xref: /titanic_41/usr/src/uts/sun4/io/px/px_fm.c (revision d7bec57c3803769d0e8bf1960016b866617d455c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * PX Fault Management Architecture
28  */
29 #include <sys/types.h>
30 #include <sys/sunndi.h>
31 #include <sys/sunddi.h>
32 #include <sys/fm/protocol.h>
33 #include <sys/fm/util.h>
34 #include <sys/fm/io/pci.h>
35 #include <sys/membar.h>
36 #include "px_obj.h"
37 
38 extern uint_t px_ranges_phi_mask;
39 
40 #define	PX_PCIE_PANIC_BITS \
41 	(PCIE_AER_UCE_DLP | PCIE_AER_UCE_FCP | PCIE_AER_UCE_TO | \
42 	PCIE_AER_UCE_RO | PCIE_AER_UCE_MTLP | PCIE_AER_UCE_ECRC)
43 #define	PX_PCIE_NO_PANIC_BITS \
44 	(PCIE_AER_UCE_TRAINING | PCIE_AER_UCE_SD | PCIE_AER_UCE_CA | \
45 	PCIE_AER_UCE_UC | PCIE_AER_UCE_UR)
46 
47 /*
48  * Global panicing state variabled used to control if further error handling
49  * should occur.  If the system is already panic'ing or if PX itself has
50  * recommended panic'ing the system, no further error handling should occur to
51  * prevent the system from hanging.
52  */
53 boolean_t px_panicing = B_FALSE;
54 
55 static pf_data_t *px_get_pfd(px_t *px_p);
56 
57 static int px_pcie_ptlp(dev_info_t *dip, ddi_fm_error_t *derr,
58     px_err_pcie_t *regs);
59 
60 #if defined(DEBUG)
61 static void px_pcie_log(dev_info_t *dip, px_err_pcie_t *regs);
62 #else	/* DEBUG */
63 #define	px_pcie_log 0 &&
64 #endif	/* DEBUG */
65 
66 /*
67  * Initialize px FMA support
68  */
69 int
70 px_fm_attach(px_t *px_p)
71 {
72 	int		i;
73 	dev_info_t	*dip = px_p->px_dip;
74 	pcie_bus_t	*bus_p;
75 
76 	px_p->px_fm_cap = DDI_FM_EREPORT_CAPABLE | DDI_FM_ERRCB_CAPABLE |
77 	    DDI_FM_ACCCHK_CAPABLE | DDI_FM_DMACHK_CAPABLE;
78 
79 	/*
80 	 * check parents' capability
81 	 */
82 	ddi_fm_init(dip, &px_p->px_fm_cap, &px_p->px_fm_ibc);
83 
84 	/*
85 	 * parents need to be ereport and error handling capable
86 	 */
87 	ASSERT(px_p->px_fm_cap &&
88 	    (DDI_FM_ERRCB_CAPABLE | DDI_FM_EREPORT_CAPABLE));
89 
90 	/*
91 	 * Initialize lock to synchronize fabric error handling
92 	 */
93 	mutex_init(&px_p->px_fm_mutex, NULL, MUTEX_DRIVER,
94 	    (void *)px_p->px_fm_ibc);
95 
96 	px_p->px_pfd_idx = 0;
97 	for (i = 0; i < 5; i++)
98 		pcie_rc_init_pfd(dip, &px_p->px_pfd_arr[i]);
99 	PCIE_DIP2PFD(dip) = px_p->px_pfd_arr;
100 
101 	bus_p = PCIE_DIP2BUS(dip);
102 	bus_p->bus_rp_bdf = px_p->px_bdf;
103 	bus_p->bus_rp_dip = dip;
104 
105 	/*
106 	 * register error callback in parent
107 	 */
108 	ddi_fm_handler_register(dip, px_fm_callback, px_p);
109 
110 	return (DDI_SUCCESS);
111 }
112 
113 /*
114  * Deregister FMA
115  */
116 void
117 px_fm_detach(px_t *px_p)
118 {
119 	int i;
120 
121 	ddi_fm_handler_unregister(px_p->px_dip);
122 	mutex_destroy(&px_p->px_fm_mutex);
123 	ddi_fm_fini(px_p->px_dip);
124 	for (i = 0; i < 5; i++)
125 		pcie_rc_fini_pfd(&px_p->px_pfd_arr[i]);
126 }
127 
128 /*
129  * Function used to setup access functions depending on level of desired
130  * protection.
