10 files changed, 305 insertions, 83 deletions
diff --git a/arch/s390/include/asm/kvm.h b/arch/s390/include/asm/kvm.h
index 82b32a100c7..96076676e22 100644
--- a/arch/s390/include/asm/kvm.h
+++ b/arch/s390/include/asm/kvm.h
@@ -41,4 +41,15 @@ struct kvm_debug_exit_arch {
 struct kvm_guest_debug_arch {
 };
+#define KVM_SYNC_PREFIX (1UL << 0)
+#define KVM_SYNC_GPRS   (1UL << 1)
+#define KVM_SYNC_ACRS   (1UL << 2)
+#define KVM_SYNC_CRS    (1UL << 3)
+/* definition of registers in kvm_run */
+struct kvm_sync_regs {
+        __u64 prefix;   /* prefix register */
+        __u64 gprs[16]; /* general purpose registers */
+        __u32 acrs[16]; /* access registers */
+        __u64 crs[16];  /* control registers */
+};
 #endif
diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index b0c235cb6ad..7343872890a 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -220,18 +220,17 @@ struct kvm_s390_float_interrupt {
        struct list_head list;
        atomic_t active;
        int next_rr_cpu;
-        unsigned long idle_mask [(64 + sizeof(long) - 1) / sizeof(long)];
+        unsigned long idle_mask[(KVM_MAX_VCPUS + sizeof(long) - 1)
-        struct kvm_s390_local_interrupt *local_int[64];
+                                / sizeof(long)];
+        struct kvm_s390_local_interrupt *local_int[KVM_MAX_VCPUS];
 };
 struct kvm_vcpu_arch {
        struct kvm_s390_sie_block *sie_block;
-        unsigned long     guest_gprs[16];
        s390_fp_regs      host_fpregs;
        unsigned int      host_acrs[NUM_ACRS];
        s390_fp_regs      guest_fpregs;
-        unsigned int      guest_acrs[NUM_ACRS];
        struct kvm_s390_local_interrupt local_int;
        struct hrtimer    ckc_timer;
        struct tasklet_struct tasklet;
@@ -246,6 +245,9 @@ struct kvm_vm_stat {
        u32 remote_tlb_flush;
 };
+struct kvm_arch_memory_slot {
+};
 struct kvm_arch{
        struct sca_block *sca;
        debug_info_t *dbf;
@@ -253,5 +255,5 @@ struct kvm_arch{
        struct gmap *gmap;
 };
-extern int sie64a(struct kvm_s390_sie_block *, unsigned long *);
+extern int sie64a(struct kvm_s390_sie_block *, u64 *);
 #endif
diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig
index a21634173a6..78eb9847008 100644
--- a/arch/s390/kvm/Kconfig
+++ b/arch/s390/kvm/Kconfig
@@ -34,6 +34,15 @@ config KVM
          If unsure, say N.
+config KVM_S390_UCONTROL
+        bool "Userspace controlled virtual machines"
+        depends on KVM
+        ---help---
+          Allow CAP_SYS_ADMIN users to create KVM virtual machines that are
+          controlled by userspace.
+          If unsure, say N.
 # OK, it's a little counter-intuitive to do this, but it puts it neatly under
 # the virtualization menu.
 source drivers/vhost/Kconfig
diff --git a/arch/s390/kvm/diag.c b/arch/s390/kvm/diag.c
index 8943e82cd4d..a353f0ea45c 100644
--- a/arch/s390/kvm/diag.c
+++ b/arch/s390/kvm/diag.c
@@ -20,8 +20,8 @@ static int diag_release_pages(struct kvm_vcpu *vcpu)
        unsigned long start, end;
        unsigned long prefix  = vcpu->arch.sie_block->prefix;
-        start = vcpu->arch.guest_gprs[(vcpu->arch.sie_block->ipa & 0xf0) >> 4];
+        start = vcpu->run->s.regs.gprs[(vcpu->arch.sie_block->ipa & 0xf0) >> 4];
-        end = vcpu->arch.guest_gprs[vcpu->arch.sie_block->ipa & 0xf] + 4096;
+        end = vcpu->run->s.regs.gprs[vcpu->arch.sie_block->ipa & 0xf] + 4096;
        if (start & ~PAGE_MASK || end & ~PAGE_MASK || start > end
            || start < 2 * PAGE_SIZE)
@@ -56,7 +56,7 @@ static int __diag_time_slice_end(struct kvm_vcpu *vcpu)
 static int __diag_ipl_functions(struct kvm_vcpu *vcpu)
 {
        unsigned int reg = vcpu->arch.sie_block->ipa & 0xf;
-        unsigned long subcode = vcpu->arch.guest_gprs[reg] & 0xffff;
+        unsigned long subcode = vcpu->run->s.regs.gprs[reg] & 0xffff;
        VCPU_EVENT(vcpu, 5, "diag ipl functions, subcode %lx", subcode);
        switch (subcode) {
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index 02434543eab..361456577c6 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -36,7 +36,7 @@ static int handle_lctlg(struct kvm_vcpu *vcpu)
        useraddr = disp2;
        if (base2)
-                useraddr += vcpu->arch.guest_gprs[base2];
