From 80765f0734e08fe4d52e9be10e0cfb47b3cf43e3 Mon Sep 17 00:00:00 2001
From: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Date: Sat, 18 Oct 2014 06:24:12 +0200
Subject: [PATCH 1/5] s390x/kvm: Fix opcode decoding for eb instruction handler

The second byte of the opcode is encoded in the lowest byte of the ipb
field, not the lowest byte of the ipa field.

Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
---
 target-s390x/kvm.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 5b10a255ed..690cb7198a 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -827,18 +827,18 @@ static int handle_b9(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
     return r;
 }
 
-static int handle_eb(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
+static int handle_eb(S390CPU *cpu, struct kvm_run *run, uint8_t ipbl)
 {
     int r = 0;
 
-    switch (ipa1) {
+    switch (ipbl) {
     case PRIV_EB_SQBS:
         /* just inject exception */
         r = -1;
         break;
     default:
         r = -1;
-        DPRINTF("KVM: unhandled PRIV: 0xeb%x\n", ipa1);
+        DPRINTF("KVM: unhandled PRIV: 0xeb%x\n", ipbl);
         break;
     }
 
@@ -1039,7 +1039,7 @@ static int handle_instruction(S390CPU *cpu, struct kvm_run *run)
         r = handle_b9(cpu, run, ipa1);
         break;
     case IPA0_EB:
-        r = handle_eb(cpu, run, ipa1);
+        r = handle_eb(cpu, run, run->s390_sieic.ipb & 0xff);
         break;
     case IPA0_DIAG:
         r = handle_diag(cpu, run, run->s390_sieic.ipb);

From f0d4dc18ce398e166c4b186bff325e755c22db2f Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@linux.vnet.ibm.com>
Date: Thu, 23 Oct 2014 09:58:56 +0200
Subject: [PATCH 2/5] s390x/kvm: Fix warning from sparse

When running "sparse" with the s390x kvm.c code, it complains that
"constant 0x00400f1d40330000 is so big it is long" - let's fix this
by appending a proper suffix.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 target-s390x/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 690cb7198a..d247471119 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -1272,7 +1272,7 @@ void kvm_s390_crw_mchk(void)
     struct kvm_s390_irq irq = {
         .type = KVM_S390_MCHK,
         .u.mchk.cr14 = 1 << 28,
-        .u.mchk.mcic = 0x00400f1d40330000,
+        .u.mchk.mcic = 0x00400f1d40330000ULL,
     };
     kvm_s390_floating_interrupt(&irq);
 }

From b3191432cf49c556f47d75c929f5aa692ae59da1 Mon Sep 17 00:00:00 2001
From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Date: Wed, 29 Oct 2014 08:58:05 +0000
Subject: [PATCH 3/5] s390x/sclpconsole-lm: truncate input if line is too long

As the SCLP line mode console input length is limited by the available
SCCB buffer space, it might lock up if the input does not fit into the
buffer.

With this patch, characters that don't fit are 'eaten' up to the next
CR/LF and the input line is sent truncated to the guest.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 hw/char/sclpconsole-lm.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 80dd0a9e13..605dd50fb4 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -52,7 +52,8 @@ typedef struct SCLPConsoleLM {
  * event_pending is set when a newline character is encountered
  *
  * The maximum command line length is limited by the maximum
- * space available in an SCCB
+ * space available in an SCCB. Line mode console input is sent
+ * truncated to the guest in case it doesn't fit into the SCCB.
  */
 
 static int chr_can_read(void *opaque)
@@ -61,10 +62,8 @@ static int chr_can_read(void *opaque)
 
     if (scon->event.event_pending) {
         return 0;
-    } else if (SIZE_CONSOLE_BUFFER - scon->length) {
-        return 1;
     }
-    return 0;
+    return 1;
 }
 
 static void chr_read(void *opaque, const uint8_t *buf, int size)
@@ -78,6 +77,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int size)
         sclp_service_interrupt(0);
         return;
     }
+    if (scon->length == SIZE_CONSOLE_BUFFER) {
+        /* Eat the character, but still process CR and LF.  */
+        return;
+    }
     scon->buf[scon->length] = *buf;
     scon->length += 1;
     if (scon->echo) {

From 87f2eff01623fe3d79e6c0962a3037d48b80b548 Mon Sep 17 00:00:00 2001
From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Date: Wed, 29 Oct 2014 12:52:02 +0000
Subject: [PATCH 4/5] s390x/sclpconsole-lm: Fix hanging SCLP line mode console

Trigger recalculating sets of file descriptors for the main loop's poll()
in order to make sure a possibly removed FD 0 from the poll() file
descriptor array is re-added. FD 0 is removed from the decriptor array
when the console's can_read() callback returns 0.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 hw/char/sclpconsole-lm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 605dd50fb4..a9f5e62f24 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -128,6 +128,7 @@ static int get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
     cons->length = 0;
     /* data provided and no more data pending */
     event->event_pending = false;
+    qemu_notify_event();
     return 0;
 }
 

From bb3e9e1fd7ab62b60780c66d68b2d7bfd8758e61 Mon Sep 17 00:00:00 2001
From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Date: Fri, 24 Oct 2014 13:10:49 +0000
Subject: [PATCH 5/5] s390x/sclpconsole: Avoid hanging SCLP ASCII console

Force recalculation of file descriptor sets for main loop's poll(),
in order to be able to readd a possibly removed input file descriptor
after can_read() returned 0 (zero).

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 hw/char/sclpconsole.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/char/sclpconsole.c b/hw/char/sclpconsole.c
index fca105db4e..79891dfc58 100644
--- a/hw/char/sclpconsole.c
+++ b/hw/char/sclpconsole.c
@@ -36,6 +36,7 @@ typedef struct SCLPConsole {
     uint32_t iov_bs;        /* offset in buf for char layer read operation */
     uint32_t iov_data_len;  /* length of byte stream in buffer             */
     uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP     */
+    bool notify;            /* qemu_notify_event() req'd if true           */
 } SCLPConsole;
 
 /* character layer call-back functions */
@@ -44,8 +45,12 @@ typedef struct SCLPConsole {
 static int chr_can_read(void *opaque)
 {
     SCLPConsole *scon = opaque;
+    int avail = SIZE_BUFFER_VT220 - scon->iov_data_len;
 
-    return SIZE_BUFFER_VT220 - scon->iov_data_len;
+    if (avail == 0) {
+        scon->notify = true;
+    }
+    return avail;
 }
 
 /* Send data from a char device over to the guest */
@@ -113,6 +118,10 @@ static void get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
         cons->iov_sclp += avail;
         /* more data pending */
     }
+    if (cons->notify) {
+        cons->notify = false;
+        qemu_notify_event();
+    }
 }
 
 static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
@@ -229,6 +238,7 @@ static void console_reset(DeviceState *dev)
    scon->iov_bs = 0;
    scon->iov_data_len = 0;
    scon->iov_sclp_rest = 0;
+   scon->notify = false;
 }
 
 static int console_exit(SCLPEvent *event)