xref: /linux/arch/powerpc/platforms/pseries/ras.c (revision 2ba9268dd603d23e17643437b2246acb6844953b)
1 /*
2  * Copyright (C) 2001 Dave Engebretsen IBM Corporation
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
17  */
18 
19 #include <linux/sched.h>
20 #include <linux/interrupt.h>
21 #include <linux/irq.h>
22 #include <linux/of.h>
23 #include <linux/fs.h>
24 #include <linux/reboot.h>
25 
26 #include <asm/machdep.h>
27 #include <asm/rtas.h>
28 #include <asm/firmware.h>
29 
30 #include "pseries.h"
31 
32 static unsigned char ras_log_buf[RTAS_ERROR_LOG_MAX];
33 static DEFINE_SPINLOCK(ras_log_buf_lock);
34 
35 static char global_mce_data_buf[RTAS_ERROR_LOG_MAX];
36 static DEFINE_PER_CPU(__u64, mce_data_buf);
37 
38 static int ras_check_exception_token;
39 
40 #define EPOW_SENSOR_TOKEN	9
41 #define EPOW_SENSOR_INDEX	0
42 
43 static irqreturn_t ras_epow_interrupt(int irq, void *dev_id);
44 static irqreturn_t ras_error_interrupt(int irq, void *dev_id);
45 
46 
47 /*
48  * Initialize handlers for the set of interrupts caused by hardware errors
49  * and power system events.
50  */
51 static int __init init_ras_IRQ(void)
52 {
53 	struct device_node *np;
54 
55 	ras_check_exception_token = rtas_token("check-exception");
56 
57 	/* Internal Errors */
58 	np = of_find_node_by_path("/event-sources/internal-errors");
59 	if (np != NULL) {
60 		request_event_sources_irqs(np, ras_error_interrupt,
61 					   "RAS_ERROR");
62 		of_node_put(np);
63 	}
64 
65 	/* EPOW Events */
66 	np = of_find_node_by_path("/event-sources/epow-events");
67 	if (np != NULL) {
68 		request_event_sources_irqs(np, ras_epow_interrupt, "RAS_EPOW");
69 		of_node_put(np);
70 	}
71 
72 	return 0;
73 }
74 machine_subsys_initcall(pseries, init_ras_IRQ);
75 
76 #define EPOW_SHUTDOWN_NORMAL				1
77 #define EPOW_SHUTDOWN_ON_UPS				2
78 #define EPOW_SHUTDOWN_LOSS_OF_CRITICAL_FUNCTIONS	3
79 #define EPOW_SHUTDOWN_AMBIENT_TEMPERATURE_TOO_HIGH	4
80 
81 static void handle_system_shutdown(char event_modifier)
82 {
83 	switch (event_modifier) {
84 	case EPOW_SHUTDOWN_NORMAL:
85 		pr_emerg("Firmware initiated power off");
86 		orderly_poweroff(true);
87 		break;
88 
89 	case EPOW_SHUTDOWN_ON_UPS:
90 		pr_emerg("Loss of power reported by firmware, system is "
91 			"running on UPS/battery");
92 		pr_emerg("Check RTAS error log for details");
93 		orderly_poweroff(true);
94 		break;
95 
96 	case EPOW_SHUTDOWN_LOSS_OF_CRITICAL_FUNCTIONS:
97 		pr_emerg("Loss of system critical functions reported by "
98 			"firmware");
99 		pr_emerg("Check RTAS error log for details");
100 		orderly_poweroff(true);
101 		break;
102 
103 	case EPOW_SHUTDOWN_AMBIENT_TEMPERATURE_TOO_HIGH:
104 		pr_emerg("Ambient temperature too high reported by firmware");
105 		pr_emerg("Check RTAS error log for details");
106 		orderly_poweroff(true);
107 		break;
108 
109 	default:
110 		pr_err("Unknown power/cooling shutdown event (modifier %d)",
111 			event_modifier);
112 	}
113 }
114 
115 struct epow_errorlog {
116 	unsigned char sensor_value;
117 	unsigned char event_modifier;
