xref: /openbmc/qemu/hw/s390x/s390-pci-bus.c (revision f723f626)
1 /*
2  * s390 PCI BUS
3  *
4  * Copyright 2014 IBM Corp.
5  * Author(s): Frank Blaschka <frank.blaschka@de.ibm.com>
6  *            Hong Bo Li <lihbbj@cn.ibm.com>
7  *            Yi Min Zhao <zyimin@cn.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or (at
10  * your option) any later version. See the COPYING file in the top-level
11  * directory.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qapi/error.h"
16 #include "qapi/visitor.h"
17 #include "hw/s390x/s390-pci-bus.h"
18 #include "hw/s390x/s390-pci-inst.h"
19 #include "hw/s390x/s390-pci-kvm.h"
20 #include "hw/s390x/s390-pci-vfio.h"
21 #include "hw/pci/pci_bus.h"
22 #include "hw/qdev-properties.h"
23 #include "hw/pci/pci_bridge.h"
24 #include "hw/pci/msi.h"
25 #include "qemu/error-report.h"
26 #include "qemu/module.h"
27 
28 #ifndef DEBUG_S390PCI_BUS
29 #define DEBUG_S390PCI_BUS  0
30 #endif
31 
32 #define DPRINTF(fmt, ...)                                         \
33     do {                                                          \
34         if (DEBUG_S390PCI_BUS) {                                  \
35             fprintf(stderr, "S390pci-bus: " fmt, ## __VA_ARGS__); \
36         }                                                         \
37     } while (0)
38 
39 S390pciState *s390_get_phb(void)
40 {
41     static S390pciState *phb;
42 
43     if (!phb) {
44         phb = S390_PCI_HOST_BRIDGE(
45             object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
46         assert(phb != NULL);
47     }
48 
49     return phb;
50 }
51 
52 int pci_chsc_sei_nt2_get_event(void *res)
53 {
54     ChscSeiNt2Res *nt2_res = (ChscSeiNt2Res *)res;
55     PciCcdfAvail *accdf;
56     PciCcdfErr *eccdf;
57     int rc = 1;
58     SeiContainer *sei_cont;
59     S390pciState *s = s390_get_phb();
60 
61     sei_cont = QTAILQ_FIRST(&s->pending_sei);
62     if (sei_cont) {
63         QTAILQ_REMOVE(&s->pending_sei, sei_cont, link);
64         nt2_res->nt = 2;
65         nt2_res->cc = sei_cont->cc;
66         nt2_res->length = cpu_to_be16(sizeof(ChscSeiNt2Res));
67         switch (sei_cont->cc) {
68         case 1: /* error event */
69             eccdf = (PciCcdfErr *)nt2_res->ccdf;
70             eccdf->fid = cpu_to_be32(sei_cont->fid);
71             eccdf->fh = cpu_to_be32(sei_cont->fh);
72             eccdf->e = cpu_to_be32(sei_cont->e);
73             eccdf->faddr = cpu_to_be64(sei_cont->faddr);
74             eccdf->pec = cpu_to_be16(sei_cont->pec);
75             break;
76         case 2: /* availability event */
77             accdf = (PciCcdfAvail *)nt2_res->ccdf;
78             accdf->fid = cpu_to_be32(sei_cont->fid);
79             accdf->fh = cpu_to_be32(sei_cont->fh);
80             accdf->pec = cpu_to_be16(sei_cont->pec);
81             break;
82         default:
83             abort();
84         }
85         g_free(sei_cont);
86         rc = 0;
87     }
88 
89     return rc;
90 }
91 
92 int pci_chsc_sei_nt2_have_event(void)
93 {
94     S390pciState *s = s390_get_phb();
95 
96     return !QTAILQ_EMPTY(&s->pending_sei);
97 }
98 
99 S390PCIBusDevice *s390_pci_find_next_avail_dev(S390pciState *s,
100                                                S390PCIBusDevice *pbdev)
101 {
102     S390PCIBusDevice *ret = pbdev ? QTAILQ_NEXT(pbdev, link) :
103         QTAILQ_FIRST(&s->zpci_devs);
104 
105     while (ret && ret->state == ZPCI_FS_RESERVED) {
106         ret = QTAILQ_NEXT(ret, link);
107     }
108 
109     return ret;
110 }
111 
112 S390PCIBusDevice *s390_pci_find_dev_by_fid(S390pciState *s, uint32_t fid)
113 {
114     S390PCIBusDevice *pbdev;
115 
116     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
117         if (pbdev->fid == fid) {
118             return pbdev;
119         }
120     }
121 
122     return NULL;
123 }
124 
125 void s390_pci_sclp_configure(SCCB *sccb)
126 {
127     IoaCfgSccb *psccb = (IoaCfgSccb *)sccb;
128     S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(s390_get_phb(),
129                                                        be32_to_cpu(psccb->aid));
130     uint16_t rc;
131 
132     if (!pbdev) {
133         DPRINTF("sclp config no dev found\n");
134         rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
135         goto out;
136     }
137 
138     switch (pbdev->state) {
139     case ZPCI_FS_RESERVED:
140         rc = SCLP_RC_ADAPTER_IN_RESERVED_STATE;
141         break;
142     case ZPCI_FS_STANDBY:
143         pbdev->state = ZPCI_FS_DISABLED;
144         rc = SCLP_RC_NORMAL_COMPLETION;
145         break;
146     default:
147         rc = SCLP_RC_NO_ACTION_REQUIRED;
148     }
149 out:
150     psccb->header.response_code = cpu_to_be16(rc);
151 }
152 
153 static void s390_pci_perform_unplug(S390PCIBusDevice *pbdev)
154 {
155     HotplugHandler *hotplug_ctrl;
156 
157     /* Unplug the PCI device */
158     if (pbdev->pdev) {
159         DeviceState *pdev = DEVICE(pbdev->pdev);
160 
161         hotplug_ctrl = qdev_get_hotplug_handler(pdev);
162         hotplug_handler_unplug(hotplug_ctrl, pdev, &error_abort);
163         object_unparent(OBJECT(pdev));
164     }
165 
166     /* Unplug the zPCI device */
167     hotplug_ctrl = qdev_get_hotplug_handler(DEVICE(pbdev));
168     hotplug_handler_unplug(hotplug_ctrl, DEVICE(pbdev), &error_abort);
169     object_unparent(OBJECT(pbdev));
170 }
171 
172 void s390_pci_sclp_deconfigure(SCCB *sccb)
173 {
174     IoaCfgSccb *psccb = (IoaCfgSccb *)sccb;
175     S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(s390_get_phb(),
176                                                        be32_to_cpu(psccb->aid));
177     uint16_t rc;
178 
179     if (!pbdev) {
180         DPRINTF("sclp deconfig no dev found\n");
181         rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
182         goto out;
183     }
184 
185     switch (pbdev->state) {
186     case ZPCI_FS_RESERVED:
187         rc = SCLP_RC_ADAPTER_IN_RESERVED_STATE;
188         break;
189     case ZPCI_FS_STANDBY:
190         rc = SCLP_RC_NO_ACTION_REQUIRED;
191         break;
192     default:
193         if (pbdev->interp && (pbdev->fh & FH_MASK_ENABLE)) {
194             /* Interpreted devices were using interrupt forwarding */
195             s390_pci_kvm_aif_disable(pbdev);
196         } else if (pbdev->summary_ind) {
197             pci_dereg_irqs(pbdev);
198         }
199         if (pbdev->iommu->enabled) {
200             pci_dereg_ioat(pbdev->iommu);
