xref: /linux/arch/powerpc/platforms/pseries/ras.c (revision ae3a197e3d0bfe3f4bf1693723e82dc018c096f3) 
1 /*
2  * Copyright (C) 2001 Dave Engebretsen IBM Corporation
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
17  */
18 
19 /* Change Activity:
20  * 2001/09/21 : engebret : Created with minimal EPOW and HW exception support.
21  * End Change Activity
22  */
23 
24 #include <linux/errno.h>
25 #include <linux/threads.h>
26 #include <linux/kernel_stat.h>
27 #include <linux/signal.h>
28 #include <linux/sched.h>
29 #include <linux/ioport.h>
30 #include <linux/interrupt.h>
31 #include <linux/timex.h>
32 #include <linux/init.h>
33 #include <linux/delay.h>
34 #include <linux/irq.h>
35 #include <linux/random.h>
36 #include <linux/sysrq.h>
37 #include <linux/bitops.h>
38 
39 #include <asm/uaccess.h>
40 #include <asm/io.h>
41 #include <asm/pgtable.h>
42 #include <asm/irq.h>
43 #include <asm/cache.h>
44 #include <asm/prom.h>
45 #include <asm/ptrace.h>
46 #include <asm/machdep.h>
47 #include <asm/rtas.h>
48 #include <asm/udbg.h>
49 #include <asm/firmware.h>
50 
51 #include "pseries.h"
52 
53 static unsigned char ras_log_buf[RTAS_ERROR_LOG_MAX];
54 static DEFINE_SPINLOCK(ras_log_buf_lock);
55 
56 static char global_mce_data_buf[RTAS_ERROR_LOG_MAX];
57 static DEFINE_PER_CPU(__u64, mce_data_buf);
58 
59 static int ras_get_sensor_state_token;
60 static int ras_check_exception_token;
61 
62 #define EPOW_SENSOR_TOKEN	9
63 #define EPOW_SENSOR_INDEX	0
64 
65 static irqreturn_t ras_epow_interrupt(int irq, void *dev_id);
66 static irqreturn_t ras_error_interrupt(int irq, void *dev_id);
67 
68 
69 /*
70  * Initialize handlers for the set of interrupts caused by hardware errors
71  * and power system events.
72  */
73 static int __init init_ras_IRQ(void)
74 {
75 	struct device_node *np;
76 
77 	ras_get_sensor_state_token = rtas_token("get-sensor-state");
78 	ras_check_exception_token = rtas_token("check-exception");
79 
80 	/* Internal Errors */
81 	np = of_find_node_by_path("/event-sources/internal-errors");
82 	if (np != NULL) {
83 		request_event_sources_irqs(np, ras_error_interrupt,
84 					   "RAS_ERROR");
85 		of_node_put(np);
86 	}
87 
88 	/* EPOW Events */
89 	np = of_find_node_by_path("/event-sources/epow-events");
90 	if (np != NULL) {
91 		request_event_sources_irqs(np, ras_epow_interrupt, "RAS_EPOW");
92 		of_node_put(np);
93 	}
94 
95 	return 0;
96 }
97 __initcall(init_ras_IRQ);
98 
99 /*
100  * Handle power subsystem events (EPOW).
101  *
102  * Presently we just log the event has occurred.  This should be fixed
103  * to examine the type of power failure and take appropriate action where
104  * the time horizon permits something useful to be done.
105  */
106 static irqreturn_t ras_epow_interrupt(int irq, void *dev_id)
107 {
108 	int status = 0xdeadbeef;
109 	int state = 0;
110 	int critical;
111 
112 	status = rtas_call(ras_get_sensor_state_token, 2, 2, &state,
113 			   EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX);
114 
115 	if (state > 3)
116 		critical = 1;  /* Time Critical */
117 	else
118 		critical = 0;
119 
120 	spin_lock(&ras_log_buf_lock);
121 
122 	status = rtas_call(ras_check_exception_token, 6, 1, NULL,
123 			   RTAS_VECTOR_EXTERNAL_INTERRUPT,
124 			   virq_to_hw(irq),
125 			   RTAS_EPOW_WARNING | RTAS_POWERMGM_EVENTS,
126 			   critical, __pa(&ras_log_buf),
127 				rtas_get_error_log_max());
128 
129 	udbg_printf("EPOW <0x%lx 0x%x 0x%x>\n",
130 		    *((unsigned long *)&ras_log_buf), status, state);
131 	printk(KERN_WARNING "EPOW <0x%lx 0x%x 0x%x>\n",
132 	       *((unsigned long *)&ras_log_buf), status, state);
133 
134 	/* format and print the extended information */
135 	log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, 0);
136 
137 	spin_unlock(&ras_log_buf_lock);
138 	return IRQ_HANDLED;
139 }
140 
141 /*
142  * Handle hardware error interrupts.