131  */
132 void
133 px_fm_acc_setup(ddi_map_req_t *mp, dev_info_t *rdip, pci_regspec_t *rp)
134 {
135 	uchar_t fflag;
136 	ndi_err_t *errp;
137 	ddi_acc_hdl_t *hp;
138 	ddi_acc_impl_t *ap;
139 
140 	hp = mp->map_handlep;
141 	ap = (ddi_acc_impl_t *)hp->ah_platform_private;
142 	fflag = ap->ahi_common.ah_acc.devacc_attr_access;
143 
144 	if (mp->map_op == DDI_MO_MAP_LOCKED) {
145 		ndi_fmc_insert(rdip, ACC_HANDLE, (void *)hp, NULL);
146 		switch (fflag) {
147 		case DDI_FLAGERR_ACC:
148 			ap->ahi_get8 = i_ddi_prot_get8;
149 			ap->ahi_get16 = i_ddi_prot_get16;
150 			ap->ahi_get32 = i_ddi_prot_get32;
151 			ap->ahi_get64 = i_ddi_prot_get64;
152 			ap->ahi_put8 = i_ddi_prot_put8;
153 			ap->ahi_put16 = i_ddi_prot_put16;
154 			ap->ahi_put32 = i_ddi_prot_put32;
155 			ap->ahi_put64 = i_ddi_prot_put64;
156 			ap->ahi_rep_get8 = i_ddi_prot_rep_get8;
157 			ap->ahi_rep_get16 = i_ddi_prot_rep_get16;
158 			ap->ahi_rep_get32 = i_ddi_prot_rep_get32;
159 			ap->ahi_rep_get64 = i_ddi_prot_rep_get64;
160 			ap->ahi_rep_put8 = i_ddi_prot_rep_put8;
161 			ap->ahi_rep_put16 = i_ddi_prot_rep_put16;
162 			ap->ahi_rep_put32 = i_ddi_prot_rep_put32;
163 			ap->ahi_rep_put64 = i_ddi_prot_rep_put64;
164 			impl_acc_err_init(hp);
165 			errp = ((ddi_acc_impl_t *)hp)->ahi_err;
166 			if ((rp->pci_phys_hi & PCI_REG_ADDR_M) ==
167 			    PCI_ADDR_CONFIG)
168 				errp->err_cf = px_err_cfg_hdl_check;
169 			else
170 				errp->err_cf = px_err_pio_hdl_check;
171 			break;
172 		case DDI_CAUTIOUS_ACC :
173 			ap->ahi_get8 = i_ddi_caut_get8;
174 			ap->ahi_get16 = i_ddi_caut_get16;
175 			ap->ahi_get32 = i_ddi_caut_get32;
176 			ap->ahi_get64 = i_ddi_caut_get64;
177 			ap->ahi_put8 = i_ddi_caut_put8;
178 			ap->ahi_put16 = i_ddi_caut_put16;
179 			ap->ahi_put32 = i_ddi_caut_put32;
180 			ap->ahi_put64 = i_ddi_caut_put64;
181 			ap->ahi_rep_get8 = i_ddi_caut_rep_get8;
182 			ap->ahi_rep_get16 = i_ddi_caut_rep_get16;
183 			ap->ahi_rep_get32 = i_ddi_caut_rep_get32;
184 			ap->ahi_rep_get64 = i_ddi_caut_rep_get64;
185 			ap->ahi_rep_put8 = i_ddi_caut_rep_put8;
186 			ap->ahi_rep_put16 = i_ddi_caut_rep_put16;
187 			ap->ahi_rep_put32 = i_ddi_caut_rep_put32;
188 			ap->ahi_rep_put64 = i_ddi_caut_rep_put64;
189 			impl_acc_err_init(hp);
190 			errp = ((ddi_acc_impl_t *)hp)->ahi_err;
191 			if ((rp->pci_phys_hi & PCI_REG_ADDR_M) ==
192 			    PCI_ADDR_CONFIG)
193 				errp->err_cf = px_err_cfg_hdl_check;
194 			else
195 				errp->err_cf = px_err_pio_hdl_check;
196 			break;
197 		default:
198 			/* Illegal state, remove the handle from cache */
199 			ndi_fmc_remove(rdip, ACC_HANDLE, (void *)hp);
200 			break;
201 		}
202 	} else if (mp->map_op == DDI_MO_UNMAP) {
203 		ndi_fmc_remove(rdip, ACC_HANDLE, (void *)hp);
204 	}
205 }
206 
207 /*
208  * Function used to initialize FMA for our children nodes. Called
209  * through pci busops when child node calls ddi_fm_init.
210  */
211 /*ARGSUSED*/
212 int
213 px_fm_init_child(dev_info_t *dip, dev_info_t *cdip, int cap,
214     ddi_iblock_cookie_t *ibc_p)
215 {
216 	px_t *px_p = DIP_TO_STATE(dip);
217 
218 	ASSERT(ibc_p != NULL);
219 	*ibc_p = px_p->px_fm_ibc;
220 
221 	return (px_p->px_fm_cap);
222 }
223 
224 /*
225  * lock access for exclusive PCIe access
226  */
227 void
228 px_bus_enter(dev_info_t *dip, ddi_acc_handle_t handle)
229 {
230 	px_pec_t	*pec_p = ((px_t *)DIP_TO_STATE(dip))->px_pec_p;
231 
232 	/*
233 	 * Exclusive access has been used for cautious put/get,
234 	 * Both utilize i_ddi_ontrap which, on sparcv9, implements
235 	 * similar protection as what on_trap() does, and which calls
236 	 * membar  #Sync to flush out all cpu deferred errors
237 	 * prior to get/put operation, so here we're not calling
238 	 * membar  #Sync - a difference from what's in pci_bus_enter().