201         }
202         pbdev->state = ZPCI_FS_STANDBY;
203         rc = SCLP_RC_NORMAL_COMPLETION;
204 
205         if (pbdev->unplug_requested) {
206             s390_pci_perform_unplug(pbdev);
207         }
208     }
209 out:
210     psccb->header.response_code = cpu_to_be16(rc);
211 }
212 
213 static S390PCIBusDevice *s390_pci_find_dev_by_uid(S390pciState *s, uint16_t uid)
214 {
215     S390PCIBusDevice *pbdev;
216 
217     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
218         if (pbdev->uid == uid) {
219             return pbdev;
220         }
221     }
222 
223     return NULL;
224 }
225 
226 S390PCIBusDevice *s390_pci_find_dev_by_target(S390pciState *s,
227                                               const char *target)
228 {
229     S390PCIBusDevice *pbdev;
230 
231     if (!target) {
232         return NULL;
233     }
234 
235     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
236         if (!strcmp(pbdev->target, target)) {
237             return pbdev;
238         }
239     }
240 
241     return NULL;
242 }
243 
244 static S390PCIBusDevice *s390_pci_find_dev_by_pci(S390pciState *s,
245                                                   PCIDevice *pci_dev)
246 {
247     S390PCIBusDevice *pbdev;
248 
249     if (!pci_dev) {
250         return NULL;
251     }
252 
253     QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
254         if (pbdev->pdev == pci_dev) {
255             return pbdev;
256         }
257     }
258 
259     return NULL;
260 }
261 
262 S390PCIBusDevice *s390_pci_find_dev_by_idx(S390pciState *s, uint32_t idx)
263 {
264     return g_hash_table_lookup(s->zpci_table, &idx);
265 }
266 
267 S390PCIBusDevice *s390_pci_find_dev_by_fh(S390pciState *s, uint32_t fh)
268 {
269     uint32_t idx = FH_MASK_INDEX & fh;
270     S390PCIBusDevice *pbdev = s390_pci_find_dev_by_idx(s, idx);
271 
272     if (pbdev && pbdev->fh == fh) {
273         return pbdev;
274     }
275 
276     return NULL;
277 }
278 
279 static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh,
280                                     uint32_t fid, uint64_t faddr, uint32_t e)
281 {
282     SeiContainer *sei_cont;
283     S390pciState *s = s390_get_phb();
284 
285     sei_cont = g_new0(SeiContainer, 1);
286     sei_cont->fh = fh;
287     sei_cont->fid = fid;
288     sei_cont->cc = cc;
289     sei_cont->pec = pec;
290     sei_cont->faddr = faddr;
291     sei_cont->e = e;
292 
293     QTAILQ_INSERT_TAIL(&s->pending_sei, sei_cont, link);
294     css_generate_css_crws(0);
295 }
296 
297 static void s390_pci_generate_plug_event(uint16_t pec, uint32_t fh,
298                                          uint32_t fid)
299 {
300     s390_pci_generate_event(2, pec, fh, fid, 0, 0);
301 }
302 
303 void s390_pci_generate_error_event(uint16_t pec, uint32_t fh, uint32_t fid,
304                                    uint64_t faddr, uint32_t e)
305 {
306     s390_pci_generate_event(1, pec, fh, fid, faddr, e);
307 }
308 
309 static void s390_pci_set_irq(void *opaque, int irq, int level)
310 {
311     /* nothing to do */
312 }
313 
314 static int s390_pci_map_irq(PCIDevice *pci_dev, int irq_num)
315 {
316     /* nothing to do */
317     return 0;
318 }
319 
320 static uint64_t s390_pci_get_table_origin(uint64_t iota)
321 {
322     return iota & ~ZPCI_IOTA_RTTO_FLAG;
323 }
324 
325 static unsigned int calc_rtx(dma_addr_t ptr)
326 {
327     return ((unsigned long) ptr >> ZPCI_RT_SHIFT) & ZPCI_INDEX_MASK;
328 }
329 
330 static unsigned int calc_sx(dma_addr_t ptr)
331 {
332     return ((unsigned long) ptr >> ZPCI_ST_SHIFT) & ZPCI_INDEX_MASK;
333 }
334 
335 static unsigned int calc_px(dma_addr_t ptr)
336 {
337     return ((unsigned long) ptr >> TARGET_PAGE_BITS) & ZPCI_PT_MASK;
338 }
339 
340 static uint64_t get_rt_sto(uint64_t entry)
341 {
342     return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_RTX)
343                 ? (entry & ZPCI_RTE_ADDR_MASK)
344                 : 0;
345 }
346 
347 static uint64_t get_st_pto(uint64_t entry)
348 {
349     return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_SX)
350             ? (entry & ZPCI_STE_ADDR_MASK)
351             : 0;
352 }
353 
354 static bool rt_entry_isvalid(uint64_t entry)
355 {
356     return (entry & ZPCI_TABLE_VALID_MASK) == ZPCI_TABLE_VALID;
357 }
358 
359 static bool pt_entry_isvalid(uint64_t entry)
360 {
361     return (entry & ZPCI_PTE_VALID_MASK) == ZPCI_PTE_VALID;
362 }
363 
364 static bool entry_isprotected(uint64_t entry)
365 {
366     return (entry & ZPCI_TABLE_PROT_MASK) == ZPCI_TABLE_PROTECTED;
367 }
368 
369 /* ett is expected table type, -1 page table, 0 segment table, 1 region table */
370 static uint64_t get_table_index(uint64_t iova, int8_t ett)
371 {
372     switch (ett) {
373     case ZPCI_ETT_PT:
374         return calc_px(iova);
375     case ZPCI_ETT_ST:
376         return calc_sx(iova);
377     case ZPCI_ETT_RT:
378         return calc_rtx(iova);
379     }
380 
381     return -1;
382 }
383 
384 static bool entry_isvalid(uint64_t entry, int8_t ett)
385 {
386     switch (ett) {
387     case ZPCI_ETT_PT:
388         return pt_entry_isvalid(entry);
389     case ZPCI_ETT_ST:
390     case ZPCI_ETT_RT:
391         return rt_entry_isvalid(entry);
392     }
393 
394     return false;
395 }
396 
397 /* Return true if address translation is done */
398 static bool translate_iscomplete(uint64_t entry, int8_t ett)
399 {
400     switch (ett) {
401     case 0:
402         return (entry & ZPCI_TABLE_FC) ? true : false;
403     case 1:
404         return false;
405     }
406 
407     return true;
408 }
409 
410 static uint64_t get_frame_size(int8_t ett)
411 {
412     switch (ett) {
413     case ZPCI_ETT_PT:
414         return 1ULL << 12;
415     case ZPCI_ETT_ST:
416         return 1ULL << 20;
417     case ZPCI_ETT_RT:
418         return 1ULL << 31;
419     }
420 
421     return 0;
422 }
423 
424 static uint64_t get_next_table_origin(uint64_t entry, int8_t ett)
425 {
426     switch (ett) {
427     case ZPCI_ETT_PT:
428         return entry & ZPCI_PTE_ADDR_MASK;
429     case ZPCI_ETT_ST:
430         return get_st_pto(entry);
431     case ZPCI_ETT_RT:
432         return get_rt_sto(entry);
433     }
434 
435     return 0;
436 }
437 
438 /**
439  * table_translate: do translation within one table and return the following
440  *                  table origin
441  *
442  * @entry: the entry being translated, the result is stored in this.
