1 /*
2 * Machine check handler.
3 *
4 * K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
5 * Rest from unknown author(s).
6 * 2004 Andi Kleen. Rewrote most of it.
7 * Copyright 2008 Intel Corporation
8 * Author: Andi Kleen
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/thread_info.h>
14 #include <linux/capability.h>
15 #include <linux/miscdevice.h>
16 #include <linux/ratelimit.h>
17 #include <linux/kallsyms.h>
18 #include <linux/rcupdate.h>
19 #include <linux/kobject.h>
20 #include <linux/uaccess.h>
21 #include <linux/kdebug.h>
22 #include <linux/kernel.h>
23 #include <linux/percpu.h>
24 #include <linux/string.h>
25 #include <linux/device.h>
26 #include <linux/syscore_ops.h>
27 #include <linux/delay.h>
28 #include <linux/ctype.h>
29 #include <linux/sched.h>
30 #include <linux/sysfs.h>
31 #include <linux/types.h>
32 #include <linux/slab.h>
33 #include <linux/init.h>
34 #include <linux/kmod.h>
35 #include <linux/poll.h>
36 #include <linux/nmi.h>
37 #include <linux/cpu.h>
38 #include <linux/ras.h>
39 #include <linux/smp.h>
40 #include <linux/fs.h>
41 #include <linux/mm.h>
42 #include <linux/debugfs.h>
43 #include <linux/irq_work.h>
44 #include <linux/export.h>
45 #include <linux/jump_label.h>
46
47 #include <asm/intel-family.h>
48 #include <asm/processor.h>
49 #include <asm/traps.h>
50 #include <asm/tlbflush.h>
51 #include <asm/mce.h>
52 #include <asm/msr.h>
53 #include <asm/reboot.h>
54 #include <asm/set_memory.h>
55
56 #include "mce-internal.h"
57
58 static DEFINE_MUTEX(mce_log_mutex);
59
60 /* sysfs synchronization */
61 static DEFINE_MUTEX(mce_sysfs_mutex);
62
63 #define CREATE_TRACE_POINTS
64 #include <trace/events/mce.h>
65
66 #define SPINUNIT 100 /* 100ns */
67
68 DEFINE_PER_CPU(unsigned, mce_exception_count);
69
70 struct mce_bank *mce_banks __read_mostly;
71 struct mce_vendor_flags mce_flags __read_mostly;
72
73 struct mca_config mca_cfg __read_mostly = {
74 .bootlog = -1,
75 /*
76 * Tolerant levels:
77 * 0: always panic on uncorrected errors, log corrected errors
78 * 1: panic or SIGBUS on uncorrected errors, log corrected errors
79 * 2: SIGBUS or log uncorrected errors (if possible), log corr. errors
80 * 3: never panic or SIGBUS, log all errors (for testing only)
81 */
82 .tolerant = 1,
83 .monarch_timeout = -1
84 };
85
86 static DEFINE_PER_CPU(struct mce, mces_seen);
87 static unsigned long mce_need_notify;
88 static int cpu_missing;
89
90 /*
91 * MCA banks polled by the period polling timer for corrected events.
92 * With Intel CMCI, this only has MCA banks which do not support CMCI (if any).
93 */
94 DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
95 [0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
96 };
97
98 /*
99 * MCA banks controlled through firmware first for corrected errors.
100 * This is a global list of banks for which we won't enable CMCI and we
101 * won't poll. Firmware controls these banks and is responsible for
102 * reporting corrected errors through GHES. Uncorrected/recoverable
103 * errors are still notified through a machine check.
104 */
105 mce_banks_t mce_banks_ce_disabled;
106
107 static struct work_struct mce_work;
108 static struct irq_work mce_irq_work;
109
110 static void (*quirk_no_way_out)(int bank, struct mce *m, struct pt_regs *regs);
111
112 #ifndef mce_unmap_kpfn
113 static void mce_unmap_kpfn(unsigned long pfn);
114 #endif
115
116 /*
117 * CPU/chipset specific EDAC code can register a notifier call here to print
118 * MCE errors in a human-readable form.
119 */
120 BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain);
121
122 /* Do initial initialization of a struct mce */
mce_setup(struct mce * m)123 void mce_setup(struct mce *m)
124 {
125 memset(m, 0, sizeof(struct mce));
126 m->cpu = m->extcpu = smp_processor_id();
127 /* We hope get_seconds stays lockless */
128 m->time = get_seconds();
129 m->cpuvendor = boot_cpu_data.x86_vendor;
130 m->cpuid = cpuid_eax(1);
131 m->socketid = cpu_data(m->extcpu).phys_proc_id;
132 m->apicid = cpu_data(m->extcpu).initial_apicid;
133 rdmsrl(MSR_IA32_MCG_CAP, m->mcgcap);
134
135 if (this_cpu_has(X86_FEATURE_INTEL_PPIN))
136 rdmsrl(MSR_PPIN, m->ppin);
137
138 m->microcode = boot_cpu_data.microcode;
139 }
140
141 DEFINE_PER_CPU(struct mce, injectm);
142 EXPORT_PER_CPU_SYMBOL_GPL(injectm);
143
mce_log(struct mce * m)144 void mce_log(struct mce *m)
145 {
146 if (!mce_gen_pool_add(m))
147 irq_work_queue(&mce_irq_work);
148 }
149
mce_inject_log(struct mce * m)150 void mce_inject_log(struct mce *m)
151 {
152 mutex_lock(&mce_log_mutex);
153 mce_log(m);
154 mutex_unlock(&mce_log_mutex);
155 }
156 EXPORT_SYMBOL_GPL(mce_inject_log);
157
158 static struct notifier_block mce_srao_nb;
159
160 /*
161 * We run the default notifier if we have only the SRAO, the first and the
162 * default notifier registered. I.e., the mandatory NUM_DEFAULT_NOTIFIERS
163 * notifiers registered on the chain.
164 */
165 #define NUM_DEFAULT_NOTIFIERS 3
166 static atomic_t num_notifiers;
167
mce_register_decode_chain(struct notifier_block * nb)168 void mce_register_decode_chain(struct notifier_block *nb)
169 {
170 if (WARN_ON(nb->priority > MCE_PRIO_MCELOG && nb->priority < MCE_PRIO_EDAC))
171 return;
172
173 atomic_inc(&num_notifiers);
174
175 blocking_notifier_chain_register(&x86_mce_decoder_chain, nb);
176 }
177 EXPORT_SYMBOL_GPL(mce_register_decode_chain);
178
mce_unregister_decode_chain(struct notifier_block * nb)179 void mce_unregister_decode_chain(struct notifier_block *nb)
180 {
181 atomic_dec(&num_notifiers);
182
183 blocking_notifier_chain_unregister(&x86_mce_decoder_chain, nb);
184 }
185 EXPORT_SYMBOL_GPL(mce_unregister_decode_chain);
186
ctl_reg(int bank)187 static inline u32 ctl_reg(int bank)
188 {
189 return MSR_IA32_MCx_CTL(bank);
190 }
191
status_reg(int bank)192 static inline u32 status_reg(int bank)
193 {
194 return MSR_IA32_MCx_STATUS(bank);
195 }
196
addr_reg(int bank)197 static inline u32 addr_reg(int bank)
198 {
199 return MSR_IA32_MCx_ADDR(bank);
200 }
201
misc_reg(int bank)202 static inline u32 misc_reg(int bank)
203 {
204 return MSR_IA32_MCx_MISC(bank);
205 }
206
smca_ctl_reg(int bank)207 static inline u32 smca_ctl_reg(int bank)
208 {
209 return MSR_AMD64_SMCA_MCx_CTL(bank);
210 }
211
smca_status_reg(int bank)212 static inline u32 smca_status_reg(int bank)
213 {
214 return MSR_AMD64_SMCA_MCx_STATUS(bank);
215 }
216
smca_addr_reg(int bank)217 static inline u32 smca_addr_reg(int bank)
218 {
219 return MSR_AMD64_SMCA_MCx_ADDR(bank);
220 }
221
smca_misc_reg(int bank)222 static inline u32 smca_misc_reg(int bank)
223 {
224 return MSR_AMD64_SMCA_MCx_MISC(bank);
225 }
226
227 struct mca_msr_regs msr_ops = {
228 .ctl = ctl_reg,
229 .status = status_reg,
230 .addr = addr_reg,
231 .misc = misc_reg
232 };
233
__print_mce(struct mce * m)234 static void __print_mce(struct mce *m)
235 {
236 pr_emerg(HW_ERR "CPU %d: Machine Check%s: %Lx Bank %d: %016Lx\n",
237 m->extcpu,
238 (m->mcgstatus & MCG_STATUS_MCIP ? " Exception" : ""),
239 m->mcgstatus, m->bank, m->status);
240
241 if (m->ip) {
242 pr_emerg(HW_ERR "RIP%s %02x:<%016Lx> ",
243 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
244 m->cs, m->ip);
245
246 if (m->cs == __KERNEL_CS)
247 print_symbol("{%s}", m->ip);
248 pr_cont("\n");
249 }
250
251 pr_emerg(HW_ERR "TSC %llx ", m->tsc);
252 if (m->addr)
253 pr_cont("ADDR %llx ", m->addr);
254 if (m->misc)
255 pr_cont("MISC %llx ", m->misc);
256
257 if (mce_flags.smca) {
258 if (m->synd)
259 pr_cont("SYND %llx ", m->synd);
260 if (m->ipid)
261 pr_cont("IPID %llx ", m->ipid);
262 }
263
264 pr_cont("\n");
265 /*
266 * Note this output is parsed by external tools and old fields
267 * should not be changed.
