1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Machine check handler.
4 *
5 * K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
6 * Rest from unknown author(s).
7 * 2004 Andi Kleen. Rewrote most of it.
8 * Copyright 2008 Intel Corporation
9 * Author: Andi Kleen
10 */
11
12 #include <linux/thread_info.h>
13 #include <linux/capability.h>
14 #include <linux/miscdevice.h>
15 #include <linux/ratelimit.h>
16 #include <linux/rcupdate.h>
17 #include <linux/kobject.h>
18 #include <linux/uaccess.h>
19 #include <linux/kdebug.h>
20 #include <linux/kernel.h>
21 #include <linux/percpu.h>
22 #include <linux/string.h>
23 #include <linux/device.h>
24 #include <linux/syscore_ops.h>
25 #include <linux/delay.h>
26 #include <linux/ctype.h>
27 #include <linux/sched.h>
28 #include <linux/sysfs.h>
29 #include <linux/types.h>
30 #include <linux/slab.h>
31 #include <linux/init.h>
32 #include <linux/kmod.h>
33 #include <linux/poll.h>
34 #include <linux/nmi.h>
35 #include <linux/cpu.h>
36 #include <linux/ras.h>
37 #include <linux/smp.h>
38 #include <linux/fs.h>
39 #include <linux/mm.h>
40 #include <linux/debugfs.h>
41 #include <linux/irq_work.h>
42 #include <linux/export.h>
43 #include <linux/jump_label.h>
44 #include <linux/set_memory.h>
45
46 #include <asm/intel-family.h>
47 #include <asm/processor.h>
48 #include <asm/traps.h>
49 #include <asm/tlbflush.h>
50 #include <asm/mce.h>
51 #include <asm/msr.h>
52 #include <asm/reboot.h>
53
54 #include "internal.h"
55
56 static DEFINE_MUTEX(mce_log_mutex);
57
58 /* sysfs synchronization */
59 static DEFINE_MUTEX(mce_sysfs_mutex);
60
61 #define CREATE_TRACE_POINTS
62 #include <trace/events/mce.h>
63
64 #define SPINUNIT 100 /* 100ns */
65
66 DEFINE_PER_CPU(unsigned, mce_exception_count);
67
68 DEFINE_PER_CPU_READ_MOSTLY(unsigned int, mce_num_banks);
69
70 struct mce_bank {
71 u64 ctl; /* subevents to enable */
72 bool init; /* initialise bank? */
73 };
74 static DEFINE_PER_CPU_READ_MOSTLY(struct mce_bank[MAX_NR_BANKS], mce_banks_array);
75
76 #define ATTR_LEN 16
77 /* One object for each MCE bank, shared by all CPUs */
78 struct mce_bank_dev {
79 struct device_attribute attr; /* device attribute */
80 char attrname[ATTR_LEN]; /* attribute name */
81 u8 bank; /* bank number */
82 };
83 static struct mce_bank_dev mce_bank_devs[MAX_NR_BANKS];
84
85 struct mce_vendor_flags mce_flags __read_mostly;
86
87 struct mca_config mca_cfg __read_mostly = {
88 .bootlog = -1,
89 /*
90 * Tolerant levels:
91 * 0: always panic on uncorrected errors, log corrected errors
92 * 1: panic or SIGBUS on uncorrected errors, log corrected errors
93 * 2: SIGBUS or log uncorrected errors (if possible), log corr. errors
94 * 3: never panic or SIGBUS, log all errors (for testing only)
95 */
96 .tolerant = 1,
97 .monarch_timeout = -1
98 };
99
100 static DEFINE_PER_CPU(struct mce, mces_seen);
101 static unsigned long mce_need_notify;
102 static int cpu_missing;
103
104 /*
105 * MCA banks polled by the period polling timer for corrected events.
106 * With Intel CMCI, this only has MCA banks which do not support CMCI (if any).
107 */
108 DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
109 [0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
110 };
111
112 /*
113 * MCA banks controlled through firmware first for corrected errors.
114 * This is a global list of banks for which we won't enable CMCI and we
115 * won't poll. Firmware controls these banks and is responsible for
116 * reporting corrected errors through GHES. Uncorrected/recoverable
117 * errors are still notified through a machine check.
118 */
119 mce_banks_t mce_banks_ce_disabled;
120
121 static struct work_struct mce_work;
122 static struct irq_work mce_irq_work;
123
124 static void (*quirk_no_way_out)(int bank, struct mce *m, struct pt_regs *regs);
125
126 /*
127 * CPU/chipset specific EDAC code can register a notifier call here to print
128 * MCE errors in a human-readable form.
129 */
130 BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain);
131
132 /* Do initial initialization of a struct mce */
mce_setup(struct mce * m)133 void mce_setup(struct mce *m)
134 {
135 memset(m, 0, sizeof(struct mce));
136 m->cpu = m->extcpu = smp_processor_id();
137 /* need the internal __ version to avoid deadlocks */
138 m->time = __ktime_get_real_seconds();
139 m->cpuvendor = boot_cpu_data.x86_vendor;
140 m->cpuid = cpuid_eax(1);
141 m->socketid = cpu_data(m->extcpu).phys_proc_id;
142 m->apicid = cpu_data(m->extcpu).initial_apicid;
143 rdmsrl(MSR_IA32_MCG_CAP, m->mcgcap);
144
145 if (this_cpu_has(X86_FEATURE_INTEL_PPIN))
146 rdmsrl(MSR_PPIN, m->ppin);
147
148 m->microcode = boot_cpu_data.microcode;
149 }
150
151 DEFINE_PER_CPU(struct mce, injectm);
152 EXPORT_PER_CPU_SYMBOL_GPL(injectm);
153
mce_log(struct mce * m)154 void mce_log(struct mce *m)
155 {
156 if (!mce_gen_pool_add(m))
157 irq_work_queue(&mce_irq_work);
158 }
159
mce_inject_log(struct mce * m)160 void mce_inject_log(struct mce *m)
161 {
162 mutex_lock(&mce_log_mutex);
163 mce_log(m);
164 mutex_unlock(&mce_log_mutex);
165 }
166 EXPORT_SYMBOL_GPL(mce_inject_log);
167
168 static struct notifier_block mce_srao_nb;
169
170 /*
171 * We run the default notifier if we have only the SRAO, the first and the
172 * default notifier registered. I.e., the mandatory NUM_DEFAULT_NOTIFIERS
173 * notifiers registered on the chain.
174 */
175 #define NUM_DEFAULT_NOTIFIERS 3
176 static atomic_t num_notifiers;
177
mce_register_decode_chain(struct notifier_block * nb)178 void mce_register_decode_chain(struct notifier_block *nb)
179 {
180 if (WARN_ON(nb->priority > MCE_PRIO_MCELOG && nb->priority < MCE_PRIO_EDAC))
181 return;
182
183 atomic_inc(&num_notifiers);
184
185 blocking_notifier_chain_register(&x86_mce_decoder_chain, nb);
186 }
187 EXPORT_SYMBOL_GPL(mce_register_decode_chain);
188
mce_unregister_decode_chain(struct notifier_block * nb)189 void mce_unregister_decode_chain(struct notifier_block *nb)
190 {
191 atomic_dec(&num_notifiers);
192
193 blocking_notifier_chain_unregister(&x86_mce_decoder_chain, nb);
194 }
195 EXPORT_SYMBOL_GPL(mce_unregister_decode_chain);
196
ctl_reg(int bank)197 static inline u32 ctl_reg(int bank)
198 {
199 return MSR_IA32_MCx_CTL(bank);
200 }
201
status_reg(int bank)202 static inline u32 status_reg(int bank)
203 {
204 return MSR_IA32_MCx_STATUS(bank);
205 }
206
addr_reg(int bank)207 static inline u32 addr_reg(int bank)
208 {
209 return MSR_IA32_MCx_ADDR(bank);
210 }
211
misc_reg(int bank)212 static inline u32 misc_reg(int bank)
213 {
214 return MSR_IA32_MCx_MISC(bank);
215 }
216
smca_ctl_reg(int bank)217 static inline u32 smca_ctl_reg(int bank)
218 {
219 return MSR_AMD64_SMCA_MCx_CTL(bank);
220 }
221
smca_status_reg(int bank)222 static inline u32 smca_status_reg(int bank)
223 {
224 return MSR_AMD64_SMCA_MCx_STATUS(bank);
225 }
226
smca_addr_reg(int bank)227 static inline u32 smca_addr_reg(int bank)
228 {
229 return MSR_AMD64_SMCA_MCx_ADDR(bank);
230 }
231
smca_misc_reg(int bank)232 static inline u32 smca_misc_reg(int bank)
233 {
234 return MSR_AMD64_SMCA_MCx_MISC(bank);
235 }
236
237 struct mca_msr_regs msr_ops = {
238 .ctl = ctl_reg,
239 .status = status_reg,
240 .addr = addr_reg,
241 .misc = misc_reg
242 };
243
__print_mce(struct mce * m)244 static void __print_mce(struct mce *m)
245 {
246 pr_emerg(HW_ERR "CPU %d: Machine Check%s: %Lx Bank %d: %016Lx\n",
247 m->extcpu,
248 (m->mcgstatus & MCG_STATUS_MCIP ? " Exception" : ""),
249 m->mcgstatus, m->bank, m->status);
250
251 if (m->ip) {
252 pr_emerg(HW_ERR "RIP%s %02x:<%016Lx> ",
253 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
254 m->cs, m->ip);
255
256 if (m->cs == __KERNEL_CS)
257 pr_cont("{%pS}", (void *)(unsigned long)m->ip);
258 pr_cont("\n");
259 }
260
261 pr_emerg(HW_ERR "TSC %llx ", m->tsc);
262 if (m->addr)
263 pr_cont("ADDR %llx ", m->addr);
264 if (m->misc)
265 pr_cont("MISC %llx ", m->misc);
266
267 if (mce_flags.smca) {
268 if (m->synd)
269 pr_cont("SYND %llx ", m->synd);
270 if (m->ipid)
271 pr_cont("IPID %llx ", m->ipid);
272 }
273
274 pr_cont("\n");
275 /*
276 * Note this output is parsed by external tools and old fields
277 * should not be changed.
