874             return -EINVAL; /* channel program check */
875         }
876         ret = address_space_read(&address_space_memory, idaw_addr,
877                                  MEMTXATTRS_UNSPECIFIED, &idaw.fmt2,
878                                  sizeof(idaw.fmt2));
879         cds->cda = be64_to_cpu(idaw.fmt2);
880     } else {
881         idaw_addr = cds->cda_orig + sizeof(idaw.fmt1) * cds->at_idaw;
882         if (idaw_addr & 0x03 || !cds_ccw_addrs_ok(idaw_addr, 0, ccw_fmt1)) {
883             return -EINVAL; /* channel program check */
884         }
885         ret = address_space_read(&address_space_memory, idaw_addr,
886                                  MEMTXATTRS_UNSPECIFIED, &idaw.fmt1,
887                                  sizeof(idaw.fmt1));
888         cds->cda = be64_to_cpu(idaw.fmt1);
889         if (cds->cda & 0x80000000) {
890             return -EINVAL; /* channel program check */
891         }
892     }
893     ++(cds->at_idaw);
894     if (ret != MEMTX_OK) {
895         /* assume inaccessible address */
896         return -EINVAL; /* channel program check */
897     }
898     return 0;
899 }
900 
901 static int ccw_dstream_rw_ida(CcwDataStream *cds, void *buff, int len,
902                               CcwDataStreamOp op)
903 {
904     uint64_t bsz = ccw_ida_block_size(cds->flags);
905     int ret = 0;
906     uint16_t cont_left, iter_len;
907 
908     ret = cds_check_len(cds, len);
909     if (ret <= 0) {
910         return ret;
911     }
912     if (!cds->at_idaw) {
913         /* read first idaw */
914         ret = ida_read_next_idaw(cds);
915         if (ret) {
916             goto err;
917         }
918         cont_left = ida_continuous_left(cds->cda, bsz);
919     } else {
920         cont_left = ida_continuous_left(cds->cda, bsz);
921         if (cont_left == bsz) {
922             ret = ida_read_next_idaw(cds);
923             if (ret) {
924                 goto err;
925             }
926             if (cds->cda & (bsz - 1)) {
927                 ret = -EINVAL; /* channel program check */
928                 goto err;
929             }
930         }
931     }
932     do {
933         iter_len = MIN(len, cont_left);
934         if (op != CDS_OP_A) {
935             if (!cds->do_skip) {
936                 ret = address_space_rw(&address_space_memory, cds->cda,
937                                        MEMTXATTRS_UNSPECIFIED, buff, iter_len,
938                                        op);
939             } else {
940                 ret = MEMTX_OK;
941             }
942             if (ret != MEMTX_OK) {
943                 /* assume inaccessible address */
944                 ret = -EINVAL; /* channel program check */
945                 goto err;
946             }
947         }
948         cds->at_byte += iter_len;
949         cds->cda += iter_len;
950         len -= iter_len;
951         if (!len) {
952             break;
953         }
954         ret = ida_read_next_idaw(cds);
955         if (ret) {
956             goto err;
957         }
958         cont_left = bsz;
959     } while (true);
960     return ret;
961 err:
962     cds->flags |= CDS_F_STREAM_BROKEN;
963     return ret;
964 }
965 
966 void ccw_dstream_init(CcwDataStream *cds, CCW1 const *ccw, ORB const *orb)
967 {
968     /*
969      * We don't support MIDA (an optional facility) yet and we
970      * catch this earlier. Just for expressing the precondition.
971      */
972     g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
973     cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
974                  (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
975                  (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
976                  (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
977 
978     cds->count = ccw->count;
979     cds->cda_orig = ccw->cda;
980     /* skip is only effective for read, read backwards, or sense commands */
981     cds->do_skip = (ccw->flags & CCW_FLAG_SKIP) &&
982         ((ccw->cmd_code & 0x0f) == CCW_CMD_BASIC_SENSE ||
983          (ccw->cmd_code & 0x03) == 0x02 /* read */ ||
984          (ccw->cmd_code & 0x0f) == 0x0c /* read backwards */);
985     ccw_dstream_rewind(cds);
986     if (!(cds->flags & CDS_F_IDA)) {
987         cds->op_handler = ccw_dstream_rw_noflags;
988     } else {
989         cds->op_handler = ccw_dstream_rw_ida;
990     }
991 }
992 
993 static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
994                              bool suspend_allowed)
995 {
996     int ret;
997     bool check_len;
998     int len;
999     CCW1 ccw;
1000 
1001     if (!ccw_addr) {
1002         return -EINVAL; /* channel-program check */
1003     }
1004     /* Check doubleword aligned and 31 or 24 (fmt 0) bit addressable. */
1005     if (ccw_addr & (sch->ccw_fmt_1 ? 0x80000007 : 0xff000007)) {
1006         return -EINVAL;
1007     }
1008 
1009     /* Translate everything to format-1 ccws - the information is the same. */
1010     ccw = copy_ccw_from_guest(ccw_addr, sch->ccw_fmt_1);
1011 
1012     /* Check for invalid command codes. */
1013     if ((ccw.cmd_code & 0x0f) == 0) {
1014         return -EINVAL;
1015     }
1016     if (((ccw.cmd_code & 0x0f) == CCW_CMD_TIC) &&
1017         ((ccw.cmd_code & 0xf0) != 0)) {
1018         return -EINVAL;
1019     }
1020     if (!sch->ccw_fmt_1 && (ccw.count == 0) &&
1021         (ccw.cmd_code != CCW_CMD_TIC)) {
1022         return -EINVAL;
1023     }
1024 
1025     /* We don't support MIDA. */
1026     if (ccw.flags & CCW_FLAG_MIDA) {
1027         return -EINVAL;
1028     }
1029 
1030     if (ccw.flags & CCW_FLAG_SUSPEND) {
1031         return suspend_allowed ? -EINPROGRESS : -EINVAL;
1032     }
1033 
1034     check_len = !((ccw.flags & CCW_FLAG_SLI) && !(ccw.flags & CCW_FLAG_DC));
1035 
1036     if (!ccw.cda) {
1037         if (sch->ccw_no_data_cnt == 255) {
1038             return -EINVAL;
1039         }
1040         sch->ccw_no_data_cnt++;
1041     }
1042 
1043     /* Look at the command. */
1044     ccw_dstream_init(&sch->cds, &ccw, &(sch->orb));
1045     switch (ccw.cmd_code) {
1046     case CCW_CMD_NOOP:
1047         /* Nothing to do. */
1048         ret = 0;
1049         break;
1050     case CCW_CMD_BASIC_SENSE:
1051         if (check_len) {
1052             if (ccw.count != sizeof(sch->sense_data)) {
1053                 ret = -EINVAL;
1054                 break;
1055             }
1056         }
1057         len = MIN(ccw.count, sizeof(sch->sense_data));
1058         ccw_dstream_write_buf(&sch->cds, sch->sense_data, len);
1059         sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1060         memset(sch->sense_data, 0, sizeof(sch->sense_data));
1061         ret = 0;
1062         break;
1063     case CCW_CMD_SENSE_ID:
1064     {
1065         /* According to SA22-7204-01, Sense-ID can store up to 256 bytes */
1066         uint8_t sense_id[256];
1067 
1068         copy_sense_id_to_guest(sense_id, &sch->id);
1069         /* Sense ID information is device specific. */
1070         if (check_len) {
1071             if (ccw.count != sizeof(sense_id)) {
1072                 ret = -EINVAL;
1073                 break;
1074             }
1075         }
1076         len = MIN(ccw.count, sizeof(sense_id));
1077         /*
1078          * Only indicate 0xff in the first sense byte if we actually
1079          * have enough place to store at least bytes 0-3.