118 	unsigned char extended_modifier;
119 	unsigned char reserved;
120 	unsigned char platform_reason;
121 };
122 
123 #define EPOW_RESET			0
124 #define EPOW_WARN_COOLING		1
125 #define EPOW_WARN_POWER			2
126 #define EPOW_SYSTEM_SHUTDOWN		3
127 #define EPOW_SYSTEM_HALT		4
128 #define EPOW_MAIN_ENCLOSURE		5
129 #define EPOW_POWER_OFF			7
130 
131 static void rtas_parse_epow_errlog(struct rtas_error_log *log)
132 {
133 	struct pseries_errorlog *pseries_log;
134 	struct epow_errorlog *epow_log;
135 	char action_code;
136 	char modifier;
137 
138 	pseries_log = get_pseries_errorlog(log, PSERIES_ELOG_SECT_ID_EPOW);
139 	if (pseries_log == NULL)
140 		return;
141 
142 	epow_log = (struct epow_errorlog *)pseries_log->data;
143 	action_code = epow_log->sensor_value & 0xF;	/* bottom 4 bits */
144 	modifier = epow_log->event_modifier & 0xF;	/* bottom 4 bits */
145 
146 	switch (action_code) {
147 	case EPOW_RESET:
148 		pr_err("Non critical power or cooling issue cleared");
149 		break;
150 
151 	case EPOW_WARN_COOLING:
152 		pr_err("Non critical cooling issue reported by firmware");
153 		pr_err("Check RTAS error log for details");
154 		break;
155 
156 	case EPOW_WARN_POWER:
157 		pr_err("Non critical power issue reported by firmware");
158 		pr_err("Check RTAS error log for details");
159 		break;
160 
161 	case EPOW_SYSTEM_SHUTDOWN:
162 		handle_system_shutdown(epow_log->event_modifier);
163 		break;
164 
165 	case EPOW_SYSTEM_HALT:
166 		pr_emerg("Firmware initiated power off");
167 		orderly_poweroff(true);
168 		break;
169 
170 	case EPOW_MAIN_ENCLOSURE:
171 	case EPOW_POWER_OFF:
172 		pr_emerg("Critical power/cooling issue reported by firmware");
173 		pr_emerg("Check RTAS error log for details");
174 		pr_emerg("Immediate power off");
175 		emergency_sync();
176 		kernel_power_off();
177 		break;
178 
179 	default:
180 		pr_err("Unknown power/cooling event (action code %d)",
181 			action_code);
182 	}
183 }
184 
185 /* Handle environmental and power warning (EPOW) interrupts. */
186 static irqreturn_t ras_epow_interrupt(int irq, void *dev_id)
187 {
188 	int status;
189 	int state;
190 	int critical;
191 
192 	status = rtas_get_sensor(EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX, &state);
193 
194 	if (state > 3)
195 		critical = 1;		/* Time Critical */
196 	else
197 		critical = 0;
198 
199 	spin_lock(&ras_log_buf_lock);
200 
201 	status = rtas_call(ras_check_exception_token, 6, 1, NULL,
202 			   RTAS_VECTOR_EXTERNAL_INTERRUPT,
203 			   virq_to_hw(irq),
204 			   RTAS_EPOW_WARNING,
205 			   critical, __pa(&ras_log_buf),
206 				rtas_get_error_log_max());
207 
208 	log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, 0);
209 
210 	rtas_parse_epow_errlog((struct rtas_error_log *)ras_log_buf);
211 
212 	spin_unlock(&ras_log_buf_lock);
213 	return IRQ_HANDLED;
214 }
215 
216 /*
217  * Handle hardware error interrupts.
218  *
219  * RTAS check-exception is called to collect data on the exception.  If
220  * the error is deemed recoverable, we log a warning and return.