+                useraddr += vcpu->run->s.regs.gprs[base2];
        if (useraddr & 7)
                return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
@@ -75,7 +75,7 @@ static int handle_lctl(struct kvm_vcpu *vcpu)
        useraddr = disp2;
        if (base2)
-                useraddr += vcpu->arch.guest_gprs[base2];
+                useraddr += vcpu->run->s.regs.gprs[base2];
        if (useraddr & 3)
                return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
@@ -133,13 +133,6 @@ static int handle_stop(struct kvm_vcpu *vcpu)
        vcpu->stat.exit_stop_request++;
        spin_lock_bh(&vcpu->arch.local_int.lock);
-        if (vcpu->arch.local_int.action_bits & ACTION_STORE_ON_STOP) {
-                vcpu->arch.local_int.action_bits &= ~ACTION_STORE_ON_STOP;
-                rc = kvm_s390_vcpu_store_status(vcpu,
-                                                  KVM_S390_STORE_STATUS_NOADDR);
-                if (rc >= 0)
-                        rc = -EOPNOTSUPP;
-        }
        if (vcpu->arch.local_int.action_bits & ACTION_RELOADVCPU_ON_STOP) {
                vcpu->arch.local_int.action_bits &= ~ACTION_RELOADVCPU_ON_STOP;
@@ -155,7 +148,18 @@ static int handle_stop(struct kvm_vcpu *vcpu)
                rc = -EOPNOTSUPP;
        }
-        spin_unlock_bh(&vcpu->arch.local_int.lock);
+        if (vcpu->arch.local_int.action_bits & ACTION_STORE_ON_STOP) {
+                vcpu->arch.local_int.action_bits &= ~ACTION_STORE_ON_STOP;
+                /* store status must be called unlocked. Since local_int.lock
+                 * only protects local_int.* and not guest memory we can give
+                 * up the lock here */
+                spin_unlock_bh(&vcpu->arch.local_int.lock);
+                rc = kvm_s390_vcpu_store_status(vcpu,
+                                                KVM_S390_STORE_STATUS_NOADDR);
+                if (rc >= 0)
+                        rc = -EOPNOTSUPP;
+        } else
+                spin_unlock_bh(&vcpu->arch.local_int.lock);
        return rc;
 }
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index f0647ce6da2..2d9f9a72bb8 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -236,8 +236,7 @@ static void __do_deliver_interrupt(struct kvm_vcpu *vcpu,
                VCPU_EVENT(vcpu, 4, "interrupt: set prefix to %x",
                           inti->prefix.address);
                vcpu->stat.deliver_prefix_signal++;
-                vcpu->arch.sie_block->prefix = inti->prefix.address;
+                kvm_s390_set_prefix(vcpu, inti->prefix.address);
-                vcpu->arch.sie_block->ihcpu = 0xffff;
                break;
        case KVM_S390_RESTART:
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index d1c44573245..17ad69d596f 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -129,6 +129,10 @@ int kvm_dev_ioctl_check_extension(long ext)
        case KVM_CAP_S390_PSW:
        case KVM_CAP_S390_GMAP:
        case KVM_CAP_SYNC_MMU:
+#ifdef CONFIG_KVM_S390_UCONTROL
+        case KVM_CAP_S390_UCONTROL:
+#endif
+        case KVM_CAP_SYNC_REGS:
                r = 1;
                break;
        default:
@@ -171,11 +175,22 @@ long kvm_arch_vm_ioctl(struct file *filp,
        return r;
 }
-int kvm_arch_init_vm(struct kvm *kvm)
+int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 {
        int rc;
        char debug_name[16];
+        rc = -EINVAL;
+#ifdef CONFIG_KVM_S390_UCONTROL
+        if (type & ~KVM_VM_S390_UCONTROL)
+                goto out_err;
+        if ((type & KVM_VM_S390_UCONTROL) && (!capable(CAP_SYS_ADMIN)))
+                goto out_err;
+#else
+        if (type)
+                goto out_err;
+#endif
        rc = s390_enable_sie();
        if (rc)
                goto out_err;
@@ -198,10 +213,13 @@ int kvm_arch_init_vm(struct kvm *kvm)
        debug_register_view(kvm->arch.dbf, &debug_sprintf_view);
        VM_EVENT(kvm, 3, "%s", "vm created");
-        kvm->arch.gmap = gmap_alloc(current->mm);
+        if (type & KVM_VM_S390_UCONTROL) {
-        if (!kvm->arch.gmap)
+                kvm->arch.gmap = NULL;
-                goto out_nogmap;
+        } else {
