xref: /openbmc/qemu/target/s390x/ioinst.c (revision 2fc979cb)
1 /*
2  * I/O instructions for S/390
3  *
4  * Copyright 2012, 2015 IBM Corp.
5  * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
6  *
7  * This work is licensed under the terms of the GNU GPL, version 2 or (at
8  * your option) any later version. See the COPYING file in the top-level
9  * directory.
10  */
11 
12 #include "qemu/osdep.h"
13 
14 #include "cpu.h"
15 #include "internal.h"
16 #include "hw/s390x/ioinst.h"
17 #include "trace.h"
18 #include "hw/s390x/s390-pci-bus.h"
19 #include "hw/s390x/pv.h"
20 
21 /* All I/O instructions but chsc use the s format */
22 static uint64_t get_address_from_regs(CPUS390XState *env, uint32_t ipb,
23                                       uint8_t *ar)
24 {
25     /*
26      * Addresses for protected guests are all offsets into the
27      * satellite block which holds the IO control structures. Those
28      * control structures are always starting at offset 0 and are
29      * always aligned and accessible. So we can return 0 here which
30      * will pass the following address checks.
31      */
32     if (s390_is_pv()) {
33         *ar = 0;
34         return 0;
35     }
36     return decode_basedisp_s(env, ipb, ar);
37 }
38 
39 int ioinst_disassemble_sch_ident(uint32_t value, int *m, int *cssid, int *ssid,
40                                  int *schid)
41 {
42     if (!IOINST_SCHID_ONE(value)) {
43         return -EINVAL;
44     }
45     if (!IOINST_SCHID_M(value)) {
46         if (IOINST_SCHID_CSSID(value)) {
47             return -EINVAL;
48         }
49         *cssid = 0;
50         *m = 0;
51     } else {
52         *cssid = IOINST_SCHID_CSSID(value);
53         *m = 1;
54     }
55     *ssid = IOINST_SCHID_SSID(value);
56     *schid = IOINST_SCHID_NR(value);
57     return 0;
58 }
59 
60 void ioinst_handle_xsch(S390CPU *cpu, uint64_t reg1, uintptr_t ra)
61 {
62     int cssid, ssid, schid, m;
63     SubchDev *sch;
64 
65     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
66         s390_program_interrupt(&cpu->env, PGM_OPERAND, ra);
67         return;
68     }
69     trace_ioinst_sch_id("xsch", cssid, ssid, schid);
70     sch = css_find_subch(m, cssid, ssid, schid);
71     if (!sch || !css_subch_visible(sch)) {
72         setcc(cpu, 3);
73         return;
74     }
75     setcc(cpu, css_do_xsch(sch));
76 }
77 
78 void ioinst_handle_csch(S390CPU *cpu, uint64_t reg1, uintptr_t ra)
79 {
80     int cssid, ssid, schid, m;
81     SubchDev *sch;
82 
83     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
84         s390_program_interrupt(&cpu->env, PGM_OPERAND, ra);
85         return;
86     }
87     trace_ioinst_sch_id("csch", cssid, ssid, schid);
88     sch = css_find_subch(m, cssid, ssid, schid);
89     if (!sch || !css_subch_visible(sch)) {
90         setcc(cpu, 3);
91         return;
92     }
93     setcc(cpu, css_do_csch(sch));
94 }
95 
96 void ioinst_handle_hsch(S390CPU *cpu, uint64_t reg1, uintptr_t ra)
97 {
98     int cssid, ssid, schid, m;
99     SubchDev *sch;
100 
101     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
102         s390_program_interrupt(&cpu->env, PGM_OPERAND, ra);
103         return;
104     }
105     trace_ioinst_sch_id("hsch", cssid, ssid, schid);
106     sch = css_find_subch(m, cssid, ssid, schid);
107     if (!sch || !css_subch_visible(sch)) {
108         setcc(cpu, 3);
109         return;
110     }
111     setcc(cpu, css_do_hsch(sch));
112 }
113 
114 static int ioinst_schib_valid(SCHIB *schib)
115 {
116     if ((be16_to_cpu(schib->pmcw.flags) & PMCW_FLAGS_MASK_INVALID) ||
117         (be32_to_cpu(schib->pmcw.chars) & PMCW_CHARS_MASK_INVALID)) {
118         return 0;
119     }
120     /* Disallow extended measurements for now. */
121     if (be32_to_cpu(schib->pmcw.chars) & PMCW_CHARS_MASK_XMWME) {
122         return 0;
123     }
124     return 1;
125 }
126 
127 void ioinst_handle_msch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
128 {
129     int cssid, ssid, schid, m;
130     SubchDev *sch;
131     SCHIB schib;
132     uint64_t addr;
133     CPUS390XState *env = &cpu->env;
134     uint8_t ar;
135 
136     addr = get_address_from_regs(env, ipb, &ar);
137     if (addr & 3) {
138         s390_program_interrupt(env, PGM_SPECIFICATION, ra);
139         return;
140     }