278 */
279 pr_emerg(HW_ERR "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x microcode %x\n",
280 m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid,
281 m->microcode);
282 }
283
print_mce(struct mce * m)284 static void print_mce(struct mce *m)
285 {
286 __print_mce(m);
287
288 if (m->cpuvendor != X86_VENDOR_AMD && m->cpuvendor != X86_VENDOR_HYGON)
289 pr_emerg_ratelimited(HW_ERR "Run the above through 'mcelog --ascii'\n");
290 }
291
292 #define PANIC_TIMEOUT 5 /* 5 seconds */
293
294 static atomic_t mce_panicked;
295
296 static int fake_panic;
297 static atomic_t mce_fake_panicked;
298
299 /* Panic in progress. Enable interrupts and wait for final IPI */
wait_for_panic(void)300 static void wait_for_panic(void)
301 {
302 long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
303
304 preempt_disable();
305 local_irq_enable();
306 while (timeout-- > 0)
307 udelay(1);
308 if (panic_timeout == 0)
309 panic_timeout = mca_cfg.panic_timeout;
310 panic("Panicing machine check CPU died");
311 }
312
mce_panic(const char * msg,struct mce * final,char * exp)313 static void mce_panic(const char *msg, struct mce *final, char *exp)
314 {
315 int apei_err = 0;
316 struct llist_node *pending;
317 struct mce_evt_llist *l;
318
319 if (!fake_panic) {
320 /*
321 * Make sure only one CPU runs in machine check panic
322 */
323 if (atomic_inc_return(&mce_panicked) > 1)
324 wait_for_panic();
325 barrier();
326
327 bust_spinlocks(1);
328 console_verbose();
329 } else {
330 /* Don't log too much for fake panic */
331 if (atomic_inc_return(&mce_fake_panicked) > 1)
332 return;
333 }
334 pending = mce_gen_pool_prepare_records();
335 /* First print corrected ones that are still unlogged */
336 llist_for_each_entry(l, pending, llnode) {
337 struct mce *m = &l->mce;
338 if (!(m->status & MCI_STATUS_UC)) {
339 print_mce(m);
340 if (!apei_err)
341 apei_err = apei_write_mce(m);
342 }
343 }
344 /* Now print uncorrected but with the final one last */
345 llist_for_each_entry(l, pending, llnode) {
346 struct mce *m = &l->mce;
347 if (!(m->status & MCI_STATUS_UC))
348 continue;
349 if (!final || mce_cmp(m, final)) {
350 print_mce(m);
351 if (!apei_err)
352 apei_err = apei_write_mce(m);
353 }
354 }
355 if (final) {
356 print_mce(final);
357 if (!apei_err)
358 apei_err = apei_write_mce(final);
359 }
360 if (cpu_missing)
361 pr_emerg(HW_ERR "Some CPUs didn't answer in synchronization\n");
362 if (exp)
363 pr_emerg(HW_ERR "Machine check: %s\n", exp);
364 if (!fake_panic) {
365 if (panic_timeout == 0)
366 panic_timeout = mca_cfg.panic_timeout;
367 panic(msg);
368 } else
369 pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
370 }
371
372 /* Support code for software error injection */
373
msr_to_offset(u32 msr)374 static int msr_to_offset(u32 msr)
375 {
376 unsigned bank = __this_cpu_read(injectm.bank);
377
378 if (msr == mca_cfg.rip_msr)
379 return offsetof(struct mce, ip);
380 if (msr == msr_ops.status(bank))
381 return offsetof(struct mce, status);
382 if (msr == msr_ops.addr(bank))
383 return offsetof(struct mce, addr);
384 if (msr == msr_ops.misc(bank))
385 return offsetof(struct mce, misc);
386 if (msr == MSR_IA32_MCG_STATUS)
387 return offsetof(struct mce, mcgstatus);
388 return -1;
389 }
390
391 /* MSR access wrappers used for error injection */
mce_rdmsrl(u32 msr)392 static u64 mce_rdmsrl(u32 msr)
393 {
394 u64 v;
395
396 if (__this_cpu_read(injectm.finished)) {
397 int offset = msr_to_offset(msr);
398
399 if (offset < 0)
400 return 0;
401 return *(u64 *)((char *)this_cpu_ptr(&injectm) + offset);
402 }
403
404 if (rdmsrl_safe(msr, &v)) {
405 WARN_ONCE(1, "mce: Unable to read MSR 0x%x!\n", msr);
406 /*
407 * Return zero in case the access faulted. This should
408 * not happen normally but can happen if the CPU does
409 * something weird, or if the code is buggy.
410 */
411 v = 0;
412 }
413
414 return v;
415 }
416
mce_wrmsrl(u32 msr,u64 v)417 static void mce_wrmsrl(u32 msr, u64 v)
418 {
419 if (__this_cpu_read(injectm.finished)) {
420 int offset = msr_to_offset(msr);
421
422 if (offset >= 0)
423 *(u64 *)((char *)this_cpu_ptr(&injectm) + offset) = v;
424 return;
425 }
426 wrmsrl(msr, v);
427 }
428
429 /*
430 * Collect all global (w.r.t. this processor) status about this machine
431 * check into our "mce" struct so that we can use it later to assess
432 * the severity of the problem as we read per-bank specific details.
433 */
mce_gather_info(struct mce * m,struct pt_regs * regs)434 static inline void mce_gather_info(struct mce *m, struct pt_regs *regs)
435 {
436 mce_setup(m);
437
438 m->mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
439 if (regs) {
440 /*
441 * Get the address of the instruction at the time of
442 * the machine check error.
443 */
444 if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) {
445 m->ip = regs->ip;
446 m->cs = regs->cs;
447
448 /*
449 * When in VM86 mode make the cs look like ring 3
450 * always. This is a lie, but it's better than passing
451 * the additional vm86 bit around everywhere.
452 */
453 if (v8086_mode(regs))
454 m->cs |= 3;
455 }
456 /* Use accurate RIP reporting if available. */
457 if (mca_cfg.rip_msr)
458 m->ip = mce_rdmsrl(mca_cfg.rip_msr);
459 }
460 }
461
mce_available(struct cpuinfo_x86 * c)462 int mce_available(struct cpuinfo_x86 *c)
463 {
464 if (mca_cfg.disabled)
465 return 0;
466 return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
467 }
468
mce_schedule_work(void)469 static void mce_schedule_work(void)
470 {
471 if (!mce_gen_pool_empty())
472 schedule_work(&mce_work);
473 }
474
mce_irq_work_cb(struct irq_work * entry)475 static void mce_irq_work_cb(struct irq_work *entry)
476 {
477 mce_schedule_work();
478 }
479
480 /*
481 * Check if the address reported by the CPU is in a format we can parse.
482 * It would be possible to add code for most other cases, but all would
483 * be somewhat complicated (e.g. segment offset would require an instruction
484 * parser). So only support physical addresses up to page granuality for now.
485 */
mce_usable_address(struct mce * m)486 int mce_usable_address(struct mce *m)
487 {
488 if (!(m->status & MCI_STATUS_ADDRV))
489 return 0;
490
491 /* Checks after this one are Intel-specific: */
492 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
493 return 1;
494
495 if (!(m->status & MCI_STATUS_MISCV))
496 return 0;
497
498 if (MCI_MISC_ADDR_LSB(m->misc) > PAGE_SHIFT)
499 return 0;
500
501 if (MCI_MISC_ADDR_MODE(m->misc) != MCI_MISC_ADDR_PHYS)
502 return 0;
503
504 return 1;
505 }
506 EXPORT_SYMBOL_GPL(mce_usable_address);
507
mce_is_memory_error(struct mce * m)508 bool mce_is_memory_error(struct mce *m)
509 {
510 if (m->cpuvendor == X86_VENDOR_AMD ||
511 m->cpuvendor == X86_VENDOR_HYGON) {
512 return amd_mce_is_memory_error(m);
513 } else if (m->cpuvendor == X86_VENDOR_INTEL) {
514 /*
515 * Intel SDM Volume 3B - 15.9.2 Compound Error Codes
516 *
517 * Bit 7 of the MCACOD field of IA32_MCi_STATUS is used for
518 * indicating a memory error. Bit 8 is used for indicating a
519 * cache hierarchy error. The combination of bit 2 and bit 3
520 * is used for indicating a `generic' cache hierarchy error
521 * But we can't just blindly check the above bits, because if
522 * bit 11 is set, then it is a bus/interconnect error - and
523 * either way the above bits just gives more detail on what
524 * bus/interconnect error happened. Note that bit 12 can be
525 * ignored, as it's the "filter" bit.
526 */
527 return (m->status & 0xef80) == BIT(7) ||
528 (m->status & 0xef00) == BIT(8) ||
529 (m->status & 0xeffc) == 0xc;
530 }
531
532 return false;
533 }
534 EXPORT_SYMBOL_GPL(mce_is_memory_error);
535
mce_is_correctable(struct mce * m)536 bool mce_is_correctable(struct mce *m)
537 {
538 if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
539 return false;
540
541 if (m->cpuvendor == X86_VENDOR_HYGON && m->status & MCI_STATUS_DEFERRED)
542 return false;
543
544 if (m->status & MCI_STATUS_UC)
545 return false;
546
547 return true;
548 }
549 EXPORT_SYMBOL_GPL(mce_is_correctable);
550
cec_add_mce(struct mce * m)551 static bool cec_add_mce(struct mce *m)
552 {
553 if (!m)
554 return false;
555
556 /* We eat only correctable DRAM errors with usable addresses. */
557 if (mce_is_memory_error(m) &&
558 mce_is_correctable(m) &&
559 mce_usable_address(m))
560 if (!cec_add_elem(m->addr >> PAGE_SHIFT))
561 return true;
562
563 return false;
564 }
565
mce_first_notifier(struct notifier_block * nb,unsigned long val,void * data)566 static int mce_first_notifier(struct notifier_block *nb, unsigned long val,
567 void *data)
568 {
569 struct mce *m = (struct mce *)data;
570
571 if (!m)
572 return NOTIFY_DONE;
573
574 if (cec_add_mce(m))
575 return NOTIFY_STOP;
576
577 /* Emit the trace record: */
578 trace_mce_record(m);
579
580 set_bit(0, &mce_need_notify);
581
582 mce_notify_irq();
583
584 return NOTIFY_DONE;
585 }
586
587 static struct notifier_block first_nb = {
588 .notifier_call = mce_first_notifier,
589 .priority = MCE_PRIO_FIRST,
590 };
591
srao_decode_notifier(struct notifier_block * nb,unsigned long val,void * data)592 static int srao_decode_notifier(struct notifier_block *nb, unsigned long val,
593 void *data)
594 {
595 struct mce *mce = (struct mce *)data;
596 unsigned long pfn;
597
598 if (!mce)
599 return NOTIFY_DONE;
600
601 if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
602 pfn = mce->addr >> PAGE_SHIFT;
603 if (!memory_failure(pfn, 0))
604 set_mce_nospec(pfn);
605 }
606
607 return NOTIFY_OK;
608 }
609 static struct notifier_block mce_srao_nb = {
610 .notifier_call = srao_decode_notifier,
611 .priority = MCE_PRIO_SRAO,
612 };
613
mce_default_notifier(struct notifier_block * nb,unsigned long val,void * data)614 static int mce_default_notifier(struct notifier_block *nb, unsigned long val,
615 void *data)
616 {
617 struct mce *m = (struct mce *)data;
618
619 if (!m)
620 return NOTIFY_DONE;
621
622 if (atomic_read(&num_notifiers) > NUM_DEFAULT_NOTIFIERS)
623 return NOTIFY_DONE;
624
625 __print_mce(m);
626
627 return NOTIFY_DONE;
628 }
629
630 static struct notifier_block mce_default_nb = {
631 .notifier_call = mce_default_notifier,
632 /* lowest prio, we want it to run last. */
633 .priority = MCE_PRIO_LOWEST,
634 };
635
636 /*
637 * Read ADDR and MISC registers.
