xref: /illumos-gate/usr/src/uts/sun4/io/px/px_fm.c (revision 9a5d73e03cd3312ddb571a748c40a63c58bd66e5)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * PX Fault Management Architecture
28  */
29 #include <sys/types.h>
30 #include <sys/sunndi.h>
31 #include <sys/sunddi.h>
32 #include <sys/fm/protocol.h>
33 #include <sys/fm/util.h>
34 #include <sys/fm/io/pci.h>
35 #include <sys/membar.h>
36 #include "px_obj.h"
37 
38 extern uint_t px_ranges_phi_mask;
39 
40 #define	PX_PCIE_PANIC_BITS \
41 	(PCIE_AER_UCE_DLP | PCIE_AER_UCE_FCP | PCIE_AER_UCE_TO | \
42 	PCIE_AER_UCE_RO | PCIE_AER_UCE_MTLP | PCIE_AER_UCE_ECRC)
43 #define	PX_PCIE_NO_PANIC_BITS \
44 	(PCIE_AER_UCE_TRAINING | PCIE_AER_UCE_SD | PCIE_AER_UCE_CA | \
45 	PCIE_AER_UCE_UC | PCIE_AER_UCE_UR)
46 
47 /*
48  * Global panicing state variabled used to control if further error handling
49  * should occur.  If the system is already panic'ing or if PX itself has
50  * recommended panic'ing the system, no further error handling should occur to
51  * prevent the system from hanging.
52  */
53 boolean_t px_panicing = B_FALSE;
54 
55 static pf_data_t *px_get_pfd(px_t *px_p);
56 
57 static int px_pcie_ptlp(dev_info_t *dip, ddi_fm_error_t *derr,
58     px_err_pcie_t *regs);
59 
60 #if defined(DEBUG)
61 static void px_pcie_log(dev_info_t *dip, px_err_pcie_t *regs);
62 #else	/* DEBUG */
63 #define	px_pcie_log 0 &&
64 #endif	/* DEBUG */
65 
66 /*
67  * Initialize px FMA support
68  */
69 int
70 px_fm_attach(px_t *px_p)
71 {
72 	int		i;
73 	dev_info_t	*dip = px_p->px_dip;
74 	pcie_bus_t	*bus_p;
75 
76 	px_p->px_fm_cap = DDI_FM_EREPORT_CAPABLE | DDI_FM_ERRCB_CAPABLE |
77 	    DDI_FM_ACCCHK_CAPABLE | DDI_FM_DMACHK_CAPABLE;
78 
79 	/*
80 	 * Initialize pci_target_queue for FMA handling of
81 	 * pci errors.
82 	 */
83 	pci_targetq_init();
84 
85 	/*
86 	 * check parents' capability
87 	 */
88 	ddi_fm_init(dip, &px_p->px_fm_cap, &px_p->px_fm_ibc);
89 
90 	/*
91 	 * parents need to be ereport and error handling capable
92 	 */
93 	ASSERT(px_p->px_fm_cap &&
94 	    (DDI_FM_ERRCB_CAPABLE | DDI_FM_EREPORT_CAPABLE));
95 
96 	/*
97 	 * Initialize lock to synchronize fabric error handling
98 	 */
99 	mutex_init(&px_p->px_fm_mutex, NULL, MUTEX_DRIVER,
100 	    (void *)px_p->px_fm_ibc);
101 
102 
103 	pcie_rc_init_bus(dip);
104 
105 	px_p->px_pfd_idx = 0;
106 	for (i = 0; i < 5; i++)
107 		pcie_rc_init_pfd(dip, &px_p->px_pfd_arr[i]);
108 	PCIE_DIP2PFD(dip) = px_p->px_pfd_arr;
109 
110 	bus_p = PCIE_DIP2BUS(dip);
111 	bus_p->bus_rp_bdf = px_p->px_bdf;
112 	bus_p->bus_rp_dip = dip;
113 
114 	/*
115 	 * register error callback in parent
116 	 */
117 	ddi_fm_handler_register(dip, px_fm_callback, px_p);
118 
119 	return (DDI_SUCCESS);
120 }
121 
122 /*
123  * Deregister FMA
124  */
125 void
126 px_fm_detach(px_t *px_p)
127 {
128 	int i;
129 
130 	ddi_fm_handler_unregister(px_p->px_dip);
131 	mutex_destroy(&px_p->px_fm_mutex);
132 	ddi_fm_fini(px_p->px_dip);
133 	for (i = 0; i < 5; i++)
134 		pcie_rc_fini_pfd(&px_p->px_pfd_arr[i]);
135 	pcie_rc_fini_bus(px_p->px_dip);
136 }
137 
138 /*
139  * Function used to setup access functions depending on level of desired
140  * protection.