1080          */
1081         if (len >= 4) {
1082             sense_id[0] = 0xff;
1083         } else {
1084             sense_id[0] = 0;
1085         }
1086         ccw_dstream_write_buf(&sch->cds, sense_id, len);
1087         sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
1088         ret = 0;
1089         break;
1090     }
1091     case CCW_CMD_TIC:
1092         if (sch->last_cmd_valid && (sch->last_cmd.cmd_code == CCW_CMD_TIC)) {
1093             ret = -EINVAL;
1094             break;
1095         }
1096         if (ccw.flags || ccw.count) {
1097             /* We have already sanitized these if converted from fmt 0. */
1098             ret = -EINVAL;
1099             break;
1100         }
1101         sch->channel_prog = ccw.cda;
1102         ret = -EAGAIN;
1103         break;
1104     default:
1105         if (sch->ccw_cb) {
1106             /* Handle device specific commands. */
1107             ret = sch->ccw_cb(sch, ccw);
1108         } else {
1109             ret = -ENOSYS;
1110         }
1111         break;
1112     }
1113     sch->last_cmd = ccw;
1114     sch->last_cmd_valid = true;
1115     if (ret == 0) {
1116         if (ccw.flags & CCW_FLAG_CC) {
1117             sch->channel_prog += 8;
1118             ret = -EAGAIN;
1119         }
1120     }
1121 
1122     return ret;
1123 }
1124 
1125 static void sch_handle_start_func_virtual(SubchDev *sch)
1126 {
1127     SCHIB *schib = &sch->curr_status;
1128     int path;
1129     int ret;
1130     bool suspend_allowed;
1131 
1132     /* Path management: In our simple css, we always choose the only path. */
1133     path = 0x80;
1134 
1135     if (!(schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
1136         /* Start Function triggered via ssch, i.e. we have an ORB */
1137         ORB *orb = &sch->orb;
1138         schib->scsw.cstat = 0;
1139         schib->scsw.dstat = 0;
1140         /* Look at the orb and try to execute the channel program. */
1141         schib->pmcw.intparm = orb->intparm;
1142         if (!(orb->lpm & path)) {
1143             /* Generate a deferred cc 3 condition. */
1144             schib->scsw.flags |= SCSW_FLAGS_MASK_CC;
1145             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1146             schib->scsw.ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
1147             return;
1148         }
1149         sch->ccw_fmt_1 = !!(orb->ctrl0 & ORB_CTRL0_MASK_FMT);
1150         schib->scsw.flags |= (sch->ccw_fmt_1) ? SCSW_FLAGS_MASK_FMT : 0;
1151         sch->ccw_no_data_cnt = 0;
1152         suspend_allowed = !!(orb->ctrl0 & ORB_CTRL0_MASK_SPND);
1153     } else {
1154         /* Start Function resumed via rsch */
1155         schib->scsw.ctrl &= ~(SCSW_ACTL_SUSP | SCSW_ACTL_RESUME_PEND);
1156         /* The channel program had been suspended before. */
1157         suspend_allowed = true;
1158     }
1159     sch->last_cmd_valid = false;
1160     do {
1161         ret = css_interpret_ccw(sch, sch->channel_prog, suspend_allowed);
1162         switch (ret) {
1163         case -EAGAIN:
1164             /* ccw chain, continue processing */
1165             break;
1166         case 0:
1167             /* success */
1168             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1169             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1170             schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1171                     SCSW_STCTL_STATUS_PEND;
1172             schib->scsw.dstat = SCSW_DSTAT_CHANNEL_END | SCSW_DSTAT_DEVICE_END;
1173             schib->scsw.cpa = sch->channel_prog + 8;
1174             break;
1175         case -EIO:
1176             /* I/O errors, status depends on specific devices */
1177             break;
1178         case -ENOSYS:
1179             /* unsupported command, generate unit check (command reject) */
1180             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1181             schib->scsw.dstat = SCSW_DSTAT_UNIT_CHECK;
1182             /* Set sense bit 0 in ecw0. */
1183             sch->sense_data[0] = 0x80;
1184             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1185             schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1186                     SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1187             schib->scsw.cpa = sch->channel_prog + 8;
1188             break;
1189         case -EINPROGRESS:
1190             /* channel program has been suspended */
1191             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1192             schib->scsw.ctrl |= SCSW_ACTL_SUSP;
1193             break;
1194         default:
1195             /* error, generate channel program check */
1196             schib->scsw.ctrl &= ~SCSW_ACTL_START_PEND;
1197             schib->scsw.cstat = SCSW_CSTAT_PROG_CHECK;
1198             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1199             schib->scsw.ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
1200                     SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
1201             schib->scsw.cpa = sch->channel_prog + 8;
1202             break;
1203         }
1204     } while (ret == -EAGAIN);
1205 
1206 }
1207 
1208 static void sch_handle_halt_func_passthrough(SubchDev *sch)
1209 {
1210     int ret;
1211 
1212     ret = s390_ccw_halt(sch);
1213     if (ret == -ENOSYS) {
1214         sch_handle_halt_func(sch);
1215     }
1216 }
1217 
1218 static void sch_handle_clear_func_passthrough(SubchDev *sch)
1219 {
1220     int ret;
1221 
1222     ret = s390_ccw_clear(sch);
1223     if (ret == -ENOSYS) {
1224         sch_handle_clear_func(sch);
1225     }
1226 }
1227 
1228 static IOInstEnding sch_handle_start_func_passthrough(SubchDev *sch)
1229 {
1230     SCHIB *schib = &sch->curr_status;
1231     ORB *orb = &sch->orb;
1232     if (!(schib->scsw.ctrl & SCSW_ACTL_SUSP)) {
1233         assert(orb != NULL);
1234         schib->pmcw.intparm = orb->intparm;
1235     }
1236     return s390_ccw_cmd_request(sch);
1237 }
1238 
1239 /*
1240  * On real machines, this would run asynchronously to the main vcpus.
1241  * We might want to make some parts of the ssch handling (interpreting
1242  * read/writes) asynchronous later on if we start supporting more than
1243  * our current very simple devices.
1244  */
1245 IOInstEnding do_subchannel_work_virtual(SubchDev *sch)
1246 {
1247     SCHIB *schib = &sch->curr_status;
1248 
1249     if (schib->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
1250         sch_handle_clear_func(sch);
1251     } else if (schib->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
1252         sch_handle_halt_func(sch);
1253     } else if (schib->scsw.ctrl & SCSW_FCTL_START_FUNC) {
1254         /* Triggered by both ssch and rsch. */
1255         sch_handle_start_func_virtual(sch);
1256     }
1257     css_inject_io_interrupt(sch);
1258     /* inst must succeed if this func is called */
1259     return IOINST_CC_EXPECTED;
1260 }
1261 
1262 IOInstEnding do_subchannel_work_passthrough(SubchDev *sch)
1263 {
1264     SCHIB *schib = &sch->curr_status;
1265 
1266     if (schib->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
1267         sch_handle_clear_func_passthrough(sch);
1268     } else if (schib->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
1269         sch_handle_halt_func_passthrough(sch);
1270     } else if (schib->scsw.ctrl & SCSW_FCTL_START_FUNC) {
1271         return sch_handle_start_func_passthrough(sch);
1272     }
1273     return IOINST_CC_EXPECTED;
1274 }
1275 
1276 static IOInstEnding do_subchannel_work(SubchDev *sch)
1277 {
1278     if (!sch->do_subchannel_work) {
1279         return IOINST_CC_STATUS_PRESENT;
1280     }
1281     g_assert(sch->curr_status.scsw.ctrl & SCSW_CTRL_MASK_FCTL);
1282     return sch->do_subchannel_work(sch);
1283 }
1284 
1285 static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
1286 {
1287     int i;
1288 
1289     dest->intparm = cpu_to_be32(src->intparm);
1290     dest->flags = cpu_to_be16(src->flags);
1291     dest->devno = cpu_to_be16(src->devno);
1292     dest->lpm = src->lpm;
1293     dest->pnom = src->pnom;
1294     dest->lpum = src->lpum;
1295     dest->pim = src->pim;
1296     dest->mbi = cpu_to_be16(src->mbi);
1297     dest->pom = src->pom;
1298     dest->pam = src->pam;
1299     for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1300         dest->chpid[i] = src->chpid[i];
1301     }
1302     dest->chars = cpu_to_be32(src->chars);
1303 }
1304 
1305 void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
1306 {
1307     dest->flags = cpu_to_be16(src->flags);
1308     dest->ctrl = cpu_to_be16(src->ctrl);
1309     dest->cpa = cpu_to_be32(src->cpa);
1310     dest->dstat = src->dstat;
1311     dest->cstat = src->cstat;
1312     dest->count = cpu_to_be16(src->count);
1313 }
1314 
1315 static void copy_schib_to_guest(SCHIB *dest, const SCHIB *src)
1316 {
1317     int i;
1318     /*
1319      * We copy the PMCW and SCSW in and out of local variables to
1320      * avoid taking the address of members of a packed struct.
