xref: /titanic_44/usr/src/uts/sun4v/os/error.c (revision f48205be61a214698b763ff550ab9e657525104c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <sys/machsystm.h>
30 #include <sys/sysmacros.h>
31 #include <sys/cpuvar.h>
32 #include <sys/async.h>
33 #include <sys/ontrap.h>
34 #include <sys/ddifm.h>
35 #include <sys/hypervisor_api.h>
36 #include <sys/errorq.h>
37 #include <sys/promif.h>
38 #include <sys/prom_plat.h>
39 #include <sys/x_call.h>
40 #include <sys/error.h>
41 #include <sys/fm/util.h>
42 #include <sys/ivintr.h>
43 #include <sys/archsystm.h>
44 
45 #define	MAX_CE_FLTS		10
46 #define	MAX_ASYNC_FLTS		6
47 
48 errorq_t *ue_queue;			/* queue of uncorrectable errors */
49 errorq_t *ce_queue;			/* queue of correctable errors */
50 
51 /*
52  * Being used by memory test driver.
53  * ce_verbose_memory - covers CEs in DIMMs
54  * ce_verbose_other - covers "others" (ecache, IO, etc.)
55  *
56  * If the value is 0, nothing is logged.
57  * If the value is 1, the error is logged to the log file, but not console.
58  * If the value is 2, the error is logged to the log file and console.
59  */
60 int	ce_verbose_memory = 1;
61 int	ce_verbose_other = 1;
62 
63 int	ce_show_data = 0;
64 int	ce_debug = 0;
65 int	ue_debug = 0;
66 int	reset_debug = 0;
67 
68 /*
69  * Tunables for controlling the handling of asynchronous faults (AFTs). Setting
70  * these to non-default values on a non-DEBUG kernel is NOT supported.
71  */
72 int	aft_verbose = 0;	/* log AFT messages > 1 to log only */
73 int	aft_panic = 0;		/* panic (not reboot) on fatal usermode AFLT */
74 int	aft_testfatal = 0;	/* force all AFTs to panic immediately */
75 
76 /*
77  * Used for vbsc hostshutdown (power-off buton)
78  */
79 int	err_shutdown_triggered = 0;	/* only once */
80 uint64_t err_shutdown_inum = 0;	/* used to pull the trigger */
81 
82 /*
83  * Defined in bus_func.c but initialised in error_init
84  */
85 extern kmutex_t bfd_lock;
86 
87 static uint32_t rq_overflow_count = 0;		/* counter for rq overflow */
88 
89 static void cpu_queue_one_event(errh_async_flt_t *);
90 static uint32_t count_entries_on_queue(uint64_t, uint64_t, uint32_t);
91 static void errh_page_retire(errh_async_flt_t *, uchar_t);
92 static int errh_error_protected(struct regs *, struct async_flt *, int *);
93 static void errh_rq_full(struct async_flt *);
94 static void ue_drain(void *, struct async_flt *, errorq_elem_t *);
95 static void ce_drain(void *, struct async_flt *, errorq_elem_t *);
96 static void errh_handle_attr(errh_async_flt_t *);
97 static void errh_handle_asr(errh_async_flt_t *);
98 
99 /*ARGSUSED*/
100 void
101 process_resumable_error(struct regs *rp, uint32_t head_offset,
102     uint32_t tail_offset)
103 {
104 	struct machcpu *mcpup;
105 	struct async_flt *aflt;
106 	errh_async_flt_t errh_flt;
107 	errh_er_t *head_va;
108 
109 	mcpup = &(CPU->cpu_m);
110 
111 	while (head_offset != tail_offset) {
112 		/* kernel buffer starts right after the resumable queue */
113 		head_va = (errh_er_t *)(mcpup->cpu_rq_va + head_offset +
114 		    CPU_RQ_SIZE);
115 		/* Copy the error report to local buffer */
116 		bzero(&errh_flt, sizeof (errh_async_flt_t));
117 		bcopy((char *)head_va, &(errh_flt.errh_er),
118 		    sizeof (errh_er_t));
119 
120 		/* Increment the queue head */
121 		head_offset += Q_ENTRY_SIZE;
122 		/* Wrap around */
123 		head_offset &= (CPU_RQ_SIZE - 1);
124 
125 		/* set error handle to zero so it can hold new error report */
126 		head_va->ehdl = 0;
127 
128 		switch (errh_flt.errh_er.desc) {
129 		case ERRH_DESC_UCOR_RE:
130 			/*
131 			 * Check error attribute, handle individual error
132 			 * if it is needed.