268 */
269 pr_emerg(HW_ERR "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x microcode %x\n",
270 m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid,
271 m->microcode);
272 }
273
print_mce(struct mce * m)274 static void print_mce(struct mce *m)
275 {
276 __print_mce(m);
277 pr_emerg_ratelimited(HW_ERR "Run the above through 'mcelog --ascii'\n");
278 }
279
280 #define PANIC_TIMEOUT 5 /* 5 seconds */
281
282 static atomic_t mce_panicked;
283
284 static int fake_panic;
285 static atomic_t mce_fake_panicked;
286
287 /* Panic in progress. Enable interrupts and wait for final IPI */
wait_for_panic(void)288 static void wait_for_panic(void)
289 {
290 long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
291
292 preempt_disable();
293 local_irq_enable();
294 while (timeout-- > 0)
295 udelay(1);
296 if (panic_timeout == 0)
297 panic_timeout = mca_cfg.panic_timeout;
298 panic("Panicing machine check CPU died");
299 }
300
mce_panic(const char * msg,struct mce * final,char * exp)301 static void mce_panic(const char *msg, struct mce *final, char *exp)
302 {
303 int apei_err = 0;
304 struct llist_node *pending;
305 struct mce_evt_llist *l;
306
307 if (!fake_panic) {
308 /*
309 * Make sure only one CPU runs in machine check panic
310 */
311 if (atomic_inc_return(&mce_panicked) > 1)
312 wait_for_panic();
313 barrier();
314
315 bust_spinlocks(1);
316 console_verbose();
317 } else {
318 /* Don't log too much for fake panic */
319 if (atomic_inc_return(&mce_fake_panicked) > 1)
320 return;
321 }
322 pending = mce_gen_pool_prepare_records();
323 /* First print corrected ones that are still unlogged */
324 llist_for_each_entry(l, pending, llnode) {
325 struct mce *m = &l->mce;
326 if (!(m->status & MCI_STATUS_UC)) {
327 print_mce(m);
328 if (!apei_err)
329 apei_err = apei_write_mce(m);
330 }
331 }
332 /* Now print uncorrected but with the final one last */
333 llist_for_each_entry(l, pending, llnode) {
334 struct mce *m = &l->mce;
335 if (!(m->status & MCI_STATUS_UC))
336 continue;
337 if (!final || mce_cmp(m, final)) {
338 print_mce(m);
339 if (!apei_err)
340 apei_err = apei_write_mce(m);
341 }
342 }
343 if (final) {
344 print_mce(final);
345 if (!apei_err)
346 apei_err = apei_write_mce(final);
347 }
348 if (cpu_missing)
349 pr_emerg(HW_ERR "Some CPUs didn't answer in synchronization\n");
350 if (exp)
351 pr_emerg(HW_ERR "Machine check: %s\n", exp);
352 if (!fake_panic) {
353 if (panic_timeout == 0)
354 panic_timeout = mca_cfg.panic_timeout;
355 panic(msg);
356 } else
357 pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
358 }
359
360 /* Support code for software error injection */
361
msr_to_offset(u32 msr)362 static int msr_to_offset(u32 msr)
363 {
364 unsigned bank = __this_cpu_read(injectm.bank);
365
366 if (msr == mca_cfg.rip_msr)
367 return offsetof(struct mce, ip);
368 if (msr == msr_ops.status(bank))
369 return offsetof(struct mce, status);
370 if (msr == msr_ops.addr(bank))
371 return offsetof(struct mce, addr);
372 if (msr == msr_ops.misc(bank))
373 return offsetof(struct mce, misc);
374 if (msr == MSR_IA32_MCG_STATUS)
375 return offsetof(struct mce, mcgstatus);
376 return -1;
377 }
378
379 /* MSR access wrappers used for error injection */
mce_rdmsrl(u32 msr)380 static u64 mce_rdmsrl(u32 msr)
381 {
382 u64 v;
383
384 if (__this_cpu_read(injectm.finished)) {
385 int offset = msr_to_offset(msr);
386
387 if (offset < 0)
388 return 0;
389 return *(u64 *)((char *)this_cpu_ptr(&injectm) + offset);
390 }
391
392 if (rdmsrl_safe(msr, &v)) {
393 WARN_ONCE(1, "mce: Unable to read MSR 0x%x!\n", msr);
394 /*
395 * Return zero in case the access faulted. This should
396 * not happen normally but can happen if the CPU does
397 * something weird, or if the code is buggy.
398 */
399 v = 0;
400 }
401
402 return v;
403 }
404
mce_wrmsrl(u32 msr,u64 v)405 static void mce_wrmsrl(u32 msr, u64 v)
406 {
407 if (__this_cpu_read(injectm.finished)) {
408 int offset = msr_to_offset(msr);
409
410 if (offset >= 0)
411 *(u64 *)((char *)this_cpu_ptr(&injectm) + offset) = v;
412 return;
413 }
414 wrmsrl(msr, v);
415 }
416
417 /*
418 * Collect all global (w.r.t. this processor) status about this machine
419 * check into our "mce" struct so that we can use it later to assess
420 * the severity of the problem as we read per-bank specific details.
421 */
mce_gather_info(struct mce * m,struct pt_regs * regs)422 static inline void mce_gather_info(struct mce *m, struct pt_regs *regs)
423 {
424 mce_setup(m);
425
426 m->mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
427 if (regs) {
428 /*
429 * Get the address of the instruction at the time of
430 * the machine check error.
431 */
432 if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) {
433 m->ip = regs->ip;
434 m->cs = regs->cs;
435
436 /*
437 * When in VM86 mode make the cs look like ring 3
438 * always. This is a lie, but it's better than passing
439 * the additional vm86 bit around everywhere.
440 */
441 if (v8086_mode(regs))
442 m->cs |= 3;
443 }
444 /* Use accurate RIP reporting if available. */
445 if (mca_cfg.rip_msr)
446 m->ip = mce_rdmsrl(mca_cfg.rip_msr);
447 }
448 }
449
mce_available(struct cpuinfo_x86 * c)450 int mce_available(struct cpuinfo_x86 *c)
451 {
452 if (mca_cfg.disabled)
453 return 0;
454 return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
455 }
456
mce_schedule_work(void)457 static void mce_schedule_work(void)
458 {
459 if (!mce_gen_pool_empty())
460 schedule_work(&mce_work);
461 }
462
mce_irq_work_cb(struct irq_work * entry)463 static void mce_irq_work_cb(struct irq_work *entry)
464 {
465 mce_schedule_work();
466 }
467
mce_report_event(struct pt_regs * regs)468 static void mce_report_event(struct pt_regs *regs)
469 {
470 if (regs->flags & (X86_VM_MASK|X86_EFLAGS_IF)) {
471 mce_notify_irq();
472 /*
473 * Triggering the work queue here is just an insurance
474 * policy in case the syscall exit notify handler
475 * doesn't run soon enough or ends up running on the
476 * wrong CPU (can happen when audit sleeps)
477 */
478 mce_schedule_work();
479 return;
480 }
481
482 irq_work_queue(&mce_irq_work);
483 }
484
485 /*
486 * Check if the address reported by the CPU is in a format we can parse.
487 * It would be possible to add code for most other cases, but all would
488 * be somewhat complicated (e.g. segment offset would require an instruction
489 * parser). So only support physical addresses up to page granuality for now.
490 */
mce_usable_address(struct mce * m)491 static int mce_usable_address(struct mce *m)
492 {
493 if (!(m->status & MCI_STATUS_ADDRV))
494 return 0;
495
496 /* Checks after this one are Intel-specific: */
497 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
498 return 1;
499
500 if (!(m->status & MCI_STATUS_MISCV))
501 return 0;
502
503 if (MCI_MISC_ADDR_LSB(m->misc) > PAGE_SHIFT)
504 return 0;
505
506 if (MCI_MISC_ADDR_MODE(m->misc) != MCI_MISC_ADDR_PHYS)
507 return 0;
508
509 return 1;
510 }
511
mce_is_memory_error(struct mce * m)512 bool mce_is_memory_error(struct mce *m)
513 {
514 if (m->cpuvendor == X86_VENDOR_AMD) {
515 return amd_mce_is_memory_error(m);
516
517 } else if (m->cpuvendor == X86_VENDOR_INTEL) {
518 /*
519 * Intel SDM Volume 3B - 15.9.2 Compound Error Codes
520 *
521 * Bit 7 of the MCACOD field of IA32_MCi_STATUS is used for
522 * indicating a memory error. Bit 8 is used for indicating a
523 * cache hierarchy error. The combination of bit 2 and bit 3
524 * is used for indicating a `generic' cache hierarchy error
525 * But we can't just blindly check the above bits, because if
526 * bit 11 is set, then it is a bus/interconnect error - and
527 * either way the above bits just gives more detail on what
528 * bus/interconnect error happened. Note that bit 12 can be
529 * ignored, as it's the "filter" bit.
530 */
531 return (m->status & 0xef80) == BIT(7) ||
532 (m->status & 0xef00) == BIT(8) ||
533 (m->status & 0xeffc) == 0xc;
534 }
535
536 return false;
537 }
538 EXPORT_SYMBOL_GPL(mce_is_memory_error);
539
cec_add_mce(struct mce * m)540 static bool cec_add_mce(struct mce *m)
541 {
542 if (!m)
543 return false;
544
545 /* We eat only correctable DRAM errors with usable addresses. */
546 if (mce_is_memory_error(m) &&
547 !(m->status & MCI_STATUS_UC) &&
548 mce_usable_address(m))
549 if (!cec_add_elem(m->addr >> PAGE_SHIFT))
550 return true;
551
552 return false;
553 }
554
mce_first_notifier(struct notifier_block * nb,unsigned long val,void * data)555 static int mce_first_notifier(struct notifier_block *nb, unsigned long val,
556 void *data)
557 {
558 struct mce *m = (struct mce *)data;
559
560 if (!m)
561 return NOTIFY_DONE;
562
563 if (cec_add_mce(m))
564 return NOTIFY_STOP;
565
566 /* Emit the trace record: */
567 trace_mce_record(m);
568
569 set_bit(0, &mce_need_notify);
570
571 mce_notify_irq();
572
573 return NOTIFY_DONE;
574 }
575
576 static struct notifier_block first_nb = {
577 .notifier_call = mce_first_notifier,
578 .priority = MCE_PRIO_FIRST,
579 };
580
srao_decode_notifier(struct notifier_block * nb,unsigned long val,void * data)581 static int srao_decode_notifier(struct notifier_block *nb, unsigned long val,
582 void *data)
583 {
584 struct mce *mce = (struct mce *)data;
585 unsigned long pfn;
586
587 if (!mce)
588 return NOTIFY_DONE;
589
590 if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
591 pfn = mce->addr >> PAGE_SHIFT;
592 if (memory_failure(pfn, MCE_VECTOR, 0))
593 mce_unmap_kpfn(pfn);
594 }
595
596 return NOTIFY_OK;
597 }
598 static struct notifier_block mce_srao_nb = {
599 .notifier_call = srao_decode_notifier,
600 .priority = MCE_PRIO_SRAO,
601 };
602
mce_default_notifier(struct notifier_block * nb,unsigned long val,void * data)603 static int mce_default_notifier(struct notifier_block *nb, unsigned long val,
604 void *data)
605 {
606 struct mce *m = (struct mce *)data;
607
608 if (!m)
609 return NOTIFY_DONE;
610
611 if (atomic_read(&num_notifiers) > NUM_DEFAULT_NOTIFIERS)
612 return NOTIFY_DONE;
613
614 __print_mce(m);
615
616 return NOTIFY_DONE;
617 }
618
619 static struct notifier_block mce_default_nb = {
620 .notifier_call = mce_default_notifier,
621 /* lowest prio, we want it to run last. */
622 .priority = MCE_PRIO_LOWEST,
623 };
624
625 /*
626 * Read ADDR and MISC registers.
