search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
virtio-ccw: fix range check for SET_VQ
[qemu.git] / hw / s390x / s390-pci-bus.c
blob3c086f6155b28e15a4ccb7df93da87e1f1286584
1 /*
2 * s390 PCI BUS
3 *
4 * Copyright 2014 IBM Corp.
5 * Author(s): Frank Blaschka <frank.blaschka@de.ibm.com>
6 * Hong Bo Li <lihbbj@cn.ibm.com>
7 * Yi Min Zhao <zyimin@cn.ibm.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2 or (at
10 * your option) any later version. See the COPYING file in the top-level
11 * directory.
12 */
13
14 #include "s390-pci-bus.h"
15 #include <hw/pci/pci_bus.h>
16 #include <hw/pci/msi.h>
17 #include <qemu/error-report.h>
18
19 /* #define DEBUG_S390PCI_BUS */
20 #ifdef DEBUG_S390PCI_BUS
21 #define DPRINTF(fmt, ...) \
22 do { fprintf(stderr, "S390pci-bus: " fmt, ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) \
25 do { } while (0)
26 #endif
27
28 int chsc_sei_nt2_get_event(void *res)
29 {
30 ChscSeiNt2Res *nt2_res = (ChscSeiNt2Res *)res;
31 PciCcdfAvail *accdf;
32 PciCcdfErr *eccdf;
33 int rc = 1;
34 SeiContainer *sei_cont;
35 S390pciState *s = S390_PCI_HOST_BRIDGE(
36 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
37
38 if (!s) {
39 return rc;
40 }
41
42 sei_cont = QTAILQ_FIRST(&s->pending_sei);
43 if (sei_cont) {
44 QTAILQ_REMOVE(&s->pending_sei, sei_cont, link);
45 nt2_res->nt = 2;
46 nt2_res->cc = sei_cont->cc;
47 nt2_res->length = cpu_to_be16(sizeof(ChscSeiNt2Res));
48 switch (sei_cont->cc) {
49 case 1: /* error event */
50 eccdf = (PciCcdfErr *)nt2_res->ccdf;
51 eccdf->fid = cpu_to_be32(sei_cont->fid);
52 eccdf->fh = cpu_to_be32(sei_cont->fh);
53 eccdf->e = cpu_to_be32(sei_cont->e);
54 eccdf->faddr = cpu_to_be64(sei_cont->faddr);
55 eccdf->pec = cpu_to_be16(sei_cont->pec);
56 break;
57 case 2: /* availability event */
58 accdf = (PciCcdfAvail *)nt2_res->ccdf;
59 accdf->fid = cpu_to_be32(sei_cont->fid);
60 accdf->fh = cpu_to_be32(sei_cont->fh);
61 accdf->pec = cpu_to_be16(sei_cont->pec);
62 break;
63 default:
64 abort();
65 }
66 g_free(sei_cont);
67 rc = 0;
68 }
69
70 return rc;
71 }
72
73 int chsc_sei_nt2_have_event(void)
74 {
75 S390pciState *s = S390_PCI_HOST_BRIDGE(
76 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
77
78 if (!s) {
79 return 0;
80 }
81
82 return !QTAILQ_EMPTY(&s->pending_sei);
83 }
84
85 S390PCIBusDevice *s390_pci_find_dev_by_fid(uint32_t fid)
86 {
87 S390PCIBusDevice *pbdev;
88 int i;
89 S390pciState *s = S390_PCI_HOST_BRIDGE(
90 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
91
92 if (!s) {
93 return NULL;
94 }
95
96 for (i = 0; i < PCI_SLOT_MAX; i++) {
97 pbdev = &s->pbdev[i];
98 if ((pbdev->fh != 0) && (pbdev->fid == fid)) {
99 return pbdev;
100 }
101 }
102
103 return NULL;
104 }
105
106 void s390_pci_sclp_configure(int configure, SCCB *sccb)
107 {
108 PciCfgSccb *psccb = (PciCfgSccb *)sccb;
109 S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
110 uint16_t rc;
111
112 if (pbdev) {
113 if ((configure == 1 && pbdev->configured == true) ||
114 (configure == 0 && pbdev->configured == false)) {
115 rc = SCLP_RC_NO_ACTION_REQUIRED;
116 } else {
117 pbdev->configured = !pbdev->configured;
118 rc = SCLP_RC_NORMAL_COMPLETION;
119 }
120 } else {
