xref: /openbmc/linux/arch/x86/kernel/cpu/mce/core.c (revision 476ec641)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Machine check handler.
4  *
5  * K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
6  * Rest from unknown author(s).
7  * 2004 Andi Kleen. Rewrote most of it.
8  * Copyright 2008 Intel Corporation
9  * Author: Andi Kleen
10  */
11 
12 #include <linux/thread_info.h>
13 #include <linux/capability.h>
14 #include <linux/miscdevice.h>
15 #include <linux/ratelimit.h>
16 #include <linux/rcupdate.h>
17 #include <linux/kobject.h>
18 #include <linux/uaccess.h>
19 #include <linux/kdebug.h>
20 #include <linux/kernel.h>
21 #include <linux/percpu.h>
22 #include <linux/string.h>
23 #include <linux/device.h>
24 #include <linux/syscore_ops.h>
25 #include <linux/delay.h>
26 #include <linux/ctype.h>
27 #include <linux/sched.h>
28 #include <linux/sysfs.h>
29 #include <linux/types.h>
30 #include <linux/slab.h>
31 #include <linux/init.h>
32 #include <linux/kmod.h>
33 #include <linux/poll.h>
34 #include <linux/nmi.h>
35 #include <linux/cpu.h>
36 #include <linux/ras.h>
37 #include <linux/smp.h>
38 #include <linux/fs.h>
39 #include <linux/mm.h>
40 #include <linux/debugfs.h>
41 #include <linux/irq_work.h>
42 #include <linux/export.h>
43 #include <linux/set_memory.h>
44 #include <linux/sync_core.h>
45 #include <linux/task_work.h>
46 #include <linux/hardirq.h>
47 
48 #include <asm/intel-family.h>
49 #include <asm/processor.h>
50 #include <asm/traps.h>
51 #include <asm/tlbflush.h>
52 #include <asm/mce.h>
53 #include <asm/msr.h>
54 #include <asm/reboot.h>
55 
56 #include "internal.h"
57 
58 /* sysfs synchronization */
59 static DEFINE_MUTEX(mce_sysfs_mutex);
60 
61 #define CREATE_TRACE_POINTS
62 #include <trace/events/mce.h>
63 
64 #define SPINUNIT		100	/* 100ns */
65 
66 DEFINE_PER_CPU(unsigned, mce_exception_count);
67 
68 DEFINE_PER_CPU_READ_MOSTLY(unsigned int, mce_num_banks);
69 
70 DEFINE_PER_CPU_READ_MOSTLY(struct mce_bank[MAX_NR_BANKS], mce_banks_array);
71 
72 #define ATTR_LEN               16
73 /* One object for each MCE bank, shared by all CPUs */
74 struct mce_bank_dev {
75 	struct device_attribute	attr;			/* device attribute */
76 	char			attrname[ATTR_LEN];	/* attribute name */
77 	u8			bank;			/* bank number */
78 };
79 static struct mce_bank_dev mce_bank_devs[MAX_NR_BANKS];
80 
81 struct mce_vendor_flags mce_flags __read_mostly;
82 
83 struct mca_config mca_cfg __read_mostly = {
84 	.bootlog  = -1,
85 	.monarch_timeout = -1
86 };
87 
88 static DEFINE_PER_CPU(struct mce, mces_seen);
89 static unsigned long mce_need_notify;
90 
91 /*
92  * MCA banks polled by the period polling timer for corrected events.
93  * With Intel CMCI, this only has MCA banks which do not support CMCI (if any).
94  */
95 DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
96 	[0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
97 };
98 
99 /*
100  * MCA banks controlled through firmware first for corrected errors.
101  * This is a global list of banks for which we won't enable CMCI and we
102  * won't poll. Firmware controls these banks and is responsible for
103  * reporting corrected errors through GHES. Uncorrected/recoverable
104  * errors are still notified through a machine check.
105  */
106 mce_banks_t mce_banks_ce_disabled;
107 
108 static struct work_struct mce_work;
109 static struct irq_work mce_irq_work;
110 
111 /*
112  * CPU/chipset specific EDAC code can register a notifier call here to print
113  * MCE errors in a human-readable form.
114  */
115 BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain);
116 
117 /* Do initial initialization of a struct mce */
118 void mce_setup(struct mce *m)
119 {
120 	memset(m, 0, sizeof(struct mce));
121 	m->cpu = m->extcpu = smp_processor_id();
122 	/* need the internal __ version to avoid deadlocks */
123 	m->time = __ktime_get_real_seconds();
124 	m->cpuvendor = boot_cpu_data.x86_vendor;
125 	m->cpuid = cpuid_eax(1);
126 	m->socketid = cpu_data(m->extcpu).phys_proc_id;
127 	m->apicid = cpu_data(m->extcpu).initial_apicid;
128 	m->mcgcap = __rdmsr(MSR_IA32_MCG_CAP);
129 	m->ppin = cpu_data(m->extcpu).ppin;
130 	m->microcode = boot_cpu_data.microcode;
131 }
132 
133 DEFINE_PER_CPU(struct mce, injectm);
134 EXPORT_PER_CPU_SYMBOL_GPL(injectm);
135 
136 void mce_log(struct mce *m)
137 {
138 	if (!mce_gen_pool_add(m))
139 		irq_work_queue(&mce_irq_work);
140 }
141 EXPORT_SYMBOL_GPL(mce_log);
142 
143 void mce_register_decode_chain(struct notifier_block *nb)
144 {
145 	if (WARN_ON(nb->priority < MCE_PRIO_LOWEST ||
146 		    nb->priority > MCE_PRIO_HIGHEST))
147 		return;
148 
149 	blocking_notifier_chain_register(&x86_mce_decoder_chain, nb);
150 }
151 EXPORT_SYMBOL_GPL(mce_register_decode_chain);
152 
153 void mce_unregister_decode_chain(struct notifier_block *nb)
154 {
155 	blocking_notifier_chain_unregister(&x86_mce_decoder_chain, nb);
156 }
157 EXPORT_SYMBOL_GPL(mce_unregister_decode_chain);
158 
159 static void __print_mce(struct mce *m)
160 {
161 	pr_emerg(HW_ERR "CPU %d: Machine Check%s: %Lx Bank %d: %016Lx\n",
162 		 m->extcpu,
163 		 (m->mcgstatus & MCG_STATUS_MCIP ? " Exception" : ""),
164 		 m->mcgstatus, m->bank, m->status);
165 
166 	if (m->ip) {
167 		pr_emerg(HW_ERR "RIP%s %02x:<%016Lx> ",
168 			!(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
169 			m->cs, m->ip);
170 
171 		if (m->cs == __KERNEL_CS)
172 			pr_cont("{%pS}", (void *)(unsigned long)m->ip);
173 		pr_cont("\n");
174 	}
175 
176 	pr_emerg(HW_ERR "TSC %llx ", m->tsc);
177 	if (m->addr)
178 		pr_cont("ADDR %llx ", m->addr);
179 	if (m->misc)
180 		pr_cont("MISC %llx ", m->misc);
181 	if (m->ppin)
182 		pr_cont("PPIN %llx ", m->ppin);
183 
184 	if (mce_flags.smca) {
185 		if (m->synd)
186 			pr_cont("SYND %llx ", m->synd);
187 		if (m->ipid)
188 			pr_cont("IPID %llx ", m->ipid);
189 	}
190 
191 	pr_cont("\n");
192 
193 	/*
194 	 * Note this output is parsed by external tools and old fields
195 	 * should not be changed.
196 	 */
197 	pr_emerg(HW_ERR "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x microcode %x\n",
198 		m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid,
199 		m->microcode);
200 }
201 
202 static void print_mce(struct mce *m)
203 {
204 	__print_mce(m);
205 
206 	if (m->cpuvendor != X86_VENDOR_AMD && m->cpuvendor != X86_VENDOR_HYGON)
207 		pr_emerg_ratelimited(HW_ERR "Run the above through 'mcelog --ascii'\n");
208 }
209 
210 #define PANIC_TIMEOUT 5 /* 5 seconds */
211 
212 static atomic_t mce_panicked;
213 
214 static int fake_panic;
215 static atomic_t mce_fake_panicked;
216 
217 /* Panic in progress. Enable interrupts and wait for final IPI */
218 static void wait_for_panic(void)
219 {
220 	long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
221 
222 	preempt_disable();
223 	local_irq_enable();
224 	while (timeout-- > 0)
225 		udelay(1);
226 	if (panic_timeout == 0)
227 		panic_timeout = mca_cfg.panic_timeout;
228 	panic("Panicing machine check CPU died");
229 }
230 
231 static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
232 {
233 	struct llist_node *pending;
234 	struct mce_evt_llist *l;
235 	int apei_err = 0;
236 
237 	/*
238 	 * Allow instrumentation around external facilities usage. Not that it
239 	 * matters a whole lot since the machine is going to panic anyway.
240 	 */
241 	instrumentation_begin();
242 
243 	if (!fake_panic) {
244 		/*
245 		 * Make sure only one CPU runs in machine check panic
246 		 */
247 		if (atomic_inc_return(&mce_panicked) > 1)
248 			wait_for_panic();
249 		barrier();
250 
251 		bust_spinlocks(1);
252 		console_verbose();
253 	} else {
254 		/* Don't log too much for fake panic */
255 		if (atomic_inc_return(&mce_fake_panicked) > 1)
256 			goto out;
257 	}
258 	pending = mce_gen_pool_prepare_records();
259 	/* First print corrected ones that are still unlogged */
260 	llist_for_each_entry(l, pending, llnode) {
261 		struct mce *m = &l->mce;
262 		if (!(m->status & MCI_STATUS_UC)) {
263 			print_mce(m);
264 			if (!apei_err)
265 				apei_err = apei_write_mce(m);
266 		}
267 	}
268 	/* Now print uncorrected but with the final one last */
269 	llist_for_each_entry(l, pending, llnode) {
270 		struct mce *m = &l->mce;
271 		if (!(m->status & MCI_STATUS_UC))
272 			continue;
273 		if (!final || mce_cmp(m, final)) {
274 			print_mce(m);
275 			if (!apei_err)
276 				apei_err = apei_write_mce(m);
277 		}
278 	}
279 	if (final) {
280 		print_mce(final);
281 		if (!apei_err)
282 			apei_err = apei_write_mce(final);
283 	}
284 	if (exp)
285 		pr_emerg(HW_ERR "Machine check: %s\n", exp);
286 	if (!fake_panic) {
287 		if (panic_timeout == 0)
288 			panic_timeout = mca_cfg.panic_timeout;
289 		panic(msg);
290 	} else
291 		pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
292 
293 out:
294 	instrumentation_end();
295 }
296 
297 /* Support code for software error injection */
298 
299 static int msr_to_offset(u32 msr)
300 {
301 	unsigned bank = __this_cpu_read(injectm.bank);
302 
303 	if (msr == mca_cfg.rip_msr)
304 		return offsetof(struct mce, ip);
305 	if (msr == mca_msr_reg(bank, MCA_STATUS))
306 		return offsetof(struct mce, status);
307 	if (msr == mca_msr_reg(bank, MCA_ADDR))
308 		return offsetof(struct mce, addr);
309 	if (msr == mca_msr_reg(bank, MCA_MISC))
310 		return offsetof(struct mce, misc);
311 	if (msr == MSR_IA32_MCG_STATUS)
312 		return offsetof(struct mce, mcgstatus);
313 	return -1;
314 }
315 
316 void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
317 {
318 	if (wrmsr) {
319 		pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
320 			 (unsigned int)regs->cx, (unsigned int)regs->dx, (unsigned int)regs->ax,
321 			 regs->ip, (void *)regs->ip);
322 	} else {
323 		pr_emerg("MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
324 			 (unsigned int)regs->cx, regs->ip, (void *)regs->ip);
325 	}
326 
327 	show_stack_regs(regs);
328 
329 	panic("MCA architectural violation!\n");
330 
331 	while (true)
332 		cpu_relax();
333 }
334 
335 /* MSR access wrappers used for error injection */
336 noinstr u64 mce_rdmsrl(u32 msr)
337 {
338 	DECLARE_ARGS(val, low, high);
339 
340 	if (__this_cpu_read(injectm.finished)) {
341 		int offset;
342 		u64 ret;
343 
344 		instrumentation_begin();
345 
346 		offset = msr_to_offset(msr);
347 		if (offset < 0)
348 			ret = 0;
349 		else
350 			ret = *(u64 *)((char *)this_cpu_ptr(&injectm) + offset);
351 
352 		instrumentation_end();
353 
354 		return ret;
355 	}
356 
357 	/*
358 	 * RDMSR on MCA MSRs should not fault. If they do, this is very much an
359 	 * architectural violation and needs to be reported to hw vendor. Panic
360 	 * the box to not allow any further progress.