141     if (s390_is_pv()) {
142         s390_cpu_pv_mem_read(cpu, addr, &schib, sizeof(schib));
143     } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &schib, sizeof(schib))) {
144         s390_cpu_virt_mem_handle_exc(cpu, ra);
145         return;
146     }
147     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid) ||
148         !ioinst_schib_valid(&schib)) {
149         s390_program_interrupt(env, PGM_OPERAND, ra);
150         return;
151     }
152     trace_ioinst_sch_id("msch", cssid, ssid, schid);
153     sch = css_find_subch(m, cssid, ssid, schid);
154     if (!sch || !css_subch_visible(sch)) {
155         setcc(cpu, 3);
156         return;
157     }
158     setcc(cpu, css_do_msch(sch, &schib));
159 }
160 
161 static void copy_orb_from_guest(ORB *dest, const ORB *src)
162 {
163     dest->intparm = be32_to_cpu(src->intparm);
164     dest->ctrl0 = be16_to_cpu(src->ctrl0);
165     dest->lpm = src->lpm;
166     dest->ctrl1 = src->ctrl1;
167     dest->cpa = be32_to_cpu(src->cpa);
168 }
169 
170 static int ioinst_orb_valid(ORB *orb)
171 {
172     if ((orb->ctrl0 & ORB_CTRL0_MASK_INVALID) ||
173         (orb->ctrl1 & ORB_CTRL1_MASK_INVALID)) {
174         return 0;
175     }
176     /* We don't support MIDA. */
177     if (orb->ctrl1 & ORB_CTRL1_MASK_MIDAW) {
178         return 0;
179     }
180     if ((orb->cpa & HIGH_ORDER_BIT) != 0) {
181         return 0;
182     }
183     return 1;
184 }
185 
186 void ioinst_handle_ssch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
187 {
188     int cssid, ssid, schid, m;
189     SubchDev *sch;
190     ORB orig_orb, orb;
191     uint64_t addr;
192     CPUS390XState *env = &cpu->env;
193     uint8_t ar;
194 
195     addr = get_address_from_regs(env, ipb, &ar);
196     if (addr & 3) {
197         s390_program_interrupt(env, PGM_SPECIFICATION, ra);
198         return;
199     }
200     if (s390_is_pv()) {
201         s390_cpu_pv_mem_read(cpu, addr, &orig_orb, sizeof(orb));
202     } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &orig_orb, sizeof(orb))) {
203         s390_cpu_virt_mem_handle_exc(cpu, ra);
204         return;
205     }
206     copy_orb_from_guest(&orb, &orig_orb);
207     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid) ||
208         !ioinst_orb_valid(&orb)) {
209         s390_program_interrupt(env, PGM_OPERAND, ra);
210         return;
211     }
212     trace_ioinst_sch_id("ssch", cssid, ssid, schid);
213     sch = css_find_subch(m, cssid, ssid, schid);
214     if (!sch || !css_subch_visible(sch)) {
215         setcc(cpu, 3);
216         return;
217     }
218     setcc(cpu, css_do_ssch(sch, &orb));
219 }
220 
221 void ioinst_handle_stcrw(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
222 {
223     CRW crw;
224     uint64_t addr;
225     int cc;
226     CPUS390XState *env = &cpu->env;
227     uint8_t ar;
228 
229     addr = get_address_from_regs(env, ipb, &ar);
230     if (addr & 3) {
231         s390_program_interrupt(env, PGM_SPECIFICATION, ra);
232         return;
233     }
234 
235     cc = css_do_stcrw(&crw);
236     /* 0 - crw stored, 1 - zeroes stored */
237 
238     if (s390_is_pv()) {
239         s390_cpu_pv_mem_write(cpu, addr, &crw, sizeof(crw));
240         setcc(cpu, cc);
241     } else {
242         if (s390_cpu_virt_mem_write(cpu, addr, ar, &crw, sizeof(crw)) == 0) {
243             setcc(cpu, cc);
244         } else {
245             if (cc == 0) {
246                 /* Write failed: requeue CRW since STCRW is suppressing */
247                 css_undo_stcrw(&crw);
248             }
249             s390_cpu_virt_mem_handle_exc(cpu, ra);
250         }
251     }
252 }
253 
254 void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb,
255                          uintptr_t ra)
256 {
257     int cssid, ssid, schid, m;
258     SubchDev *sch;
259     uint64_t addr;
260     int cc;
261     SCHIB schib;
262     CPUS390XState *env = &cpu->env;
263     uint8_t ar;
264 
265     addr = get_address_from_regs(env, ipb, &ar);
266     if (addr & 3) {
267         s390_program_interrupt(env, PGM_SPECIFICATION, ra);
268         return;
269     }
270 
271     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
272         /*
273          * The Ultravisor checks schid bit 16 to be one and bits 0-12
274          * to be 0 and injects a operand exception itself.