121 DPRINTF("sclp config %d no dev found\n", configure);
122 rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
123 }
124
125 psccb->header.response_code = cpu_to_be16(rc);
126 return;
127 }
128
129 static uint32_t s390_pci_get_pfid(PCIDevice *pdev)
130 {
131 return PCI_SLOT(pdev->devfn);
132 }
133
134 static uint32_t s390_pci_get_pfh(PCIDevice *pdev)
135 {
136 return PCI_SLOT(pdev->devfn) | FH_VIRT;
137 }
138
139 S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
140 {
141 S390PCIBusDevice *pbdev;
142 int i;
143 int j = 0;
144 S390pciState *s = S390_PCI_HOST_BRIDGE(
145 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
146
147 if (!s) {
148 return NULL;
149 }
150
151 for (i = 0; i < PCI_SLOT_MAX; i++) {
152 pbdev = &s->pbdev[i];
153
154 if (pbdev->fh == 0) {
155 continue;
156 }
157
158 if (j == idx) {
159 return pbdev;
160 }
161 j++;
162 }
163
164 return NULL;
165 }
166
167 S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
168 {
169 S390PCIBusDevice *pbdev;
170 int i;
171 S390pciState *s = S390_PCI_HOST_BRIDGE(
172 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
173
174 if (!s || !fh) {
175 return NULL;
176 }
177
178 for (i = 0; i < PCI_SLOT_MAX; i++) {
179 pbdev = &s->pbdev[i];
180 if (pbdev->fh == fh) {
181 return pbdev;
182 }
183 }
184
185 return NULL;
186 }
187
188 static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh,
189 uint32_t fid, uint64_t faddr, uint32_t e)
190 {
191 SeiContainer *sei_cont;
192 S390pciState *s = S390_PCI_HOST_BRIDGE(
193 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
194
195 if (!s) {
196 return;
197 }
198
199 sei_cont = g_malloc0(sizeof(SeiContainer));
200 sei_cont->fh = fh;
201 sei_cont->fid = fid;
202 sei_cont->cc = cc;
203 sei_cont->pec = pec;
204 sei_cont->faddr = faddr;
205 sei_cont->e = e;
206
207 QTAILQ_INSERT_TAIL(&s->pending_sei, sei_cont, link);
208 css_generate_css_crws(0);
209 }
210
211 static void s390_pci_generate_plug_event(uint16_t pec, uint32_t fh,
212 uint32_t fid)
213 {
214 s390_pci_generate_event(2, pec, fh, fid, 0, 0);
215 }
216
217 static void s390_pci_generate_error_event(uint16_t pec, uint32_t fh,
218 uint32_t fid, uint64_t faddr,
219 uint32_t e)
220 {
221 s390_pci_generate_event(1, pec, fh, fid, faddr, e);
222 }
223
224 static void s390_pci_set_irq(void *opaque, int irq, int level)
225 {
226 /* nothing to do */
227 }
228
229 static int s390_pci_map_irq(PCIDevice *pci_dev, int irq_num)
230 {
231 /* nothing to do */
232 return 0;
233 }
234
235 static uint64_t s390_pci_get_table_origin(uint64_t iota)
236 {
237 return iota & ~ZPCI_IOTA_RTTO_FLAG;
238 }
239
240 static unsigned int calc_rtx(dma_addr_t ptr)
241 {
242 return ((unsigned long) ptr >> ZPCI_RT_SHIFT) & ZPCI_INDEX_MASK;
243 }
244
245 static unsigned int calc_sx(dma_addr_t ptr)
246 {
247 return ((unsigned long) ptr >> ZPCI_ST_SHIFT) & ZPCI_INDEX_MASK;
248 }
249
250 static unsigned int calc_px(dma_addr_t ptr)
251 {
252 return ((unsigned long) ptr >> PAGE_SHIFT) & ZPCI_PT_MASK;
253 }
254
255 static uint64_t get_rt_sto(uint64_t entry)
256 {
257 return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_RTX)
258 ? (entry & ZPCI_RTE_ADDR_MASK)
259 : 0;
260 }
261