443  * @to: the address of table origin.
444  * @ett: expected table type, 1 region table, 0 segment table and -1 page table.
445  * @error: error code
446  */
447 static uint64_t table_translate(S390IOTLBEntry *entry, uint64_t to, int8_t ett,
448                                 uint16_t *error)
449 {
450     uint64_t tx, te, nto = 0;
451     uint16_t err = 0;
452 
453     tx = get_table_index(entry->iova, ett);
454     te = address_space_ldq(&address_space_memory, to + tx * sizeof(uint64_t),
455                            MEMTXATTRS_UNSPECIFIED, NULL);
456 
457     if (!te) {
458         err = ERR_EVENT_INVALTE;
459         goto out;
460     }
461 
462     if (!entry_isvalid(te, ett)) {
463         entry->perm &= IOMMU_NONE;
464         goto out;
465     }
466 
467     if (ett == ZPCI_ETT_RT && ((te & ZPCI_TABLE_LEN_RTX) != ZPCI_TABLE_LEN_RTX
468                                || te & ZPCI_TABLE_OFFSET_MASK)) {
469         err = ERR_EVENT_INVALTL;
470         goto out;
471     }
472 
473     nto = get_next_table_origin(te, ett);
474     if (!nto) {
475         err = ERR_EVENT_TT;
476         goto out;
477     }
478 
479     if (entry_isprotected(te)) {
480         entry->perm &= IOMMU_RO;
481     } else {
482         entry->perm &= IOMMU_RW;
483     }
484 
485     if (translate_iscomplete(te, ett)) {
486         switch (ett) {
487         case ZPCI_ETT_PT:
488             entry->translated_addr = te & ZPCI_PTE_ADDR_MASK;
489             break;
490         case ZPCI_ETT_ST:
491             entry->translated_addr = (te & ZPCI_SFAA_MASK) |
492                 (entry->iova & ~ZPCI_SFAA_MASK);
493             break;
494         }
495         nto = 0;
496     }
497 out:
498     if (err) {
499         entry->perm = IOMMU_NONE;
500         *error = err;
501     }
502     entry->len = get_frame_size(ett);
503     return nto;
504 }
505 
506 uint16_t s390_guest_io_table_walk(uint64_t g_iota, hwaddr addr,
507                                   S390IOTLBEntry *entry)
508 {
509     uint64_t to = s390_pci_get_table_origin(g_iota);
510     int8_t ett = 1;
511     uint16_t error = 0;
512 
513     entry->iova = addr & TARGET_PAGE_MASK;
514     entry->translated_addr = 0;
515     entry->perm = IOMMU_RW;
516 
517     if (entry_isprotected(g_iota)) {
518         entry->perm &= IOMMU_RO;
519     }
520 
521     while (to) {
522         to = table_translate(entry, to, ett--, &error);
523     }
524 
525     return error;
526 }
527 
528 static IOMMUTLBEntry s390_translate_iommu(IOMMUMemoryRegion *mr, hwaddr addr,
529                                           IOMMUAccessFlags flag, int iommu_idx)
530 {
531     S390PCIIOMMU *iommu = container_of(mr, S390PCIIOMMU, iommu_mr);
532     S390IOTLBEntry *entry;
533     uint64_t iova = addr & TARGET_PAGE_MASK;
534     uint16_t error = 0;
535     IOMMUTLBEntry ret = {
536         .target_as = &address_space_memory,
537         .iova = 0,
538         .translated_addr = 0,
539         .addr_mask = ~(hwaddr)0,
540         .perm = IOMMU_NONE,
541     };
542 
543     switch (iommu->pbdev->state) {
544     case ZPCI_FS_ENABLED:
545     case ZPCI_FS_BLOCKED:
546         if (!iommu->enabled) {
547             return ret;
548         }
549         break;
550     default:
551         return ret;
552     }
553 
554     DPRINTF("iommu trans addr 0x%" PRIx64 "\n", addr);
555 
556     if (addr < iommu->pba || addr > iommu->pal) {
557         error = ERR_EVENT_OORANGE;
558         goto err;
559     }
560 
561     entry = g_hash_table_lookup(iommu->iotlb, &iova);
562     if (entry) {
563         ret.iova = entry->iova;
564         ret.translated_addr = entry->translated_addr;
565         ret.addr_mask = entry->len - 1;
566         ret.perm = entry->perm;
567     } else {
568         ret.iova = iova;
569         ret.addr_mask = ~TARGET_PAGE_MASK;
570         ret.perm = IOMMU_NONE;
571     }
572 
573     if (flag != IOMMU_NONE && !(flag & ret.perm)) {
574         error = ERR_EVENT_TPROTE;
575     }
576 err:
577     if (error) {
578         iommu->pbdev->state = ZPCI_FS_ERROR;
579         s390_pci_generate_error_event(error, iommu->pbdev->fh,
580                                       iommu->pbdev->fid, addr, 0);
581     }
582     return ret;
583 }
584 
585 static void s390_pci_iommu_replay(IOMMUMemoryRegion *iommu,
586                                   IOMMUNotifier *notifier)
587 {
588     /* It's impossible to plug a pci device on s390x that already has iommu
589      * mappings which need to be replayed, that is due to the "one iommu per
590      * zpci device" construct. But when we support migration of vfio-pci
591      * devices in future, we need to revisit this.