221  * For nonrecoverable errors, an error is logged and we stop all processing
222  * as quickly as possible in order to prevent propagation of the failure.
223  */
224 static irqreturn_t ras_error_interrupt(int irq, void *dev_id)
225 {
226 	struct rtas_error_log *rtas_elog;
227 	int status;
228 	int fatal;
229 
230 	spin_lock(&ras_log_buf_lock);
231 
232 	status = rtas_call(ras_check_exception_token, 6, 1, NULL,
233 			   RTAS_VECTOR_EXTERNAL_INTERRUPT,
234 			   virq_to_hw(irq),
235 			   RTAS_INTERNAL_ERROR, 1 /* Time Critical */,
236 			   __pa(&ras_log_buf),
237 				rtas_get_error_log_max());
238 
239 	rtas_elog = (struct rtas_error_log *)ras_log_buf;
240 
241 	if (status == 0 &&
242 	    rtas_error_severity(rtas_elog) >= RTAS_SEVERITY_ERROR_SYNC)
243 		fatal = 1;
244 	else
245 		fatal = 0;
246 
247 	/* format and print the extended information */
248 	log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, fatal);
249 
250 	if (fatal) {
251 		pr_emerg("Fatal hardware error reported by firmware");
252 		pr_emerg("Check RTAS error log for details");
253 		pr_emerg("Immediate power off");
254 		emergency_sync();
255 		kernel_power_off();
256 	} else {
257 		pr_err("Recoverable hardware error reported by firmware");
258 	}
259 
260 	spin_unlock(&ras_log_buf_lock);
261 	return IRQ_HANDLED;
262 }
263 
264 /*
265  * Some versions of FWNMI place the buffer inside the 4kB page starting at
266  * 0x7000. Other versions place it inside the rtas buffer. We check both.
267  */
268 #define VALID_FWNMI_BUFFER(A) \
269 	((((A) >= 0x7000) && ((A) < 0x7ff0)) || \
270 	(((A) >= rtas.base) && ((A) < (rtas.base + rtas.size - 16))))
271 
272 /*
273  * Get the error information for errors coming through the
274  * FWNMI vectors.  The pt_regs' r3 will be updated to reflect
275  * the actual r3 if possible, and a ptr to the error log entry
276  * will be returned if found.
277  *
278  * If the RTAS error is not of the extended type, then we put it in a per
279  * cpu 64bit buffer. If it is the extended type we use global_mce_data_buf.
280  *
281  * The global_mce_data_buf does not have any locks or protection around it,
282  * if a second machine check comes in, or a system reset is done
283  * before we have logged the error, then we will get corruption in the
284  * error log.  This is preferable over holding off on calling
285  * ibm,nmi-interlock which would result in us checkstopping if a
286  * second machine check did come in.
287  */
288 static struct rtas_error_log *fwnmi_get_errinfo(struct pt_regs *regs)
289 {
290 	unsigned long *savep;
291 	struct rtas_error_log *h, *errhdr = NULL;
292 
293 	/* Mask top two bits */
294 	regs->gpr[3] &= ~(0x3UL << 62);
295 
296 	if (!VALID_FWNMI_BUFFER(regs->gpr[3])) {
297 		printk(KERN_ERR "FWNMI: corrupt r3 0x%016lx\n", regs->gpr[3]);
298 		return NULL;
299 	}
300 
301 	savep = __va(regs->gpr[3]);
302 	regs->gpr[3] = savep[0];	/* restore original r3 */
303 
304 	/* If it isn't an extended log we can use the per cpu 64bit buffer */
305 	h = (struct rtas_error_log *)&savep[1];
306 	if (!rtas_error_extended(h)) {
307 		memcpy(this_cpu_ptr(&mce_data_buf), h, sizeof(__u64));
308 		errhdr = (struct rtas_error_log *)this_cpu_ptr(&mce_data_buf);
309 	} else {
310 		int len, error_log_length;
311 
312 		error_log_length = 8 + rtas_error_extended_log_length(h);
313 		len = max_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
314 		memset(global_mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
315 		memcpy(global_mce_data_buf, h, len);
316 		errhdr = (struct rtas_error_log *)global_mce_data_buf;
317 	}
318 
319 	return errhdr;
320 }
321 
322 /* Call this when done with the data returned by FWNMI_get_errinfo.