627 */
mce_read_aux(struct mce * m,int i)628 static void mce_read_aux(struct mce *m, int i)
629 {
630 if (m->status & MCI_STATUS_MISCV)
631 m->misc = mce_rdmsrl(msr_ops.misc(i));
632
633 if (m->status & MCI_STATUS_ADDRV) {
634 m->addr = mce_rdmsrl(msr_ops.addr(i));
635
636 /*
637 * Mask the reported address by the reported granularity.
638 */
639 if (mca_cfg.ser && (m->status & MCI_STATUS_MISCV)) {
640 u8 shift = MCI_MISC_ADDR_LSB(m->misc);
641 m->addr >>= shift;
642 m->addr <<= shift;
643 }
644
645 /*
646 * Extract [55:<lsb>] where lsb is the least significant
647 * *valid* bit of the address bits.
648 */
649 if (mce_flags.smca) {
650 u8 lsb = (m->addr >> 56) & 0x3f;
651
652 m->addr &= GENMASK_ULL(55, lsb);
653 }
654 }
655
656 if (mce_flags.smca) {
657 m->ipid = mce_rdmsrl(MSR_AMD64_SMCA_MCx_IPID(i));
658
659 if (m->status & MCI_STATUS_SYNDV)
660 m->synd = mce_rdmsrl(MSR_AMD64_SMCA_MCx_SYND(i));
661 }
662 }
663
664 DEFINE_PER_CPU(unsigned, mce_poll_count);
665
666 /*
667 * Poll for corrected events or events that happened before reset.
668 * Those are just logged through /dev/mcelog.
669 *
670 * This is executed in standard interrupt context.
671 *
672 * Note: spec recommends to panic for fatal unsignalled
673 * errors here. However this would be quite problematic --
674 * we would need to reimplement the Monarch handling and
675 * it would mess up the exclusion between exception handler
676 * and poll hander -- * so we skip this for now.
677 * These cases should not happen anyways, or only when the CPU
678 * is already totally * confused. In this case it's likely it will
679 * not fully execute the machine check handler either.
680 */
machine_check_poll(enum mcp_flags flags,mce_banks_t * b)681 bool machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
682 {
683 bool error_seen = false;
684 struct mce m;
685 int i;
686
687 this_cpu_inc(mce_poll_count);
688
689 mce_gather_info(&m, NULL);
690
691 if (flags & MCP_TIMESTAMP)
692 m.tsc = rdtsc();
693
694 for (i = 0; i < mca_cfg.banks; i++) {
695 if (!mce_banks[i].ctl || !test_bit(i, *b))
696 continue;
697
698 m.misc = 0;
699 m.addr = 0;
700 m.bank = i;
701
702 barrier();
703 m.status = mce_rdmsrl(msr_ops.status(i));
704
705 /* If this entry is not valid, ignore it */
706 if (!(m.status & MCI_STATUS_VAL))
707 continue;
708
709 /*
710 * If we are logging everything (at CPU online) or this
711 * is a corrected error, then we must log it.
712 */
713 if ((flags & MCP_UC) || !(m.status & MCI_STATUS_UC))
714 goto log_it;
715
716 /*
717 * Newer Intel systems that support software error
718 * recovery need to make additional checks. Other
719 * CPUs should skip over uncorrected errors, but log
720 * everything else.
721 */
722 if (!mca_cfg.ser) {
723 if (m.status & MCI_STATUS_UC)
724 continue;
725 goto log_it;
726 }
727
728 /* Log "not enabled" (speculative) errors */
729 if (!(m.status & MCI_STATUS_EN))
730 goto log_it;
731
732 /*
733 * Log UCNA (SDM: 15.6.3 "UCR Error Classification")
734 * UC == 1 && PCC == 0 && S == 0
735 */
736 if (!(m.status & MCI_STATUS_PCC) && !(m.status & MCI_STATUS_S))
737 goto log_it;
738
739 /*
740 * Skip anything else. Presumption is that our read of this
741 * bank is racing with a machine check. Leave the log alone
742 * for do_machine_check() to deal with it.
743 */
744 continue;
745
746 log_it:
747 error_seen = true;
748
749 mce_read_aux(&m, i);
750
751 m.severity = mce_severity(&m, mca_cfg.tolerant, NULL, false);
752
753 /*
754 * Don't get the IP here because it's unlikely to
755 * have anything to do with the actual error location.
756 */
757 if (!(flags & MCP_DONTLOG) && !mca_cfg.dont_log_ce)
758 mce_log(&m);
759 else if (mce_usable_address(&m)) {
760 /*
761 * Although we skipped logging this, we still want
762 * to take action. Add to the pool so the registered
763 * notifiers will see it.
764 */
765 if (!mce_gen_pool_add(&m))
766 mce_schedule_work();
767 }
768
769 /*
770 * Clear state for this bank.
771 */
772 mce_wrmsrl(msr_ops.status(i), 0);
773 }
774
775 /*
776 * Don't clear MCG_STATUS here because it's only defined for
777 * exceptions.
778 */
779
780 sync_core();
781
782 return error_seen;
783 }
784 EXPORT_SYMBOL_GPL(machine_check_poll);
785
786 /*
787 * Do a quick check if any of the events requires a panic.
788 * This decides if we keep the events around or clear them.
789 */
mce_no_way_out(struct mce * m,char ** msg,unsigned long * validp,struct pt_regs * regs)790 static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
791 struct pt_regs *regs)
792 {
793 char *tmp;
794 int i;
795
796 for (i = 0; i < mca_cfg.banks; i++) {
797 m->status = mce_rdmsrl(msr_ops.status(i));
798 if (!(m->status & MCI_STATUS_VAL))
799 continue;
800
801 __set_bit(i, validp);
802 if (quirk_no_way_out)
803 quirk_no_way_out(i, m, regs);
804
805 m->bank = i;
806 if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) {
807 mce_read_aux(m, i);
808 *msg = tmp;
809 return 1;
810 }
811 }
812 return 0;
813 }
814
815 /*
816 * Variable to establish order between CPUs while scanning.
817 * Each CPU spins initially until executing is equal its number.
818 */
819 static atomic_t mce_executing;
820
821 /*
822 * Defines order of CPUs on entry. First CPU becomes Monarch.
823 */
824 static atomic_t mce_callin;
825
826 /*
827 * Check if a timeout waiting for other CPUs happened.
828 */
mce_timed_out(u64 * t,const char * msg)829 static int mce_timed_out(u64 *t, const char *msg)
830 {
831 /*
832 * The others already did panic for some reason.
833 * Bail out like in a timeout.
834 * rmb() to tell the compiler that system_state
835 * might have been modified by someone else.
836 */
837 rmb();
838 if (atomic_read(&mce_panicked))
839 wait_for_panic();
840 if (!mca_cfg.monarch_timeout)
841 goto out;
842 if ((s64)*t < SPINUNIT) {
843 if (mca_cfg.tolerant <= 1)
844 mce_panic(msg, NULL, NULL);
845 cpu_missing = 1;
846 return 1;
847 }
848 *t -= SPINUNIT;
849 out:
850 touch_nmi_watchdog();
851 return 0;
852 }
853
854 /*
855 * The Monarch's reign. The Monarch is the CPU who entered
856 * the machine check handler first. It waits for the others to
857 * raise the exception too and then grades them. When any
858 * error is fatal panic. Only then let the others continue.
859 *
860 * The other CPUs entering the MCE handler will be controlled by the
861 * Monarch. They are called Subjects.
862 *
863 * This way we prevent any potential data corruption in a unrecoverable case
864 * and also makes sure always all CPU's errors are examined.
865 *
866 * Also this detects the case of a machine check event coming from outer
867 * space (not detected by any CPUs) In this case some external agent wants
868 * us to shut down, so panic too.
869 *
870 * The other CPUs might still decide to panic if the handler happens
871 * in a unrecoverable place, but in this case the system is in a semi-stable
872 * state and won't corrupt anything by itself. It's ok to let the others
873 * continue for a bit first.
874 *
875 * All the spin loops have timeouts; when a timeout happens a CPU
876 * typically elects itself to be Monarch.
877 */
mce_reign(void)878 static void mce_reign(void)
879 {
880 int cpu;
881 struct mce *m = NULL;
882 int global_worst = 0;
883 char *msg = NULL;
884 char *nmsg = NULL;
885
886 /*
887 * This CPU is the Monarch and the other CPUs have run
888 * through their handlers.
889 * Grade the severity of the errors of all the CPUs.
890 */
891 for_each_possible_cpu(cpu) {
892 int severity = mce_severity(&per_cpu(mces_seen, cpu),
893 mca_cfg.tolerant,
894 &nmsg, true);
895 if (severity > global_worst) {
896 msg = nmsg;
897 global_worst = severity;
898 m = &per_cpu(mces_seen, cpu);
899 }
900 }
901
902 /*
903 * Cannot recover? Panic here then.
904 * This dumps all the mces in the log buffer and stops the
905 * other CPUs.
906 */
907 if (m && global_worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3)
908 mce_panic("Fatal machine check", m, msg);
909
910 /*
911 * For UC somewhere we let the CPU who detects it handle it.
912 * Also must let continue the others, otherwise the handling
913 * CPU could deadlock on a lock.
914 */
915
916 /*
917 * No machine check event found. Must be some external
918 * source or one CPU is hung. Panic.
919 */
920 if (global_worst <= MCE_KEEP_SEVERITY && mca_cfg.tolerant < 3)
921 mce_panic("Fatal machine check from unknown source", NULL, NULL);
922
923 /*
924 * Now clear all the mces_seen so that they don't reappear on
925 * the next mce.
926 */
927 for_each_possible_cpu(cpu)
928 memset(&per_cpu(mces_seen, cpu), 0, sizeof(struct mce));
929 }
930
931 static atomic_t global_nwo;
932
933 /*
934 * Start of Monarch synchronization. This waits until all CPUs have
935 * entered the exception handler and then determines if any of them
936 * saw a fatal event that requires panic. Then it executes them
937 * in the entry order.
938 * TBD double check parallel CPU hotunplug
939 */
mce_start(int * no_way_out)940 static int mce_start(int *no_way_out)
941 {
942 int order;
943 int cpus = num_online_cpus();
944 u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
945
946 if (!timeout)
947 return -1;
948
949 atomic_add(*no_way_out, &global_nwo);
950 /*
951 * Rely on the implied barrier below, such that global_nwo
952 * is updated before mce_callin.
953 */
954 order = atomic_inc_return(&mce_callin);
955
956 /*
957 * Wait for everyone.
958 */
959 while (atomic_read(&mce_callin) != cpus) {
960 if (mce_timed_out(&timeout,
961 "Timeout: Not all CPUs entered broadcast exception handler")) {
962 atomic_set(&global_nwo, 0);
963 return -1;
964 }
965 ndelay(SPINUNIT);
966 }
967
968 /*
969 * mce_callin should be read before global_nwo
970 */
971 smp_rmb();
972
973 if (order == 1) {
974 /*
975 * Monarch: Starts executing now, the others wait.