592      */
593     return;
594 }
595 
596 static S390PCIIOMMU *s390_pci_get_iommu(S390pciState *s, PCIBus *bus,
597                                         int devfn)
598 {
599     uint64_t key = (uintptr_t)bus;
600     S390PCIIOMMUTable *table = g_hash_table_lookup(s->iommu_table, &key);
601     S390PCIIOMMU *iommu;
602 
603     if (!table) {
604         table = g_new0(S390PCIIOMMUTable, 1);
605         table->key = key;
606         g_hash_table_insert(s->iommu_table, &table->key, table);
607     }
608 
609     iommu = table->iommu[PCI_SLOT(devfn)];
610     if (!iommu) {
611         iommu = S390_PCI_IOMMU(object_new(TYPE_S390_PCI_IOMMU));
612 
613         char *mr_name = g_strdup_printf("iommu-root-%02x:%02x.%01x",
614                                         pci_bus_num(bus),
615                                         PCI_SLOT(devfn),
616                                         PCI_FUNC(devfn));
617         char *as_name = g_strdup_printf("iommu-pci-%02x:%02x.%01x",
618                                         pci_bus_num(bus),
619                                         PCI_SLOT(devfn),
620                                         PCI_FUNC(devfn));
621         memory_region_init(&iommu->mr, OBJECT(iommu), mr_name, UINT64_MAX);
622         address_space_init(&iommu->as, &iommu->mr, as_name);
623         iommu->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
624                                              NULL, g_free);
625         table->iommu[PCI_SLOT(devfn)] = iommu;
626 
627         g_free(mr_name);
628         g_free(as_name);
629     }
630 
631     return iommu;
632 }
633 
634 static AddressSpace *s390_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
635 {
636     S390pciState *s = opaque;
637     S390PCIIOMMU *iommu = s390_pci_get_iommu(s, bus, devfn);
638 
639     return &iommu->as;
640 }
641 
642 static uint8_t set_ind_atomic(uint64_t ind_loc, uint8_t to_be_set)
643 {
644     uint8_t expected, actual;
645     hwaddr len = 1;
646     /* avoid  multiple fetches */
647     uint8_t volatile *ind_addr;
648 
649     ind_addr = cpu_physical_memory_map(ind_loc, &len, true);
650     if (!ind_addr) {
651         s390_pci_generate_error_event(ERR_EVENT_AIRERR, 0, 0, 0, 0);
652         return -1;
653     }
654     actual = *ind_addr;
655     do {
656         expected = actual;
657         actual = qatomic_cmpxchg(ind_addr, expected, expected | to_be_set);
658     } while (actual != expected);
659     cpu_physical_memory_unmap((void *)ind_addr, len, 1, len);
660 
661     return actual;
662 }
663 
664 static void s390_msi_ctrl_write(void *opaque, hwaddr addr, uint64_t data,
665                                 unsigned int size)
666 {
667     S390PCIBusDevice *pbdev = opaque;
668     uint32_t vec = data & ZPCI_MSI_VEC_MASK;
669     uint64_t ind_bit;
670     uint32_t sum_bit;
671 
672     assert(pbdev);
673     DPRINTF("write_msix data 0x%" PRIx64 " idx %d vec 0x%x\n", data,
674             pbdev->idx, vec);
675 
676     if (pbdev->state != ZPCI_FS_ENABLED) {
677         return;
678     }
679 
680     ind_bit = pbdev->routes.adapter.ind_offset;
681     sum_bit = pbdev->routes.adapter.summary_offset;
682 
683     set_ind_atomic(pbdev->routes.adapter.ind_addr + (ind_bit + vec) / 8,
684                    0x80 >> ((ind_bit + vec) % 8));
685     if (!set_ind_atomic(pbdev->routes.adapter.summary_addr + sum_bit / 8,
686                                        0x80 >> (sum_bit % 8))) {
687         css_adapter_interrupt(CSS_IO_ADAPTER_PCI, pbdev->isc);
688     }
689 }
690 
691 static uint64_t s390_msi_ctrl_read(void *opaque, hwaddr addr, unsigned size)
692 {
693     return 0xffffffff;
694 }
695 
696 static const MemoryRegionOps s390_msi_ctrl_ops = {
697     .write = s390_msi_ctrl_write,
698     .read = s390_msi_ctrl_read,
699     .endianness = DEVICE_LITTLE_ENDIAN,
700 };
701 
702 void s390_pci_iommu_enable(S390PCIIOMMU *iommu)
703 {
704     /*
705      * The iommu region is initialized against a 0-mapped address space,
706      * so the smallest IOMMU region we can define runs from 0 to the end
707      * of the PCI address space.
708      */
709     char *name = g_strdup_printf("iommu-s390-%04x", iommu->pbdev->uid);
710     memory_region_init_iommu(&iommu->iommu_mr, sizeof(iommu->iommu_mr),
711                              TYPE_S390_IOMMU_MEMORY_REGION, OBJECT(&iommu->mr),
712                              name, iommu->pal + 1);
713     iommu->enabled = true;
714     memory_region_add_subregion(&iommu->mr, 0, MEMORY_REGION(&iommu->iommu_mr));
715     g_free(name);
716 }
717 
718 void s390_pci_iommu_disable(S390PCIIOMMU *iommu)
719 {
720     iommu->enabled = false;
721     g_hash_table_remove_all(iommu->iotlb);
722     memory_region_del_subregion(&iommu->mr, MEMORY_REGION(&iommu->iommu_mr));
723     object_unparent(OBJECT(&iommu->iommu_mr));
724 }
725 
726 static void s390_pci_iommu_free(S390pciState *s, PCIBus *bus, int32_t devfn)
727 {
728     uint64_t key = (uintptr_t)bus;
729     S390PCIIOMMUTable *table = g_hash_table_lookup(s->iommu_table, &key);
730     S390PCIIOMMU *iommu = table ? table->iommu[PCI_SLOT(devfn)] : NULL;
731 
732     if (!table || !iommu) {
733         return;
734     }
735 
736     table->iommu[PCI_SLOT(devfn)] = NULL;
737     g_hash_table_destroy(iommu->iotlb);
738     /*
739      * An attached PCI device may have memory listeners, eg. VFIO PCI.
740      * The associated subregion will already have been unmapped in
741      * s390_pci_iommu_disable in response to the guest deconfigure request.
742      * Remove the listeners now before destroying the address space.
