[Qemu-devel] [Patch/RFC 00/16] s390x/kvm features and fixes

[Qemu-devel] [Patch/RFC 00/16] s390x/kvm features and fixes

[Christian Borntraeger]

here is my next bunch of patches for s390x/kvm for 2.0.

The tree is also available at

git://github.com/borntraeger/qemu.git s390-next

It still depends on a not-yet pulled kvm tree
(  git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git tags/kvm-s390-20140130)
which Paolo will probably pull after opening kvm/next for 3.14.

If there are no concerns, I will send out a pull request in some
days.


Christian Borntraeger (2):
  update linux headers to kvm/next
  s390x/eventfacility: mask out commands

Dominik Dingel (1):
  s390x/async_pf: Check for apf extension and enable pfault

Heinz Graalfs (4):
  s390x/event-facility: some renaming
  s390x/event-facility: code restructure
  s390x/event-facility: add support for live migration
  s390x/event-facility: exploit realize/unrealize

Jens Freimann (1):
  s390x/kvm: implement floating-interrupt controller device

Thomas Huth (8):
  s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler
  s390x/kvm: Rework SIGP INITIAL CPU RESET handler
  s390x/kvm: Add missing SIGP CPU RESET order
  s390x/virtio-hcall: Add range check for hypervisor call
  s390x/virtio-hcall: Specification exception for illegal subcodes
  s390x/sclp: Fixed the size of sccb and code parameter
  s390x/sclp: Add missing checks to SCLP handler
  s390x/sclp: Fixed setting of condition code register

 default-configs/s390x-softmmu.mak |   1 +
 hw/intc/Makefile.objs             |   1 +
 hw/intc/s390_flic.c               | 324 ++++++++++++++++++++++++++++++++++++++
 hw/s390x/event-facility.c         |  93 ++++++-----
 hw/s390x/s390-virtio-ccw.c        |   8 +-
 hw/s390x/s390-virtio-hcall.c      |  14 +-
 hw/s390x/s390-virtio.c            |   2 +
 hw/s390x/sclp.c                   |  69 +++-----
 include/hw/s390x/event-facility.h |  19 +++
 include/hw/s390x/s390_flic.h      |  33 ++++
 include/hw/s390x/sclp.h           |  24 ---
 linux-headers/asm-arm/kvm.h       |  28 ++++
 linux-headers/asm-arm64/kvm.h     |  21 ++-
 linux-headers/asm-s390/kvm.h      |  19 +++
 linux-headers/asm-x86/hyperv.h    |  16 +-
 linux-headers/linux/kvm.h         |  67 ++++++++
 target-s390x/cpu.c                |   6 +
 target-s390x/cpu.h                |   6 +-
 target-s390x/kvm.c                | 110 +++++++++----
 target-s390x/misc_helper.c        |   2 +-
 trace-events                      |   5 +
 21 files changed, 718 insertions(+), 150 deletions(-)
 create mode 100644 hw/intc/s390_flic.c
 create mode 100644 include/hw/s390x/s390_flic.h

[Qemu-devel] [Patch/RFC 01/16] update linux headers to kvm/next

[Christian Borntraeger]

upstream commit id tbd

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 linux-headers/asm-arm/kvm.h    | 28 ++++++++++++++++++
 linux-headers/asm-arm64/kvm.h  | 21 ++++++++++++-
 linux-headers/asm-s390/kvm.h   | 19 ++++++++++++
 linux-headers/asm-x86/hyperv.h | 16 ++++++++--
 linux-headers/linux/kvm.h      | 67 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 147 insertions(+), 4 deletions(-)

diff --git a/linux-headers/asm-arm/kvm.h b/linux-headers/asm-arm/kvm.h
index c498b60..ef0c878 100644
--- a/linux-headers/asm-arm/kvm.h
+++ b/linux-headers/asm-arm/kvm.h
@@ -119,6 +119,26 @@ struct kvm_arch_memory_slot {
 #define KVM_REG_ARM_32_CRN_MASK		0x0000000000007800
 #define KVM_REG_ARM_32_CRN_SHIFT	11
 
+#define ARM_CP15_REG_SHIFT_MASK(x,n) \
+	(((x) << KVM_REG_ARM_ ## n ## _SHIFT) & KVM_REG_ARM_ ## n ## _MASK)
+
+#define __ARM_CP15_REG(op1,crn,crm,op2) \
+	(KVM_REG_ARM | (15 << KVM_REG_ARM_COPROC_SHIFT) | \
+	ARM_CP15_REG_SHIFT_MASK(op1, OPC1) | \
+	ARM_CP15_REG_SHIFT_MASK(crn, 32_CRN) | \
+	ARM_CP15_REG_SHIFT_MASK(crm, CRM) | \
+	ARM_CP15_REG_SHIFT_MASK(op2, 32_OPC2))
+
+#define ARM_CP15_REG32(...) (__ARM_CP15_REG(__VA_ARGS__) | KVM_REG_SIZE_U32)
+
+#define __ARM_CP15_REG64(op1,crm) \
+	(__ARM_CP15_REG(op1, 0, crm, 0) | KVM_REG_SIZE_U64)
+#define ARM_CP15_REG64(...) __ARM_CP15_REG64(__VA_ARGS__)
+
+#define KVM_REG_ARM_TIMER_CTL		ARM_CP15_REG32(0, 14, 3, 1)
+#define KVM_REG_ARM_TIMER_CNT		ARM_CP15_REG64(1, 14) 
+#define KVM_REG_ARM_TIMER_CVAL		ARM_CP15_REG64(3, 14) 
+
 /* Normal registers are mapped as coprocessor 16. */
 #define KVM_REG_ARM_CORE		(0x0010 << KVM_REG_ARM_COPROC_SHIFT)
 #define KVM_REG_ARM_CORE_REG(name)	(offsetof(struct kvm_regs, name) / 4)
@@ -143,6 +163,14 @@ struct kvm_arch_memory_slot {
 #define KVM_REG_ARM_VFP_FPINST		0x1009
 #define KVM_REG_ARM_VFP_FPINST2		0x100A
 
+/* Device Control API: ARM VGIC */
+#define KVM_DEV_ARM_VGIC_GRP_ADDR	0
+#define KVM_DEV_ARM_VGIC_GRP_DIST_REGS	1
+#define KVM_DEV_ARM_VGIC_GRP_CPU_REGS	2
+#define   KVM_DEV_ARM_VGIC_CPUID_SHIFT	32
+#define   KVM_DEV_ARM_VGIC_CPUID_MASK	(0xffULL << KVM_DEV_ARM_VGIC_CPUID_SHIFT)
+#define   KVM_DEV_ARM_VGIC_OFFSET_SHIFT	0
+#define   KVM_DEV_ARM_VGIC_OFFSET_MASK	(0xffffffffULL << KVM_DEV_ARM_VGIC_OFFSET_SHIFT)
 
 /* KVM_IRQ_LINE irq field index values */
 #define KVM_ARM_IRQ_TYPE_SHIFT		24
diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
index 5031f42..495ab6f 100644
--- a/linux-headers/asm-arm64/kvm.h
+++ b/linux-headers/asm-arm64/kvm.h
@@ -55,8 +55,9 @@ struct kvm_regs {
 #define KVM_ARM_TARGET_AEM_V8		0
 #define KVM_ARM_TARGET_FOUNDATION_V8	1
 #define KVM_ARM_TARGET_CORTEX_A57	2
+#define KVM_ARM_TARGET_XGENE_POTENZA	3
 
-#define KVM_ARM_NUM_TARGETS		3
+#define KVM_ARM_NUM_TARGETS		4
 
 /* KVM_ARM_SET_DEVICE_ADDR ioctl id encoding */
 #define KVM_ARM_DEVICE_TYPE_SHIFT	0
@@ -129,6 +130,24 @@ struct kvm_arch_memory_slot {
 #define KVM_REG_ARM64_SYSREG_OP2_MASK	0x0000000000000007
 #define KVM_REG_ARM64_SYSREG_OP2_SHIFT	0
 
+#define ARM64_SYS_REG_SHIFT_MASK(x,n) \
+	(((x) << KVM_REG_ARM64_SYSREG_ ## n ## _SHIFT) & \
+	KVM_REG_ARM64_SYSREG_ ## n ## _MASK)
+
+#define __ARM64_SYS_REG(op0,op1,crn,crm,op2) \
+	(KVM_REG_ARM64 | KVM_REG_ARM64_SYSREG | \
+	ARM64_SYS_REG_SHIFT_MASK(op0, OP0) | \
+	ARM64_SYS_REG_SHIFT_MASK(op1, OP1) | \
+	ARM64_SYS_REG_SHIFT_MASK(crn, CRN) | \
+	ARM64_SYS_REG_SHIFT_MASK(crm, CRM) | \
+	ARM64_SYS_REG_SHIFT_MASK(op2, OP2))
+
+#define ARM64_SYS_REG(...) (__ARM64_SYS_REG(__VA_ARGS__) | KVM_REG_SIZE_U64)
+
+#define KVM_REG_ARM_TIMER_CTL		ARM64_SYS_REG(3, 3, 14, 3, 1)
+#define KVM_REG_ARM_TIMER_CNT		ARM64_SYS_REG(3, 3, 14, 3, 2)
+#define KVM_REG_ARM_TIMER_CVAL		ARM64_SYS_REG(3, 3, 14, 0, 2)
+
 /* KVM_IRQ_LINE irq field index values */
 #define KVM_ARM_IRQ_TYPE_SHIFT		24
 #define KVM_ARM_IRQ_TYPE_MASK		0xff
diff --git a/linux-headers/asm-s390/kvm.h b/linux-headers/asm-s390/kvm.h
index d25da59..cb4c1eb 100644
--- a/linux-headers/asm-s390/kvm.h
+++ b/linux-headers/asm-s390/kvm.h
@@ -16,6 +16,22 @@
 
