search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s390: avoid potential null dereference in s390_pcihost_unplug()
[qemu/ar7.git] / hw / s390x / s390-pci-bus.c
bloba94700a78c8e865211910175406ac8969921cfb3
1 /*
2 * s390 PCI BUS
3 *
4 * Copyright 2014 IBM Corp.
5 * Author(s): Frank Blaschka <frank.blaschka@de.ibm.com>
6 * Hong Bo Li <lihbbj@cn.ibm.com>
7 * Yi Min Zhao <zyimin@cn.ibm.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2 or (at
10 * your option) any later version. See the COPYING file in the top-level
11 * directory.
12 */
13
14 #include "qemu/osdep.h"
15 #include "qapi/error.h"
16 #include "qapi/visitor.h"
17 #include "qemu-common.h"
18 #include "cpu.h"
19 #include "s390-pci-bus.h"
20 #include "s390-pci-inst.h"
21 #include "hw/pci/pci_bus.h"
22 #include "hw/pci/pci_bridge.h"
23 #include "hw/pci/msi.h"
24 #include "qemu/error-report.h"
25
26 #ifndef DEBUG_S390PCI_BUS
27 #define DEBUG_S390PCI_BUS 0
28 #endif
29
30 #define DPRINTF(fmt, ...) \
31 do { \
32 if (DEBUG_S390PCI_BUS) { \
33 fprintf(stderr, "S390pci-bus: " fmt, ## __VA_ARGS__); \
34 } \
35 } while (0)
36
37 S390pciState *s390_get_phb(void)
38 {
39 static S390pciState *phb;
40
41 if (!phb) {
42 phb = S390_PCI_HOST_BRIDGE(
43 object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
44 assert(phb != NULL);
45 }
46
47 return phb;
48 }
49
50 int pci_chsc_sei_nt2_get_event(void *res)
51 {
52 ChscSeiNt2Res *nt2_res = (ChscSeiNt2Res *)res;
53 PciCcdfAvail *accdf;
54 PciCcdfErr *eccdf;
55 int rc = 1;
56 SeiContainer *sei_cont;
57 S390pciState *s = s390_get_phb();
58
59 sei_cont = QTAILQ_FIRST(&s->pending_sei);
60 if (sei_cont) {
61 QTAILQ_REMOVE(&s->pending_sei, sei_cont, link);
62 nt2_res->nt = 2;
63 nt2_res->cc = sei_cont->cc;
64 nt2_res->length = cpu_to_be16(sizeof(ChscSeiNt2Res));
65 switch (sei_cont->cc) {
66 case 1: /* error event */
67 eccdf = (PciCcdfErr *)nt2_res->ccdf;
68 eccdf->fid = cpu_to_be32(sei_cont->fid);
69 eccdf->fh = cpu_to_be32(sei_cont->fh);
70 eccdf->e = cpu_to_be32(sei_cont->e);
71 eccdf->faddr = cpu_to_be64(sei_cont->faddr);
72 eccdf->pec = cpu_to_be16(sei_cont->pec);
73 break;
74 case 2: /* availability event */
75 accdf = (PciCcdfAvail *)nt2_res->ccdf;
76 accdf->fid = cpu_to_be32(sei_cont->fid);
77 accdf->fh = cpu_to_be32(sei_cont->fh);
78 accdf->pec = cpu_to_be16(sei_cont->pec);
79 break;
80 default:
81 abort();
82 }
83 g_free(sei_cont);
84 rc = 0;
85 }
86
87 return rc;
88 }
89
90 int pci_chsc_sei_nt2_have_event(void)
91 {
92 S390pciState *s = s390_get_phb();
93
94 return !QTAILQ_EMPTY(&s->pending_sei);
95 }
96
97 S390PCIBusDevice *s390_pci_find_next_avail_dev(S390pciState *s,
98 S390PCIBusDevice *pbdev)
99 {
100 S390PCIBusDevice *ret = pbdev ? QTAILQ_NEXT(pbdev, link) :
101 QTAILQ_FIRST(&s->zpci_devs);
102
103 while (ret && ret->state == ZPCI_FS_RESERVED) {
104 ret = QTAILQ_NEXT(ret, link);
105 }
106
107 return ret;
108 }
109
110 S390PCIBusDevice *s390_pci_find_dev_by_fid(S390pciState *s, uint32_t fid)
111 {
112 S390PCIBusDevice *pbdev;
113
114 QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
115 if (pbdev->fid == fid) {
116 return pbdev;
117 }
118 }
119
120 return NULL;
121 }
122
123 void s390_pci_sclp_configure(SCCB *sccb)
124 {
125 IoaCfgSccb *psccb = (IoaCfgSccb *)sccb;
126 S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(s390_get_phb(),
127 be32_to_cpu(psccb->aid));
128 uint16_t rc;
129
130 if (!pbdev) {
131 DPRINTF("sclp config no dev found\n");
132 rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
133 goto out;
134 }
135
136 switch (pbdev->state) {
137 case ZPCI_FS_RESERVED:
138 rc = SCLP_RC_ADAPTER_IN_RESERVED_STATE;
139 break;
140 case ZPCI_FS_STANDBY:
141 pbdev->state = ZPCI_FS_DISABLED;
142 rc = SCLP_RC_NORMAL_COMPLETION;
143 break;
144 default:
145 rc = SCLP_RC_NO_ACTION_REQUIRED;
146 }
147 out:
148 psccb->header.response_code = cpu_to_be16(rc);
149 }
150
151 void s390_pci_sclp_deconfigure(SCCB *sccb)
152 {
153 IoaCfgSccb *psccb = (IoaCfgSccb *)sccb;
154 S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(s390_get_phb(),
155 be32_to_cpu(psccb->aid));
156 uint16_t rc;
157
158 if (!pbdev) {
159 DPRINTF("sclp deconfig no dev found\n");
160 rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
161 goto out;
162 }
163
164 switch (pbdev->state) {
165 case ZPCI_FS_RESERVED:
166 rc = SCLP_RC_ADAPTER_IN_RESERVED_STATE;
167 break;
168 case ZPCI_FS_STANDBY:
169 rc = SCLP_RC_NO_ACTION_REQUIRED;
170 break;
171 default:
172 if (pbdev->summary_ind) {
173 pci_dereg_irqs(pbdev);
174 }