323  * It will release the saved data area for other CPUs in the
324  * partition to receive FWNMI errors.
325  */
326 static void fwnmi_release_errinfo(void)
327 {
328 	int ret = rtas_call(rtas_token("ibm,nmi-interlock"), 0, 1, NULL);
329 	if (ret != 0)
330 		printk(KERN_ERR "FWNMI: nmi-interlock failed: %d\n", ret);
331 }
332 
333 int pSeries_system_reset_exception(struct pt_regs *regs)
334 {
335 	if (fwnmi_active) {
336 		struct rtas_error_log *errhdr = fwnmi_get_errinfo(regs);
337 		if (errhdr) {
338 			/* XXX Should look at FWNMI information */
339 		}
340 		fwnmi_release_errinfo();
341 	}
342 	return 0; /* need to perform reset */
343 }
344 
345 /*
346  * See if we can recover from a machine check exception.
347  * This is only called on power4 (or above) and only via
348  * the Firmware Non-Maskable Interrupts (fwnmi) handler
349  * which provides the error analysis for us.
350  *
351  * Return 1 if corrected (or delivered a signal).
352  * Return 0 if there is nothing we can do.
353  */
354 static int recover_mce(struct pt_regs *regs, struct rtas_error_log *err)
355 {
356 	int recovered = 0;
357 	int disposition = rtas_error_disposition(err);
358 
359 	if (!(regs->msr & MSR_RI)) {
360 		/* If MSR_RI isn't set, we cannot recover */
361 		recovered = 0;
362 
363 	} else if (disposition == RTAS_DISP_FULLY_RECOVERED) {
364 		/* Platform corrected itself */
365 		recovered = 1;
366 
367 	} else if (disposition == RTAS_DISP_LIMITED_RECOVERY) {
368 		/* Platform corrected itself but could be degraded */
369 		printk(KERN_ERR "MCE: limited recovery, system may "
370 		       "be degraded\n");
371 		recovered = 1;
372 
373 	} else if (user_mode(regs) && !is_global_init(current) &&
374 		   rtas_error_severity(err) == RTAS_SEVERITY_ERROR_SYNC) {
375 
376 		/*
377 		 * If we received a synchronous error when in userspace
378 		 * kill the task. Firmware may report details of the fail
379 		 * asynchronously, so we can't rely on the target and type
380 		 * fields being valid here.
381 		 */
382 		printk(KERN_ERR "MCE: uncorrectable error, killing task "
383 		       "%s:%d\n", current->comm, current->pid);
384 
385 		_exception(SIGBUS, regs, BUS_MCEERR_AR, regs->nip);
386 		recovered = 1;
387 	}
388 
389 	log_error((char *)err, ERR_TYPE_RTAS_LOG, 0);
390 
391 	return recovered;
392 }
393 
394 /*
395  * Handle a machine check.
396  *
397  * Note that on Power 4 and beyond Firmware Non-Maskable Interrupts (fwnmi)
398  * should be present.  If so the handler which called us tells us if the
399  * error was recovered (never true if RI=0).
400  *
401  * On hardware prior to Power 4 these exceptions were asynchronous which
402  * means we can't tell exactly where it occurred and so we can't recover.
403  */
404 int pSeries_machine_check_exception(struct pt_regs *regs)
405 {
406 	struct rtas_error_log *errp;
407 
408 	if (fwnmi_active) {
409 		errp = fwnmi_get_errinfo(regs);
410 		fwnmi_release_errinfo();
411 		if (errp && recover_mce(regs, errp))
412 			return 1;
413 	}
414 
415 	return 0;
416 }
417