1 /* 2 * Machine check handler 3 * 4 * Copyright IBM Corp. 2000, 2009 5 * Author(s): Ingo Adlung <adlung@de.ibm.com>, 6 * Martin Schwidefsky <schwidefsky@de.ibm.com>, 7 * Cornelia Huck <cornelia.huck@de.ibm.com>, 8 * Heiko Carstens <heiko.carstens@de.ibm.com>, 9 */ 10 11 #include <linux/kernel_stat.h> 12 #include <linux/init.h> 13 #include <linux/errno.h> 14 #include <linux/hardirq.h> 15 #include <linux/time.h> 16 #include <linux/module.h> 17 #include <linux/sched/signal.h> 18 19 #include <linux/export.h> 20 #include <asm/lowcore.h> 21 #include <asm/smp.h> 22 #include <asm/stp.h> 23 #include <asm/cputime.h> 24 #include <asm/nmi.h> 25 #include <asm/crw.h> 26 #include <asm/switch_to.h> 27 #include <asm/ctl_reg.h> 28 #include <asm/asm-offsets.h> 29 30 struct mcck_struct { 31 unsigned int kill_task : 1; 32 unsigned int channel_report : 1; 33 unsigned int warning : 1; 34 unsigned int stp_queue : 1; 35 unsigned long mcck_code; 36 }; 37 38 static DEFINE_PER_CPU(struct mcck_struct, cpu_mcck); 39 40 static void s390_handle_damage(void) 41 { 42 smp_send_stop(); 43 disabled_wait((unsigned long) __builtin_return_address(0)); 44 while (1); 45 } 46 47 /* 48 * Main machine check handler function. Will be called with interrupts enabled 49 * or disabled and machine checks enabled or disabled. 50 */ 51 void s390_handle_mcck(void) 52 { 53 unsigned long flags; 54 struct mcck_struct mcck; 55 56 /* 57 * Disable machine checks and get the current state of accumulated 58 * machine checks. Afterwards delete the old state and enable machine 59 * checks again. 60 */ 61 local_irq_save(flags); 62 local_mcck_disable(); 63 mcck = *this_cpu_ptr(&cpu_mcck); 64 memset(this_cpu_ptr(&cpu_mcck), 0, sizeof(mcck)); 65 clear_cpu_flag(CIF_MCCK_PENDING); 66 local_mcck_enable(); 67 local_irq_restore(flags); 68 69 if (mcck.channel_report) 70 crw_handle_channel_report(); 71 /* 72 * A warning may remain for a prolonged period on the bare iron. 73 * (actually until the machine is powered off, or the problem is gone) 74 * So we just stop listening for the WARNING MCH and avoid continuously 75 * being interrupted. One caveat is however, that we must do this per 76 * processor and cannot use the smp version of ctl_clear_bit(). 77 * On VM we only get one interrupt per virtally presented machinecheck. 78 * Though one suffices, we may get one interrupt per (virtual) cpu. 79 */ 80 if (mcck.warning) { /* WARNING pending ? */ 81 static int mchchk_wng_posted = 0; 82 83 /* Use single cpu clear, as we cannot handle smp here. */ 84 __ctl_clear_bit(14, 24); /* Disable WARNING MCH */ 85 if (xchg(&mchchk_wng_posted, 1) == 0) 86 kill_cad_pid(SIGPWR, 1); 87 } 88 if (mcck.stp_queue) 89 stp_queue_work(); 90 if (mcck.kill_task) { 91 local_irq_enable(); 92 printk(KERN_EMERG "mcck: Terminating task because of machine " 93 "malfunction (code 0x%016lx).\n", mcck.mcck_code); 94 printk(KERN_EMERG "mcck: task: %s, pid: %d.