1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/machsystm.h> 28 #include <sys/sysmacros.h> 29 #include <sys/cpuvar.h> 30 #include <sys/async.h> 31 #include <sys/ontrap.h> 32 #include <sys/ddifm.h> 33 #include <sys/hypervisor_api.h> 34 #include <sys/errorq.h> 35 #include <sys/promif.h> 36 #include <sys/prom_plat.h> 37 #include <sys/x_call.h> 38 #include <sys/error.h> 39 #include <sys/fm/util.h> 40 #include <sys/ivintr.h> 41 #include <sys/archsystm.h> 42 43 #define MAX_CE_FLTS 10 44 #define MAX_ASYNC_FLTS 6 45 46 errorq_t *ue_queue; /* queue of uncorrectable errors */ 47 errorq_t *ce_queue; /* queue of correctable errors */ 48 errorq_t *errh_queue; /* queue of sun4v error reports */ 49 50 /* 51 * Being used by memory test driver. 52 * ce_verbose_memory - covers CEs in DIMMs 53 * ce_verbose_other - covers "others" (ecache, IO, etc.) 54 * 55 * If the value is 0, nothing is logged. 56 * If the value is 1, the error is logged to the log file, but not console. 57 * If the value is 2, the error is logged to the log file and console. 58 */ 59 int ce_verbose_memory = 1; 60 int ce_verbose_other = 1; 61 62 int ce_show_data = 0; 63 int ce_debug = 0; 64 int ue_debug = 0; 65 int reset_debug = 0; 66 67 /* 68 * Tunables for controlling the handling of asynchronous faults (AFTs). Setting 69 * these to non-default values on a non-DEBUG kernel is NOT supported. 70 */ 71 int aft_verbose = 0; /* log AFT messages > 1 to log only */ 72 int aft_panic = 0; /* panic (not reboot) on fatal usermode AFLT */ 73 int aft_testfatal = 0; /* force all AFTs to panic immediately */ 74 75 /* 76 * Used for vbsc hostshutdown (power-off button) 77 */ 78 int err_shutdown_triggered = 0; /* only once */ 79 uint64_t err_shutdown_inum = 0; /* used to pull the trigger */ 80 81 /* 82 * Used to print NRE/RE via system variable or kmdb 83 */ 84 int printerrh = 0; /* see /etc/system */ 85 static void errh_er_print(errh_er_t *, const char *); 86 kmutex_t errh_print_lock; 87 88 /* 89 * Defined in bus_func.c but initialised in error_init 90 */ 91 extern kmutex_t bfd_lock; 92 93 static uint32_t rq_overflow_count = 0; /* counter for rq overflow */ 94 95 static void cpu_queue_one_event(errh_async_flt_t *); 96 static uint32_t count_entries_on_queue(uint64_t, uint64_t, uint32_t); 97 static void errh_page_retire(errh_async_flt_t *, uchar_t); 98 static int errh_error_protected(struct regs *, struct async_flt *, int *); 99 static void errh_rq_full(struct async_flt *); 100 static void ue_drain(void *, struct async_flt *, errorq_elem_t *); 101 static void ce_drain(void *, struct async_flt *, errorq_elem_t *); 102 static void errh_drain(void *, errh_er_t *, errorq_elem_t *); 103 static void errh_handle_attr(errh_async_flt_t *); 104 static void errh_handle_asr(errh_async_flt_t *); 105 static void errh_handle_sp(errh_er_t *); 106 static void sp_ereport_post(uint8_t); 107 108 /*ARGSUSED*/ 109 void 110 process_resumable_error(struct regs *rp, uint32_t head_offset, 111 uint32_t tail_offset) 112 { 113 struct machcpu *mcpup; 114 struct async_flt *aflt; 115 errh_async_flt_t errh_flt; 116 errh_er_t *head_va; 117 118 mcpup = &(CPU->cpu_m); 119 120 while (head_offset != tail_offset) { 121 /* kernel buffer starts right after the resumable queue */ 122 head_va = (errh_er_t *)(mcpup->cpu_rq_va + head_offset + 123 CPU_RQ_SIZE); 124 /* Copy the error report to local buffer */ 125 bzero(&errh_flt, sizeof (errh_async_flt_t)); 126 bcopy((char *)head_va, &(errh_flt.errh_er), 127 sizeof (errh_er_t)); 128 129 mcpup->cpu_rq_lastre = head_va; 130 if (printerrh) 131 errh_er_print(&errh_flt.errh_er, "RQ"); 132 133 /* Increment the queue head */ 134 head_offset += Q_ENTRY_SIZE; 135 /* Wrap around */ 136 head_offset &= (CPU_RQ_SIZE - 1); 137 138 /* set error handle to zero so it can hold new error report */ 139 head_va->ehdl = 0; 140 141 switch (errh_flt.errh_er.desc) { 142 case ERRH_DESC_UCOR_RE: 143 /* 144 * Check error attribute, handle individual error 145 * if it is needed. 146 */ 147 errh_handle_attr(&errh_flt); 148 break; 149 150 case ERRH_DESC_WARN_RE: 151 /* 152 * Power-off requested, but handle it one time only. 153 */ 154 if (!err_shutdown_triggered) { 155 setsoftint(err_shutdown_inum); 156 ++err_shutdown_triggered; 157 } 158 continue; 159 160 case ERRH_DESC_SP: 161 /* 162 * The state of the SP has changed. 163 */ 164 errorq_dispatch(errh_queue, &errh_flt.errh_er, 165 sizeof (errh_er_t), ERRORQ_ASYNC); 166 continue; 167 168 default: 169 cmn_err(CE_WARN, "Error Descriptor 0x%llx " 170 " invalid in resumable error handler", 171 (long long) errh_flt.errh_er.desc); 172 continue; 173 } 174 175 aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt); 176 aflt->flt_id = gethrtime(); 177 aflt->flt_bus_id = getprocessorid(); 178 aflt->flt_class = CPU_FAULT; 179 aflt->flt_prot = AFLT_PROT_NONE; 180 aflt->flt_priv = (((errh_flt.errh_er.attr & ERRH_MODE_MASK) 181 >> ERRH_MODE_SHIFT) == ERRH_MODE_PRIV); 182 183 if (errh_flt.errh_er.attr & ERRH_ATTR_CPU) 184 /* If it is an error on other cpu */ 185 aflt->flt_panic = 1; 186 else 187 aflt->flt_panic = 0; 188 189 /* 190 * Handle resumable queue full case. 191 */ 192 if (errh_flt.errh_er.attr & ERRH_ATTR_RQF) { 193 (void) errh_rq_full(aflt); 194 } 195 196 /* 197 * Queue the error on ce or ue queue depend on flt_panic. 198 * Even if flt_panic is set, the code still keep processing 199 * the rest element on rq until the panic starts. 200 */ 201 (void) cpu_queue_one_event(&errh_flt); 202 203 /* 204 * Panic here if aflt->flt_panic has been set. 205 * Enqueued errors will be logged as part of the panic flow. 206 */ 207 if (aflt->flt_panic) { 208 fm_panic("Unrecoverable error on another CPU"); 209 } 210 } 211 } 212 213 void 214 process_nonresumable_error(struct regs *rp, uint64_t flags, 215 uint32_t head_offset, uint32_t tail_offset) 216 { 217 struct machcpu *mcpup; 218 struct async_flt *aflt; 219 errh_async_flt_t errh_flt; 220 errh_er_t *head_va; 221 int trampolined = 0; 222 int expected = DDI_FM_ERR_UNEXPECTED; 223 uint64_t exec_mode; 224 uint8_t u_spill_fill; 225 226 mcpup = &(CPU->cpu_m); 227 228 while (head_offset != tail_offset) { 229 /* kernel buffer starts right after the nonresumable queue */ 230 head_va = (errh_er_t *)(mcpup->cpu_nrq_va + head_offset + 231 CPU_NRQ_SIZE); 232 233 /* Copy the error report to local buffer */ 234 bzero(&errh_flt, sizeof (errh_async_flt_t)); 235 236 bcopy((char *)head_va, &(errh_flt.errh_er), 237 sizeof (errh_er_t)); 238 239 mcpup->cpu_nrq_lastnre = head_va; 240 if (printerrh) 241 errh_er_print(&errh_flt.errh_er, "NRQ"); 242 243 /* Increment the queue head */ 244 head_offset += Q_ENTRY_SIZE; 245 /* Wrap around */ 246 head_offset &= (CPU_NRQ_SIZE - 1); 247 248 /* set error handle to zero so it can hold new error report */ 249 head_va->ehdl = 0; 250 251 aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt); 252 253 trampolined = 0; 254 255 if (errh_flt.errh_er.attr & ERRH_ATTR_PIO) 256 aflt->flt_class = BUS_FAULT; 257 else 258 aflt->flt_class = CPU_FAULT; 259 260 aflt->flt_id = gethrtime(); 261 aflt->flt_bus_id = getprocessorid(); 262 aflt->flt_pc = (caddr_t)rp->r_pc; 263 exec_mode = (errh_flt.errh_er.attr & ERRH_MODE_MASK) 264 >> ERRH_MODE_SHIFT; 265 aflt->flt_priv = (exec_mode == ERRH_MODE_PRIV || 266 exec_mode == ERRH_MODE_UNKNOWN); 267 aflt->flt_prot = AFLT_PROT_NONE; 268 aflt->flt_tl = (uchar_t)(flags & ERRH_TL_MASK); 269 aflt->flt_panic = ((aflt->flt_tl != 0) || 270 (aft_testfatal != 0)); 271 272 /* 273 * For the first error packet on the queue, check if it 274 * happened in user fill/spill trap. 275 */ 276 if (flags & ERRH_U_SPILL_FILL) { 277 u_spill_fill = 1; 278 /* clear the user fill/spill flag in flags */ 279 flags = (uint64_t)aflt->flt_tl; 280 } else 281 u_spill_fill = 0; 282 283 switch (errh_flt.errh_er.desc) { 284 case ERRH_DESC_PR_NRE: 285 if (u_spill_fill) { 286 aflt->flt_panic = 0; 287 break; 288 } 289 /* 290 * Fall through, precise fault also need to check 291 * to see if it was protected. 292 */ 293 /*FALLTHRU*/ 294 295 case ERRH_DESC_DEF_NRE: 296 /* 297 * If the trap occurred in privileged mode at TL=0, 298 * we need to check to see if we were executing 299 * in kernel under on_trap() or t_lofault 300 * protection. If so, and if it was a PIO or MEM 301 * error, then modify the saved registers so that 302 * we return from the trap to the appropriate 303 * trampoline routine. 304 */ 305 if (aflt->flt_priv == 1 && aflt->flt_tl == 0 && 306 ((errh_flt.errh_er.attr & ERRH_ATTR_PIO) || 307 (errh_flt.errh_er.attr & ERRH_ATTR_MEM))) { 308 trampolined = 309 errh_error_protected(rp, aflt, &expected); 310 } 311 312 if (!aflt->flt_priv || aflt->flt_prot == 313 AFLT_PROT_COPY) { 314 aflt->flt_panic |= aft_panic; 315 } else if (!trampolined && 316 (aflt->flt_class != BUS_FAULT)) { 317 aflt->flt_panic = 1; 318 } 319 320 /* 321 * Check error attribute, handle individual error 322 * if it is needed. 323 */ 324 errh_handle_attr(&errh_flt); 325 326 /* 327 * If PIO error, we need to query the bus nexus 328 * for fatal errors. 329 */ 330 if (aflt->flt_class == BUS_FAULT) { 331 aflt->flt_addr = errh_flt.errh_er.ra; 332 errh_cpu_run_bus_error_handlers(aflt, 333 expected); 334 } 335 336 break; 337 338 case ERRH_DESC_USER_DCORE: 339 /* 340 * User generated panic. Call panic directly 341 * since there are no FMA e-reports to 342 * display. 343 */ 344 345 panic("Panic - Generated at user request"); 346 347 break; 348 349 default: 350 cmn_err(CE_WARN, "Panic - Error Descriptor 0x%llx " 351 " invalid in non-resumable error handler", 352 (long long) errh_flt.errh_er.desc); 353 aflt->flt_panic = 1; 354 break; 355 } 356 357 /* 358 * Queue the error report for further processing. If 359 * flt_panic is set, code still process other errors 360 * in the queue until the panic routine stops the 361 * kernel. 