976 */
977 atomic_set(&mce_executing, 1);
978 } else {
979 /*
980 * Subject: Now start the scanning loop one by one in
981 * the original callin order.
982 * This way when there are any shared banks it will be
983 * only seen by one CPU before cleared, avoiding duplicates.
984 */
985 while (atomic_read(&mce_executing) < order) {
986 if (mce_timed_out(&timeout,
987 "Timeout: Subject CPUs unable to finish machine check processing")) {
988 atomic_set(&global_nwo, 0);
989 return -1;
990 }
991 ndelay(SPINUNIT);
992 }
993 }
994
995 /*
996 * Cache the global no_way_out state.
997 */
998 *no_way_out = atomic_read(&global_nwo);
999
1000 return order;
1001 }
1002
1003 /*
1004 * Synchronize between CPUs after main scanning loop.
1005 * This invokes the bulk of the Monarch processing.
1006 */
mce_end(int order)1007 static int mce_end(int order)
1008 {
1009 int ret = -1;
1010 u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
1011
1012 if (!timeout)
1013 goto reset;
1014 if (order < 0)
1015 goto reset;
1016
1017 /*
1018 * Allow others to run.
1019 */
1020 atomic_inc(&mce_executing);
1021
1022 if (order == 1) {
1023 /* CHECKME: Can this race with a parallel hotplug? */
1024 int cpus = num_online_cpus();
1025
1026 /*
1027 * Monarch: Wait for everyone to go through their scanning
1028 * loops.
1029 */
1030 while (atomic_read(&mce_executing) <= cpus) {
1031 if (mce_timed_out(&timeout,
1032 "Timeout: Monarch CPU unable to finish machine check processing"))
1033 goto reset;
1034 ndelay(SPINUNIT);
1035 }
1036
1037 mce_reign();
1038 barrier();
1039 ret = 0;
1040 } else {
1041 /*
1042 * Subject: Wait for Monarch to finish.
1043 */
1044 while (atomic_read(&mce_executing) != 0) {
1045 if (mce_timed_out(&timeout,
1046 "Timeout: Monarch CPU did not finish machine check processing"))
1047 goto reset;
1048 ndelay(SPINUNIT);
1049 }
1050
1051 /*
1052 * Don't reset anything. That's done by the Monarch.
1053 */
1054 return 0;
1055 }
1056
1057 /*
1058 * Reset all global state.
1059 */
1060 reset:
1061 atomic_set(&global_nwo, 0);
1062 atomic_set(&mce_callin, 0);
1063 barrier();
1064
1065 /*
1066 * Let others run again.
1067 */
1068 atomic_set(&mce_executing, 0);
1069 return ret;
1070 }
1071
mce_clear_state(unsigned long * toclear)1072 static void mce_clear_state(unsigned long *toclear)
1073 {
1074 int i;
1075
1076 for (i = 0; i < mca_cfg.banks; i++) {
1077 if (test_bit(i, toclear))
1078 mce_wrmsrl(msr_ops.status(i), 0);
1079 }
1080 }
1081
do_memory_failure(struct mce * m)1082 static int do_memory_failure(struct mce *m)
1083 {
1084 int flags = MF_ACTION_REQUIRED;
1085 int ret;
1086
1087 pr_err("Uncorrected hardware memory error in user-access at %llx", m->addr);
1088 if (!(m->mcgstatus & MCG_STATUS_RIPV))
1089 flags |= MF_MUST_KILL;
1090 ret = memory_failure(m->addr >> PAGE_SHIFT, MCE_VECTOR, flags);
1091 if (ret)
1092 pr_err("Memory error not recovered");
1093 else
1094 mce_unmap_kpfn(m->addr >> PAGE_SHIFT);
1095 return ret;
1096 }
1097
1098 #ifndef mce_unmap_kpfn
mce_unmap_kpfn(unsigned long pfn)1099 static void mce_unmap_kpfn(unsigned long pfn)
1100 {
1101 unsigned long decoy_addr;
1102
1103 /*
1104 * Unmap this page from the kernel 1:1 mappings to make sure
1105 * we don't log more errors because of speculative access to
1106 * the page.
1107 * We would like to just call:
1108 * set_memory_np((unsigned long)pfn_to_kaddr(pfn), 1);
1109 * but doing that would radically increase the odds of a
1110 * speculative access to the poison page because we'd have
1111 * the virtual address of the kernel 1:1 mapping sitting
1112 * around in registers.
1113 * Instead we get tricky. We create a non-canonical address
1114 * that looks just like the one we want, but has bit 63 flipped.
1115 * This relies on set_memory_np() not checking whether we passed
1116 * a legal address.
1117 */
1118
1119 /*
1120 * Build time check to see if we have a spare virtual bit. Don't want
1121 * to leave this until run time because most developers don't have a
1122 * system that can exercise this code path. This will only become a
1123 * problem if/when we move beyond 5-level page tables.
1124 *
1125 * Hard code "9" here because cpp doesn't grok ilog2(PTRS_PER_PGD)
1126 */
1127 #if PGDIR_SHIFT + 9 < 63
1128 decoy_addr = (pfn << PAGE_SHIFT) + (PAGE_OFFSET ^ BIT(63));
1129 #else
1130 #error "no unused virtual bit available"
1131 #endif
1132
1133 if (set_memory_np(decoy_addr, 1))
1134 pr_warn("Could not invalidate pfn=0x%lx from 1:1 map\n", pfn);
1135 }
1136 #endif
1137
1138 /*
1139 * The actual machine check handler. This only handles real
1140 * exceptions when something got corrupted coming in through int 18.
1141 *
1142 * This is executed in NMI context not subject to normal locking rules. This
1143 * implies that most kernel services cannot be safely used. Don't even
1144 * think about putting a printk in there!
1145 *
1146 * On Intel systems this is entered on all CPUs in parallel through
1147 * MCE broadcast. However some CPUs might be broken beyond repair,
1148 * so be always careful when synchronizing with others.
1149 */
do_machine_check(struct pt_regs * regs,long error_code)1150 void do_machine_check(struct pt_regs *regs, long error_code)
1151 {
1152 struct mca_config *cfg = &mca_cfg;
1153 struct mce m, *final;
1154 int i;
1155 int worst = 0;
1156 int severity;
1157
1158 /*
1159 * Establish sequential order between the CPUs entering the machine
1160 * check handler.
1161 */
1162 int order = -1;
1163 /*
1164 * If no_way_out gets set, there is no safe way to recover from this
1165 * MCE. If mca_cfg.tolerant is cranked up, we'll try anyway.
1166 */
1167 int no_way_out = 0;
1168 /*
1169 * If kill_it gets set, there might be a way to recover from this
1170 * error.
1171 */
1172 int kill_it = 0;
1173 DECLARE_BITMAP(toclear, MAX_NR_BANKS);
1174 DECLARE_BITMAP(valid_banks, MAX_NR_BANKS);
1175 char *msg = "Unknown";
1176
1177 /*
1178 * MCEs are always local on AMD. Same is determined by MCG_STATUS_LMCES
1179 * on Intel.
1180 */
1181 int lmce = 1;
1182 int cpu = smp_processor_id();
1183
1184 /*
1185 * Cases where we avoid rendezvous handler timeout:
1186 * 1) If this CPU is offline.
1187 *
1188 * 2) If crashing_cpu was set, e.g. we're entering kdump and we need to
1189 * skip those CPUs which remain looping in the 1st kernel - see
1190 * crash_nmi_callback().
1191 *
1192 * Note: there still is a small window between kexec-ing and the new,
1193 * kdump kernel establishing a new #MC handler where a broadcasted MCE
1194 * might not get handled properly.
1195 */
1196 if (cpu_is_offline(cpu) ||
1197 (crashing_cpu != -1 && crashing_cpu != cpu)) {
1198 u64 mcgstatus;
1199
1200 mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
1201 if (mcgstatus & MCG_STATUS_RIPV) {
1202 mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1203 return;
1204 }
1205 }
1206
1207 ist_enter(regs);
1208
1209 this_cpu_inc(mce_exception_count);
1210
1211 if (!cfg->banks)
1212 goto out;
1213
1214 mce_gather_info(&m, regs);
1215 m.tsc = rdtsc();
1216
1217 final = this_cpu_ptr(&mces_seen);
1218 *final = m;
1219
1220 memset(valid_banks, 0, sizeof(valid_banks));
1221 no_way_out = mce_no_way_out(&m, &msg, valid_banks, regs);
1222
1223 barrier();
1224
1225 /*
1226 * When no restart IP might need to kill or panic.
1227 * Assume the worst for now, but if we find the
1228 * severity is MCE_AR_SEVERITY we have other options.
1229 */
1230 if (!(m.mcgstatus & MCG_STATUS_RIPV))
1231 kill_it = 1;
1232
1233 /*
1234 * Check if this MCE is signaled to only this logical processor,
1235 * on Intel only.
1236 */
1237 if (m.cpuvendor == X86_VENDOR_INTEL)
1238 lmce = m.mcgstatus & MCG_STATUS_LMCES;
1239
1240 /*
1241 * Local machine check may already know that we have to panic.
1242 * Broadcast machine check begins rendezvous in mce_start()
1243 * Go through all banks in exclusion of the other CPUs. This way we
1244 * don't report duplicated events on shared banks because the first one
1245 * to see it will clear it.
1246 */
1247 if (lmce) {
1248 if (no_way_out)
1249 mce_panic("Fatal local machine check", &m, msg);
1250 } else {
1251 order = mce_start(&no_way_out);
1252 }
1253
1254 for (i = 0; i < cfg->banks; i++) {
1255 __clear_bit(i, toclear);
1256 if (!test_bit(i, valid_banks))
1257 continue;
1258 if (!mce_banks[i].ctl)
1259 continue;
1260
1261 m.misc = 0;
1262 m.addr = 0;
1263 m.bank = i;
1264
1265 m.status = mce_rdmsrl(msr_ops.status(i));
1266 if ((m.status & MCI_STATUS_VAL) == 0)
1267 continue;
1268
1269 /*
1270 * Non uncorrected or non signaled errors are handled by
1271 * machine_check_poll. Leave them alone, unless this panics.
1272 */
1273 if (!(m.status & (cfg->ser ? MCI_STATUS_S : MCI_STATUS_UC)) &&
1274 !no_way_out)
1275 continue;
1276
1277 /*
1278 * Set taint even when machine check was not enabled.
1279 */
1280 add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
1281
1282 severity = mce_severity(&m, cfg->tolerant, NULL, true);
1283
1284 /*
1285 * When machine check was for corrected/deferred handler don't
1286 * touch, unless we're panicing.