133 			 */
134 			errh_handle_attr(&errh_flt);
135 			break;
136 
137 		case ERRH_DESC_WARN_RE:
138 			/*
139 			 * Power-off requested, but handle it one time only.
140 			 */
141 			if (!err_shutdown_triggered) {
142 				setsoftint(err_shutdown_inum);
143 				++err_shutdown_triggered;
144 			}
145 			continue;
146 
147 		default:
148 			cmn_err(CE_WARN, "Error Descriptor 0x%llx "
149 			    " invalid in resumable error handler",
150 			    (long long) errh_flt.errh_er.desc);
151 			continue;
152 		}
153 
154 		aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt);
155 		aflt->flt_id = gethrtime();
156 		aflt->flt_bus_id = getprocessorid();
157 		aflt->flt_class = CPU_FAULT;
158 		aflt->flt_prot = AFLT_PROT_NONE;
159 		aflt->flt_priv = (((errh_flt.errh_er.attr & ERRH_MODE_MASK)
160 		    >> ERRH_MODE_SHIFT) == ERRH_MODE_PRIV);
161 
162 		if (errh_flt.errh_er.attr & ERRH_ATTR_CPU)
163 			/* If it is an error on other cpu */
164 			aflt->flt_panic = 1;
165 		else
166 			aflt->flt_panic = 0;
167 
168 		/*
169 		 * Handle resumable queue full case.
170 		 */
171 		if (errh_flt.errh_er.attr & ERRH_ATTR_RQF) {
172 			(void) errh_rq_full(aflt);
173 		}
174 
175 		/*
176 		 * Queue the error on ce or ue queue depend on flt_panic.
177 		 * Even if flt_panic is set, the code still keep processing
178 		 * the rest element on rq until the panic starts.
179 		 */
180 		(void) cpu_queue_one_event(&errh_flt);
181 
182 		/*
183 		 * Panic here if aflt->flt_panic has been set.
184 		 * Enqueued errors will be logged as part of the panic flow.
185 		 */
186 		if (aflt->flt_panic) {
187 			fm_panic("Unrecoverable error on another CPU");
188 		}
189 	}
190 }
191 
192 void
193 process_nonresumable_error(struct regs *rp, uint64_t flags,
194     uint32_t head_offset, uint32_t tail_offset)
195 {
196 	struct machcpu *mcpup;
197 	struct async_flt *aflt;
198 	errh_async_flt_t errh_flt;
199 	errh_er_t *head_va;
200 	int trampolined = 0;
201 	int expected = DDI_FM_ERR_UNEXPECTED;
202 	uint64_t exec_mode;
203 	uint8_t u_spill_fill;
204 
205 	mcpup = &(CPU->cpu_m);
206 
207 	while (head_offset != tail_offset) {
208 		/* kernel buffer starts right after the nonresumable queue */
209 		head_va = (errh_er_t *)(mcpup->cpu_nrq_va + head_offset +
210 		    CPU_NRQ_SIZE);
211 
212 		/* Copy the error report to local buffer */
213 		bzero(&errh_flt, sizeof (errh_async_flt_t));
214 
215 		bcopy((char *)head_va, &(errh_flt.errh_er),
216 		    sizeof (errh_er_t));
217 
218 		/* Increment the queue head */
219 		head_offset += Q_ENTRY_SIZE;
220 		/* Wrap around */
221 		head_offset &= (CPU_NRQ_SIZE - 1);
222 
223 		/* set error handle to zero so it can hold new error report */
224 		head_va->ehdl = 0;
225 
226 		aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt);
227 
228 		trampolined = 0;
229 
230 		if (errh_flt.errh_er.attr & ERRH_ATTR_PIO)
231 			aflt->flt_class = BUS_FAULT;
232 		else
233 			aflt->flt_class = CPU_FAULT;
234 
235 		aflt->flt_id = gethrtime();
236 		aflt->flt_bus_id = getprocessorid();
237 		aflt->flt_pc = (caddr_t)rp->r_pc;
238 		exec_mode = (errh_flt.errh_er.attr & ERRH_MODE_MASK)
239 		    >> ERRH_MODE_SHIFT;
240 		aflt->flt_priv = (exec_mode == ERRH_MODE_PRIV ||
241 		    exec_mode == ERRH_MODE_UNKNOWN);
242 		aflt->flt_prot = AFLT_PROT_NONE;
243 		aflt->flt_tl = (uchar_t)(flags & ERRH_TL_MASK);
244 		aflt->flt_panic = ((aflt->flt_tl != 0) ||
245 		    (aft_testfatal != 0));
246 
247 		/*
248 		 * For the first error packet on the queue, check if it
249 		 * happened in user fill/spill trap.