175 if (pbdev->iommu->enabled) {
176 pci_dereg_ioat(pbdev->iommu);
177 }
178 pbdev->state = ZPCI_FS_STANDBY;
179 rc = SCLP_RC_NORMAL_COMPLETION;
180
181 if (pbdev->release_timer) {
182 qdev_unplug(DEVICE(pbdev->pdev), NULL);
183 }
184 }
185 out:
186 psccb->header.response_code = cpu_to_be16(rc);
187 }
188
189 static S390PCIBusDevice *s390_pci_find_dev_by_uid(S390pciState *s, uint16_t uid)
190 {
191 S390PCIBusDevice *pbdev;
192
193 QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
194 if (pbdev->uid == uid) {
195 return pbdev;
196 }
197 }
198
199 return NULL;
200 }
201
202 S390PCIBusDevice *s390_pci_find_dev_by_target(S390pciState *s,
203 const char *target)
204 {
205 S390PCIBusDevice *pbdev;
206
207 if (!target) {
208 return NULL;
209 }
210
211 QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
212 if (!strcmp(pbdev->target, target)) {
213 return pbdev;
214 }
215 }
216
217 return NULL;
218 }
219
220 S390PCIBusDevice *s390_pci_find_dev_by_idx(S390pciState *s, uint32_t idx)
221 {
222 return g_hash_table_lookup(s->zpci_table, &idx);
223 }
224
225 S390PCIBusDevice *s390_pci_find_dev_by_fh(S390pciState *s, uint32_t fh)
226 {
227 uint32_t idx = FH_MASK_INDEX & fh;
228 S390PCIBusDevice *pbdev = s390_pci_find_dev_by_idx(s, idx);
229
230 if (pbdev && pbdev->fh == fh) {
231 return pbdev;
232 }
233
234 return NULL;
235 }
236
237 static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh,
238 uint32_t fid, uint64_t faddr, uint32_t e)
239 {
240 SeiContainer *sei_cont;
241 S390pciState *s = s390_get_phb();
242
243 sei_cont = g_new0(SeiContainer, 1);
244 sei_cont->fh = fh;
245 sei_cont->fid = fid;
246 sei_cont->cc = cc;
247 sei_cont->pec = pec;
248 sei_cont->faddr = faddr;
249 sei_cont->e = e;
250
251 QTAILQ_INSERT_TAIL(&s->pending_sei, sei_cont, link);
252 css_generate_css_crws(0);
253 }
254
255 static void s390_pci_generate_plug_event(uint16_t pec, uint32_t fh,
256 uint32_t fid)
257 {
258 s390_pci_generate_event(2, pec, fh, fid, 0, 0);
259 }
260
261 void s390_pci_generate_error_event(uint16_t pec, uint32_t fh, uint32_t fid,
262 uint64_t faddr, uint32_t e)
263 {
264 s390_pci_generate_event(1, pec, fh, fid, faddr, e);
265 }
266
267 static void s390_pci_set_irq(void *opaque, int irq, int level)
268 {
269 /* nothing to do */
270 }
271
272 static int s390_pci_map_irq(PCIDevice *pci_dev, int irq_num)
273 {
274 /* nothing to do */
275 return 0;
276 }
277
278 static uint64_t s390_pci_get_table_origin(uint64_t iota)
279 {
280 return iota & ~ZPCI_IOTA_RTTO_FLAG;
281 }
282
283 static unsigned int calc_rtx(dma_addr_t ptr)
284 {
285 return ((unsigned long) ptr >> ZPCI_RT_SHIFT) & ZPCI_INDEX_MASK;
286 }
287
288 static unsigned int calc_sx(dma_addr_t ptr)
289 {
290 return ((unsigned long) ptr >> ZPCI_ST_SHIFT) & ZPCI_INDEX_MASK;
291 }
292
293 static unsigned int calc_px(dma_addr_t ptr)
294 {
295 return ((unsigned long) ptr >> PAGE_SHIFT) & ZPCI_PT_MASK;
296 }
297
298 static uint64_t get_rt_sto(uint64_t entry)
299 {
300 return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_RTX)
301 ? (entry & ZPCI_RTE_ADDR_MASK)
302 : 0;
303 }
304
305 static uint64_t get_st_pto(uint64_t entry)
306 {
307 return ((entry & ZPCI_TABLE_TYPE_MASK) == ZPCI_TABLE_TYPE_SX)
308 ? (entry & ZPCI_STE_ADDR_MASK)
309 : 0;
310 }
311
312 static bool rt_entry_isvalid(uint64_t entry)
313 {
314 return (entry & ZPCI_TABLE_VALID_MASK) == ZPCI_TABLE_VALID;
315 }
316
317 static bool pt_entry_isvalid(uint64_t entry)
318 {
319 return (entry & ZPCI_PTE_VALID_MASK) == ZPCI_PTE_VALID;
320 }
321
322 static bool entry_isprotected(uint64_t entry)
323 {
324 return (entry & ZPCI_TABLE_PROT_MASK) == ZPCI_TABLE_PROTECTED;
325 }
326
327 /* ett is expected table type, -1 page table, 0 segment table, 1 region table */
328 static uint64_t get_table_index(uint64_t iova, int8_t ett)
329 {
330 switch (ett) {
331 case ZPCI_ETT_PT:
332 return calc_px(iova);
333 case ZPCI_ETT_ST:
334 return calc_sx(iova);
335 case ZPCI_ETT_RT:
336 return calc_rtx(iova);
337 }
338
339 return -1;
340 }
341
342 static bool entry_isvalid(uint64_t entry, int8_t ett)
343 {
344 switch (ett) {
345 case ZPCI_ETT_PT:
346 return pt_entry_isvalid(entry);
347 case ZPCI_ETT_ST:
348 case ZPCI_ETT_RT:
349 return rt_entry_isvalid(entry);
350 }
351
352 return false;
353 }
354
355 /* Return true if address translation is done */
356 static bool translate_iscomplete(uint64_t entry, int8_t ett)
357 {
358 switch (ett) {
359 case 0:
360 return (entry & ZPCI_TABLE_FC) ? true : false;
361 case 1:
362 return false;