362 */ 363 (void) cpu_queue_one_event(&errh_flt); 364 365 /* 366 * Panic here if aflt->flt_panic has been set. 367 * Enqueued errors will be logged as part of the panic flow. 368 */ 369 if (aflt->flt_panic) { 370 fm_panic("Unrecoverable hardware error"); 371 } 372 373 /* 374 * Call page_retire() to handle memory errors. 375 */ 376 if (errh_flt.errh_er.attr & ERRH_ATTR_MEM) 377 errh_page_retire(&errh_flt, PR_UE); 378 379 /* 380 * If we queued an error and the it was in user mode, or 381 * protected by t_lofault, or user_spill_fill is set, we 382 * set AST flag so the queue will be drained before 383 * returning to user mode. 384 */ 385 if (!aflt->flt_priv || aflt->flt_prot == AFLT_PROT_COPY || 386 u_spill_fill) { 387 int pcb_flag = 0; 388 389 if (aflt->flt_class == CPU_FAULT) 390 pcb_flag |= ASYNC_HWERR; 391 else if (aflt->flt_class == BUS_FAULT) 392 pcb_flag |= ASYNC_BERR; 393 394 ttolwp(curthread)->lwp_pcb.pcb_flags |= pcb_flag; 395 aston(curthread); 396 } 397 } 398 } 399 400 /* 401 * For PIO errors, this routine calls nexus driver's error 402 * callback routines. If the callback routine returns fatal, and 403 * we are in kernel or unknow mode without any error protection, 404 * we need to turn on the panic flag. 405 */ 406 void 407 errh_cpu_run_bus_error_handlers(struct async_flt *aflt, int expected) 408 { 409 int status; 410 ddi_fm_error_t de; 411 412 bzero(&de, sizeof (ddi_fm_error_t)); 413 414 de.fme_version = DDI_FME_VERSION; 415 de.fme_ena = fm_ena_generate(aflt->flt_id, FM_ENA_FMT1); 416 de.fme_flag = expected; 417 de.fme_bus_specific = (void *)aflt->flt_addr; 418 status = ndi_fm_handler_dispatch(ddi_root_node(), NULL, &de); 419 420 /* 421 * If error is protected, it will jump to proper routine 422 * to handle the handle; if it is in user level, we just 423 * kill the user process; if the driver thinks the error is 424 * not fatal, we can drive on. If none of above are true, 425 * we panic 426 */ 427 if ((aflt->flt_prot == AFLT_PROT_NONE) && (aflt->flt_priv == 1) && 428 (status == DDI_FM_FATAL)) 429 aflt->flt_panic = 1; 430 } 431 432 /* 433 * This routine checks to see if we are under any error protection when 434 * the error happens. If we are under error protection, we unwind to 435 * the protection and indicate fault. 436 */ 437 static int 438 errh_error_protected(struct regs *rp, struct async_flt *aflt, int *expected) 439 { 440 int trampolined = 0; 441 ddi_acc_hdl_t *hp; 442 443 if (curthread->t_ontrap != NULL) { 444 on_trap_data_t *otp = curthread->t_ontrap; 445 446 if (otp->ot_prot & OT_DATA_EC) { 447 aflt->flt_prot = AFLT_PROT_EC; 448 otp->ot_trap |= OT_DATA_EC; 449 rp->r_pc = otp->ot_trampoline; 450 rp->r_npc = rp->r_pc +4; 451 trampolined = 1; 452 } 453 454 if (otp->ot_prot & OT_DATA_ACCESS) { 455 aflt->flt_prot = AFLT_PROT_ACCESS; 456 otp->ot_trap |= OT_DATA_ACCESS; 457 rp->r_pc = otp->ot_trampoline; 458 rp->r_npc = rp->r_pc + 4; 459 trampolined = 1; 460 /* 461 * for peek and caut_gets 462 * errors are expected 463 */ 464 hp = (ddi_acc_hdl_t *)otp->ot_handle; 465 if (!hp) 466 *expected = DDI_FM_ERR_PEEK; 467 else if (hp->ah_acc.devacc_attr_access == 468 DDI_CAUTIOUS_ACC) 469 *expected = DDI_FM_ERR_EXPECTED; 470 } 471 } else if (curthread->t_lofault) { 472 aflt->flt_prot = AFLT_PROT_COPY; 473 rp->r_g1 = EFAULT; 474 rp->r_pc = curthread->t_lofault; 475 rp->r_npc = rp->r_pc + 4; 476 trampolined = 1; 477 } 478 479 return (trampolined); 480 } 481 482 /* 483 * Queue one event. 