\n", 95 current->comm, current->pid); 96 do_exit(SIGSEGV); 97 } 98 } 99 EXPORT_SYMBOL_GPL(s390_handle_mcck); 100 101 /* 102 * returns 0 if all registers could be validated 103 * returns 1 otherwise 104 */ 105 static int notrace s390_validate_registers(union mci mci, int umode) 106 { 107 int kill_task; 108 u64 zero; 109 void *fpt_save_area; 110 struct mcesa *mcesa; 111 112 kill_task = 0; 113 zero = 0; 114 115 if (!mci.gr) { 116 /* 117 * General purpose registers couldn't be restored and have 118 * unknown contents. Stop system or terminate process. 119 */ 120 if (!umode) 121 s390_handle_damage(); 122 kill_task = 1; 123 } 124 /* Validate control registers */ 125 if (!mci.cr) { 126 /* 127 * Control registers have unknown contents. 128 * Can't recover and therefore stopping machine. 129 */ 130 s390_handle_damage(); 131 } else { 132 asm volatile( 133 " lctlg 0,15,0(%0)\n" 134 " ptlb\n" 135 : : "a" (&S390_lowcore.cregs_save_area) : "memory"); 136 } 137 if (!mci.fp) { 138 /* 139 * Floating point registers can't be restored. If the 140 * kernel currently uses floating point registers the 141 * system is stopped. If the process has its floating 142 * pointer registers loaded it is terminated. 143 * Otherwise just revalidate the registers. 144 */ 145 if (S390_lowcore.fpu_flags & KERNEL_VXR_V0V7) 146 s390_handle_damage(); 147 if (!test_cpu_flag(CIF_FPU)) 148 kill_task = 1; 149 } 150 fpt_save_area = &S390_lowcore.floating_pt_save_area; 151 if (!mci.fc) { 152 /* 153 * Floating point control register can't be restored. 154 * If the kernel currently uses the floating pointer 155 * registers and needs the FPC register the system is 156 * stopped. If the process has its floating pointer 157 * registers loaded it is terminated. Otherwiese the 158 * FPC is just revalidated. 159 */ 160 if (S390_lowcore.fpu_flags & KERNEL_FPC) 161 s390_handle_damage(); 162 asm volatile("lfpc %0" : : "Q" (zero)); 163 if (!test_cpu_flag(CIF_FPU)) 164 kill_task = 1; 165 } else { 166 asm volatile("lfpc %0" 167 : : "Q" (S390_lowcore.fpt_creg_save_area)); 168 } 169 170 mcesa = (struct mcesa *)(S390_lowcore.mcesad & MCESA_ORIGIN_MASK); 171 if (!MACHINE_HAS_VX) { 172 /* Validate floating point registers */ 173 asm volatile( 174 " ld 0,0(%0)\n" 175 " ld 1,8(%0)\n" 176 " ld 2,16(%0)\n" 177 " ld 3,24(%0)\n" 178 " ld 4,32(%0)\n" 179 " ld 5,40(%0)\n" 180 " ld 6,48(%0)\n" 181 " ld 7,56(%0)\n" 182 " ld 8,64(%0)\n" 183 " ld 9,72(%0)\n" 184 " ld 10,80(%0)\n" 185 " ld 11,88(%0)\n" 186 " ld 12,96(%0)\n" 187 " ld 13,104(%0)\n" 188 " ld 14,112(%0)\n" 189 " ld 15,120(%0)\n" 190 : : "a" (fpt_save_area) : "memory"); 191 } else { 192 /* Validate vector registers */ 193 union ctlreg0 cr0; 194 195 if (!mci.vr) { 196 /* 197 * Vector registers can't be restored. If the kernel 198 * currently uses vector registers the system is 199 * stopped. If the process has its vector registers 200 * loaded it is terminated. Otherwise just revalidate 201 * the registers. 