250 		 */
251 		if (flags & ERRH_U_SPILL_FILL) {
252 			u_spill_fill = 1;
253 			/* clear the user fill/spill flag in flags */
254 			flags = (uint64_t)aflt->flt_tl;
255 		} else
256 			u_spill_fill = 0;
257 
258 		switch (errh_flt.errh_er.desc) {
259 		case ERRH_DESC_PR_NRE:
260 			if (u_spill_fill) {
261 				aflt->flt_panic = 0;
262 				break;
263 			}
264 			/*
265 			 * Fall through, precise fault also need to check
266 			 * to see if it was protected.
267 			 */
268 			/*FALLTHRU*/
269 
270 		case ERRH_DESC_DEF_NRE:
271 			/*
272 			 * If the trap occurred in privileged mode at TL=0,
273 			 * we need to check to see if we were executing
274 			 * in kernel under on_trap() or t_lofault
275 			 * protection. If so, and if it was a PIO or MEM
276 			 * error, then modify the saved registers so that
277 			 * we return from the trap to the appropriate
278 			 * trampoline routine.
279 			 */
280 			if (aflt->flt_priv == 1 && aflt->flt_tl == 0 &&
281 			    ((errh_flt.errh_er.attr & ERRH_ATTR_PIO) ||
282 			    (errh_flt.errh_er.attr & ERRH_ATTR_MEM))) {
283 				trampolined =
284 				    errh_error_protected(rp, aflt, &expected);
285 			}
286 
287 			if (!aflt->flt_priv || aflt->flt_prot ==
288 			    AFLT_PROT_COPY) {
289 				aflt->flt_panic |= aft_panic;
290 			} else if (!trampolined &&
291 			    (aflt->flt_class != BUS_FAULT)) {
292 				aflt->flt_panic = 1;
293 			}
294 
295 			/*
296 			 * Check error attribute, handle individual error
297 			 * if it is needed.
298 			 */
299 			errh_handle_attr(&errh_flt);
300 
301 			/*
302 			 * If PIO error, we need to query the bus nexus
303 			 * for fatal errors.
304 			 */
305 			if (aflt->flt_class == BUS_FAULT) {
306 				aflt->flt_addr = errh_flt.errh_er.ra;
307 				errh_cpu_run_bus_error_handlers(aflt,
308 				    expected);
309 			}
310 
311 			break;
312 
313 		case ERRH_DESC_USER_DCORE:
314 			/*
315 			 * User generated panic. Call panic directly
316 			 * since there are no FMA e-reports to
317 			 * display.
318 			 */
319 
320 			panic("Panic - Generated at user request");
321 
322 			break;
323 
324 		default:
325 			cmn_err(CE_WARN, "Panic - Error Descriptor 0x%llx "
326 			    " invalid in non-resumable error handler",
327 			    (long long) errh_flt.errh_er.desc);
328 			aflt->flt_panic = 1;
329 			break;
330 		}
331 
332 		/*
333 		 * Queue the error report for further processing. If
334 		 * flt_panic is set, code still process other errors
335 		 * in the queue until the panic routine stops the
336 		 * kernel.
337 		 */
338 		(void) cpu_queue_one_event(&errh_flt);
339 
340 		/*
341 		 * Panic here if aflt->flt_panic has been set.
342 		 * Enqueued errors will be logged as part of the panic flow.
343 		 */
344 		if (aflt->flt_panic) {
345 			fm_panic("Unrecoverable hardware error");
346 		}
347 
348 		/*
349 		 * Call page_retire() to handle memory errors.