141  */
142 void
143 px_fm_acc_setup(ddi_map_req_t *mp, dev_info_t *rdip, pci_regspec_t *rp)
144 {
145 	uchar_t fflag;
146 	ndi_err_t *errp;
147 	ddi_acc_hdl_t *hp;
148 	ddi_acc_impl_t *ap;
149 
150 	hp = mp->map_handlep;
151 	ap = (ddi_acc_impl_t *)hp->ah_platform_private;
152 	fflag = ap->ahi_common.ah_acc.devacc_attr_access;
153 
154 	if (mp->map_op == DDI_MO_MAP_LOCKED) {
155 		ndi_fmc_insert(rdip, ACC_HANDLE, (void *)hp, NULL);
156 		switch (fflag) {
157 		case DDI_FLAGERR_ACC:
158 			ap->ahi_get8 = i_ddi_prot_get8;
159 			ap->ahi_get16 = i_ddi_prot_get16;
160 			ap->ahi_get32 = i_ddi_prot_get32;
161 			ap->ahi_get64 = i_ddi_prot_get64;
162 			ap->ahi_put8 = i_ddi_prot_put8;
163 			ap->ahi_put16 = i_ddi_prot_put16;
164 			ap->ahi_put32 = i_ddi_prot_put32;
165 			ap->ahi_put64 = i_ddi_prot_put64;
166 			ap->ahi_rep_get8 = i_ddi_prot_rep_get8;
167 			ap->ahi_rep_get16 = i_ddi_prot_rep_get16;
168 			ap->ahi_rep_get32 = i_ddi_prot_rep_get32;
169 			ap->ahi_rep_get64 = i_ddi_prot_rep_get64;
170 			ap->ahi_rep_put8 = i_ddi_prot_rep_put8;
171 			ap->ahi_rep_put16 = i_ddi_prot_rep_put16;
172 			ap->ahi_rep_put32 = i_ddi_prot_rep_put32;
173 			ap->ahi_rep_put64 = i_ddi_prot_rep_put64;
174 			impl_acc_err_init(hp);
175 			errp = ((ddi_acc_impl_t *)hp)->ahi_err;
176 			if ((rp->pci_phys_hi & PCI_REG_ADDR_M) ==
177 			    PCI_ADDR_CONFIG)
178 				errp->err_cf = px_err_cfg_hdl_check;
179 			else
180 				errp->err_cf = px_err_pio_hdl_check;
181 			break;
182 		case DDI_CAUTIOUS_ACC :
183 			ap->ahi_get8 = i_ddi_caut_get8;
184 			ap->ahi_get16 = i_ddi_caut_get16;
185 			ap->ahi_get32 = i_ddi_caut_get32;
186 			ap->ahi_get64 = i_ddi_caut_get64;
187 			ap->ahi_put8 = i_ddi_caut_put8;
188 			ap->ahi_put16 = i_ddi_caut_put16;
189 			ap->ahi_put32 = i_ddi_caut_put32;
190 			ap->ahi_put64 = i_ddi_caut_put64;
191 			ap->ahi_rep_get8 = i_ddi_caut_rep_get8;
192 			ap->ahi_rep_get16 = i_ddi_caut_rep_get16;
193 			ap->ahi_rep_get32 = i_ddi_caut_rep_get32;
194 			ap->ahi_rep_get64 = i_ddi_caut_rep_get64;
195 			ap->ahi_rep_put8 = i_ddi_caut_rep_put8;
196 			ap->ahi_rep_put16 = i_ddi_caut_rep_put16;
197 			ap->ahi_rep_put32 = i_ddi_caut_rep_put32;
198 			ap->ahi_rep_put64 = i_ddi_caut_rep_put64;
199 			impl_acc_err_init(hp);
200 			errp = ((ddi_acc_impl_t *)hp)->ahi_err;
201 			if ((rp->pci_phys_hi & PCI_REG_ADDR_M) ==
202 			    PCI_ADDR_CONFIG)
203 				errp->err_cf = px_err_cfg_hdl_check;
204 			else
205 				errp->err_cf = px_err_pio_hdl_check;
206 			break;
207 		default:
208 			/* Illegal state, remove the handle from cache */
209 			ndi_fmc_remove(rdip, ACC_HANDLE, (void *)hp);
210 			break;
211 		}
212 	} else if (mp->map_op == DDI_MO_UNMAP) {
213 		ndi_fmc_remove(rdip, ACC_HANDLE, (void *)hp);
214 	}
215 }
216 
217 /*
218  * Function used to initialize FMA for our children nodes. Called
219  * through pci busops when child node calls ddi_fm_init.
220  */
221 /*ARGSUSED*/
222 int
223 px_fm_init_child(dev_info_t *dip, dev_info_t *cdip, int cap,
224     ddi_iblock_cookie_t *ibc_p)
225 {
226 	px_t *px_p = DIP_TO_STATE(dip);
227 
228 	ASSERT(ibc_p != NULL);
229 	*ibc_p = px_p->px_fm_ibc;
230 
231 	return (px_p->px_fm_cap);
232 }
233 
234 /*
235  * lock access for exclusive PCIe access
236  */
237 void
238 px_bus_enter(dev_info_t *dip, ddi_acc_handle_t handle)
239 {
240 	px_pec_t	*pec_p = ((px_t *)DIP_TO_STATE(dip))->px_pec_p;
241 
242 	/*
243 	 * Exclusive access has been used for cautious put/get,
244 	 * Both utilize i_ddi_ontrap which, on sparcv9, implements
245 	 * similar protection as what on_trap() does, and which calls
246 	 * membar  #Sync to flush out all cpu deferred errors
247 	 * prior to get/put operation, so here we're not calling
248 	 * membar  #Sync - a difference from what's in pci_bus_enter().