 #define __KVM_S390
 
+/* Device control API: s390-specific devices */
+#define KVM_DEV_FLIC_GET_ALL_IRQS	1
+#define KVM_DEV_FLIC_ENQUEUE		2
+#define KVM_DEV_FLIC_CLEAR_IRQS		3
+#define KVM_DEV_FLIC_APF_ENABLE		4
+#define KVM_DEV_FLIC_APF_DISABLE_WAIT	5
+/*
+ * We can have up to 4*64k pending subchannels + 8 adapter interrupts,
+ * as well as up  to ASYNC_PF_PER_VCPU*KVM_MAX_VCPUS pfault done interrupts.
+ * There are also sclp and machine checks. This gives us
+ * sizeof(kvm_s390_irq)*(4*65536+8+64*64+1+1) = 72 * 266250 = 19170000
+ * Lets round up to 8192 pages.
+ */
+#define KVM_S390_MAX_FLOAT_IRQS	266250
+#define KVM_S390_FLIC_MAX_BUFFER	0x2000000
+
 /* for KVM_GET_REGS and KVM_SET_REGS */
 struct kvm_regs {
 	/* general purpose regs for s390 */
@@ -57,4 +73,7 @@ struct kvm_sync_regs {
 #define KVM_REG_S390_EPOCHDIFF	(KVM_REG_S390 | KVM_REG_SIZE_U64 | 0x2)
 #define KVM_REG_S390_CPU_TIMER  (KVM_REG_S390 | KVM_REG_SIZE_U64 | 0x3)
 #define KVM_REG_S390_CLOCK_COMP (KVM_REG_S390 | KVM_REG_SIZE_U64 | 0x4)
+#define KVM_REG_S390_PFTOKEN	(KVM_REG_S390 | KVM_REG_SIZE_U64 | 0x5)
+#define KVM_REG_S390_PFCOMPARE	(KVM_REG_S390 | KVM_REG_SIZE_U64 | 0x6)
+#define KVM_REG_S390_PFSELECT	(KVM_REG_S390 | KVM_REG_SIZE_U64 | 0x7)
 #endif
diff --git a/linux-headers/asm-x86/hyperv.h b/linux-headers/asm-x86/hyperv.h
index 3b400ee..462efe7 100644
--- a/linux-headers/asm-x86/hyperv.h
+++ b/linux-headers/asm-x86/hyperv.h
@@ -28,6 +28,9 @@
 /* Partition Reference Counter (HV_X64_MSR_TIME_REF_COUNT) available*/
 #define HV_X64_MSR_TIME_REF_COUNT_AVAILABLE	(1 << 1)
 
+/* A partition's reference time stamp counter (TSC) page */
+#define HV_X64_MSR_REFERENCE_TSC		0x40000021
+
 /*
  * There is a single feature flag that signifies the presence of the MSR
  * that can be used to retrieve both the local APIC Timer frequency as
@@ -149,9 +152,6 @@
 /* MSR used to read the per-partition time reference counter */
 #define HV_X64_MSR_TIME_REF_COUNT		0x40000020
 
-/* A partition's reference time stamp counter (TSC) page */
-#define HV_X64_MSR_REFERENCE_TSC		0x40000021
-
 /* MSR used to retrieve the TSC frequency */
 #define HV_X64_MSR_TSC_FREQUENCY		0x40000022
 
@@ -201,6 +201,9 @@
 #define HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_MASK	\
 		(~((1ull << HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT) - 1))
 
+#define HV_X64_MSR_TSC_REFERENCE_ENABLE		0x00000001
+#define HV_X64_MSR_TSC_REFERENCE_ADDRESS_SHIFT	12
+
 #define HV_PROCESSOR_POWER_STATE_C0		0
 #define HV_PROCESSOR_POWER_STATE_C1		1
 #define HV_PROCESSOR_POWER_STATE_C2		2
@@ -213,4 +216,11 @@
 #define HV_STATUS_INVALID_ALIGNMENT		4
 #define HV_STATUS_INSUFFICIENT_BUFFERS		19
 
+typedef struct _HV_REFERENCE_TSC_PAGE {
+	__u32 tsc_sequence;
+	__u32 res1;
+	__u64 tsc_scale;
+	__s64 tsc_offset;
+} HV_REFERENCE_TSC_PAGE, *PHV_REFERENCE_TSC_PAGE;
+
 #endif
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 999fb13..e27a4b3 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -413,6 +413,8 @@ struct kvm_s390_psw {
 #define KVM_S390_PROGRAM_INT		0xfffe0001u
 #define KVM_S390_SIGP_SET_PREFIX	0xfffe0002u
 #define KVM_S390_RESTART		0xfffe0003u
+#define KVM_S390_INT_PFAULT_INIT	0xfffe0004u
+#define KVM_S390_INT_PFAULT_DONE	0xfffe0005u
 #define KVM_S390_MCHK			0xfffe1000u
 #define KVM_S390_INT_VIRTIO		0xffff2603u
 #define KVM_S390_INT_SERVICE		0xffff2401u
@@ -434,6 +436,69 @@ struct kvm_s390_interrupt {
 	__u64 parm64;
 };
 
+struct kvm_s390_io_info {
+	__u16 subchannel_id;
+	__u16 subchannel_nr;
+	__u32 io_int_parm;
+	__u32 io_int_word;
+};
+
+struct kvm_s390_ext_info {
+	__u32 ext_params;
+	__u32 pad;
+	__u64 ext_params2;
+};
+
+struct kvm_s390_pgm_info {
+	__u64 trans_exc_code;
+	__u64 mon_code;
+	__u64 per_address;
+	__u32 data_exc_code;
+	__u16 code;
+	__u16 mon_class_nr;
+	__u8 per_code;
+	__u8 per_atmid;
+	__u8 exc_access_id;
+	__u8 per_access_id;
+	__u8 op_access_id;
+	__u8 pad[3];
+};
+
+struct kvm_s390_prefix_info {
+	__u32 address;
+};
+
+struct kvm_s390_extcall_info {
+	__u16 code;
+};
+
+struct kvm_s390_emerg_info {
+	__u16 code;
+};
+
+struct kvm_s390_mchk_info {
+	__u64 cr14;
+	__u64 mcic;
+	__u64 failing_storage_address;
+	__u32 ext_damage_code;
+	__u32 pad;
+	__u8 fixed_logout[16];
+};
+
+struct kvm_s390_irq {
+	__u64 type;
+	union {
+		struct kvm_s390_io_info io;
+		struct kvm_s390_ext_info ext;
+		struct kvm_s390_pgm_info pgm;
+		struct kvm_s390_emerg_info emerg;
+		struct kvm_s390_extcall_info extcall;
+		struct kvm_s390_prefix_info prefix;
+		struct kvm_s390_mchk_info mchk;
+		char reserved[64];
+	} u;
+};
+
 /* for KVM_SET_GUEST_DEBUG */
 
 #define KVM_GUESTDBG_ENABLE		0x00000001
@@ -854,6 +919,8 @@ struct kvm_device_attr {
 #define  KVM_DEV_VFIO_GROUP			1
 #define   KVM_DEV_VFIO_GROUP_ADD			1
 #define   KVM_DEV_VFIO_GROUP_DEL			2
+#define KVM_DEV_TYPE_ARM_VGIC_V2	5
+#define KVM_DEV_TYPE_FLIC		6
 
 /*
  * ioctls for VM fds
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 02/16] s390x/kvm: implement floating-interrupt controller device

[Christian Borntraeger]

