xref: /illumos-gate/usr/src/uts/common/xen/public/arch-x86/xen-mca.h (revision 07a48826732249fcd3aa8dd53c8389595e9f1fbc)
1 /******************************************************************************
2  * arch-x86/mca.h
3  *
4  * Contributed by Advanced Micro Devices, Inc.
5  * Author: Christoph Egger <Christoph.Egger@amd.com>
6  *
7  * Guest OS machine check interface to x86 Xen.
8  *
9  * Permission is hereby granted, free of charge, to any person obtaining a copy
10  * of this software and associated documentation files (the "Software"), to
11  * deal in the Software without restriction, including without limitation the
12  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
13  * sell copies of the Software, and to permit persons to whom the Software is
14  * furnished to do so, subject to the following conditions:
15  *
16  * The above copyright notice and this permission notice shall be included in
17  * all copies or substantial portions of the Software.
18  *
19  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
25  * DEALINGS IN THE SOFTWARE.
26  */
27 
28 /* Full MCA functionality has the following Usecases from the guest side:
29  *
30  * Must have's:
31  * 1. Dom0 and DomU register machine check trap callback handlers
32  *    (already done via "set_trap_table" hypercall)
33  * 2. Dom0 registers machine check event callback handler
34  *    (doable via EVTCHNOP_bind_virq)
35  * 3. Dom0 and DomU fetches machine check data
36  * 4. Dom0 wants Xen to notify a DomU
37  * 5. Dom0 gets DomU ID from physical address
38  * 6. Dom0 wants Xen to kill DomU (already done for "xm destroy")
39  *
40  * Nice to have's:
41  * 7. Dom0 wants Xen to deactivate a physical CPU
42  *    This is better done as separate task, physical CPU hotplugging,
43  *    and hypercall(s) should be sysctl's
44  * 8. Page migration proposed from Xen NUMA work, where Dom0 can tell Xen to
45  *    move a DomU (or Dom0 itself) away from a malicious page
46  *    producing correctable errors.
47  * 9. offlining physical page:
48  *    Xen free's and never re-uses a certain physical page.
49  * 10. Testfacility: Allow Dom0 to write values into machine check MSR's
50  *     and tell Xen to trigger a machine check
51  */
52 
53 #ifndef __XEN_PUBLIC_ARCH_X86_MCA_H__
54 #define __XEN_PUBLIC_ARCH_X86_MCA_H__
55 
56 /* Hypercall */
57 #define __HYPERVISOR_mca __HYPERVISOR_arch_0
58 
59 /*
60  * The xen-unstable repo has interface version 0x03000001; out interface
61  * is incompatible with that and any future minor revisions, so we
62  * choose a different version number range that is numerically less
63  * than that used in xen-unstable.
64  */
65 #define XEN_MCA_INTERFACE_VERSION 0x01ecc002
66 
67 /* IN: Dom0 calls hypercall to retrieve nonurgent telemetry */
68 #define XEN_MC_NONURGENT  0x0001
69 /* IN: Dom0/DomU calls hypercall to retrieve urgent telemetry */
70 #define XEN_MC_URGENT     0x0002
71 /* IN: Dom0 acknowledges previosly-fetched telemetry */
72 #define XEN_MC_ACK        0x0004
73 
74 /* OUT: All is ok */
75 #define XEN_MC_OK           0x0
76 /* OUT: Domain could not fetch data. */
77 #define XEN_MC_FETCHFAILED  0x1
78 /* OUT: There was no machine check data to fetch. */
79 #define XEN_MC_NODATA       0x2
80 /* OUT: Between notification time and this hypercall an other
81  *  (most likely) correctable error happened. The fetched data,
82  *  does not match the original machine check data. */
83 #define XEN_MC_NOMATCH      0x4
84 
85 /* OUT: DomU did not register MC NMI handler. Try something else. */
86 #define XEN_MC_CANNOTHANDLE 0x8
87 /* OUT: Notifying DomU failed. Retry later or try something else. */
88 #define XEN_MC_NOTDELIVERED 0x10
89 /* Note, XEN_MC_CANNOTHANDLE and XEN_MC_NOTDELIVERED are mutually exclusive. */
90 
91 
92 #ifndef __ASSEMBLY__
93 
94 #define VIRQ_MCA VIRQ_ARCH_0 /* G. (DOM0) Machine Check Architecture */
95 
96 /*
97  * Machine Check Architecure:
98  * structs are read-only and used to report all kinds of
99  * correctable and uncorrectable errors detected by the HW.