1321      */
1322     PMCW src_pmcw, dest_pmcw;
1323     SCSW src_scsw, dest_scsw;
1324 
1325     src_pmcw = src->pmcw;
1326     copy_pmcw_to_guest(&dest_pmcw, &src_pmcw);
1327     dest->pmcw = dest_pmcw;
1328     src_scsw = src->scsw;
1329     copy_scsw_to_guest(&dest_scsw, &src_scsw);
1330     dest->scsw = dest_scsw;
1331     dest->mba = cpu_to_be64(src->mba);
1332     for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1333         dest->mda[i] = src->mda[i];
1334     }
1335 }
1336 
1337 IOInstEnding css_do_stsch(SubchDev *sch, SCHIB *schib)
1338 {
1339     int ret;
1340 
1341     /*
1342      * For some subchannels, we may want to update parts of
1343      * the schib (e.g., update path masks from the host device
1344      * for passthrough subchannels).
1345      */
1346     ret = s390_ccw_store(sch);
1347 
1348     /* Use current status. */
1349     copy_schib_to_guest(schib, &sch->curr_status);
1350     return ret;
1351 }
1352 
1353 static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
1354 {
1355     int i;
1356 
1357     dest->intparm = be32_to_cpu(src->intparm);
1358     dest->flags = be16_to_cpu(src->flags);
1359     dest->devno = be16_to_cpu(src->devno);
1360     dest->lpm = src->lpm;
1361     dest->pnom = src->pnom;
1362     dest->lpum = src->lpum;
1363     dest->pim = src->pim;
1364     dest->mbi = be16_to_cpu(src->mbi);
1365     dest->pom = src->pom;
1366     dest->pam = src->pam;
1367     for (i = 0; i < ARRAY_SIZE(dest->chpid); i++) {
1368         dest->chpid[i] = src->chpid[i];
1369     }
1370     dest->chars = be32_to_cpu(src->chars);
1371 }
1372 
1373 static void copy_scsw_from_guest(SCSW *dest, const SCSW *src)
1374 {
1375     dest->flags = be16_to_cpu(src->flags);
1376     dest->ctrl = be16_to_cpu(src->ctrl);
1377     dest->cpa = be32_to_cpu(src->cpa);
1378     dest->dstat = src->dstat;
1379     dest->cstat = src->cstat;
1380     dest->count = be16_to_cpu(src->count);
1381 }
1382 
1383 static void copy_schib_from_guest(SCHIB *dest, const SCHIB *src)
1384 {
1385     int i;
1386     /*
1387      * We copy the PMCW and SCSW in and out of local variables to
1388      * avoid taking the address of members of a packed struct.
1389      */
1390     PMCW src_pmcw, dest_pmcw;
1391     SCSW src_scsw, dest_scsw;
1392 
1393     src_pmcw = src->pmcw;
1394     copy_pmcw_from_guest(&dest_pmcw, &src_pmcw);
1395     dest->pmcw = dest_pmcw;
1396     src_scsw = src->scsw;
1397     copy_scsw_from_guest(&dest_scsw, &src_scsw);
1398     dest->scsw = dest_scsw;
1399     dest->mba = be64_to_cpu(src->mba);
1400     for (i = 0; i < ARRAY_SIZE(dest->mda); i++) {
1401         dest->mda[i] = src->mda[i];
1402     }
1403 }
1404 
1405 IOInstEnding css_do_msch(SubchDev *sch, const SCHIB *orig_schib)
1406 {
1407     SCHIB *schib = &sch->curr_status;
1408     uint16_t oldflags;
1409     SCHIB schib_copy;
1410 
1411     if (!(schib->pmcw.flags & PMCW_FLAGS_MASK_DNV)) {
1412         return IOINST_CC_EXPECTED;
1413     }
1414 
1415     if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1416         return IOINST_CC_STATUS_PRESENT;
1417     }
1418 
1419     if (schib->scsw.ctrl &
1420         (SCSW_FCTL_START_FUNC|SCSW_FCTL_HALT_FUNC|SCSW_FCTL_CLEAR_FUNC)) {
1421         return IOINST_CC_BUSY;
1422     }
1423 
1424     copy_schib_from_guest(&schib_copy, orig_schib);
1425     /* Only update the program-modifiable fields. */
1426     schib->pmcw.intparm = schib_copy.pmcw.intparm;
1427     oldflags = schib->pmcw.flags;
1428     schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1429                   PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1430                   PMCW_FLAGS_MASK_MP);
1431     schib->pmcw.flags |= schib_copy.pmcw.flags &
1432             (PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
1433              PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
1434              PMCW_FLAGS_MASK_MP);
1435     schib->pmcw.lpm = schib_copy.pmcw.lpm;
1436     schib->pmcw.mbi = schib_copy.pmcw.mbi;
1437     schib->pmcw.pom = schib_copy.pmcw.pom;
1438     schib->pmcw.chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1439     schib->pmcw.chars |= schib_copy.pmcw.chars &
1440             (PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_CSENSE);
1441     schib->mba = schib_copy.mba;
1442 
1443     /* Has the channel been disabled? */
1444     if (sch->disable_cb && (oldflags & PMCW_FLAGS_MASK_ENA) != 0
1445         && (schib->pmcw.flags & PMCW_FLAGS_MASK_ENA) == 0) {
1446         sch->disable_cb(sch);
1447     }
1448     return IOINST_CC_EXPECTED;
1449 }
1450 
1451 IOInstEnding css_do_xsch(SubchDev *sch)
1452 {
1453     SCHIB *schib = &sch->curr_status;
1454 
1455     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1456         return IOINST_CC_NOT_OPERATIONAL;
1457     }
1458 
1459     if (schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) {
1460         return IOINST_CC_STATUS_PRESENT;
1461     }
1462 
1463     if (!(schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) ||
1464         ((schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1465         (!(schib->scsw.ctrl &
1466            (SCSW_ACTL_RESUME_PEND | SCSW_ACTL_START_PEND | SCSW_ACTL_SUSP))) ||
1467         (schib->scsw.ctrl & SCSW_ACTL_SUBCH_ACTIVE)) {
1468         return IOINST_CC_BUSY;
1469     }
1470 
1471     /* Cancel the current operation. */
1472     schib->scsw.ctrl &= ~(SCSW_FCTL_START_FUNC |
1473                  SCSW_ACTL_RESUME_PEND |
1474                  SCSW_ACTL_START_PEND |
1475                  SCSW_ACTL_SUSP);
1476     sch->channel_prog = 0x0;
1477     sch->last_cmd_valid = false;
1478     schib->scsw.dstat = 0;
1479     schib->scsw.cstat = 0;
1480     return IOINST_CC_EXPECTED;
1481 }
1482 
1483 IOInstEnding css_do_csch(SubchDev *sch)
1484 {
1485     SCHIB *schib = &sch->curr_status;
1486 
1487     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1488         return IOINST_CC_NOT_OPERATIONAL;
1489     }
1490 
1491     /* Trigger the clear function. */
1492     schib->scsw.ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);
1493     schib->scsw.ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_ACTL_CLEAR_PEND;
1494 
1495     return do_subchannel_work(sch);
1496 }
1497 
1498 IOInstEnding css_do_hsch(SubchDev *sch)
1499 {
1500     SCHIB *schib = &sch->curr_status;
1501 
1502     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1503         return IOINST_CC_NOT_OPERATIONAL;
1504     }
1505 
1506     if (((schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) == SCSW_STCTL_STATUS_PEND) ||
1507         (schib->scsw.ctrl & (SCSW_STCTL_PRIMARY |
1508                     SCSW_STCTL_SECONDARY |
1509                     SCSW_STCTL_ALERT))) {
1510         return IOINST_CC_STATUS_PRESENT;
1511     }
1512 
1513     if (schib->scsw.ctrl & (SCSW_FCTL_HALT_FUNC | SCSW_FCTL_CLEAR_FUNC)) {
1514         return IOINST_CC_BUSY;
1515     }
1516 
1517     /* Trigger the halt function. */
1518     schib->scsw.ctrl |= SCSW_FCTL_HALT_FUNC;
1519     schib->scsw.ctrl &= ~SCSW_FCTL_START_FUNC;
1520     if (((schib->scsw.ctrl & SCSW_CTRL_MASK_ACTL) ==
1521          (SCSW_ACTL_SUBCH_ACTIVE | SCSW_ACTL_DEVICE_ACTIVE)) &&
1522         ((schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL) ==
1523          SCSW_STCTL_INTERMEDIATE)) {
1524         schib->scsw.ctrl &= ~SCSW_STCTL_STATUS_PEND;
1525     }
1526     schib->scsw.ctrl |= SCSW_ACTL_HALT_PEND;
1527 
1528     return do_subchannel_work(sch);
1529 }
1530 
1531 static void css_update_chnmon(SubchDev *sch)
1532 {
1533     if (!(sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_MME)) {
1534         /* Not active. */
1535         return;
1536     }
1537     /* The counter is conveniently located at the beginning of the struct. */
1538     if (sch->curr_status.pmcw.chars & PMCW_CHARS_MASK_MBFC) {
1539         /* Format 1, per-subchannel area. */
1540         uint32_t count;
1541 
1542         count = address_space_ldl(&address_space_memory,
1543                                   sch->curr_status.mba,