350 		 */
351 		if (errh_flt.errh_er.attr & ERRH_ATTR_MEM)
352 			errh_page_retire(&errh_flt, PR_UE);
353 
354 		/*
355 		 * If we queued an error and the it was in user mode, or
356 		 * protected by t_lofault, or user_spill_fill is set, we
357 		 * set AST flag so the queue will be drained before
358 		 * returning to user mode.
359 		 */
360 		if (!aflt->flt_priv || aflt->flt_prot == AFLT_PROT_COPY ||
361 		    u_spill_fill) {
362 			int pcb_flag = 0;
363 
364 			if (aflt->flt_class == CPU_FAULT)
365 				pcb_flag |= ASYNC_HWERR;
366 			else if (aflt->flt_class == BUS_FAULT)
367 				pcb_flag |= ASYNC_BERR;
368 
369 			ttolwp(curthread)->lwp_pcb.pcb_flags |= pcb_flag;
370 			aston(curthread);
371 		}
372 	}
373 }
374 
375 /*
376  * For PIO errors, this routine calls nexus driver's error
377  * callback routines. If the callback routine returns fatal, and
378  * we are in kernel or unknow mode without any error protection,
379  * we need to turn on the panic flag.
380  */
381 void
382 errh_cpu_run_bus_error_handlers(struct async_flt *aflt, int expected)
383 {
384 	int status;
385 	ddi_fm_error_t de;
386 
387 	bzero(&de, sizeof (ddi_fm_error_t));
388 
389 	de.fme_version = DDI_FME_VERSION;
390 	de.fme_ena = fm_ena_generate(aflt->flt_id, FM_ENA_FMT1);
391 	de.fme_flag = expected;
392 	de.fme_bus_specific = (void *)aflt->flt_addr;
393 	status = ndi_fm_handler_dispatch(ddi_root_node(), NULL, &de);
394 
395 	/*
396 	 * If error is protected, it will jump to proper routine
397 	 * to handle the handle; if it is in user level, we just
398 	 * kill the user process; if the driver thinks the error is
399 	 * not fatal, we can drive on. If none of above are true,
400 	 * we panic
401 	 */
402 	if ((aflt->flt_prot == AFLT_PROT_NONE) && (aflt->flt_priv == 1) &&
403 	    (status == DDI_FM_FATAL))
404 		aflt->flt_panic = 1;
405 }
406 
407 /*
408  * This routine checks to see if we are under any error protection when
409  * the error happens. If we are under error protection, we unwind to
410  * the protection and indicate fault.
411  */
412 static int
413 errh_error_protected(struct regs *rp, struct async_flt *aflt, int *expected)
414 {
415 	int trampolined = 0;
416 	ddi_acc_hdl_t *hp;
417 
418 	if (curthread->t_ontrap != NULL) {
419 		on_trap_data_t *otp = curthread->t_ontrap;
420 
421 		if (otp->ot_prot & OT_DATA_EC) {
422 			aflt->flt_prot = AFLT_PROT_EC;
423 			otp->ot_trap |= OT_DATA_EC;
424 			rp->r_pc = otp->ot_trampoline;
425 			rp->r_npc = rp->r_pc +4;
426 			trampolined = 1;
427 		}
428 
429 		if (otp->ot_prot & OT_DATA_ACCESS) {
430 			aflt->flt_prot = AFLT_PROT_ACCESS;
431 			otp->ot_trap |= OT_DATA_ACCESS;
432 			rp->r_pc = otp->ot_trampoline;
433 			rp->r_npc = rp->r_pc + 4;
434 			trampolined = 1;
435 			/*
436 			 * for peek and caut_gets
437 			 * errors are expected
438 			 */
439 			hp = (ddi_acc_hdl_t *)otp->ot_handle;
440 			if (!hp)
441 				*expected = DDI_FM_ERR_PEEK;
442 			else if (hp->ah_acc.devacc_attr_access ==
443 			    DDI_CAUTIOUS_ACC)
444 				*expected = DDI_FM_ERR_EXPECTED;
445 		}
446 	} else if (curthread->t_lofault) {
447 		aflt->flt_prot = AFLT_PROT_COPY;
448 		rp->r_g1 = EFAULT;
449 		rp->r_pc = curthread->t_lofault;
450 		rp->r_npc = rp->r_pc + 4;
451 		trampolined = 1;
452 	}
453 
454 	return (trampolined);
455 }
456 
457 /*
458  * Queue one event.