484 */ 485 static void 486 cpu_queue_one_event(errh_async_flt_t *errh_fltp) 487 { 488 struct async_flt *aflt = (struct async_flt *)errh_fltp; 489 errorq_t *eqp; 490 491 if (aflt->flt_panic) 492 eqp = ue_queue; 493 else 494 eqp = ce_queue; 495 496 errorq_dispatch(eqp, errh_fltp, sizeof (errh_async_flt_t), 497 aflt->flt_panic); 498 } 499 500 /* 501 * The cpu_async_log_err() function is called by the ce/ue_drain() function to 502 * handle logging for CPU events that are dequeued. As such, it can be invoked 503 * from softint context, from AST processing in the trap() flow, or from the 504 * panic flow. We decode the CPU-specific data, and log appropriate messages. 505 */ 506 void 507 cpu_async_log_err(void *flt) 508 { 509 errh_async_flt_t *errh_fltp = (errh_async_flt_t *)flt; 510 errh_er_t *errh_erp = (errh_er_t *)&errh_fltp->errh_er; 511 512 switch (errh_erp->desc) { 513 case ERRH_DESC_UCOR_RE: 514 if (errh_erp->attr & ERRH_ATTR_MEM) { 515 /* 516 * Turn on the PR_UE flag. The page will be 517 * scrubbed when it is freed. 518 */ 519 errh_page_retire(errh_fltp, PR_UE); 520 } 521 522 break; 523 524 case ERRH_DESC_PR_NRE: 525 case ERRH_DESC_DEF_NRE: 526 if (errh_erp->attr & ERRH_ATTR_MEM) { 527 /* 528 * For non-resumable memory error, retire 529 * the page here. 530 */ 531 errh_page_retire(errh_fltp, PR_UE); 532 533 /* 534 * If we are going to panic, scrub the page first 535 */ 536 if (errh_fltp->cmn_asyncflt.flt_panic) 537 mem_scrub(errh_fltp->errh_er.ra, 538 errh_fltp->errh_er.sz); 539 } 540 break; 541 542 default: 543 break; 544 } 545 } 546 547 /* 548 * Called from ce_drain(). 549 */ 550 void 551 cpu_ce_log_err(struct async_flt *aflt) 552 { 553 switch (aflt->flt_class) { 554 case CPU_FAULT: 555 cpu_async_log_err(aflt); 556 break; 557 558 case BUS_FAULT: 559 cpu_async_log_err(aflt); 560 break; 561 562 default: 563 break; 564 } 565 } 566 567 /* 568 * Called from ue_drain(). 569 */ 570 void 571 cpu_ue_log_err(struct async_flt *aflt) 572 { 573 switch (aflt->flt_class) { 574 case CPU_FAULT: 575 cpu_async_log_err(aflt); 576 break; 577 578 case BUS_FAULT: 579 cpu_async_log_err(aflt); 580 break; 581 582 default: 583 break; 584 } 585 } 586 587 /* 588 * Turn on flag on the error memory region. 589 */ 590 static void 591 errh_page_retire(errh_async_flt_t *errh_fltp, uchar_t flag) 592 { 593 uint64_t flt_real_addr_start = errh_fltp->errh_er.ra; 594 uint64_t flt_real_addr_end = flt_real_addr_start + 595 errh_fltp->errh_er.sz - 1; 596 int64_t current_addr; 597 598 if (errh_fltp->errh_er.sz == 0) 599 return; 600 601 for (current_addr = flt_real_addr_start; 602 current_addr < flt_real_addr_end; current_addr += MMU_PAGESIZE) { 603 (void) page_retire(current_addr, flag); 604 } 605 } 606 607 void 608 mem_scrub(uint64_t paddr, uint64_t len) 609 { 610 uint64_t pa, length, scrubbed_len; 611 612 pa = paddr; 613 length = len; 614 scrubbed_len = 0; 615 616 while (length > 0) { 617 if (hv_mem_scrub(pa, length, &scrubbed_len) != H_EOK) 618 break; 619 620 pa += scrubbed_len; 621 length -= scrubbed_len; 622 } 623 } 624 625 /* 626 * Call hypervisor to flush the memory region. 627 * Both va and len must be MMU_PAGESIZE aligned. 628 * Returns the total number of bytes flushed. 