1544                                   MEMTXATTRS_UNSPECIFIED,
1545                                   NULL);
1546         count++;
1547         address_space_stl(&address_space_memory, sch->curr_status.mba, count,
1548                           MEMTXATTRS_UNSPECIFIED, NULL);
1549     } else {
1550         /* Format 0, global area. */
1551         uint32_t offset;
1552         uint16_t count;
1553 
1554         offset = sch->curr_status.pmcw.mbi << 5;
1555         count = address_space_lduw(&address_space_memory,
1556                                    channel_subsys.chnmon_area + offset,
1557                                    MEMTXATTRS_UNSPECIFIED,
1558                                    NULL);
1559         count++;
1560         address_space_stw(&address_space_memory,
1561                           channel_subsys.chnmon_area + offset, count,
1562                           MEMTXATTRS_UNSPECIFIED, NULL);
1563     }
1564 }
1565 
1566 IOInstEnding css_do_ssch(SubchDev *sch, ORB *orb)
1567 {
1568     SCHIB *schib = &sch->curr_status;
1569 
1570     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1571         return IOINST_CC_NOT_OPERATIONAL;
1572     }
1573 
1574     if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1575         return IOINST_CC_STATUS_PRESENT;
1576     }
1577 
1578     if (schib->scsw.ctrl & (SCSW_FCTL_START_FUNC |
1579                    SCSW_FCTL_HALT_FUNC |
1580                    SCSW_FCTL_CLEAR_FUNC)) {
1581         return IOINST_CC_BUSY;
1582     }
1583 
1584     /* If monitoring is active, update counter. */
1585     if (channel_subsys.chnmon_active) {
1586         css_update_chnmon(sch);
1587     }
1588     sch->orb = *orb;
1589     sch->channel_prog = orb->cpa;
1590     /* Trigger the start function. */
1591     schib->scsw.ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
1592     schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1593 
1594     return do_subchannel_work(sch);
1595 }
1596 
1597 static void copy_irb_to_guest(IRB *dest, const IRB *src, const PMCW *pmcw,
1598                               int *irb_len)
1599 {
1600     int i;
1601     uint16_t stctl = src->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1602     uint16_t actl = src->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1603 
1604     copy_scsw_to_guest(&dest->scsw, &src->scsw);
1605 
1606     for (i = 0; i < ARRAY_SIZE(dest->esw); i++) {
1607         dest->esw[i] = cpu_to_be32(src->esw[i]);
1608     }
1609     for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) {
1610         dest->ecw[i] = cpu_to_be32(src->ecw[i]);
1611     }
1612     *irb_len = sizeof(*dest) - sizeof(dest->emw);
1613 
1614     /* extended measurements enabled? */
1615     if ((src->scsw.flags & SCSW_FLAGS_MASK_ESWF) ||
1616         !(pmcw->flags & PMCW_FLAGS_MASK_TF) ||
1617         !(pmcw->chars & PMCW_CHARS_MASK_XMWME)) {
1618         return;
1619     }
1620     /* extended measurements pending? */
1621     if (!(stctl & SCSW_STCTL_STATUS_PEND)) {
1622         return;
1623     }
1624     if ((stctl & SCSW_STCTL_PRIMARY) ||
1625         (stctl == SCSW_STCTL_SECONDARY) ||
1626         ((stctl & SCSW_STCTL_INTERMEDIATE) && (actl & SCSW_ACTL_SUSP))) {
1627         for (i = 0; i < ARRAY_SIZE(dest->emw); i++) {
1628             dest->emw[i] = cpu_to_be32(src->emw[i]);
1629         }
1630     }
1631     *irb_len = sizeof(*dest);
1632 }
1633 
1634 int css_do_tsch_get_irb(SubchDev *sch, IRB *target_irb, int *irb_len)
1635 {
1636     SCHIB *schib = &sch->curr_status;
1637     PMCW p;
1638     uint16_t stctl;
1639     IRB irb;
1640 
1641     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1642         return 3;
1643     }
1644 
1645     stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1646 
1647     /* Prepare the irb for the guest. */
1648     memset(&irb, 0, sizeof(IRB));
1649 
1650     /* Copy scsw from current status. */
1651     irb.scsw = schib->scsw;
1652     if (stctl & SCSW_STCTL_STATUS_PEND) {
1653         if (schib->scsw.cstat & (SCSW_CSTAT_DATA_CHECK |
1654                         SCSW_CSTAT_CHN_CTRL_CHK |
1655                         SCSW_CSTAT_INTF_CTRL_CHK)) {
1656             irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF;
1657             irb.esw[0] = 0x04804000;
1658         } else {
1659             irb.esw[0] = 0x00800000;
1660         }
1661         /* If a unit check is pending, copy sense data. */
1662         if ((schib->scsw.dstat & SCSW_DSTAT_UNIT_CHECK) &&
1663             (schib->pmcw.chars & PMCW_CHARS_MASK_CSENSE)) {
1664             int i;
1665 
1666             irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
1667             /* Attention: sense_data is already BE! */
1668             memcpy(irb.ecw, sch->sense_data, sizeof(sch->sense_data));
1669             for (i = 0; i < ARRAY_SIZE(irb.ecw); i++) {
1670                 irb.ecw[i] = be32_to_cpu(irb.ecw[i]);
1671             }
1672             irb.esw[1] = 0x01000000 | (sizeof(sch->sense_data) << 8);
1673         }
1674     }
1675     /* Store the irb to the guest. */
1676     p = schib->pmcw;
1677     copy_irb_to_guest(target_irb, &irb, &p, irb_len);
1678 
1679     return ((stctl & SCSW_STCTL_STATUS_PEND) == 0);
1680 }
1681 
1682 void css_do_tsch_update_subch(SubchDev *sch)
1683 {
1684     SCHIB *schib = &sch->curr_status;
1685     uint16_t stctl;
1686     uint16_t fctl;
1687     uint16_t actl;
1688 
1689     stctl = schib->scsw.ctrl & SCSW_CTRL_MASK_STCTL;
1690     fctl = schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL;
1691     actl = schib->scsw.ctrl & SCSW_CTRL_MASK_ACTL;
1692 
1693     /* Clear conditions on subchannel, if applicable. */
1694     if (stctl & SCSW_STCTL_STATUS_PEND) {
1695         schib->scsw.ctrl &= ~SCSW_CTRL_MASK_STCTL;
1696         if ((stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) ||
1697             ((fctl & SCSW_FCTL_HALT_FUNC) &&
1698              (actl & SCSW_ACTL_SUSP))) {
1699             schib->scsw.ctrl &= ~SCSW_CTRL_MASK_FCTL;
1700         }
1701         if (stctl != (SCSW_STCTL_INTERMEDIATE | SCSW_STCTL_STATUS_PEND)) {
1702             schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1703             schib->scsw.ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1704                          SCSW_ACTL_START_PEND |
1705                          SCSW_ACTL_HALT_PEND |
1706                          SCSW_ACTL_CLEAR_PEND |
1707                          SCSW_ACTL_SUSP);
1708         } else {
1709             if ((actl & SCSW_ACTL_SUSP) &&
1710                 (fctl & SCSW_FCTL_START_FUNC)) {
1711                 schib->scsw.flags &= ~SCSW_FLAGS_MASK_PNO;
1712                 if (fctl & SCSW_FCTL_HALT_FUNC) {
1713                     schib->scsw.ctrl &= ~(SCSW_ACTL_RESUME_PEND |
1714                                  SCSW_ACTL_START_PEND |
1715                                  SCSW_ACTL_HALT_PEND |
1716                                  SCSW_ACTL_CLEAR_PEND |
1717                                  SCSW_ACTL_SUSP);
1718                 } else {
1719                     schib->scsw.ctrl &= ~SCSW_ACTL_RESUME_PEND;
1720                 }
1721             }
1722         }
1723         /* Clear pending sense data. */
1724         if (schib->pmcw.chars & PMCW_CHARS_MASK_CSENSE) {
1725             memset(sch->sense_data, 0 , sizeof(sch->sense_data));
1726         }
1727     }
1728 }
1729 
1730 static void copy_crw_to_guest(CRW *dest, const CRW *src)
1731 {
1732     dest->flags = cpu_to_be16(src->flags);
1733     dest->rsid = cpu_to_be16(src->rsid);
1734 }
1735 
1736 int css_do_stcrw(CRW *crw)
1737 {
1738     CrwContainer *crw_cont;
1739     int ret;
1740 
1741     crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws);
1742     if (crw_cont) {
1743         QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
1744         copy_crw_to_guest(crw, &crw_cont->crw);
1745         g_free(crw_cont);
1746         ret = 0;
1747     } else {
1748         /* List was empty, turn crw machine checks on again. */
