1 /*
2  * Copyright (C) 2001 Dave Engebretsen IBM Corporation
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
17  */
18 
19 #include <linux/sched.h>
20 #include <linux/interrupt.h>
21 #include <linux/irq.h>
22 #include <linux/of.h>
23 #include <linux/fs.h>
24 #include <linux/reboot.h>
25 
26 #include <asm/machdep.h>
27 #include <asm/rtas.h>
28 #include <asm/firmware.h>
29 
30 #include "pseries.h"
31 
32 static unsigned char ras_log_buf[RTAS_ERROR_LOG_MAX];
33 static DEFINE_SPINLOCK(ras_log_buf_lock);
34 
35 static char global_mce_data_buf[RTAS_ERROR_LOG_MAX];
36 static DEFINE_PER_CPU(__u64, mce_data_buf);
37 
38 static int ras_check_exception_token;
39 
40 #define EPOW_SENSOR_TOKEN	9
41 #define EPOW_SENSOR_INDEX	0
42 
43 static irqreturn_t ras_epow_interrupt(int irq, void *dev_id);
44 static irqreturn_t ras_error_interrupt(int irq, void *dev_id);
45 
46 
47 /*
48  * Initialize handlers for the set of interrupts caused by hardware errors
49  * and power system events.
50  */
51 static int __init init_ras_IRQ(void)
52 {
53 	struct device_node *np;
54 
55 	ras_check_exception_token = rtas_token("check-exception");
56 
57 	/* Internal Errors */
58 	np = of_find_node_by_path("/event-sources/internal-errors");
59 	if (np != NULL) {
60 		request_event_sources_irqs(np, ras_error_interrupt,
61 					   "RAS_ERROR");
62 		of_node_put(np);
63 	}
64 
65 	/* EPOW Events */
66 	np = of_find_node_by_path("/event-sources/epow-events");
67 	if (np != NULL) {
68 		request_event_sources_irqs(np, ras_epow_interrupt, "RAS_EPOW");
69 		of_node_put(np);
70 	}
71 
72 	return 0;
73 }
74 machine_subsys_initcall(pseries, init_ras_IRQ);
75 
76 #define EPOW_SHUTDOWN_NORMAL				1
77 #define EPOW_SHUTDOWN_ON_UPS				2
78 #define EPOW_SHUTDOWN_LOSS_OF_CRITICAL_FUNCTIONS	3
79 #define EPOW_SHUTDOWN_AMBIENT_TEMPERATURE_TOO_HIGH	4
80 
81 static void handle_system_shutdown(char event_modifier)
82 {
83 	switch (event_modifier) {
84 	case EPOW_SHUTDOWN_NORMAL:
85 		pr_emerg("Firmware initiated power off");
86 		orderly_poweroff(true);
87 		break;
88 
89 	case EPOW_SHUTDOWN_ON_UPS:
90 		pr_emerg("Loss of power reported by firmware, system is "
91 			"running on UPS/battery");
92 		pr_emerg("Check RTAS error log for details");
93 		orderly_poweroff(true);
94 		break;
95 
96 	case EPOW_SHUTDOWN_LOSS_OF_CRITICAL_FUNCTIONS:
97 		pr_emerg("Loss of system critical functions reported by "
98 			"firmware");
99 		pr_emerg("Check RTAS error log for details");
100 		orderly_poweroff(true);
101 		break;
102 
103 	case EPOW_SHUTDOWN_AMBIENT_TEMPERATURE_TOO_HIGH:
104 		pr_emerg("Ambient temperature too high reported by firmware");
105 		pr_emerg("Check RTAS error log for details");
106 		orderly_poweroff(true);
107 		break;
108 
109 	default:
110 		pr_err("Unknown power/cooling shutdown event (modifier %d)",
111 			event_modifier);
112 	}
113 }
114 
115 struct epow_errorlog {
116 	unsigned char sensor_value;
117 	unsigned char event_modifier;
118 	unsigned char extended_modifier;
119 	unsigned char reserved;
120 	unsigned char platform_reason;
121 };
122 
123 #define EPOW_RESET			0