638 */
mce_read_aux(struct mce * m,int i)639 static void mce_read_aux(struct mce *m, int i)
640 {
641 if (m->status & MCI_STATUS_MISCV)
642 m->misc = mce_rdmsrl(msr_ops.misc(i));
643
644 if (m->status & MCI_STATUS_ADDRV) {
645 m->addr = mce_rdmsrl(msr_ops.addr(i));
646
647 /*
648 * Mask the reported address by the reported granularity.
649 */
650 if (mca_cfg.ser && (m->status & MCI_STATUS_MISCV)) {
651 u8 shift = MCI_MISC_ADDR_LSB(m->misc);
652 m->addr >>= shift;
653 m->addr <<= shift;
654 }
655
656 /*
657 * Extract [55:<lsb>] where lsb is the least significant
658 * *valid* bit of the address bits.
659 */
660 if (mce_flags.smca) {
661 u8 lsb = (m->addr >> 56) & 0x3f;
662
663 m->addr &= GENMASK_ULL(55, lsb);
664 }
665 }
666
667 if (mce_flags.smca) {
668 m->ipid = mce_rdmsrl(MSR_AMD64_SMCA_MCx_IPID(i));
669
670 if (m->status & MCI_STATUS_SYNDV)
671 m->synd = mce_rdmsrl(MSR_AMD64_SMCA_MCx_SYND(i));
672 }
673 }
674
675 DEFINE_PER_CPU(unsigned, mce_poll_count);
676
677 /*
678 * Poll for corrected events or events that happened before reset.
679 * Those are just logged through /dev/mcelog.
680 *
681 * This is executed in standard interrupt context.
682 *
683 * Note: spec recommends to panic for fatal unsignalled
684 * errors here. However this would be quite problematic --
685 * we would need to reimplement the Monarch handling and
686 * it would mess up the exclusion between exception handler
687 * and poll handler -- * so we skip this for now.
688 * These cases should not happen anyways, or only when the CPU
689 * is already totally * confused. In this case it's likely it will
690 * not fully execute the machine check handler either.
691 */
machine_check_poll(enum mcp_flags flags,mce_banks_t * b)692 bool machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
693 {
694 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
695 bool error_seen = false;
696 struct mce m;
697 int i;
698
699 this_cpu_inc(mce_poll_count);
700
701 mce_gather_info(&m, NULL);
702
703 if (flags & MCP_TIMESTAMP)
704 m.tsc = rdtsc();
705
706 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
707 if (!mce_banks[i].ctl || !test_bit(i, *b))
708 continue;
709
710 m.misc = 0;
711 m.addr = 0;
712 m.bank = i;
713
714 barrier();
715 m.status = mce_rdmsrl(msr_ops.status(i));
716
717 /* If this entry is not valid, ignore it */
718 if (!(m.status & MCI_STATUS_VAL))
719 continue;
720
721 /*
722 * If we are logging everything (at CPU online) or this
723 * is a corrected error, then we must log it.
724 */
725 if ((flags & MCP_UC) || !(m.status & MCI_STATUS_UC))
726 goto log_it;
727
728 /*
729 * Newer Intel systems that support software error
730 * recovery need to make additional checks. Other
731 * CPUs should skip over uncorrected errors, but log
732 * everything else.
733 */
734 if (!mca_cfg.ser) {
735 if (m.status & MCI_STATUS_UC)
736 continue;
737 goto log_it;
738 }
739
740 /* Log "not enabled" (speculative) errors */
741 if (!(m.status & MCI_STATUS_EN))
742 goto log_it;
743
744 /*
745 * Log UCNA (SDM: 15.6.3 "UCR Error Classification")
746 * UC == 1 && PCC == 0 && S == 0
747 */
748 if (!(m.status & MCI_STATUS_PCC) && !(m.status & MCI_STATUS_S))
749 goto log_it;
750
751 /*
752 * Skip anything else. Presumption is that our read of this
753 * bank is racing with a machine check. Leave the log alone
754 * for do_machine_check() to deal with it.
755 */
756 continue;
757
758 log_it:
759 error_seen = true;
760
761 mce_read_aux(&m, i);
762
763 m.severity = mce_severity(&m, mca_cfg.tolerant, NULL, false);
764
765 /*
766 * Don't get the IP here because it's unlikely to
767 * have anything to do with the actual error location.
768 */
769 if (!(flags & MCP_DONTLOG) && !mca_cfg.dont_log_ce)
770 mce_log(&m);
771 else if (mce_usable_address(&m)) {
772 /*
773 * Although we skipped logging this, we still want
774 * to take action. Add to the pool so the registered
775 * notifiers will see it.
776 */
777 if (!mce_gen_pool_add(&m))
778 mce_schedule_work();
779 }
780
781 /*
782 * Clear state for this bank.
783 */
784 mce_wrmsrl(msr_ops.status(i), 0);
785 }
786
787 /*
788 * Don't clear MCG_STATUS here because it's only defined for
789 * exceptions.
790 */
791
792 sync_core();
793
794 return error_seen;
795 }
796 EXPORT_SYMBOL_GPL(machine_check_poll);
797
798 /*
799 * Do a quick check if any of the events requires a panic.
800 * This decides if we keep the events around or clear them.
801 */
mce_no_way_out(struct mce * m,char ** msg,unsigned long * validp,struct pt_regs * regs)802 static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
803 struct pt_regs *regs)
804 {
805 char *tmp;
806 int i;
807
808 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
809 m->status = mce_rdmsrl(msr_ops.status(i));
810 if (!(m->status & MCI_STATUS_VAL))
811 continue;
812
813 __set_bit(i, validp);
814 if (quirk_no_way_out)
815 quirk_no_way_out(i, m, regs);
816
817 m->bank = i;
818 if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) {
819 mce_read_aux(m, i);
820 *msg = tmp;
821 return 1;
822 }
823 }
824 return 0;
825 }
826
827 /*
828 * Variable to establish order between CPUs while scanning.
829 * Each CPU spins initially until executing is equal its number.
830 */
831 static atomic_t mce_executing;
832
833 /*
834 * Defines order of CPUs on entry. First CPU becomes Monarch.
835 */
836 static atomic_t mce_callin;
837
838 /*
839 * Check if a timeout waiting for other CPUs happened.
840 */
mce_timed_out(u64 * t,const char * msg)841 static int mce_timed_out(u64 *t, const char *msg)
842 {
843 /*
844 * The others already did panic for some reason.
845 * Bail out like in a timeout.
846 * rmb() to tell the compiler that system_state
847 * might have been modified by someone else.
848 */
849 rmb();
850 if (atomic_read(&mce_panicked))
851 wait_for_panic();
852 if (!mca_cfg.monarch_timeout)
853 goto out;
854 if ((s64)*t < SPINUNIT) {
855 if (mca_cfg.tolerant <= 1)
856 mce_panic(msg, NULL, NULL);
857 cpu_missing = 1;
858 return 1;
859 }
860 *t -= SPINUNIT;
861 out:
862 touch_nmi_watchdog();
863 return 0;
864 }
865
866 /*
867 * The Monarch's reign. The Monarch is the CPU who entered
868 * the machine check handler first. It waits for the others to
869 * raise the exception too and then grades them. When any
870 * error is fatal panic. Only then let the others continue.
871 *
872 * The other CPUs entering the MCE handler will be controlled by the
873 * Monarch. They are called Subjects.
874 *
875 * This way we prevent any potential data corruption in a unrecoverable case
876 * and also makes sure always all CPU's errors are examined.
877 *
878 * Also this detects the case of a machine check event coming from outer
879 * space (not detected by any CPUs) In this case some external agent wants
880 * us to shut down, so panic too.
881 *
882 * The other CPUs might still decide to panic if the handler happens
883 * in a unrecoverable place, but in this case the system is in a semi-stable
884 * state and won't corrupt anything by itself. It's ok to let the others
885 * continue for a bit first.
886 *
887 * All the spin loops have timeouts; when a timeout happens a CPU
888 * typically elects itself to be Monarch.
889 */
mce_reign(void)890 static void mce_reign(void)
891 {
892 int cpu;
893 struct mce *m = NULL;
894 int global_worst = 0;
895 char *msg = NULL;
896 char *nmsg = NULL;
897
898 /*
899 * This CPU is the Monarch and the other CPUs have run
900 * through their handlers.
901 * Grade the severity of the errors of all the CPUs.
902 */
903 for_each_possible_cpu(cpu) {
904 int severity = mce_severity(&per_cpu(mces_seen, cpu),
905 mca_cfg.tolerant,
906 &nmsg, true);
907 if (severity > global_worst) {
908 msg = nmsg;
909 global_worst = severity;
910 m = &per_cpu(mces_seen, cpu);
911 }
912 }
913
914 /*
915 * Cannot recover? Panic here then.
916 * This dumps all the mces in the log buffer and stops the
917 * other CPUs.
918 */
919 if (m && global_worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3)
920 mce_panic("Fatal machine check", m, msg);
921
922 /*
923 * For UC somewhere we let the CPU who detects it handle it.
924 * Also must let continue the others, otherwise the handling
925 * CPU could deadlock on a lock.
926 */
927
928 /*
929 * No machine check event found. Must be some external
930 * source or one CPU is hung. Panic.
931 */
932 if (global_worst <= MCE_KEEP_SEVERITY && mca_cfg.tolerant < 3)
933 mce_panic("Fatal machine check from unknown source", NULL, NULL);
934
935 /*
936 * Now clear all the mces_seen so that they don't reappear on
937 * the next mce.
938 */
939 for_each_possible_cpu(cpu)
940 memset(&per_cpu(mces_seen, cpu), 0, sizeof(struct mce));
941 }
942
943 static atomic_t global_nwo;
944
945 /*
946 * Start of Monarch synchronization. This waits until all CPUs have
947 * entered the exception handler and then determines if any of them
948 * saw a fatal event that requires panic. Then it executes them
949 * in the entry order.
950 * TBD double check parallel CPU hotunplug
951 */
mce_start(int * no_way_out)952 static int mce_start(int *no_way_out)
953 {
954 int order;
955 int cpus = num_online_cpus();
956 u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
957
958 if (!timeout)
959 return -1;
960
961 atomic_add(*no_way_out, &global_nwo);
962 /*
963 * Rely on the implied barrier below, such that global_nwo
964 * is updated before mce_callin.
965 */
966 order = atomic_inc_return(&mce_callin);
967
968 /*
969 * Wait for everyone.
970 */
971 while (atomic_read(&mce_callin) != cpus) {
972 if (mce_timed_out(&timeout,
973 "Timeout: Not all CPUs entered broadcast exception handler")) {
974 atomic_set(&global_nwo, 0);
975 return -1;
976 }
977 ndelay(SPINUNIT);
978 }
979
980 /*
981 * mce_callin should be read before global_nwo
982 */
983 smp_rmb();
984
985 if (order == 1) {
986 /*
987 * Monarch: Starts executing now, the others wait.