743      */
744     address_space_remove_listeners(&iommu->as);
745     address_space_destroy(&iommu->as);
746     object_unparent(OBJECT(&iommu->mr));
747     object_unparent(OBJECT(iommu));
748     object_unref(OBJECT(iommu));
749 }
750 
751 S390PCIGroup *s390_group_create(int id, int host_id)
752 {
753     S390PCIGroup *group;
754     S390pciState *s = s390_get_phb();
755 
756     group = g_new0(S390PCIGroup, 1);
757     group->id = id;
758     group->host_id = host_id;
759     QTAILQ_INSERT_TAIL(&s->zpci_groups, group, link);
760     return group;
761 }
762 
763 S390PCIGroup *s390_group_find(int id)
764 {
765     S390PCIGroup *group;
766     S390pciState *s = s390_get_phb();
767 
768     QTAILQ_FOREACH(group, &s->zpci_groups, link) {
769         if (group->id == id) {
770             return group;
771         }
772     }
773     return NULL;
774 }
775 
776 S390PCIGroup *s390_group_find_host_sim(int host_id)
777 {
778     S390PCIGroup *group;
779     S390pciState *s = s390_get_phb();
780 
781     QTAILQ_FOREACH(group, &s->zpci_groups, link) {
782         if (group->id >= ZPCI_SIM_GRP_START && group->host_id == host_id) {
783             return group;
784         }
785     }
786     return NULL;
787 }
788 
789 static void s390_pci_init_default_group(void)
790 {
791     S390PCIGroup *group;
792     ClpRspQueryPciGrp *resgrp;
793 
794     group = s390_group_create(ZPCI_DEFAULT_FN_GRP, ZPCI_DEFAULT_FN_GRP);
795     resgrp = &group->zpci_group;
796     resgrp->fr = 1;
797     resgrp->dasm = 0;
798     resgrp->msia = ZPCI_MSI_ADDR;
799     resgrp->mui = DEFAULT_MUI;
800     resgrp->i = 128;
801     resgrp->maxstbl = 128;
802     resgrp->version = 0;
803     resgrp->dtsm = ZPCI_DTSM;
804 }
805 
806 static void set_pbdev_info(S390PCIBusDevice *pbdev)
807 {
808     pbdev->zpci_fn.sdma = ZPCI_SDMA_ADDR;
809     pbdev->zpci_fn.edma = ZPCI_EDMA_ADDR;
810     pbdev->zpci_fn.pchid = 0;
811     pbdev->zpci_fn.pfgid = ZPCI_DEFAULT_FN_GRP;
812     pbdev->zpci_fn.fid = pbdev->fid;
813     pbdev->zpci_fn.uid = pbdev->uid;
814     pbdev->pci_group = s390_group_find(ZPCI_DEFAULT_FN_GRP);
815 }
816 
817 static void s390_pcihost_realize(DeviceState *dev, Error **errp)
818 {
819     PCIBus *b;
820     BusState *bus;
821     PCIHostState *phb = PCI_HOST_BRIDGE(dev);
822     S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
823 
824     DPRINTF("host_init\n");
825 
826     b = pci_register_root_bus(dev, NULL, s390_pci_set_irq, s390_pci_map_irq,
827                               NULL, get_system_memory(), get_system_io(), 0,
828                               64, TYPE_PCI_BUS);
829     pci_setup_iommu(b, s390_pci_dma_iommu, s);
830 
831     bus = BUS(b);
832     qbus_set_hotplug_handler(bus, OBJECT(dev));
833     phb->bus = b;
834 
835     s->bus = S390_PCI_BUS(qbus_new(TYPE_S390_PCI_BUS, dev, NULL));
836     qbus_set_hotplug_handler(BUS(s->bus), OBJECT(dev));
837 
838     s->iommu_table = g_hash_table_new_full(g_int64_hash, g_int64_equal,
839                                            NULL, g_free);
840     s->zpci_table = g_hash_table_new_full(g_int_hash, g_int_equal, NULL, NULL);
841     s->bus_no = 0;
842     s->next_sim_grp = ZPCI_SIM_GRP_START;
843     QTAILQ_INIT(&s->pending_sei);
844     QTAILQ_INIT(&s->zpci_devs);
845     QTAILQ_INIT(&s->zpci_dma_limit);
846     QTAILQ_INIT(&s->zpci_groups);
847 
848     s390_pci_init_default_group();
849     css_register_io_adapters(CSS_IO_ADAPTER_PCI, true, false,
850                              S390_ADAPTER_SUPPRESSIBLE, errp);
851 }
852 
853 static void s390_pcihost_unrealize(DeviceState *dev)
854 {
855     S390PCIGroup *group;
856     S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
857 
858     while (!QTAILQ_EMPTY(&s->zpci_groups)) {
859         group = QTAILQ_FIRST(&s->zpci_groups);
860         QTAILQ_REMOVE(&s->zpci_groups, group, link);
861     }
862 }
863 
864 static int s390_pci_msix_init(S390PCIBusDevice *pbdev)
865 {
866     char *name;
867     uint8_t pos;
868     uint16_t ctrl;
869     uint32_t table, pba;
870 
871     pos = pci_find_capability(pbdev->pdev, PCI_CAP_ID_MSIX);
872     if (!pos) {
873         return -1;
874     }
875 
876     ctrl = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_FLAGS,
877              pci_config_size(pbdev->pdev), sizeof(ctrl));
878     table = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_TABLE,
879              pci_config_size(pbdev->pdev), sizeof(table));
880     pba = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_PBA,
881              pci_config_size(pbdev->pdev), sizeof(pba));
882 
883     pbdev->msix.table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
884     pbdev->msix.table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
885     pbdev->msix.pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
886     pbdev->msix.pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
887     pbdev->msix.entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
888 
889     name = g_strdup_printf("msix-s390-%04x", pbdev->uid);
890     memory_region_init_io(&pbdev->msix_notify_mr, OBJECT(pbdev),
891                           &s390_msi_ctrl_ops, pbdev, name, TARGET_PAGE_SIZE);
892     memory_region_add_subregion(&pbdev->iommu->mr,
893                                 pbdev->pci_group->zpci_group.msia,
894                                 &pbdev->msix_notify_mr);
895     g_free(name);
896 
897     return 0;
898 }
899 
900 static void s390_pci_msix_free(S390PCIBusDevice *pbdev)
901 {
902     if (pbdev->msix.entries == 0) {
903         return;
904     }
905 
906     memory_region_del_subregion(&pbdev->iommu->mr, &pbdev->msix_notify_mr);
907     object_unparent(OBJECT(&pbdev->msix_notify_mr));
908 }
909 
910 static S390PCIBusDevice *s390_pci_device_new(S390pciState *s,
911                                              const char *target, Error **errp)
912 {
913     Error *local_err = NULL;
914     DeviceState *dev;
915 
916     dev = qdev_try_new(TYPE_S390_PCI_DEVICE);
917     if (!dev) {
918         error_setg(errp, "zPCI device could not be created");
919         return NULL;
920     }
921 
922     if (!object_property_set_str(OBJECT(dev), "target", target, &local_err)) {
923         object_unparent(OBJECT(dev));
924         error_propagate_prepend(errp, local_err,
925                                 "zPCI device could not be created: ");
926         return NULL;
927     }
928     if (!qdev_realize_and_unref(dev, BUS(s->bus), &local_err)) {
929         object_unparent(OBJECT(dev));
930         error_propagate_prepend(errp, local_err,
931                                 "zPCI device could not be created: ");
932         return NULL;
933     }
934 
935     return S390_PCI_DEVICE(dev);
936 }
937 
938 static bool s390_pci_alloc_idx(S390pciState *s, S390PCIBusDevice *pbdev)
939 {
940     uint32_t idx;
941 
942     idx = s->next_idx;
943     while (s390_pci_find_dev_by_idx(s, idx)) {
944         idx = (idx + 1) & FH_MASK_INDEX;
945         if (idx == s->next_idx) {
946             return false;
947         }
948     }
949 
950     pbdev->idx = idx;
951     return true;
952 }
953 
954 static void s390_pcihost_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
955                                    Error **errp)
956 {
957     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
958 
959     if (!s390_has_feat(S390_FEAT_ZPCI)) {
960         warn_report("Plugging a PCI/zPCI device without the 'zpci' CPU "
961                     "feature enabled; the guest will not be able to see/use "
962                     "this device");
963     }
964 
965     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
966         PCIDevice *pdev = PCI_DEVICE(dev);
967 
968         if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
969             error_setg(errp, "multifunction not supported in s390");
970             return;
971         }
972     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
973         S390PCIBusDevice *pbdev = S390_PCI_DEVICE(dev);
974 
975         if (!s390_pci_alloc_idx(s, pbdev)) {
976             error_setg(errp, "no slot for plugging zpci device");
977             return;
978         }
979     }
980 }
981 
982 static void s390_pci_update_subordinate(PCIDevice *dev, uint32_t nr)
983 {
984     uint32_t old_nr;
985 
986     pci_default_write_config(dev, PCI_SUBORDINATE_BUS, nr, 1);
987     while (!pci_bus_is_root(pci_get_bus(dev))) {
988         dev = pci_get_bus(dev)->parent_dev;
989 
990         old_nr = pci_default_read_config(dev, PCI_SUBORDINATE_BUS, 1);
991         if (old_nr < nr) {
992             pci_default_write_config(dev, PCI_SUBORDINATE_BUS, nr, 1);
993         }
994     }
995 }
996 
997 static int s390_pci_interp_plug(S390pciState *s, S390PCIBusDevice *pbdev)
998 {
999     uint32_t idx, fh;
1000 
1001     if (!s390_pci_get_host_fh(pbdev, &fh)) {
1002         return -EPERM;
1003     }
1004 
1005     /*
1006      * The host device is already in an enabled state, but we always present
1007      * the initial device state to the guest as disabled (ZPCI_FS_DISABLED).