+                kvm->arch.gmap = gmap_alloc(current->mm);
+                if (!kvm->arch.gmap)
+                        goto out_nogmap;
+        }
        return 0;
 out_nogmap:
        debug_unregister(kvm->arch.dbf);
@@ -214,11 +232,18 @@ out_err:
 void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
 {
        VCPU_EVENT(vcpu, 3, "%s", "free cpu");
-        clear_bit(63 - vcpu->vcpu_id, (unsigned long *) &vcpu->kvm->arch.sca->mcn);
+        if (!kvm_is_ucontrol(vcpu->kvm)) {
-        if (vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda ==
+                clear_bit(63 - vcpu->vcpu_id,
-                (__u64) vcpu->arch.sie_block)
+                          (unsigned long *) &vcpu->kvm->arch.sca->mcn);
-                vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda = 0;
+                if (vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda ==
+                    (__u64) vcpu->arch.sie_block)
+                        vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda = 0;
+        }
        smp_mb();
+        if (kvm_is_ucontrol(vcpu->kvm))
+                gmap_free(vcpu->arch.gmap);
        free_page((unsigned long)(vcpu->arch.sie_block));
        kvm_vcpu_uninit(vcpu);
        kfree(vcpu);
@@ -249,13 +274,25 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
        kvm_free_vcpus(kvm);
        free_page((unsigned long)(kvm->arch.sca));
        debug_unregister(kvm->arch.dbf);
-        gmap_free(kvm->arch.gmap);
+        if (!kvm_is_ucontrol(kvm))
+                gmap_free(kvm->arch.gmap);
 }
 /* Section: vcpu related */
 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
 {
+        if (kvm_is_ucontrol(vcpu->kvm)) {
+                vcpu->arch.gmap = gmap_alloc(current->mm);
+                if (!vcpu->arch.gmap)
+                        return -ENOMEM;
+                return 0;
+        }
        vcpu->arch.gmap = vcpu->kvm->arch.gmap;
+        vcpu->run->kvm_valid_regs = KVM_SYNC_PREFIX |
+                                    KVM_SYNC_GPRS |
+                                    KVM_SYNC_ACRS |
+                                    KVM_SYNC_CRS;
        return 0;
 }
@@ -270,7 +307,7 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
        save_access_regs(vcpu->arch.host_acrs);
        vcpu->arch.guest_fpregs.fpc &= FPC_VALID_MASK;
        restore_fp_regs(&vcpu->arch.guest_fpregs);
-        restore_access_regs(vcpu->arch.guest_acrs);
+        restore_access_regs(vcpu->run->s.regs.acrs);
        gmap_enable(vcpu->arch.gmap);
        atomic_set_mask(CPUSTAT_RUNNING, &vcpu->arch.sie_block->cpuflags);
 }
@@ -280,7 +317,7 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
        atomic_clear_mask(CPUSTAT_RUNNING, &vcpu->arch.sie_block->cpuflags);
        gmap_disable(vcpu->arch.gmap);
        save_fp_regs(&vcpu->arch.guest_fpregs);
-        save_access_regs(vcpu->arch.guest_acrs);
+        save_access_regs(vcpu->run->s.regs.acrs);
        restore_fp_regs(&vcpu->arch.host_fpregs);
        restore_access_regs(vcpu->arch.host_acrs);
 }
@@ -290,8 +327,7 @@ static void kvm_s390_vcpu_initial_reset(struct kvm_vcpu *vcpu)
        /* this equals initial cpu reset in pop, but we don't switch to ESA */
        vcpu->arch.sie_block->gpsw.mask = 0UL;
        vcpu->arch.sie_block->gpsw.addr = 0UL;
-        vcpu->arch.sie_block->prefix    = 0UL;
+        kvm_s390_set_prefix(vcpu, 0);
-        vcpu->arch.sie_block->ihcpu     = 0xffff;
        vcpu->arch.sie_block->cputm     = 0UL;
        vcpu->arch.sie_block->ckc       = 0UL;
        vcpu->arch.sie_block->todpr     = 0;
@@ -342,12 +378,19 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
                goto out_free_cpu;
        vcpu->arch.sie_block->icpua = id;
-        BUG_ON(!kvm->arch.sca);
+        if (!kvm_is_ucontrol(kvm)) {
-        if (!kvm->arch.sca->cpu[id].sda)
+                if (!kvm->arch.sca) {
-                kvm->arch.sca->cpu[id].sda = (__u64) vcpu->arch.sie_block;
+                        WARN_ON_ONCE(1);
-        vcpu->arch.sie_block->scaoh = (__u32)(((__u64)kvm->arch.sca) >> 32);
+                        goto out_free_cpu;
-        vcpu->arch.sie_block->scaol = (__u32)(__u64)kvm->arch.sca;
+                }
