1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * MCE grading rules. 4 * Copyright 2008, 2009 Intel Corporation. 5 * 6 * Author: Andi Kleen 7 */ 8 #include <linux/kernel.h> 9 #include <linux/seq_file.h> 10 #include <linux/init.h> 11 #include <linux/debugfs.h> 12 #include <linux/uaccess.h> 13 14 #include <asm/mce.h> 15 #include <asm/intel-family.h> 16 #include <asm/traps.h> 17 #include <asm/insn.h> 18 #include <asm/insn-eval.h> 19 20 #include "internal.h" 21 22 /* 23 * Grade an mce by severity. In general the most severe ones are processed 24 * first. Since there are quite a lot of combinations test the bits in a 25 * table-driven way. The rules are simply processed in order, first 26 * match wins. 27 * 28 * Note this is only used for machine check exceptions, the corrected 29 * errors use much simpler rules. The exceptions still check for the corrected 30 * errors, but only to leave them alone for the CMCI handler (except for 31 * panic situations) 32 */ 33 34 enum context { IN_KERNEL = 1, IN_USER = 2, IN_KERNEL_RECOV = 3 }; 35 enum ser { SER_REQUIRED = 1, NO_SER = 2 }; 36 enum exception { EXCP_CONTEXT = 1, NO_EXCP = 2 }; 37 38 static struct severity { 39 u64 mask; 40 u64 result; 41 unsigned char sev; 42 unsigned char mcgmask; 43 unsigned char mcgres; 44 unsigned char ser; 45 unsigned char context; 46 unsigned char excp; 47 unsigned char covered; 48 unsigned char cpu_model; 49 unsigned char cpu_minstepping; 50 unsigned char bank_lo, bank_hi; 51 char *msg; 52 } severities[] = { 53 #define MCESEV(s, m, c...) { .sev = MCE_ ## s ## _SEVERITY, .msg = m, ## c } 54 #define BANK_RANGE(l, h) .bank_lo = l, .bank_hi = h 55 #define MODEL_STEPPING(m, s) .cpu_model = m, .cpu_minstepping = s 56 #define KERNEL .context = IN_KERNEL 57 #define USER .context = IN_USER 58 #define KERNEL_RECOV .context = IN_KERNEL_RECOV 59 #define SER .ser = SER_REQUIRED 60 #define NOSER .ser = NO_SER 61 #define EXCP .excp = EXCP_CONTEXT 62 #define NOEXCP .excp = NO_EXCP 63 #define BITCLR(x) .mask = x, .result = 0 64 #define BITSET(x) .mask = x, .result = x 65 #define MCGMASK(x, y) .mcgmask = x, .mcgres = y 66 #define MASK(x, y) .mask = x, .result = y 67 #define MCI_UC_S (MCI_STATUS_UC|MCI_STATUS_S) 68 #define MCI_UC_AR (MCI_STATUS_UC|MCI_STATUS_AR) 69 #define MCI_UC_SAR (MCI_STATUS_UC|MCI_STATUS_S|MCI_STATUS_AR) 70 #define MCI_ADDR (MCI_STATUS_ADDRV|MCI_STATUS_MISCV) 71 72 MCESEV( 73 NO, "Invalid", 74 BITCLR(MCI_STATUS_VAL) 75 ), 76 MCESEV( 77 NO, "Not enabled", 78 EXCP, BITCLR(MCI_STATUS_EN) 79 ), 80 MCESEV( 81 PANIC, "Processor context corrupt", 82 BITSET(MCI_STATUS_PCC) 83 ), 84 /* When MCIP is not set something is very confused */ 85 MCESEV( 86 PANIC, "MCIP not set in MCA handler", 87 EXCP, MCGMASK(MCG_STATUS_MCIP, 0) 88 ), 89 /* Neither return not error IP -- no chance to recover -> PANIC */ 90 MCESEV( 91 PANIC, "Neither restart nor error IP", 92 EXCP, MCGMASK(MCG_STATUS_RIPV|MCG_STATUS_EIPV, 0) 93 ), 94 MCESEV( 95 PANIC, "In kernel and no restart IP", 96 EXCP, KERNEL, MCGMASK(MCG_STATUS_RIPV, 0) 97 ), 98 MCESEV( 99 PANIC, "In kernel and no restart IP", 100 EXCP, KERNEL_RECOV, MCGMASK(MCG_STATUS_RIPV, 0) 101 ), 102 MCESEV( 103 KEEP, "Corrected error", 104 NOSER, BITCLR(MCI_STATUS_UC) 105 ), 106 /* 107 * known AO MCACODs reported via MCE or CMC: 108 * 109 * SRAO could be signaled either via a machine check exception or 110 * CMCI with the corresponding bit S 1 or 0. So we don't need to 111 * check bit S for SRAO. 112 */ 113 MCESEV( 114 AO, "Action optional: memory scrubbing error", 115 SER, MASK(MCI_UC_AR|MCACOD_SCRUBMSK, MCI_STATUS_UC|MCACOD_SCRUB) 116 ), 117 MCESEV( 118 AO, "Action optional: last level cache writeback error", 119 SER, MASK(MCI_UC_AR|MCACOD, MCI_STATUS_UC|MCACOD_L3WB) 120 ), 121 /* 122 * Quirk for Skylake/Cascade Lake. Patrol scrubber may be configured 123 * to report uncorrected errors using CMCI with a special signature. 