249 	 */
250 	mutex_enter(&pec_p->pec_pokefault_mutex);
251 	pec_p->pec_acc_hdl = handle;
252 }
253 
254 /*
255  * unlock access for exclusive PCIe access
256  */
257 /* ARGSUSED */
258 void
259 px_bus_exit(dev_info_t *dip, ddi_acc_handle_t handle)
260 {
261 	px_t		*px_p = DIP_TO_STATE(dip);
262 	px_pec_t	*pec_p = px_p->px_pec_p;
263 
264 	pec_p->pec_acc_hdl = NULL;
265 	mutex_exit(&pec_p->pec_pokefault_mutex);
266 }
267 
268 static uint64_t
269 px_in_addr_range(dev_info_t *dip, px_ranges_t *ranges_p, uint64_t addr)
270 {
271 	uint64_t	addr_low, addr_high;
272 
273 	addr_low = (uint64_t)(ranges_p->parent_high & px_ranges_phi_mask) << 32;
274 	addr_low |= (uint64_t)ranges_p->parent_low;
275 	addr_high = addr_low + ((uint64_t)ranges_p->size_high << 32) +
276 	    (uint64_t)ranges_p->size_low;
277 
278 	DBG(DBG_ERR_INTR, dip, "Addr: 0x%llx high: 0x%llx low: 0x%llx\n",
279 	    addr, addr_high, addr_low);
280 
281 	if ((addr < addr_high) && (addr >= addr_low))
282 		return (addr_low);
283 
284 	return (0);
285 }
286 
287 /*
288  * PCI error callback which is registered with our parent to call
289  * for PCIe logging when the CPU traps due to PCIe Uncorrectable Errors
290  * and PCI BERR/TO/UE on IO Loads.
291  */
292 /*ARGSUSED*/
293 int
294 px_fm_callback(dev_info_t *dip, ddi_fm_error_t *derr, const void *impl_data)
295 {
296 	dev_info_t	*pdip = ddi_get_parent(dip);
297 	px_t		*px_p = (px_t *)impl_data;
298 	int		i, acc_type = 0;
299 	int		lookup, rc_err, fab_err;
300 	uint64_t	addr, base_addr;
301 	uint64_t	fault_addr = (uint64_t)derr->fme_bus_specific;
302 	pcie_req_id_t	bdf;
303 	px_ranges_t	*ranges_p;
304 	int		range_len;
305 
306 	/*
307 	 * If the current thread already owns the px_fm_mutex, then we
308 	 * have encountered an error while processing a previous
309 	 * error.  Attempting to take the mutex again will cause the
310 	 * system to deadlock.
311 	 */
312 	if (px_p->px_fm_mutex_owner == curthread)
313 		return (DDI_FM_FATAL);
314 
315 	i_ddi_fm_handler_exit(pdip);
316 	if (px_fm_enter(px_p) != DDI_SUCCESS) {
317 		i_ddi_fm_handler_enter(pdip);
318 		return (DDI_FM_FATAL);
319 	}
320 
321 	/*
322 	 * Make sure this failed load came from this PCIe port.	 Check by
323 	 * matching the upper 32 bits of the address with the ranges property.
324 	 */
325 	range_len = px_p->px_ranges_length / sizeof (px_ranges_t);
326 	i = 0;
327 	for (ranges_p = px_p->px_ranges_p; i < range_len; i++, ranges_p++) {
328 		base_addr = px_in_addr_range(dip, ranges_p, fault_addr);
329 		if (base_addr) {
330 			switch (ranges_p->child_high & PCI_ADDR_MASK) {
331 			case PCI_ADDR_CONFIG:
332 				acc_type = PF_ADDR_CFG;
333 				addr = NULL;
334 				bdf = (pcie_req_id_t)((fault_addr >> 12) &
335 				    0xFFFF);
336 				break;
337 			case PCI_ADDR_IO:
338 			case PCI_ADDR_MEM64:
339 			case PCI_ADDR_MEM32:
340 				acc_type = PF_ADDR_PIO;
341 				addr = fault_addr - base_addr;
342 				bdf = NULL;
343 				break;
344 			}
345 			break;
346 		}
347 	}
348 
349 	/* This address doesn't belong to this leaf, just return with OK */
350 	if (!acc_type) {
351 		px_fm_exit(px_p);
352 		i_ddi_fm_handler_enter(pdip);
353 		return (DDI_FM_OK);
354 	}
355 
356 	rc_err = px_err_cmn_intr(px_p, derr, PX_TRAP_CALL, PX_FM_BLOCK_ALL);
357 	lookup = pf_hdl_lookup(dip, derr->fme_ena, acc_type, (uint64_t)addr,
358 	    bdf);
359 
360 	px_rp_en_q(px_p, bdf, addr,
361 	    (PCI_STAT_R_MAST_AB | PCI_STAT_R_TARG_AB));
362 
363 	fab_err = px_scan_fabric(px_p, dip, derr);
364 
365 	px_fm_exit(px_p);
366 	i_ddi_fm_handler_enter(pdip);
367 
368 	if (!px_die)
369 		return (DDI_FM_OK);
370 
371 	if ((rc_err & (PX_PANIC | PX_PROTECTED)) ||
372 	    (fab_err & PF_ERR_FATAL_FLAGS) ||
373 	    (lookup == PF_HDL_NOTFOUND))
374 		return (DDI_FM_FATAL);
375 	else if ((rc_err == PX_NO_ERROR) && (fab_err == PF_ERR_NO_ERROR))
376 		return (DDI_FM_OK);
377 
378 	return (DDI_FM_NONFATAL);
379 }
380 
381 /*
382  * px_err_fabric_intr:
383  * Interrupt handler for PCIE fabric block.