363 }
364
365 return true;
366 }
367
368 static uint64_t get_frame_size(int8_t ett)
369 {
370 switch (ett) {
371 case ZPCI_ETT_PT:
372 return 1ULL << 12;
373 case ZPCI_ETT_ST:
374 return 1ULL << 20;
375 case ZPCI_ETT_RT:
376 return 1ULL << 31;
377 }
378
379 return 0;
380 }
381
382 static uint64_t get_next_table_origin(uint64_t entry, int8_t ett)
383 {
384 switch (ett) {
385 case ZPCI_ETT_PT:
386 return entry & ZPCI_PTE_ADDR_MASK;
387 case ZPCI_ETT_ST:
388 return get_st_pto(entry);
389 case ZPCI_ETT_RT:
390 return get_rt_sto(entry);
391 }
392
393 return 0;
394 }
395
396 /**
397 * table_translate: do translation within one table and return the following
398 * table origin
399 *
400 * @entry: the entry being translated, the result is stored in this.
401 * @to: the address of table origin.
402 * @ett: expected table type, 1 region table, 0 segment table and -1 page table.
403 * @error: error code
404 */
405 static uint64_t table_translate(S390IOTLBEntry *entry, uint64_t to, int8_t ett,
406 uint16_t *error)
407 {
408 uint64_t tx, te, nto = 0;
409 uint16_t err = 0;
410
411 tx = get_table_index(entry->iova, ett);
412 te = address_space_ldq(&address_space_memory, to + tx * sizeof(uint64_t),
413 MEMTXATTRS_UNSPECIFIED, NULL);
414
415 if (!te) {
416 err = ERR_EVENT_INVALTE;
417 goto out;
418 }
419
420 if (!entry_isvalid(te, ett)) {
421 entry->perm &= IOMMU_NONE;
422 goto out;
423 }
424
425 if (ett == ZPCI_ETT_RT && ((te & ZPCI_TABLE_LEN_RTX) != ZPCI_TABLE_LEN_RTX
426 || te & ZPCI_TABLE_OFFSET_MASK)) {
427 err = ERR_EVENT_INVALTL;
428 goto out;
429 }
430
431 nto = get_next_table_origin(te, ett);
432 if (!nto) {
433 err = ERR_EVENT_TT;
434 goto out;
435 }
436
437 if (entry_isprotected(te)) {
438 entry->perm &= IOMMU_RO;
439 } else {
440 entry->perm &= IOMMU_RW;
441 }
442
443 if (translate_iscomplete(te, ett)) {
444 switch (ett) {
445 case ZPCI_ETT_PT:
446 entry->translated_addr = te & ZPCI_PTE_ADDR_MASK;
447 break;
448 case ZPCI_ETT_ST:
449 entry->translated_addr = (te & ZPCI_SFAA_MASK) |
450 (entry->iova & ~ZPCI_SFAA_MASK);
451 break;
452 }
453 nto = 0;
454 }
455 out:
456 if (err) {
457 entry->perm = IOMMU_NONE;
458 *error = err;
459 }
460 entry->len = get_frame_size(ett);
461 return nto;
462 }
463
464 uint16_t s390_guest_io_table_walk(uint64_t g_iota, hwaddr addr,
465 S390IOTLBEntry *entry)
466 {
467 uint64_t to = s390_pci_get_table_origin(g_iota);
468 int8_t ett = 1;
469 uint16_t error = 0;
470
471 entry->iova = addr & PAGE_MASK;
472 entry->translated_addr = 0;
473 entry->perm = IOMMU_RW;
474
475 if (entry_isprotected(g_iota)) {
476 entry->perm &= IOMMU_RO;
477 }
478
479 while (to) {
480 to = table_translate(entry, to, ett--, &error);
481 }
482
483 return error;
484 }
485
486 static IOMMUTLBEntry s390_translate_iommu(IOMMUMemoryRegion *mr, hwaddr addr,
487 IOMMUAccessFlags flag, int iommu_idx)
488 {
489 S390PCIIOMMU *iommu = container_of(mr, S390PCIIOMMU, iommu_mr);
490 S390IOTLBEntry *entry;
491 uint64_t iova = addr & PAGE_MASK;
492 uint16_t error = 0;
493 IOMMUTLBEntry ret = {
494 .target_as = &address_space_memory,
495 .iova = 0,
496 .translated_addr = 0,
497 .addr_mask = ~(hwaddr)0,
498 .perm = IOMMU_NONE,
499 };
500
501 switch (iommu->pbdev->state) {
502 case ZPCI_FS_ENABLED:
503 case ZPCI_FS_BLOCKED:
504 if (!iommu->enabled) {
505 return ret;
506 }
507 break;
508 default:
509 return ret;
510 }
511
512 DPRINTF("iommu trans addr 0x%" PRIx64 "\n", addr);
513
514 if (addr < iommu->pba || addr > iommu->pal) {
515 error = ERR_EVENT_OORANGE;
516 goto err;
517 }
518
519 entry = g_hash_table_lookup(iommu->iotlb, &iova);
520 if (entry) {
521 ret.iova = entry->iova;
522 ret.translated_addr = entry->translated_addr;
523 ret.addr_mask = entry->len - 1;
524 ret.perm = entry->perm;
525 } else {
526 ret.iova = iova;
527 ret.addr_mask = ~PAGE_MASK;
528 ret.perm = IOMMU_NONE;
529 }
530
531 if (flag != IOMMU_NONE && !(flag & ret.perm)) {
532 error = ERR_EVENT_TPROTE;
533 }
534 err:
535 if (error) {
536 iommu->pbdev->state = ZPCI_FS_ERROR;
537 s390_pci_generate_error_event(error, iommu->pbdev->fh,
538 iommu->pbdev->fid, addr, 0);
539 }
540 return ret;
541 }
542
543 static void s390_pci_iommu_replay(IOMMUMemoryRegion *iommu,
544 IOMMUNotifier *notifier)
545 {
546 /* It's impossible to plug a pci device on s390x that already has iommu
547 * mappings which need to be replayed, that is due to the "one iommu per
548 * zpci device" construct. But when we support migration of vfio-pci
549 * devices in future, we need to revisit this.