361 	 */
362 	asm volatile("1: rdmsr\n"
363 		     "2:\n"
364 		     _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_RDMSR_IN_MCE)
365 		     : EAX_EDX_RET(val, low, high) : "c" (msr));
366 
367 
368 	return EAX_EDX_VAL(val, low, high);
369 }
370 
371 static noinstr void mce_wrmsrl(u32 msr, u64 v)
372 {
373 	u32 low, high;
374 
375 	if (__this_cpu_read(injectm.finished)) {
376 		int offset;
377 
378 		instrumentation_begin();
379 
380 		offset = msr_to_offset(msr);
381 		if (offset >= 0)
382 			*(u64 *)((char *)this_cpu_ptr(&injectm) + offset) = v;
383 
384 		instrumentation_end();
385 
386 		return;
387 	}
388 
389 	low  = (u32)v;
390 	high = (u32)(v >> 32);
391 
392 	/* See comment in mce_rdmsrl() */
393 	asm volatile("1: wrmsr\n"
394 		     "2:\n"
395 		     _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_WRMSR_IN_MCE)
396 		     : : "c" (msr), "a"(low), "d" (high) : "memory");
397 }
398 
399 /*
400  * Collect all global (w.r.t. this processor) status about this machine
401  * check into our "mce" struct so that we can use it later to assess
402  * the severity of the problem as we read per-bank specific details.
403  */
404 static noinstr void mce_gather_info(struct mce *m, struct pt_regs *regs)
405 {
406 	/*
407 	 * Enable instrumentation around mce_setup() which calls external
408 	 * facilities.
409 	 */
410 	instrumentation_begin();
411 	mce_setup(m);
412 	instrumentation_end();
413 
414 	m->mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
415 	if (regs) {
416 		/*
417 		 * Get the address of the instruction at the time of
418 		 * the machine check error.
419 		 */
420 		if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) {
421 			m->ip = regs->ip;
422 			m->cs = regs->cs;
423 
424 			/*
425 			 * When in VM86 mode make the cs look like ring 3
426 			 * always. This is a lie, but it's better than passing
427 			 * the additional vm86 bit around everywhere.
428 			 */
429 			if (v8086_mode(regs))
430 				m->cs |= 3;
431 		}
432 		/* Use accurate RIP reporting if available. */
433 		if (mca_cfg.rip_msr)
434 			m->ip = mce_rdmsrl(mca_cfg.rip_msr);
435 	}
436 }
437 
438 int mce_available(struct cpuinfo_x86 *c)
439 {
440 	if (mca_cfg.disabled)
441 		return 0;
442 	return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
443 }
444 
445 static void mce_schedule_work(void)
446 {
447 	if (!mce_gen_pool_empty())
448 		schedule_work(&mce_work);
449 }
450 
451 static void mce_irq_work_cb(struct irq_work *entry)
452 {
453 	mce_schedule_work();
454 }
455 
456 /*
457  * Check if the address reported by the CPU is in a format we can parse.
458  * It would be possible to add code for most other cases, but all would
459  * be somewhat complicated (e.g. segment offset would require an instruction
460  * parser). So only support physical addresses up to page granularity for now.
461  */
462 int mce_usable_address(struct mce *m)
463 {
464 	if (!(m->status & MCI_STATUS_ADDRV))
465 		return 0;
466 
467 	/* Checks after this one are Intel/Zhaoxin-specific: */
468 	if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL &&
469 	    boot_cpu_data.x86_vendor != X86_VENDOR_ZHAOXIN)
470 		return 1;
471 
472 	if (!(m->status & MCI_STATUS_MISCV))
473 		return 0;
474 
475 	if (MCI_MISC_ADDR_LSB(m->misc) > PAGE_SHIFT)
476 		return 0;
477 
478 	if (MCI_MISC_ADDR_MODE(m->misc) != MCI_MISC_ADDR_PHYS)
479 		return 0;
480 
481 	return 1;
482 }
483 EXPORT_SYMBOL_GPL(mce_usable_address);
484 
485 bool mce_is_memory_error(struct mce *m)
486 {
487 	switch (m->cpuvendor) {
488 	case X86_VENDOR_AMD:
489 	case X86_VENDOR_HYGON:
490 		return amd_mce_is_memory_error(m);
491 
492 	case X86_VENDOR_INTEL:
493 	case X86_VENDOR_ZHAOXIN:
494 		/*
495 		 * Intel SDM Volume 3B - 15.9.2 Compound Error Codes
496 		 *
497 		 * Bit 7 of the MCACOD field of IA32_MCi_STATUS is used for
498 		 * indicating a memory error. Bit 8 is used for indicating a
499 		 * cache hierarchy error. The combination of bit 2 and bit 3
500 		 * is used for indicating a `generic' cache hierarchy error
501 		 * But we can't just blindly check the above bits, because if
502 		 * bit 11 is set, then it is a bus/interconnect error - and
503 		 * either way the above bits just gives more detail on what
504 		 * bus/interconnect error happened. Note that bit 12 can be
505 		 * ignored, as it's the "filter" bit.
506 		 */
507 		return (m->status & 0xef80) == BIT(7) ||
508 		       (m->status & 0xef00) == BIT(8) ||
509 		       (m->status & 0xeffc) == 0xc;
510 
511 	default:
512 		return false;
513 	}
514 }
515 EXPORT_SYMBOL_GPL(mce_is_memory_error);
516 
517 static bool whole_page(struct mce *m)
518 {
519 	if (!mca_cfg.ser || !(m->status & MCI_STATUS_MISCV))
520 		return true;
521 
522 	return MCI_MISC_ADDR_LSB(m->misc) >= PAGE_SHIFT;
523 }
524 
525 bool mce_is_correctable(struct mce *m)
526 {
527 	if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
528 		return false;
529 
530 	if (m->cpuvendor == X86_VENDOR_HYGON && m->status & MCI_STATUS_DEFERRED)
531 		return false;
532 
533 	if (m->status & MCI_STATUS_UC)
534 		return false;
535 
536 	return true;
537 }
538 EXPORT_SYMBOL_GPL(mce_is_correctable);
539 
540 static int mce_early_notifier(struct notifier_block *nb, unsigned long val,
541 			      void *data)
542 {
543 	struct mce *m = (struct mce *)data;
544 
545 	if (!m)
546 		return NOTIFY_DONE;
547 
548 	/* Emit the trace record: */
549 	trace_mce_record(m);
550 
551 	set_bit(0, &mce_need_notify);
552 
553 	mce_notify_irq();
554 
555 	return NOTIFY_DONE;
556 }
557 
558 static struct notifier_block early_nb = {
559 	.notifier_call	= mce_early_notifier,
560 	.priority	= MCE_PRIO_EARLY,
561 };
562 
563 static int uc_decode_notifier(struct notifier_block *nb, unsigned long val,
564 			      void *data)
565 {
566 	struct mce *mce = (struct mce *)data;
567 	unsigned long pfn;
568 
569 	if (!mce || !mce_usable_address(mce))
570 		return NOTIFY_DONE;
571 
572 	if (mce->severity != MCE_AO_SEVERITY &&
573 	    mce->severity != MCE_DEFERRED_SEVERITY)
574 		return NOTIFY_DONE;
575 
576 	pfn = (mce->addr & MCI_ADDR_PHYSADDR) >> PAGE_SHIFT;
577 	if (!memory_failure(pfn, 0)) {
578 		set_mce_nospec(pfn);
579 		mce->kflags |= MCE_HANDLED_UC;
580 	}
581 
582 	return NOTIFY_OK;
583 }
584 
585 static struct notifier_block mce_uc_nb = {
586 	.notifier_call	= uc_decode_notifier,
587 	.priority	= MCE_PRIO_UC,
588 };
589 
590 static int mce_default_notifier(struct notifier_block *nb, unsigned long val,
591 				void *data)
592 {
593 	struct mce *m = (struct mce *)data;
594 
595 	if (!m)
596 		return NOTIFY_DONE;
597 
598 	if (mca_cfg.print_all || !m->kflags)
599 		__print_mce(m);
600 
601 	return NOTIFY_DONE;
602 }
603 
604 static struct notifier_block mce_default_nb = {
605 	.notifier_call	= mce_default_notifier,
606 	/* lowest prio, we want it to run last. */
607 	.priority	= MCE_PRIO_LOWEST,
608 };
609 
610 /*
611  * Read ADDR and MISC registers.
612  */
613 static noinstr void mce_read_aux(struct mce *m, int i)
614 {
615 	if (m->status & MCI_STATUS_MISCV)
616 		m->misc = mce_rdmsrl(mca_msr_reg(i, MCA_MISC));
617 
618 	if (m->status & MCI_STATUS_ADDRV) {
619 		m->addr = mce_rdmsrl(mca_msr_reg(i, MCA_ADDR));
620 
621 		/*
622 		 * Mask the reported address by the reported granularity.
623 		 */
624 		if (mca_cfg.ser && (m->status & MCI_STATUS_MISCV)) {
625 			u8 shift = MCI_MISC_ADDR_LSB(m->misc);
626 			m->addr >>= shift;
627 			m->addr <<= shift;
628 		}
629 
630 		smca_extract_err_addr(m);
631 	}
632 
633 	if (mce_flags.smca) {
634 		m->ipid = mce_rdmsrl(MSR_AMD64_SMCA_MCx_IPID(i));
635 
636 		if (m->status & MCI_STATUS_SYNDV)
637 			m->synd = mce_rdmsrl(MSR_AMD64_SMCA_MCx_SYND(i));
638 	}
639 }
640 
641 DEFINE_PER_CPU(unsigned, mce_poll_count);
642 
643 /*
644  * Poll for corrected events or events that happened before reset.
645  * Those are just logged through /dev/mcelog.
646  *
647  * This is executed in standard interrupt context.
648  *
649  * Note: spec recommends to panic for fatal unsignalled
650  * errors here. However this would be quite problematic --
651  * we would need to reimplement the Monarch handling and
652  * it would mess up the exclusion between exception handler
653  * and poll handler -- * so we skip this for now.
654  * These cases should not happen anyways, or only when the CPU
655  * is already totally * confused. In this case it's likely it will
656  * not fully execute the machine check handler either.
657  */
658 bool machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
659 {
660 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
661 	bool error_seen = false;
662 	struct mce m;
663 	int i;
664 
665 	this_cpu_inc(mce_poll_count);
666 
667 	mce_gather_info(&m, NULL);
668 
669 	if (flags & MCP_TIMESTAMP)
670 		m.tsc = rdtsc();
671 
672 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
673 		if (!mce_banks[i].ctl || !test_bit(i, *b))
674 			continue;
675 
676 		m.misc = 0;
677 		m.addr = 0;
678 		m.bank = i;
679 
680 		barrier();
681 		m.status = mce_rdmsrl(mca_msr_reg(i, MCA_STATUS));
682 
683 		/* If this entry is not valid, ignore it */
684 		if (!(m.status & MCI_STATUS_VAL))
685 			continue;
686 
687 		/*
688 		 * If we are logging everything (at CPU online) or this
689 		 * is a corrected error, then we must log it.
690 		 */
691 		if ((flags & MCP_UC) || !(m.status & MCI_STATUS_UC))
692 			goto log_it;
693 
694 		/*
695 		 * Newer Intel systems that support software error
696 		 * recovery need to make additional checks. Other
697 		 * CPUs should skip over uncorrected errors, but log
698 		 * everything else.
699 		 */
700 		if (!mca_cfg.ser) {
701 			if (m.status & MCI_STATUS_UC)
702 				continue;
703 			goto log_it;
704 		}
705 
706 		/* Log "not enabled" (speculative) errors */
707 		if (!(m.status & MCI_STATUS_EN))
708 			goto log_it;
709 
710 		/*
711 		 * Log UCNA (SDM: 15.6.3 "UCR Error Classification")
712 		 * UC == 1 && PCC == 0 && S == 0
713 		 */
714 		if (!(m.status & MCI_STATUS_PCC) && !(m.status & MCI_STATUS_S))
715 			goto log_it;
716 
717 		/*
718 		 * Skip anything else. Presumption is that our read of this
719 		 * bank is racing with a machine check. Leave the log alone
720 		 * for do_machine_check() to deal with it.
721 		 */
722 		continue;
723 
724 log_it:
725 		error_seen = true;
726 
727 		if (flags & MCP_DONTLOG)
728 			goto clear_it;
729 
730 		mce_read_aux(&m, i);
731 		m.severity = mce_severity(&m, NULL, NULL, false);
732 		/*
733 		 * Don't get the IP here because it's unlikely to
734 		 * have anything to do with the actual error location.