384  * o lock
385  * o create derr
386  * o px_err_cmn_intr(leaf, with jbc)
387  * o send ereport(fire fmri, derr, payload = BDF)
388  * o dispatch (leaf)
389  * o unlock
390  * o handle error: fatal? fm_panic() : return INTR_CLAIMED)
391  */
392 /* ARGSUSED */
393 uint_t
394 px_err_fabric_intr(px_t *px_p, msgcode_t msg_code, pcie_req_id_t rid)
395 {
396 	dev_info_t	*rpdip = px_p->px_dip;
397 	int		rc_err, fab_err;
398 	ddi_fm_error_t	derr;
399 	uint32_t	rp_status;
400 	uint16_t	ce_source, ue_source;
401 
402 	if (px_fm_enter(px_p) != DDI_SUCCESS)
403 		goto done;
404 
405 	/* Create the derr */
406 	bzero(&derr, sizeof (ddi_fm_error_t));
407 	derr.fme_version = DDI_FME_VERSION;
408 	derr.fme_ena = fm_ena_generate(0, FM_ENA_FMT1);
409 	derr.fme_flag = DDI_FM_ERR_UNEXPECTED;
410 
411 	px_err_safeacc_check(px_p, &derr);
412 
413 	if (msg_code == PCIE_MSG_CODE_ERR_COR) {
414 		rp_status = PCIE_AER_RE_STS_CE_RCVD;
415 		ce_source = rid;
416 		ue_source = 0;
417 	} else {
418 		rp_status = PCIE_AER_RE_STS_FE_NFE_RCVD;
419 		ce_source = 0;
420 		ue_source = rid;
421 		if (msg_code == PCIE_MSG_CODE_ERR_NONFATAL)
422 			rp_status |= PCIE_AER_RE_STS_NFE_MSGS_RCVD;
423 		else {
424 			rp_status |= PCIE_AER_RE_STS_FE_MSGS_RCVD;
425 			rp_status |= PCIE_AER_RE_STS_FIRST_UC_FATAL;
426 		}
427 	}
428 
429 	if (derr.fme_flag == DDI_FM_ERR_UNEXPECTED) {
430 		ddi_fm_ereport_post(rpdip, PCI_ERROR_SUBCLASS "." PCIEX_FABRIC,
431 		    derr.fme_ena,
432 		    DDI_NOSLEEP, FM_VERSION, DATA_TYPE_UINT8, 0,
433 		    FIRE_PRIMARY, DATA_TYPE_BOOLEAN_VALUE, B_TRUE,
434 		    "pcie_adv_rp_status", DATA_TYPE_UINT32, rp_status,
435 		    "pcie_adv_rp_command", DATA_TYPE_UINT32, 0,
436 		    "pcie_adv_rp_ce_src_id", DATA_TYPE_UINT16, ce_source,
437 		    "pcie_adv_rp_ue_src_id", DATA_TYPE_UINT16, ue_source,
438 		    NULL);
439 	}
440 
441 	/* Ensure that the rid of the fabric message will get scanned. */
442 	px_rp_en_q(px_p, rid, NULL, NULL);
443 
444 	rc_err = px_err_cmn_intr(px_p, &derr, PX_INTR_CALL, PX_FM_BLOCK_PCIE);
445 
446 	/* call rootport dispatch */
447 	fab_err = px_scan_fabric(px_p, rpdip, &derr);
448 
449 	px_err_panic(rc_err, PX_RC, fab_err, B_TRUE);
450 	px_fm_exit(px_p);
451 	px_err_panic(rc_err, PX_RC, fab_err, B_FALSE);
452 
453 done:
454 	return (DDI_INTR_CLAIMED);
455 }
456 
457 /*
458  * px_scan_fabric:
459  *
460  * Check for drain state and if there is anything to scan.
461  */
462 int
463 px_scan_fabric(px_t *px_p, dev_info_t *rpdip, ddi_fm_error_t *derr) {
464 	int fab_err = 0;
465 
466 	ASSERT(MUTEX_HELD(&px_p->px_fm_mutex));
467 
468 	if (!px_lib_is_in_drain_state(px_p) && px_p->px_pfd_idx) {
469 		fab_err = pf_scan_fabric(rpdip, derr, px_p->px_pfd_arr);
470 		px_p->px_pfd_idx = 0;
471 	}
472 
473 	return (fab_err);
474 }
475 
476 /*
477  * px_err_safeacc_check:
478  * Check to see if a peek/poke and cautious access is currently being
479  * done on a particular leaf.
480  *
481  * Safe access reads induced fire errors will be handled by cpu trap handler
482  * which will call px_fm_callback() which calls this function. In that
483  * case, the derr fields will be set by trap handler with the correct values.
484  *
485  * Safe access writes induced errors will be handled by px interrupt
486  * handlers, this function will fill in the derr fields.
487  *
488  * If a cpu trap does occur, it will quiesce all other interrupts allowing
489  * the cpu trap error handling to finish before Fire receives an interrupt.
490  *
491  * If fire does indeed have an error when a cpu trap occurs as a result of
492  * a safe access, a trap followed by a Mondo/Fabric interrupt will occur.
493  * In which case derr will be initialized as "UNEXPECTED" by the interrupt
494  * handler and this function will need to find if this error occured in the
495  * middle of a safe access operation.