459  */
460 static void
461 cpu_queue_one_event(errh_async_flt_t *errh_fltp)
462 {
463 	struct async_flt *aflt = (struct async_flt *)errh_fltp;
464 	errorq_t *eqp;
465 
466 	if (aflt->flt_panic)
467 		eqp = ue_queue;
468 	else
469 		eqp = ce_queue;
470 
471 	errorq_dispatch(eqp, errh_fltp, sizeof (errh_async_flt_t),
472 	    aflt->flt_panic);
473 }
474 
475 /*
476  * The cpu_async_log_err() function is called by the ce/ue_drain() function to
477  * handle logging for CPU events that are dequeued.  As such, it can be invoked
478  * from softint context, from AST processing in the trap() flow, or from the
479  * panic flow.  We decode the CPU-specific data, and log appropriate messages.
480  */
481 void
482 cpu_async_log_err(void *flt)
483 {
484 	errh_async_flt_t *errh_fltp = (errh_async_flt_t *)flt;
485 	errh_er_t *errh_erp = (errh_er_t *)&errh_fltp->errh_er;
486 
487 	switch (errh_erp->desc) {
488 	case ERRH_DESC_UCOR_RE:
489 		if (errh_erp->attr & ERRH_ATTR_MEM) {
490 			/*
491 			 * Turn on the PR_UE flag. The page will be
492 			 * scrubbed when it is freed.
493 			 */
494 			errh_page_retire(errh_fltp, PR_UE);
495 		}
496 
497 		break;
498 
499 	case ERRH_DESC_PR_NRE:
500 	case ERRH_DESC_DEF_NRE:
501 		if (errh_erp->attr & ERRH_ATTR_MEM) {
502 			/*
503 			 * For non-resumable memory error, retire
504 			 * the page here.
505 			 */
506 			errh_page_retire(errh_fltp, PR_UE);
507 
508 			/*
509 			 * If we are going to panic, scrub the page first
510 			 */
511 			if (errh_fltp->cmn_asyncflt.flt_panic)
512 				mem_scrub(errh_fltp->errh_er.ra,
513 				    errh_fltp->errh_er.sz);
514 		}
515 		break;
516 
517 	default:
518 		break;
519 	}
520 }
521 
522 /*
523  * Called from ce_drain().
524  */
525 void
526 cpu_ce_log_err(struct async_flt *aflt)
527 {
528 	switch (aflt->flt_class) {
529 	case CPU_FAULT:
530 		cpu_async_log_err(aflt);
531 		break;
532 
533 	case BUS_FAULT:
534 		cpu_async_log_err(aflt);
535 		break;
536 
537 	default:
538 		break;
539 	}
540 }
541 
542 /*
543  * Called from ue_drain().
544  */
545 void
546 cpu_ue_log_err(struct async_flt *aflt)
547 {
548 	switch (aflt->flt_class) {
549 	case CPU_FAULT:
550 		cpu_async_log_err(aflt);
551 		break;
552 
553 	case BUS_FAULT:
554 		cpu_async_log_err(aflt);
555 		break;
556 
557 	default:
558 		break;
559 	}
560 }
561 
562 /*
563  * Turn on flag on the error memory region.
564  */
565 static void
566 errh_page_retire(errh_async_flt_t *errh_fltp, uchar_t flag)
567 {
568 	uint64_t flt_real_addr_start = errh_fltp->errh_er.ra;
569 	uint64_t flt_real_addr_end = flt_real_addr_start +
570 	    errh_fltp->errh_er.sz - 1;
571 	int64_t current_addr;
572 
573 	if (errh_fltp->errh_er.sz == 0)
574 		return;
575 
576 	for (current_addr = flt_real_addr_start;
577 	    current_addr < flt_real_addr_end; current_addr += MMU_PAGESIZE) {
578 		(void) page_retire(current_addr, flag);
579 	}
580 }
581 
582 void
583 mem_scrub(uint64_t paddr, uint64_t len)
584 {
585 	uint64_t pa, length, scrubbed_len;
586 
587 	pa = paddr;
588 	length = len;
589 	scrubbed_len = 0;
590 
591 	while (length > 0) {
592 		if (hv_mem_scrub(pa, length, &scrubbed_len) != H_EOK)
593 			break;
594 
595 		pa += scrubbed_len;
596 		length -= scrubbed_len;
597 	}
598 }
599 
600 /*
601  * Call hypervisor to flush the memory region.