275          *
276          * Hence we should never end up here.
277          */
278         g_assert(!s390_is_pv());
279         /*
280          * As operand exceptions have a lower priority than access exceptions,
281          * we check whether the memory area is writeable (injecting the
282          * access execption if it is not) first.
283          */
284         if (!s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib))) {
285             s390_program_interrupt(env, PGM_OPERAND, ra);
286         } else {
287             s390_cpu_virt_mem_handle_exc(cpu, ra);
288         }
289         return;
290     }
291     trace_ioinst_sch_id("stsch", cssid, ssid, schid);
292     sch = css_find_subch(m, cssid, ssid, schid);
293     if (sch) {
294         if (css_subch_visible(sch)) {
295             css_do_stsch(sch, &schib);
296             cc = 0;
297         } else {
298             /* Indicate no more subchannels in this css/ss */
299             cc = 3;
300         }
301     } else {
302         if (css_schid_final(m, cssid, ssid, schid)) {
303             cc = 3; /* No more subchannels in this css/ss */
304         } else {
305             /* Store an empty schib. */
306             memset(&schib, 0, sizeof(schib));
307             cc = 0;
308         }
309     }
310     if (cc != 3) {
311         if (s390_is_pv()) {
312             s390_cpu_pv_mem_write(cpu, addr, &schib, sizeof(schib));
313         } else if (s390_cpu_virt_mem_write(cpu, addr, ar, &schib,
314                                            sizeof(schib)) != 0) {
315             s390_cpu_virt_mem_handle_exc(cpu, ra);
316             return;
317         }
318     } else {
319         /* Access exceptions have a higher priority than cc3 */
320         if (!s390_is_pv() &&
321             s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib)) != 0) {
322             s390_cpu_virt_mem_handle_exc(cpu, ra);
323             return;
324         }
325     }
326     setcc(cpu, cc);
327 }
328 
329 int ioinst_handle_tsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
330 {
331     CPUS390XState *env = &cpu->env;
332     int cssid, ssid, schid, m;
333     SubchDev *sch;
334     IRB irb;
335     uint64_t addr;
336     int cc, irb_len;
337     uint8_t ar;
338 
339     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
340         s390_program_interrupt(env, PGM_OPERAND, ra);
341         return -EIO;
342     }
343     trace_ioinst_sch_id("tsch", cssid, ssid, schid);
344     addr = get_address_from_regs(env, ipb, &ar);
345     if (addr & 3) {
346         s390_program_interrupt(env, PGM_SPECIFICATION, ra);
347         return -EIO;
348     }
349 
350     sch = css_find_subch(m, cssid, ssid, schid);
351     if (sch && css_subch_visible(sch)) {
352         cc = css_do_tsch_get_irb(sch, &irb, &irb_len);
353     } else {
354         cc = 3;
355     }
356     /* 0 - status pending, 1 - not status pending, 3 - not operational */
357     if (cc != 3) {
358         if (s390_is_pv()) {
359             s390_cpu_pv_mem_write(cpu, addr, &irb, irb_len);
360         } else if (s390_cpu_virt_mem_write(cpu, addr, ar, &irb, irb_len) != 0) {
361             s390_cpu_virt_mem_handle_exc(cpu, ra);
362             return -EFAULT;
363         }
364         css_do_tsch_update_subch(sch);
365     } else {
366         irb_len = sizeof(irb) - sizeof(irb.emw);