1287 */
1288 if ((severity == MCE_KEEP_SEVERITY ||
1289 severity == MCE_UCNA_SEVERITY) && !no_way_out)
1290 continue;
1291 __set_bit(i, toclear);
1292 if (severity == MCE_NO_SEVERITY) {
1293 /*
1294 * Machine check event was not enabled. Clear, but
1295 * ignore.
1296 */
1297 continue;
1298 }
1299
1300 mce_read_aux(&m, i);
1301
1302 /* assuming valid severity level != 0 */
1303 m.severity = severity;
1304
1305 mce_log(&m);
1306
1307 if (severity > worst) {
1308 *final = m;
1309 worst = severity;
1310 }
1311 }
1312
1313 /* mce_clear_state will clear *final, save locally for use later */
1314 m = *final;
1315
1316 if (!no_way_out)
1317 mce_clear_state(toclear);
1318
1319 /*
1320 * Do most of the synchronization with other CPUs.
1321 * When there's any problem use only local no_way_out state.
1322 */
1323 if (!lmce) {
1324 if (mce_end(order) < 0)
1325 no_way_out = worst >= MCE_PANIC_SEVERITY;
1326 } else {
1327 /*
1328 * If there was a fatal machine check we should have
1329 * already called mce_panic earlier in this function.
1330 * Since we re-read the banks, we might have found
1331 * something new. Check again to see if we found a
1332 * fatal error. We call "mce_severity()" again to
1333 * make sure we have the right "msg".
1334 */
1335 if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) {
1336 mce_severity(&m, cfg->tolerant, &msg, true);
1337 mce_panic("Local fatal machine check!", &m, msg);
1338 }
1339 }
1340
1341 /*
1342 * If tolerant is at an insane level we drop requests to kill
1343 * processes and continue even when there is no way out.
1344 */
1345 if (cfg->tolerant == 3)
1346 kill_it = 0;
1347 else if (no_way_out)
1348 mce_panic("Fatal machine check on current CPU", &m, msg);
1349
1350 if (worst > 0)
1351 mce_report_event(regs);
1352 mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1353 out:
1354 sync_core();
1355
1356 if (worst != MCE_AR_SEVERITY && !kill_it)
1357 goto out_ist;
1358
1359 /* Fault was in user mode and we need to take some action */
1360 if ((m.cs & 3) == 3) {
1361 ist_begin_non_atomic(regs);
1362 local_irq_enable();
1363
1364 if (kill_it || do_memory_failure(&m))
1365 force_sig(SIGBUS, current);
1366 local_irq_disable();
1367 ist_end_non_atomic();
1368 } else {
1369 if (!fixup_exception(regs, X86_TRAP_MC))
1370 mce_panic("Failed kernel mode recovery", &m, NULL);
1371 }
1372
1373 out_ist:
1374 ist_exit(regs);
1375 }
1376 EXPORT_SYMBOL_GPL(do_machine_check);
1377
1378 #ifndef CONFIG_MEMORY_FAILURE
memory_failure(unsigned long pfn,int vector,int flags)1379 int memory_failure(unsigned long pfn, int vector, int flags)
1380 {
1381 /* mce_severity() should not hand us an ACTION_REQUIRED error */
1382 BUG_ON(flags & MF_ACTION_REQUIRED);
1383 pr_err("Uncorrected memory error in page 0x%lx ignored\n"
1384 "Rebuild kernel with CONFIG_MEMORY_FAILURE=y for smarter handling\n",
1385 pfn);
1386
1387 return 0;
1388 }
1389 #endif
1390
1391 /*
1392 * Periodic polling timer for "silent" machine check errors. If the
1393 * poller finds an MCE, poll 2x faster. When the poller finds no more
1394 * errors, poll 2x slower (up to check_interval seconds).
1395 */
1396 static unsigned long check_interval = INITIAL_CHECK_INTERVAL;
1397
1398 static DEFINE_PER_CPU(unsigned long, mce_next_interval); /* in jiffies */
1399 static DEFINE_PER_CPU(struct timer_list, mce_timer);
1400
mce_adjust_timer_default(unsigned long interval)1401 static unsigned long mce_adjust_timer_default(unsigned long interval)
1402 {
1403 return interval;
1404 }
1405
1406 static unsigned long (*mce_adjust_timer)(unsigned long interval) = mce_adjust_timer_default;
1407
__start_timer(struct timer_list * t,unsigned long interval)1408 static void __start_timer(struct timer_list *t, unsigned long interval)
1409 {
1410 unsigned long when = jiffies + interval;
1411 unsigned long flags;
1412
1413 local_irq_save(flags);
1414
1415 if (!timer_pending(t) || time_before(when, t->expires))
1416 mod_timer(t, round_jiffies(when));
1417
1418 local_irq_restore(flags);
1419 }
1420
mce_timer_fn(unsigned long data)1421 static void mce_timer_fn(unsigned long data)
1422 {
1423 struct timer_list *t = this_cpu_ptr(&mce_timer);
1424 int cpu = smp_processor_id();
1425 unsigned long iv;
1426
1427 WARN_ON(cpu != data);
1428
1429 iv = __this_cpu_read(mce_next_interval);
1430
1431 if (mce_available(this_cpu_ptr(&cpu_info))) {
1432 machine_check_poll(0, this_cpu_ptr(&mce_poll_banks));
1433
1434 if (mce_intel_cmci_poll()) {
1435 iv = mce_adjust_timer(iv);
1436 goto done;
1437 }
1438 }
1439
1440 /*
1441 * Alert userspace if needed. If we logged an MCE, reduce the polling
1442 * interval, otherwise increase the polling interval.
1443 */
1444 if (mce_notify_irq())
1445 iv = max(iv / 2, (unsigned long) HZ/100);
1446 else
1447 iv = min(iv * 2, round_jiffies_relative(check_interval * HZ));
1448
1449 done:
1450 __this_cpu_write(mce_next_interval, iv);
1451 __start_timer(t, iv);
1452 }
1453
1454 /*
1455 * Ensure that the timer is firing in @interval from now.
1456 */
mce_timer_kick(unsigned long interval)1457 void mce_timer_kick(unsigned long interval)
1458 {
1459 struct timer_list *t = this_cpu_ptr(&mce_timer);
1460 unsigned long iv = __this_cpu_read(mce_next_interval);
1461
1462 __start_timer(t, interval);
1463
1464 if (interval < iv)
1465 __this_cpu_write(mce_next_interval, interval);
1466 }
1467
1468 /* Must not be called in IRQ context where del_timer_sync() can deadlock */
mce_timer_delete_all(void)1469 static void mce_timer_delete_all(void)
1470 {
1471 int cpu;
1472
1473 for_each_online_cpu(cpu)
1474 del_timer_sync(&per_cpu(mce_timer, cpu));
1475 }
1476
1477 /*
1478 * Notify the user(s) about new machine check events.
1479 * Can be called from interrupt context, but not from machine check/NMI
1480 * context.
1481 */
mce_notify_irq(void)1482 int mce_notify_irq(void)
1483 {
1484 /* Not more than two messages every minute */
1485 static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
1486
1487 if (test_and_clear_bit(0, &mce_need_notify)) {
1488 mce_work_trigger();
1489
1490 if (__ratelimit(&ratelimit))
1491 pr_info(HW_ERR "Machine check events logged\n");
1492
1493 return 1;
1494 }
1495 return 0;
1496 }
1497 EXPORT_SYMBOL_GPL(mce_notify_irq);
1498
__mcheck_cpu_mce_banks_init(void)1499 static int __mcheck_cpu_mce_banks_init(void)
1500 {
1501 int i;
1502
1503 mce_banks = kcalloc(MAX_NR_BANKS, sizeof(struct mce_bank), GFP_KERNEL);
1504 if (!mce_banks)
1505 return -ENOMEM;
1506
1507 for (i = 0; i < MAX_NR_BANKS; i++) {
1508 struct mce_bank *b = &mce_banks[i];
1509
1510 b->ctl = -1ULL;
1511 b->init = 1;
1512 }
1513 return 0;
1514 }
1515
1516 /*
1517 * Initialize Machine Checks for a CPU.
1518 */
__mcheck_cpu_cap_init(void)1519 static int __mcheck_cpu_cap_init(void)
1520 {
1521 u64 cap;
1522 u8 b;
1523
1524 rdmsrl(MSR_IA32_MCG_CAP, cap);
1525
1526 b = cap & MCG_BANKCNT_MASK;
1527 if (WARN_ON_ONCE(b > MAX_NR_BANKS))
1528 b = MAX_NR_BANKS;
1529
1530 mca_cfg.banks = max(mca_cfg.banks, b);
1531
1532 if (!mce_banks) {
1533 int err = __mcheck_cpu_mce_banks_init();
1534 if (err)
1535 return err;
1536 }
1537
1538 /* Use accurate RIP reporting if available. */
1539 if ((cap & MCG_EXT_P) && MCG_EXT_CNT(cap) >= 9)
1540 mca_cfg.rip_msr = MSR_IA32_MCG_EIP;
1541
1542 if (cap & MCG_SER_P)
1543 mca_cfg.ser = true;
1544
1545 return 0;
1546 }
1547
__mcheck_cpu_init_generic(void)1548 static void __mcheck_cpu_init_generic(void)
1549 {
1550 enum mcp_flags m_fl = 0;
1551 mce_banks_t all_banks;
1552 u64 cap;
1553
1554 if (!mca_cfg.bootlog)
1555 m_fl = MCP_DONTLOG;
1556
1557 /*
1558 * Log the machine checks left over from the previous reset.
1559 */
1560 bitmap_fill(all_banks, MAX_NR_BANKS);
1561 machine_check_poll(MCP_UC | m_fl, &all_banks);
1562
1563 cr4_set_bits(X86_CR4_MCE);
1564
1565 rdmsrl(MSR_IA32_MCG_CAP, cap);
1566 if (cap & MCG_CTL_P)
1567 wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
1568 }
1569
__mcheck_cpu_init_clear_banks(void)1570 static void __mcheck_cpu_init_clear_banks(void)
1571 {
1572 int i;
1573
1574 for (i = 0; i < mca_cfg.banks; i++) {
1575 struct mce_bank *b = &mce_banks[i];
1576
1577 if (!b->init)
1578 continue;
1579 wrmsrl(msr_ops.ctl(i), b->ctl);
1580 wrmsrl(msr_ops.status(i), 0);
1581 }
1582 }
1583
1584 /*
1585 * During IFU recovery Sandy Bridge -EP4S processors set the RIPV and
1586 * EIPV bits in MCG_STATUS to zero on the affected logical processor (SDM
1587 * Vol 3B Table 15-20). But this confuses both the code that determines
1588 * whether the machine check occurred in kernel or user mode, and also
1589 * the severity assessment code. Pretend that EIPV was set, and take the
1590 * ip/cs values from the pt_regs that mce_gather_info() ignored earlier.