735 		 */
736 
737 		if (mca_cfg.dont_log_ce && !mce_usable_address(&m))
738 			goto clear_it;
739 
740 		if (flags & MCP_QUEUE_LOG)
741 			mce_gen_pool_add(&m);
742 		else
743 			mce_log(&m);
744 
745 clear_it:
746 		/*
747 		 * Clear state for this bank.
748 		 */
749 		mce_wrmsrl(mca_msr_reg(i, MCA_STATUS), 0);
750 	}
751 
752 	/*
753 	 * Don't clear MCG_STATUS here because it's only defined for
754 	 * exceptions.
755 	 */
756 
757 	sync_core();
758 
759 	return error_seen;
760 }
761 EXPORT_SYMBOL_GPL(machine_check_poll);
762 
763 /*
764  * During IFU recovery Sandy Bridge -EP4S processors set the RIPV and
765  * EIPV bits in MCG_STATUS to zero on the affected logical processor (SDM
766  * Vol 3B Table 15-20). But this confuses both the code that determines
767  * whether the machine check occurred in kernel or user mode, and also
768  * the severity assessment code. Pretend that EIPV was set, and take the
769  * ip/cs values from the pt_regs that mce_gather_info() ignored earlier.
770  */
771 static __always_inline void
772 quirk_sandybridge_ifu(int bank, struct mce *m, struct pt_regs *regs)
773 {
774 	if (bank != 0)
775 		return;
776 	if ((m->mcgstatus & (MCG_STATUS_EIPV|MCG_STATUS_RIPV)) != 0)
777 		return;
778 	if ((m->status & (MCI_STATUS_OVER|MCI_STATUS_UC|
779 		          MCI_STATUS_EN|MCI_STATUS_MISCV|MCI_STATUS_ADDRV|
780 			  MCI_STATUS_PCC|MCI_STATUS_S|MCI_STATUS_AR|
781 			  MCACOD)) !=
782 			 (MCI_STATUS_UC|MCI_STATUS_EN|
783 			  MCI_STATUS_MISCV|MCI_STATUS_ADDRV|MCI_STATUS_S|
784 			  MCI_STATUS_AR|MCACOD_INSTR))
785 		return;
786 
787 	m->mcgstatus |= MCG_STATUS_EIPV;
788 	m->ip = regs->ip;
789 	m->cs = regs->cs;
790 }
791 
792 /*
793  * Disable fast string copy and return from the MCE handler upon the first SRAR
794  * MCE on bank 1 due to a CPU erratum on Intel Skylake/Cascade Lake/Cooper Lake
795  * CPUs.
796  * The fast string copy instructions ("REP; MOVS*") could consume an
797  * uncorrectable memory error in the cache line _right after_ the desired region
798  * to copy and raise an MCE with RIP pointing to the instruction _after_ the
799  * "REP; MOVS*".
800  * This mitigation addresses the issue completely with the caveat of performance
801  * degradation on the CPU affected. This is still better than the OS crashing on
802  * MCEs raised on an irrelevant process due to "REP; MOVS*" accesses from a
803  * kernel context (e.g., copy_page).
804  *
805  * Returns true when fast string copy on CPU has been disabled.
806  */
807 static noinstr bool quirk_skylake_repmov(void)
808 {
809 	u64 mcgstatus   = mce_rdmsrl(MSR_IA32_MCG_STATUS);
810 	u64 misc_enable = mce_rdmsrl(MSR_IA32_MISC_ENABLE);
811 	u64 mc1_status;
812 
813 	/*
814 	 * Apply the quirk only to local machine checks, i.e., no broadcast
815 	 * sync is needed.
816 	 */
817 	if (!(mcgstatus & MCG_STATUS_LMCES) ||
818 	    !(misc_enable & MSR_IA32_MISC_ENABLE_FAST_STRING))
819 		return false;
820 
821 	mc1_status = mce_rdmsrl(MSR_IA32_MCx_STATUS(1));
822 
823 	/* Check for a software-recoverable data fetch error. */
824 	if ((mc1_status &
825 	     (MCI_STATUS_VAL | MCI_STATUS_OVER | MCI_STATUS_UC | MCI_STATUS_EN |
826 	      MCI_STATUS_ADDRV | MCI_STATUS_MISCV | MCI_STATUS_PCC |
827 	      MCI_STATUS_AR | MCI_STATUS_S)) ==
828 	     (MCI_STATUS_VAL |                   MCI_STATUS_UC | MCI_STATUS_EN |
829 	      MCI_STATUS_ADDRV | MCI_STATUS_MISCV |
830 	      MCI_STATUS_AR | MCI_STATUS_S)) {
831 		misc_enable &= ~MSR_IA32_MISC_ENABLE_FAST_STRING;
832 		mce_wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
833 		mce_wrmsrl(MSR_IA32_MCx_STATUS(1), 0);
834 
835 		instrumentation_begin();
836 		pr_err_once("Erratum detected, disable fast string copy instructions.\n");
837 		instrumentation_end();
838 
839 		return true;
840 	}
841 
842 	return false;
843 }
844 
845 /*
846  * Do a quick check if any of the events requires a panic.
847  * This decides if we keep the events around or clear them.
848  */
849 static __always_inline int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
850 					  struct pt_regs *regs)
851 {
852 	char *tmp = *msg;
853 	int i;
854 
855 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
856 		m->status = mce_rdmsrl(mca_msr_reg(i, MCA_STATUS));
857 		if (!(m->status & MCI_STATUS_VAL))
858 			continue;
859 
860 		arch___set_bit(i, validp);
861 		if (mce_flags.snb_ifu_quirk)
862 			quirk_sandybridge_ifu(i, m, regs);
863 
864 		m->bank = i;
865 		if (mce_severity(m, regs, &tmp, true) >= MCE_PANIC_SEVERITY) {
866 			mce_read_aux(m, i);
867 			*msg = tmp;
868 			return 1;
869 		}
870 	}
871 	return 0;
872 }
873 
874 /*
875  * Variable to establish order between CPUs while scanning.
876  * Each CPU spins initially until executing is equal its number.
877  */
878 static atomic_t mce_executing;
879 
880 /*
881  * Defines order of CPUs on entry. First CPU becomes Monarch.
882  */
883 static atomic_t mce_callin;
884 
885 /*
886  * Track which CPUs entered the MCA broadcast synchronization and which not in
887  * order to print holdouts.
888  */
889 static cpumask_t mce_missing_cpus = CPU_MASK_ALL;
890 
891 /*
892  * Check if a timeout waiting for other CPUs happened.
893  */
894 static noinstr int mce_timed_out(u64 *t, const char *msg)
895 {
896 	int ret = 0;
897 
898 	/* Enable instrumentation around calls to external facilities */
899 	instrumentation_begin();
900 
901 	/*
902 	 * The others already did panic for some reason.
903 	 * Bail out like in a timeout.
904 	 * rmb() to tell the compiler that system_state
905 	 * might have been modified by someone else.
906 	 */
907 	rmb();
908 	if (atomic_read(&mce_panicked))
909 		wait_for_panic();
910 	if (!mca_cfg.monarch_timeout)
911 		goto out;
912 	if ((s64)*t < SPINUNIT) {
913 		if (cpumask_and(&mce_missing_cpus, cpu_online_mask, &mce_missing_cpus))
914 			pr_emerg("CPUs not responding to MCE broadcast (may include false positives): %*pbl\n",
915 				 cpumask_pr_args(&mce_missing_cpus));
916 		mce_panic(msg, NULL, NULL);
917 
918 		ret = 1;
919 		goto out;
920 	}
921 	*t -= SPINUNIT;
922 
923 out:
924 	touch_nmi_watchdog();
925 
926 	instrumentation_end();
927 
928 	return ret;
929 }
930 
931 /*
932  * The Monarch's reign.  The Monarch is the CPU who entered
933  * the machine check handler first. It waits for the others to
934  * raise the exception too and then grades them. When any
935  * error is fatal panic. Only then let the others continue.
936  *
937  * The other CPUs entering the MCE handler will be controlled by the
938  * Monarch. They are called Subjects.
939  *
940  * This way we prevent any potential data corruption in a unrecoverable case
941  * and also makes sure always all CPU's errors are examined.
942  *
943  * Also this detects the case of a machine check event coming from outer
944  * space (not detected by any CPUs) In this case some external agent wants
945  * us to shut down, so panic too.
946  *
947  * The other CPUs might still decide to panic if the handler happens
948  * in a unrecoverable place, but in this case the system is in a semi-stable
949  * state and won't corrupt anything by itself. It's ok to let the others
950  * continue for a bit first.
951  *
952  * All the spin loops have timeouts; when a timeout happens a CPU
953  * typically elects itself to be Monarch.
954  */
955 static void mce_reign(void)
956 {
957 	int cpu;
958 	struct mce *m = NULL;
959 	int global_worst = 0;
960 	char *msg = NULL;
961 
962 	/*
963 	 * This CPU is the Monarch and the other CPUs have run
964 	 * through their handlers.
965 	 * Grade the severity of the errors of all the CPUs.
966 	 */
967 	for_each_possible_cpu(cpu) {
968 		struct mce *mtmp = &per_cpu(mces_seen, cpu);
969 
970 		if (mtmp->severity > global_worst) {
971 			global_worst = mtmp->severity;
972 			m = &per_cpu(mces_seen, cpu);
973 		}
974 	}
975 
976 	/*
977 	 * Cannot recover? Panic here then.
978 	 * This dumps all the mces in the log buffer and stops the
979 	 * other CPUs.
980 	 */
981 	if (m && global_worst >= MCE_PANIC_SEVERITY) {
982 		/* call mce_severity() to get "msg" for panic */
983 		mce_severity(m, NULL, &msg, true);
984 		mce_panic("Fatal machine check", m, msg);
985 	}
986 
987 	/*
988 	 * For UC somewhere we let the CPU who detects it handle it.
989 	 * Also must let continue the others, otherwise the handling
990 	 * CPU could deadlock on a lock.
991 	 */
992 
993 	/*
994 	 * No machine check event found. Must be some external
995 	 * source or one CPU is hung. Panic.
996 	 */
997 	if (global_worst <= MCE_KEEP_SEVERITY)
998 		mce_panic("Fatal machine check from unknown source", NULL, NULL);
999 
1000 	/*
1001 	 * Now clear all the mces_seen so that they don't reappear on
1002 	 * the next mce.
1003 	 */
1004 	for_each_possible_cpu(cpu)
1005 		memset(&per_cpu(mces_seen, cpu), 0, sizeof(struct mce));
1006 }
1007 
1008 static atomic_t global_nwo;
1009 
1010 /*
1011  * Start of Monarch synchronization. This waits until all CPUs have
1012  * entered the exception handler and then determines if any of them
1013  * saw a fatal event that requires panic. Then it executes them
1014  * in the entry order.
1015  * TBD double check parallel CPU hotunplug
1016  */
1017 static noinstr int mce_start(int *no_way_out)
1018 {
1019 	u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
1020 	int order, ret = -1;
1021 
1022 	if (!timeout)
1023 		return ret;
1024 
1025 	raw_atomic_add(*no_way_out, &global_nwo);
1026 	/*
1027 	 * Rely on the implied barrier below, such that global_nwo
1028 	 * is updated before mce_callin.
1029 	 */
1030 	order = raw_atomic_inc_return(&mce_callin);
1031 	arch_cpumask_clear_cpu(smp_processor_id(), &mce_missing_cpus);
1032 
1033 	/* Enable instrumentation around calls to external facilities */
1034 	instrumentation_begin();
1035 
1036 	/*
1037 	 * Wait for everyone.
1038 	 */
1039 	while (raw_atomic_read(&mce_callin) != num_online_cpus()) {
1040 		if (mce_timed_out(&timeout,
1041 				  "Timeout: Not all CPUs entered broadcast exception handler")) {
1042 			raw_atomic_set(&global_nwo, 0);
1043 			goto out;
1044 		}
1045 		ndelay(SPINUNIT);
1046 	}
1047 
1048 	/*
1049 	 * mce_callin should be read before global_nwo
1050 	 */
1051 	smp_rmb();
1052 
1053 	if (order == 1) {
1054 		/*
1055 		 * Monarch: Starts executing now, the others wait.
1056 		 */
1057 		raw_atomic_set(&mce_executing, 1);
1058 	} else {
1059 		/*
1060 		 * Subject: Now start the scanning loop one by one in
1061 		 * the original callin order.
1062 		 * This way when there are any shared banks it will be
1063 		 * only seen by one CPU before cleared, avoiding duplicates.
1064 		 */
1065 		while (raw_atomic_read(&mce_executing) < order) {
1066 			if (mce_timed_out(&timeout,
1067 					  "Timeout: Subject CPUs unable to finish machine check processing")) {
1068 				raw_atomic_set(&global_nwo, 0);
1069 				goto out;
1070 			}
1071 			ndelay(SPINUNIT);
1072 		}
1073 	}
1074 
1075 	/*
1076 	 * Cache the global no_way_out state.