239 	 */
240 	mutex_enter(&pec_p->pec_pokefault_mutex);
241 	pec_p->pec_acc_hdl = handle;
242 }
243 
244 /*
245  * unlock access for exclusive PCIe access
246  */
247 /* ARGSUSED */
248 void
249 px_bus_exit(dev_info_t *dip, ddi_acc_handle_t handle)
250 {
251 	px_t		*px_p = DIP_TO_STATE(dip);
252 	px_pec_t	*pec_p = px_p->px_pec_p;
253 
254 	pec_p->pec_acc_hdl = NULL;
255 	mutex_exit(&pec_p->pec_pokefault_mutex);
256 }
257 
258 static uint64_t
259 px_in_addr_range(dev_info_t *dip, pci_ranges_t *ranges_p, uint64_t addr)
260 {
261 	uint64_t	addr_low, addr_high;
262 
263 	addr_low = (uint64_t)(ranges_p->parent_high & px_ranges_phi_mask) << 32;
264 	addr_low |= (uint64_t)ranges_p->parent_low;
265 	addr_high = addr_low + ((uint64_t)ranges_p->size_high << 32) +
266 	    (uint64_t)ranges_p->size_low;
267 
268 	DBG(DBG_ERR_INTR, dip, "Addr: 0x%llx high: 0x%llx low: 0x%llx\n",
269 	    addr, addr_high, addr_low);
270 
271 	if ((addr < addr_high) && (addr >= addr_low))
272 		return (addr_low);
273 
274 	return (0);
275 }
276 
277 /*
278  * PCI error callback which is registered with our parent to call
279  * for PCIe logging when the CPU traps due to PCIe Uncorrectable Errors
280  * and PCI BERR/TO/UE on IO Loads.
281  */
282 /*ARGSUSED*/
283 int
284 px_fm_callback(dev_info_t *dip, ddi_fm_error_t *derr, const void *impl_data)
285 {
286 	dev_info_t	*pdip = ddi_get_parent(dip);
287 	px_t		*px_p = (px_t *)impl_data;
288 	int		i, acc_type = 0;
289 	int		lookup, rc_err, fab_err;
290 	uint64_t	addr, base_addr;
291 	uint64_t	fault_addr = (uint64_t)derr->fme_bus_specific;
292 	pcie_req_id_t	bdf = PCIE_INVALID_BDF;
293 	pci_ranges_t	*ranges_p;
294 	int		range_len;
295 
296 	/*
297 	 * If the current thread already owns the px_fm_mutex, then we
298 	 * have encountered an error while processing a previous
299 	 * error.  Attempting to take the mutex again will cause the
300 	 * system to deadlock.
301 	 */
302 	if (px_p->px_fm_mutex_owner == curthread)
303 		return (DDI_FM_FATAL);
304 
305 	i_ddi_fm_handler_exit(pdip);
306 	if (px_fm_enter(px_p) != DDI_SUCCESS) {
307 		i_ddi_fm_handler_enter(pdip);
308 		return (DDI_FM_FATAL);
309 	}
310 
311 	/*
312 	 * Make sure this failed load came from this PCIe port.	 Check by
313 	 * matching the upper 32 bits of the address with the ranges property.
314 	 */
315 	range_len = px_p->px_ranges_length / sizeof (pci_ranges_t);
316 	i = 0;
317 	for (ranges_p = px_p->px_ranges_p; i < range_len; i++, ranges_p++) {
318 		base_addr = px_in_addr_range(dip, ranges_p, fault_addr);
319 		if (base_addr) {
320 			switch (ranges_p->child_high & PCI_ADDR_MASK) {
321 			case PCI_ADDR_CONFIG:
322 				acc_type = PF_ADDR_CFG;
323 				addr = NULL;
324 				bdf = (pcie_req_id_t)((fault_addr >> 12) &
325 				    0xFFFF);
326 				break;
327 			case PCI_ADDR_IO:
328 			case PCI_ADDR_MEM64:
329 			case PCI_ADDR_MEM32:
330 				acc_type = PF_ADDR_PIO;
331 				addr = fault_addr - base_addr;
332 				bdf = PCIE_INVALID_BDF;
333 				break;
334 			}
335 			break;
336 		}
337 	}
338 
339 	/* This address doesn't belong to this leaf, just return with OK */
340 	if (!acc_type) {
341 		px_fm_exit(px_p);
342 		i_ddi_fm_handler_enter(pdip);
343 		return (DDI_FM_OK);
344 	}
345 
346 	rc_err = px_err_cmn_intr(px_p, derr, PX_TRAP_CALL, PX_FM_BLOCK_ALL);
347 	lookup = pf_hdl_lookup(dip, derr->fme_ena, acc_type, (uint64_t)addr,
348 	    bdf);
349 
350 	px_rp_en_q(px_p, bdf, addr,
351 	    (PCI_STAT_R_MAST_AB | PCI_STAT_R_TARG_AB));
352 
353 	fab_err = px_scan_fabric(px_p, dip, derr);
354 
355 	px_fm_exit(px_p);
356 	i_ddi_fm_handler_enter(pdip);
357 
358 	if (!px_die)
359 		return (DDI_FM_OK);
360 
361 	if ((rc_err & (PX_PANIC | PX_PROTECTED)) ||
362 	    (fab_err & PF_ERR_FATAL_FLAGS) ||
363 	    (lookup == PF_HDL_NOTFOUND))
364 		return (DDI_FM_FATAL);
365 	else if ((rc_err == PX_NO_ERROR) && (fab_err == PF_ERR_NO_ERROR))
366 		return (DDI_FM_OK);
367 
368 	return (DDI_FM_NONFATAL);
369 }
370 
371 /*
372  * px_err_fabric_intr:
373  * Interrupt handler for PCIE fabric block.