262 static uint64_t get_st_pto(uint64_t entry)
263 {
264 return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_SX)
265 ? (entry & ZPCI_STE_ADDR_MASK)
266 : 0;
267 }
268
269 static uint64_t s390_guest_io_table_walk(uint64_t guest_iota,
270 uint64_t guest_dma_address)
271 {
272 uint64_t sto_a, pto_a, px_a;
273 uint64_t sto, pto, pte;
274 uint32_t rtx, sx, px;
275
276 rtx = calc_rtx(guest_dma_address);
277 sx = calc_sx(guest_dma_address);
278 px = calc_px(guest_dma_address);
279
280 sto_a = guest_iota + rtx * sizeof(uint64_t);
281 sto = ldq_phys(&address_space_memory, sto_a);
282 sto = get_rt_sto(sto);
283 if (!sto) {
284 pte = 0;
285 goto out;
286 }
287
288 pto_a = sto + sx * sizeof(uint64_t);
289 pto = ldq_phys(&address_space_memory, pto_a);
290 pto = get_st_pto(pto);
291 if (!pto) {
292 pte = 0;
293 goto out;
294 }
295
296 px_a = pto + px * sizeof(uint64_t);
297 pte = ldq_phys(&address_space_memory, px_a);
298
299 out:
300 return pte;
301 }
302
303 static IOMMUTLBEntry s390_translate_iommu(MemoryRegion *iommu, hwaddr addr,
304 bool is_write)
305 {
306 uint64_t pte;
307 uint32_t flags;
308 S390PCIBusDevice *pbdev = container_of(iommu, S390PCIBusDevice, mr);
309 S390pciState *s = S390_PCI_HOST_BRIDGE(pci_device_root_bus(pbdev->pdev)
310 ->qbus.parent);
311 IOMMUTLBEntry ret = {
312 .target_as = &address_space_memory,
313 .iova = 0,
314 .translated_addr = 0,
315 .addr_mask = ~(hwaddr)0,
316 .perm = IOMMU_NONE,
317 };
318
319 DPRINTF("iommu trans addr 0x%" PRIx64 "\n", addr);
320
321 /* s390 does not have an APIC mapped to main storage so we use
322 * a separate AddressSpace only for msix notifications
323 */
324 if (addr == ZPCI_MSI_ADDR) {
325 ret.target_as = &s->msix_notify_as;
326 ret.iova = addr;
327 ret.translated_addr = addr;
328 ret.addr_mask = 0xfff;
329 ret.perm = IOMMU_RW;
330 return ret;
331 }
332
333 if (!pbdev->g_iota) {
334 pbdev->error_state = true;
335 pbdev->lgstg_blocked = true;
336 s390_pci_generate_error_event(ERR_EVENT_INVALAS, pbdev->fh, pbdev->fid,
337 addr, 0);
338 return ret;
339 }
340
341 if (addr < pbdev->pba || addr > pbdev->pal) {
342 pbdev->error_state = true;
343 pbdev->lgstg_blocked = true;
344 s390_pci_generate_error_event(ERR_EVENT_OORANGE, pbdev->fh, pbdev->fid,
345 addr, 0);
346 return ret;
347 }
348
349 pte = s390_guest_io_table_walk(s390_pci_get_table_origin(pbdev->g_iota),
350 addr);
351
352 if (!pte) {
353 pbdev->error_state = true;
354 pbdev->lgstg_blocked = true;
355 s390_pci_generate_error_event(ERR_EVENT_SERR, pbdev->fh, pbdev->fid,
356 addr, ERR_EVENT_Q_BIT);
357 return ret;
358 }
359
360 flags = pte & ZPCI_PTE_FLAG_MASK;
361 ret.iova = addr;
362 ret.translated_addr = pte & ZPCI_PTE_ADDR_MASK;
363 ret.addr_mask = 0xfff;
364
365 if (flags & ZPCI_PTE_INVALID) {
366 ret.perm = IOMMU_NONE;
367 } else {
368 ret.perm = IOMMU_RW;
369 }
370
371 return ret;
372 }
373
374 static const MemoryRegionIOMMUOps s390_iommu_ops = {
375 .translate = s390_translate_iommu,
376 };
377
378 static AddressSpace *s390_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
379 {
380 S390pciState *s = opaque;
381
382 return &s->pbdev[PCI_SLOT(devfn)].as;
383 }
384
385 static uint8_t set_ind_atomic(uint64_t ind_loc, uint8_t to_be_set)