988 */
989 atomic_set(&mce_executing, 1);
990 } else {
991 /*
992 * Subject: Now start the scanning loop one by one in
993 * the original callin order.
994 * This way when there are any shared banks it will be
995 * only seen by one CPU before cleared, avoiding duplicates.
996 */
997 while (atomic_read(&mce_executing) < order) {
998 if (mce_timed_out(&timeout,
999 "Timeout: Subject CPUs unable to finish machine check processing")) {
1000 atomic_set(&global_nwo, 0);
1001 return -1;
1002 }
1003 ndelay(SPINUNIT);
1004 }
1005 }
1006
1007 /*
1008 * Cache the global no_way_out state.
1009 */
1010 *no_way_out = atomic_read(&global_nwo);
1011
1012 return order;
1013 }
1014
1015 /*
1016 * Synchronize between CPUs after main scanning loop.
1017 * This invokes the bulk of the Monarch processing.
1018 */
mce_end(int order)1019 static int mce_end(int order)
1020 {
1021 int ret = -1;
1022 u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
1023
1024 if (!timeout)
1025 goto reset;
1026 if (order < 0)
1027 goto reset;
1028
1029 /*
1030 * Allow others to run.
1031 */
1032 atomic_inc(&mce_executing);
1033
1034 if (order == 1) {
1035 /* CHECKME: Can this race with a parallel hotplug? */
1036 int cpus = num_online_cpus();
1037
1038 /*
1039 * Monarch: Wait for everyone to go through their scanning
1040 * loops.
1041 */
1042 while (atomic_read(&mce_executing) <= cpus) {
1043 if (mce_timed_out(&timeout,
1044 "Timeout: Monarch CPU unable to finish machine check processing"))
1045 goto reset;
1046 ndelay(SPINUNIT);
1047 }
1048
1049 mce_reign();
1050 barrier();
1051 ret = 0;
1052 } else {
1053 /*
1054 * Subject: Wait for Monarch to finish.
1055 */
1056 while (atomic_read(&mce_executing) != 0) {
1057 if (mce_timed_out(&timeout,
1058 "Timeout: Monarch CPU did not finish machine check processing"))
1059 goto reset;
1060 ndelay(SPINUNIT);
1061 }
1062
1063 /*
1064 * Don't reset anything. That's done by the Monarch.
1065 */
1066 return 0;
1067 }
1068
1069 /*
1070 * Reset all global state.
1071 */
1072 reset:
1073 atomic_set(&global_nwo, 0);
1074 atomic_set(&mce_callin, 0);
1075 barrier();
1076
1077 /*
1078 * Let others run again.
1079 */
1080 atomic_set(&mce_executing, 0);
1081 return ret;
1082 }
1083
mce_clear_state(unsigned long * toclear)1084 static void mce_clear_state(unsigned long *toclear)
1085 {
1086 int i;
1087
1088 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1089 if (test_bit(i, toclear))
1090 mce_wrmsrl(msr_ops.status(i), 0);
1091 }
1092 }
1093
do_memory_failure(struct mce * m)1094 static int do_memory_failure(struct mce *m)
1095 {
1096 int flags = MF_ACTION_REQUIRED;
1097 int ret;
1098
1099 pr_err("Uncorrected hardware memory error in user-access at %llx", m->addr);
1100 if (!(m->mcgstatus & MCG_STATUS_RIPV))
1101 flags |= MF_MUST_KILL;
1102 ret = memory_failure(m->addr >> PAGE_SHIFT, flags);
1103 if (ret)
1104 pr_err("Memory error not recovered");
1105 else
1106 set_mce_nospec(m->addr >> PAGE_SHIFT);
1107 return ret;
1108 }
1109
1110
1111 /*
1112 * Cases where we avoid rendezvous handler timeout:
1113 * 1) If this CPU is offline.
1114 *
1115 * 2) If crashing_cpu was set, e.g. we're entering kdump and we need to
1116 * skip those CPUs which remain looping in the 1st kernel - see
1117 * crash_nmi_callback().
1118 *
1119 * Note: there still is a small window between kexec-ing and the new,
1120 * kdump kernel establishing a new #MC handler where a broadcasted MCE
1121 * might not get handled properly.
1122 */
__mc_check_crashing_cpu(int cpu)1123 static bool __mc_check_crashing_cpu(int cpu)
1124 {
1125 if (cpu_is_offline(cpu) ||
1126 (crashing_cpu != -1 && crashing_cpu != cpu)) {
1127 u64 mcgstatus;
1128
1129 mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
1130 if (mcgstatus & MCG_STATUS_RIPV) {
1131 mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1132 return true;
1133 }
1134 }
1135 return false;
1136 }
1137
__mc_scan_banks(struct mce * m,struct mce * final,unsigned long * toclear,unsigned long * valid_banks,int no_way_out,int * worst)1138 static void __mc_scan_banks(struct mce *m, struct mce *final,
1139 unsigned long *toclear, unsigned long *valid_banks,
1140 int no_way_out, int *worst)
1141 {
1142 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1143 struct mca_config *cfg = &mca_cfg;
1144 int severity, i;
1145
1146 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1147 __clear_bit(i, toclear);
1148 if (!test_bit(i, valid_banks))
1149 continue;
1150
1151 if (!mce_banks[i].ctl)
1152 continue;
1153
1154 m->misc = 0;
1155 m->addr = 0;
1156 m->bank = i;
1157
1158 m->status = mce_rdmsrl(msr_ops.status(i));
1159 if (!(m->status & MCI_STATUS_VAL))
1160 continue;
1161
1162 /*
1163 * Corrected or non-signaled errors are handled by
1164 * machine_check_poll(). Leave them alone, unless this panics.
1165 */
1166 if (!(m->status & (cfg->ser ? MCI_STATUS_S : MCI_STATUS_UC)) &&
1167 !no_way_out)
1168 continue;
1169
1170 /* Set taint even when machine check was not enabled. */
1171 add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
1172
1173 severity = mce_severity(m, cfg->tolerant, NULL, true);
1174
1175 /*
1176 * When machine check was for corrected/deferred handler don't
1177 * touch, unless we're panicking.
1178 */
1179 if ((severity == MCE_KEEP_SEVERITY ||
1180 severity == MCE_UCNA_SEVERITY) && !no_way_out)
1181 continue;
1182
1183 __set_bit(i, toclear);
1184
1185 /* Machine check event was not enabled. Clear, but ignore. */
1186 if (severity == MCE_NO_SEVERITY)
1187 continue;
1188
1189 mce_read_aux(m, i);
1190
1191 /* assuming valid severity level != 0 */
1192 m->severity = severity;
1193
1194 mce_log(m);
1195
1196 if (severity > *worst) {
1197 *final = *m;
1198 *worst = severity;
1199 }
1200 }
1201
1202 /* mce_clear_state will clear *final, save locally for use later */
1203 *m = *final;
1204 }
1205
1206 /*
1207 * The actual machine check handler. This only handles real
1208 * exceptions when something got corrupted coming in through int 18.
1209 *
1210 * This is executed in NMI context not subject to normal locking rules. This
1211 * implies that most kernel services cannot be safely used. Don't even
1212 * think about putting a printk in there!
1213 *
1214 * On Intel systems this is entered on all CPUs in parallel through
1215 * MCE broadcast. However some CPUs might be broken beyond repair,
1216 * so be always careful when synchronizing with others.
1217 */
do_machine_check(struct pt_regs * regs,long error_code)1218 void do_machine_check(struct pt_regs *regs, long error_code)
1219 {
1220 DECLARE_BITMAP(valid_banks, MAX_NR_BANKS);
1221 DECLARE_BITMAP(toclear, MAX_NR_BANKS);
1222 struct mca_config *cfg = &mca_cfg;
1223 int cpu = smp_processor_id();
1224 char *msg = "Unknown";
1225 struct mce m, *final;
1226 int worst = 0;
1227
1228 /*
1229 * Establish sequential order between the CPUs entering the machine
1230 * check handler.
1231 */
1232 int order = -1;
1233
1234 /*
1235 * If no_way_out gets set, there is no safe way to recover from this
1236 * MCE. If mca_cfg.tolerant is cranked up, we'll try anyway.
1237 */
1238 int no_way_out = 0;
1239
1240 /*
1241 * If kill_it gets set, there might be a way to recover from this
1242 * error.
1243 */
1244 int kill_it = 0;
1245
1246 /*
1247 * MCEs are always local on AMD. Same is determined by MCG_STATUS_LMCES
1248 * on Intel.
1249 */
1250 int lmce = 1;
1251
1252 if (__mc_check_crashing_cpu(cpu))
1253 return;
1254
1255 ist_enter(regs);
1256
1257 this_cpu_inc(mce_exception_count);
1258
1259 mce_gather_info(&m, regs);
1260 m.tsc = rdtsc();
1261
1262 final = this_cpu_ptr(&mces_seen);
1263 *final = m;
1264
1265 memset(valid_banks, 0, sizeof(valid_banks));
1266 no_way_out = mce_no_way_out(&m, &msg, valid_banks, regs);
1267
1268 barrier();
1269
1270 /*
1271 * When no restart IP might need to kill or panic.
1272 * Assume the worst for now, but if we find the
1273 * severity is MCE_AR_SEVERITY we have other options.
1274 */
1275 if (!(m.mcgstatus & MCG_STATUS_RIPV))
1276 kill_it = 1;
1277
1278 /*
1279 * Check if this MCE is signaled to only this logical processor,
1280 * on Intel only.
1281 */
1282 if (m.cpuvendor == X86_VENDOR_INTEL)
1283 lmce = m.mcgstatus & MCG_STATUS_LMCES;
1284
1285 /*
1286 * Local machine check may already know that we have to panic.
1287 * Broadcast machine check begins rendezvous in mce_start()
1288 * Go through all banks in exclusion of the other CPUs. This way we
1289 * don't report duplicated events on shared banks because the first one
1290 * to see it will clear it.
1291 */
1292 if (lmce) {
1293 if (no_way_out)
1294 mce_panic("Fatal local machine check", &m, msg);
1295 } else {
1296 order = mce_start(&no_way_out);
1297 }
1298
1299 __mc_scan_banks(&m, final, toclear, valid_banks, no_way_out, &worst);
1300
1301 if (!no_way_out)
1302 mce_clear_state(toclear);
1303
1304 /*
1305 * Do most of the synchronization with other CPUs.
1306 * When there's any problem use only local no_way_out state.
1307 */
1308 if (!lmce) {
1309 if (mce_end(order) < 0)
1310 no_way_out = worst >= MCE_PANIC_SEVERITY;
1311 } else {
1312 /*
1313 * If there was a fatal machine check we should have
1314 * already called mce_panic earlier in this function.
1315 * Since we re-read the banks, we might have found
1316 * something new. Check again to see if we found a
1317 * fatal error. We call "mce_severity()" again to
1318 * make sure we have the right "msg".
1319 */
1320 if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) {
1321 mce_severity(&m, cfg->tolerant, &msg, true);
1322 mce_panic("Local fatal machine check!", &m, msg);
1323 }
1324 }
1325
1326 /*
1327 * If tolerant is at an insane level we drop requests to kill
1328 * processes and continue even when there is no way out.