550 */
551 return;
552 }
553
554 static S390PCIIOMMU *s390_pci_get_iommu(S390pciState *s, PCIBus *bus,
555 int devfn)
556 {
557 uint64_t key = (uintptr_t)bus;
558 S390PCIIOMMUTable *table = g_hash_table_lookup(s->iommu_table, &key);
559 S390PCIIOMMU *iommu;
560
561 if (!table) {
562 table = g_new0(S390PCIIOMMUTable, 1);
563 table->key = key;
564 g_hash_table_insert(s->iommu_table, &table->key, table);
565 }
566
567 iommu = table->iommu[PCI_SLOT(devfn)];
568 if (!iommu) {
569 iommu = S390_PCI_IOMMU(object_new(TYPE_S390_PCI_IOMMU));
570
571 char *mr_name = g_strdup_printf("iommu-root-%02x:%02x.%01x",
572 pci_bus_num(bus),
573 PCI_SLOT(devfn),
574 PCI_FUNC(devfn));
575 char *as_name = g_strdup_printf("iommu-pci-%02x:%02x.%01x",
576 pci_bus_num(bus),
577 PCI_SLOT(devfn),
578 PCI_FUNC(devfn));
579 memory_region_init(&iommu->mr, OBJECT(iommu), mr_name, UINT64_MAX);
580 address_space_init(&iommu->as, &iommu->mr, as_name);
581 iommu->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
582 NULL, g_free);
583 table->iommu[PCI_SLOT(devfn)] = iommu;
584
585 g_free(mr_name);
586 g_free(as_name);
587 }
588
589 return iommu;
590 }
591
592 static AddressSpace *s390_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
593 {
594 S390pciState *s = opaque;
595 S390PCIIOMMU *iommu = s390_pci_get_iommu(s, bus, devfn);
596
597 return &iommu->as;
598 }
599
600 static uint8_t set_ind_atomic(uint64_t ind_loc, uint8_t to_be_set)
601 {
602 uint8_t ind_old, ind_new;
603 hwaddr len = 1;
604 uint8_t *ind_addr;
605
606 ind_addr = cpu_physical_memory_map(ind_loc, &len, 1);
607 if (!ind_addr) {
608 s390_pci_generate_error_event(ERR_EVENT_AIRERR, 0, 0, 0, 0);
609 return -1;
610 }
611 do {
612 ind_old = *ind_addr;
613 ind_new = ind_old | to_be_set;
614 } while (atomic_cmpxchg(ind_addr, ind_old, ind_new) != ind_old);
615 cpu_physical_memory_unmap(ind_addr, len, 1, len);
616
617 return ind_old;
618 }
619
620 static void s390_msi_ctrl_write(void *opaque, hwaddr addr, uint64_t data,
621 unsigned int size)
622 {
623 S390PCIBusDevice *pbdev = opaque;
624 uint32_t vec = data & ZPCI_MSI_VEC_MASK;
625 uint64_t ind_bit;
626 uint32_t sum_bit;
627
628 assert(pbdev);
629 DPRINTF("write_msix data 0x%" PRIx64 " idx %d vec 0x%x\n", data,
630 pbdev->idx, vec);
631
632 if (pbdev->state != ZPCI_FS_ENABLED) {
633 return;
634 }
635
636 ind_bit = pbdev->routes.adapter.ind_offset;
637 sum_bit = pbdev->routes.adapter.summary_offset;
638
639 set_ind_atomic(pbdev->routes.adapter.ind_addr + (ind_bit + vec) / 8,
640 0x80 >> ((ind_bit + vec) % 8));
641 if (!set_ind_atomic(pbdev->routes.adapter.summary_addr + sum_bit / 8,
642 0x80 >> (sum_bit % 8))) {
643 css_adapter_interrupt(CSS_IO_ADAPTER_PCI, pbdev->isc);
644 }
645 }
646
647 static uint64_t s390_msi_ctrl_read(void *opaque, hwaddr addr, unsigned size)
648 {
649 return 0xffffffff;
650 }
651
652 static const MemoryRegionOps s390_msi_ctrl_ops = {
653 .write = s390_msi_ctrl_write,
654 .read = s390_msi_ctrl_read,
655 .endianness = DEVICE_LITTLE_ENDIAN,
656 };
657
658 void s390_pci_iommu_enable(S390PCIIOMMU *iommu)
659 {
660 char *name = g_strdup_printf("iommu-s390-%04x", iommu->pbdev->uid);
661 memory_region_init_iommu(&iommu->iommu_mr, sizeof(iommu->iommu_mr),
662 TYPE_S390_IOMMU_MEMORY_REGION, OBJECT(&iommu->mr),
663 name, iommu->pal + 1);
664 iommu->enabled = true;
665 memory_region_add_subregion(&iommu->mr, 0, MEMORY_REGION(&iommu->iommu_mr));
666 g_free(name);
667 }
668
669 void s390_pci_iommu_disable(S390PCIIOMMU *iommu)
670 {
671 iommu->enabled = false;
672 g_hash_table_remove_all(iommu->iotlb);
673 memory_region_del_subregion(&iommu->mr, MEMORY_REGION(&iommu->iommu_mr));
674 object_unparent(OBJECT(&iommu->iommu_mr));
675 }
676
677 static void s390_pci_iommu_free(S390pciState *s, PCIBus *bus, int32_t devfn)
678 {
679 uint64_t key = (uintptr_t)bus;
680 S390PCIIOMMUTable *table = g_hash_table_lookup(s->iommu_table, &key);
681 S390PCIIOMMU *iommu = table ? table->iommu[PCI_SLOT(devfn)] : NULL;
682
683 if (!table || !iommu) {
684 return;
685 }
686
687 table->iommu[PCI_SLOT(devfn)] = NULL;
688 g_hash_table_destroy(iommu->iotlb);
689 address_space_destroy(&iommu->as);