1077 	 */
1078 	*no_way_out = raw_atomic_read(&global_nwo);
1079 
1080 	ret = order;
1081 
1082 out:
1083 	instrumentation_end();
1084 
1085 	return ret;
1086 }
1087 
1088 /*
1089  * Synchronize between CPUs after main scanning loop.
1090  * This invokes the bulk of the Monarch processing.
1091  */
1092 static noinstr int mce_end(int order)
1093 {
1094 	u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
1095 	int ret = -1;
1096 
1097 	/* Allow instrumentation around external facilities. */
1098 	instrumentation_begin();
1099 
1100 	if (!timeout)
1101 		goto reset;
1102 	if (order < 0)
1103 		goto reset;
1104 
1105 	/*
1106 	 * Allow others to run.
1107 	 */
1108 	atomic_inc(&mce_executing);
1109 
1110 	if (order == 1) {
1111 		/*
1112 		 * Monarch: Wait for everyone to go through their scanning
1113 		 * loops.
1114 		 */
1115 		while (atomic_read(&mce_executing) <= num_online_cpus()) {
1116 			if (mce_timed_out(&timeout,
1117 					  "Timeout: Monarch CPU unable to finish machine check processing"))
1118 				goto reset;
1119 			ndelay(SPINUNIT);
1120 		}
1121 
1122 		mce_reign();
1123 		barrier();
1124 		ret = 0;
1125 	} else {
1126 		/*
1127 		 * Subject: Wait for Monarch to finish.
1128 		 */
1129 		while (atomic_read(&mce_executing) != 0) {
1130 			if (mce_timed_out(&timeout,
1131 					  "Timeout: Monarch CPU did not finish machine check processing"))
1132 				goto reset;
1133 			ndelay(SPINUNIT);
1134 		}
1135 
1136 		/*
1137 		 * Don't reset anything. That's done by the Monarch.
1138 		 */
1139 		ret = 0;
1140 		goto out;
1141 	}
1142 
1143 	/*
1144 	 * Reset all global state.
1145 	 */
1146 reset:
1147 	atomic_set(&global_nwo, 0);
1148 	atomic_set(&mce_callin, 0);
1149 	cpumask_setall(&mce_missing_cpus);
1150 	barrier();
1151 
1152 	/*
1153 	 * Let others run again.
1154 	 */
1155 	atomic_set(&mce_executing, 0);
1156 
1157 out:
1158 	instrumentation_end();
1159 
1160 	return ret;
1161 }
1162 
1163 static __always_inline void mce_clear_state(unsigned long *toclear)
1164 {
1165 	int i;
1166 
1167 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1168 		if (arch_test_bit(i, toclear))
1169 			mce_wrmsrl(mca_msr_reg(i, MCA_STATUS), 0);
1170 	}
1171 }
1172 
1173 /*
1174  * Cases where we avoid rendezvous handler timeout:
1175  * 1) If this CPU is offline.
1176  *
1177  * 2) If crashing_cpu was set, e.g. we're entering kdump and we need to
1178  *  skip those CPUs which remain looping in the 1st kernel - see
1179  *  crash_nmi_callback().
1180  *
1181  * Note: there still is a small window between kexec-ing and the new,
1182  * kdump kernel establishing a new #MC handler where a broadcasted MCE
1183  * might not get handled properly.
1184  */
1185 static noinstr bool mce_check_crashing_cpu(void)
1186 {
1187 	unsigned int cpu = smp_processor_id();
1188 
1189 	if (arch_cpu_is_offline(cpu) ||
1190 	    (crashing_cpu != -1 && crashing_cpu != cpu)) {
1191 		u64 mcgstatus;
1192 
1193 		mcgstatus = __rdmsr(MSR_IA32_MCG_STATUS);
1194 
1195 		if (boot_cpu_data.x86_vendor == X86_VENDOR_ZHAOXIN) {
1196 			if (mcgstatus & MCG_STATUS_LMCES)
1197 				return false;
1198 		}
1199 
1200 		if (mcgstatus & MCG_STATUS_RIPV) {
1201 			__wrmsr(MSR_IA32_MCG_STATUS, 0, 0);
1202 			return true;
1203 		}
1204 	}
1205 	return false;
1206 }
1207 
1208 static __always_inline int
1209 __mc_scan_banks(struct mce *m, struct pt_regs *regs, struct mce *final,
1210 		unsigned long *toclear, unsigned long *valid_banks, int no_way_out,
1211 		int *worst)
1212 {
1213 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1214 	struct mca_config *cfg = &mca_cfg;
1215 	int severity, i, taint = 0;
1216 
1217 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1218 		arch___clear_bit(i, toclear);
1219 		if (!arch_test_bit(i, valid_banks))
1220 			continue;
1221 
1222 		if (!mce_banks[i].ctl)
1223 			continue;
1224 
1225 		m->misc = 0;
1226 		m->addr = 0;
1227 		m->bank = i;
1228 
1229 		m->status = mce_rdmsrl(mca_msr_reg(i, MCA_STATUS));
1230 		if (!(m->status & MCI_STATUS_VAL))
1231 			continue;
1232 
1233 		/*
1234 		 * Corrected or non-signaled errors are handled by
1235 		 * machine_check_poll(). Leave them alone, unless this panics.
1236 		 */
1237 		if (!(m->status & (cfg->ser ? MCI_STATUS_S : MCI_STATUS_UC)) &&
1238 			!no_way_out)
1239 			continue;
1240 
1241 		/* Set taint even when machine check was not enabled. */
1242 		taint++;
1243 
1244 		severity = mce_severity(m, regs, NULL, true);
1245 
1246 		/*
1247 		 * When machine check was for corrected/deferred handler don't
1248 		 * touch, unless we're panicking.
1249 		 */
1250 		if ((severity == MCE_KEEP_SEVERITY ||
1251 		     severity == MCE_UCNA_SEVERITY) && !no_way_out)
1252 			continue;
1253 
1254 		arch___set_bit(i, toclear);
1255 
1256 		/* Machine check event was not enabled. Clear, but ignore. */
1257 		if (severity == MCE_NO_SEVERITY)
1258 			continue;
1259 
1260 		mce_read_aux(m, i);
1261 
1262 		/* assuming valid severity level != 0 */
1263 		m->severity = severity;
1264 
1265 		/*
1266 		 * Enable instrumentation around the mce_log() call which is
1267 		 * done in #MC context, where instrumentation is disabled.
1268 		 */
1269 		instrumentation_begin();
1270 		mce_log(m);
1271 		instrumentation_end();
1272 
1273 		if (severity > *worst) {
1274 			*final = *m;
1275 			*worst = severity;
1276 		}
1277 	}
1278 
1279 	/* mce_clear_state will clear *final, save locally for use later */
1280 	*m = *final;
1281 
1282 	return taint;
1283 }
1284 
1285 static void kill_me_now(struct callback_head *ch)
1286 {
1287 	struct task_struct *p = container_of(ch, struct task_struct, mce_kill_me);
1288 
1289 	p->mce_count = 0;
1290 	force_sig(SIGBUS);
1291 }
1292 
1293 static void kill_me_maybe(struct callback_head *cb)
1294 {
1295 	struct task_struct *p = container_of(cb, struct task_struct, mce_kill_me);
1296 	int flags = MF_ACTION_REQUIRED;
1297 	unsigned long pfn;
1298 	int ret;
1299 
1300 	p->mce_count = 0;
1301 	pr_err("Uncorrected hardware memory error in user-access at %llx", p->mce_addr);
1302 
1303 	if (!p->mce_ripv)
1304 		flags |= MF_MUST_KILL;
1305 
1306 	pfn = (p->mce_addr & MCI_ADDR_PHYSADDR) >> PAGE_SHIFT;
1307 	ret = memory_failure(pfn, flags);
1308 	if (!ret) {
1309 		set_mce_nospec(pfn);
1310 		sync_core();
1311 		return;
1312 	}
1313 
1314 	/*
1315 	 * -EHWPOISON from memory_failure() means that it already sent SIGBUS
1316 	 * to the current process with the proper error info,
1317 	 * -EOPNOTSUPP means hwpoison_filter() filtered the error event,
1318 	 *
1319 	 * In both cases, no further processing is required.
1320 	 */
1321 	if (ret == -EHWPOISON || ret == -EOPNOTSUPP)
1322 		return;
1323 
1324 	pr_err("Memory error not recovered");
1325 	kill_me_now(cb);
1326 }
1327 
1328 static void kill_me_never(struct callback_head *cb)
1329 {
1330 	struct task_struct *p = container_of(cb, struct task_struct, mce_kill_me);
1331 	unsigned long pfn;
1332 
1333 	p->mce_count = 0;
1334 	pr_err("Kernel accessed poison in user space at %llx\n", p->mce_addr);
1335 	pfn = (p->mce_addr & MCI_ADDR_PHYSADDR) >> PAGE_SHIFT;
1336 	if (!memory_failure(pfn, 0))
1337 		set_mce_nospec(pfn);
1338 }
1339 
1340 static void queue_task_work(struct mce *m, char *msg, void (*func)(struct callback_head *))
1341 {
1342 	int count = ++current->mce_count;
1343 
1344 	/* First call, save all the details */
1345 	if (count == 1) {
1346 		current->mce_addr = m->addr;
1347 		current->mce_kflags = m->kflags;
1348 		current->mce_ripv = !!(m->mcgstatus & MCG_STATUS_RIPV);
1349 		current->mce_whole_page = whole_page(m);
1350 		current->mce_kill_me.func = func;
1351 	}
1352 
1353 	/* Ten is likely overkill. Don't expect more than two faults before task_work() */
1354 	if (count > 10)
1355 		mce_panic("Too many consecutive machine checks while accessing user data", m, msg);
1356 
1357 	/* Second or later call, make sure page address matches the one from first call */
1358 	if (count > 1 && (current->mce_addr >> PAGE_SHIFT) != (m->addr >> PAGE_SHIFT))
1359 		mce_panic("Consecutive machine checks to different user pages", m, msg);
1360 
1361 	/* Do not call task_work_add() more than once */
1362 	if (count > 1)
1363 		return;
1364 
1365 	task_work_add(current, &current->mce_kill_me, TWA_RESUME);
1366 }
1367 
1368 /* Handle unconfigured int18 (should never happen) */
1369 static noinstr void unexpected_machine_check(struct pt_regs *regs)
1370 {
1371 	instrumentation_begin();
1372 	pr_err("CPU#%d: Unexpected int18 (Machine Check)\n",
1373 	       smp_processor_id());
1374 	instrumentation_end();
1375 }
1376 
1377 /*
1378  * The actual machine check handler. This only handles real exceptions when
1379  * something got corrupted coming in through int 18.
1380  *
1381  * This is executed in #MC context not subject to normal locking rules.
1382  * This implies that most kernel services cannot be safely used. Don't even
1383  * think about putting a printk in there!
1384  *
1385  * On Intel systems this is entered on all CPUs in parallel through
1386  * MCE broadcast. However some CPUs might be broken beyond repair,
1387  * so be always careful when synchronizing with others.
1388  *
1389  * Tracing and kprobes are disabled: if we interrupted a kernel context
1390  * with IF=1, we need to minimize stack usage.  There are also recursion
1391  * issues: if the machine check was due to a failure of the memory
1392  * backing the user stack, tracing that reads the user stack will cause
1393  * potentially infinite recursion.
1394  *
1395  * Currently, the #MC handler calls out to a number of external facilities
1396  * and, therefore, allows instrumentation around them. The optimal thing to
1397  * have would be to do the absolutely minimal work required in #MC context
1398  * and have instrumentation disabled only around that. Further processing can
1399  * then happen in process context where instrumentation is allowed. Achieving
1400  * that requires careful auditing and modifications. Until then, the code
1401  * allows instrumentation temporarily, where required. *
1402  */
1403 noinstr void do_machine_check(struct pt_regs *regs)
1404 {
1405 	int worst = 0, order, no_way_out, kill_current_task, lmce, taint = 0;
1406 	DECLARE_BITMAP(valid_banks, MAX_NR_BANKS) = { 0 };
1407 	DECLARE_BITMAP(toclear, MAX_NR_BANKS) = { 0 };
1408 	struct mce m, *final;
1409 	char *msg = NULL;
1410 
1411 	if (unlikely(mce_flags.p5))
1412 		return pentium_machine_check(regs);
1413 	else if (unlikely(mce_flags.winchip))
1414 		return winchip_machine_check(regs);
1415 	else if (unlikely(!mca_cfg.initialized))
1416 		return unexpected_machine_check(regs);
1417 
1418 	if (mce_flags.skx_repmov_quirk && quirk_skylake_repmov())
1419 		goto clear;
1420 
1421 	/*
1422 	 * Establish sequential order between the CPUs entering the machine
1423 	 * check handler.