1329 */
1330 if (cfg->tolerant == 3)
1331 kill_it = 0;
1332 else if (no_way_out)
1333 mce_panic("Fatal machine check on current CPU", &m, msg);
1334
1335 if (worst > 0)
1336 irq_work_queue(&mce_irq_work);
1337
1338 mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1339
1340 sync_core();
1341
1342 if (worst != MCE_AR_SEVERITY && !kill_it)
1343 goto out_ist;
1344
1345 /* Fault was in user mode and we need to take some action */
1346 if ((m.cs & 3) == 3) {
1347 ist_begin_non_atomic(regs);
1348 local_irq_enable();
1349
1350 if (kill_it || do_memory_failure(&m))
1351 force_sig(SIGBUS);
1352 local_irq_disable();
1353 ist_end_non_atomic();
1354 } else {
1355 if (!fixup_exception(regs, X86_TRAP_MC, error_code, 0))
1356 mce_panic("Failed kernel mode recovery", &m, NULL);
1357 }
1358
1359 out_ist:
1360 ist_exit(regs);
1361 }
1362 EXPORT_SYMBOL_GPL(do_machine_check);
1363
1364 #ifndef CONFIG_MEMORY_FAILURE
memory_failure(unsigned long pfn,int flags)1365 int memory_failure(unsigned long pfn, int flags)
1366 {
1367 /* mce_severity() should not hand us an ACTION_REQUIRED error */
1368 BUG_ON(flags & MF_ACTION_REQUIRED);
1369 pr_err("Uncorrected memory error in page 0x%lx ignored\n"
1370 "Rebuild kernel with CONFIG_MEMORY_FAILURE=y for smarter handling\n",
1371 pfn);
1372
1373 return 0;
1374 }
1375 #endif
1376
1377 /*
1378 * Periodic polling timer for "silent" machine check errors. If the
1379 * poller finds an MCE, poll 2x faster. When the poller finds no more
1380 * errors, poll 2x slower (up to check_interval seconds).
1381 */
1382 static unsigned long check_interval = INITIAL_CHECK_INTERVAL;
1383
1384 static DEFINE_PER_CPU(unsigned long, mce_next_interval); /* in jiffies */
1385 static DEFINE_PER_CPU(struct timer_list, mce_timer);
1386
mce_adjust_timer_default(unsigned long interval)1387 static unsigned long mce_adjust_timer_default(unsigned long interval)
1388 {
1389 return interval;
1390 }
1391
1392 static unsigned long (*mce_adjust_timer)(unsigned long interval) = mce_adjust_timer_default;
1393
__start_timer(struct timer_list * t,unsigned long interval)1394 static void __start_timer(struct timer_list *t, unsigned long interval)
1395 {
1396 unsigned long when = jiffies + interval;
1397 unsigned long flags;
1398
1399 local_irq_save(flags);
1400
1401 if (!timer_pending(t) || time_before(when, t->expires))
1402 mod_timer(t, round_jiffies(when));
1403
1404 local_irq_restore(flags);
1405 }
1406
mce_timer_fn(struct timer_list * t)1407 static void mce_timer_fn(struct timer_list *t)
1408 {
1409 struct timer_list *cpu_t = this_cpu_ptr(&mce_timer);
1410 unsigned long iv;
1411
1412 WARN_ON(cpu_t != t);
1413
1414 iv = __this_cpu_read(mce_next_interval);
1415
1416 if (mce_available(this_cpu_ptr(&cpu_info))) {
1417 machine_check_poll(0, this_cpu_ptr(&mce_poll_banks));
1418
1419 if (mce_intel_cmci_poll()) {
1420 iv = mce_adjust_timer(iv);
1421 goto done;
1422 }
1423 }
1424
1425 /*
1426 * Alert userspace if needed. If we logged an MCE, reduce the polling
1427 * interval, otherwise increase the polling interval.
1428 */
1429 if (mce_notify_irq())
1430 iv = max(iv / 2, (unsigned long) HZ/100);
1431 else
1432 iv = min(iv * 2, round_jiffies_relative(check_interval * HZ));
1433
1434 done:
1435 __this_cpu_write(mce_next_interval, iv);
1436 __start_timer(t, iv);
1437 }
1438
1439 /*
1440 * Ensure that the timer is firing in @interval from now.
1441 */
mce_timer_kick(unsigned long interval)1442 void mce_timer_kick(unsigned long interval)
1443 {
1444 struct timer_list *t = this_cpu_ptr(&mce_timer);
1445 unsigned long iv = __this_cpu_read(mce_next_interval);
1446
1447 __start_timer(t, interval);
1448
1449 if (interval < iv)
1450 __this_cpu_write(mce_next_interval, interval);
1451 }
1452
1453 /* Must not be called in IRQ context where del_timer_sync() can deadlock */
mce_timer_delete_all(void)1454 static void mce_timer_delete_all(void)
1455 {
1456 int cpu;
1457
1458 for_each_online_cpu(cpu)
1459 del_timer_sync(&per_cpu(mce_timer, cpu));
1460 }
1461
1462 /*
1463 * Notify the user(s) about new machine check events.
1464 * Can be called from interrupt context, but not from machine check/NMI
1465 * context.
1466 */
mce_notify_irq(void)1467 int mce_notify_irq(void)
1468 {
1469 /* Not more than two messages every minute */
1470 static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
1471
1472 if (test_and_clear_bit(0, &mce_need_notify)) {
1473 mce_work_trigger();
1474
1475 if (__ratelimit(&ratelimit))
1476 pr_info(HW_ERR "Machine check events logged\n");
1477
1478 return 1;
1479 }
1480 return 0;
1481 }
1482 EXPORT_SYMBOL_GPL(mce_notify_irq);
1483
__mcheck_cpu_mce_banks_init(void)1484 static void __mcheck_cpu_mce_banks_init(void)
1485 {
1486 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1487 u8 n_banks = this_cpu_read(mce_num_banks);
1488 int i;
1489
1490 for (i = 0; i < n_banks; i++) {
1491 struct mce_bank *b = &mce_banks[i];
1492
1493 /*
1494 * Init them all, __mcheck_cpu_apply_quirks() is going to apply
1495 * the required vendor quirks before
1496 * __mcheck_cpu_init_clear_banks() does the final bank setup.
1497 */
1498 b->ctl = -1ULL;
1499 b->init = 1;
1500 }
1501 }
1502
1503 /*
1504 * Initialize Machine Checks for a CPU.
1505 */
__mcheck_cpu_cap_init(void)1506 static void __mcheck_cpu_cap_init(void)
1507 {
1508 u64 cap;
1509 u8 b;
1510
1511 rdmsrl(MSR_IA32_MCG_CAP, cap);
1512
1513 b = cap & MCG_BANKCNT_MASK;
1514
1515 if (b > MAX_NR_BANKS) {
1516 pr_warn("CPU%d: Using only %u machine check banks out of %u\n",
1517 smp_processor_id(), MAX_NR_BANKS, b);
1518 b = MAX_NR_BANKS;
1519 }
1520
1521 this_cpu_write(mce_num_banks, b);
1522
1523 __mcheck_cpu_mce_banks_init();
1524
1525 /* Use accurate RIP reporting if available. */
1526 if ((cap & MCG_EXT_P) && MCG_EXT_CNT(cap) >= 9)
1527 mca_cfg.rip_msr = MSR_IA32_MCG_EIP;
1528
1529 if (cap & MCG_SER_P)
1530 mca_cfg.ser = 1;
1531 }
1532
__mcheck_cpu_init_generic(void)1533 static void __mcheck_cpu_init_generic(void)
1534 {
1535 enum mcp_flags m_fl = 0;
1536 mce_banks_t all_banks;
1537 u64 cap;
1538
1539 if (!mca_cfg.bootlog)
1540 m_fl = MCP_DONTLOG;
1541
1542 /*
1543 * Log the machine checks left over from the previous reset.
1544 */
1545 bitmap_fill(all_banks, MAX_NR_BANKS);
1546 machine_check_poll(MCP_UC | m_fl, &all_banks);
1547
1548 cr4_set_bits(X86_CR4_MCE);
1549
1550 rdmsrl(MSR_IA32_MCG_CAP, cap);
1551 if (cap & MCG_CTL_P)
1552 wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
1553 }
1554
__mcheck_cpu_init_clear_banks(void)1555 static void __mcheck_cpu_init_clear_banks(void)
1556 {
1557 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1558 int i;
1559
1560 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1561 struct mce_bank *b = &mce_banks[i];
1562
1563 if (!b->init)
1564 continue;
1565 wrmsrl(msr_ops.ctl(i), b->ctl);
1566 wrmsrl(msr_ops.status(i), 0);
1567 }
1568 }
1569
1570 /*
1571 * Do a final check to see if there are any unused/RAZ banks.
1572 *
1573 * This must be done after the banks have been initialized and any quirks have
1574 * been applied.
1575 *
1576 * Do not call this from any user-initiated flows, e.g. CPU hotplug or sysfs.
1577 * Otherwise, a user who disables a bank will not be able to re-enable it
1578 * without a system reboot.
1579 */
__mcheck_cpu_check_banks(void)1580 static void __mcheck_cpu_check_banks(void)
1581 {
1582 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1583 u64 msrval;
1584 int i;
1585
1586 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1587 struct mce_bank *b = &mce_banks[i];
1588
1589 if (!b->init)
1590 continue;
1591
1592 rdmsrl(msr_ops.ctl(i), msrval);
1593 b->init = !!msrval;
1594 }
1595 }
1596
1597 /*
1598 * During IFU recovery Sandy Bridge -EP4S processors set the RIPV and
1599 * EIPV bits in MCG_STATUS to zero on the affected logical processor (SDM
1600 * Vol 3B Table 15-20). But this confuses both the code that determines
1601 * whether the machine check occurred in kernel or user mode, and also
1602 * the severity assessment code. Pretend that EIPV was set, and take the
1603 * ip/cs values from the pt_regs that mce_gather_info() ignored earlier.