1749         memset(crw, 0, sizeof(*crw));
1750         channel_subsys.do_crw_mchk = true;
1751         ret = 1;
1752     }
1753 
1754     return ret;
1755 }
1756 
1757 static void copy_crw_from_guest(CRW *dest, const CRW *src)
1758 {
1759     dest->flags = be16_to_cpu(src->flags);
1760     dest->rsid = be16_to_cpu(src->rsid);
1761 }
1762 
1763 void css_undo_stcrw(CRW *crw)
1764 {
1765     CrwContainer *crw_cont;
1766 
1767     crw_cont = g_try_new0(CrwContainer, 1);
1768     if (!crw_cont) {
1769         channel_subsys.crws_lost = true;
1770         return;
1771     }
1772     copy_crw_from_guest(&crw_cont->crw, crw);
1773 
1774     QTAILQ_INSERT_HEAD(&channel_subsys.pending_crws, crw_cont, sibling);
1775 }
1776 
1777 int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t l_chpid,
1778                          int rfmt, void *buf)
1779 {
1780     int i, desc_size;
1781     uint32_t words[8];
1782     uint32_t chpid_type_word;
1783     CssImage *css;
1784 
1785     if (!m && !cssid) {
1786         css = channel_subsys.css[channel_subsys.default_cssid];
1787     } else {
1788         css = channel_subsys.css[cssid];
1789     }
1790     if (!css) {
1791         return 0;
1792     }
1793     desc_size = 0;
1794     for (i = f_chpid; i <= l_chpid; i++) {
1795         if (css->chpids[i].in_use) {
1796             chpid_type_word = 0x80000000 | (css->chpids[i].type << 8) | i;
1797             if (rfmt == 0) {
1798                 words[0] = cpu_to_be32(chpid_type_word);
1799                 words[1] = 0;
1800                 memcpy(buf + desc_size, words, 8);
1801                 desc_size += 8;
1802             } else if (rfmt == 1) {
1803                 words[0] = cpu_to_be32(chpid_type_word);
1804                 words[1] = 0;
1805                 words[2] = 0;
1806                 words[3] = 0;
1807                 words[4] = 0;
1808                 words[5] = 0;
1809                 words[6] = 0;
1810                 words[7] = 0;
1811                 memcpy(buf + desc_size, words, 32);
1812                 desc_size += 32;
1813             }
1814         }
1815     }
1816     return desc_size;
1817 }
1818 
1819 void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo)
1820 {
1821     /* dct is currently ignored (not really meaningful for our devices) */
1822     /* TODO: Don't ignore mbk. */
1823     if (update && !channel_subsys.chnmon_active) {
1824         /* Enable measuring. */
1825         channel_subsys.chnmon_area = mbo;
1826         channel_subsys.chnmon_active = true;
1827     }
1828     if (!update && channel_subsys.chnmon_active) {
1829         /* Disable measuring. */
1830         channel_subsys.chnmon_area = 0;
1831         channel_subsys.chnmon_active = false;
1832     }
1833 }
1834 
1835 IOInstEnding css_do_rsch(SubchDev *sch)
1836 {
1837     SCHIB *schib = &sch->curr_status;
1838 
1839     if (~(schib->pmcw.flags) & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA)) {
1840         return IOINST_CC_NOT_OPERATIONAL;
1841     }
1842 
1843     if (schib->scsw.ctrl & SCSW_STCTL_STATUS_PEND) {
1844         return IOINST_CC_STATUS_PRESENT;
1845     }
1846 
1847     if (((schib->scsw.ctrl & SCSW_CTRL_MASK_FCTL) != SCSW_FCTL_START_FUNC) ||
1848         (schib->scsw.ctrl & SCSW_ACTL_RESUME_PEND) ||
1849         (!(schib->scsw.ctrl & SCSW_ACTL_SUSP))) {
1850         return IOINST_CC_BUSY;
1851     }
1852 
1853     /* If monitoring is active, update counter. */
1854     if (channel_subsys.chnmon_active) {
1855         css_update_chnmon(sch);
1856     }
1857 
1858     schib->scsw.ctrl |= SCSW_ACTL_RESUME_PEND;
1859     return do_subchannel_work(sch);
1860 }
1861 
1862 int css_do_rchp(uint8_t cssid, uint8_t chpid)
1863 {
1864     uint8_t real_cssid;
1865 
1866     if (cssid > channel_subsys.max_cssid) {
1867         return -EINVAL;
1868     }
1869     if (channel_subsys.max_cssid == 0) {
1870         real_cssid = channel_subsys.default_cssid;
1871     } else {
1872         real_cssid = cssid;
1873     }
1874     if (!channel_subsys.css[real_cssid]) {
1875         return -EINVAL;
1876     }
1877 
1878     if (!channel_subsys.css[real_cssid]->chpids[chpid].in_use) {
1879         return -ENODEV;
1880     }
1881 
1882     if (!channel_subsys.css[real_cssid]->chpids[chpid].is_virtual) {
1883         fprintf(stderr,
1884                 "rchp unsupported for non-virtual chpid %x.%02x!\n",
1885                 real_cssid, chpid);
1886         return -ENODEV;
1887     }
1888 
1889     /* We don't really use a channel path, so we're done here. */
1890     css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1,
1891                   channel_subsys.max_cssid > 0 ? 1 : 0, chpid);
1892     if (channel_subsys.max_cssid > 0) {
1893         css_queue_crw(CRW_RSC_CHP, CRW_ERC_INIT, 1, 0, real_cssid << 8);
1894     }
1895     return 0;
1896 }
1897 
1898 bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1899 {
1900     SubchSet *set;
1901     uint8_t real_cssid;
1902 
1903     real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1904     if (ssid > MAX_SSID ||
1905         !channel_subsys.css[real_cssid] ||
1906         !channel_subsys.css[real_cssid]->sch_set[ssid]) {
1907         return true;
1908     }
1909     set = channel_subsys.css[real_cssid]->sch_set[ssid];
1910     return schid > find_last_bit(set->schids_used,
1911                                  (MAX_SCHID + 1) / sizeof(unsigned long));
1912 }
1913 
1914 unsigned int css_find_free_chpid(uint8_t cssid)
1915 {
1916     CssImage *css = channel_subsys.css[cssid];
1917     unsigned int chpid;
1918 
1919     if (!css) {
1920         return MAX_CHPID + 1;
1921     }
1922 
1923     for (chpid = 0; chpid <= MAX_CHPID; chpid++) {
1924         /* skip reserved chpid */
1925         if (chpid == VIRTIO_CCW_CHPID) {
1926             continue;
1927         }
1928         if (!css->chpids[chpid].in_use) {
1929             return chpid;
1930         }
1931     }
1932     return MAX_CHPID + 1;
1933 }
1934 
1935 static int css_add_chpid(uint8_t cssid, uint8_t chpid, uint8_t type,
1936                          bool is_virt)
1937 {
1938     CssImage *css;
1939 
1940     trace_css_chpid_add(cssid, chpid, type);
1941     css = channel_subsys.css[cssid];
1942     if (!css) {
1943         return -EINVAL;
1944     }
1945     if (css->chpids[chpid].in_use) {
1946         return -EEXIST;
1947     }
1948     css->chpids[chpid].in_use = 1;
1949     css->chpids[chpid].type = type;
1950     css->chpids[chpid].is_virtual = is_virt;
1951 
1952     css_generate_chp_crws(cssid, chpid);
1953 
1954     return 0;
1955 }
1956 
1957 void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type)
1958 {
1959     SCHIB *schib = &sch->curr_status;
1960     int i;
1961     CssImage *css = channel_subsys.css[sch->cssid];
1962 
1963     assert(css != NULL);
1964     memset(&schib->pmcw, 0, sizeof(PMCW));
1965     schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
1966     schib->pmcw.devno = sch->devno;
1967     /* single path */
1968     schib->pmcw.pim = 0x80;
1969     schib->pmcw.pom = 0xff;
1970     schib->pmcw.pam = 0x80;
1971     schib->pmcw.chpid[0] = chpid;
1972     if (!css->chpids[chpid].in_use) {
1973         css_add_chpid(sch->cssid, chpid, type, true);
1974     }
1975 
1976     memset(&schib->scsw, 0, sizeof(SCSW));
1977     schib->mba = 0;
1978     for (i = 0; i < ARRAY_SIZE(schib->mda); i++) {
1979         schib->mda[i] = 0;
1980     }
1981 }
1982 
1983 SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, uint16_t schid)
1984 {
1985     uint8_t real_cssid;
1986 
1987     real_cssid = (!m && (cssid == 0)) ? channel_subsys.default_cssid : cssid;
1988 
1989     if (!channel_subsys.css[real_cssid]) {
1990         return NULL;
1991     }
1992 
1993     if (!channel_subsys.css[real_cssid]->sch_set[ssid]) {
1994         return NULL;
1995     }
1996 
1997     return channel_subsys.css[real_cssid]->sch_set[ssid]->sch[schid];
1998 }
1999 
2000 /**
2001  * Return free device number in subchannel set.