1424 	 */
1425 	order = -1;
1426 
1427 	/*
1428 	 * If no_way_out gets set, there is no safe way to recover from this
1429 	 * MCE.
1430 	 */
1431 	no_way_out = 0;
1432 
1433 	/*
1434 	 * If kill_current_task is not set, there might be a way to recover from this
1435 	 * error.
1436 	 */
1437 	kill_current_task = 0;
1438 
1439 	/*
1440 	 * MCEs are always local on AMD. Same is determined by MCG_STATUS_LMCES
1441 	 * on Intel.
1442 	 */
1443 	lmce = 1;
1444 
1445 	this_cpu_inc(mce_exception_count);
1446 
1447 	mce_gather_info(&m, regs);
1448 	m.tsc = rdtsc();
1449 
1450 	final = this_cpu_ptr(&mces_seen);
1451 	*final = m;
1452 
1453 	no_way_out = mce_no_way_out(&m, &msg, valid_banks, regs);
1454 
1455 	barrier();
1456 
1457 	/*
1458 	 * When no restart IP might need to kill or panic.
1459 	 * Assume the worst for now, but if we find the
1460 	 * severity is MCE_AR_SEVERITY we have other options.
1461 	 */
1462 	if (!(m.mcgstatus & MCG_STATUS_RIPV))
1463 		kill_current_task = 1;
1464 	/*
1465 	 * Check if this MCE is signaled to only this logical processor,
1466 	 * on Intel, Zhaoxin only.
1467 	 */
1468 	if (m.cpuvendor == X86_VENDOR_INTEL ||
1469 	    m.cpuvendor == X86_VENDOR_ZHAOXIN)
1470 		lmce = m.mcgstatus & MCG_STATUS_LMCES;
1471 
1472 	/*
1473 	 * Local machine check may already know that we have to panic.
1474 	 * Broadcast machine check begins rendezvous in mce_start()
1475 	 * Go through all banks in exclusion of the other CPUs. This way we
1476 	 * don't report duplicated events on shared banks because the first one
1477 	 * to see it will clear it.
1478 	 */
1479 	if (lmce) {
1480 		if (no_way_out)
1481 			mce_panic("Fatal local machine check", &m, msg);
1482 	} else {
1483 		order = mce_start(&no_way_out);
1484 	}
1485 
1486 	taint = __mc_scan_banks(&m, regs, final, toclear, valid_banks, no_way_out, &worst);
1487 
1488 	if (!no_way_out)
1489 		mce_clear_state(toclear);
1490 
1491 	/*
1492 	 * Do most of the synchronization with other CPUs.
1493 	 * When there's any problem use only local no_way_out state.
1494 	 */
1495 	if (!lmce) {
1496 		if (mce_end(order) < 0) {
1497 			if (!no_way_out)
1498 				no_way_out = worst >= MCE_PANIC_SEVERITY;
1499 
1500 			if (no_way_out)
1501 				mce_panic("Fatal machine check on current CPU", &m, msg);
1502 		}
1503 	} else {
1504 		/*
1505 		 * If there was a fatal machine check we should have
1506 		 * already called mce_panic earlier in this function.
1507 		 * Since we re-read the banks, we might have found
1508 		 * something new. Check again to see if we found a
1509 		 * fatal error. We call "mce_severity()" again to
1510 		 * make sure we have the right "msg".
1511 		 */
1512 		if (worst >= MCE_PANIC_SEVERITY) {
1513 			mce_severity(&m, regs, &msg, true);
1514 			mce_panic("Local fatal machine check!", &m, msg);
1515 		}
1516 	}
1517 
1518 	/*
1519 	 * Enable instrumentation around the external facilities like task_work_add()
1520 	 * (via queue_task_work()), fixup_exception() etc. For now, that is. Fixing this
1521 	 * properly would need a lot more involved reorganization.
1522 	 */
1523 	instrumentation_begin();
1524 
1525 	if (taint)
1526 		add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
1527 
1528 	if (worst != MCE_AR_SEVERITY && !kill_current_task)
1529 		goto out;
1530 
1531 	/* Fault was in user mode and we need to take some action */
1532 	if ((m.cs & 3) == 3) {
1533 		/* If this triggers there is no way to recover. Die hard. */
1534 		BUG_ON(!on_thread_stack() || !user_mode(regs));
1535 
1536 		if (!mce_usable_address(&m))
1537 			queue_task_work(&m, msg, kill_me_now);
1538 		else
1539 			queue_task_work(&m, msg, kill_me_maybe);
1540 
1541 	} else {
1542 		/*
1543 		 * Handle an MCE which has happened in kernel space but from
1544 		 * which the kernel can recover: ex_has_fault_handler() has
1545 		 * already verified that the rIP at which the error happened is
1546 		 * a rIP from which the kernel can recover (by jumping to
1547 		 * recovery code specified in _ASM_EXTABLE_FAULT()) and the
1548 		 * corresponding exception handler which would do that is the
1549 		 * proper one.
1550 		 */
1551 		if (m.kflags & MCE_IN_KERNEL_RECOV) {
1552 			if (!fixup_exception(regs, X86_TRAP_MC, 0, 0))
1553 				mce_panic("Failed kernel mode recovery", &m, msg);
1554 		}
1555 
1556 		if (m.kflags & MCE_IN_KERNEL_COPYIN)
1557 			queue_task_work(&m, msg, kill_me_never);
1558 	}
1559 
1560 out:
1561 	instrumentation_end();
1562 
1563 clear:
1564 	mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1565 }
1566 EXPORT_SYMBOL_GPL(do_machine_check);
1567 
1568 #ifndef CONFIG_MEMORY_FAILURE
1569 int memory_failure(unsigned long pfn, int flags)
1570 {
1571 	/* mce_severity() should not hand us an ACTION_REQUIRED error */
1572 	BUG_ON(flags & MF_ACTION_REQUIRED);
1573 	pr_err("Uncorrected memory error in page 0x%lx ignored\n"
1574 	       "Rebuild kernel with CONFIG_MEMORY_FAILURE=y for smarter handling\n",
1575 	       pfn);
1576 
1577 	return 0;
1578 }
1579 #endif
1580 
1581 /*
1582  * Periodic polling timer for "silent" machine check errors.  If the
1583  * poller finds an MCE, poll 2x faster.  When the poller finds no more
1584  * errors, poll 2x slower (up to check_interval seconds).
1585  */
1586 static unsigned long check_interval = INITIAL_CHECK_INTERVAL;
1587 
1588 static DEFINE_PER_CPU(unsigned long, mce_next_interval); /* in jiffies */
1589 static DEFINE_PER_CPU(struct timer_list, mce_timer);
1590 
1591 static unsigned long mce_adjust_timer_default(unsigned long interval)
1592 {
1593 	return interval;
1594 }
1595 
1596 static unsigned long (*mce_adjust_timer)(unsigned long interval) = mce_adjust_timer_default;
1597 
1598 static void __start_timer(struct timer_list *t, unsigned long interval)
1599 {
1600 	unsigned long when = jiffies + interval;
1601 	unsigned long flags;
1602 
1603 	local_irq_save(flags);
1604 
1605 	if (!timer_pending(t) || time_before(when, t->expires))
1606 		mod_timer(t, round_jiffies(when));
1607 
1608 	local_irq_restore(flags);
1609 }
1610 
1611 static void mce_timer_fn(struct timer_list *t)
1612 {
1613 	struct timer_list *cpu_t = this_cpu_ptr(&mce_timer);
1614 	unsigned long iv;
1615 
1616 	WARN_ON(cpu_t != t);
1617 
1618 	iv = __this_cpu_read(mce_next_interval);
1619 
1620 	if (mce_available(this_cpu_ptr(&cpu_info))) {
1621 		machine_check_poll(0, this_cpu_ptr(&mce_poll_banks));
1622 
1623 		if (mce_intel_cmci_poll()) {
1624 			iv = mce_adjust_timer(iv);
1625 			goto done;
1626 		}
1627 	}
1628 
1629 	/*
1630 	 * Alert userspace if needed. If we logged an MCE, reduce the polling
1631 	 * interval, otherwise increase the polling interval.
1632 	 */
1633 	if (mce_notify_irq())
1634 		iv = max(iv / 2, (unsigned long) HZ/100);
1635 	else
1636 		iv = min(iv * 2, round_jiffies_relative(check_interval * HZ));
1637 
1638 done:
1639 	__this_cpu_write(mce_next_interval, iv);
1640 	__start_timer(t, iv);
1641 }
1642 
1643 /*
1644  * Ensure that the timer is firing in @interval from now.
1645  */
1646 void mce_timer_kick(unsigned long interval)
1647 {
1648 	struct timer_list *t = this_cpu_ptr(&mce_timer);
1649 	unsigned long iv = __this_cpu_read(mce_next_interval);
1650 
1651 	__start_timer(t, interval);
1652 
1653 	if (interval < iv)
1654 		__this_cpu_write(mce_next_interval, interval);
1655 }
1656 
1657 /* Must not be called in IRQ context where del_timer_sync() can deadlock */
1658 static void mce_timer_delete_all(void)
1659 {
1660 	int cpu;
1661 
1662 	for_each_online_cpu(cpu)
1663 		del_timer_sync(&per_cpu(mce_timer, cpu));
1664 }
1665 
1666 /*
1667  * Notify the user(s) about new machine check events.
1668  * Can be called from interrupt context, but not from machine check/NMI
1669  * context.
1670  */
1671 int mce_notify_irq(void)
1672 {
1673 	/* Not more than two messages every minute */
1674 	static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
1675 
1676 	if (test_and_clear_bit(0, &mce_need_notify)) {
1677 		mce_work_trigger();
1678 
1679 		if (__ratelimit(&ratelimit))
1680 			pr_info(HW_ERR "Machine check events logged\n");
1681 
1682 		return 1;
1683 	}
1684 	return 0;
1685 }
1686 EXPORT_SYMBOL_GPL(mce_notify_irq);
1687 
1688 static void __mcheck_cpu_mce_banks_init(void)
1689 {
1690 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1691 	u8 n_banks = this_cpu_read(mce_num_banks);
1692 	int i;
1693 
1694 	for (i = 0; i < n_banks; i++) {
1695 		struct mce_bank *b = &mce_banks[i];
1696 
1697 		/*
1698 		 * Init them all, __mcheck_cpu_apply_quirks() is going to apply
1699 		 * the required vendor quirks before
1700 		 * __mcheck_cpu_init_clear_banks() does the final bank setup.
1701 		 */
1702 		b->ctl = -1ULL;
1703 		b->init = true;
1704 	}
1705 }
1706 
1707 /*
1708  * Initialize Machine Checks for a CPU.
1709  */
1710 static void __mcheck_cpu_cap_init(void)
1711 {
1712 	u64 cap;
1713 	u8 b;
1714 
1715 	rdmsrl(MSR_IA32_MCG_CAP, cap);
1716 
1717 	b = cap & MCG_BANKCNT_MASK;
1718 
1719 	if (b > MAX_NR_BANKS) {
1720 		pr_warn("CPU%d: Using only %u machine check banks out of %u\n",
1721 			smp_processor_id(), MAX_NR_BANKS, b);
1722 		b = MAX_NR_BANKS;
1723 	}
1724 
1725 	this_cpu_write(mce_num_banks, b);
1726 
1727 	__mcheck_cpu_mce_banks_init();
1728 
1729 	/* Use accurate RIP reporting if available. */
1730 	if ((cap & MCG_EXT_P) && MCG_EXT_CNT(cap) >= 9)
1731 		mca_cfg.rip_msr = MSR_IA32_MCG_EIP;
1732 
1733 	if (cap & MCG_SER_P)
1734 		mca_cfg.ser = 1;
1735 }
1736 
1737 static void __mcheck_cpu_init_generic(void)
1738 {
1739 	enum mcp_flags m_fl = 0;
1740 	mce_banks_t all_banks;
1741 	u64 cap;
1742 
1743 	if (!mca_cfg.bootlog)
1744 		m_fl = MCP_DONTLOG;
1745 
1746 	/*
1747 	 * Log the machine checks left over from the previous reset. Log them
1748 	 * only, do not start processing them. That will happen in mcheck_late_init()
1749 	 * when all consumers have been registered on the notifier chain.