1591 */
quirk_sandybridge_ifu(int bank,struct mce * m,struct pt_regs * regs)1592 static void quirk_sandybridge_ifu(int bank, struct mce *m, struct pt_regs *regs)
1593 {
1594 if (bank != 0)
1595 return;
1596 if ((m->mcgstatus & (MCG_STATUS_EIPV|MCG_STATUS_RIPV)) != 0)
1597 return;
1598 if ((m->status & (MCI_STATUS_OVER|MCI_STATUS_UC|
1599 MCI_STATUS_EN|MCI_STATUS_MISCV|MCI_STATUS_ADDRV|
1600 MCI_STATUS_PCC|MCI_STATUS_S|MCI_STATUS_AR|
1601 MCACOD)) !=
1602 (MCI_STATUS_UC|MCI_STATUS_EN|
1603 MCI_STATUS_MISCV|MCI_STATUS_ADDRV|MCI_STATUS_S|
1604 MCI_STATUS_AR|MCACOD_INSTR))
1605 return;
1606
1607 m->mcgstatus |= MCG_STATUS_EIPV;
1608 m->ip = regs->ip;
1609 m->cs = regs->cs;
1610 }
1611
1612 /* Add per CPU specific workarounds here */
__mcheck_cpu_apply_quirks(struct cpuinfo_x86 * c)1613 static int __mcheck_cpu_apply_quirks(struct cpuinfo_x86 *c)
1614 {
1615 struct mca_config *cfg = &mca_cfg;
1616
1617 if (c->x86_vendor == X86_VENDOR_UNKNOWN) {
1618 pr_info("unknown CPU type - not enabling MCE support\n");
1619 return -EOPNOTSUPP;
1620 }
1621
1622 /* This should be disabled by the BIOS, but isn't always */
1623 if (c->x86_vendor == X86_VENDOR_AMD) {
1624 if (c->x86 == 15 && cfg->banks > 4) {
1625 /*
1626 * disable GART TBL walk error reporting, which
1627 * trips off incorrectly with the IOMMU & 3ware
1628 * & Cerberus:
1629 */
1630 clear_bit(10, (unsigned long *)&mce_banks[4].ctl);
1631 }
1632 if (c->x86 < 0x11 && cfg->bootlog < 0) {
1633 /*
1634 * Lots of broken BIOS around that don't clear them
1635 * by default and leave crap in there. Don't log:
1636 */
1637 cfg->bootlog = 0;
1638 }
1639 /*
1640 * Various K7s with broken bank 0 around. Always disable
1641 * by default.
1642 */
1643 if (c->x86 == 6 && cfg->banks > 0)
1644 mce_banks[0].ctl = 0;
1645
1646 /*
1647 * overflow_recov is supported for F15h Models 00h-0fh
1648 * even though we don't have a CPUID bit for it.
1649 */
1650 if (c->x86 == 0x15 && c->x86_model <= 0xf)
1651 mce_flags.overflow_recov = 1;
1652
1653 }
1654
1655 if (c->x86_vendor == X86_VENDOR_INTEL) {
1656 /*
1657 * SDM documents that on family 6 bank 0 should not be written
1658 * because it aliases to another special BIOS controlled
1659 * register.
1660 * But it's not aliased anymore on model 0x1a+
1661 * Don't ignore bank 0 completely because there could be a
1662 * valid event later, merely don't write CTL0.
1663 */
1664
1665 if (c->x86 == 6 && c->x86_model < 0x1A && cfg->banks > 0)
1666 mce_banks[0].init = 0;
1667
1668 /*
1669 * All newer Intel systems support MCE broadcasting. Enable
1670 * synchronization with a one second timeout.
1671 */
1672 if ((c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xe)) &&
1673 cfg->monarch_timeout < 0)
1674 cfg->monarch_timeout = USEC_PER_SEC;
1675
1676 /*
1677 * There are also broken BIOSes on some Pentium M and
1678 * earlier systems:
1679 */
1680 if (c->x86 == 6 && c->x86_model <= 13 && cfg->bootlog < 0)
1681 cfg->bootlog = 0;
1682
1683 if (c->x86 == 6 && c->x86_model == 45)
1684 quirk_no_way_out = quirk_sandybridge_ifu;
1685 }
1686 if (cfg->monarch_timeout < 0)
1687 cfg->monarch_timeout = 0;
1688 if (cfg->bootlog != 0)
1689 cfg->panic_timeout = 30;
1690
1691 return 0;
1692 }
1693
__mcheck_cpu_ancient_init(struct cpuinfo_x86 * c)1694 static int __mcheck_cpu_ancient_init(struct cpuinfo_x86 *c)
1695 {
1696 if (c->x86 != 5)
1697 return 0;
1698
1699 switch (c->x86_vendor) {
1700 case X86_VENDOR_INTEL:
1701 intel_p5_mcheck_init(c);
1702 return 1;
1703 break;
1704 case X86_VENDOR_CENTAUR:
1705 winchip_mcheck_init(c);
1706 return 1;
1707 break;
1708 default:
1709 return 0;
1710 }
1711
1712 return 0;
1713 }
1714
1715 /*
1716 * Init basic CPU features needed for early decoding of MCEs.
1717 */
__mcheck_cpu_init_early(struct cpuinfo_x86 * c)1718 static void __mcheck_cpu_init_early(struct cpuinfo_x86 *c)
1719 {
1720 if (c->x86_vendor == X86_VENDOR_AMD) {
1721 mce_flags.overflow_recov = !!cpu_has(c, X86_FEATURE_OVERFLOW_RECOV);
1722 mce_flags.succor = !!cpu_has(c, X86_FEATURE_SUCCOR);
1723 mce_flags.smca = !!cpu_has(c, X86_FEATURE_SMCA);
1724
1725 if (mce_flags.smca) {
1726 msr_ops.ctl = smca_ctl_reg;
1727 msr_ops.status = smca_status_reg;
1728 msr_ops.addr = smca_addr_reg;
1729 msr_ops.misc = smca_misc_reg;
1730 }
1731 }
1732 }
1733
__mcheck_cpu_init_vendor(struct cpuinfo_x86 * c)1734 static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
1735 {
1736 switch (c->x86_vendor) {
1737 case X86_VENDOR_INTEL:
1738 mce_intel_feature_init(c);
1739 mce_adjust_timer = cmci_intel_adjust_timer;
1740 break;
1741
1742 case X86_VENDOR_AMD: {
1743 mce_amd_feature_init(c);
1744 break;
1745 }
1746
1747 default:
1748 break;
1749 }
1750 }
1751
__mcheck_cpu_clear_vendor(struct cpuinfo_x86 * c)1752 static void __mcheck_cpu_clear_vendor(struct cpuinfo_x86 *c)
1753 {
1754 switch (c->x86_vendor) {
1755 case X86_VENDOR_INTEL:
1756 mce_intel_feature_clear(c);
1757 break;
1758 default:
1759 break;
1760 }
1761 }
1762
mce_start_timer(struct timer_list * t)1763 static void mce_start_timer(struct timer_list *t)
1764 {
1765 unsigned long iv = check_interval * HZ;
1766
1767 if (mca_cfg.ignore_ce || !iv)
1768 return;
1769
1770 this_cpu_write(mce_next_interval, iv);
1771 __start_timer(t, iv);
1772 }
1773
__mcheck_cpu_setup_timer(void)1774 static void __mcheck_cpu_setup_timer(void)
1775 {
1776 struct timer_list *t = this_cpu_ptr(&mce_timer);
1777 unsigned int cpu = smp_processor_id();
1778
1779 setup_pinned_timer(t, mce_timer_fn, cpu);
1780 }
1781
__mcheck_cpu_init_timer(void)1782 static void __mcheck_cpu_init_timer(void)
1783 {
1784 struct timer_list *t = this_cpu_ptr(&mce_timer);
1785 unsigned int cpu = smp_processor_id();
1786
1787 setup_pinned_timer(t, mce_timer_fn, cpu);
1788 mce_start_timer(t);
1789 }
1790
1791 /* Handle unconfigured int18 (should never happen) */
unexpected_machine_check(struct pt_regs * regs,long error_code)1792 static void unexpected_machine_check(struct pt_regs *regs, long error_code)
1793 {
1794 pr_err("CPU#%d: Unexpected int18 (Machine Check)\n",
1795 smp_processor_id());
1796 }
1797
1798 /* Call the installed machine check handler for this CPU setup. */
1799 void (*machine_check_vector)(struct pt_regs *, long error_code) =
1800 unexpected_machine_check;
1801
do_mce(struct pt_regs * regs,long error_code)1802 dotraplinkage void do_mce(struct pt_regs *regs, long error_code)
1803 {
1804 machine_check_vector(regs, error_code);
1805 }
1806
1807 /*
1808 * Called for each booted CPU to set up machine checks.
1809 * Must be called with preempt off:
1810 */
mcheck_cpu_init(struct cpuinfo_x86 * c)1811 void mcheck_cpu_init(struct cpuinfo_x86 *c)
1812 {
1813 if (mca_cfg.disabled)
1814 return;
1815
1816 if (__mcheck_cpu_ancient_init(c))
1817 return;
1818
1819 if (!mce_available(c))
1820 return;
1821
1822 if (__mcheck_cpu_cap_init() < 0 || __mcheck_cpu_apply_quirks(c) < 0) {
1823 mca_cfg.disabled = true;
1824 return;
1825 }
1826
1827 if (mce_gen_pool_init()) {
1828 mca_cfg.disabled = true;
1829 pr_emerg("Couldn't allocate MCE records pool!\n");
1830 return;
1831 }
1832
1833 machine_check_vector = do_machine_check;
1834
1835 __mcheck_cpu_init_early(c);
1836 __mcheck_cpu_init_generic();
1837 __mcheck_cpu_init_vendor(c);
1838 __mcheck_cpu_init_clear_banks();
1839 __mcheck_cpu_setup_timer();
1840 }
1841
1842 /*
1843 * Called for each booted CPU to clear some machine checks opt-ins
1844 */
mcheck_cpu_clear(struct cpuinfo_x86 * c)1845 void mcheck_cpu_clear(struct cpuinfo_x86 *c)
1846 {
1847 if (mca_cfg.disabled)
1848 return;
1849
1850 if (!mce_available(c))
1851 return;
1852
1853 /*
1854 * Possibly to clear general settings generic to x86
1855 * __mcheck_cpu_clear_generic(c);
1856 */
1857 __mcheck_cpu_clear_vendor(c);
1858
1859 }
1860
__mce_disable_bank(void * arg)1861 static void __mce_disable_bank(void *arg)
1862 {
1863 int bank = *((int *)arg);
1864 __clear_bit(bank, this_cpu_ptr(mce_poll_banks));
1865 cmci_disable_bank(bank);
1866 }
1867
mce_disable_bank(int bank)1868 void mce_disable_bank(int bank)
1869 {
1870 if (bank >= mca_cfg.banks) {
1871 pr_warn(FW_BUG
1872 "Ignoring request to disable invalid MCA bank %d.\n",
1873 bank);
1874 return;
1875 }
1876 set_bit(bank, mce_banks_ce_disabled);
1877 on_each_cpu(__mce_disable_bank, &bank, 1);
1878 }
1879
1880 /*
1881 * mce=off Disables machine check
1882 * mce=no_cmci Disables CMCI
1883 * mce=no_lmce Disables LMCE
1884 * mce=dont_log_ce Clears corrected events silently, no log created for CEs.