-        set_bit(63 - id, (unsigned long *) &kvm->arch.sca->mcn);
+                if (!kvm->arch.sca->cpu[id].sda)
+                        kvm->arch.sca->cpu[id].sda =
+                                (__u64) vcpu->arch.sie_block;
+                vcpu->arch.sie_block->scaoh =
+                        (__u32)(((__u64)kvm->arch.sca) >> 32);
+                vcpu->arch.sie_block->scaol = (__u32)(__u64)kvm->arch.sca;
+                set_bit(63 - id, (unsigned long *) &kvm->arch.sca->mcn);
+        }
        spin_lock_init(&vcpu->arch.local_int.lock);
        INIT_LIST_HEAD(&vcpu->arch.local_int.list);
@@ -388,29 +431,29 @@ static int kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
 int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 {
-        memcpy(&vcpu->arch.guest_gprs, &regs->gprs, sizeof(regs->gprs));
+        memcpy(&vcpu->run->s.regs.gprs, &regs->gprs, sizeof(regs->gprs));
        return 0;
 }
 int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 {
-        memcpy(&regs->gprs, &vcpu->arch.guest_gprs, sizeof(regs->gprs));
+        memcpy(&regs->gprs, &vcpu->run->s.regs.gprs, sizeof(regs->gprs));
        return 0;
 }
 int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
                                  struct kvm_sregs *sregs)
 {
-        memcpy(&vcpu->arch.guest_acrs, &sregs->acrs, sizeof(sregs->acrs));
+        memcpy(&vcpu->run->s.regs.acrs, &sregs->acrs, sizeof(sregs->acrs));
        memcpy(&vcpu->arch.sie_block->gcr, &sregs->crs, sizeof(sregs->crs));
-        restore_access_regs(vcpu->arch.guest_acrs);
+        restore_access_regs(vcpu->run->s.regs.acrs);
        return 0;
 }
 int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
                                  struct kvm_sregs *sregs)
 {
-        memcpy(&sregs->acrs, &vcpu->arch.guest_acrs, sizeof(sregs->acrs));
+        memcpy(&sregs->acrs, &vcpu->run->s.regs.acrs, sizeof(sregs->acrs));
        memcpy(&sregs->crs, &vcpu->arch.sie_block->gcr, sizeof(sregs->crs));
        return 0;
 }
@@ -418,7 +461,7 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
 int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
 {
        memcpy(&vcpu->arch.guest_fpregs.fprs, &fpu->fprs, sizeof(fpu->fprs));
-        vcpu->arch.guest_fpregs.fpc = fpu->fpc;
+        vcpu->arch.guest_fpregs.fpc = fpu->fpc & FPC_VALID_MASK;
        restore_fp_regs(&vcpu->arch.guest_fpregs);
        return 0;
 }
@@ -467,9 +510,11 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
        return -EINVAL; /* not implemented yet */
 }
-static void __vcpu_run(struct kvm_vcpu *vcpu)
+static int __vcpu_run(struct kvm_vcpu *vcpu)
 {
-        memcpy(&vcpu->arch.sie_block->gg14, &vcpu->arch.guest_gprs[14], 16);
+        int rc;
+        memcpy(&vcpu->arch.sie_block->gg14, &vcpu->run->s.regs.gprs[14], 16);
        if (need_resched())
                schedule();
@@ -477,7 +522,8 @@ static void __vcpu_run(struct kvm_vcpu *vcpu)
        if (test_thread_flag(TIF_MCCK_PENDING))
                s390_handle_mcck();
-        kvm_s390_deliver_pending_interrupts(vcpu);
+        if (!kvm_is_ucontrol(vcpu->kvm))
+                kvm_s390_deliver_pending_interrupts(vcpu);
        vcpu->arch.sie_block->icptcode = 0;
        local_irq_disable();
@@ -485,9 +531,15 @@ static void __vcpu_run(struct kvm_vcpu *vcpu)
        local_irq_enable();
        VCPU_EVENT(vcpu, 6, "entering sie flags %x",
                   atomic_read(&vcpu->arch.sie_block->cpuflags));
-        if (sie64a(vcpu->arch.sie_block, vcpu->arch.guest_gprs)) {
+        rc = sie64a(vcpu->arch.sie_block, vcpu->run->s.regs.gprs);
-                VCPU_EVENT(vcpu, 3, "%s", "fault in sie instruction");
+        if (rc) {
-                kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
+                if (kvm_is_ucontrol(vcpu->kvm)) {
+                        rc = SIE_INTERCEPT_UCONTROL;
+                } else {
+                        VCPU_EVENT(vcpu, 3, "%s", "fault in sie instruction");
+                        kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
+                        rc = 0;
+                }
        }
        VCPU_EVENT(vcpu, 6, "exit sie icptcode %d",
                   vcpu->arch.sie_block->icptcode);