602  * Both va and len must be MMU_PAGESIZE aligned.
603  * Returns the total number of bytes flushed.
604  */
605 uint64_t
606 mem_sync(caddr_t orig_va, size_t orig_len)
607 {
608 	uint64_t pa, length, flushed;
609 	uint64_t chunk_len = MMU_PAGESIZE;
610 	uint64_t total_flushed = 0;
611 	uint64_t va, len;
612 
613 	if (orig_len == 0)
614 		return (total_flushed);
615 
616 	/* align va */
617 	va = P2ALIGN_TYPED(orig_va, MMU_PAGESIZE, uint64_t);
618 	/* round up len to MMU_PAGESIZE aligned */
619 	len = P2ROUNDUP_TYPED(orig_va + orig_len, MMU_PAGESIZE, uint64_t) - va;
620 
621 	while (len > 0) {
622 		pa = va_to_pa((caddr_t)va);
623 		if (pa == (uint64_t)-1)
624 			return (total_flushed);
625 
626 		length = chunk_len;
627 		flushed = 0;
628 
629 		while (length > 0) {
630 			if (hv_mem_sync(pa, length, &flushed) != H_EOK)
631 				return (total_flushed);
632 
633 			pa += flushed;
634 			length -= flushed;
635 			total_flushed += flushed;
636 		}
637 
638 		va += chunk_len;
639 		len -= chunk_len;
640 	}
641 
642 	return (total_flushed);
643 }
644 
645 /*
646  * If resumable queue is full, we need to check if any cpu is in
647  * error state. If not, we drive on. If yes, we need to panic. The
648  * hypervisor call hv_cpu_state() is being used for checking the
649  * cpu state.  And reset %tick_compr in case tick-compare was lost.
650  */
651 static void
652 errh_rq_full(struct async_flt *afltp)
653 {
654 	processorid_t who;
655 	uint64_t cpu_state;
656 	uint64_t retval;
657 	uint64_t current_tick;
658 
659 	current_tick = (uint64_t)gettick();
660 	tickcmpr_set(current_tick);
661 
662 	for (who = 0; who < NCPU; who++)
663 		if (CPU_IN_SET(cpu_ready_set, who)) {
664 			retval = hv_cpu_state(who, &cpu_state);
665 			if (retval != H_EOK || cpu_state == CPU_STATE_ERROR) {
666 				afltp->flt_panic = 1;
667 				break;
668 			}
669 		}
670 }
671 
672 /*
673  * Return processor specific async error structure
674  * size used.
675  */
676 int
677 cpu_aflt_size(void)
678 {
679 	return (sizeof (errh_async_flt_t));
680 }
681 
682 #define	SZ_TO_ETRS_SHIFT	6
683 
684 /*
685  * Message print out when resumable queue is overflown
686  */
687 /*ARGSUSED*/
688 void
689 rq_overflow(struct regs *rp, uint64_t head_offset,
690     uint64_t tail_offset)
691 {
692 	rq_overflow_count++;
693 }
694 
695 /*
696  * Handler to process a fatal error.  This routine can be called from a
697  * softint, called from trap()'s AST handling, or called from the panic flow.
698  */
699 /*ARGSUSED*/
700 static void
701 ue_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep)
702 {
703 	cpu_ue_log_err(aflt);
704 }
705 
706 /*
707  * Handler to process a correctable error.  This routine can be called from a
708  * softint.  We just call the CPU module's logging routine.
709  */
710 /*ARGSUSED*/
711 static void
712 ce_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep)
713 {
714 	cpu_ce_log_err(aflt);
715 }
716 
717 /*
718  * Handler to process vbsc hostshutdown (power-off button).
719  */
720 static int
721 err_shutdown_softintr()
722 {
723 	cmn_err(CE_WARN, "Power-off requested, system will now shutdown.");
724 	do_shutdown();
725 
726 	/*
727 	 * just in case do_shutdown() fails
728 	 */
729 	(void) timeout((void(*)(void *))power_down, NULL, 100 * hz);
730 	return (DDI_INTR_CLAIMED);
731 }
732 
733 /*
734  * Allocate error queue sizes based on max_ncpus.  max_ncpus is set just
735  * after ncpunode has been determined.  ncpus is set in start_other_cpus
736  * which is called after error_init() but may change dynamically.