100  * Dom0 and DomU: register a handler to get notified.
101  * Dom0 only: Correctable errors are reported via VIRQ_MCA
102  * Dom0 and DomU: Uncorrectable errors are reported via nmi handlers
103  */
104 #define MC_TYPE_GLOBAL          0
105 #define MC_TYPE_BANK            1
106 #define MC_TYPE_EXTENDED        2
107 
108 struct mcinfo_common {
109     uint16_t type;      /* structure type */
110     uint16_t size;      /* size of this struct in bytes */
111 };
112 
113 
114 #define MC_FLAG_CORRECTABLE     (1 << 0)
115 #define MC_FLAG_UNCORRECTABLE   (1 << 1)
116 #define MC_FLAG_RECOVERABLE	(1 << 2)
117 #define MC_FLAG_POLLED		(1 << 3)
118 #define MC_FLAG_RESET		(1 << 4)
119 #define MC_FLAG_CMCI		(1 << 5)
120 #define MC_FLAG_MCE		(1 << 6)
121 /* contains global x86 mc information */
122 struct mcinfo_global {
123     struct mcinfo_common common;
124 
125     /* running domain at the time in error (most likely the impacted one) */
126     uint16_t mc_domid;
127     uint32_t mc_socketid; /* physical socket of the physical core */
128     uint16_t mc_coreid; /* physical impacted core */
129     uint32_t mc_apicid;
130     uint16_t mc_core_threadid; /* core thread of physical core */
131     uint16_t mc_vcpuid; /* virtual cpu scheduled for mc_domid */
132     uint64_t mc_gstatus; /* global status */
133     uint32_t mc_flags;
134 };
135 
136 /* contains bank local x86 mc information */
137 struct mcinfo_bank {
138     struct mcinfo_common common;
139 
140     uint16_t mc_bank; /* bank nr */
141     uint16_t mc_domid; /* Usecase 5: domain referenced by mc_addr on dom0
142                         * and if mc_addr is valid. Never valid on DomU. */
143     uint64_t mc_status; /* bank status */
144     uint64_t mc_addr;   /* bank address, only valid
145                          * if addr bit is set in mc_status */
146     uint64_t mc_misc;
147     uint64_t mc_ctrl2;
148     uint64_t mc_tsc;
149 };
150 
151 
152 struct mcinfo_msr {
153     uint64_t reg;   /* MSR */
154     uint64_t value; /* MSR value */
155 };
156 
157 /* contains mc information from other
158  * or additional mc MSRs */
159 struct mcinfo_extended {
160     struct mcinfo_common common;
161 
162     /* You can fill up to five registers.
163      * If you need more, then use this structure
164      * multiple times. */
165 
166     uint32_t mc_msrs; /* Number of msr with valid values. */
167     /*
168      * Currently Intel extended MSR (32/64) including all gp registers
169      * and E(R)DI, E(R)BP, E(R)SP, E(R)FLAGS, E(R)IP, E(R)MISC, only 10
170      * of them might be useful. So expend this array to 10.