386 {
387 uint8_t ind_old, ind_new;
388 hwaddr len = 1;
389 uint8_t *ind_addr;
390
391 ind_addr = cpu_physical_memory_map(ind_loc, &len, 1);
392 if (!ind_addr) {
393 s390_pci_generate_error_event(ERR_EVENT_AIRERR, 0, 0, 0, 0);
394 return -1;
395 }
396 do {
397 ind_old = *ind_addr;
398 ind_new = ind_old | to_be_set;
399 } while (atomic_cmpxchg(ind_addr, ind_old, ind_new) != ind_old);
400 cpu_physical_memory_unmap(ind_addr, len, 1, len);
401
402 return ind_old;
403 }
404
405 static void s390_msi_ctrl_write(void *opaque, hwaddr addr, uint64_t data,
406 unsigned int size)
407 {
408 S390PCIBusDevice *pbdev;
409 uint32_t io_int_word;
410 uint32_t fid = data >> ZPCI_MSI_VEC_BITS;
411 uint32_t vec = data & ZPCI_MSI_VEC_MASK;
412 uint64_t ind_bit;
413 uint32_t sum_bit;
414 uint32_t e = 0;
415
416 DPRINTF("write_msix data 0x%" PRIx64 " fid %d vec 0x%x\n", data, fid, vec);
417
418 pbdev = s390_pci_find_dev_by_fid(fid);
419 if (!pbdev) {
420 e |= (vec << ERR_EVENT_MVN_OFFSET);
421 s390_pci_generate_error_event(ERR_EVENT_NOMSI, 0, fid, addr, e);
422 return;
423 }
424
425 ind_bit = pbdev->routes.adapter.ind_offset;
426 sum_bit = pbdev->routes.adapter.summary_offset;
427
428 set_ind_atomic(pbdev->routes.adapter.ind_addr + (ind_bit + vec) / 8,
429 0x80 >> ((ind_bit + vec) % 8));
430 if (!set_ind_atomic(pbdev->routes.adapter.summary_addr + sum_bit / 8,
431 0x80 >> (sum_bit % 8))) {
432 io_int_word = (pbdev->isc << 27) | IO_INT_WORD_AI;
433 s390_io_interrupt(0, 0, 0, io_int_word);
434 }
435
436 return;
437 }
438
439 static uint64_t s390_msi_ctrl_read(void *opaque, hwaddr addr, unsigned size)
440 {
441 return 0xffffffff;
442 }
443
444 static const MemoryRegionOps s390_msi_ctrl_ops = {
445 .write = s390_msi_ctrl_write,
446 .read = s390_msi_ctrl_read,
447 .endianness = DEVICE_LITTLE_ENDIAN,
448 };
449
450 static void s390_pcihost_init_as(S390pciState *s)
451 {
452 int i;
453
454 for (i = 0; i < PCI_SLOT_MAX; i++) {
455 memory_region_init_iommu(&s->pbdev[i].mr, OBJECT(s),
456 &s390_iommu_ops, "iommu-s390", UINT64_MAX);
457 address_space_init(&s->pbdev[i].as, &s->pbdev[i].mr, "iommu-pci");
458 }
459
460 memory_region_init_io(&s->msix_notify_mr, OBJECT(s),
461 &s390_msi_ctrl_ops, s, "msix-s390", UINT64_MAX);
462 address_space_init(&s->msix_notify_as, &s->msix_notify_mr, "msix-pci");
463 }
464
465 static int s390_pcihost_init(SysBusDevice *dev)
466 {
467 PCIBus *b;
468 BusState *bus;
469 PCIHostState *phb = PCI_HOST_BRIDGE(dev);
470 S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
471
472 DPRINTF("host_init\n");
473
474 b = pci_register_bus(DEVICE(dev), NULL,
475 s390_pci_set_irq, s390_pci_map_irq, NULL,
476 get_system_memory(), get_system_io(), 0, 64,
477 TYPE_PCI_BUS);
478 s390_pcihost_init_as(s);
479 pci_setup_iommu(b, s390_pci_dma_iommu, s);
480
481 bus = BUS(b);
482 qbus_set_hotplug_handler(bus, DEVICE(dev), NULL);
483 phb->bus = b;
484 QTAILQ_INIT(&s->pending_sei);
485 return 0;
486 }
487
488 static int s390_pcihost_setup_msix(S390PCIBusDevice *pbdev)
489 {
490 uint8_t pos;
491 uint16_t ctrl;
492 uint32_t table, pba;
493
494 pos = pci_find_capability(pbdev->pdev, PCI_CAP_ID_MSIX);
495 if (!pos) {