629 */ 630 uint64_t 631 mem_sync(caddr_t orig_va, size_t orig_len) 632 { 633 uint64_t pa, length, flushed; 634 uint64_t chunk_len = MMU_PAGESIZE; 635 uint64_t total_flushed = 0; 636 uint64_t va, len; 637 638 if (orig_len == 0) 639 return (total_flushed); 640 641 /* align va */ 642 va = P2ALIGN_TYPED(orig_va, MMU_PAGESIZE, uint64_t); 643 /* round up len to MMU_PAGESIZE aligned */ 644 len = P2ROUNDUP_TYPED(orig_va + orig_len, MMU_PAGESIZE, uint64_t) - va; 645 646 while (len > 0) { 647 pa = va_to_pa((caddr_t)va); 648 if (pa == (uint64_t)-1) 649 return (total_flushed); 650 651 length = chunk_len; 652 flushed = 0; 653 654 while (length > 0) { 655 if (hv_mem_sync(pa, length, &flushed) != H_EOK) 656 return (total_flushed); 657 658 pa += flushed; 659 length -= flushed; 660 total_flushed += flushed; 661 } 662 663 va += chunk_len; 664 len -= chunk_len; 665 } 666 667 return (total_flushed); 668 } 669 670 /* 671 * If resumable queue is full, we need to check if any cpu is in 672 * error state. If not, we drive on. If yes, we need to panic. The 673 * hypervisor call hv_cpu_state() is being used for checking the 674 * cpu state. And reset %tick_compr in case tick-compare was lost. 675 */ 676 static void 677 errh_rq_full(struct async_flt *afltp) 678 { 679 processorid_t who; 680 uint64_t cpu_state; 681 uint64_t retval; 682 uint64_t current_tick; 683 684 current_tick = (uint64_t)gettick(); 685 tickcmpr_set(current_tick); 686 687 for (who = 0; who < NCPU; who++) 688 if (CPU_IN_SET(cpu_ready_set, who)) { 689 retval = hv_cpu_state(who, &cpu_state); 690 if (retval != H_EOK || cpu_state == CPU_STATE_ERROR) { 691 afltp->flt_panic = 1; 692 break; 693 } 694 } 695 } 696 697 /* 698 * Return processor specific async error structure 699 * size used. 700 */ 701 int 702 cpu_aflt_size(void) 703 { 704 return (sizeof (errh_async_flt_t)); 705 } 706 707 #define SZ_TO_ETRS_SHIFT 6 708 709 /* 710 * Message print out when resumable queue is overflown 711 */ 712 /*ARGSUSED*/ 713 void 714 rq_overflow(struct regs *rp, uint64_t head_offset, 715 uint64_t tail_offset) 716 { 717 rq_overflow_count++; 718 } 719 720 /* 721 * Handler to process a fatal error. This routine can be called from a 722 * softint, called from trap()'s AST handling, or called from the panic flow. 723 */ 724 /*ARGSUSED*/ 725 static void 726 ue_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep) 727 { 728 cpu_ue_log_err(aflt); 729 } 730 731 /* 732 * Handler to process a correctable error. This routine can be called from a 733 * softint. We just call the CPU module's logging routine. 734 */ 735 /*ARGSUSED*/ 736 static void 737 ce_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep) 738 { 739 cpu_ce_log_err(aflt); 740 } 741 742 /* 743 * Handler to process a sun4v errort report via an errorq_t. This routine 744 * can be called from a softint. 745 * 746 * This is used for sun4v error reports that cannot be processed at high-level 747 * interrupt time. Currently only error reports indicating an SP state change 748 * are handled in this manner. 749 */ 750 /*ARGSUSED*/ 751 static void 752 errh_drain(void *ignored, errh_er_t *errh_erp, errorq_elem_t *eqep) 753 { 754 ASSERT(errh_erp->desc == ERRH_DESC_SP); 755 756 errh_handle_sp(errh_erp); 757 } 758 759 /* 760 * Handler to process vbsc hostshutdown (power-off button). 