124 #define EPOW_WARN_COOLING		1
125 #define EPOW_WARN_POWER			2
126 #define EPOW_SYSTEM_SHUTDOWN		3
127 #define EPOW_SYSTEM_HALT		4
128 #define EPOW_MAIN_ENCLOSURE		5
129 #define EPOW_POWER_OFF			7
130 
131 static void rtas_parse_epow_errlog(struct rtas_error_log *log)
132 {
133 	struct pseries_errorlog *pseries_log;
134 	struct epow_errorlog *epow_log;
135 	char action_code;
136 	char modifier;
137 
138 	pseries_log = get_pseries_errorlog(log, PSERIES_ELOG_SECT_ID_EPOW);
139 	if (pseries_log == NULL)
140 		return;
141 
142 	epow_log = (struct epow_errorlog *)pseries_log->data;
143 	action_code = epow_log->sensor_value & 0xF;	/* bottom 4 bits */
144 	modifier = epow_log->event_modifier & 0xF;	/* bottom 4 bits */
145 
146 	switch (action_code) {
147 	case EPOW_RESET:
148 		pr_err("Non critical power or cooling issue cleared");
149 		break;
150 
151 	case EPOW_WARN_COOLING:
152 		pr_err("Non critical cooling issue reported by firmware");
153 		pr_err("Check RTAS error log for details");
154 		break;
155 
156 	case EPOW_WARN_POWER:
157 		pr_err("Non critical power issue reported by firmware");
158 		pr_err("Check RTAS error log for details");
159 		break;
160 
161 	case EPOW_SYSTEM_SHUTDOWN:
162 		handle_system_shutdown(epow_log->event_modifier);
163 		break;
164 
165 	case EPOW_SYSTEM_HALT:
166 		pr_emerg("Firmware initiated power off");
167 		orderly_poweroff(true);
168 		break;
169 
170 	case EPOW_MAIN_ENCLOSURE:
171 	case EPOW_POWER_OFF:
172 		pr_emerg("Critical power/cooling issue reported by firmware");
173 		pr_emerg("Check RTAS error log for details");
174 		pr_emerg("Immediate power off");
175 		emergency_sync();
176 		kernel_power_off();
177 		break;
178 
179 	default:
180 		pr_err("Unknown power/cooling event (action code %d)",
181 			action_code);
182 	}
183 }
184 
185 /* Handle environmental and power warning (EPOW) interrupts. */
186 static irqreturn_t ras_epow_interrupt(int irq, void *dev_id)
187 {
188 	int status;
189 	int state;
190 	int critical;
191 
192 	status = rtas_get_sensor_fast(EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX,
193 				      &state);
194 
195 	if (state > 3)
196 		critical = 1;		/* Time Critical */
197 	else
198 		critical = 0;
199 
200 	spin_lock(&ras_log_buf_lock);
201 
202 	status = rtas_call(ras_check_exception_token, 6, 1, NULL,
203 			   RTAS_VECTOR_EXTERNAL_INTERRUPT,
204 			   virq_to_hw(irq),
205 			   RTAS_EPOW_WARNING,
206 			   critical, __pa(&ras_log_buf),
207 				rtas_get_error_log_max());
208 
209 	log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, 0);
210 
211 	rtas_parse_epow_errlog((struct rtas_error_log *)ras_log_buf);
212 
213 	spin_unlock(&ras_log_buf_lock);
214 	return IRQ_HANDLED;
215 }
216 
217 /*
218  * Handle hardware error interrupts.
219  *
220  * RTAS check-exception is called to collect data on the exception.  If
221  * the error is deemed recoverable, we log a warning and return.
222  * For nonrecoverable errors, an error is logged and we stop all processing
223  * as quickly as possible in order to prevent propagation of the failure.