367         /* Access exceptions have a higher priority than cc3 */
368         if (!s390_is_pv() &&
369             s390_cpu_virt_mem_check_write(cpu, addr, ar, irb_len) != 0) {
370             s390_cpu_virt_mem_handle_exc(cpu, ra);
371             return -EFAULT;
372         }
373     }
374 
375     setcc(cpu, cc);
376     return 0;
377 }
378 
379 typedef struct ChscReq {
380     uint16_t len;
381     uint16_t command;
382     uint32_t param0;
383     uint32_t param1;
384     uint32_t param2;
385 } QEMU_PACKED ChscReq;
386 
387 typedef struct ChscResp {
388     uint16_t len;
389     uint16_t code;
390     uint32_t param;
391     char data[];
392 } QEMU_PACKED ChscResp;
393 
394 #define CHSC_MIN_RESP_LEN 0x0008
395 
396 #define CHSC_SCPD 0x0002
397 #define CHSC_SCSC 0x0010
398 #define CHSC_SDA  0x0031
399 #define CHSC_SEI  0x000e
400 
401 #define CHSC_SCPD_0_M 0x20000000
402 #define CHSC_SCPD_0_C 0x10000000
403 #define CHSC_SCPD_0_FMT 0x0f000000
404 #define CHSC_SCPD_0_CSSID 0x00ff0000
405 #define CHSC_SCPD_0_RFMT 0x00000f00
406 #define CHSC_SCPD_0_RES 0xc000f000
407 #define CHSC_SCPD_1_RES 0xffffff00
408 #define CHSC_SCPD_01_CHPID 0x000000ff
409 static void ioinst_handle_chsc_scpd(ChscReq *req, ChscResp *res)
410 {
411     uint16_t len = be16_to_cpu(req->len);
412     uint32_t param0 = be32_to_cpu(req->param0);
413     uint32_t param1 = be32_to_cpu(req->param1);
414     uint16_t resp_code;
415     int rfmt;
416     uint16_t cssid;
417     uint8_t f_chpid, l_chpid;
418     int desc_size;
419     int m;
420 
421     rfmt = (param0 & CHSC_SCPD_0_RFMT) >> 8;
422     if ((rfmt == 0) ||  (rfmt == 1)) {
423         rfmt = !!(param0 & CHSC_SCPD_0_C);
424     }
425     if ((len != 0x0010) || (param0 & CHSC_SCPD_0_RES) ||
426         (param1 & CHSC_SCPD_1_RES) || req->param2) {
427         resp_code = 0x0003;
428         goto out_err;
429     }
430     if (param0 & CHSC_SCPD_0_FMT) {
431         resp_code = 0x0007;
432         goto out_err;
433     }
434     cssid = (param0 & CHSC_SCPD_0_CSSID) >> 16;
435     m = param0 & CHSC_SCPD_0_M;
436     if (cssid != 0) {
437         if (!m || !css_present(cssid)) {
438             resp_code = 0x0008;
439             goto out_err;
440         }
441     }
442     f_chpid = param0 & CHSC_SCPD_01_CHPID;
443     l_chpid = param1 & CHSC_SCPD_01_CHPID;
444     if (l_chpid < f_chpid) {
445         resp_code = 0x0003;
446         goto out_err;
447     }
448     /* css_collect_chp_desc() is endian-aware */
449     desc_size = css_collect_chp_desc(m, cssid, f_chpid, l_chpid, rfmt,
450                                      &res->data);
451     res->code = cpu_to_be16(0x0001);
452     res->len = cpu_to_be16(8 + desc_size);
453     res->param = cpu_to_be32(rfmt);
454     return;
455 
456   out_err:
457     res->code = cpu_to_be16(resp_code);
458     res->len = cpu_to_be16(CHSC_MIN_RESP_LEN);
459     res->param = cpu_to_be32(rfmt);
460 }
461 
462 #define CHSC_SCSC_0_M 0x20000000
463 #define CHSC_SCSC_0_FMT 0x000f0000
464 #define CHSC_SCSC_0_CSSID 0x0000ff00
465 #define CHSC_SCSC_0_RES 0xdff000ff
466 static void ioinst_handle_chsc_scsc(ChscReq *req, ChscResp *res)
467 {
468     uint16_t len = be16_to_cpu(req->len);
469     uint32_t param0 = be32_to_cpu(req->param0);
470     uint8_t cssid;
471     uint16_t resp_code;
472     uint32_t general_chars[510];
473     uint32_t chsc_chars[508];
474 
475     if (len != 0x0010) {