@@ -495,7 +547,8 @@ static void __vcpu_run(struct kvm_vcpu *vcpu)
        kvm_guest_exit();
        local_irq_enable();
-        memcpy(&vcpu->arch.guest_gprs[14], &vcpu->arch.sie_block->gg14, 16);
+        memcpy(&vcpu->run->s.regs.gprs[14], &vcpu->arch.sie_block->gg14, 16);
+        return rc;
 }
 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
@@ -516,6 +569,7 @@ rerun_vcpu:
        case KVM_EXIT_UNKNOWN:
        case KVM_EXIT_INTR:
        case KVM_EXIT_S390_RESET:
+        case KVM_EXIT_S390_UCONTROL:
                break;
        default:
                BUG();
@@ -523,12 +577,26 @@ rerun_vcpu:
        vcpu->arch.sie_block->gpsw.mask = kvm_run->psw_mask;
        vcpu->arch.sie_block->gpsw.addr = kvm_run->psw_addr;
+        if (kvm_run->kvm_dirty_regs & KVM_SYNC_PREFIX) {
+                kvm_run->kvm_dirty_regs &= ~KVM_SYNC_PREFIX;
+                kvm_s390_set_prefix(vcpu, kvm_run->s.regs.prefix);
+        }
+        if (kvm_run->kvm_dirty_regs & KVM_SYNC_CRS) {
+                kvm_run->kvm_dirty_regs &= ~KVM_SYNC_CRS;
+                memcpy(&vcpu->arch.sie_block->gcr, &kvm_run->s.regs.crs, 128);
+                kvm_s390_set_prefix(vcpu, kvm_run->s.regs.prefix);
+        }
        might_fault();
        do {
-                __vcpu_run(vcpu);
+                rc = __vcpu_run(vcpu);
-                rc = kvm_handle_sie_intercept(vcpu);
+                if (rc)
+                        break;
+                if (kvm_is_ucontrol(vcpu->kvm))
+                        rc = -EOPNOTSUPP;
+                else
+                        rc = kvm_handle_sie_intercept(vcpu);
        } while (!signal_pending(current) && !rc);
        if (rc == SIE_INTERCEPT_RERUNVCPU)
@@ -539,6 +607,16 @@ rerun_vcpu:
                rc = -EINTR;
        }
+#ifdef CONFIG_KVM_S390_UCONTROL
+        if (rc == SIE_INTERCEPT_UCONTROL) {
+                kvm_run->exit_reason = KVM_EXIT_S390_UCONTROL;
+                kvm_run->s390_ucontrol.trans_exc_code =
+                        current->thread.gmap_addr;
+                kvm_run->s390_ucontrol.pgm_code = 0x10;
+                rc = 0;
+        }
+#endif
        if (rc == -EOPNOTSUPP) {
                /* intercept cannot be handled in-kernel, prepare kvm-run */
                kvm_run->exit_reason         = KVM_EXIT_S390_SIEIC;
@@ -556,6 +634,8 @@ rerun_vcpu:
        kvm_run->psw_mask     = vcpu->arch.sie_block->gpsw.mask;
        kvm_run->psw_addr     = vcpu->arch.sie_block->gpsw.addr;
+        kvm_run->s.regs.prefix = vcpu->arch.sie_block->prefix;
+        memcpy(&kvm_run->s.regs.crs, &vcpu->arch.sie_block->gcr, 128);
        if (vcpu->sigset_active)
                sigprocmask(SIG_SETMASK, &sigsaved, NULL);
@@ -602,7 +682,7 @@ int kvm_s390_vcpu_store_status(struct kvm_vcpu *vcpu, unsigned long addr)
                return -EFAULT;
        if (__guestcopy(vcpu, addr + offsetof(struct save_area, gp_regs),
-                        vcpu->arch.guest_gprs, 128, prefix))
+                        vcpu->run->s.regs.gprs, 128, prefix))
                return -EFAULT;
        if (__guestcopy(vcpu, addr + offsetof(struct save_area, psw),
@@ -631,7 +711,7 @@ int kvm_s390_vcpu_store_status(struct kvm_vcpu *vcpu, unsigned long addr)
                return -EFAULT;
        if (__guestcopy(vcpu, addr + offsetof(struct save_area, acc_regs),
-                        &vcpu->arch.guest_acrs, 64, prefix))
+                        &vcpu->run->s.regs.acrs, 64, prefix))
                return -EFAULT;
        if (__guestcopy(vcpu,
@@ -673,12 +753,77 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
        case KVM_S390_INITIAL_RESET:
                r = kvm_arch_vcpu_ioctl_initial_reset(vcpu);
                break;
+#ifdef CONFIG_KVM_S390_UCONTROL
+        case KVM_S390_UCAS_MAP: {
+                struct kvm_s390_ucas_mapping ucasmap;
+                if (copy_from_user(&ucasmap, argp, sizeof(ucasmap))) {
+                        r = -EFAULT;
+                        break;
+                }
+                if (!kvm_is_ucontrol(vcpu->kvm)) {
+                        r = -EINVAL;
+                        break;
+                }
+                r = gmap_map_segment(vcpu->arch.gmap, ucasmap.user_addr,
