search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s390x/sclp: Add missing checks to SCLP handler
[qemu/kevin.git] / hw / s390x / sclp.c
blob98809777c8c06c983575eb75553cacf6c5443663
1 /*
2 * SCLP Support
3 *
4 * Copyright IBM, Corp. 2012
5 *
6 * Authors:
7 * Christian Borntraeger <borntraeger@de.ibm.com>
8 * Heinz Graalfs <graalfs@linux.vnet.ibm.com>
9 *
10 * This work is licensed under the terms of the GNU GPL, version 2 or (at your
11 * option) any later version. See the COPYING file in the top-level directory.
12 *
13 */
14
15 #include "cpu.h"
16 #include "sysemu/kvm.h"
17 #include "exec/memory.h"
18 #include "sysemu/sysemu.h"
19
20 #include "hw/s390x/sclp.h"
21
22 static inline S390SCLPDevice *get_event_facility(void)
23 {
24 ObjectProperty *op = object_property_find(qdev_get_machine(),
25 "s390-sclp-event-facility",
26 NULL);
27 assert(op);
28 return op->opaque;
29 }
30
31 /* Provide information about the configuration, CPUs and storage */
32 static void read_SCP_info(SCCB *sccb)
33 {
34 ReadInfo *read_info = (ReadInfo *) sccb;
35 CPUState *cpu;
36 int shift = 0;
37 int cpu_count = 0;
38 int i = 0;
39
40 CPU_FOREACH(cpu) {
41 cpu_count++;
42 }
43
44 /* CPU information */
45 read_info->entries_cpu = cpu_to_be16(cpu_count);
46 read_info->offset_cpu = cpu_to_be16(offsetof(ReadInfo, entries));
47 read_info->highest_cpu = cpu_to_be16(max_cpus);
48
49 for (i = 0; i < cpu_count; i++) {
50 read_info->entries[i].address = i;
51 read_info->entries[i].type = 0;
52 }
53
54 read_info->facilities = cpu_to_be64(SCLP_HAS_CPU_INFO);
55
56 while ((ram_size >> (20 + shift)) > 65535) {
57 shift++;
58 }
59 read_info->rnmax = cpu_to_be16(ram_size >> (20 + shift));
60 read_info->rnsize = 1 << shift;
61 sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
62 }
63
64 /* Provide information about the CPU */
65 static void sclp_read_cpu_info(SCCB *sccb)
66 {
67 ReadCpuInfo *cpu_info = (ReadCpuInfo *) sccb;
68 CPUState *cpu;
69 int cpu_count = 0;
70 int i = 0;
71
72 CPU_FOREACH(cpu) {
73 cpu_count++;
74 }
75
76 cpu_info->nr_configured = cpu_to_be16(cpu_count);
77 cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
78 cpu_info->nr_standby = cpu_to_be16(0);
79
80 /* The standby offset is 16-byte for each CPU */
81 cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
82 + cpu_info->nr_configured*sizeof(CPUEntry));
83
84 for (i = 0; i < cpu_count; i++) {
85 cpu_info->entries[i].address = i;
86 cpu_info->entries[i].type = 0;
87 }
88
89 sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
90 }
91
92 static void sclp_execute(SCCB *sccb, uint32_t code)
93 {
94 S390SCLPDevice *sdev = get_event_facility();
95
96 switch (code & SCLP_CMD_CODE_MASK) {
97 case SCLP_CMDW_READ_SCP_INFO:
98 case SCLP_CMDW_READ_SCP_INFO_FORCED:
99 read_SCP_info(sccb);
100 break;
101 case SCLP_CMDW_READ_CPU_INFO:
102 sclp_read_cpu_info(sccb);
103 break;
104 default:
105 sdev->sclp_command_handler(sdev->ef, sccb, code);
106 break;
107 }
108 }
109
110 int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code)
111 {
112 int r = 0;
113 SCCB work_sccb;
114
115 hwaddr sccb_len = sizeof(SCCB);
116
117 /* first some basic checks on program checks */
118 if (env->psw.mask & PSW_MASK_PSTATE) {
119 r = -PGM_PRIVILEGED;
120 goto out;
121 }
122 if (cpu_physical_memory_is_io(sccb)) {
123 r = -PGM_ADDRESSING;
124 goto out;
125 }
126 if ((sccb & ~0x1fffUL) == 0 || (sccb & ~0x1fffUL) == env->psa
127 || (sccb & ~0x7ffffff8UL) != 0) {
128 r = -PGM_SPECIFICATION;
129 goto out;
130 }
131
132 /*
133 * we want to work on a private copy of the sccb, to prevent guests
134 * from playing dirty tricks by modifying the memory content after
135 * the host has checked the values
136 */
137 cpu_physical_memory_read(sccb, &work_sccb, sccb_len);
138
139 /* Valid sccb sizes */
140 if (be16_to_cpu(work_sccb.h.length) < sizeof(SCCBHeader) ||
141 be16_to_cpu(work_sccb.h.length) > SCCB_SIZE) {
142 r = -PGM_SPECIFICATION;
143 goto out;
144 }
145
146 sclp_execute((SCCB *)&work_sccb, code);
147
148 cpu_physical_memory_write(sccb, &work_sccb,
149 be16_to_cpu(work_sccb.h.length));
150
151 sclp_service_interrupt(sccb);
152
153 out:
154 return r;
155 }
156
157 void sclp_service_interrupt(uint32_t sccb)
158 {
159 S390SCLPDevice *sdev = get_event_facility();
160 uint32_t param = sccb & ~3;
161
162 /* Indicate whether an event is still pending */
163 param |= sdev->event_pending(sdev->ef) ? 1 : 0;
164
165 if (!param) {
166 /* No need to send an interrupt, there's nothing to be notified about */
167 return;
168 }
169 s390_sclp_extint(param);
170 }
171
172 /* qemu object creation and initialization functions */
173
174 void s390_sclp_init(void)
175 {
176 DeviceState *dev = qdev_create(NULL, "s390-sclp-event-facility");
177
178 object_property_add_child(qdev_get_machine(), "s390-sclp-event-facility",
179 OBJECT(dev), NULL);
180 qdev_init_nofail(dev);
181 }
182
183 static int s390_sclp_dev_init(SysBusDevice *dev)
184 {
185 int r;
186 S390SCLPDevice *sdev = (S390SCLPDevice *)dev;
187 S390SCLPDeviceClass *sclp = SCLP_S390_DEVICE_GET_CLASS(dev);
188
189 r = sclp->init(sdev);
190 if (!r) {
191 assert(sdev->event_pending);
192 assert(sdev->sclp_command_handler);
193 }
194
195 return r;
196 }
197
198 static void s390_sclp_device_class_init(ObjectClass *klass, void *data)
199 {
200 SysBusDeviceClass *dc = SYS_BUS_DEVICE_CLASS(klass);
201
202 dc->init = s390_sclp_dev_init;
203 }
204
205 static const TypeInfo s390_sclp_device_info = {
206 .name = TYPE_DEVICE_S390_SCLP,
207 .parent = TYPE_SYS_BUS_DEVICE,
208 .instance_size = sizeof(S390SCLPDevice),
209 .class_init = s390_sclp_device_class_init,
210 .class_size = sizeof(S390SCLPDeviceClass),
211 .abstract = true,
212 };
213
214 static void s390_sclp_register_types(void)
215 {
216 type_register_static(&s390_sclp_device_info);
217 }
218
219 type_init(s390_sclp_register_types)
Random patches