476         resp_code = 0x0003;
477         goto out_err;
478     }
479 
480     if (param0 & CHSC_SCSC_0_FMT) {
481         resp_code = 0x0007;
482         goto out_err;
483     }
484     cssid = (param0 & CHSC_SCSC_0_CSSID) >> 8;
485     if (cssid != 0) {
486         if (!(param0 & CHSC_SCSC_0_M) || !css_present(cssid)) {
487             resp_code = 0x0008;
488             goto out_err;
489         }
490     }
491     if ((param0 & CHSC_SCSC_0_RES) || req->param1 || req->param2) {
492         resp_code = 0x0003;
493         goto out_err;
494     }
495     res->code = cpu_to_be16(0x0001);
496     res->len = cpu_to_be16(4080);
497     res->param = 0;
498 
499     memset(general_chars, 0, sizeof(general_chars));
500     memset(chsc_chars, 0, sizeof(chsc_chars));
501 
502     general_chars[0] = cpu_to_be32(0x03000000);
503     general_chars[1] = cpu_to_be32(0x00079000);
504     general_chars[3] = cpu_to_be32(0x00080000);
505 
506     chsc_chars[0] = cpu_to_be32(0x40000000);
507     chsc_chars[3] = cpu_to_be32(0x00040000);
508 
509     memcpy(res->data, general_chars, sizeof(general_chars));
510     memcpy(res->data + sizeof(general_chars), chsc_chars, sizeof(chsc_chars));
511     return;
512 
513   out_err:
514     res->code = cpu_to_be16(resp_code);
515     res->len = cpu_to_be16(CHSC_MIN_RESP_LEN);
516     res->param = 0;
517 }
518 
519 #define CHSC_SDA_0_FMT 0x0f000000
520 #define CHSC_SDA_0_OC 0x0000ffff
521 #define CHSC_SDA_0_RES 0xf0ff0000
522 #define CHSC_SDA_OC_MCSSE 0x0
523 #define CHSC_SDA_OC_MSS 0x2
524 static void ioinst_handle_chsc_sda(ChscReq *req, ChscResp *res)
525 {
526     uint16_t resp_code = 0x0001;
527     uint16_t len = be16_to_cpu(req->len);
528     uint32_t param0 = be32_to_cpu(req->param0);
529     uint16_t oc;
530     int ret;
531 
532     if ((len != 0x0400) || (param0 & CHSC_SDA_0_RES)) {
533         resp_code = 0x0003;
534         goto out;
535     }
536 
537     if (param0 & CHSC_SDA_0_FMT) {
538         resp_code = 0x0007;
539         goto out;
540     }
541 
542     oc = param0 & CHSC_SDA_0_OC;
543     switch (oc) {
544     case CHSC_SDA_OC_MCSSE:
545         ret = css_enable_mcsse();
546         if (ret == -EINVAL) {
547             resp_code = 0x0101;
548             goto out;
549         }
550         break;
551     case CHSC_SDA_OC_MSS:
552         ret = css_enable_mss();
553         if (ret == -EINVAL) {
554             resp_code = 0x0101;
555             goto out;
556         }
557         break;
558     default:
559         resp_code = 0x0003;
560         goto out;
561     }
562 
563 out:
564     res->code = cpu_to_be16(resp_code);
565     res->len = cpu_to_be16(CHSC_MIN_RESP_LEN);
566     res->param = 0;
567 }
568 
569 static int chsc_sei_nt0_get_event(void *res)
570 {
571     /* no events yet */
572     return 1;
573 }
574 
575 static int chsc_sei_nt0_have_event(void)
576 {
577     /* no events yet */
578     return 0;
579 }
580 
581 static int chsc_sei_nt2_get_event(void *res)
582 {
583     if (s390_has_feat(S390_FEAT_ZPCI)) {
584         return pci_chsc_sei_nt2_get_event(res);
585     }
586     return 1;
587 }
588 
589 static int chsc_sei_nt2_have_event(void)
590 {
591     if (s390_has_feat(S390_FEAT_ZPCI)) {
592         return pci_chsc_sei_nt2_have_event();
593     }
594     return 0;
595 }
596 
597 #define CHSC_SEI_NT0    (1ULL << 63)
598 #define CHSC_SEI_NT2    (1ULL << 61)