496 pbdev->msix.available = false;
497 return 0;
498 }
499
500 ctrl = pci_host_config_read_common(pbdev->pdev, pos + PCI_CAP_FLAGS,
501 pci_config_size(pbdev->pdev), sizeof(ctrl));
502 table = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_TABLE,
503 pci_config_size(pbdev->pdev), sizeof(table));
504 pba = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_PBA,
505 pci_config_size(pbdev->pdev), sizeof(pba));
506
507 pbdev->msix.table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
508 pbdev->msix.table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
509 pbdev->msix.pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
510 pbdev->msix.pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
511 pbdev->msix.entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
512 pbdev->msix.available = true;
513 return 0;
514 }
515
516 static void s390_pcihost_hot_plug(HotplugHandler *hotplug_dev,
517 DeviceState *dev, Error **errp)
518 {
519 PCIDevice *pci_dev = PCI_DEVICE(dev);
520 S390PCIBusDevice *pbdev;
521 S390pciState *s = S390_PCI_HOST_BRIDGE(pci_device_root_bus(pci_dev)
522 ->qbus.parent);
523
524 pbdev = &s->pbdev[PCI_SLOT(pci_dev->devfn)];
525
526 pbdev->fid = s390_pci_get_pfid(pci_dev);
527 pbdev->pdev = pci_dev;
528 pbdev->configured = true;
529 pbdev->fh = s390_pci_get_pfh(pci_dev);
530
531 s390_pcihost_setup_msix(pbdev);
532
533 if (dev->hotplugged) {
534 s390_pci_generate_plug_event(HP_EVENT_RESERVED_TO_STANDBY,
535 pbdev->fh, pbdev->fid);
536 s390_pci_generate_plug_event(HP_EVENT_TO_CONFIGURED,
537 pbdev->fh, pbdev->fid);
538 }
539 return;
540 }
541
542 static void s390_pcihost_hot_unplug(HotplugHandler *hotplug_dev,
543 DeviceState *dev, Error **errp)
544 {
545 PCIDevice *pci_dev = PCI_DEVICE(dev);
546 S390pciState *s = S390_PCI_HOST_BRIDGE(pci_device_root_bus(pci_dev)
547 ->qbus.parent);
548 S390PCIBusDevice *pbdev = &s->pbdev[PCI_SLOT(pci_dev->devfn)];
549
550 if (pbdev->configured) {
551 pbdev->configured = false;
552 s390_pci_generate_plug_event(HP_EVENT_CONFIGURED_TO_STBRES,
553 pbdev->fh, pbdev->fid);
554 }
555
556 s390_pci_generate_plug_event(HP_EVENT_STANDBY_TO_RESERVED,
557 pbdev->fh, pbdev->fid);
558 pbdev->fh = 0;
559 pbdev->fid = 0;
560 pbdev->pdev = NULL;
561 object_unparent(OBJECT(pci_dev));
562 }
563
564 static void s390_pcihost_class_init(ObjectClass *klass, void *data)
565 {
566 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
567 DeviceClass *dc = DEVICE_CLASS(klass);
568 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
569
570 dc->cannot_instantiate_with_device_add_yet = true;
571 k->init = s390_pcihost_init;
572 hc->plug = s390_pcihost_hot_plug;
573 hc->unplug = s390_pcihost_hot_unplug;
574 msi_supported = true;
575 }
576
577 static const TypeInfo s390_pcihost_info = {
578 .name = TYPE_S390_PCI_HOST_BRIDGE,
579 .parent = TYPE_PCI_HOST_BRIDGE,
580 .instance_size = sizeof(S390pciState),
581 .class_init = s390_pcihost_class_init,
582 .interfaces = (InterfaceInfo[]) {
583 { TYPE_HOTPLUG_HANDLER },
584 { }
585 }
586 };
587
588 static void s390_pci_register_types(void)
589 {
590 type_register_static(&s390_pcihost_info);
591 }
592
593 type_init(s390_pci_register_types)
QEmu