From: Jens Freimann <jfrei@linux.vnet.ibm.com>

This patch implements a floating-interrupt controller device (flic)
which interacts with the s390 flic kvm_device.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 default-configs/s390x-softmmu.mak |   1 +
 hw/intc/Makefile.objs             |   1 +
 hw/intc/s390_flic.c               | 286 ++++++++++++++++++++++++++++++++++++++
 hw/s390x/s390-virtio-ccw.c        |   8 +-
 hw/s390x/s390-virtio.c            |   2 +
 include/hw/s390x/s390_flic.h      |  33 +++++
 trace-events                      |   5 +
 7 files changed, 335 insertions(+), 1 deletion(-)
 create mode 100644 hw/intc/s390_flic.c
 create mode 100644 include/hw/s390x/s390_flic.h

diff --git a/default-configs/s390x-softmmu.mak b/default-configs/s390x-softmmu.mak
index 81fbc68..d843dc0 100644
--- a/default-configs/s390x-softmmu.mak
+++ b/default-configs/s390x-softmmu.mak
@@ -1,2 +1,3 @@
 CONFIG_VIRTIO=y
 CONFIG_SCLPCONSOLE=y
+CONFIG_S390_FLIC=$(CONFIG_KVM)
diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 60eb936..c8a2318 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -25,3 +25,4 @@ obj-$(CONFIG_SH4) += sh_intc.o
 obj-$(CONFIG_XICS) += xics.o
 obj-$(CONFIG_XICS_KVM) += xics_kvm.o
 obj-$(CONFIG_ALLWINNER_A10_PIC) += allwinner-a10-pic.o
+obj-$(CONFIG_S390_FLIC) += s390_flic.o
diff --git a/hw/intc/s390_flic.c b/hw/intc/s390_flic.c
new file mode 100644
index 0000000..5c0ebe3
--- /dev/null
+++ b/hw/intc/s390_flic.c
@@ -0,0 +1,286 @@
+/*
+ * QEMU S390x KVM floating interrupt controller (flic)
+ *
+ * Copyright 2014 IBM Corp.
+ * Author(s): Jens Freimann <jfrei@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include <sys/ioctl.h>
+#include "qemu/error-report.h"
+#include "hw/sysbus.h"
+#include "sysemu/kvm.h"
+#include "migration/qemu-file.h"
+#include "hw/s390x/s390_flic.h"
+#include "trace.h"
+
+#define FLIC_SAVE_INITIAL_SIZE getpagesize()
+#define FLIC_FAILED (-1UL)
+#define FLIC_SAVEVM_VERSION 1
+
+void s390_flic_init(void)
+{
+    DeviceState *dev;
+    int r;
+
+    if (kvm_enabled()) {
+        dev = qdev_create(NULL, "s390-flic");
+        object_property_add_child(qdev_get_machine(), "s390-flic",
+                                OBJECT(dev), NULL);
+        r = qdev_init(dev);
+        if (r) {
+            error_report("flic: couldn't create qdev");
+        }
+    }
+}
+
+/**
+ * flic_get_all_irqs - store all pending irqs in buffer
+ * @buf: pointer to buffer which is passed to kernel
+ * @len: length of buffer
+ * @flic: pointer to flic device state
+ *
+ * Returns: -ENOMEM if buffer is too small,
+ * -EINVAL if attr.group is invalid,
+ * -EFAULT if copying to userspace failed,
+ * on success return number of stored interrupts
+ */
+static int flic_get_all_irqs(KVMS390FLICState *flic,
+                             void *buf, int len)
+{
+    struct kvm_device_attr attr;
+    int rc;
+
+    attr.group = KVM_DEV_FLIC_GET_ALL_IRQS;
+    attr.addr = (uint64_t) buf;
+    attr.attr = len;
+
+    rc = ioctl(flic->fd, KVM_GET_DEVICE_ATTR, &attr);
+
+    return rc == -1 ? -errno : rc;
+}
+
+/** flic_enqueue_irqs - returns 0 on success
+ * @buf: pointer to buffer which is passed to kernel
+ * @len: length of buffer
+ * @flic: pointer to flic device state
+ *
+ * Returns: -EINVAL if attr.group is unknown
+ */
+static int flic_enqueue_irqs(void *buf, uint64_t len,
+                            KVMS390FLICState *flic)
+{
+    int rc;
+    struct kvm_device_attr attr;
+
+    attr.group = KVM_DEV_FLIC_ENQUEUE;
+    attr.addr = (uint64_t) buf;
+    attr.attr = len;
+
+    rc = ioctl(flic->fd, KVM_SET_DEVICE_ATTR, &attr);
+
+    return rc ? -errno : 0;
+}
+
+/**
+ * __get_all_irqs - store all pending irqs in buffer
+ * @flic: pointer to flic device state
+ * @buf: pointer to pointer to a buffer
+ * @len: length of buffer
+ *
+ * Returns: return value of flic_get_all_irqs
+ * Note: Retry and increase buffer size until flic_get_all_irqs
+ * either returns a value >= 0 or a negative error code.
+ * -ENOMEM is an exception, which means the buffer is too small
+ * and we should try again. Other negative error codes can be
+ * -EFAULT and -EINVAL which we ignore at this point
+ */
+static int __get_all_irqs(KVMS390FLICState *flic,
+                          void **buf, int len)
+{
+    int r;
+
+    do {
+        /* returns -ENOMEM if buffer is too small and number
+         * of queued interrupts on success */
+        r = flic_get_all_irqs(flic, *buf, len);
+        if (r >= 0) {
+            break;
+        }
+        len *= 2;
+        *buf = g_try_realloc(*buf, len);
+        if (!buf) {
+            return -ENOMEM;
+        }
+    } while (r == -ENOMEM && len <= KVM_S390_FLIC_MAX_BUFFER);
+
+    return r;
+}
+
+/**
+ * kvm_flic_save - Save pending floating interrupts
+ * @f: QEMUFile containing migration state
+ * @opaque: pointer to flic device state
+ *
+ * Note: Pass buf and len to kernel. Start with one page and
+ * increase until buffer is sufficient or maxium size is
+ * reached
+ */
+static void kvm_flic_save(QEMUFile *f, void *opaque)
+{
+    KVMS390FLICState *flic = opaque;
+    int len = FLIC_SAVE_INITIAL_SIZE;
+    void *buf;
+    int count;
+
+    buf = g_try_malloc0(len);
+    if (!buf) {
+        /* Storing FLIC_FAILED into the count field here will cause the
+         * target system to fail when attempting to load irqs from the
+         * migration state */
+        error_report("flic: couldn't allocate memory");
+        qemu_put_be64(f, FLIC_FAILED);
+        return;
+    }
+
+    count = __get_all_irqs(flic, &buf, len);
+    if (count < 0) {
+        error_report("flic: couldn't retrieve irqs from kernel, rc %d",
+                     count);
+        /* Storing FLIC_FAILED into the count field here will cause the
+         * target system to fail when attempting to load irqs from the
+         * migration state */
+        qemu_put_be64(f, FLIC_FAILED);
+    } else {
+        qemu_put_be64(f, count);
+        qemu_put_buffer(f, (uint8_t *) buf,
+                        count * sizeof(struct kvm_s390_irq));
+    }
+    g_free(buf);
+}
+
+/**
+ * kvm_flic_load - Load pending floating interrupts
+ * @f: QEMUFile containing migration state
+ * @opaque: pointer to flic device state
+ * @version_id: version id for migration
+ *
+ * Returns: value of flic_enqueue_irqs, -EINVAL on error
+ * Note: Do nothing when no interrupts where stored
+ * in QEMUFile
+ */
+static int kvm_flic_load(QEMUFile *f, void *opaque, int version_id)
+{
+    uint64_t len = 0;
+    uint64_t count = 0;
+    void *buf = NULL;
+    int r = 0;
+
+    if (version_id != FLIC_SAVEVM_VERSION) {
+        r = -EINVAL;
+        goto out;
+    }
+
+    count = qemu_get_be64(f);
+    len = count * sizeof(struct kvm_s390_irq);
+    if (count == FLIC_FAILED) {
+        r = -EINVAL;
+        goto out;
+    }
+    if (count == 0) {
+        r = 0;
+        goto out;
+    }
+    buf = g_try_malloc0(len);
+    if (!buf) {
+        r = -ENOMEM;
+        goto out;
+    }
+
+    if (qemu_get_buffer(f, (uint8_t *) buf, len) != len) {
+        r = -EINVAL;
+        goto out_free;
+    }
+    r = flic_enqueue_irqs(buf, len, (struct KVMS390FLICState *) opaque);
+
+out_free:
+    g_free(buf);
+out:
+    return r;
+}
+
+static void kvm_s390_flic_realize(DeviceState *dev, Error **errp)
+{
+    KVMS390FLICState *flic_state = KVM_S390_FLIC(dev);
+    struct kvm_create_device cd = {0};
+    int ret;
+
+    flic_state->fd = -1;
+    if (!kvm_check_extension(kvm_state, KVM_CAP_DEVICE_CTRL)) {
+        trace_flic_no_device_api(errno);
+        return;
+    }
+
+    cd.type = KVM_DEV_TYPE_FLIC;
+    ret = kvm_vm_ioctl(kvm_state, KVM_CREATE_DEVICE, &cd);
+    if (ret < 0) {
+        trace_flic_create_device(errno);
+        return;
+    }
+    flic_state->fd = cd.fd;
+
+    /* Register savevm handler for floating interrupts */
+    register_savevm(NULL, "s390-flic", 0, 1, kvm_flic_save,
+                    kvm_flic_load, (void *) flic_state);
+}
+
+static void kvm_s390_flic_unrealize(DeviceState *dev, Error **errp)
+{
+    KVMS390FLICState *flic_state = KVM_S390_FLIC(dev);
+
+    unregister_savevm(DEVICE(flic_state), "s390-flic", flic_state);
+}
+
+static void kvm_s390_flic_reset(DeviceState *dev)
+{
+    KVMS390FLICState *flic = KVM_S390_FLIC(dev);
+    struct kvm_device_attr attr;
+    int rc = 0;
+
+    if (flic->fd == -1) {
+        return;
+    }
+
+    attr.group = KVM_DEV_FLIC_CLEAR_IRQS;
+
+    rc = ioctl(flic->fd, KVM_SET_DEVICE_ATTR, &attr);
+    if (rc) {
+        trace_flic_reset_failed(errno);
+    }
+}
+
+static void kvm_s390_flic_class_init(ObjectClass *oc, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(oc);
+
+    dc->realize = kvm_s390_flic_realize;
+    dc->unrealize = kvm_s390_flic_unrealize;
+    dc->reset = kvm_s390_flic_reset;
+}
+
+static const TypeInfo kvm_s390_flic_info = {
+    .name          = TYPE_KVM_S390_FLIC,
+    .parent        = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(KVMS390FLICState),
+    .class_init    = kvm_s390_flic_class_init,
+};
+
+static void kvm_s390_flic_register_types(void)
+{
+    type_register_static(&kvm_s390_flic_info);
+}
+
+type_init(kvm_s390_flic_register_types)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 733d988..0d4f6ae 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -13,13 +13,14 @@
 #include "exec/address-spaces.h"
 #include "s390-virtio.h"
 #include "hw/s390x/sclp.h"
+#include "hw/s390x/s390_flic.h"
 #include "ioinst.h"
 #include "css.h"
 #include "virtio-ccw.h"
 