374  * o lock
375  * o create derr
376  * o px_err_cmn_intr(leaf, with jbc)
377  * o send ereport(fire fmri, derr, payload = BDF)
378  * o dispatch (leaf)
379  * o unlock
380  * o handle error: fatal? fm_panic() : return INTR_CLAIMED)
381  */
382 /* ARGSUSED */
383 uint_t
384 px_err_fabric_intr(px_t *px_p, msgcode_t msg_code, pcie_req_id_t rid)
385 {
386 	dev_info_t	*rpdip = px_p->px_dip;
387 	int		rc_err, fab_err;
388 	ddi_fm_error_t	derr;
389 	uint32_t	rp_status;
390 	uint16_t	ce_source, ue_source;
391 
392 	if (px_fm_enter(px_p) != DDI_SUCCESS)
393 		goto done;
394 
395 	/* Create the derr */
396 	bzero(&derr, sizeof (ddi_fm_error_t));
397 	derr.fme_version = DDI_FME_VERSION;
398 	derr.fme_ena = fm_ena_generate(0, FM_ENA_FMT1);
399 	derr.fme_flag = DDI_FM_ERR_UNEXPECTED;
400 
401 	px_err_safeacc_check(px_p, &derr);
402 
403 	if (msg_code == PCIE_MSG_CODE_ERR_COR) {
404 		rp_status = PCIE_AER_RE_STS_CE_RCVD;
405 		ce_source = rid;
406 		ue_source = 0;
407 	} else {
408 		rp_status = PCIE_AER_RE_STS_FE_NFE_RCVD;
409 		ce_source = 0;
410 		ue_source = rid;
411 		if (msg_code == PCIE_MSG_CODE_ERR_NONFATAL)
412 			rp_status |= PCIE_AER_RE_STS_NFE_MSGS_RCVD;
413 		else {
414 			rp_status |= PCIE_AER_RE_STS_FE_MSGS_RCVD;
415 			rp_status |= PCIE_AER_RE_STS_FIRST_UC_FATAL;
416 		}
417 	}
418 
419 	if (derr.fme_flag == DDI_FM_ERR_UNEXPECTED) {
420 		ddi_fm_ereport_post(rpdip, PCI_ERROR_SUBCLASS "." PCIEX_FABRIC,
421 		    derr.fme_ena,
422 		    DDI_NOSLEEP, FM_VERSION, DATA_TYPE_UINT8, 0,
423 		    FIRE_PRIMARY, DATA_TYPE_BOOLEAN_VALUE, B_TRUE,
424 		    "pcie_adv_rp_status", DATA_TYPE_UINT32, rp_status,
425 		    "pcie_adv_rp_command", DATA_TYPE_UINT32, 0,
426 		    "pcie_adv_rp_ce_src_id", DATA_TYPE_UINT16, ce_source,
427 		    "pcie_adv_rp_ue_src_id", DATA_TYPE_UINT16, ue_source,
428 		    NULL);
429 	}
430 
431 	/* Ensure that the rid of the fabric message will get scanned. */
432 	px_rp_en_q(px_p, rid, NULL, NULL);
433 
434 	rc_err = px_err_cmn_intr(px_p, &derr, PX_INTR_CALL, PX_FM_BLOCK_PCIE);
435 
436 	/* call rootport dispatch */
437 	fab_err = px_scan_fabric(px_p, rpdip, &derr);
438 
439 	px_err_panic(rc_err, PX_RC, fab_err, B_TRUE);
440 	px_fm_exit(px_p);
441 	px_err_panic(rc_err, PX_RC, fab_err, B_FALSE);
442 
443 done:
444 	return (DDI_INTR_CLAIMED);
445 }
446 
447 /*
448  * px_scan_fabric:
449  *
450  * Check for drain state and if there is anything to scan.
451  */
452 int
453 px_scan_fabric(px_t *px_p, dev_info_t *rpdip, ddi_fm_error_t *derr) {
454 	int fab_err = 0;
455 
456 	ASSERT(MUTEX_HELD(&px_p->px_fm_mutex));
457 
458 	if (!px_lib_is_in_drain_state(px_p) && px_p->px_pfd_idx) {
459 		fab_err = pf_scan_fabric(rpdip, derr, px_p->px_pfd_arr);
460 		px_p->px_pfd_idx = 0;
461 	}
462 
463 	return (fab_err);
464 }
465 
466 /*
467  * px_err_safeacc_check:
468  * Check to see if a peek/poke and cautious access is currently being
469  * done on a particular leaf.
470  *
471  * Safe access reads induced fire errors will be handled by cpu trap handler
472  * which will call px_fm_callback() which calls this function. In that
473  * case, the derr fields will be set by trap handler with the correct values.
474  *
475  * Safe access writes induced errors will be handled by px interrupt
476  * handlers, this function will fill in the derr fields.
477  *
478  * If a cpu trap does occur, it will quiesce all other interrupts allowing
479  * the cpu trap error handling to finish before Fire receives an interrupt.
480  *
481  * If fire does indeed have an error when a cpu trap occurs as a result of
482  * a safe access, a trap followed by a Mondo/Fabric interrupt will occur.
483  * In which case derr will be initialized as "UNEXPECTED" by the interrupt
484  * handler and this function will need to find if this error occured in the
485  * middle of a safe access operation.
486  *
487  * @param px_p		leaf in which to check access
488  * @param derr		fm err data structure to be updated
489  */
490 void
491 px_err_safeacc_check(px_t *px_p, ddi_fm_error_t *derr)
492 {
493 	px_pec_t 	*pec_p = px_p->px_pec_p;
494 	int		acctype = pec_p->pec_safeacc_type;
495 
496 	ASSERT(MUTEX_HELD(&px_p->px_fm_mutex));
497 
498 	if (derr->fme_flag != DDI_FM_ERR_UNEXPECTED) {
499 		return;
500 	}
501 
502 	/* safe access checking */
503 	switch (acctype) {
504 	case DDI_FM_ERR_EXPECTED:
505 		/*
506 		 * cautious access protection, protected from all err.