1008      * Therefore, mask off the enable bit from the passthrough handle until
1009      * the guest issues a CLP SET PCI FN later to enable the device.
1010      */
1011     pbdev->fh = fh & ~FH_MASK_ENABLE;
1012 
1013     /* Next, see if the idx is already in-use */
1014     idx = pbdev->fh & FH_MASK_INDEX;
1015     if (pbdev->idx != idx) {
1016         if (s390_pci_find_dev_by_idx(s, idx)) {
1017             return -EINVAL;
1018         }
1019         /*
1020          * Update the idx entry with the passed through idx
1021          * If the relinquished idx is lower than next_idx, use it
1022          * to replace next_idx
1023          */
1024         g_hash_table_remove(s->zpci_table, &pbdev->idx);
1025         if (idx < s->next_idx) {
1026             s->next_idx = idx;
1027         }
1028         pbdev->idx = idx;
1029         g_hash_table_insert(s->zpci_table, &pbdev->idx, pbdev);
1030     }
1031 
1032     return 0;
1033 }
1034 
1035 static void s390_pcihost_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
1036                               Error **errp)
1037 {
1038     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
1039     PCIDevice *pdev = NULL;
1040     S390PCIBusDevice *pbdev = NULL;
1041     int rc;
1042 
1043     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) {
1044         PCIBridge *pb = PCI_BRIDGE(dev);
1045 
1046         pdev = PCI_DEVICE(dev);
1047         pci_bridge_map_irq(pb, dev->id, s390_pci_map_irq);
1048         pci_setup_iommu(&pb->sec_bus, s390_pci_dma_iommu, s);
1049 
1050         qbus_set_hotplug_handler(BUS(&pb->sec_bus), OBJECT(s));
1051 
1052         if (dev->hotplugged) {
1053             pci_default_write_config(pdev, PCI_PRIMARY_BUS,
1054                                      pci_dev_bus_num(pdev), 1);
1055             s->bus_no += 1;
1056             pci_default_write_config(pdev, PCI_SECONDARY_BUS, s->bus_no, 1);
1057 
1058             s390_pci_update_subordinate(pdev, s->bus_no);
1059         }
1060     } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
1061         pdev = PCI_DEVICE(dev);
1062 
1063         if (!dev->id) {
1064             /* In the case the PCI device does not define an id */
1065             /* we generate one based on the PCI address         */
1066             dev->id = g_strdup_printf("auto_%02x:%02x.%01x",
1067                                       pci_dev_bus_num(pdev),
1068                                       PCI_SLOT(pdev->devfn),
1069                                       PCI_FUNC(pdev->devfn));
1070         }
1071 
1072         pbdev = s390_pci_find_dev_by_target(s, dev->id);
1073         if (!pbdev) {
1074             pbdev = s390_pci_device_new(s, dev->id, errp);
1075             if (!pbdev) {
1076                 return;
1077             }
1078         }
1079 
1080         pbdev->pdev = pdev;
1081         pbdev->iommu = s390_pci_get_iommu(s, pci_get_bus(pdev), pdev->devfn);
1082         pbdev->iommu->pbdev = pbdev;
1083         pbdev->state = ZPCI_FS_DISABLED;
1084         set_pbdev_info(pbdev);
1085 
1086         if (object_dynamic_cast(OBJECT(dev), "vfio-pci")) {
1087             /*
1088              * By default, interpretation is always requested; if the available
1089              * facilities indicate it is not available, fallback to the
1090              * interception model.
1091              */
1092             if (pbdev->interp) {
1093                 if (s390_pci_kvm_interp_allowed()) {
1094                     rc = s390_pci_interp_plug(s, pbdev);
1095                     if (rc) {
1096                         error_setg(errp, "Plug failed for zPCI device in "
1097                                    "interpretation mode: %d", rc);
1098                         return;
1099                     }
1100                 } else {
1101                     DPRINTF("zPCI interpretation facilities missing.\n");
1102                     pbdev->interp = false;
1103                     pbdev->forwarding_assist = false;
1104                 }
1105             }
1106             pbdev->iommu->dma_limit = s390_pci_start_dma_count(s, pbdev);
1107             /* Fill in CLP information passed via the vfio region */
1108             s390_pci_get_clp_info(pbdev);
1109             if (!pbdev->interp) {
1110                 /* Do vfio passthrough but intercept for I/O */
1111                 pbdev->fh |= FH_SHM_VFIO;
1112                 pbdev->forwarding_assist = false;
1113             }
1114         } else {
1115             pbdev->fh |= FH_SHM_EMUL;
1116             /* Always intercept emulated devices */
1117             pbdev->interp = false;
1118             pbdev->forwarding_assist = false;
1119         }
1120 
1121         if (s390_pci_msix_init(pbdev) && !pbdev->interp) {
1122             error_setg(errp, "MSI-X support is mandatory "
1123                        "in the S390 architecture");
1124             return;
1125         }
1126 
1127         if (dev->hotplugged) {
1128             s390_pci_generate_plug_event(HP_EVENT_TO_CONFIGURED ,
1129                                          pbdev->fh, pbdev->fid);
1130         }
1131     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
1132         pbdev = S390_PCI_DEVICE(dev);
1133 
1134         /* the allocated idx is actually getting used */
1135         s->next_idx = (pbdev->idx + 1) & FH_MASK_INDEX;
1136         pbdev->fh = pbdev->idx;
1137         QTAILQ_INSERT_TAIL(&s->zpci_devs, pbdev, link);
1138         g_hash_table_insert(s->zpci_table, &pbdev->idx, pbdev);
1139     } else {
1140         g_assert_not_reached();
1141     }
1142 }
1143 
1144 static void s390_pcihost_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
1145                                 Error **errp)
1146 {
1147     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
1148     S390PCIBusDevice *pbdev = NULL;
1149 
1150     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
1151         PCIDevice *pci_dev = PCI_DEVICE(dev);
1152         PCIBus *bus;
1153         int32_t devfn;
1154 
1155         pbdev = s390_pci_find_dev_by_pci(s, PCI_DEVICE(dev));
1156         g_assert(pbdev);
1157 
1158         s390_pci_generate_plug_event(HP_EVENT_STANDBY_TO_RESERVED,
1159                                      pbdev->fh, pbdev->fid);
1160         bus = pci_get_bus(pci_dev);
1161         devfn = pci_dev->devfn;
1162         qdev_unrealize(dev);
1163 
1164         s390_pci_msix_free(pbdev);
1165         s390_pci_iommu_free(s, bus, devfn);
1166         pbdev->pdev = NULL;
1167         pbdev->state = ZPCI_FS_RESERVED;
1168     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
1169         pbdev = S390_PCI_DEVICE(dev);
1170         pbdev->fid = 0;
1171         QTAILQ_REMOVE(&s->zpci_devs, pbdev, link);
1172         g_hash_table_remove(s->zpci_table, &pbdev->idx);
1173         if (pbdev->iommu->dma_limit) {
1174             s390_pci_end_dma_count(s, pbdev->iommu->dma_limit);
1175         }
1176         qdev_unrealize(dev);
1177     }
1178 }
1179 
1180 static void s390_pcihost_unplug_request(HotplugHandler *hotplug_dev,
1181                                         DeviceState *dev,
1182                                         Error **errp)
1183 {
1184     S390pciState *s = S390_PCI_HOST_BRIDGE(hotplug_dev);
1185     S390PCIBusDevice *pbdev;
1186 
1187     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) {
1188         error_setg(errp, "PCI bridge hot unplug currently not supported");
1189     } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
1190         /*
1191          * Redirect the unplug request to the zPCI device and remember that
1192          * we've checked the PCI device already (to prevent endless recursion).