171     */
172     struct mcinfo_msr mc_msr[10];
173 };
174 
175 #define MCINFO_HYPERCALLSIZE	1024
176 #define MCINFO_MAXSIZE		768
177 
178 struct mc_info {
179     /* Number of mcinfo_* entries in mi_data */
180     uint32_t mi_nentries;
181 
182     uint8_t mi_data[MCINFO_MAXSIZE - sizeof(uint32_t)];
183 };
184 typedef struct mc_info mc_info_t;
185 DEFINE_XEN_GUEST_HANDLE(mc_info_t);
186 
187 #define __MC_MSR_ARRAYSIZE 8
188 #define __MC_NMSRS 1
189 #define MC_NCAPS	7	/* 7 CPU feature flag words */
190 #define MC_CAPS_STD_EDX	0	/* cpuid level 0x00000001 (%edx) */
191 #define MC_CAPS_AMD_EDX	1	/* cpuid level 0x80000001 (%edx) */
192 #define MC_CAPS_TM	2	/* cpuid level 0x80860001 (TransMeta) */
193 #define MC_CAPS_LINUX	3	/* Linux-defined */
194 #define MC_CAPS_STD_ECX	4	/* cpuid level 0x00000001 (%ecx) */
195 #define MC_CAPS_VIA	5	/* cpuid level 0xc0000001 */
196 #define MC_CAPS_AMD_ECX	6	/* cpuid level 0x80000001 (%ecx) */
197 
198 typedef struct mcinfo_logical_cpu {
199     uint32_t mc_cpunr;
200     uint32_t mc_chipid;
201     uint16_t mc_coreid;
202     uint16_t mc_threadid;
203     uint32_t mc_apicid;
204     uint32_t mc_clusterid;
205     uint32_t mc_ncores;
206     uint32_t mc_ncores_active;
207     uint32_t mc_nthreads;
208     int32_t mc_cpuid_level;
209     uint32_t mc_family;
210     uint32_t mc_vendor;
211     uint32_t mc_model;
212     uint32_t mc_step;
213     char mc_vendorid[16];
214     char mc_brandid[64];
215     uint32_t mc_cpu_caps[MC_NCAPS];
216     uint32_t mc_cache_size;
217     uint32_t mc_cache_alignment;
218     int32_t mc_nmsrvals;
219     struct mcinfo_msr mc_msrvalues[__MC_MSR_ARRAYSIZE];
220 } xen_mc_logical_cpu_t;
221 DEFINE_XEN_GUEST_HANDLE(xen_mc_logical_cpu_t);
222 
223 
224 /*
225  * OS's should use these instead of writing their own lookup function
226  * each with its own bugs and drawbacks.
227  * We use macros instead of static inline functions to allow guests
228  * to include this header in assembly files (*.S).
229  */
230 /* Prototype:
231  *    uint32_t x86_mcinfo_nentries(struct mc_info *mi);
232  */
233 #define x86_mcinfo_nentries(_mi)    \
234     (_mi)->mi_nentries
235 /* Prototype:
236  *    struct mcinfo_common *x86_mcinfo_first(struct mc_info *mi);
237  */
238 #define x86_mcinfo_first(_mi)       \
239     (struct mcinfo_common *)((_mi)->mi_data)
240 /* Prototype:
241  *    struct mcinfo_common *x86_mcinfo_next(struct mcinfo_common *mic);
242  */
243 #define x86_mcinfo_next(_mic)       \
244     (struct mcinfo_common *)((uint8_t *)(_mic) + (_mic)->size)
245 
246 /* Prototype:
247  *    void x86_mcinfo_lookup(void *ret, struct mc_info *mi, uint16_t type);
248  */
249 #define x86_mcinfo_lookup(_ret, _mi, _type)    \
250     do {                                                        \
251         uint32_t found, i;                                      \
252         struct mcinfo_common *_mic;                             \
253                                                                 \
254         found = 0;                                              \
255 	(_ret) = NULL;						\
256 	if (_mi == NULL) break;					\
257         _mic = x86_mcinfo_first(_mi);                           \
258         for (i = 0; i < x86_mcinfo_nentries(_mi); i++) {        \
259             if (_mic->type == (_type)) {                        \
260                 found = 1;                                      \
261                 break;                                          \
262             }                                                   \
263             _mic = x86_mcinfo_next(_mic);                       \
264         }                                                       \
265         (_ret) = found ? _mic : NULL;                           \
266     } while (0)
267 
268 
269 /* Usecase 1
270  * Register machine check trap callback handler
271  *    (already done via "set_trap_table" hypercall)
272  */
273 
274 /* Usecase 2
275  * Dom0 registers machine check event callback handler
276  * done by EVTCHNOP_bind_virq
277  */
278 
279 /* Usecase 3
280  * Fetch machine check data from hypervisor.