761 */ 762 static int 763 err_shutdown_softintr() 764 { 765 cmn_err(CE_WARN, "Power-off requested, system will now shutdown."); 766 do_shutdown(); 767 768 /* 769 * just in case do_shutdown() fails 770 */ 771 (void) timeout((void(*)(void *))power_down, NULL, 100 * hz); 772 return (DDI_INTR_CLAIMED); 773 } 774 775 /* 776 * Allocate error queue sizes based on max_ncpus. max_ncpus is set just 777 * after ncpunode has been determined. ncpus is set in start_other_cpus 778 * which is called after error_init() but may change dynamically. 779 */ 780 void 781 error_init(void) 782 { 783 char tmp_name[MAXSYSNAME]; 784 pnode_t node; 785 size_t size = cpu_aflt_size(); 786 787 /* 788 * Initialize the correctable and uncorrectable error queues. 789 */ 790 ue_queue = errorq_create("ue_queue", (errorq_func_t)ue_drain, NULL, 791 MAX_ASYNC_FLTS * (max_ncpus + 1), size, PIL_2, ERRORQ_VITAL); 792 793 ce_queue = errorq_create("ce_queue", (errorq_func_t)ce_drain, NULL, 794 MAX_CE_FLTS * (max_ncpus + 1), size, PIL_1, 0); 795 796 errh_queue = errorq_create("errh_queue", (errorq_func_t)errh_drain, 797 NULL, CPU_RQ_ENTRIES, sizeof (errh_er_t), PIL_1, 0); 798 799 if (ue_queue == NULL || ce_queue == NULL || errh_queue == NULL) 800 panic("failed to create required system error queue"); 801 802 /* 803 * Setup interrupt handler for power-off button. 804 */ 805 err_shutdown_inum = add_softintr(PIL_9, 806 (softintrfunc)err_shutdown_softintr, NULL, SOFTINT_ST); 807 808 /* 809 * Initialize the busfunc list mutex. This must be a PIL_15 spin lock 810 * because we will need to acquire it from cpu_async_error(). 811 */ 812 mutex_init(&bfd_lock, NULL, MUTEX_SPIN, (void *)PIL_15); 813 814 /* Only allow one cpu at a time to dump errh errors. */ 815 mutex_init(&errh_print_lock, NULL, MUTEX_SPIN, (void *)PIL_15); 816 817 node = prom_rootnode(); 818 if ((node == OBP_NONODE) || (node == OBP_BADNODE)) { 819 cmn_err(CE_CONT, "error_init: node 0x%x\n", (uint_t)node); 820 return; 821 } 822 823 if (((size = prom_getproplen(node, "reset-reason")) != -1) && 824 (size <= MAXSYSNAME) && 825 (prom_getprop(node, "reset-reason", tmp_name) != -1)) { 826 if (reset_debug) { 827 cmn_err(CE_CONT, "System booting after %s\n", tmp_name); 828 } else if (strncmp(tmp_name, "FATAL", 5) == 0) { 829 cmn_err(CE_CONT, 830 "System booting after fatal error %s\n", tmp_name); 831 } 832 } 833 } 834 835 /* 836 * Nonresumable queue is full, panic here 837 */ 838 /*ARGSUSED*/ 839 void 840 nrq_overflow(struct regs *rp) 841 { 842 fm_panic("Nonresumable queue full"); 843 } 844 845 /* 846 * This is the place for special error handling for individual errors. 847 */ 848 static void 849 errh_handle_attr(errh_async_flt_t *errh_fltp) 850 { 851 switch (errh_fltp->errh_er.attr & ~ERRH_MODE_MASK) { 852 case ERRH_ATTR_CPU: 853 case ERRH_ATTR_MEM: 854 case ERRH_ATTR_PIO: 855 case ERRH_ATTR_IRF: 856 case ERRH_ATTR_FRF: 857 case ERRH_ATTR_SHUT: 858 break; 859 860 case ERRH_ATTR_ASR: 861 errh_handle_asr(errh_fltp); 862 break; 863 864 case ERRH_ATTR_ASI: 865 case ERRH_ATTR_PREG: 866 case ERRH_ATTR_RQF: 867 break; 868 869 default: 870 break; 871 } 872 } 873 874 /* 875 * Handle ASR bit set in ATTR 876 */ 877 static void 878 errh_handle_asr(errh_async_flt_t *errh_fltp) 879 { 880 uint64_t current_tick; 881 882 switch (errh_fltp->errh_er.reg) { 883 case ASR_REG_VALID | ASR_REG_TICK: 884 /* 885 * For Tick Compare Register error, it only happens when 886 * the register is being read or compared with the %tick 887 * register. Since we lost the contents of the register, 888 * we set the %tick_compr in the future. An interrupt will 889 * happen when %tick matches the value field of %tick_compr. 