1193          */
1194         pbdev = s390_pci_find_dev_by_pci(s, PCI_DEVICE(dev));
1195         g_assert(pbdev);
1196         pbdev->pci_unplug_request_processed = true;
1197         qdev_unplug(DEVICE(pbdev), errp);
1198     } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
1199         pbdev = S390_PCI_DEVICE(dev);
1200 
1201         /*
1202          * If unplug was initially requested for the zPCI device, we
1203          * first have to redirect to the PCI device, which will in return
1204          * redirect back to us after performing its checks (if the request
1205          * is not blocked, e.g. because it's a PCI bridge).
1206          */
1207         if (pbdev->pdev && !pbdev->pci_unplug_request_processed) {
1208             qdev_unplug(DEVICE(pbdev->pdev), errp);
1209             return;
1210         }
1211         pbdev->pci_unplug_request_processed = false;
1212 
1213         switch (pbdev->state) {
1214         case ZPCI_FS_STANDBY:
1215         case ZPCI_FS_RESERVED:
1216             s390_pci_perform_unplug(pbdev);
1217             break;
1218         default:
1219             /*
1220              * Allow to send multiple requests, e.g. if the guest crashed
1221              * before releasing the device, we would not be able to send
1222              * another request to the same VM (e.g. fresh OS).
1223              */
1224             pbdev->unplug_requested = true;
1225             s390_pci_generate_plug_event(HP_EVENT_DECONFIGURE_REQUEST,
1226                                          pbdev->fh, pbdev->fid);
1227         }
1228     } else {
1229         g_assert_not_reached();
1230     }
1231 }
1232 
1233 static void s390_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
1234                                       void *opaque)
1235 {
1236     S390pciState *s = opaque;
1237     PCIBus *sec_bus = NULL;
1238 
1239     if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
1240          PCI_HEADER_TYPE_BRIDGE)) {
1241         return;
1242     }
1243 
1244     (s->bus_no)++;
1245     pci_default_write_config(pdev, PCI_PRIMARY_BUS, pci_dev_bus_num(pdev), 1);
1246     pci_default_write_config(pdev, PCI_SECONDARY_BUS, s->bus_no, 1);
1247     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, s->bus_no, 1);
1248 
1249     sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
1250     if (!sec_bus) {
1251         return;
1252     }
1253 
1254     /* Assign numbers to all child bridges. The last is the highest number. */
1255     pci_for_each_device_under_bus(sec_bus, s390_pci_enumerate_bridge, s);
1256     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, s->bus_no, 1);
1257 }
1258 
1259 static void s390_pcihost_reset(DeviceState *dev)
1260 {
1261     S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
1262     PCIBus *bus = s->parent_obj.bus;
1263     S390PCIBusDevice *pbdev, *next;
1264 
1265     /* Process all pending unplug requests */
1266     QTAILQ_FOREACH_SAFE(pbdev, &s->zpci_devs, link, next) {
1267         if (pbdev->unplug_requested) {
1268             if (pbdev->interp && (pbdev->fh & FH_MASK_ENABLE)) {
1269                 /* Interpreted devices were using interrupt forwarding */
1270                 s390_pci_kvm_aif_disable(pbdev);
1271             } else if (pbdev->summary_ind) {
1272                 pci_dereg_irqs(pbdev);
1273             }
1274             if (pbdev->iommu->enabled) {
1275                 pci_dereg_ioat(pbdev->iommu);
1276             }
1277             pbdev->state = ZPCI_FS_STANDBY;
1278             s390_pci_perform_unplug(pbdev);
1279         }
1280     }
1281 
1282     /*
1283      * When resetting a PCI bridge, the assigned numbers are set to 0. So
1284      * on every system reset, we also have to reassign numbers.
1285      */
1286     s->bus_no = 0;
1287     pci_for_each_device_under_bus(bus, s390_pci_enumerate_bridge, s);
1288 }
1289 
1290 static void s390_pcihost_class_init(ObjectClass *klass, void *data)
1291 {
1292     DeviceClass *dc = DEVICE_CLASS(klass);
1293     HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
1294 
1295     dc->reset = s390_pcihost_reset;
1296     dc->realize = s390_pcihost_realize;
1297     dc->unrealize = s390_pcihost_unrealize;
1298     hc->pre_plug = s390_pcihost_pre_plug;
1299     hc->plug = s390_pcihost_plug;
1300     hc->unplug_request = s390_pcihost_unplug_request;
1301     hc->unplug = s390_pcihost_unplug;
1302     msi_nonbroken = true;
1303 }
1304 
1305 static const TypeInfo s390_pcihost_info = {
1306     .name          = TYPE_S390_PCI_HOST_BRIDGE,
1307     .parent        = TYPE_PCI_HOST_BRIDGE,
1308     .instance_size = sizeof(S390pciState),
1309     .class_init    = s390_pcihost_class_init,
1310     .interfaces = (InterfaceInfo[]) {
1311         { TYPE_HOTPLUG_HANDLER },
1312         { }
1313     }
1314 };
1315 
1316 static const TypeInfo s390_pcibus_info = {
1317     .name = TYPE_S390_PCI_BUS,
1318     .parent = TYPE_BUS,
1319     .instance_size = sizeof(S390PCIBus),
1320 };
1321 
1322 static uint16_t s390_pci_generate_uid(S390pciState *s)
1323 {
1324     uint16_t uid = 0;
1325 
1326     do {
1327         uid++;
1328         if (!s390_pci_find_dev_by_uid(s, uid)) {
1329             return uid;
1330         }
1331     } while (uid < ZPCI_MAX_UID);
1332 
1333     return UID_UNDEFINED;
1334 }
1335 
1336 static uint32_t s390_pci_generate_fid(S390pciState *s, Error **errp)
1337 {
1338     uint32_t fid = 0;
1339 
1340     do {
1341         if (!s390_pci_find_dev_by_fid(s, fid)) {
1342             return fid;
1343         }
1344     } while (fid++ != ZPCI_MAX_FID);
1345 
1346     error_setg(errp, "no free fid could be found");
1347     return 0;
1348 }
1349 
1350 static void s390_pci_device_realize(DeviceState *dev, Error **errp)
1351 {