507 		 */
508 		ddi_fm_acc_err_get(pec_p->pec_acc_hdl, derr,
509 		    DDI_FME_VERSION);
510 		derr->fme_flag = acctype;
511 		derr->fme_acc_handle = pec_p->pec_acc_hdl;
512 		break;
513 	case DDI_FM_ERR_POKE:
514 		/*
515 		 * ddi_poke protection, check nexus and children for
516 		 * expected errors.
517 		 */
518 		membar_sync();
519 		derr->fme_flag = acctype;
520 		break;
521 	case DDI_FM_ERR_PEEK:
522 		derr->fme_flag = acctype;
523 		break;
524 	}
525 }
526 
527 /*
528  * Suggest panic if any EQ (except CE q) has overflown.
529  */
530 int
531 px_err_check_eq(dev_info_t *dip)
532 {
533 	px_t			*px_p = DIP_TO_STATE(dip);
534 	px_msiq_state_t 	*msiq_state_p = &px_p->px_ib_p->ib_msiq_state;
535 	px_pec_t		*pec_p = px_p->px_pec_p;
536 	msiqid_t		eq_no = msiq_state_p->msiq_1st_msiq_id;
537 	pci_msiq_state_t	msiq_state;
538 	int			i;
539 
540 	for (i = 0; i < msiq_state_p->msiq_cnt; i++) {
541 		if (i + eq_no == pec_p->pec_corr_msg_msiq_id) /* skip CE q */
542 			continue;
543 		if ((px_lib_msiq_getstate(dip, i + eq_no, &msiq_state) !=
544 		    DDI_SUCCESS) || msiq_state == PCI_MSIQ_STATE_ERROR)
545 			return (PX_PANIC);
546 	}
547 	return (PX_NO_PANIC);
548 }
549 
550 /* ARGSUSED */
551 int
552 px_err_check_pcie(dev_info_t *dip, ddi_fm_error_t *derr, px_err_pcie_t *regs)
553 {
554 	px_t		*px_p = DIP_TO_STATE(dip);
555 	pf_data_t	*pfd_p = px_get_pfd(px_p);
556 	int		i;
557 	pf_pcie_adv_err_regs_t *adv_reg = PCIE_ADV_REG(pfd_p);
558 
559 	/*
560 	 * set RC s_status in PCI term to coordinate with downstream fabric
561 	 * errors ananlysis.
562 	 */
563 	if (regs->primary_ue & PCIE_AER_UCE_UR)
564 		PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = PCI_STAT_R_MAST_AB;
565 	if (regs->primary_ue & PCIE_AER_UCE_CA)
566 		PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = PCI_STAT_R_TARG_AB;
567 	if (regs->primary_ue & (PCIE_AER_UCE_PTLP | PCIE_AER_UCE_ECRC))
568 		PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = PCI_STAT_PERROR;
569 
570 	if (!regs->primary_ue)
571 		goto done;
572 
573 	adv_reg->pcie_ce_status = regs->ce_reg;
574 	adv_reg->pcie_ue_status = regs->ue_reg | regs->primary_ue;
575 	PCIE_ADV_HDR(pfd_p, 0) = regs->rx_hdr1;
576 	PCIE_ADV_HDR(pfd_p, 1) = regs->rx_hdr2;
577 	PCIE_ADV_HDR(pfd_p, 2) = regs->rx_hdr3;
578 	PCIE_ADV_HDR(pfd_p, 3) = regs->rx_hdr4;
579 	for (i = regs->primary_ue; i != 1; i = i >> 1)
580 		adv_reg->pcie_adv_ctl++;
581 
582 	if (regs->primary_ue & (PCIE_AER_UCE_UR | PCIE_AER_UCE_CA)) {
583 		if (pf_tlp_decode(PCIE_DIP2BUS(dip), adv_reg) == DDI_SUCCESS)
584 			PCIE_ROOT_FAULT(pfd_p)->scan_bdf =
585 			    adv_reg->pcie_ue_tgt_bdf;
586 	} else if (regs->primary_ue & PCIE_AER_UCE_PTLP) {
587 		if (pf_tlp_decode(PCIE_DIP2BUS(dip), adv_reg) == DDI_SUCCESS) {
588 			PCIE_ROOT_FAULT(pfd_p)->scan_bdf =
589 			    adv_reg->pcie_ue_tgt_bdf;
590 			if (adv_reg->pcie_ue_tgt_trans ==
591 			    PF_ADDR_PIO)
592 				PCIE_ROOT_FAULT(pfd_p)->scan_addr =
593 				    adv_reg->pcie_ue_tgt_addr;
594 		}
595 
596 		/*
597 		 * Normally for Poisoned Completion TLPs we can look at the
598 		 * transmit log header for the original request and the original
599 		 * address, however this doesn't seem to be working.  HW BUG.