2002  *
2003  * Return index of the first free device number in the subchannel set
2004  * identified by @p cssid and @p ssid, beginning the search at @p
2005  * start and wrapping around at MAX_DEVNO. Return a value exceeding
2006  * MAX_SCHID if there are no free device numbers in the subchannel
2007  * set.
2008  */
2009 static uint32_t css_find_free_devno(uint8_t cssid, uint8_t ssid,
2010                                     uint16_t start)
2011 {
2012     uint32_t round;
2013 
2014     for (round = 0; round <= MAX_DEVNO; round++) {
2015         uint16_t devno = (start + round) % MAX_DEVNO;
2016 
2017         if (!css_devno_used(cssid, ssid, devno)) {
2018             return devno;
2019         }
2020     }
2021     return MAX_DEVNO + 1;
2022 }
2023 
2024 /**
2025  * Return first free subchannel (id) in subchannel set.
2026  *
2027  * Return index of the first free subchannel in the subchannel set
2028  * identified by @p cssid and @p ssid, if there is any. Return a value
2029  * exceeding MAX_SCHID if there are no free subchannels in the
2030  * subchannel set.
2031  */
2032 static uint32_t css_find_free_subch(uint8_t cssid, uint8_t ssid)
2033 {
2034     uint32_t schid;
2035 
2036     for (schid = 0; schid <= MAX_SCHID; schid++) {
2037         if (!css_find_subch(1, cssid, ssid, schid)) {
2038             return schid;
2039         }
2040     }
2041     return MAX_SCHID + 1;
2042 }
2043 
2044 /**
2045  * Return first free subchannel (id) in subchannel set for a device number
2046  *
2047  * Verify the device number @p devno is not used yet in the subchannel
2048  * set identified by @p cssid and @p ssid. Set @p schid to the index
2049  * of the first free subchannel in the subchannel set, if there is
2050  * any. Return true if everything succeeded and false otherwise.
2051  */
2052 static bool css_find_free_subch_for_devno(uint8_t cssid, uint8_t ssid,
2053                                           uint16_t devno, uint16_t *schid,
2054                                           Error **errp)
2055 {
2056     uint32_t free_schid;
2057 
2058     assert(schid);
2059     if (css_devno_used(cssid, ssid, devno)) {
2060         error_setg(errp, "Device %x.%x.%04x already exists",
2061                    cssid, ssid, devno);
2062         return false;
2063     }
2064     free_schid = css_find_free_subch(cssid, ssid);
2065     if (free_schid > MAX_SCHID) {
2066         error_setg(errp, "No free subchannel found for %x.%x.%04x",
2067                    cssid, ssid, devno);
2068         return false;
2069     }
2070     *schid = free_schid;
2071     return true;
2072 }
2073 
2074 /**
2075  * Return first free subchannel (id) and device number
2076  *
2077  * Locate the first free subchannel and first free device number in
2078  * any of the subchannel sets of the channel subsystem identified by
2079  * @p cssid. Return false if no free subchannel / device number could
2080  * be found. Otherwise set @p ssid, @p devno and @p schid to identify
2081  * the available subchannel and device number and return true.
2082  *
2083  * May modify @p ssid, @p devno and / or @p schid even if no free
2084  * subchannel / device number could be found.
2085  */
2086 static bool css_find_free_subch_and_devno(uint8_t cssid, uint8_t *ssid,
2087                                           uint16_t *devno, uint16_t *schid,
2088                                           Error **errp)
2089 {
2090     uint32_t free_schid, free_devno;
2091 
2092     assert(ssid && devno && schid);
2093     for (*ssid = 0; *ssid <= MAX_SSID; (*ssid)++) {
2094         free_schid = css_find_free_subch(cssid, *ssid);
2095         if (free_schid > MAX_SCHID) {
2096             continue;
2097         }
2098         free_devno = css_find_free_devno(cssid, *ssid, free_schid);
2099         if (free_devno > MAX_DEVNO) {
2100             continue;
2101         }
2102         *schid = free_schid;
2103         *devno = free_devno;
2104         return true;
2105     }
2106     error_setg(errp, "Virtual channel subsystem is full!");
2107     return false;
2108 }
2109 
2110 bool css_subch_visible(SubchDev *sch)
2111 {
2112     if (sch->ssid > channel_subsys.max_ssid) {
2113         return false;
2114     }
2115 
2116     if (sch->cssid != channel_subsys.default_cssid) {
2117         return (channel_subsys.max_cssid > 0);
2118     }
2119 
2120     return true;
2121 }
2122 
2123 bool css_present(uint8_t cssid)
2124 {
2125     return (channel_subsys.css[cssid] != NULL);
2126 }
2127 
2128 bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno)
2129 {
2130     if (!channel_subsys.css[cssid]) {
2131         return false;
2132     }
2133     if (!channel_subsys.css[cssid]->sch_set[ssid]) {
2134         return false;
2135     }
2136 
2137     return !!test_bit(devno,
2138                       channel_subsys.css[cssid]->sch_set[ssid]->devnos_used);
2139 }
2140 
2141 void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
2142                       uint16_t devno, SubchDev *sch)
2143 {
2144     CssImage *css;
2145     SubchSet *s_set;
2146 
2147     trace_css_assign_subch(sch ? "assign" : "deassign", cssid, ssid, schid,
2148                            devno);
2149     if (!channel_subsys.css[cssid]) {
2150         fprintf(stderr,
2151                 "Suspicious call to %s (%x.%x.%04x) for non-existing css!\n",
2152                 __func__, cssid, ssid, schid);
2153         return;
2154     }
2155     css = channel_subsys.css[cssid];
2156 
2157     if (!css->sch_set[ssid]) {
2158         css->sch_set[ssid] = g_new0(SubchSet, 1);
2159     }
2160     s_set = css->sch_set[ssid];
2161 
2162     s_set->sch[schid] = sch;
2163     if (sch) {
2164         set_bit(schid, s_set->schids_used);
2165         set_bit(devno, s_set->devnos_used);
2166     } else {
2167         clear_bit(schid, s_set->schids_used);
2168         clear_bit(devno, s_set->devnos_used);
2169     }
2170 }
2171 
2172 void css_crw_add_to_queue(CRW crw)
2173 {
2174     CrwContainer *crw_cont;
2175 
2176     trace_css_crw((crw.flags & CRW_FLAGS_MASK_RSC) >> 8,
2177                   crw.flags & CRW_FLAGS_MASK_ERC,
2178                   crw.rsid,
2179                   (crw.flags & CRW_FLAGS_MASK_C) ? "(chained)" : "");
2180 
2181     /* TODO: Maybe use a static crw pool? */
2182     crw_cont = g_try_new0(CrwContainer, 1);
2183     if (!crw_cont) {
2184         channel_subsys.crws_lost = true;
2185         return;
2186     }
2187 
2188     crw_cont->crw = crw;
2189 
2190     QTAILQ_INSERT_TAIL(&channel_subsys.pending_crws, crw_cont, sibling);
2191 
2192     if (channel_subsys.do_crw_mchk) {
2193         channel_subsys.do_crw_mchk = false;
2194         /* Inject crw pending machine check. */