496  *
497  * @param px_p		leaf in which to check access
498  * @param derr		fm err data structure to be updated
499  */
500 void
501 px_err_safeacc_check(px_t *px_p, ddi_fm_error_t *derr)
502 {
503 	px_pec_t 	*pec_p = px_p->px_pec_p;
504 	int		acctype = pec_p->pec_safeacc_type;
505 
506 	ASSERT(MUTEX_HELD(&px_p->px_fm_mutex));
507 
508 	if (derr->fme_flag != DDI_FM_ERR_UNEXPECTED) {
509 		return;
510 	}
511 
512 	/* safe access checking */
513 	switch (acctype) {
514 	case DDI_FM_ERR_EXPECTED:
515 		/*
516 		 * cautious access protection, protected from all err.
517 		 */
518 		ddi_fm_acc_err_get(pec_p->pec_acc_hdl, derr,
519 		    DDI_FME_VERSION);
520 		derr->fme_flag = acctype;
521 		derr->fme_acc_handle = pec_p->pec_acc_hdl;
522 		break;
523 	case DDI_FM_ERR_POKE:
524 		/*
525 		 * ddi_poke protection, check nexus and children for
526 		 * expected errors.
527 		 */
528 		membar_sync();
529 		derr->fme_flag = acctype;
530 		break;
531 	case DDI_FM_ERR_PEEK:
532 		derr->fme_flag = acctype;
533 		break;
534 	}
535 }
536 
537 /*
538  * Suggest panic if any EQ (except CE q) has overflown.
539  */
540 int
541 px_err_check_eq(dev_info_t *dip)
542 {
543 	px_t			*px_p = DIP_TO_STATE(dip);
544 	px_msiq_state_t 	*msiq_state_p = &px_p->px_ib_p->ib_msiq_state;
545 	px_pec_t		*pec_p = px_p->px_pec_p;
546 	msiqid_t		eq_no = msiq_state_p->msiq_1st_msiq_id;
547 	pci_msiq_state_t	msiq_state;
548 	int			i;
549 
550 	for (i = 0; i < msiq_state_p->msiq_cnt; i++) {
551 		if (i + eq_no == pec_p->pec_corr_msg_msiq_id) /* skip CE q */
552 			continue;
553 		if ((px_lib_msiq_getstate(dip, i + eq_no, &msiq_state) !=
554 		    DDI_SUCCESS) || msiq_state == PCI_MSIQ_STATE_ERROR)
555 			return (PX_PANIC);
556 	}
557 	return (PX_NO_PANIC);
558 }
559 
560 /* ARGSUSED */
561 int
562 px_err_check_pcie(dev_info_t *dip, ddi_fm_error_t *derr, px_err_pcie_t *regs)
563 {
564 	px_t		*px_p = DIP_TO_STATE(dip);
565 	pf_data_t	*pfd_p = px_get_pfd(px_p);
566 	int		i;
567 	pf_pcie_adv_err_regs_t *adv_reg = PCIE_ADV_REG(pfd_p);
568 
569 	/*
570 	 * set RC s_status in PCI term to coordinate with downstream fabric
571 	 * errors ananlysis.
572 	 */
573 	if (regs->primary_ue & PCIE_AER_UCE_UR)
574 		PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = PCI_STAT_R_MAST_AB;
575 	if (regs->primary_ue & PCIE_AER_UCE_CA)
576 		PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = PCI_STAT_R_TARG_AB;
577 	if (regs->primary_ue & (PCIE_AER_UCE_PTLP | PCIE_AER_UCE_ECRC))
578 		PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = PCI_STAT_PERROR;
579 
580 	if (!regs->primary_ue)
581 		goto done;
582 
583 	adv_reg->pcie_ce_status = regs->ce_reg;
584 	adv_reg->pcie_ue_status = regs->ue_reg | regs->primary_ue;
585 	PCIE_ADV_HDR(pfd_p, 0) = regs->rx_hdr1;
586 	PCIE_ADV_HDR(pfd_p, 1) = regs->rx_hdr2;
587 	PCIE_ADV_HDR(pfd_p, 2) = regs->rx_hdr3;
588 	PCIE_ADV_HDR(pfd_p, 3) = regs->rx_hdr4;
589 	for (i = regs->primary_ue; i != 1; i = i >> 1)
590 		adv_reg->pcie_adv_ctl++;
591 
592 	if (regs->primary_ue & (PCIE_AER_UCE_UR | PCIE_AER_UCE_CA)) {
593 		if (pf_tlp_decode(PCIE_DIP2BUS(dip), adv_reg) == DDI_SUCCESS)
594 			PCIE_ROOT_FAULT(pfd_p)->fault_bdf =
595 			    adv_reg->pcie_ue_tgt_bdf;
596 	} else if (regs->primary_ue & PCIE_AER_UCE_PTLP) {
597 		if (pf_tlp_decode(PCIE_DIP2BUS(dip), adv_reg) == DDI_SUCCESS) {
598 			PCIE_ROOT_FAULT(pfd_p)->fault_bdf =
599 			    adv_reg->pcie_ue_tgt_bdf;
600 			if (adv_reg->pcie_ue_tgt_trans ==
601 			    PF_ADDR_PIO)
602 				PCIE_ROOT_FAULT(pfd_p)->fault_addr =
603 				    adv_reg->pcie_ue_tgt_addr;
604 		}
605 
606 		/*
607 		 * Normally for Poisoned Completion TLPs we can look at the
608 		 * transmit log header for the original request and the original
609 		 * address, however this doesn't seem to be working.  HW BUG.