1604 */
quirk_sandybridge_ifu(int bank,struct mce * m,struct pt_regs * regs)1605 static void quirk_sandybridge_ifu(int bank, struct mce *m, struct pt_regs *regs)
1606 {
1607 if (bank != 0)
1608 return;
1609 if ((m->mcgstatus & (MCG_STATUS_EIPV|MCG_STATUS_RIPV)) != 0)
1610 return;
1611 if ((m->status & (MCI_STATUS_OVER|MCI_STATUS_UC|
1612 MCI_STATUS_EN|MCI_STATUS_MISCV|MCI_STATUS_ADDRV|
1613 MCI_STATUS_PCC|MCI_STATUS_S|MCI_STATUS_AR|
1614 MCACOD)) !=
1615 (MCI_STATUS_UC|MCI_STATUS_EN|
1616 MCI_STATUS_MISCV|MCI_STATUS_ADDRV|MCI_STATUS_S|
1617 MCI_STATUS_AR|MCACOD_INSTR))
1618 return;
1619
1620 m->mcgstatus |= MCG_STATUS_EIPV;
1621 m->ip = regs->ip;
1622 m->cs = regs->cs;
1623 }
1624
1625 /* Add per CPU specific workarounds here */
__mcheck_cpu_apply_quirks(struct cpuinfo_x86 * c)1626 static int __mcheck_cpu_apply_quirks(struct cpuinfo_x86 *c)
1627 {
1628 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1629 struct mca_config *cfg = &mca_cfg;
1630
1631 if (c->x86_vendor == X86_VENDOR_UNKNOWN) {
1632 pr_info("unknown CPU type - not enabling MCE support\n");
1633 return -EOPNOTSUPP;
1634 }
1635
1636 /* This should be disabled by the BIOS, but isn't always */
1637 if (c->x86_vendor == X86_VENDOR_AMD) {
1638 if (c->x86 == 15 && this_cpu_read(mce_num_banks) > 4) {
1639 /*
1640 * disable GART TBL walk error reporting, which
1641 * trips off incorrectly with the IOMMU & 3ware
1642 * & Cerberus:
1643 */
1644 clear_bit(10, (unsigned long *)&mce_banks[4].ctl);
1645 }
1646 if (c->x86 < 0x11 && cfg->bootlog < 0) {
1647 /*
1648 * Lots of broken BIOS around that don't clear them
1649 * by default and leave crap in there. Don't log:
1650 */
1651 cfg->bootlog = 0;
1652 }
1653 /*
1654 * Various K7s with broken bank 0 around. Always disable
1655 * by default.
1656 */
1657 if (c->x86 == 6 && this_cpu_read(mce_num_banks) > 0)
1658 mce_banks[0].ctl = 0;
1659
1660 /*
1661 * overflow_recov is supported for F15h Models 00h-0fh
1662 * even though we don't have a CPUID bit for it.
1663 */
1664 if (c->x86 == 0x15 && c->x86_model <= 0xf)
1665 mce_flags.overflow_recov = 1;
1666
1667 }
1668
1669 if (c->x86_vendor == X86_VENDOR_INTEL) {
1670 /*
1671 * SDM documents that on family 6 bank 0 should not be written
1672 * because it aliases to another special BIOS controlled
1673 * register.
1674 * But it's not aliased anymore on model 0x1a+
1675 * Don't ignore bank 0 completely because there could be a
1676 * valid event later, merely don't write CTL0.
1677 */
1678
1679 if (c->x86 == 6 && c->x86_model < 0x1A && this_cpu_read(mce_num_banks) > 0)
1680 mce_banks[0].init = 0;
1681
1682 /*
1683 * All newer Intel systems support MCE broadcasting. Enable
1684 * synchronization with a one second timeout.
1685 */
1686 if ((c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xe)) &&
1687 cfg->monarch_timeout < 0)
1688 cfg->monarch_timeout = USEC_PER_SEC;
1689
1690 /*
1691 * There are also broken BIOSes on some Pentium M and
1692 * earlier systems:
1693 */
1694 if (c->x86 == 6 && c->x86_model <= 13 && cfg->bootlog < 0)
1695 cfg->bootlog = 0;
1696
1697 if (c->x86 == 6 && c->x86_model == 45)
1698 quirk_no_way_out = quirk_sandybridge_ifu;
1699 }
1700 if (cfg->monarch_timeout < 0)
1701 cfg->monarch_timeout = 0;
1702 if (cfg->bootlog != 0)
1703 cfg->panic_timeout = 30;
1704
1705 return 0;
1706 }
1707
__mcheck_cpu_ancient_init(struct cpuinfo_x86 * c)1708 static int __mcheck_cpu_ancient_init(struct cpuinfo_x86 *c)
1709 {
1710 if (c->x86 != 5)
1711 return 0;
1712
1713 switch (c->x86_vendor) {
1714 case X86_VENDOR_INTEL:
1715 intel_p5_mcheck_init(c);
1716 return 1;
1717 break;
1718 case X86_VENDOR_CENTAUR:
1719 winchip_mcheck_init(c);
1720 return 1;
1721 break;
1722 default:
1723 return 0;
1724 }
1725
1726 return 0;
1727 }
1728
1729 /*
1730 * Init basic CPU features needed for early decoding of MCEs.
1731 */
__mcheck_cpu_init_early(struct cpuinfo_x86 * c)1732 static void __mcheck_cpu_init_early(struct cpuinfo_x86 *c)
1733 {
1734 if (c->x86_vendor == X86_VENDOR_AMD || c->x86_vendor == X86_VENDOR_HYGON) {
1735 mce_flags.overflow_recov = !!cpu_has(c, X86_FEATURE_OVERFLOW_RECOV);
1736 mce_flags.succor = !!cpu_has(c, X86_FEATURE_SUCCOR);
1737 mce_flags.smca = !!cpu_has(c, X86_FEATURE_SMCA);
1738
1739 if (mce_flags.smca) {
1740 msr_ops.ctl = smca_ctl_reg;
1741 msr_ops.status = smca_status_reg;
1742 msr_ops.addr = smca_addr_reg;
1743 msr_ops.misc = smca_misc_reg;
1744 }
1745 }
1746 }
1747
mce_centaur_feature_init(struct cpuinfo_x86 * c)1748 static void mce_centaur_feature_init(struct cpuinfo_x86 *c)
1749 {
1750 struct mca_config *cfg = &mca_cfg;
1751
1752 /*
1753 * All newer Centaur CPUs support MCE broadcasting. Enable
1754 * synchronization with a one second timeout.
1755 */
1756 if ((c->x86 == 6 && c->x86_model == 0xf && c->x86_stepping >= 0xe) ||
1757 c->x86 > 6) {
1758 if (cfg->monarch_timeout < 0)
1759 cfg->monarch_timeout = USEC_PER_SEC;
1760 }
1761 }
1762
__mcheck_cpu_init_vendor(struct cpuinfo_x86 * c)1763 static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
1764 {
1765 switch (c->x86_vendor) {
1766 case X86_VENDOR_INTEL:
1767 mce_intel_feature_init(c);
1768 mce_adjust_timer = cmci_intel_adjust_timer;
1769 break;
1770
1771 case X86_VENDOR_AMD: {
1772 mce_amd_feature_init(c);
1773 break;
1774 }
1775
1776 case X86_VENDOR_HYGON:
1777 mce_hygon_feature_init(c);
1778 break;
1779
1780 case X86_VENDOR_CENTAUR:
1781 mce_centaur_feature_init(c);
1782 break;
1783
1784 default:
1785 break;
1786 }
1787 }
1788
__mcheck_cpu_clear_vendor(struct cpuinfo_x86 * c)1789 static void __mcheck_cpu_clear_vendor(struct cpuinfo_x86 *c)
1790 {
1791 switch (c->x86_vendor) {
1792 case X86_VENDOR_INTEL:
1793 mce_intel_feature_clear(c);
1794 break;
1795 default:
1796 break;
1797 }
1798 }
1799
mce_start_timer(struct timer_list * t)1800 static void mce_start_timer(struct timer_list *t)
1801 {
1802 unsigned long iv = check_interval * HZ;
1803
1804 if (mca_cfg.ignore_ce || !iv)
1805 return;
1806
1807 this_cpu_write(mce_next_interval, iv);
1808 __start_timer(t, iv);
1809 }
1810
__mcheck_cpu_setup_timer(void)1811 static void __mcheck_cpu_setup_timer(void)
1812 {
1813 struct timer_list *t = this_cpu_ptr(&mce_timer);
1814
1815 timer_setup(t, mce_timer_fn, TIMER_PINNED);
1816 }
1817
__mcheck_cpu_init_timer(void)1818 static void __mcheck_cpu_init_timer(void)
1819 {
1820 struct timer_list *t = this_cpu_ptr(&mce_timer);
1821
1822 timer_setup(t, mce_timer_fn, TIMER_PINNED);
1823 mce_start_timer(t);
1824 }
1825
filter_mce(struct mce * m)1826 bool filter_mce(struct mce *m)
1827 {
1828 if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
1829 return amd_filter_mce(m);
1830
1831 return false;
1832 }
1833
1834 /* Handle unconfigured int18 (should never happen) */
unexpected_machine_check(struct pt_regs * regs,long error_code)1835 static void unexpected_machine_check(struct pt_regs *regs, long error_code)
1836 {
1837 pr_err("CPU#%d: Unexpected int18 (Machine Check)\n",
1838 smp_processor_id());
1839 }
1840
1841 /* Call the installed machine check handler for this CPU setup. */
1842 void (*machine_check_vector)(struct pt_regs *, long error_code) =
1843 unexpected_machine_check;
1844
do_mce(struct pt_regs * regs,long error_code)1845 dotraplinkage void do_mce(struct pt_regs *regs, long error_code)
1846 {
1847 machine_check_vector(regs, error_code);
1848 }
1849
1850 /*
1851 * Called for each booted CPU to set up machine checks.
1852 * Must be called with preempt off:
1853 */
mcheck_cpu_init(struct cpuinfo_x86 * c)1854 void mcheck_cpu_init(struct cpuinfo_x86 *c)
1855 {
1856 if (mca_cfg.disabled)
1857 return;
1858
1859 if (__mcheck_cpu_ancient_init(c))
1860 return;
1861
1862 if (!mce_available(c))
1863 return;
1864
1865 __mcheck_cpu_cap_init();
1866
1867 if (__mcheck_cpu_apply_quirks(c) < 0) {
1868 mca_cfg.disabled = 1;
1869 return;
1870 }
1871
1872 if (mce_gen_pool_init()) {
1873 mca_cfg.disabled = 1;
1874 pr_emerg("Couldn't allocate MCE records pool!\n");
1875 return;
1876 }
1877
1878 machine_check_vector = do_machine_check;
1879
1880 __mcheck_cpu_init_early(c);
1881 __mcheck_cpu_init_generic();
1882 __mcheck_cpu_init_vendor(c);
1883 __mcheck_cpu_init_clear_banks();
1884 __mcheck_cpu_check_banks();
1885 __mcheck_cpu_setup_timer();
1886 }
1887
1888 /*
1889 * Called for each booted CPU to clear some machine checks opt-ins
1890 */
mcheck_cpu_clear(struct cpuinfo_x86 * c)1891 void mcheck_cpu_clear(struct cpuinfo_x86 *c)
1892 {
1893 if (mca_cfg.disabled)
1894 return;
1895
1896 if (!mce_available(c))
1897 return;
1898
1899 /*
1900 * Possibly to clear general settings generic to x86
1901 * __mcheck_cpu_clear_generic(c);
1902 */
1903 __mcheck_cpu_clear_vendor(c);
1904
1905 }
1906
__mce_disable_bank(void * arg)1907 static void __mce_disable_bank(void *arg)
1908 {
1909 int bank = *((int *)arg);
1910 __clear_bit(bank, this_cpu_ptr(mce_poll_banks));
1911 cmci_disable_bank(bank);
1912 }
1913
mce_disable_bank(int bank)1914 void mce_disable_bank(int bank)
1915 {
1916 if (bank >= this_cpu_read(mce_num_banks)) {
1917 pr_warn(FW_BUG
1918 "Ignoring request to disable invalid MCA bank %d.\n",
1919 bank);
1920 return;
1921 }
1922 set_bit(bank, mce_banks_ce_disabled);
1923 on_each_cpu(__mce_disable_bank, &bank, 1);
1924 }
1925
1926 /*
1927 * mce=off Disables machine check
1928 * mce=no_cmci Disables CMCI
1929 * mce=no_lmce Disables LMCE
1930 * mce=dont_log_ce Clears corrected events silently, no log created for CEs.