2195         s390_crw_mchk();
2196     }
2197 }
2198 
2199 void css_queue_crw(uint8_t rsc, uint8_t erc, int solicited,
2200                    int chain, uint16_t rsid)
2201 {
2202     CRW crw;
2203 
2204     crw.flags = (rsc << 8) | erc;
2205     if (solicited) {
2206         crw.flags |= CRW_FLAGS_MASK_S;
2207     }
2208     if (chain) {
2209         crw.flags |= CRW_FLAGS_MASK_C;
2210     }
2211     crw.rsid = rsid;
2212     if (channel_subsys.crws_lost) {
2213         crw.flags |= CRW_FLAGS_MASK_R;
2214         channel_subsys.crws_lost = false;
2215     }
2216 
2217     css_crw_add_to_queue(crw);
2218 }
2219 
2220 void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
2221                            int hotplugged, int add)
2222 {
2223     uint8_t guest_cssid;
2224     bool chain_crw;
2225 
2226     if (add && !hotplugged) {
2227         return;
2228     }
2229     if (channel_subsys.max_cssid == 0) {
2230         /* Default cssid shows up as 0. */
2231         guest_cssid = (cssid == channel_subsys.default_cssid) ? 0 : cssid;
2232     } else {
2233         /* Show real cssid to the guest. */
2234         guest_cssid = cssid;
2235     }
2236     /*
2237      * Only notify for higher subchannel sets/channel subsystems if the
2238      * guest has enabled it.
2239      */
2240     if ((ssid > channel_subsys.max_ssid) ||
2241         (guest_cssid > channel_subsys.max_cssid) ||
2242         ((channel_subsys.max_cssid == 0) &&
2243          (cssid != channel_subsys.default_cssid))) {
2244         return;
2245     }
2246     chain_crw = (channel_subsys.max_ssid > 0) ||
2247             (channel_subsys.max_cssid > 0);
2248     css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, chain_crw ? 1 : 0, schid);
2249     if (chain_crw) {
2250         css_queue_crw(CRW_RSC_SUBCH, CRW_ERC_IPI, 0, 0,
2251                       (guest_cssid << 8) | (ssid << 4));
2252     }
2253     /* RW_ERC_IPI --> clear pending interrupts */
2254     css_clear_io_interrupt(css_do_build_subchannel_id(cssid, ssid), schid);
2255 }
2256 
2257 void css_generate_chp_crws(uint8_t cssid, uint8_t chpid)
2258 {
2259     /* TODO */
2260 }
2261 
2262 void css_generate_css_crws(uint8_t cssid)
2263 {
2264     if (!channel_subsys.sei_pending) {
2265         css_queue_crw(CRW_RSC_CSS, CRW_ERC_EVENT, 0, 0, cssid);
2266     }
2267     channel_subsys.sei_pending = true;
2268 }
2269 
2270 void css_clear_sei_pending(void)
2271 {
2272     channel_subsys.sei_pending = false;
2273 }
2274 
2275 int css_enable_mcsse(void)
2276 {
2277     trace_css_enable_facility("mcsse");
2278     channel_subsys.max_cssid = MAX_CSSID;
2279     return 0;
2280 }
2281 
2282 int css_enable_mss(void)
2283 {
2284     trace_css_enable_facility("mss");
2285     channel_subsys.max_ssid = MAX_SSID;
2286     return 0;
2287 }
2288 
2289 void css_reset_sch(SubchDev *sch)
2290 {
2291     SCHIB *schib = &sch->curr_status;
2292 
2293     if ((schib->pmcw.flags & PMCW_FLAGS_MASK_ENA) != 0 && sch->disable_cb) {
2294         sch->disable_cb(sch);
2295     }
2296 
2297     schib->pmcw.intparm = 0;
2298     schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
2299                   PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
2300                   PMCW_FLAGS_MASK_MP | PMCW_FLAGS_MASK_TF);
2301     schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2302     schib->pmcw.devno = sch->devno;
2303     schib->pmcw.pim = 0x80;
2304     schib->pmcw.lpm = schib->pmcw.pim;
2305     schib->pmcw.pnom = 0;
2306     schib->pmcw.lpum = 0;
2307     schib->pmcw.mbi = 0;
2308     schib->pmcw.pom = 0xff;
2309     schib->pmcw.pam = 0x80;
2310     schib->pmcw.chars &= ~(PMCW_CHARS_MASK_MBFC | PMCW_CHARS_MASK_XMWME |
2311                   PMCW_CHARS_MASK_CSENSE);
2312 
2313     memset(&schib->scsw, 0, sizeof(schib->scsw));
2314     schib->mba = 0;
2315 
2316     sch->channel_prog = 0x0;
2317     sch->last_cmd_valid = false;
2318     sch->thinint_active = false;
2319 }
2320 
2321 void css_reset(void)
2322 {
2323     CrwContainer *crw_cont;
2324 
2325     /* Clean up monitoring. */
2326     channel_subsys.chnmon_active = false;
2327     channel_subsys.chnmon_area = 0;
2328 
2329     /* Clear pending CRWs. */
2330     while ((crw_cont = QTAILQ_FIRST(&channel_subsys.pending_crws))) {
2331         QTAILQ_REMOVE(&channel_subsys.pending_crws, crw_cont, sibling);
2332         g_free(crw_cont);
2333     }
2334     channel_subsys.sei_pending = false;
2335     channel_subsys.do_crw_mchk = true;
2336     channel_subsys.crws_lost = false;
2337 
2338     /* Reset maximum ids. */
2339     channel_subsys.max_cssid = 0;
2340     channel_subsys.max_ssid = 0;
2341 }
2342 
2343 static void get_css_devid(Object *obj, Visitor *v, const char *name,
2344                           void *opaque, Error **errp)
2345 {
2346     DeviceState *dev = DEVICE(obj);
2347     Property *prop = opaque;
2348     CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
2349     char buffer[] = "xx.x.xxxx";
2350     char *p = buffer;
2351     int r;
2352 
2353     if (dev_id->valid) {
2354 
2355         r = snprintf(buffer, sizeof(buffer), "%02x.%1x.%04x", dev_id->cssid,
2356                      dev_id->ssid, dev_id->devid);
2357         assert(r == sizeof(buffer) - 1);
2358 
2359         /* drop leading zero */
2360         if (dev_id->cssid <= 0xf) {
2361             p++;
2362         }
2363     } else {
2364         snprintf(buffer, sizeof(buffer), "<unset>");
2365     }
2366 
2367     visit_type_str(v, name, &p, errp);
2368 }
2369 
2370 /*
2371  * parse <cssid>.<ssid>.<devid> and assert valid range for cssid/ssid
2372  */
2373 static void set_css_devid(Object *obj, Visitor *v, const char *name,
2374                           void *opaque, Error **errp)
2375 {
2376     DeviceState *dev = DEVICE(obj);
2377     Property *prop = opaque;
2378     CssDevId *dev_id = qdev_get_prop_ptr(dev, prop);
2379     char *str;
2380     int num, n1, n2;
2381     unsigned int cssid, ssid, devid;
2382 
2383     if (dev->realized) {
2384         qdev_prop_set_after_realize(dev, name, errp);
2385         return;
2386     }
2387 
2388     if (!visit_type_str(v, name, &str, errp)) {
2389         return;
2390     }
2391 
2392     num = sscanf(str, "%2x.%1x%n.%4x%n", &cssid, &ssid, &n1, &devid, &n2);
2393     if (num != 3 || (n2 - n1) != 5 || strlen(str) != n2) {
2394         error_set_from_qdev_prop_error(errp, EINVAL, dev, prop, str);
2395         goto out;
2396     }
2397     if ((cssid > MAX_CSSID) || (ssid > MAX_SSID)) {
2398         error_setg(errp, "Invalid cssid or ssid: cssid %x, ssid %x",
2399                    cssid, ssid);
2400         goto out;
2401     }
2402 