600 		 */
601 	}
602 
603 done:
604 	px_pcie_log(dip, regs);
605 
606 	/* Return No Error here and let the pcie misc module analyse it */
607 	return (PX_NO_ERROR);
608 }
609 
610 #if defined(DEBUG)
611 static void
612 px_pcie_log(dev_info_t *dip, px_err_pcie_t *regs)
613 {
614 	DBG(DBG_ERR_INTR, dip,
615 	    "A PCIe RC error has occured\n"
616 	    "\tCE: 0x%x UE: 0x%x Primary UE: 0x%x\n"
617 	    "\tTX Hdr: 0x%x 0x%x 0x%x 0x%x\n\tRX Hdr: 0x%x 0x%x 0x%x 0x%x\n",
618 	    regs->ce_reg, regs->ue_reg, regs->primary_ue,
619 	    regs->tx_hdr1, regs->tx_hdr2, regs->tx_hdr3, regs->tx_hdr4,
620 	    regs->rx_hdr1, regs->rx_hdr2, regs->rx_hdr3, regs->rx_hdr4);
621 }
622 #endif
623 
624 /*
625  * look through poisoned TLP cases and suggest panic/no panic depend on
626  * handle lookup.
627  */
628 static int
629 px_pcie_ptlp(dev_info_t *dip, ddi_fm_error_t *derr, px_err_pcie_t *regs)
630 {
631 	pf_pcie_adv_err_regs_t adv_reg;
632 	pcie_req_id_t	bdf;
633 	uint64_t	addr;
634 	uint32_t	trans_type;
635 	int		tlp_sts, tlp_cmd;
636 	int		lookup = PF_HDL_NOTFOUND;
637 
638 	if (regs->primary_ue != PCIE_AER_UCE_PTLP)
639 		return (PX_PANIC);
640 
641 	if (!regs->rx_hdr1)
642 		goto done;
643 
644 	adv_reg.pcie_ue_hdr[0] = regs->rx_hdr1;
645 	adv_reg.pcie_ue_hdr[1] = regs->rx_hdr2;
646 	adv_reg.pcie_ue_hdr[2] = regs->rx_hdr3;
647 	adv_reg.pcie_ue_hdr[3] = regs->rx_hdr4;
648 
649 	tlp_sts = pf_tlp_decode(PCIE_DIP2BUS(dip), &adv_reg);
650 	tlp_cmd = ((pcie_tlp_hdr_t *)(adv_reg.pcie_ue_hdr))->type;
651 
652 	if (tlp_sts == DDI_FAILURE)
653 		goto done;
654 
655 	bdf = adv_reg.pcie_ue_tgt_bdf;
656 	addr = adv_reg.pcie_ue_tgt_addr;
657 	trans_type = adv_reg.pcie_ue_tgt_trans;
658 
659 	switch (tlp_cmd) {
660 	case PCIE_TLP_TYPE_CPL:
661 	case PCIE_TLP_TYPE_CPLLK:
662 		/*
663 		 * Usually a PTLP is a CPL with data.  Grab the completer BDF
664 		 * from the RX TLP, and the original address from the TX TLP.
665 		 */
666 		if (regs->tx_hdr1) {
667 			adv_reg.pcie_ue_hdr[0] = regs->tx_hdr1;
668 			adv_reg.pcie_ue_hdr[1] = regs->tx_hdr2;
669 			adv_reg.pcie_ue_hdr[2] = regs->tx_hdr3;
670 			adv_reg.pcie_ue_hdr[3] = regs->tx_hdr4;
671 
672 			lookup = pf_tlp_decode(PCIE_DIP2BUS(dip), &adv_reg);
673 			if (lookup != DDI_SUCCESS)
674 				break;
675 			addr = adv_reg.pcie_ue_tgt_addr;
676 			trans_type = adv_reg.pcie_ue_tgt_trans;
677 		} /* FALLTHRU */
678 	case PCIE_TLP_TYPE_IO:
679 	case PCIE_TLP_TYPE_MEM:
680 	case PCIE_TLP_TYPE_MEMLK:
681 		lookup = pf_hdl_lookup(dip, derr->fme_ena, trans_type, addr,
682 		    bdf);
683 		break;
684 	default:
685 		lookup = PF_HDL_NOTFOUND;
686 	}
687 done:
688 	return (lookup == PF_HDL_FOUND ? PX_NO_PANIC : PX_PANIC);
689 }
690 
691 /*
692  * px_get_pdf automatically allocates a RC pf_data_t and returns a pointer to
693  * it.  This function should be used when an error requires a fabric scan.
694  */
695 static pf_data_t *
696 px_get_pfd(px_t *px_p) {
697 	int		idx = px_p->px_pfd_idx++;
698 	pf_data_t	*pfd_p = &px_p->px_pfd_arr[idx];
699 
700 	/* Clear Old Data */
701 	PCIE_ROOT_FAULT(pfd_p)->scan_bdf = PCIE_INVALID_BDF;
702 	PCIE_ROOT_FAULT(pfd_p)->scan_addr = 0;
703 	PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = 0;
704 	PCIE_ADV_REG(pfd_p)->pcie_ce_status = 0;
705 	PCIE_ADV_REG(pfd_p)->pcie_ue_status = 0;
706 
707 	pfd_p->pe_next = NULL;
708 
709 	if (idx > 0) {
710 		px_p->px_pfd_arr[idx - 1].pe_next = pfd_p;
711 		pfd_p->pe_prev = &px_p->px_pfd_arr[idx - 1];
712 	} else {
713 		pfd_p->pe_prev = NULL;
714 	}
715 
716 	pfd_p->pe_valid = B_TRUE;
717 
718 	return (pfd_p);
719 }
720 
721 /*
722  * This function appends a pf_data structure to the error q which is used later
723  * during PCIe fabric scan.  It signifies:
724  * o errs rcvd in RC, that may have been propagated to/from the fabric
725  * o the fabric scan code should scan the device path of fault bdf/addr
726  *
727  * scan_bdf: The bdf that caused the fault, which may have error bits set.