690 object_unparent(OBJECT(&iommu->mr));
691 object_unparent(OBJECT(iommu));
692 object_unref(OBJECT(iommu));
693 }
694
695 static void s390_pcihost_realize(DeviceState *dev, Error **errp)
696 {
697 PCIBus *b;
698 BusState *bus;
699 PCIHostState *phb = PCI_HOST_BRIDGE(dev);
700 S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
701 Error *local_err = NULL;
702
703 DPRINTF("host_init\n");
704
705 b = pci_register_root_bus(dev, NULL, s390_pci_set_irq, s390_pci_map_irq,
706 NULL, get_system_memory(), get_system_io(), 0,
707 64, TYPE_PCI_BUS);
708 pci_setup_iommu(b, s390_pci_dma_iommu, s);
709
710 bus = BUS(b);
711 qbus_set_hotplug_handler(bus, dev, &local_err);
712 if (local_err) {
713 error_propagate(errp, local_err);
714 return;
715 }
716 phb->bus = b;
717
718 s->bus = S390_PCI_BUS(qbus_create(TYPE_S390_PCI_BUS, dev, NULL));
719 qbus_set_hotplug_handler(BUS(s->bus), dev, &local_err);
720 if (local_err) {
721 error_propagate(errp, local_err);
722 return;
723 }
724
725 s->iommu_table = g_hash_table_new_full(g_int64_hash, g_int64_equal,
726 NULL, g_free);
727 s->zpci_table = g_hash_table_new_full(g_int_hash, g_int_equal, NULL, NULL);
728 s->bus_no = 0;
729 QTAILQ_INIT(&s->pending_sei);
730 QTAILQ_INIT(&s->zpci_devs);
731
732 css_register_io_adapters(CSS_IO_ADAPTER_PCI, true, false,
733 S390_ADAPTER_SUPPRESSIBLE, &local_err);
734 error_propagate(errp, local_err);
735 }
736
737 static int s390_pci_msix_init(S390PCIBusDevice *pbdev)
738 {
739 char *name;
740 uint8_t pos;
741 uint16_t ctrl;
742 uint32_t table, pba;
743
744 pos = pci_find_capability(pbdev->pdev, PCI_CAP_ID_MSIX);
745 if (!pos) {
746 return -1;
747 }
748
749 ctrl = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_FLAGS,
750 pci_config_size(pbdev->pdev), sizeof(ctrl));
751 table = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_TABLE,
752 pci_config_size(pbdev->pdev), sizeof(table));
753 pba = pci_host_config_read_common(pbdev->pdev, pos + PCI_MSIX_PBA,
754 pci_config_size(pbdev->pdev), sizeof(pba));
755
756 pbdev->msix.table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
757 pbdev->msix.table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
758 pbdev->msix.pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
759 pbdev->msix.pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK;
760 pbdev->msix.entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1;
761
762 name = g_strdup_printf("msix-s390-%04x", pbdev->uid);
763 memory_region_init_io(&pbdev->msix_notify_mr, OBJECT(pbdev),
764 &s390_msi_ctrl_ops, pbdev, name, PAGE_SIZE);
765 memory_region_add_subregion(&pbdev->iommu->mr, ZPCI_MSI_ADDR,
766 &pbdev->msix_notify_mr);
767 g_free(name);
768
769 return 0;
770 }
771
772 static void s390_pci_msix_free(S390PCIBusDevice *pbdev)
773 {
774 memory_region_del_subregion(&pbdev->iommu->mr, &pbdev->msix_notify_mr);
775 object_unparent(OBJECT(&pbdev->msix_notify_mr));
776 }
777
778 static S390PCIBusDevice *s390_pci_device_new(S390pciState *s,
779 const char *target, Error **errp)
780 {
781 Error *local_err = NULL;
782 DeviceState *dev;
783
784 dev = qdev_try_create(BUS(s->bus), TYPE_S390_PCI_DEVICE);
785 if (!dev) {
786 error_setg(errp, "zPCI device could not be created");
787 return NULL;
788 }
789
790 object_property_set_str(OBJECT(dev), target, "target", &local_err);
791 if (local_err) {
792 object_unparent(OBJECT(dev));
793 error_propagate_prepend(errp, local_err,
794 "zPCI device could not be created: ");
795 return NULL;
796 }
797 object_property_set_bool(OBJECT(dev), true, "realized", &local_err);
798 if (local_err) {
799 object_unparent(OBJECT(dev));
800 error_propagate_prepend(errp, local_err,
801 "zPCI device could not be created: ");
802 return NULL;
803 }
804
805 return S390_PCI_DEVICE(dev);
806 }
807
808 static bool s390_pci_alloc_idx(S390pciState *s, S390PCIBusDevice *pbdev)
809 {
810 uint32_t idx;
811
812 idx = s->next_idx;
813 while (s390_pci_find_dev_by_idx(s, idx)) {
814 idx = (idx + 1) & FH_MASK_INDEX;
815 if (idx == s->next_idx) {
816 return false;
817 }
818 }
819
820 pbdev->idx = idx;
821 s->next_idx = (idx + 1) & FH_MASK_INDEX;
822
823 return true;
824 }
825