1750 	 */
1751 	bitmap_fill(all_banks, MAX_NR_BANKS);
1752 	machine_check_poll(MCP_UC | MCP_QUEUE_LOG | m_fl, &all_banks);
1753 
1754 	cr4_set_bits(X86_CR4_MCE);
1755 
1756 	rdmsrl(MSR_IA32_MCG_CAP, cap);
1757 	if (cap & MCG_CTL_P)
1758 		wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
1759 }
1760 
1761 static void __mcheck_cpu_init_clear_banks(void)
1762 {
1763 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1764 	int i;
1765 
1766 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1767 		struct mce_bank *b = &mce_banks[i];
1768 
1769 		if (!b->init)
1770 			continue;
1771 		wrmsrl(mca_msr_reg(i, MCA_CTL), b->ctl);
1772 		wrmsrl(mca_msr_reg(i, MCA_STATUS), 0);
1773 	}
1774 }
1775 
1776 /*
1777  * Do a final check to see if there are any unused/RAZ banks.
1778  *
1779  * This must be done after the banks have been initialized and any quirks have
1780  * been applied.
1781  *
1782  * Do not call this from any user-initiated flows, e.g. CPU hotplug or sysfs.
1783  * Otherwise, a user who disables a bank will not be able to re-enable it
1784  * without a system reboot.
1785  */
1786 static void __mcheck_cpu_check_banks(void)
1787 {
1788 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1789 	u64 msrval;
1790 	int i;
1791 
1792 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
1793 		struct mce_bank *b = &mce_banks[i];
1794 
1795 		if (!b->init)
1796 			continue;
1797 
1798 		rdmsrl(mca_msr_reg(i, MCA_CTL), msrval);
1799 		b->init = !!msrval;
1800 	}
1801 }
1802 
1803 /* Add per CPU specific workarounds here */
1804 static int __mcheck_cpu_apply_quirks(struct cpuinfo_x86 *c)
1805 {
1806 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1807 	struct mca_config *cfg = &mca_cfg;
1808 
1809 	if (c->x86_vendor == X86_VENDOR_UNKNOWN) {
1810 		pr_info("unknown CPU type - not enabling MCE support\n");
1811 		return -EOPNOTSUPP;
1812 	}
1813 
1814 	/* This should be disabled by the BIOS, but isn't always */
1815 	if (c->x86_vendor == X86_VENDOR_AMD) {
1816 		if (c->x86 == 15 && this_cpu_read(mce_num_banks) > 4) {
1817 			/*
1818 			 * disable GART TBL walk error reporting, which
1819 			 * trips off incorrectly with the IOMMU & 3ware
1820 			 * & Cerberus:
1821 			 */
1822 			clear_bit(10, (unsigned long *)&mce_banks[4].ctl);
1823 		}
1824 		if (c->x86 < 0x11 && cfg->bootlog < 0) {
1825 			/*
1826 			 * Lots of broken BIOS around that don't clear them
1827 			 * by default and leave crap in there. Don't log:
1828 			 */
1829 			cfg->bootlog = 0;
1830 		}
1831 		/*
1832 		 * Various K7s with broken bank 0 around. Always disable
1833 		 * by default.
1834 		 */
1835 		if (c->x86 == 6 && this_cpu_read(mce_num_banks) > 0)
1836 			mce_banks[0].ctl = 0;
1837 
1838 		/*
1839 		 * overflow_recov is supported for F15h Models 00h-0fh
1840 		 * even though we don't have a CPUID bit for it.
1841 		 */
1842 		if (c->x86 == 0x15 && c->x86_model <= 0xf)
1843 			mce_flags.overflow_recov = 1;
1844 
1845 	}
1846 
1847 	if (c->x86_vendor == X86_VENDOR_INTEL) {
1848 		/*
1849 		 * SDM documents that on family 6 bank 0 should not be written
1850 		 * because it aliases to another special BIOS controlled
1851 		 * register.
1852 		 * But it's not aliased anymore on model 0x1a+
1853 		 * Don't ignore bank 0 completely because there could be a
1854 		 * valid event later, merely don't write CTL0.
1855 		 */
1856 
1857 		if (c->x86 == 6 && c->x86_model < 0x1A && this_cpu_read(mce_num_banks) > 0)
1858 			mce_banks[0].init = false;
1859 
1860 		/*
1861 		 * All newer Intel systems support MCE broadcasting. Enable
1862 		 * synchronization with a one second timeout.
1863 		 */
1864 		if ((c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xe)) &&
1865 			cfg->monarch_timeout < 0)
1866 			cfg->monarch_timeout = USEC_PER_SEC;
1867 
1868 		/*
1869 		 * There are also broken BIOSes on some Pentium M and
1870 		 * earlier systems:
1871 		 */
1872 		if (c->x86 == 6 && c->x86_model <= 13 && cfg->bootlog < 0)
1873 			cfg->bootlog = 0;
1874 
1875 		if (c->x86 == 6 && c->x86_model == 45)
1876 			mce_flags.snb_ifu_quirk = 1;
1877 
1878 		/*
1879 		 * Skylake, Cascacde Lake and Cooper Lake require a quirk on
1880 		 * rep movs.
1881 		 */
1882 		if (c->x86 == 6 && c->x86_model == INTEL_FAM6_SKYLAKE_X)
1883 			mce_flags.skx_repmov_quirk = 1;
1884 	}
1885 
1886 	if (c->x86_vendor == X86_VENDOR_ZHAOXIN) {
1887 		/*
1888 		 * All newer Zhaoxin CPUs support MCE broadcasting. Enable
1889 		 * synchronization with a one second timeout.
1890 		 */
1891 		if (c->x86 > 6 || (c->x86_model == 0x19 || c->x86_model == 0x1f)) {
1892 			if (cfg->monarch_timeout < 0)
1893 				cfg->monarch_timeout = USEC_PER_SEC;
1894 		}
1895 	}
1896 
1897 	if (cfg->monarch_timeout < 0)
1898 		cfg->monarch_timeout = 0;
1899 	if (cfg->bootlog != 0)
1900 		cfg->panic_timeout = 30;
1901 
1902 	return 0;
1903 }
1904 
1905 static int __mcheck_cpu_ancient_init(struct cpuinfo_x86 *c)
1906 {
1907 	if (c->x86 != 5)
1908 		return 0;
1909 
1910 	switch (c->x86_vendor) {
1911 	case X86_VENDOR_INTEL:
1912 		intel_p5_mcheck_init(c);
1913 		mce_flags.p5 = 1;
1914 		return 1;
1915 	case X86_VENDOR_CENTAUR:
1916 		winchip_mcheck_init(c);
1917 		mce_flags.winchip = 1;
1918 		return 1;
1919 	default:
1920 		return 0;
1921 	}
1922 
1923 	return 0;
1924 }
1925 
1926 /*
1927  * Init basic CPU features needed for early decoding of MCEs.
1928  */
1929 static void __mcheck_cpu_init_early(struct cpuinfo_x86 *c)
1930 {
1931 	if (c->x86_vendor == X86_VENDOR_AMD || c->x86_vendor == X86_VENDOR_HYGON) {
1932 		mce_flags.overflow_recov = !!cpu_has(c, X86_FEATURE_OVERFLOW_RECOV);
1933 		mce_flags.succor	 = !!cpu_has(c, X86_FEATURE_SUCCOR);
1934 		mce_flags.smca		 = !!cpu_has(c, X86_FEATURE_SMCA);
1935 		mce_flags.amd_threshold	 = 1;
1936 	}
1937 }
1938 
1939 static void mce_centaur_feature_init(struct cpuinfo_x86 *c)
1940 {
1941 	struct mca_config *cfg = &mca_cfg;
1942 
1943 	 /*
1944 	  * All newer Centaur CPUs support MCE broadcasting. Enable
1945 	  * synchronization with a one second timeout.
1946 	  */
1947 	if ((c->x86 == 6 && c->x86_model == 0xf && c->x86_stepping >= 0xe) ||
1948 	     c->x86 > 6) {
1949 		if (cfg->monarch_timeout < 0)
1950 			cfg->monarch_timeout = USEC_PER_SEC;
1951 	}
1952 }
1953 
1954 static void mce_zhaoxin_feature_init(struct cpuinfo_x86 *c)
1955 {
1956 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
1957 
1958 	/*
1959 	 * These CPUs have MCA bank 8 which reports only one error type called
1960 	 * SVAD (System View Address Decoder). The reporting of that error is
1961 	 * controlled by IA32_MC8.CTL.0.
1962 	 *
1963 	 * If enabled, prefetching on these CPUs will cause SVAD MCE when
1964 	 * virtual machines start and result in a system  panic. Always disable
1965 	 * bank 8 SVAD error by default.
1966 	 */
1967 	if ((c->x86 == 7 && c->x86_model == 0x1b) ||
1968 	    (c->x86_model == 0x19 || c->x86_model == 0x1f)) {
1969 		if (this_cpu_read(mce_num_banks) > 8)
1970 			mce_banks[8].ctl = 0;
1971 	}
1972 
1973 	intel_init_cmci();
1974 	intel_init_lmce();
1975 	mce_adjust_timer = cmci_intel_adjust_timer;
1976 }
1977 
1978 static void mce_zhaoxin_feature_clear(struct cpuinfo_x86 *c)
1979 {
1980 	intel_clear_lmce();
1981 }
1982 
1983 static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
1984 {
1985 	switch (c->x86_vendor) {
1986 	case X86_VENDOR_INTEL:
1987 		mce_intel_feature_init(c);
1988 		mce_adjust_timer = cmci_intel_adjust_timer;
1989 		break;
1990 
1991 	case X86_VENDOR_AMD: {
1992 		mce_amd_feature_init(c);
1993 		break;
1994 		}
1995 
1996 	case X86_VENDOR_HYGON:
1997 		mce_hygon_feature_init(c);
1998 		break;
1999 
2000 	case X86_VENDOR_CENTAUR:
2001 		mce_centaur_feature_init(c);
2002 		break;
2003 
2004 	case X86_VENDOR_ZHAOXIN:
2005 		mce_zhaoxin_feature_init(c);
2006 		break;
2007 
2008 	default:
2009 		break;
2010 	}
2011 }
2012 
2013 static void __mcheck_cpu_clear_vendor(struct cpuinfo_x86 *c)
2014 {
2015 	switch (c->x86_vendor) {
2016 	case X86_VENDOR_INTEL:
2017 		mce_intel_feature_clear(c);
2018 		break;
2019 
2020 	case X86_VENDOR_ZHAOXIN:
2021 		mce_zhaoxin_feature_clear(c);
2022 		break;
2023 
2024 	default:
2025 		break;
2026 	}
2027 }
2028 
2029 static void mce_start_timer(struct timer_list *t)
2030 {
2031 	unsigned long iv = check_interval * HZ;
2032 
2033 	if (mca_cfg.ignore_ce || !iv)
2034 		return;
2035 
2036 	this_cpu_write(mce_next_interval, iv);
2037 	__start_timer(t, iv);
2038 }
2039 
2040 static void __mcheck_cpu_setup_timer(void)
2041 {
2042 	struct timer_list *t = this_cpu_ptr(&mce_timer);
2043 
2044 	timer_setup(t, mce_timer_fn, TIMER_PINNED);
2045 }
2046 
2047 static void __mcheck_cpu_init_timer(void)
2048 {
2049 	struct timer_list *t = this_cpu_ptr(&mce_timer);
2050 
2051 	timer_setup(t, mce_timer_fn, TIMER_PINNED);
2052 	mce_start_timer(t);
2053 }
2054 
2055 bool filter_mce(struct mce *m)
2056 {
2057 	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
2058 		return amd_filter_mce(m);
2059 	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
2060 		return intel_filter_mce(m);
2061 
2062 	return false;
2063 }
2064 
2065 static __always_inline void exc_machine_check_kernel(struct pt_regs *regs)
2066 {
2067 	irqentry_state_t irq_state;
2068 
2069 	WARN_ON_ONCE(user_mode(regs));
2070 
2071 	/*
2072 	 * Only required when from kernel mode. See
2073 	 * mce_check_crashing_cpu() for details.
2074 	 */
2075 	if (mca_cfg.initialized && mce_check_crashing_cpu())
2076 		return;
2077 
2078 	irq_state = irqentry_nmi_enter(regs);
2079 
2080 	do_machine_check(regs);
2081 
2082 	irqentry_nmi_exit(regs, irq_state);
2083 }
2084 
2085 static __always_inline void exc_machine_check_user(struct pt_regs *regs)
2086 {
2087 	irqentry_enter_from_user_mode(regs);
2088 
2089 	do_machine_check(regs);
2090 
2091 	irqentry_exit_to_user_mode(regs);
2092 }
2093 
2094 #ifdef CONFIG_X86_64
2095 /* MCE hit kernel mode */
2096 DEFINE_IDTENTRY_MCE(exc_machine_check)
2097 {
2098 	unsigned long dr7;
2099 
2100 	dr7 = local_db_save();
2101 	exc_machine_check_kernel(regs);
2102 	local_db_restore(dr7);
2103 }
2104 
2105 /* The user mode variant. */
2106 DEFINE_IDTENTRY_MCE_USER(exc_machine_check)
2107 {
2108 	unsigned long dr7;
2109 
2110 	dr7 = local_db_save();
2111 	exc_machine_check_user(regs);
2112 	local_db_restore(dr7);
2113 }
2114 #else
2115 /* 32bit unified entry point */
2116 DEFINE_IDTENTRY_RAW(exc_machine_check)
2117 {
2118 	unsigned long dr7;
2119 
2120 	dr7 = local_db_save();
2121 	if (user_mode(regs))
2122 		exc_machine_check_user(regs);
2123 	else
2124 		exc_machine_check_kernel(regs);
2125 	local_db_restore(dr7);
2126 }
2127 #endif
2128 
2129 /*
2130  * Called for each booted CPU to set up machine checks.
