1 // SPDX-License-Identifier: GPL-2.0
3 * Machine check handler
5 * Copyright IBM Corp. 2000, 2009
6 * Author(s): Ingo Adlung <adlung@de.ibm.com>,
7 * Martin Schwidefsky <schwidefsky@de.ibm.com>,
8 * Cornelia Huck <cornelia.huck@de.ibm.com>,
9 * Heiko Carstens <heiko.carstens@de.ibm.com>,
12 #include <linux/kernel_stat.h>
13 #include <linux/init.h>
14 #include <linux/errno.h>
15 #include <linux/hardirq.h>
16 #include <linux/log2.h>
17 #include <linux/kprobes.h>
18 #include <linux/kmemleak.h>
19 #include <linux/time.h>
20 #include <linux/module.h>
21 #include <linux/sched/signal.h>
23 #include <linux/export.h>
24 #include <asm/lowcore.h>
27 #include <asm/cputime.h>
30 #include <asm/switch_to.h>
31 #include <asm/ctl_reg.h>
32 #include <asm/asm-offsets.h>
33 #include <linux/kvm_host.h>
36 unsigned int kill_task : 1;
37 unsigned int channel_report : 1;
38 unsigned int warning : 1;
39 unsigned int stp_queue : 1;
40 unsigned long mcck_code;
43 static DEFINE_PER_CPU(struct mcck_struct, cpu_mcck);
44 static struct kmem_cache *mcesa_cache;
45 static unsigned long mcesa_origin_lc;
47 static inline int nmi_needs_mcesa(void)
49 return MACHINE_HAS_VX || MACHINE_HAS_GS;
52 static inline unsigned long nmi_get_mcesa_size(void)
55 return MCESA_MAX_SIZE;
56 return MCESA_MIN_SIZE;
60 * The initial machine check extended save area for the boot CPU.
61 * It will be replaced on the boot CPU reinit with an allocated
62 * structure. The structure is required for machine check happening
63 * early in the boot process.
65 static struct mcesa boot_mcesa __initdata __aligned(MCESA_MAX_SIZE);
67 void __init nmi_alloc_mcesa_early(u64 *mcesad)
69 if (!nmi_needs_mcesa())
71 *mcesad = __pa(&boot_mcesa);
73 *mcesad |= ilog2(MCESA_MAX_SIZE);
76 static void __init nmi_alloc_cache(void)
80 if (!nmi_needs_mcesa())
82 size = nmi_get_mcesa_size();
83 if (size > MCESA_MIN_SIZE)
84 mcesa_origin_lc = ilog2(size);
85 /* create slab cache for the machine-check-extended-save-areas */
86 mcesa_cache = kmem_cache_create("nmi_save_areas", size, size, 0, NULL);
88 panic("Couldn't create nmi save area cache");
91 int __ref nmi_alloc_mcesa(u64 *mcesad)
96 if (!nmi_needs_mcesa())
100 origin = (unsigned long) kmem_cache_alloc(mcesa_cache, GFP_KERNEL);
103 /* The pointer is stored with mcesa_bits ORed in */
104 kmemleak_not_leak((void *) origin);
105 *mcesad = __pa(origin) | mcesa_origin_lc;
109 void nmi_free_mcesa(u64 *mcesad)
111 if (!nmi_needs_mcesa())
113 kmem_cache_free(mcesa_cache, __va(*mcesad & MCESA_ORIGIN_MASK));
116 static notrace void s390_handle_damage(void)
118 smp_emergency_stop();
122 NOKPROBE_SYMBOL(s390_handle_damage);
125 * Main machine check handler function. Will be called with interrupts disabled
126 * and machine checks enabled.
128 void __s390_handle_mcck(void)
130 struct mcck_struct mcck;
133 * Disable machine checks and get the current state of accumulated
134 * machine checks. Afterwards delete the old state and enable machine
137 local_mcck_disable();
138 mcck = *this_cpu_ptr(&cpu_mcck);
139 memset(this_cpu_ptr(&cpu_mcck), 0, sizeof(mcck));
142 if (mcck.channel_report)
143 crw_handle_channel_report();
145 * A warning may remain for a prolonged period on the bare iron.
146 * (actually until the machine is powered off, or the problem is gone)
147 * So we just stop listening for the WARNING MCH and avoid continuously
148 * being interrupted. One caveat is however, that we must do this per
149 * processor and cannot use the smp version of ctl_clear_bit().
150 * On VM we only get one interrupt per virtally presented machinecheck.
151 * Though one suffices, we may get one interrupt per (virtual) cpu.