826 static void s390_pcihost_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
827 Error **errp)
828 {
829 PCIDevice *pdev = NULL;
830 S390PCIBusDevice *pbdev = NULL;
831 S390pciState *s = s390_get_phb();
832
833 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) {
834 BusState *bus;
835 PCIBridge *pb = PCI_BRIDGE(dev);
836 PCIDevice *pdev = PCI_DEVICE(dev);
837
838 if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
839 error_setg(errp, "multifunction not supported in s390");
840 return;
841 }
842
843 pci_bridge_map_irq(pb, dev->id, s390_pci_map_irq);
844 pci_setup_iommu(&pb->sec_bus, s390_pci_dma_iommu, s);
845
846 bus = BUS(&pb->sec_bus);
847 qbus_set_hotplug_handler(bus, DEVICE(s), errp);
848
849 if (dev->hotplugged) {
850 pci_default_write_config(pdev, PCI_PRIMARY_BUS, s->bus_no, 1);
851 s->bus_no += 1;
852 pci_default_write_config(pdev, PCI_SECONDARY_BUS, s->bus_no, 1);
853 do {
854 pdev = pci_get_bus(pdev)->parent_dev;
855 pci_default_write_config(pdev, PCI_SUBORDINATE_BUS,
856 s->bus_no, 1);
857 } while (pci_get_bus(pdev) && pci_dev_bus_num(pdev));
858 }
859 } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
860 pdev = PCI_DEVICE(dev);
861
862 if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
863 error_setg(errp, "multifunction not supported in s390");
864 return;
865 }
866
867 if (!dev->id) {
868 /* In the case the PCI device does not define an id */
869 /* we generate one based on the PCI address */
870 dev->id = g_strdup_printf("auto_%02x:%02x.%01x",
871 pci_dev_bus_num(pdev),
872 PCI_SLOT(pdev->devfn),
873 PCI_FUNC(pdev->devfn));
874 }
875
876 pbdev = s390_pci_find_dev_by_target(s, dev->id);
877 if (!pbdev) {
878 pbdev = s390_pci_device_new(s, dev->id, errp);
879 if (!pbdev) {
880 return;
881 }
882 }
883
884 if (object_dynamic_cast(OBJECT(dev), "vfio-pci")) {
885 pbdev->fh |= FH_SHM_VFIO;
886 } else {
887 pbdev->fh |= FH_SHM_EMUL;
888 }
889
890 pbdev->pdev = pdev;
891 pbdev->iommu = s390_pci_get_iommu(s, pci_get_bus(pdev), pdev->devfn);
892 pbdev->iommu->pbdev = pbdev;
893 pbdev->state = ZPCI_FS_DISABLED;
894
895 if (s390_pci_msix_init(pbdev)) {
896 error_setg(errp, "MSI-X support is mandatory "
897 "in the S390 architecture");
898 return;
899 }
900
901 if (dev->hotplugged) {
902 s390_pci_generate_plug_event(HP_EVENT_RESERVED_TO_STANDBY,
903 pbdev->fh, pbdev->fid);
904 }
905 } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
906 pbdev = S390_PCI_DEVICE(dev);
907
908 if (!s390_pci_alloc_idx(s, pbdev)) {
909 error_setg(errp, "no slot for plugging zpci device");
910 return;
911 }
912 pbdev->fh = pbdev->idx;
913 QTAILQ_INSERT_TAIL(&s->zpci_devs, pbdev, link);
914 g_hash_table_insert(s->zpci_table, &pbdev->idx, pbdev);
915 } else {
916 g_assert_not_reached();
917 }
918 }
919
920 static void s390_pcihost_timer_cb(void *opaque)
921 {
922 S390PCIBusDevice *pbdev = opaque;
923
924 if (pbdev->summary_ind) {
925 pci_dereg_irqs(pbdev);
926 }
927 if (pbdev->iommu->enabled) {
928 pci_dereg_ioat(pbdev->iommu);
929 }
930
931 pbdev->state = ZPCI_FS_STANDBY;
932 s390_pci_generate_plug_event(HP_EVENT_CONFIGURED_TO_STBRES,
933 pbdev->fh, pbdev->fid);
934 qdev_unplug(DEVICE(pbdev), NULL);
935 }
936
937 static void s390_pcihost_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
938 Error **errp)
939 {
940 PCIDevice *pci_dev = NULL;
941 PCIBus *bus;
942 int32_t devfn;
943 S390PCIBusDevice *pbdev = NULL;
944 S390pciState *s = s390_get_phb();
945
946 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) {
947 error_setg(errp, "PCI bridge hot unplug currently not supported");
948 return;
949 } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
950 pci_dev = PCI_DEVICE(dev);
951
952 QTAILQ_FOREACH(pbdev, &s->zpci_devs, link) {
953 if (pbdev->pdev == pci_dev) {
954 break;
955 }
956 }
957 assert(pbdev != NULL);
958 } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
959 pbdev = S390_PCI_DEVICE(dev);
960 pci_dev = pbdev->pdev;
961 } else {
962 g_assert_not_reached();
963 }
964
965 switch (pbdev->state) {
966 case ZPCI_FS_RESERVED:
967 goto out;
968 case ZPCI_FS_STANDBY:
969 break;
970 default:
971 s390_pci_generate_plug_event(HP_EVENT_DECONFIGURE_REQUEST,