+                                     ucasmap.vcpu_addr, ucasmap.length);
+                break;
+        }
+        case KVM_S390_UCAS_UNMAP: {
+                struct kvm_s390_ucas_mapping ucasmap;
+                if (copy_from_user(&ucasmap, argp, sizeof(ucasmap))) {
+                        r = -EFAULT;
+                        break;
+                }
+                if (!kvm_is_ucontrol(vcpu->kvm)) {
+                        r = -EINVAL;
+                        break;
+                }
+                r = gmap_unmap_segment(vcpu->arch.gmap, ucasmap.vcpu_addr,
+                        ucasmap.length);
+                break;
+        }
+#endif
+        case KVM_S390_VCPU_FAULT: {
+                r = gmap_fault(arg, vcpu->arch.gmap);
+                if (!IS_ERR_VALUE(r))
+                        r = 0;
+                break;
+        }
        default:
-                r = -EINVAL;
+                r = -ENOTTY;
        }
        return r;
 }
+int kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf)
+{
+#ifdef CONFIG_KVM_S390_UCONTROL
+        if ((vmf->pgoff == KVM_S390_SIE_PAGE_OFFSET)
+                 && (kvm_is_ucontrol(vcpu->kvm))) {
+                vmf->page = virt_to_page(vcpu->arch.sie_block);
+                get_page(vmf->page);
+                return 0;
+        }
+#endif
+        return VM_FAULT_SIGBUS;
+}
+void kvm_arch_free_memslot(struct kvm_memory_slot *free,
+                           struct kvm_memory_slot *dont)
+{
+}
+int kvm_arch_create_memslot(struct kvm_memory_slot *slot, unsigned long npages)
+{
+        return 0;
+}
 /* Section: memory related */
 int kvm_arch_prepare_memory_region(struct kvm *kvm,
                                   struct kvm_memory_slot *memslot,
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 99b0b759711..ff28f9d1c9e 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -26,6 +26,7 @@ typedef int (*intercept_handler_t)(struct kvm_vcpu *vcpu);
 /* negativ values are error codes, positive values for internal conditions */
 #define SIE_INTERCEPT_RERUNVCPU         (1<<0)
+#define SIE_INTERCEPT_UCONTROL          (1<<1)
 int kvm_handle_sie_intercept(struct kvm_vcpu *vcpu);
 #define VM_EVENT(d_kvm, d_loglevel, d_string, d_args...)\
@@ -47,6 +48,23 @@ static inline int __cpu_is_stopped(struct kvm_vcpu *vcpu)
        return atomic_read(&vcpu->arch.sie_block->cpuflags) & CPUSTAT_STOP_INT;
 }
+static inline int kvm_is_ucontrol(struct kvm *kvm)
+{
+#ifdef CONFIG_KVM_S390_UCONTROL
+        if (kvm->arch.gmap)
+                return 0;
+        return 1;
+#else
+        return 0;
+#endif
+}
+static inline void kvm_s390_set_prefix(struct kvm_vcpu *vcpu, u32 prefix)
+{
+        vcpu->arch.sie_block->prefix = prefix & 0x7fffe000u;
+        vcpu->arch.sie_block->ihcpu  = 0xffff;
+}
 int kvm_s390_handle_wait(struct kvm_vcpu *vcpu);
 enum hrtimer_restart kvm_s390_idle_wakeup(struct hrtimer *timer);
 void kvm_s390_tasklet(unsigned long parm);
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index d0263895992..e5a45dbd26a 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -33,7 +33,7 @@ static int handle_set_prefix(struct kvm_vcpu *vcpu)
        operand2 = disp2;
        if (base2)
-                operand2 += vcpu->arch.guest_gprs[base2];
+                operand2 += vcpu->run->s.regs.gprs[base2];
        /* must be word boundary */
        if (operand2 & 3) {
@@ -56,8 +56,7 @@ static int handle_set_prefix(struct kvm_vcpu *vcpu)
                goto out;
        }
-        vcpu->arch.sie_block->prefix = address;
+        kvm_s390_set_prefix(vcpu, address);
-        vcpu->arch.sie_block->ihcpu = 0xffff;
        VCPU_EVENT(vcpu, 5, "setting prefix to %x", address);
 out:
@@ -74,7 +73,7 @@ static int handle_store_prefix(struct kvm_vcpu *vcpu)
        vcpu->stat.instruction_stpx++;
        operand2 = disp2;
        if (base2)
-                operand2 += vcpu->arch.guest_gprs[base2];
+                operand2 += vcpu->run->s.regs.gprs[base2];
        /* must be word boundary */
        if (operand2 & 3) {
@@ -106,7 +105,7 @@ static int handle_store_cpu_address(struct kvm_vcpu *vcpu)
        vcpu->stat.instruction_stap++;