 void io_subsystem_reset(void)
 {
-    DeviceState *css, *sclp;
+    DeviceState *css, *sclp, *flic;
 
     css = DEVICE(object_resolve_path_type("", "virtual-css-bridge", NULL));
     if (css) {
@@ -30,6 +31,10 @@ void io_subsystem_reset(void)
     if (sclp) {
         qdev_reset_all(sclp);
     }
+    flic = DEVICE(object_resolve_path_type("", "s390-flic", NULL));
+    if (flic) {
+        qdev_reset_all(flic);
+    }
 }
 
 static int virtio_ccw_hcall_notify(const uint64_t *args)
@@ -99,6 +104,7 @@ static void ccw_init(QEMUMachineInitArgs *args)
     s390_sclp_init();
     s390_init_ipl_dev(args->kernel_filename, args->kernel_cmdline,
                       args->initrd_filename, "s390-ccw.img");
+    s390_flic_init();
 
     /* register hypercalls */
     virtio_ccw_register_hcalls();
diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index 7adf92a..5b54af7 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -36,6 +36,7 @@
 
 #include "hw/s390x/s390-virtio-bus.h"
 #include "hw/s390x/sclp.h"
+#include "hw/s390x/s390_flic.h"
 #include "hw/s390x/s390-virtio.h"
 
 //#define DEBUG_S390
@@ -251,6 +252,7 @@ static void s390_init(QEMUMachineInitArgs *args)
     s390_sclp_init();
     s390_init_ipl_dev(args->kernel_filename, args->kernel_cmdline,
                       args->initrd_filename, ZIPL_FILENAME);
+    s390_flic_init();
 
     /* register hypercalls */
     s390_virtio_register_hcalls();
diff --git a/include/hw/s390x/s390_flic.h b/include/hw/s390x/s390_flic.h
new file mode 100644
index 0000000..497b219
--- /dev/null
+++ b/include/hw/s390x/s390_flic.h
@@ -0,0 +1,33 @@
+/*
+ * QEMU S390x KVM floating interrupt controller (flic)
+ *
+ * Copyright 2014 IBM Corp.
+ * Author(s): Jens Freimann <jfrei@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef __KVM_S390_FLIC_H
+#define __KVM_S390_FLIC_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_KVM_S390_FLIC "s390-flic"
+#define KVM_S390_FLIC(obj) \
+    OBJECT_CHECK(KVMS390FLICState, (obj), TYPE_KVM_S390_FLIC)
+
+typedef struct KVMS390FLICState {
+    SysBusDevice parent_obj;
+
+    uint32_t fd;
+} KVMS390FLICState;
+
+#ifdef CONFIG_KVM
+void s390_flic_init(void);
+#else
+static inline void s390_flic_init(void) { }
+#endif
+
+#endif /* __KVM_S390_FLIC_H */
diff --git a/trace-events b/trace-events
index 1b668d1..9dd2241 100644
--- a/trace-events
+++ b/trace-events
@@ -1162,6 +1162,11 @@ css_io_interrupt(int cssid, int ssid, int schid, uint32_t intparm, uint8_t isc,
 virtio_ccw_interpret_ccw(int cssid, int ssid, int schid, int cmd_code) "VIRTIO-CCW: %x.%x.%04x: interpret command %x"
 virtio_ccw_new_device(int cssid, int ssid, int schid, int devno, const char *devno_mode) "VIRTIO-CCW: add subchannel %x.%x.%04x, devno %04x (%s)"
 
+# hw/intc/s390_flic.c
+flic_create_device(int err) "flic: create device failed %d"
+flic_no_device_api(int err) "flic: no Device Contral API support %d"
+flic_reset_failed(int err) "flic: reset failed %d"
+
 # migration.c
 migrate_set_state(int new_state) "new state %d"
 
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 03/16] s390x/async_pf: Check for apf extension and enable pfault

[Christian Borntraeger]

From: Dominik Dingel <dingel@linux.vnet.ibm.com>

S390 can also use async page faults, to enhance guest scheduling.
In case of live migration we want to disable the feature let all
pending request finish.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/intc/s390_flic.c | 38 ++++++++++++++++++++++++++++++++++++++
 target-s390x/cpu.c  |  6 ++++++
 target-s390x/cpu.h  |  4 ++++
 target-s390x/kvm.c  | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 96 insertions(+)

diff --git a/hw/intc/s390_flic.c b/hw/intc/s390_flic.c
index 5c0ebe3..9526774 100644
--- a/hw/intc/s390_flic.c
+++ b/hw/intc/s390_flic.c
@@ -63,6 +63,36 @@ static int flic_get_all_irqs(KVMS390FLICState *flic,
     return rc == -1 ? -errno : rc;
 }
 
+static void flic_enable_pfault(KVMS390FLICState *flic)
+{
+    struct kvm_device_attr attr;
+    int rc;
+
+    attr.group = KVM_DEV_FLIC_APF_ENABLE;
+    attr.addr = 0;
+
+    rc = ioctl(flic->fd, KVM_SET_DEVICE_ATTR, &attr);
+
+    if (rc) {
+        fprintf(stderr, "flic: couldn't enable pfault\n");
+    }
+}
+
+static void flic_disable_wait_pfault(KVMS390FLICState *flic)
+{
+    struct kvm_device_attr attr;
+    int rc;
+
+    attr.group = KVM_DEV_FLIC_APF_DISABLE_WAIT;
+    attr.addr = 0;
+
+    rc = ioctl(flic->fd, KVM_SET_DEVICE_ATTR, &attr);
+
+    if (rc) {
+        fprintf(stderr, "flic: couldn't disable pfault\n");
+    }
+}
+
 /** flic_enqueue_irqs - returns 0 on success
  * @buf: pointer to buffer which is passed to kernel
  * @len: length of buffer
@@ -136,6 +166,8 @@ static void kvm_flic_save(QEMUFile *f, void *opaque)
     void *buf;
     int count;
 
+    flic_disable_wait_pfault((struct KVMS390FLICState *) opaque);
+
     buf = g_try_malloc0(len);
     if (!buf) {
         /* Storing FLIC_FAILED into the count field here will cause the
@@ -184,6 +216,8 @@ static int kvm_flic_load(QEMUFile *f, void *opaque, int version_id)
         goto out;
     }
 
+    flic_enable_pfault((struct KVMS390FLICState *) opaque);
+
     count = qemu_get_be64(f);
     len = count * sizeof(struct kvm_s390_irq);
     if (count == FLIC_FAILED) {
@@ -254,12 +288,16 @@ static void kvm_s390_flic_reset(DeviceState *dev)
         return;
     }
 
+    flic_disable_wait_pfault(flic);
+
     attr.group = KVM_DEV_FLIC_CLEAR_IRQS;
 
     rc = ioctl(flic->fd, KVM_SET_DEVICE_ATTR, &attr);
     if (rc) {
         trace_flic_reset_failed(errno);
     }
+
+    flic_enable_pfault(flic);
 }
 
 static void kvm_s390_flic_class_init(ObjectClass *oc, void *data)
diff --git a/target-s390x/cpu.c b/target-s390x/cpu.c
index 3c89f8a..8d8cd0f 100644
--- a/target-s390x/cpu.c
+++ b/target-s390x/cpu.c
@@ -83,6 +83,7 @@ static void s390_cpu_reset(CPUState *s)
     S390CPUClass *scc = S390_CPU_GET_CLASS(cpu);
     CPUS390XState *env = &cpu->env;
 