972 pbdev->fh, pbdev->fid);
973 pbdev->release_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
974 s390_pcihost_timer_cb,
975 pbdev);
976 timer_mod(pbdev->release_timer,
977 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + HOT_UNPLUG_TIMEOUT);
978 return;
979 }
980
981 if (pbdev->release_timer && timer_pending(pbdev->release_timer)) {
982 timer_del(pbdev->release_timer);
983 timer_free(pbdev->release_timer);
984 pbdev->release_timer = NULL;
985 }
986
987 s390_pci_generate_plug_event(HP_EVENT_STANDBY_TO_RESERVED,
988 pbdev->fh, pbdev->fid);
989 bus = pci_get_bus(pci_dev);
990 devfn = pci_dev->devfn;
991 object_unparent(OBJECT(pci_dev));
992 s390_pci_msix_free(pbdev);
993 s390_pci_iommu_free(s, bus, devfn);
994 pbdev->pdev = NULL;
995 pbdev->state = ZPCI_FS_RESERVED;
996 out:
997 pbdev->fid = 0;
998 QTAILQ_REMOVE(&s->zpci_devs, pbdev, link);
999 g_hash_table_remove(s->zpci_table, &pbdev->idx);
1000 object_unparent(OBJECT(pbdev));
1001 }
1002
1003 static void s390_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
1004 void *opaque)
1005 {
1006 S390pciState *s = opaque;
1007 unsigned int primary = s->bus_no;
1008 unsigned int subordinate = 0xff;
1009 PCIBus *sec_bus = NULL;
1010
1011 if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
1012 PCI_HEADER_TYPE_BRIDGE)) {
1013 return;
1014 }
1015
1016 (s->bus_no)++;
1017 pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
1018 pci_default_write_config(pdev, PCI_SECONDARY_BUS, s->bus_no, 1);
1019 pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, s->bus_no, 1);
1020
1021 sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
1022 if (!sec_bus) {
1023 return;
1024 }
1025
1026 pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, subordinate, 1);
1027 pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
1028 s390_pci_enumerate_bridge, s);
1029 pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, s->bus_no, 1);
1030 }
1031
1032 static void s390_pcihost_reset(DeviceState *dev)
1033 {
1034 S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
1035 PCIBus *bus = s->parent_obj.bus;
1036
1037 s->bus_no = 0;
1038 pci_for_each_device(bus, pci_bus_num(bus), s390_pci_enumerate_bridge, s);
1039 }
1040
1041 static void s390_pcihost_class_init(ObjectClass *klass, void *data)
1042 {
1043 DeviceClass *dc = DEVICE_CLASS(klass);
1044 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
1045
1046 dc->reset = s390_pcihost_reset;
1047 dc->realize = s390_pcihost_realize;
1048 hc->plug = s390_pcihost_plug;
1049 hc->unplug = s390_pcihost_unplug;
1050 msi_nonbroken = true;
1051 }
1052
1053 static const TypeInfo s390_pcihost_info = {
1054 .name = TYPE_S390_PCI_HOST_BRIDGE,
1055 .parent = TYPE_PCI_HOST_BRIDGE,
1056 .instance_size = sizeof(S390pciState),
1057 .class_init = s390_pcihost_class_init,
1058 .interfaces = (InterfaceInfo[]) {
1059 { TYPE_HOTPLUG_HANDLER },
1060 { }
1061 }
1062 };
1063
1064 static const TypeInfo s390_pcibus_info = {
1065 .name = TYPE_S390_PCI_BUS,
1066 .parent = TYPE_BUS,
1067 .instance_size = sizeof(S390PCIBus),
1068 };
1069
1070 static uint16_t s390_pci_generate_uid(S390pciState *s)
1071 {
1072 uint16_t uid = 0;
1073
1074 do {
1075 uid++;
1076 if (!s390_pci_find_dev_by_uid(s, uid)) {
1077 return uid;
1078 }
1079 } while (uid < ZPCI_MAX_UID);
1080
1081 return UID_UNDEFINED;
1082 }
1083
1084 static uint32_t s390_pci_generate_fid(S390pciState *s, Error **errp)
1085 {
1086 uint32_t fid = 0;
1087
1088 do {
1089 if (!s390_pci_find_dev_by_fid(s, fid)) {
1090 return fid;
1091 }
1092 } while (fid++ != ZPCI_MAX_FID);
1093
1094 error_setg(errp, "no free fid could be found");
1095 return 0;
1096 }
1097
1098 static void s390_pci_device_realize(DeviceState *dev, Error **errp)
1099 {
1100 S390PCIBusDevice *zpci = S390_PCI_DEVICE(dev);
1101 S390pciState *s = s390_get_phb();
1102
1103 if (!zpci->target) {
1104 error_setg(errp, "target must be defined");
1105 return;
1106 }
1107
1108 if (s390_pci_find_dev_by_target(s, zpci->target)) {
1109 error_setg(errp, "target %s already has an associated zpci device",
1110 zpci->target);
1111 return;
1112 }
1113
1114 if (zpci->uid == UID_UNDEFINED) {
1115 zpci->uid = s390_pci_generate_uid(s);