153 if (mcck.warning) { /* WARNING pending ? */
154 static int mchchk_wng_posted = 0;
156 /* Use single cpu clear, as we cannot handle smp here. */
157 __ctl_clear_bit(14, 24); /* Disable WARNING MCH */
158 if (xchg(&mchchk_wng_posted, 1) == 0)
159 kill_cad_pid(SIGPWR, 1);
163 if (mcck.kill_task) {
165 printk(KERN_EMERG "mcck: Terminating task because of machine "
166 "malfunction (code 0x%016lx).\n", mcck.mcck_code);
167 printk(KERN_EMERG "mcck: task: %s, pid: %d.\n",
168 current->comm, current->pid);
169 make_task_dead(SIGSEGV);
173 void noinstr s390_handle_mcck(void)
175 trace_hardirqs_off();
176 __s390_handle_mcck();
180 * returns 0 if all required registers are available
181 * returns 1 otherwise
183 static int notrace s390_validate_registers(union mci mci, int umode)
196 * General purpose registers couldn't be restored and have
197 * unknown contents. Stop system or terminate process.
200 s390_handle_damage();
205 * Floating point registers can't be restored. If the
206 * kernel currently uses floating point registers the
207 * system is stopped. If the process has its floating
208 * pointer registers loaded it is terminated.
210 if (S390_lowcore.fpu_flags & KERNEL_VXR_V0V7)
211 s390_handle_damage();
212 if (!test_cpu_flag(CIF_FPU))
215 fpt_save_area = &S390_lowcore.floating_pt_save_area;
218 * Floating point control register can't be restored.
219 * If the kernel currently uses the floating pointer
220 * registers and needs the FPC register the system is
221 * stopped. If the process has its floating pointer
222 * registers loaded it is terminated. Otherwise the
223 * FPC is just validated.
225 if (S390_lowcore.fpu_flags & KERNEL_FPC)
226 s390_handle_damage();
231 if (!test_cpu_flag(CIF_FPU))
237 : "Q" (S390_lowcore.fpt_creg_save_area));
240 mcesa = __va(S390_lowcore.mcesad & MCESA_ORIGIN_MASK);
241 if (!MACHINE_HAS_VX) {
242 /* Validate floating point registers */
261 : "a" (fpt_save_area)
264 /* Validate vector registers */
268 * The vector validity must only be checked if not running a
269 * KVM guest. For KVM guests the machine check is forwarded by
270 * KVM and it is the responsibility of the guest to take
271 * appropriate actions. The host vector or FPU values have been
272 * saved by KVM and will be restored by KVM.
274 if (!mci.vr && !test_cpu_flag(CIF_MCCK_GUEST)) {
276 * Vector registers can't be restored. If the kernel
277 * currently uses vector registers the system is
278 * stopped. If the process has its vector registers
279 * loaded it is terminated. Otherwise just validate
282 if (S390_lowcore.fpu_flags & KERNEL_VXR)
283 s390_handle_damage();
284 if (!test_cpu_flag(CIF_FPU))
287 cr0.val = S390_lowcore.cregs_save_area[0];
288 cr0.afp = cr0.vx = 1;
289 __ctl_load(cr0.val, 0, 0);
292 " .word 0xe70f,0x1000,0x0036\n" /* vlm 0,15,0(1) */
293 " .word 0xe70f,0x1100,0x0c36\n" /* vlm 16,31,256(1) */
295 : "Q" (*(struct vx_array *)mcesa->vector_save_area)
297 __ctl_load(S390_lowcore.cregs_save_area[0], 0, 0);
299 /* Validate access registers */
303 : "a" (&S390_lowcore.access_regs_save_area)
307 * Access registers have unknown contents.
312 /* Validate guarded storage registers */
313 cr2.val = S390_lowcore.cregs_save_area[2];
318 * - machine check in kernel or userspace
319 * - machine check while running SIE (KVM guest)
320 * For kernel or userspace the userspace values of
321 * guarded storage control can not be recreated, the
322 * process must be terminated.
323 * For SIE the guest values of guarded storage can not
324 * be recreated. This is either due to a bug or due to
325 * GS being disabled in the guest. The guest will be
326 * notified by KVM code and the guests machine check
327 * handling must take care of this. The host values
328 * are saved by KVM and are not affected.
330 if (!test_cpu_flag(CIF_MCCK_GUEST))
333 load_gs_cb((struct gs_cb *)mcesa->guarded_storage_save_area);
337 * The getcpu vdso syscall reads CPU number from the programmable
338 * field of the TOD clock. Disregard the TOD programmable register
339 * validity bit and load the CPU number into the TOD programmable
340 * field unconditionally.