728  * scan_addr: The PIO addr that caused the fault, such as failed PIO, but not
729  *	       failed DMAs.
730  * s_status: Secondary Status equivalent to why the fault occured.
731  *	     (ie S-TA/MA, R-TA)
732  * Either the scan bdf or addr may be NULL, but not both.
733  */
734 void
735 px_rp_en_q(px_t *px_p, pcie_req_id_t scan_bdf, uint32_t scan_addr,
736     uint16_t s_status)
737 {
738 	pf_data_t	*pfd_p;
739 
740 	if (!PCIE_CHECK_VALID_BDF(scan_bdf) && !scan_addr)
741 		return;
742 
743 	pfd_p = px_get_pfd(px_p);
744 
745 	PCIE_ROOT_FAULT(pfd_p)->scan_bdf = scan_bdf;
746 	PCIE_ROOT_FAULT(pfd_p)->scan_addr = (uint64_t)scan_addr;
747 	PCI_BDG_ERR_REG(pfd_p)->pci_bdg_sec_stat = s_status;
748 }
749 
750 
751 /*
752  * Find and Mark CFG Handles as failed associated with the given BDF. We should
753  * always know the BDF for CFG accesses, since it is encoded in the address of
754  * the TLP.  Since there can be multiple cfg handles, mark them all as failed.
755  */
756 /* ARGSUSED */
757 int
758 px_err_cfg_hdl_check(dev_info_t *dip, const void *handle, const void *arg1,
759     const void *arg2)
760 {
761 	int			status = DDI_FM_FATAL;
762 	uint32_t		addr = *(uint32_t *)arg1;
763 	uint16_t		bdf = *(uint16_t *)arg2;
764 	pcie_bus_t		*bus_p;
765 
766 	DBG(DBG_ERR_INTR, dip, "Check CFG Hdl: dip 0x%p addr 0x%x bdf=0x%x\n",
767 	    dip, addr, bdf);
768 
769 	bus_p = PCIE_DIP2BUS(dip);
770 
771 	/*
772 	 * Because CFG and IO Acc Handlers are on the same cache list and both
773 	 * types of hdls gets called for both types of errors.  For this checker
774 	 * only mark the device as "Non-Fatal" if the addr == NULL and bdf !=
775 	 * NULL.
776 	 */
777 	status = (!addr && (PCIE_CHECK_VALID_BDF(bdf) &&
778 	    (bus_p->bus_bdf == bdf))) ? DDI_FM_NONFATAL : DDI_FM_FATAL;
779 
780 	return (status);
781 }
782 
783 /*
784  * Find and Mark all ACC Handles associated with a give address and BDF as
785  * failed.  If the BDF != NULL, then check to see if the device has a ACC Handle
786  * associated with ADDR.  If the handle is not found, mark all the handles as
787  * failed.  If the BDF == NULL, mark the handle as failed if it is associated
788  * with ADDR.
789  */
790 int
791 px_err_pio_hdl_check(dev_info_t *dip, const void *handle, const void *arg1,
792     const void *arg2)
793 {
794 	dev_info_t		*px_dip = PCIE_DIP2BUS(dip)->bus_rp_dip;
795 	px_t			*px_p = INST_TO_STATE(ddi_get_instance(px_dip));
796 	pci_ranges_t		*ranges_p;
797 	int			range_len;
798 	ddi_acc_handle_t	ap = (ddi_acc_handle_t)handle;
799 	ddi_acc_hdl_t		*hp = impl_acc_hdl_get(ap);
800 	int			i, status = DDI_FM_FATAL;
801 	uint64_t		fault_addr = *(uint64_t *)arg1;
802 	uint16_t		bdf = *(uint16_t *)arg2;
803 	uint64_t		base_addr, range_addr;
804 	uint_t			size;
805 
806 	DBG(DBG_ERR_INTR, dip, "Check PIO Hdl: dip 0x%x addr 0x%x bdf=0x%x\n",
807 	    dip, fault_addr, bdf);
808 
809 	/* Normalize the base addr to the addr and strip off the HB info. */
810 	base_addr = (hp->ah_pfn << MMU_PAGESHIFT) + hp->ah_offset;
811 	range_len = px_p->px_ranges_length / sizeof (pci_ranges_t);
812 	i = 0;
813 	for (ranges_p = px_p->px_ranges_p; i < range_len; i++, ranges_p++) {
814 		range_addr = px_in_addr_range(dip, ranges_p, base_addr);
815 		if (range_addr) {
816 			switch (ranges_p->child_high & PCI_ADDR_MASK) {
817 			case PCI_ADDR_IO:
818 			case PCI_ADDR_MEM64:
819 			case PCI_ADDR_MEM32:
820 				base_addr = base_addr - range_addr;
821 				break;
822 			}
823 			break;
824 		}
825 	}
826 
827 	/*
828 	 * Mark the handle as failed if the ADDR is mapped, or if we
829 	 * know the BDF and ADDR == 0.