610 		 */
611 	}
612 
613 done:
614 	px_pcie_log(dip, regs);
615 
616 	/* Return No Error here and let the pcie misc module analyse it */
617 	return (PX_NO_ERROR);
618 }
619 
620 #if defined(DEBUG)
621 static void
622 px_pcie_log(dev_info_t *dip, px_err_pcie_t *regs)
623 {
624 	DBG(DBG_ERR_INTR, dip,
625 	    "A PCIe RC error has occured\n"
626 	    "\tCE: 0x%x UE: 0x%x Primary UE: 0x%x\n"
627 	    "\tTX Hdr: 0x%x 0x%x 0x%x 0x%x\n\tRX Hdr: 0x%x 0x%x 0x%x 0x%x\n",
628 	    regs->ce_reg, regs->ue_reg, regs->primary_ue,
629 	    regs->tx_hdr1, regs->tx_hdr2, regs->tx_hdr3, regs->tx_hdr4,
630 	    regs->rx_hdr1, regs->rx_hdr2, regs->rx_hdr3, regs->rx_hdr4);
631 }
632 #endif
633 
634 /*
635  * look through poisoned TLP cases and suggest panic/no panic depend on
636  * handle lookup.
637  */
638 static int
639 px_pcie_ptlp(dev_info_t *dip, ddi_fm_error_t *derr, px_err_pcie_t *regs)
640 {
641 	pf_pcie_adv_err_regs_t adv_reg;
642 	pcie_req_id_t	bdf;
643 	uint64_t	addr;
644 	uint32_t	trans_type;
645 	int		tlp_sts, tlp_cmd;
646 	int		lookup = PF_HDL_NOTFOUND;
647 
648 	if (regs->primary_ue != PCIE_AER_UCE_PTLP)
649 		return (PX_PANIC);
650 
651 	if (!regs->rx_hdr1)
652 		goto done;
653 
654 	adv_reg.pcie_ue_hdr[0] = regs->rx_hdr1;
655 	adv_reg.pcie_ue_hdr[1] = regs->rx_hdr2;
656 	adv_reg.pcie_ue_hdr[2] = regs->rx_hdr3;
657 	adv_reg.pcie_ue_hdr[3] = regs->rx_hdr4;
658 
659 	tlp_sts = pf_tlp_decode(PCIE_DIP2BUS(dip), &adv_reg);
660 	tlp_cmd = ((pcie_tlp_hdr_t *)(adv_reg.pcie_ue_hdr))->type;
661 
662 	if (tlp_sts == DDI_FAILURE)
663 		goto done;
664 
665 	bdf = adv_reg.pcie_ue_tgt_bdf;
666 	addr = adv_reg.pcie_ue_tgt_addr;
667 	trans_type = adv_reg.pcie_ue_tgt_trans;
668 
669 	switch (tlp_cmd) {
670 	case PCIE_TLP_TYPE_CPL:
671 	case PCIE_TLP_TYPE_CPLLK:
672 		/*
673 		 * Usually a PTLP is a CPL with data.  Grab the completer BDF
674 		 * from the RX TLP, and the original address from the TX TLP.
675 		 */
676 		if (regs->tx_hdr1) {
677 			adv_reg.pcie_ue_hdr[0] = regs->tx_hdr1;
678 			adv_reg.pcie_ue_hdr[1] = regs->tx_hdr2;
679 			adv_reg.pcie_ue_hdr[2] = regs->tx_hdr3;
680 			adv_reg.pcie_ue_hdr[3] = regs->tx_hdr4;
681 
682 			lookup = pf_tlp_decode(PCIE_DIP2BUS(dip), &adv_reg);
683 			if (lookup != DDI_SUCCESS)
684 				break;
685 			addr = adv_reg.pcie_ue_tgt_addr;
686 			trans_type = adv_reg.pcie_ue_tgt_trans;
687 		} /* FALLTHRU */
688 	case PCIE_TLP_TYPE_IO:
689 	case PCIE_TLP_TYPE_MEM:
690 	case PCIE_TLP_TYPE_MEMLK:
691 		lookup = pf_hdl_lookup(dip, derr->fme_ena, trans_type, addr,
692 		    bdf);
693 		break;
694 	default:
695 		lookup = PF_HDL_NOTFOUND;
696 	}
697 done:
698 	return (lookup == PF_HDL_FOUND ? PX_NO_PANIC : PX_PANIC);
699 }
700 
701 /*
702  * px_get_pdf automatically allocates a RC pf_data_t and returns a pointer to
703  * it.  This function should be used when an error requires a fabric scan.
704  */
705 static pf_data_t *
706 px_get_pfd(px_t *px_p) {
707 	int		idx = px_p->px_pfd_idx++;
708 	pf_data_t	*pfd_p = &px_p->px_pfd_arr[idx];
709 
710 	/* Clear Old Data */
711 	PCIE_ROOT_FAULT(pfd_p)->fault_bdf = 0;
712 	PCIE_ROOT_FAULT(pfd_p)->fault_addr = 0;
713 	PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = 0;
714 	PCIE_ADV_REG(pfd_p)->pcie_ce_status = 0;
715 	PCIE_ADV_REG(pfd_p)->pcie_ue_status = 0;
716 
717 	pfd_p->pe_next = NULL;
718 
719 	if (idx > 0) {
720 		px_p->px_pfd_arr[idx - 1].pe_next = pfd_p;
721 		pfd_p->pe_prev = &px_p->px_pfd_arr[idx - 1];
722 	} else {
723 		pfd_p->pe_prev = NULL;
724 	}
725 
726 	pfd_p->pe_valid = B_TRUE;
727 
728 	return (pfd_p);
729 }
730 
731 /*
732  * This function appends a pf_data structure to the error q which is used later
733  * during PCIe fabric scan.  It signifies:
734  * o errs rcvd in RC, that may have been propagated to/from the fabric
735  * o the fabric scan code should scan the device path of fault bdf/addr
736  *
737  * fault_bdf: The bdf that caused the fault, which may have error bits set.