124 * UC=0, MSCOD=0x0010, MCACOD=binary(000X 0000 1100 XXXX) reported 125 * in one of the memory controller banks. 126 * Set severity to "AO" for same action as normal patrol scrub error. 127 */ 128 MCESEV( 129 AO, "Uncorrected Patrol Scrub Error", 130 SER, MASK(MCI_STATUS_UC|MCI_ADDR|0xffffeff0, MCI_ADDR|0x001000c0), 131 MODEL_STEPPING(INTEL_FAM6_SKYLAKE_X, 4), BANK_RANGE(13, 18) 132 ), 133 134 /* ignore OVER for UCNA */ 135 MCESEV( 136 UCNA, "Uncorrected no action required", 137 SER, MASK(MCI_UC_SAR, MCI_STATUS_UC) 138 ), 139 MCESEV( 140 PANIC, "Illegal combination (UCNA with AR=1)", 141 SER, 142 MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_STATUS_UC|MCI_STATUS_AR) 143 ), 144 MCESEV( 145 KEEP, "Non signalled machine check", 146 SER, BITCLR(MCI_STATUS_S) 147 ), 148 149 MCESEV( 150 PANIC, "Action required with lost events", 151 SER, BITSET(MCI_STATUS_OVER|MCI_UC_SAR) 152 ), 153 154 /* known AR MCACODs: */ 155 #ifdef CONFIG_MEMORY_FAILURE 156 MCESEV( 157 KEEP, "Action required but unaffected thread is continuable", 158 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR, MCI_UC_SAR|MCI_ADDR), 159 MCGMASK(MCG_STATUS_RIPV|MCG_STATUS_EIPV, MCG_STATUS_RIPV) 160 ), 161 MCESEV( 162 AR, "Action required: data load in error recoverable area of kernel", 163 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA), 164 KERNEL_RECOV 165 ), 166 MCESEV( 167 AR, "Action required: data load error in a user process", 168 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA), 169 USER 170 ), 171 MCESEV( 172 AR, "Action required: instruction fetch error in a user process", 173 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_INSTR), 174 USER 175 ), 176 MCESEV( 177 PANIC, "Data load in unrecoverable area of kernel", 178 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA), 179 KERNEL 180 ), 181 MCESEV( 182 PANIC, "Instruction fetch error in kernel", 183 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_INSTR), 184 KERNEL 185 ), 186 #endif 187 MCESEV( 188 PANIC, "Action required: unknown MCACOD", 189 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_UC_SAR) 190 ), 191 192 MCESEV( 193 SOME, "Action optional: unknown MCACOD", 194 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_UC_S) 195 ), 196 MCESEV( 197 SOME, "Action optional with lost events", 198 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_STATUS_OVER|MCI_UC_S) 199 ), 200 201 MCESEV( 202 PANIC, "Overflowed uncorrected", 203 BITSET(MCI_STATUS_OVER|MCI_STATUS_UC) 204 ), 205 MCESEV( 206 UC, "Uncorrected", 207 BITSET(MCI_STATUS_UC) 208 ), 209 MCESEV( 210 SOME, "No match", 211 BITSET(0) 212 ) /* always matches. keep at end */ 213 }; 214 215 #define mc_recoverable(mcg) (((mcg) & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) == \ 216 (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) 217 218 static bool is_copy_from_user(struct pt_regs *regs) 219 { 220 u8 insn_buf[MAX_INSN_SIZE]; 221 struct insn insn; 222 unsigned long addr; 223 224 if (copy_from_kernel_nofault(insn_buf, (void *)regs->ip, MAX_INSN_SIZE)) 225 return false; 226 227 kernel_insn_init(&insn, insn_buf, MAX_INSN_SIZE); 228 insn_get_opcode(&insn); 229 if (!insn.opcode.got) 230 return false; 231 232 switch (insn.opcode.value) { 233 /* MOV mem,reg */ 234 case 0x8A: case 0x8B: 235 /* MOVZ mem,reg */ 236 case 0xB60F: case 0xB70F: 237 insn_get_modrm(&insn); 238 insn_get_sib(&insn); 239 if (!insn.modrm.got || !insn.sib.got) 240 return false; 241 addr = (unsigned long)insn_get_addr_ref(&insn, regs); 242 break; 243 /* REP MOVS */ 244 case 0xA4: case 0xA5: 245 addr = regs->si; 246 break; 247 default: 248 return false; 249 } 250 251 if (fault_in_kernel_space(addr)) 252 return false; 253 254 current->mce_vaddr = (void __user *)addr; 255 256 return true; 257 } 258 259 /* 260 * If mcgstatus indicated that ip/cs on the stack were 261 * no good, then "m->cs" will be zero and we will have 262 * to assume the worst case (IN_KERNEL) as we actually 263 * have no idea what we were executing when the machine 264 * check hit. 265 * If we do have a good "m->cs" (or a faked one in the 266 * case we were executing in VM86 mode) we can use it to 267 * distinguish an exception taken in user from from one 268 * taken in the kernel. 269 */ 270 static int error_context(struct mce *m, struct pt_regs *regs) 271 { 272 enum handler_type t; 273 274 if ((m->cs & 3) == 3) 275 return IN_USER; 276 if (!mc_recoverable(m->mcgstatus)) 277 return IN_KERNEL; 278 279 t = ex_get_fault_handler_type(m->ip); 280 if (t == EX_HANDLER_FAULT) { 281 m->kflags |= MCE_IN_KERNEL_RECOV; 282 return IN_KERNEL_RECOV; 283 } 284 if (t == EX_HANDLER_UACCESS && regs && is_copy_from_user(regs)) { 285 m->kflags |= MCE_IN_KERNEL_RECOV; 286 m->kflags |= MCE_IN_KERNEL_COPYIN; 287 return IN_KERNEL_RECOV; 288 } 289 290 return IN_KERNEL; 291 } 292 293 static int mce_severity_amd_smca(struct mce *m, enum context err_ctx) 294 { 295 u32 addr = MSR_AMD64_SMCA_MCx_CONFIG(m->bank); 296 u32 low, high; 297 298 /* 299 * We need to look at the following bits: 300 * - "succor" bit (data poisoning support), and 301 * - TCC bit (Task Context Corrupt) 302 * in MCi_STATUS to determine error severity. 303 */ 304 if (!mce_flags.succor) 305 return MCE_PANIC_SEVERITY; 306 307 if (rdmsr_safe(addr, &low, &high)) 308 return MCE_PANIC_SEVERITY; 309 310 /* TCC (Task context corrupt). If set and if IN_KERNEL, panic. */ 311 if ((low & MCI_CONFIG_MCAX) && 312 (m->status & MCI_STATUS_TCC) && 313 (err_ctx == IN_KERNEL)) 314 return MCE_PANIC_SEVERITY; 315 316 /* ...otherwise invoke hwpoison handler. */ 317 return MCE_AR_SEVERITY; 318 } 319 320 /* 321 * See AMD Error Scope Hierarchy table in a newer BKDG. For example 322 * 49125_15h_Models_30h-3Fh_BKDG.pdf, section "RAS Features" 323 */ 324 static int mce_severity_amd(struct mce *m, struct pt_regs *regs, int tolerant, 325 char **msg, bool is_excp) 326 { 327 enum context ctx = error_context(m, regs); 328 329 /* Processor Context Corrupt, no need to fumble too much, die! */ 330 if (m->status & MCI_STATUS_PCC) 331 return MCE_PANIC_SEVERITY; 332 333 if (m->status & MCI_STATUS_UC) { 334 335 if (ctx == IN_KERNEL) 336 return MCE_PANIC_SEVERITY; 337 338 /* 339 * On older systems where overflow_recov flag is not present, we 340 * should simply panic if an error overflow occurs. If 341 * overflow_recov flag is present and set, then software can try 342 * to at least kill process to prolong system operation. 343 */ 344 if (mce_flags.overflow_recov) { 345 if (mce_flags.smca) 346 return mce_severity_amd_smca(m, ctx); 347 348 /* kill current process */ 349 return MCE_AR_SEVERITY; 350 } else { 351 /* at least one error was not logged */ 352 if (m->status & MCI_STATUS_OVER) 353 return MCE_PANIC_SEVERITY; 354 } 355 356 /* 357 * For any other case, return MCE_UC_SEVERITY so that we log the 358 * error and exit #MC handler. 