2403     dev_id->cssid = cssid;
2404     dev_id->ssid = ssid;
2405     dev_id->devid = devid;
2406     dev_id->valid = true;
2407 
2408 out:
2409     g_free(str);
2410 }
2411 
2412 const PropertyInfo css_devid_propinfo = {
2413     .name = "str",
2414     .description = "Identifier of an I/O device in the channel "
2415                    "subsystem, example: fe.1.23ab",
2416     .get = get_css_devid,
2417     .set = set_css_devid,
2418 };
2419 
2420 const PropertyInfo css_devid_ro_propinfo = {
2421     .name = "str",
2422     .description = "Read-only identifier of an I/O device in the channel "
2423                    "subsystem, example: fe.1.23ab",
2424     .get = get_css_devid,
2425 };
2426 
2427 SubchDev *css_create_sch(CssDevId bus_id, Error **errp)
2428 {
2429     uint16_t schid = 0;
2430     SubchDev *sch;
2431 
2432     if (bus_id.valid) {
2433         if (!channel_subsys.css[bus_id.cssid]) {
2434             css_create_css_image(bus_id.cssid, false);
2435         }
2436 
2437         if (!css_find_free_subch_for_devno(bus_id.cssid, bus_id.ssid,
2438                                            bus_id.devid, &schid, errp)) {
2439             return NULL;
2440         }
2441     } else {
2442         for (bus_id.cssid = channel_subsys.default_cssid;;) {
2443             if (!channel_subsys.css[bus_id.cssid]) {
2444                 css_create_css_image(bus_id.cssid, false);
2445             }
2446 
2447             if   (css_find_free_subch_and_devno(bus_id.cssid, &bus_id.ssid,
2448                                                 &bus_id.devid, &schid,
2449                                                 NULL)) {
2450                 break;
2451             }
2452             bus_id.cssid = (bus_id.cssid + 1) % MAX_CSSID;
2453             if (bus_id.cssid == channel_subsys.default_cssid) {
2454                 error_setg(errp, "Virtual channel subsystem is full!");
2455                 return NULL;
2456             }
2457         }
2458     }
2459 
2460     sch = g_new0(SubchDev, 1);
2461     sch->cssid = bus_id.cssid;
2462     sch->ssid = bus_id.ssid;
2463     sch->devno = bus_id.devid;
2464     sch->schid = schid;
2465     css_subch_assign(sch->cssid, sch->ssid, schid, sch->devno, sch);
2466     return sch;
2467 }
2468 
2469 static int css_sch_get_chpids(SubchDev *sch, CssDevId *dev_id)
2470 {
2471     char *fid_path;
2472     FILE *fd;
2473     uint32_t chpid[8];
2474     int i;
2475     SCHIB *schib = &sch->curr_status;
2476 
2477     fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/chpids",
2478                                dev_id->cssid, dev_id->ssid, dev_id->devid);
2479     fd = fopen(fid_path, "r");
2480     if (fd == NULL) {
2481         error_report("%s: open %s failed", __func__, fid_path);
2482         g_free(fid_path);
2483         return -EINVAL;
2484     }
2485 
2486     if (fscanf(fd, "%x %x %x %x %x %x %x %x",
2487         &chpid[0], &chpid[1], &chpid[2], &chpid[3],
2488         &chpid[4], &chpid[5], &chpid[6], &chpid[7]) != 8) {
2489         fclose(fd);
2490         g_free(fid_path);
2491         return -EINVAL;
2492     }
2493 
2494     for (i = 0; i < ARRAY_SIZE(schib->pmcw.chpid); i++) {
2495         schib->pmcw.chpid[i] = chpid[i];
2496     }
2497 
2498     fclose(fd);
2499     g_free(fid_path);
2500 
2501     return 0;
2502 }
2503 
2504 static int css_sch_get_path_masks(SubchDev *sch, CssDevId *dev_id)
2505 {
2506     char *fid_path;
2507     FILE *fd;
2508     uint32_t pim, pam, pom;
2509     SCHIB *schib = &sch->curr_status;
2510 
2511     fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/pimpampom",
2512                                dev_id->cssid, dev_id->ssid, dev_id->devid);
2513     fd = fopen(fid_path, "r");
2514     if (fd == NULL) {
2515         error_report("%s: open %s failed", __func__, fid_path);
2516         g_free(fid_path);
2517         return -EINVAL;
2518     }
2519 
2520     if (fscanf(fd, "%x %x %x", &pim, &pam, &pom) != 3) {
2521         fclose(fd);
2522         g_free(fid_path);
2523         return -EINVAL;
2524     }
2525 
2526     schib->pmcw.pim = pim;
2527     schib->pmcw.pam = pam;
2528     schib->pmcw.pom = pom;
2529     fclose(fd);
2530     g_free(fid_path);
2531 
2532     return 0;
2533 }
2534 
2535 static int css_sch_get_chpid_type(uint8_t chpid, uint32_t *type,
2536                                   CssDevId *dev_id)
2537 {
2538     char *fid_path;
2539     FILE *fd;
2540 
2541     fid_path = g_strdup_printf("/sys/devices/css%x/chp0.%02x/type",
2542                                dev_id->cssid, chpid);
2543     fd = fopen(fid_path, "r");
2544     if (fd == NULL) {
2545         error_report("%s: open %s failed", __func__, fid_path);
2546         g_free(fid_path);
2547         return -EINVAL;
2548     }
2549 
2550     if (fscanf(fd, "%x", type) != 1) {
2551         fclose(fd);
2552         g_free(fid_path);
2553         return -EINVAL;
2554     }
2555 
2556     fclose(fd);
2557     g_free(fid_path);
2558 
2559     return 0;
2560 }
2561 
2562 /*
2563  * We currently retrieve the real device information from sysfs to build the
2564  * guest subchannel information block without considering the migration feature.
2565  * We need to revisit this problem when we want to add migration support.
2566  */
2567 int css_sch_build_schib(SubchDev *sch, CssDevId *dev_id)
2568 {
2569     CssImage *css = channel_subsys.css[sch->cssid];
2570     SCHIB *schib = &sch->curr_status;
2571     uint32_t type;
2572     int i, ret;
2573 
2574     assert(css != NULL);
2575     memset(&schib->pmcw, 0, sizeof(PMCW));
2576     schib->pmcw.flags |= PMCW_FLAGS_MASK_DNV;
2577     /* We are dealing with I/O subchannels only. */
2578     schib->pmcw.devno = sch->devno;
2579 
2580     /* Grab path mask from sysfs. */
2581     ret = css_sch_get_path_masks(sch, dev_id);
2582     if (ret) {
2583         return ret;
2584     }
2585 
2586     /* Grab chpids from sysfs. */
2587     ret = css_sch_get_chpids(sch, dev_id);
2588     if (ret) {
2589         return ret;
2590     }
2591 
2592    /* Build chpid type. */
2593     for (i = 0; i < ARRAY_SIZE(schib->pmcw.chpid); i++) {
2594         if (schib->pmcw.chpid[i] && !css->chpids[schib->pmcw.chpid[i]].in_use) {
2595             ret = css_sch_get_chpid_type(schib->pmcw.chpid[i], &type, dev_id);
2596             if (ret) {
2597                 return ret;
2598             }
2599             css_add_chpid(sch->cssid, schib->pmcw.chpid[i], type, false);
2600         }
2601     }
2602 
2603     memset(&schib->scsw, 0, sizeof(SCSW));
2604     schib->mba = 0;
2605     for (i = 0; i < ARRAY_SIZE(schib->mda); i++) {
2606         schib->mda[i] = 0;
2607     }
2608 
2609     return 0;
2610 }
2611