738  * fault_addr: The PIO addr that caused the fault, such as failed PIO, but not
739  *	       failed DMAs.
740  * s_status: Secondary Status equivalent to why the fault occured.
741  *	     (ie S-TA/MA, R-TA)
742  * Either the fault bdf or addr may be NULL, but not both.
743  */
744 void
745 px_rp_en_q(px_t *px_p, pcie_req_id_t fault_bdf, uint32_t fault_addr,
746     uint16_t s_status)
747 {
748 	pf_data_t	*pfd_p;
749 
750 	if (!fault_bdf && !fault_addr)
751 		return;
752 
753 	pfd_p = px_get_pfd(px_p);
754 
755 	PCIE_ROOT_FAULT(pfd_p)->fault_bdf = fault_bdf;
756 	PCIE_ROOT_FAULT(pfd_p)->fault_addr = (uint64_t)fault_addr;
757 	PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = s_status;
758 }
759 
760 
761 /*
762  * Find and Mark CFG Handles as failed associated with the given BDF. We should
763  * always know the BDF for CFG accesses, since it is encoded in the address of
764  * the TLP.  Since there can be multiple cfg handles, mark them all as failed.
765  */
766 /* ARGSUSED */
767 int
768 px_err_cfg_hdl_check(dev_info_t *dip, const void *handle, const void *arg1,
769     const void *arg2)
770 {
771 	int			status = DDI_FM_FATAL;
772 	uint32_t		addr = *(uint32_t *)arg1;
773 	uint16_t		bdf = *(uint16_t *)arg2;
774 	pcie_bus_t		*bus_p;
775 
776 	DBG(DBG_ERR_INTR, dip, "Check CFG Hdl: dip 0x%p addr 0x%x bdf=0x%x\n",
777 	    dip, addr, bdf);
778 
779 	bus_p = PCIE_DIP2BUS(dip);
780 
781 	/*
782 	 * Because CFG and IO Acc Handlers are on the same cache list and both
783 	 * types of hdls gets called for both types of errors.  For this checker
784 	 * only mark the device as "Non-Fatal" if the addr == NULL and bdf !=
785 	 * NULL.
786 	 */
787 	status = (!addr && (bus_p->bus_bdf == bdf)) ? DDI_FM_NONFATAL :
788 	    DDI_FM_FATAL;
789 
790 	return (status);
791 }
792 
793 /*
794  * Find and Mark all ACC Handles associated with a give address and BDF as
795  * failed.  If the BDF != NULL, then check to see if the device has a ACC Handle
796  * associated with ADDR.  If the handle is not found, mark all the handles as
797  * failed.  If the BDF == NULL, mark the handle as failed if it is associated
798  * with ADDR.
799  */
800 int
801 px_err_pio_hdl_check(dev_info_t *dip, const void *handle, const void *arg1,
802     const void *arg2)
803 {
804 	dev_info_t		*px_dip = PCIE_DIP2BUS(dip)->bus_rp_dip;
805 	px_t			*px_p = INST_TO_STATE(ddi_get_instance(px_dip));
806 	px_ranges_t		*ranges_p;
807 	int			range_len;
808 	ddi_acc_handle_t	ap = (ddi_acc_handle_t)handle;
809 	ddi_acc_hdl_t		*hp = impl_acc_hdl_get(ap);
810 	int			i, status = DDI_FM_FATAL;
811 	uint64_t		fault_addr = *(uint64_t *)arg1;
812 	uint16_t		bdf = *(uint16_t *)arg2;
813 	uint64_t		base_addr, range_addr;
814 	uint_t			size;
815 
816 	DBG(DBG_ERR_INTR, dip, "Check PIO Hdl: dip 0x%x addr 0x%x bdf=0x%x\n",
817 	    dip, fault_addr, bdf);
818 
819 	/* Normalize the base addr to the addr and strip off the HB info. */
820 	base_addr = (hp->ah_pfn << MMU_PAGESHIFT) + hp->ah_offset;
821 	range_len = px_p->px_ranges_length / sizeof (px_ranges_t);
822 	i = 0;
823 	for (ranges_p = px_p->px_ranges_p; i < range_len; i++, ranges_p++) {
824 		range_addr = px_in_addr_range(dip, ranges_p, base_addr);
825 		if (range_addr) {
826 			switch (ranges_p->child_high & PCI_ADDR_MASK) {
827 			case PCI_ADDR_IO:
828 			case PCI_ADDR_MEM64:
829 			case PCI_ADDR_MEM32:
830 				base_addr = base_addr - range_addr;
831 				break;
832 			}
833 			break;
834 		}
835 	}
836 
837 	/*
838 	 * Mark the handle as failed if the ADDR is mapped, or if we
839 	 * know the BDF and ADDR == 0.