1352     S390PCIBusDevice *zpci = S390_PCI_DEVICE(dev);
1353     S390pciState *s = s390_get_phb();
1354 
1355     if (!zpci->target) {
1356         error_setg(errp, "target must be defined");
1357         return;
1358     }
1359 
1360     if (s390_pci_find_dev_by_target(s, zpci->target)) {
1361         error_setg(errp, "target %s already has an associated zpci device",
1362                    zpci->target);
1363         return;
1364     }
1365 
1366     if (zpci->uid == UID_UNDEFINED) {
1367         zpci->uid = s390_pci_generate_uid(s);
1368         if (!zpci->uid) {
1369             error_setg(errp, "no free uid could be found");
1370             return;
1371         }
1372     } else if (s390_pci_find_dev_by_uid(s, zpci->uid)) {
1373         error_setg(errp, "uid %u already in use", zpci->uid);
1374         return;
1375     }
1376 
1377     if (!zpci->fid_defined) {
1378         Error *local_error = NULL;
1379 
1380         zpci->fid = s390_pci_generate_fid(s, &local_error);
1381         if (local_error) {
1382             error_propagate(errp, local_error);
1383             return;
1384         }
1385     } else if (s390_pci_find_dev_by_fid(s, zpci->fid)) {
1386         error_setg(errp, "fid %u already in use", zpci->fid);
1387         return;
1388     }
1389 
1390     zpci->state = ZPCI_FS_RESERVED;
1391     zpci->fmb.format = ZPCI_FMB_FORMAT;
1392 }
1393 
1394 static void s390_pci_device_reset(DeviceState *dev)
1395 {
1396     S390PCIBusDevice *pbdev = S390_PCI_DEVICE(dev);
1397 
1398     switch (pbdev->state) {
1399     case ZPCI_FS_RESERVED:
1400         return;
1401     case ZPCI_FS_STANDBY:
1402         break;
1403     default:
1404         pbdev->fh &= ~FH_MASK_ENABLE;
1405         pbdev->state = ZPCI_FS_DISABLED;
1406         break;
1407     }
1408 
1409     if (pbdev->interp && (pbdev->fh & FH_MASK_ENABLE)) {
1410         /* Interpreted devices were using interrupt forwarding */
1411         s390_pci_kvm_aif_disable(pbdev);
1412     } else if (pbdev->summary_ind) {
1413         pci_dereg_irqs(pbdev);
1414     }
1415     if (pbdev->iommu->enabled) {
1416         pci_dereg_ioat(pbdev->iommu);
1417     }
1418 
1419     fmb_timer_free(pbdev);
1420 }
1421 
1422 static void s390_pci_get_fid(Object *obj, Visitor *v, const char *name,
1423                          void *opaque, Error **errp)
1424 {
1425     Property *prop = opaque;
1426     uint32_t *ptr = object_field_prop_ptr(obj, prop);
1427 
1428     visit_type_uint32(v, name, ptr, errp);
1429 }
1430 
1431 static void s390_pci_set_fid(Object *obj, Visitor *v, const char *name,
1432                          void *opaque, Error **errp)
1433 {
1434     S390PCIBusDevice *zpci = S390_PCI_DEVICE(obj);
1435     Property *prop = opaque;
1436     uint32_t *ptr = object_field_prop_ptr(obj, prop);
1437 
1438     if (!visit_type_uint32(v, name, ptr, errp)) {
1439         return;
1440     }
1441     zpci->fid_defined = true;
1442 }
1443 
1444 static const PropertyInfo s390_pci_fid_propinfo = {
1445     .name = "zpci_fid",
1446     .get = s390_pci_get_fid,
1447     .set = s390_pci_set_fid,
1448 };
1449 
1450 #define DEFINE_PROP_S390_PCI_FID(_n, _s, _f) \
1451     DEFINE_PROP(_n, _s, _f, s390_pci_fid_propinfo, uint32_t)
1452 
1453 static Property s390_pci_device_properties[] = {
1454     DEFINE_PROP_UINT16("uid", S390PCIBusDevice, uid, UID_UNDEFINED),
1455     DEFINE_PROP_S390_PCI_FID("fid", S390PCIBusDevice, fid),
1456     DEFINE_PROP_STRING("target", S390PCIBusDevice, target),
1457     DEFINE_PROP_BOOL("interpret", S390PCIBusDevice, interp, true),
1458     DEFINE_PROP_BOOL("forwarding-assist", S390PCIBusDevice, forwarding_assist,
1459                      true),
1460     DEFINE_PROP_END_OF_LIST(),
1461 };
1462 
1463 static const VMStateDescription s390_pci_device_vmstate = {
1464     .name = TYPE_S390_PCI_DEVICE,
1465     /*
1466      * TODO: add state handling here, so migration works at least with
1467      * emulated pci devices on s390x
1468      */
1469     .unmigratable = 1,
1470 };
1471 
1472 static void s390_pci_device_class_init(ObjectClass *klass, void *data)
1473 {
1474     DeviceClass *dc = DEVICE_CLASS(klass);
1475 
1476     dc->desc = "zpci device";
1477     set_bit(DEVICE_CATEGORY_MISC, dc->categories);
1478     dc->reset = s390_pci_device_reset;
1479     dc->bus_type = TYPE_S390_PCI_BUS;
1480     dc->realize = s390_pci_device_realize;
1481     device_class_set_props(dc, s390_pci_device_properties);
1482     dc->vmsd = &s390_pci_device_vmstate;
1483 }
1484 
1485 static const TypeInfo s390_pci_device_info = {
1486     .name = TYPE_S390_PCI_DEVICE,
1487     .parent = TYPE_DEVICE,
1488     .instance_size = sizeof(S390PCIBusDevice),
1489     .class_init = s390_pci_device_class_init,
1490 };
1491 
1492 static const TypeInfo s390_pci_iommu_info = {
1493     .name = TYPE_S390_PCI_IOMMU,
1494     .parent = TYPE_OBJECT,
1495     .instance_size = sizeof(S390PCIIOMMU),
1496 };
1497 
1498 static void s390_iommu_memory_region_class_init(ObjectClass *klass, void *data)
1499 {
1500     IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
1501 
1502     imrc->translate = s390_translate_iommu;
1503     imrc->replay = s390_pci_iommu_replay;
1504 }
1505 
1506 static const TypeInfo s390_iommu_memory_region_info = {
1507     .parent = TYPE_IOMMU_MEMORY_REGION,
1508     .name = TYPE_S390_IOMMU_MEMORY_REGION,
1509     .class_init = s390_iommu_memory_region_class_init,
1510 };
1511 
1512 static void s390_pci_register_types(void)
1513 {
1514     type_register_static(&s390_pcihost_info);
1515     type_register_static(&s390_pcibus_info);
1516     type_register_static(&s390_pci_device_info);
1517     type_register_static(&s390_pci_iommu_info);
1518     type_register_static(&s390_iommu_memory_region_info);
1519 }
1520 
1521 type_init(s390_pci_register_types)
1522