359 */ 360 return MCE_UC_SEVERITY; 361 } 362 363 /* 364 * deferred error: poll handler catches these and adds to mce_ring so 365 * memory-failure can take recovery actions. 366 */ 367 if (m->status & MCI_STATUS_DEFERRED) 368 return MCE_DEFERRED_SEVERITY; 369 370 /* 371 * corrected error: poll handler catches these and passes responsibility 372 * of decoding the error to EDAC 373 */ 374 return MCE_KEEP_SEVERITY; 375 } 376 377 static int mce_severity_intel(struct mce *m, struct pt_regs *regs, 378 int tolerant, char **msg, bool is_excp) 379 { 380 enum exception excp = (is_excp ? EXCP_CONTEXT : NO_EXCP); 381 enum context ctx = error_context(m, regs); 382 struct severity *s; 383 384 for (s = severities;; s++) { 385 if ((m->status & s->mask) != s->result) 386 continue; 387 if ((m->mcgstatus & s->mcgmask) != s->mcgres) 388 continue; 389 if (s->ser == SER_REQUIRED && !mca_cfg.ser) 390 continue; 391 if (s->ser == NO_SER && mca_cfg.ser) 392 continue; 393 if (s->context && ctx != s->context) 394 continue; 395 if (s->excp && excp != s->excp) 396 continue; 397 if (s->cpu_model && boot_cpu_data.x86_model != s->cpu_model) 398 continue; 399 if (s->cpu_minstepping && boot_cpu_data.x86_stepping < s->cpu_minstepping) 400 continue; 401 if (s->bank_lo && (m->bank < s->bank_lo || m->bank > s->bank_hi)) 402 continue; 403 if (msg) 404 *msg = s->msg; 405 s->covered = 1; 406 if (s->sev >= MCE_UC_SEVERITY && ctx == IN_KERNEL) { 407 if (tolerant < 1) 408 return MCE_PANIC_SEVERITY; 409 } 410 return s->sev; 411 } 412 } 413 414 /* Default to mce_severity_intel */ 415 int (*mce_severity)(struct mce *m, struct pt_regs *regs, int tolerant, char **msg, bool is_excp) = 416 mce_severity_intel; 417 418 void __init mcheck_vendor_init_severity(void) 419 { 420 if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || 421 boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) 422 mce_severity = mce_severity_amd; 423 } 424 425 #ifdef CONFIG_DEBUG_FS 426 static void *s_start(struct seq_file *f, loff_t *pos) 427 { 428 if (*pos >= ARRAY_SIZE(severities)) 429 return NULL; 430 return &severities[*pos]; 431 } 432 433 static void *s_next(struct seq_file *f, void *data, loff_t *pos) 434 { 435 if (++(*pos) >= ARRAY_SIZE(severities)) 436 return NULL; 437 return &severities[*pos]; 438 } 439 440 static void s_stop(struct seq_file *f, void *data) 441 { 442 } 443 444 static int s_show(struct seq_file *f, void *data) 445 { 446 struct severity *ser = data; 447 seq_printf(f, "%d\t%s\n", ser->covered, ser->msg); 448 return 0; 449 } 450 451 static const struct seq_operations severities_seq_ops = { 452 .start = s_start, 453 .next = s_next, 454 .stop = s_stop, 455 .show = s_show, 456 }; 457 458 static int severities_coverage_open(struct inode *inode, struct file *file) 459 { 460 return seq_open(file, &severities_seq_ops); 461 } 462 463 static ssize_t severities_coverage_write(struct file *file, 464 const char __user *ubuf, 465 size_t count, loff_t *ppos) 466 { 467 int i; 468 for (i = 0; i < ARRAY_SIZE(severities); i++) 469 severities[i].covered = 0; 470 return count; 471 } 472 473 static const struct file_operations severities_coverage_fops = { 474 .open = severities_coverage_open, 475 .release = seq_release, 476 .read = seq_read, 477 .write = severities_coverage_write, 478 .llseek = seq_lseek, 479 }; 480 481 static int __init severities_debugfs_init(void) 482 { 483 struct dentry *dmce; 484 485 dmce = mce_get_debugfs_dir(); 486 487 debugfs_create_file("severities-coverage", 0444, dmce, NULL, 488 &severities_coverage_fops); 489 return 0; 490 } 491 late_initcall(severities_debugfs_init); 492 #endif /* CONFIG_DEBUG_FS */ 493