840 	 */
841 	size = hp->ah_len;
842 	if (((fault_addr >= base_addr) && (fault_addr < (base_addr + size))) ||
843 	    ((fault_addr == NULL) && (bdf == PCIE_DIP2BUS(dip)->bus_bdf)))
844 		status = DDI_FM_NONFATAL;
845 
846 	return (status);
847 }
848 
849 /*
850  * Find and Mark all DNA Handles associated with a give address and BDF as
851  * failed.  If the BDF != NULL, then check to see if the device has a DMA Handle
852  * associated with ADDR.  If the handle is not found, mark all the handles as
853  * failed.  If the BDF == NULL, mark the handle as failed if it is associated
854  * with ADDR.
855  */
856 int
857 px_err_dma_hdl_check(dev_info_t *dip, const void *handle, const void *arg1,
858     const void *arg2)
859 {
860 	ddi_dma_impl_t		*pcie_dp;
861 	int			status = DDI_FM_FATAL;
862 	uint32_t		addr = *(uint32_t *)arg1;
863 	uint16_t		bdf = *(uint16_t *)arg2;
864 	uint32_t		base_addr;
865 	uint_t			size;
866 
867 	DBG(DBG_ERR_INTR, dip, "Check PIO Hdl: dip 0x%x addr 0x%x bdf=0x%x\n",
868 	    dip, addr, bdf);
869 
870 	pcie_dp = (ddi_dma_impl_t *)handle;
871 	base_addr = (uint32_t)pcie_dp->dmai_mapping;
872 	size = pcie_dp->dmai_size;
873 
874 	/*
875 	 * Mark the handle as failed if the ADDR is mapped, or if we
876 	 * know the BDF and ADDR == 0.
877 	 */
878 	if (((addr >= base_addr) && (addr < (base_addr + size))) ||
879 	    ((addr == NULL) && (bdf != NULL)))
880 		status = DDI_FM_NONFATAL;
881 
882 	return (status);
883 }
884 
885 int
886 px_fm_enter(px_t *px_p) {
887 	if (px_panicing || (px_p->px_fm_mutex_owner == curthread))
888 		return (DDI_FAILURE);
889 
890 	mutex_enter(&px_p->px_fm_mutex);
891 	/*
892 	 * In rare cases when trap occurs and in the middle of scanning the
893 	 * fabric, a PIO will fail in the scan fabric.  The CPU error handling
894 	 * code will correctly panic the system, while a mondo for the failed
895 	 * PIO may also show up.  Normally the mondo will try to grab the mutex
896 	 * and wait until the callback finishes.  But in this rare case,
897 	 * mutex_enter actually suceeds also continues to scan the fabric.
898 	 *
899 	 * This code below is designed specifically to check for this case.  If
900 	 * we successfully grab the px_fm_mutex, the px_fm_mutex_owner better be
901 	 * NULL.  If it isn't that means we are in the rare corner case.  Return
902 	 * DDI_FAILURE, this should prevent PX from doing anymore error
903 	 * handling.
904 	 */
905 	if (px_p->px_fm_mutex_owner) {
906 		return (DDI_FAILURE);
907 	}
908 
909 	px_p->px_fm_mutex_owner = curthread;
910 
911 	if (px_panicing) {
912 		px_fm_exit(px_p);
913 		return (DDI_FAILURE);
914 	}
915 	return (DDI_SUCCESS);
916 }
917 
918 void
919 px_fm_exit(px_t *px_p) {
920 	px_p->px_fm_mutex_owner = NULL;
921 	mutex_exit(&px_p->px_fm_mutex);
922 }
923 
924 /*
925  * Panic if the err tunable is set and that we are not already in the middle
926  * of panic'ing.
927  *
928  * rc_err = Error severity of PX specific errors
929  * msg = Where the error was detected
930  * fabric_err = Error severity of PCIe Fabric errors
931  * isTest = Test if error severity causes panic
932  */
933 #define	MSZ (sizeof (fm_msg) -strlen(fm_msg) - 1)
934 void
935 px_err_panic(int rc_err, int msg, int fabric_err, boolean_t isTest)
936 {
937 	char fm_msg[96] = "";
938 	int ferr = PX_NO_ERROR;
939 
940 	if (panicstr) {
941 		px_panicing = B_TRUE;
942 		return;
943 	}
944 
945 	if (!(rc_err & px_die))
946 		goto fabric;
947 	if (msg & PX_RC)
948 		(void) strncat(fm_msg, px_panic_rc_msg, MSZ);
949 	if (msg & PX_RP)
950 		(void) strncat(fm_msg, px_panic_rp_msg, MSZ);
951 	if (msg & PX_HB)
952 		(void) strncat(fm_msg, px_panic_hb_msg, MSZ);
953 
954 fabric:
955 	if (fabric_err & PF_ERR_FATAL_FLAGS)
956 		ferr = PX_PANIC;
957 	else if (fabric_err & ~(PF_ERR_FATAL_FLAGS | PF_ERR_NO_ERROR))
958 		ferr = PX_NO_PANIC;
959 
960 	if (ferr & px_die) {
961 		if (strlen(fm_msg)) {
962 			(void) strncat(fm_msg, " and", MSZ);
963 		}
964 		(void) strncat(fm_msg, px_panic_fab_msg, MSZ);
965 	}
966 
967 	if (strlen(fm_msg)) {
968 		px_panicing = B_TRUE;
969 		if (!isTest)
970 			fm_panic("Fatal error has occured in:%s.(0x%x)(0x%x)",
971 			    fm_msg, rc_err, fabric_err);
972 	}
973 }
974