+    env->pfault_token = -1UL;
     s390_del_running_cpu(cpu);
     scc->parent_reset(s);
 #if !defined(CONFIG_USER_ONLY)
@@ -105,6 +106,8 @@ static void s390_cpu_initial_reset(CPUState *s)
     /* architectured initial values for CR 0 and 14 */
     env->cregs[0] = CR0_RESET;
     env->cregs[14] = CR14_RESET;
+
+    env->pfault_token = -1UL;
 }
 
 /* CPUClass:reset() */
@@ -123,6 +126,9 @@ static void s390_cpu_full_reset(CPUState *s)
     /* architectured initial values for CR 0 and 14 */
     env->cregs[0] = CR0_RESET;
     env->cregs[14] = CR14_RESET;
+
+    env->pfault_token = -1UL;
+
     /* set halted to 1 to make sure we can add the cpu in
      * s390_ipl_cpu code, where CPUState::halted is set back to 0
      * after incrementing the cpu counter */
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 96c2b4a..b09ff92 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -121,6 +121,10 @@ typedef struct CPUS390XState {
     uint64_t cputm;
     uint32_t todpr;
 
+    uint64_t pfault_token;
+    uint64_t pfault_compare;
+    uint64_t pfault_select;
+
     CPU_COMMON
 
     /* reset does memset(0) up to here */
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index f60ccdc..9430a35 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -87,12 +87,14 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 };
 
 static int cap_sync_regs;
+static int cap_async_pf;
 
 static void *legacy_s390_alloc(size_t size);
 
 int kvm_arch_init(KVMState *s)
 {
     cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);
+    cap_async_pf = kvm_check_extension(s, KVM_CAP_ASYNC_PF);
     if (!kvm_check_extension(s, KVM_CAP_S390_GMAP)
         || !kvm_check_extension(s, KVM_CAP_S390_COW)) {
         phys_mem_set_alloc(legacy_s390_alloc);
@@ -178,6 +180,29 @@ int kvm_arch_put_registers(CPUState *cs, int level)
         return ret;
     }
 
+    if (cap_async_pf) {
+        reg.id = KVM_REG_S390_PFTOKEN;
+        reg.addr = (__u64)&(env->pfault_token);
+        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+        if (ret < 0) {
+            return ret;
+        }
+
+        reg.id = KVM_REG_S390_PFCOMPARE;
+        reg.addr = (__u64)&(env->pfault_compare);
+        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+        if (ret < 0) {
+            return ret;
+        }
+
+        reg.id = KVM_REG_S390_PFSELECT;
+        reg.addr = (__u64)&(env->pfault_select);
+        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+        if (ret < 0) {
+            return ret;
+        }
+    }
+
     if (cap_sync_regs &&
         cs->kvm_run->kvm_valid_regs & KVM_SYNC_ACRS &&
         cs->kvm_run->kvm_valid_regs & KVM_SYNC_CRS) {
@@ -282,6 +307,29 @@ int kvm_arch_get_registers(CPUState *cs)
         return r;
     }
 
+    if (cap_async_pf) {
+        reg.id = KVM_REG_S390_PFTOKEN;
+        reg.addr = (__u64)&(env->pfault_token);
+        r = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+        if (r < 0) {
+            return r;
+        }
+
+        reg.id = KVM_REG_S390_PFCOMPARE;
+        reg.addr = (__u64)&(env->pfault_compare);
+        r = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+        if (r < 0) {
+            return r;
+        }
+
+        reg.id = KVM_REG_S390_PFSELECT;
+        reg.addr = (__u64)&(env->pfault_select);
+        r = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+        if (r < 0) {
+            return r;
+        }
+    }
+
     return 0;
 }
 
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 04/16] s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

The SET-ARCHITECTURE handler in QEMU caused an program interruption.
This is wrong according to the "Principles of Operations" specification
(since SIGP should never cause a program interrupt) and was likely only
introduced for debugging purposes. Since we handle SET-ARCHITECTURE in
the kernel already and only dropped to user space in case of bad mode
parameters, we should just report INVALID PARAMETER in QEMU instead.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 target-s390x/kvm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 9430a35..b93fe84 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -676,8 +676,10 @@ static int handle_sigp(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
         cc = kvm_s390_cpu_restart(target_cpu);
         break;
     case SIGP_SET_ARCH:
-        /* make the caller panic */
-        return -1;
+        *statusreg &= 0xffffffff00000000UL;
+        *statusreg |= SIGP_STAT_INVALID_PARAMETER;
+        cc = 1;   /* status stored */
+        break;
     case SIGP_INITIAL_CPU_RESET:
         cc = s390_cpu_initial_reset(target_cpu);
         break;
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 05/16] s390x/kvm: Rework SIGP INITIAL CPU RESET handler

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

The s390_cpu_initial_reset() function had two deficiencies: First, it
used an ioctl for the destination CPU, and this ioctl could block
nearly forever, as long as the destination CPU was running in the SIE
loop. Second, it also cleared the general purpose registers - something
it should not do according to the Principles of Operations.
Since we've already got another function for the initial CPU reset in
cpu.c, we can also use that function instead. And by using run_on_cpu()
for executing this code, we make sure that the destination CPU is
correctly kicked out of kernel mode now.

Suggested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 target-s390x/kvm.c | 25 +++++++------------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index b93fe84..1f89a89 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -624,25 +624,13 @@ int kvm_s390_cpu_restart(S390CPU *cpu)
     return 0;
 }
 
-static int s390_cpu_initial_reset(S390CPU *cpu)
+static void sigp_initial_cpu_reset(void *arg)
 {
-    CPUState *cs = CPU(cpu);
-    CPUS390XState *env = &cpu->env;
-    int i;
-
-    s390_del_running_cpu(cpu);
-    if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL) < 0) {
-        perror("cannot init reset vcpu");
-    }
+    CPUState *cpu = arg;
+    S390CPUClass *scc = S390_CPU_GET_CLASS(cpu);
 
-    /* Manually zero out all registers */
-    cpu_synchronize_state(cs);
-    for (i = 0; i < 16; i++) {
-        env->regs[i] = 0;
-    }
-
-    DPRINTF("DONE: SIGP initial reset: %p\n", env);
-    return 0;
+    cpu_synchronize_state(cpu);
+    scc->initial_cpu_reset(cpu);
 }
 
 #define SIGP_ORDER_MASK 0x000000ff
@@ -681,7 +669,8 @@ static int handle_sigp(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
         cc = 1;   /* status stored */
         break;
     case SIGP_INITIAL_CPU_RESET:
-        cc = s390_cpu_initial_reset(target_cpu);
+        run_on_cpu(CPU(target_cpu), sigp_initial_cpu_reset, CPU(target_cpu));
+        cc = 0;
         break;
     default:
         DPRINTF("KVM: unknown SIGP: 0x%x\n", order_code);
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 06/16] s390x/kvm: Add missing SIGP CPU RESET order

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

The SIGP order CPU RESET was still missing in the list of our
supported handler. This patch now adds a simple implementation,
by using the cpu_reset() function that is already available in
target-s390x/cpu.c.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 target-s390x/kvm.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 1f89a89..3bcaaa3 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -633,6 +633,15 @@ static void sigp_initial_cpu_reset(void *arg)
     scc->initial_cpu_reset(cpu);
 }
 
+static void sigp_cpu_reset(void *arg)
+{
+    CPUState *cpu = arg;
+    S390CPUClass *scc = S390_CPU_GET_CLASS(cpu);
+
+    cpu_synchronize_state(cpu);
+    scc->cpu_reset(cpu);
+}
+
 #define SIGP_ORDER_MASK 0x000000ff
 
 static int handle_sigp(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
@@ -672,6 +681,10 @@ static int handle_sigp(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
         run_on_cpu(CPU(target_cpu), sigp_initial_cpu_reset, CPU(target_cpu));
         cc = 0;
         break;
+    case SIGP_CPU_RESET:
+        run_on_cpu(CPU(target_cpu), sigp_cpu_reset, CPU(target_cpu));
+        cc = 0;
+        break;
     default:
         DPRINTF("KVM: unknown SIGP: 0x%x\n", order_code);
         *statusreg &= 0xffffffff00000000UL;
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 07/16] s390x/virtio-hcall: Add range check for hypervisor call

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/s390-virtio-hcall.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index ee62649..0e328d8 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn)
 
 int s390_virtio_hypercall(CPUS390XState *env)
 {
-    s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+    s390_virtio_fn fn;
 
-    if (!fn) {
-        return -EINVAL;
+    if (env->regs[1] < MAX_DIAG_SUBCODES) {
+        fn = s390_diag500_table[env->regs[1]];
+        if (fn) {
+            return fn(&env->regs[2]);
+        }
     }
 