1116 if (!zpci->uid) {
1117 error_setg(errp, "no free uid could be found");
1118 return;
1119 }
1120 } else if (s390_pci_find_dev_by_uid(s, zpci->uid)) {
1121 error_setg(errp, "uid %u already in use", zpci->uid);
1122 return;
1123 }
1124
1125 if (!zpci->fid_defined) {
1126 Error *local_error = NULL;
1127
1128 zpci->fid = s390_pci_generate_fid(s, &local_error);
1129 if (local_error) {
1130 error_propagate(errp, local_error);
1131 return;
1132 }
1133 } else if (s390_pci_find_dev_by_fid(s, zpci->fid)) {
1134 error_setg(errp, "fid %u already in use", zpci->fid);
1135 return;
1136 }
1137
1138 zpci->state = ZPCI_FS_RESERVED;
1139 }
1140
1141 static void s390_pci_device_reset(DeviceState *dev)
1142 {
1143 S390PCIBusDevice *pbdev = S390_PCI_DEVICE(dev);
1144
1145 switch (pbdev->state) {
1146 case ZPCI_FS_RESERVED:
1147 return;
1148 case ZPCI_FS_STANDBY:
1149 break;
1150 default:
1151 pbdev->fh &= ~FH_MASK_ENABLE;
1152 pbdev->state = ZPCI_FS_DISABLED;
1153 break;
1154 }
1155
1156 if (pbdev->summary_ind) {
1157 pci_dereg_irqs(pbdev);
1158 }
1159 if (pbdev->iommu->enabled) {
1160 pci_dereg_ioat(pbdev->iommu);
1161 }
1162
1163 pbdev->fmb_addr = 0;
1164 }
1165
1166 static void s390_pci_get_fid(Object *obj, Visitor *v, const char *name,
1167 void *opaque, Error **errp)
1168 {
1169 Property *prop = opaque;
1170 uint32_t *ptr = qdev_get_prop_ptr(DEVICE(obj), prop);
1171
1172 visit_type_uint32(v, name, ptr, errp);
1173 }
1174
1175 static void s390_pci_set_fid(Object *obj, Visitor *v, const char *name,
1176 void *opaque, Error **errp)
1177 {
1178 DeviceState *dev = DEVICE(obj);
1179 S390PCIBusDevice *zpci = S390_PCI_DEVICE(obj);
1180 Property *prop = opaque;
1181 uint32_t *ptr = qdev_get_prop_ptr(dev, prop);
1182
1183 if (dev->realized) {
1184 qdev_prop_set_after_realize(dev, name, errp);
1185 return;
1186 }
1187
1188 visit_type_uint32(v, name, ptr, errp);
1189 zpci->fid_defined = true;
1190 }
1191
1192 static const PropertyInfo s390_pci_fid_propinfo = {
1193 .name = "zpci_fid",
1194 .get = s390_pci_get_fid,
1195 .set = s390_pci_set_fid,
1196 };
1197
1198 #define DEFINE_PROP_S390_PCI_FID(_n, _s, _f) \
1199 DEFINE_PROP(_n, _s, _f, s390_pci_fid_propinfo, uint32_t)
1200
1201 static Property s390_pci_device_properties[] = {
1202 DEFINE_PROP_UINT16("uid", S390PCIBusDevice, uid, UID_UNDEFINED),
1203 DEFINE_PROP_S390_PCI_FID("fid", S390PCIBusDevice, fid),
1204 DEFINE_PROP_STRING("target", S390PCIBusDevice, target),
1205 DEFINE_PROP_END_OF_LIST(),
1206 };
1207
1208 static void s390_pci_device_class_init(ObjectClass *klass, void *data)
1209 {
1210 DeviceClass *dc = DEVICE_CLASS(klass);
1211
1212 dc->desc = "zpci device";
1213 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
1214 dc->reset = s390_pci_device_reset;
1215 dc->bus_type = TYPE_S390_PCI_BUS;
1216 dc->realize = s390_pci_device_realize;
1217 dc->props = s390_pci_device_properties;
1218 }
1219
1220 static const TypeInfo s390_pci_device_info = {
1221 .name = TYPE_S390_PCI_DEVICE,
1222 .parent = TYPE_DEVICE,
1223 .instance_size = sizeof(S390PCIBusDevice),
1224 .class_init = s390_pci_device_class_init,
1225 };
1226
1227 static TypeInfo s390_pci_iommu_info = {
1228 .name = TYPE_S390_PCI_IOMMU,
1229 .parent = TYPE_OBJECT,
1230 .instance_size = sizeof(S390PCIIOMMU),
1231 };
1232
1233 static void s390_iommu_memory_region_class_init(ObjectClass *klass, void *data)
1234 {
1235 IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
1236
1237 imrc->translate = s390_translate_iommu;
1238 imrc->replay = s390_pci_iommu_replay;
1239 }
1240
1241 static const TypeInfo s390_iommu_memory_region_info = {
1242 .parent = TYPE_IOMMU_MEMORY_REGION,
1243 .name = TYPE_S390_IOMMU_MEMORY_REGION,
1244 .class_init = s390_iommu_memory_region_class_init,
1245 };
1246
1247 static void s390_pci_register_types(void)
1248 {
1249 type_register_static(&s390_pcihost_info);
1250 type_register_static(&s390_pcibus_info);
1251 type_register_static(&s390_pci_device_info);
1252 type_register_static(&s390_pci_iommu_info);
1253 type_register_static(&s390_iommu_memory_region_info);
1254 }
1255
1256 type_init(s390_pci_register_types)
AR7 emulation for QEMU