        useraddr = disp2;
        if (base2)
-                useraddr += vcpu->arch.guest_gprs[base2];
+                useraddr += vcpu->run->s.regs.gprs[base2];
        if (useraddr & 1) {
                kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
@@ -181,7 +180,7 @@ static int handle_stidp(struct kvm_vcpu *vcpu)
        vcpu->stat.instruction_stidp++;
        operand2 = disp2;
        if (base2)
-                operand2 += vcpu->arch.guest_gprs[base2];
+                operand2 += vcpu->run->s.regs.gprs[base2];
        if (operand2 & 7) {
                kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
@@ -232,9 +231,9 @@ static void handle_stsi_3_2_2(struct kvm_vcpu *vcpu, struct sysinfo_3_2_2 *mem)
 static int handle_stsi(struct kvm_vcpu *vcpu)
 {
-        int fc = (vcpu->arch.guest_gprs[0] & 0xf0000000) >> 28;
+        int fc = (vcpu->run->s.regs.gprs[0] & 0xf0000000) >> 28;
-        int sel1 = vcpu->arch.guest_gprs[0] & 0xff;
+        int sel1 = vcpu->run->s.regs.gprs[0] & 0xff;
-        int sel2 = vcpu->arch.guest_gprs[1] & 0xffff;
+        int sel2 = vcpu->run->s.regs.gprs[1] & 0xffff;
        int base2 = vcpu->arch.sie_block->ipb >> 28;
        int disp2 = ((vcpu->arch.sie_block->ipb & 0x0fff0000) >> 16);
        u64 operand2;
@@ -245,14 +244,14 @@ static int handle_stsi(struct kvm_vcpu *vcpu)
        operand2 = disp2;
        if (base2)
-                operand2 += vcpu->arch.guest_gprs[base2];
+                operand2 += vcpu->run->s.regs.gprs[base2];
        if (operand2 & 0xfff && fc > 0)
                return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
        switch (fc) {
        case 0:
-                vcpu->arch.guest_gprs[0] = 3 << 28;
+                vcpu->run->s.regs.gprs[0] = 3 << 28;
                vcpu->arch.sie_block->gpsw.mask &= ~(3ul << 44);
                return 0;
        case 1: /* same handling for 1 and 2 */
@@ -281,7 +280,7 @@ static int handle_stsi(struct kvm_vcpu *vcpu)
        }
        free_page(mem);
        vcpu->arch.sie_block->gpsw.mask &= ~(3ul << 44);
-        vcpu->arch.guest_gprs[0] = 0;
+        vcpu->run->s.regs.gprs[0] = 0;
        return 0;
 out_mem:
        free_page(mem);
@@ -333,8 +332,8 @@ static int handle_tprot(struct kvm_vcpu *vcpu)
        int disp1 = (vcpu->arch.sie_block->ipb & 0x0fff0000) >> 16;
        int base2 = (vcpu->arch.sie_block->ipb & 0xf000) >> 12;
        int disp2 = vcpu->arch.sie_block->ipb & 0x0fff;
-        u64 address1 = disp1 + base1 ? vcpu->arch.guest_gprs[base1] : 0;
+        u64 address1 = disp1 + base1 ? vcpu->run->s.regs.gprs[base1] : 0;
-        u64 address2 = disp2 + base2 ? vcpu->arch.guest_gprs[base2] : 0;
+        u64 address2 = disp2 + base2 ? vcpu->run->s.regs.gprs[base2] : 0;
        struct vm_area_struct *vma;
        unsigned long user_address;
diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
index 0a7941d74bc..0ad4cf23839 100644
--- a/arch/s390/kvm/sigp.c
+++ b/arch/s390/kvm/sigp.c
@@ -48,7 +48,7 @@
 static int __sigp_sense(struct kvm_vcpu *vcpu, u16 cpu_addr,
-                        unsigned long *reg)
+                        u64 *reg)
 {
        struct kvm_s390_float_interrupt *fi = &vcpu->kvm->arch.float_int;
        int rc;
@@ -160,12 +160,15 @@ static int __inject_sigp_stop(struct kvm_s390_local_interrupt *li, int action)
        inti->type = KVM_S390_SIGP_STOP;
        spin_lock_bh(&li->lock);
+        if ((atomic_read(li->cpuflags) & CPUSTAT_STOPPED))
+                goto out;
        list_add_tail(&inti->list, &li->list);
        atomic_set(&li->active, 1);
        atomic_set_mask(CPUSTAT_STOP_INT, li->cpuflags);
        li->action_bits |= action;
        if (waitqueue_active(&li->wq))
                wake_up_interruptible(&li->wq);
+out:
        spin_unlock_bh(&li->lock);
        return 0; /* order accepted */
@@ -220,7 +223,7 @@ static int __sigp_set_arch(struct kvm_vcpu *vcpu, u32 parameter)
 }
 static int __sigp_set_prefix(struct kvm_vcpu *vcpu, u16 cpu_addr, u32 address,
-                             unsigned long *reg)
+                             u64 *reg)
 {
        struct kvm_s390_float_interrupt *fi = &vcpu->kvm->arch.float_int;
        struct kvm_s390_local_interrupt *li = NULL;