599 static void ioinst_handle_chsc_sei(ChscReq *req, ChscResp *res)
600 {
601     uint64_t selection_mask = ldq_p(&req->param1);
602     uint8_t *res_flags = (uint8_t *)res->data;
603     int have_event = 0;
604     int have_more = 0;
605 
606     /* regarding architecture nt0 can not be masked */
607     have_event = !chsc_sei_nt0_get_event(res);
608     have_more = chsc_sei_nt0_have_event();
609 
610     if (selection_mask & CHSC_SEI_NT2) {
611         if (!have_event) {
612             have_event = !chsc_sei_nt2_get_event(res);
613         }
614 
615         if (!have_more) {
616             have_more = chsc_sei_nt2_have_event();
617         }
618     }
619 
620     if (have_event) {
621         res->code = cpu_to_be16(0x0001);
622         if (have_more) {
623             (*res_flags) |= 0x80;
624         } else {
625             (*res_flags) &= ~0x80;
626             css_clear_sei_pending();
627         }
628     } else {
629         res->code = cpu_to_be16(0x0005);
630         res->len = cpu_to_be16(CHSC_MIN_RESP_LEN);
631     }
632 }
633 
634 static void ioinst_handle_chsc_unimplemented(ChscResp *res)
635 {
636     res->len = cpu_to_be16(CHSC_MIN_RESP_LEN);
637     res->code = cpu_to_be16(0x0004);
638     res->param = 0;
639 }
640 
641 void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
642 {
643     ChscReq *req;
644     ChscResp *res;
645     uint64_t addr = 0;
646     int reg;
647     uint16_t len;
648     uint16_t command;
649     CPUS390XState *env = &cpu->env;
650     uint8_t buf[TARGET_PAGE_SIZE];
651 
652     trace_ioinst("chsc");
653     reg = (ipb >> 20) & 0x00f;
654     if (!s390_is_pv()) {
655         addr = env->regs[reg];
656     }
657     /* Page boundary? */
658     if (addr & 0xfff) {
659         s390_program_interrupt(env, PGM_SPECIFICATION, ra);
660         return;
661     }
662     /*
663      * Reading sizeof(ChscReq) bytes is currently enough for all of our
664      * present CHSC sub-handlers ... if we ever need more, we should take
665      * care of req->len here first.
666      */
667     if (s390_is_pv()) {
668         s390_cpu_pv_mem_read(cpu, addr, buf, sizeof(ChscReq));
669     } else if (s390_cpu_virt_mem_read(cpu, addr, reg, buf, sizeof(ChscReq))) {
670         s390_cpu_virt_mem_handle_exc(cpu, ra);
671         return;
672     }
673     req = (ChscReq *)buf;
674     len = be16_to_cpu(req->len);
675     /* Length field valid? */
676     if ((len < 16) || (len > 4088) || (len & 7)) {
677         s390_program_interrupt(env, PGM_OPERAND, ra);
678         return;
679     }
680     memset((char *)req + len, 0, TARGET_PAGE_SIZE - len);
681     res = (void *)((char *)req + len);
682     command = be16_to_cpu(req->command);
683     trace_ioinst_chsc_cmd(command, len);
684     switch (command) {
685     case CHSC_SCSC:
686         ioinst_handle_chsc_scsc(req, res);
687         break;
688     case CHSC_SCPD:
689         ioinst_handle_chsc_scpd(req, res);
690         break;
691     case CHSC_SDA:
692         ioinst_handle_chsc_sda(req, res);
693         break;
694     case CHSC_SEI:
695         ioinst_handle_chsc_sei(req, res);
696         break;
697     default:
698         ioinst_handle_chsc_unimplemented(res);
699         break;
700     }
701 
702     if (s390_is_pv()) {
703         s390_cpu_pv_mem_write(cpu, addr + len, res, be16_to_cpu(res->len));