202 */ 203 if (S390_lowcore.fpu_flags & KERNEL_VXR) 204 s390_handle_damage(); 205 if (!test_cpu_flag(CIF_FPU)) 206 kill_task = 1; 207 } 208 cr0.val = S390_lowcore.cregs_save_area[0]; 209 cr0.afp = cr0.vx = 1; 210 __ctl_load(cr0.val, 0, 0); 211 asm volatile( 212 " la 1,%0\n" 213 " .word 0xe70f,0x1000,0x0036\n" /* vlm 0,15,0(1) */ 214 " .word 0xe70f,0x1100,0x0c36\n" /* vlm 16,31,256(1) */ 215 : : "Q" (*(struct vx_array *) mcesa->vector_save_area) 216 : "1"); 217 __ctl_load(S390_lowcore.cregs_save_area[0], 0, 0); 218 } 219 /* Validate access registers */ 220 asm volatile( 221 " lam 0,15,0(%0)" 222 : : "a" (&S390_lowcore.access_regs_save_area)); 223 if (!mci.ar) { 224 /* 225 * Access registers have unknown contents. 226 * Terminating task. 227 */ 228 kill_task = 1; 229 } 230 /* Validate guarded storage registers */ 231 if (MACHINE_HAS_GS && (S390_lowcore.cregs_save_area[2] & (1UL << 4))) { 232 if (!mci.gs) 233 /* 234 * Guarded storage register can't be restored and 235 * the current processes uses guarded storage. 236 * It has to be terminated. 237 */ 238 kill_task = 1; 239 else 240 load_gs_cb((struct gs_cb *) 241 mcesa->guarded_storage_save_area); 242 } 243 /* 244 * We don't even try to validate the TOD register, since we simply 245 * can't write something sensible into that register. 246 */ 247 /* 248 * See if we can validate the TOD programmable register with its 249 * old contents (should be zero) otherwise set it to zero. 250 */ 251 if (!mci.pr) 252 asm volatile( 253 " sr 0,0\n" 254 " sckpf" 255 : : : "0", "cc"); 256 else 257 asm volatile( 258 " l 0,%0\n" 259 " sckpf" 260 : : "Q" (S390_lowcore.tod_progreg_save_area) 261 : "0", "cc"); 262 /* Validate clock comparator register */ 263 set_clock_comparator(S390_lowcore.clock_comparator); 264 /* Check if old PSW is valid */ 265 if (!mci.wp) 266 /* 267 * Can't tell if we come from user or kernel mode 268 * -> stopping machine. 269 */ 270 s390_handle_damage(); 271 272 if (!mci.ms || !mci.pm || !mci.ia) 273 kill_task = 1; 274 275 return kill_task; 276 } 277 278 #define MAX_IPD_COUNT 29 279 #define MAX_IPD_TIME (5 * 60 * USEC_PER_SEC) /* 5 minutes */ 280 281 #define ED_STP_ISLAND 6 /* External damage STP island check */ 282 #define ED_STP_SYNC 7 /* External damage STP sync check */ 283 284 #define MCCK_CODE_NO_GUEST (MCCK_CODE_CP | MCCK_CODE_EXT_DAMAGE) 285 286 /* 287 * machine check handler. 288 */ 289 void notrace s390_do_machine_check(struct pt_regs *regs) 290 { 291 static int ipd_count; 292 static DEFINE_SPINLOCK(ipd_lock); 293 static unsigned long long last_ipd; 294 struct mcck_struct *mcck; 295 unsigned long long tmp; 296 union mci mci; 297 unsigned long mcck_dam_code; 298 299 nmi_enter(); 300 inc_irq_stat(NMI_NMI); 301 mci.val = S390_lowcore.mcck_interruption_code; 302 mcck = this_cpu_ptr(&cpu_mcck); 303 304 if (mci.sd) { 305 /* System damage -> stopping machine */ 306 s390_handle_damage(); 307 } 308 309 /* 310 * Reinject the instruction processing damages' machine checks 311 * including Delayed Access Exception into the guest 312 * instead of damaging the host if they happen in the guest. 