Merge tag 'v1.1.2' into stable-1.1qemu-kvm-1.1.2stable-1.1

* tag 'v1.1.2': (74 commits)
  update VERSION for 1.1.2
  console: bounds check whenever changing the cursor due to an escape code
  qemu-timer: properly arm alarm timer for timers set by device initialization
  target-xtensa: return ENOSYS for unimplemented simcalls
  target-xtensa: fix big-endian BBS/BBC implementation
  ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
  msix: make [un]use vectors on reset/load optional
  reset PMBA and PMREGMISC PIIX4 registers.
  qemu_rearm_alarm_timer: do not call rearm if the next deadline is INT64_MAX
  qemu-ga: Fix null pointer passed to unlink in failure branch
  memory: Fix copy&paste mistake in memory_region_iorange_write
  ivshmem: remove redundant ioeventfd configuration
  hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo
  tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code
  audio/winwave: previous audio buffer should be flushed
  target-mips: allow microMIPS SWP and SDP to have RD equal to BASE
  target-mips: add privilege level check to several Cop0 instructions
  mips-linux-user: Always support rdhwr.
  target-mips: Streamline indexed cp1 memory addressing.
  Fix order of CVT.PS.S operands
  ...

Signed-off-by: Avi Kivity <avi@redhat.com>

1 files changed, 18 insertions, 9 deletions

diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 7b7247316..91dd8dc3f 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -19,6 +19,8 @@
  */
 
 #include "cpu.h"
+#include "memory.h"
+#include "cputlb.h"
 #include "dyngen-exec.h"
 #include "host-utils.h"
 #include "helper.h"
@@ -2366,6 +2368,9 @@ static void ext_interrupt(CPUS390XState *env, int type, uint32_t param,
     cpu_inject_ext(env, type, param, param64);
 }
 
+/*
+ * ret < 0 indicates program check, ret = 0,1,2,3 -> cc
+ */
 int sclp_service_call(CPUS390XState *env, uint32_t sccb, uint64_t code)
 {
     int r = 0;
@@ -2375,10 +2380,12 @@ int sclp_service_call(CPUS390XState *env, uint32_t sccb, uint64_t code)
     printf("sclp(0x%x, 0x%" PRIx64 ")\n", sccb, code);
 #endif
 
+    /* basic checks */
+    if (!memory_region_is_ram(phys_page_find(sccb >> TARGET_PAGE_BITS)->mr)) {
+        return -PGM_ADDRESSING;
+    }
     if (sccb & ~0x7ffffff8ul) {
-        fprintf(stderr, "KVM: invalid sccb address 0x%x\n", sccb);
-        r = -1;
-        goto out;
+        return -PGM_SPECIFICATION;
     }
 
     switch(code) {
@@ -2405,22 +2412,24 @@ int sclp_service_call(CPUS390XState *env, uint32_t sccb, uint64_t code)
 #ifdef DEBUG_HELPER
             printf("KVM: invalid sclp call 0x%x / 0x%" PRIx64 "x\n", sccb, code);
 #endif
-            r = -1;
+            r = 3;
             break;
     }
 
-out:
     return r;
 }
 
 /* SCLP service call */
 uint32_t HELPER(servc)(uint32_t r1, uint64_t r2)
 {
-    if (sclp_service_call(env, r1, r2)) {
-        return 3;
-    }
+    int r;
 
-    return 0;
+    r = sclp_service_call(env, r1, r2);
+    if (r < 0) {
+        program_interrupt(env, -r, 4);
+        return 0;
+    }
+    return r;
 }
 
 /* DIAG */