1931 * mce=ignore_ce Disables polling and CMCI, corrected events are not cleared.
1932 * mce=TOLERANCELEVEL[,monarchtimeout] (number, see above)
1933 * monarchtimeout is how long to wait for other CPUs on machine
1934 * check, or 0 to not wait
1935 * mce=bootlog Log MCEs from before booting. Disabled by default on AMD Fam10h
1936 and older.
1937 * mce=nobootlog Don't log MCEs from before booting.
1938 * mce=bios_cmci_threshold Don't program the CMCI threshold
1939 * mce=recovery force enable memcpy_mcsafe()
1940 */
mcheck_enable(char * str)1941 static int __init mcheck_enable(char *str)
1942 {
1943 struct mca_config *cfg = &mca_cfg;
1944
1945 if (*str == 0) {
1946 enable_p5_mce();
1947 return 1;
1948 }
1949 if (*str == '=')
1950 str++;
1951 if (!strcmp(str, "off"))
1952 cfg->disabled = 1;
1953 else if (!strcmp(str, "no_cmci"))
1954 cfg->cmci_disabled = true;
1955 else if (!strcmp(str, "no_lmce"))
1956 cfg->lmce_disabled = 1;
1957 else if (!strcmp(str, "dont_log_ce"))
1958 cfg->dont_log_ce = true;
1959 else if (!strcmp(str, "ignore_ce"))
1960 cfg->ignore_ce = true;
1961 else if (!strcmp(str, "bootlog") || !strcmp(str, "nobootlog"))
1962 cfg->bootlog = (str[0] == 'b');
1963 else if (!strcmp(str, "bios_cmci_threshold"))
1964 cfg->bios_cmci_threshold = 1;
1965 else if (!strcmp(str, "recovery"))
1966 cfg->recovery = 1;
1967 else if (isdigit(str[0])) {
1968 if (get_option(&str, &cfg->tolerant) == 2)
1969 get_option(&str, &(cfg->monarch_timeout));
1970 } else {
1971 pr_info("mce argument %s ignored. Please use /sys\n", str);
1972 return 0;
1973 }
1974 return 1;
1975 }
1976 __setup("mce", mcheck_enable);
1977
mcheck_init(void)1978 int __init mcheck_init(void)
1979 {
1980 mcheck_intel_therm_init();
1981 mce_register_decode_chain(&first_nb);
1982 mce_register_decode_chain(&mce_srao_nb);
1983 mce_register_decode_chain(&mce_default_nb);
1984 mcheck_vendor_init_severity();
1985
1986 INIT_WORK(&mce_work, mce_gen_pool_process);
1987 init_irq_work(&mce_irq_work, mce_irq_work_cb);
1988
1989 return 0;
1990 }
1991
1992 /*
1993 * mce_syscore: PM support
1994 */
1995
1996 /*
1997 * Disable machine checks on suspend and shutdown. We can't really handle
1998 * them later.
1999 */
mce_disable_error_reporting(void)2000 static void mce_disable_error_reporting(void)
2001 {
2002 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
2003 int i;
2004
2005 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
2006 struct mce_bank *b = &mce_banks[i];
2007
2008 if (b->init)
2009 wrmsrl(msr_ops.ctl(i), 0);
2010 }
2011 return;
2012 }
2013
vendor_disable_error_reporting(void)2014 static void vendor_disable_error_reporting(void)
2015 {
2016 /*
2017 * Don't clear on Intel or AMD or Hygon CPUs. Some of these MSRs
2018 * are socket-wide.
2019 * Disabling them for just a single offlined CPU is bad, since it will
2020 * inhibit reporting for all shared resources on the socket like the
2021 * last level cache (LLC), the integrated memory controller (iMC), etc.
2022 */
2023 if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ||
2024 boot_cpu_data.x86_vendor == X86_VENDOR_HYGON ||
2025 boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
2026 return;
2027
2028 mce_disable_error_reporting();
2029 }
2030
mce_syscore_suspend(void)2031 static int mce_syscore_suspend(void)
2032 {
2033 vendor_disable_error_reporting();
2034 return 0;
2035 }
2036
mce_syscore_shutdown(void)2037 static void mce_syscore_shutdown(void)
2038 {
2039 vendor_disable_error_reporting();
2040 }
2041
2042 /*
2043 * On resume clear all MCE state. Don't want to see leftovers from the BIOS.
2044 * Only one CPU is active at this time, the others get re-added later using
2045 * CPU hotplug:
2046 */
mce_syscore_resume(void)2047 static void mce_syscore_resume(void)
2048 {
2049 __mcheck_cpu_init_generic();
2050 __mcheck_cpu_init_vendor(raw_cpu_ptr(&cpu_info));
2051 __mcheck_cpu_init_clear_banks();
2052 }
2053
2054 static struct syscore_ops mce_syscore_ops = {
2055 .suspend = mce_syscore_suspend,
2056 .shutdown = mce_syscore_shutdown,
2057 .resume = mce_syscore_resume,
2058 };
2059
2060 /*
2061 * mce_device: Sysfs support
2062 */
2063
mce_cpu_restart(void * data)2064 static void mce_cpu_restart(void *data)
2065 {
2066 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2067 return;
2068 __mcheck_cpu_init_generic();
2069 __mcheck_cpu_init_clear_banks();
2070 __mcheck_cpu_init_timer();
2071 }
2072
2073 /* Reinit MCEs after user configuration changes */
mce_restart(void)2074 static void mce_restart(void)
2075 {
2076 mce_timer_delete_all();
2077 on_each_cpu(mce_cpu_restart, NULL, 1);
2078 }
2079
2080 /* Toggle features for corrected errors */
mce_disable_cmci(void * data)2081 static void mce_disable_cmci(void *data)
2082 {
2083 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2084 return;
2085 cmci_clear();
2086 }
2087
mce_enable_ce(void * all)2088 static void mce_enable_ce(void *all)
2089 {
2090 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2091 return;
2092 cmci_reenable();
2093 cmci_recheck();
2094 if (all)
2095 __mcheck_cpu_init_timer();
2096 }
2097
2098 static struct bus_type mce_subsys = {
2099 .name = "machinecheck",
2100 .dev_name = "machinecheck",
2101 };
2102
2103 DEFINE_PER_CPU(struct device *, mce_device);
2104
attr_to_bank(struct device_attribute * attr)2105 static inline struct mce_bank_dev *attr_to_bank(struct device_attribute *attr)
2106 {
2107 return container_of(attr, struct mce_bank_dev, attr);
2108 }
2109
show_bank(struct device * s,struct device_attribute * attr,char * buf)2110 static ssize_t show_bank(struct device *s, struct device_attribute *attr,
2111 char *buf)
2112 {
2113 u8 bank = attr_to_bank(attr)->bank;
2114 struct mce_bank *b;
2115
2116 if (bank >= per_cpu(mce_num_banks, s->id))
2117 return -EINVAL;
2118
2119 b = &per_cpu(mce_banks_array, s->id)[bank];
2120
2121 if (!b->init)
2122 return -ENODEV;
2123
2124 return sprintf(buf, "%llx\n", b->ctl);
2125 }
2126
set_bank(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2127 static ssize_t set_bank(struct device *s, struct device_attribute *attr,
2128 const char *buf, size_t size)
2129 {
2130 u8 bank = attr_to_bank(attr)->bank;
2131 struct mce_bank *b;
2132 u64 new;
2133
2134 if (kstrtou64(buf, 0, &new) < 0)
2135 return -EINVAL;
2136
2137 if (bank >= per_cpu(mce_num_banks, s->id))
2138 return -EINVAL;
2139
2140 b = &per_cpu(mce_banks_array, s->id)[bank];
2141
2142 if (!b->init)
2143 return -ENODEV;
2144
2145 b->ctl = new;
2146 mce_restart();
2147
2148 return size;
2149 }
2150
set_ignore_ce(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2151 static ssize_t set_ignore_ce(struct device *s,
2152 struct device_attribute *attr,
2153 const char *buf, size_t size)
2154 {
2155 u64 new;
2156
2157 if (kstrtou64(buf, 0, &new) < 0)
2158 return -EINVAL;
2159
2160 mutex_lock(&mce_sysfs_mutex);
2161 if (mca_cfg.ignore_ce ^ !!new) {
2162 if (new) {
2163 /* disable ce features */
2164 mce_timer_delete_all();
2165 on_each_cpu(mce_disable_cmci, NULL, 1);
2166 mca_cfg.ignore_ce = true;
2167 } else {
2168 /* enable ce features */
2169 mca_cfg.ignore_ce = false;
2170 on_each_cpu(mce_enable_ce, (void *)1, 1);
2171 }
2172 }
2173 mutex_unlock(&mce_sysfs_mutex);
2174
2175 return size;
2176 }
2177
set_cmci_disabled(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2178 static ssize_t set_cmci_disabled(struct device *s,
2179 struct device_attribute *attr,
2180 const char *buf, size_t size)
2181 {
2182 u64 new;
2183
2184 if (kstrtou64(buf, 0, &new) < 0)
2185 return -EINVAL;
2186
2187 mutex_lock(&mce_sysfs_mutex);
2188 if (mca_cfg.cmci_disabled ^ !!new) {
2189 if (new) {
2190 /* disable cmci */
2191 on_each_cpu(mce_disable_cmci, NULL, 1);
2192 mca_cfg.cmci_disabled = true;
2193 } else {
2194 /* enable cmci */
2195 mca_cfg.cmci_disabled = false;
2196 on_each_cpu(mce_enable_ce, NULL, 1);
2197 }
2198 }
2199 mutex_unlock(&mce_sysfs_mutex);
2200
2201 return size;
2202 }
2203
store_int_with_restart(struct device * s,struct device_attribute * attr,const char * buf,size_t size)2204 static ssize_t store_int_with_restart(struct device *s,
2205 struct device_attribute *attr,
2206 const char *buf, size_t size)
2207 {
2208 unsigned long old_check_interval = check_interval;
2209 ssize_t ret = device_store_ulong(s, attr, buf, size);
2210
2211 if (check_interval == old_check_interval)
2212 return ret;
2213
2214 mutex_lock(&mce_sysfs_mutex);
2215 mce_restart();
2216 mutex_unlock(&mce_sysfs_mutex);
2217
2218 return ret;
2219 }
2220
2221 static DEVICE_INT_ATTR(tolerant, 0644, mca_cfg.tolerant);