143  *
144  * RTAS check-exception is called to collect data on the exception.  If
145  * the error is deemed recoverable, we log a warning and return.
146  * For nonrecoverable errors, an error is logged and we stop all processing
147  * as quickly as possible in order to prevent propagation of the failure.
148  */
149 static irqreturn_t ras_error_interrupt(int irq, void *dev_id)
150 {
151 	struct rtas_error_log *rtas_elog;
152 	int status = 0xdeadbeef;
153 	int fatal;
154 
155 	spin_lock(&ras_log_buf_lock);
156 
157 	status = rtas_call(ras_check_exception_token, 6, 1, NULL,
158 			   RTAS_VECTOR_EXTERNAL_INTERRUPT,
159 			   virq_to_hw(irq),
160 			   RTAS_INTERNAL_ERROR, 1 /*Time Critical */,
161 			   __pa(&ras_log_buf),
162 				rtas_get_error_log_max());
163 
164 	rtas_elog = (struct rtas_error_log *)ras_log_buf;
165 
166 	if ((status == 0) && (rtas_elog->severity >= RTAS_SEVERITY_ERROR_SYNC))
167 		fatal = 1;
168 	else
169 		fatal = 0;
170 
171 	/* format and print the extended information */
172 	log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, fatal);
173 
174 	if (fatal) {
175 		udbg_printf("Fatal HW Error <0x%lx 0x%x>\n",
176 			    *((unsigned long *)&ras_log_buf), status);
177 		printk(KERN_EMERG "Error: Fatal hardware error <0x%lx 0x%x>\n",
178 		       *((unsigned long *)&ras_log_buf), status);
179 
180 #ifndef DEBUG_RTAS_POWER_OFF
181 		/* Don't actually power off when debugging so we can test
182 		 * without actually failing while injecting errors.
183 		 * Error data will not be logged to syslog.
184 		 */
185 		ppc_md.power_off();
186 #endif
187 	} else {
188 		udbg_printf("Recoverable HW Error <0x%lx 0x%x>\n",
189 			    *((unsigned long *)&ras_log_buf), status);
190 		printk(KERN_WARNING
191 		       "Warning: Recoverable hardware error <0x%lx 0x%x>\n",
192 		       *((unsigned long *)&ras_log_buf), status);
193 	}
194 
195 	spin_unlock(&ras_log_buf_lock);
196 	return IRQ_HANDLED;
197 }
198 
199 /*
200  * Some versions of FWNMI place the buffer inside the 4kB page starting at
201  * 0x7000. Other versions place it inside the rtas buffer. We check both.
202  */
203 #define VALID_FWNMI_BUFFER(A) \
204 	((((A) >= 0x7000) && ((A) < 0x7ff0)) || \
205 	(((A) >= rtas.base) && ((A) < (rtas.base + rtas.size - 16))))
206 
207 /*
208  * Get the error information for errors coming through the
209  * FWNMI vectors.  The pt_regs' r3 will be updated to reflect
210  * the actual r3 if possible, and a ptr to the error log entry
211  * will be returned if found.
212  *
213  * If the RTAS error is not of the extended type, then we put it in a per
214  * cpu 64bit buffer. If it is the extended type we use global_mce_data_buf.
215  *
216  * The global_mce_data_buf does not have any locks or protection around it,
217  * if a second machine check comes in, or a system reset is done
218  * before we have logged the error, then we will get corruption in the
219  * error log.  This is preferable over holding off on calling
220  * ibm,nmi-interlock which would result in us checkstopping if a
221  * second machine check did come in.