-    return fn(&env->regs[2]);
+    return -EINVAL;
 }
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 08/16] s390x/virtio-hcall: Specification exception for illegal subcodes

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

So far, the DIAG 500 hypervisor call was only setting -EINVAL in
R2 when a guest tried to call this function with an illegal subcode.
This patch now changes the behavior so that a specification exception
is thrown instead, since this is the common behavior of other DIAG
functions (and other CPU instructions) when being called with illegal
parameters.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/s390-virtio-hcall.c | 3 ++-
 target-s390x/kvm.c           | 9 +++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index 0e328d8..c7bdc20 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -31,7 +31,8 @@ int s390_virtio_hypercall(CPUS390XState *env)
     if (env->regs[1] < MAX_DIAG_SUBCODES) {
         fn = s390_diag500_table[env->regs[1]];
         if (fn) {
-            return fn(&env->regs[2]);
+            env->regs[2] = fn(&env->regs[2]);
+            return 0;
         }
     }
 
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 3bcaaa3..0335d51 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -559,11 +559,16 @@ static int handle_priv(S390CPU *cpu, struct kvm_run *run,
 static int handle_hypercall(S390CPU *cpu, struct kvm_run *run)
 {
     CPUS390XState *env = &cpu->env;
+    int ret;
 
     cpu_synchronize_state(CPU(cpu));
-    env->regs[2] = s390_virtio_hypercall(env);
+    ret = s390_virtio_hypercall(env);
+    if (ret == -EINVAL) {
+        enter_pgmcheck(cpu, PGM_SPECIFICATION);
+        return 0;
+    }
 
-    return 0;
+    return ret;
 }
 
 static void kvm_handle_diag_308(S390CPU *cpu, struct kvm_run *run)
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 09/16] s390x/eventfacility: mask out commands

[Christian Borntraeger]

As a followup to commit 5f04c14a10fa7f259bc0808f35a0beda49f7821e
(s390-sclp: Define New SCLP Codes) we should mask the sclp command
not only in base sclp, but also in the event facility.

Based on an initial patch from Ralf Hoppe.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/event-facility.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index a73c0b9..1e8c99a 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -299,7 +299,7 @@ static const TypeInfo s390_sclp_events_bus_info = {
 
 static void command_handler(SCLPEventFacility *ef, SCCB *sccb, uint64_t code)
 {
-    switch (code) {
+    switch (code & SCLP_CMD_CODE_MASK) {
     case SCLP_CMD_READ_EVENT_DATA:
         read_event_data(ef, sccb);
         break;
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 10/16] s390x/sclp: Fixed the size of sccb and code parameter

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

The pointer to the SCCB should not be limited to 32 bits only.
In contrast to this, the command word parameter is only 32 bits
(the upper 32 bits should be ignored).

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/sclp.c    | 4 ++--
 target-s390x/cpu.h | 2 +-
 target-s390x/kvm.c | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 4e0c564..6134d4f 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -89,7 +89,7 @@ static void sclp_read_cpu_info(SCCB *sccb)
     sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
 }
 
-static void sclp_execute(SCCB *sccb, uint64_t code)
+static void sclp_execute(SCCB *sccb, uint32_t code)
 {
     S390SCLPDevice *sdev = get_event_facility();
 
@@ -107,7 +107,7 @@ static void sclp_execute(SCCB *sccb, uint64_t code)
     }
 }
 
-int sclp_service_call(uint32_t sccb, uint64_t code)
+int sclp_service_call(uint64_t sccb, uint32_t code)
 {
     int r = 0;
     SCCB work_sccb;
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index b09ff92..373c115 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -963,7 +963,7 @@ struct sysib_322 {
 void load_psw(CPUS390XState *env, uint64_t mask, uint64_t addr);
 int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
                   target_ulong *raddr, int *flags);
-int sclp_service_call(uint32_t sccb, uint64_t code);
+int sclp_service_call(uint64_t sccb, uint32_t code);
 uint32_t calc_cc(CPUS390XState *env, uint32_t cc_op, uint64_t src, uint64_t dst,
                  uint64_t vr);
 
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 0335d51..9d8cee8 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -440,8 +440,8 @@ static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
                                  uint16_t ipbh0)
 {
     CPUS390XState *env = &cpu->env;
-    uint32_t sccb;
-    uint64_t code;
+    uint64_t sccb;
+    uint32_t code;
     int r = 0;
 
     cpu_synchronize_state(CPU(cpu));
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 11/16] s390x/sclp: Add missing checks to SCLP handler

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

If the 51 most significant bits of the SCCB address are zero or equal to
the prefix, we should throw an specification exception, too.
Also moved the check for privileged mode to sclp_service_call() to have
all program checks in one place now.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/sclp.c            | 9 +++++++--
 target-s390x/cpu.h         | 2 +-
 target-s390x/kvm.c         | 6 +-----
 target-s390x/misc_helper.c | 2 +-
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 6134d4f..9880977 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -107,7 +107,7 @@ static void sclp_execute(SCCB *sccb, uint32_t code)
     }
 }
 
-int sclp_service_call(uint64_t sccb, uint32_t code)
+int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code)
 {
     int r = 0;
     SCCB work_sccb;
@@ -115,11 +115,16 @@ int sclp_service_call(uint64_t sccb, uint32_t code)
     hwaddr sccb_len = sizeof(SCCB);
 
     /* first some basic checks on program checks */
+    if (env->psw.mask & PSW_MASK_PSTATE) {
+        r = -PGM_PRIVILEGED;
+        goto out;
+    }
     if (cpu_physical_memory_is_io(sccb)) {
         r = -PGM_ADDRESSING;
         goto out;
     }
-    if (sccb & ~0x7ffffff8ul) {
+    if ((sccb & ~0x1fffUL) == 0 || (sccb & ~0x1fffUL) == env->psa
+        || (sccb & ~0x7ffffff8UL) != 0) {
         r = -PGM_SPECIFICATION;
         goto out;
     }
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 373c115..9673838 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -963,7 +963,7 @@ struct sysib_322 {
 void load_psw(CPUS390XState *env, uint64_t mask, uint64_t addr);
 int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
                   target_ulong *raddr, int *flags);
-int sclp_service_call(uint64_t sccb, uint32_t code);
+int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code);
 uint32_t calc_cc(CPUS390XState *env, uint32_t cc_op, uint64_t src, uint64_t dst,
                  uint64_t vr);
 
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 9d8cee8..ea3d652 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -445,14 +445,10 @@ static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
     int r = 0;
 
     cpu_synchronize_state(CPU(cpu));
-    if (env->psw.mask & PSW_MASK_PSTATE) {
-        enter_pgmcheck(cpu, PGM_PRIVILEGED);
-        return 0;
-    }
     sccb = env->regs[ipbh0 & 0xf];
     code = env->regs[(ipbh0 & 0xf0) >> 4];
 
-    r = sclp_service_call(sccb, code);
+    r = sclp_service_call(env, sccb, code);
     if (r < 0) {
         enter_pgmcheck(cpu, -r);
     }
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index 10d0425..728456f 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -93,7 +93,7 @@ void program_interrupt(CPUS390XState *env, uint32_t code, int ilen)
 /* SCLP service call */
 uint32_t HELPER(servc)(CPUS390XState *env, uint64_t r1, uint64_t r2)
 {
-    int r = sclp_service_call(r1, r2);
+    int r = sclp_service_call(env, r1, r2);
     if (r < 0) {
         program_interrupt(env, -r, 4);
         return 0;
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 12/16] s390x/sclp: Fixed setting of condition code register

[Christian Borntraeger]

From: Thomas Huth <thuth@linux.vnet.ibm.com>

In the SCLP handler function, the condition code register must
only be set if no exception occured.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 target-s390x/kvm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index ea3d652..20c711f 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -451,8 +451,9 @@ static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
     r = sclp_service_call(env, sccb, code);
     if (r < 0) {
         enter_pgmcheck(cpu, -r);
+    } else {
+        setcc(cpu, r);
     }
-    setcc(cpu, r);
 
     return 0;
 }
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 13/16] s390x/event-facility: some renaming

[Christian Borntraeger]

From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>

Do some renaming to shorten some identifiers and to emphasize sclp.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/event-facility.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 1e8c99a..e0ee737 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -21,12 +21,12 @@
 #include "hw/s390x/sclp.h"
 #include "hw/s390x/event-facility.h"
 
-typedef struct EventTypesBus {
+typedef struct SCLPEventsBus {
     BusState qbus;
-} EventTypesBus;
+} SCLPEventsBus;
 
 struct SCLPEventFacility {
-    EventTypesBus sbus;
+    SCLPEventsBus sbus;
     DeviceState *qdev;
     /* guest' receive mask */
     unsigned int receive_mask;
@@ -291,7 +291,7 @@ static void sclp_events_bus_class_init(ObjectClass *klass, void *data)
 {
 }
 