1885 * mce=ignore_ce Disables polling and CMCI, corrected events are not cleared.
1886 * mce=TOLERANCELEVEL[,monarchtimeout] (number, see above)
1887 * monarchtimeout is how long to wait for other CPUs on machine
1888 * check, or 0 to not wait
1889 * mce=bootlog Log MCEs from before booting. Disabled by default on AMD Fam10h
1890 and older.
1891 * mce=nobootlog Don't log MCEs from before booting.
1892 * mce=bios_cmci_threshold Don't program the CMCI threshold
1893 * mce=recovery force enable memcpy_mcsafe()
1894 */
mcheck_enable(char * str)1895 static int __init mcheck_enable(char *str)
1896 {
1897 struct mca_config *cfg = &mca_cfg;
1898
1899 if (*str == 0) {
1900 enable_p5_mce();
1901 return 1;
1902 }
1903 if (*str == '=')
1904 str++;
1905 if (!strcmp(str, "off"))
1906 cfg->disabled = true;
1907 else if (!strcmp(str, "no_cmci"))
1908 cfg->cmci_disabled = true;
1909 else if (!strcmp(str, "no_lmce"))
1910 cfg->lmce_disabled = true;
1911 else if (!strcmp(str, "dont_log_ce"))
1912 cfg->dont_log_ce = true;
1913 else if (!strcmp(str, "ignore_ce"))
1914 cfg->ignore_ce = true;
1915 else if (!strcmp(str, "bootlog") || !strcmp(str, "nobootlog"))
1916 cfg->bootlog = (str[0] == 'b');
1917 else if (!strcmp(str, "bios_cmci_threshold"))
1918 cfg->bios_cmci_threshold = true;
1919 else if (!strcmp(str, "recovery"))
1920 cfg->recovery = true;
1921 else if (isdigit(str[0])) {
1922 if (get_option(&str, &cfg->tolerant) == 2)
1923 get_option(&str, &(cfg->monarch_timeout));
1924 } else {
1925 pr_info("mce argument %s ignored. Please use /sys\n", str);
1926 return 0;
1927 }
1928 return 1;
1929 }
1930 __setup("mce", mcheck_enable);
1931
mcheck_init(void)1932 int __init mcheck_init(void)
1933 {
1934 mcheck_intel_therm_init();
1935 mce_register_decode_chain(&first_nb);
1936 mce_register_decode_chain(&mce_srao_nb);
1937 mce_register_decode_chain(&mce_default_nb);
1938 mcheck_vendor_init_severity();
1939
1940 INIT_WORK(&mce_work, mce_gen_pool_process);
1941 init_irq_work(&mce_irq_work, mce_irq_work_cb);
1942
1943 return 0;
1944 }
1945
1946 /*
1947 * mce_syscore: PM support
1948 */
1949
1950 /*
1951 * Disable machine checks on suspend and shutdown. We can't really handle
1952 * them later.
1953 */
mce_disable_error_reporting(void)1954 static void mce_disable_error_reporting(void)
1955 {
1956 int i;
1957
1958 for (i = 0; i < mca_cfg.banks; i++) {
1959 struct mce_bank *b = &mce_banks[i];
1960
1961 if (b->init)
1962 wrmsrl(msr_ops.ctl(i), 0);
1963 }
1964 return;
1965 }
1966
vendor_disable_error_reporting(void)1967 static void vendor_disable_error_reporting(void)
1968 {
1969 /*
1970 * Don't clear on Intel or AMD CPUs. Some of these MSRs are socket-wide.
1971 * Disabling them for just a single offlined CPU is bad, since it will
1972 * inhibit reporting for all shared resources on the socket like the
1973 * last level cache (LLC), the integrated memory controller (iMC), etc.
1974 */
1975 if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ||
1976 boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
1977 return;
1978
1979 mce_disable_error_reporting();
1980 }
1981
mce_syscore_suspend(void)1982 static int mce_syscore_suspend(void)
1983 {
1984 vendor_disable_error_reporting();
1985 return 0;
1986 }
1987
mce_syscore_shutdown(void)1988 static void mce_syscore_shutdown(void)
1989 {
1990 vendor_disable_error_reporting();
1991 }
1992
1993 /*
1994 * On resume clear all MCE state. Don't want to see leftovers from the BIOS.
1995 * Only one CPU is active at this time, the others get re-added later using
1996 * CPU hotplug:
1997 */
mce_syscore_resume(void)1998 static void mce_syscore_resume(void)
1999 {
2000 __mcheck_cpu_init_generic();
2001 __mcheck_cpu_init_vendor(raw_cpu_ptr(&cpu_info));
2002 __mcheck_cpu_init_clear_banks();
2003 }
2004
2005 static struct syscore_ops mce_syscore_ops = {
2006 .suspend = mce_syscore_suspend,
2007 .shutdown = mce_syscore_shutdown,
2008 .resume = mce_syscore_resume,
2009 };
2010
2011 /*
2012 * mce_device: Sysfs support
2013 */
2014
mce_cpu_restart(void * data)2015 static void mce_cpu_restart(void *data)
2016 {
2017 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2018 return;
2019 __mcheck_cpu_init_generic();
2020 __mcheck_cpu_init_clear_banks();
2021 __mcheck_cpu_init_timer();
2022 }
2023
2024 /* Reinit MCEs after user configuration changes */
mce_restart(void)2025 static void mce_restart(void)
2026 {
2027 mce_timer_delete_all();
2028 on_each_cpu(mce_cpu_restart, NULL, 1);
2029 }
2030
2031 /* Toggle features for corrected errors */
mce_disable_cmci(void * data)2032 static void mce_disable_cmci(void *data)
2033 {
2034 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2035 return;
2036 cmci_clear();
2037 }
2038
mce_enable_ce(void * all)2039 static void mce_enable_ce(void *all)
2040 {
2041 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2042 return;
2043 cmci_reenable();
2044 cmci_recheck();
2045 if (all)
2046 __mcheck_cpu_init_timer();
2047 }
2048
2049 static struct bus_type mce_subsys = {
2050 .name = "machinecheck",
2051 .dev_name = "machinecheck",
2052 };
2053
2054 DEFINE_PER_CPU(struct device *, mce_device);
2055
attr_to_bank(struct device_attribute * attr)2056 static inline struct mce_bank *attr_to_bank(struct device_attribute *attr)
2057 {
2058 return container_of(attr, struct mce_bank, attr);
2059 }
2060
show_bank(struct device * s,struct device_attribute * attr,char * buf)2061 static ssize_t show_bank(struct device *s, struct device_attribute *attr,
2062 char *buf)
2063 {
2064 return sprintf(buf, "%llx\n", attr_to_bank(attr)->ctl);
2065 }
2066
set_bank(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2067 static ssize_t set_bank(struct device *s, struct device_attribute *attr,
2068 const char *buf, size_t size)
2069 {
2070 u64 new;
2071
2072 if (kstrtou64(buf, 0, &new) < 0)
2073 return -EINVAL;
2074
2075 attr_to_bank(attr)->ctl = new;
2076 mce_restart();
2077
2078 return size;
2079 }
2080
set_ignore_ce(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2081 static ssize_t set_ignore_ce(struct device *s,
2082 struct device_attribute *attr,
2083 const char *buf, size_t size)
2084 {
2085 u64 new;
2086
2087 if (kstrtou64(buf, 0, &new) < 0)
2088 return -EINVAL;
2089
2090 mutex_lock(&mce_sysfs_mutex);
2091 if (mca_cfg.ignore_ce ^ !!new) {
2092 if (new) {
2093 /* disable ce features */
2094 mce_timer_delete_all();
2095 on_each_cpu(mce_disable_cmci, NULL, 1);
2096 mca_cfg.ignore_ce = true;
2097 } else {
2098 /* enable ce features */
2099 mca_cfg.ignore_ce = false;
2100 on_each_cpu(mce_enable_ce, (void *)1, 1);
2101 }
2102 }
2103 mutex_unlock(&mce_sysfs_mutex);
2104
2105 return size;
2106 }
2107
set_cmci_disabled(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2108 static ssize_t set_cmci_disabled(struct device *s,
2109 struct device_attribute *attr,
2110 const char *buf, size_t size)
2111 {
2112 u64 new;
2113
2114 if (kstrtou64(buf, 0, &new) < 0)
2115 return -EINVAL;
2116
2117 mutex_lock(&mce_sysfs_mutex);
2118 if (mca_cfg.cmci_disabled ^ !!new) {
2119 if (new) {
2120 /* disable cmci */
2121 on_each_cpu(mce_disable_cmci, NULL, 1);
2122 mca_cfg.cmci_disabled = true;
2123 } else {
2124 /* enable cmci */
2125 mca_cfg.cmci_disabled = false;
2126 on_each_cpu(mce_enable_ce, NULL, 1);
2127 }
2128 }
2129 mutex_unlock(&mce_sysfs_mutex);
2130
2131 return size;
2132 }
2133
store_int_with_restart(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2134 static ssize_t store_int_with_restart(struct device *s,
2135 struct device_attribute *attr,
2136 const char *buf, size_t size)
2137 {
2138 unsigned long old_check_interval = check_interval;
2139 ssize_t ret = device_store_ulong(s, attr, buf, size);
2140
2141 if (check_interval == old_check_interval)
2142 return ret;
2143
2144 mutex_lock(&mce_sysfs_mutex);
2145 mce_restart();
2146 mutex_unlock(&mce_sysfs_mutex);
2147
2148 return ret;
2149 }
2150
2151 static DEVICE_INT_ATTR(tolerant, 0644, mca_cfg.tolerant);
2152 static DEVICE_INT_ATTR(monarch_timeout, 0644, mca_cfg.monarch_timeout);
2153 static DEVICE_BOOL_ATTR(dont_log_ce, 0644, mca_cfg.dont_log_ce);
2154
2155 static struct dev_ext_attribute dev_attr_check_interval = {