222  */
223 static struct rtas_error_log *fwnmi_get_errinfo(struct pt_regs *regs)
224 {
225 	unsigned long *savep;
226 	struct rtas_error_log *h, *errhdr = NULL;
227 
228 	if (!VALID_FWNMI_BUFFER(regs->gpr[3])) {
229 		printk(KERN_ERR "FWNMI: corrupt r3 0x%016lx\n", regs->gpr[3]);
230 		return NULL;
231 	}
232 
233 	savep = __va(regs->gpr[3]);
234 	regs->gpr[3] = savep[0];	/* restore original r3 */
235 
236 	/* If it isn't an extended log we can use the per cpu 64bit buffer */
237 	h = (struct rtas_error_log *)&savep[1];
238 	if (!h->extended) {
239 		memcpy(&__get_cpu_var(mce_data_buf), h, sizeof(__u64));
240 		errhdr = (struct rtas_error_log *)&__get_cpu_var(mce_data_buf);
241 	} else {
242 		int len;
243 
244 		len = max_t(int, 8+h->extended_log_length, RTAS_ERROR_LOG_MAX);
245 		memset(global_mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
246 		memcpy(global_mce_data_buf, h, len);
247 		errhdr = (struct rtas_error_log *)global_mce_data_buf;
248 	}
249 
250 	return errhdr;
251 }
252 
253 /* Call this when done with the data returned by FWNMI_get_errinfo.
254  * It will release the saved data area for other CPUs in the
255  * partition to receive FWNMI errors.
256  */
257 static void fwnmi_release_errinfo(void)
258 {
259 	int ret = rtas_call(rtas_token("ibm,nmi-interlock"), 0, 1, NULL);
260 	if (ret != 0)
261 		printk(KERN_ERR "FWNMI: nmi-interlock failed: %d\n", ret);
262 }
263 
264 int pSeries_system_reset_exception(struct pt_regs *regs)
265 {
266 	if (fwnmi_active) {
267 		struct rtas_error_log *errhdr = fwnmi_get_errinfo(regs);
268 		if (errhdr) {
269 			/* XXX Should look at FWNMI information */
270 		}
271 		fwnmi_release_errinfo();
272 	}
273 	return 0; /* need to perform reset */
274 }
275 
276 /*
277  * See if we can recover from a machine check exception.
278  * This is only called on power4 (or above) and only via
279  * the Firmware Non-Maskable Interrupts (fwnmi) handler
280  * which provides the error analysis for us.
281  *
282  * Return 1 if corrected (or delivered a signal).
283  * Return 0 if there is nothing we can do.
284  */
285 static int recover_mce(struct pt_regs *regs, struct rtas_error_log *err)
286 {
287 	int recovered = 0;
288 
289 	if (!(regs->msr & MSR_RI)) {
290 		/* If MSR_RI isn't set, we cannot recover */
291 		recovered = 0;
292 
293 	} else if (err->disposition == RTAS_DISP_FULLY_RECOVERED) {
294 		/* Platform corrected itself */
295 		recovered = 1;
296 
297 	} else if (err->disposition == RTAS_DISP_LIMITED_RECOVERY) {
298 		/* Platform corrected itself but could be degraded */
299 		printk(KERN_ERR "MCE: limited recovery, system may "
300 		       "be degraded\n");
301 		recovered = 1;
302 
303 	} else if (user_mode(regs) && !is_global_init(current) &&
304 		   err->severity == RTAS_SEVERITY_ERROR_SYNC) {
305 
306 		/*
307 		 * If we received a synchronous error when in userspace
308 		 * kill the task. Firmware may report details of the fail
309 		 * asynchronously, so we can't rely on the target and type
310 		 * fields being valid here.
311 		 */
312 		printk(KERN_ERR "MCE: uncorrectable error, killing task "
313 		       "%s:%d\n", current->comm, current->pid);
314 
315 		_exception(SIGBUS, regs, BUS_MCEERR_AR, regs->nip);
316 		recovered = 1;
317 	}
318 
319 	log_error((char *)err, ERR_TYPE_RTAS_LOG, 0);
320 
321 	return recovered;
322 }
323 
324 /*
325  * Handle a machine check.
326  *
327  * Note that on Power 4 and beyond Firmware Non-Maskable Interrupts (fwnmi)
328  * should be present.  If so the handler which called us tells us if the
329  * error was recovered (never true if RI=0).
330  *
331  * On hardware prior to Power 4 these exceptions were asynchronous which
332  * means we can't tell exactly where it occurred and so we can't recover.
333  */
334 int pSeries_machine_check_exception(struct pt_regs *regs)
335 {
336 	struct rtas_error_log *errp;
337 
338 	if (fwnmi_active) {
339 		errp = fwnmi_get_errinfo(regs);
340 		fwnmi_release_errinfo();
341 		if (errp && recover_mce(regs, errp))
342 			return 1;
343 	}
344 
345 	return 0;
346 }
347