-static const TypeInfo s390_sclp_events_bus_info = {
+static const TypeInfo sclp_events_bus_info = {
     .name = TYPE_SCLP_EVENTS_BUS,
     .parent = TYPE_BUS,
     .class_init = sclp_events_bus_class_init,
@@ -360,7 +360,7 @@ static void init_event_facility_class(ObjectClass *klass, void *data)
     k->init = init_event_facility;
 }
 
-static const TypeInfo s390_sclp_event_facility_info = {
+static const TypeInfo sclp_event_facility_info = {
     .name          = "s390-sclp-event-facility",
     .parent        = TYPE_DEVICE_S390_SCLP,
     .instance_size = sizeof(S390SCLPDevice),
@@ -395,7 +395,7 @@ static void event_class_init(ObjectClass *klass, void *data)
     dc->exit = event_qdev_exit;
 }
 
-static const TypeInfo s390_sclp_event_type_info = {
+static const TypeInfo sclp_event_type_info = {
     .name = TYPE_SCLP_EVENT,
     .parent = TYPE_DEVICE,
     .instance_size = sizeof(SCLPEvent),
@@ -406,9 +406,9 @@ static const TypeInfo s390_sclp_event_type_info = {
 
 static void register_types(void)
 {
-    type_register_static(&s390_sclp_events_bus_info);
-    type_register_static(&s390_sclp_event_facility_info);
-    type_register_static(&s390_sclp_event_type_info);
+    type_register_static(&sclp_events_bus_info);
+    type_register_static(&sclp_event_facility_info);
+    type_register_static(&sclp_event_type_info);
 }
 
 type_init(register_types)
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 14/16] s390x/event-facility: code restructure

[Christian Borntraeger]

From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>

Code restructure in order to simplify class hierarchy
  - remove S390SCLPDevice abstract base class
    and move function pointers into new SCLPEventFacilityClass
  - implement SCLPEventFacility as SysBusDevice
  - use define constants for instance creation strings

The following ascii-art shows the class structure wrt the SCLP EventFacility
before (CURRENT) and after the restructure (NEW):

----
CURRENT:

   "s390-sclp-events-bus"
   +-------------------------+
   |      SCLPEventsBus      |
   |-------------------------|
   |BusState qbus            |
   +-------------------------+

   +-------------------------+
   |   SCLPEventFacility     |  - to be replaced by new SCLPEventFacility,
   |-------------------------|    which will be a SysBusDevice
   |SCLPEventsBus sbus       |
   |DeviceState *qdev        |
   |unsigned int receive_mask|
   +-------------------------+

   +-------------------------+
   |   S390SCLPDeviceClass   |  - to be replaced by new SCLPEventFacilityClass
   |-------------------------|
   |DeviceClass qdev         |
   |*(init)()                |
   +-------------------------+

   "s390-sclp-event-facility"
             |
         instance-of
             |
             V
   "s390-sclp-device"           - this is an abstract class
   +-------------------------+
   |     S390SCLPDevice   (A)|  - to be replaced by new SCLPEventFacility
   |-------------------------|
   |SysBusDevice busdev      |
   |SCLPEventFacility *ef    |
   |                         |
   |*(sclp_command_handler)()|  - these 2 go to new SCLPEventFacilityClass
   |*(event_pending)()       |
   +-------------------------+

----
NEW:

   "s390-sclp-events-bus"
   +-------------------------+
   |      SCLPEventsBus      |
   |-------------------------|
   |BusState qbus            |
   +-------------------------+

   +-------------------------+
   | SCLPEventFacilityClass  |
   |-------------------------|
   |DeviceClass parent_class |
   |                         |
   |*(init)()                |
   |*(command_handler)()     |
   |*(event_pending)()       |
   +-------------------------+

   "s390-sclp-event-facility"
   +-------------------------+
   |   SCLPEventFacility     |
   |-------------------------|
   |SysBusDevice parent_class|
   |SCLPEventsBus sbus       |
   |unsigned int receive_mask|
   +-------------------------+

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/event-facility.c         | 34 +++++++++++------------
 hw/s390x/sclp.c                   | 58 ++++++++-------------------------------
 include/hw/s390x/event-facility.h | 19 +++++++++++++
 include/hw/s390x/sclp.h           | 24 ----------------
 4 files changed, 47 insertions(+), 88 deletions(-)

diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index e0ee737..8ad2dc4 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -26,8 +26,8 @@ typedef struct SCLPEventsBus {
 } SCLPEventsBus;
 
 struct SCLPEventFacility {
+    SysBusDevice parent_obj;
     SCLPEventsBus sbus;
-    DeviceState *qdev;
     /* guest' receive mask */
     unsigned int receive_mask;
 };
@@ -315,21 +315,15 @@ static void command_handler(SCLPEventFacility *ef, SCCB *sccb, uint64_t code)
     }
 }
 
-static int init_event_facility(S390SCLPDevice *sdev)
+static int init_event_facility(SCLPEventFacility *event_facility)
 {
-    SCLPEventFacility *event_facility;
+    DeviceState *sdev = DEVICE(event_facility);
     DeviceState *quiesce;
 
-    event_facility = g_malloc0(sizeof(SCLPEventFacility));
-    sdev->ef = event_facility;
-    sdev->sclp_command_handler = command_handler;
-    sdev->event_pending = event_pending;
-
-    /* Spawn a new sclp-events facility */
+    /* Spawn a new bus for SCLP events */
     qbus_create_inplace(&event_facility->sbus, sizeof(event_facility->sbus),
-                        TYPE_SCLP_EVENTS_BUS, DEVICE(sdev), NULL);
+                        TYPE_SCLP_EVENTS_BUS, sdev, NULL);
     event_facility->sbus.qbus.allow_hotplug = 0;
-    event_facility->qdev = (DeviceState *) sdev;
 
     quiesce = qdev_create(&event_facility->sbus.qbus, "sclpquiesce");
     if (!quiesce) {
@@ -346,25 +340,29 @@ static int init_event_facility(S390SCLPDevice *sdev)
 
 static void reset_event_facility(DeviceState *dev)
 {
-    S390SCLPDevice *sdev = SCLP_S390_DEVICE(dev);
+    SCLPEventFacility *sdev = EVENT_FACILITY(dev);
 
-    sdev->ef->receive_mask = 0;
+    sdev->receive_mask = 0;
 }
 
 static void init_event_facility_class(ObjectClass *klass, void *data)
 {
-    DeviceClass *dc = DEVICE_CLASS(klass);
-    S390SCLPDeviceClass *k = SCLP_S390_DEVICE_CLASS(klass);
+    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
+    DeviceClass *dc = DEVICE_CLASS(sbdc);
+    SCLPEventFacilityClass *k = EVENT_FACILITY_CLASS(dc);
 
     dc->reset = reset_event_facility;
     k->init = init_event_facility;
+    k->command_handler = command_handler;
+    k->event_pending = event_pending;
 }
 
 static const TypeInfo sclp_event_facility_info = {
-    .name          = "s390-sclp-event-facility",
-    .parent        = TYPE_DEVICE_S390_SCLP,
-    .instance_size = sizeof(S390SCLPDevice),
+    .name          = TYPE_SCLP_EVENT_FACILITY,
+    .parent        = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(SCLPEventFacility),
     .class_init    = init_event_facility_class,
+    .class_size    = sizeof(SCLPEventFacilityClass),
 };
 
 static int event_qdev_init(DeviceState *qdev)
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 9880977..d8ddf35 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -18,11 +18,12 @@
 #include "sysemu/sysemu.h"
 
 #include "hw/s390x/sclp.h"
+#include "hw/s390x/event-facility.h"
 
-static inline S390SCLPDevice *get_event_facility(void)
+static inline SCLPEventFacility *get_event_facility(void)
 {
     ObjectProperty *op = object_property_find(qdev_get_machine(),
-                                              "s390-sclp-event-facility",
+                                              TYPE_SCLP_EVENT_FACILITY,
                                               NULL);
     assert(op);
     return op->opaque;
@@ -91,7 +92,8 @@ static void sclp_read_cpu_info(SCCB *sccb)
 
 static void sclp_execute(SCCB *sccb, uint32_t code)
 {
-    S390SCLPDevice *sdev = get_event_facility();
+    SCLPEventFacility *ef = get_event_facility();
+    SCLPEventFacilityClass *efc = EVENT_FACILITY_GET_CLASS(ef);
 
     switch (code & SCLP_CMD_CODE_MASK) {
     case SCLP_CMDW_READ_SCP_INFO:
@@ -102,7 +104,7 @@ static void sclp_execute(SCCB *sccb, uint32_t code)
         sclp_read_cpu_info(sccb);
         break;
     default:
-        sdev->sclp_command_handler(sdev->ef, sccb, code);
+        efc->command_handler(ef, sccb, code);
         break;
     }
 }
@@ -156,11 +158,13 @@ out:
 
 void sclp_service_interrupt(uint32_t sccb)
 {
-    S390SCLPDevice *sdev = get_event_facility();
+    SCLPEventFacility *ef = get_event_facility();
+    SCLPEventFacilityClass *efc = EVENT_FACILITY_GET_CLASS(ef);
+
     uint32_t param = sccb & ~3;
 