224  */
225 static irqreturn_t ras_error_interrupt(int irq, void *dev_id)
226 {
227 	struct rtas_error_log *rtas_elog;
228 	int status;
229 	int fatal;
230 
231 	spin_lock(&ras_log_buf_lock);
232 
233 	status = rtas_call(ras_check_exception_token, 6, 1, NULL,
234 			   RTAS_VECTOR_EXTERNAL_INTERRUPT,
235 			   virq_to_hw(irq),
236 			   RTAS_INTERNAL_ERROR, 1 /* Time Critical */,
237 			   __pa(&ras_log_buf),
238 				rtas_get_error_log_max());
239 
240 	rtas_elog = (struct rtas_error_log *)ras_log_buf;
241 
242 	if (status == 0 &&
243 	    rtas_error_severity(rtas_elog) >= RTAS_SEVERITY_ERROR_SYNC)
244 		fatal = 1;
245 	else
246 		fatal = 0;
247 
248 	/* format and print the extended information */
249 	log_error(ras_log_buf, ERR_TYPE_RTAS_LOG, fatal);
250 
251 	if (fatal) {
252 		pr_emerg("Fatal hardware error reported by firmware");
253 		pr_emerg("Check RTAS error log for details");
254 		pr_emerg("Immediate power off");
255 		emergency_sync();
256 		kernel_power_off();
257 	} else {
258 		pr_err("Recoverable hardware error reported by firmware");
259 	}
260 
261 	spin_unlock(&ras_log_buf_lock);
262 	return IRQ_HANDLED;
263 }
264 
265 /*
266  * Some versions of FWNMI place the buffer inside the 4kB page starting at
267  * 0x7000. Other versions place it inside the rtas buffer. We check both.
268  */
269 #define VALID_FWNMI_BUFFER(A) \
270 	((((A) >= 0x7000) && ((A) < 0x7ff0)) || \
271 	(((A) >= rtas.base) && ((A) < (rtas.base + rtas.size - 16))))
272 
273 /*
274  * Get the error information for errors coming through the
275  * FWNMI vectors.  The pt_regs' r3 will be updated to reflect
276  * the actual r3 if possible, and a ptr to the error log entry
277  * will be returned if found.
278  *
279  * If the RTAS error is not of the extended type, then we put it in a per
280  * cpu 64bit buffer. If it is the extended type we use global_mce_data_buf.
281  *
282  * The global_mce_data_buf does not have any locks or protection around it,
283  * if a second machine check comes in, or a system reset is done
284  * before we have logged the error, then we will get corruption in the
285  * error log.  This is preferable over holding off on calling
286  * ibm,nmi-interlock which would result in us checkstopping if a
287  * second machine check did come in.
288  */
289 static struct rtas_error_log *fwnmi_get_errinfo(struct pt_regs *regs)
290 {
291 	unsigned long *savep;
292 	struct rtas_error_log *h, *errhdr = NULL;
293 
294 	/* Mask top two bits */
295 	regs->gpr[3] &= ~(0x3UL << 62);
296 
297 	if (!VALID_FWNMI_BUFFER(regs->gpr[3])) {
298 		printk(KERN_ERR "FWNMI: corrupt r3 0x%016lx\n", regs->gpr[3]);
299 		return NULL;
300 	}
301 
302 	savep = __va(regs->gpr[3]);
303 	regs->gpr[3] = savep[0];	/* restore original r3 */
304 
305 	/* If it isn't an extended log we can use the per cpu 64bit buffer */
306 	h = (struct rtas_error_log *)&savep[1];
307 	if (!rtas_error_extended(h)) {
308 		memcpy(this_cpu_ptr(&mce_data_buf), h, sizeof(__u64));
309 		errhdr = (struct rtas_error_log *)this_cpu_ptr(&mce_data_buf);
310 	} else {
311 		int len, error_log_length;
312 
313 		error_log_length = 8 + rtas_error_extended_log_length(h);
314 		len = max_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
315 		memset(global_mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
316 		memcpy(global_mce_data_buf, h, len);
317 		errhdr = (struct rtas_error_log *)global_mce_data_buf;
318 	}
319 
320 	return errhdr;
321 }
322 
323 /* Call this when done with the data returned by FWNMI_get_errinfo.