@@ -278,7 +281,7 @@ out_fi:
 }
 static int __sigp_sense_running(struct kvm_vcpu *vcpu, u16 cpu_addr,
-                                unsigned long *reg)
+                                u64 *reg)
 {
        int rc;
        struct kvm_s390_float_interrupt *fi = &vcpu->kvm->arch.float_int;
@@ -309,6 +312,34 @@ static int __sigp_sense_running(struct kvm_vcpu *vcpu, u16 cpu_addr,
        return rc;
 }
+static int __sigp_restart(struct kvm_vcpu *vcpu, u16 cpu_addr)
+{
+        int rc = 0;
+        struct kvm_s390_float_interrupt *fi = &vcpu->kvm->arch.float_int;
+        struct kvm_s390_local_interrupt *li;
+        if (cpu_addr >= KVM_MAX_VCPUS)
+                return 3; /* not operational */
+        spin_lock(&fi->lock);
+        li = fi->local_int[cpu_addr];
+        if (li == NULL) {
+                rc = 3; /* not operational */
+                goto out;
+        }
+        spin_lock_bh(&li->lock);
+        if (li->action_bits & ACTION_STOP_ON_STOP)
+                rc = 2; /* busy */
+        else
+                VCPU_EVENT(vcpu, 4, "sigp restart %x to handle userspace",
+                        cpu_addr);
+        spin_unlock_bh(&li->lock);
+out:
+        spin_unlock(&fi->lock);
+        return rc;
+}
 int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
 {
        int r1 = (vcpu->arch.sie_block->ipa & 0x00f0) >> 4;
@@ -316,7 +347,7 @@ int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
        int base2 = vcpu->arch.sie_block->ipb >> 28;
        int disp2 = ((vcpu->arch.sie_block->ipb & 0x0fff0000) >> 16);
        u32 parameter;
-        u16 cpu_addr = vcpu->arch.guest_gprs[r3];
+        u16 cpu_addr = vcpu->run->s.regs.gprs[r3];
        u8 order_code;
        int rc;
@@ -327,18 +358,18 @@ int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
        order_code = disp2;
        if (base2)
-                order_code += vcpu->arch.guest_gprs[base2];
+                order_code += vcpu->run->s.regs.gprs[base2];
        if (r1 % 2)
-                parameter = vcpu->arch.guest_gprs[r1];
+                parameter = vcpu->run->s.regs.gprs[r1];
        else
-                parameter = vcpu->arch.guest_gprs[r1 + 1];
+                parameter = vcpu->run->s.regs.gprs[r1 + 1];
        switch (order_code) {
        case SIGP_SENSE:
                vcpu->stat.instruction_sigp_sense++;
                rc = __sigp_sense(vcpu, cpu_addr,
-                                  &vcpu->arch.guest_gprs[r1]);
+                                  &vcpu->run->s.regs.gprs[r1]);
                break;
        case SIGP_EXTERNAL_CALL:
                vcpu->stat.instruction_sigp_external_call++;
@@ -354,7 +385,8 @@ int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
                break;
        case SIGP_STOP_STORE_STATUS:
                vcpu->stat.instruction_sigp_stop++;
-                rc = __sigp_stop(vcpu, cpu_addr, ACTION_STORE_ON_STOP);
+                rc = __sigp_stop(vcpu, cpu_addr, ACTION_STORE_ON_STOP |
+                                                 ACTION_STOP_ON_STOP);
                break;
        case SIGP_SET_ARCH:
                vcpu->stat.instruction_sigp_arch++;
@@ -363,15 +395,18 @@ int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
        case SIGP_SET_PREFIX:
                vcpu->stat.instruction_sigp_prefix++;
                rc = __sigp_set_prefix(vcpu, cpu_addr, parameter,
-                                       &vcpu->arch.guest_gprs[r1]);
+                                       &vcpu->run->s.regs.gprs[r1]);
                break;
        case SIGP_SENSE_RUNNING:
                vcpu->stat.instruction_sigp_sense_running++;
                rc = __sigp_sense_running(vcpu, cpu_addr,
-                                          &vcpu->arch.guest_gprs[r1]);
+                                          &vcpu->run->s.regs.gprs[r1]);
                break;
        case SIGP_RESTART:
                vcpu->stat.instruction_sigp_restart++;
+                rc = __sigp_restart(vcpu, cpu_addr);
+                if (rc == 2) /* busy */
+                        break;
                /* user space must know about restart */
        default:
                return -EOPNOTSUPP;