313 */ 314 if (mci.pd && !test_cpu_flag(CIF_MCCK_GUEST)) { 315 if (mci.b) { 316 /* Processing backup -> verify if we can survive this */ 317 u64 z_mcic, o_mcic, t_mcic; 318 z_mcic = (1ULL<<63 | 1ULL<<59 | 1ULL<<29); 319 o_mcic = (1ULL<<43 | 1ULL<<42 | 1ULL<<41 | 1ULL<<40 | 320 1ULL<<36 | 1ULL<<35 | 1ULL<<34 | 1ULL<<32 | 321 1ULL<<30 | 1ULL<<21 | 1ULL<<20 | 1ULL<<17 | 322 1ULL<<16); 323 t_mcic = mci.val; 324 325 if (((t_mcic & z_mcic) != 0) || 326 ((t_mcic & o_mcic) != o_mcic)) { 327 s390_handle_damage(); 328 } 329 330 /* 331 * Nullifying exigent condition, therefore we might 332 * retry this instruction. 333 */ 334 spin_lock(&ipd_lock); 335 tmp = get_tod_clock(); 336 if (((tmp - last_ipd) >> 12) < MAX_IPD_TIME) 337 ipd_count++; 338 else 339 ipd_count = 1; 340 last_ipd = tmp; 341 if (ipd_count == MAX_IPD_COUNT) 342 s390_handle_damage(); 343 spin_unlock(&ipd_lock); 344 } else { 345 /* Processing damage -> stopping machine */ 346 s390_handle_damage(); 347 } 348 } 349 if (s390_validate_registers(mci, user_mode(regs))) { 350 /* 351 * Couldn't restore all register contents for the 352 * user space process -> mark task for termination. 353 */ 354 mcck->kill_task = 1; 355 mcck->mcck_code = mci.val; 356 set_cpu_flag(CIF_MCCK_PENDING); 357 } 358 if (mci.cd) { 359 /* Timing facility damage */ 360 s390_handle_damage(); 361 } 362 if (mci.ed && mci.ec) { 363 /* External damage */ 364 if (S390_lowcore.external_damage_code & (1U << ED_STP_SYNC)) 365 mcck->stp_queue |= stp_sync_check(); 366 if (S390_lowcore.external_damage_code & (1U << ED_STP_ISLAND)) 367 mcck->stp_queue |= stp_island_check(); 368 if (mcck->stp_queue) 369 set_cpu_flag(CIF_MCCK_PENDING); 370 } 371 372 /* 373 * Reinject storage related machine checks into the guest if they 374 * happen when the guest is running. 375 */ 376 if (!test_cpu_flag(CIF_MCCK_GUEST)) { 377 if (mci.se) 378 /* Storage error uncorrected */ 379 s390_handle_damage(); 380 if (mci.ke) 381 /* Storage key-error uncorrected */ 382 s390_handle_damage(); 383 if (mci.ds && mci.fa) 384 /* Storage degradation */ 385 s390_handle_damage(); 386 } 387 if (mci.cp) { 388 /* Channel report word pending */ 389 mcck->channel_report = 1; 390 set_cpu_flag(CIF_MCCK_PENDING); 391 } 392 if (mci.w) { 393 /* Warning pending */ 394 mcck->warning = 1; 395 set_cpu_flag(CIF_MCCK_PENDING); 396 } 397 398 /* 399 * If there are only Channel Report Pending and External Damage 400 * machine checks, they will not be reinjected into the guest 401 * because they refer to host conditions only. 402 */ 403 mcck_dam_code = (mci.val & MCIC_SUBCLASS_MASK); 404 if (test_cpu_flag(CIF_MCCK_GUEST) && 405 (mcck_dam_code & MCCK_CODE_NO_GUEST) != mcck_dam_code) { 406 /* Set exit reason code for host's later handling */ 407 *((long *)(regs->gprs[15] + __SF_SIE_REASON)) = -EINTR; 408 } 409 clear_cpu_flag(CIF_MCCK_GUEST); 410 nmi_exit(); 411 } 412 413 static int __init machine_check_init(void) 414 { 415 ctl_set_bit(14, 25); /* enable external damage MCH */ 416 ctl_set_bit(14, 27); /* enable system recovery MCH */ 417 ctl_set_bit(14, 24); /* enable warning MCH */ 418 return 0; 419 } 420 early_initcall(machine_check_init); 421