2131  * Must be called with preempt off:
2132  */
2133 void mcheck_cpu_init(struct cpuinfo_x86 *c)
2134 {
2135 	if (mca_cfg.disabled)
2136 		return;
2137 
2138 	if (__mcheck_cpu_ancient_init(c))
2139 		return;
2140 
2141 	if (!mce_available(c))
2142 		return;
2143 
2144 	__mcheck_cpu_cap_init();
2145 
2146 	if (__mcheck_cpu_apply_quirks(c) < 0) {
2147 		mca_cfg.disabled = 1;
2148 		return;
2149 	}
2150 
2151 	if (mce_gen_pool_init()) {
2152 		mca_cfg.disabled = 1;
2153 		pr_emerg("Couldn't allocate MCE records pool!\n");
2154 		return;
2155 	}
2156 
2157 	mca_cfg.initialized = 1;
2158 
2159 	__mcheck_cpu_init_early(c);
2160 	__mcheck_cpu_init_generic();
2161 	__mcheck_cpu_init_vendor(c);
2162 	__mcheck_cpu_init_clear_banks();
2163 	__mcheck_cpu_check_banks();
2164 	__mcheck_cpu_setup_timer();
2165 }
2166 
2167 /*
2168  * Called for each booted CPU to clear some machine checks opt-ins
2169  */
2170 void mcheck_cpu_clear(struct cpuinfo_x86 *c)
2171 {
2172 	if (mca_cfg.disabled)
2173 		return;
2174 
2175 	if (!mce_available(c))
2176 		return;
2177 
2178 	/*
2179 	 * Possibly to clear general settings generic to x86
2180 	 * __mcheck_cpu_clear_generic(c);
2181 	 */
2182 	__mcheck_cpu_clear_vendor(c);
2183 
2184 }
2185 
2186 static void __mce_disable_bank(void *arg)
2187 {
2188 	int bank = *((int *)arg);
2189 	__clear_bit(bank, this_cpu_ptr(mce_poll_banks));
2190 	cmci_disable_bank(bank);
2191 }
2192 
2193 void mce_disable_bank(int bank)
2194 {
2195 	if (bank >= this_cpu_read(mce_num_banks)) {
2196 		pr_warn(FW_BUG
2197 			"Ignoring request to disable invalid MCA bank %d.\n",
2198 			bank);
2199 		return;
2200 	}
2201 	set_bit(bank, mce_banks_ce_disabled);
2202 	on_each_cpu(__mce_disable_bank, &bank, 1);
2203 }
2204 
2205 /*
2206  * mce=off Disables machine check
2207  * mce=no_cmci Disables CMCI
2208  * mce=no_lmce Disables LMCE
2209  * mce=dont_log_ce Clears corrected events silently, no log created for CEs.
2210  * mce=print_all Print all machine check logs to console
2211  * mce=ignore_ce Disables polling and CMCI, corrected events are not cleared.
2212  * mce=TOLERANCELEVEL[,monarchtimeout] (number, see above)
2213  *	monarchtimeout is how long to wait for other CPUs on machine
2214  *	check, or 0 to not wait
2215  * mce=bootlog Log MCEs from before booting. Disabled by default on AMD Fam10h
2216 	and older.
2217  * mce=nobootlog Don't log MCEs from before booting.
2218  * mce=bios_cmci_threshold Don't program the CMCI threshold
2219  * mce=recovery force enable copy_mc_fragile()
2220  */
2221 static int __init mcheck_enable(char *str)
2222 {
2223 	struct mca_config *cfg = &mca_cfg;
2224 
2225 	if (*str == 0) {
2226 		enable_p5_mce();
2227 		return 1;
2228 	}
2229 	if (*str == '=')
2230 		str++;
2231 	if (!strcmp(str, "off"))
2232 		cfg->disabled = 1;
2233 	else if (!strcmp(str, "no_cmci"))
2234 		cfg->cmci_disabled = true;
2235 	else if (!strcmp(str, "no_lmce"))
2236 		cfg->lmce_disabled = 1;
2237 	else if (!strcmp(str, "dont_log_ce"))
2238 		cfg->dont_log_ce = true;
2239 	else if (!strcmp(str, "print_all"))
2240 		cfg->print_all = true;
2241 	else if (!strcmp(str, "ignore_ce"))
2242 		cfg->ignore_ce = true;
2243 	else if (!strcmp(str, "bootlog") || !strcmp(str, "nobootlog"))
2244 		cfg->bootlog = (str[0] == 'b');
2245 	else if (!strcmp(str, "bios_cmci_threshold"))
2246 		cfg->bios_cmci_threshold = 1;
2247 	else if (!strcmp(str, "recovery"))
2248 		cfg->recovery = 1;
2249 	else if (isdigit(str[0]))
2250 		get_option(&str, &(cfg->monarch_timeout));
2251 	else {
2252 		pr_info("mce argument %s ignored. Please use /sys\n", str);
2253 		return 0;
2254 	}
2255 	return 1;
2256 }
2257 __setup("mce", mcheck_enable);
2258 
2259 int __init mcheck_init(void)
2260 {
2261 	mce_register_decode_chain(&early_nb);
2262 	mce_register_decode_chain(&mce_uc_nb);
2263 	mce_register_decode_chain(&mce_default_nb);
2264 
2265 	INIT_WORK(&mce_work, mce_gen_pool_process);
2266 	init_irq_work(&mce_irq_work, mce_irq_work_cb);
2267 
2268 	return 0;
2269 }
2270 
2271 /*
2272  * mce_syscore: PM support
2273  */
2274 
2275 /*
2276  * Disable machine checks on suspend and shutdown. We can't really handle
2277  * them later.
2278  */
2279 static void mce_disable_error_reporting(void)
2280 {
2281 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
2282 	int i;
2283 
2284 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
2285 		struct mce_bank *b = &mce_banks[i];
2286 
2287 		if (b->init)
2288 			wrmsrl(mca_msr_reg(i, MCA_CTL), 0);
2289 	}
2290 	return;
2291 }
2292 
2293 static void vendor_disable_error_reporting(void)
2294 {
2295 	/*
2296 	 * Don't clear on Intel or AMD or Hygon or Zhaoxin CPUs. Some of these
2297 	 * MSRs are socket-wide. Disabling them for just a single offlined CPU
2298 	 * is bad, since it will inhibit reporting for all shared resources on
2299 	 * the socket like the last level cache (LLC), the integrated memory
2300 	 * controller (iMC), etc.
2301 	 */
2302 	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ||
2303 	    boot_cpu_data.x86_vendor == X86_VENDOR_HYGON ||
2304 	    boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
2305 	    boot_cpu_data.x86_vendor == X86_VENDOR_ZHAOXIN)
2306 		return;
2307 
2308 	mce_disable_error_reporting();
2309 }
2310 
2311 static int mce_syscore_suspend(void)
2312 {
2313 	vendor_disable_error_reporting();
2314 	return 0;
2315 }
2316 
2317 static void mce_syscore_shutdown(void)
2318 {
2319 	vendor_disable_error_reporting();
2320 }
2321 
2322 /*
2323  * On resume clear all MCE state. Don't want to see leftovers from the BIOS.
2324  * Only one CPU is active at this time, the others get re-added later using
2325  * CPU hotplug:
2326  */
2327 static void mce_syscore_resume(void)
2328 {
2329 	__mcheck_cpu_init_generic();
2330 	__mcheck_cpu_init_vendor(raw_cpu_ptr(&cpu_info));
2331 	__mcheck_cpu_init_clear_banks();
2332 }
2333 
2334 static struct syscore_ops mce_syscore_ops = {
2335 	.suspend	= mce_syscore_suspend,
2336 	.shutdown	= mce_syscore_shutdown,
2337 	.resume		= mce_syscore_resume,
2338 };
2339 
2340 /*
2341  * mce_device: Sysfs support
2342  */
2343 
2344 static void mce_cpu_restart(void *data)
2345 {
2346 	if (!mce_available(raw_cpu_ptr(&cpu_info)))
2347 		return;
2348 	__mcheck_cpu_init_generic();
2349 	__mcheck_cpu_init_clear_banks();
2350 	__mcheck_cpu_init_timer();
2351 }
2352 
2353 /* Reinit MCEs after user configuration changes */
2354 static void mce_restart(void)
2355 {
2356 	mce_timer_delete_all();
2357 	on_each_cpu(mce_cpu_restart, NULL, 1);
2358 	mce_schedule_work();
2359 }
2360 
2361 /* Toggle features for corrected errors */
2362 static void mce_disable_cmci(void *data)
2363 {
2364 	if (!mce_available(raw_cpu_ptr(&cpu_info)))
2365 		return;
2366 	cmci_clear();
2367 }
2368 
2369 static void mce_enable_ce(void *all)
2370 {
2371 	if (!mce_available(raw_cpu_ptr(&cpu_info)))
2372 		return;
2373 	cmci_reenable();
2374 	cmci_recheck();
2375 	if (all)
2376 		__mcheck_cpu_init_timer();
2377 }
2378 
2379 static struct bus_type mce_subsys = {
2380 	.name		= "machinecheck",
2381 	.dev_name	= "machinecheck",
2382 };
2383 
2384 DEFINE_PER_CPU(struct device *, mce_device);
2385 
2386 static inline struct mce_bank_dev *attr_to_bank(struct device_attribute *attr)
2387 {
2388 	return container_of(attr, struct mce_bank_dev, attr);
2389 }
2390 
2391 static ssize_t show_bank(struct device *s, struct device_attribute *attr,
2392 			 char *buf)
2393 {
2394 	u8 bank = attr_to_bank(attr)->bank;
2395 	struct mce_bank *b;
2396 
2397 	if (bank >= per_cpu(mce_num_banks, s->id))
2398 		return -EINVAL;
2399 
2400 	b = &per_cpu(mce_banks_array, s->id)[bank];
2401 
2402 	if (!b->init)
2403 		return -ENODEV;
2404 
2405 	return sprintf(buf, "%llx\n", b->ctl);
2406 }
2407 
2408 static ssize_t set_bank(struct device *s, struct device_attribute *attr,
2409 			const char *buf, size_t size)
2410 {
2411 	u8 bank = attr_to_bank(attr)->bank;
2412 	struct mce_bank *b;
2413 	u64 new;
2414 
2415 	if (kstrtou64(buf, 0, &new) < 0)
2416 		return -EINVAL;
2417 
2418 	if (bank >= per_cpu(mce_num_banks, s->id))
2419 		return -EINVAL;
2420 
2421 	b = &per_cpu(mce_banks_array, s->id)[bank];
2422 
2423 	if (!b->init)
2424 		return -ENODEV;
2425 
2426 	b->ctl = new;
2427 	mce_restart();
2428 
2429 	return size;
2430 }
2431 
2432 static ssize_t set_ignore_ce(struct device *s,
2433 			     struct device_attribute *attr,
2434 			     const char *buf, size_t size)
2435 {
2436 	u64 new;
2437 
2438 	if (kstrtou64(buf, 0, &new) < 0)
2439 		return -EINVAL;
2440 
2441 	mutex_lock(&mce_sysfs_mutex);
2442 	if (mca_cfg.ignore_ce ^ !!new) {
2443 		if (new) {
2444 			/* disable ce features */
2445 			mce_timer_delete_all();
2446 			on_each_cpu(mce_disable_cmci, NULL, 1);
2447 			mca_cfg.ignore_ce = true;
2448 		} else {
2449 			/* enable ce features */
2450 			mca_cfg.ignore_ce = false;
2451 			on_each_cpu(mce_enable_ce, (void *)1, 1);
2452 		}
2453 	}
2454 	mutex_unlock(&mce_sysfs_mutex);
2455 
2456 	return size;
2457 }
2458 
2459 static ssize_t set_cmci_disabled(struct device *s,
2460 				 struct device_attribute *attr,
2461 				 const char *buf, size_t size)
2462 {
2463 	u64 new;
2464 
2465 	if (kstrtou64(buf, 0, &new) < 0)
2466 		return -EINVAL;
2467 
2468 	mutex_lock(&mce_sysfs_mutex);
2469 	if (mca_cfg.cmci_disabled ^ !!new) {
2470 		if (new) {
2471 			/* disable cmci */
2472 			on_each_cpu(mce_disable_cmci, NULL, 1);
2473 			mca_cfg.cmci_disabled = true;