324  * It will release the saved data area for other CPUs in the
325  * partition to receive FWNMI errors.
326  */
327 static void fwnmi_release_errinfo(void)
328 {
329 	int ret = rtas_call(rtas_token("ibm,nmi-interlock"), 0, 1, NULL);
330 	if (ret != 0)
331 		printk(KERN_ERR "FWNMI: nmi-interlock failed: %d\n", ret);
332 }
333 
334 int pSeries_system_reset_exception(struct pt_regs *regs)
335 {
336 	if (fwnmi_active) {
337 		struct rtas_error_log *errhdr = fwnmi_get_errinfo(regs);
338 		if (errhdr) {
339 			/* XXX Should look at FWNMI information */
340 		}
341 		fwnmi_release_errinfo();
342 	}
343 	return 0; /* need to perform reset */
344 }
345 
346 /*
347  * See if we can recover from a machine check exception.
348  * This is only called on power4 (or above) and only via
349  * the Firmware Non-Maskable Interrupts (fwnmi) handler
350  * which provides the error analysis for us.
351  *
352  * Return 1 if corrected (or delivered a signal).
353  * Return 0 if there is nothing we can do.
354  */
355 static int recover_mce(struct pt_regs *regs, struct rtas_error_log *err)
356 {
357 	int recovered = 0;
358 	int disposition = rtas_error_disposition(err);
359 
360 	if (!(regs->msr & MSR_RI)) {
361 		/* If MSR_RI isn't set, we cannot recover */
362 		recovered = 0;
363 
364 	} else if (disposition == RTAS_DISP_FULLY_RECOVERED) {
365 		/* Platform corrected itself */
366 		recovered = 1;
367 
368 	} else if (disposition == RTAS_DISP_LIMITED_RECOVERY) {
369 		/* Platform corrected itself but could be degraded */
370 		printk(KERN_ERR "MCE: limited recovery, system may "
371 		       "be degraded\n");
372 		recovered = 1;
373 
374 	} else if (user_mode(regs) && !is_global_init(current) &&
375 		   rtas_error_severity(err) == RTAS_SEVERITY_ERROR_SYNC) {
376 
377 		/*
378 		 * If we received a synchronous error when in userspace
379 		 * kill the task. Firmware may report details of the fail
380 		 * asynchronously, so we can't rely on the target and type
381 		 * fields being valid here.
382 		 */
383 		printk(KERN_ERR "MCE: uncorrectable error, killing task "
384 		       "%s:%d\n", current->comm, current->pid);
385 
386 		_exception(SIGBUS, regs, BUS_MCEERR_AR, regs->nip);
387 		recovered = 1;
388 	}
389 
390 	log_error((char *)err, ERR_TYPE_RTAS_LOG, 0);
391 
392 	return recovered;
393 }
394 
395 /*
396  * Handle a machine check.
397  *
398  * Note that on Power 4 and beyond Firmware Non-Maskable Interrupts (fwnmi)
399  * should be present.  If so the handler which called us tells us if the
400  * error was recovered (never true if RI=0).
401  *
402  * On hardware prior to Power 4 these exceptions were asynchronous which
403  * means we can't tell exactly where it occurred and so we can't recover.
404  */
405 int pSeries_machine_check_exception(struct pt_regs *regs)
406 {
407 	struct rtas_error_log *errp;
408 
409 	if (fwnmi_active) {
410 		errp = fwnmi_get_errinfo(regs);
411 		fwnmi_release_errinfo();
412 		if (errp && recover_mce(regs, errp))
413 			return 1;
414 	}
415 
416 	return 0;
417 }
418