     /* Indicate whether an event is still pending */
-    param |= sdev->event_pending(sdev->ef) ? 1 : 0;
+    param |= efc->event_pending(ef) ? 1 : 0;
 
     if (!param) {
         /* No need to send an interrupt, there's nothing to be notified about */
@@ -173,47 +177,9 @@ void sclp_service_interrupt(uint32_t sccb)
 
 void s390_sclp_init(void)
 {
-    DeviceState *dev  = qdev_create(NULL, "s390-sclp-event-facility");
+    DeviceState *dev  = qdev_create(NULL, TYPE_SCLP_EVENT_FACILITY);
 
-    object_property_add_child(qdev_get_machine(), "s390-sclp-event-facility",
+    object_property_add_child(qdev_get_machine(), TYPE_SCLP_EVENT_FACILITY,
                               OBJECT(dev), NULL);
     qdev_init_nofail(dev);
 }
-
-static int s390_sclp_dev_init(SysBusDevice *dev)
-{
-    int r;
-    S390SCLPDevice *sdev = (S390SCLPDevice *)dev;
-    S390SCLPDeviceClass *sclp = SCLP_S390_DEVICE_GET_CLASS(dev);
-
-    r = sclp->init(sdev);
-    if (!r) {
-        assert(sdev->event_pending);
-        assert(sdev->sclp_command_handler);
-    }
-
-    return r;
-}
-
-static void s390_sclp_device_class_init(ObjectClass *klass, void *data)
-{
-    SysBusDeviceClass *dc = SYS_BUS_DEVICE_CLASS(klass);
-
-    dc->init = s390_sclp_dev_init;
-}
-
-static const TypeInfo s390_sclp_device_info = {
-    .name = TYPE_DEVICE_S390_SCLP,
-    .parent = TYPE_SYS_BUS_DEVICE,
-    .instance_size = sizeof(S390SCLPDevice),
-    .class_init = s390_sclp_device_class_init,
-    .class_size = sizeof(S390SCLPDeviceClass),
-    .abstract = true,
-};
-
-static void s390_sclp_register_types(void)
-{
-    type_register_static(&s390_sclp_device_info);
-}
-
-type_init(s390_sclp_register_types)
diff --git a/include/hw/s390x/event-facility.h b/include/hw/s390x/event-facility.h
index 870edd4..6a062b6 100644
--- a/include/hw/s390x/event-facility.h
+++ b/include/hw/s390x/event-facility.h
@@ -176,4 +176,23 @@ typedef struct SCLPEventClass {
     bool (*can_handle_event)(uint8_t type);
 } SCLPEventClass;
 
+#define TYPE_SCLP_EVENT_FACILITY "s390-sclp-event-facility"
+#define EVENT_FACILITY(obj) \
+     OBJECT_CHECK(SCLPEventFacility, (obj), TYPE_SCLP_EVENT_FACILITY)
+#define EVENT_FACILITY_CLASS(klass) \
+     OBJECT_CLASS_CHECK(SCLPEventFacilityClass, (klass), \
+                        TYPE_SCLP_EVENT_FACILITY)
+#define EVENT_FACILITY_GET_CLASS(obj) \
+     OBJECT_GET_CLASS(SCLPEventFacilityClass, (obj), \
+                      TYPE_SCLP_EVENT_FACILITY)
+
+typedef struct SCLPEventFacility SCLPEventFacility;
+
+typedef struct SCLPEventFacilityClass {
+    DeviceClass parent_class;
+    int (*init)(SCLPEventFacility *ef);
+    void (*command_handler)(SCLPEventFacility *ef, SCCB *sccb, uint64_t code);
+    bool (*event_pending)(SCLPEventFacility *ef);
+} SCLPEventFacilityClass;
+
 #endif
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index 35112d9..7ef1622 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -161,30 +161,6 @@ static inline int sccb_data_len(SCCB *sccb)
     return be16_to_cpu(sccb->h.length) - sizeof(sccb->h);
 }
 
-#define TYPE_DEVICE_S390_SCLP "s390-sclp-device"
-#define SCLP_S390_DEVICE(obj) \
-     OBJECT_CHECK(S390SCLPDevice, (obj), TYPE_DEVICE_S390_SCLP)
-#define SCLP_S390_DEVICE_CLASS(klass) \
-     OBJECT_CLASS_CHECK(S390SCLPDeviceClass, (klass), \
-             TYPE_DEVICE_S390_SCLP)
-#define SCLP_S390_DEVICE_GET_CLASS(obj) \
-     OBJECT_GET_CLASS(S390SCLPDeviceClass, (obj), \
-             TYPE_DEVICE_S390_SCLP)
-
-typedef struct SCLPEventFacility SCLPEventFacility;
-
-typedef struct S390SCLPDevice {
-    SysBusDevice busdev;
-    SCLPEventFacility *ef;
-    void (*sclp_command_handler)(SCLPEventFacility *ef, SCCB *sccb,
-                                 uint64_t code);
-    bool (*event_pending)(SCLPEventFacility *ef);
-} S390SCLPDevice;
-
-typedef struct S390SCLPDeviceClass {
-    DeviceClass qdev;
-    int (*init)(S390SCLPDevice *sdev);
-} S390SCLPDeviceClass;
 
 void s390_sclp_init(void);
 void sclp_service_interrupt(uint32_t sccb);
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 15/16] s390x/event-facility: add support for live migration

[Christian Borntraeger]

From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>

Add support for live migration using VMStateDescription.
Fold this into final patch adding Live Migration code for
SCLP Event Facility.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/event-facility.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 8ad2dc4..5b6d5c6 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -315,6 +315,17 @@ static void command_handler(SCLPEventFacility *ef, SCCB *sccb, uint64_t code)
     }
 }
 
+static const VMStateDescription vmstate_event_facility = {
+    .name = "vmstate-event-facility",
+    .version_id = 0,
+    .minimum_version_id = 0,
+    .minimum_version_id_old = 0,
+    .fields      = (VMStateField[]) {
+        VMSTATE_UINT32(receive_mask, SCLPEventFacility),
+        VMSTATE_END_OF_LIST()
+     }
+};
+
 static int init_event_facility(SCLPEventFacility *event_facility)
 {
     DeviceState *sdev = DEVICE(event_facility);
@@ -352,6 +363,7 @@ static void init_event_facility_class(ObjectClass *klass, void *data)
     SCLPEventFacilityClass *k = EVENT_FACILITY_CLASS(dc);
 
     dc->reset = reset_event_facility;
+    dc->vmsd = &vmstate_event_facility;
     k->init = init_event_facility;
     k->command_handler = command_handler;
     k->event_pending = event_pending;
-- 
1.8.4.2

[Qemu-devel] [Patch/RFC 16/16] s390x/event-facility: exploit realize/unrealize

[Christian Borntraeger]

From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>

init/exit functionality of abstract SCLPEvent class is now exploiting
realize/unrealize.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/s390x/event-facility.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 5b6d5c6..0777a93 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -377,22 +377,31 @@ static const TypeInfo sclp_event_facility_info = {
     .class_size    = sizeof(SCLPEventFacilityClass),
 };
 
-static int event_qdev_init(DeviceState *qdev)
+static void event_realize(DeviceState *qdev, Error **errp)
 {
-    SCLPEvent *event = DO_UPCAST(SCLPEvent, qdev, qdev);
+    SCLPEvent *event = SCLP_EVENT(qdev);
     SCLPEventClass *child = SCLP_EVENT_GET_CLASS(event);
 
-    return child->init(event);
+    if (child->init) {
+        int rc = child->init(event);
+        if (rc < 0) {
+            error_setg(errp, "SCLP event initialization failed.");
+            return;
+        }
+    }
 }
 
-static int event_qdev_exit(DeviceState *qdev)
+static void event_unrealize(DeviceState *qdev, Error **errp)
 {
-    SCLPEvent *event = DO_UPCAST(SCLPEvent, qdev, qdev);
+    SCLPEvent *event = SCLP_EVENT(qdev);
     SCLPEventClass *child = SCLP_EVENT_GET_CLASS(event);
     if (child->exit) {
-        child->exit(event);
+        int rc = child->exit(event);
+        if (rc < 0) {
+            error_setg(errp, "SCLP event exit failed.");
+            return;
+        }
     }
-    return 0;
 }
 
 static void event_class_init(ObjectClass *klass, void *data)
@@ -401,8 +410,8 @@ static void event_class_init(ObjectClass *klass, void *data)
 
     dc->bus_type = TYPE_SCLP_EVENTS_BUS;
     dc->unplug = qdev_simple_unplug_cb;
-    dc->init = event_qdev_init;
-    dc->exit = event_qdev_exit;
+    dc->realize = event_realize;
+    dc->unrealize = event_unrealize;
 }
 
 static const TypeInfo sclp_event_type_info = {
-- 
1.8.4.2