737  */
738 void
739 error_init(void)
740 {
741 	char tmp_name[MAXSYSNAME];
742 	pnode_t node;
743 	size_t size = cpu_aflt_size();
744 
745 	/*
746 	 * Initialize the correctable and uncorrectable error queues.
747 	 */
748 	ue_queue = errorq_create("ue_queue", (errorq_func_t)ue_drain, NULL,
749 	    MAX_ASYNC_FLTS * (max_ncpus + 1), size, PIL_2, ERRORQ_VITAL);
750 
751 	ce_queue = errorq_create("ce_queue", (errorq_func_t)ce_drain, NULL,
752 	    MAX_CE_FLTS * (max_ncpus + 1), size, PIL_1, 0);
753 
754 	if (ue_queue == NULL || ce_queue == NULL)
755 		panic("failed to create required system error queue");
756 
757 	/*
758 	 * Setup interrupt handler for power-off button.
759 	 */
760 	err_shutdown_inum = add_softintr(PIL_9,
761 	    (softintrfunc)err_shutdown_softintr, NULL, SOFTINT_ST);
762 
763 	/*
764 	 * Initialize the busfunc list mutex.  This must be a PIL_15 spin lock
765 	 * because we will need to acquire it from cpu_async_error().
766 	 */
767 	mutex_init(&bfd_lock, NULL, MUTEX_SPIN, (void *)PIL_15);
768 
769 	node = prom_rootnode();
770 	if ((node == OBP_NONODE) || (node == OBP_BADNODE)) {
771 		cmn_err(CE_CONT, "error_init: node 0x%x\n", (uint_t)node);
772 		return;
773 	}
774 
775 	if (((size = prom_getproplen(node, "reset-reason")) != -1) &&
776 	    (size <= MAXSYSNAME) &&
777 	    (prom_getprop(node, "reset-reason", tmp_name) != -1)) {
778 		if (reset_debug) {
779 			cmn_err(CE_CONT, "System booting after %s\n", tmp_name);
780 		} else if (strncmp(tmp_name, "FATAL", 5) == 0) {
781 			cmn_err(CE_CONT,
782 			    "System booting after fatal error %s\n", tmp_name);
783 		}
784 	}
785 }
786 
787 /*
788  * Nonresumable queue is full, panic here
789  */
790 /*ARGSUSED*/
791 void
792 nrq_overflow(struct regs *rp)
793 {
794 	fm_panic("Nonresumable queue full");
795 }
796 
797 /*
798  * This is the place for special error handling for individual errors.
799  */
800 static void
801 errh_handle_attr(errh_async_flt_t *errh_fltp)
802 {
803 	switch (errh_fltp->errh_er.attr & ~ERRH_MODE_MASK) {
804 	case ERRH_ATTR_CPU:
805 	case ERRH_ATTR_MEM:
806 	case ERRH_ATTR_PIO:
807 	case ERRH_ATTR_IRF:
808 	case ERRH_ATTR_FRF:
809 	case ERRH_ATTR_SHUT:
810 		break;
811 
812 	case ERRH_ATTR_ASR:
813 		errh_handle_asr(errh_fltp);
814 		break;
815 
816 	case ERRH_ATTR_ASI:
817 	case ERRH_ATTR_PREG:
818 	case ERRH_ATTR_RQF:
819 		break;
820 
821 	default:
822 		break;
823 	}
824 }
825 
826 /*
827  * Handle ASR bit set in ATTR
828  */
829 static void
830 errh_handle_asr(errh_async_flt_t *errh_fltp)
831 {
832 	uint64_t current_tick;
833 
834 	switch (errh_fltp->errh_er.reg) {
835 	case ASR_REG_VALID | ASR_REG_TICK:
836 		/*
837 		 * For Tick Compare Register error, it only happens when
838 		 * the register is being read or compared with the %tick
839 		 * register. Since we lost the contents of the register,
840 		 * we set the %tick_compr in the future. An interrupt will
841 		 * happen when %tick matches the value field of %tick_compr.
842 		 */
843 		current_tick = (uint64_t)gettick();
844 		tickcmpr_set(current_tick);
845 		/* Do not panic */
846 		errh_fltp->cmn_asyncflt.flt_panic = 0;
847 		break;
848 
849 	default:
850 		break;
851 	}
852 }
853