830 	 */
831 	size = hp->ah_len;
832 	if (((fault_addr >= base_addr) && (fault_addr < (base_addr + size))) ||
833 	    ((fault_addr == NULL) && (PCIE_CHECK_VALID_BDF(bdf) &&
834 	    (bdf == PCIE_DIP2BUS(dip)->bus_bdf))))
835 		status = DDI_FM_NONFATAL;
836 
837 	return (status);
838 }
839 
840 /*
841  * Find and Mark all DNA Handles associated with a give address and BDF as
842  * failed.  If the BDF != NULL, then check to see if the device has a DMA Handle
843  * associated with ADDR.  If the handle is not found, mark all the handles as
844  * failed.  If the BDF == NULL, mark the handle as failed if it is associated
845  * with ADDR.
846  */
847 int
848 px_err_dma_hdl_check(dev_info_t *dip, const void *handle, const void *arg1,
849     const void *arg2)
850 {
851 	ddi_dma_impl_t		*pcie_dp;
852 	int			status = DDI_FM_FATAL;
853 	uint32_t		addr = *(uint32_t *)arg1;
854 	uint16_t		bdf = *(uint16_t *)arg2;
855 	uint32_t		base_addr;
856 	uint_t			size;
857 
858 	DBG(DBG_ERR_INTR, dip, "Check PIO Hdl: dip 0x%x addr 0x%x bdf=0x%x\n",
859 	    dip, addr, bdf);
860 
861 	pcie_dp = (ddi_dma_impl_t *)handle;
862 	base_addr = (uint32_t)pcie_dp->dmai_mapping;
863 	size = pcie_dp->dmai_size;
864 
865 	/*
866 	 * Mark the handle as failed if the ADDR is mapped, or if we
867 	 * know the BDF and ADDR == 0.
868 	 */
869 	if (((addr >= base_addr) && (addr < (base_addr + size))) ||
870 	    ((addr == NULL) && PCIE_CHECK_VALID_BDF(bdf)))
871 		status = DDI_FM_NONFATAL;
872 
873 	return (status);
874 }
875 
876 int
877 px_fm_enter(px_t *px_p) {
878 	if (px_panicing || (px_p->px_fm_mutex_owner == curthread))
879 		return (DDI_FAILURE);
880 
881 	mutex_enter(&px_p->px_fm_mutex);
882 	/*
883 	 * In rare cases when trap occurs and in the middle of scanning the
884 	 * fabric, a PIO will fail in the scan fabric.  The CPU error handling
885 	 * code will correctly panic the system, while a mondo for the failed
886 	 * PIO may also show up.  Normally the mondo will try to grab the mutex
887 	 * and wait until the callback finishes.  But in this rare case,
888 	 * mutex_enter actually suceeds also continues to scan the fabric.
889 	 *
890 	 * This code below is designed specifically to check for this case.  If
891 	 * we successfully grab the px_fm_mutex, the px_fm_mutex_owner better be
892 	 * NULL.  If it isn't that means we are in the rare corner case.  Return
893 	 * DDI_FAILURE, this should prevent PX from doing anymore error
894 	 * handling.
895 	 */
896 	if (px_p->px_fm_mutex_owner) {
897 		return (DDI_FAILURE);
898 	}
899 
900 	px_p->px_fm_mutex_owner = curthread;
901 
902 	if (px_panicing) {
903 		px_fm_exit(px_p);
904 		return (DDI_FAILURE);
905 	}
906 	return (DDI_SUCCESS);
907 }
908 
909 void
910 px_fm_exit(px_t *px_p) {
911 	px_p->px_fm_mutex_owner = NULL;
912 	mutex_exit(&px_p->px_fm_mutex);
913 }
914 
915 /*
916  * Panic if the err tunable is set and that we are not already in the middle
917  * of panic'ing.
918  *
919  * rc_err = Error severity of PX specific errors
920  * msg = Where the error was detected
921  * fabric_err = Error severity of PCIe Fabric errors
922  * isTest = Test if error severity causes panic
923  */
924 #define	MSZ (sizeof (fm_msg) -strlen(fm_msg) - 1)
925 void
926 px_err_panic(int rc_err, int msg, int fabric_err, boolean_t isTest)
927 {
928 	char fm_msg[96] = "";
929 	int ferr = PX_NO_ERROR;
930 
931 	if (panicstr) {
932 		px_panicing = B_TRUE;
933 		return;
934 	}
935 
936 	if (!(rc_err & px_die))
937 		goto fabric;
938 	if (msg & PX_RC)
939 		(void) strncat(fm_msg, px_panic_rc_msg, MSZ);
940 	if (msg & PX_RP)
941 		(void) strncat(fm_msg, px_panic_rp_msg, MSZ);
942 	if (msg & PX_HB)
943 		(void) strncat(fm_msg, px_panic_hb_msg, MSZ);
944 
945 fabric:
946 	if (fabric_err & PF_ERR_FATAL_FLAGS)
947 		ferr = PX_PANIC;
948 	else if (fabric_err & ~(PF_ERR_FATAL_FLAGS | PF_ERR_NO_ERROR))
949 		ferr = PX_NO_PANIC;
950 
951 	if (ferr & px_die) {
952 		if (strlen(fm_msg)) {
953 			(void) strncat(fm_msg, " and", MSZ);
954 		}
955 		(void) strncat(fm_msg, px_panic_fab_msg, MSZ);
956 	}
957 
958 	if (strlen(fm_msg)) {
959 		px_panicing = B_TRUE;
960 		if (!isTest)
961 			fm_panic("Fatal error has occured in:%s.(0x%x)(0x%x)",
962 			    fm_msg, rc_err, fabric_err);
963 	}
964 }
965