s390: Fix handling of iscs.

There are two ways to express an interruption subclass:
- As a bitmask, as used in cr6.
- As a number, as used in the I/O interruption word.

Unfortunately, we have treated to I/O interruption word as if it
contained the bitmask as well, which went unnoticed so far as
- (queued-for-next) kvm made the same mistake, and
- Linux guest kernels don't check the isc value in the I/O interruption
  word for subchannel interrupts.

Make sure that we treat the I/O interruption word correctly.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

hw/s390x/css.c

@@ -87,7 +87,7 @@ static void css_inject_io_interrupt(SubchDev *sch)
                       css_build_subchannel_id(sch),
                       sch->schid,
                       sch->curr_status.pmcw.intparm,
-                      (0x80 >> isc) << 24);
+                      isc << 27);
 }
 
 void css_conditional_io_interrupt(SubchDev *sch)
@@ -111,7 +111,7 @@ void css_conditional_io_interrupt(SubchDev *sch)
                           css_build_subchannel_id(sch),
                           sch->schid,
                           sch->curr_status.pmcw.intparm,
-                          (0x80 >> isc) << 24);
+                          isc << 27);
     }
 }
 

target-s390x/cpu.h

@@ -1001,7 +1001,7 @@ static inline void cpu_inject_io(S390CPU *cpu, uint16_t subchannel_id,
                                  uint32_t io_int_parm, uint32_t io_int_word)
 {
     CPUS390XState *env = &cpu->env;
-    int isc = ffs(io_int_word << 2) - 1;
+    int isc = IO_INT_WORD_ISC(io_int_word);
 
     if (env->io_index[isc] == MAX_IO_QUEUE - 1) {
         /* ugh - can't queue anymore. Let's drop. */

target-s390x/helper.c

@@ -628,6 +628,8 @@ static void do_io_interrupt(CPUS390XState *env)
     }
 
     for (isc = 0; isc < ARRAY_SIZE(env->io_index); isc++) {
+        uint64_t isc_bits;
+
         if (env->io_index[isc] < 0) {
             continue;
         }
@@ -637,7 +639,8 @@ static void do_io_interrupt(CPUS390XState *env)
         }
 
         q = &env->io_queue[env->io_index[isc]][isc];
-        if (!(env->cregs[6] & q->word)) {
+        isc_bits = ISC_TO_ISC_BITS(IO_INT_WORD_ISC(q->word));
+        if (!(env->cregs[6] & isc_bits)) {
             disable = 0;
             continue;
         }

target-s390x/ioinst.h

@@ -209,6 +209,9 @@ typedef struct IOIntCode {
 #define IOINST_SCHID_SSID(_schid)  ((_schid & 0x00060000) >> 17)
 #define IOINST_SCHID_NR(_schid)    (_schid & 0x0000ffff)
 
+#define IO_INT_WORD_ISC(_int_word) ((_int_word & 0x38000000) >> 24)
+#define ISC_TO_ISC_BITS(_isc)      ((0x80 >> _isc) << 24)
+
 int ioinst_disassemble_sch_ident(uint32_t value, int *m, int *cssid, int *ssid,
                                  int *schid);
 int ioinst_handle_xsch(CPUS390XState *env, uint64_t reg1);