2222 static DEVICE_INT_ATTR(monarch_timeout, 0644, mca_cfg.monarch_timeout);
2223 static DEVICE_BOOL_ATTR(dont_log_ce, 0644, mca_cfg.dont_log_ce);
2224
2225 static struct dev_ext_attribute dev_attr_check_interval = {
2226 __ATTR(check_interval, 0644, device_show_int, store_int_with_restart),
2227 &check_interval
2228 };
2229
2230 static struct dev_ext_attribute dev_attr_ignore_ce = {
2231 __ATTR(ignore_ce, 0644, device_show_bool, set_ignore_ce),
2232 &mca_cfg.ignore_ce
2233 };
2234
2235 static struct dev_ext_attribute dev_attr_cmci_disabled = {
2236 __ATTR(cmci_disabled, 0644, device_show_bool, set_cmci_disabled),
2237 &mca_cfg.cmci_disabled
2238 };
2239
2240 static struct device_attribute *mce_device_attrs[] = {
2241 &dev_attr_tolerant.attr,
2242 &dev_attr_check_interval.attr,
2243 #ifdef CONFIG_X86_MCELOG_LEGACY
2244 &dev_attr_trigger,
2245 #endif
2246 &dev_attr_monarch_timeout.attr,
2247 &dev_attr_dont_log_ce.attr,
2248 &dev_attr_ignore_ce.attr,
2249 &dev_attr_cmci_disabled.attr,
2250 NULL
2251 };
2252
2253 static cpumask_var_t mce_device_initialized;
2254
mce_device_release(struct device * dev)2255 static void mce_device_release(struct device *dev)
2256 {
2257 kfree(dev);
2258 }
2259
2260 /* Per CPU device init. All of the CPUs still share the same bank device: */
mce_device_create(unsigned int cpu)2261 static int mce_device_create(unsigned int cpu)
2262 {
2263 struct device *dev;
2264 int err;
2265 int i, j;
2266
2267 if (!mce_available(&boot_cpu_data))
2268 return -EIO;
2269
2270 dev = per_cpu(mce_device, cpu);
2271 if (dev)
2272 return 0;
2273
2274 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2275 if (!dev)
2276 return -ENOMEM;
2277 dev->id = cpu;
2278 dev->bus = &mce_subsys;
2279 dev->release = &mce_device_release;
2280
2281 err = device_register(dev);
2282 if (err) {
2283 put_device(dev);
2284 return err;
2285 }
2286
2287 for (i = 0; mce_device_attrs[i]; i++) {
2288 err = device_create_file(dev, mce_device_attrs[i]);
2289 if (err)
2290 goto error;
2291 }
2292 for (j = 0; j < per_cpu(mce_num_banks, cpu); j++) {
2293 err = device_create_file(dev, &mce_bank_devs[j].attr);
2294 if (err)
2295 goto error2;
2296 }
2297 cpumask_set_cpu(cpu, mce_device_initialized);
2298 per_cpu(mce_device, cpu) = dev;
2299
2300 return 0;
2301 error2:
2302 while (--j >= 0)
2303 device_remove_file(dev, &mce_bank_devs[j].attr);
2304 error:
2305 while (--i >= 0)
2306 device_remove_file(dev, mce_device_attrs[i]);
2307
2308 device_unregister(dev);
2309
2310 return err;
2311 }
2312
mce_device_remove(unsigned int cpu)2313 static void mce_device_remove(unsigned int cpu)
2314 {
2315 struct device *dev = per_cpu(mce_device, cpu);
2316 int i;
2317
2318 if (!cpumask_test_cpu(cpu, mce_device_initialized))
2319 return;
2320
2321 for (i = 0; mce_device_attrs[i]; i++)
2322 device_remove_file(dev, mce_device_attrs[i]);
2323
2324 for (i = 0; i < per_cpu(mce_num_banks, cpu); i++)
2325 device_remove_file(dev, &mce_bank_devs[i].attr);
2326
2327 device_unregister(dev);
2328 cpumask_clear_cpu(cpu, mce_device_initialized);
2329 per_cpu(mce_device, cpu) = NULL;
2330 }
2331
2332 /* Make sure there are no machine checks on offlined CPUs. */
mce_disable_cpu(void)2333 static void mce_disable_cpu(void)
2334 {
2335 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2336 return;
2337
2338 if (!cpuhp_tasks_frozen)
2339 cmci_clear();
2340
2341 vendor_disable_error_reporting();
2342 }
2343
mce_reenable_cpu(void)2344 static void mce_reenable_cpu(void)
2345 {
2346 struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
2347 int i;
2348
2349 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2350 return;
2351
2352 if (!cpuhp_tasks_frozen)
2353 cmci_reenable();
2354 for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
2355 struct mce_bank *b = &mce_banks[i];
2356
2357 if (b->init)
2358 wrmsrl(msr_ops.ctl(i), b->ctl);
2359 }
2360 }
2361
mce_cpu_dead(unsigned int cpu)2362 static int mce_cpu_dead(unsigned int cpu)
2363 {
2364 mce_intel_hcpu_update(cpu);
2365
2366 /* intentionally ignoring frozen here */
2367 if (!cpuhp_tasks_frozen)
2368 cmci_rediscover();
2369 return 0;
2370 }
2371
mce_cpu_online(unsigned int cpu)2372 static int mce_cpu_online(unsigned int cpu)
2373 {
2374 struct timer_list *t = this_cpu_ptr(&mce_timer);
2375 int ret;
2376
2377 mce_device_create(cpu);
2378
2379 ret = mce_threshold_create_device(cpu);
2380 if (ret) {
2381 mce_device_remove(cpu);
2382 return ret;
2383 }
2384 mce_reenable_cpu();
2385 mce_start_timer(t);
2386 return 0;
2387 }
2388
mce_cpu_pre_down(unsigned int cpu)2389 static int mce_cpu_pre_down(unsigned int cpu)
2390 {
2391 struct timer_list *t = this_cpu_ptr(&mce_timer);
2392
2393 mce_disable_cpu();
2394 del_timer_sync(t);
2395 mce_threshold_remove_device(cpu);
2396 mce_device_remove(cpu);
2397 return 0;
2398 }
2399
mce_init_banks(void)2400 static __init void mce_init_banks(void)
2401 {
2402 int i;
2403
2404 for (i = 0; i < MAX_NR_BANKS; i++) {
2405 struct mce_bank_dev *b = &mce_bank_devs[i];
2406 struct device_attribute *a = &b->attr;
2407
2408 b->bank = i;
2409
2410 sysfs_attr_init(&a->attr);
2411 a->attr.name = b->attrname;
2412 snprintf(b->attrname, ATTR_LEN, "bank%d", i);
2413
2414 a->attr.mode = 0644;
2415 a->show = show_bank;
2416 a->store = set_bank;
2417 }
2418 }
2419
mcheck_init_device(void)2420 static __init int mcheck_init_device(void)
2421 {
2422 int err;
2423
2424 /*
2425 * Check if we have a spare virtual bit. This will only become
2426 * a problem if/when we move beyond 5-level page tables.
2427 */
2428 MAYBE_BUILD_BUG_ON(__VIRTUAL_MASK_SHIFT >= 63);
2429
2430 if (!mce_available(&boot_cpu_data)) {
2431 err = -EIO;
2432 goto err_out;
2433 }
2434
2435 if (!zalloc_cpumask_var(&mce_device_initialized, GFP_KERNEL)) {
2436 err = -ENOMEM;
2437 goto err_out;
2438 }
2439
2440 mce_init_banks();
2441
2442 err = subsys_system_register(&mce_subsys, NULL);
2443 if (err)
2444 goto err_out_mem;
2445
2446 err = cpuhp_setup_state(CPUHP_X86_MCE_DEAD, "x86/mce:dead", NULL,
2447 mce_cpu_dead);
2448 if (err)
2449 goto err_out_mem;
2450
2451 err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/mce:online",
2452 mce_cpu_online, mce_cpu_pre_down);
2453 if (err < 0)
2454 goto err_out_online;
2455
2456 register_syscore_ops(&mce_syscore_ops);
2457
2458 return 0;
2459
2460 err_out_online:
2461 cpuhp_remove_state(CPUHP_X86_MCE_DEAD);
2462
2463 err_out_mem:
2464 free_cpumask_var(mce_device_initialized);
2465
2466 err_out:
2467 pr_err("Unable to init MCE device (rc: %d)\n", err);
2468
2469 return err;
2470 }
2471 device_initcall_sync(mcheck_init_device);
2472
2473 /*
2474 * Old style boot options parsing. Only for compatibility.
2475 */
mcheck_disable(char * str)2476 static int __init mcheck_disable(char *str)
2477 {
2478 mca_cfg.disabled = 1;
2479 return 1;
2480 }
2481 __setup("nomce", mcheck_disable);
2482
2483 #ifdef CONFIG_DEBUG_FS
mce_get_debugfs_dir(void)2484 struct dentry *mce_get_debugfs_dir(void)
2485 {
2486 static struct dentry *dmce;
2487
2488 if (!dmce)
2489 dmce = debugfs_create_dir("mce", NULL);
2490
2491 return dmce;
2492 }
2493
mce_reset(void)2494 static void mce_reset(void)
2495 {
2496 cpu_missing = 0;
2497 atomic_set(&mce_fake_panicked, 0);
2498 atomic_set(&mce_executing, 0);
2499 atomic_set(&mce_callin, 0);
2500 atomic_set(&global_nwo, 0);
2501 }
2502
fake_panic_get(void * data,u64 * val)2503 static int fake_panic_get(void *data, u64 *val)
2504 {
2505 *val = fake_panic;
2506 return 0;
2507 }
2508
fake_panic_set(void * data,u64 val)2509 static int fake_panic_set(void *data, u64 val)
2510 {
2511 mce_reset();
2512 fake_panic = val;
2513 return 0;
2514 }
2515
2516 DEFINE_DEBUGFS_ATTRIBUTE(fake_panic_fops, fake_panic_get, fake_panic_set,
2517 "%llu\n");
2518
mcheck_debugfs_init(void)2519 static void __init mcheck_debugfs_init(void)
2520 {
2521 struct dentry *dmce;
2522
2523 dmce = mce_get_debugfs_dir();
2524 debugfs_create_file_unsafe("fake_panic", 0444, dmce, NULL,
2525 &fake_panic_fops);
2526 }
2527 #else
mcheck_debugfs_init(void)2528 static void __init mcheck_debugfs_init(void) { }
2529 #endif
2530
2531 DEFINE_STATIC_KEY_FALSE(mcsafe_key);
2532 EXPORT_SYMBOL_GPL(mcsafe_key);
2533
mcheck_late_init(void)2534 static int __init mcheck_late_init(void)
2535 {
2536 if (mca_cfg.recovery)
2537 static_branch_inc(&mcsafe_key);
2538
2539 mcheck_debugfs_init();
2540 cec_init();
2541
2542 /*
2543 * Flush out everything that has been logged during early boot, now that
2544 * everything has been initialized (workqueues, decoders, ...).
2545 */
2546 mce_schedule_work();
2547
2548 return 0;
2549 }
2550 late_initcall(mcheck_late_init);
2551