342 set_tod_programmable_field(raw_smp_processor_id());
343 /* Validate clock comparator register */
344 set_clock_comparator(S390_lowcore.clock_comparator);
346 if (!mci.ms || !mci.pm || !mci.ia)
351 NOKPROBE_SYMBOL(s390_validate_registers);
354 * Backup the guest's machine check info to its description block
356 static void notrace s390_backup_mcck_info(struct pt_regs *regs)
358 struct mcck_volatile_info *mcck_backup;
359 struct sie_page *sie_page;
361 /* r14 contains the sie block, which was set in sie64a */
362 struct kvm_s390_sie_block *sie_block =
363 (struct kvm_s390_sie_block *) regs->gprs[14];
365 if (sie_block == NULL)
366 /* Something's seriously wrong, stop system. */
367 s390_handle_damage();
369 sie_page = container_of(sie_block, struct sie_page, sie_block);
370 mcck_backup = &sie_page->mcck_info;
371 mcck_backup->mcic = S390_lowcore.mcck_interruption_code &
372 ~(MCCK_CODE_CP | MCCK_CODE_EXT_DAMAGE);
373 mcck_backup->ext_damage_code = S390_lowcore.external_damage_code;
374 mcck_backup->failing_storage_address
375 = S390_lowcore.failing_storage_address;
377 NOKPROBE_SYMBOL(s390_backup_mcck_info);
379 #define MAX_IPD_COUNT 29
380 #define MAX_IPD_TIME (5 * 60 * USEC_PER_SEC) /* 5 minutes */
382 #define ED_STP_ISLAND 6 /* External damage STP island check */
383 #define ED_STP_SYNC 7 /* External damage STP sync check */
385 #define MCCK_CODE_NO_GUEST (MCCK_CODE_CP | MCCK_CODE_EXT_DAMAGE)
388 * machine check handler.
390 int notrace s390_do_machine_check(struct pt_regs *regs)
392 static int ipd_count;
393 static DEFINE_SPINLOCK(ipd_lock);
394 static unsigned long long last_ipd;
395 struct mcck_struct *mcck;
396 unsigned long long tmp;
398 unsigned long mcck_dam_code;
399 int mcck_pending = 0;
405 inc_irq_stat(NMI_NMI);
406 mci.val = S390_lowcore.mcck_interruption_code;
407 mcck = this_cpu_ptr(&cpu_mcck);
410 * Reinject the instruction processing damages' machine checks
411 * including Delayed Access Exception into the guest
412 * instead of damaging the host if they happen in the guest.
414 if (mci.pd && !test_cpu_flag(CIF_MCCK_GUEST)) {
416 /* Processing backup -> verify if we can survive this */
417 u64 z_mcic, o_mcic, t_mcic;
418 z_mcic = (1ULL<<63 | 1ULL<<59 | 1ULL<<29);
419 o_mcic = (1ULL<<43 | 1ULL<<42 | 1ULL<<41 | 1ULL<<40 |
420 1ULL<<36 | 1ULL<<35 | 1ULL<<34 | 1ULL<<32 |
421 1ULL<<30 | 1ULL<<21 | 1ULL<<20 | 1ULL<<17 |
425 if (((t_mcic & z_mcic) != 0) ||
426 ((t_mcic & o_mcic) != o_mcic)) {
427 s390_handle_damage();
431 * Nullifying exigent condition, therefore we might
432 * retry this instruction.
434 spin_lock(&ipd_lock);
435 tmp = get_tod_clock();
436 if (((tmp - last_ipd) >> 12) < MAX_IPD_TIME)
441 if (ipd_count == MAX_IPD_COUNT)
442 s390_handle_damage();
443 spin_unlock(&ipd_lock);
445 /* Processing damage -> stopping machine */
446 s390_handle_damage();
449 if (s390_validate_registers(mci, user_mode(regs))) {
451 * Couldn't restore all register contents for the
452 * user space process -> mark task for termination.
455 mcck->mcck_code = mci.val;
460 * Backup the machine check's info if it happens when the guest
463 if (test_cpu_flag(CIF_MCCK_GUEST))
464 s390_backup_mcck_info(regs);
467 /* Timing facility damage */
468 s390_handle_damage();
470 if (mci.ed && mci.ec) {
471 /* External damage */
472 if (S390_lowcore.external_damage_code & (1U << ED_STP_SYNC))
473 mcck->stp_queue |= stp_sync_check();
474 if (S390_lowcore.external_damage_code & (1U << ED_STP_ISLAND))
475 mcck->stp_queue |= stp_island_check();
480 /* Channel report word pending */
481 mcck->channel_report = 1;
485 /* Warning pending */
491 * If there are only Channel Report Pending and External Damage
492 * machine checks, they will not be reinjected into the guest
493 * because they refer to host conditions only.
495 mcck_dam_code = (mci.val & MCIC_SUBCLASS_MASK);
496 if (test_cpu_flag(CIF_MCCK_GUEST) &&
497 (mcck_dam_code & MCCK_CODE_NO_GUEST) != mcck_dam_code) {
498 /* Set exit reason code for host's later handling */
499 *((long *)(regs->gprs[15] + __SF_SIE_REASON)) = -EINTR;
501 clear_cpu_flag(CIF_MCCK_GUEST);
503 if (user_mode(regs) && mcck_pending) {
509 schedule_mcck_handler();
514 NOKPROBE_SYMBOL(s390_do_machine_check);
516 static int __init machine_check_init(void)
518 ctl_set_bit(14, 25); /* enable external damage MCH */
519 ctl_set_bit(14, 27); /* enable system recovery MCH */
520 ctl_set_bit(14, 24); /* enable warning MCH */
523 early_initcall(machine_check_init);
projects / linux-2.6-microblaze.git / blob