281  * Note, this hypercall is special, because both Dom0 and DomU must use this.
282  */
283 #define XEN_MC_fetch            1
284 struct xen_mc_fetch {
285     /* IN/OUT variables. */
286     uint32_t flags;	/* IN: XEN_MC_NONURGENT, XEN_MC_URGENT,
287                            XEN_MC_ACK if ack'ing an earlier fetch */
288 			/* OUT: XEN_MC_OK, XEN_MC_FETCHFAILED,
289 			   XEN_MC_NODATA, XEN_MC_NOMATCH */
290     uint64_t fetch_id;	/* OUT: id for ack, IN: id we are ack'ing */
291 
292     /* OUT variables. */
293     XEN_GUEST_HANDLE(mc_info_t) data;
294 };
295 typedef struct xen_mc_fetch xen_mc_fetch_t;
296 DEFINE_XEN_GUEST_HANDLE(xen_mc_fetch_t);
297 
298 
299 /* Usecase 4
300  * This tells the hypervisor to notify a DomU about the machine check error
301  */
302 #define XEN_MC_notifydomain     2
303 struct xen_mc_notifydomain {
304     /* IN variables. */
305     uint16_t mc_domid;    /* The unprivileged domain to notify. */
306     uint16_t mc_vcpuid;   /* The vcpu in mc_domid to notify.
307                            * Usually echo'd value from the fetch hypercall. */
308 
309     /* IN/OUT variables. */
310     uint32_t flags;
311 
312 /* IN: XEN_MC_CORRECTABLE, XEN_MC_TRAP */
313 /* OUT: XEN_MC_OK, XEN_MC_CANNOTHANDLE, XEN_MC_NOTDELIVERED, XEN_MC_NOMATCH */
314 };
315 typedef struct xen_mc_notifydomain xen_mc_notifydomain_t;
316 DEFINE_XEN_GUEST_HANDLE(xen_mc_notifydomain_t);
317 
318 #define XEN_MC_physcpuinfo 3
319 struct xen_mc_physcpuinfo {
320 	/* IN/OUT */
321 	uint32_t ncpus;
322 	uint32_t pad0;
323 	/* OUT */
324 	XEN_GUEST_HANDLE(xen_mc_logical_cpu_t) info;
325 };
326 
327 #define XEN_MC_msrinject    4
328 #define MC_MSRINJ_MAXMSRS       8
329 struct xen_mc_msrinject {
330        /* IN */
331 	unsigned int mcinj_cpunr;       /* target processor id */
332 	uint32_t mcinj_flags;           /* see MC_MSRINJ_F_* below */
333 	uint32_t mcinj_count;           /* 0 .. count-1 in array are valid */
334 	uint32_t mcinj_pad0;
335 	struct mcinfo_msr mcinj_msr[MC_MSRINJ_MAXMSRS];
336 };
337 
338 /* Flags for mcinj_flags above; bits 16-31 are reserved */
339 #define MC_MSRINJ_F_INTERPOSE   0x1
340 
341 #define XEN_MC_mceinject    5
342 struct xen_mc_mceinject {
343 	unsigned int mceinj_cpunr;      /* target processor id */
344 };
345 
346 typedef union {
347     struct xen_mc_fetch        mc_fetch;
348     struct xen_mc_notifydomain mc_notifydomain;
349     struct xen_mc_physcpuinfo  mc_physcpuinfo;
350     struct xen_mc_msrinject    mc_msrinject;
351     struct xen_mc_mceinject    mc_mceinject;
352 } xen_mc_arg_t;
353 
354 struct xen_mc {
355     uint32_t cmd;
356     uint32_t interface_version; /* XEN_MCA_INTERFACE_VERSION */
357     xen_mc_arg_t u;
358 };
359 typedef struct xen_mc xen_mc_t;
360 DEFINE_XEN_GUEST_HANDLE(xen_mc_t);
361 
362 #endif /* __ASSEMBLY__ */
363 
364 #endif /* __XEN_PUBLIC_ARCH_X86_MCA_H__ */
365