2156 __ATTR(check_interval, 0644, device_show_int, store_int_with_restart),
2157 &check_interval
2158 };
2159
2160 static struct dev_ext_attribute dev_attr_ignore_ce = {
2161 __ATTR(ignore_ce, 0644, device_show_bool, set_ignore_ce),
2162 &mca_cfg.ignore_ce
2163 };
2164
2165 static struct dev_ext_attribute dev_attr_cmci_disabled = {
2166 __ATTR(cmci_disabled, 0644, device_show_bool, set_cmci_disabled),
2167 &mca_cfg.cmci_disabled
2168 };
2169
2170 static struct device_attribute *mce_device_attrs[] = {
2171 &dev_attr_tolerant.attr,
2172 &dev_attr_check_interval.attr,
2173 #ifdef CONFIG_X86_MCELOG_LEGACY
2174 &dev_attr_trigger,
2175 #endif
2176 &dev_attr_monarch_timeout.attr,
2177 &dev_attr_dont_log_ce.attr,
2178 &dev_attr_ignore_ce.attr,
2179 &dev_attr_cmci_disabled.attr,
2180 NULL
2181 };
2182
2183 static cpumask_var_t mce_device_initialized;
2184
mce_device_release(struct device * dev)2185 static void mce_device_release(struct device *dev)
2186 {
2187 kfree(dev);
2188 }
2189
2190 /* Per cpu device init. All of the cpus still share the same ctrl bank: */
mce_device_create(unsigned int cpu)2191 static int mce_device_create(unsigned int cpu)
2192 {
2193 struct device *dev;
2194 int err;
2195 int i, j;
2196
2197 if (!mce_available(&boot_cpu_data))
2198 return -EIO;
2199
2200 dev = per_cpu(mce_device, cpu);
2201 if (dev)
2202 return 0;
2203
2204 dev = kzalloc(sizeof *dev, GFP_KERNEL);
2205 if (!dev)
2206 return -ENOMEM;
2207 dev->id = cpu;
2208 dev->bus = &mce_subsys;
2209 dev->release = &mce_device_release;
2210
2211 err = device_register(dev);
2212 if (err) {
2213 put_device(dev);
2214 return err;
2215 }
2216
2217 for (i = 0; mce_device_attrs[i]; i++) {
2218 err = device_create_file(dev, mce_device_attrs[i]);
2219 if (err)
2220 goto error;
2221 }
2222 for (j = 0; j < mca_cfg.banks; j++) {
2223 err = device_create_file(dev, &mce_banks[j].attr);
2224 if (err)
2225 goto error2;
2226 }
2227 cpumask_set_cpu(cpu, mce_device_initialized);
2228 per_cpu(mce_device, cpu) = dev;
2229
2230 return 0;
2231 error2:
2232 while (--j >= 0)
2233 device_remove_file(dev, &mce_banks[j].attr);
2234 error:
2235 while (--i >= 0)
2236 device_remove_file(dev, mce_device_attrs[i]);
2237
2238 device_unregister(dev);
2239
2240 return err;
2241 }
2242
mce_device_remove(unsigned int cpu)2243 static void mce_device_remove(unsigned int cpu)
2244 {
2245 struct device *dev = per_cpu(mce_device, cpu);
2246 int i;
2247
2248 if (!cpumask_test_cpu(cpu, mce_device_initialized))
2249 return;
2250
2251 for (i = 0; mce_device_attrs[i]; i++)
2252 device_remove_file(dev, mce_device_attrs[i]);
2253
2254 for (i = 0; i < mca_cfg.banks; i++)
2255 device_remove_file(dev, &mce_banks[i].attr);
2256
2257 device_unregister(dev);
2258 cpumask_clear_cpu(cpu, mce_device_initialized);
2259 per_cpu(mce_device, cpu) = NULL;
2260 }
2261
2262 /* Make sure there are no machine checks on offlined CPUs. */
mce_disable_cpu(void)2263 static void mce_disable_cpu(void)
2264 {
2265 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2266 return;
2267
2268 if (!cpuhp_tasks_frozen)
2269 cmci_clear();
2270
2271 vendor_disable_error_reporting();
2272 }
2273
mce_reenable_cpu(void)2274 static void mce_reenable_cpu(void)
2275 {
2276 int i;
2277
2278 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2279 return;
2280
2281 if (!cpuhp_tasks_frozen)
2282 cmci_reenable();
2283 for (i = 0; i < mca_cfg.banks; i++) {
2284 struct mce_bank *b = &mce_banks[i];
2285
2286 if (b->init)
2287 wrmsrl(msr_ops.ctl(i), b->ctl);
2288 }
2289 }
2290
mce_cpu_dead(unsigned int cpu)2291 static int mce_cpu_dead(unsigned int cpu)
2292 {
2293 mce_intel_hcpu_update(cpu);
2294
2295 /* intentionally ignoring frozen here */
2296 if (!cpuhp_tasks_frozen)
2297 cmci_rediscover();
2298 return 0;
2299 }
2300
mce_cpu_online(unsigned int cpu)2301 static int mce_cpu_online(unsigned int cpu)
2302 {
2303 struct timer_list *t = this_cpu_ptr(&mce_timer);
2304 int ret;
2305
2306 mce_device_create(cpu);
2307
2308 ret = mce_threshold_create_device(cpu);
2309 if (ret) {
2310 mce_device_remove(cpu);
2311 return ret;
2312 }
2313 mce_reenable_cpu();
2314 mce_start_timer(t);
2315 return 0;
2316 }
2317
mce_cpu_pre_down(unsigned int cpu)2318 static int mce_cpu_pre_down(unsigned int cpu)
2319 {
2320 struct timer_list *t = this_cpu_ptr(&mce_timer);
2321
2322 mce_disable_cpu();
2323 del_timer_sync(t);
2324 mce_threshold_remove_device(cpu);
2325 mce_device_remove(cpu);
2326 return 0;
2327 }
2328
mce_init_banks(void)2329 static __init void mce_init_banks(void)
2330 {
2331 int i;
2332
2333 for (i = 0; i < mca_cfg.banks; i++) {
2334 struct mce_bank *b = &mce_banks[i];
2335 struct device_attribute *a = &b->attr;
2336
2337 sysfs_attr_init(&a->attr);
2338 a->attr.name = b->attrname;
2339 snprintf(b->attrname, ATTR_LEN, "bank%d", i);
2340
2341 a->attr.mode = 0644;
2342 a->show = show_bank;
2343 a->store = set_bank;
2344 }
2345 }
2346
mcheck_init_device(void)2347 static __init int mcheck_init_device(void)
2348 {
2349 int err;
2350
2351 if (!mce_available(&boot_cpu_data)) {
2352 err = -EIO;
2353 goto err_out;
2354 }
2355
2356 if (!zalloc_cpumask_var(&mce_device_initialized, GFP_KERNEL)) {
2357 err = -ENOMEM;
2358 goto err_out;
2359 }
2360
2361 mce_init_banks();
2362
2363 err = subsys_system_register(&mce_subsys, NULL);
2364 if (err)
2365 goto err_out_mem;
2366
2367 err = cpuhp_setup_state(CPUHP_X86_MCE_DEAD, "x86/mce:dead", NULL,
2368 mce_cpu_dead);
2369 if (err)
2370 goto err_out_mem;
2371
2372 err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/mce:online",
2373 mce_cpu_online, mce_cpu_pre_down);
2374 if (err < 0)
2375 goto err_out_online;
2376
2377 register_syscore_ops(&mce_syscore_ops);
2378
2379 return 0;
2380
2381 err_out_online:
2382 cpuhp_remove_state(CPUHP_X86_MCE_DEAD);
2383
2384 err_out_mem:
2385 free_cpumask_var(mce_device_initialized);
2386
2387 err_out:
2388 pr_err("Unable to init MCE device (rc: %d)\n", err);
2389
2390 return err;
2391 }
2392 device_initcall_sync(mcheck_init_device);
2393
2394 /*
2395 * Old style boot options parsing. Only for compatibility.
2396 */
mcheck_disable(char * str)2397 static int __init mcheck_disable(char *str)
2398 {
2399 mca_cfg.disabled = true;
2400 return 1;
2401 }
2402 __setup("nomce", mcheck_disable);
2403
2404 #ifdef CONFIG_DEBUG_FS
mce_get_debugfs_dir(void)2405 struct dentry *mce_get_debugfs_dir(void)
2406 {
2407 static struct dentry *dmce;
2408
2409 if (!dmce)
2410 dmce = debugfs_create_dir("mce", NULL);
2411
2412 return dmce;
2413 }
2414
mce_reset(void)2415 static void mce_reset(void)
2416 {
2417 cpu_missing = 0;
2418 atomic_set(&mce_fake_panicked, 0);
2419 atomic_set(&mce_executing, 0);
2420 atomic_set(&mce_callin, 0);
2421 atomic_set(&global_nwo, 0);
2422 }
2423
fake_panic_get(void * data,u64 * val)2424 static int fake_panic_get(void *data, u64 *val)
2425 {
2426 *val = fake_panic;
2427 return 0;
2428 }
2429
fake_panic_set(void * data,u64 val)2430 static int fake_panic_set(void *data, u64 val)
2431 {
2432 mce_reset();
2433 fake_panic = val;
2434 return 0;
2435 }
2436
2437 DEFINE_SIMPLE_ATTRIBUTE(fake_panic_fops, fake_panic_get,
2438 fake_panic_set, "%llu\n");
2439
mcheck_debugfs_init(void)2440 static int __init mcheck_debugfs_init(void)
2441 {
2442 struct dentry *dmce, *ffake_panic;
2443
2444 dmce = mce_get_debugfs_dir();
2445 if (!dmce)
2446 return -ENOMEM;
2447 ffake_panic = debugfs_create_file("fake_panic", 0444, dmce, NULL,
2448 &fake_panic_fops);
2449 if (!ffake_panic)
2450 return -ENOMEM;
2451
2452 return 0;
2453 }
2454 #else
mcheck_debugfs_init(void)2455 static int __init mcheck_debugfs_init(void) { return -EINVAL; }
2456 #endif
2457
2458 DEFINE_STATIC_KEY_FALSE(mcsafe_key);
2459 EXPORT_SYMBOL_GPL(mcsafe_key);
2460
mcheck_late_init(void)2461 static int __init mcheck_late_init(void)
2462 {
2463 pr_info("Using %d MCE banks\n", mca_cfg.banks);
2464
2465 if (mca_cfg.recovery)
2466 static_branch_inc(&mcsafe_key);
2467
2468 mcheck_debugfs_init();
2469 cec_init();
2470
2471 /*
2472 * Flush out everything that has been logged during early boot, now that
2473 * everything has been initialized (workqueues, decoders, ...).
2474 */
2475 mce_schedule_work();
2476
2477 return 0;
2478 }
2479 late_initcall(mcheck_late_init);
2480