890 */ 891 current_tick = (uint64_t)gettick(); 892 tickcmpr_set(current_tick); 893 /* Do not panic */ 894 errh_fltp->cmn_asyncflt.flt_panic = 0; 895 break; 896 897 default: 898 break; 899 } 900 } 901 902 /* 903 * Handle a SP state change. 904 */ 905 static void 906 errh_handle_sp(errh_er_t *errh_erp) 907 { 908 uint8_t sp_state; 909 910 sp_state = (errh_erp->attr & ERRH_SP_MASK) >> ERRH_SP_SHIFT; 911 912 sp_ereport_post(sp_state); 913 } 914 915 /* 916 * Dump the error packet 917 */ 918 /*ARGSUSED*/ 919 static void 920 errh_er_print(errh_er_t *errh_erp, const char *queue) 921 { 922 typedef union { 923 uint64_t w; 924 uint16_t s[4]; 925 } errhp_t; 926 errhp_t *p = (errhp_t *)errh_erp; 927 int i; 928 929 mutex_enter(&errh_print_lock); 930 switch (errh_erp->desc) { 931 case ERRH_DESC_UCOR_RE: 932 cmn_err(CE_CONT, "\nResumable Uncorrectable Error "); 933 break; 934 case ERRH_DESC_PR_NRE: 935 cmn_err(CE_CONT, "\nNonresumable Precise Error "); 936 break; 937 case ERRH_DESC_DEF_NRE: 938 cmn_err(CE_CONT, "\nNonresumable Deferred Error "); 939 break; 940 default: 941 cmn_err(CE_CONT, "\nError packet "); 942 break; 943 } 944 cmn_err(CE_CONT, "received on %s\n", queue); 945 946 /* 947 * Print Q_ENTRY_SIZE bytes of epacket with 8 bytes per line 948 */ 949 for (i = Q_ENTRY_SIZE; i > 0; i -= 8, ++p) { 950 cmn_err(CE_CONT, "%016lx: %04x %04x %04x %04x\n", (uint64_t)p, 951 p->s[0], p->s[1], p->s[2], p->s[3]); 952 } 953 mutex_exit(&errh_print_lock); 954 } 955 956 static void 957 sp_ereport_post(uint8_t sp_state) 958 { 959 nvlist_t *ereport, *detector; 960 char *str = NULL; 961 962 switch (sp_state) { 963 case ERRH_SP_FAULTED: 964 str = "chassis.sp.unavailable"; 965 break; 966 967 case ERRH_SP_NOT_PRESENT: 968 /* 969 * It is expected that removal of the SP will be undertaken 970 * in response to an existing service action. Diagnosing 971 * a fault in response to notification that the SP is 972 * missing is therefore undesired. In the future the fault 973 * management architecture may be updated to support more 974 * appropriate alert events. When that happens this code 975 * should be revisited. 976 */ 977 return; 978 979 case ERRH_SP_AVAILABLE: 980 /* 981 * Hypervisor does not send an epkt for this case 982 * so this should never happen. 983 */ 984 cmn_err(CE_WARN, "Received unexpected notification " 985 "that the SP is available."); 986 return; 987 988 default: 989 cmn_err(CE_WARN, "Invalid SP state 0x%x. No ereport posted.\n", 990 sp_state); 991 return; 992 } 993 994 ereport = fm_nvlist_create(NULL); 995 detector = fm_nvlist_create(NULL); 996 997 /* 998 * Create an HC-scheme detector FMRI. 999 */ 1000 fm_fmri_hc_set(detector, FM_HC_SCHEME_VERSION, NULL, NULL, 1, 1001 "chassis", 0); 1002 1003 fm_ereport_set(ereport, FM_EREPORT_VERSION, str, 1004 fm_ena_generate(0, FM_ENA_FMT1), detector, NULL); 1005 1006 (void) fm_ereport_post(ereport, EVCH_TRYHARD); 1007 1008 fm_nvlist_destroy(ereport, FM_NVA_FREE); 1009 fm_nvlist_destroy(detector, FM_NVA_FREE); 1010 } 1011