2474 		} else {
2475 			/* enable cmci */
2476 			mca_cfg.cmci_disabled = false;
2477 			on_each_cpu(mce_enable_ce, NULL, 1);
2478 		}
2479 	}
2480 	mutex_unlock(&mce_sysfs_mutex);
2481 
2482 	return size;
2483 }
2484 
2485 static ssize_t store_int_with_restart(struct device *s,
2486 				      struct device_attribute *attr,
2487 				      const char *buf, size_t size)
2488 {
2489 	unsigned long old_check_interval = check_interval;
2490 	ssize_t ret = device_store_ulong(s, attr, buf, size);
2491 
2492 	if (check_interval == old_check_interval)
2493 		return ret;
2494 
2495 	mutex_lock(&mce_sysfs_mutex);
2496 	mce_restart();
2497 	mutex_unlock(&mce_sysfs_mutex);
2498 
2499 	return ret;
2500 }
2501 
2502 static DEVICE_INT_ATTR(monarch_timeout, 0644, mca_cfg.monarch_timeout);
2503 static DEVICE_BOOL_ATTR(dont_log_ce, 0644, mca_cfg.dont_log_ce);
2504 static DEVICE_BOOL_ATTR(print_all, 0644, mca_cfg.print_all);
2505 
2506 static struct dev_ext_attribute dev_attr_check_interval = {
2507 	__ATTR(check_interval, 0644, device_show_int, store_int_with_restart),
2508 	&check_interval
2509 };
2510 
2511 static struct dev_ext_attribute dev_attr_ignore_ce = {
2512 	__ATTR(ignore_ce, 0644, device_show_bool, set_ignore_ce),
2513 	&mca_cfg.ignore_ce
2514 };
2515 
2516 static struct dev_ext_attribute dev_attr_cmci_disabled = {
2517 	__ATTR(cmci_disabled, 0644, device_show_bool, set_cmci_disabled),
2518 	&mca_cfg.cmci_disabled
2519 };
2520 
2521 static struct device_attribute *mce_device_attrs[] = {
2522 	&dev_attr_check_interval.attr,
2523 #ifdef CONFIG_X86_MCELOG_LEGACY
2524 	&dev_attr_trigger,
2525 #endif
2526 	&dev_attr_monarch_timeout.attr,
2527 	&dev_attr_dont_log_ce.attr,
2528 	&dev_attr_print_all.attr,
2529 	&dev_attr_ignore_ce.attr,
2530 	&dev_attr_cmci_disabled.attr,
2531 	NULL
2532 };
2533 
2534 static cpumask_var_t mce_device_initialized;
2535 
2536 static void mce_device_release(struct device *dev)
2537 {
2538 	kfree(dev);
2539 }
2540 
2541 /* Per CPU device init. All of the CPUs still share the same bank device: */
2542 static int mce_device_create(unsigned int cpu)
2543 {
2544 	struct device *dev;
2545 	int err;
2546 	int i, j;
2547 
2548 	if (!mce_available(&boot_cpu_data))
2549 		return -EIO;
2550 
2551 	dev = per_cpu(mce_device, cpu);
2552 	if (dev)
2553 		return 0;
2554 
2555 	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2556 	if (!dev)
2557 		return -ENOMEM;
2558 	dev->id  = cpu;
2559 	dev->bus = &mce_subsys;
2560 	dev->release = &mce_device_release;
2561 
2562 	err = device_register(dev);
2563 	if (err) {
2564 		put_device(dev);
2565 		return err;
2566 	}
2567 
2568 	for (i = 0; mce_device_attrs[i]; i++) {
2569 		err = device_create_file(dev, mce_device_attrs[i]);
2570 		if (err)
2571 			goto error;
2572 	}
2573 	for (j = 0; j < per_cpu(mce_num_banks, cpu); j++) {
2574 		err = device_create_file(dev, &mce_bank_devs[j].attr);
2575 		if (err)
2576 			goto error2;
2577 	}
2578 	cpumask_set_cpu(cpu, mce_device_initialized);
2579 	per_cpu(mce_device, cpu) = dev;
2580 
2581 	return 0;
2582 error2:
2583 	while (--j >= 0)
2584 		device_remove_file(dev, &mce_bank_devs[j].attr);
2585 error:
2586 	while (--i >= 0)
2587 		device_remove_file(dev, mce_device_attrs[i]);
2588 
2589 	device_unregister(dev);
2590 
2591 	return err;
2592 }
2593 
2594 static void mce_device_remove(unsigned int cpu)
2595 {
2596 	struct device *dev = per_cpu(mce_device, cpu);
2597 	int i;
2598 
2599 	if (!cpumask_test_cpu(cpu, mce_device_initialized))
2600 		return;
2601 
2602 	for (i = 0; mce_device_attrs[i]; i++)
2603 		device_remove_file(dev, mce_device_attrs[i]);
2604 
2605 	for (i = 0; i < per_cpu(mce_num_banks, cpu); i++)
2606 		device_remove_file(dev, &mce_bank_devs[i].attr);
2607 
2608 	device_unregister(dev);
2609 	cpumask_clear_cpu(cpu, mce_device_initialized);
2610 	per_cpu(mce_device, cpu) = NULL;
2611 }
2612 
2613 /* Make sure there are no machine checks on offlined CPUs. */
2614 static void mce_disable_cpu(void)
2615 {
2616 	if (!mce_available(raw_cpu_ptr(&cpu_info)))
2617 		return;
2618 
2619 	if (!cpuhp_tasks_frozen)
2620 		cmci_clear();
2621 
2622 	vendor_disable_error_reporting();
2623 }
2624 
2625 static void mce_reenable_cpu(void)
2626 {
2627 	struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
2628 	int i;
2629 
2630 	if (!mce_available(raw_cpu_ptr(&cpu_info)))
2631 		return;
2632 
2633 	if (!cpuhp_tasks_frozen)
2634 		cmci_reenable();
2635 	for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
2636 		struct mce_bank *b = &mce_banks[i];
2637 
2638 		if (b->init)
2639 			wrmsrl(mca_msr_reg(i, MCA_CTL), b->ctl);
2640 	}
2641 }
2642 
2643 static int mce_cpu_dead(unsigned int cpu)
2644 {
2645 	mce_intel_hcpu_update(cpu);
2646 
2647 	/* intentionally ignoring frozen here */
2648 	if (!cpuhp_tasks_frozen)
2649 		cmci_rediscover();
2650 	return 0;
2651 }
2652 
2653 static int mce_cpu_online(unsigned int cpu)
2654 {
2655 	struct timer_list *t = this_cpu_ptr(&mce_timer);
2656 	int ret;
2657 
2658 	mce_device_create(cpu);
2659 
2660 	ret = mce_threshold_create_device(cpu);
2661 	if (ret) {
2662 		mce_device_remove(cpu);
2663 		return ret;
2664 	}
2665 	mce_reenable_cpu();
2666 	mce_start_timer(t);
2667 	return 0;
2668 }
2669 
2670 static int mce_cpu_pre_down(unsigned int cpu)
2671 {
2672 	struct timer_list *t = this_cpu_ptr(&mce_timer);
2673 
2674 	mce_disable_cpu();
2675 	del_timer_sync(t);
2676 	mce_threshold_remove_device(cpu);
2677 	mce_device_remove(cpu);
2678 	return 0;
2679 }
2680 
2681 static __init void mce_init_banks(void)
2682 {
2683 	int i;
2684 
2685 	for (i = 0; i < MAX_NR_BANKS; i++) {
2686 		struct mce_bank_dev *b = &mce_bank_devs[i];
2687 		struct device_attribute *a = &b->attr;
2688 
2689 		b->bank = i;
2690 
2691 		sysfs_attr_init(&a->attr);
2692 		a->attr.name	= b->attrname;
2693 		snprintf(b->attrname, ATTR_LEN, "bank%d", i);
2694 
2695 		a->attr.mode	= 0644;
2696 		a->show		= show_bank;
2697 		a->store	= set_bank;
2698 	}
2699 }
2700 
2701 /*
2702  * When running on XEN, this initcall is ordered against the XEN mcelog
2703  * initcall:
2704  *
2705  *   device_initcall(xen_late_init_mcelog);
2706  *   device_initcall_sync(mcheck_init_device);
2707  */
2708 static __init int mcheck_init_device(void)
2709 {
2710 	int err;
2711 
2712 	/*
2713 	 * Check if we have a spare virtual bit. This will only become
2714 	 * a problem if/when we move beyond 5-level page tables.
2715 	 */
2716 	MAYBE_BUILD_BUG_ON(__VIRTUAL_MASK_SHIFT >= 63);
2717 
2718 	if (!mce_available(&boot_cpu_data)) {
2719 		err = -EIO;
2720 		goto err_out;
2721 	}
2722 
2723 	if (!zalloc_cpumask_var(&mce_device_initialized, GFP_KERNEL)) {
2724 		err = -ENOMEM;
2725 		goto err_out;
2726 	}
2727 
2728 	mce_init_banks();
2729 
2730 	err = subsys_system_register(&mce_subsys, NULL);
2731 	if (err)
2732 		goto err_out_mem;
2733 
2734 	err = cpuhp_setup_state(CPUHP_X86_MCE_DEAD, "x86/mce:dead", NULL,
2735 				mce_cpu_dead);
2736 	if (err)
2737 		goto err_out_mem;
2738 
2739 	/*
2740 	 * Invokes mce_cpu_online() on all CPUs which are online when
2741 	 * the state is installed.
2742 	 */
2743 	err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/mce:online",
2744 				mce_cpu_online, mce_cpu_pre_down);
2745 	if (err < 0)
2746 		goto err_out_online;
2747 
2748 	register_syscore_ops(&mce_syscore_ops);
2749 
2750 	return 0;
2751 
2752 err_out_online:
2753 	cpuhp_remove_state(CPUHP_X86_MCE_DEAD);
2754 
2755 err_out_mem:
2756 	free_cpumask_var(mce_device_initialized);
2757 
2758 err_out:
2759 	pr_err("Unable to init MCE device (rc: %d)\n", err);
2760 
2761 	return err;
2762 }
2763 device_initcall_sync(mcheck_init_device);
2764 
2765 /*
2766  * Old style boot options parsing. Only for compatibility.
2767  */
2768 static int __init mcheck_disable(char *str)
2769 {
2770 	mca_cfg.disabled = 1;
2771 	return 1;
2772 }
2773 __setup("nomce", mcheck_disable);
2774 
2775 #ifdef CONFIG_DEBUG_FS
2776 struct dentry *mce_get_debugfs_dir(void)
2777 {
2778 	static struct dentry *dmce;
2779 
2780 	if (!dmce)
2781 		dmce = debugfs_create_dir("mce", NULL);
2782 
2783 	return dmce;
2784 }
2785 
2786 static void mce_reset(void)
2787 {
2788 	atomic_set(&mce_fake_panicked, 0);
2789 	atomic_set(&mce_executing, 0);
2790 	atomic_set(&mce_callin, 0);
2791 	atomic_set(&global_nwo, 0);
2792 	cpumask_setall(&mce_missing_cpus);
2793 }
2794 
2795 static int fake_panic_get(void *data, u64 *val)
2796 {
2797 	*val = fake_panic;
2798 	return 0;
2799 }
2800 
2801 static int fake_panic_set(void *data, u64 val)
2802 {
2803 	mce_reset();
2804 	fake_panic = val;
2805 	return 0;
2806 }
2807 
2808 DEFINE_DEBUGFS_ATTRIBUTE(fake_panic_fops, fake_panic_get, fake_panic_set,
2809 			 "%llu\n");
2810 
2811 static void __init mcheck_debugfs_init(void)
2812 {
2813 	struct dentry *dmce;
2814 
2815 	dmce = mce_get_debugfs_dir();
2816 	debugfs_create_file_unsafe("fake_panic", 0444, dmce, NULL,
2817 				   &fake_panic_fops);
2818 }
2819 #else
2820 static void __init mcheck_debugfs_init(void) { }
2821 #endif
2822 
2823 static int __init mcheck_late_init(void)
2824 {
2825 	if (mca_cfg.recovery)
2826 		enable_copy_mc_fragile();
2827 
2828 	mcheck_debugfs_init();
2829 
2830 	/*
2831 	 * Flush out everything that has been logged during early boot, now that
2832 	 * everything has been initialized (workqueues, decoders, ...).
2833 	 */
2834 	mce_schedule_work();
2835 
2836 	return 0;
2837 }
2838 late_initcall(mcheck_late_init);
2839