704         setcc(cpu, 0);    /* Command execution complete */
705     } else {
706         if (!s390_cpu_virt_mem_write(cpu, addr + len, reg, res,
707                                      be16_to_cpu(res->len))) {
708             setcc(cpu, 0);    /* Command execution complete */
709         } else {
710             s390_cpu_virt_mem_handle_exc(cpu, ra);
711         }
712     }
713 }
714 
715 #define SCHM_REG1_RES(_reg) (_reg & 0x000000000ffffffc)
716 #define SCHM_REG1_MBK(_reg) ((_reg & 0x00000000f0000000) >> 28)
717 #define SCHM_REG1_UPD(_reg) ((_reg & 0x0000000000000002) >> 1)
718 #define SCHM_REG1_DCT(_reg) (_reg & 0x0000000000000001)
719 
720 void ioinst_handle_schm(S390CPU *cpu, uint64_t reg1, uint64_t reg2,
721                         uint32_t ipb, uintptr_t ra)
722 {
723     uint8_t mbk;
724     int update;
725     int dct;
726     CPUS390XState *env = &cpu->env;
727 
728     trace_ioinst("schm");
729 
730     if (SCHM_REG1_RES(reg1)) {
731         s390_program_interrupt(env, PGM_OPERAND, ra);
732         return;
733     }
734 
735     mbk = SCHM_REG1_MBK(reg1);
736     update = SCHM_REG1_UPD(reg1);
737     dct = SCHM_REG1_DCT(reg1);
738 
739     if (update && (reg2 & 0x000000000000001f)) {
740         s390_program_interrupt(env, PGM_OPERAND, ra);
741         return;
742     }
743 
744     css_do_schm(mbk, update, dct, update ? reg2 : 0);
745 }
746 
747 void ioinst_handle_rsch(S390CPU *cpu, uint64_t reg1, uintptr_t ra)
748 {
749     int cssid, ssid, schid, m;
750     SubchDev *sch;
751 
752     if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
753         s390_program_interrupt(&cpu->env, PGM_OPERAND, ra);
754         return;
755     }
756     trace_ioinst_sch_id("rsch", cssid, ssid, schid);
757     sch = css_find_subch(m, cssid, ssid, schid);
758     if (!sch || !css_subch_visible(sch)) {
759         setcc(cpu, 3);
760         return;
761     }
762     setcc(cpu, css_do_rsch(sch));
763 }
764 
765 #define RCHP_REG1_RES(_reg) (_reg & 0x00000000ff00ff00)
766 #define RCHP_REG1_CSSID(_reg) ((_reg & 0x0000000000ff0000) >> 16)
767 #define RCHP_REG1_CHPID(_reg) (_reg & 0x00000000000000ff)
768 void ioinst_handle_rchp(S390CPU *cpu, uint64_t reg1, uintptr_t ra)
769 {
770     int cc;
771     uint8_t cssid;
772     uint8_t chpid;
773     int ret;
774     CPUS390XState *env = &cpu->env;
775 
776     if (RCHP_REG1_RES(reg1)) {
777         s390_program_interrupt(env, PGM_OPERAND, ra);
778         return;
779     }
780 
781     cssid = RCHP_REG1_CSSID(reg1);
782     chpid = RCHP_REG1_CHPID(reg1);
783 
784     trace_ioinst_chp_id("rchp", cssid, chpid);
785 
786     ret = css_do_rchp(cssid, chpid);
787 
788     switch (ret) {
789     case -ENODEV:
790         cc = 3;
791         break;
792     case -EBUSY:
793         cc = 2;
794         break;
795     case 0:
796         cc = 0;
797         break;
798     default:
799         /* Invalid channel subsystem. */
800         s390_program_interrupt(env, PGM_OPERAND, ra);
801         return;
802     }
803     setcc(cpu, cc);
804 }
805 
806 #define SAL_REG1_INVALID(_reg) (_reg & 0x0000000080000000)
807 void ioinst_handle_sal(S390CPU *cpu, uint64_t reg1, uintptr_t ra)
808 {
809     /* We do not provide address limit checking, so let's suppress it. */
810     if (SAL_REG1_INVALID(reg1) || reg1 & 0x000000000000ffff) {
811         s390_program_interrupt(&cpu->env, PGM_OPERAND, ra);
812     }
813 }
814